From 081af06831dea40fdf19fb8578b6114145afc040 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sun, 15 Jan 2023 10:58:39 +0000 Subject: [PATCH] Auto sync2gitlab import of java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7.src.rpm --- .gitignore | 2 + CheckVendor.java | 57 + EMPTY | 1 - NEWS | 2015 +++++++ README.md | 8 + TestCryptoLevel.java | 72 + TestECDSA.java | 49 + TestSecurityProperties.java | 84 + TestTranslations.java | 140 + config.guess | 1558 +++++ config.sub | 1788 ++++++ fips-8u-6d1aade0648.patch | 2007 +++++++ java-1.8.0-openjdk-remove-intree-libraries.sh | 131 + java-1.8.0-openjdk.spec | 5222 +++++++++++++++++ jconsole.desktop.in | 10 + ...-allow_using_system_installed_libpng.patch | 115 + ...low_using_system_installed_lcms2-jdk.patch | 68 + ...ow_using_system_installed_lcms2-root.patch | 50 + ...allow_using_system_installed_libjpeg.patch | 228 + ...ero_build_requires_disabled_warnings.patch | 148 + ...r3776-rh1760437-nss_sqlite_db_config.patch | 125 + ...on_x86_linux_as_well_as_x86_mac_os_x.patch | 58 + ...86_linux_as_well_as_x86_mac_os_x_jdk.patch | 20 + ...size_t_type_conflicts_in_shared_code.patch | 328 ++ jdk8257794-remove_broken_assert.patch | 13 + jdk8275535-rh2053256-ldap_auth.patch | 26 + ...8-pr3836-pass_compiler_flags_to_adlc.patch | 67 + jdk8294357-tzdata2022d.patch | 506 ++ jdk8295173-tzdata2022e.patch | 813 +++ nss.cfg.in | 5 + nss.fips.cfg.in | 8 + policytool.desktop.in | 10 + ...r_libunpack_and_the_unpack200_binary.patch | 302 + ...alisation_to_be_a_non_critical_error.patch | 74 + pr2888-rh2055274-support_system_cacerts.patch | 263 + ..._separator_instead_of_crlf_in_pkcs10.patch | 140 + ...xception_when_theres_no_ecc_provider.patch | 164 + ...rguments_as_size_t_not_equals_to_int.patch | 166 + repackReproduciblePolycies.sh | 44 + ...frastructure_in_dhparametergenerator.patch | 66 + rh1582504-rsa_default_for_keytool.patch | 12 + ...sible_toolkit_crash_do_not_break_jvm.patch | 16 + ...me_multiple_processors_are_available.patch | 12 + ...ut_nss_cfg_provider_to_java_security.patch | 12 + ...va_access_bridge_privileged_security.patch | 25 + ...ies_compiled_with_no_strict_overflow.patch | 16 + rh1750419-redhat_alt_java.patch | 133 + s390-8214206_fix.patch | 46 + sources | 2 + 49 files changed, 17224 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100644 CheckVendor.java delete mode 100644 EMPTY create mode 100644 NEWS create mode 100644 README.md create mode 100644 TestCryptoLevel.java create mode 100644 TestECDSA.java create mode 100644 TestSecurityProperties.java create mode 100644 TestTranslations.java create mode 100644 config.guess create mode 100644 config.sub create mode 100644 fips-8u-6d1aade0648.patch create mode 100644 java-1.8.0-openjdk-remove-intree-libraries.sh create mode 100644 java-1.8.0-openjdk.spec create mode 100644 jconsole.desktop.in create mode 100644 jdk8035341-allow_using_system_installed_libpng.patch create mode 100644 jdk8042159-allow_using_system_installed_lcms2-jdk.patch create mode 100644 jdk8042159-allow_using_system_installed_lcms2-root.patch create mode 100644 jdk8043805-allow_using_system_installed_libjpeg.patch create mode 100644 jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch create mode 100644 jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch create mode 100644 jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch create mode 100644 jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch create mode 100644 jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch create mode 100644 jdk8257794-remove_broken_assert.patch create mode 100644 jdk8275535-rh2053256-ldap_auth.patch create mode 100644 jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch create mode 100644 jdk8294357-tzdata2022d.patch create mode 100644 jdk8295173-tzdata2022e.patch create mode 100644 nss.cfg.in create mode 100644 nss.fips.cfg.in create mode 100644 policytool.desktop.in create mode 100644 pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch create mode 100644 pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch create mode 100644 pr2888-rh2055274-support_system_cacerts.patch create mode 100644 pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch create mode 100644 pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch create mode 100644 pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch create mode 100644 repackReproduciblePolycies.sh create mode 100644 rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch create mode 100644 rh1582504-rsa_default_for_keytool.patch create mode 100644 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch create mode 100644 rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch create mode 100644 rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch create mode 100644 rh1648644-java_access_bridge_privileged_security.patch create mode 100644 rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch create mode 100644 rh1750419-redhat_alt_java.patch create mode 100644 s390-8214206_fix.patch create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..443f926 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz +/tapsets-icedtea-3.15.0.tar.xz diff --git a/CheckVendor.java b/CheckVendor.java new file mode 100644 index 0000000..e2101cf --- /dev/null +++ b/CheckVendor.java @@ -0,0 +1,57 @@ +/* CheckVendor -- Check the vendor properties match specified values. + Copyright (C) 2020 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +/** + * @test + */ +public class CheckVendor { + + public static void main(String[] args) { + if (args.length < 3) { + System.err.println("CheckVendor "); + System.exit(1); + } + + String vendor = System.getProperty("java.vendor"); + String expectedVendor = args[0]; + String vendorURL = System.getProperty("java.vendor.url"); + String expectedVendorURL = args[1]; + String vendorBugURL = System.getProperty("java.vendor.url.bug"); + String expectedVendorBugURL = args[2]; + + if (!expectedVendor.equals(vendor)) { + System.err.printf("Invalid vendor %s, expected %s\n", + vendor, expectedVendor); + System.exit(2); + } + + if (!expectedVendorURL.equals(vendorURL)) { + System.err.printf("Invalid vendor URL %s, expected %s\n", + vendorURL, expectedVendorURL); + System.exit(3); + } + + if (!expectedVendorBugURL.equals(vendorBugURL)) { + System.err.printf("Invalid vendor bug URL%s, expected %s\n", + vendorBugURL, expectedVendorBugURL); + System.exit(4); + } + + System.err.printf("Vendor information verified as %s, %s, %s\n", + vendor, vendorURL, vendorBugURL); + } +} diff --git a/EMPTY b/EMPTY deleted file mode 100644 index 0519ecb..0000000 --- a/EMPTY +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..08b5588 --- /dev/null +++ b/NEWS @@ -0,0 +1,2015 @@ +Key: + +JDK-X - https://bugs.openjdk.java.net/browse/JDK-X +CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY + +New in release OpenJDK 8u352 (2022-10-18): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u352 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u352.txt + +* Security fixes + - JDK-8282252: Improve BigInteger/Decimal validation + - JDK-8285662: Better permission resolution + - JDK-8286511: Improve macro allocation + - JDK-8286519: Better memory handling + - JDK-8286526, CVE-2022-21619: Improve NTLM support + - JDK-8286533, CVE-2022-21626: Key X509 usages + - JDK-8286910, CVE-2022-21624: Improve JNDI lookups + - JDK-8286918, CVE-2022-21628: Better HttpServer service + - JDK-8288508: Enhance ECDSA usage +* Other changes + - JDK-7131823: bug in GIFImageReader + - JDK-7186258: InetAddress$Cache should replace currentTimeMillis with nanoTime for more precise and accurate + - JDK-8028265: Add legacy tz tests to OpenJDK + - JDK-8039955: [TESTBUG] jdk/lambda/LambdaTranslationTest1 - java.lang.AssertionError: expected [d:1234.000000] but found [d:1234,000000] + - JDK-8049228: Improve multithreaded scalability of InetAddress cache + - JDK-8071507: (ref) Clear phantom reference as soft and weak references do + - JDK-8087283: Add support for the XML Signature here() function to the JDK XPath implementation + - JDK-8130895: Test javax/swing/system/6799345/TestShutdown.java fails on Solaris11 Sparcv9 + - JDK-8136354: [TEST_BUG] Test java/awt/image/RescaleOp/RescaleAlphaTest.java with Bad action for script + - JDK-8139668: Generate README-build.html from markdown + - JDK-8143847: Remove REF_CLEANER reference category + - JDK-8147862: Null check too late in sun.net.httpserver.ServerImpl + - JDK-8150669: C1 intrinsic for Class.isPrimitive + - JDK-8155742: [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows + - JDK-8173339: AArch64: Fix minimum stack size computations + - JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load + - JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing + - JDK-8178832: (ref) jdk.lang.ref.disableClearBeforeEnqueue property is ignored + - JDK-8183107: PKCS11 regression regarding checkKeySize + - JDK-8193780: (ref) Remove the undocumented "jdk.lang.ref.disableClearBeforeEnqueue" system property + - JDK-8194873: right ALT key hotkeys no longer work in Swing components + - JDK-8201793: (ref) Reference object should not support cloning + - JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount() + - JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures. + - JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit + - JDK-8235218: Minimal VM is broken after JDK-8173361 + - JDK-8235385: Crash on aarch64 JDK due to long offset + - JDK-8245263: Enable TLSv1.3 by default on JDK 8u for Client roles + - JDK-8254178: Remove .hgignore + - JDK-8254318: Remove .hgtags + - JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version + - JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*) + - JDK-8280963: Incorrect PrintFlags formatting on Windows + - JDK-8282538: PKCS11 tests fail on CentOS Stream 9 + - JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee + - JDK-8285400: Add '@apiNote' to the APIs defined in Java SE 8 MR 3 + - JDK-8285497: Add system property for Java SE specification maintenance version + - JDK-8287132: Retire Runtime.runFinalizersOnExit so that it always throws UOE + - JDK-8287508: The tests added to jdk-8 by 8235385 are to be ported to jdk-11 + - JDK-8287521: Bump update version of OpenJDK: 8u352 + - JDK-8288763: Pack200 extraction failure with invalid size + - JDK-8288865: [aarch64] LDR instructions must use legitimized addresses + - JDK-8290000: Bump macOS GitHub actions to macOS 11 + - JDK-8292579: (tz) Update Timezone Data to 2022c + - JDK-8292688: Support Security properties in security.testlibrary.Proc + +Notes on individual issues: +=========================== + +core-libs/java.lang: + +JDK-8201793: (ref) Reference object should not support cloning +============================================================== +`java.lang.ref.Reference::clone` method always throws +`CloneNotSupportedException`. `Reference` objects cannot be +meaningfully cloned. To create a new Reference object, call the +constructor to create a `Reference` object with the same referent and +reference queue instead. + +JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing +=============================================================================================== +`java.lang.ref.Reference.enqueue` method clears the reference object +before it is added to the registered queue. When the `enqueue` method +is called, the reference object is cleared and `get()` method will +return null in OpenJDK 8u352. + +Typically when a reference object is enqueued, it is expected that the +reference object is cleared explicitly via the `clear` method to avoid +memory leak because its referent is no longer referenced. In other +words the `get` method is expected not to be called in common cases +once the `enqueue`method is called. In the case when the `get` method +from an enqueued reference object and existing code attempts to access +members of the referent, `NullPointerException` may be thrown. Such +code will need to be updated. + +JDK-8071507: (ref) Clear phantom reference as soft and weak references do +========================================================================= +This enhancement changes phantom references to be automatically +cleared by the garbage collector as soft and weak references. + +An object becomes phantom reachable after it has been finalized. This +change may cause the phantom reachable objects to be GC'ed earlier - +previously the referent is kept alive until PhantomReference objects +are GC'ed or cleared by the application. This potential behavioral +change might only impact existing code that would depend on +PhantomReference being enqueued rather than when the referent be freed +from the heap. + +security-libs/javax.net.ssl: + +JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles +================================================================ +The TLSv1.3 implementation is now enabled by default for client roles +in 8u352. It has been enabled by default for server roles since 8u272. + +Note that TLS 1.3 is not directly compatible with previous +versions. Enabling it on the client may introduce compatibility issues +on either the server or the client side. Here are some more details on +potential compatibility issues that you should be aware of: + +* TLS 1.3 uses a half-close policy, while TLS 1.2 and prior versions + use a duplex-close policy. For applications that depend on the + duplex-close policy, there may be compatibility issues when + upgrading to TLS 1.3. + +* The signature_algorithms_cert extension requires that pre-defined + signature algorithms are used for certificate authentication. In + practice, however, an application may use non-supported signature + algorithms. + +* The DSA signature algorithm is not supported in TLS 1.3. If a server + is configured to only use DSA certificates, it cannot upgrade to TLS + 1.3. + +* The supported cipher suites for TLS 1.3 are not the same as TLS 1.2 + and prior versions. If an application hard-codes cipher suites which + are no longer supported, it may not be able to use TLS 1.3 without + modifying the application code. + +* The TLS 1.3 session resumption and key update behaviors are + different from TLS 1.2 and prior versions. The compatibility should + be minimal, but it could be a risk if an application depends on the + handshake details of the TLS protocols. + +The TLS 1.3 protocol can be disabled by using the jdk.tls.client.protocols +system property: + +java -Djdk.tls.client.protocols="TLSv1.2" ... + +Alternatively, an application can explicitly set the enabled protocols +with the javax.net.ssl APIs e.g. + +sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"}); + +or: + +SSLParameters params = sslSocket.getSSLParameters(); +params.setProtocols(new String[] {"TLSv1.2"}); +slsSocket.setSSLParameters(params); + +New in release OpenJDK 8u345 (2022-08-01): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u345 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u345.txt + +* Other changes + - JDK-8290832: It is no longer possible to change "user.dir" in the JDK8 + - JDK-8291568: Bump update version of OpenJDK: 8u345 + +Notes on individual issues: +=========================== + +core-libs/java.io: + +JDK-8290832: It is no longer possible to change "user.dir" in the JDK8 +====================================================================== +A change, JDK-8194154, was introduced in the 8u342 release of OpenJDK +causing the JDK to ignore attempts to set the `user.dir` property. +While this change is suitable for a major release (it was originally +introduced in the initial release of OpenJDK 11), changing the +behaviour of such a property in an update release creates +compatibility issues in software that relies on the behaviour in prior +versions of OpenJDK 8. As a result, we have reverted this change in +8u345. + +New in release OpenJDK 8u342 (2022-07-19): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u342 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt + +* Security fixes + - JDK-8272243: Improve DER parsing + - JDK-8272249: Better properties of loaded Properties + - JDK-8277608: Address IP Addressing + - JDK-8281859, CVE-2022-21540: Improve class compilation + - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations + - JDK-8283190: Improve MIDI processing + - JDK-8284370: Improve zlib usage + - JDK-8285407, CVE-2022-34169: Improve Xalan supports +* Other changes + - JDK-8031567: Better model for storing source revision information + - JDK-8076190: Customizing the generation of a PKCS12 keystore + - JDK-8129572: Cleanup usage of getResourceAsStream in jaxp + - JDK-8132256: jaxp: Investigate removal of com/sun/org/apache/bcel/internal/util/ClassPath.java + - JDK-8168926: C2: Bytecode escape analyzer crashes due to stack overflow + - JDK-8170385: JDK-8031567 broke source bundles + - JDK-8170392: JDK-8031567 broke builds from source bundles + - JDK-8170530: bash configure output contains a typo in a suggested library name + - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream + - JDK-8194154: System property user.dir should not be changed + - JDK-8202142: jfr/event/io/TestInstrumentation is unstable + - JDK-8209771: jdk.test.lib.Utils::runAndCheckException error + - JDK-8221988: add possibility to build with Visual Studio 2019 + - JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp + - JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target + - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file + - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty" + - JDK-8248876: LoadObject with bad base address created for exec file on linux + - JDK-8253424: Add support for running pre-submit testing using GitHub Actions + - JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably + - JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command + - JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow + - JDK-8254175: Build no-pch configuration in debug mode for submit checks + - JDK-8254282: Add Linux x86_32 builds to submit workflow + - JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale + - JDK-8255305: Add Linux x86_32 tier1 to submit workflow + - JDK-8255352: Archive important test outputs in submit workflow + - JDK-8255373: Submit workflow artifact name is always "test-results_.zip" + - JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch + - JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow + - JDK-8256277: Github Action build on macOS should define OS and Xcode versions + - JDK-8256354: Github Action build on Windows should define OS and MSVC versions + - JDK-8256393: Github Actions build on Linux should define OS and GCC versions + - JDK-8256414: add optimized build to submit workflow + - JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing + - JDK-8257056: Submit workflow should apt-get update to avoid package installation errors + - JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386" + - JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386" + - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream) + - JDK-8263667: Avoid running GitHub actions on branches named pr/* + - JDK-8266187: Memory leak in appendBootClassPath() + - JDK-8274658: ISO 4217 Amendment 170 Update + - JDK-8274751: Drag And Drop hangs on Windows + - JDK-8278138: OpenJDK8 fails to start on Windows 8.1 after upgrading compiler to VS2017 + - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition + - JDK-8281814: Debuginfo.diz contains redundant build path after backport JDK-8025936 + - JDK-8282225: GHA: Allow one concurrent run per PR only + - JDK-8282458: Update .jcheck/conf file for 8u move to git + - JDK-8282552: Bump update version of OpenJDK: 8u342 + - JDK-8283350: (tz) Update Timezone Data to 2022a + - JDK-8284620: CodeBuffer may leak _overflow_arena + - JDK-8284772: 8u GHA: Use GCC Major Version Dependencies Only + - JDK-8285445: cannot open file "NUL:" + - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java + - JDK-8285591: [11] add signum checks in DSA.java engineVerify + - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head + - JDK-8286989: Build failure on macOS after 8281814 + - JDK-8287537: 8u JDK-8284620 backport broke AArch64 build + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8215293: Customizing PKCS12 keystore Generation +=================================================== +New system and security properties have been added to enable users to +customize the generation of PKCS #12 keystores. This includes +algorithms and parameters for key protection, certificate protection, +and MacData. The detailed explanation and possible values for these +properties can be found in the "PKCS12 KeyStore properties" section of +the `java.security` file. + +Also, support for the following SHA-2 based HmacPBE algorithms has +been added to the SunJCE provider: + +* HmacPBESHA224 +* HmacPBESHA256 +* HmacPBESHA384 +* HmacPBESHA512 +* HmacPBESHA512/224 +* HmacPBESHA512/256 + +core-libs/java.io: + +JDK-8285660: Enable Windows Alternate Data Streams by default +============================================================= +The Windows implementation of `java.io.File` has been changed so that +strict validity checks are **not** performed by default on file +paths. This includes allowing colons (':') in the path other than only +immediately after a single drive letter. It also allows paths that +represent NTFS Alternate Data Streams (ADS), such as +"filename:streamname". This restores the default behavior of +`java.io.File` to what it was prior to the April 2022 CPU in which +strict validity checks were not performed by default on file paths on +Windows. To re-enable strict path checking in `java.io.File`, the +system property `jdk.io.File.enableADS` should be set to `false` (case +ignored). This might be preferable, for example, if Windows special +device paths such as `NUL:` are *not* used. + +New in release OpenJDK 8u332 (2022-04-22): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u332 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt + +* Security fixes + - JDK-8269938: Enhance XML processing passes redux + - JDK-8270504, CVE-2022-21426: Better XPath expression handling + - JDK-8272255: Completely handle MIDI files + - JDK-8272261: Improve JFR recording file processing + - JDK-8272594: Better record of recordings + - JDK-8274221: More definite BER encodings + - JDK-8275151, CVE-2022-21443: Improved Object Identification + - JDK-8277227: Better identification of OIDs + - JDK-8277672, CVE-2022-21434: Better invocation handler handling + - JDK-8278008, CVE-2022-21476: Improve Santuario processing + - JDK-8278356: Improve file creation + - JDK-8278449: Improve keychain support + - JDK-8278805: Enhance BMP image loading + - JDK-8278972, CVE-2022-21496: Improve URL supports + - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo +* Other changes + - JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl + - JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl + - JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java + - JDK-8037259: xerces update: xpointer update + - JDK-8041523: Xerces Update: Serializer improvements from Xalan + - JDK-8141508: java.lang.invoke.LambdaConversionException: Invalid receiver type + - JDK-8162572: Update License Header for all JAXP sources + - JDK-8167014: jdeps: Missing message: warn.skipped.entry + - JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5 + - JDK-8202822: Add .git to .hgignore + - JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 commands + - JDK-8209178: Proxied HttpsURLConnection doesn't send BODY when retrying POST request + - JDK-8210283: Support git as an SCM alternative in the build + - JDK-8218682: [TEST_BUG] DashOffset fails in mach5 + - JDK-8225690: Multiple AttachListener threads can be created + - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134" + - JDK-8227815: Minimal VM: set_state is not a member of AttachListener + - JDK-8240633: Memory leaks in the implementations of FileChooserUI + - JDK-8241768: git needs .gitattributes + - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn + - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens + - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node + - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems + - JDK-8270290: NTLM authentication fails if HEAD request is used + - JDK-8273229: Update OS detection code to recognize Windows Server 2022 + - JDK-8273341: Update Siphash to version 1.0 + - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated + - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake + - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE + - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022 + - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler + - JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack() + - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972 + - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character + - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException + - JDK-8284920: Incorrect Token type causes XPath expression to return empty result + - JDK-8284936: Fix Java 7 bootstrap breakage due to use of Arrays.stream +* Shenandoah + - JDK-8260632: Build failures after JDK-8253353 + - JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git + +New in release OpenJDK 8u322 (2022-01-18): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u322 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt + +* Security fixes + - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization + - JDK-8268488: More valuable DerValues + - JDK-8268494: Better inlining of inlined interfaces + - JDK-8268512: More content for ContentInfo + - JDK-8268795: Enhance digests of Jar files + - JDK-8268801: Improve PKCS attribute handling + - JDK-8268813, CVE-2022-21283: Better String matching + - JDK-8269151: Better construction of EncryptedPrivateKeyInfo + - JDK-8269944: Better HTTP transport redux + - JDK-8270392, CVE-2022-21293: Improve String constructions + - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps + - JDK-8270492, CVE-2022-21282: Better resolution of URIs + - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management + - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities + - JDK-8271962: Better TrueType font loading + - JDK-8271968: Better canonical naming + - JDK-8271987: Manifest improved manifest entries + - JDK-8272014, CVE-2022-21305: Better array indexing + - JDK-8272026, CVE-2022-21340: Verify Jar Verification + - JDK-8272236, CVE-2022-21341: Improve serial forms for transport + - JDK-8272272: Enhance jcmd communication + - JDK-8272462: Enhance image handling + - JDK-8273290: Enhance sound handling + - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering + - JDK-8273756, CVE-2022-21360: Enhance BMP image support + - JDK-8273838, CVE-2022-21365: Enhanced BMP processing +* Other changes + - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken + - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03 + - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108 + - JDK-8041928: MouseEvent.getModifiersEx gives wrong result + - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402 + - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) + - JDK-8048021: Remove @version tag in jaxp repo + - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage + - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java + - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile + - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS + - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure + - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade + - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank + - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated + - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind + - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator + - JDK-8148915: Intermittent failures of bug6400879.java + - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism + - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black + - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests + - JDK-8182036: Load from initializing arraycopy uses wrong memory state + - JDK-8183369: RFC unconformity of HttpURLConnection with proxy + - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check" + - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll + - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar + - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride + - JDK-8190793: Httpserver does not detect truncated request body + - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail + - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit + - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing + - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs + - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021 + - JDK-8225083: Remove Google certificate that is expiring in December 2021 + - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread + - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software + - JDK-8231438: [macOS] Dark mode for the desktop is not supported + - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina + - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail + - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails + - JDK-8236897: Fix the copyright header for pkcs11gcm2.h + - JDK-8237499: JFR: Include stack trace in the ThreadStart event + - JDK-8239886: Minimal VM build fails after JDK-8237499 + - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0 + - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" + - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions + - JDK-8273308: PatternMatchTest.java fails on CI + - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817 + - JDK-8273826: Correct Manifest file name and NPE checks + - JDK-8273968: JCK javax_xml tests fail in CI + - JDK-8274407: (tz) Update Timezone Data to 2021c + - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b + - JDK-8274468: TimeZoneTest.java fails with tzdata2021b + - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused + - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST + - JDK-8275766: (tz) Update Timezone Data to 2021e + - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e + - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766 + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8271434: Removed IdenTrust Root Certificate +=============================================== +The following root certificate from IdenTrust has been removed from +the `cacerts` keystore: + +Alias Name: identrustdstx3 [jdk] +Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co. + +JDK-8272535: Removed Google's GlobalSign Root Certificate +========================================================= +The following root certificate from Google has been removed from the +`cacerts` keystore: + +Alias Name: globalsignr2ca [jdk] +Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 + +core-libs/java.time: + +JDK-8274857: Update Timezone Data to 2021c +=========================================== +IANA Time Zone Database, on which JDK's Date/Time libraries are based, +has been updated to version 2021c +(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note +that with this update, some of the time zone rules prior to the year +1970 have been modified according to the changes which were introduced +with 2021b. For more detail, refer to the announcement of 2021b +(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html) + +New in release OpenJDK 8u312 (2021-10-19): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u312 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt + +* Security fixes + - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 + - JDK-8161016: Strange behavior of URLConnection with proxy + - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference + - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close + - JDK-8263314: Enhance XML Dsig modes + - JDK-8265167, CVE-2021-35556: Richer Text Editors + - JDK-8265574: Improve handling of sheets + - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit + - JDK-8265776: Improve Stream handling for SSL + - JDK-8266097, CVE-2021-35561: Better hashing support + - JDK-8266103: Better specified spec values + - JDK-8266109: More Resilient Classloading + - JDK-8266115: More Manifest Jar Loading + - JDK-8266137, CVE-2021-35564: Improve Keystore integrity + - JDK-8266689, CVE-2021-35567: More Constrained Delegation + - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic + - JDK-8267712: Better LDAP reference processing + - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking + - JDK-8267735, CVE-2021-35586: Better BMP support + - JDK-8268193: Improve requests of certificates + - JDK-8268199: Correct certificate requests + - JDK-8268506: More Manifest Digests + - JDK-8269618, CVE-2021-35603: Better session identification + - JDK-8269624: Enhance method selection support + - JDK-8270398: Enhance canonicalization + - JDK-8270404: Better canonicalization +* Other changes + - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit + - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection + - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline + - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime + - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private + - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails + - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated + - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser + - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed + - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently + - JDK-8065215: Print warning summary at end of configure + - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object + - JDK-8079891: Store configure log in $BUILD/configure.log + - JDK-8080082: configure fails if you create an empty directory and then run configure from it + - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing + - JDK-8131062: aarch64: add support for GHASH acceleration + - JDK-8134869: AARCH64: GHASH intrinsic is not optimal + - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address + - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get + - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream + - JDK-8166673: The new implementation of Robot.waitForIdle() may hang + - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders + - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class + - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails + - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore + - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error + - JDK-8214418: half-closed SSLEngine status may cause application dead loop + - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11 + - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr + - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail + - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4 + - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces + - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7 + - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers + - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print + - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) + - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files + - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available + - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken. + - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test + - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space" + - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames() + - JDK-8263311: Watch registry changes for remote printers update instead of polling + - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers" + - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M + - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode + - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container + - JDK-8265978: make test should look for more locations when searching for exit code + - JDK-8266206: Build failure after JDK-8264752 with older GCCs + - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836 + - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server + - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark + - JDK-8269763: The JEditorPane is blank after JDK-8265167 + - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport + - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers + - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short + - JDK-8269882: stack-use-after-scope in NewObjectA + - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891 + - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup + - JDK-8271466: StackGap test fails on aarch64 due to "-m64" + - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon + - JDK-8272214: [8u] Build failure after backport of JDK-8248901 + - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013 +* Shenandoah + - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array + - Re-cast JNI critical strings patch to be Shenandoah-specific + +Notes on individual issues: +=========================== + +core-libs/java.net: + +JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found +================================================================================ +The behavior of HttpURLConnection when using a ProxySelector has been +modified with this JDK release. HttpURLConnection used to fall back to +a DIRECT connection attempt if the configured proxy(s) failed to make +a connection. This release introduces a change whereby no DIRECT +connection will be attempted in such a scenario. Instead, the +HttpURLConnection.connect() method will fail and throw an IOException +which occurred from the last proxy tested. + +security-libs/javax.net.ssl: + +JDK-8219551: Updated the Default Enabled Cipher Suites Preference +================================================================= +The preference of the default enabled cipher suites has been +changed. The compatibility impact should be minimal. If needed, +applications can customize the enabled cipher suites and the +preference. For more details, refer to the SunJSSE provider +documentation and the JSSE Reference Guide documentation. + +New in release OpenJDK 8u302 (2021-07-20): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u302 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt + +* Security fixes + - JDK-8256157: Improve bytecode assembly + - JDK-8256491: Better HTTP transport + - JDK-8258432, CVE-2021-2341: Improve file transfers + - JDK-8260453: Improve Font Bounding + - JDK-8260960: Signs of jarsigner signing + - JDK-8260967, CVE-2021-2369: Better jar file validation + - JDK-8262380: Enhance XML processing passes + - JDK-8262403: Enhanced data transfer + - JDK-8262410: Enhanced rules for zones + - JDK-8262477: Enhance String Conclusions + - JDK-8262967: Improve Zip file support + - JDK-8264066, CVE-2021-2388: Enhance compiler validation + - JDK-8264079: Improve abstractions + - JDK-8264460: Improve NTLM support +* Other changes + - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream + - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome + - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file + - JDK-7106851: Test should not use System.exit + - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler + - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails + - JDK-8030123: java/beans/Introspector/Test8027648.java fails + - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java + - JDK-8033289: clang: clean up unused function warning + - JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11 + - JDK-8034857: gcc warnings compiling src/solaris/native/sun/management + - JDK-8035000: clean up ActivationLibrary.DestroyThread + - JDK-8035054: JarFacade.c should not include ctype.h + - JDK-8035287: gcc warnings compiling various libraries files + - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions + - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries + - JDK-8042891: Format issues embedded in macros for two g1 source files + - JDK-8043264: hsdis library not picked up correctly on expected paths + - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang + - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh + - JDK-8055754: filemap.cpp does not compile with clang + - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError + - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT + - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm + - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize + - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137 + - JDK-8074835: Resolve disabled warnings for libj2gss + - JDK-8074836: Resolve disabled warnings for libosxkrb5 + - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction + - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3 + - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel + - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX + - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header + - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java + - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java + - JDK-8132148: G1 hs_err region dump legend out of sync with region values + - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded + - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported + - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel + - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw + - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1 + - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently + - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java + - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME + - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME + - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file + - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000) + - JDK-8178403: DirectAudio in JavaSound may hang and leak + - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-'' + - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently + - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large + - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size" + - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error + - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails + - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM + - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined + - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016 + - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys + - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out" + - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max + - JDK-8206925: Support the certificate_authorities extension + - JDK-8209996: [PPC64] Fix JFR profiling + - JDK-8214345: infinite recursion while checking super class + - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types() + - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking + - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021 + - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails + - JDK-8228757: Fail fast if the handshake type is unknown + - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp + - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE + - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns + - JDK-8231949: [PPC64, s390]: Make async profiling more reliable + - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() + - JDK-8239053: [8u] clean up undefined-var-template warnings + - JDK-8239400: [8u] clean up undefined-var-template warnings + - JDK-8241649: Optimize Character.toString + - JDK-8241829: Cleanup the code for PrinterJob on windows + - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled + - JDK-8243559: Remove root certificates with 1024-bit keys + - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node + - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable + - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList + - JDK-8250876: Fix issues with cross-compile on macos + - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows + - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209) + - JDK-8254631: Better support ALPN byte wire values in SunJSSE + - JDK-8255086: Update the root locale display names + - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too + - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources + - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect + - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks + - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test + - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 + - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region + - JDK-8258419: RSA cipher buffer cleanup + - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation + - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues + - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region" + - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect + - JDK-8259886: Improve SSL session cache performance and scalability + - JDK-8260029: aarch64: fix typo in verify_oop_array + - JDK-8260236: better init AnnotationCollector _contended_group + - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized + - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2 + - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end + - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding + - JDK-8261867: Backport relevant test changes & additions from JDK-8130125 + - JDK-8262110: DST starts from incorrect time in 2038 + - JDK-8262446: DragAndDrop hangs on Windows + - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack + - JDK-8262730: Enable jdk8u MacOS external debug symbols + - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external + - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395 + - JDK-8263504: Some OutputMachOpcodes fields are uninitialized + - JDK-8263600: change rmidRunning to a simple lookup + - JDK-8264509: jdk8u MacOS zipped debug symbols won't build + - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type + - JDK-8264640: CMS ParScanClosure misses a barrier + - JDK-8264816: Weak handles leak causes GC to take longer + - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod + - JDK-8265666: Enable AIX build platform to make external debug symbols + - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u + - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u + - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant) + - JDK-8266723: JFR periodic events are causing extra allocations + - JDK-8266929: Unable to use algorithms from 3p providers + - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash + - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM + - JDK-8267545: [8u] Enable Xcode 12 builds on macOS + - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode + - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457 + - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow + - JDK-8269468: JDK-8269388 breaks the build on older GCCs + - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS +* Shenandoah + - [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState + - [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp + - [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous + - [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode + - [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1 + - [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally + - [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC + - [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size + - [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127 + - Shenandoah: Process weak roots during class unloading cycle + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8256902: Removed Root Certificates with 1024-bit Keys +========================================================= +The following root certificates with weak 1024-bit RSA public keys +have been removed from the `cacerts` keystore: + +Alias Name: thawtepremiumserverca [jdk] +Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA + +Alias Name: verisignclass2g2ca [jdk] +Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + +Alias Name: verisignclass3ca [jdk] +Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US + +Alias Name: verisignclass3g2ca [jdk] +Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US + +Alias Name: verisigntsaca [jdk] +Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA + +JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate +================================================================= + +The following root certificate have been removed from the cacerts truststore: + +Alias Name: soneraclass2ca +Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI + +security-libs/javax.net.ssl: + +JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values +========================================================================================= +Certain TLS ALPN values couldn't be properly read or written by the +SunJSSE provider. This is due to the choice of Strings as the API +interface and the undocumented internal use of the UTF-8 Character Set +which converts characters larger than U+00007F (7-bit ASCII) into +multi-byte arrays that may not be expected by a peer. + +ALPN values are now represented using the network byte representation +expected by the peer, which should require no modification for +standard 7-bit ASCII-based character Strings. However, SunJSSE now +encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1 +characters. This means applications that used characters above +U+000007F that were previously encoded using UTF-8 may need to either +be modified to perform the UTF-8 conversion, or set the Java security +property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior. + +See the updated guide at +https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html +for more information. + +JDK-8244460: Support for certificate_authorities Extension +========================================================== +The "certificate_authorities" extension is an optional extension +introduced in TLS 1.3. It is used to indicate the certificate +authorities (CAs) that an endpoint supports and should be used by the +receiving endpoint to guide certificate selection. + +With this JDK release, the "certificate_authorities" extension is +supported for TLS 1.3 in both the client and the server sides. This +extension is always present for client certificate selection, while it +is optional for server certificate selection. + +Applications can enable this extension for server certificate +selection by setting the `jdk.tls.client.enableCAExtension` system +property to `true`. The default value of the property is `false`. + +Note that if the client trusts more CAs than the size limit of the +extension (less than 2^16 bytes), the extension is not enabled. Also, +some server implementations do not allow handshake messages to exceed +2^14 bytes. Consequently, there may be interoperability issues when +`jdk.tls.client.enableCAExtension` is set to `true` and the client +trusts more CAs than the server implementation limit. + +New in release OpenJDK 8u292 (2021-04-20): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u292 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt + +* Security fixes + - JDK-8227467: Better class method invocations + - JDK-8244473: Contextualize registration for JNDI + - JDK-8244543: Enhanced handling of abstract classes + - JDK-8249906, CVE-2021-2163: Enhance opening JARs + - JDK-8250568, CVE-2021-2161: Less ambiguous processing + - JDK-8253799: Make lists of normal filenames +* Other changes + - JDK-6345095: regression test EmptyClipRenderingTest fails + - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println + - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop + - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled + - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed + - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7 + - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found + - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently + - JDK-8035166: Remove dependency on EC classes from pkcs11 provider + - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error + - JDK-8038723: Openup some PrinterJob tests + - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X + - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton + - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS + - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported + - JDK-8078450: Implement consistent process for quarantine of tests + - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException + - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid + - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment + - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms + - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256 + - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error + - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output + - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address + - JDK-8160217: JavaSound should clean up resources better + - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods + - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node + - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63 + - JDK-8172404: Tools should warn if weak algorithms are used before restricting them + - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key" + - JDK-8191915: JCK tests produce incorrect results with C2 + - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode + - JDK-8202343: Disable TLS 1.0 and 1.1 + - JDK-8209333: Socket reset issue for TLS 1.3 socket close + - JDK-8211301: [macos] support full window content options + - JDK-8211339: NPE during SSL handshake caused by HostnameChecker + - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy + - JDK-8217338: [Containers] Improve systemd slice memory limit support + - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl + - JDK-8221408: Windows 32bit build build errors/warnings in hotspot + - JDK-8223186: HotSpot compile warnings from GCC 9 + - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14 + - JDK-8225805: Java Access Bridge does not close the logger + - JDK-8226899: Problemlist compiler/rtm tests + - JDK-8227642: [TESTBUG] Make docker tests podman compatible + - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642 + - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage + - JDK-8230388: Problemlist additional compiler/rtm tests + - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR + - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3 + - JDK-8234728: Some security tests should support TLSv1.3 + - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions + - JDK-8235311: Tag mismatch may alert bad_record_mac + - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property. + - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory + - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read + - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code. + - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1 + - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE" + - JDK-8242141: New System Properties to configure the TLS signature schemes + - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 + - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit + - JDK-8249183: JVM crash in "AwtFrame::WmSize" method + - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel + - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows + - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets + - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities + - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray + - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows + - JDK-8253368: TLS connection always receives close_notify exception + - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities + - JDK-8253932: SSL debug log prints incorrect caller info + - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations + - JDK-8255880: UI of Swing components is not redrawn after their internal state changed + - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem + - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java + - JDK-8256421: Add 2 HARICA roots to cacerts truststore + - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed + - JDK-8258079: Eliminate ParNew's use of klass_or_null() + - JDK-8256682: JDK-8202343 is incomplete + - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines + - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575 + - JDK-8258247: Couple of issues in fix for JDK-8249906 + - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() + - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes + - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures + - JDK-8258933: G1 needs klass_or_null_acquire + - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f + - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will + - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548 + - JDK-8259428: AlgorithmId.getEncodedParams() should return copy + - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport + - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS + - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a + - JDK-8260930: AARCH64: Invalid value passed to critical JNI function + - JDK-8261183: Follow on to Make lists of normal filenames + - JDK-8261231: Windows IME was disabled after DnD operation + - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017 + - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory + - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently + - JDK-8263008: AARCH64: Add debug info for libsaproc.so + - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS) +* Shenandoah + - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01. + - Revert differences against upstream 8u + - [backport] 8202976: Add C1 lea patching support for x86 + - [backport] 8221507: Implement JFR Events for Shenandoah + - [backport] 8224573: Fix windows build after JDK-8221507 + - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs + - [backport] 8229474: Shenandoah: Cleanup CM::update_roots() + - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs) + - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2 + - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots + - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB + - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes + - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64 + - [backport] 8233574: Shenandoah: build is broken without jfr + - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint + - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx" + - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type + - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength() + - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition + - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier + - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition + - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks + - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape" + - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U + - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option + - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues() + - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads + - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask + - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback + - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test + - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false + - Fix register allocation for thread register is 32bit LRB + - Fix Shenandoah bindings in ADLC formssel + - Shenandoah: Backed out weak roots cleaning during full gc + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8260597: Added 2 HARICA Root CA Certificates +================================================ + +The following root certificates have been added to the cacerts truststore: + +Alias Name: haricarootca2015 +Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR + +Alias Name: haricaeccrootca2015 +Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR + +JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default +=================================================================================== +Weak named curves are disabled by default by adding them to the +following `disabledAlgorithms` security properties: + +* jdk.tls.disabledAlgorithms +* jdk.certpath.disabledAlgorithms +* jdk.jar.disabledAlgorithms + +Red Hat has always disabled many of the curves provided by upstream, +so the only addition in this release is: + +* secp256k1 + +The curves that remain enabled are: + +* secp256r1 +* secp384r1 +* secp521r1 +* X25519 +* X448 + +When large numbers of weak named curves need to be disabled, adding +individual named curves to each `disabledAlgorithms` property would be +overwhelming. To relieve this, a new security property, +`jdk.disabled.namedCurves`, is implemented that can list the named +curves common to all of the `disabledAlgorithms` properties. To use +the new property in the `disabledAlgorithms` properties, precede the +full property name with the keyword `include`. Users can still add +individual named curves to `disabledAlgorithms` properties separate +from this new property. No other properties can be included in the +`disabledAlgorithms` properties. + +To restore the named curves, remove the `include +jdk.disabled.namedCurves` either from specific or from all +`disabledAlgorithms` security properties. To restore one or more +curves, remove the specific named curve(s) from the +`jdk.disabled.namedCurves` property. + +JDK-8244286: Tools Warn If Weak Algorithms Are Used +=================================================== +The `keytool` and `jarsigner` tools have been updated to warn users +when weak cryptographic algorithms are used in keys, certificates, and +signed JARs before they are disabled. The weak algorithms are set in +the `jdk.security.legacyAlgorithms` security property in the +`java.security` configuration file. In this release, the tools issue +warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys. + +security-libs/javax.net.ssl: + +JDK-8256490: Disable TLS 1.0 and 1.1 +==================================== +TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer +considered secure and have been superseded by more secure and modern +versions (TLS 1.2 and 1.3). + +These versions have now been disabled by default. If you encounter +issues, you can, at your own risk, re-enable the versions by removing +"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` +security property in the `java.security` configuration file. + +JDK-8242147: New System Properties to Configure the TLS Signature Schemes +========================================================================= +Two new system properties have been added to customize the TLS +signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been +added for the TLS client side, and `jdk.tls.server.SignatureSchemes` +has been added for the server side. + +Each system property contains a comma-separated list of supported +signature scheme names specifying the signature schemes that could be +used for the TLS connections. + +The names are described in the "Signature Schemes" section of the +*Java Security Standard Algorithm Names Specification*. + +tools/javac: + +JDK-8177368: Several incorporation steps are silently failing when an error should be reported +============================================================================================== +Reporting previously silent errors found during incorporation, JLS +8§18.3, was supposed to be a clean-up with performance only +implications. But consider the test case: + +import java.util.Arrays; +import java.util.List; + +class Klass { + public static List> foo(List... lists) { + return foo(Arrays.asList(lists)); + } + + public static List> foo(List> lists) { + return null; + } +} + +This code was not accepted before the patch for [1], but after this +patch the compiler is accepting it. Accepting this code is the right +behavior as not reporting incorporation errors was a bug in the +compiler. While determining the applicability of method: +List> foo(List> lists) for which +we have the constraints: b <: Object t <: List t<:Object +List <: t first, inference variable b is selected for +instantiation: b = CAP1 of ? extends A so this implies that: t <: +List t<: Object List <: t + +Now all the bounds are checked for consistency. While checking if +List is a subtype of List +a bound error is reported. Before the compiler was just swallowing +it. As now the error is reported while inference variable b is being +instantiated, the bound set is rolled back to it's initial state, 'b' +is instantiated to Object, and with this instantiation the constraint +set is solvable, the method is applicable, it's the only applicable +one and the code is accepted as correct. The compiler behavior in this +case is defined at JLS 8 §18.4 + +This fix has source compatibility impact, right now code that wasn't +being accepted is now being accepted by the javac compiler. Currently +there are no reports of any other kind of incompatibility. + +[1] https://bugs.openjdk.java.net/browse/JDK-8078024 + +New in release OpenJDK 8u282 (2021-01-19): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u282 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt + +* Security fixes + - JDK-8247619: Improve Direct Buffering of Characters +* Other changes + - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux + - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation + - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails + - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + - JDK-8030350: Enable additional compiler warnings for GCC + - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows + - JDK-8036122: Fix warning 'format not a string literal' + - JDK-8039279: Move awt tests to openjdk repository + - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk + - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository + - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree + - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m + - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests + - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk + - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository + - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository + - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests + - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository + - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 + - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK + - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 + - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK + - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 + - JDK-8051440: move tests about maximizing undecorated to OpenJDK + - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null! + - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 + - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3) + - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK + - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 + - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 + - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 + - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK + - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk + - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9 + - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10 + - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails + - JDK-8062808: Turn on the -Wreturn-type warning + - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 + - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 + - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 + - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 + - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing + - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases + - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease + - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() + - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel + - JDK-8068275: Some tests failed after JDK-8063104 + - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once + - JDK-8074807: Fix some tests unnecessary using internal API + - JDK-8076315: move 4 manual functional swing tests to regression suite + - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT + - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows + - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful + - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent + - JDK-8148916: Mark bug6400879.java as intermittently failing + - JDK-8148983: Fix extra comma in changes for JDK-8148916 + - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants + - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic + - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits + - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java + - JDK-8165808: Add release barriers when allocating objects with concurrent collection + - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java + - JDK-8166583: Add oopDesc::klass_or_null_acquire() + - JDK-8166663: Simplify oops_on_card_seq_iterate_careful + - JDK-8166862: CMS needs klass_or_null_acquire + - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X + - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp + - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event + - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8 + - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out + - JDK-8207766: [testbug] Adapt tests for Aix. + - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + - JDK-8217362: Emergency dump does not work when disk=false is set + - JDK-8217766: Container Support doesn't work for some Join Controllers combinations + - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3 + - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable + - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp + - JDK-8220657: JFR.dump does not work when filename is set + - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562 + - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + - JDK-8221710: [TESTBUG] more configurable parameters for docker testing + - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable + - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs + - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100 + - JDK-8229868: Update Apache Santuario TPRM version + - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + - JDK-8232114: JVM crashed at imjpapi.dll in native code + - JDK-8233548: Update CUP to v0.11b + - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + - JDK-8234339: replace JLI_StrTok in java_md_solinux.c + - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test + - JDK-8242335: Additional Tests for RSASSA-PSS + - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker + - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + - JDK-8245400: Upgrade to LittleCMS 2.11 + - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 + - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + - JDK-8249176: Update GlobalSignR6CA test certificates + - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior + - JDK-8250636: iso8601_time returns incorrect offset part on MacOS + - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + - JDK-8250928: JFR: Improve hash algorithm for stack traces + - JDK-8251365: Build failure on AIX after 8250636 + - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + - JDK-8252497: Incorrect numeric currency code for ROL + - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + - JDK-8253036: Support building the Zero assembler port on AArch64 + - JDK-8253284: Zero OrderAccess barrier mappings are incorrect + - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly + - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion + - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate + - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails + - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c + - JDK-8255003: Build failures on Solaris + - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d + - JDK-8255269: Unsigned overflow in g1Policy.cpp + - JDK-8255603: Memory/Performance regression after JDK-8210985 + - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized + - JDK-8256618: Zero: Linux x86_32 build still fails + - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap + - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder + - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace + - JDK-8258630: Add expiry exception for QuoVadis root certificate +* AArch64 port + - Fix AArch64 build failure after JDK-8062808 backport +* Shenandoah + - Fix racy update of code roots + +Notes on individual issues: +=========================== + +security-libs/javax.xml.crypto: + +JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3 +=========================================================================== +The XML Signature implementation in the `java.xml.crypto` module has +been updated to version 2.1.3 of Apache Santuario. New features +include: + +* Added support for embedding elliptic curve public keys in the + KeyValue element + +New in release OpenJDK 8u275 (2020-11-05): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u275 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt + +* Regression fixes + - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate" + - JDK-8223940: Private key not supported by chosen signature algorithm + - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding + - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) + +New in release OpenJDK 8u272 (2020-10-20): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u272 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt + +* New features + - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 +* Security fixes + - JDK-8233624: Enhance JNI linkage + - JDK-8236196: Improve string pooling + - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + - JDK-8237995, CVE-2020-14782: Enhance certificate processing + - JDK-8240124: Better VM Interning + - JDK-8241114, CVE-2020-14792: Better range handling + - JDK-8242680, CVE-2020-14796: Improved URI Support + - JDK-8242685, CVE-2020-14797: Better Path Validation + - JDK-8242695, CVE-2020-14798: Enhanced buffer support + - JDK-8243302: Advanced class supports + - JDK-8244136, CVE-2020-14803: Improved Buffer supports + - JDK-8244479: Further constrain certificates + - JDK-8244955: Additional Fix for JDK-8240124 + - JDK-8245407: Enhance zoning of times + - JDK-8245412: Better class definitions + - JDK-8245417: Improve certificate chain handling + - JDK-8248574: Improve jpeg processing + - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + - JDK-8253019: Enhanced JPEG decoding +* Other changes + - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + - JDK-8025886: replace [[ and == bash extensions in regtest + - JDK-8026236: Add PrimeTest for BigInteger + - JDK-8031625: javadoc problems referencing inner class constructors + - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + - JDK-8046274: Removing dependency on jakarta-regexp + - JDK-8048933: -XX:+TraceExceptions output should include the message + - JDK-8057003: Large reference arrays cause extremely long synchronization times + - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + - JDK-8062947: Fix exception message to correctly represent LDAP connection failure + - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + - JDK-8075774: Small readability and performance improvements for zipfs + - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails + - JDK-8078334: Mark regression tests using randomness + - JDK-8078880: Mark a few more intermittently failuring security-libs + - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support + - JDK-8132206: move ScanTest.java into OpenJDK + - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh + - JDK-8144539: Update PKCS11 tests to run with security manager + - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8 + - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent + - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + - JDK-8151788: NullPointerException from ntlm.Client.type3 + - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + - JDK-8154313: Generated javadoc scattered all over the place + - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite + - JDK-8166148: Fix for JDK-8165936 broke solaris builds + - JDK-8167300: Scheduling failures during gcm should be fatal + - JDK-8167615: Opensource unit/regression tests for JavaSound + - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + - JDK-8169925: PKCS #11 Cryptographic Token Interface license + - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + - JDK-8177628: Opensource unit/regression tests for ImageIO + - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh + - JDK-8184762: ZapStackSegments should use optimized memset + - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + - JDK-8193137: Nashorn crashes when given an empty script file + - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + - JDK-8194298: Add support for per Socket configuration of TCP keepalive + - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + - JDK-8201633: Problems with AES-GCM native acceleration + - JDK-8203357: Container Metrics + - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + - JDK-8210147: adjust some WSAGetLastError usages in windows network coding + - JDK-8211049: Second parameter of "initialize" method is not used + - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + - JDK-8214862: assert(proj != __null) at compile.cpp:3251 + - JDK-8216283: Allow shorter method sampling interval than 10 ms + - JDK-8217606: LdapContext#reconnect always opens a new connection + - JDK-8217647: JFR: recordings on 32-bit systems unreadable + - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + - JDK-8224217: RecordingInfo should use textual representation of path + - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + - JDK-8226575: OperatingSystemMXBean should be made container aware + - JDK-8226697: Several tests which need the @key headful keyword are missing it. + - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + - JDK-8230303: JDB hangs when running monitor command + - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + - JDK-8233097: Fontmetrics for large Fonts has zero width + - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + - JDK-8235325: build failure on Linux after 8235243 + - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + - JDK-8237951: CTW: C2 compilation fails with "malformed control flow" + - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10 + - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10 + - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10 + - JDK-8238898: Missing hash characters for header on license file + - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + - JDK-8239819: XToolkit: Misread of screen information memory + - JDK-8240295: hs_err elapsed time in seconds is not accurate enough + - JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash + - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + - JDK-8243138: Enhance BaseLdapServer to support starttls extended request + - JDK-8243320: Add SSL root certificates to Oracle Root CA program + - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + - JDK-8245467: Remove 8u TLSv1.2 implementation files + - JDK-8245469: Remove DTLS protocol implementation + - JDK-8245470: Fix JDK8 compatibility issues + - JDK-8245471: Revert JDK-8148188 + - JDK-8245472: Backport JDK-8038893 to JDK8 + - JDK-8245473: OCSP stapling support + - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + - JDK-8245477: Adjust TLS tests location + - JDK-8245653: Remove 8u TLS tests + - JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ + - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR + - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public + - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + - JDK-8250546: Expect changed behaviour reported in JDK-8249846 + - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java + - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update + - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + - JDK-8251341: Minimal Java specification change + - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u + - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled + - JDK-8252573: 8u: Windows build failed after 8222079 backport + - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed + - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + - JDK-8254937: Revert JDK-8148854 for 8u272 + +Notes on individual issues: +=========================== + +core-svc/java.lang.management: + +JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data +============================================================================================ +When executing in a container, or other virtualized operating +environment, the following `OperatingSystemMXBean` methods in this +release return container specific information, if +available. Otherwise, they return host specific data: + +* getFreePhysicalMemorySize() +* getTotalPhysicalMemorySize() +* getFreeSwapSpaceSize() +* getTotalSwapSpaceSize() +* getSystemCpuLoad() + +security-libs/java.security: + +JDK-8250756: Added Entrust Root Certification Authority - G4 certificate +======================================================================== +The Entrust root certificate has been added to the cacerts truststore: + +Alias Name: entrustrootcag4 +Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US + +JDK-8250860: Added 3 SSL Corporation Root CA Certificates +========================================================= +The following root certificates have been added to the cacerts truststore for the SSL Corporation: + +Alias Name: sslrootrsaca +Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US + +Alias Name: sslrootevrsaca +Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US + +Alias Name: sslrooteccca +Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US + +security-libs/javax.crypto:pkcs11: + +JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40 +======================================================================= +The SunPKCS11 provider has been updated with support for PKCS#11 +v2.40. This version adds support for more algorithms such as the +AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message +digests, and RSASSA-PSS signatures when the corresponding PKCS11 +mechanisms are supported by the underlying PKCS11 library. + +security-libs/javax.security: + +JDK-8242059: Support for canonicalize in krb5.conf +================================================== +The 'canonicalize' flag in the [krb5.conf file][0] is now supported by +the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name +canonicalization is requested by clients in TGT requests to KDC +services (AS protocol). Otherwise, and by default, it is not +requested. + +The new default behavior is different from previous releases where +name canonicalization was always requested by clients in TGT requests +to KDC services (provided that support for RFC 6806[1] was not +explicitly disabled with the *sun.security.krb5.disableReferrals* +system or security properties). + +[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html +[1]: https://tools.ietf.org/html/rfc6806 + +security-libs/javax.xml.crypto: + +JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1 +===================================================================== +The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario. + +New features include: + +1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified +in RFC 6931. +2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and +RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931. + +JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format +============================================================================================================ +The upgrade to the Apache Santuario libraries (see above) introduced +an issue where XML signature using Base64 encoding resulted in +appending ` ` or ` ` to the encoded output. This behavioural +change was made in the Apache Santuario codebase to comply with RFC +2045. The Santuario team has adopted a position of keeping their +libraries compliant with RFC 2045. + +Earlier versions of OpenJDK 8 using the legacy encoder returns encoded +data in a format without ` ` or ` `. + +Therefore a new system property, specific to the 8 update stream, +`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made +available to fall back to the legacy Base64 encoded format. + +Users can set this flag in one of two ways: + +1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true + +2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true") + +This new system property is disabled by default. It has no effect on +default behaviour nor when +`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property +is set. + +Later JDK family versions will only support the recommended property: + +`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` + +JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b +==================================================================== +Following JDK's update to tzdata2020b, the long-obsolete files +pacificnew and systemv have been removed. As a result, the +"US/Pacific-New" zone name declared in the pacificnew data file is no +longer available for use. + +Information regarding the update can be viewed at +https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html + +New in release OpenJDK 8u265 (2020-07-27): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u265 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt + +* Bug fixes + - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + - JDK-8250546: Expect changed behaviour reported in JDK-8249846 + +New in release OpenJDK 8u262 (2020-07-14): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/oj8u262 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt + +* New features + - JDK-8223147: JFR Backport +* Security fixes + - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + - JDK-8230613: Better ASCII conversions + - JDK-8231800: Better listing of arrays + - JDK-8232014: Expand DTD support + - JDK-8233255: Better Swing Buttons + - JDK-8234032: Improve basic calendar services + - JDK-8234042: Better factory production of certificates + - JDK-8234418: Better parsing with CertificateFactory + - JDK-8234836: Improve serialization handling + - JDK-8236191: Enhance OID processing + - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + - JDK-8237592, CVE-2020-14577: Enhance certificate verification + - JDK-8238002, CVE-2020-14581: Better matrix operations + - JDK-8238804: Enhance key handling process + - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + - JDK-8238843: Enhanced font handing + - JDK-8238920, CVE-2020-14583: Better Buffer support + - JDK-8238925: Enhance WAV file playback + - JDK-8240119, CVE-2020-14593: Less Affine Transformations + - JDK-8240482: Improved WAV file playback + - JDK-8241379: Update JCEKS support + - JDK-8241522: Manifest improved jar headers redux + - JDK-8242136, CVE-2020-14621: Better XML namespace handling +* Other changes + - JDK-4949105: Access Bridge lacks html tags parsing + - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode + - JDK-8003209: JFR events for network utilization + - JDK-8030680: 292 cleanup from default method code assessment + - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + - JDK-8037866: Replace the Fun class in tests with lambdas + - JDK-8041626: Shutdown tracing event + - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree + - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + - JDK-8076475: Misuses of strncpy/strncat + - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + - JDK-8146612: C2: Precedence edges specification violated + - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded" + - JDK-8165675: Trace event for thread park has incorrect unit for timeout + - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + - JDK-8176182: 4 security tests are not run + - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + - JDK-8178910: Problemlist sample tests + - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + - JDK-8183925: Decouple crash protection from watcher thread + - JDK-8191393: Random crashes during cfree+0x1c + - JDK-8195817: JFR.stop should require name of recording + - JDK-8195818: JFR.start should increase autogenerated name by one + - JDK-8195819: Remove recording=x from jcmd JFR.check output + - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + - JDK-8199712: Flight Recorder + - JDK-8202578: Revisit location for class unload events + - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + - JDK-8203929: Limit amount of data for JFR.dump + - JDK-8205516: JFR tool + - JDK-8207392: [PPC64] Implement JFR profiling + - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + - JDK-8209960: -Xlog:jfr* doesn't work with the JFR + - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + - JDK-8213421: Line number information for execution samples always 0 + - JDK-8213617: JFR should record the PID of the recorded process + - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + - JDK-8213966: The ZGC JFR events should be marked as experimental + - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + - JDK-8214750: Unnecessary

tags in jfr classes + - JDK-8214896: JFR Tool left files behind + - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + - JDK-8214925: JFR tool fails to execute + - JDK-8215175: Inconsistencies in JFR event metadata + - JDK-8215237: jdk.jfr.Recording javadoc does not compile + - JDK-8215284: Reduce noise induced by periodic task getFileSize() + - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + - JDK-8215771: The jfr tool should pretty print reference chains + - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp + - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + - JDK-8216578: Remove unused/obsolete method in JFR code + - JDK-8216995: Clean up JFR command line processing + - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + - JDK-8220293: Deadlock in JFR string pool + - JDK-8223689: Add JFR Thread Sampling Support + - JDK-8223690: Add JFR BiasedLock Event Support + - JDK-8223691: Add JFR G1 Region Type Change Event Support + - JDK-8223692: Add JFR G1 Heap Summary Event Support + - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + - JDK-8224475: JTextPane does not show images in HTML rendering + - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 + - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + - JDK-8226779: [TESTBUG] Test JFR API from Java agent + - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + - JDK-8227269: Slow class loading when running with JDWP + - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant" + - JDK-8229366: JFR backport allows unchecked writing to memory + - JDK-8229401: Fix JFR code cache test failures + - JDK-8229708: JFR backport code does not initialize + - JDK-8229873: 8229401 broke jdk8u-jfr-incubator + - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + - JDK-8229899: Make java.io.File.isInvalid() less racy + - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + - JDK-8230597: Update GIFlib library to the 5.2.1 + - JDK-8230707: JFR related tests are failing + - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false + - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout + - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + - JDK-8231995: two jtreg tests failed after 8229366 is fixed + - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + - JDK-8233880: Support compilers with multi-digit major version numbers + - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + - JDK-8236008: Some backup files were accidentally left in the hotspot tree + - JDK-8236074: Missed package-info + - JDK-8236174: Should update javadoc since tags + - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + - JDK-8238589: Necessary code cleanup in JFR for JDK8u + - JDK-8238590: Enable JFR by default during compilation in 8u + - JDK-8239055: Wrong implementation of VMState.hasListener + - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + - JDK-8239479: minimal1 and zero builds are failing + - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + - JDK-8239867: correct over use of INCLUDE_JFR macro + - JDK-8240375: Disable JFR by default for July 2020 release + - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + - JDK-8241750: x86_32 build failure after JDK-8227269 + - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + - JDK-8242788: Non-PCH build is broken after JDK-8191393 + - JDK-8242883: Incomplete backport of JDK-8078268: backport test part + - JDK-8243059: Build fails when --with-vendor-name contains a comma + - JDK-8243474: [TESTBUG] removed three tests of 0 bytes + - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + - JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result + - JDK-8244777: ClassLoaderStats VM Op uses constant hash value + - JDK-8244843: JapanEraNameCompatTest fails + - JDK-8245167: Top package in method profiling shows null in JMC + - JDK-8246223: Windows build fails after JDK-8227269 + - JDK-8246703: [TESTBUG] Add test for JDK-8233197 + - JDK-8248399: Build installs jfr binary when JFR is disabled + - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package + +Notes on individual issues: +=========================== + +hotspot/jfr: + +JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u +========================================================= + +OpenJDK 8u now contains the backport of JEP 328: Flight Recorder +(https://openjdk.java.net/jeps/328) from later versions of OpenJDK. + +JFR is a low-overhead framework to collect and provide data helpful to +troubleshoot the performance of the OpenJDK runtime and of Java +applications. It consists of a new API to define custom events under +the jdk.jfr namespace and a JMX interface to interact with the +framework. The recording can also be initiated with the application +startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces +the +XX:EnableTracing feature introduced in JEP 167, providing a more +efficient way to retrieve the same information. For compatibility +reasons, +XX:EnableTracing is still accepted, however no data will be +printed. + +While JFR is not built by default upstream, it is included in Red Hat +binaries for supported architectures (x86_64, AArch64 & PowerPC 64) + +hotspot/runtime: + +JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording +========================================================================================= + +JFR will be disabled with a warning message if it is enabled during +CDS dumping. The user will see the following warning message: + +OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping + +if JFR is enabled during CDS dumping such as in the following command +line: + +$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true + +security-libs/java.security: + +JDK-8244167: Removal of Comodo Root CA Certificate +================================================== + +The following expired Comodo root CA certificate was removed from the +`cacerts` keystore: + alias name "addtrustclass1ca [jdk]" + +Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE + +JDK-8244166: Removal of DocuSign Root CA Certificate +==================================================== + +The following expired DocuSign root CA certificate was removed from + the `cacerts` keystore: + alias name "keynectisrootca [jdk]" + +Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR + +security-libs/javax.crypto:pkcs11: + +JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database +============================================================================================================================ + +The SunPKCS11 security provider can now be initialized with NSS when +FIPS-enabled external modules are configured in the Security Modules +Database (NSSDB). Prior to this change, the SunPKCS11 provider would +throw a RuntimeException with the message: "FIPS flag set for +non-internal module" when such a library was configured for NSS in +non-FIPS mode. + +This change allows the JDK to work properly with recent NSS releases +on GNU/Linux operating systems when the system-wide FIPS policy is +turned on. + +Further information can be found in JDK-8238555. + +New in release OpenJDK 8u252 (2020-04-14): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/oj8u252 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt + +* Security fixes + - JDK-8223898, CVE-2020-2754: Forward references to Nashorn + - JDK-8223904, CVE-2020-2755: Improve Nashorn matching + - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs + - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues + - JDK-8225603: Enhancement for big integers + - JDK-8227542: Manifest improved jar headers + - JDK-8231415, CVE-2020-2773: Better signatures in XML + - JDK-8233250: Better X11 rendering + - JDK-8233410: Better Build Scripting + - JDK-8234027: Better JCEKS key support + - JDK-8234408, CVE-2020-2781: Improve TLS session handling + - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers + - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers + - JDK-8235274, CVE-2020-2805: Enhance typing of methods + - JDK-8236201, CVE-2020-2830: Better Scanner conversions + - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap +* Other changes + - JDK-8005819: Support cross-realm MSSFU + - JDK-8022263: use same Clang warnings on BSD as on Linux + - JDK-8038631: Create wrapper for awt.Robot with additional functionality + - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid + - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests + - JDK-8068184: Fix for JDK-8032832 caused a deadlock + - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature + - JDK-8132130: some docs cleanup + - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit + - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal + - JDK-8144446: Automate the Marlin crash test + - JDK-8144526: Remove Marlin logging use of deleted internal API + - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats + - JDK-8144654: Improve Marlin logging + - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins + - JDK-8166976: TestCipherPBECons has wrong @run line + - JDK-8167409: Invalid value passed to critical JNI function + - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant + - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + - JDK-8191227: issues with unsafe handle resolution + - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider + - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object + - JDK-8215756: Memory leaks in the AWT on macOS + - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win) + - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread + - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions + - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test + - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test + - JDK-8229022: BufferedReader performance can be improved by using StringBuilder + - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC + - JDK-8229872: (fs) Increase buffer size used with getmntent + - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception + - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type + - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 + - JDK-8235904: Infinite loop when rendering huge lines + - JDK-8236179: C1 register allocation error with T_ADDRESS + - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read + - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call + - JDK-8241296: Segfault in JNIHandleBlock::oops_do() + - JDK-8241307: Marlin renderer should not be the default in 8u252 + +Notes on individual issues: +=========================== + +hotspot/svc: + +JDK-8174881: Binary format for HPROF updated +============================================ + +When dumping the heap in binary format, HPROF format 1.0.2 is always +used now. Previously, format 1.0.1 was used for heaps smaller than +2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the +serviceability agent. + +security-libs/java.security: + +JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature +==================================================================================== + +The SunRsaSign and SunJCE providers have been enhanced with support +for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS +signature and OAEP using FIPS 180-4 digest algorithms. New +constructors and methods have been added to relevant JCA/JCE classes +under the `java.security.spec` and `javax.crypto.spec` packages for +supporting additional RSASSA-PSS parameters. + +security-libs/javax.crypto: + +JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI +============================================================ + +The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider. + +security-libs/javax.security: + +JDK-8227564: Allow SASL Mechanisms to Be Restricted +=================================================== + +A security property named `jdk.sasl.disabledMechanisms` has been added +that can be used to disable SASL mechanisms. Any disabled mechanism +will be ignored if it is specified in the `mechanisms` argument of +`Sasl.createSaslClient` or the `mechanism` argument of +`Sasl.createSaslServer`. The default value for this security property +is empty, which means that no mechanisms are disabled out-of-the-box. diff --git a/README.md b/README.md new file mode 100644 index 0000000..61b3b69 --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +Package of LTS OpenJDK 8 +OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages. + +JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives. + +See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html +See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf + diff --git a/TestCryptoLevel.java b/TestCryptoLevel.java new file mode 100644 index 0000000..b32b7ae --- /dev/null +++ b/TestCryptoLevel.java @@ -0,0 +1,72 @@ +/* TestCryptoLevel -- Ensure unlimited crypto policy is in use. + Copyright (C) 2012 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.lang.reflect.InvocationTargetException; + +import java.security.Permission; +import java.security.PermissionCollection; + +public class TestCryptoLevel +{ + public static void main(String[] args) + throws NoSuchFieldException, ClassNotFoundException, + IllegalAccessException, InvocationTargetException + { + Class cls = null; + Method def = null, exempt = null; + + try + { + cls = Class.forName("javax.crypto.JceSecurity"); + } + catch (ClassNotFoundException ex) + { + System.err.println("Running a non-Sun JDK."); + System.exit(0); + } + try + { + def = cls.getDeclaredMethod("getDefaultPolicy"); + exempt = cls.getDeclaredMethod("getExemptPolicy"); + } + catch (NoSuchMethodException ex) + { + System.err.println("Running IcedTea with the original crypto patch."); + System.exit(0); + } + def.setAccessible(true); + exempt.setAccessible(true); + PermissionCollection defPerms = (PermissionCollection) def.invoke(null); + PermissionCollection exemptPerms = (PermissionCollection) exempt.invoke(null); + Class apCls = Class.forName("javax.crypto.CryptoAllPermission"); + Field apField = apCls.getDeclaredField("INSTANCE"); + apField.setAccessible(true); + Permission allPerms = (Permission) apField.get(null); + if (defPerms.implies(allPerms) && (exemptPerms == null || exemptPerms.implies(allPerms))) + { + System.err.println("Running with the unlimited policy."); + System.exit(0); + } + else + { + System.err.println("WARNING: Running with a restricted crypto policy."); + System.exit(-1); + } + } +} diff --git a/TestECDSA.java b/TestECDSA.java new file mode 100644 index 0000000..6eb9cb2 --- /dev/null +++ b/TestECDSA.java @@ -0,0 +1,49 @@ +/* TestECDSA -- Ensure ECDSA signatures are working. + Copyright (C) 2016 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; + +/** + * @test + */ +public class TestECDSA { + + public static void main(String[] args) throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + KeyPair key = keyGen.generateKeyPair(); + + byte[] data = "This is a string to sign".getBytes("UTF-8"); + + Signature dsa = Signature.getInstance("NONEwithECDSA"); + dsa.initSign(key.getPrivate()); + dsa.update(data); + byte[] sig = dsa.sign(); + System.out.println("Signature: " + new BigInteger(1, sig).toString(16)); + + Signature dsaCheck = Signature.getInstance("NONEwithECDSA"); + dsaCheck.initVerify(key.getPublic()); + dsaCheck.update(data); + boolean success = dsaCheck.verify(sig); + if (!success) { + throw new RuntimeException("Test failed. Signature verification error"); + } + System.out.println("Test passed."); + } +} diff --git a/TestSecurityProperties.java b/TestSecurityProperties.java new file mode 100644 index 0000000..2967a32 --- /dev/null +++ b/TestSecurityProperties.java @@ -0,0 +1,84 @@ +/* TestSecurityProperties -- Ensure system security properties can be used to + enable the crypto policies. + Copyright (C) 2022 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ +import java.io.File; +import java.io.FileInputStream; +import java.security.Security; +import java.util.Properties; + +public class TestSecurityProperties { + // JDK 11 + private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security"; + // JDK 8 + private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security"; + + private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config"; + + private static final String MSG_PREFIX = "DEBUG: "; + + public static void main(String[] args) { + if (args.length == 0) { + System.err.println("TestSecurityProperties "); + System.err.println("Invoke with 'true' if system security properties should be enabled."); + System.err.println("Invoke with 'false' if system security properties should be disabled."); + System.exit(1); + } + boolean enabled = Boolean.valueOf(args[0]); + System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled); + Properties jdkProps = new Properties(); + loadProperties(jdkProps); + if (enabled) { + loadPolicy(jdkProps); + } + for (Object key: jdkProps.keySet()) { + String sKey = (String)key; + String securityVal = Security.getProperty(sKey); + String jdkSecVal = jdkProps.getProperty(sKey); + if (!securityVal.equals(jdkSecVal)) { + String msg = "Expected value '" + jdkSecVal + "' for key '" + + sKey + "'" + " but got value '" + securityVal + "'"; + throw new RuntimeException("Test failed! " + msg); + } else { + System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected."); + } + } + System.out.println("TestSecurityProperties PASSED!"); + } + + private static void loadProperties(Properties props) { + String javaVersion = System.getProperty("java.version"); + System.out.println(MSG_PREFIX + "Java version is " + javaVersion); + String propsFile = JDK_PROPS_FILE_JDK_11; + if (javaVersion.startsWith("1.8.0")) { + propsFile = JDK_PROPS_FILE_JDK_8; + } + try (FileInputStream fin = new FileInputStream(propsFile)) { + props.load(fin); + } catch (Exception e) { + throw new RuntimeException("Test failed!", e); + } + } + + private static void loadPolicy(Properties props) { + try (FileInputStream fin = new FileInputStream(POLICY_FILE)) { + props.load(fin); + } catch (Exception e) { + throw new RuntimeException("Test failed!", e); + } + } + +} diff --git a/TestTranslations.java b/TestTranslations.java new file mode 100644 index 0000000..7b2f09b --- /dev/null +++ b/TestTranslations.java @@ -0,0 +1,140 @@ +/* TestTranslations -- Ensure translations are available for new timezones + Copyright (C) 2022 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +import java.text.DateFormatSymbols; + +import java.time.ZoneId; +import java.time.format.TextStyle; + +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; +import java.util.Locale; +import java.util.Objects; +import java.util.TimeZone; + +public class TestTranslations { + + private static Map KYIV; + + static { + Map map = new HashMap(); + map.put(Locale.US, new String[] { "Eastern European Time", "GMT+02:00", "EET", + "Eastern European Summer Time", "GMT+03:00", "EEST", + "Eastern European Time", "GMT+02:00", "EET"}); + map.put(Locale.FRANCE, new String[] { "Heure d'Europe de l'Est", "UTC+02:00", "EET", + "Heure d'\u00e9t\u00e9 d'Europe de l'Est", "UTC+03:00", "EEST", + "Heure d'Europe de l'Est", "UTC+02:00", "EET"}); + map.put(Locale.GERMANY, new String[] { "Osteurop\u00e4ische Zeit", "OEZ", "OEZ", + "Osteurop\u00e4ische Sommerzeit", "OESZ", "OESZ", + "Osteurop\u00e4ische Zeit", "OEZ", "OEZ"}); + KYIV = Collections.unmodifiableMap(map); + } + + + public static void main(String[] args) { + if (args.length < 1) { + System.err.println("Test must be started with the name of the locale provider."); + System.exit(1); + } + + String localeProvider = args[0]; + System.out.println("Checking sanity of full zone string set..."); + boolean invalid = Arrays.stream(Locale.getAvailableLocales()) + .peek(l -> System.out.println("Locale: " + l)) + .map(l -> DateFormatSymbols.getInstance(l).getZoneStrings()) + .flatMap(zs -> Arrays.stream(zs)) + .flatMap(names -> Arrays.stream(names)) + .filter(name -> Objects.isNull(name) || name.isEmpty()) + .findAny() + .isPresent(); + if (invalid) { + System.err.println("Zone string for a locale returned null or empty string"); + System.exit(2); + } + + for (Locale l : KYIV.keySet()) { + String[] expected = KYIV.get(l); + for (String id : new String[] { "Europe/Kiev", "Europe/Kyiv", "Europe/Uzhgorod", "Europe/Zaporozhye" }) { + String expectedShortStd = null; + String expectedShortDST = null; + String expectedShortGen = null; + + System.out.printf("Checking locale %s for %s...\n", l, id); + + if ("JRE".equals(localeProvider)) { + expectedShortStd = expected[2]; + expectedShortDST = expected[5]; + expectedShortGen = expected[8]; + } else if ("CLDR".equals(localeProvider)) { + expectedShortStd = expected[1]; + expectedShortDST = expected[4]; + expectedShortGen = expected[7]; + } else { + System.err.printf("Invalid locale provider %s\n", localeProvider); + System.exit(3); + } + System.out.printf("Locale Provider is %s, using short values %s, %s and %s\n", + localeProvider, expectedShortStd, expectedShortDST, expectedShortGen); + + String longStd = TimeZone.getTimeZone(id).getDisplayName(false, TimeZone.LONG, l); + String shortStd = TimeZone.getTimeZone(id).getDisplayName(false, TimeZone.SHORT, l); + String longDST = TimeZone.getTimeZone(id).getDisplayName(true, TimeZone.LONG, l); + String shortDST = TimeZone.getTimeZone(id).getDisplayName(true, TimeZone.SHORT, l); + String longGen = ZoneId.of(id).getDisplayName(TextStyle.FULL, l); + String shortGen = ZoneId.of(id).getDisplayName(TextStyle.SHORT, l); + + if (!expected[0].equals(longStd)) { + System.err.printf("Long standard display name for %s in %s was %s, expected %s\n", + id, l, longStd, expected[0]); + System.exit(4); + } + + if (!expectedShortStd.equals(shortStd)) { + System.err.printf("Short standard display name for %s in %s was %s, expected %s\n", + id, l, shortStd, expectedShortStd); + System.exit(5); + } + + if (!expected[3].equals(longDST)) { + System.err.printf("Long DST display name for %s in %s was %s, expected %s\n", + id, l, longDST, expected[3]); + System.exit(6); + } + + if (!expectedShortDST.equals(shortDST)) { + System.err.printf("Short DST display name for %s in %s was %s, expected %s\n", + id, l, shortDST, expectedShortDST); + System.exit(7); + } + + if (!expected[6].equals(longGen)) { + System.err.printf("Long generic display name for %s in %s was %s, expected %s\n", + id, l, longGen, expected[6]); + System.exit(8); + } + + if (!expectedShortGen.equals(shortGen)) { + System.err.printf("Short generic display name for %s in %s was %s, expected %s\n", + id, l, shortGen, expectedShortGen); + System.exit(9); + } + } + } + } +} diff --git a/config.guess b/config.guess new file mode 100644 index 0000000..b79252d --- /dev/null +++ b/config.guess @@ -0,0 +1,1558 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright 1992-2013 Free Software Foundation, Inc. + +timestamp='2013-06-10' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). +# +# Originally written by Per Bothner. +# +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# +# Please send patches with a ChangeLog entry to config-patches@gnu.org. + + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright 1992-2013 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > $dummy.c ; + for c in cc gcc c89 c99 ; do + if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +case "${UNAME_SYSTEM}" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval $set_cc_for_build + cat <<-EOF > $dummy.c + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + ;; +esac + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + case "${UNAME_MACHINE_ARCH}" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE_ARCH}" in + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "${UNAME_VERSION}" in + Debian*) + release='-gnu' + ;; + *) + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE="alpha" ;; + "EV4.5 (21064)") + UNAME_MACHINE="alpha" ;; + "LCA4 (21066/21068)") + UNAME_MACHINE="alpha" ;; + "EV5 (21164)") + UNAME_MACHINE="alphaev5" ;; + "EV5.6 (21164A)") + UNAME_MACHINE="alphaev56" ;; + "EV5.6 (21164PC)") + UNAME_MACHINE="alphapca56" ;; + "EV5.7 (21164PC)") + UNAME_MACHINE="alphapca57" ;; + "EV6 (21264)") + UNAME_MACHINE="alphaev6" ;; + "EV6.7 (21264A)") + UNAME_MACHINE="alphaev67" ;; + "EV6.8CB (21264C)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8AL (21264B)") + UNAME_MACHINE="alphaev68" ;; + "EV6.8CX (21264D)") + UNAME_MACHINE="alphaev68" ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE="alphaev69" ;; + "EV7 (21364)") + UNAME_MACHINE="alphaev7" ;; + "EV7.9 (21364A)") + UNAME_MACHINE="alphaev79" ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux${UNAME_RELEASE} + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos${UNAME_RELEASE} + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ ${HP_ARCH} = "hppa2.0w" ] + then + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH="hppa2.0w" + else + HP_ARCH="hppa64" + fi + fi + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case ${UNAME_PROCESSOR} in + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit ;; + *:MINGW64*:*) + echo ${UNAME_MACHINE}-pc-mingw64 + exit ;; + *:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit ;; + i*:MSYS*:*) + echo ${UNAME_MACHINE}-pc-msys + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit ;; + *:Interix*:*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; + [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) + echo i${UNAME_MACHINE}-pc-mks + exit ;; + 8664:Windows_NT:*) + echo x86_64-pc-mks + exit ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i586-pc-interix + exit ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; + *:GNU:*:*) + # the GNU system + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + exit ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit ;; + aarch64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC="gnulibc1" ; fi + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + arm*:Linux:*:*) + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + else + echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + cris:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-${LIBC} + exit ;; + crisv32:Linux:*:*) + echo ${UNAME_MACHINE}-axis-linux-${LIBC} + exit ;; + frv:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + hexagon:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + i*86:Linux:*:*) + echo ${UNAME_MACHINE}-pc-linux-${LIBC} + exit ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #undef CPU + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=${UNAME_MACHINE}el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=${UNAME_MACHINE} + #else + CPU= + #endif + #endif +EOF + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + ;; + or1k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + or32:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-${LIBC} + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-${LIBC} + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; + PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; + *) echo hppa-unknown-linux-${LIBC} ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-${LIBC} + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-${LIBC} + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-${LIBC} + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-${LIBC} + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + exit ;; + sh64*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + tile*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-${LIBC} + exit ;; + x86_64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux${UNAME_RELEASE} + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + eval $set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + fi + echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = "x86"; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-?:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk${UNAME_RELEASE} + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux${UNAME_RELEASE} + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; + x86_64:VMkernel:*:*) + echo ${UNAME_MACHINE}-unknown-esx + exit ;; +esac + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix\n"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + c34*) + echo c34-convex-bsd + exit ;; + c38*) + echo c38-convex-bsd + exit ;; + c4*) + echo c4-convex-bsd + exit ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/config.sub b/config.sub new file mode 100644 index 0000000..8b612ab --- /dev/null +++ b/config.sub @@ -0,0 +1,1788 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright 1992-2013 Free Software Foundation, Inc. + +timestamp='2013-04-24' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2013 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + android-linux) + os=-linux-android + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | be32 | be64 \ + | bfin \ + | c4x | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | epiphany \ + | fido | fr30 | frv \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia64 \ + | ip2k | iq2000 \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 | nios2eb | nios2el \ + | ns16k | ns32k \ + | open8 \ + | or1k | or32 \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pyramid \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | we32k \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | ip2k-* | iq2000-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pyramid-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze*) + basic_machine=microblaze-xilinx + ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i386-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc | ppcbe) basic_machine=powerpc-unknown + ;; + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sh5el) + basic_machine=sh5le-unknown + ;; + sh64) + basic_machine=sh64-unknown + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tile*) + basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* | -plan9* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* | -cegcc* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -aros*) + os=-aros + ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; + -nacl*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + hexagon-*) + os=-elf + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + ;; + m68*-cisco) + os=-aout + ;; + mep-*) + os=-elf + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or1k-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-haiku) + os=-haiku + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -cnk*|-aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/fips-8u-6d1aade0648.patch b/fips-8u-6d1aade0648.patch new file mode 100644 index 0000000..58ab6e5 --- /dev/null +++ b/fips-8u-6d1aade0648.patch @@ -0,0 +1,2007 @@ +diff --git a/common/autoconf/configure.ac b/common/autoconf/configure.ac +index 151e5a109f8..a8761b500e0 100644 +--- a/common/autoconf/configure.ac ++++ b/common/autoconf/configure.ac +@@ -212,6 +212,7 @@ LIB_SETUP_FREETYPE + LIB_SETUP_ALSA + LIB_SETUP_FONTCONFIG + LIB_SETUP_MISC_LIBS ++LIB_SETUP_SYSCONF_LIBS + LIB_SETUP_STATIC_LINK_LIBSTDCPP + LIB_SETUP_ON_WINDOWS + +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index 71fabf4dbb3..17f4f50673d 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -651,6 +651,9 @@ LLVM_CONFIG + LIBFFI_LIBS + LIBFFI_CFLAGS + STATIC_CXX_SETTING ++USE_SYSCONF_NSS ++NSS_LIBS ++NSS_CFLAGS + LIBDL + LIBM + LIBZIP_CAN_USE_MMAP +@@ -1111,6 +1114,7 @@ with_fontconfig + with_fontconfig_include + with_giflib + with_zlib ++enable_sysconf_nss + with_stdc__lib + with_msvcr_dll + with_msvcp_dll +@@ -1218,6 +1222,8 @@ FREETYPE_CFLAGS + FREETYPE_LIBS + ALSA_CFLAGS + ALSA_LIBS ++NSS_CFLAGS ++NSS_LIBS + LIBFFI_CFLAGS + LIBFFI_LIBS + CCACHE' +@@ -1871,6 +1877,8 @@ Optional Features: + disable bundling of the freetype library with the + build result [enabled on Windows or when using + --with-freetype, disabled otherwise] ++ --enable-sysconf-nss build the System Configurator (libsysconf) using the ++ system NSS library if available [disabled] + --enable-sjavac use sjavac to do fast incremental compiles + [disabled] + --disable-precompiled-headers +@@ -2115,6 +2123,8 @@ Some influential environment variables: + linker flags for FREETYPE, overriding pkg-config + ALSA_CFLAGS C compiler flags for ALSA, overriding pkg-config + ALSA_LIBS linker flags for ALSA, overriding pkg-config ++ NSS_CFLAGS C compiler flags for NSS, overriding pkg-config ++ NSS_LIBS linker flags for NSS, overriding pkg-config + LIBFFI_CFLAGS + C compiler flags for LIBFFI, overriding pkg-config + LIBFFI_LIBS linker flags for LIBFFI, overriding pkg-config +@@ -2879,6 +2889,52 @@ $as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + + } # ac_fn_c_check_header_compile ++ ++# ac_fn_c_try_link LINENO ++# ----------------------- ++# Try to link conftest.$ac_ext, and return whether this succeeded. ++ac_fn_c_try_link () ++{ ++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack ++ rm -f conftest.$ac_objext conftest$ac_exeext ++ if { { ac_try="$ac_link" ++case "(($ac_try" in ++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; ++ *) ac_try_echo=$ac_try;; ++esac ++eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" ++$as_echo "$ac_try_echo"; } >&5 ++ (eval "$ac_link") 2>conftest.err ++ ac_status=$? ++ if test -s conftest.err; then ++ grep -v '^ *+' conftest.err >conftest.er1 ++ cat conftest.er1 >&5 ++ mv -f conftest.er1 conftest.err ++ fi ++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; } && { ++ test -z "$ac_c_werror_flag" || ++ test ! -s conftest.err ++ } && test -s conftest$ac_exeext && { ++ test "$cross_compiling" = yes || ++ test -x conftest$ac_exeext ++ }; then : ++ ac_retval=0 ++else ++ $as_echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ ac_retval=1 ++fi ++ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information ++ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would ++ # interfere with the next link command; also delete a directory that is ++ # left behind by Apple's compiler. We do this before executing the actions. ++ rm -rf conftest.dSYM conftest_ipa8_conftest.oo ++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno ++ as_fn_set_status $ac_retval ++ ++} # ac_fn_c_try_link + cat >config.log <<_ACEOF + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. +@@ -4049,6 +4105,11 @@ fi + + + ++################################################################################ ++# Setup system configuration libraries ++################################################################################ ++ ++ + # + # Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +@@ -49304,6 +49365,157 @@ fi + LIBS="$save_LIBS" + + ++ ############################################################################### ++ # ++ # Check for the NSS library ++ # ++ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the system NSS library with the System Configurator (libsysconf)" >&5 ++$as_echo_n "checking whether to use the system NSS library with the System Configurator (libsysconf)... " >&6; } ++ ++ # default is not available ++ DEFAULT_SYSCONF_NSS=no ++ ++ # Check whether --enable-sysconf-nss was given. ++if test "${enable_sysconf_nss+set}" = set; then : ++ enableval=$enable_sysconf_nss; ++ case "${enableval}" in ++ yes) ++ sysconf_nss=yes ++ ;; ++ *) ++ sysconf_nss=no ++ ;; ++ esac ++ ++else ++ ++ sysconf_nss=${DEFAULT_SYSCONF_NSS} ++ ++fi ++ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sysconf_nss" >&5 ++$as_echo "$sysconf_nss" >&6; } ++ ++ USE_SYSCONF_NSS=false ++ if test "x${sysconf_nss}" = "xyes"; then ++ ++pkg_failed=no ++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS" >&5 ++$as_echo_n "checking for NSS... " >&6; } ++ ++if test -n "$NSS_CFLAGS"; then ++ pkg_cv_NSS_CFLAGS="$NSS_CFLAGS" ++ elif test -n "$PKG_CONFIG"; then ++ if test -n "$PKG_CONFIG" && \ ++ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss >= 3.53\""; } >&5 ++ ($PKG_CONFIG --exists --print-errors "nss >= 3.53") 2>&5 ++ ac_status=$? ++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; }; then ++ pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "nss >= 3.53" 2>/dev/null` ++else ++ pkg_failed=yes ++fi ++ else ++ pkg_failed=untried ++fi ++if test -n "$NSS_LIBS"; then ++ pkg_cv_NSS_LIBS="$NSS_LIBS" ++ elif test -n "$PKG_CONFIG"; then ++ if test -n "$PKG_CONFIG" && \ ++ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nss >= 3.53\""; } >&5 ++ ($PKG_CONFIG --exists --print-errors "nss >= 3.53") 2>&5 ++ ac_status=$? ++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; }; then ++ pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "nss >= 3.53" 2>/dev/null` ++else ++ pkg_failed=yes ++fi ++ else ++ pkg_failed=untried ++fi ++ ++ ++ ++if test $pkg_failed = yes; then ++ ++if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then ++ _pkg_short_errors_supported=yes ++else ++ _pkg_short_errors_supported=no ++fi ++ if test $_pkg_short_errors_supported = yes; then ++ NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "nss >= 3.53" 2>&1` ++ else ++ NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors "nss >= 3.53" 2>&1` ++ fi ++ # Put the nasty error message in config.log where it belongs ++ echo "$NSS_PKG_ERRORS" >&5 ++ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++ NSS_FOUND=no ++elif test $pkg_failed = untried; then ++ NSS_FOUND=no ++else ++ NSS_CFLAGS=$pkg_cv_NSS_CFLAGS ++ NSS_LIBS=$pkg_cv_NSS_LIBS ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++$as_echo "yes" >&6; } ++ NSS_FOUND=yes ++fi ++ if test "x${NSS_FOUND}" = "xyes"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for system FIPS support in NSS" >&5 ++$as_echo_n "checking for system FIPS support in NSS... " >&6; } ++ saved_libs="${LIBS}" ++ saved_cflags="${CFLAGS}" ++ CFLAGS="${CFLAGS} ${NSS_CFLAGS}" ++ LIBS="${LIBS} ${NSS_LIBS}" ++ ac_ext=c ++ac_cpp='$CPP $CPPFLAGS' ++ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ++ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ++ac_compiler_gnu=$ac_cv_c_compiler_gnu ++ ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++#include ++int ++main () ++{ ++SECMOD_GetSystemFIPSEnabled() ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO"; then : ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 ++$as_echo "yes" >&6; } ++else ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++ as_fn_error $? "System NSS FIPS detection unavailable" "$LINENO" 5 ++fi ++rm -f core conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++ ac_ext=cpp ++ac_cpp='$CXXCPP $CPPFLAGS' ++ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ++ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ++ac_compiler_gnu=$ac_cv_cxx_compiler_gnu ++ ++ CFLAGS="${saved_cflags}" ++ LIBS="${saved_libs}" ++ USE_SYSCONF_NSS=true ++ else ++ as_fn_error $? "--enable-sysconf-nss specified, but NSS 3.53 or above not found." "$LINENO" 5 ++ fi ++ fi ++ ++ ++ + ############################################################################### + # + # statically link libstdc++ before C++ ABI is stablized on Linux unless +diff --git a/common/autoconf/libraries.m4 b/common/autoconf/libraries.m4 +index 6efae578ea9..0080846255b 100644 +--- a/common/autoconf/libraries.m4 ++++ b/common/autoconf/libraries.m4 +@@ -1067,3 +1067,63 @@ AC_DEFUN_ONCE([LIB_SETUP_ON_WINDOWS], + BASIC_DEPRECATED_ARG_WITH([dxsdk-include]) + fi + ]) ++ ++################################################################################ ++# Setup system configuration libraries ++################################################################################ ++AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS], ++[ ++ ############################################################################### ++ # ++ # Check for the NSS library ++ # ++ ++ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)]) ++ ++ # default is not available ++ DEFAULT_SYSCONF_NSS=no ++ ++ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss], ++ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])], ++ [ ++ case "${enableval}" in ++ yes) ++ sysconf_nss=yes ++ ;; ++ *) ++ sysconf_nss=no ++ ;; ++ esac ++ ], ++ [ ++ sysconf_nss=${DEFAULT_SYSCONF_NSS} ++ ]) ++ AC_MSG_RESULT([$sysconf_nss]) ++ ++ USE_SYSCONF_NSS=false ++ if test "x${sysconf_nss}" = "xyes"; then ++ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no]) ++ if test "x${NSS_FOUND}" = "xyes"; then ++ AC_MSG_CHECKING([for system FIPS support in NSS]) ++ saved_libs="${LIBS}" ++ saved_cflags="${CFLAGS}" ++ CFLAGS="${CFLAGS} ${NSS_CFLAGS}" ++ LIBS="${LIBS} ${NSS_LIBS}" ++ AC_LANG_PUSH([C]) ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], ++ [[SECMOD_GetSystemFIPSEnabled()]])], ++ [AC_MSG_RESULT([yes])], ++ [AC_MSG_RESULT([no]) ++ AC_MSG_ERROR([System NSS FIPS detection unavailable])]) ++ AC_LANG_POP([C]) ++ CFLAGS="${saved_cflags}" ++ LIBS="${saved_libs}" ++ USE_SYSCONF_NSS=true ++ else ++ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API ++ dnl in nss3/pk11pub.h. ++ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.]) ++ fi ++ fi ++ AC_SUBST(USE_SYSCONF_NSS) ++]) +diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in +index 506cf617087..7241593b1a4 100644 +--- a/common/autoconf/spec.gmk.in ++++ b/common/autoconf/spec.gmk.in +@@ -312,6 +312,10 @@ CUPS_CFLAGS:=@CUPS_CFLAGS@ + ALSA_LIBS:=@ALSA_LIBS@ + ALSA_CFLAGS:=@ALSA_CFLAGS@ + ++USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@ ++NSS_LIBS:=@NSS_LIBS@ ++NSS_CFLAGS:=@NSS_CFLAGS@ ++ + PACKAGE_PATH=@PACKAGE_PATH@ + + # Source file for cacerts +diff --git a/common/bin/compare_exceptions.sh.incl b/common/bin/compare_exceptions.sh.incl +index 3b79a526f56..d2a0e39b206 100644 +--- a/common/bin/compare_exceptions.sh.incl ++++ b/common/bin/compare_exceptions.sh.incl +@@ -280,6 +280,7 @@ ACCEPTED_SMALL_SIZE_DIFF=" + ./jre/lib/i386/libsplashscreen.so + ./jre/lib/i386/libsunec.so + ./jre/lib/i386/libsunwjdga.so ++./jre/lib/i386/libsystemconf.so + ./jre/lib/i386/libt2k.so + ./jre/lib/i386/libunpack.so + ./jre/lib/i386/libverify.so +@@ -433,6 +434,7 @@ ACCEPTED_SMALL_SIZE_DIFF=" + ./jre/lib/amd64/libsplashscreen.so + ./jre/lib/amd64/libsunec.so + ./jre/lib/amd64/libsunwjdga.so ++//jre/lib/amd64/libsystemconf.so + ./jre/lib/amd64/libt2k.so + ./jre/lib/amd64/libunpack.so + ./jre/lib/amd64/libverify.so +@@ -587,6 +589,7 @@ ACCEPTED_SMALL_SIZE_DIFF=" + ./jre/lib/sparc/libsplashscreen.so + ./jre/lib/sparc/libsunec.so + ./jre/lib/sparc/libsunwjdga.so ++./jre/lib/sparc/libsystemconf.so + ./jre/lib/sparc/libt2k.so + ./jre/lib/sparc/libunpack.so + ./jre/lib/sparc/libverify.so +@@ -741,6 +744,7 @@ ACCEPTED_SMALL_SIZE_DIFF=" + ./jre/lib/sparcv9/libsplashscreen.so + ./jre/lib/sparcv9/libsunec.so + ./jre/lib/sparcv9/libsunwjdga.so ++./jre/lib/sparcv9/libsystemconf.so + ./jre/lib/sparcv9/libt2k.so + ./jre/lib/sparcv9/libunpack.so + ./jre/lib/sparcv9/libverify.so +diff --git a/common/nb_native/nbproject/configurations.xml b/common/nb_native/nbproject/configurations.xml +index d2beed0b93a..3b6aef98d9a 100644 +--- a/common/nb_native/nbproject/configurations.xml ++++ b/common/nb_native/nbproject/configurations.xml +@@ -53,6 +53,9 @@ + jvmtiEnterTrace.cpp + + ++ ++ systemconf.c ++ + + + +@@ -12772,6 +12775,11 @@ + tool="0" + flavor2="0"> + ++ ++ + Additional default values of security properties are read from a ++ * system-specific location, if available.

++ * + * @author Benjamin Renaud + */ + + public final class Security { + ++ private static final String SYS_PROP_SWITCH = ++ "java.security.disableSystemPropertiesFile"; ++ private static final String SEC_PROP_SWITCH = ++ "security.useSystemPropertiesFile"; ++ + /* Are we debugging? -- for developers */ + private static final Debug sdebug = + Debug.getInstance("properties"); +@@ -62,6 +72,19 @@ public final class Security { + } + + static { ++ // Initialise here as used by code with system properties disabled ++ SharedSecrets.setJavaSecuritySystemConfiguratorAccess( ++ new JavaSecuritySystemConfiguratorAccess() { ++ @Override ++ public boolean isSystemFipsEnabled() { ++ return SystemConfigurator.isSystemFipsEnabled(); ++ } ++ @Override ++ public boolean isPlainKeySupportEnabled() { ++ return SystemConfigurator.isPlainKeySupportEnabled(); ++ } ++ }); ++ + // doPrivileged here because there are multiple + // things in initialize that might require privs. + // (the FileInputStream call and the File.exists call, +@@ -78,6 +101,7 @@ public final class Security { + props = new Properties(); + boolean loadedProps = false; + boolean overrideAll = false; ++ boolean systemSecPropsEnabled = false; + + // first load the system properties file + // to determine the value of security.overridePropertiesFile +@@ -93,6 +117,7 @@ public final class Security { + if (sdebug != null) { + sdebug.println("reading security properties file: " + + propFile); ++ sdebug.println(props.toString()); + } + } catch (IOException e) { + if (sdebug != null) { +@@ -187,6 +212,61 @@ public final class Security { + } + } + ++ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false")); ++ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH)); ++ if (sdebug != null) { ++ sdebug.println(SYS_PROP_SWITCH + "=" + sysUseProps); ++ sdebug.println(SEC_PROP_SWITCH + "=" + secUseProps); ++ } ++ if (!sysUseProps && secUseProps) { ++ systemSecPropsEnabled = SystemConfigurator.configureSysProps(props); ++ if (!systemSecPropsEnabled) { ++ if (sdebug != null) { ++ sdebug.println("WARNING: System security properties could not be loaded."); ++ } ++ } ++ } else { ++ if (sdebug != null) { ++ sdebug.println("System security property support disabled by user."); ++ } ++ } ++ ++ // FIPS support depends on the contents of java.security so ++ // ensure it has loaded first ++ if (loadedProps && systemSecPropsEnabled) { ++ boolean shouldEnable; ++ String sysProp = System.getProperty("com.redhat.fips"); ++ if (sysProp == null) { ++ shouldEnable = true; ++ if (sdebug != null) { ++ sdebug.println("com.redhat.fips unset, using default value of true"); ++ } ++ } else { ++ shouldEnable = Boolean.valueOf(sysProp); ++ if (sdebug != null) { ++ sdebug.println("com.redhat.fips set, using its value " + shouldEnable); ++ } ++ } ++ if (shouldEnable) { ++ boolean fipsEnabled = SystemConfigurator.configureFIPS(props); ++ if (sdebug != null) { ++ if (fipsEnabled) { ++ sdebug.println("FIPS mode support configured and enabled."); ++ } else { ++ sdebug.println("FIPS mode support disabled."); ++ } ++ } ++ } else { ++ if (sdebug != null ) { ++ sdebug.println("FIPS mode support disabled by user."); ++ } ++ } ++ } else { ++ if (sdebug != null) { ++ sdebug.println("WARNING: FIPS mode support can not be enabled without " + ++ "system security properties being enabled."); ++ } ++ } + } + + /* +diff --git a/jdk/src/share/classes/java/security/SystemConfigurator.java b/jdk/src/share/classes/java/security/SystemConfigurator.java +new file mode 100644 +index 00000000000..a24a0445db2 +--- /dev/null ++++ b/jdk/src/share/classes/java/security/SystemConfigurator.java +@@ -0,0 +1,248 @@ ++/* ++ * Copyright (c) 2019, 2021, Red Hat, Inc. ++ * ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package java.security; ++ ++import java.io.BufferedInputStream; ++import java.io.FileInputStream; ++import java.io.IOException; ++ ++import java.util.Iterator; ++import java.util.Map.Entry; ++import java.util.Properties; ++ ++import sun.security.util.Debug; ++ ++/** ++ * Internal class to align OpenJDK with global crypto-policies. ++ * Called from java.security.Security class initialization, ++ * during startup. ++ * ++ */ ++ ++final class SystemConfigurator { ++ ++ private static final Debug sdebug = ++ Debug.getInstance("properties"); ++ ++ private static final String CRYPTO_POLICIES_BASE_DIR = ++ "/etc/crypto-policies"; ++ ++ private static final String CRYPTO_POLICIES_JAVA_CONFIG = ++ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config"; ++ ++ private static boolean systemFipsEnabled = false; ++ private static boolean plainKeySupportEnabled = false; ++ ++ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf"; ++ ++ private static native boolean getSystemFIPSEnabled() ++ throws IOException; ++ ++ static { ++ AccessController.doPrivileged(new PrivilegedAction() { ++ public Void run() { ++ System.loadLibrary(SYSTEMCONF_NATIVE_LIB); ++ return null; ++ } ++ }); ++ } ++ ++ /* ++ * Invoked when java.security.Security class is initialized, if ++ * java.security.disableSystemPropertiesFile property is not set and ++ * security.useSystemPropertiesFile is true. ++ */ ++ static boolean configureSysProps(Properties props) { ++ boolean systemSecPropsLoaded = false; ++ ++ try (BufferedInputStream bis = ++ new BufferedInputStream( ++ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) { ++ props.load(bis); ++ systemSecPropsLoaded = true; ++ if (sdebug != null) { ++ sdebug.println("reading system security properties file " + ++ CRYPTO_POLICIES_JAVA_CONFIG); ++ sdebug.println(props.toString()); ++ } ++ } catch (IOException e) { ++ if (sdebug != null) { ++ sdebug.println("unable to load security properties from " + ++ CRYPTO_POLICIES_JAVA_CONFIG); ++ e.printStackTrace(); ++ } ++ } ++ return systemSecPropsLoaded; ++ } ++ ++ /* ++ * Invoked at the end of java.security.Security initialisation ++ * if java.security properties have been loaded ++ */ ++ static boolean configureFIPS(Properties props) { ++ boolean loadedProps = false; ++ ++ try { ++ if (enableFips()) { ++ if (sdebug != null) { sdebug.println("FIPS mode detected"); } ++ // Remove all security providers ++ Iterator> i = props.entrySet().iterator(); ++ while (i.hasNext()) { ++ Entry e = i.next(); ++ if (((String) e.getKey()).startsWith("security.provider")) { ++ if (sdebug != null) { sdebug.println("Removing provider: " + e); } ++ i.remove(); ++ } ++ } ++ // Add FIPS security providers ++ String fipsProviderValue = null; ++ for (int n = 1; ++ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) { ++ String fipsProviderKey = "security.provider." + n; ++ if (sdebug != null) { ++ sdebug.println("Adding provider " + n + ": " + ++ fipsProviderKey + "=" + fipsProviderValue); ++ } ++ props.put(fipsProviderKey, fipsProviderValue); ++ } ++ // Add other security properties ++ String keystoreTypeValue = (String) props.get("fips.keystore.type"); ++ if (keystoreTypeValue != null) { ++ String nonFipsKeystoreType = props.getProperty("keystore.type"); ++ props.put("keystore.type", keystoreTypeValue); ++ if (keystoreTypeValue.equals("PKCS11")) { ++ // If keystore.type is PKCS11, javax.net.ssl.keyStore ++ // must be "NONE". See JDK-8238264. ++ System.setProperty("javax.net.ssl.keyStore", "NONE"); ++ } ++ if (System.getProperty("javax.net.ssl.trustStoreType") == null) { ++ // If no trustStoreType has been set, use the ++ // previous keystore.type under FIPS mode. In ++ // a default configuration, the Trust Store will ++ // be 'cacerts' (JKS type). ++ System.setProperty("javax.net.ssl.trustStoreType", ++ nonFipsKeystoreType); ++ } ++ if (sdebug != null) { ++ sdebug.println("FIPS mode default keystore.type = " + ++ keystoreTypeValue); ++ sdebug.println("FIPS mode javax.net.ssl.keyStore = " + ++ System.getProperty("javax.net.ssl.keyStore", "")); ++ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " + ++ System.getProperty("javax.net.ssl.trustStoreType", "")); ++ } ++ } ++ loadedProps = true; ++ systemFipsEnabled = true; ++ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport", ++ "true"); ++ plainKeySupportEnabled = !"false".equals(plainKeySupport); ++ if (sdebug != null) { ++ if (plainKeySupportEnabled) { ++ sdebug.println("FIPS support enabled with plain key support"); ++ } else { ++ sdebug.println("FIPS support enabled without plain key support"); ++ } ++ } ++ } else { ++ if (sdebug != null) { sdebug.println("FIPS mode not detected"); } ++ } ++ } catch (Exception e) { ++ if (sdebug != null) { ++ sdebug.println("unable to load FIPS configuration"); ++ e.printStackTrace(); ++ } ++ } ++ return loadedProps; ++ } ++ ++ /** ++ * Returns whether or not global system FIPS alignment is enabled. ++ * ++ * Value is always 'false' before java.security.Security class is ++ * initialized. ++ * ++ * Call from out of this package through SharedSecrets: ++ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ * .isSystemFipsEnabled(); ++ * ++ * @return a boolean value indicating whether or not global ++ * system FIPS alignment is enabled. ++ */ ++ static boolean isSystemFipsEnabled() { ++ return systemFipsEnabled; ++ } ++ ++ /** ++ * Returns {@code true} if system FIPS alignment is enabled ++ * and plain key support is allowed. Plain key support is ++ * enabled by default but can be disabled with ++ * {@code -Dcom.redhat.fips.plainKeySupport=false}. ++ * ++ * @return a boolean indicating whether plain key support ++ * should be enabled. ++ */ ++ static boolean isPlainKeySupportEnabled() { ++ return plainKeySupportEnabled; ++ } ++ ++ /** ++ * Determines whether FIPS mode should be enabled. ++ * ++ * OpenJDK FIPS mode will be enabled only if the system is in ++ * FIPS mode. ++ * ++ * Calls to this method only occur if the system property ++ * com.redhat.fips is not set to false. ++ * ++ * There are 2 possible ways in which OpenJDK detects that the system ++ * is in FIPS mode: 1) if the NSS SECMOD_GetSystemFIPSEnabled API is ++ * available at OpenJDK's built-time, it is called; 2) otherwise, the ++ * /proc/sys/crypto/fips_enabled file is read. ++ * ++ * @return true if the system is in FIPS mode ++ */ ++ private static boolean enableFips() throws IOException { ++ if (sdebug != null) { ++ sdebug.println("Calling getSystemFIPSEnabled (libsystemconf)..."); ++ } ++ try { ++ boolean fipsEnabled = getSystemFIPSEnabled(); ++ if (sdebug != null) { ++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) returned: " ++ + fipsEnabled); ++ } ++ return fipsEnabled; ++ } catch (IOException e) { ++ if (sdebug != null) { ++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) failed:"); ++ sdebug.println(e.getMessage()); ++ } ++ throw e; ++ } ++ } ++} +diff --git a/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java b/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java +new file mode 100644 +index 00000000000..5c30a8b29c7 +--- /dev/null ++++ b/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java +@@ -0,0 +1,31 @@ ++/* ++ * Copyright (c) 2020, Red Hat, Inc. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.misc; ++ ++public interface JavaSecuritySystemConfiguratorAccess { ++ boolean isSystemFipsEnabled(); ++ boolean isPlainKeySupportEnabled(); ++} +diff --git a/jdk/src/share/classes/sun/misc/SharedSecrets.java b/jdk/src/share/classes/sun/misc/SharedSecrets.java +index f065a2c685d..0dafe6f59cf 100644 +--- a/jdk/src/share/classes/sun/misc/SharedSecrets.java ++++ b/jdk/src/share/classes/sun/misc/SharedSecrets.java +@@ -31,6 +31,7 @@ import java.io.Console; + import java.io.FileDescriptor; + import java.io.ObjectInputStream; + import java.security.ProtectionDomain; ++import java.security.Security; + import java.security.Signature; + + import java.security.AccessController; +@@ -63,6 +64,7 @@ public class SharedSecrets { + private static JavaObjectInputStreamReadString javaObjectInputStreamReadString; + private static JavaObjectInputStreamAccess javaObjectInputStreamAccess; + private static JavaSecuritySignatureAccess javaSecuritySignatureAccess; ++ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess; + + public static JavaUtilJarAccess javaUtilJarAccess() { + if (javaUtilJarAccess == null) { +@@ -248,4 +250,15 @@ public class SharedSecrets { + } + return javaxCryptoSealedObjectAccess; + } ++ ++ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) { ++ javaSecuritySystemConfiguratorAccess = jssca; ++ } ++ ++ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() { ++ if (javaSecuritySystemConfiguratorAccess == null) { ++ unsafe.ensureClassInitialized(Security.class); ++ } ++ return javaSecuritySystemConfiguratorAccess; ++ } + } +diff --git a/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java +new file mode 100644 +index 00000000000..14d19450390 +--- /dev/null ++++ b/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java +@@ -0,0 +1,290 @@ ++/* ++ * Copyright (c) 2021, Red Hat, Inc. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.security.pkcs11; ++ ++import java.math.BigInteger; ++import java.security.KeyFactory; ++import java.security.Provider; ++import java.security.Security; ++import java.util.HashMap; ++import java.util.Map; ++import java.util.concurrent.locks.ReentrantLock; ++ ++import javax.crypto.Cipher; ++import javax.crypto.spec.DHPrivateKeySpec; ++import javax.crypto.spec.IvParameterSpec; ++ ++import sun.security.jca.JCAUtil; ++import sun.security.pkcs11.TemplateManager; ++import sun.security.pkcs11.wrapper.CK_ATTRIBUTE; ++import sun.security.pkcs11.wrapper.CK_MECHANISM; ++import static sun.security.pkcs11.wrapper.PKCS11Constants.*; ++import sun.security.pkcs11.wrapper.PKCS11Exception; ++import sun.security.rsa.RSAUtil.KeyType; ++import sun.security.util.Debug; ++import sun.security.util.ECUtil; ++ ++final class FIPSKeyImporter { ++ ++ private static final Debug debug = ++ Debug.getInstance("sunpkcs11"); ++ ++ private static P11Key importerKey = null; ++ private static final ReentrantLock importerKeyLock = new ReentrantLock(); ++ private static CK_MECHANISM importerKeyMechanism = null; ++ private static Cipher importerCipher = null; ++ ++ private static Provider sunECProvider = null; ++ private static final ReentrantLock sunECProviderLock = new ReentrantLock(); ++ ++ private static KeyFactory DHKF = null; ++ private static final ReentrantLock DHKFLock = new ReentrantLock(); ++ ++ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes) ++ throws PKCS11Exception { ++ long keyID = -1; ++ Token token = sunPKCS11.getToken(); ++ if (debug != null) { ++ debug.println("Private or Secret key will be imported in" + ++ " system FIPS mode."); ++ } ++ if (importerKey == null) { ++ importerKeyLock.lock(); ++ try { ++ if (importerKey == null) { ++ if (importerKeyMechanism == null) { ++ // Importer Key creation has not been tried yet. Try it. ++ createImporterKey(token); ++ } ++ if (importerKey == null || importerCipher == null) { ++ if (debug != null) { ++ debug.println("Importer Key could not be" + ++ " generated."); ++ } ++ throw new PKCS11Exception(CKR_GENERAL_ERROR); ++ } ++ if (debug != null) { ++ debug.println("Importer Key successfully" + ++ " generated."); ++ } ++ } ++ } finally { ++ importerKeyLock.unlock(); ++ } ++ } ++ long importerKeyID = importerKey.getKeyID(); ++ try { ++ byte[] keyBytes = null; ++ byte[] encKeyBytes = null; ++ long keyClass = 0L; ++ long keyType = 0L; ++ Map attrsMap = new HashMap<>(); ++ for (CK_ATTRIBUTE attr : attributes) { ++ if (attr.type == CKA_CLASS) { ++ keyClass = attr.getLong(); ++ } else if (attr.type == CKA_KEY_TYPE) { ++ keyType = attr.getLong(); ++ } ++ attrsMap.put(attr.type, attr); ++ } ++ BigInteger v = null; ++ if (keyClass == CKO_PRIVATE_KEY) { ++ if (keyType == CKK_RSA) { ++ if (debug != null) { ++ debug.println("Importing an RSA private key..."); ++ } ++ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey( ++ KeyType.RSA, ++ null, ++ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null) ++ ? v : BigInteger.ZERO ++ ).getEncoded(); ++ } else if (keyType == CKK_DSA) { ++ if (debug != null) { ++ debug.println("Importing a DSA private key..."); ++ } ++ keyBytes = new sun.security.provider.DSAPrivateKey( ++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null) ++ ? v : BigInteger.ZERO ++ ).getEncoded(); ++ if (token.config.getNssNetscapeDbWorkaround() && ++ attrsMap.get(CKA_NETSCAPE_DB) == null) { ++ attrsMap.put(CKA_NETSCAPE_DB, ++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO)); ++ } ++ } else if (keyType == CKK_EC) { ++ if (debug != null) { ++ debug.println("Importing an EC private key..."); ++ } ++ if (sunECProvider == null) { ++ sunECProviderLock.lock(); ++ try { ++ if (sunECProvider == null) { ++ sunECProvider = Security.getProvider("SunEC"); ++ } ++ } finally { ++ sunECProviderLock.unlock(); ++ } ++ } ++ keyBytes = P11ECUtil.generateECPrivateKey( ++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ECUtil.getECParameterSpec(sunECProvider, ++ attrsMap.get(CKA_EC_PARAMS).getByteArray())) ++ .getEncoded(); ++ if (token.config.getNssNetscapeDbWorkaround() && ++ attrsMap.get(CKA_NETSCAPE_DB) == null) { ++ attrsMap.put(CKA_NETSCAPE_DB, ++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO)); ++ } ++ } else if (keyType == CKK_DH) { ++ if (debug != null) { ++ debug.println("Importing a Diffie-Hellman private key..."); ++ } ++ if (DHKF == null) { ++ DHKFLock.lock(); ++ try { ++ if (DHKF == null) { ++ DHKF = KeyFactory.getInstance( ++ "DH", P11Util.getSunJceProvider()); ++ } ++ } finally { ++ DHKFLock.unlock(); ++ } ++ } ++ DHPrivateKeySpec spec = new DHPrivateKeySpec ++ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null) ++ ? v : BigInteger.ZERO, ++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null) ++ ? v : BigInteger.ZERO); ++ keyBytes = DHKF.generatePrivate(spec).getEncoded(); ++ if (token.config.getNssNetscapeDbWorkaround() && ++ attrsMap.get(CKA_NETSCAPE_DB) == null) { ++ attrsMap.put(CKA_NETSCAPE_DB, ++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO)); ++ } ++ } else { ++ if (debug != null) { ++ debug.println("Unrecognized private key type."); ++ } ++ throw new PKCS11Exception(CKR_GENERAL_ERROR); ++ } ++ } else if (keyClass == CKO_SECRET_KEY) { ++ if (debug != null) { ++ debug.println("Importing a secret key..."); ++ } ++ keyBytes = attrsMap.get(CKA_VALUE).getByteArray(); ++ } ++ if (keyBytes == null || keyBytes.length == 0) { ++ if (debug != null) { ++ debug.println("Private or secret key plain bytes could" + ++ " not be obtained. Import failed."); ++ } ++ throw new PKCS11Exception(CKR_GENERAL_ERROR); ++ } ++ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey, ++ new IvParameterSpec((byte[])importerKeyMechanism.pParameter), ++ null); ++ attributes = new CK_ATTRIBUTE[attrsMap.size()]; ++ attrsMap.values().toArray(attributes); ++ encKeyBytes = importerCipher.doFinal(keyBytes); ++ attributes = token.getAttributes(TemplateManager.O_IMPORT, ++ keyClass, keyType, attributes); ++ keyID = token.p11.C_UnwrapKey(hSession, ++ importerKeyMechanism, importerKeyID, encKeyBytes, attributes); ++ if (debug != null) { ++ debug.println("Imported key ID: " + keyID); ++ } ++ } catch (Throwable t) { ++ throw new PKCS11Exception(CKR_GENERAL_ERROR); ++ } finally { ++ importerKey.releaseKeyID(); ++ } ++ return Long.valueOf(keyID); ++ } ++ ++ private static void createImporterKey(Token token) { ++ if (debug != null) { ++ debug.println("Generating Importer Key..."); ++ } ++ byte[] iv = new byte[16]; ++ JCAUtil.getSecureRandom().nextBytes(iv); ++ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv); ++ try { ++ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE, ++ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] { ++ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), ++ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)}); ++ Session s = null; ++ try { ++ s = token.getObjSession(); ++ long keyID = token.p11.C_GenerateKey( ++ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN), ++ attributes); ++ if (debug != null) { ++ debug.println("Importer Key ID: " + keyID); ++ } ++ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES", ++ 256 >> 3, null); ++ } catch (PKCS11Exception e) { ++ // best effort ++ } finally { ++ token.releaseSession(s); ++ } ++ if (importerKey != null) { ++ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); ++ } ++ } catch (Throwable t) { ++ // best effort ++ importerKey = null; ++ importerCipher = null; ++ // importerKeyMechanism value is kept initialized to indicate that ++ // Importer Key creation has been tried and failed. ++ } ++ } ++} +diff --git a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java +index fedcd7743ef..f9d70863bd1 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java +@@ -26,6 +26,9 @@ + package sun.security.pkcs11; + + import java.io.*; ++import java.lang.invoke.MethodHandle; ++import java.lang.invoke.MethodHandles; ++import java.lang.invoke.MethodType; + import java.util.*; + + import java.security.*; +@@ -42,6 +45,8 @@ import javax.security.auth.callback.ConfirmationCallback; + import javax.security.auth.callback.PasswordCallback; + import javax.security.auth.callback.TextOutputCallback; + ++import sun.misc.SharedSecrets; ++ + import sun.security.util.Debug; + import sun.security.util.ResourcesMgr; + +@@ -58,6 +63,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + */ + public final class SunPKCS11 extends AuthProvider { + ++ private static final boolean systemFipsEnabled = SharedSecrets ++ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled(); ++ ++ private static final boolean plainKeySupportEnabled = SharedSecrets ++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled(); ++ ++ private static final MethodHandle fipsImportKey; ++ static { ++ MethodHandle fipsImportKeyTmp = null; ++ if (plainKeySupportEnabled) { ++ try { ++ fipsImportKeyTmp = MethodHandles.lookup().findStatic( ++ FIPSKeyImporter.class, "importKey", ++ MethodType.methodType(Long.class, SunPKCS11.class, ++ long.class, CK_ATTRIBUTE[].class)); ++ } catch (Throwable t) { ++ throw new SecurityException("FIPS key importer initialization" + ++ " failed", t); ++ } ++ } ++ fipsImportKey = fipsImportKeyTmp; ++ } ++ + private static final long serialVersionUID = -1354835039035306505L; + + static final Debug debug = Debug.getInstance("sunpkcs11"); +@@ -309,10 +337,15 @@ public final class SunPKCS11 extends AuthProvider { + // request multithreaded access first + initArgs.flags = CKF_OS_LOCKING_OK; + PKCS11 tmpPKCS11; ++ MethodHandle fipsKeyImporter = null; ++ if (plainKeySupportEnabled) { ++ fipsKeyImporter = MethodHandles.insertArguments( ++ fipsImportKey, 0, this); ++ } + try { + tmpPKCS11 = PKCS11.getInstance( + library, functionList, initArgs, +- config.getOmitInitialize()); ++ config.getOmitInitialize(), fipsKeyImporter); + } catch (PKCS11Exception e) { + if (debug != null) { + debug.println("Multi-threaded initialization failed: " + e); +@@ -328,7 +361,7 @@ public final class SunPKCS11 extends AuthProvider { + initArgs.flags = 0; + } + tmpPKCS11 = PKCS11.getInstance(library, +- functionList, initArgs, config.getOmitInitialize()); ++ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter); + } + p11 = tmpPKCS11; + +@@ -368,6 +401,24 @@ public final class SunPKCS11 extends AuthProvider { + if (nssModule != null) { + nssModule.setProvider(this); + } ++ if (systemFipsEnabled) { ++ // The NSS Software Token in FIPS 140-2 mode requires a user ++ // login for most operations. See sftk_fipsCheck. The NSS DB ++ // (/etc/pki/nssdb) PIN is empty. ++ Session session = null; ++ try { ++ session = token.getOpSession(); ++ p11.C_Login(session.id(), CKU_USER, new char[] {}); ++ } catch (PKCS11Exception p11e) { ++ if (debug != null) { ++ debug.println("Error during token login: " + ++ p11e.getMessage()); ++ } ++ throw p11e; ++ } finally { ++ token.releaseSession(session); ++ } ++ } + } catch (Exception e) { + if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) { + throw new UnsupportedOperationException +diff --git a/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java +index 2e42d1d9fb0..1b7eed1c656 100644 +--- a/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java ++++ b/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java +@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper; + + import java.io.File; + import java.io.IOException; ++import java.lang.invoke.MethodHandle; + import java.util.*; + + import java.security.AccessController; +@@ -145,18 +146,41 @@ public class PKCS11 { + this.pkcs11ModulePath = pkcs11ModulePath; + } + ++ /* ++ * Compatibility wrapper to allow this method to work as before ++ * when FIPS mode support is not active. ++ */ ++ public static synchronized PKCS11 getInstance(String pkcs11ModulePath, ++ String functionList, CK_C_INITIALIZE_ARGS pInitArgs, ++ boolean omitInitialize) throws IOException, PKCS11Exception { ++ return getInstance(pkcs11ModulePath, functionList, ++ pInitArgs, omitInitialize, null); ++ } ++ + public static synchronized PKCS11 getInstance(String pkcs11ModulePath, + String functionList, CK_C_INITIALIZE_ARGS pInitArgs, +- boolean omitInitialize) throws IOException, PKCS11Exception { ++ boolean omitInitialize, MethodHandle fipsKeyImporter) ++ throws IOException, PKCS11Exception { + // we may only call C_Initialize once per native .so/.dll + // so keep a cache using the (non-canonicalized!) path + PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath); + if (pkcs11 == null) { ++ boolean nssFipsMode = fipsKeyImporter != null; + if ((pInitArgs != null) + && ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) { +- pkcs11 = new PKCS11(pkcs11ModulePath, functionList); ++ if (nssFipsMode) { ++ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList, ++ fipsKeyImporter); ++ } else { ++ pkcs11 = new PKCS11(pkcs11ModulePath, functionList); ++ } + } else { +- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList); ++ if (nssFipsMode) { ++ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath, ++ functionList, fipsKeyImporter); ++ } else { ++ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList); ++ } + } + if (omitInitialize == false) { + try { +@@ -1905,4 +1929,69 @@ static class SynchronizedPKCS11 extends PKCS11 { + super.C_GenerateRandom(hSession, randomData); + } + } ++ ++// PKCS11 subclass that allows using plain private or secret keys in ++// FIPS-configured NSS Software Tokens. Only used when System FIPS ++// is enabled. ++static class FIPSPKCS11 extends PKCS11 { ++ private MethodHandle fipsKeyImporter; ++ FIPSPKCS11(String pkcs11ModulePath, String functionListName, ++ MethodHandle fipsKeyImporter) throws IOException { ++ super(pkcs11ModulePath, functionListName); ++ this.fipsKeyImporter = fipsKeyImporter; ++ } ++ ++ public synchronized long C_CreateObject(long hSession, ++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception { ++ // Creating sensitive key objects from plain key material in a ++ // FIPS-configured NSS Software Token is not allowed. We apply ++ // a key-unwrapping scheme to achieve so. ++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) { ++ try { ++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate)) ++ .longValue(); ++ } catch (Throwable t) { ++ throw new PKCS11Exception(CKR_GENERAL_ERROR); ++ } ++ } ++ return super.C_CreateObject(hSession, pTemplate); ++ } ++} ++ ++// FIPSPKCS11 synchronized counterpart. ++static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 { ++ private MethodHandle fipsKeyImporter; ++ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName, ++ MethodHandle fipsKeyImporter) throws IOException { ++ super(pkcs11ModulePath, functionListName); ++ this.fipsKeyImporter = fipsKeyImporter; ++ } ++ ++ public synchronized long C_CreateObject(long hSession, ++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception { ++ // See FIPSPKCS11::C_CreateObject. ++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) { ++ try { ++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate)) ++ .longValue(); ++ } catch (Throwable t) { ++ throw new PKCS11Exception(CKR_GENERAL_ERROR); ++ } ++ } ++ return super.C_CreateObject(hSession, pTemplate); ++ } ++} ++ ++private static class FIPSPKCS11Helper { ++ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) { ++ for (CK_ATTRIBUTE attr : pTemplate) { ++ if (attr.type == CKA_CLASS && ++ (attr.getLong() == CKO_PRIVATE_KEY || ++ attr.getLong() == CKO_SECRET_KEY)) { ++ return true; ++ } ++ } ++ return false; ++ } ++} + } +diff --git a/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java +index ffee2c1603b..98119479823 100644 +--- a/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java ++++ b/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java +@@ -33,8 +33,13 @@ import java.security.KeyStore.*; + + import javax.net.ssl.*; + ++import sun.misc.SharedSecrets; ++ + abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi { + ++ private static final boolean plainKeySupportEnabled = SharedSecrets ++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled(); ++ + X509ExtendedKeyManager keyManager; + boolean isInitialized; + +@@ -62,7 +67,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi { + KeyStoreException, NoSuchAlgorithmException, + UnrecoverableKeyException { + if ((ks != null) && SunJSSE.isFIPS()) { +- if (ks.getProvider() != SunJSSE.cryptoProvider) { ++ if (ks.getProvider() != SunJSSE.cryptoProvider && ++ !plainKeySupportEnabled) { + throw new KeyStoreException("FIPS mode: KeyStore must be " + + "from provider " + SunJSSE.cryptoProvider.getName()); + } +@@ -91,8 +97,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi { + keyManager = new X509KeyManagerImpl( + Collections.emptyList()); + } else { +- if (SunJSSE.isFIPS() && +- (ks.getProvider() != SunJSSE.cryptoProvider)) { ++ if (SunJSSE.isFIPS() && (ks.getProvider() != SunJSSE.cryptoProvider) ++ && !plainKeySupportEnabled) { + throw new KeyStoreException( + "FIPS mode: KeyStore must be " + + "from provider " + SunJSSE.cryptoProvider.getName()); +diff --git a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java +index 820e10164fc..6fe2c29389f 100644 +--- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java ++++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java +@@ -31,6 +31,7 @@ import java.security.*; + import java.security.cert.*; + import java.util.*; + import javax.net.ssl.*; ++import sun.misc.SharedSecrets; + import sun.security.action.GetPropertyAction; + import sun.security.provider.certpath.AlgorithmChecker; + import sun.security.validator.Validator; +@@ -539,20 +540,38 @@ public abstract class SSLContextImpl extends SSLContextSpi { + + static { + if (SunJSSE.isFIPS()) { +- supportedProtocols = Arrays.asList( +- ProtocolVersion.TLS13, +- ProtocolVersion.TLS12, +- ProtocolVersion.TLS11, +- ProtocolVersion.TLS10 +- ); ++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ supportedProtocols = Arrays.asList( ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ ); + +- serverDefaultProtocols = getAvailableProtocols( +- new ProtocolVersion[] { +- ProtocolVersion.TLS13, +- ProtocolVersion.TLS12, +- ProtocolVersion.TLS11, +- ProtocolVersion.TLS10 +- }); ++ serverDefaultProtocols = getAvailableProtocols( ++ new ProtocolVersion[] { ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }); ++ } else { ++ supportedProtocols = Arrays.asList( ++ ProtocolVersion.TLS13, ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ ); ++ ++ serverDefaultProtocols = getAvailableProtocols( ++ new ProtocolVersion[] { ++ ProtocolVersion.TLS13, ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }); ++ } + } else { + supportedProtocols = Arrays.asList( + ProtocolVersion.TLS13, +@@ -612,6 +631,16 @@ public abstract class SSLContextImpl extends SSLContextSpi { + + static ProtocolVersion[] getSupportedProtocols() { + if (SunJSSE.isFIPS()) { ++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ return new ProtocolVersion[] { ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }; ++ } + return new ProtocolVersion[] { + ProtocolVersion.TLS13, + ProtocolVersion.TLS12, +@@ -939,6 +968,16 @@ public abstract class SSLContextImpl extends SSLContextSpi { + + static ProtocolVersion[] getProtocols() { + if (SunJSSE.isFIPS()) { ++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ return new ProtocolVersion[] { ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }; ++ } + return new ProtocolVersion[]{ + ProtocolVersion.TLS13, + ProtocolVersion.TLS12, +diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +index 2845dc37938..52337a7b6cf 100644 +--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java ++++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +@@ -30,6 +30,8 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER; + + import java.security.*; + ++import sun.misc.SharedSecrets; ++ + /** + * The JSSE provider. + * +@@ -215,8 +217,13 @@ public abstract class SunJSSE extends java.security.Provider { + "sun.security.ssl.SSLContextImpl$TLS11Context"); + put("SSLContext.TLSv1.2", + "sun.security.ssl.SSLContextImpl$TLS12Context"); +- put("SSLContext.TLSv1.3", +- "sun.security.ssl.SSLContextImpl$TLS13Context"); ++ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ put("SSLContext.TLSv1.3", ++ "sun.security.ssl.SSLContextImpl$TLS13Context"); ++ } + put("SSLContext.TLS", + "sun.security.ssl.SSLContextImpl$TLSContext"); + if (isfips == false) { +diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix +index 7a93d4e6b59..681a24b905d 100644 +--- a/jdk/src/share/lib/security/java.security-aix ++++ b/jdk/src/share/lib/security/java.security-aix +@@ -287,6 +287,13 @@ package.definition=sun.,\ + # + security.overridePropertiesFile=true + ++# ++# Determines whether this properties file will be appended to ++# using the system properties file stored at ++# /etc/crypto-policies/back-ends/java.config ++# ++security.useSystemPropertiesFile=false ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux +index 145a84f94cf..789c19a8cba 100644 +--- a/jdk/src/share/lib/security/java.security-linux ++++ b/jdk/src/share/lib/security/java.security-linux +@@ -75,6 +75,14 @@ security.provider.7=com.sun.security.sasl.Provider + security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI + security.provider.9=sun.security.smartcardio.SunPCSC + ++# ++# Security providers used when FIPS mode support is active ++# ++fips.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.fips.cfg ++fips.provider.2=sun.security.provider.Sun ++fips.provider.3=sun.security.ec.SunEC ++fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS ++ + # + # Sun Provider SecureRandom seed source. + # +@@ -170,6 +178,11 @@ policy.ignoreIdentityScope=false + # + keystore.type=jks + ++# ++# Default keystore type used when global crypto-policies are set to FIPS. ++# ++fips.keystore.type=PKCS11 ++ + # + # Controls compatibility mode for the JKS keystore type. + # +@@ -287,6 +300,13 @@ package.definition=sun.,\ + # + security.overridePropertiesFile=true + ++# ++# Determines whether this properties file will be appended to ++# using the system properties file stored at ++# /etc/crypto-policies/back-ends/java.config ++# ++security.useSystemPropertiesFile=false ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx +index 35fa140d7a5..d4da666af3b 100644 +--- a/jdk/src/share/lib/security/java.security-macosx ++++ b/jdk/src/share/lib/security/java.security-macosx +@@ -290,6 +290,13 @@ package.definition=sun.,\ + # + security.overridePropertiesFile=true + ++# ++# Determines whether this properties file will be appended to ++# using the system properties file stored at ++# /etc/crypto-policies/back-ends/java.config ++# ++security.useSystemPropertiesFile=false ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris +index f79ba37ddb9..300132384a1 100644 +--- a/jdk/src/share/lib/security/java.security-solaris ++++ b/jdk/src/share/lib/security/java.security-solaris +@@ -288,6 +288,13 @@ package.definition=sun.,\ + # + security.overridePropertiesFile=true + ++# ++# Determines whether this properties file will be appended to ++# using the system properties file stored at ++# /etc/crypto-policies/back-ends/java.config ++# ++security.useSystemPropertiesFile=false ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows +index d70503ce95f..64db5a5cd1e 100644 +--- a/jdk/src/share/lib/security/java.security-windows ++++ b/jdk/src/share/lib/security/java.security-windows +@@ -290,6 +290,13 @@ package.definition=sun.,\ + # + security.overridePropertiesFile=true + ++# ++# Determines whether this properties file will be appended to ++# using the system properties file stored at ++# /etc/crypto-policies/back-ends/java.config ++# ++security.useSystemPropertiesFile=false ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/solaris/native/java/security/systemconf.c b/jdk/src/solaris/native/java/security/systemconf.c +new file mode 100644 +index 00000000000..8dcb7d9073f +--- /dev/null ++++ b/jdk/src/solaris/native/java/security/systemconf.c +@@ -0,0 +1,224 @@ ++/* ++ * Copyright (c) 2021, Red Hat, Inc. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#include ++#include ++#include "jvm_md.h" ++#include ++ ++#ifdef SYSCONF_NSS ++#include ++#else ++#include ++#endif //SYSCONF_NSS ++ ++#include "java_security_SystemConfigurator.h" ++ ++#define MSG_MAX_SIZE 256 ++#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled" ++ ++typedef int (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE)(void); ++ ++static SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE *getSystemFIPSEnabled; ++static jmethodID debugPrintlnMethodID = NULL; ++static jobject debugObj = NULL; ++ ++static void dbgPrint(JNIEnv *env, const char* msg) ++{ ++ jstring jMsg; ++ if (debugObj != NULL) { ++ jMsg = (*env)->NewStringUTF(env, msg); ++ CHECK_NULL(jMsg); ++ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg); ++ } ++} ++ ++static void throwIOException(JNIEnv *env, const char *msg) ++{ ++ jclass cls = (*env)->FindClass(env, "java/io/IOException"); ++ if (cls != 0) ++ (*env)->ThrowNew(env, cls, msg); ++} ++ ++static void handle_msg(JNIEnv *env, const char* msg, int msg_bytes) ++{ ++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) { ++ dbgPrint(env, msg); ++ } else { ++ dbgPrint(env, "systemconf: cannot render message"); ++ } ++} ++ ++// Only used when NSS is not linked at build time ++#ifndef SYSCONF_NSS ++ ++static void *nss_handle; ++ ++static jboolean loadNSS(JNIEnv *env) ++{ ++ char msg[MSG_MAX_SIZE]; ++ int msg_bytes; ++ const char* errmsg; ++ ++ nss_handle = dlopen(JNI_LIB_NAME("nss3"), RTLD_LAZY); ++ if (nss_handle == NULL) { ++ errmsg = dlerror(); ++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlopen: %s\n", ++ errmsg); ++ handle_msg(env, msg, msg_bytes); ++ return JNI_FALSE; ++ } ++ dlerror(); /* Clear errors */ ++ getSystemFIPSEnabled = (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE*)dlsym(nss_handle, "SECMOD_GetSystemFIPSEnabled"); ++ if ((errmsg = dlerror()) != NULL) { ++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlsym: %s\n", ++ errmsg); ++ handle_msg(env, msg, msg_bytes); ++ return JNI_FALSE; ++ } ++ return JNI_TRUE; ++} ++ ++static void closeNSS(JNIEnv *env) ++{ ++ char msg[MSG_MAX_SIZE]; ++ int msg_bytes; ++ const char* errmsg; ++ ++ if (dlclose(nss_handle) != 0) { ++ errmsg = dlerror(); ++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "closeNSS: dlclose: %s\n", ++ errmsg); ++ handle_msg(env, msg, msg_bytes); ++ } ++} ++ ++#endif ++ ++/* ++ * Class: java_security_SystemConfigurator ++ * Method: JNI_OnLoad ++ */ ++JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved) ++{ ++ JNIEnv *env; ++ jclass sysConfCls, debugCls; ++ jfieldID sdebugFld; ++ ++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) { ++ return JNI_EVERSION; /* JNI version not supported */ ++ } ++ ++ sysConfCls = (*env)->FindClass(env,"java/security/SystemConfigurator"); ++ if (sysConfCls == NULL) { ++ printf("libsystemconf: SystemConfigurator class not found\n"); ++ return JNI_ERR; ++ } ++ sdebugFld = (*env)->GetStaticFieldID(env, sysConfCls, ++ "sdebug", "Lsun/security/util/Debug;"); ++ if (sdebugFld == NULL) { ++ printf("libsystemconf: SystemConfigurator::sdebug field not found\n"); ++ return JNI_ERR; ++ } ++ debugObj = (*env)->GetStaticObjectField(env, sysConfCls, sdebugFld); ++ if (debugObj != NULL) { ++ debugCls = (*env)->FindClass(env,"sun/security/util/Debug"); ++ if (debugCls == NULL) { ++ printf("libsystemconf: Debug class not found\n"); ++ return JNI_ERR; ++ } ++ debugPrintlnMethodID = (*env)->GetMethodID(env, debugCls, ++ "println", "(Ljava/lang/String;)V"); ++ if (debugPrintlnMethodID == NULL) { ++ printf("libsystemconf: Debug::println(String) method not found\n"); ++ return JNI_ERR; ++ } ++ debugObj = (*env)->NewGlobalRef(env, debugObj); ++ } ++ ++#ifdef SYSCONF_NSS ++ getSystemFIPSEnabled = *SECMOD_GetSystemFIPSEnabled; ++#else ++ if (loadNSS(env) == JNI_FALSE) { ++ dbgPrint(env, "libsystemconf: Failed to load NSS library."); ++ } ++#endif ++ ++ return (*env)->GetVersion(env); ++} ++ ++/* ++ * Class: java_security_SystemConfigurator ++ * Method: JNI_OnUnload ++ */ ++JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved) ++{ ++ JNIEnv *env; ++ ++ if (debugObj != NULL) { ++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) { ++ return; /* Should not happen */ ++ } ++#ifndef SYSCONF_NSS ++ closeNSS(env); ++#endif ++ (*env)->DeleteGlobalRef(env, debugObj); ++ } ++} ++ ++JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled ++ (JNIEnv *env, jclass cls) ++{ ++ int fips_enabled; ++ char msg[MSG_MAX_SIZE]; ++ int msg_bytes; ++ ++ if (getSystemFIPSEnabled != NULL) { ++ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled"); ++ fips_enabled = (*getSystemFIPSEnabled)(); ++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \ ++ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled); ++ handle_msg(env, msg, msg_bytes); ++ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE); ++ } else { ++ FILE *fe; ++ ++ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH); ++ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) { ++ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH); ++ return JNI_FALSE; ++ } ++ fips_enabled = fgetc(fe); ++ fclose(fe); ++ if (fips_enabled == EOF) { ++ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH); ++ return JNI_FALSE; ++ } ++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \ ++ " read character is '%c'", fips_enabled); ++ handle_msg(env, msg, msg_bytes); ++ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE); ++ } ++} diff --git a/java-1.8.0-openjdk-remove-intree-libraries.sh b/java-1.8.0-openjdk-remove-intree-libraries.sh new file mode 100644 index 0000000..201a220 --- /dev/null +++ b/java-1.8.0-openjdk-remove-intree-libraries.sh @@ -0,0 +1,131 @@ +#!/bin/sh + +ZIP_SRC=openjdk/jdk/src/share/native/java/util/zip/zlib +JPEG_SRC=openjdk/jdk/src/share/native/sun/awt/image/jpeg +GIF_SRC=openjdk/jdk/src/share/native/sun/awt/giflib +PNG_SRC=openjdk/jdk/src/share/native/sun/awt/libpng +LCMS_SRC=openjdk/jdk/src/share/native/sun/java2d/cmm/lcms + +echo "Removing built-in libs (they will be linked)" + +echo "Removing zlib" +if [ ! -d ${ZIP_SRC} ]; then + echo "${ZIP_SRC} does not exist. Refusing to proceed." + exit 1 +fi +rm -rvf ${ZIP_SRC} + +echo "Removing libjpeg" +if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist + echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed." + exit 1 +fi + +rm -vf ${JPEG_SRC}/jcomapi.c +rm -vf ${JPEG_SRC}/jdapimin.c +rm -vf ${JPEG_SRC}/jdapistd.c +rm -vf ${JPEG_SRC}/jdcoefct.c +rm -vf ${JPEG_SRC}/jdcolor.c +rm -vf ${JPEG_SRC}/jdct.h +rm -vf ${JPEG_SRC}/jddctmgr.c +rm -vf ${JPEG_SRC}/jdhuff.c +rm -vf ${JPEG_SRC}/jdhuff.h +rm -vf ${JPEG_SRC}/jdinput.c +rm -vf ${JPEG_SRC}/jdmainct.c +rm -vf ${JPEG_SRC}/jdmarker.c +rm -vf ${JPEG_SRC}/jdmaster.c +rm -vf ${JPEG_SRC}/jdmerge.c +rm -vf ${JPEG_SRC}/jdphuff.c +rm -vf ${JPEG_SRC}/jdpostct.c +rm -vf ${JPEG_SRC}/jdsample.c +rm -vf ${JPEG_SRC}/jerror.c +rm -vf ${JPEG_SRC}/jerror.h +rm -vf ${JPEG_SRC}/jidctflt.c +rm -vf ${JPEG_SRC}/jidctfst.c +rm -vf ${JPEG_SRC}/jidctint.c +rm -vf ${JPEG_SRC}/jidctred.c +rm -vf ${JPEG_SRC}/jinclude.h +rm -vf ${JPEG_SRC}/jmemmgr.c +rm -vf ${JPEG_SRC}/jmemsys.h +rm -vf ${JPEG_SRC}/jmemnobs.c +rm -vf ${JPEG_SRC}/jmorecfg.h +rm -vf ${JPEG_SRC}/jpegint.h +rm -vf ${JPEG_SRC}/jpeglib.h +rm -vf ${JPEG_SRC}/jquant1.c +rm -vf ${JPEG_SRC}/jquant2.c +rm -vf ${JPEG_SRC}/jutils.c +rm -vf ${JPEG_SRC}/jcapimin.c +rm -vf ${JPEG_SRC}/jcapistd.c +rm -vf ${JPEG_SRC}/jccoefct.c +rm -vf ${JPEG_SRC}/jccolor.c +rm -vf ${JPEG_SRC}/jcdctmgr.c +rm -vf ${JPEG_SRC}/jchuff.c +rm -vf ${JPEG_SRC}/jchuff.h +rm -vf ${JPEG_SRC}/jcinit.c +rm -vf ${JPEG_SRC}/jconfig.h +rm -vf ${JPEG_SRC}/jcmainct.c +rm -vf ${JPEG_SRC}/jcmarker.c +rm -vf ${JPEG_SRC}/jcmaster.c +rm -vf ${JPEG_SRC}/jcparam.c +rm -vf ${JPEG_SRC}/jcphuff.c +rm -vf ${JPEG_SRC}/jcprepct.c +rm -vf ${JPEG_SRC}/jcsample.c +rm -vf ${JPEG_SRC}/jctrans.c +rm -vf ${JPEG_SRC}/jdtrans.c +rm -vf ${JPEG_SRC}/jfdctflt.c +rm -vf ${JPEG_SRC}/jfdctfst.c +rm -vf ${JPEG_SRC}/jfdctint.c +rm -vf ${JPEG_SRC}/jversion.h +rm -vf ${JPEG_SRC}/README + +echo "Removing giflib" +if [ ! -d ${GIF_SRC} ]; then + echo "${GIF_SRC} does not exist. Refusing to proceed." + exit 1 +fi +rm -rvf ${GIF_SRC} + +echo "Removing libpng" +if [ ! -d ${PNG_SRC} ]; then + echo "${PNG_SRC} does not exist. Refusing to proceed." + exit 1 +fi +rm -rvf ${PNG_SRC} + +echo "Removing lcms" +if [ ! -d ${LCMS_SRC} ]; then + echo "${LCMS_SRC} does not exist. Refusing to proceed." + exit 1 +fi +# temporary change to move bundled LCMS +if [ ! true ]; then +rm -vf ${LCMS_SRC}/cmsalpha.c +rm -vf ${LCMS_SRC}/cmscam02.c +rm -vf ${LCMS_SRC}/cmscgats.c +rm -vf ${LCMS_SRC}/cmscnvrt.c +rm -vf ${LCMS_SRC}/cmserr.c +rm -vf ${LCMS_SRC}/cmsgamma.c +rm -vf ${LCMS_SRC}/cmsgmt.c +rm -vf ${LCMS_SRC}/cmshalf.c +rm -vf ${LCMS_SRC}/cmsintrp.c +rm -vf ${LCMS_SRC}/cmsio0.c +rm -vf ${LCMS_SRC}/cmsio1.c +rm -vf ${LCMS_SRC}/cmslut.c +rm -vf ${LCMS_SRC}/cmsmd5.c +rm -vf ${LCMS_SRC}/cmsmtrx.c +rm -vf ${LCMS_SRC}/cmsnamed.c +rm -vf ${LCMS_SRC}/cmsopt.c +rm -vf ${LCMS_SRC}/cmspack.c +rm -vf ${LCMS_SRC}/cmspcs.c +rm -vf ${LCMS_SRC}/cmsplugin.c +rm -vf ${LCMS_SRC}/cmsps2.c +rm -vf ${LCMS_SRC}/cmssamp.c +rm -vf ${LCMS_SRC}/cmssm.c +rm -vf ${LCMS_SRC}/cmstypes.c +rm -vf ${LCMS_SRC}/cmsvirt.c +rm -vf ${LCMS_SRC}/cmswtpnt.c +rm -vf ${LCMS_SRC}/cmsxform.c +rm -vf ${LCMS_SRC}/lcms2.h +rm -vf ${LCMS_SRC}/lcms2_internal.h +rm -vf ${LCMS_SRC}/lcms2_plugin.h +fi diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec new file mode 100644 index 0000000..16fbf02 --- /dev/null +++ b/java-1.8.0-openjdk.spec @@ -0,0 +1,5222 @@ +# RPM conditionals so as to be able to dynamically produce +# slowdebug/release builds. See: +# http://rpm.org/user_doc/conditional_builds.html +# +# Examples: +# +# Produce release, fastdebug *and* slowdebug builds on x86_64 (default): +# $ rpmbuild -ba java-1.8.0-openjdk.spec +# +# Produce only release builds (no debug builds) on x86_64: +# $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug --without fastdebug +# +# Only produce a release build on x86_64: +# $ rhpkg mockbuild --without slowdebug --without fastdebug +# +# Enable fastdebug builds by default on relevant arches. +%bcond_without fastdebug +# Enable slowdebug builds by default on relevant arches. +%bcond_without slowdebug +# Enable release builds by default on relevant arches. +%bcond_without release +# Remove build artifacts by default +%bcond_with artifacts +# Build a fresh libjvm.so for use in a copy of the bootstrap JDK +%bcond_without fresh_libjvm +# Build with system libraries +%bcond_with system_libs + +# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so +%if %{with fresh_libjvm} +%global build_hotspot_first 1 +%else +%global build_hotspot_first 0 +%endif + +%if %{with system_libs} +%global system_libs 1 +%global link_type system +%global jpeg_lib |libjavajpeg[.]so.* +%else +%global system_libs 0 +%global link_type bundled +%global jpeg_lib |libjpeg[.]so.* +%endif + +# The -g flag says to use strip -g instead of full strip on DSOs or EXEs. +# This fixes detailed NMT and other tools which need minimal debug info. +# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 +%global _find_debuginfo_opts -g + +# note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros +# also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch +# see the difference between global and define: +# See https://github.com/rpm-software-management/rpm/issues/127 to comments at "pmatilai commented on Aug 18, 2017" +# (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192) +%global debug_suffix_unquoted -slowdebug +%global fastdebug_suffix_unquoted -fastdebug +# quoted one for shell operations +%global debug_suffix "%{debug_suffix_unquoted}" +%global fastdebug_suffix "%{fastdebug_suffix_unquoted}" +%global normal_suffix "" + +%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. +%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. +%global debug_on unoptimised with full debugging on +%global fastdebug_on optimised with full debugging on +%global for_fastdebug for packages with debugging on and optimisation +%global for_debug for packages with debugging on and no optimisation + +%if %{with release} +%global include_normal_build 1 +%else +%global include_normal_build 0 +%endif + +%if %{include_normal_build} +%global normal_build %{normal_suffix} +%else +%global normal_build %{nil} +%endif + +# We have hardcoded list of files, which is appearing in alternatives, and in files +# in alternatives those are slaves and master, very often triplicated by man pages +# in files all masters and slaves are ghosted +# the ghosts are here to allow installation via query like `dnf install /usr/bin/java` +# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ -e alternatives +# TODO - fix those hardcoded lists via single list +# Those files must *NOT* be ghosted for *slowdebug* packages +# FIXME - if you are moving jshell or jlink or similar, always modify all three sections +# you can check via headless and devels: +# rpm -ql --noghost java-11-openjdk-headless-11.0.1.13-8.fc29.x86_64.rpm | grep bin +# == rpm -ql java-11-openjdk-headless-slowdebug-11.0.1.13-8.fc29.x86_64.rpm | grep bin +# != rpm -ql java-11-openjdk-headless-11.0.1.13-8.fc29.x86_64.rpm | grep bin +# similarly for other %%{_jvmdir}/{jre,java} and %%{_javadocdir}/{java,java-zip} + +%global aarch64 aarch64 arm64 armv8 +# we need to distinguish between big and little endian PPC64 +%global ppc64le ppc64le +%global ppc64be ppc64 ppc64p7 +# Set of architectures which support multiple ABIs +%global multilib_arches %{power64} sparc64 x86_64 +# Set of architectures for which we build slowdebug builds +%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} +# Set of architectures for which we build fastdebug builds +%global fastdebug_arches x86_64 ppc64le aarch64 +# Set of architectures with a Just-In-Time (JIT) compiler +%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64 +# Set of architectures which use the Zero assembler port (!jit_arches) +%global zero_arches %{arm} ppc s390 s390x +# Set of architectures which run a full bootstrap cycle +%global bootstrap_arches %{jit_arches} %{zero_arches} +# Set of architectures which support SystemTap tapsets +%global systemtap_arches %{jit_arches} +# Set of architectures which support the serviceability agent +%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} +# Set of architectures which support class data sharing +# See https://bugzilla.redhat.com/show_bug.cgi?id=513605 +# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT +%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} +# Set of architectures which support Java Flight Recorder (JFR) +%global jfr_arches %{jit_arches} +# Set of architectures for which alt-java has SSB mitigation +%global ssbd_arches x86_64 +# Set of architectures where we verify backtraces with gdb +%global gdb_arches %{jit_arches} %{zero_arches} + +# By default, we build a debug build during main build on JIT architectures +%if %{with slowdebug} +%ifarch %{debug_arches} +%global include_debug_build 1 +%else +%global include_debug_build 0 +%endif +%else +%global include_debug_build 0 +%endif + +# By default, we build a fastdebug build during main build only on fastdebug architectures +%if %{with fastdebug} +%ifarch %{fastdebug_arches} +%global include_fastdebug_build 1 +%else +%global include_fastdebug_build 0 +%endif +%else +%global include_fastdebug_build 0 +%endif + +%if %{include_debug_build} +%global slowdebug_build %{debug_suffix} +%else +%global slowdebug_build %{nil} +%endif + +%if %{include_fastdebug_build} +%global fastdebug_build %{fastdebug_suffix} +%else +%global fastdebug_build %{nil} +%endif + +# If you disable all builds, then the build fails +# Build and test slowdebug first as it provides the best diagnostics +%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} + +%if 0%{?flatpak} +%global bootstrap_build false +%else +%ifarch %{bootstrap_arches} +%global bootstrap_build true +%else +%global bootstrap_build false +%endif +%endif + +%global bootstrap_targets images +%global release_targets images docs-zip +# No docs nor bootcycle for debug builds +%global debug_targets images +# Target to use to just build HotSpot +%global hotspot_target hotspot + +# JDK to use for bootstrapping +# Use OpenJDK 7 where available (on RHEL) to avoid +# having to use the rhel-7.x-java-unsafe-candidate hack +%if ! 0%{?fedora} && 0%{?rhel} <= 7 +%global buildjdkver 1.7.0 +%else +%global buildjdkver 1.8.0 +%endif +%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk + +# Filter out flags from the optflags macro that cause problems with the OpenJDK build +# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 +# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) +# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings +# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++ +%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||') +%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||') +%global ourldflags %{__global_ldflags} + +# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path +# the initialization must be here. Later the pkg-config have buggy behavior +# looks like openjdk RPM specific bug +# Always set this so the nss.cfg file is not broken +%global NSS_LIBDIR %(pkg-config --variable=libdir nss) +%global NSS_LIBS %(pkg-config --libs nss) +%global NSS_CFLAGS %(pkg-config --cflags nss-softokn) +# see https://bugzilla.redhat.com/show_bug.cgi?id=1332456 +%global NSSSOFTOKN_BUILDTIME_NUMBER %(pkg-config --modversion nss-softokn || : ) +%global NSS_BUILDTIME_NUMBER %(pkg-config --modversion nss || : ) +# this is workaround for processing of requires during srpm creation +%global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi) +%global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi) + +# In some cases, the arch used by the JDK does +# not match _arch. +# Also, in some cases, the machine name used by SystemTap +# does not match that given by _target_cpu +%ifarch x86_64 +%global archinstall amd64 +%global stapinstall x86_64 +%endif +%ifarch ppc +%global archinstall ppc +%global stapinstall powerpc +%endif +%ifarch %{ppc64be} +%global archinstall ppc64 +%global stapinstall powerpc +%endif +%ifarch %{ppc64le} +%global archinstall ppc64le +%global stapinstall powerpc +%endif +%ifarch %{ix86} +%global archinstall i386 +%global stapinstall i386 +%endif +%ifarch ia64 +%global archinstall ia64 +%global stapinstall ia64 +%endif +%ifarch s390 +%global archinstall s390 +%global stapinstall s390 +%endif +%ifarch s390x +%global archinstall s390x +%global stapinstall s390 +%endif +%ifarch %{arm} +%global archinstall arm +%global stapinstall arm +%endif +%ifarch %{aarch64} +%global archinstall aarch64 +%global stapinstall arm64 +%endif +# 32 bit sparc, optimized for v9 +%ifarch sparcv9 +%global archinstall sparc +%global stapinstall %{_target_cpu} +%endif +# 64 bit sparc +%ifarch sparc64 +%global archinstall sparcv9 +%global stapinstall %{_target_cpu} +%endif +# Need to support noarch for srpm build +%ifarch noarch +%global archinstall %{nil} +%global stapinstall %{nil} +%endif + +%ifarch %{systemtap_arches} +%global with_systemtap 1 +%else +%global with_systemtap 0 +%endif + +# New Version-String scheme-style defines +%global majorver 8 + +# Standard JPackage naming and versioning defines +%global origin openjdk +%global origin_nice OpenJDK +%global top_level_dir_name %{origin} + +# Settings for local security configuration +%global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} +%global cacerts_file /etc/pki/java/cacerts + +# Define vendor information used by OpenJDK +%global oj_vendor Red Hat, Inc. +%global oj_vendor_url "https://www.redhat.com/" +# Define what url should JVM offer in case of a crash report +# order may be important, epel may have rhel declared +%if 0%{?epel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel} +%else +%if 0%{?fedora} +# Does not work for rawhide, keeps the version field empty +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} +%else +%if 0%{?rhel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%else +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi +%endif +%endif +%endif + +# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. +%global shenandoah_project openjdk +%global shenandoah_repo shenandoah-jdk8u +%global openjdk_revision jdk8u352-b08 +%global shenandoah_revision shenandoah-%{openjdk_revision} +# Define old aarch64/jdk8u tree variables for compatibility +%global project %{shenandoah_project} +%global repo %{shenandoah_repo} +%global revision %{shenandoah_revision} +# Define IcedTea version used for SystemTap tapsets and desktop files +%global icedteaver 3.15.0 +# Define current Git revision for the FIPS support patches +%global fipsver 6d1aade0648 + +# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 +%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) +# eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) +%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) +# eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 +%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) +# eg jdk8u60-b27 -> b27 +%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) +%global rpmrelease 2 +# Define milestone (EA for pre-releases, GA ("fcs") for releases) +# Release will be (where N is usually a number starting at 1): +# - 0.N%%{?extraver}%%{?dist} for EA releases, +# - N%%{?extraver}{?dist} for GA releases +%global is_ga 1 +%if %{is_ga} +%global milestone fcs +%global milestone_version %{nil} +%global extraver %{nil} +%global eaprefix %{nil} +%else +%global milestone ea +%global milestone_version "-ea" +%global extraver .%{milestone} +%global eaprefix 0. +%endif +# priority must be 7 digits in total. The expression is workarounding tip +%global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999}) + +%global javaver 1.%{majorver}.0 + +# parametrized macros are order-sensitive +%global compatiblename %{name} +%global fullversion %{compatiblename}-%{version}-%{release} +# images stub +%global jdkimage j2sdk-image +# output dir stub +%define buildoutputdir() %{expand:build/jdk8.build%{?1}} +%define installoutputdir() %{expand:install/jdk8.install%{?1}} +# we can copy the javadoc to not arched dir, or make it not noarch +%define uniquejavadocdir() %{expand:%{fullversion}%{?1}} +# main id and dir of this jdk +%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} + +# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349. +# See also https://bugzilla.redhat.com/show_bug.cgi?id=1590796 +# as to why some libraries *cannot* be excluded. In particular, +# these are: +# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so +%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*%{jpeg_lib}|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.* +%global __provides_exclude ^(%{_privatelibs})$ +%global __requires_exclude ^(%{_privatelibs})$ + +%global etcjavasubdir %{_sysconfdir}/java/java-%{javaver}-%{origin} +%define etcjavadir() %{expand:%{etcjavasubdir}/%{uniquesuffix -- %{?1}}} +# Standard JPackage directories and symbolic links. +%define sdkdir() %{expand:%{uniquesuffix -- %{?1}}} +%define jrelnk() %{expand:jre-%{javaver}-%{origin}-%{version}-%{release}.%{_arch}%{?1}} + +%define jredir() %{expand:%{sdkdir -- %{?1}}/jre} +%define sdkbindir() %{expand:%{_jvmdir}/%{sdkdir -- %{?1}}/bin} +%define jrebindir() %{expand:%{_jvmdir}/%{jredir -- %{?1}}/bin} +%global alt_java_name alt-java + +%global rpm_state_dir %{_localstatedir}/lib/rpm-state/ + +# For flatpack builds hard-code /usr/sbin/alternatives, +# otherwise use %%{_sbindir} relative path. +%if 0%{?flatpak} +%global alternatives_requires /usr/sbin/alternatives +%else +%global alternatives_requires %{_sbindir}/alternatives +%endif + +%global family %{name}.%{_arch} +%global family_noarch %{name} + +%if %{with_systemtap} +# Where to install systemtap tapset (links) +# We would like these to be in a package specific sub-dir, +# but currently systemtap doesn't support that, so we have to +# use the root tapset dir for now. To distinguish between 64 +# and 32 bit architectures we place the tapsets under the arch +# specific dir (note that systemtap will only pickup the tapset +# for the primary arch for now). Systemtap uses the machine name +# aka target_cpu as architecture specific directory name. +%global tapsetroot /usr/share/systemtap +%global tapsetdirttapset %{tapsetroot}/tapset/ +%global tapsetdir %{tapsetdirttapset}/%{stapinstall} +%endif + +# not-duplicated scriptlets for normal/debug packages +%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : + +%define save_alternatives() %{expand: + # warning! alternatives are localised! + # LANG=cs_CZ.UTF-8 alternatives --display java | head + # LANG=en_US.UTF-8 alternatives --display java | head + function nonLocalisedAlternativesDisplayOfMaster() { + LANG=en_US.UTF-8 alternatives --display "$MASTER" + } + function headOfAbove() { + nonLocalisedAlternativesDisplayOfMaster | head -n $1 + } + MASTER="%{?1}" + LOCAL_LINK="%{?2}" + FAMILY="%{?3}" + rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null + if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then + if headOfAbove 1 | grep -q manual ; then + if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then + headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY" + fi + fi + fi +} + +%define save_and_remove_alternatives() %{expand: + if [ "x$debug" == "xtrue" ] ; then + set -x + fi + upgrade1_uninstal0=%{?3} + if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall + %{save_alternatives %{?1} %{?2} %{?4}} + fi + alternatives --remove "%{?1}" "%{?2}" +} + +%define set_if_needed_alternatives() %{expand: + MASTER="%{?1}" + FAMILY="%{?2}" + ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY" + if [ -e "$ALTERNATIVES_FILE" ] ; then + rm "$ALTERNATIVES_FILE" + alternatives --set $MASTER $FAMILY + fi +} + + +%define post_script() %{expand: +update-desktop-database %{_datadir}/applications &> /dev/null || : +/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : +exit 0 +} + +%define alternatives_java_install() %{expand: +if [ "x$debug" == "xtrue" ] ; then + set -x +fi +PRIORITY=%{priority} +if [ "%{?1}" == %{debug_suffix} ]; then + let PRIORITY=PRIORITY-1 +fi + +ext=.gz +key=java +alternatives \\ + --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\ + --slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\ + --slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\ + --slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\ + --slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\ + --slave %{_bindir}/orbd orbd %{jrebindir -- %{?1}}/orbd \\ + --slave %{_bindir}/pack200 pack200 %{jrebindir -- %{?1}}/pack200 \\ + --slave %{_bindir}/rmid rmid %{jrebindir -- %{?1}}/rmid \\ + --slave %{_bindir}/rmiregistry rmiregistry %{jrebindir -- %{?1}}/rmiregistry \\ + --slave %{_bindir}/servertool servertool %{jrebindir -- %{?1}}/servertool \\ + --slave %{_bindir}/tnameserv tnameserv %{jrebindir -- %{?1}}/tnameserv \\ + --slave %{_bindir}/policytool policytool %{jrebindir -- %{?1}}/policytool \\ + --slave %{_bindir}/unpack200 unpack200 %{jrebindir -- %{?1}}/unpack200 \\ + --slave %{_mandir}/man1/java.1$ext java.1$ext \\ + %{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/%{alt_java_name}.1$ext %{alt_java_name}.1$ext \\ + %{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jjs.1$ext jjs.1$ext \\ + %{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/keytool.1$ext keytool.1$ext \\ + %{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/orbd.1$ext orbd.1$ext \\ + %{_mandir}/man1/orbd-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/pack200.1$ext pack200.1$ext \\ + %{_mandir}/man1/pack200-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/rmid.1$ext rmid.1$ext \\ + %{_mandir}/man1/rmid-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/rmiregistry.1$ext rmiregistry.1$ext \\ + %{_mandir}/man1/rmiregistry-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/servertool.1$ext servertool.1$ext \\ + %{_mandir}/man1/servertool-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/tnameserv.1$ext tnameserv.1$ext \\ + %{_mandir}/man1/tnameserv-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/policytool.1$ext policytool.1$ext \\ + %{_mandir}/man1/policytool-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\ + %{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext + +%{set_if_needed_alternatives $key %{family}} + +for X in %{origin} %{javaver} ; do + key=jre_"$X" + alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family} + %{set_if_needed_alternatives $key %{family}} +done + +key=jre_%{javaver}_%{origin} +alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family} +%{set_if_needed_alternatives $key %{family}} +} + +%define post_headless() %{expand: +%ifarch %{share_arches} +%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null +%endif + +update-desktop-database %{_datadir}/applications &> /dev/null || : +/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : + +# see pretrans where this file is declared +# also see that pretrans is only for non-debug +if [ ! "%{?1}" == %{debug_suffix} ]; then + if [ -f %{_libexecdir}/copy_jdk_configs_fixFiles.sh ] ; then + sh %{_libexecdir}/copy_jdk_configs_fixFiles.sh %{rpm_state_dir}/%{name}.%{_arch} %{_jvmdir}/%{sdkdir -- %{?1}} + fi +fi + +exit 0 +} + +%define postun_script() %{expand: +update-desktop-database %{_datadir}/applications &> /dev/null || : +if [ $1 -eq 0 ] ; then + /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null + %{update_desktop_icons} +fi +exit 0 +} + + +%define postun_headless() %{expand: + if [ "x$debug" == "xtrue" ] ; then + set -x + fi + post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax + %{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}} + %{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}} + %{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}} + %{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}} +} + +%define posttrans_script() %{expand: +%{update_desktop_icons} +} + + +%define alternatives_javac_install() %{expand: +if [ "x$debug" == "xtrue" ] ; then + set -x +fi +PRIORITY=%{priority} +if [ "%{?1}" == %{debug_suffix} ]; then + let PRIORITY=PRIORITY-1 +fi + +ext=.gz +key=javac +alternatives \\ + --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\ + --slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\ + --slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\ + --slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\ + --slave %{_bindir}/extcheck extcheck %{sdkbindir -- %{?1}}/extcheck \\ + --slave %{_bindir}/hsdb hsdb %{sdkbindir -- %{?1}}/hsdb \\ + --slave %{_bindir}/idlj idlj %{sdkbindir -- %{?1}}/idlj \\ + --slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\ + --slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\ + --slave %{_bindir}/javadoc javadoc %{sdkbindir -- %{?1}}/javadoc \\ + --slave %{_bindir}/javah javah %{sdkbindir -- %{?1}}/javah \\ + --slave %{_bindir}/javap javap %{sdkbindir -- %{?1}}/javap \\ + --slave %{_bindir}/jcmd jcmd %{sdkbindir -- %{?1}}/jcmd \\ + --slave %{_bindir}/jconsole jconsole %{sdkbindir -- %{?1}}/jconsole \\ + --slave %{_bindir}/jdb jdb %{sdkbindir -- %{?1}}/jdb \\ + --slave %{_bindir}/jdeps jdeps %{sdkbindir -- %{?1}}/jdeps \\ +%ifarch %{jfr_arches} + --slave %{_bindir}/jfr jfr %{sdkbindir -- %{?1}}/jfr \\ +%endif + --slave %{_bindir}/jhat jhat %{sdkbindir -- %{?1}}/jhat \\ + --slave %{_bindir}/jinfo jinfo %{sdkbindir -- %{?1}}/jinfo \\ + --slave %{_bindir}/jmap jmap %{sdkbindir -- %{?1}}/jmap \\ + --slave %{_bindir}/jps jps %{sdkbindir -- %{?1}}/jps \\ + --slave %{_bindir}/jrunscript jrunscript %{sdkbindir -- %{?1}}/jrunscript \\ + --slave %{_bindir}/jsadebugd jsadebugd %{sdkbindir -- %{?1}}/jsadebugd \\ + --slave %{_bindir}/jstack jstack %{sdkbindir -- %{?1}}/jstack \\ + --slave %{_bindir}/jstat jstat %{sdkbindir -- %{?1}}/jstat \\ + --slave %{_bindir}/jstatd jstatd %{sdkbindir -- %{?1}}/jstatd \\ + --slave %{_bindir}/native2ascii native2ascii %{sdkbindir -- %{?1}}/native2ascii \\ + --slave %{_bindir}/rmic rmic %{sdkbindir -- %{?1}}/rmic \\ + --slave %{_bindir}/schemagen schemagen %{sdkbindir -- %{?1}}/schemagen \\ + --slave %{_bindir}/serialver serialver %{sdkbindir -- %{?1}}/serialver \\ + --slave %{_bindir}/wsgen wsgen %{sdkbindir -- %{?1}}/wsgen \\ + --slave %{_bindir}/wsimport wsimport %{sdkbindir -- %{?1}}/wsimport \\ + --slave %{_bindir}/xjc xjc %{sdkbindir -- %{?1}}/xjc \\ + --slave %{_mandir}/man1/appletviewer.1$ext appletviewer.1$ext \\ + %{_mandir}/man1/appletviewer-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/extcheck.1$ext extcheck.1$ext \\ + %{_mandir}/man1/extcheck-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/idlj.1$ext idlj.1$ext \\ + %{_mandir}/man1/idlj-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jar.1$ext jar.1$ext \\ + %{_mandir}/man1/jar-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jarsigner.1$ext jarsigner.1$ext \\ + %{_mandir}/man1/jarsigner-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/javac.1$ext javac.1$ext \\ + %{_mandir}/man1/javac-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/javadoc.1$ext javadoc.1$ext \\ + %{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/javah.1$ext javah.1$ext \\ + %{_mandir}/man1/javah-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/javap.1$ext javap.1$ext \\ + %{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jcmd.1$ext jcmd.1$ext \\ + %{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jconsole.1$ext jconsole.1$ext \\ + %{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jdb.1$ext jdb.1$ext \\ + %{_mandir}/man1/jdb-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jdeps.1$ext jdeps.1$ext \\ + %{_mandir}/man1/jdeps-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jhat.1$ext jhat.1$ext \\ + %{_mandir}/man1/jhat-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jinfo.1$ext jinfo.1$ext \\ + %{_mandir}/man1/jinfo-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jmap.1$ext jmap.1$ext \\ + %{_mandir}/man1/jmap-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jps.1$ext jps.1$ext \\ + %{_mandir}/man1/jps-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jrunscript.1$ext jrunscript.1$ext \\ + %{_mandir}/man1/jrunscript-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jsadebugd.1$ext jsadebugd.1$ext \\ + %{_mandir}/man1/jsadebugd-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jstack.1$ext jstack.1$ext \\ + %{_mandir}/man1/jstack-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jstat.1$ext jstat.1$ext \\ + %{_mandir}/man1/jstat-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/jstatd.1$ext jstatd.1$ext \\ + %{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/native2ascii.1$ext native2ascii.1$ext \\ + %{_mandir}/man1/native2ascii-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/rmic.1$ext rmic.1$ext \\ + %{_mandir}/man1/rmic-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/schemagen.1$ext schemagen.1$ext \\ + %{_mandir}/man1/schemagen-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/serialver.1$ext serialver.1$ext \\ + %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/wsgen.1$ext wsgen.1$ext \\ + %{_mandir}/man1/wsgen-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/wsimport.1$ext wsimport.1$ext \\ + %{_mandir}/man1/wsimport-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\ + %{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext + +%{set_if_needed_alternatives $key %{family}} + +for X in %{origin} %{javaver} ; do + key=java_sdk_"$X" + alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family} + %{set_if_needed_alternatives $key %{family}} +done + +key=java_sdk_%{javaver}_%{origin} +alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family} +%{set_if_needed_alternatives $key %{family}} +} + +%define post_devel() %{expand: +update-desktop-database %{_datadir}/applications &> /dev/null || : +/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : + +exit 0 +} + +%define postun_devel() %{expand: + if [ "x$debug" == "xtrue" ] ; then + set -x + fi + post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax + %{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}} + %{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}} + %{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}} + %{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}} + +update-desktop-database %{_datadir}/applications &> /dev/null || : + +if [ $1 -eq 0 ] ; then + /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null + %{update_desktop_icons} +fi +exit 0 +} + +%define posttrans_devel() %{expand: +%{alternatives_javac_install -- %{?1}} +%{update_desktop_icons} +} + +%define alternatives_javadoc_install() %{expand: +if [ "x$debug" == "xtrue" ] ; then + set -x +fi +PRIORITY=%{priority} +if [ "%{?1}" == %{debug_suffix} ]; then + let PRIORITY=PRIORITY-1 +fi + +key=javadocdir +alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch} +%{set_if_needed_alternatives $key %{family_noarch}} +exit 0 +} + +%define postun_javadoc() %{expand: +if [ "x$debug" == "xtrue" ] ; then + set -x +fi + post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax + %{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}} +exit 0 +} + +%define alternatives_javadoczip_install() %{expand: +if [ "x$debug" == "xtrue" ] ; then + set -x +fi +PRIORITY=%{priority} +if [ "%{?1}" == %{debug_suffix} ]; then + let PRIORITY=PRIORITY-1 +fi +key=javadoczip +alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch} +%{set_if_needed_alternatives $key %{family_noarch}} +exit 0 +} + +%define postun_javadoc_zip() %{expand: + if [ "x$debug" == "xtrue" ] ; then + set -x + fi + post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax + %{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}} +exit 0 +} + +%define files_jre() %{expand: +%{_datadir}/icons/hicolor/*x*/apps/java-%{javaver}-%{origin}.png +%{_datadir}/applications/*policytool%{?1}.desktop +%{_jvmdir}/%{sdkdir -- %{?1}}/jre/lib/%{archinstall}/libjsoundalsa.so +%{_jvmdir}/%{sdkdir -- %{?1}}/jre/lib/%{archinstall}/libsplashscreen.so +%{_jvmdir}/%{sdkdir -- %{?1}}/jre/lib/%{archinstall}/libawt_xawt.so +%{_jvmdir}/%{sdkdir -- %{?1}}/jre/lib/%{archinstall}/libjawt.so +%{_jvmdir}/%{sdkdir -- %{?1}}/jre/bin/policytool +} + + +%define files_jre_headless() %{expand: +%defattr(-,root,root,-) +%dir %{_sysconfdir}/.java/.systemPrefs +%dir %{_sysconfdir}/.java +%license %{_jvmdir}/%{jredir -- %{?1}}/ASSEMBLY_EXCEPTION +%license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE +%license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README +%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS +%dir %{_jvmdir}/%{sdkdir -- %{?1}} +%{_jvmdir}/%{jrelnk -- %{?1}} +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/cacerts +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/cacerts.upstream +%dir %{_jvmdir}/%{jredir -- %{?1}} +%dir %{_jvmdir}/%{jredir -- %{?1}}/bin +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib +%{_jvmdir}/%{jredir -- %{?1}}/bin/java +%{_jvmdir}/%{jredir -- %{?1}}/bin/%{alt_java_name} +%{_jvmdir}/%{jredir -- %{?1}}/bin/jjs +%{_jvmdir}/%{jredir -- %{?1}}/bin/keytool +%{_jvmdir}/%{jredir -- %{?1}}/bin/orbd +%{_jvmdir}/%{jredir -- %{?1}}/bin/pack200 +%{_jvmdir}/%{jredir -- %{?1}}/bin/rmid +%{_jvmdir}/%{jredir -- %{?1}}/bin/rmiregistry +%{_jvmdir}/%{jredir -- %{?1}}/bin/servertool +%{_jvmdir}/%{jredir -- %{?1}}/bin/tnameserv +%{_jvmdir}/%{jredir -- %{?1}}/bin/unpack200 +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security/policy/unlimited/ +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security/policy/limited/ +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security/policy/ +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/policy/unlimited/US_export_policy.jar +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/policy/unlimited/local_policy.jar +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/policy/limited/US_export_policy.jar +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/policy/limited/local_policy.jar +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/java.policy +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/java.security +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/blacklisted.certs +%config(noreplace) %{etcjavadir -- %{?1}}/lib/logging.properties +%config(noreplace) %{etcjavadir -- %{?1}}/lib/calendars.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/policy/unlimited/US_export_policy.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/policy/unlimited/local_policy.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/policy/limited/US_export_policy.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/policy/limited/local_policy.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/java.policy +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/java.security +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/blacklisted.certs +%{_jvmdir}/%{jredir -- %{?1}}/lib/logging.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/calendars.properties +%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/orbd-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/pack200-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/rmid-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/rmiregistry-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/servertool-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/tnameserv-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/policytool-%{uniquesuffix -- %{?1}}.1* +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.cfg +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.fips.cfg +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.cfg +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.fips.cfg +%ifarch %{share_arches} +%attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/server/classes.jsa +%attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/client/classes.jsa +%endif +%dir %{etcjavasubdir} +%dir %{etcjavadir -- %{?1}} +%dir %{etcjavadir -- %{?1}}/lib +%dir %{etcjavadir -- %{?1}}/lib/security +%{etcjavadir -- %{?1}}/lib/security/cacerts +%dir %{etcjavadir -- %{?1}}/lib/security/policy +%dir %{etcjavadir -- %{?1}}/lib/security/policy/limited +%dir %{etcjavadir -- %{?1}}/lib/security/policy/unlimited +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/server/ +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/client/ +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall} +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/jli +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/jli/libjli.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/jvm.cfg +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libattach.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libawt.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libawt_headless.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libdt_socket.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libfontmanager.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libhprof.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libinstrument.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libj2gss.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libj2pcsc.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libj2pkcs11.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjaas_unix.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjava.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjava_crw_demo.so +%if %{system_libs} +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjavajpeg.so +%else +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjpeg.so +%endif +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjdwp.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjsdt.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjsig.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libjsound.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/liblcms.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libmanagement.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libmlib_image.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnet.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnio.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnpt.so +%ifarch %{sa_arches} +%ifnarch %{zero_arches} +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsaproc.so +%endif +%endif +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libunpack.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libverify.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libzip.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/charsets.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/classlist +%{_jvmdir}/%{jredir -- %{?1}}/lib/content-types.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/currency.data +%{_jvmdir}/%{jredir -- %{?1}}/lib/flavormap.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/hijrah-config-umalqura.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/images/cursors/* +%{_jvmdir}/%{jredir -- %{?1}}/lib/jce.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/jexec +%{_jvmdir}/%{jredir -- %{?1}}/lib/jsse.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/jvm.hprof.txt +%{_jvmdir}/%{jredir -- %{?1}}/lib/meta-index +%{_jvmdir}/%{jredir -- %{?1}}/lib/net.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/psfont.properties.ja +%{_jvmdir}/%{jredir -- %{?1}}/lib/psfontj2d.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/resources.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/rt.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/sound.properties +%{_jvmdir}/%{jredir -- %{?1}}/lib/tzdb.dat +%{_jvmdir}/%{jredir -- %{?1}}/lib/tzdb.dat.upstream +%{_jvmdir}/%{jredir -- %{?1}}/lib/management-agent.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/management/* +%{_jvmdir}/%{jredir -- %{?1}}/lib/cmm/* +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/cldrdata.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/dnsns.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/jaccess.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/localedata.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/meta-index +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/nashorn.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/sunec.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/sunjce_provider.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/sunpkcs11.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/zipfs.jar +%ifarch %{jfr_arches} +%{_jvmdir}/%{jredir -- %{?1}}/lib/jfr.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/jfr/default.jfc +%{_jvmdir}/%{jredir -- %{?1}}/lib/jfr/profile.jfc +%endif + +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/images +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/images/cursors +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/management +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/cmm +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/ext +%ifarch %{jfr_arches} +%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/jfr +%endif +} + +%define files_devel() %{expand: +%defattr(-,root,root,-) +%license %{_jvmdir}/%{sdkdir -- %{?1}}/ASSEMBLY_EXCEPTION +%license %{_jvmdir}/%{sdkdir -- %{?1}}/LICENSE +%license %{_jvmdir}/%{sdkdir -- %{?1}}/THIRD_PARTY_README +%dir %{_jvmdir}/%{sdkdir -- %{?1}}/bin +%dir %{_jvmdir}/%{sdkdir -- %{?1}}/include +%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/appletviewer +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/clhsdb +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/extcheck +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/hsdb +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/idlj +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jar +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jarsigner +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/java +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/%{alt_java_name} +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javac +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javadoc +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javah +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javap +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/java-rmi.cgi +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jcmd +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jconsole +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdb +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeps +%ifarch %{jfr_arches} +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jfr +%endif +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhat +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jjs +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jmap +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jps +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jrunscript +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jsadebugd +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jstack +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jstat +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jstatd +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/keytool +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/native2ascii +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/orbd +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/pack200 +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/policytool +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/rmic +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/rmid +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/rmiregistry +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/schemagen +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/serialver +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/servertool +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/tnameserv +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/unpack200 +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/wsgen +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/wsimport +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/xjc +%{_jvmdir}/%{sdkdir -- %{?1}}/include/* +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/%{archinstall} +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/ct.sym +%if %{with_systemtap} +%{_jvmdir}/%{sdkdir -- %{?1}}/tapset +%endif +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/ir.idl +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jconsole.jar +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/orb.idl +%ifarch %{sa_arches} +%ifnarch %{zero_arches} +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/sa-jdi.jar +%endif +%endif +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/dt.jar +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jexec +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tools.jar +%{_datadir}/applications/*jconsole%{?1}.desktop +%{_mandir}/man1/appletviewer-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/extcheck-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/idlj-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jar-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jarsigner-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/javac-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/javah-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jdb-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jdeps-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jhat-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jinfo-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jmap-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jps-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jrunscript-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jsadebugd-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jstack-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jstat-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/native2ascii-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/rmic-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/schemagen-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/wsgen-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/wsimport-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1* +%if %{with_systemtap} +%dir %{tapsetroot} +%dir %{tapsetdirttapset} +%dir %{tapsetdir} +%{tapsetdir}/*%{_arch}%{?1}.stp +%endif +} + +%define files_demo() %{expand: +%defattr(-,root,root,-) +%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +} + +%define files_src() %{expand: +%defattr(-,root,root,-) +%doc README.md +%{_jvmdir}/%{sdkdir -- %{?1}}/src.zip +} + +%define files_javadoc() %{expand: +%defattr(-,root,root,-) +%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}} +%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +} + +%define files_javadoc_zip() %{expand: +%defattr(-,root,root,-) +%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip +%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +} + +%define files_accessibility() %{expand: +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libatk-wrapper.so +%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/java-atk-wrapper.jar +%{_jvmdir}/%{jredir -- %{?1}}/lib/accessibility.properties +} + +# not-duplicated requires/provides/obsoletes for normal/debug packages +%define java_rpo() %{expand: +Requires: fontconfig%{?_isa} +Requires: xorg-x11-fonts-Type1 +# Require libXcomposite explicitly since it's only dynamically loaded +# at runtime. Fixes screenshot issues. See JDK-8150954. +Requires: libXcomposite%{?_isa} +# Requires rest of java +Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +# for java-X-openjdk package's desktop binding +%if 0%{?fedora} || 0%{?rhel} >= 8 +Recommends: gtk2%{?_isa} +%endif + +Provides: java-%{javaver}-%{origin} = %{epoch}:%{version}-%{release} + +# Standard JPackage base provides +Provides: jre = %{javaver}%{?1} +Provides: jre-%{origin}%{?1} = %{epoch}:%{version}-%{release} +Provides: jre-%{javaver}%{?1} = %{epoch}:%{version}-%{release} +Provides: jre-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{origin}%{?1} = %{epoch}:%{version}-%{release} +Provides: java%{?1} = %{epoch}:%{javaver} +} + +%define java_headless_rpo() %{expand: +# Require /etc/pki/java/cacerts +Requires: ca-certificates +# Require javapackages-filesystem for ownership of /usr/lib/jvm/ +Requires: javapackages-filesystem +# 2022d required as of JDK-8294357 +# Should be bumped to 2022e once available (JDK-8295173) +Requires: tzdata-java >= 2022d +# for support of kernel stream control +# libsctp.so.1 is being `dlopen`ed on demand +Requires: lksctp-tools%{?_isa} +%if ! 0%{?flatpak} +# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it, +# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be +# considered as regression +Requires: copy-jdk-configs >= 4.0 +OrderWithRequires: copy-jdk-configs +%endif +# for printing support +Requires: cups-libs +# for system security properties +Requires: crypto-policies +# for FIPS PKCS11 provider +Requires: nss +# Post requires alternatives to install tool alternatives +Requires(post): %{alternatives_requires} +# in version 1.7 and higher for --family switch +Requires(post): chkconfig >= 1.7 +# Postun requires alternatives to uninstall tool alternatives +Requires(postun): %{alternatives_requires} +# in version 1.7 and higher for --family switch +Requires(postun): chkconfig >= 1.7 +# for optional support of kernel stream control, card reader and printing bindings +%if 0%{?fedora} || 0%{?rhel} >= 8 +Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa} +%endif + +# Standard JPackage base provides +Provides: jre-headless%{?1} = %{epoch}:%{javaver} +Provides: jre-%{javaver}-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release} +Provides: jre-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release} +Provides: jre-%{javaver}-headless%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-headless%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release} +Provides: java-headless%{?1} = %{epoch}:%{javaver} + +# https://bugzilla.redhat.com/show_bug.cgi?id=1312019 +Provides: /usr/bin/jjs + +} + +%define java_devel_rpo() %{expand: +# Requires base package +Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +# Post requires alternatives to install tool alternatives +Requires(post): %{alternatives_requires} +# in version 1.7 and higher for --family switch +Requires(post): chkconfig >= 1.7 +# Postun requires alternatives to uninstall tool alternatives +Requires(postun): %{alternatives_requires} +# in version 1.7 and higher for --family switch +Requires(postun): chkconfig >= 1.7 + +# Standard JPackage devel provides +Provides: java-sdk-%{javaver}-%{origin}%{?1} = %{epoch}:%{version} +Provides: java-sdk-%{javaver}%{?1} = %{epoch}:%{version} +Provides: java-sdk-%{origin}%{?1} = %{epoch}:%{version} +Provides: java-sdk%{?1} = %{epoch}:%{javaver} +Provides: java-%{javaver}-devel%{?1} = %{epoch}:%{version} +Provides: java-%{javaver}-%{origin}-devel%{?1} = %{epoch}:%{version} +Provides: java-devel-%{origin}%{?1} = %{epoch}:%{version} +Provides: java-devel%{?1} = %{epoch}:%{javaver} + +} + + +%define java_demo_rpo() %{expand: +Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} + +Provides: java-demo%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-demo%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-%{origin}-demo%{?1} = %{epoch}:%{version}-%{release} + +} + +%define java_javadoc_rpo() %{expand: +OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +# Post requires alternatives to install javadoc alternative +Requires(post): %{alternatives_requires} +# in version 1.7 and higher for --family switch +Requires(post): chkconfig >= 1.7 +# Postun requires alternatives to uninstall javadoc alternative +Requires(postun): %{alternatives_requires} +# in version 1.7 and higher for --family switch +Requires(postun): chkconfig >= 1.7 + +# Standard JPackage javadoc provides +Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release} +Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release} +} + +%define java_src_rpo() %{expand: +Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} + +# Standard JPackage sources provides +Provides: java-src%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-src%{?1} = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-%{origin}-src%{?1} = %{epoch}:%{version}-%{release} +} + +%define java_accessibility_rpo() %{expand: +Requires: java-atk-wrapper%{?_isa} +Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} + +Provides: java-accessibility = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-accessibility = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{release} + +} + +# Prevent brp-java-repack-jars from being run +%global __jar_repack 0 + +Name: java-%{javaver}-%{origin} +Version: %{javaver}.%{updatever}.%{buildver} +Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} +# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons +# and this change was brought into RHEL-4. java-1.5.0-ibm packages +# also included the epoch in their virtual provides. This created a +# situation where in-the-wild java-1.5.0-ibm packages provided "java = +# 1:1.5.0". In RPM terms, "1.6.0 < 1:1.5.0" since 1.6.0 is +# interpreted as 0:1.6.0. So the "java >= 1.6.0" requirement would be +# satisfied by the 1:1.5.0 packages. Thus we need to set the epoch in +# JDK package >= 1.6.0 to 1, and packages referring to JDK virtual +# provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". + +Epoch: 1 +Summary: %{origin_nice} %{majorver} Runtime Environment +Group: Development/Languages + +# HotSpot code is licensed under GPLv2 +# JDK library code is licensed under GPLv2 with the Classpath exception +# The Apache license is used in code taken from Apache projects (primarily JAXP & JAXWS) +# DOM levels 2 & 3 and the XML digital signature schemas are licensed under the W3C Software License +# The JSR166 concurrency code is in the public domain +# The BSD and MIT licenses are used for a number of third-party libraries (see THIRD_PARTY_README) +# The OpenJDK source tree includes the JPEG library (IJG), zlib & libpng (zlib), giflib and LCMS (MIT) +# The test code includes copies of NSS under the Mozilla Public License v2.0 +# The PCSClite headers are under a BSD with advertising license +# The elliptic curve cryptography (ECC) source code is licensed under the LGPLv2.1 or any later version +License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib +URL: http://openjdk.java.net/ + +# Shenandoah HotSpot +# aarch64-port/jdk8u-shenandoah contains an integration forest of +# OpenJDK 8u, the aarch64 port and Shenandoah +# To regenerate, use: +# VERSION=%%{shenandoah_revision} +# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} +# REPO_ROOT= generate_source_tarball.sh +# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} +Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz + +# Custom README for -src subpackage +Source2: README.md + +# Release notes +Source7: NEWS + +# Use 'icedtea_sync.sh' to update the following +# They are based on code contained in the IcedTea project (3.x). +# Systemtap tapsets. Zipped up to keep it small. +Source8: tapsets-icedtea-%{icedteaver}.tar.xz + +# Desktop files. Adapted from IcedTea +Source9: jconsole.desktop.in +Source10: policytool.desktop.in + +# nss configuration file +Source11: nss.cfg.in + +# Removed libraries that we link instead +Source12: %{name}-remove-intree-libraries.sh + +# Ensure we aren't using the limited crypto policy +Source13: TestCryptoLevel.java + +# Ensure ECDSA is working +Source14: TestECDSA.java + +# Verify system crypto (policy) can be disabled via a property +Source15: TestSecurityProperties.java + +# Ensure vendor settings are correct +Source16: CheckVendor.java + +# nss fips configuration file +Source17: nss.fips.cfg.in + +# Ensure translations are available for new timezones +Source18: TestTranslations.java + +Source20: repackReproduciblePolycies.sh + +# New versions of config files with aarch64 support. This is not upstream yet. +Source100: config.guess +Source101: config.sub + +############################################ +# +# RPM/distribution specific patches +# +# This section includes patches specific to +# Fedora/RHEL which can not be upstreamed +# either in their current form or at all. +############################################ + +# Accessibility patches +# Ignore AWTError when assistive technologies are loaded +Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch +# Restrict access to java-atk-wrapper classes +Patch3: rh1648644-java_access_bridge_privileged_security.patch +# Turn on AssumeMP by default on RHEL systems +Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch +# RH1648249: Add PKCS11 provider to java.security +Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1582504-rsa_default_for_keytool.patch + +# Crypto policy and FIPS support patches +# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips +# as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch +# Diff is limited to src and make subdirectories to exclude .github changes +# Fixes currently included: +# PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy +# PR3655: Allow use of system crypto policy to be disabled by the user +# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider +# RH1760838: No ciphersuites available for SSLSocket in FIPS mode +# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available +# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess +# RH1929465: Improve system FIPS detection +# RH1996182: Login to the NSS software token in FIPS mode +# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false +# RH2021263: Resolve outstanding FIPS issues +# RH2052819: Fix FIPS reliance on crypto policies +# RH2052829: Detect NSS at Runtime for FIPS detection +# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +# RH2090378: Revert to disabling system security properties and FIPS mode support together +Patch1001: fips-8u-%{fipsver}.patch + +############################################# +# +# Upstreamable patches +# +# This section includes patches which need to +# be reviewed & pushed to the current development +# tree of OpenJDK. +############################################# +# PR2737: Allow multiple initialization of PKCS11 libraries +Patch5: pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch +# PR2095, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure (sync with IcedTea 2.x) +Patch504: rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch +# Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions +Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch +# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings +Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch +# PR3083, RH1346460: Regression in SSL debug output without an ECC provider +Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch +# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) +# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts +# RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds +# Must be applied after crypto policy patch as it also changes java.security +Patch539: pr2888-rh2055274-support_system_cacerts.patch +# enable build of speculative store bypass hardened alt-java +Patch600: rh1750419-redhat_alt_java.patch +# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build +Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch +# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked +Patch113: jdk8275535-rh2053256-ldap_auth.patch + +############################################# +# +# Arch-specific upstreamable patches +# +# This section includes patches which need to +# be reviewed & pushed upstream and are specific +# to certain architectures. This usually means the +# current OpenJDK development branch, but may also +# include other trees e.g. for the AArch64 port for +# OpenJDK 8u. +############################################# +# s390: PR3593: Use "%z" for size_t on s390 as size_t != intptr_t +Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch +# x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) +Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch +# S390 ambiguous log2_intptr calls +Patch107: s390-8214206_fix.patch + +############################################# +# +# Patches which need backporting to 8u +# +# This section includes patches which have +# been pushed upstream to the latest OpenJDK +# development tree, but need to be backported +# to OpenJDK 8u. +############################################# +# S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary +# This fixes printf warnings that lead to build failure with -Werror=format-security from optflags +Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch +# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code +Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch +# 8143245, PR3548: Zero build requires disabled warnings +Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch +# s390: JDK-8203030, Type fixing for s390 +Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch +# 8035341: Allow using a system installed libpng +Patch202: jdk8035341-allow_using_system_installed_libpng.patch +# 8042159: Allow using a system-installed lcms2 +Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch +Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch +# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 +Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch +# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 +Patch581: jdk8257794-remove_broken_assert.patch + +############################################# +# +# Patches appearing in 8u362 +# +# This section includes patches which are present +# in the listed OpenJDK 8u release and should be +# able to be removed once that release is out +# and used by this RPM. +############################################# +# JDK-8294357: (tz) Update Timezone Data to 2022d +Patch2002: jdk8294357-tzdata2022d.patch +# JDK-8295173: (tz) Update Timezone Data to 2022e +Patch2003: jdk8295173-tzdata2022e.patch + +############################################# +# +# Patches ineligible for 8u +# +# This section includes patches which are present +# upstream, but ineligible for upstream 8u backport. +############################################# +# 8043805: Allow using a system-installed libjpeg +Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch + +############################################# +# +# Shenandoah fixes +# +# This section includes patches which are +# specific to the Shenandoah garbage collector +# and should be upstreamed to the appropriate +# trees. +############################################# + +############################################# +# +# Non-OpenJDK fixes +# +# This section includes patches to code other +# that from OpenJDK. +############################################# + +############################################# +# +# Dependencies +# +############################################# +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: alsa-lib-devel +BuildRequires: binutils +BuildRequires: cups-devel +BuildRequires: desktop-file-utils +# elfutils only are OK for build without AOT +BuildRequires: elfutils-devel +BuildRequires: fontconfig-devel +BuildRequires: freetype-devel +BuildRequires: gcc-c++ +BuildRequires: gdb +BuildRequires: libxslt +BuildRequires: libX11-devel +BuildRequires: libXext-devel +BuildRequires: libXi-devel +BuildRequires: libXinerama-devel +BuildRequires: libXrender-devel +BuildRequires: libXt-devel +BuildRequires: libXtst-devel +# Requirement for setting up nss.cfg and nss.fips.cfg +BuildRequires: nss-devel +# Requirement for system security property test +BuildRequires: crypto-policies +BuildRequires: pkgconfig +BuildRequires: xorg-x11-proto-devel +BuildRequires: zip +BuildRequires: unzip +# Require a boot JDK which doesn't fail due to RH1482244 +BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 +# Zero-assembler build requirement +%ifarch %{zero_arches} +BuildRequires: libffi-devel +%endif +# 2022d required as of JDK-8294357 +# Should be bumped to 2022e once available (JDK-8295173) +BuildRequires: tzdata-java >= 2022d +# Earlier versions have a bug in tree vectorization on PPC +BuildRequires: gcc >= 4.8.3-8 + +%if %{with_systemtap} +BuildRequires: systemtap-sdt-devel +%endif + +%if %{system_libs} +BuildRequires: giflib-devel +BuildRequires: lcms2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +%else +# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h +Provides: bundled(giflib) = 5.2.1 +# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h +Provides: bundled(lcms2) = 2.10.0 +# Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h +Provides: bundled(libjpeg) = 6b +# Version in jdk/src/share/native/sun/awt/libpng/png.h +Provides: bundled(libpng) = 1.6.37 +# We link statically against libstdc++ to increase portability +BuildRequires: libstdc++-static +%endif + +# this is always built, also during debug-only build +# when it is built in debug-only this package is just placeholder +%{java_rpo %{nil}} + +%description +The %{origin_nice} %{majorver} runtime environment. + +%if %{include_debug_build} +%package slowdebug +Summary: %{origin_nice} %{majorver} Runtime Environment %{debug_on} +Group: Development/Languages + +%{java_rpo -- %{debug_suffix_unquoted}} +%description slowdebug +The %{origin_nice} %{majorver} runtime environment. +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package fastdebug +Summary: %{origin_nice} %{majorver} Runtime Environment %{fastdebug_on} +Group: Development/Languages + +%{java_rpo -- %{fastdebug_suffix_unquoted}} +%description fastdebug +The %{origin_nice} %{majorver} runtime environment. +%{fastdebug_warning} +%endif + +%if %{include_normal_build} +%package headless +Summary: %{origin_nice} %{majorver} Headless Runtime Environment +Group: Development/Languages + +%{java_headless_rpo %{nil}} + +%description headless +The %{origin_nice} %{majorver} runtime environment without audio and video support. +%endif + +%if %{include_debug_build} +%package headless-slowdebug +Summary: %{origin_nice} %{majorver} Runtime Environment %{debug_on} +Group: Development/Languages + +%{java_headless_rpo -- %{debug_suffix_unquoted}} + +%description headless-slowdebug +The %{origin_nice} %{majorver} runtime environment without audio and video support. +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package headless-fastdebug +Summary: %{origin_nice} %{majorver} Runtime Environment %{fastdebug_on} +Group: Development/Languages + +%{java_headless_rpo -- %{fastdebug_suffix_unquoted}} + +%description headless-fastdebug +The %{origin_nice} %{majorver} runtime environment without audio and video support. +%{fastdebug_warning} +%endif + +%if %{include_normal_build} +%package devel +Summary: %{origin_nice} %{majorver} Development Environment +Group: Development/Tools + +%{java_devel_rpo %{nil}} + +%description devel +The %{origin_nice} %{majorver} development tools. +%endif + +%if %{include_debug_build} +%package devel-slowdebug +Summary: %{origin_nice} %{majorver} Development Environment %{debug_on} +Group: Development/Tools + +%{java_devel_rpo -- %{debug_suffix_unquoted}} + +%description devel-slowdebug +The %{origin_nice} %{majorver} development tools. +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package devel-fastdebug +Summary: %{origin_nice} %{majorver} Development Environment %{fastdebug_on} +Group: Development/Tools + +%{java_devel_rpo -- %{fastdebug_suffix_unquoted}} + +%description devel-fastdebug +The %{origin_nice} %{majorver} development tools. +%{fastdebug_warning} +%endif + +%if %{include_normal_build} +%package demo +Summary: %{origin_nice} %{majorver} Demos +Group: Development/Languages + +%{java_demo_rpo %{nil}} + +%description demo +The %{origin_nice} %{majorver} demos. +%endif + +%if %{include_debug_build} +%package demo-slowdebug +Summary: %{origin_nice} %{majorver} Demos %{debug_on} +Group: Development/Languages + +%{java_demo_rpo -- %{debug_suffix_unquoted}} + +%description demo-slowdebug +The %{origin_nice} %{majorver} demos. +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package demo-fastdebug +Summary: %{origin_nice} %{majorver} Demos %{fastdebug_on} +Group: Development/Languages + +%{java_demo_rpo -- %{fastdebug_suffix_unquoted}} + +%description demo-fastdebug +The %{origin_nice} %{majorver} demos. +%{fastdebug_warning} +%endif + +%if %{include_normal_build} +%package src +Summary: %{origin_nice} %{majorver} Source Bundle +Group: Development/Languages + +%{java_src_rpo %{nil}} + +%description src +The %{compatiblename}-src sub-package contains the complete %{origin_nice} %{majorver} +class library source code for use by IDE indexers and debuggers. +%endif + +%if %{include_debug_build} +%package src-slowdebug +Summary: %{origin_nice} %{majorver} Source Bundle %{for_debug} +Group: Development/Languages + +%{java_src_rpo -- %{debug_suffix_unquoted}} + +%description src-slowdebug +The %{compatiblename}-src-slowdebug sub-package contains the complete %{origin_nice} %{majorver} + class library source code for use by IDE indexers and debuggers, %{for_debug}. +%endif + +%if %{include_fastdebug_build} +%package src-fastdebug +Summary: %{origin_nice} %{majorver} Source Bundle %{for_fastdebug} +Group: Development/Languages + +%{java_src_rpo -- %{fastdebug_suffix_unquoted}} + +%description src-fastdebug +The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_nice} %{majorver} + class library source code for use by IDE indexers and debuggers, %{for_fastdebug}. +%endif + +%if %{include_normal_build} +%package javadoc +Summary: %{origin_nice} %{majorver} API documentation +Group: Documentation +Requires: javapackages-filesystem +Obsoletes: javadoc-slowdebug < 1:1.8.0.212.b04-4 +BuildArch: noarch + +%{java_javadoc_rpo -- %{nil} -zip} +%{java_javadoc_rpo -- %{nil} %{nil}} + +%description javadoc +The %{origin_nice} %{majorver} API documentation. + +%package javadoc-zip +Summary: %{origin_nice} %{majorver} API documentation compressed in a single archive +Group: Documentation +Requires: javapackages-filesystem +Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.212.b04-4 +BuildArch: noarch + +%{java_javadoc_rpo -- %{nil} %{nil}} + +%description javadoc-zip +The %{origin_nice} %{majorver} API documentation compressed in a single archive. + +%package accessibility +Summary: %{origin_nice} %{majorver} accessibility connector + +%{java_accessibility_rpo %{nil}} + +%description accessibility +Enables accessibility support in %{origin_nice} %{majorver} by using java-atk-wrapper. This allows +compatible at-spi2 based accessibility programs to work for AWT and Swing-based +programs. + +Please note, the java-atk-wrapper is still in beta, and %{origin_nice} %{majorver} itself is still +being tuned to be working with accessibility features. There are known issues +with accessibility on, so please do not install this package unless you really +need to. +%endif + +%if %{include_debug_build} +%package accessibility-slowdebug +Summary: %{origin_nice} %{majorver} accessibility connector %{for_debug} + +%{java_accessibility_rpo -- %{debug_suffix_unquoted}} + +%description accessibility-slowdebug +See normal java-%{version}-openjdk-accessibility description. +%endif + +%if %{include_fastdebug_build} +%package accessibility-fastdebug +Summary: %{origin_nice} %{majorver} accessibility connector %{for_fastdebug} + +%{java_accessibility_rpo -- %{fastdebug_suffix_unquoted}} + +%description accessibility-fastdebug +See normal java-%{version}-openjdk-accessibility description. +%endif + +%prep + +# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-( +%if 0%{?stapinstall:1} + echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}" +%else + %{error:Unrecognised architecture %{_target_cpu}} +%endif + +if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then + echo "include_normal_build is %{include_normal_build}" +else + echo "include_normal_build is %{include_normal_build}, that is invalid. Use 1 for yes or 0 for no" + exit 11 +fi +if [ %{include_debug_build} -eq 0 -o %{include_debug_build} -eq 1 ] ; then + echo "include_debug_build is %{include_debug_build}" +else + echo "include_debug_build is %{include_debug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 12 +fi +if [ %{include_fastdebug_build} -eq 0 -o %{include_fastdebug_build} -eq 1 ] ; then + echo "include_fastdebug_build is %{include_fastdebug_build}" +else + echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 13 +fi +if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then + echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go." + exit 14 +fi + +echo "Update version: %{updatever}" +echo "Build number: %{buildver}" +echo "Milestone: %{milestone}" +%setup -q -c -n %{uniquesuffix ""} -T -a 0 +# https://bugzilla.redhat.com/show_bug.cgi?id=1189084 +prioritylength=`expr length %{priority}` +if [ $prioritylength -ne 7 ] ; then + echo "priority must be 7 digits in total, violated" + exit 14 +fi +# For old patches +ln -s %{top_level_dir_name} jdk8 + +cp %{SOURCE2} . + +# replace outdated configure guess script +# +# the configure macro will do this too, but it also passes a few flags not +# supported by openjdk configure script +cp %{SOURCE100} %{top_level_dir_name}/common/autoconf/build-aux/ +cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ + +# OpenJDK patches + +%if %{system_libs} +# Remove libraries that are linked +sh %{SOURCE12} +%endif + +# System library fixes +%if %{system_libs} +%patch201 +%patch202 +%patch203 +%patch204 +%endif + +%patch1 +%patch3 +%patch5 + +# s390 build fixes +%patch102 +%patch103 +%patch107 + +# AArch64 fixes + +# x86 fixes +%patch105 + +# Upstreamable fixes +%patch502 +%patch504 +%patch512 +%patch523 +%patch528 +%patch571 +%patch574 +%patch112 +%patch580 +%patch581 +%patch113 + +pushd %{top_level_dir_name} +# Add crypto policy and FIPS support +%patch1001 -p1 +# nss.cfg PKCS11 support; must come last as it also alters java.security +%patch1000 -p1 +# system cacerts support +%patch539 -p1 +# tzdata updates targetted for 8u362 +%patch2002 -p1 +%patch2003 -p1 +popd + +# RPM-only fixes +%patch600 +%patch1003 + +# RHEL-only patches +%if ! 0%{?fedora} && 0%{?rhel} <= 7 +%patch534 +%endif + +# Shenandoah patches + +# Extract systemtap tapsets +%if %{with_systemtap} +tar --strip-components=1 -x -I xz -f %{SOURCE8} +%if %{include_debug_build} +cp -r tapset tapset%{debug_suffix} +%endif +%if %{include_fastdebug_build} +cp -r tapset tapset%{fastdebug_suffix} +%endif + + +for suffix in %{build_loop} ; do + for file in "tapset"$suffix/*.in; do + OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` + sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1 +# TODO find out which architectures other than i686 have a client vm +%ifarch %{ix86} + sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE +%else + sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE +%endif + sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE + sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE + sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE + done +done +# systemtap tapsets ends +%endif + +# Prepare desktop files +# The _X_ syntax indicates variables that are replaced by make upstream +# The @X@ syntax indicates variables that are replaced by configure upstream +for suffix in %{build_loop} ; do +for file in %{SOURCE9} %{SOURCE10} ; do + FILE=`basename $file | sed -e s:\.in$::g` + EXT="${FILE##*.}" + NAME="${FILE%.*}" + OUTPUT_FILE=$NAME$suffix.$EXT + sed -e "s:_SDKBINDIR_:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE + sed -i -e "s:_JREBINDIR_:%{jrebindir -- $suffix}:g" $OUTPUT_FILE + sed -i -e "s:@target_cpu@:%{_arch}:g" $OUTPUT_FILE + sed -i -e "s:@OPENJDK_VER@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE + sed -i -e "s:@JAVA_VER@:%{javaver}:g" $OUTPUT_FILE + sed -i -e "s:@JAVA_VENDOR@:%{origin}:g" $OUTPUT_FILE +done +done + +# Setup nss.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg + +# Setup nss.fips.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg + +# Setup security policy +sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %{security_file} + +%build + +# How many CPU's do we have? +export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) +export NUM_PROC=${NUM_PROC:-1} +%if 0%{?_smp_ncpus_max} +# Honor %%_smp_ncpus_max +[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} +%endif + +%ifarch s390x sparc64 alpha %{power64} %{aarch64} +export ARCH_DATA_MODEL=64 +%endif +%ifarch alpha +export CFLAGS="$CFLAGS -mieee" +%endif + +# We use ourcppflags because the OpenJDK build seems to +# pass EXTRA_CFLAGS to the HotSpot C++ compiler... +EXTRA_CFLAGS="%ourcppflags -Wno-error" +EXTRA_CPP_FLAGS="%ourcppflags" + +%ifarch %{power64} ppc +# fix rpmlint warnings +EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" +%endif +EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" +export EXTRA_CFLAGS EXTRA_ASFLAGS + +(cd %{top_level_dir_name}/common/autoconf + bash ./autogen.sh +) + +function buildjdk() { + local outputdir=${1} + local buildjdk=${2} + local maketargets="${3}" + local debuglevel=${4} + local link_opt=${5} + + local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} + # Variable used in hs_err hook on build failures + local top_builddir_abs_path=$(pwd)/${outputdir} + + echo "Using output directory: ${outputdir}"; + + if [ "x${link_opt}" = "xbundled" ] ; then + libc_link_opt="static"; + else + libc_link_opt="dynamic"; + fi + + echo "Checking build JDK ${buildjdk} is operational..." + ${buildjdk}/bin/java -version + echo "Using make targets: ${maketargets}" + echo "Using debuglevel: ${debuglevel}" + echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" + + mkdir -p ${outputdir} + pushd ${outputdir} + + bash ${top_srcdir_abs_path}/configure \ +%ifarch %{jfr_arches} + --enable-jfr \ +%else + --disable-jfr \ +%endif +%ifarch %{zero_arches} + --with-jvm-variants=zero \ +%endif + --with-native-debug-symbols=internal \ + --with-milestone=%{milestone} \ + --with-update-version=%{updatever} \ + --with-build-number=%{buildver} \ + --with-vendor-name="%{oj_vendor}" \ + --with-vendor-url="%{oj_vendor_url}" \ + --with-vendor-bug-url="%{oj_vendor_bug_url}" \ + --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ + --with-boot-jdk=${buildjdk} \ + --with-debug-level=${debuglevel} \ + --disable-sysconf-nss \ + --enable-unlimited-crypto \ + --with-zlib=${link_opt} \ + --with-giflib=${link_opt} \ +%if %{with system_libs} + --with-libjpeg=${link_opt} \ + --with-libpng=${link_opt} \ + --with-lcms=${link_opt} \ +%endif + --with-stdc++lib=${libc_link_opt} \ + --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ + --with-extra-cflags="$EXTRA_CFLAGS" \ + --with-extra-asflags="$EXTRA_ASFLAGS" \ + --with-extra-ldflags="%{ourldflags}" \ + --with-num-cores="$NUM_PROC" + + cat spec.gmk + cat hotspot-spec.gmk + + make \ + JAVAC_FLAGS=-g \ + LOG=trace \ + SCTP_WERROR= \ + ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) + + popd +} + +function installjdk() { + local outputdir=${1} + local installdir=${2} + local imagepath=${installdir}/images/%{jdkimage} + + echo "Installing build from ${outputdir} to ${installdir}..." + mkdir -p ${installdir} + echo "Installing images..." + mv ${outputdir}/images ${installdir} + if [ -d ${outputdir}/bundles ] ; then + echo "Installing bundles..."; + mv ${outputdir}/bundles ${installdir} ; + fi + if [ -d ${outputdir}/docs ] ; then + echo "Installing docs..."; + mv ${outputdir}/docs ${installdir} ; + fi + +%if !%{with artifacts} + echo "Removing output directory..."; + rm -rf ${outputdir} +%endif + + if [ -d ${imagepath} ] ; then + # the build (erroneously) removes read permissions from some jars + # this is a regression in OpenJDK 7 (our compiler): + # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 + find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; + chmod ugo+r ${imagepath}/lib/ct.sym + + # remove redundant *diz and *debuginfo files + find ${imagepath} -iname '*.diz' -exec rm -v {} \; + find ${imagepath} -iname '*.debuginfo' -exec rm -v {} \; + + # Build screws up permissions on binaries + # https://bugs.openjdk.java.net/browse/JDK-8173610 + find ${imagepath} -iname '*.so' -exec chmod +x {} \; + find ${imagepath}/bin/ -exec chmod +x {} \; + + # Install nss.cfg right away as we will be using the JRE above + install -m 644 nss.cfg ${imagepath}/jre/lib/security/ + + # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) + install -m 644 nss.fips.cfg ${imagepath}/jre/lib/security/ + + # Turn on system security properties + sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ + ${imagepath}/jre/lib/security/java.security + + # Use system-wide tzdata + mv ${imagepath}/jre/lib/tzdb.dat{,.upstream} + ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/jre/lib/tzdb.dat + + # Rename OpenJDK cacerts database + mv ${imagepath}/jre/lib/security/cacerts{,.upstream} + # Install cacerts symlink needed by some apps which hard-code the path + ln -sv %{cacerts_file} ${imagepath}/jre/lib/security + + # add alt-java man page + pushd ${imagepath} + echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 + cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 + popd + + # Print release information + cat ${imagepath}/release + + fi +} + +%if %{build_hotspot_first} + # Build a fresh libjvm.so first and use it to bootstrap + cp -LR --preserve=mode,timestamps %{bootjdk} newboot + systemjdk=$(pwd)/newboot + buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" + mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server +%else + systemjdk=%{bootjdk} +%endif + +for suffix in %{build_loop} ; do +if [ "x$suffix" = "x" ] ; then + debugbuild=release +else + # change --something to something + debugbuild=`echo $suffix | sed "s/-//g"` +fi + +builddir=%{buildoutputdir -- $suffix} +bootbuilddir=boot${builddir} +installdir=%{installoutputdir -- $suffix} +bootinstalldir=boot${installdir} +link_opt="%{link_type}" + +# Debug builds don't need same targets as release for +# build speed-up. We also avoid bootstrapping these +# slower builds. +if echo $debugbuild | grep -q "debug" ; then + maketargets="%{debug_targets}" + run_bootstrap=false +else + maketargets="%{release_targets}" + run_bootstrap=%{bootstrap_build} +fi + +if ${run_bootstrap} ; then + buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} + installjdk ${bootbuilddir} ${bootinstalldir} + buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} + installjdk ${builddir} ${installdir} + %{!?with_artifacts:rm -rf ${bootinstalldir}} +else + buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} + installjdk ${builddir} ${installdir} +fi + +# build cycles +done + +%check + +# We test debug first as it will give better diagnostics on a crash +for suffix in %{build_loop} ; do + +export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} + +# Check unlimited policy has been used +$JAVA_HOME/bin/javac -d . %{SOURCE13} +$JAVA_HOME/bin/java TestCryptoLevel + +# Check ECC is working +$JAVA_HOME/bin/javac -d . %{SOURCE14} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + +# Check system crypto (policy) is active and can be disabled +# Test takes a single argument - true or false - to state whether system +# security properties are enabled or not. +$JAVA_HOME/bin/javac -d . %{SOURCE15} +export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") +export SEC_DEBUG="-Djava.security.debug=properties" +$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true +$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false + +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} + +# Check java launcher has no SSB mitigation +if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi + +# Check alt-java launcher has SSB mitigation on supported architectures +%ifarch %{ssbd_arches} +nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation +%else +if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi +%endif + +# Check translations are available for new timezones +$JAVA_HOME/bin/javac -d . %{SOURCE18} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE + +# Check debug symbols are present and can identify code +find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib +do + if [ -f "$lib" ] ; then + echo "Testing $lib for debug symbols" + # All these tests rely on RPM failing the build if the exit code of any set + # of piped commands is non-zero. + + # Test for .debug_* sections in the shared object. This is the main test + # Stripped objects will not contain these + eu-readelf -S "$lib" | grep "] .debug_" + test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 + + # Test FILE symbols. These will most likely be removed by anything that + # manipulates symbol tables because it's generally useless. So a nice test + # that nothing has messed with symbols + old_IFS="$IFS" + IFS=$'\n' + for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") + do + # We expect to see .cpp files, except for architectures like aarch64 and + # s390 where we expect .o and .oS files + echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$" + done + IFS="$old_IFS" + + # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking + if [ "`basename $lib`" = "libjvm.so" ]; then + eu-readelf -s "$lib" | \ + grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" + fi + + # Test that there are no .gnu_debuglink sections pointing to another + # debuginfo file. There shouldn't be any debuginfo files, so the link makes + # no sense either + eu-readelf -S "$lib" | grep 'gnu' + if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then + echo "bad .gnu_debuglink section." + eu-readelf -x .gnu_debuglink "$lib" + false + fi + fi +done + +# Make sure gdb can do a backtrace based on line numbers on libjvm.so +# javaCalls.cpp:58 should map to: +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# Using line number 1 might cause build problems. See: +# https://bugzilla.redhat.com/show_bug.cgi?id=1539664 +# https://bugzilla.redhat.com/show_bug.cgi?id=1538767 +gdb -q "$JAVA_HOME/bin/java" <> %{name}-demo.files"$suffix" +# Find documentation demo files. +find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ + $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/sample \ + -type f -o -type l | sort \ + | grep README \ + | sed 's|'$RPM_BUILD_ROOT'||' \ + | sed 's|^|%doc |' \ + >> %{name}-demo.files"$suffix" +# Find demo directories. +find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ + $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/sample \ + -type d | sort \ + | sed 's|'$RPM_BUILD_ROOT'||' \ + | sed 's|^|%dir |' \ + >> %{name}-demo.files"$suffix" + +# Create links which leads to separately installed java-atk-bridge and allow configuration +# links points to java-atk-wrapper - an dependence + pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall} + ln -s %{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so + popd + pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/ext + ln -s %{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar + popd + pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/ + echo "#Config file to enable java-atk-wrapper" > accessibility.properties + echo "" >> accessibility.properties + echo "assistive_technologies=org.GNOME.Accessibility.AtkWrapper" >> accessibility.properties + echo "" >> accessibility.properties + popd + + +bash %{SOURCE20} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver} +# https://bugzilla.redhat.com/show_bug.cgi?id=1183793 +touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/security/java.security + +# moving config files to /etc +mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/unlimited/ +mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/limited/ +for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy.jar lib/security/policy/unlimited/local_policy.jar lib/security/policy/limited/US_export_policy.jar lib/security/policy/limited/local_policy.jar lib/security/java.policy lib/security/java.security lib/security/blacklisted.certs lib/logging.properties lib/calendars.properties lib/security/nss.cfg lib/security/nss.fips.cfg ; do + mv $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/$file + ln -sf %{etcjavadir -- $suffix}/$file $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file +done + +# stabilize permissions +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "ASSEMBLY_EXCEPTION" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "LICENSE" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "THIRD_PARTY_README" -exec chmod 644 {} \; ; + +# end, dual install +done + +%if %{include_normal_build} +# intentionally only for non-debug +%pretrans headless -p +-- see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue +-- see https://bugzilla.redhat.com/show_bug.cgi?id=1290388 for pretrans over pre +-- if copy-jdk-configs is in transaction, it installs in pretrans to temp +-- if copy_jdk_configs is in temp, then it means that copy-jdk-configs is in transaction and so is +-- preferred over one in %%{_libexecdir}. If it is not in transaction, then depends +-- whether copy-jdk-configs is installed or not. If so, then configs are copied +-- (copy_jdk_configs from %%{_libexecdir} used) or not copied at all +local posix = require "posix" + +if (os.getenv("debug") == "true") then + debug = true; + print("cjc: in spec debug is on") +else + debug = false; +end + +SOURCE1 = "%{rpm_state_dir}/copy_jdk_configs.lua" +SOURCE2 = "%{_libexecdir}/copy_jdk_configs.lua" + +local stat1 = posix.stat(SOURCE1, "type"); +local stat2 = posix.stat(SOURCE2, "type"); + + if (stat1 ~= nil) then + if (debug) then + print(SOURCE1 .." exists - copy-jdk-configs in transaction, using this one.") + end; + package.path = package.path .. ";" .. SOURCE1 +else + if (stat2 ~= nil) then + if (debug) then + print(SOURCE2 .." exists - copy-jdk-configs already installed and NOT in transaction. Using.") + end; + package.path = package.path .. ";" .. SOURCE2 + else + if (debug) then + print(SOURCE1 .." does NOT exists") + print(SOURCE2 .." does NOT exists") + print("No config files will be copied") + end + return + end +end +arg = nil ; -- it is better to null the arg up, no meter if they exists or not, and use cjc as module in unified way, instead of relaying on "main" method during require "copy_jdk_configs.lua" +cjc = require "copy_jdk_configs.lua" +args = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"} +cjc.mainProgram(args) + +%post +%{post_script %{nil}} + +%post headless +%{post_headless %{nil}} + +%postun +%{postun_script %{nil}} + +%postun headless +%{postun_headless %{nil}} + +%posttrans +%{posttrans_script %{nil}} + +%posttrans headless +%{alternatives_java_install %{nil}} + +%post devel +%{post_devel %{nil}} + +%postun devel +%{postun_devel %{nil}} + +%posttrans devel +%{posttrans_devel %{nil}} + +%posttrans javadoc +%{alternatives_javadoc_install %{nil}} + +%postun javadoc +%{postun_javadoc %{nil}} + +%posttrans javadoc-zip +%{alternatives_javadoczip_install %{nil}} + +%postun javadoc-zip +%{postun_javadoc_zip %{nil}} +%endif + +%if %{include_debug_build} +%post slowdebug +%{post_script -- %{debug_suffix_unquoted}} + +%post headless-slowdebug +%{post_headless -- %{debug_suffix_unquoted}} + +%posttrans headless-slowdebug +%{alternatives_java_install -- %{debug_suffix_unquoted}} + +%postun slowdebug +%{postun_script -- %{debug_suffix_unquoted}} + +%postun headless-slowdebug +%{postun_headless -- %{debug_suffix_unquoted}} + +%posttrans slowdebug +%{posttrans_script -- %{debug_suffix_unquoted}} + +%post devel-slowdebug +%{post_devel -- %{debug_suffix_unquoted}} + +%postun devel-slowdebug +%{postun_devel -- %{debug_suffix_unquoted}} + +%posttrans devel-slowdebug +%{posttrans_devel -- %{debug_suffix_unquoted}} + +%endif + +%if %{include_fastdebug_build} +%post fastdebug +%{post_script -- %{fastdebug_suffix_unquoted}} + +%post headless-fastdebug +%{post_headless -- %{fastdebug_suffix_unquoted}} + +%postun fastdebug +%{postun_script -- %{fastdebug_suffix_unquoted}} + +%postun headless-fastdebug +%{postun_headless -- %{fastdebug_suffix_unquoted}} + +%posttrans fastdebug +%{posttrans_script -- %{fastdebug_suffix_unquoted}} + +%posttrans headless-fastdebug +%{alternatives_java_install -- %{fastdebug_suffix_unquoted}} + +%post devel-fastdebug +%{post_devel -- %{fastdebug_suffix_unquoted}} + +%postun devel-fastdebug +%{postun_devel -- %{fastdebug_suffix_unquoted}} + +%posttrans devel-fastdebug +%{posttrans_devel -- %{fastdebug_suffix_unquoted}} + +%endif + +%if %{include_normal_build} +%files +# main package builds always +%{files_jre %{nil}} +%else +%files +# placeholder +%endif + + +%if %{include_normal_build} +%files headless +# important note, see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue +# all config/noreplace files (and more) have to be declared in pretrans. See pretrans +%{files_jre_headless %{nil}} + +%files devel +%{files_devel %{nil}} + +%files demo -f %{name}-demo.files +%{files_demo %{nil}} + +%files src +%{files_src %{nil}} + +%files javadoc +%{files_javadoc %{nil}} + +# This puts a huge documentation file in /usr/share +# It is now architecture-dependent, as eg. AOT and Graal are now x86_64 only +# same for debug variant +%files javadoc-zip +%{files_javadoc_zip %{nil}} + +%files accessibility +%{files_accessibility %{nil}} +%endif + +%if %{include_debug_build} +%files slowdebug +%{files_jre -- %{debug_suffix_unquoted}} + +%files headless-slowdebug +%{files_jre_headless -- %{debug_suffix_unquoted}} + +%files devel-slowdebug +%{files_devel -- %{debug_suffix_unquoted}} + +%files demo-slowdebug -f %{name}-demo.files-slowdebug +%{files_demo -- %{debug_suffix_unquoted}} + +%files src-slowdebug +%{files_src -- %{debug_suffix_unquoted}} + +%files accessibility-slowdebug +%{files_accessibility -- %{debug_suffix_unquoted}} +%endif + +%if %{include_fastdebug_build} +%files fastdebug +%{files_jre -- %{fastdebug_suffix_unquoted}} + +%files headless-fastdebug +%{files_jre_headless -- %{fastdebug_suffix_unquoted}} + +%files devel-fastdebug +%{files_devel -- %{fastdebug_suffix_unquoted}} + +%files demo-fastdebug -f %{name}-demo.files-fastdebug +%{files_demo -- %{fastdebug_suffix_unquoted}} + +%files src-fastdebug +%{files_src -- %{fastdebug_suffix_unquoted}} + +%files accessibility-fastdebug +%{files_accessibility -- %{fastdebug_suffix_unquoted}} +%endif + +%changelog +* Sun Oct 16 2022 Andrew Hughes - 1:1.8.0.352.b08-2 +- Update to shenandoah-jdk8u352-b08 (GA) +- Update release notes for shenandoah-8u352-b08. +- Rebase FIPS patch against 8u352-b07 +- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 +- Add test to ensure timezones can be translated +- * This tarball is embargoed until 2022-10-18 @ 1pm PT. * +- Resolves: rhbz#2133695 + +* Tue Aug 30 2022 Andrew Hughes - 1:1.8.0.345.b01-5 +- Switch to static builds, reducing system dependencies and making build more portable +- Resolves: rhbz#2048542 + +* Tue Aug 30 2022 Andrew Hughes - 1:1.8.0.345.b01-4 +- Sync system cacerts support with RHEL 9, disabling using -Dsecurity.systemCACerts= +- Move cacerts replacement to install section and retain original of this and tzdb.dat +- Related: rhbz#2055274 + +* Mon Aug 29 2022 Stephan Bergmann - 1:1.8.0.345.b01-3 +- Disable copy-jdk-configs for Flatpak builds +- Fix flatpak builds by exempting them from bootstrap +- Resolves: rhbz#2102733 + +* Wed Aug 03 2022 Andrew Hughes - 1:1.8.0.345.b01-2 +- Update to shenandoah-jdk8u345-b01 (GA) +- Update release notes for 8u345-b01. +- Resolves: rhbz#2112403 + +* Sun Jul 24 2022 Andrew Hughes - 1:1.8.0.342.b07-2 +- Update to shenandoah-jdk8u342-b07 (GA) +- Update release notes for 8u342-b07. +- Switch to GA mode for final release. +- Resolves: rhbz#2106507 + +* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b06-0.1.ea +- Update to shenandoah-jdk8u342-b06 (EA) +- Update release notes for shenandoah-8u342-b06. +- Switch to EA mode for 8u342 pre-release builds. +- Print release file during build, which should now include a correct SOURCE value from .src-rev +- Update tarball script with IcedTea GitHub URL and .src-rev generation +- Use "git apply" with patches in the tarball script to allow binary diffs +- Remove redundant "REPOS" variable from tarball script +- Include script to generate bug list for release notes +- Update tzdata requirement to 2022a to match JDK-8283350 +- Resolves: rhbz#2083265 + +* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-5 +- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository +- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +- * RH2090378: Revert to disabling system security properties and FIPS mode support together +- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch +- Rebase PR2888/RH2055274 cacerts patch so it applies after the current FIPS patch +- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk +- Enable system security properties in the RPM (now disabled by default in the FIPS repo) +- Improve security properties test to check both enabled and disabled behaviour +- Run security properties test with property debugging on +- Explicitly require crypto-policies during build and runtime for system security properties +- Resolves: rhbz#2097152 +- Resolves: rhbz#2100675 + +* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-4 +- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode +- Resolves: rhbz#2102431 + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b09-3 +- Update to shenandoah-jdk8u332-b09 (GA) +- Update release notes for 8u332-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#2074646 + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.2.ea +- Allow the default keystore to be configured using security.systemCACerts +- Use of the property can now be disabled using -Djava.security.disableSystemCACerts=true +- Resolves: rhbz#2055274 + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.1.ea +- Update to shenandoah-jdk8u332-b06 (EA) +- Update release notes for shenandoah-8u332-b06. +- Resolves: rhbz#2047536 + +* Sun Apr 17 2022 Andrew Hughes - 1:1.8.0.332.b01-0.1.ea +- Update to shenandoah-jdk8u332-b01 (EA) +- Update release notes for shenandoah-8u332-b01. +- Switch to EA mode. +- Remove JDK-8279077 patch now upstream. +- Related: rhbz#2047536 + +* Mon Feb 28 2022 Jiri Vanek - 1:1.8.0.322.b06-11 +- Storing and restoring alterntives during update manually +- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE +-- The move of alternatives creation to posttrans to fix: +-- Bug 1200302 - dnf reinstall breaks alternatives +-- Had caused the alternatives to be removed, and then created again, +-- instead of being added, and then removing the old, and thus persisting +-- the selection in family +-- Thus this fix, is storing the family of manually selected master, and if +-- stored, then it is restoring the family of the master +- Resolves: rhbz#2008192 + +* Mon Feb 28 2022 Jiri Vanek - 1:1.8.0.322.b06-10 +- Family extracted to globals +- Resolves: rhbz#2008192 + +* Mon Feb 28 2022 Jiri Vanek - 1:1.8.0.322.b06-9 +- javadoc-zip got its own provides next to plain javadoc ones +- Resolves: rhbz#2008192 + +* Mon Feb 28 2022 Jiri Vanek - 1:1.8.0.322.b06-8 +- alternatives creation moved to posttrans +- Thus fixing the old reisntall issue: +- https://bugzilla.redhat.com/show_bug.cgi?id=1200302 +- https://bugzilla.redhat.com/show_bug.cgi?id=1976053 +- Resolves: rhbz#2008192 + +* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-7 +- Add JDK-8275535 patch to fix LDAP authentication issue. +- Resolves: rhbz#2053285 + +* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-6 +- Detect NSS at runtime for FIPS detection +- Turn off build-time NSS linking and go back to an explicit Requires on NSS +- Resolves: rhbz#2052828 + +* Wed Feb 23 2022 Andrew Hughes - 1:1.8.0.322.b06-5 +- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent +- Resolves: rhbz#2052817 + +* Mon Feb 21 2022 Andrew Hughes - 1:1.8.0.322.b06-4 +- Refactor build functions so we can build just HotSpot without any attempt at installation. +- Introduce architecture restriction logic for the gdb test. (RH2041970) +- Pass compiler flags to the ADLC build (JDK-8281098) +- Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 +- Explicitly list JIT architectures rather than relying on those with slowdebug builds +- Disable the serviceability agent on Zero architectures even when the architecture itself is supported +- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds +- Sync minor placement differences with Fedora & RHEL 9 +- Resolves: rhbz#2022815 + +* Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-3 +- Fix FIPS issues in native code and with initialisation of java.security.Security +- Resolves: rhbz#2021263 + +* Fri Jan 21 2022 Andrew Hughes - 1:1.8.0.322.b06-2 +- Update to aarch64-shenandoah-jdk8u322-b06 (EA) +- Update release notes for 8u322-b06. +- Switch to GA mode for final release. +- Resolves: rhbz#2039366 + +* Thu Jan 20 2022 Andrew Hughes - 1:1.8.0.322.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b05 (EA) +- Update release notes for 8u322-b05. +- Require tzdata 2021e as of JDK-8275766. +- Update tarball generation script to use git following shenandoah-jdk8u's move to github +- Resolves: rhbz#2022815 + +* Tue Jan 18 2022 Andrew Hughes - 1:1.8.0.322.b04-0.2.ea +- Add backport of JDK-8279077 to fix crash on ppc64 +- Resolves: rhbz#2030399 + +* Mon Jan 10 2022 Andrew Hughes - 1:1.8.0.322.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b04 (EA) +- Update release notes for 8u322-b04. +- Require tzdata 2021c as of JDK-8274407. +- Related: rhbz#2022815 + +* Fri Jan 07 2022 Andrew Hughes - 1:1.8.0.322.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b03 (EA) +- Update release notes for 8u322-b03. +- Related: rhbz#2022815 + +* Fri Dec 17 2021 Andrew Hughes - 1:1.8.0.322.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b02 (EA) +- Update release notes for 8u322-b02. +- Related: rhbz#2022815 + +* Tue Dec 14 2021 Andrew Hughes - 1:1.8.0.322.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b01 (EA) +- Update release notes for 8u322-b01. +- Switch to EA mode. +- Related: rhbz#2022815 + +* Mon Dec 06 2021 Andrew Hughes - 1:1.8.0.312.b07-5 +- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. +- Related: rhbz#2022815 + +* Mon Dec 06 2021 Severin Gehwolf - 1:1.8.0.312.b07-4 +- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy + secmod.db file as part of nss +- Resolves: rhbz#2023532 + +* Fri Oct 15 2021 Andrew Hughes - 1:1.8.0.312.b07-3 +- Update to aarch64-shenandoah-jdk8u312-b07 (EA) +- Update release notes for 8u312-b07. +- Switch to GA mode for final release. +- Resolves: rhbz#2012339 + +* Tue Oct 12 2021 Andrew Hughes - 1:1.8.0.312.b05-0.3.ea +- Update to aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07 +- Update release notes for 8u312-b05-shenandoah-merge-2021-10-07. +- Related: rhbz#1999937 + +* Thu Oct 07 2021 Andrew Hughes - 1:1.8.0.312.b05-0.2.ea +- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false +- Resolves: rhbz#1994659 + +* Thu Oct 07 2021 Martin Balao - 1:1.8.0.312.b05-0.2.ea +- Add patch to allow plain key import. +- Resolves: rhbz#1994659 + +* Thu Sep 30 2021 Andrew Hughes - 1:1.8.0.312.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u312-b05 (EA) +- Update release notes for 8u312-b05. +- Resolves: rhbz#1999937 + +* Mon Sep 27 2021 Andrew Hughes - 1:1.8.0.312.b04-0.2.ea +- Reduce disk footprint by removing build artifacts by default. +- Related: rhbz#1999937 + +* Sun Sep 26 2021 Andrew Hughes - 1:1.8.0.312.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u312-b04 (EA) +- Update release notes for 8u312-b04. +- Related: rhbz#1999937 + +* Fri Sep 24 2021 Andrew Hughes - 1:1.8.0.312.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u312-b03 (EA) +- Update release notes for 8u312-b03. +- Related: rhbz#1999937 + +* Sun Sep 19 2021 Andrew Hughes - 1:1.8.0.312.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u312-b02 (EA) +- Update release notes for 8u312-b02. +- Related: rhbz#1999937 + +* Mon Sep 13 2021 Andrew Hughes - 1:1.8.0.312.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u312-b01 (EA) +- Update release notes for 8u312-b01. +- Switch to EA mode. +- Remove "-clean" suffix as no 8u312 builds are unclean. +- Related: rhbz#1999937 + +* Fri Sep 10 2021 Andrew Hughes - 1:1.8.0.302.b08-4 +- Remove non-Free test and demo files from source tarball. +- Related: rhbz#1999937 + +* Fri Aug 27 2021 Andrew Hughes - 1:1.8.0.302.b08-3 +- Add patch to login to the NSS software token when in FIPS mode. +- Resolves: rhbz#1997358 + +* Fri Aug 27 2021 Andrew Hughes - 1:1.8.0.302.b08-2 +- Fix path to libsystemconf.so on 8u. +- Resolves: rhbz#1971679 + +* Fri Aug 27 2021 Andrew Hughes - 1:1.8.0.302.b08-2 +- Port FIPS system detection support to OpenJDK 8u +- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. +- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. +- Resolves: rhbz#1971679 + +* Fri Aug 27 2021 Martin Balao - 1:1.8.0.302.b08-2 +- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. +- Resolves: rhbz#1971679 + +* Fri Jul 16 2021 Andrew Hughes - 1:1.8.0.302.b08-1 +- Update to aarch64-shenandoah-jdk8u302-b08 (EA) +- Update release notes for 8u302-b08. +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-07-20 @ 1pm PT. +- Resolves: rhbz#1972395 + +* Thu Jul 08 2021 Andrew Hughes - 1:1.8.0.302.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b07 (EA) +- Update release notes for 8u302-b07. +- Resolves: rhbz#1967812 + +* Tue Jul 06 2021 Andrew Hughes - 1:1.8.0.302.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b06 (EA) +- Update release notes for 8u302-b06. +- Resolves: rhbz#1967812 + +* Tue Jul 06 2021 Andrew Hughes - 1:1.8.0.302.b05-0.2.ea +- Remove restriction on disabling product build, as debug packages no longer have javadoc packages. +- Fix name of javadoc debug packages in Obsoletes declarations and add version where it was removed. +- Resolves: rhbz#1966233 + +* Mon Jul 05 2021 Andrew Hughes - 1:1.8.0.302.b05-0.1.ea +- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. +- Resolves: rhbz#1966233 + +* Fri Jul 02 2021 Andrew Hughes - 1:1.8.0.302.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b05 (EA) +- Update release notes for 8u302-b05. +- Resolves: rhbz#1967812 + +* Wed Jun 30 2021 Andrew Hughes - 1:1.8.0.302.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b04 (EA) +- Update release notes for 8u302-b04. +- Resolves: rhbz#1967812 + +* Tue Jun 29 2021 Andrew Hughes - 1:1.8.0.302.b03-0.3.ea +- Introduced nm based check to verify alt-java on x86_64 is patched, and no other alt-java or java is patched +- Patch600, rh1750419-redhat_alt_java.patch, amended to die, if it is used wrongly +- Introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures +- Resolves: rhbz#1966233 + +* Mon Jun 28 2021 Andrew Hughes - 1:1.8.0.302.b03-0.2.ea +- Re-order source files to sync with Fedora. +- Resolves: rhbz#1966233 + +* Mon Jun 28 2021 Severin Gehwolf - 1:1.8.0.302.b03-0.2.ea +- Add a test verifying system crypto policies can be disabled +- Resolves: rhbz#1966233 + +* Mon Jun 28 2021 Andrew Hughes - 1:1.8.0.302.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23 (EA) +- Update release notes for 8u302-b03-shenandoah-merge-2021-06-23. +- Resolves: rhbz#1967812 + +* Sun Jun 27 2021 Andrew Hughes - 1:1.8.0.302.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b03 (EA) +- Update release notes for 8u302-b03. +- Resolves: rhbz#1967812 + +* Sat Jun 26 2021 Andrew Hughes - 1:1.8.0.302.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b02 (EA) +- Update release notes for 8u302-b02. +- Resolves: rhbz#1967812 + +* Mon Jun 21 2021 Andrew Hughes - 1:1.8.0.302.b01-0.3.ea +- Add ppc64le and aarch64 to fastdebug_arches +- Resolves: rhbz#1969254 + +* Fri Jun 18 2021 Andrew Hughes - 1:1.8.0.302.b01-0.2.ea +- Cleanup architecture handling in preparation for extending set of fastdebug architectures +- Fixed not-including fastdebug build in case of --without fastdebug +- Resolves: rhbz#1969254 + +* Wed Jun 16 2021 Jiri Vanek - 1:1.8.0.302.b01-0.1.ea +- adapted to newst cjc to fix issue with rpm 4.17 +- Disable copy-jdk-configs for Flatpak builds +- removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction +- Resolves: rhbz#1953923 + +* Sat May 22 2021 Andrew Hughes - 1:1.8.0.302.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b01 (EA) +- Update release notes for 8u302-b01. +- Switch to EA mode. +- Resolves: rhbz#1967812 + +* Tue Apr 13 2021 Andrew Hughes - 1:1.8.0.292.b10-2 +- Update to aarch64-shenandoah-jdk8u292-b10 (GA) +- Update release notes for 8u292-b10. +- This tarball is embargoed until 2021-04-20 @ 1pm PT. +- Resolves: rhbz#1938201 + +* Tue Apr 13 2021 Andrew Hughes - 1:1.8.0.292.b09-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b09 (EA) +- Update release notes for 8u292-b09. +- Resolves: rhbz#1942306 + +* Mon Apr 12 2021 Andrew Hughes - 1:1.8.0.292.b08-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b08 (EA) +- Update release notes for 8u292-b08. +- Require tzdata 2021a due to JDK-8260356 +- Resolves: rhbz#1942306 + +* Mon Apr 12 2021 Andrew Hughes - 1:1.8.0.292.b07-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b07 (EA) +- Update release notes for 8u292-b07. +- Resolves: rhbz#1942306 + +* Sun Apr 11 2021 Andrew Hughes - 1:1.8.0.292.b06-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b06 (EA) +- Update release notes for 8u292-b06. +- Require tzdata 2020f due to JDK-8259048 +- Resolves: rhbz#1942306 + +* Sat Apr 10 2021 Andrew Hughes - 1:1.8.0.292.b05-0.3.ea +- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA) +- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11. +- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes. +- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch. +- Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u. +- Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate. +- Resolves: rhbz#1942306 + +* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b05-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b05 (EA) +- Update release notes for 8u292-b05. +- Resolves: rhbz#1942306 + +* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b04-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b04 (EA) +- Update release notes for 8u292-b04. +- Resolves: rhbz#1942306 + +* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b03-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b03 (EA) +- Update release notes for 8u292-b03. +- Resolves: rhbz#1942306 + +* Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b02-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b02 (EA) +- Update release notes for 8u292-b02. +- Remove RH1868759 patch as this is now resolved upstream by JDK-8258833. +- Resolves: rhbz#1942306 + +* Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b01-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b01 (EA) +- Update release notes for 8u292-b01. +- Switch to EA mode. +- Update tarball generation script to use PR3822 which handles + JDK-8233228 & JDK-8035166 changes +- Resolves: rhbz#1942306 + +* Wed Feb 17 2021 Stephan Bergmann - 1:1.8.0.282.b08-4 +- Resolves: rhbz#1896014 Hardcode /usr/sbin/alternatives for Flatpak builds + +* Sun Jan 17 2021 Andrew Hughes - 1:1.8.0.282.b08-3 +- Cleanup package descriptions and version number placement. +- Resolves: rhbz#1908967 + +* Sun Jan 17 2021 Jiri Vanek - 1:1.8.0.282.b08-3 +- Fix typo in variable +- Resolves: rhbz#1908967 + +* Sun Jan 17 2021 Andrew Hughes - 1:1.8.0.282.b08-2 +- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode +- Resolves: rhbz#1913868 + +* Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b08-1 +- Update to aarch64-shenandoah-jdk8u282-b08 (GA) +- Update release notes for 8u282-b08. +- Resolves: rhbz#1908967 + +* Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b07 (EA) +- Update release notes for 8u282-b07. +- Fix placement issue in release notes, caught by comparing with vanilla version. +- Resolves: rhbz#1903904 + +* Wed Jan 13 2021 Andrew Hughes - 1:1.8.0.282.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b06 (EA) +- Update release notes for 8u282-b06. +- Resolves: rhbz#1903904 + +* Mon Jan 11 2021 Andrew Hughes - 1:1.8.0.282.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b05 (EA) +- Update release notes for 8u282-b05 and make some minor corrections. +- Resolves: rhbz#1903904 + +* Wed Jan 06 2021 Andrew Hughes - 1:1.8.0.282.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b04 (EA) +- Update release notes for 8u282-b04. +- Remove upstreamed patch PR3519 +- Resolves: rhbz#1903904 + +* Sat Jan 02 2021 Andrew Hughes - 1:1.8.0.282.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b03 (EA) +- Update release notes for 8u282-b03. +- Resolves: rhbz#1903904 + +* Fri Dec 18 2020 Andrew Hughes - 1:1.8.0.282.b02-0.2.ea +- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs. +- Resolves: rhbz#1906862 + +* Wed Dec 16 2020 Andrew Hughes - 1:1.8.0.282.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b02 (EA) +- Update release notes for 8u282-b02. +- Resolves: rhbz#1903904 + +* Mon Dec 07 2020 Andrew Hughes - 1:1.8.0.282.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b01 (EA) +- Update release notes for 8u282-b01. +- Switch to EA mode. +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Remove PR3601, covered upstream by JDK-8062808. +- Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727. +- Extend RH1750419 alt-java fix to include external debuginfo, following JDK-8252395 +- Resolves: rhbz#1903904 + +* Fri Nov 27 2020 Jiri Vanek - 1:1.8.0.275.b01-3 +- added patch600, rh1750419-redhat_alt_java.patch +- Replaced alt-java palceholder by real pathced alt-java +- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch +- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +- both suprassed by new patch +- Resolves: rhbz#1750419 + +* Fri Nov 06 2020 Andrew Hughes - 1:1.8.0.275.b01-2 +- Update to aarch64-shenandoah-jdk8u275-b01 (GA) +- Update release notes for 8u275. +- Remove JDK-8223940/RH1892216 backport now included in upstream 8u275. +- Remove JDK-8236512/RH1889414 backport now included in upstream 8u275. +- Resolves: rhbz#1895060 + +* Fri Oct 30 2020 Andrew Hughes - 1:1.8.0.272.b10-6 +- Add backport of JDK-8223940: "Private key not supported by chosen signature algorithm" to handle lack of provider RSAPSS support +- Resolves: rhbz#1892216 + +* Fri Oct 30 2020 Jiri Vanek - 1:1.8.0.272.b10-5 +- Added gating test for ipa server +- Resolves: rhbz#1892216 + +* Thu Oct 29 2020 Andrew Hughes - 1:1.8.0.272.b10-4 +- Bump release number to build on RHEL 8.4.0 branch. +- Resolves: rhbz#1876665 +- Resolves: rhbz#1889414 + +* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-3 +- Add backport of JDK-8236512 to correct use of killSession +- Resolves: rhbz#1889414 + +* Tue Oct 20 2020 Andrew Hughes - 1:1.8.0.272.b10-2 +- Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour" +- Resolves: rhbz#1876665 + +* Sat Oct 17 2020 Andrew Hughes - 1:1.8.0.272.b10-1 +- Update to aarch64-shenandoah-jdk8u272-b10. +- Switch to GA mode for final release. +- Update release notes for 8u272 release. +- Add backport of JDK-8254177 to update to tzdata 2020b +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Delay tzdata 2020b dependency until tzdata update has shipped. +- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 +- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 +- This tarball is embargoed until 2020-10-20 @ 1pm PT. +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Andrew Hughes - 1:1.8.0.272.b09-0.2.ea +- Include a test in the RPM to check the build has the correct vendor information. +- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. +- Improve quoting of vendor name +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Jiri Vanek - 1:1.8.0.272.b09-0.2.ea +- Set vendor property and vendor URLs +- Made URLs to be preconfigured by OS +- Resolves: rhbz#1876665 + +* Wed Oct 14 2020 Andrew Hughes - 1:1.8.0.272.b09-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b09 (EA). +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b08 (EA). +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b07 (EA). +- Resolves: rhbz#1876665 + +* Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b06. +- Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) +- Remove JDK-8165996/PR3506/RH1760437 & JDK-8251117/RH1860990 as now applied upstream. +- Replace JDK-8223482/RH1860965 with RH1860986 (disable TLSv1.3 when using the NSS-FIPS provider) +- Resolves: rhbz#1876665 + +* Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b05-0.3.ea +- Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR +- Resolves: rhbz#1876665 + +* Thu Oct 08 2020 Andrew Hughes - 1:1.8.0.272.b05-0.2.ea +- Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. +- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 +- Resolves: rhbz#1876665 + +* Thu Oct 08 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b05. +- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 +- Resolves: rhbz#1876665 + +* Wed Oct 07 2020 Andrew Hughes - 1:1.8.0.272.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b04. +- Update tarball generation script to use PR3795, following inclusion of JDK-8177334 +- Resolves: rhbz#1876665 + +* Mon Oct 05 2020 Andrew Hughes - 1:1.8.0.272.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b03. +- Resolves: rhbz#1876665 + +* Mon Oct 05 2020 Andrew Hughes - 1:1.8.0.272.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b02. +- Remove JDK-8154313 backport now applied upstream. +- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. +- Resolves: rhbz#1876665 + +* Mon Oct 05 2020 Andrew Hughes - 1:1.8.0.272.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b01. +- Switch to EA mode. +- Add debugging output for build. +- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. +- Resolves: rhbz#1876665 + +* Thu Sep 17 2020 Andrew Hughes - 1:1.8.0.265.b01-4 +- Add patch to cancel PKCS#11 operations on failure (RH1868759) +- Resolves: rhbz#1868759 + +* Tue Aug 25 2020 Andrew Hughes - 1:1.8.0.265.b01-3 +- Add backport of JDK-8251117 to allow key length to be retrieved from PKCS#11 FIPS keys +- Resolves: rhbz#1860993 + +* Tue Aug 25 2020 Andrew Hughes - 1:1.8.0.265.b01-2 +- Add backport of JDK-8223482 so PKCS#11 FIPS provider does not offer unsupported ciphers. +- Resolves: rhbz#1860965 + +* Mon Jul 27 2020 Andrew Hughes - 1:1.8.0.265.b01-1 +- Update to aarch64-shenandoah-jdk8u265-b01. +- Update release notes for 8u265 release. +- Resolves: rhbz#1860453 + +* Mon Jul 27 2020 Jiri Vanek - 1:1.8.0.262.b10-3 +- ASSEMBLY_EXCEPTION LICENSE THIRD_PARTY_README moved to fully versioned dirs +- Resolves: rhbz#1831665 + +* Thu Jul 16 2020 Andrew Hughes - 1:1.8.0.262.b10-2 +- Remove issues in NEWS file duplicated between 8u252 & 8u262 releases. +- Resolves: rhbz#1838811 + +* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-1 +- Update to aarch64-shenandoah-jdk8u262-b10. +- Switch to GA mode for final release. +- Update release notes for 8u262 release. +- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. +- Split JDK-8042159 patch into per-repo patches as upstream. +- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk +- Resolves: rhbz#1838811 + +* Sat Jul 11 2020 Andrew Hughes - 1:1.8.0.262.b09-0.3.ea +- Restructure the build so a minimal initial build is then used for the final build (with docs) +- This reduces pressure on the system JDK and ensures the JDK being built can do a full build +- Resolves: rhbz#1838811 + +* Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 +- Resolves: rhbz#1838811 + +* Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea +- With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b09. +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b08. +- Resolves: rhbz#1838811 + +* Tue Jul 07 2020 Andrew Hughes - 1:1.8.0.262.b07-0.3.ea +- Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. +- Resolves: rhbz#1838811 + +* Sun Jul 05 2020 Andrew Hughes - 1:1.8.0.262.b07-0.2.ea +- Sync alt-java support with java-11-openjdk version. +- Resolves: rhbz#1838811 + +* Sat Jul 04 2020 Jiri Vanek - 1:1.8.0.262.b07-0.2.ea +- Created copy of java as alt-java and adapted alternatives and man pages +- Resolves: rhbz#1838811 + +* Fri Jul 03 2020 Andrew Hughes - 1:1.8.0.262.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b07. +- Require tzdata 2020a so system tzdata matches resource updates in b07 +- Resolves: rhbz#1838811 + +* Tue Jun 30 2020 Andrew Hughes - 1:1.8.0.262.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b06. +- Resolves: rhbz#1838811 + +* Mon Jun 29 2020 Andrew Hughes - 1:1.8.0.262.b05-0.4.ea +- Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. +- Resolves: rhbz#1838811 + +* Mon Jun 29 2020 Andrew Hughes - 1:1.8.0.262.b05-0.3.ea +- Add directories to files directive for demo package. +- Resolves: rhbz#1649801 + +* Sun Jun 28 2020 Andrew Hughes - 1:1.8.0.262.b05-0.2.ea +- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +- Resolves: rhbz#1582504 + +* Sat Jun 27 2020 Andrew Hughes - 1:1.8.0.262.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b05. +- Resolves: rhbz#1838811 + +* Fri Jun 26 2020 Andrew Hughes - 1:1.8.0.262.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b04. +- Resolves: rhbz#1838811 + +* Wed Jun 24 2020 Andrew Hughes - 1:1.8.0.262.b03-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. +- Resolves: rhbz#1838811 + +* Tue Jun 23 2020 Andrew Hughes - 1:1.8.0.262.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b03. +- Resolves: rhbz#1838811 + +* Mon Jun 22 2020 Andrew Hughes - 1:1.8.0.262.b02-0.2.ea +- Introduce jfr_arches for architectures which support JFR. +- Fix path to jfr.jar. +- Use sa_arches for libsaproc.so inclusion. +- Resolves: rhbz#1838811 + +* Mon Jun 22 2020 Andrew Hughes - 1:1.8.0.262.b02-0.2.ea +- Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file. +- Resolves: rhbz#1838811 + +* Sun Jun 21 2020 Andrew Hughes - 1:1.8.0.262.b02-0.2.ea +- Enable JFR in our builds, ahead of upstream default. +- Only enable JFR for JIT builds, as it is not supported with Zero. +- Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. +- Resolves: rhbz#1838811 + +* Sun Jun 21 2020 Andrew Hughes - 1:1.8.0.262.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b02. +- Resolves: rhbz#1838811 + +* Sat Jun 20 2020 Andrew Hughes - 1:1.8.0.262.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b01. +- Switch to EA mode. +- Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR +- Adjust RH1648644 following context changes due to introduction of JFR packages +- Add jfr binary to devel package and alternatives set +- Resolves: rhbz#1838811 + +* Tue Jun 02 2020 Andrew John Hughes - 1:1.8.0.252.b09-7 +- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). +- Resolves: rhbz#1655466 + +* Mon Jun 01 2020 Andrew John Hughes - 1:1.8.0.252.b09-6 +- Use appropriate keystore types when in FIPS mode. +- Resolves: rhbz#1760838 + +* Fri May 22 2020 Andrew John Hughes - 1:1.8.0.252.b09-5 +- Add support for fastdebug builds on x86_64 only. +- Drop redundant slowdebug/debug sed invocation on the docs zip filename as it is only now built for non-debug. +- Resolves: rhbz#1836067 + +* Wed Apr 22 2020 Andrew John Hughes - 1:1.8.0.252.b09-4 +- Bump release number for RHEL 8.3.0. +- Resolves: rhbz#1810557 + +* Sun Apr 19 2020 Andrew Hughes - 1:1.8.0.252.b09-3 +- Add release notes. +- Resolves: rhbz#1810557 + +* Sun Apr 19 2020 Andrew Hughes - 1:1.8.0.252.b09-2 +- Make use of --with-extra-asflags introduced in jdk8u252-b01. +- Resolves: rhbz#1810557 + +* Mon Apr 06 2020 Andrew Hughes - 1:1.8.0.252.b09-1 +- Update to aarch64-shenandoah-jdk8u252-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b08. +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b07. +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b06. +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b05. +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b04. +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b03. +- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b02. +- Resolves: rhbz#1810557 + +* Wed Apr 01 2020 Andrew Hughes - 1:1.8.0.252.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b01. +- Switch to EA mode. +- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change +- Resolves: rhbz#1810557 + +* Fri Mar 27 2020 Andrew John Hughes - 1:1.8.0.242.b08-4 +- Need to support noarch for creating source RPMs for non-scratch builds. +- Resolves: rhbz#1737112 + +* Tue Mar 24 2020 Andrew John Hughes - 1:1.8.0.242.b08-4 +- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64) +- Resolves: rhbz#1737112 + +* Mon Feb 24 2020 Andrew John Hughes - 1:1.8.0.242.b08-3 +- Add JDK-8165996/PR3506 & JDK-8195607/PR3776 to support NSS SQLite databases. +- Resolves: rhbz#1760437 + +* Sun Feb 23 2020 Andrew John Hughes - 1:1.8.0.242.b08-2 +- Sync SystemTap & desktop files with upstream IcedTea release 3.15.0, removing previous workarounds +- Resolves: rhbz#1737112 + +* Sun Feb 23 2020 Andrew John Hughes - 1:1.8.0.242.b08-2 +- Sync SystemTap & desktop files with upstream IcedTea release 3.11.0 using new script +- Resolves: rhbz#1737112 + +* Wed Jan 15 2020 Andrew Hughes - 1:1.8.0.242.b08-1 +- Update to aarch64-shenandoah-jdk8u242-b08. +- Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. +- Resolves: rhbz#1785753 + +* Wed Jan 15 2020 Andrew John Hughes - 1:1.8.0.242.b07-2 +- Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. +- Resolves: rhbz#1785753 + +* Mon Jan 13 2020 Andrew Hughes - 1:1.8.0.242.b07-1 +- Update to aarch64-shenandoah-jdk8u242-b07. +- Switch to GA mode for final release. +- Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. +- Resolves: rhbz#1785753 + +* Sun Jan 05 2020 Andrew Hughes - 1:1.8.0.242.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u242-b05. +- Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. +- Revise b05 snapshot to include JDK-8236178. +- Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run +- Resolves: rhbz#1785753 + +* Sat Jan 04 2020 Andrew Hughes - 1:1.8.0.242.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u242-b01. +- Switch to EA mode. +- Resolves: rhbz#1785753 + +* Sat Jan 04 2020 Andrew Hughes - 1:1.8.0.232.b09-6 +- Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve. +- Regenerate source tarball using the updated script and add the -'4curve' suffix. +- Resolves: rhbz#1746879 + +* Thu Jan 02 2020 Andrew Hughes - 1:1.8.0.232.b09-5 +- Revert SSBD removal for now, until appropriate messaging has been decided. +- Resolves: rhbz#1750419 + +* Tue Dec 24 2019 Andrew John Hughes - 1:1.8.0.232.b09-4 +- Remove CVE-2018-3639 mitigation due to performance regression and + OpenJDK position on speculative execution vulnerabilities. + https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html +- Resolves: rhbz#1750419 + +* Thu Nov 14 2019 Andrew John Hughes - 1:1.8.0.232.b09-3 +- Bump release number for RHEL 8.2.0. +- Resolves: rhbz#1753423 + +* Fri Oct 25 2019 Andrew John Hughes - 1:1.8.0.232.b09-2 +- Disable FIPS mode support unless com.redhat.fips is set to "true". +- Resolves: rhbz#1655466 + +* Fri Oct 11 2019 Andrew Hughes - 1:1.8.0.232.b09-1 +- Update to aarch64-shenandoah-jdk8u232-b09. +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. +- Resolves: rhbz#1753423 + +* Fri Oct 11 2019 Andrew Hughes - 1:1.8.0.232.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b08. +- Resolves: rhbz#1753423 + +* Fri Oct 11 2019 Andrew Hughes - 1:1.8.0.232.b05-0.2.ea +- Update to aarch64-shenandoah-jdk8u232-b05-shenandoah-merge-2019-09-09. +- Resolves: rhbz#1753423 + +* Thu Oct 10 2019 Andrew Hughes - 1:1.8.0.232.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b05. +- Drop upstreamed patch JDK-8141570/PR3548. +- Adjust context of JDK-8143245/PR3548 to apply against upstream JDK-8141570. +- Resolves: rhbz#1753423 + +* Mon Oct 07 2019 Andrew Hughes - 1:1.8.0.232.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b01. +- Switch to EA mode. +- Drop JDK-8210761/RH1632174 as now upstream. +- Drop JDK-8223219 as now upstream. +- JDK-8226870 removed clhsdb and hdsdb from the JRE bin directory, so we should do likewise. +- Add alternatives support for these two new SDK binaries. +- Resolves: rhbz#1753423 + +* Fri Sep 27 2019 Andrew Hughes - 1:1.8.0.222.b10-3 +- SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. +- Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg. +- Resolves: rhbz#1750752 + +* Wed Aug 21 2019 Andrew Hughes - 1:1.8.0.222.b10-2 +- nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg +- Resolves: rhbz#1655466 + +* Thu Aug 15 2019 Andrew Hughes - 1:1.8.0.222.b10-2 +- Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal. +- Resolves: rhbz#1655466 + +* Thu Aug 15 2019 Martin Balao - 1:1.8.0.222.b10-2 +- Support the FIPS mode crypto policy on RHEL 8. +- Resolves: rhbz#1655466 + +* Thu Jul 11 2019 Andrew Hughes - 1:1.8.0.222.b10-1 +- Update to aarch64-shenandoah-jdk8u222-b10. +- Resolves: rhbz#1724452 + +* Tue Jul 09 2019 Andrew Hughes - 1:1.8.0.222.b09-2 +- Drop NSS runtime dependencies and patches to link against it. +- Resolves: rhbz#1678557 + +* Tue Jul 09 2019 Andrew Hughes - 1:1.8.0.222.b09-1 +- Update to aarch64-shenandoah-jdk8u222-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1724452 + +* Tue Jul 09 2019 Andrew Hughes - 1:1.8.0.222.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b08. +- Adjust PR3083/RH134640 to apply after JDK-8182999 +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b06. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b05. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b04. +- Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b03. +- Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u. +- Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b02. +- Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100). +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-2 +- Switch to EA mode +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- fontconfig build requirement should be fontconfig-devel, previously masked by Gtk2+ dependency +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Allow Recommends and Suggests on Fedora platforms too. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Add missing build requirements for libXext-devel and libXrender-devel, previously masked by Gtk2+ dependency. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Add new tarball to new format sources file. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Drop unnecessary build requirement on gtk2-devel, as OpenJDK searches for Gtk+ at runtime. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Make use of Recommends and Suggests dependent on RHEL 8+ environment. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Update to aarch64-shenandoah-jdk8u222-b01. +- Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575. +- Drop 8171000 & 8197546 as applied upstream. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Andrew Hughes - 1:1.8.0.212.b04-5 +- Obsolete javadoc-debug and javadoc-debug-zip packages via javadoc and javadoc-zip respectively. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Severin Gehwolf - 1:1.8.0.212.b04-5 +- Include 'ea' designator in Release when appropriate. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Severin Gehwolf - 1:1.8.0.212.b04-5 +- Don't produce javadoc/javadoc-zip sub packages for the debug variant build. +- Don't perform a bootcycle build for the debug variant build. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Andrew Hughes - 1:1.8.0.212.b04-5 +- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. +- Drop unused use_shenandoah_hotspot variable. +- Resolves: rhbz#1724452 + +* Fri Jun 14 2019 Andrew Hughes - 1:1.8.0.212.b04-4 +- Update to aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30. +- Update version logic to handle -shenandoah* tag suffix. +- Drop PR3634 as applied upstream. +- Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp +- Update 8214206 to use log2_long rather than casting to intptr_t, which may be smaller than size_t. +- Resolves: rhbz#1688365 +- Resolves: rhbz#1688382 + +* Thu May 02 2019 Andrew Hughes - 1:1.8.0.212.b04-3 +- Remove additions to EXTRA_CFLAGS and EXTRA_CPP_FLAGS which are now made by upstream. +- Resolves: rhbz#1693468 + +* Thu May 02 2019 Andrew Hughes - 1:1.8.0.212.b04-2 +- Add JDK-8223219 to avoid -fstack-protector overriding -fstack-protector-strong +- Resolves: rhbz#1693468 + +* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-1 +- Update to aarch64-shenandoah-jdk8u212-b04. +- Resolves: rhbz#1693468 + +* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b03-1 +- Update to aarch64-shenandoah-jdk8u212-b03. +- Resolves: rhbz#1693468 + +* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b02-1 +- Add new clhsdb and hsdb binaries. +- Resolves: rhbz#1693468 + +* Tue Apr 09 2019 Andrew Hughes - 1:1.8.0.212.b02-1 +- Update to aarch64-shenandoah-jdk8u212-b02. +- Remove patches included upstream + - JDK-8197429/PR3546/RH153662{2,3} + - JDK-8184309/PR3596 + - JDK-8210647/RH1632174 + - JDK-8029661/PR3642/RH1477159 + - JDK-8145096/PR3693 +- Re-generate patches + - JDK-8203030 +- Add casts to resolve s390 ambiguity in calls to log2_intptr +- Resolves: rhbz#1693468 + +* Sun Apr 07 2019 Andrew Hughes - 1:1.8.0.202.b08-1 +- Update to aarch64-shenandoah-jdk8u202-b08. +- Remove patches included upstream + - JDK-8211387/PR3559 + - JDK-8207057/PR3613 + - JDK-8165852/PR3468 + - JDK-8073139/PR1758/RH1191652 + - JDK-8044235 + - JDK-8172850/RH1640127 + - JDK-8209639/RH1640127 + - JDK-8131048/PR3574/RH1498936 + - JDK-8164920/PR3574/RH1498936 +- Re-generate patches + - JDK-8210647/RH1632174 +- Resolves: rhbz#1693468 + +* Thu Apr 04 2019 Andrew Hughes - 1:1.8.0.201.b13-1 +- Update to aarch64-shenandoah-jdk8u201-b13. +- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream. +- Resolves: rhbz#1693468 + +* Tue Apr 02 2019 Severin Gehwolf - 1:1.8.0.201.b09-5 +- Update patch for RH1566890. + - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to + rh1566890-CVE_2018_3639-speculative_store_bypass.patch + - Added dependent patch, + rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +- Resolves: rhbz#1693468 + +* Tue Mar 26 2019 Jiri Vanek - 1:1.8.0.201.b09-4 +- added gating + +* Mon Feb 11 2019 Jiri Vanek - 1:1.8.0.201.b09-3 +- removed config declaration from links to config files +- Resolves: rhbz#1661577 + +* Thu Feb 07 2019 Andrew Hughes - 1:1.8.0.201.b09-2 +- Fix invalid dates earlier in the ChangeLog. +- Resolves: rhbz#1661577 + +* Thu Feb 07 2019 Andrew Hughes - 1:1.8.0.201.b09-2 +- Add PR3655 to allow the system crypto policy to be turned off. +- Resolves: rhbz#1661577 + +* Wed Feb 06 2019 Andrew John Hughes - 1:1.8.0.201.b09-1 +- Add backport of JDK-8145096 (PR3693) to fix undefined behaviour issues on newer GCCs +- Resolves: rhbz#1661577 + +* Tue Feb 05 2019 Andrew Hughes - 1:1.8.0.201.b09-0 +- Update to aarch64-shenandoah-jdk8u201-b09. +- Resolves: rhbz#1661577 + +* Wed Jan 30 2019 Andrew Hughes - 1:1.8.0.192.b12-0 +- Update to aarch64-shenandoah-jdk8u192-b12. +- Remove patches included upstream + - JDK-8031668/PR2842 + - JDK-8148351/PR2842 + - JDK-6260348/PR3066 + - JDK-8061305/PR3335/RH1423421 + - JDK-8188030/PR3459/RH1484079 + - JDK-8205104/PR3539/RH1548475 + - JDK-8185723/PR3553 + - JDK-8186461/PR3557 + - JDK-8201509/PR3579 + - JDK-8075942/PR3602 + - JDK-8203182/PR3603 + - JDK-8206406/PR3610/RH1597825 + - JDK-8206425 + - JDK-8036003 + - JDK-8201495/PR2415 + - JDK-8150954/PR2866/RH1176206 +- Re-generate patches (mostly due to upstream build changes) + - JDK-8073139/PR1758/RH1191652 + - JDK-8143245/PR3548 (due to JDK-8202600) + - JDK-8197429/PR3546/RH1536622 (due to JDK-8189170) + - JDK-8199936/PR3533 + - JDK-8199936/PR3591 + - JDK-8207057/PR3613 + - JDK-8210761/RH1632174 (due to JDK-8207402) + - PR3559 (due to JDK-8185723/JDK-8186461/JDK-8201509) + - PR3593 (due to JDK-8081202) + - RH1566890/CVE-2018-3639 (due to JDK-8189170) + - RH1649664 (due to JDK-8196516) +- Add 8160748 for AArch64 which is missing from upstream 8u version. +- Add port of 8189170 to AArch64 which is missing from upstream 8u version. +- Resolves: rhbz#1661577 + +* Mon Jan 28 2019 Andrew Hughes - 1:1.8.0.191.b14-1 +- Add 8131048 & 8164920 (PR3574/RH1498936) to provide a CRC32 intrinsic for PPC64. +- Resolves: rhbz#1661577 + +* Thu Jan 24 2019 Andrew Hughes - 1:1.8.0.191.b14-0 +- Introduce sa_arches for architectures with sa-jdi.jar and include aarch64 +- Resolves: rhbz#1661577 + +* Thu Jan 10 2019 Andrew Hughes - 1:1.8.0.191.b14-0 +- Update to aarch64-shenandoah-jdk8u191-b14. +- Adjust JDK-8073139/PR1758/RH1191652 to apply following 8155627 backport. +- Resolves: rhbz#1661577 + +* Wed Jan 09 2019 Andrew Hughes - 1:1.8.0.191.b13-0 +- Update to aarch64-shenandoah-jdk8u191-b13. +- Update tarball generation script in preparation for PR3667/RH1656676 SunEC changes. +- Use remove-intree-libraries.sh to remove the remaining SunEC code for now. +- Resolves: rhbz#1661577 + +* Sat Dec 22 2018 Andrew John Hughes - 1:1.8.0.191.b12-12 +- Add backport of JDK-8029661 which adds TLSv1.2 support to the PKCS11 provider. +- Resolves: rhbz#1661577 + +* Sat Dec 22 2018 Andrew Hughes - 1:1.8.0.191.b12-11 +- Revise Shenandoah PR3634 patch following upstream discussion. +- Resolves: rhbz#1661577 + +* Wed Dec 19 2018 Severin Gehwolf - 1:1.8.0.191.b12-11 +- Refactor _find_debuginfo_opts -g (global over define) +- Resolves: rhbz#1661577 + +* Wed Nov 07 2018 Jiri Vanek - 1:1.8.0.191.b12-9 +- headfull suggests of cups, replaced by Requires of cups-libs in headless +- Resolves: rhbz#1661577 + +* Wed Nov 07 2018 Andrew Hughes - 1:1.8.0.191.b12-9 +- Note why PR1834/RH1022017 is not suitable to go upstream in its current form. +- Resolves: rhbz#1661577 + +* Mon Nov 05 2018 Andrew Hughes - 1:1.8.0.191.b12-9 +- Document patch sections. +- Resolves: rhbz#1661577 + +* Mon Nov 05 2018 Andrew Hughes - 1:1.8.0.191.b12-9 +- Fix patch organisation in the spec file: +- * Move ECC patches back to upstreamable section +- * Move system cacerts & crypto policy patches to upstreamable section +- * Merge "Local fixes" and "RPM fixes" which amount to the same thing +- * Move system libpng & lcms patches back to 8u upstreamable section +- Resolves: rhbz#1661577 + +* Fri Oct 26 2018 Jiri Vanek - 1:1.8.0.191.b12-8 +- added Patch583 jdk8172850-rh1640127-01-register_allocator_crash.patch +- added Patch584 jdk8209639-rh1640127-02-coalesce_attempted_spill_non_spillable.patch +- Resolves: rhbz#1661577 + +* Tue Oct 23 2018 Jiri Vanek - 1:1.8.0.191.b12-2 +- cups moved to headful package +- Resolves: rhbz#1633817 + +* Tue Oct 23 2018 Jiri Vanek - 1:1.8.0.191.b12-1 +- updated to aarch64-shenandoah-jdk8u191-b12 +- deleted 8146115-pr3508-rh1463098.patch, pr3619.patch, pr3620.patch - should be upstreamed +- create pr3634-fix_shenandoah_for_size_t_on_s390.patch to fix build failure on s390 +- Resolves: rhbz#1633817 + +* Fri Oct 12 2018 Severin Gehwolf - 1:1.8.0.181.b15-7 +- Add patch jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch: + - Annother fix for optimization gaps (annocheck issues) + - Zero 8u version fix was missing. Hence, only shows up on Zero arches. +- Resolves: rhbz#1633817 + +* Tue Oct 09 2018 Andrew Hughes - 1:1.8.0.191.b12-0 +- Update to aarch64-shenandoah-jdk8u191-b12. +- Resolves: rhbz#1633817 + +* Mon Oct 08 2018 Severin Gehwolf - 1:1.8.0.181.b15-6 +- Refreshed upstreamed patches (from 8u202): + - jdk8044235-src_zip_should_include_all_sources.patch: src.zip should include all sources. + - jdk8073139-pr2236-rh1191652--use_ppc64le_as_the_arch_directory_on_that_platform_and_report_it_in_os_arch_aarch64_forest.patch, + jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_jdk.patch, + jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_root.patch: PPC64LE JVM reporting issues. +- Moved both patch series to 8u202 sections. +- Resolves: rhbz#1633817 + +* Tue Oct 02 2018 Andrew Hughes - 1:1.8.0.191.b10-0 +- Update to aarch64-shenandoah-jdk8u191-b10. +- Drop 8146115/PR3508/RH1463098 applied upstream. +- Resolves: rhbz#1633817 + +* Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 +- Add new Shenandoah patch PR3634 as upstream still fails on s390. +- Resolves: rhbz#1633817 + +* Mon Oct 01 2018 Andrew Hughes - 1:1.8.0.181.b16-0 +- Update to aarch64-shenandoah-jdk8u181-b16. +- Drop PR3619 & PR3620 Shenandoah patches which should now be fixed upstream. +- Resolves: rhbz#1633817 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b15-0 +- Move to single OpenJDK tarball build, based on aarch64/shenandoah-jdk8u. +- Update to aarch64-shenandoah-jdk8u181-b15. +- Drop 8165489-pr3589.patch which was only applied to aarch64/jdk8u builds. +- Split ppc64 Shenandoah fix into separate patch file with its own bug ID (PR3620). +- Update pr3539-rh1548475.patch to apply after 8187045. +- Resolves: rhbz#1633817 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- Remove unneeded functions from ppc shenandoahBarrierSet. +- Resolves: rhbz#1640188 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- Add missing shenandoahBarrierSet implementation for ppc64{be,le}. +- Resolves: rhbz#1640188 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- Fix wrong format specifiers in Shenandoah code. +- Resolves: rhbz#1640188 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- Avoid changing variable types to fix size_t, at least for now. +- Resolves: rhbz#1640188 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- More size_t fixes for Shenandoah. +- Resolves: rhbz#1640188 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- Add additional s390 size_t case for Shenandoah. +- Resolves: rhbz#1640188 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- Attempt to fix Shenandoah build issues on s390. +- Resolves: rhbz#1640188 + +* Mon Oct 1 2018 Andrew Hughes - 1:1.8.0.181.b13-10 +- Use the Shenandoah HotSpot on all architectures. +- Resolves: rhbz#1640188 + +* Mon Oct 01 2018 Severin Gehwolf - 1:1.8.0.181.b15-5 +- Add explicit requirement for libXcomposite which is used when performing + screenshots from Java. +- Add explicit BR unzip required for building OpenJDK. +- Resolves: rhbz#1633817 + +* Thu Sep 27 2018 Severin Gehwolf - 1:1.8.0.181.b15-4 +- Add fixes for optimization gaps (annocheck issues): + - 8210761: libjsig is being compiled without optimization + - 8210647: libsaproc is being compiled without optimization + - 8210416: [linux] Poor StrictMath performance due to non-optimized compilation + - 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization + 8u upstream and aarch64/jdk8u upstream versions. +- Resolves: rhbz#1633817 + +* Wed Sep 26 2018 Severin Gehwolf - 1:1.8.0.181.b15-3 +- Renamed more patches for clarity: + include-all-srcs.patch => jdk8044235-src_zip_should_include_all_sources.patch + java-1.8.0-openjdk-rh1191652-hotspot-aarch64.patch => jdk8073139-pr2236-rh1191652--use_ppc64le_as_the_arch_directory_on_that_platform_and_report_it_in_os_arch_aarch64_forest.patch + java-1.8.0-openjdk-rh1191652-jdk.patch => jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_jdk.patch + java-1.8.0-openjdk-rh1191652-root.patch => jdk8073139-pr1758-rh1191652-ppc64_le_says_its_arch_is_ppc64_not_ppc64le_root.patch +- Resolves: rhbz#1633817 + +* Tue Sep 18 2018 Severin Gehwolf - 1:1.8.0.181.b15-2 +- Update(s) from upstreamed patches: + - 8036003-dont-add-unnecessary-debug-links.patch => + jdk8036003-add_with_native_debug_symbols_configure_flag.patch + - rh1176206-jdk.patch => + jdk8150954-pr2866-rh1176206-screenshot_xcomposite_jdk.patch => + Deleted rh1176206-root.patch as thats no longer needed with + upstream 8150954. + - Refreshed jdk8165852-pr3468-mount_point_not_found_for_a_file_which_is_present_in_overlayfs.patch from upstream. + - Refreshed jdk8201495-zero_reduce_limits_of_max_heap_size_for_boot_JDK_on_s390.patch from upstream. + - 8207057-pr3613-hotspot-assembler-debuginfo.patch => + jdk8207057-pr3613-no_debug_info_for_assembler_files_hotspot.patch and + jdk8207057-pr3613-no_debug_info_for_assembler_files_root.patch. From JDK 8u + review. +- Renamed pr2842-02.patch => jdk8148351-pr2842-02-only_display_resolved_symlink_for_compiler_do_not_change_path.patch. +- Renamed spec-only patch: + pr3183.patch => pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch +- Renamed java-1.8.0-openjdk-size_t.patch => + jdk8201495-zero_reduce_limits_of_max_heap_size_for_boot_JDK_on_s390.patch +- Moved SunEC provider via system NSS to RPM specific patches section. +- Moved upstream 8u patches to appropriate sections (8u192/8u202). +- Removed rh1214835.patch since it's invalid. See: + https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2304#c3 +- Use --with-native-debug-symbols=internal which JDK-8036003 adds. +- Resolves: rhbz#1633817 + +* Tue Sep 11 2018 Jiri Vanek - 1:1.8.0.181.b15-1 +- fixed unexpanded arch in policy tool desktop file +- fixed versions (8->1.8.0) of images used in desktop files +- Resolves: rhbz#1633817 + +* Mon Aug 27 2018 Severin Gehwolf - 1:1.8.0.181.b13-9 +- Adjust system jpeg patch, jdk8043805-allow_using_system_installed_libjpeg.patch, so as to filter + -Wl,--as-needed. Resolves RHBZ#1622186. +- Resolves: rhbz#1633817 + +* Mon Aug 27 2018 Severin Gehwolf - 1:1.8.0.181.b13-8 +- Adjust system NSS patch, pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch, so as to filter + -Wl,--as-needed. Resolves RHBZ#1622186. +- Resolves: rhbz#1633817 + +* Wed Aug 01 2018 Jiri Vanek - 1:1.8.0.181.b13-7 +- build number moved from release to version + +* Mon Jul 23 2018 Andrew John Hughes - 1:1.8.0.181-7.b13 +- Remove duplicate -mstackrealign workaround. + +* Mon Jul 23 2018 Andrew John Hughes - 1:1.8.0.181-6.b13 +- Bump release for previous changeset. + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-6.b13 +- Update to aarch64-jdk8u181-b13 and aarch64-shenandoah-jdk8u181-b13. +- Remove 8187577/PR3578 now applied upstream. + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-5.b04 +- Update bug status and add missing bug IDs + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-5.b04 +- Add "8146115, PR3508, RH1463098: Improve docker container detection and resource configuration usage" + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-4.b04 +- Add "8206406, PR3610, RH1597825: StubCodeDesc constructor publishes partially-constructed objects on StubCodeDesc::_list" + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-4.b04 +- Mark bugs now backported to OpenJDK 8u upstream + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-3.b04 +- Backport "8203182, PR3603: Release session if initialization of SunPKCS11 Signature fails" + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-2.b04 +- Backport "8075942, PR3602: ArrayIndexOutOfBoundsException in sun.java2d.pisces.Dasher.goTo" + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-1.b04 +- Add missing bug identifiers for patches unique to RHEL 8 and move to correct sections. + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-1.b04 +- Mark bugs that have been pushed to 8u upstream and are scheduled for a release. + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-1.b04 +- Update to aarch64-jdk8u181-b04 and aarch64-shenandoah-jdk8u181-b04. + +* Mon Jul 23 2018 Andrew Hughes - 1:1.8.0.181-0.b03 +- Update to aarch64-jdk8u181-b03 and aarch64-shenandoah-jdk8u181-b03. +- Remove AArch64 patch for PR3458/RH1540242 as applied upstream. + +* Sun Jul 22 2018 Andrew Hughes - 1:1.8.0.172-17.b11 +- Fix bad output file name substitution for SystemTap files. + +* Wed Jul 18 2018 Andrew Hughes - 1:1.8.0.172-17.b11 +- Update Shenandoah tarball to fix TCK overflow failure. + +* Tue Jul 17 2018 Jiri Vanek - 11:1.8.0.172-16.b11 +- added Recommends gtk2 for main package +- added Suggests lksctp-tools, pcsc-lite-devel, cups for headless package +- see RHBZ1598152 + +* Fri Jul 13 2018 Fedora Release Engineering - 1:1.8.0.172-15.b11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 10 2018 Severin Gehwolf - 1:1.8.0.172-14.b11 +- Fix hook to show hs_err*.log files on failures. + +* Mon Jul 02 2018 Severin Gehwolf - 1:1.8.0.172-13.b11 +- Fix requires/provides filters for internal libs. See + RHBZ#1590796 + +* Mon Jun 25 2018 Severin Gehwolf - 1:1.8.0.172-12.b11 +- Add hook to show hs_err*.log files on failures. + +* Wed Jun 20 2018 Severin Gehwolf - 1:1.8.0.172-11.b11 +- Expose release/slowdebug builds being produced via conditionals. + +* Wed Jun 20 2018 Andrew Hughes - 1:1.8.0.172-11.b11 +- Add additional fix (PR3601) to fix -Wreturn-type failures introduced by 8061651 +- Backport 8064786 (PR3601) to fix -Wreturn-type failure on debug builds. +- Bring in PR3519 from IcedTea 3.7.0 to fix remaining -Wreturn-type failure on AArch64. +- Sync with IcedTea 3.8.0 patches to use -Wreturn-type. +- Add backports of 8141570, 8143245, 8197981 & 8062808. +- Drop pr3458-rh1540242-zero.patch which is covered by 8143245. + +* Wed Jun 20 2018 Jiri Vanek - 11:1.8.0.172-10.b11 +- jsa files changed to 444 to pass rpm verification + +* Mon Jun 18 2018 Severin Gehwolf - 1:1.8.0.172-9.b11 +- Filter private provides/requires: 'lib.so(SUNWprivate_.*' + +* Thu Jun 14 2018 Severin Gehwolf - 1:1.8.0.172-8.b11 +- Add provides/requires for libjvm.so back. See RHBZ#1591215. + +* Wed Jun 13 2018 Severin Gehwolf - 1:1.8.0.172-7.b11 +- Fix reg-ex for filtering private libraries' provides/requires. + +* Wed Jun 13 2018 Andrew Hughes - 1:1.8.0.172-6.b11 +- Remove build flags exemption for aarch64 now the platform is more mature and can bootstrap OpenJDK with these flags. +- Remove duplicate -fstack-protector-strong; it is provided by the RHEL cflags. +- Add missing changelog credits + +* Mon Jun 11 2018 Jiri Vanek - 1:1.8.0.172-5.b11 +- Merge changes from RHEL 7 + +* Mon Jun 11 2018 Andrew Hughes - 1:1.8.0.172-5.b11 +- Read jssecacerts file prior to trying either cacerts file (system or local) (PR3575) + +* Mon Jun 11 2018 Andrew Hughes - 1:1.8.0.172-5.b11 +- Fix a number of bad bug identifiers (PR3546 should be PR3578, PR3456 should be PR3546) + +* Thu Jun 07 2018 Andrew Hughes - 1:1.8.0.172-5.b11 +- Update Shenandoah tarball to include 2018-05-15 merge. +- Split PR3458/RH1540242 fix into AArch64 & Zero sections, so former can be skipped on Shenandoah builds. +- Drop PR3573 patch applied upstream. +- Restrict 8187577 fix to non-Shenandoah builds, as it's included in the new tarball. + +* Thu Jun 07 2018 Andrew Hughes - 1:1.8.0.172-5.b11 +- Sync with IcedTea 3.8.0. +- Label architecture-specific fixes with architecture concerned +- x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) +- PR3539, RH1548475: Pass EXTRA_LDFLAGS to HotSpot build +- 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode +- 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds +- 8185723, PR3553: Zero: segfaults on Power PC 32-bit +- 8186461, PR3557: Zero's atomic_copy64() should use SPE instructions on linux-powerpcspe +- PR3559: Use ldrexd for atomic reads on ARMv7. +- 8187577, PR3578: JVM crash during gc doing concurrent marking +- 8201509, PR3579: Zero: S390 31bit atomic_copy64 inline assembler is wrong +- 8165489, PR3589: Missing G1 barrier in Unsafe_GetObjectVolatile +- PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code +- 8184309, PR3596: Build warnings from GCC 7.1 on Fedora 26 + +* Wed Jun 06 2018 Jiri Vanek - 1:1.8.0.172-1.b11 +- updated to u172-b11 +- removed patches: +- patch207 8200556-pr3566.patch +- patch104 pr3458-rh1540242.patch +- patch209 8035496-hotspot.patch +- patch700 pr3573-fix_TCK_crash_with_shenandoah_in_shenandoahsupport_cpp_in_case_of_dead_brnach_in_is_independent.patch +- fixed issue with atkwrapper wrongly palced broken symlink +- fixed libjvm path for system tap +- returned patch104 pr3458-rh1540242.patch + +* Mon Jun 04 2018 Jiri Vanek - 1:10.0.1.10-7 +- quoted sed expressions, changed possibly confussing # by @ +- added vendor(origin) into icons +- removed last trace of relative symlinks +- added BuildRequires of javapackages-tools to fix build failure after Requires change to javapackages-filesystem + +* Fri Jun 01 2018 Jiri Vanek - 1:1.8.0.171-6.b10 +- aligning with java-openjdk in fedora: +- removed fx binding +- config files to etc +- slowdebug instead simply debug subpackage +- purged provides +- many macros renamed +- typos correction +- bumped jstack (may be wrong) + +* Wed May 09 2018 Severin Gehwolf - 1:1.8.0.171-5.b10 +- Compile i686 JDK with -mstackrealign. + +* Wed Apr 25 2018 Severin Gehwolf - 1:1.8.0.171-4.b10 +- Enable hardened build unconditionally (also for Zero). + Resolves RHBZ#1290936. + +* Tue Apr 24 2018 Severin Gehwolf - 1:1.8.0.171-3.b10 +- Enable hardened build for Aarch64. + +* Tue Apr 24 2018 Severin Gehwolf - 1:1.8.0.171-2.b10 +- Update rhbz1548475-LDFLAGSusage.patch to also set linker + flags for libsaproc.so and libjsig.so. + +* Wed Apr 18 2018 Jiri Vanek - 1:1.8.0.171-1.b10 +- Update to aarch64-jdk8u171-b10 and aarch64-shenandoah-jdk8u171-b10. +- Fix jconsole.desktop.in subcategory, replacing "Monitor" with "Profiling" (PR3550) (gnu_andrew) +- Fix invalid license 'LGPL+' (should be LGPLv2+ for ECC code) and add misisng ones (gnu_andrew) + +* Wed Apr 18 2018 Jiri Vanek - 1:1.8.0.162-7.b12 +- added ownership of policy dir and subdirs +- removed ignored attributes for classes.jsa + +* Tue Apr 10 2018 Severin Gehwolf - 1:1.8.0.162-6.b12 +- Use correct patch for RHBZ#1538767 (JDK-8196516) + +* Mon Apr 02 2018 Andrew Hughes - 1:1.8.0.162-5.b12 +- Cleanup from previous commit. +- Remove unused upstream patch 8167200.hotspotAarch64.patch. + +* Thu Mar 29 2018 Jiri Vanek - 1:1.8.0.162-3.b12 +- returned patch562 rhbz_1540242.patch +- added Patch563 rhbz_1536622-JDK8197429-jdk8.patch + +* Mon Mar 26 2018 Jiri Vanek - 1:1.8.0.162-2.b12 +- Added patch 540 rhbz1548475-LDFLAGSusage.patch to honor build flags fully + +* Wed Mar 21 2018 Andrew Hughes - 1:1.8.0.162-1.b12 +- Update to aarch64-jdk8u162-b12 and aarch64-shenandoah-jdk8u162-b12. +- Remove upstreamed patches for 8181055/PR3394/RH1448880, +- 8181419/PR3413/RH1463144, 8145913/PR3466/RH1498309, +- 8168318/PR3466/RH1498320, 8170328/PR3466/RR1498321 and +- 8181810/PR3466/RH1498319. + +* Wed Mar 07 2018 Adam Williamson - 1:1.8.0.161-9.b14 +- Rebuild to fix GCC 8 mis-compilation + See https://da.gd/YJVwk ("GCC 8 ABI change on x86_64") + +* Sun Feb 11 2018 Sandro Mani - 1:1.8.0.161-8.b14 +- Rebuild (giflib) + +* Fri Feb 09 2018 Igor Gnatenko - 1:1.8.0.161-7.b14 +- Escape macros in %%changelog + +* Wed Feb 07 2018 Fedora Release Engineering - 1:1.8.0.161-6.b14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Jan 31 2018 Severin Gehwolf - 1:1.8.0.161-5.b14 +- Additional fix needed for FTBFS bug on aarch64. + Resolves RHBZ#1540242. + +* Wed Jan 31 2018 Severin Gehwolf - 1:1.8.0.161-4.b14 +- Add fix for FTBFS on aarch64 and armv7hl. + Resolves RHBZ#1540242. + +* Tue Jan 30 2018 Severin Gehwolf - 1:1.8.0.161-3.b14 +- Include Aarch64 build fixes post January 2018 CPU. + +* Mon Jan 29 2018 Severin Gehwolf - 1:1.8.0.161-2.b14 +- Work around ppc64le gdb backtrace problem in %%check. + See RHBZ#1539664 + +* Wed Jan 24 2018 Severin Gehwolf - 1:1.8.0.161-1.b14 +- Fix FTBFS due to link failure in libfontmanager.so +- See RHBZ#1538767 + +* Wed Jan 24 2018 jvanek - 1:1.8.0.161-0.b14 +- updated to u161, rmeoved upstreamed patches +- removed patch555 8164293-pr3412-rh1459641.patch +- removed patch550 8175813-pr3394-rh1448880.patch +- removed patch547 8173941-pr3326.patch +- removed patch532 8162384-pr3122-rh1358661.patch +- removed patch535 8153711-pr3313-rh1284948.patch +- removed patch561 8075484-pr3473-rh1490713.patch +- removed patch554 8175887-pr3415.patch + +* Mon Nov 13 2017 jvanek - 1:1.8.0.151-1.b12 +- added ownership of etc dirs +- sysconfdir/.java/.systemPrefs +- sysconfdir/.java + +* Wed Oct 25 2017 jvanek - 1:1.8.0.151-1.b12 +- updated to aarch64-jdk8u151-b12 (from aarch64-port/jdk8u) +- updated to aarch64-shenandoah-jdk8u151-b12 (from aarch64-port/jdk8u-shenandoah) of hotspot +- used aarch64-port-jdk8u-aarch64-jdk8u151-b12.tar.xz as new sources +- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u151-b12.tar.xz as new sources for hotspot +- tapset updated to 3.6pre02 +- policies adapted to new limited/unlimited schmea +- above acomapnied by c-j-c 3.3 +- alligned patches and added PPC ones (thanx to gnu_andrew) +- added patch209: 8035496-hotspot.patch +- added patch210: suse_linuxfilestore.patch + +* Wed Oct 04 2017 jvanek - 1:1.8.0.144-7.b01 +- updated to aarch64-shenandoah-jdk8u144-b02-shenandoah-merge-2017-10-02 (from aarch64-port/jdk8u-shenandoah) of hotspot +- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u144-b02-shenandoah-merge-2017-10-02.tar.xz as new sources for hotspot + +* Fri Sep 15 2017 Jiri Vanek - 1:1.8.0.144-6.b01 +- added patch540, bug1484079.patch + +* Fri Sep 08 2017 Troy Dawson - 1:1.8.0.144-6.b01 +- Cleanup spec file conditionals + +* Fri Aug 25 2017 Jiri Vanek - 1:1.8.0.144-4.b01 +- added ownership of diretories which were oonly listing files + +* Fri Aug 25 2017 Jiri Vanek - 1:1.8.0.144-3.b01 +- added (experiment) "--" delimiter also to $suffix in expanding macros + +* Wed Aug 23 2017 Jiri Vanek - 1:1.8.0.144-1.b01 +- Update to aarch64-jdk8u144-b01 and aarch64-shenandoah-jdk8u144-b01. +- Exclude 8175887 from Shenandoah builds as it has been included in that repo. +- Added 8164293-pr3412-rh1459641.patch backport from 8u development tree +- get rid of bin/* and lib/*, fixed rhbz1480777 +- adapted to rpm 4.14: all expanding macros changed to define, all %1 and %%1 replaced by %%{?1}, all expandable macros parameter preffixed by -- +- get rid of generated filelists all except javafx and demos + +* Wed Aug 02 2017 Fedora Release Engineering - 1:1.8.0.141-5.b16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Sun Jul 30 2017 Florian Weimer - 1:1.8.0.141-4.b16 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Wed Jul 26 2017 Jiri Vanek - 1:1.8.0.141-3.b16 +- added patch208, aarch64BuildFailure.patch to fix condition found during jdk9 build + +* Wed Jul 26 2017 Fedora Release Engineering - 1:1.8.0.141-2.b16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Jul 21 2017 Jiri Vanek - 1:1.8.0.141-1.b16 +- updated to security u141.b16 +- sync patches with rhel7 +- removed no longer defined jvmjardir + +* Sat Jun 17 2017 Jiri Vanek - 1:1.8.0.131-7.b12 +- adapted to no longer noarch openjfx-devel + +* Wed Jun 07 2017 Jiri Vanek - 1:1.8.0.131-6.b12 +- added virtualprovides for javafx + +* Wed Jun 07 2017 Jiri Vanek - 1:1.8.0.131-5.b12 +- fixed target of to fxrt.jar link +- fixedname of libglass + +* Tue Jun 06 2017 Jiri Vanek - 1:1.8.0.131-3.b12 +- source999 moved to source1 +- added two pathces 8181055-pr3394-rh1448880.patch and 8175813/PR3394/RH1448880 +- enabled (commented out) system NSS via patch1000, rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch + +* Tue May 09 2017 Jiri Vanek - 1:1.8.0.131-1.b12 +- added javafx binding subpackages + +* Thu Apr 20 2017 Jiri Vanek - 1:1.8.0.131-1.b12 +- updated to aarch64-jdk8u131-b12 (from aarch64-port/jdk8u) +- updated to aarch64-shenandoah-jdk8u131-b12-shenandoah-merge-2017-04-20 (from aarch64-port/jdk8u-shenandoah) of hotspot +- used aarch64-port-jdk8u-aarch64-jdk8u131-b12.tar.xz as new sources +- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u131-b12-shenandoah-merge-2017-04-20.tar.xz as new sources for hotspot + +* Sun Mar 19 2017 jvanek - 1:1.8.0.121-12.b14 +- minor tweaks, egrep replaced by grep -E, added provides for some subpackages + +* Mon Mar 13 2017 jvanek - 1:1.8.0.121-11.b14 +- sync from rhel, reordered patches, enabled shenanoah on aarch64 +- Patch OpenJDK to check the system cacerts database directly +- Remove unneeded symlink to the system cacerts database +- Drop outdated openssl dependency from when the RPM built the cacerts database +- udpated to latest stable shenandoah hotspot + +* Mon Mar 13 2017 jvanek - 1:1.8.0.121-10.b14 +- rhbz#1423751 - removed -fno-split-loops worakround as building against newer GCC7 + +* Tue Feb 28 2017 jvanek - 1:1.8.0.121-9.b14 +- updated to latest stable shenandoah hotspot +- updated to properly tagged upstream forest (no update, just rename) +- fixed update package to verify PR2126 patch and work with sha512 + +* Tue Feb 28 2017 jvanek - 1:1.8.0.121-8.b14 +- rebuild because of NSS + +* Tue Feb 21 2017 jvanek - 1:1.8.0.121-7.b14 +- fixed the config(noreplace) issue with various left files lke java.security (rhbz#1183793) +- by calling new c-j-c hooks +- removed self-tail-bitting check check_sum_presented_in_spec +- release 6+7 to verify update path + +* Mon Feb 20 2017 jvanek - 1:1.8.0.121-5.b14 +- patch 536 reordered to 537 +- added patch 536 - Backport "8170888: [linux] Experimental support for cgroup memory limits in container (ie Docker) environments" +- added patch 538 - 1423421: Javadoc crashes when method name ends with "Property" +- rhbz#1423751 - added -fno-split-loops worakround sigsew when building with GCC7 (probably bug in jdk's JIT ) + +* Fri Feb 17 2017 jvanek - 1:1.8.0.121-4.b14 +- added Patch535 and 526 +- tweeked debugsymbols check for sigill + +* Wed Jan 25 2017 jvanek - 1:1.8.0.121-2.b14 +- revertrd patch535, excludeECDHE-1415137.patch and related changes +- issue casued by nss, see rhbz#1415137 c#35 + +* Tue Jan 24 2017 jvanek - 1:1.8.0.121-2.b14 +- added patch535, excludeECDHE-1415137.patch to tmp-worakround crash with nss + +* Tue Jan 24 2017 jvanek - 1:1.8.0.121-1.b14 +- updated to aarch64-jdk8u121-b14 (from openjdk8-forests/latest-aarch64) +- updated to aarch64-shenandoah-jdk8u121-b14 (from openjdk8-forests/latest-shenandoah) of hotspot +- used openjdk8-forests-latest-aarch64-aarch64-jdk8u121-b14.tar.xz as new sources +- used openjdk8-forests-latest-shenandoah-aarch64-shenandoah-jdk8u121-b14.tar.xz as new sources for hotspot +- deleted: 8044762-pr2960.patch 8049226-pr2960.patch 8154210.patch 8158260-pr2991-rh1341258.patch 8159244-pr3074.patch +- adapted java-1.8.0-openjdk-size_t.patch pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch +- updated from internal (rhel) repo OPENJDK_URL_DEFAULT=ssh://t...redhat.com//...ty/ +- with custom PR2126=/.../pr2126.patch (removed newly added brainpool curves) +- withspecial values of PROJECT_NAME="openjdk8-forests", REPO_NAME="latest-aarch64" +- with correct tag VERSION="aarch64-jdk8u121-b14" +- and for shenandoah hotspot used custom repo REPO_NAME=latest-shenandoah +- with correct tag VERSION="aarch64-shenandoah-jdk8u121-b14" +- complete changes to generate_source_tarball.sh update_package.sh NOT commited (willbe regenerated from official repos soon) + +* Mon Jan 09 2017 jvanek - 1:1.8.0.111-2.b16 +- added dont-add-unnecessary-debug-links.patch +- added hotspot-assembler-debuginfo.patch +- returned accidentally removed hotspot-remove-debuglink.patch +- eu-readelfs on libraries improved, added gdb call + +* Wed Oct 19 2016 jvanek - 1:1.8.0.111-1.b16 +- updated to aarch64-jdk8u111-b16 (from aarch64-port/jdk8u) +- updated to aarch64-shenandoah-jdk8u111-b16 (from aarch64-port/jdk8u-shenandoah) of hotspot +- used aarch64-port-jdk8u-aarch64-jdk8u111-b16.tar.xz as new sources +- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u111-b16.tar.xz as new sources for hotspot +- adapted patches + +* Wed Oct 5 2016 Jiri Vanek - 1:1.8.0.102-3.b14 +- debug subpackages allowed on aarch64 and ppc64le +- fontconfig and nss restricted by isa + +* Wed Aug 31 2016 jvanek - 1:1.8.0.102-2.b14 +- declared check_sum_presented_in_spec and used in prep and check +- it is checking that latest packed java.security is mentioned in listing +- @prefix@ in tapsetfiles substitued by prefix as necessary to work with systemtap3 (rhbz1371005) + +* Thu Aug 25 2016 jvanek - 1:1.8.0.102-1.b14 +- updated to aarch64-jdk8u102-b14 (from aarch64-port/jdk8u) +- updated to aarch64-shenandoah-jdk8u102-b14 (from aarch64-port/jdk8u-shenandoah) of hotspot +- used aarch64-port-jdk8u-aarch64-jdk8u102-b14.tar.xz as new sources +- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u102-b14.tar.xz as new sources for hotspot +- removed upstreamed patches 519, 520 and 605 +- updated to systemtap 3, removed related patches 300 and 301 +- jjs provides moved to headless + +* Mon Aug 01 2016 Andrew Hughes - 1:1.8.0.101-3.b14 +- Replace patch for S8162384 with upstream version. Document correctly along with SystemTap RH1204159 patch. +- Resolves: rhbz#1358661 +- Replace patch for S8157306 with upstream version, documented & applied on all archs with conditional in patch +- Resolves: rhbz#1360863 + +* Mon Jul 25 2016 jvanek - 1:1.8.0.101-2.b14 +- added patch532 hotspot-1358661.patch - to fix performance of bimorphic inlining may be bypassed by type speculation +- added patch301 bz1204159_java8.patch - to fix systemtap on multiple jdks + +* Mon Jul 25 2016 jvanek - 1:1.8.0.101-1.b14 +- updated to aarch64-jdk8u101-b14 (from aarch64-port/jdk8u) +- updated to aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25 (from aarch64-port/jdk8u-shenandoah) of hotspot +- used aarch64-port-jdk8u-aarch64-jdk8u101-b14.tar.xz as new sources +- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u101-b14-shenandoah-merge-2016-07-25.tar.xz as new sources for hotspot +- priority lowered for ine zero digit, tip moved to 999 +- added jdk6260348-pr3066-gtk_laf_jtextcomponent_not_respecting_desktop_caret_blink_rate.patch, pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch, 8159244-pr3074.patch, corba_typo_fix.patch +renamed: jdk8-archivedJavadoc.patch -> jdk8154313-generated_javadoc_scattered_all_over_the_place.patch, pr2991-rh1341258.patch -> 8158260-pr2991-rh1341258.patch +- not added 8147771-additional_hunk.patch, already in b14 + +* Tue Jul 12 2016 Jiri Vanek - 1:1.8.0.92-5.b14 +- added Provides: /usr/bin/jjs + +* Tue Jun 21 2016 Jiri Vanek - 1:1.8.0.92-2.b14 +- family restricted by arch + +* Tue Jun 07 2016 Jiri Vanek - 1:1.8.0.92-1.b14 +- updated to u92 +- removed upstreamed patches 8132051-aarch64.patch, 8143855.patch, criticalShenandoahFix.patch, rhbz1206656_fix_current_stack_pointer.patch +- 8132051-zero.patch, remove_aarch64_template_for_gcc6.patch +- jdwpCrash.abrt.patch renamed to 8044762-pr2960.patch +- httpsFix1329342.patch renamed to pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch +- added known regresisonos fixes for u92 scheduled for next u (519-525) + +* Thu May 19 2016 jvanek - 1:1.8.0.91-7.b14 +- added patch519, jdwpCrash.abrt.patch to fix trasnportation error + +* Fri May 13 2016 jvanek - 1:1.8.0.91-6.b14 +- Enable weak reference discovery in ShenandoahMarkCompact. Otherwise we never process any weak references in full-gc. + +* Tue May 03 2016 jvanek - 1:1.8.0.91-5.b14 +- Restricted to depend on exactly same version of nss as used for build +- Resolves: rhbz#1332456 + +* Tue May 03 2016 jvanek - 1:1.8.0.91-4.b14 +- updated to aarch64-shenandoah-jdk8u71-b15-beta02 (from aarch64-port/jdk8u-shenandoah) of hotspot +- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u71-b15-beta02.tar.xz as new sources for hotspot +- reverted nss version fix + +* Mon Apr 25 2016 Jiri Vanek - 1:1.8.0.91-4.b14 +- Restricted to depend on exactly same version of nss as use dfor build +- Resolves: rhbz#1332456 + +* Mon Apr 25 2016 Jiri Vanek - 1:1.8.0.91-3.b14 +- included shenandoah support in 64b intel + +* Sun Apr 24 2016 Jiri Vanek - 1:1.8.0.91-2.b14 +- added patch518 httpsFix1329342.patch +- test based on SOURCE14 enabled +- Resolves: rhbz#1329342 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Roll back release number as release 1 never succeeded, even with tests disabled. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Add additional fix to Zero patch to properly handle result on 64-bit big-endian +- Revert debugging options (aarch64 back to JIT, product build, no -Wno-error) +- Enable full bootstrap on all architectures to check we are good to go. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Turn tests back on or build will not fail. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Temporarily remove power64 from JIT arches to see if endian issue appears on Zero. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Turn off Java-based checks in a vain attempt to get a complete build. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Turn off -Werror so s390 can build in slowdebug mode. +- Add fix for formatting issue found by previous s390 build. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Revert settings to production defaults so we can at least get a build. +- Switch to a slowdebug build to try and unearth remaining issue on s390x. +- Resolves: rhbz#1325423 + +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Disable ECDSA test for now until failure on RHEL 7 is fixed. +- Resolves: rhbz#1325423 + +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Add 8132051 port to Zero. +- Turn on bootstrap build for all to ensure we are now good to go. +- Resolves: rhbz#1325423 + +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Add 8132051 port to AArch64. +- Resolves: rhbz#1325423 + +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Enable a full bootstrap on JIT archs. Full build held back by Zero archs anyway. +- Resolves: rhbz#1325423 + +* Sun Apr 10 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Use basename of test file to avoid misinterpretation of full path as a package +- Resolves: rhbz#1325423 + +* Sun Apr 10 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Update to u91b14. +- Resolves: rhbz#1325423 + +* Mon Apr 04 2016 jvanek - 1:1.8.0.77-2.b03 +- added patch400 jdk8-archivedJavadoc.patch +- added javadoc-zip(-debug) subpackage with compressed javadoc + +* Thu Mar 31 2016 Andrew Hughes - 1:1.8.0.77-3.b03 +- Fix typo in test invocation. +- Resolves: rhbz#1245810 + +* Thu Mar 31 2016 Andrew Hughes - 1:1.8.0.77-3.b03 +- Add ECDSA test to ensure ECC is working. +- Resolves: rhbz#1245810 + +* Wed Mar 30 2016 Andrew Hughes - 1:1.8.0.77-2.b03 +- Avoid WithSeed versions of NSS functions as they do not fully process the seed +- List current java.security md5sum so that java.security is replaced and ECC gets enabled. +- Resolves: rhbz#1245810 + +* Wed Mar 23 2016 Andrew Hughes - 1:1.8.0.77-1.b03 +- Update to u77b03. + +* Thu Mar 03 2016 Andrew Hughes - 1:1.8.0.72-13.b16 +- When using a compositing WM, the overlay window should be used, not the root window. + +* Mon Feb 29 2016 Omair Majid - 1:1.8.0.72-12.b15 +- Use a simple backport for PR2462/8074839. +- Don't backport the crc check for pack.gz. It's not tested well upstream. + +* Mon Feb 29 2016 Andrew Hughes - 1:1.8.0.72-5.b16 +- Fix regression introduced on s390 by large code cache change. +- Update to u72b16. +- Drop 8147805 and jvm.cfg fix which are applied upstream. + +* Wed Feb 24 2016 Andrew Hughes - 1:1.8.0.72-11.b15 +- Add patches to allow the SunEC provider to be built with the system NSS install. +- Re-generate source tarball so it includes ecc_impl.h. +- Adjust tarball generation script to allow ecc_impl.h to be included. +- Bring over NSS changes from java-1.7.0-openjdk spec file (NSS_CFLAGS/NSS_LIBS) +- Remove patch which disables the SunEC provider as it is now usable. +- Correct spelling mistakes in tarball generation script. +- Move completely unrelated AArch64 gcc 6 patch into separate file. +- Resolves: rhbz#1019554 (fedora bug) + +* Tue Feb 23 2016 jvanek - 1:1.8.0.72-10.b15 +- returning accidentlay removed hunk from renamed and so wrongly merged remove_aarch64_jvm.cfg_divergence.patch + +* Mon Feb 22 2016 jvanek - 1:1.8.0.72-9.b15 +- sync from rhel + +* Tue Feb 16 2016 Dan Horák - 1:1.8.0.72-8.b15 +- Refresh s390-java-opts patch + +* Tue Feb 16 2016 Severin Gehwolf - 1:1.8.0.72-7.b15 +- Use -fno-lifetime-dse over -fno-guess-branch-probability. + See RHBZ#1306558. + +* Mon Feb 15 2016 Severin Gehwolf - 1:1.8.0.72-6.b15 +- Add aarch64_FTBFS_rhbz_1307224.patch so as to resolve RHBZ#1307224. + +* Fri Feb 12 2016 Severin Gehwolf - 1:1.8.0.72-5.b15 +- Add -fno-delete-null-pointer-checks -fno-guess-branch-probability flags to resolve x86/x86_64 crash. + +* Mon Feb 08 2016 Andrew Hughes - 1:1.8.0.72-5.b15 +- Explicitly set the C++ standard to use, as the default has changed to C++ 2014 in GCC 6. +- Turn off -Werror due to format warnings in HotSpot and -std usage warnings in SCTP. +- Run tests under the check stage and use the debug build first. + +* Fri Feb 05 2016 Andrew Hughes - 1:1.8.0.71-4.b15 +- Backport S8148351: Only display resolved symlink for compiler, do not change path + +* Wed Feb 03 2016 jvanek - 1:1.8.0.72-3.b15 +* touch -t 201401010000 java.security to try to worakround md5sums + +* Wed Jan 27 2016 jvanek - 1:1.8.0.72-1.b15 +- updated to aarch64-jdk8u72-b15 (from aarch64-port/jdk8u) +- used aarch64-port-jdk8u-aarch64-jdk8u72-b15.tar.xz as new sources +- removed already upstreamed patch501 8146566.patch + +* Wed Jan 20 2016 Jiri Vanek - 1:1.8.0.71-1.b15 +- sync with rhel7 +- security update to CPU 19.1.2016 to u71b15 + +* Tue Dec 15 2015 Jiri Vanek - 1:1.8.0.65-14.b17 +- pretrans moved back to lua nd now includes file from copy-jdk-configs instead of call it + +* Tue Dec 15 2015 Severin Gehwolf - 1:1.8.0.65-13.b17 +- Disable hardened build on non-JIT arches. + Workaround for RHBZ#1290936. + +* Thu Dec 10 2015 Andrew Hughes - 1:1.8.0.65-12.b17 +-removed patch4 java-1.8.0-openjdk-PStack-808293.patch +-removed patch13 libjpeg-turbo-1.4-compat.patch + +* Thu Dec 10 2015 Andrew Hughes - 1:1.8.0.65-11.b17 +- Define our own optimisation flags based on the optflags macro and pass to OpenJDK build cflags/cxxflags. +- Remove -fno-devirtualize as we are now on GCC 5 where the GCC bug it worked around is fixed. +- Pass __global_ldflags to --with-extra-ldflags so Fedora linker flags are used in the build. +- Also Pass ourcppflags to the OpenJDK build cflags as it wrongly uses them for the HotSpot C++ build. +- Add PR2428, PR2462 & S8143855 patches to fix build issues that arise. +- Resolves: rhbz#1283949 +- Resolves: rhbz#1120792 + +* Thu Dec 10 2015 Andrew Hughes - 1:1.8.0.65-10.b17 +- Add patch to honour %%{_smp_ncpus_max} from Tuomo Soini +- Resolves: rhbz#1152896 + +* Wed Dec 09 2015 Jiri Vanek - 1:1.8.0.65-9.b17 +- extracted lua scripts moved from pre where they don't work to pretrans +- requirement on copy-jdk-configs made Week. + +* Tue Dec 08 2015 Jiri Vanek - 1:1.8.0.65-8.b17 +- used extracted lua scripts. +- now depnding on copy-jdk-configs +- config files persisting in pre instead of %%pretrans + +* Tue Dec 08 2015 Jiri Vanek - 1:1.8.0.65-7.b17 +- changed way of generating the sources. As result: +- "updated" to aarch64-jdk8u65-b17 (from aarch64-port/jdk8u60) +- used aarch64-port-jdk8u60-aarch64-jdk8u65-b17.tar.xz as new sources + +* Fri Nov 27 2015 Jiri Vanek - 1:1.8.0.65-5.b17 +- added missing md5sums +- moved to bundeld lcms + +* Wed Nov 25 2015 Jiri Vanek - 1:1.8.0.65-4.b17 +- debug packages priority lowered by 1 + +* Wed Nov 25 2015 Jiri Vanek - 1:1.8.0.65-3.b17 +- depends on chkconfig >1.7 - added --family support + +* Fri Nov 13 2015 Jiri Vanek - 1:1.8.0.65-2.b17 +- added and applied patch605 soundFontPatch.patch as repalcement for removed sound font links +- removed hardcoded soundfont links + +* Thu Nov 12 2015 Jiri Vanek - 1:1.8.0.65-1.b17 +- updated to u65b17 + +* Mon Nov 09 2015 Jiri Vanek - 1:1.8.0.60-17.b28 +- policytool manpage followed the binary from devel to jre + +* Mon Nov 02 2015 Jiri Vanek - 1:1.8.0.60-16.b28 +added and applied patch604: aarch64-ifdefbugfix.patch to fix rhbz1276959 + +* Thu Oct 15 2015 Jiri Vanek - 1:1.8.0.60-15.b28 +- moved to single source integration forest +- removed patch patch9999 enableArm64.patch +- removed patch patch600 %%{name}-rh1191652-hotspot.patch + +* Thu Aug 27 2015 Jiri Vanek - 1:1.8.0.60-14.b24 +- updated aarch64 tarball to contain whole forest of latest jdk8-aarch64-jdk8u60-b24.2.tar.xz +- using this forest instead of only hotspot +- generate_source_tarball.sh - temporarily excluded repos="hotspot" compression of download +- not only openjdk/hotspot is replaced, by wholeopenjdk +- ln -s openjdk jdk8 done after replacing of openjdk +- patches 9999 601 and 602 exclded for aarch64 + +* Wed Aug 26 2015 Jiri Vanek - 1:1.8.0.60-13.b24 +- updated aarch64 hotpost to latest jdk8-aarch64-jdk8u60-b24.2.tar.xz + +* Wed Aug 19 2015 Jiri Vanek - 1:1.8.0.60-12.b24 +- updated to freshly released jdk8u60-jdk8u60-b27 + +* Thu Aug 13 2015 Jiri Vanek - 1:1.8.0.60-11.b24 +- another touching attempt to polycies... + +* Mon Aug 03 2015 Jiri Vanek - 1:1.8.0.60-10.b24 +- arch64 updated to u60-b24 with hope to fix rhbz1249037 + +* Fri Jul 17 2015 Jiri Vanek - 1:1.8.0.60-3.b24 +- added one more md5sum test (thanx to Severin!) + - I guess one more missing +- doubled slash in md5sum test in post + +* Thu Jul 16 2015 Jiri Vanek - 1:1.8.0.60-2.b24 +- updated to security u60-b24 +- moved to openjdk instead of jdk8 topdir in sources +- removed upstreamed patch99 java-1.8.0-openjdk-linux-4.x.patch +- removed upstreamed patch503 pr2444.patch +- removed upstreamed patch505 1208369_memory_leak_gcc5.patch +- removed upstreamed patch506: gif4.1.patch + - note: usptream version is suspicious + GIFLIB_MAJOR >= 5 SplashStreamGifInputFunc, NULL + ELSE SplashStreamGifInputFunc + - but the condition seems to be viceversa + + +* Mon Jun 22 2015 Omair Majid - 1:1.8.0.60-7.b16 +- Require javapackages-tools instead of jpackage-utils. + +* Wed Jun 17 2015 Fedora Release Engineering - 1:1.8.0.60-6.b16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jun 09 2015 Dan Horák - 1:1.8.0.60-5.b16 +- allow build on Linux 4.x kernel +- refresh s390 size_t patch + +* Fri Jun 05 2015 Jiri Vanek - 1:1.8.0.60-4.b16 +- added requires lksctp-tools for headless subpackage to make sun.nio.ch.sctp work + +* Mon May 25 2015 Jiri Vanek - 1:1.8.0.60-2.b16 +- Patch503 d318d83c4e74.patch, patch505 1208369_memory_leak_gcc5.patch (and patch506 gif4.1.patch) + moved out of "if with_systemtap" block + +* Mon May 25 2015 Jiri Vanek - 1:1.8.0.60-1.b16 +- updated to u60b16 +- deleted upstreamed patches: + patch501 1182011_JavaPrintApiDoesNotPrintUmlautCharsWithPostscriptOutputCorrectly.patch + patch502 1182694_javaApplicationMenuMisbehave.patch + patch504 1210739_dns_naming_ipv6_addresses.patch + patch402 atomic_linux_zero.inline.hpp.patch + patch401 fix_ZERO_ARCHDEF_ppc.patch + patch400 ppc_stack_overflow_fix.patch + patch204 zero-interpreter-fix.patch +- added Patch506 gif4.1.patch to allow build agaisnt giflib > 4.1 + +* Wed May 13 2015 Jiri Vanek - 1:1.8.0.45-38.b14 +- updated to 8u45-b14 with hope to fix rhbz#1123870 + +* Wed May 13 2015 Jiri Vanek - 1:1.8.0.45-37.b13 +- added runtime requires for tzdata +- Remove reference to tz.properties which is no longer used (by gnu.andrew) + +* Wed Apr 29 2015 Severin Gehwolf - 1:1.8.0.45-36.b13 +- Patch hotspot to not use undefined code rather than passing + -fno-tree-vrp via CFLAGS. + Resolves: RHBZ#1208369 +- Add upstream patch for DNS nameserver issue with IPv6 addresses. + Resolves: RHBZ#1210739 + +* Wed Apr 29 2015 Jiri Vanek - 1:1.8.0.45-35.b13 +- Omit jsa files from power64 file list as well, as they are never generated +- moved to boot build by openjdk8 +- Use the template interpreter on ppc64le + +* Fri Apr 10 2015 Jiri Vanek - 1:1.8.0.45-31.b13 +- repacked sources + +* Tue Apr 07 2015 Jiri Vanek - 1:1.8.0.45-30.b13 +- updated to security u45 +- removed patch6: disable-doclint-by-default.patch +- added patch d318d83c4e74.patch +- added rhbz1206656_fix_current_stack_pointer.patch +- renamed PStack-808293.patch -> java-1.8.0-openjdk-PStack-808293.patch +- renamed remove-intree-libraries.sh -> java-1.8.0-openjdk-remove-intree-libraries.sh +- renamed to preven conflix with jdk7 + +* Fri Apr 03 2015 Omair Majid - 1:1.8.0.40-27.b25 +- Add -fno-tree-vrp to flags to prevent hotspot miscompilation. +- Resolves: RHBZ#1208369 + +* Thu Apr 02 2015 Jiri Vanek - 1:1.8.0.40-27.b25 +- bumped release. Needed rebuild by itself on arm + +* Tue Mar 31 2015 Severin Gehwolf - 1:1.8.0.40-26.b25 +- Make Zero build-able on ARM32. + Resolves: RHBZ#1206656 + +* Fri Mar 27 2015 Dan Horák - 1:1.8.0.40-25.b25 +- refresh s390 patches + +* Fri Mar 27 2015 Jiri Vanek - 1:1.8.0.40-24.b25 +- added patch501 1182011_JavaPrintApiDoesNotPrintUmlautCharsWithPostscriptOutputCorrectly.patch +- added patch502 1182694_javaApplicationMenuMisbehave.patch +- both upstreamed, will be gone with u60 + +* Wed Mar 25 2015 Omair Majid - 1:1.8.0.40-23.b25 +- Disable various EC algorithms in configuration + +* Mon Mar 23 2015 Jiri Vanek - 1:1.8.0.40-22.b25 +- sytemtap made working for dual package + +* Tue Mar 03 2015 Severin Gehwolf - 1:1.8.0.40-21.b25 +- Added compiler no-warn- + +* Fri Feb 20 2015 Omair Majid - 1:1.8.0.40-21.b25 +- Fix zero interpreter build. + +* Thu Feb 12 2015 Omair Majid - 1:1.8.0.40-21.b25 +- Fix building with gcc 5 by ignoring return-local-addr warning +- Include additional debugging info for java class files and test that they are + present + +* Thu Feb 12 2015 Jiri Vanek - 1:1.8.0.40-20.b25 +- bumped to b25 +- removed upstreamed patch11 hotspot-build-j-directive.patch +- policies repacked to stop spamming yum update +- added and used source20 repackReproduciblePolycies.sh +- added mehanism to force priority size + +* Fri Jan 09 2015 Dan Horák - 1:1.8.0.40-19.b12 +- refresh s390 patches + +* Fri Nov 07 2014 Jiri Vanek - 1:1.8.0.40-18.b12 +- updated arm64 tarball to jdk8-jdk8u40-b12-aarch64-1263.tar.xz + +* Fri Nov 07 2014 Jiri Vanek - 1:1.8.0.40-17.b12 +- obsoleted gcj and sindoc. rh1149674 and rh1149675 +- removed backup/restore on images and docs in favor of reconfigure in different directory + +* Mon Nov 03 2014 Jiri Vanek - 1:1.8.0.40-16.b12 +- updated both noral and aarch64 tarballs to u40b12 + +* Mon Nov 03 2014 Jiri Vanek - 1:1.8.0.40-15.b02 +- enabled debug packages +- removed all provides duplicating package name +- comments about files moved inside files section (to prevent different javadoc postuns) + - see (RH1160693) + +* Fri Oct 31 2014 Omair Majid - 1:1.8.0.40-13.b02 +- Build against libjpeg-turbo-1.4 + +* Fri Oct 24 2014 Jiri Vanek - 1:1.8.0.40-13.b02 +- preparing for parallel debug+normal build +- files and scripelts moved to extendable macros as first step to dual build +- install and build may be done in loop for both release and slowdebug +- debugbuild off untill its completed + +* Fri Oct 24 2014 Jiri Vanek - 1:1.8.0.40-12.b02 +- added patch12,removeSunEcProvider-RH1154143 +- xdump excluded from ppc64le (rh1156151) +- Add check for src.zip completeness. See RH1130490 (by sgehwolf@redhat.com) +- Resolves: rhbz#1125260 + +* Thu Sep 25 2014 Jiri Vanek - 1:1.8.0.40-11.b02 +- fixing flags usages (thanx to jerboaa!) + +* Thu Sep 25 2014 Jiri Vanek - 1:1.8.0.20-10.b26 +- sync with rhel7 + +* Wed Sep 17 2014 Omair Majid - 1:1.8.0.20-9.b26 +- Remove LIBDIR and funny definition of _libdir. +- Fix rpmlint warnings about macros in comments. + +* Thu Sep 11 2014 Jiri Vanek - 1:1.8.0.20-8.b26 +- fixed headless to become headless again + - jre/bin/policytool added to not headless exclude list + +* Wed Sep 10 2014 Omair Majid - 1:1.8.0.20-7.b26 +- Update aarch64 hotspot to latest upstream version + +* Fri Sep 05 2014 Omair Majid - 1:1.8.0.40-6.b26 +- Use %%{power64} instead of %%{ppc64}. + +* Thu Sep 04 2014 Jiri Vanek - 1:1.8.0.40-5.b26 +- Update aarch64 hotspot to jdk7u40-b02 to match the rest of the JDK +- commented out patch2 (obsolated by 666) +- all ppc64 added to jitarches + +* Thu Sep 04 2014 Omair Majid - 1:1.8.0.20-4.b26 +- Use the cpp interpreter on ppc64le. + +* Wed Sep 03 2014 Jiri Vanek - 1:1.8.0.20-3.b26 +- fixed RH1136544, orriginal issue, state of pc64le jit remians mistery + +* Wed Aug 27 2014 Jiri Vanek - 1:1.8.0.20-2.b26 +- requirement Requires: javazi-1.8/tzdb.dat changed to tzdata-java >= 2014f-1 +- see RH1130800#c5 + +* Wed Aug 27 2014 Jiri Vanek - 1:1.8.0.40-1.b02 +- adapted aarch64 patch +- removed upstreamed patch 0001-PPC64LE-arch-support-in-openjdk-1.8.patch + +* Wed Aug 27 2014 Jiri Vanek - 1:1.8.0.40-1.b02 +- updated to u40-b02 +- adapted aarch64 patches + +* Wed Aug 27 2014 Jiri Vanek - 1:1.8.0.40-1.b01 +- updated to u40-b01 +- adapted rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch +- adapted jdk8042159-allow_using_system_installed_lcms2.patch +- removed patch8 set-active-window.patch +- removed patch9 javadoc-error-jdk-8029145.patch +- removed patch10 javadoc-error-jdk-8037484.patch +- removed patch99 applet-hole.patch - itw 1.5.1 is able to ive without it + +* Tue Aug 19 2014 Jiri Vanek - 1:1.8.0.11-19.b12 +- fixed desktop icons +- Icon set to java-1.8.0 +- Development removed from policy tool + +* Mon Aug 18 2014 Jiri Vanek - 1:1.8.0.11-18.b12 +- fixed jstack + +* Mon Aug 18 2014 Jiri Vanek - 1:1.8.0.11-17.b12 +- added build requires and requires for headles _datadir/javazi-1.8/tzdb.dat +- restriction of tzdata provider, so we will be aware of another possible failure + +* Sat Aug 16 2014 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Jiri Vanek - 1:1.8.0.11-15.b12 +- fixed provides/obsolates + +* Tue Aug 12 2014 Jiri Vanek - 1:1.8.0.11-14.b12 +- forced to build in fully versioned dir + +* Tue Aug 12 2014 Jiri Vanek - 1:1.8.0.11-13.b12 +- fixing tapset to support multipleinstalls +- added more config/norepalce +- policitool moved to jre + +* Tue Aug 12 2014 Jiri Vanek - 1:1.8.0.11-12.b12 +- bumped release to build by previous release. +- forcing rebuild by jdk8 +- uncommenting forgotten comment on tzdb link + +* Tue Aug 12 2014 Jiri Vanek - 1:1.8.0.11-11.b12 +- backporting old fixes: +- get rid of jre-abrt, uniquesuffix, parallel install, jsa files, + config(norepalce) bug, -fstack-protector-strong, OrderWithRequires, + nss config, multilib arches, provides/requires excludes +- some additional cosmetic changes + +* Tue Jul 22 2014 Omair Majid - 1:1.8.0.11-8.b12 +- Modify aarch64-specific jvm.cfg to list server vm first + +* Mon Jul 21 2014 Jiri Vanek - 1:1.8.0.11-7.b12 +- removed legacy aarch64 switches + - --with-jvm-variants=client and --disable-precompiled-headers + +* Tue Jul 15 2014 Jiri Vanek - 1:1.8.0.11-6.b12 +- added patch patch9999 enableArm64.patch to enable new hotspot + +* Tue Jul 15 2014 Jiri Vanek - 1:1.8.0.11-5.b12 +- Attempt to update aarch64 *jdk* to u11b12, by resticting aarch64 sources to hotpot only + +* Tue Jul 15 2014 Jiri Vanek - 1:1.8.0.11-1.b12 +- updated to security u11b12 + +* Tue Jun 24 2014 Omair Majid - 1:1.8.0.5-13.b13 +- Obsolete java-1.7.0-openjdk + +* Wed Jun 18 2014 Omair Majid - 1:1.8.0.5-12.b13 +- Use system tzdata from tzdata-java + +* Thu Jun 12 2014 Omair Majid - 1:1.8.0.5-11.b13 +- Add patch from IcedTea to handle -j and -I correctly + +* Wed Jun 11 2014 Omair Majid - 1:1.8.0.5-11.b13 +- Backport javadoc fixes from upstream +- Related: rhbz#1107273 + +* Sat Jun 07 2014 Fedora Release Engineering - 1:1.8.0.5-10.b13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Jun 02 2014 Omair Majid - 1:1.8.0.5-9.b13 +- Build with OpenJDK 8 + +* Wed May 28 2014 Omair Majid - 1:1.8.0.5-8.b13 +- Backport fix for JDK-8012224 + +* Wed May 28 2014 Omair Majid - 1:1.8.0.5-7.b13 +- Require fontconfig and minimal fonts (xorg-x11-fonts-Type1) explicitly +- Resolves rhbz#1101394 + +* Fri May 23 2014 Dan Horák - 1:1.8.0.5-6.b13 +- Enable build on s390/s390x + +* Tue May 20 2014 Omair Majid - 1:1.8.0.5-5.b13 +- Only check for debug symbols in libjvm if it exists. + +* Fri May 16 2014 Omair Majid - 1:1.8.0.5-4.b13 +- Include all sources in src.zip + +* Mon Apr 28 2014 Omair Majid - 1:1.8.0.5-4.b13 +- Check for debug symbols in libjvm.so + +* Thu Apr 24 2014 Brent Baude - 1:1.8.0.5-3.b13 +- Add ppc64le support, bz# 1088344 + +* Wed Apr 23 2014 Omair Majid - 1:1.8.0.5-2.b13 +- Build with -fno-devirtualize +- Don't strip debuginfo from files + +* Wed Apr 16 2014 Omair Majid - 1:1.8.0.5-1.b13 +- Instrument build with various sanitizers. + +* Tue Apr 15 2014 Omair Majid - 1:1.8.0.5-1.b13 +- Update to the latest security release: OpenJDK8 u5 b13 + +* Fri Mar 28 2014 Omair Majid - 1:1.8.0.0-2.b132 +- Include version information in desktop files +- Move desktop files from tarball to top level source + +* Tue Mar 25 2014 Omair Majid - 1:1.8.0.0-1.0.b132 +- Switch from java8- style provides to java- style +- Bump priority to reflect java version + +* Fri Mar 21 2014 Omair Majid - 1:1.8.0.0-0.35.b132 +- Disable doclint for compatiblity +- Patch contributed by Andrew John Hughes + +* Tue Mar 11 2014 Omair Majid - 1:1.8.0.0-0.34.b132 +- Include jdeps and jjs for aarch64. These are present in b128. + +* Mon Mar 10 2014 Omair Majid - 1:1.8.0.0-0.33.b132 +- Update aarch64 tarball to the latest upstream release + +* Fri Mar 07 2014 Omair Majid - 1:1.8.0.0-0.32.b132 +- Fix `java -version` output + +* Fri Mar 07 2014 Jiri Vanek - 1:1.8.0.0-0.31.b132 +- updated to rc4 aarch64 tarball +- outdated removed: patch2031 system-lcmsAARCH64.patch patch2011 system-libjpeg-aarch64.patch + patch2021 system-libpng-aarch64.patch + +* Thu Mar 06 2014 Omair Majid - 1:1.8.0.0-0.30.b132 +- Update to b132 + +* Thu Mar 06 2014 Omair Majid - 1:1.8.0.0-0.29.b129 +- Fix typo in STRIP_POLICY + +* Mon Mar 03 2014 Omair Majid - 1:1.8.0.0-0.28.b129 +- Remove redundant debuginfo files +- Generate complete debug information for libjvm + +* Tue Feb 25 2014 Omair Majid - 1:1.8.0.0-0.27.b129 +- Fix non-headless libraries + +* Tue Feb 25 2014 Jiri Vanek - 1:1.8.0.0-0.26.b129 +- Fix incorrect Requires + +* Thu Feb 13 2014 Omair Majid - 1:1.8.0.0-0.26.b129 +- Add -headless subpackage based on java-1.7.0-openjdk +- Add abrt connector support +- Add -accessibility subpackage + +* Thu Feb 13 2014 Omair Majid - 1:1.8.0.0-0.26.b129 +- Update to b129. + +* Fri Feb 07 2014 Omair Majid - 1:1.8.0.0-0.25.b126 +- Update to candidate Reference Implementation release. + +* Fri Jan 31 2014 Omair Majid - 1:1.8.0.0-0.24.b123 +- Forward port more patches from java-1.7.0-openjdk + +* Mon Jan 20 2014 Omair Majid - 1:1.8.0.0-0.23.b123 +- Update to jdk8-b123 + +* Thu Nov 14 2013 Omair Majid - 1:1.8.0.0-0.22.b115 +- Update to jdk8-b115 + +* Wed Oct 30 2013 Jiri Vanek - 1:1.8.0.0-0.21.b106 +- added jre/lib/security/blacklisted.certs for aarch64 +- updated to preview_rc2 aarch64 tarball + +* Sun Oct 06 2013 Omair Majid - 1:1.8.0.0-0.20.b106 +- Fix paths in tapsets to work on non-x86_64 +- Use system libjpeg + +* Thu Sep 05 2013 Omair Majid - 1:1.8.0.0-0.19.b106 +- Fix with_systemtap conditionals + +* Thu Sep 05 2013 Omair Majid - 1:1.8.0.0-0.18.b106 +- Update to jdk8-b106 + +* Tue Aug 13 2013 Deepak Bhole - 1:1.8.0.0-0.17.b89x +- Updated aarch64 to latest head +- Dropped upstreamed patches + +* Wed Aug 07 2013 Omair Majid - 1:1.8.0.0-0.16.b89x +- The zero fix only applies on b89 tarball + +* Tue Aug 06 2013 Omair Majid - 1:1.8.0.0-0.16.b89x +- Add patch to fix zero on 32-bit build + +* Mon Aug 05 2013 Omair Majid - 1:1.8.0.0-0.16.b89x +- Added additional build fixes for aarch64 + +* Sat Aug 03 2013 Fedora Release Engineering - 1:1.8.0.0-0.16.b89x +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Fri Aug 02 2013 Deepak Bhole - 1:1.8.0.0-0.15.b89 +- Added a missing includes patch (#302/%%{name}-arm64-missing-includes.patch) +- Added --disable-precompiled-headers for arm64 build + +* Mon Jul 29 2013 Jiri Vanek - 1:1.8.0.0-0.14.b89 +- added patch 301 - removeMswitchesFromx11.patch + +* Fri Jul 26 2013 Jiri Vanek - 1:1.8.0.0-0.13.b89 +- added new aarch64 tarball + +* Thu Jul 25 2013 Jiri Vanek - 1:1.8.0.0-0.12.b89 +- ifarchaarch64 then --with-jvm-variants=client + +* Tue Jul 23 2013 Jiri Vanek - 1:1.8.0.0-0.11.b89 +- prelink dependence excluded also for aaech64 +- arm64 added to jitarches +- added source100 config.guess to repalce the outdated one in-tree +- added source101 config.sub to repalce the outdated one in-tree +- added patch2011 system-libjpegAARCH64.patch (as aarch64-port is little bit diferent) +- added patch2031 system-lcmsAARCH64.patch (as aarch64-port is little bit diferent) +- added gcc-c++ build depndece so builddep will result to better situation + +* Tue Jul 23 2013 Jiri Vanek - 1:1.8.0.0-0.10.b89 +- moved to latest working osurces + +* Tue Jul 23 2013 Omair Majid - 1:1.8.0.0-0.10.b89 +- Moved to hg clone for generating sources. + +* Sun Jul 21 2013 Jiri Vanek - 1:1.8.0.0-0.9.b89 +- added aarch 64 tarball, proposed usage of clone instead of tarballs + +* Mon Jul 15 2013 Omair Majid - 1:1.8.0.0-0.9.b89 +- Switch to xz for compression +- Fixes RHBZ#979823 + +* Mon Jul 15 2013 Omair Majid - 1:1.8.0.0-0.9.b89 +- Priority should be 0 until openjdk8 is released by upstream +- Fixes RHBZ#964409 + +* Mon Jun 3 2013 Omair Majid - 1:1.8.0.0-0.8.b89 +- Fix incorrect permissions on ct.sym + +* Mon May 20 2013 Omair Majid - 1:1.8.0.0-0.7.b89 +- Fix incorrect permissions on jars + +* Fri May 10 2013 Adam Williamson +- update scriptlets to follow current guidelines for updating icon cache + +* Tue Apr 30 2013 Omair Majid 1:1.8.0.0-0.5.b87 +- Update to b87 +- Remove all rhino support; use nashorn instead +- Remove upstreamed/unapplied patches + +* Tue Apr 23 2013 Karsten Hopp 1:1.8.0.0-0.4.b79 +- update java-1.8.0-openjdk-ppc-zero-hotspot patch +- use power64 macro + +* Thu Mar 28 2013 Omair Majid 1:1.8.0.0-0.3.b79 +- Add build fix for zero +- Drop gstabs fixes; enable full debug info instead + +* Wed Mar 13 2013 Omair Majid 1:1.8.0.0-0.2.b79 +- Fix alternatives priority + +* Tue Mar 12 2013 Omair Majid 1:1.8.0.0-0.1.b79.f19 +- Update to jdk8-b79 +- Initial version for Fedora 19 + +* Tue Sep 04 2012 Andrew John Hughes - 1:1.8.0.0-b53.1 +- Initial build from java-1.7.0-openjdk RPM diff --git a/jconsole.desktop.in b/jconsole.desktop.in new file mode 100644 index 0000000..8a3b04d --- /dev/null +++ b/jconsole.desktop.in @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@) +Comment=Monitor and manage OpenJDK applications +Exec=_SDKBINDIR_/jconsole +Icon=java-@JAVA_VER@-@JAVA_VENDOR@ +Terminal=false +Type=Application +StartupWMClass=sun-tools-jconsole-JConsole +Categories=Development;Profiling;Java; +Version=1.0 diff --git a/jdk8035341-allow_using_system_installed_libpng.patch b/jdk8035341-allow_using_system_installed_libpng.patch new file mode 100644 index 0000000..53661d8 --- /dev/null +++ b/jdk8035341-allow_using_system_installed_libpng.patch @@ -0,0 +1,115 @@ +diff -ruN jdk8/common/autoconf/libraries.m4 jdk8/common/autoconf/libraries.m4 +--- jdk8/common/autoconf/libraries.m4 2013-11-14 20:08:01.845065585 -0500 ++++ jdk8/common/autoconf/libraries.m4 2013-11-14 20:10:56.186553066 -0500 +@@ -676,6 +676,47 @@ + + ############################################################################### + # ++ # Check for the png library ++ # ++ ++ AC_ARG_WITH(libpng, [AS_HELP_STRING([--with-libpng], ++ [use libpng from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])]) ++ ++ AC_CHECK_LIB(png, png_sig_cmp, ++ [ LIBPNG_FOUND=yes ], ++ [ LIBPNG_FOUND=no ]) ++ ++ AC_MSG_CHECKING([for which libpng to use]) ++ ++ # default is bundled ++ DEFAULT_LIBPNG=bundled ++ ++ # ++ # if user didn't specify, use DEFAULT_LIBPNG ++ # ++ if test "x${with_libpng}" = "x"; then ++ with_libpng=${DEFAULT_libpng} ++ fi ++ ++ ++ if test "x${with_libpng}" = "xbundled"; then ++ USE_EXTERNAL_LIBPNG=false ++ AC_MSG_RESULT([bundled]) ++ elif test "x${with_libpng}" = "xsystem"; then ++ if test "x${LIBPNG_FOUND}" = "xyes"; then ++ USE_EXTERNAL_LIBPNG=true ++ AC_MSG_RESULT([system]) ++ else ++ AC_MSG_RESULT([system not found]) ++ AC_MSG_ERROR([--with-libpng=system specified, but no libpng found!]) ++ fi ++ else ++ AC_MSG_ERROR([Invalid value of --with-libpng: ${with_libpng}, use 'system' or 'bundled']) ++ fi ++ AC_SUBST(USE_EXTERNAL_LIBPNG) ++ ++ ############################################################################### ++ # + # Check for the zlib library + # + +diff -ruN jdk8/common/autoconf/spec.gmk.in jdk8/common/autoconf/spec.gmk.in +--- jdk8/common/autoconf/spec.gmk.in 2013-10-31 19:24:33.000000000 -0400 ++++ jdk8/common/autoconf/spec.gmk.in 2013-11-14 21:10:56.365976518 -0500 +@@ -548,6 +548,7 @@ + ENABLE_JFR=@ENABLE_JFR@ + ENABLE_INTREE_EC=@ENABLE_INTREE_EC@ + USE_EXTERNAL_LIBJPEG:=@USE_EXTERNAL_LIBJPEG@ ++USE_EXTERNAL_LIBPNG:=@USE_EXTERNAL_LIBPNG@ + USE_EXTERNAL_LIBGIF:=@USE_EXTERNAL_LIBGIF@ + USE_EXTERNAL_LIBZ:=@USE_EXTERNAL_LIBZ@ + LIBZIP_CAN_USE_MMAP:=@LIBZIP_CAN_USE_MMAP@ +diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.gmk +--- jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 20:08:01.845065585 -0500 ++++ jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 20:14:10.791982343 -0500 +@@ -1183,7 +1183,6 @@ + + ifndef BUILD_HEADLESS_ONLY + LIBSPLASHSCREEN_DIRS := \ +- $(JDK_TOPDIR)/src/share/native/sun/awt/libpng \ + $(JDK_TOPDIR)/src/share/native/sun/awt/splashscreen + + ifeq ($(USE_EXTERNAL_LIBGIF), true) +@@ -1200,6 +1199,13 @@ + LIBJPEG_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/jpeg + endif + ++ ifeq ($(USE_EXTERNAL_LIBPNG), true) ++ LIBPNG_LDFLAGS := -lpng ++ else ++ LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/share/native/sun/awt/image/libpng ++ LIBPNG_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/libpng ++ endif ++ + ifneq ($(OPENJDK_TARGET_OS), macosx) + LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/awt/splashscreen + else +@@ -1263,12 +1269,12 @@ + LANG := C, \ + OPTIMIZATION := LOW, \ + CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) \ +- $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS), \ ++ $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS) $(LIBPNG_CFLAGS), \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsplashscreen/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_SUFFIX := $(LIBSPLASHSCREEN_LDFLAGS_SUFFIX) \ +- $(LIBZ) $(GIFLIB_LDFLAGS) $(LIBJPEG_LDFLAGS), \ ++ $(LIBZ) $(GIFLIB_LDFLAGS) $(LIBJPEG_LDFLAGS) $(LIBPNG_LDFLAGS), \ + LDFLAGS_SUFFIX_solaris := -lc, \ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ +diff -ruN jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c +--- jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c 2013-10-31 19:44:18.000000000 -0400 ++++ jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_png.c 2013-11-14 20:14:41.363892797 -0500 +@@ -25,8 +25,7 @@ + + #include "splashscreen_impl.h" + +-#include "../libpng/png.h" +- ++#include + #include + + #define SIG_BYTES 8 diff --git a/jdk8042159-allow_using_system_installed_lcms2-jdk.patch b/jdk8042159-allow_using_system_installed_lcms2-jdk.patch new file mode 100644 index 0000000..ebfbdd2 --- /dev/null +++ b/jdk8042159-allow_using_system_installed_lcms2-jdk.patch @@ -0,0 +1,68 @@ +diff --git openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk openjdk/jdk/make/lib/Awt2dLibraries.gmk +--- openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk ++++ openjdk/jdk/make/lib/Awt2dLibraries.gmk +@@ -665,18 +665,35 @@ + endif + endif + ++LIBLCMS_DIR := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms ++ ++ifeq ($(USE_EXTERNAL_LCMS), true) ++ # If we're using an external library, we'll just need the wrapper part. ++ # By including it explicitely, all other files will be excluded. ++ BUILD_LIBLCMS_INCLUDE_FILES := LCMS.c ++ BUILD_LIBLCMS_HEADERS := ++else ++ BUILD_LIBLCMS_INCLUDE_FILES := ++ # If we're using the bundled library, we'll need to include it in the ++ # include path explicitly. Otherwise the system headers will be used. ++ BUILD_LIBLCMS_HEADERS := -I$(LIBLCMS_DIR) ++endif ++ + # TODO: Update awt lib path when awt is converted + $(eval $(call SetupNativeCompilation,BUILD_LIBLCMS, \ + LIBRARY := lcms, \ + OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ +- SRC := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms, \ ++ SRC := $(LIBLCMS_DIR), \ ++ INCLUDE_FILES := $(BUILD_LIBLCMS_INCLUDE_FILES), \ + LANG := C, \ + OPTIMIZATION := HIGHEST, \ + CFLAGS := $(filter-out -xc99=%none, $(CFLAGS_JDKLIB)) \ + -DCMS_DONT_USE_FAST_FLOOR \ + $(SHARED_LIBRARY_FLAGS) \ + -I$(JDK_TOPDIR)/src/share/native/sun/java2d \ +- -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug, \ ++ -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug \ ++ $(BUILD_LIBLCMS_HEADERS) \ ++ $(LCMS_CFLAGS), \ + CFLAGS_solaris := -xc99=no_lib, \ + CFLAGS_windows := -DCMS_IS_WINDOWS_, \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \ +@@ -684,10 +701,10 @@ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_solaris := /usr/lib$(OPENJDK_TARGET_CPU_ISADIR)/libm.so.2, \ + LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \ +- LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc, \ +- LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm, \ +- LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm, \ +- LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm,\ ++ LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc $(LCMS_LIBS), \ ++ LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm $(LCMS_LIBS), \ ++ LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm $(LCMS_LIBS), \ ++ LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm $(LCMS_LIBS),\ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ + -D "JDK_FNAME=lcms.dll" \ +diff --git openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c +--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c ++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c +@@ -30,7 +30,7 @@ + #include "jni_util.h" + #include "Trace.h" + #include "Disposer.h" +-#include "lcms2.h" ++#include + #include "jlong.h" + + diff --git a/jdk8042159-allow_using_system_installed_lcms2-root.patch b/jdk8042159-allow_using_system_installed_lcms2-root.patch new file mode 100644 index 0000000..7ce90b1 --- /dev/null +++ b/jdk8042159-allow_using_system_installed_lcms2-root.patch @@ -0,0 +1,50 @@ +diff -ruN openjdk/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4 +--- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500 ++++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500 +@@ -676,6 +676,46 @@ + + ############################################################################### + # ++ # Check for the lcms2 library ++ # ++ ++ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms], ++ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])]) ++ ++ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile, ++ [ LCMS_FOUND=yes ], ++ [ LCMS_FOUND=no ]) ++ ++ AC_MSG_CHECKING([for which lcms to use]) ++ ++ DEFAULT_LCMS=bundled ++ ++ # ++ # If user didn't specify, use DEFAULT_LCMS ++ # ++ if test "x${with_lcms}" = "x"; then ++ with_lcms=${DEFAULT_LCMS} ++ fi ++ ++ if test "x${with_lcms}" = "xbundled"; then ++ USE_EXTERNAL_LCMS=false ++ AC_MSG_RESULT([bundled]) ++ elif test "x${with_lcms}" = "xsystem"; then ++ if test "x${LCMS_FOUND}" = "xyes"; then ++ USE_EXTERNAL_LCMS=true ++ AC_MSG_RESULT([system]) ++ else ++ AC_MSG_RESULT([system not found]) ++ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!]) ++ fi ++ else ++ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled']) ++ fi ++ ++ AC_SUBST(USE_EXTERNAL_LCMS) ++ ++ ############################################################################### ++ # + # Check for the png library + # + diff --git a/jdk8043805-allow_using_system_installed_libjpeg.patch b/jdk8043805-allow_using_system_installed_libjpeg.patch new file mode 100644 index 0000000..003f32b --- /dev/null +++ b/jdk8043805-allow_using_system_installed_libjpeg.patch @@ -0,0 +1,228 @@ +diff -ruN jdk8/common/autoconf/libraries.m4 jdk8/common/autoconf/libraries.m4 +--- jdk8/common/autoconf/libraries.m4 2013-10-31 19:24:33.000000000 -0400 ++++ jdk8/common/autoconf/libraries.m4 2013-11-14 21:55:20.249903347 -0500 +@@ -601,12 +601,42 @@ + # + + USE_EXTERNAL_LIBJPEG=true +- AC_CHECK_LIB(jpeg, main, [], +- [ USE_EXTERNAL_LIBJPEG=false +- AC_MSG_NOTICE([Will use jpeg decoder bundled with the OpenJDK source]) +- ]) ++ AC_ARG_WITH(libjpeg, [AS_HELP_STRING([--with-libjpeg], ++ [use libjpeg from build system or OpenJDK sources (system, bundled) @<:@bundled@:>@])]) ++ ++ AC_CHECK_LIB(jpeg, jpeg_destroy_compress, ++ [ LIBJPEG_FOUND=yes ], ++ [ LIBJPEG_FOUND=no ]) ++ ++ AC_MSG_CHECKING([for which libjpeg to use]) ++ ++ # default is bundled ++ DEFAULT_LIBJPEG=bundled ++ ++ # ++ # if user didn't specify, use DEFAULT_LIBJPEG ++ # ++ if test "x${with_libjpeg}" = "x"; then ++ with_libjpeg=${DEFAULT_LIBJPEG} ++ fi ++ ++ if test "x${with_libjpeg}" = "xbundled"; then ++ USE_EXTERNAL_LIBJPEG=false ++ AC_MSG_RESULT([bundled]) ++ elif test "x${with_libjpeg}" = "xsystem"; then ++ if test "x${LIBJPEG_FOUND}" = "xyes"; then ++ USE_EXTERNAL_LIBJPEG=true ++ AC_MSG_RESULT([system]) ++ else ++ AC_MSG_RESULT([system not found]) ++ AC_MSG_ERROR([--with-libjpeg=system specified, but no libjpeg found]) ++ fi ++ else ++ AC_MSG_ERROR([Invalid use of --with-libjpeg: ${with_libjpeg}, use 'system' or 'bundled']) ++ fi + AC_SUBST(USE_EXTERNAL_LIBJPEG) + ++ + ############################################################################### + # + # Check for the gif library +diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.gmk +--- jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-10-31 19:44:18.000000000 -0400 ++++ jdk8/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 21:56:01.020796703 -0500 +@@ -693,17 +693,17 @@ + ########################################################################################## + + ifdef OPENJDK +- BUILD_LIBJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers ++ BUILD_LIBJAVAJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers + else +- BUILD_LIBJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers-closed +- BUILD_LIBJPEG_CLOSED_SRC := $(JDK_TOPDIR)/src/closed/share/native/sun/awt/image/jpeg +- BUILD_LIBJPEG_CLOSED_INCLUDES := -I$(BUILD_LIBJPEG_CLOSED_SRC) ++ BUILD_LIBJAVAJPEG_MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjpeg/mapfile-vers-closed ++ BUILD_LIBJAVAJPEG_CLOSED_SRC := $(JDK_TOPDIR)/src/closed/share/native/sun/awt/image/jpeg ++ BUILD_LIBJAVAJPEG_CLOSED_INCLUDES := -I$(BUILD_LIBJPEG_CLOSED_SRC) + endif + +-BUILD_LIBJPEG_REORDER := ++BUILD_LIBJAVAJPEG_REORDER := + ifeq ($(OPENJDK_TARGET_OS), solaris) + ifneq ($(OPENJDK_TARGET_CPU), x86_64) +- BUILD_LIBJPEG_REORDER := $(JDK_TOPDIR)/make/mapfiles/libjpeg/reorder-$(OPENJDK_TARGET_CPU) ++ BUILD_LIBJAVAJPEG_REORDER := $(JDK_TOPDIR)/make/mapfiles/libjpeg/reorder-$(OPENJDK_TARGET_CPU) + endif + endif + +@@ -718,37 +718,38 @@ + # $(shell $(EXPR) $(CC_MAJORVER) \> 4 \| \ + # \( $(CC_MAJORVER) = 4 \& $(CC_MINORVER) \>= 3 \) ) + # ifeq ($(CC_43_OR_NEWER), 1) +-# BUILD_LIBJPEG_CFLAGS_linux += -Wno-clobbered ++# BUILD_LIBJAVAJPEG_CFLAGS_linux += -Wno-clobbered + # endif + #endif + +-$(eval $(call SetupNativeCompilation,BUILD_LIBJPEG, \ +- LIBRARY := jpeg, \ ++$(eval $(call SetupNativeCompilation,BUILD_LIBJAVAJPEG, \ ++ LIBRARY := javajpeg, \ + OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ +- SRC := $(BUILD_LIBJPEG_CLOSED_SRC) \ ++ SRC := $(BUILD_LIBJAVAJPEG_CLOSED_SRC) \ + $(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg, \ + LANG := C, \ + OPTIMIZATION := HIGHEST, \ + CFLAGS := $(CFLAGS_JDKLIB) \ +- $(BUILD_LIBJPEG_CLOSED_INCLUDES) \ ++ $(BUILD_LIBJAVAJPEG_CLOSED_INCLUDES) \ + -I$(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg, \ +- MAPFILE := $(BUILD_LIBJPEG_MAPFILE), \ +- LDFLAGS := $(LDFLAGS_JDKLIB) \ ++ MAPFILE := $(BUILD_LIBJAVAJPEG_MAPFILE), \ ++ LDFLAGS := $(subst -Xlinker --as-needed,, \ ++ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) -ljpeg \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_windows := $(WIN_JAVA_LIB) jvm.lib, \ + LDFLAGS_SUFFIX := $(LDFLAGS_JDKLIB_SUFFIX), \ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ +- -D "JDK_FNAME=jpeg.dll" \ +- -D "JDK_INTERNAL_NAME=jpeg" \ ++ -D "JDK_FNAME=javajpeg.dll" \ ++ -D "JDK_INTERNAL_NAME=javajpeg" \ + -D "JDK_FTYPE=0x2L", \ +- REORDER := $(BUILD_LIBJPEG_REORDER), \ +- OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libjpeg, \ ++ REORDER := $(BUILD_LIBJAVAJPEG_REORDER), \ ++ OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libjavajpeg, \ + DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES))) + +-$(BUILD_LIBJPEG): $(BUILD_LIBJAVA) ++$(BUILD_LIBJAVAJPEG): $(BUILD_LIBJAVA) + +-BUILD_LIBRARIES += $(BUILD_LIBJPEG) ++BUILD_LIBRARIES += $(BUILD_LIBJAVAJPEG) + + ########################################################################################## + +@@ -1127,7 +1128,6 @@ + + ifndef BUILD_HEADLESS_ONLY + LIBSPLASHSCREEN_DIRS := \ +- $(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg \ + $(JDK_TOPDIR)/src/share/native/sun/awt/libpng \ + $(JDK_TOPDIR)/src/share/native/sun/awt/splashscreen + +@@ -1138,6 +1138,13 @@ + GIFLIB_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/giflib + endif + ++ ifeq ($(USE_EXTERNAL_LIBJPEG), true) ++ LIBJPEG_LDFLAGS := -ljpeg ++ else ++ LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/share/native/sun/awt/image/jpeg ++ LIBJPEG_CFLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/awt/jpeg ++ endif ++ + ifneq ($(OPENJDK_TARGET_OS), macosx) + LIBSPLASHSCREEN_DIRS += $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/sun/awt/splashscreen + else +@@ -1193,11 +1200,13 @@ + EXCLUDE_FILES := imageioJPEG.c jpegdecoder.c pngtest.c, \ + LANG := C, \ + OPTIMIZATION := LOW, \ +- CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) $(GIFLIB_CFLAGS), \ ++ CFLAGS := $(LIBSPLASHSCREEN_CFLAGS) $(CFLAGS_JDKLIB) \ ++ $(GIFLIB_CFLAGS) $(LIBJPEG_CFLAGS), \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsplashscreen/mapfile-vers, \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ +- LDFLAGS_SUFFIX := $(LIBSPLASHSCREEN_LDFLAGS_SUFFIX) $(LIBZ) $(GIFLIB_LDFLAGS), \ ++ LDFLAGS_SUFFIX := $(LIBSPLASHSCREEN_LDFLAGS_SUFFIX) \ ++ $(LIBZ) $(GIFLIB_LDFLAGS) $(LIBJPEG_LDFLAGS), \ + LDFLAGS_SUFFIX_solaris := -lc, \ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ +diff -ruN jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java +--- jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java 2013-10-31 19:44:18.000000000 -0400 ++++ jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java 2013-11-14 21:55:20.250903340 -0500 +@@ -89,7 +89,7 @@ + java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction() { + public Void run() { +- System.loadLibrary("jpeg"); ++ System.loadLibrary("javajpeg"); + return null; + } + }); +diff -ruN jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java +--- jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java 2013-10-31 19:44:18.000000000 -0400 ++++ jdk8/jdk/src/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java 2013-11-14 21:55:20.250903340 -0500 +@@ -179,7 +179,7 @@ + java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction() { + public Void run() { +- System.loadLibrary("jpeg"); ++ System.loadLibrary("javajpeg"); + return null; + } + }); +diff -ruN jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java +--- jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java 2013-10-31 19:44:18.000000000 -0400 ++++ jdk8/jdk/src/share/classes/sun/awt/image/JPEGImageDecoder.java 2013-11-14 21:55:20.251903376 -0500 +@@ -56,7 +56,7 @@ + java.security.AccessController.doPrivileged( + new java.security.PrivilegedAction() { + public Void run() { +- System.loadLibrary("jpeg"); ++ System.loadLibrary("javajpeg"); + return null; + } + }); +diff -ruN jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c +--- jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c 2013-10-31 19:44:18.000000000 -0400 ++++ jdk8/jdk/src/share/native/sun/awt/splashscreen/splashscreen_jpeg.c 2013-11-14 21:55:20.251903376 -0500 +@@ -25,7 +25,6 @@ + + #include "splashscreen_impl.h" + +-#include "jinclude.h" + #include "jpeglib.h" + #include "jerror.h" + +@@ -107,11 +106,11 @@ + if (cinfo->src == NULL) { /* first time for this JPEG object? */ + cinfo->src = (struct jpeg_source_mgr *) + (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, +- JPOOL_PERMANENT, SIZEOF(stream_source_mgr)); ++ JPOOL_PERMANENT, sizeof(stream_source_mgr)); + src = (stream_src_ptr) cinfo->src; + src->buffer = (JOCTET *) + (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, +- JPOOL_PERMANENT, INPUT_BUF_SIZE * SIZEOF(JOCTET)); ++ JPOOL_PERMANENT, INPUT_BUF_SIZE * sizeof(JOCTET)); + } + + src = (stream_src_ptr) cinfo->src; diff --git a/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch b/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch new file mode 100644 index 0000000..239cd68 --- /dev/null +++ b/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch @@ -0,0 +1,148 @@ +# HG changeset patch +# User sgehwolf +# Date 1525714161 -3600 +# Mon May 07 18:29:21 2018 +0100 +# Node ID afb31413c73cbc06420fdb447aa90a7a38258904 +# Parent bcbc64dfb629c5f188bbf59b8f986ad95963ed60 +8143245, PR3548: Zero build requires disabled warnings +Reviewed-by: dholmes, coleenp + +diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hotspot/make/linux/makefiles/zeroshark.make +--- openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make ++++ openjdk/hotspot/make/linux/makefiles/zeroshark.make +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. ++# Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + # Copyright 2007, 2008 Red Hat, Inc. + # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + # +@@ -29,12 +29,7 @@ + ifeq ($(JVM_VARIANT_ZEROSHARK), true) + WARNING_FLAGS += -Wno-undef + endif +-# Suppress some warning flags that are normally turned on for hotspot, +-# because some of the zero code has not been updated accordingly. +-WARNING_FLAGS += -Wno-return-type \ +- -Wno-format-nonliteral -Wno-format-security \ +- -Wno-maybe-uninitialized +- ++ + + # If FDLIBM_CFLAGS is non-empty it holds CFLAGS needed to be passed to + # the compiler so as to be able to produce optimized objects +diff --git openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp +--- openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp ++++ openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp +@@ -102,7 +102,7 @@ + return result; + default: + ShouldNotReachHere(); +- return result; // silence compiler warnings ++ return NULL_WORD; // silence compiler warnings + } + } + +diff --git openjdk.orig/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp openjdk/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp +--- openjdk.orig/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp ++++ openjdk/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright 2007, 2008, 2010 Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * +@@ -62,7 +62,7 @@ + } + + void InterpreterRuntime::SignatureHandlerGeneratorBase::push(BasicType type) { +- ffi_type *ftype; ++ ffi_type *ftype = NULL; + switch (type) { + case T_VOID: + ftype = &ffi_type_void; +diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp +--- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp ++++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp +@@ -1,6 +1,6 @@ + /* + * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. +- * Copyright 2007, 2008, 2009, 2010 Red Hat, Inc. ++ * Copyright 2016 Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -61,6 +61,7 @@ + + frame os::get_sender_for_C_frame(frame* fr) { + ShouldNotCallThis(); ++ return frame(NULL, NULL); // silence compile warning. + } + + frame os::current_frame() { +@@ -98,16 +99,19 @@ + + address os::Linux::ucontext_get_pc(ucontext_t* uc) { + ShouldNotCallThis(); ++ return NULL; // silence compile warnings + } + + ExtendedPC os::fetch_frame_from_context(void* ucVoid, + intptr_t** ret_sp, + intptr_t** ret_fp) { + ShouldNotCallThis(); ++ return NULL; // silence compile warnings + } + + frame os::fetch_frame_from_context(void* ucVoid) { + ShouldNotCallThis(); ++ return frame(NULL, NULL); // silence compile warnings + } + + extern "C" JNIEXPORT int +@@ -247,11 +251,16 @@ + } + #endif // !PRODUCT + +- const char *fmt = "caught unhandled signal %d"; + char buf[64]; + +- sprintf(buf, fmt, sig); ++ sprintf(buf, "caught unhandled signal %d", sig); ++ ++// Silence -Wformat-security warning for fatal() ++PRAGMA_DIAG_PUSH ++PRAGMA_FORMAT_NONLITERAL_IGNORED + fatal(buf); ++PRAGMA_DIAG_POP ++ return true; // silence compiler warnings + } + + void os::Linux::init_thread_fpu_state(void) { +@@ -260,6 +269,7 @@ + + int os::Linux::get_fpu_control_word() { + ShouldNotCallThis(); ++ return -1; // silence compile warnings + } + + void os::Linux::set_fpu_control_word(int fpu) { +diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp openjdk/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp +--- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp ++++ openjdk/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright 2007, 2008, 2009, 2010 Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * +@@ -110,6 +110,7 @@ + void* ucontext, + bool isInJava) { + ShouldNotCallThis(); ++ return false; // silence compile warning + } + + bool pd_get_top_frame_for_profiling(frame* fr_addr, diff --git a/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch b/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch new file mode 100644 index 0000000..ddab642 --- /dev/null +++ b/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch @@ -0,0 +1,125 @@ +# HG changeset patch +# User mbalao +# Date 1529971845 -28800 +# Tue Jun 26 08:10:45 2018 +0800 +# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc +# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff +8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 +Reviewed-by: valeriep, weijun + +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java +@@ -197,7 +197,7 @@ + + if (configDir != null) { + String configDirPath = null; +- String sqlPrefix = "sql:/"; ++ String sqlPrefix = "sql:"; + if (!configDir.startsWith(sqlPrefix)) { + configDirPath = configDir; + } else { +diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c +--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c ++++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c +@@ -69,9 +69,14 @@ + int res = 0; + FPTR_Initialize initialize = + (FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize"); ++ #ifdef SECMOD_DEBUG ++ FPTR_GetError getError = ++ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError"); ++ #endif // SECMOD_DEBUG + unsigned int flags = 0x00; + const char *configDir = NULL; + const char *functionName = NULL; ++ const char *configFile = NULL; + + /* If we cannot initialize, exit now */ + if (initialize == NULL) { +@@ -97,13 +102,18 @@ + flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag + } + ++ configFile = "secmod.db"; ++ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) { ++ configFile = "pkcs11.txt"; ++ } ++ + /* + * If the NSS_Init function is requested then call NSS_Initialize to + * open the Cert, Key and Security Module databases, read only. + */ + if (strcmp("NSS_Init", functionName) == 0) { + flags = flags | 0x01; // NSS_INIT_READONLY flag +- res = initialize(configDir, "", "", "secmod.db", flags); ++ res = initialize(configDir, "", "", configFile, flags); + + /* + * If the NSS_InitReadWrite function is requested then call +@@ -111,7 +121,7 @@ + * read/write. + */ + } else if (strcmp("NSS_InitReadWrite", functionName) == 0) { +- res = initialize(configDir, "", "", "secmod.db", flags); ++ res = initialize(configDir, "", "", configFile, flags); + + /* + * If the NSS_NoDB_Init function is requested then call +@@ -137,6 +147,13 @@ + (*env)->ReleaseStringUTFChars(env, jConfigDir, configDir); + } + dprintf1("-res: %d\n", res); ++ #ifdef SECMOD_DEBUG ++ if (res == -1) { ++ if (getError != NULL) { ++ dprintf1("-NSS error: %d\n", getError()); ++ } ++ } ++ #endif // SECMOD_DEBUG + + return (res == 0) ? JNI_TRUE : JNI_FALSE; + } +diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h +--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h ++++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h +@@ -34,6 +34,10 @@ + const char *certPrefix, const char *keyPrefix, + const char *secmodName, unsigned int flags); + ++#ifdef SECMOD_DEBUG ++typedef int (*FPTR_GetError)(void); ++#endif //SECMOD_DEBUG ++ + // in secmod.h + //extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent, + // PRBool recurse); +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt +@@ -0,0 +1,4 @@ ++library= ++name=NSS Internal PKCS #11 Module ++parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' ++NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java +--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java ++++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java +@@ -55,7 +55,7 @@ + + DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb"; + if (useSqlite) { +- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR); ++ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR); + } else { + System.setProperty("pkcs11test.nss.db", DBDIR); + } +@@ -67,6 +67,7 @@ + if (useSqlite) { + copyFile("key4.db", BASE, DBDIR); + copyFile("cert9.db", BASE, DBDIR); ++ copyFile("pkcs11.txt", BASE, DBDIR); + } else { + copyFile("secmod.db", BASE, DBDIR); + copyFile("key3.db", BASE, DBDIR); diff --git a/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch b/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch new file mode 100644 index 0000000..0af9d51 --- /dev/null +++ b/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch @@ -0,0 +1,58 @@ +# HG changeset patch +# User andrew +# Date 1526122977 -3600 +# Sat May 12 12:02:57 2018 +0100 +# Node ID 00ccc73498628a51a45301322e64ce2ad06e49be +# Parent aecf9f48f7b5c6148b62713a6b746301435b57cc +PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations +Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X + +diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4 +--- openjdk.orig///common/autoconf/flags.m4 ++++ openjdk///common/autoconf/flags.m4 +@@ -402,6 +402,21 @@ + AC_SUBST($2CXXSTD_CXXFLAG) + fi + ++ # ++ # NOTE: check for -mstackrealign needs to be below potential addition of -m32 ++ # ++ if test "x$OPENJDK_TARGET_CPU" = xx86 && test "x$OPENJDK_TARGET_OS" = xmacosx -o \ ++ "x$OPENJDK_TARGET_OS" = xlinux; then ++ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned. ++ # While waiting for a better solution, the current workaround is to use -mstackrealign ++ # This is also required on Linux systems which use libraries compiled with SSE instructions ++ REALIGN_CFLAG="-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4" ++ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [], ++ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.]) ++ ) ++ AC_SUBST([REALIGN_CFLAG]) ++ fi ++ + if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then + AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags]) + fi +diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/autoconf/hotspot-spec.gmk.in +--- openjdk.orig///common/autoconf/hotspot-spec.gmk.in ++++ openjdk///common/autoconf/hotspot-spec.gmk.in +@@ -112,7 +112,8 @@ + RC:=@HOTSPOT_RC@ + + EXTRA_CFLAGS=@LEGACY_EXTRA_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \ +- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) ++ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \ ++ $(REALIGN_CFLAG) + EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@ + EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@ + EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@ +diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in +--- openjdk.orig///common/autoconf/spec.gmk.in ++++ openjdk///common/autoconf/spec.gmk.in +@@ -366,6 +366,7 @@ + + NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@ + NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@ ++REALIGN_CFLAG=@REALIGN_CFLAG@ + CXXSTD_CXXFLAG=@CXXSTD_CXXFLAG@ + + CXX:=@FIXPATH@ @CCACHE@ @CXX@ diff --git a/jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch b/jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch new file mode 100644 index 0000000..7ac077b --- /dev/null +++ b/jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch @@ -0,0 +1,20 @@ +# HG changeset patch +# User andrew +# Date 1526489197 -3600 +# Wed May 16 17:46:37 2018 +0100 +# Node ID 64e87a408afd2b56d59dad73dee28d4b99463810 +# Parent 00ccc73498628a51a45301322e64ce2ad06e49be +PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code + +diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4 +--- openjdk.orig///common/autoconf/flags.m4 ++++ openjdk///common/autoconf/flags.m4 +@@ -401,6 +401,8 @@ + FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [], + AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.]) + ) ++ CFLAGS_JDK="${CFLAGS_JDK} ${REALIGN_CFLAG}" ++ CXXFLAGS_JDK="${CXXFLAGS_JDK} ${REALIGN_CFLAG}" + AC_SUBST([REALIGN_CFLAG]) + fi + diff --git a/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch b/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch new file mode 100644 index 0000000..4098bdc --- /dev/null +++ b/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch @@ -0,0 +1,328 @@ +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -2689,7 +2689,7 @@ + if (ResizeOldPLAB && CMSOldPLABResizeQuicker) { + size_t multiple = _num_blocks[word_sz]/(CMSOldPLABToleranceFactor*CMSOldPLABNumRefills*n_blks); + n_blks += CMSOldPLABReactivityFactor*multiple*n_blks; +- n_blks = MIN2(n_blks, CMSOldPLABMax); ++ n_blks = MIN2(n_blks, (size_t)CMSOldPLABMax); + } + assert(n_blks > 0, "Error"); + _cfls->par_get_chunk_of_blocks(word_sz, n_blks, fl); +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -961,7 +961,7 @@ + if (free_percentage < desired_free_percentage) { + size_t desired_capacity = (size_t)(used() / ((double) 1 - desired_free_percentage)); + assert(desired_capacity >= capacity(), "invalid expansion size"); +- size_t expand_bytes = MAX2(desired_capacity - capacity(), MinHeapDeltaBytes); ++ size_t expand_bytes = MAX2(desired_capacity - capacity(), (size_t)MinHeapDeltaBytes); + if (PrintGCDetails && Verbose) { + size_t desired_capacity = (size_t)(used() / ((double) 1 - desired_free_percentage)); + gclog_or_tty->print_cr("\nFrom compute_new_size: "); +@@ -6591,7 +6591,7 @@ + HeapWord* curAddr = _markBitMap.startWord(); + while (curAddr < _markBitMap.endWord()) { + size_t remaining = pointer_delta(_markBitMap.endWord(), curAddr); +- MemRegion chunk(curAddr, MIN2(CMSBitMapYieldQuantum, remaining)); ++ MemRegion chunk(curAddr, MIN2((size_t)CMSBitMapYieldQuantum, remaining)); + _markBitMap.clear_large_range(chunk); + if (ConcurrentMarkSweepThread::should_yield() && + !foregroundGCIsActive() && +@@ -6889,7 +6889,7 @@ + return; + } + // Double capacity if possible +- size_t new_capacity = MIN2(_capacity*2, MarkStackSizeMax); ++ size_t new_capacity = MIN2(_capacity*2, (size_t)MarkStackSizeMax); + // Do not give up existing stack until we have managed to + // get the double capacity that we desired. + ReservedSpace rs(ReservedSpace::allocation_align_size_up( +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/concurrentMark.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -3916,7 +3916,7 @@ + // of things to do) or totally (at the very end). + size_t target_size; + if (partially) { +- target_size = MIN2((size_t)_task_queue->max_elems()/3, GCDrainStackTargetSize); ++ target_size = MIN2((size_t)_task_queue->max_elems()/3, (size_t)GCDrainStackTargetSize); + } else { + target_size = 0; + } +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1BiasedArray.hpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp Tue Sep 08 22:20:44 2020 -0400 +@@ -78,7 +78,8 @@ + size_t num_target_elems = pointer_delta(end, bottom, mapping_granularity_in_bytes); + idx_t bias = (uintptr_t)bottom / mapping_granularity_in_bytes; + address base = create_new_base_array(num_target_elems, target_elem_size_in_bytes); +- initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, log2_intptr(mapping_granularity_in_bytes)); ++ initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, ++ log2_intptr((uintptr_t)mapping_granularity_in_bytes)); + } + + size_t bias() const { return _bias; } +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -1729,7 +1729,7 @@ + + verify_region_sets_optional(); + +- size_t expand_bytes = MAX2(word_size * HeapWordSize, MinHeapDeltaBytes); ++ size_t expand_bytes = MAX2(word_size * HeapWordSize, (size_t)MinHeapDeltaBytes); + ergo_verbose1(ErgoHeapSizing, + "attempt heap expansion", + ergo_format_reason("allocation request failed") +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -41,7 +41,7 @@ + } + + size_t G1CMObjArrayProcessor::process_array_slice(objArrayOop obj, HeapWord* start_from, size_t remaining) { +- size_t words_to_scan = MIN2(remaining, ObjArrayMarkingStride); ++ size_t words_to_scan = MIN2(remaining, (size_t)ObjArrayMarkingStride); + + if (remaining > ObjArrayMarkingStride) { + push_array_slice(start_from + ObjArrayMarkingStride); +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.hpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.hpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.hpp Tue Sep 08 22:20:44 2020 -0400 +@@ -89,7 +89,7 @@ + void pretouch_internal(size_t start_page, size_t end_page); + + // Returns the index of the page which contains the given address. +- uintptr_t addr_to_page_index(char* addr) const; ++ size_t addr_to_page_index(char* addr) const; + // Returns the address of the given page index. + char* page_start(size_t index) const; + +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -38,7 +38,7 @@ + _cancel(false), + _empty(true), + _dropped(0) { +- _nqueues = MAX2(ParallelGCThreads, (size_t)1); ++ _nqueues = MAX2(ParallelGCThreads, (uintx)1); + _queues = NEW_C_HEAP_ARRAY(G1StringDedupWorkerQueue, _nqueues, mtGC); + for (size_t i = 0; i < _nqueues; i++) { + new (_queues + i) G1StringDedupWorkerQueue(G1StringDedupWorkerQueue::default_segment_size(), _max_cache_size, _max_size); +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -120,7 +120,7 @@ + }; + + G1StringDedupEntryCache::G1StringDedupEntryCache(size_t max_size) : +- _nlists(MAX2(ParallelGCThreads, (size_t)1)), ++ _nlists(MAX2(ParallelGCThreads, (uintx)1)), + _max_list_length(0), + _cached(PaddedArray::create_unfreeable((uint)_nlists)), + _overflowed(PaddedArray::create_unfreeable((uint)_nlists)) { +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/heapRegion.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -110,7 +110,7 @@ + if (FLAG_IS_DEFAULT(G1HeapRegionSize)) { + size_t average_heap_size = (initial_heap_size + max_heap_size) / 2; + region_size = MAX2(average_heap_size / HeapRegionBounds::target_number(), +- (uintx) HeapRegionBounds::min_size()); ++ HeapRegionBounds::min_size()); + } + + int region_size_log = log2_long((jlong) region_size); +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/parNew/parNewGeneration.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -194,7 +194,7 @@ + const size_t num_overflow_elems = of_stack->size(); + const size_t space_available = queue->max_elems() - queue->size(); + const size_t num_take_elems = MIN3(space_available / 4, +- ParGCDesiredObjsFromOverflowList, ++ (size_t)ParGCDesiredObjsFromOverflowList, + num_overflow_elems); + // Transfer the most recent num_take_elems from the overflow + // stack to our work queue. +diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -912,7 +912,7 @@ + + void PSParallelCompact::initialize_dead_wood_limiter() + { +- const size_t max = 100; ++ const uintx max = 100; + _dwl_mean = double(MIN2(ParallelOldDeadWoodLimiterMean, max)) / 100.0; + _dwl_std_dev = double(MIN2(ParallelOldDeadWoodLimiterStdDev, max)) / 100.0; + _dwl_first_term = 1.0 / (sqrt(2.0 * M_PI) * _dwl_std_dev); +diff -r 4689eaf1a5c9 src/share/vm/memory/collectorPolicy.cpp +--- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -385,7 +385,7 @@ + uintx calculated_size = NewSize + OldSize; + double shrink_factor = (double) MaxHeapSize / calculated_size; + uintx smaller_new_size = align_size_down((uintx)(NewSize * shrink_factor), _gen_alignment); +- FLAG_SET_ERGO(uintx, NewSize, MAX2(young_gen_size_lower_bound(), smaller_new_size)); ++ FLAG_SET_ERGO(uintx, NewSize, MAX2((uintx)young_gen_size_lower_bound(), smaller_new_size)); + _initial_gen0_size = NewSize; + + // OldSize is already aligned because above we aligned MaxHeapSize to +@@ -433,7 +433,7 @@ + // yield a size that is too small) and bound it by MaxNewSize above. + // Ergonomics plays here by previously calculating the desired + // NewSize and MaxNewSize. +- max_new_size = MIN2(MAX2(max_new_size, NewSize), MaxNewSize); ++ max_new_size = MIN2(MAX2(max_new_size, (size_t)NewSize), (size_t)MaxNewSize); + } + assert(max_new_size > 0, "All paths should set max_new_size"); + +@@ -455,23 +455,25 @@ + // lower limit. + _min_gen0_size = NewSize; + desired_new_size = NewSize; +- max_new_size = MAX2(max_new_size, NewSize); ++ max_new_size = MAX2(max_new_size, (size_t)NewSize); + } else if (FLAG_IS_ERGO(NewSize)) { + // If NewSize is set ergonomically, we should use it as a lower + // limit, but use NewRatio to calculate the initial size. + _min_gen0_size = NewSize; + desired_new_size = +- MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), NewSize); +- max_new_size = MAX2(max_new_size, NewSize); ++ MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), (size_t)NewSize); ++ max_new_size = MAX2(max_new_size, (size_t)NewSize); + } else { + // For the case where NewSize is the default, use NewRatio + // to size the minimum and initial generation sizes. + // Use the default NewSize as the floor for these values. If + // NewRatio is overly large, the resulting sizes can be too + // small. +- _min_gen0_size = MAX2(scale_by_NewRatio_aligned(_min_heap_byte_size), NewSize); ++ _min_gen0_size = MAX2(scale_by_NewRatio_aligned(_min_heap_byte_size), ++ (size_t)NewSize); + desired_new_size = +- MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), NewSize); ++ MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), ++ (size_t)NewSize); + } + + assert(_min_gen0_size > 0, "Sanity check"); +@@ -573,7 +575,7 @@ + } else { + // It's been explicitly set on the command line. Use the + // OldSize and then determine the consequences. +- _min_gen1_size = MIN2(OldSize, _min_heap_byte_size - _min_gen0_size); ++ _min_gen1_size = MIN2((size_t)OldSize, _min_heap_byte_size - _min_gen0_size); + _initial_gen1_size = OldSize; + + // If the user has explicitly set an OldSize that is inconsistent +diff -r 4689eaf1a5c9 src/share/vm/memory/metaspace.cpp +--- openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/memory/metaspace.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -1482,7 +1482,7 @@ + + void MetaspaceGC::post_initialize() { + // Reset the high-water mark once the VM initialization is done. +- _capacity_until_GC = MAX2(MetaspaceAux::committed_bytes(), MetaspaceSize); ++ _capacity_until_GC = MAX2(MetaspaceAux::committed_bytes(), (size_t)MetaspaceSize); + } + + bool MetaspaceGC::can_expand(size_t word_size, bool is_class) { +@@ -1542,7 +1542,7 @@ + (size_t)MIN2(min_tmp, double(MaxMetaspaceSize)); + // Don't shrink less than the initial generation size + minimum_desired_capacity = MAX2(minimum_desired_capacity, +- MetaspaceSize); ++ (size_t)MetaspaceSize); + + if (PrintGCDetails && Verbose) { + gclog_or_tty->print_cr("\nMetaspaceGC::compute_new_size: "); +@@ -1600,7 +1600,7 @@ + const double max_tmp = used_after_gc / minimum_used_percentage; + size_t maximum_desired_capacity = (size_t)MIN2(max_tmp, double(MaxMetaspaceSize)); + maximum_desired_capacity = MAX2(maximum_desired_capacity, +- MetaspaceSize); ++ (size_t)MetaspaceSize); + if (PrintGCDetails && Verbose) { + gclog_or_tty->print_cr(" " + " maximum_free_percentage: %6.2f" +@@ -3320,7 +3320,7 @@ + // Make the first class chunk bigger than a medium chunk so it's not put + // on the medium chunk list. The next chunk will be small and progress + // from there. This size calculated by -version. +- _first_class_chunk_word_size = MIN2((size_t)MediumChunk*6, ++ _first_class_chunk_word_size = MIN2((uintx)MediumChunk*6, + (CompressedClassSpaceSize/BytesPerWord)*2); + _first_class_chunk_word_size = align_word_size_up(_first_class_chunk_word_size); + // Arbitrarily set the initial virtual space to a multiple +diff -r 4689eaf1a5c9 src/share/vm/oops/objArrayKlass.inline.hpp +--- openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp Tue Sep 08 22:20:44 2020 -0400 +@@ -48,7 +48,7 @@ + const size_t beg_index = size_t(index); + assert(beg_index < len || len == 0, "index too large"); + +- const size_t stride = MIN2(len - beg_index, ObjArrayMarkingStride); ++ const size_t stride = MIN2(len - beg_index, (size_t)ObjArrayMarkingStride); + const size_t end_index = beg_index + stride; + T* const base = (T*)a->base(); + T* const beg = base + beg_index; +@@ -82,7 +82,7 @@ + const size_t beg_index = size_t(index); + assert(beg_index < len || len == 0, "index too large"); + +- const size_t stride = MIN2(len - beg_index, ObjArrayMarkingStride); ++ const size_t stride = MIN2(len - beg_index, (size_t)ObjArrayMarkingStride); + const size_t end_index = beg_index + stride; + T* const base = (T*)a->base(); + T* const beg = base + beg_index; +diff -r 4689eaf1a5c9 src/share/vm/runtime/arguments.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -1301,7 +1301,7 @@ + // NewSize was set on the command line and it is larger than + // preferred_max_new_size. + if (!FLAG_IS_DEFAULT(NewSize)) { // NewSize explicitly set at command-line +- FLAG_SET_ERGO(uintx, MaxNewSize, MAX2(NewSize, preferred_max_new_size)); ++ FLAG_SET_ERGO(uintx, MaxNewSize, MAX2((size_t)NewSize, preferred_max_new_size)); + } else { + FLAG_SET_ERGO(uintx, MaxNewSize, preferred_max_new_size); + } +@@ -1326,8 +1326,8 @@ + // Unless explicitly requested otherwise, make young gen + // at least min_new, and at most preferred_max_new_size. + if (FLAG_IS_DEFAULT(NewSize)) { +- FLAG_SET_ERGO(uintx, NewSize, MAX2(NewSize, min_new)); +- FLAG_SET_ERGO(uintx, NewSize, MIN2(preferred_max_new_size, NewSize)); ++ FLAG_SET_ERGO(uintx, NewSize, MAX2((size_t)NewSize, min_new)); ++ FLAG_SET_ERGO(uintx, NewSize, MIN2(preferred_max_new_size, (size_t)NewSize)); + if (PrintGCDetails && Verbose) { + // Too early to use gclog_or_tty + tty->print_cr("CMS ergo set NewSize: " SIZE_FORMAT, NewSize); +@@ -1337,7 +1337,7 @@ + // so it's NewRatio x of NewSize. + if (FLAG_IS_DEFAULT(OldSize)) { + if (max_heap > NewSize) { +- FLAG_SET_ERGO(uintx, OldSize, MIN2(NewRatio*NewSize, max_heap - NewSize)); ++ FLAG_SET_ERGO(uintx, OldSize, MIN2((size_t)(NewRatio*NewSize), max_heap - NewSize)); + if (PrintGCDetails && Verbose) { + // Too early to use gclog_or_tty + tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize); +diff -r 4689eaf1a5c9 src/share/vm/runtime/os.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/os.cpp Mon Aug 31 07:09:56 2020 +0100 ++++ openjdk/hotspot/src/share/vm/runtime/os.cpp Tue Sep 08 22:20:44 2020 -0400 +@@ -1272,7 +1272,7 @@ + } + + void os::set_memory_serialize_page(address page) { +- int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64); ++ int count = log2_intptr((uintptr_t)sizeof(class JavaThread)) - log2_int(64); + _mem_serialize_page = (volatile int32_t *)page; + // We initialize the serialization page shift count here + // We assume a cache line size of 64 bytes diff --git a/jdk8257794-remove_broken_assert.patch b/jdk8257794-remove_broken_assert.patch new file mode 100644 index 0000000..bb88013 --- /dev/null +++ b/jdk8257794-remove_broken_assert.patch @@ -0,0 +1,13 @@ +diff --git openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp +--- openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp ++++ openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp +@@ -493,9 +493,6 @@ + assert(labs(istate->_stack_base - istate->_stack_limit) == (istate->_method->max_stack() + extra_stack_entries + + 1), "bad stack limit"); + } +-#ifndef SHARK +- IA32_ONLY(assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1, "wrong")); +-#endif // !SHARK + } + // Verify linkages. + interpreterState l = istate; diff --git a/jdk8275535-rh2053256-ldap_auth.patch b/jdk8275535-rh2053256-ldap_auth.patch new file mode 100644 index 0000000..ca3e985 --- /dev/null +++ b/jdk8275535-rh2053256-ldap_auth.patch @@ -0,0 +1,26 @@ +diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java +index cf4becb7db..4ab2ac0a31 100644 +--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java ++++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java +@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor + ctx = getLdapCtxFromUrl( + r.getDomainName(), url, new LdapURL(u), env); + return ctx; ++ } catch (AuthenticationException e) { ++ // do not retry on a different endpoint to avoid blocking ++ // the user if authentication credentials are wrong. ++ throw e; + } catch (NamingException e) { + // try the next element + lastException = e; +@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor + for (String u : urls) { + try { + return getUsingURL(u, env); ++ } catch (AuthenticationException e) { ++ // do not retry on a different URL to avoid blocking ++ // the user if authentication credentials are wrong. ++ throw e; + } catch (NamingException e) { + ex = e; + } diff --git a/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch b/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch new file mode 100644 index 0000000..774a08e --- /dev/null +++ b/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch @@ -0,0 +1,67 @@ +# HG changeset patch +# User Andrew John Hughes +# Date 1620365804 -3600 +# Fri May 07 06:36:44 2021 +0100 +# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8 +# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b +PR3836: Extra compiler flags not passed to adlc build + +diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make +--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make ++++ openjdk/hotspot/make/aix/makefiles/adlc.make +@@ -69,6 +69,11 @@ + CFLAGS_WARN = -w + CFLAGS += $(CFLAGS_WARN) + ++# Extra flags from gnumake's invocation or environment ++CFLAGS += $(EXTRA_CFLAGS) ++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS) ++ASFLAGS += $(EXTRA_ASFLAGS) ++ + OBJECTNAMES = \ + adlparse.o \ + archDesc.o \ +diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make +--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make ++++ openjdk/hotspot/make/bsd/makefiles/adlc.make +@@ -71,6 +71,11 @@ + endif + CFLAGS += $(CFLAGS_WARN) + ++# Extra flags from gnumake's invocation or environment ++CFLAGS += $(EXTRA_CFLAGS) ++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS) ++ASFLAGS += $(EXTRA_ASFLAGS) ++ + OBJECTNAMES = \ + adlparse.o \ + archDesc.o \ +diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make +--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make ++++ openjdk/hotspot/make/linux/makefiles/adlc.make +@@ -69,6 +69,11 @@ + CFLAGS_WARN = $(WARNINGS_ARE_ERRORS) + CFLAGS += $(CFLAGS_WARN) + ++# Extra flags from gnumake's invocation or environment ++CFLAGS += $(EXTRA_CFLAGS) ++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS) ++ASFLAGS += $(EXTRA_ASFLAGS) ++ + OBJECTNAMES = \ + adlparse.o \ + archDesc.o \ +diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make +--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make ++++ openjdk/hotspot/make/solaris/makefiles/adlc.make +@@ -85,6 +85,10 @@ + endif + CFLAGS += $(CFLAGS_WARN) + ++# Extra flags from gnumake's invocation or environment ++CFLAGS += $(EXTRA_CFLAGS) ++ASFLAGS += $(EXTRA_ASFLAGS) ++ + ifeq ("${Platform_compiler}", "sparcWorks") + # Enable the following CFLAGS addition if you need to compare the + # built ELF objects. diff --git a/jdk8294357-tzdata2022d.patch b/jdk8294357-tzdata2022d.patch new file mode 100644 index 0000000..7356928 --- /dev/null +++ b/jdk8294357-tzdata2022d.patch @@ -0,0 +1,506 @@ +commit 8589b1229cffb9a0ab00baf62ce2d4376d31b055 +Author: Andrew John Hughes +Date: Fri Oct 14 22:55:39 2022 +0100 + + Backport f67b4de8a07b8158be1dfb5b09cdb4cc5b7ac93b + +diff --git a/jdk/make/data/tzdata/VERSION b/jdk/make/data/tzdata/VERSION +index decb8716b22..889d0e6dad7 100644 +--- a/jdk/make/data/tzdata/VERSION ++++ b/jdk/make/data/tzdata/VERSION +@@ -21,4 +21,4 @@ + # or visit www.oracle.com if you need additional information or have any + # questions. + # +-tzdata2022c ++tzdata2022d +diff --git a/jdk/make/data/tzdata/asia b/jdk/make/data/tzdata/asia +index 6cb6d2c57cf..1dc7d34f88e 100644 +--- a/jdk/make/data/tzdata/asia ++++ b/jdk/make/data/tzdata/asia +@@ -3398,10 +3398,6 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 + # The winter time in 2015 started on October 23 at 01:00. + # https://wafa.ps/ar_page.aspx?id=CgpCdYa670694628582aCgpCdY + # http://www.palestinecabinet.gov.ps/portal/meeting/details/27583 +-# +-# From Paul Eggert (2019-04-10): +-# For now, guess spring-ahead transitions are at 00:00 on the Saturday +-# preceding March's last Sunday (i.e., Sat>=24). + + # From P Chan (2021-10-18): + # http://wafa.ps/Pages/Details/34701 +@@ -3418,6 +3414,18 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 + # From Heba Hamad (2022-03-10): + # summer time will begin in Palestine from Sunday 03-27-2022, 00:00 AM. + ++# From Heba Hamad (2022-08-30): ++# winter time will begin in Palestine from Saturday 10-29, 02:00 AM by ++# 60 minutes backwards. Also the state of Palestine adopted the summer ++# and winter time for the years: 2023,2024,2025,2026 ... ++# https://mm.icann.org/pipermail/tz/attachments/20220830/9f024566/Time-0001.pdf ++# (2022-08-31): ... the Saturday before the last Sunday in March and October ++# at 2:00 AM ,for the years from 2023 to 2026. ++# (2022-09-05): https://mtit.pna.ps/Site/New/1453 ++# ++# From Paul Eggert (2022-08-31): ++# For now, assume that this rule will also be used after 2026. ++ + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S + Rule EgyptAsia 1957 only - May 10 0:00 1:00 S + Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 - +@@ -3448,14 +3456,16 @@ Rule Palestine 2013 only - Sep 27 0:00 0 - + Rule Palestine 2014 only - Oct 24 0:00 0 - + Rule Palestine 2015 only - Mar 28 0:00 1:00 S + Rule Palestine 2015 only - Oct 23 1:00 0 - +-Rule Palestine 2016 2018 - Mar Sat>=24 1:00 1:00 S +-Rule Palestine 2016 2018 - Oct Sat>=24 1:00 0 - ++Rule Palestine 2016 2018 - Mar Sat<=30 1:00 1:00 S ++Rule Palestine 2016 2018 - Oct Sat<=30 1:00 0 - + Rule Palestine 2019 only - Mar 29 0:00 1:00 S +-Rule Palestine 2019 only - Oct Sat>=24 0:00 0 - +-Rule Palestine 2020 2021 - Mar Sat>=24 0:00 1:00 S ++Rule Palestine 2019 only - Oct Sat<=30 0:00 0 - ++Rule Palestine 2020 2021 - Mar Sat<=30 0:00 1:00 S + Rule Palestine 2020 only - Oct 24 1:00 0 - +-Rule Palestine 2021 max - Oct Fri>=23 1:00 0 - +-Rule Palestine 2022 max - Mar Sun>=25 0:00 1:00 S ++Rule Palestine 2021 only - Oct 29 1:00 0 - ++Rule Palestine 2022 only - Mar 27 0:00 1:00 S ++Rule Palestine 2022 max - Oct Sat<=30 2:00 0 - ++Rule Palestine 2023 max - Mar Sat<=30 2:00 1:00 S + + # Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Asia/Gaza 2:17:52 - LMT 1900 Oct +diff --git a/jdk/make/data/tzdata/backward b/jdk/make/data/tzdata/backward +index d4a29e8cf29..7765d99aedf 100644 +--- a/jdk/make/data/tzdata/backward ++++ b/jdk/make/data/tzdata/backward +@@ -113,6 +113,8 @@ Link Etc/UTC Etc/UCT + Link Europe/London Europe/Belfast + Link Europe/Kyiv Europe/Kiev + Link Europe/Chisinau Europe/Tiraspol ++Link Europe/Kyiv Europe/Uzhgorod ++Link Europe/Kyiv Europe/Zaporozhye + Link Europe/London GB + Link Europe/London GB-Eire + Link Etc/GMT GMT+0 +diff --git a/jdk/make/data/tzdata/europe b/jdk/make/data/tzdata/europe +index f7eb7a387aa..9e0a538f86d 100644 +--- a/jdk/make/data/tzdata/europe ++++ b/jdk/make/data/tzdata/europe +@@ -2638,10 +2638,14 @@ Zone Europe/Simferopol 2:16:24 - LMT 1880 + # From Alexander Krivenyshev (2014-03-17): + # time change at 2:00 (2am) on March 30, 2014 + # https://vz.ru/news/2014/3/17/677464.html +-# From Paul Eggert (2014-03-30): +-# Simferopol and Sevastopol reportedly changed their central town clocks +-# late the previous day, but this appears to have been ceremonial +-# and the discrepancies are small enough to not worry about. ++# From Tim Parenti (2022-07-01), per Paul Eggert (2014-03-30): ++# The clocks at the railway station in Simferopol were put forward from 22:00 ++# to 24:00 the previous day in a "symbolic ceremony"; however, per ++# contemporaneous news reports, "ordinary Crimeans [made] the daylight savings ++# time switch at 2am" on Sunday. ++# https://www.business-standard.com/article/pti-stories/crimea-to-set-clocks-to-russia-time-114033000014_1.html ++# https://www.reuters.com/article/us-ukraine-crisis-crimea-time/crimea-switches-to-moscow-time-amid-incorporation-frenzy-idUKBREA2S0LT20140329 ++# https://www.bbc.com/news/av/world-europe-26806583 + 2:00 EU EE%sT 2014 Mar 30 2:00 + 4:00 - MSK 2014 Oct 26 2:00s + 3:00 - MSK +@@ -3774,8 +3778,8 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. + # US colleague David Cochrane) are still trying to get more + # information upon these local deviations from Kiev rules. + # +-# From Paul Eggert (2022-02-08): +-# For now, assume that Ukraine's other three zones followed the same rules, ++# From Paul Eggert (2022-08-27): ++# For now, assume that Ukraine's zones all followed the same rules, + # except that Crimea switched to Moscow time in 1994 as described elsewhere. + + # From Igor Karpov, who works for the Ukrainian Ministry of Justice, +@@ -3845,21 +3849,7 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. + # * Ukrainian Government's Resolution of 20.03.1992, No. 139. + # http://www.uazakon.com/documents/date_8u/pg_grcasa.htm + +-# From Paul Eggert (2022-04-12): +-# As is usual in tzdb, Ukrainian zones use the most common English spellings. +-# In particular, tzdb's name Europe/Kyiv uses the most common spelling in +-# English for Ukraine's capital. Although tzdb's former name was Europe/Kiev, +-# "Kyiv" is now more common due to widespread reporting of the current conflict. +-# Conversely, tzdb continues to use the names Europe/Uzhgorod and +-# Europe/Zaporozhye; this is similar to tzdb's use of Europe/Prague, which is +-# certainly wrong as a transliteration of the Czech "Praha". +-# English-language spelling of Ukrainian names is in flux, and +-# some day "Uzhhorod" or "Zaporizhzhia" may become substantially more +-# common in English; in the meantime, do not change these +-# English spellings as that means less disruption for our users. +- + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-# This represents most of Ukraine. See above for the spelling of "Kyiv". + Zone Europe/Kyiv 2:02:04 - LMT 1880 + 2:02:04 - KMT 1924 May 2 # Kyiv Mean Time + 2:00 - EET 1930 Jun 21 +@@ -3869,34 +3859,6 @@ Zone Europe/Kyiv 2:02:04 - LMT 1880 + 2:00 1:00 EEST 1991 Sep 29 3:00 + 2:00 C-Eur EE%sT 1996 May 13 + 2:00 EU EE%sT +-# Transcarpathia used CET 1990/1991. +-# "Uzhhorod" is the transliteration of the Rusyn/Ukrainian pronunciation, but +-# "Uzhgorod" is more common in English. +-Zone Europe/Uzhgorod 1:29:12 - LMT 1890 Oct +- 1:00 - CET 1940 +- 1:00 C-Eur CE%sT 1944 Oct +- 1:00 1:00 CEST 1944 Oct 26 +- 1:00 - CET 1945 Jun 29 +- 3:00 Russia MSK/MSD 1990 +- 3:00 - MSK 1990 Jul 1 2:00 +- 1:00 - CET 1991 Mar 31 3:00 +- 2:00 - EET 1992 Mar 20 +- 2:00 C-Eur EE%sT 1996 May 13 +- 2:00 EU EE%sT +-# Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991. +-# "Zaporizhzhia" is the transliteration of the Ukrainian name, but +-# "Zaporozh'ye" is more common in English. Use the common English +-# spelling, except omit the apostrophe as it is not allowed in +-# portable Posix file names. +-Zone Europe/Zaporozhye 2:20:40 - LMT 1880 +- 2:20 - +0220 1924 May 2 +- 2:00 - EET 1930 Jun 21 +- 3:00 - MSK 1941 Aug 25 +- 1:00 C-Eur CE%sT 1943 Oct 25 +- 3:00 Russia MSK/MSD 1991 Mar 31 2:00 +- 2:00 E-Eur EE%sT 1992 Mar 20 +- 2:00 C-Eur EE%sT 1996 May 13 +- 2:00 EU EE%sT + + # Vatican City + # See Europe/Rome. +diff --git a/jdk/make/data/tzdata/southamerica b/jdk/make/data/tzdata/southamerica +index 13ec081c7e0..3c0e0e2061c 100644 +--- a/jdk/make/data/tzdata/southamerica ++++ b/jdk/make/data/tzdata/southamerica +@@ -1332,8 +1332,14 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 + # for America/Santiago will start on midnight of September 11th; + # and will end on April 1st, 2023. Magallanes region (America/Punta_Arenas) + # will keep UTC -3 "indefinitely"... This is because on September 4th +-# we will have a voting whether to approve a new Constitution.... +-# https://www.interior.gob.cl/noticias/2022/08/09/comunicado-el-proximo-sabado-10-de-septiembre-los-relojes-se-deben-adelantar-una-hora/ ++# we will have a voting whether to approve a new Constitution. ++# ++# From Eduardo Romero Urra (2022-08-17): ++# https://www.diariooficial.interior.gob.cl/publicaciones/2022/08/13/43327/01/2172567.pdf ++# ++# From Paul Eggert (2022-08-17): ++# Although the presidential decree stops at fall 2026, assume that ++# similar DST rules will continue thereafter. + + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S + Rule Chile 1927 1931 - Sep 1 0:00 1:00 - +diff --git a/jdk/make/data/tzdata/zone.tab b/jdk/make/data/tzdata/zone.tab +index 51b65fa273c..ee025196e50 100644 +--- a/jdk/make/data/tzdata/zone.tab ++++ b/jdk/make/data/tzdata/zone.tab +@@ -424,8 +424,6 @@ TV -0831+17913 Pacific/Funafuti + TW +2503+12130 Asia/Taipei + TZ -0648+03917 Africa/Dar_es_Salaam + UA +5026+03031 Europe/Kyiv Ukraine (most areas) +-UA +4837+02218 Europe/Uzhgorod Transcarpathia +-UA +4750+03510 Europe/Zaporozhye Zaporozhye and east Lugansk + UG +0019+03225 Africa/Kampala + UM +2813-17722 Pacific/Midway Midway Islands + UM +1917+16637 Pacific/Wake Wake Island +diff --git a/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java b/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java +index 43bddd5859a..4b84cda3067 100644 +--- a/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java ++++ b/jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java +@@ -573,12 +573,8 @@ public final class ZoneInfoFile { + // we can then pass in the dom = -1, dow > 0 into ZoneInfo + // + // hacking, assume the >=24 is the result of ZRB optimization for +- // "last", it works for now. From tzdata2020d this hacking +- // will not work for Asia/Gaza and Asia/Hebron which follow +- // Palestine DST rules. +- if (dom < 0 || dom >= 24 && +- !(zoneId.equals("Asia/Gaza") || +- zoneId.equals("Asia/Hebron"))) { ++ // "last", it works for now. ++ if (dom < 0 || dom >= 24) { + params[1] = -1; + params[2] = toCalendarDOW[dow]; + } else { +@@ -600,7 +596,6 @@ public final class ZoneInfoFile { + params[7] = 0; + } else { + // hacking: see comment above +- // No need of hacking for Asia/Gaza and Asia/Hebron from tz2021e + if (dom < 0 || dom >= 24) { + params[6] = -1; + params[7] = toCalendarDOW[dow]; +diff --git a/jdk/test/java/util/TimeZone/TimeZoneData/VERSION b/jdk/test/java/util/TimeZone/TimeZoneData/VERSION +index c32bee39fba..71470168456 100644 +--- a/jdk/test/java/util/TimeZone/TimeZoneData/VERSION ++++ b/jdk/test/java/util/TimeZone/TimeZoneData/VERSION +@@ -1 +1 @@ +-tzdata2022c ++tzdata2022d +diff --git a/jdk/test/java/util/TimeZone/TimeZoneData/aliases.txt b/jdk/test/java/util/TimeZone/TimeZoneData/aliases.txt +index a5e6428a3f5..e3ce742f887 100644 +--- a/jdk/test/java/util/TimeZone/TimeZoneData/aliases.txt ++++ b/jdk/test/java/util/TimeZone/TimeZoneData/aliases.txt +@@ -183,6 +183,8 @@ Link Etc/UTC Etc/UCT + Link Europe/London Europe/Belfast + Link Europe/Kyiv Europe/Kiev + Link Europe/Chisinau Europe/Tiraspol ++Link Europe/Kyiv Europe/Uzhgorod ++Link Europe/Kyiv Europe/Zaporozhye + Link Europe/London GB + Link Europe/London GB-Eire + Link Etc/GMT GMT+0 +diff --git a/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt b/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt +index fc148537f1f..b3823958ae4 100644 +--- a/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt ++++ b/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt +@@ -163,11 +163,9 @@ Europe/Simferopol MSK + Europe/Sofia EET EEST + Europe/Tallinn EET EEST + Europe/Tirane CET CEST +-Europe/Uzhgorod EET EEST + Europe/Vienna CET CEST + Europe/Vilnius EET EEST + Europe/Warsaw CET CEST +-Europe/Zaporozhye EET EEST + Europe/Zurich CET CEST + HST HST + MET MET MEST +diff --git a/jdk/test/sun/util/calendar/zi/TestZoneInfo310.java b/jdk/test/sun/util/calendar/zi/TestZoneInfo310.java +index 3aad69f8118..c682531d4bd 100644 +--- a/jdk/test/sun/util/calendar/zi/TestZoneInfo310.java ++++ b/jdk/test/sun/util/calendar/zi/TestZoneInfo310.java +@@ -173,10 +173,19 @@ public class TestZoneInfo310 { + * Temporary ignoring the failing TimeZones which are having zone + * rules defined till year 2037 and/or above and have negative DST + * save time in IANA tzdata. This bug is tracked via JDK-8223388. ++ * ++ * Tehran/Iran rule has rules beyond 2037, in which javazic assumes ++ * to be the last year. Thus javazic's rule is based on year 2037 ++ * (Mar 20th/Sep 20th are the cutover dates), while the real rule ++ * has year 2087 where Mar 21st/Sep 21st are the cutover dates. + */ +- if (zid.equals("Africa/Casablanca") || zid.equals("Africa/El_Aaiun") +- || zid.equals("Asia/Tehran") || zid.equals("Iran")) { +- continue; ++ if (zid.equals("Africa/Casablanca") || // uses "Morocco" rule ++ zid.equals("Africa/El_Aaiun") || // uses "Morocco" rule ++ zid.equals("Asia/Tehran") || // last rule mismatch ++ zid.equals("Asia/Gaza") || // uses "Palestine" rule ++ zid.equals("Asia/Hebron") || // uses "Palestine" rule ++ zid.equals("Iran")) { // last rule mismatch ++ continue; + } + if (! zi.equalsTo(ziOLD)) { + System.out.println(zi.diffsTo(ziOLD)); +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/VERSION b/jdk/test/sun/util/calendar/zi/tzdata/VERSION +index decb8716b22..889d0e6dad7 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/VERSION ++++ b/jdk/test/sun/util/calendar/zi/tzdata/VERSION +@@ -21,4 +21,4 @@ + # or visit www.oracle.com if you need additional information or have any + # questions. + # +-tzdata2022c ++tzdata2022d +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/asia b/jdk/test/sun/util/calendar/zi/tzdata/asia +index 6cb6d2c57cf..1dc7d34f88e 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/asia ++++ b/jdk/test/sun/util/calendar/zi/tzdata/asia +@@ -3398,10 +3398,6 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 + # The winter time in 2015 started on October 23 at 01:00. + # https://wafa.ps/ar_page.aspx?id=CgpCdYa670694628582aCgpCdY + # http://www.palestinecabinet.gov.ps/portal/meeting/details/27583 +-# +-# From Paul Eggert (2019-04-10): +-# For now, guess spring-ahead transitions are at 00:00 on the Saturday +-# preceding March's last Sunday (i.e., Sat>=24). + + # From P Chan (2021-10-18): + # http://wafa.ps/Pages/Details/34701 +@@ -3418,6 +3414,18 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 + # From Heba Hamad (2022-03-10): + # summer time will begin in Palestine from Sunday 03-27-2022, 00:00 AM. + ++# From Heba Hamad (2022-08-30): ++# winter time will begin in Palestine from Saturday 10-29, 02:00 AM by ++# 60 minutes backwards. Also the state of Palestine adopted the summer ++# and winter time for the years: 2023,2024,2025,2026 ... ++# https://mm.icann.org/pipermail/tz/attachments/20220830/9f024566/Time-0001.pdf ++# (2022-08-31): ... the Saturday before the last Sunday in March and October ++# at 2:00 AM ,for the years from 2023 to 2026. ++# (2022-09-05): https://mtit.pna.ps/Site/New/1453 ++# ++# From Paul Eggert (2022-08-31): ++# For now, assume that this rule will also be used after 2026. ++ + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S + Rule EgyptAsia 1957 only - May 10 0:00 1:00 S + Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 - +@@ -3448,14 +3456,16 @@ Rule Palestine 2013 only - Sep 27 0:00 0 - + Rule Palestine 2014 only - Oct 24 0:00 0 - + Rule Palestine 2015 only - Mar 28 0:00 1:00 S + Rule Palestine 2015 only - Oct 23 1:00 0 - +-Rule Palestine 2016 2018 - Mar Sat>=24 1:00 1:00 S +-Rule Palestine 2016 2018 - Oct Sat>=24 1:00 0 - ++Rule Palestine 2016 2018 - Mar Sat<=30 1:00 1:00 S ++Rule Palestine 2016 2018 - Oct Sat<=30 1:00 0 - + Rule Palestine 2019 only - Mar 29 0:00 1:00 S +-Rule Palestine 2019 only - Oct Sat>=24 0:00 0 - +-Rule Palestine 2020 2021 - Mar Sat>=24 0:00 1:00 S ++Rule Palestine 2019 only - Oct Sat<=30 0:00 0 - ++Rule Palestine 2020 2021 - Mar Sat<=30 0:00 1:00 S + Rule Palestine 2020 only - Oct 24 1:00 0 - +-Rule Palestine 2021 max - Oct Fri>=23 1:00 0 - +-Rule Palestine 2022 max - Mar Sun>=25 0:00 1:00 S ++Rule Palestine 2021 only - Oct 29 1:00 0 - ++Rule Palestine 2022 only - Mar 27 0:00 1:00 S ++Rule Palestine 2022 max - Oct Sat<=30 2:00 0 - ++Rule Palestine 2023 max - Mar Sat<=30 2:00 1:00 S + + # Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Asia/Gaza 2:17:52 - LMT 1900 Oct +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/backward b/jdk/test/sun/util/calendar/zi/tzdata/backward +index d4a29e8cf29..7765d99aedf 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/backward ++++ b/jdk/test/sun/util/calendar/zi/tzdata/backward +@@ -113,6 +113,8 @@ Link Etc/UTC Etc/UCT + Link Europe/London Europe/Belfast + Link Europe/Kyiv Europe/Kiev + Link Europe/Chisinau Europe/Tiraspol ++Link Europe/Kyiv Europe/Uzhgorod ++Link Europe/Kyiv Europe/Zaporozhye + Link Europe/London GB + Link Europe/London GB-Eire + Link Etc/GMT GMT+0 +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/europe b/jdk/test/sun/util/calendar/zi/tzdata/europe +index f7eb7a387aa..9e0a538f86d 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/europe ++++ b/jdk/test/sun/util/calendar/zi/tzdata/europe +@@ -2638,10 +2638,14 @@ Zone Europe/Simferopol 2:16:24 - LMT 1880 + # From Alexander Krivenyshev (2014-03-17): + # time change at 2:00 (2am) on March 30, 2014 + # https://vz.ru/news/2014/3/17/677464.html +-# From Paul Eggert (2014-03-30): +-# Simferopol and Sevastopol reportedly changed their central town clocks +-# late the previous day, but this appears to have been ceremonial +-# and the discrepancies are small enough to not worry about. ++# From Tim Parenti (2022-07-01), per Paul Eggert (2014-03-30): ++# The clocks at the railway station in Simferopol were put forward from 22:00 ++# to 24:00 the previous day in a "symbolic ceremony"; however, per ++# contemporaneous news reports, "ordinary Crimeans [made] the daylight savings ++# time switch at 2am" on Sunday. ++# https://www.business-standard.com/article/pti-stories/crimea-to-set-clocks-to-russia-time-114033000014_1.html ++# https://www.reuters.com/article/us-ukraine-crisis-crimea-time/crimea-switches-to-moscow-time-amid-incorporation-frenzy-idUKBREA2S0LT20140329 ++# https://www.bbc.com/news/av/world-europe-26806583 + 2:00 EU EE%sT 2014 Mar 30 2:00 + 4:00 - MSK 2014 Oct 26 2:00s + 3:00 - MSK +@@ -3774,8 +3778,8 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. + # US colleague David Cochrane) are still trying to get more + # information upon these local deviations from Kiev rules. + # +-# From Paul Eggert (2022-02-08): +-# For now, assume that Ukraine's other three zones followed the same rules, ++# From Paul Eggert (2022-08-27): ++# For now, assume that Ukraine's zones all followed the same rules, + # except that Crimea switched to Moscow time in 1994 as described elsewhere. + + # From Igor Karpov, who works for the Ukrainian Ministry of Justice, +@@ -3845,21 +3849,7 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. + # * Ukrainian Government's Resolution of 20.03.1992, No. 139. + # http://www.uazakon.com/documents/date_8u/pg_grcasa.htm + +-# From Paul Eggert (2022-04-12): +-# As is usual in tzdb, Ukrainian zones use the most common English spellings. +-# In particular, tzdb's name Europe/Kyiv uses the most common spelling in +-# English for Ukraine's capital. Although tzdb's former name was Europe/Kiev, +-# "Kyiv" is now more common due to widespread reporting of the current conflict. +-# Conversely, tzdb continues to use the names Europe/Uzhgorod and +-# Europe/Zaporozhye; this is similar to tzdb's use of Europe/Prague, which is +-# certainly wrong as a transliteration of the Czech "Praha". +-# English-language spelling of Ukrainian names is in flux, and +-# some day "Uzhhorod" or "Zaporizhzhia" may become substantially more +-# common in English; in the meantime, do not change these +-# English spellings as that means less disruption for our users. +- + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-# This represents most of Ukraine. See above for the spelling of "Kyiv". + Zone Europe/Kyiv 2:02:04 - LMT 1880 + 2:02:04 - KMT 1924 May 2 # Kyiv Mean Time + 2:00 - EET 1930 Jun 21 +@@ -3869,34 +3859,6 @@ Zone Europe/Kyiv 2:02:04 - LMT 1880 + 2:00 1:00 EEST 1991 Sep 29 3:00 + 2:00 C-Eur EE%sT 1996 May 13 + 2:00 EU EE%sT +-# Transcarpathia used CET 1990/1991. +-# "Uzhhorod" is the transliteration of the Rusyn/Ukrainian pronunciation, but +-# "Uzhgorod" is more common in English. +-Zone Europe/Uzhgorod 1:29:12 - LMT 1890 Oct +- 1:00 - CET 1940 +- 1:00 C-Eur CE%sT 1944 Oct +- 1:00 1:00 CEST 1944 Oct 26 +- 1:00 - CET 1945 Jun 29 +- 3:00 Russia MSK/MSD 1990 +- 3:00 - MSK 1990 Jul 1 2:00 +- 1:00 - CET 1991 Mar 31 3:00 +- 2:00 - EET 1992 Mar 20 +- 2:00 C-Eur EE%sT 1996 May 13 +- 2:00 EU EE%sT +-# Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991. +-# "Zaporizhzhia" is the transliteration of the Ukrainian name, but +-# "Zaporozh'ye" is more common in English. Use the common English +-# spelling, except omit the apostrophe as it is not allowed in +-# portable Posix file names. +-Zone Europe/Zaporozhye 2:20:40 - LMT 1880 +- 2:20 - +0220 1924 May 2 +- 2:00 - EET 1930 Jun 21 +- 3:00 - MSK 1941 Aug 25 +- 1:00 C-Eur CE%sT 1943 Oct 25 +- 3:00 Russia MSK/MSD 1991 Mar 31 2:00 +- 2:00 E-Eur EE%sT 1992 Mar 20 +- 2:00 C-Eur EE%sT 1996 May 13 +- 2:00 EU EE%sT + + # Vatican City + # See Europe/Rome. +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/southamerica b/jdk/test/sun/util/calendar/zi/tzdata/southamerica +index 13ec081c7e0..3c0e0e2061c 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/southamerica ++++ b/jdk/test/sun/util/calendar/zi/tzdata/southamerica +@@ -1332,8 +1332,14 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 + # for America/Santiago will start on midnight of September 11th; + # and will end on April 1st, 2023. Magallanes region (America/Punta_Arenas) + # will keep UTC -3 "indefinitely"... This is because on September 4th +-# we will have a voting whether to approve a new Constitution.... +-# https://www.interior.gob.cl/noticias/2022/08/09/comunicado-el-proximo-sabado-10-de-septiembre-los-relojes-se-deben-adelantar-una-hora/ ++# we will have a voting whether to approve a new Constitution. ++# ++# From Eduardo Romero Urra (2022-08-17): ++# https://www.diariooficial.interior.gob.cl/publicaciones/2022/08/13/43327/01/2172567.pdf ++# ++# From Paul Eggert (2022-08-17): ++# Although the presidential decree stops at fall 2026, assume that ++# similar DST rules will continue thereafter. + + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S + Rule Chile 1927 1931 - Sep 1 0:00 1:00 - +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab +index 51b65fa273c..ee025196e50 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/zone.tab ++++ b/jdk/test/sun/util/calendar/zi/tzdata/zone.tab +@@ -424,8 +424,6 @@ TV -0831+17913 Pacific/Funafuti + TW +2503+12130 Asia/Taipei + TZ -0648+03917 Africa/Dar_es_Salaam + UA +5026+03031 Europe/Kyiv Ukraine (most areas) +-UA +4837+02218 Europe/Uzhgorod Transcarpathia +-UA +4750+03510 Europe/Zaporozhye Zaporozhye and east Lugansk + UG +0019+03225 Africa/Kampala + UM +2813-17722 Pacific/Midway Midway Islands + UM +1917+16637 Pacific/Wake Wake Island diff --git a/jdk8295173-tzdata2022e.patch b/jdk8295173-tzdata2022e.patch new file mode 100644 index 0000000..a7d23ef --- /dev/null +++ b/jdk8295173-tzdata2022e.patch @@ -0,0 +1,813 @@ +commit 44ea8322b2f62e3d8139a78923e3bf017e535989 +Author: Andrew John Hughes +Date: Sun Oct 16 03:02:37 2022 +0100 + + Backport 21407dec0156301871a83328615e4d975c4287c4 + +diff --git a/jdk/make/data/tzdata/VERSION b/jdk/make/data/tzdata/VERSION +index 889d0e6dad7..b8cb36e69f4 100644 +--- a/jdk/make/data/tzdata/VERSION ++++ b/jdk/make/data/tzdata/VERSION +@@ -21,4 +21,4 @@ + # or visit www.oracle.com if you need additional information or have any + # questions. + # +-tzdata2022d ++tzdata2022e +diff --git a/jdk/make/data/tzdata/asia b/jdk/make/data/tzdata/asia +index 1dc7d34f88e..f1771e42a71 100644 +--- a/jdk/make/data/tzdata/asia ++++ b/jdk/make/data/tzdata/asia +@@ -2254,6 +2254,17 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u + # From the Arabic version, it seems to say it would be at midnight + # (assume 24:00) on the last Thursday in February, starting from 2022. + ++# From Issam Al-Zuwairi (2022-10-05): ++# The Council of Ministers in Jordan decided Wednesday 5th October 2022, ++# that daylight saving time (DST) will be throughout the year.... ++# ++# From Brian Inglis (2022-10-06): ++# https://petra.gov.jo/Include/InnerPage.jsp?ID=45567&lang=en&name=en_news ++# ++# From Paul Eggert (2022-10-05): ++# Like Syria, model this as a transition from EEST +03 (DST) to plain +03 ++# (non-DST) at the point where DST would otherwise have ended. ++ + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S + Rule Jordan 1973 only - Jun 6 0:00 1:00 S + Rule Jordan 1973 1975 - Oct 1 0:00 0 - +@@ -2285,11 +2296,12 @@ Rule Jordan 2005 only - Sep lastFri 0:00s 0 - + Rule Jordan 2006 2011 - Oct lastFri 0:00s 0 - + Rule Jordan 2013 only - Dec 20 0:00 0 - + Rule Jordan 2014 2021 - Mar lastThu 24:00 1:00 S +-Rule Jordan 2014 max - Oct lastFri 0:00s 0 - +-Rule Jordan 2022 max - Feb lastThu 24:00 1:00 S ++Rule Jordan 2014 2022 - Oct lastFri 0:00s 0 - ++Rule Jordan 2022 only - Feb lastThu 24:00 1:00 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Asia/Amman 2:23:44 - LMT 1931 +- 2:00 Jordan EE%sT ++ 2:00 Jordan EE%sT 2022 Oct 28 0:00s ++ 3:00 - +03 + + + # Kazakhstan +@@ -3838,19 +3850,27 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 - + # Our brief summary: + # https://www.timeanddate.com/news/time/syria-dst-2012.html + +-# From Arthur David Olson (2012-03-27): +-# Assume last Friday in March going forward XXX. ++# From Steffen Thorsen (2022-10-05): ++# Syria is adopting year-round DST, starting this autumn.... ++# From https://www.enabbaladi.net/archives/607812 ++# "This [the decision] came after the weekly government meeting today, ++# Tuesday 4 October ..." ++# ++# From Paul Eggert (2022-10-05): ++# Like Jordan, model this as a transition from EEST +03 (DST) to plain +03 ++# (non-DST) at the point where DST would otherwise have ended. + + Rule Syria 2008 only - Apr Fri>=1 0:00 1:00 S + Rule Syria 2008 only - Nov 1 0:00 0 - + Rule Syria 2009 only - Mar lastFri 0:00 1:00 S + Rule Syria 2010 2011 - Apr Fri>=1 0:00 1:00 S +-Rule Syria 2012 max - Mar lastFri 0:00 1:00 S +-Rule Syria 2009 max - Oct lastFri 0:00 0 - ++Rule Syria 2012 2022 - Mar lastFri 0:00 1:00 S ++Rule Syria 2009 2022 - Oct lastFri 0:00 0 - + + # Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Asia/Damascus 2:25:12 - LMT 1920 # Dimashq +- 2:00 Syria EE%sT ++ 2:00 Syria EE%sT 2022 Oct 28 0:00 ++ 3:00 - +03 + + # Tajikistan + # From Shanks & Pottenger. +diff --git a/jdk/make/data/tzdata/europe b/jdk/make/data/tzdata/europe +index 9e0a538f86d..930cede4cf4 100644 +--- a/jdk/make/data/tzdata/europe ++++ b/jdk/make/data/tzdata/europe +@@ -3417,7 +3417,7 @@ Zone Europe/Madrid -0:14:44 - LMT 1901 Jan 1 0:00u + 0:00 Spain WE%sT 1940 Mar 16 23:00 + 1:00 Spain CE%sT 1979 + 1:00 EU CE%sT +-Zone Africa/Ceuta -0:21:16 - LMT 1900 Dec 31 23:38:44 ++Zone Africa/Ceuta -0:21:16 - LMT 1901 Jan 1 0:00u + 0:00 - WET 1918 May 6 23:00 + 0:00 1:00 WEST 1918 Oct 7 23:00 + 0:00 - WET 1924 +diff --git a/jdk/make/data/tzdata/northamerica b/jdk/make/data/tzdata/northamerica +index 114cef14cce..ce4ee74582c 100644 +--- a/jdk/make/data/tzdata/northamerica ++++ b/jdk/make/data/tzdata/northamerica +@@ -462,7 +462,7 @@ Rule Chicago 1922 1966 - Apr lastSun 2:00 1:00 D + Rule Chicago 1922 1954 - Sep lastSun 2:00 0 S + Rule Chicago 1955 1966 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24 ++Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1920 + -6:00 Chicago C%sT 1936 Mar 1 2:00 + -5:00 - EST 1936 Nov 15 2:00 +@@ -471,7 +471,7 @@ Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24 + -6:00 Chicago C%sT 1967 + -6:00 US C%sT + # Oliver County, ND switched from mountain to central time on 1992-10-25. +-Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48 ++Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 1992 Oct 25 2:00 + -6:00 US C%sT + # Morton County, ND, switched from mountain to central time on +@@ -481,7 +481,7 @@ Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48 + # Jones, Mellette, and Todd Counties in South Dakota; + # but in practice these other counties were already observing central time. + # See . +-Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21 ++Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 2003 Oct 26 2:00 + -6:00 US C%sT + +@@ -498,7 +498,7 @@ Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21 + # largest city in Mercer County). Google Maps places Beulah's city hall + # at 47° 15' 51" N, 101° 46' 40" W, which yields an offset of 6h47'07". + +-Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 12:12:53 ++Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 2010 Nov 7 2:00 + -6:00 US C%sT + +@@ -530,7 +530,7 @@ Rule Denver 1921 only - May 22 2:00 0 S + Rule Denver 1965 1966 - Apr lastSun 2:00 1:00 D + Rule Denver 1965 1966 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04 ++Zone America/Denver -6:59:56 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 1920 + -7:00 Denver M%sT 1942 + -7:00 US M%sT 1946 +@@ -583,7 +583,7 @@ Rule CA 1950 1966 - Apr lastSun 1:00 1:00 D + Rule CA 1950 1961 - Sep lastSun 2:00 0 S + Rule CA 1962 1966 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 12:07:02 ++Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 20:00u + -8:00 US P%sT 1946 + -8:00 CA P%sT 1967 + -8:00 US P%sT +@@ -845,7 +845,7 @@ Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00 + # Go with the Arizona State Library instead. + + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 11:31:42 ++Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 1944 Jan 1 0:01 + -7:00 - MST 1944 Apr 1 0:01 + -7:00 US M%sT 1944 Oct 1 0:01 +@@ -873,7 +873,7 @@ Link America/Phoenix America/Creston + # switched four weeks late in 1974. + # + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Boise -7:44:49 - LMT 1883 Nov 18 12:15:11 ++Zone America/Boise -7:44:49 - LMT 1883 Nov 18 20:00u + -8:00 US P%sT 1923 May 13 2:00 + -7:00 US M%sT 1974 + -7:00 - MST 1974 Feb 3 2:00 +@@ -945,7 +945,7 @@ Rule Indianapolis 1941 only - Jun 22 2:00 1:00 D + Rule Indianapolis 1941 1954 - Sep lastSun 2:00 0 S + Rule Indianapolis 1946 1954 - Apr lastSun 2:00 1:00 D + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 12:15:22 ++Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1920 + -6:00 Indianapolis C%sT 1942 + -6:00 US C%sT 1946 +@@ -965,7 +965,7 @@ Rule Marengo 1951 only - Sep lastSun 2:00 0 S + Rule Marengo 1954 1960 - Apr lastSun 2:00 1:00 D + Rule Marengo 1954 1960 - Sep lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 12:14:37 ++Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1951 + -6:00 Marengo C%sT 1961 Apr 30 2:00 + -5:00 - EST 1969 +@@ -989,7 +989,7 @@ Rule Vincennes 1960 only - Oct lastSun 2:00 0 S + Rule Vincennes 1961 only - Sep lastSun 2:00 0 S + Rule Vincennes 1962 1963 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 12:09:53 ++Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 Vincennes C%sT 1964 Apr 26 2:00 + -5:00 - EST 1969 +@@ -1009,7 +1009,7 @@ Rule Perry 1955 1960 - Sep lastSun 2:00 0 S + Rule Perry 1956 1963 - Apr lastSun 2:00 1:00 D + Rule Perry 1961 1963 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 12:12:57 ++Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 Perry C%sT 1964 Apr 26 2:00 + -5:00 - EST 1967 Oct 29 2:00 +@@ -1026,7 +1026,7 @@ Rule Pike 1955 1960 - Sep lastSun 2:00 0 S + Rule Pike 1956 1964 - Apr lastSun 2:00 1:00 D + Rule Pike 1961 1964 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 12:10:53 ++Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1955 + -6:00 Pike C%sT 1965 Apr 25 2:00 + -5:00 - EST 1966 Oct 30 2:00 +@@ -1048,7 +1048,7 @@ Rule Starke 1955 1956 - Oct lastSun 2:00 0 S + Rule Starke 1957 1958 - Sep lastSun 2:00 0 S + Rule Starke 1959 1961 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 12:13:30 ++Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1947 + -6:00 Starke C%sT 1962 Apr 29 2:00 + -5:00 - EST 1963 Oct 27 2:00 +@@ -1064,7 +1064,7 @@ Rule Pulaski 1946 1954 - Sep lastSun 2:00 0 S + Rule Pulaski 1955 1956 - Oct lastSun 2:00 0 S + Rule Pulaski 1957 1960 - Sep lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35 ++Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 Pulaski C%sT 1961 Apr 30 2:00 + -5:00 - EST 1969 +@@ -1075,7 +1075,7 @@ Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35 + # + # Switzerland County, Indiana, did not observe DST from 1973 through 2005. + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 12:19:44 ++Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1954 Apr 25 2:00 + -5:00 - EST 1969 + -5:00 US E%sT 1973 +@@ -1111,7 +1111,7 @@ Rule Louisville 1950 1961 - Apr lastSun 2:00 1:00 D + Rule Louisville 1950 1955 - Sep lastSun 2:00 0 S + Rule Louisville 1956 1961 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58 ++Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1921 + -6:00 Louisville C%sT 1942 + -6:00 US C%sT 1946 +@@ -1145,7 +1145,7 @@ Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58 + # Federal Register 65, 160 (2000-08-17), pp 50154-50158. + # https://www.gpo.gov/fdsys/pkg/FR-2000-08-17/html/00-20854.htm + # +-Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 12:20:36 ++Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 - CST 1968 + -6:00 US C%sT 2000 Oct 29 2:00 +@@ -2640,6 +2640,8 @@ Zone America/Dawson -9:17:40 - LMT 1900 Aug 20 + # longitude they are located at. + + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S ++Rule Mexico 1931 only - May 1 23:00 1:00 D ++Rule Mexico 1931 only - Oct 1 0:00 0 S + Rule Mexico 1939 only - Feb 5 0:00 1:00 D + Rule Mexico 1939 only - Jun 25 0:00 0 S + Rule Mexico 1940 only - Dec 9 0:00 1:00 D +@@ -2656,13 +2658,13 @@ Rule Mexico 2002 max - Apr Sun>=1 2:00 1:00 D + Rule Mexico 2002 max - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] + # Quintana Roo; represented by Cancún +-Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 0:12:56 ++Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1981 Dec 23 + -5:00 Mexico E%sT 1998 Aug 2 2:00 + -6:00 Mexico C%sT 2015 Feb 1 2:00 + -5:00 - EST + # Campeche, Yucatán; represented by Mérida +-Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32 ++Zone America/Merida -5:58:28 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1981 Dec 23 + -5:00 - EST 1982 Dec 2 + -6:00 Mexico C%sT +@@ -2676,23 +2678,21 @@ Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32 + # See: Inicia mañana Horario de Verano en zona fronteriza, El Universal, + # 2016-03-12 + # http://www.eluniversal.com.mx/articulo/estados/2016/03/12/inicia-manana-horario-de-verano-en-zona-fronteriza +-Zone America/Matamoros -6:40:00 - LMT 1921 Dec 31 23:20:00 ++Zone America/Matamoros -6:30:00 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1988 + -6:00 US C%sT 1989 + -6:00 Mexico C%sT 2010 + -6:00 US C%sT + # Durango; Coahuila, Nuevo León, Tamaulipas (away from US border) +-Zone America/Monterrey -6:41:16 - LMT 1921 Dec 31 23:18:44 ++Zone America/Monterrey -6:41:16 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1988 + -6:00 US C%sT 1989 + -6:00 Mexico C%sT + # Central Mexico +-Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24 ++Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 Mexico C%sT 2001 Sep 30 2:00 + -6:00 - CST 2002 Feb 20 + -6:00 Mexico C%sT +@@ -2700,35 +2700,29 @@ Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24 + # This includes the municipalities of Janos, Ascensión, Juárez, Guadalupe, + # Práxedis G Guerrero, Coyame del Sotol, Ojinaga, and Manuel Benavides. + # (See the 2016-03-12 El Universal source mentioned above.) +-Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 0:02:20 ++Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1996 + -6:00 Mexico C%sT 1998 + -6:00 - CST 1998 Apr Sun>=1 3:00 + -7:00 Mexico M%sT 2010 + -7:00 US M%sT + # Chihuahua (away from US border) +-Zone America/Chihuahua -7:04:20 - LMT 1921 Dec 31 23:55:40 ++Zone America/Chihuahua -7:04:20 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1996 + -6:00 Mexico C%sT 1998 + -6:00 - CST 1998 Apr Sun>=1 3:00 + -7:00 Mexico M%sT + # Sonora +-Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08 ++Zone America/Hermosillo -7:23:52 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1942 Apr 24 + -7:00 - MST 1949 Jan 14 + -8:00 - PST 1970 +@@ -2763,24 +2757,20 @@ Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08 + # Use "Bahia_Banderas" to keep the name to fourteen characters. + + # Mazatlán +-Zone America/Mazatlan -7:05:40 - LMT 1921 Dec 31 23:54:20 ++Zone America/Mazatlan -7:05:40 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1942 Apr 24 + -7:00 - MST 1949 Jan 14 + -8:00 - PST 1970 + -7:00 Mexico M%sT + + # Bahía de Banderas +-Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00 ++Zone America/Bahia_Banderas -7:01:00 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1942 Apr 24 + -7:00 - MST 1949 Jan 14 + -8:00 - PST 1970 +@@ -2788,7 +2778,7 @@ Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00 + -6:00 Mexico C%sT + + # Baja California +-Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 0:11:56 ++Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1924 + -8:00 - PST 1927 Jun 10 23:00 + -7:00 - MST 1930 Nov 15 +diff --git a/jdk/test/java/util/TimeZone/TimeZoneData/VERSION b/jdk/test/java/util/TimeZone/TimeZoneData/VERSION +index 71470168456..0cad939008f 100644 +--- a/jdk/test/java/util/TimeZone/TimeZoneData/VERSION ++++ b/jdk/test/java/util/TimeZone/TimeZoneData/VERSION +@@ -1 +1 @@ +-tzdata2022d ++tzdata2022e +diff --git a/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt b/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt +index b3823958ae4..2f2786f1c69 100644 +--- a/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt ++++ b/jdk/test/java/util/TimeZone/TimeZoneData/displaynames.txt +@@ -97,9 +97,7 @@ America/Winnipeg CST CDT + America/Yakutat AKST AKDT + America/Yellowknife MST MDT + Antarctica/Macquarie AEST AEDT +-Asia/Amman EET EEST + Asia/Beirut EET EEST +-Asia/Damascus EET EEST + Asia/Famagusta EET EEST + Asia/Gaza EET EEST + Asia/Hebron EET EEST +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/VERSION b/jdk/test/sun/util/calendar/zi/tzdata/VERSION +index 889d0e6dad7..b8cb36e69f4 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/VERSION ++++ b/jdk/test/sun/util/calendar/zi/tzdata/VERSION +@@ -21,4 +21,4 @@ + # or visit www.oracle.com if you need additional information or have any + # questions. + # +-tzdata2022d ++tzdata2022e +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/asia b/jdk/test/sun/util/calendar/zi/tzdata/asia +index 1dc7d34f88e..f1771e42a71 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/asia ++++ b/jdk/test/sun/util/calendar/zi/tzdata/asia +@@ -2254,6 +2254,17 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u + # From the Arabic version, it seems to say it would be at midnight + # (assume 24:00) on the last Thursday in February, starting from 2022. + ++# From Issam Al-Zuwairi (2022-10-05): ++# The Council of Ministers in Jordan decided Wednesday 5th October 2022, ++# that daylight saving time (DST) will be throughout the year.... ++# ++# From Brian Inglis (2022-10-06): ++# https://petra.gov.jo/Include/InnerPage.jsp?ID=45567&lang=en&name=en_news ++# ++# From Paul Eggert (2022-10-05): ++# Like Syria, model this as a transition from EEST +03 (DST) to plain +03 ++# (non-DST) at the point where DST would otherwise have ended. ++ + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S + Rule Jordan 1973 only - Jun 6 0:00 1:00 S + Rule Jordan 1973 1975 - Oct 1 0:00 0 - +@@ -2285,11 +2296,12 @@ Rule Jordan 2005 only - Sep lastFri 0:00s 0 - + Rule Jordan 2006 2011 - Oct lastFri 0:00s 0 - + Rule Jordan 2013 only - Dec 20 0:00 0 - + Rule Jordan 2014 2021 - Mar lastThu 24:00 1:00 S +-Rule Jordan 2014 max - Oct lastFri 0:00s 0 - +-Rule Jordan 2022 max - Feb lastThu 24:00 1:00 S ++Rule Jordan 2014 2022 - Oct lastFri 0:00s 0 - ++Rule Jordan 2022 only - Feb lastThu 24:00 1:00 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Asia/Amman 2:23:44 - LMT 1931 +- 2:00 Jordan EE%sT ++ 2:00 Jordan EE%sT 2022 Oct 28 0:00s ++ 3:00 - +03 + + + # Kazakhstan +@@ -3838,19 +3850,27 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 - + # Our brief summary: + # https://www.timeanddate.com/news/time/syria-dst-2012.html + +-# From Arthur David Olson (2012-03-27): +-# Assume last Friday in March going forward XXX. ++# From Steffen Thorsen (2022-10-05): ++# Syria is adopting year-round DST, starting this autumn.... ++# From https://www.enabbaladi.net/archives/607812 ++# "This [the decision] came after the weekly government meeting today, ++# Tuesday 4 October ..." ++# ++# From Paul Eggert (2022-10-05): ++# Like Jordan, model this as a transition from EEST +03 (DST) to plain +03 ++# (non-DST) at the point where DST would otherwise have ended. + + Rule Syria 2008 only - Apr Fri>=1 0:00 1:00 S + Rule Syria 2008 only - Nov 1 0:00 0 - + Rule Syria 2009 only - Mar lastFri 0:00 1:00 S + Rule Syria 2010 2011 - Apr Fri>=1 0:00 1:00 S +-Rule Syria 2012 max - Mar lastFri 0:00 1:00 S +-Rule Syria 2009 max - Oct lastFri 0:00 0 - ++Rule Syria 2012 2022 - Mar lastFri 0:00 1:00 S ++Rule Syria 2009 2022 - Oct lastFri 0:00 0 - + + # Zone NAME STDOFF RULES FORMAT [UNTIL] + Zone Asia/Damascus 2:25:12 - LMT 1920 # Dimashq +- 2:00 Syria EE%sT ++ 2:00 Syria EE%sT 2022 Oct 28 0:00 ++ 3:00 - +03 + + # Tajikistan + # From Shanks & Pottenger. +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/europe b/jdk/test/sun/util/calendar/zi/tzdata/europe +index 9e0a538f86d..930cede4cf4 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/europe ++++ b/jdk/test/sun/util/calendar/zi/tzdata/europe +@@ -3417,7 +3417,7 @@ Zone Europe/Madrid -0:14:44 - LMT 1901 Jan 1 0:00u + 0:00 Spain WE%sT 1940 Mar 16 23:00 + 1:00 Spain CE%sT 1979 + 1:00 EU CE%sT +-Zone Africa/Ceuta -0:21:16 - LMT 1900 Dec 31 23:38:44 ++Zone Africa/Ceuta -0:21:16 - LMT 1901 Jan 1 0:00u + 0:00 - WET 1918 May 6 23:00 + 0:00 1:00 WEST 1918 Oct 7 23:00 + 0:00 - WET 1924 +diff --git a/jdk/test/sun/util/calendar/zi/tzdata/northamerica b/jdk/test/sun/util/calendar/zi/tzdata/northamerica +index 114cef14cce..ce4ee74582c 100644 +--- a/jdk/test/sun/util/calendar/zi/tzdata/northamerica ++++ b/jdk/test/sun/util/calendar/zi/tzdata/northamerica +@@ -462,7 +462,7 @@ Rule Chicago 1922 1966 - Apr lastSun 2:00 1:00 D + Rule Chicago 1922 1954 - Sep lastSun 2:00 0 S + Rule Chicago 1955 1966 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24 ++Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1920 + -6:00 Chicago C%sT 1936 Mar 1 2:00 + -5:00 - EST 1936 Nov 15 2:00 +@@ -471,7 +471,7 @@ Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24 + -6:00 Chicago C%sT 1967 + -6:00 US C%sT + # Oliver County, ND switched from mountain to central time on 1992-10-25. +-Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48 ++Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 1992 Oct 25 2:00 + -6:00 US C%sT + # Morton County, ND, switched from mountain to central time on +@@ -481,7 +481,7 @@ Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48 + # Jones, Mellette, and Todd Counties in South Dakota; + # but in practice these other counties were already observing central time. + # See . +-Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21 ++Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 2003 Oct 26 2:00 + -6:00 US C%sT + +@@ -498,7 +498,7 @@ Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21 + # largest city in Mercer County). Google Maps places Beulah's city hall + # at 47° 15' 51" N, 101° 46' 40" W, which yields an offset of 6h47'07". + +-Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 12:12:53 ++Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 2010 Nov 7 2:00 + -6:00 US C%sT + +@@ -530,7 +530,7 @@ Rule Denver 1921 only - May 22 2:00 0 S + Rule Denver 1965 1966 - Apr lastSun 2:00 1:00 D + Rule Denver 1965 1966 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04 ++Zone America/Denver -6:59:56 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 1920 + -7:00 Denver M%sT 1942 + -7:00 US M%sT 1946 +@@ -583,7 +583,7 @@ Rule CA 1950 1966 - Apr lastSun 1:00 1:00 D + Rule CA 1950 1961 - Sep lastSun 2:00 0 S + Rule CA 1962 1966 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 12:07:02 ++Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 20:00u + -8:00 US P%sT 1946 + -8:00 CA P%sT 1967 + -8:00 US P%sT +@@ -845,7 +845,7 @@ Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00 + # Go with the Arizona State Library instead. + + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 11:31:42 ++Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 19:00u + -7:00 US M%sT 1944 Jan 1 0:01 + -7:00 - MST 1944 Apr 1 0:01 + -7:00 US M%sT 1944 Oct 1 0:01 +@@ -873,7 +873,7 @@ Link America/Phoenix America/Creston + # switched four weeks late in 1974. + # + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Boise -7:44:49 - LMT 1883 Nov 18 12:15:11 ++Zone America/Boise -7:44:49 - LMT 1883 Nov 18 20:00u + -8:00 US P%sT 1923 May 13 2:00 + -7:00 US M%sT 1974 + -7:00 - MST 1974 Feb 3 2:00 +@@ -945,7 +945,7 @@ Rule Indianapolis 1941 only - Jun 22 2:00 1:00 D + Rule Indianapolis 1941 1954 - Sep lastSun 2:00 0 S + Rule Indianapolis 1946 1954 - Apr lastSun 2:00 1:00 D + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 12:15:22 ++Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1920 + -6:00 Indianapolis C%sT 1942 + -6:00 US C%sT 1946 +@@ -965,7 +965,7 @@ Rule Marengo 1951 only - Sep lastSun 2:00 0 S + Rule Marengo 1954 1960 - Apr lastSun 2:00 1:00 D + Rule Marengo 1954 1960 - Sep lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 12:14:37 ++Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1951 + -6:00 Marengo C%sT 1961 Apr 30 2:00 + -5:00 - EST 1969 +@@ -989,7 +989,7 @@ Rule Vincennes 1960 only - Oct lastSun 2:00 0 S + Rule Vincennes 1961 only - Sep lastSun 2:00 0 S + Rule Vincennes 1962 1963 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 12:09:53 ++Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 Vincennes C%sT 1964 Apr 26 2:00 + -5:00 - EST 1969 +@@ -1009,7 +1009,7 @@ Rule Perry 1955 1960 - Sep lastSun 2:00 0 S + Rule Perry 1956 1963 - Apr lastSun 2:00 1:00 D + Rule Perry 1961 1963 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 12:12:57 ++Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 Perry C%sT 1964 Apr 26 2:00 + -5:00 - EST 1967 Oct 29 2:00 +@@ -1026,7 +1026,7 @@ Rule Pike 1955 1960 - Sep lastSun 2:00 0 S + Rule Pike 1956 1964 - Apr lastSun 2:00 1:00 D + Rule Pike 1961 1964 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 12:10:53 ++Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1955 + -6:00 Pike C%sT 1965 Apr 25 2:00 + -5:00 - EST 1966 Oct 30 2:00 +@@ -1048,7 +1048,7 @@ Rule Starke 1955 1956 - Oct lastSun 2:00 0 S + Rule Starke 1957 1958 - Sep lastSun 2:00 0 S + Rule Starke 1959 1961 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 12:13:30 ++Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1947 + -6:00 Starke C%sT 1962 Apr 29 2:00 + -5:00 - EST 1963 Oct 27 2:00 +@@ -1064,7 +1064,7 @@ Rule Pulaski 1946 1954 - Sep lastSun 2:00 0 S + Rule Pulaski 1955 1956 - Oct lastSun 2:00 0 S + Rule Pulaski 1957 1960 - Sep lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35 ++Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 Pulaski C%sT 1961 Apr 30 2:00 + -5:00 - EST 1969 +@@ -1075,7 +1075,7 @@ Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35 + # + # Switzerland County, Indiana, did not observe DST from 1973 through 2005. + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 12:19:44 ++Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1954 Apr 25 2:00 + -5:00 - EST 1969 + -5:00 US E%sT 1973 +@@ -1111,7 +1111,7 @@ Rule Louisville 1950 1961 - Apr lastSun 2:00 1:00 D + Rule Louisville 1950 1955 - Sep lastSun 2:00 0 S + Rule Louisville 1956 1961 - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] +-Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58 ++Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1921 + -6:00 Louisville C%sT 1942 + -6:00 US C%sT 1946 +@@ -1145,7 +1145,7 @@ Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58 + # Federal Register 65, 160 (2000-08-17), pp 50154-50158. + # https://www.gpo.gov/fdsys/pkg/FR-2000-08-17/html/00-20854.htm + # +-Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 12:20:36 ++Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 18:00u + -6:00 US C%sT 1946 + -6:00 - CST 1968 + -6:00 US C%sT 2000 Oct 29 2:00 +@@ -2640,6 +2640,8 @@ Zone America/Dawson -9:17:40 - LMT 1900 Aug 20 + # longitude they are located at. + + # Rule NAME FROM TO - IN ON AT SAVE LETTER/S ++Rule Mexico 1931 only - May 1 23:00 1:00 D ++Rule Mexico 1931 only - Oct 1 0:00 0 S + Rule Mexico 1939 only - Feb 5 0:00 1:00 D + Rule Mexico 1939 only - Jun 25 0:00 0 S + Rule Mexico 1940 only - Dec 9 0:00 1:00 D +@@ -2656,13 +2658,13 @@ Rule Mexico 2002 max - Apr Sun>=1 2:00 1:00 D + Rule Mexico 2002 max - Oct lastSun 2:00 0 S + # Zone NAME STDOFF RULES FORMAT [UNTIL] + # Quintana Roo; represented by Cancún +-Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 0:12:56 ++Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1981 Dec 23 + -5:00 Mexico E%sT 1998 Aug 2 2:00 + -6:00 Mexico C%sT 2015 Feb 1 2:00 + -5:00 - EST + # Campeche, Yucatán; represented by Mérida +-Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32 ++Zone America/Merida -5:58:28 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1981 Dec 23 + -5:00 - EST 1982 Dec 2 + -6:00 Mexico C%sT +@@ -2676,23 +2678,21 @@ Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32 + # See: Inicia mañana Horario de Verano en zona fronteriza, El Universal, + # 2016-03-12 + # http://www.eluniversal.com.mx/articulo/estados/2016/03/12/inicia-manana-horario-de-verano-en-zona-fronteriza +-Zone America/Matamoros -6:40:00 - LMT 1921 Dec 31 23:20:00 ++Zone America/Matamoros -6:30:00 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1988 + -6:00 US C%sT 1989 + -6:00 Mexico C%sT 2010 + -6:00 US C%sT + # Durango; Coahuila, Nuevo León, Tamaulipas (away from US border) +-Zone America/Monterrey -6:41:16 - LMT 1921 Dec 31 23:18:44 ++Zone America/Monterrey -6:41:16 - LMT 1922 Jan 1 6:00u + -6:00 - CST 1988 + -6:00 US C%sT 1989 + -6:00 Mexico C%sT + # Central Mexico +-Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24 ++Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 Mexico C%sT 2001 Sep 30 2:00 + -6:00 - CST 2002 Feb 20 + -6:00 Mexico C%sT +@@ -2700,35 +2700,29 @@ Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24 + # This includes the municipalities of Janos, Ascensión, Juárez, Guadalupe, + # Práxedis G Guerrero, Coyame del Sotol, Ojinaga, and Manuel Benavides. + # (See the 2016-03-12 El Universal source mentioned above.) +-Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 0:02:20 ++Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1996 + -6:00 Mexico C%sT 1998 + -6:00 - CST 1998 Apr Sun>=1 3:00 + -7:00 Mexico M%sT 2010 + -7:00 US M%sT + # Chihuahua (away from US border) +-Zone America/Chihuahua -7:04:20 - LMT 1921 Dec 31 23:55:40 ++Zone America/Chihuahua -7:04:20 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1996 + -6:00 Mexico C%sT 1998 + -6:00 - CST 1998 Apr Sun>=1 3:00 + -7:00 Mexico M%sT + # Sonora +-Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08 ++Zone America/Hermosillo -7:23:52 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1942 Apr 24 + -7:00 - MST 1949 Jan 14 + -8:00 - PST 1970 +@@ -2763,24 +2757,20 @@ Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08 + # Use "Bahia_Banderas" to keep the name to fourteen characters. + + # Mazatlán +-Zone America/Mazatlan -7:05:40 - LMT 1921 Dec 31 23:54:20 ++Zone America/Mazatlan -7:05:40 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1942 Apr 24 + -7:00 - MST 1949 Jan 14 + -8:00 - PST 1970 + -7:00 Mexico M%sT + + # Bahía de Banderas +-Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00 ++Zone America/Bahia_Banderas -7:01:00 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1927 Jun 10 23:00 + -6:00 - CST 1930 Nov 15 +- -7:00 - MST 1931 May 1 23:00 +- -6:00 - CST 1931 Oct +- -7:00 - MST 1932 Apr 1 ++ -7:00 Mexico M%sT 1932 Apr 1 + -6:00 - CST 1942 Apr 24 + -7:00 - MST 1949 Jan 14 + -8:00 - PST 1970 +@@ -2788,7 +2778,7 @@ Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00 + -6:00 Mexico C%sT + + # Baja California +-Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 0:11:56 ++Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 7:00u + -7:00 - MST 1924 + -8:00 - PST 1927 Jun 10 23:00 + -7:00 - MST 1930 Nov 15 diff --git a/nss.cfg.in b/nss.cfg.in new file mode 100644 index 0000000..377a39c --- /dev/null +++ b/nss.cfg.in @@ -0,0 +1,5 @@ +name = NSS +nssLibraryDirectory = @NSS_LIBDIR@ +nssDbMode = noDb +attributes = compatibility +handleStartupErrors = ignoreMultipleInitialisation diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in new file mode 100644 index 0000000..2d9ec35 --- /dev/null +++ b/nss.fips.cfg.in @@ -0,0 +1,8 @@ +name = NSS-FIPS +nssLibraryDirectory = @NSS_LIBDIR@ +nssSecmodDirectory = sql:/etc/pki/nssdb +nssDbMode = readOnly +nssModule = fips + +attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true } + diff --git a/policytool.desktop.in b/policytool.desktop.in new file mode 100644 index 0000000..5f4cb4a --- /dev/null +++ b/policytool.desktop.in @@ -0,0 +1,10 @@ +[Desktop Entry] +Name=OpenJDK @JAVA_VER@ for @target_cpu@ Policy Tool (@OPENJDK_VER@) +Comment=Manage OpenJDK policy files +Exec=_JREBINDIR_/policytool +Icon=java-@JAVA_VER@-@JAVA_VENDOR@ +Terminal=false +Type=Application +StartupWMClass=sun-security-tools-PolicyTool +Categories=Settings;Java; +Version=1.0 diff --git a/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch b/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch new file mode 100644 index 0000000..17e1f69 --- /dev/null +++ b/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch @@ -0,0 +1,302 @@ +# HG changeset patch +# User mikael +# Date 1426870964 25200 +# Fri Mar 20 10:02:44 2015 -0700 +# Node ID ee13ce369705a700b867f8c77423580b7b22cc13 +# Parent 7847ccfb240b35ed0dd328f0404b713b20e0905a +8074839: Resolve disabled warnings for libunpack and the unpack200 binary +Reviewed-by: dholmes, ksrini + +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +@@ -63,7 +63,7 @@ + bytes res; + res.ptr = ptr + beg; + res.len = end - beg; +- assert(res.len == 0 || inBounds(res.ptr) && inBounds(res.limit()-1)); ++ assert(res.len == 0 || (inBounds(res.ptr) && inBounds(res.limit()-1))); + return res; + } + // building C strings inside byte buffers: +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +@@ -292,7 +292,7 @@ + + if (uPtr->aborting()) { + THROW_IOE(uPtr->get_abort_message()); +- return false; ++ return null; + } + + // We have fetched all the files. +@@ -310,7 +310,7 @@ + JNIEXPORT jlong JNICALL + Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { + unpacker* uPtr = get_unpacker(env, pObj, false); +- CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL); ++ CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0); + size_t consumed = uPtr->input_consumed(); + free_unpacker(env, pObj, uPtr); + return consumed; +@@ -320,6 +320,7 @@ + Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj, + jstring pProp, jstring pValue) { + unpacker* uPtr = get_unpacker(env, pObj); ++ CHECK_EXCEPTION_RETURN_VALUE(uPtr, false); + const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); + CHECK_EXCEPTION_RETURN_VALUE(prop, false); + const char* value = env->GetStringUTFChars(pValue, JNI_FALSE); +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +@@ -142,31 +142,28 @@ + return progname; + } + +-static const char* usage_lines[] = { +- "Usage: %s [-opt... | --option=value]... x.pack[.gz] y.jar\n", +- "\n", +- "Unpacking Options\n", +- " -H{h}, --deflate-hint={h} override transmitted deflate hint: true, false, or keep (default)\n", +- " -r, --remove-pack-file remove input file after unpacking\n", +- " -v, --verbose increase program verbosity\n", +- " -q, --quiet set verbosity to lowest level\n", +- " -l{F}, --log-file={F} output to the given log file, or '-' for standard output (default)\n", +- " -?, -h, --help print this message\n", +- " -V, --version print program version\n", +- " -J{X} Java VM argument (ignored)\n", +- null +-}; ++#define USAGE_HEADER "Usage: %s [-opt... | --option=value]... x.pack[.gz] y.jar\n" ++#define USAGE_OPTIONS \ ++ "\n" \ ++ "Unpacking Options\n" \ ++ " -H{h}, --deflate-hint={h} override transmitted deflate hint: true, false, or keep (default)\n" \ ++ " -r, --remove-pack-file remove input file after unpacking\n" \ ++ " -v, --verbose increase program verbosity\n" \ ++ " -q, --quiet set verbosity to lowest level\n" \ ++ " -l{F}, --log-file={F} output to the given log file, or '-' for standard output (default)\n" \ ++ " -?, -h, --help print this message\n" \ ++ " -V, --version print program version\n" \ ++ " -J{X} Java VM argument (ignored)\n" + + static void usage(unpacker* u, const char* progname, bool full = false) { + // WinMain does not set argv[0] to the progrname + progname = (progname != null) ? nbasename(progname) : "unpack200"; +- for (int i = 0; usage_lines[i] != null; i++) { +- fprintf(u->errstrm, usage_lines[i], progname); +- if (!full) { +- fprintf(u->errstrm, +- "(For more information, run %s --help .)\n", progname); +- break; +- } ++ ++ fprintf(u->errstrm, USAGE_HEADER, progname); ++ if (full) { ++ fprintf(u->errstrm, USAGE_OPTIONS); ++ } else { ++ fprintf(u->errstrm, "(For more information, run %s --help .)\n", progname); + } + } + +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +@@ -222,9 +222,9 @@ + } + + #ifdef PRODUCT +- char* string() { return 0; } ++ const char* string() { return NULL; } + #else +- char* string(); // see far below ++ const char* string(); // see far below + #endif + }; + +@@ -715,13 +715,13 @@ + // Now we can size the whole archive. + // Read everything else into a mega-buffer. + rp = hdr.rp; +- int header_size_0 = (int)(rp - input.base()); // used-up header (4byte + 3int) +- int header_size_1 = (int)(rplimit - rp); // buffered unused initial fragment +- int header_size = header_size_0+header_size_1; ++ size_t header_size_0 = (rp - input.base()); // used-up header (4byte + 3int) ++ size_t header_size_1 = (rplimit - rp); // buffered unused initial fragment ++ size_t header_size = header_size_0 + header_size_1; + unsized_bytes_read = header_size_0; + CHECK; + if (foreign_buf) { +- if (archive_size > (size_t)header_size_1) { ++ if (archive_size > header_size_1) { + abort("EOF reading fixed input buffer"); + return; + } +@@ -735,7 +735,7 @@ + return; + } + input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), +- (size_t) header_size_0 + archive_size); ++ header_size_0 + archive_size); + CHECK; + assert(input.limit()[0] == 0); + // Move all the bytes we read initially into the real buffer. +@@ -958,13 +958,13 @@ + nentries = next_entry; + + // place a limit on future CP growth: +- int generous = 0; ++ size_t generous = 0; + generous = add_size(generous, u->ic_count); // implicit name + generous = add_size(generous, u->ic_count); // outer + generous = add_size(generous, u->ic_count); // outer.utf8 + generous = add_size(generous, 40); // WKUs, misc + generous = add_size(generous, u->class_count); // implicit SourceFile strings +- maxentries = add_size(nentries, generous); ++ maxentries = (uint)add_size(nentries, generous); + + // Note that this CP does not include "empty" entries + // for longs and doubles. Those are introduced when +@@ -982,8 +982,9 @@ + } + + // Initialize *all* our entries once +- for (int i = 0 ; i < maxentries ; i++) ++ for (uint i = 0 ; i < maxentries ; i++) { + entries[i].outputIndex = REQUESTED_NONE; ++ } + + initGroupIndexes(); + // Initialize hashTab to a generous power-of-two size. +@@ -3677,21 +3678,22 @@ + + unpacker* debug_u; + +-static bytes& getbuf(int len) { // for debugging only! ++static bytes& getbuf(size_t len) { // for debugging only! + static int bn = 0; + static bytes bufs[8]; + bytes& buf = bufs[bn++ & 7]; +- while ((int)buf.len < len+10) ++ while (buf.len < len + 10) { + buf.realloc(buf.len ? buf.len * 2 : 1000); ++ } + buf.ptr[0] = 0; // for the sake of strcat + return buf; + } + +-char* entry::string() { ++const char* entry::string() { + bytes buf; + switch (tag) { + case CONSTANT_None: +- return (char*)""; ++ return ""; + case CONSTANT_Signature: + if (value.b.ptr == null) + return ref(0)->string(); +@@ -3711,26 +3713,28 @@ + break; + default: + if (nrefs == 0) { +- buf = getbuf(20); +- sprintf((char*)buf.ptr, TAG_NAME[tag]); ++ return TAG_NAME[tag]; + } else if (nrefs == 1) { + return refs[0]->string(); + } else { +- char* s1 = refs[0]->string(); +- char* s2 = refs[1]->string(); +- buf = getbuf((int)strlen(s1) + 1 + (int)strlen(s2) + 4 + 1); ++ const char* s1 = refs[0]->string(); ++ const char* s2 = refs[1]->string(); ++ buf = getbuf(strlen(s1) + 1 + strlen(s2) + 4 + 1); + buf.strcat(s1).strcat(" ").strcat(s2); + if (nrefs > 2) buf.strcat(" ..."); + } + } +- return (char*)buf.ptr; ++ return (const char*)buf.ptr; + } + + void print_cp_entry(int i) { + entry& e = debug_u->cp.entries[i]; +- char buf[30]; +- sprintf(buf, ((uint)e.tag < CONSTANT_Limit)? TAG_NAME[e.tag]: "%d", e.tag); +- printf(" %d\t%s %s\n", i, buf, e.string()); ++ ++ if ((uint)e.tag < CONSTANT_Limit) { ++ printf(" %d\t%s %s\n", i, TAG_NAME[e.tag], e.string()); ++ } else { ++ printf(" %d\t%d %s\n", i, e.tag, e.string()); ++ } + } + + void print_cp_entries(int beg, int end) { +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +@@ -209,7 +209,7 @@ + byte* rp; // read pointer (< rplimit <= input.limit()) + byte* rplimit; // how much of the input block has been read? + julong bytes_read; +- int unsized_bytes_read; ++ size_t unsized_bytes_read; + + // callback to read at least one byte, up to available input + typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen); +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +@@ -81,7 +81,7 @@ + int assert_failed(const char* p) { + char message[1<<12]; + sprintf(message, "@assert failed: %s\n", p); +- fprintf(stdout, 1+message); ++ fprintf(stdout, "%s", 1+message); + breakpoint(); + unpack_abort(message); + return 0; +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +@@ -84,7 +84,7 @@ + } + + // Write data to the ZIP output stream. +-void jar::write_data(void* buff, int len) { ++void jar::write_data(void* buff, size_t len) { + while (len > 0) { + int rc = (int)fwrite(buff, 1, len, jarfp); + if (rc <= 0) { +@@ -323,12 +323,12 @@ + // Total number of disks (int) + header64[36] = (ushort)SWAP_BYTES(1); + header64[37] = 0; +- write_data(header64, (int)sizeof(header64)); ++ write_data(header64, sizeof(header64)); + } + + // Write the End of Central Directory structure. + PRINTCR((2, "end-of-directory at %d\n", output_file_offset)); +- write_data(header, (int)sizeof(header)); ++ write_data(header, sizeof(header)); + + PRINTCR((2, "writing zip comment\n")); + // Write the comment. +diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h ++++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +@@ -68,8 +68,8 @@ + } + + // Private Methods +- void write_data(void* ptr, int len); +- void write_data(bytes& b) { write_data(b.ptr, (int)b.len); } ++ void write_data(void* ptr, size_t len); ++ void write_data(bytes& b) { write_data(b.ptr, b.len); } + void add_to_jar_directory(const char* fname, bool store, int modtime, + int len, int clen, uLong crc); + void write_jar_header(const char* fname, bool store, int modtime, diff --git a/pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch b/pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch new file mode 100644 index 0000000..f1e8bc2 --- /dev/null +++ b/pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch @@ -0,0 +1,74 @@ +# HG changeset patch +# User andrew +# Date 1352129932 0 +# Node ID e9c857dcb964dbfa5eef3a3590244cb4d999cf7a +# Parent 1406789608b76d0906881979335d685855f44190 +Allow multiple PKCS11 library initialisation to be a non-critical error. + +diff -r 1406789608b7 -r e9c857dcb964 src/share/classes/sun/security/pkcs11/Config.java +--- jdk8/jdk/src/share/classes/sun/security/pkcs11/Config.java Tue Oct 30 13:05:14 2012 +0000 ++++ jdk8/jdk/src/share/classes/sun/security/pkcs11/Config.java Mon Nov 05 15:38:52 2012 +0000 +@@ -52,6 +52,7 @@ + static final int ERR_HALT = 1; + static final int ERR_IGNORE_ALL = 2; + static final int ERR_IGNORE_LIB = 3; ++ static final int ERR_IGNORE_MULTI_INIT = 4; + + // same as allowSingleThreadedModules but controlled via a system property + // and applied to all providers. if set to false, no SunPKCS11 instances +@@ -980,6 +981,8 @@ + handleStartupErrors = ERR_IGNORE_LIB; + } else if (val.equals("halt")) { + handleStartupErrors = ERR_HALT; ++ } else if (val.equals("ignoreMultipleInitialisation")) { ++ handleStartupErrors = ERR_IGNORE_MULTI_INIT; + } else { + throw excToken("Invalid value for handleStartupErrors:"); + } +diff -r 1406789608b7 -r e9c857dcb964 src/share/classes/sun/security/pkcs11/SunPKCS11.java +--- jdk8/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java Tue Oct 30 13:05:14 2012 +0000 ++++ jdk8/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java Mon Nov 05 15:38:52 2012 +0000 +@@ -168,26 +168,37 @@ + String nssLibraryDirectory = config.getNssLibraryDirectory(); + String nssSecmodDirectory = config.getNssSecmodDirectory(); + boolean nssOptimizeSpace = config.getNssOptimizeSpace(); ++ int errorHandling = config.getHandleStartupErrors(); + + if (secmod.isInitialized()) { + if (nssSecmodDirectory != null) { + String s = secmod.getConfigDir(); + if ((s != null) && + (s.equals(nssSecmodDirectory) == false)) { +- throw new ProviderException("Secmod directory " +- + nssSecmodDirectory +- + " invalid, NSS already initialized with " +- + s); ++ String msg = "Secmod directory " + nssSecmodDirectory ++ + " invalid, NSS already initialized with " + s; ++ if (errorHandling == Config.ERR_IGNORE_MULTI_INIT || ++ errorHandling == Config.ERR_IGNORE_ALL) { ++ throw new UnsupportedOperationException(msg); ++ } else { ++ throw new ProviderException(msg); ++ } + } + } + if (nssLibraryDirectory != null) { + String s = secmod.getLibDir(); + if ((s != null) && + (s.equals(nssLibraryDirectory) == false)) { +- throw new ProviderException("NSS library directory " ++ String msg = "NSS library directory " + + nssLibraryDirectory + + " invalid, NSS already initialized with " +- + s); ++ + s; ++ if (errorHandling == Config.ERR_IGNORE_MULTI_INIT || ++ errorHandling == Config.ERR_IGNORE_ALL) { ++ throw new UnsupportedOperationException(msg); ++ } else { ++ throw new ProviderException(msg); ++ } + } + } + } else { diff --git a/pr2888-rh2055274-support_system_cacerts.patch b/pr2888-rh2055274-support_system_cacerts.patch new file mode 100644 index 0000000..1b88f2a --- /dev/null +++ b/pr2888-rh2055274-support_system_cacerts.patch @@ -0,0 +1,263 @@ +diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java +index e7b4763db53..e8ec8467e6a 100644 +--- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java ++++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java +@@ -31,6 +31,7 @@ import java.security.*; + import java.security.cert.*; + import java.util.*; + import sun.security.action.*; ++import sun.security.tools.KeyStoreUtil; + import sun.security.validator.TrustStoreUtil; + + /** +@@ -68,7 +69,7 @@ final class TrustStoreManager { + * The preference of the default trusted KeyStore is: + * javax.net.ssl.trustStore + * jssecacerts +- * cacerts ++ * cacerts (system and local) + */ + private static final class TrustStoreDescriptor { + private static final String fileSep = File.separator; +@@ -76,7 +77,7 @@ final class TrustStoreManager { + GetPropertyAction.privilegedGetProperty("java.home") + + fileSep + "lib" + fileSep + "security"; + private static final String defaultStore = +- defaultStorePath + fileSep + "cacerts"; ++ KeyStoreUtil.getCacertsKeyStoreFile().getPath(); + private static final String jsseDefaultStore = + defaultStorePath + fileSep + "jssecacerts"; + +@@ -139,6 +140,10 @@ final class TrustStoreManager { + String storePropPassword = System.getProperty( + "javax.net.ssl.trustStorePassword", ""); + ++ if (SSLLogger.isOn && SSLLogger.isOn("trustmanager")) { ++ SSLLogger.fine("Default store: " + defaultStore); ++ } ++ + String temporaryName = ""; + File temporaryFile = null; + long temporaryTime = 0L; +@@ -146,21 +151,22 @@ final class TrustStoreManager { + String[] fileNames = + new String[] {storePropName, defaultStore}; + for (String fileName : fileNames) { +- File f = new File(fileName); +- if (f.isFile() && f.canRead()) { +- temporaryName = fileName;; +- temporaryFile = f; +- temporaryTime = f.lastModified(); +- +- break; +- } +- +- // Not break, the file is inaccessible. +- if (SSLLogger.isOn && ++ if (fileName != null && !"".equals(fileName)) { ++ File f = new File(fileName); ++ if (f.isFile() && f.canRead()) { ++ temporaryName = fileName;; ++ temporaryFile = f; ++ temporaryTime = f.lastModified(); ++ ++ break; ++ } ++ // Not break, the file is inaccessible. ++ if (SSLLogger.isOn && + SSLLogger.isOn("trustmanager")) { +- SSLLogger.fine( +- "Inaccessible trust store: " + +- storePropName); ++ SSLLogger.fine( ++ "Inaccessible trust store: " + ++ fileName); ++ } + } + } + } else { +diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java +index fcc77786da1..f554f83a8b4 100644 +--- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java ++++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java +@@ -33,7 +33,10 @@ import java.io.InputStreamReader; + + import java.net.URL; + ++import java.security.AccessController; + import java.security.KeyStore; ++import java.security.PrivilegedAction; ++import java.security.Security; + + import java.security.cert.X509Certificate; + import java.text.Collator; +@@ -54,6 +57,33 @@ public class KeyStoreUtil { + + private static final String JKS = "jks"; + ++ private static final String PROP_NAME = "security.systemCACerts"; ++ ++ /** ++ * Returns the value of the security property propName, which can be overridden ++ * by a system property of the same name ++ * ++ * @param propName the name of the system or security property ++ * @return the value of the system or security property ++ */ ++ @SuppressWarnings("removal") ++ public static String privilegedGetOverridable(String propName) { ++ if (System.getSecurityManager() == null) { ++ return getOverridableProperty(propName); ++ } else { ++ return AccessController.doPrivileged((PrivilegedAction) () -> getOverridableProperty(propName)); ++ } ++ } ++ ++ private static String getOverridableProperty(String propName) { ++ String val = System.getProperty(propName); ++ if (val == null) { ++ return Security.getProperty(propName); ++ } else { ++ return val; ++ } ++ } ++ + /** + * Returns true if the certificate is self-signed, false otherwise. + */ +@@ -96,20 +126,38 @@ public class KeyStoreUtil { + } + } + ++ /** ++ * Returns the path to the cacerts DB ++ */ ++ public static File getCacertsKeyStoreFile() ++ { ++ String sep = File.separator; ++ File file = null; ++ /* Check system cacerts DB first, preferring system property over security property */ ++ String systemDB = privilegedGetOverridable(PROP_NAME); ++ if (systemDB != null && !"".equals(systemDB)) { ++ file = new File(systemDB); ++ } ++ if (file == null || !file.exists()) { ++ file = new File(System.getProperty("java.home") + sep ++ + "lib" + sep + "security" + sep ++ + "cacerts"); ++ } ++ if (file.exists()) { ++ return file; ++ } ++ return null; ++ } ++ + /** + * Returns the keystore with the configured CA certificates. + */ + public static KeyStore getCacertsKeyStore() + throws Exception + { +- String sep = File.separator; +- File file = new File(System.getProperty("java.home") + sep +- + "lib" + sep + "security" + sep +- + "cacerts"); +- if (!file.exists()) { +- return null; +- } + KeyStore caks = null; ++ File file = getCacertsKeyStoreFile(); ++ if (file == null) { return null; } + try (FileInputStream fis = new FileInputStream(file)) { + caks = KeyStore.getInstance(JKS); + caks.load(fis, null); +diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix +index bfe0c593adb..093bc09bf95 100644 +--- a/jdk/src/share/lib/security/java.security-aix ++++ b/jdk/src/share/lib/security/java.security-aix +@@ -294,6 +294,13 @@ security.overridePropertiesFile=true + # + security.useSystemPropertiesFile=false + ++# ++# Specifies the system certificate store ++# This property may be disabled using ++# -Djava.security.disableSystemCACerts=true ++# ++security.systemCACerts=${java.home}/lib/security/cacerts ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux +index 9d1c8fe8a8e..16c9281cc1f 100644 +--- a/jdk/src/share/lib/security/java.security-linux ++++ b/jdk/src/share/lib/security/java.security-linux +@@ -307,6 +307,13 @@ security.overridePropertiesFile=true + # + security.useSystemPropertiesFile=false + ++# ++# Specifies the system certificate store ++# This property may be disabled using ++# -Djava.security.disableSystemCACerts=true ++# ++security.systemCACerts=${java.home}/lib/security/cacerts ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx +index 19047c61097..43e034cdeaf 100644 +--- a/jdk/src/share/lib/security/java.security-macosx ++++ b/jdk/src/share/lib/security/java.security-macosx +@@ -297,6 +297,13 @@ security.overridePropertiesFile=true + # + security.useSystemPropertiesFile=false + ++# ++# Specifies the system certificate store ++# This property may be disabled using ++# -Djava.security.disableSystemCACerts=true ++# ++security.systemCACerts=${java.home}/lib/security/cacerts ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris +index 7eda556ae13..325937e97fb 100644 +--- a/jdk/src/share/lib/security/java.security-solaris ++++ b/jdk/src/share/lib/security/java.security-solaris +@@ -295,6 +295,13 @@ security.overridePropertiesFile=true + # + security.useSystemPropertiesFile=false + ++# ++# Specifies the system certificate store ++# This property may be disabled using ++# -Djava.security.disableSystemCACerts=true ++# ++security.systemCACerts=${java.home}/lib/security/cacerts ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. +diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows +index dfa1a669aa9..92ef777e065 100644 +--- a/jdk/src/share/lib/security/java.security-windows ++++ b/jdk/src/share/lib/security/java.security-windows +@@ -297,6 +297,13 @@ security.overridePropertiesFile=true + # + security.useSystemPropertiesFile=false + ++# ++# Specifies the system certificate store ++# This property may be disabled using ++# -Djava.security.disableSystemCACerts=true ++# ++security.systemCACerts=${java.home}/lib/security/cacerts ++ + # + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. diff --git a/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch b/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch new file mode 100644 index 0000000..06973aa --- /dev/null +++ b/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch @@ -0,0 +1,140 @@ +# HG changeset patch +# User andrew +# Date 1464316115 -3600 +# Fri May 27 03:28:35 2016 +0100 +# Node ID 794541fbbdc323f7da8a5cee75611f977eee66ee +# Parent 0be28a33e12dfc9ae1e4be381530643f691d351a +PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings +Summary: Add -systemlineendings option to keytool to allow system line endings to be used again. + +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +@@ -35,6 +35,7 @@ + + import java.util.Base64; + ++import sun.security.action.GetPropertyAction; + import sun.security.util.*; + import sun.security.x509.AlgorithmId; + import sun.security.x509.X509Key; +@@ -74,6 +75,14 @@ + * @author Hemma Prafullchandra + */ + public class PKCS10 { ++ ++ private static final byte[] sysLineEndings; ++ ++ static { ++ sysLineEndings = ++ AccessController.doPrivileged(new GetPropertyAction("line.separator")).getBytes(); ++ } ++ + /** + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it +@@ -303,13 +312,39 @@ + */ + public void print(PrintStream out) + throws IOException, SignatureException { ++ print(out, false); ++ } ++ ++ /** ++ * Prints an E-Mailable version of the certificate request on the print ++ * stream passed. The format is a common base64 encoded one, supported ++ * by most Certificate Authorities because Netscape web servers have ++ * used this for some time. Some certificate authorities expect some ++ * more information, in particular contact information for the web ++ * server administrator. ++ * ++ * @param out the print stream where the certificate request ++ * will be printed. ++ * @param systemLineEndings true if the request should be terminated ++ * using the system line endings. ++ * @exception IOException when an output operation failed ++ * @exception SignatureException when the certificate request was ++ * not yet signed. ++ */ ++ public void print(PrintStream out, boolean systemLineEndings) ++ throws IOException, SignatureException { ++ byte[] lineEndings; ++ + if (encoded == null) + throw new SignatureException("Cert request was not signed"); + ++ if (systemLineEndings) ++ lineEndings = sysLineEndings; ++ else ++ lineEndings = new byte[] {'\r', '\n'}; // CRLF + +- byte[] CRLF = new byte[] {'\r', '\n'}; + out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); +- out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(encoded)); ++ out.println(Base64.getMimeEncoder(64, lineEndings).encodeToString(encoded)); + out.println("-----END NEW CERTIFICATE REQUEST-----"); + } + +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +@@ -126,6 +126,7 @@ + private String infilename = null; + private String outfilename = null; + private String srcksfname = null; ++ private boolean systemLineEndings = false; + + // User-specified providers are added before any command is called. + // However, they are not removed before the end of the main() method. +@@ -188,7 +189,7 @@ + CERTREQ("Generates.a.certificate.request", + ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, +- PROVIDERARG, PROVIDERPATH, V, PROTECTED), ++ PROVIDERARG, PROVIDERPATH, SYSTEMLINEENDINGS, V, PROTECTED), + CHANGEALIAS("Changes.an.entry.s.alias", + ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, + STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, +@@ -321,6 +322,7 @@ + STARTDATE("startdate", "", "certificate.validity.start.date.time"), + STOREPASS("storepass", "", "keystore.password"), + STORETYPE("storetype", "", "keystore.type"), ++ SYSTEMLINEENDINGS("systemlineendings", null, "system.line.endings"), + TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), + V("v", null, "verbose.output"), + VALIDITY("validity", "", "validity.number.of.days"); +@@ -561,6 +563,8 @@ + protectedPath = true; + } else if (collator.compare(flags, "-srcprotected") == 0) { + srcprotectedPath = true; ++ } else if (collator.compare(flags, "-systemlineendings") == 0) { ++ systemLineEndings = true; + } else { + System.err.println(rb.getString("Illegal.option.") + flags); + tinyHelp(); +@@ -1464,7 +1468,7 @@ + + // Sign the request and base-64 encode it + request.encodeAndSign(subject, signature); +- request.print(out); ++ request.print(out, systemLineEndings); + + checkWeak(rb.getString("the.generated.certificate.request"), request); + } +@@ -4544,4 +4548,3 @@ + return new Pair<>(a,b); + } + } +- +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +@@ -168,6 +168,8 @@ + "keystore password"}, //-storepass + {"keystore.type", + "keystore type"}, //-storetype ++ {"system.line.endings", ++ "use system line endings rather than CRLF to terminate output"}, //-systemlineendings + {"trust.certificates.from.cacerts", + "trust certificates from cacerts"}, //-trustcacerts + {"verbose.output", diff --git a/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch b/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch new file mode 100644 index 0000000..00e3a2e --- /dev/null +++ b/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch @@ -0,0 +1,164 @@ +# HG changeset patch +# User andrew +# Date 1467652889 -3600 +# Mon Jul 04 18:21:29 2016 +0100 +# Node ID a4541d1d8609cadb08d3e31b40b9184ff32dd6c3 +# Parent bc6eab2038c603afb2eb2b4644f3b900c8fd0c46 +PR3083, RH1346460: Regression in SSL debug output without an ECC provider +Summary: Return null rather than throwing an exception when there's no ECC provider. + +diff --git openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java ++++ openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java +@@ -121,7 +121,7 @@ + private static void ensureCurveIsSupported(ECParameterSpec ecSpec) + throws InvalidAlgorithmParameterException { + +- AlgorithmParameters ecParams = ECUtil.getECParameters(null); ++ AlgorithmParameters ecParams = ECUtil.getECParameters(null, true); + byte[] encodedParams; + try { + ecParams.init(ecSpec); +diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java openjdk/jdk/src/share/classes/sun/security/util/Debug.java +--- openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java ++++ openjdk/jdk/src/share/classes/sun/security/util/Debug.java +@@ -73,6 +73,7 @@ + System.err.println("certpath PKIX CertPathBuilder and"); + System.err.println(" CertPathValidator debugging"); + System.err.println("combiner SubjectDomainCombiner debugging"); ++ System.err.println("ecc Elliptic Curve Cryptography debugging"); + System.err.println("gssloginconfig"); + System.err.println(" GSS LoginConfigImpl debugging"); + System.err.println("configfile JAAS ConfigFile loading"); +diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java +--- openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java ++++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java +@@ -41,6 +41,9 @@ + + public final class ECUtil { + ++ /* Are we debugging ? */ ++ private static final Debug debug = Debug.getInstance("ecc"); ++ + // Used by SunPKCS11 and SunJSSE. + public static ECPoint decodePoint(byte[] data, EllipticCurve curve) + throws IOException { +@@ -90,6 +93,10 @@ + } + + public static AlgorithmParameters getECParameters(Provider p) { ++ return getECParameters(p, false); ++ } ++ ++ public static AlgorithmParameters getECParameters(Provider p, boolean throwException) { + try { + if (p != null) { + return AlgorithmParameters.getInstance("EC", p); +@@ -97,13 +104,21 @@ + + return AlgorithmParameters.getInstance("EC"); + } catch (NoSuchAlgorithmException nsae) { +- throw new RuntimeException(nsae); ++ if (throwException) { ++ throw new RuntimeException(nsae); ++ } else { ++ // ECC provider is optional so just return null ++ if (debug != null) { ++ debug.println("Provider unavailable: " + nsae); ++ } ++ return null; ++ } + } + } + + public static byte[] encodeECParameterSpec(Provider p, + ECParameterSpec spec) { +- AlgorithmParameters parameters = getECParameters(p); ++ AlgorithmParameters parameters = getECParameters(p, true); + + try { + parameters.init(spec); +@@ -122,11 +137,16 @@ + public static ECParameterSpec getECParameterSpec(Provider p, + ECParameterSpec spec) { + AlgorithmParameters parameters = getECParameters(p); ++ if (parameters == null) ++ return null; + + try { + parameters.init(spec); + return parameters.getParameterSpec(ECParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { ++ if (debug != null) { ++ debug.println("Invalid parameter specification: " + ipse); ++ } + return null; + } + } +@@ -135,34 +155,49 @@ + byte[] params) + throws IOException { + AlgorithmParameters parameters = getECParameters(p); ++ if (parameters == null) ++ return null; + + parameters.init(params); + + try { + return parameters.getParameterSpec(ECParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { ++ if (debug != null) { ++ debug.println("Invalid parameter specification: " + ipse); ++ } + return null; + } + } + + public static ECParameterSpec getECParameterSpec(Provider p, String name) { + AlgorithmParameters parameters = getECParameters(p); ++ if (parameters == null) ++ return null; + + try { + parameters.init(new ECGenParameterSpec(name)); + return parameters.getParameterSpec(ECParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { ++ if (debug != null) { ++ debug.println("Invalid parameter specification: " + ipse); ++ } + return null; + } + } + + public static ECParameterSpec getECParameterSpec(Provider p, int keySize) { + AlgorithmParameters parameters = getECParameters(p); ++ if (parameters == null) ++ return null; + + try { + parameters.init(new ECKeySizeParameterSpec(keySize)); + return parameters.getParameterSpec(ECParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { ++ if (debug != null) { ++ debug.println("Invalid parameter specification: " + ipse); ++ } + return null; + } + +@@ -171,11 +206,16 @@ + public static String getCurveName(Provider p, ECParameterSpec spec) { + ECGenParameterSpec nameSpec; + AlgorithmParameters parameters = getECParameters(p); ++ if (parameters == null) ++ return null; + + try { + parameters.init(spec); + nameSpec = parameters.getParameterSpec(ECGenParameterSpec.class); + } catch (InvalidParameterSpecException ipse) { ++ if (debug != null) { ++ debug.println("Invalid parameter specification: " + ipse); ++ } + return null; + } + diff --git a/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch b/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch new file mode 100644 index 0000000..a980895 --- /dev/null +++ b/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch @@ -0,0 +1,166 @@ +diff --git openjdk.orig/hotspot/src/share/vm/asm/codeBuffer.cpp openjdk/hotspot/src/share/vm/asm/codeBuffer.cpp +--- openjdk.orig/hotspot/src/share/vm/asm/codeBuffer.cpp ++++ openjdk/hotspot/src/share/vm/asm/codeBuffer.cpp +@@ -977,7 +977,7 @@ + for (int n = (int) CodeBuffer::SECT_FIRST; n < (int) CodeBuffer::SECT_LIMIT; n++) { + CodeSection* sect = code_section(n); + if (!sect->is_allocated() || sect->is_empty()) continue; +- xtty->print_cr("", ++ xtty->print_cr("", + n, sect->limit() - sect->start(), sect->limit() - sect->end()); + } + xtty->print_cr(""); +diff --git openjdk.orig/hotspot/src/share/vm/code/codeCache.cpp openjdk/hotspot/src/share/vm/code/codeCache.cpp +--- openjdk.orig/hotspot/src/share/vm/code/codeCache.cpp ++++ openjdk/hotspot/src/share/vm/code/codeCache.cpp +@@ -192,7 +192,7 @@ + } + if (PrintCodeCacheExtension) { + ResourceMark rm; +- tty->print_cr("code cache extended to [" INTPTR_FORMAT ", " INTPTR_FORMAT "] (" SSIZE_FORMAT " bytes)", ++ tty->print_cr("code cache extended to [" INTPTR_FORMAT ", " INTPTR_FORMAT "] (" INTX_FORMAT " bytes)", + (intptr_t)_heap->low_boundary(), (intptr_t)_heap->high(), + (address)_heap->high() - (address)_heap->low_boundary()); + } +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp +@@ -598,7 +598,7 @@ + " [Table]\n" + " [Memory Usage: " G1_STRDEDUP_BYTES_FORMAT_NS "]\n" + " [Size: " SIZE_FORMAT ", Min: " SIZE_FORMAT ", Max: " SIZE_FORMAT "]\n" +- " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " UINTX_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n" ++ " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " SIZE_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n" + " [Resize Count: " UINTX_FORMAT ", Shrink Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS "), Grow Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS ")]\n" + " [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: " UINT64_FORMAT "]\n" + " [Age Threshold: " UINTX_FORMAT "]", +diff --git openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp openjdk/hotspot/src/share/vm/memory/blockOffsetTable.cpp +--- openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp ++++ openjdk/hotspot/src/share/vm/memory/blockOffsetTable.cpp +@@ -57,7 +57,7 @@ + gclog_or_tty->print_cr("BlockOffsetSharedArray::BlockOffsetSharedArray: "); + gclog_or_tty->print_cr(" " + " rs.base(): " INTPTR_FORMAT +- " rs.size(): " INTPTR_FORMAT ++ " rs.size(): " SIZE_FORMAT + " rs end(): " INTPTR_FORMAT, + p2i(rs.base()), rs.size(), p2i(rs.base() + rs.size())); + gclog_or_tty->print_cr(" " +diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp +--- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp ++++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp +@@ -1055,7 +1055,8 @@ + size_t expected = msp.scale_by_NewRatio_aligned(initial_heap_size); + assert(msp.initial_gen0_size() == expected, err_msg("%zu != %zu", msp.initial_gen0_size(), expected)); + assert(FLAG_IS_ERGO(NewSize) && NewSize == expected, +- err_msg("NewSize should have been set ergonomically to %zu, but was %zu", expected, NewSize)); ++ err_msg("NewSize should have been set ergonomically to " SIZE_FORMAT ", but was " UINTX_FORMAT, ++ expected, NewSize)); + } + + private: +diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp ++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp +@@ -1291,14 +1291,14 @@ + } + if (PrintGCDetails && Verbose) { + // Too early to use gclog_or_tty +- tty->print_cr("CMS ergo set MaxNewSize: " SIZE_FORMAT, MaxNewSize); ++ tty->print_cr("CMS ergo set MaxNewSize: " UINTX_FORMAT, MaxNewSize); + } + + // Code along this path potentially sets NewSize and OldSize + if (PrintGCDetails && Verbose) { + // Too early to use gclog_or_tty +- tty->print_cr("CMS set min_heap_size: " SIZE_FORMAT +- " initial_heap_size: " SIZE_FORMAT ++ tty->print_cr("CMS set min_heap_size: " UINTX_FORMAT ++ " initial_heap_size: " UINTX_FORMAT + " max_heap: " SIZE_FORMAT, + min_heap_size(), InitialHeapSize, max_heap); + } +@@ -1314,7 +1314,7 @@ + FLAG_SET_ERGO(uintx, NewSize, MIN2(preferred_max_new_size, (size_t)NewSize)); + if (PrintGCDetails && Verbose) { + // Too early to use gclog_or_tty +- tty->print_cr("CMS ergo set NewSize: " SIZE_FORMAT, NewSize); ++ tty->print_cr("CMS ergo set NewSize: " UINTX_FORMAT, NewSize); + } + } + // Unless explicitly requested otherwise, size old gen +@@ -1324,7 +1324,7 @@ + FLAG_SET_ERGO(uintx, OldSize, MIN2((size_t)(NewRatio*NewSize), max_heap - NewSize)); + if (PrintGCDetails && Verbose) { + // Too early to use gclog_or_tty +- tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize); ++ tty->print_cr("CMS ergo set OldSize: " UINTX_FORMAT, OldSize); + } + } + } +@@ -2043,7 +2043,7 @@ + + if (PrintGCDetails && Verbose) { + // Cannot use gclog_or_tty yet. +- tty->print_cr(" Initial heap size " SIZE_FORMAT, (uintx)reasonable_initial); ++ tty->print_cr(" Initial heap size " SIZE_FORMAT, (size_t)reasonable_initial); + } + FLAG_SET_ERGO(uintx, InitialHeapSize, (uintx)reasonable_initial); + } +@@ -2053,7 +2053,7 @@ + set_min_heap_size(MIN2((uintx)reasonable_minimum, InitialHeapSize)); + if (PrintGCDetails && Verbose) { + // Cannot use gclog_or_tty yet. +- tty->print_cr(" Minimum heap size " SIZE_FORMAT, min_heap_size()); ++ tty->print_cr(" Minimum heap size " UINTX_FORMAT, min_heap_size()); + } + } + } +diff --git openjdk.orig/hotspot/src/share/vm/utilities/globalDefinitions.hpp openjdk/hotspot/src/share/vm/utilities/globalDefinitions.hpp +--- openjdk.orig/hotspot/src/share/vm/utilities/globalDefinitions.hpp ++++ openjdk/hotspot/src/share/vm/utilities/globalDefinitions.hpp +@@ -1389,12 +1389,21 @@ + + #define INTPTR_FORMAT_W(width) "%" #width PRIxPTR + ++#if defined(S390) && !defined(_LP64) ++#define SSIZE_FORMAT "%z" PRIdPTR ++#define SIZE_FORMAT "%z" PRIuPTR ++#define SIZE_FORMAT_HEX "0x%z" PRIxPTR ++#define SSIZE_FORMAT_W(width) "%" #width "z" PRIdPTR ++#define SIZE_FORMAT_W(width) "%" #width "z" PRIuPTR ++#define SIZE_FORMAT_HEX_W(width) "0x%" #width "z" PRIxPTR ++#else // !S390 + #define SSIZE_FORMAT "%" PRIdPTR + #define SIZE_FORMAT "%" PRIuPTR + #define SIZE_FORMAT_HEX "0x%" PRIxPTR + #define SSIZE_FORMAT_W(width) "%" #width PRIdPTR + #define SIZE_FORMAT_W(width) "%" #width PRIuPTR + #define SIZE_FORMAT_HEX_W(width) "0x%" #width PRIxPTR ++#endif // S390 + + #define INTX_FORMAT "%" PRIdPTR + #define UINTX_FORMAT "%" PRIuPTR +diff --git openjdk.orig/hotspot/src/share/vm/runtime/memprofiler.cpp openjdk/hotspot/src/share/vm/runtime/memprofiler.cpp +--- openjdk.orig/hotspot/src/share/vm/runtime/memprofiler.cpp ++++ openjdk/hotspot/src/share/vm/runtime/memprofiler.cpp +@@ -117,16 +117,16 @@ + } + + // Print trace line in log +- fprintf(_log_fp, "%6.1f,%5d,%5d," UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) ",", ++ fprintf(_log_fp, "%6.1f,%5d,%5d," SIZE_FORMAT_W(6) "," SIZE_FORMAT_W(6) ",", + os::elapsedTime(), + Threads::number_of_threads(), + SystemDictionary::number_of_classes(), + Universe::heap()->used() / K, + Universe::heap()->capacity() / K); + +- fprintf(_log_fp, UINTX_FORMAT_W(6) ",", CodeCache::capacity() / K); ++ fprintf(_log_fp, SIZE_FORMAT_W(6) ",", CodeCache::capacity() / K); + +- fprintf(_log_fp, UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) "\n", ++ fprintf(_log_fp, SIZE_FORMAT_W(6) "," SIZE_FORMAT_W(6) "," SIZE_FORMAT_W(6) "\n", + handles_memory_usage / K, + resource_memory_usage / K, + OopMapCache::memory_usage() / K); diff --git a/repackReproduciblePolycies.sh b/repackReproduciblePolycies.sh new file mode 100644 index 0000000..f356bd3 --- /dev/null +++ b/repackReproduciblePolycies.sh @@ -0,0 +1,44 @@ +#!/bin/sh +set -e +# https://bugzilla.redhat.com/show_bug.cgi?id=1142153 +M=META-INF/MANIFEST.MF +#P=/usr/lib/jvm/java/jre/lib/security/policy +P=$1/lib/security/policy +ERRORS=0 + for type in unlimited limited ; do +for f in local_policy.jar US_export_policy.jar ; do +ORIG=$P/$type/$f +echo "processing $f ($ORIG)" +if [ ! -f $ORIG ]; then + echo "File not found! $ORIG" + let ERRORS=$ERRORS+1 + continue +fi +d=`mktemp -d` +NW=$d/$f + pushd $d + jar xf $ORIG + cat $M +# sed -i "s/Created-By.*/Created-By: 1.7.0/g" $M + sed -i "s/Created-By.*/Created-By: $2/g" $M + cat $M + find . -exec touch -t 201401010000 {} + + zip -rX $f * + popd + echo "replacing $ORIG" + touch -t 201401010000 $ORIG + md5sum $ORIG + sha256sum $ORIG + echo "by $NW" + md5sum $NW + sha256sum $NW + touch -t 201401010000 $NW + cp $NW $ORIG + md5sum $ORIG + sha256sum $ORIG + touch -t 201401010000 $ORIG + rm -rfv $d +done + done + +exit $ERRORS diff --git a/rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch b/rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch new file mode 100644 index 0000000..d9cbac4 --- /dev/null +++ b/rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch @@ -0,0 +1,66 @@ +diff --git a/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java b/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java +--- openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java ++++ openjdk/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java +@@ -1,5 +1,6 @@ + /* + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2014 Red Hat Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -61,13 +62,13 @@ + + private static void checkKeySize(int keysize) + throws InvalidParameterException { +- boolean supported = ((keysize == 2048) || (keysize == 3072) || ++ boolean supported = ((keysize == 2048) || (keysize == 3072) || (keysize == 4096) || + ((keysize >= 512) && (keysize <= 1024) && ((keysize & 0x3F) == 0))); + + if (!supported) { + throw new InvalidParameterException( + "DH key size must be multiple of 64 and range " + +- "from 512 to 1024 (inclusive), or 2048, 3072. " + ++ "from 512 to 1024 (inclusive), or 2048, 3072, 4096. " + + "The specific key size " + keysize + " is not supported"); + } + } +diff --git a/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java b/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java +--- openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java ++++ openjdk/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java +@@ -1,5 +1,6 @@ + /* + * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2014 Red Hat Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -58,7 +59,7 @@ + */ + private enum Sizes { + two56(256), three84(384), five12(512), seven68(768), ten24(1024), +- twenty48(2048); ++ twenty48(2048), forty96(4096); + + private final int intSize; + private final BigInteger bigIntValue; +@@ -130,6 +131,19 @@ + kp = kpg.generateKeyPair(); + checkKeyPair(kp, Sizes.twenty48, Sizes.five12); + ++ kpg.initialize(Sizes.forty96.getIntSize()); ++ kp = kpg.generateKeyPair(); ++ checkKeyPair(kp, Sizes.forty96, Sizes.twenty48); ++ ++ publicKey = (DHPublicKey)kp.getPublic(); ++ p = publicKey.getParams().getP(); ++ g = publicKey.getParams().getG(); ++ ++ // test w/ all values specified ++ kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize())); ++ kp = kpg.generateKeyPair(); ++ checkKeyPair(kp, Sizes.forty96, Sizes.ten24); ++ + System.out.println("OK"); + } + + diff --git a/rh1582504-rsa_default_for_keytool.patch b/rh1582504-rsa_default_for_keytool.patch new file mode 100644 index 0000000..f59dbf5 --- /dev/null +++ b/rh1582504-rsa_default_for_keytool.patch @@ -0,0 +1,12 @@ +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +@@ -1004,7 +1004,7 @@ + } + } else if (command == GENKEYPAIR) { + if (keyAlgName == null) { +- keyAlgName = "DSA"; ++ keyAlgName = "RSA"; + } + doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName); + kssave = true; diff --git a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch new file mode 100644 index 0000000..bddd702 --- /dev/null +++ b/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch @@ -0,0 +1,16 @@ +diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java +--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500 ++++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500 +@@ -883,7 +883,11 @@ + return null; + } + }); +- loadAssistiveTechnologies(); ++ try { ++ loadAssistiveTechnologies(); ++ } catch ( AWTError error) { ++ // ignore silently ++ } + } + return toolkit; + } diff --git a/rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch b/rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch new file mode 100644 index 0000000..b0a874d --- /dev/null +++ b/rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch @@ -0,0 +1,12 @@ +diff --git a/src/share/vm/runtime/globals.hpp b/src/share/vm/runtime/globals.hpp +--- openjdk/hotspot/src/share/vm/runtime/globals.hpp ++++ openjdk/hotspot/src/share/vm/runtime/globals.hpp +@@ -530,7 +530,7 @@ + lp64_product(intx, ObjectAlignmentInBytes, 8, \ + "Default object alignment in bytes, 8 is minimum") \ + \ +- product(bool, AssumeMP, false, \ ++ product(bool, AssumeMP, true, \ + "Instruct the VM to assume multiple processors are available") \ + \ + /* UseMembar is theoretically a temp flag used for memory barrier \ diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch new file mode 100644 index 0000000..eb8f255 --- /dev/null +++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch @@ -0,0 +1,12 @@ +diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux +index 9d1c8fe8a8e..a80a3c12abb 100644 +--- a/jdk/src/share/lib/security/java.security-linux ++++ b/jdk/src/share/lib/security/java.security-linux +@@ -74,6 +74,7 @@ security.provider.6=sun.security.jgss.SunProvider + security.provider.7=com.sun.security.sasl.Provider + security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI + security.provider.9=sun.security.smartcardio.SunPCSC ++#security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg + + # + # Security providers used when FIPS mode support is active diff --git a/rh1648644-java_access_bridge_privileged_security.patch b/rh1648644-java_access_bridge_privileged_security.patch new file mode 100644 index 0000000..28060ed --- /dev/null +++ b/rh1648644-java_access_bridge_privileged_security.patch @@ -0,0 +1,25 @@ +diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux +--- openjdk.orig/jdk/src/share/lib/security/java.security-linux ++++ openjdk/jdk/src/share/lib/security/java.security-linux +@@ -226,7 +226,9 @@ + com.sun.activation.registries.,\ + jdk.jfr.events.,\ + jdk.jfr.internal.,\ +- jdk.management.jfr.internal. ++ jdk.management.jfr.internal.,\ ++ org.GNOME.Accessibility.,\ ++ org.GNOME.Bonobo. + + # + # List of comma-separated packages that start with or equal this string +@@ -279,7 +281,9 @@ + com.sun.activation.registries.,\ + jdk.jfr.events.,\ + jdk.jfr.internal.,\ +- jdk.management.jfr.internal. ++ jdk.management.jfr.internal.,\ ++ org.GNOME.Accessibility.,\ ++ org.GNOME.Bonobo. + + # + # Determines whether this properties file can be appended to diff --git a/rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch b/rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch new file mode 100644 index 0000000..e319492 --- /dev/null +++ b/rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch @@ -0,0 +1,16 @@ +diff --git openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk openjdk/jdk/make/lib/Awt2dLibraries.gmk +--- openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk ++++ openjdk/jdk/make/lib/Awt2dLibraries.gmk +@@ -891,6 +891,12 @@ + BUILD_LIBFONTMANAGER_ExtensionSubtables.cpp_CXXFLAGS := -fno-strict-aliasing + endif + ++# Turn off strict overflow with GCC for IndicRearrangementProcessor.cpp ++ifeq ($(OPENJDK_TARGET_OS), linux) ++ BUILD_LIBFONTMANAGER_IndicRearrangementProcessor.cpp_CXXFLAGS := -fno-strict-overflow ++ BUILD_LIBFONTMANAGER_IndicRearrangementProcessor2.cpp_CXXFLAGS := -fno-strict-overflow ++endif ++ + # LDFLAGS clarification: + # Filter relevant linker flags disallowing unresolved symbols as we cannot + # build-time decide to which library to link against (libawt_headless or diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch new file mode 100644 index 0000000..4789f0b --- /dev/null +++ b/rh1750419-redhat_alt_java.patch @@ -0,0 +1,133 @@ +diff --git openjdk.orig/jdk/make/CompileLaunchers.gmk openjdk/jdk/make/CompileLaunchers.gmk +--- openjdk.orig/jdk/make/CompileLaunchers.gmk ++++ openjdk/jdk/make/CompileLaunchers.gmk +@@ -255,6 +255,33 @@ + endif + endif + ++# -Wno-error=cpp is present to allow commented warning in ifdef part of main.c ++$(eval $(call SetupLauncher,alt-java, \ ++ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA -Wno-error=cpp,,,user32.lib comctl32.lib, \ ++ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \ ++ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true)) ++ ++$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX): $(BUILD_LAUNCHER_alt-java) ++ $(MKDIR) -p $(@D) ++ $(RM) $@ ++ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) $@ ++ ++$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT): $(BUILD_LAUNCHER_alt-java) ++ $(MKDIR) -p $(@D) ++ $(RM) $@ ++ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT) $@ ++ ++ifeq ($(OPENJDK_TARGET_OS), linux) ++ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) ++ ifeq ($(ENABLE_DEBUG_SYMBOLS), true) ++ ifneq ($(POST_STRIP_CMD), ) ++ ifneq ($(STRIP_POLICY), no_strip) ++ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT) ++ endif ++ endif ++ endif ++endif ++ + ifeq ($(OPENJDK_TARGET_OS), windows) + $(eval $(call SetupLauncher,javaw, \ + -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \ +diff --git openjdk.orig/jdk/src/share/bin/alt_main.h openjdk/jdk/src/share/bin/alt_main.h +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/src/share/bin/alt_main.h +@@ -0,0 +1,73 @@ ++/* ++ * Copyright (c) 2019, Red Hat, Inc. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#ifdef REDHAT_ALT_JAVA ++ ++#include ++ ++ ++/* Per task speculation control */ ++#ifndef PR_GET_SPECULATION_CTRL ++# define PR_GET_SPECULATION_CTRL 52 ++#endif ++#ifndef PR_SET_SPECULATION_CTRL ++# define PR_SET_SPECULATION_CTRL 53 ++#endif ++/* Speculation control variants */ ++#ifndef PR_SPEC_STORE_BYPASS ++# define PR_SPEC_STORE_BYPASS 0 ++#endif ++/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ ++ ++#ifndef PR_SPEC_NOT_AFFECTED ++# define PR_SPEC_NOT_AFFECTED 0 ++#endif ++#ifndef PR_SPEC_PRCTL ++# define PR_SPEC_PRCTL (1UL << 0) ++#endif ++#ifndef PR_SPEC_ENABLE ++# define PR_SPEC_ENABLE (1UL << 1) ++#endif ++#ifndef PR_SPEC_DISABLE ++# define PR_SPEC_DISABLE (1UL << 2) ++#endif ++#ifndef PR_SPEC_FORCE_DISABLE ++# define PR_SPEC_FORCE_DISABLE (1UL << 3) ++#endif ++#ifndef PR_SPEC_DISABLE_NOEXEC ++# define PR_SPEC_DISABLE_NOEXEC (1UL << 4) ++#endif ++ ++static void set_speculation() __attribute__((constructor)); ++static void set_speculation() { ++ if ( prctl(PR_SET_SPECULATION_CTRL, ++ PR_SPEC_STORE_BYPASS, ++ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) { ++ return; ++ } ++ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); ++} ++ ++#endif // REDHAT_ALT_JAVA +diff --git openjdk.orig/jdk/src/share/bin/main.c openjdk/jdk/src/share/bin/main.c +--- openjdk.orig/jdk/src/share/bin/main.c ++++ openjdk/jdk/src/share/bin/main.c +@@ -32,6 +32,14 @@ + + #include "defines.h" + ++#ifdef REDHAT_ALT_JAVA ++#if defined(__linux__) && defined(__x86_64__) ++#include "alt_main.h" ++#else ++#warning alt-java requested but SSB mitigation not available on this platform. ++#endif ++#endif ++ + #ifdef _MSC_VER + #if _MSC_VER > 1400 && _MSC_VER < 1600 + diff --git a/s390-8214206_fix.patch b/s390-8214206_fix.patch new file mode 100644 index 0000000..190109c --- /dev/null +++ b/s390-8214206_fix.patch @@ -0,0 +1,46 @@ +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp +@@ -150,5 +150,5 @@ + return value; + } + +- return (size_t)1 << (log2_intptr(value) + 1); ++ return (size_t)1 << (log2_intptr((uintptr_t) value) + 1); + } +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp +@@ -135,7 +135,7 @@ + void BinaryMagnitudeSeq::add(size_t val) { + Atomic::add(val, &_sum); + +- int mag = log2_intptr(val) + 1; ++ int mag = log2_long(val) + 1; + + // Defensively saturate for product bits: + if (mag < 0) { +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp +@@ -659,7 +659,7 @@ + } + + size_t ShenandoahHeap::soft_max_capacity() const { +- size_t v = OrderAccess::load_acquire((volatile size_t*)&_soft_max_size); ++ size_t v = OrderAccess::load_acquire((volatile jlong*)&_soft_max_size); + assert(min_capacity() <= v && v <= max_capacity(), + err_msg("Should be in bounds: " SIZE_FORMAT " <= " SIZE_FORMAT " <= " SIZE_FORMAT, + min_capacity(), v, max_capacity())); +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp +@@ -155,7 +155,7 @@ + private: + size_t _initial_size; + size_t _minimum_size; +- volatile size_t _soft_max_size; ++ volatile jlong _soft_max_size; + shenandoah_padding(0); + volatile jlong _used; + volatile size_t _committed; diff --git a/sources b/sources new file mode 100644 index 0000000..dbf6233 --- /dev/null +++ b/sources @@ -0,0 +1,2 @@ +SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz) = 64a3679f3c5159b5742aac14a1a07d860a33c98a06b705bd106f0e997e591751c2645e9037cb9b4f6093aac69456f28dacf90451f0b083e803db4e5cb35d349f +SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671