rpms
/
java-1.8.0-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import java-1.8.0-openjdk-1.8.0.282.b08-1.el8

This commit is contained in:
CentOS Sources 2021-03-30 10:57:12 -04:00 committed by Stepan Oksanichenko
parent 14f10e9895
commit 10709f9253
23 changed files with 1875 additions and 856 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

2
.java-1.8.0-openjdk.metadata
View File

@ -1,2 +1,2 @@
57112674fa8d81e4b09c1eec880ed362a7f98a67 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz
de58a4f646ca65cafbd2166d7d08eb330adaf4e6 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

57
SOURCES/CheckVendor.java Normal file
View File

@ -0,0 +1,57 @@
/* CheckVendor -- Check the vendor properties match specified values.
Copyright (C) 2020 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @test
*/
public class CheckVendor {
public static void main(String[] args) {
if (args.length < 3) {
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL>");
System.exit(1);
}
String vendor = System.getProperty("java.vendor");
String expectedVendor = args[0];
String vendorURL = System.getProperty("java.vendor.url");
String expectedVendorURL = args[1];
String vendorBugURL = System.getProperty("java.vendor.url.bug");
String expectedVendorBugURL = args[2];
if (!expectedVendor.equals(vendor)) {
System.err.printf("Invalid vendor %s, expected %s\n",
vendor, expectedVendor);
System.exit(2);
}
if (!expectedVendorURL.equals(vendorURL)) {
System.err.printf("Invalid vendor URL %s, expected %s\n",
vendorURL, expectedVendorURL);
System.exit(3);
}
if (!expectedVendorBugURL.equals(vendorBugURL)) {
System.err.printf("Invalid vendor bug URL%s, expected %s\n",
vendorBugURL, expectedVendorBugURL);
System.exit(4);
}
System.err.printf("Vendor information verified as %s, %s, %s\n",
vendor, vendorURL, vendorBugURL);
}
}

750
SOURCES/NEWS
View File

@ -3,6 +3,756 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u282 (2021-01-19):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u282
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
* Security fixes
- JDK-8247619: Improve Direct Buffering of Characters
* Other changes
- JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
- JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
- JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
- JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
- JDK-8030350: Enable additional compiler warnings for GCC
- JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
- JDK-8036122: Fix warning 'format not a string literal'
- JDK-8039279: Move awt tests to openjdk repository
- JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
- JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
- JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
- JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
- JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
- JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
- JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
- JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
- JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
- JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
- JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
- JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
- JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
- JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
- JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
- JDK-8051440: move tests about maximizing undecorated to OpenJDK
- JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
- JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
- JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
- JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
- JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
- JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
- JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
- JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
- JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
- JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
- JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
- JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
- JDK-8062808: Turn on the -Wreturn-type warning
- JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
- JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
- JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
- JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
- JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
- JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
- JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
- JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
- JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
- JDK-8068275: Some tests failed after JDK-8063104
- JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
- JDK-8074807: Fix some tests unnecessary using internal API
- JDK-8076315: move 4 manual functional swing tests to regression suite
- JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
- JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
- JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
- JDK-8148916: Mark bug6400879.java as intermittently failing
- JDK-8148983: Fix extra comma in changes for JDK-8148916
- JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
- JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
- JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
- JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
- JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
- JDK-8165808: Add release barriers when allocating objects with concurrent collection
- JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
- JDK-8166583: Add oopDesc::klass_or_null_acquire()
- JDK-8166663: Simplify oops_on_card_seq_iterate_careful
- JDK-8166862: CMS needs klass_or_null_acquire
- JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
- JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
- JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
- JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
- JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
- JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
- JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
- JDK-8207766: [testbug] Adapt tests for Aix.
- JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
- JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
- JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
- JDK-8217362: Emergency dump does not work when disk=false is set
- JDK-8217766: Container Support doesn't work for some Join Controllers combinations
- JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
- JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
- JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
- JDK-8220657: JFR.dump does not work when filename is set
- JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
- JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
- JDK-8221710: [TESTBUG] more configurable parameters for docker testing
- JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
- JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
- JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
- JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
- JDK-8229868: Update Apache Santuario TPRM version
- JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
- JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
- JDK-8232114: JVM crashed at imjpapi.dll in native code
- JDK-8233548: Update CUP to v0.11b
- JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
- JDK-8234339: replace JLI_StrTok in java_md_solinux.c
- JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
- JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
- JDK-8242335: Additional Tests for RSASSA-PSS
- JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
- JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
- JDK-8245400: Upgrade to LittleCMS 2.11
- JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
- JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
- JDK-8249176: Update GlobalSignR6CA test certificates
- JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
- JDK-8250636: iso8601_time returns incorrect offset part on MacOS
- JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
- JDK-8250928: JFR: Improve hash algorithm for stack traces
- JDK-8251365: Build failure on AIX after 8250636
- JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
- JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
- JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
- JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
- JDK-8252497: Incorrect numeric currency code for ROL
- JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
- JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
- JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
- JDK-8253036: Support building the Zero assembler port on AArch64
- JDK-8253284: Zero OrderAccess barrier mappings are incorrect
- JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
- JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
- JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
- JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
- JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
- JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
- JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
- JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
- JDK-8255003: Build failures on Solaris
- JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
- JDK-8255269: Unsigned overflow in g1Policy.cpp
- JDK-8255603: Memory/Performance regression after JDK-8210985
- JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
- JDK-8256618: Zero: Linux x86_32 build still fails
- JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
- JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
- JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
- JDK-8258630: Add expiry exception for QuoVadis root certificate
* AArch64 port
- Fix AArch64 build failure after JDK-8062808 backport
* Shenandoah
- Fix racy update of code roots
Notes on individual issues:
===========================
security-libs/javax.xml.crypto:
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
===========================================================================
The XML Signature implementation in the `java.xml.crypto` module has
been updated to version 2.1.3 of Apache Santuario. New features
include:
* Added support for embedding elliptic curve public keys in the
KeyValue element
New in release OpenJDK 8u275 (2020-11-05):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u275
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
* Regression fixes
- JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
- JDK-8223940: Private key not supported by chosen signature algorithm
- JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
- JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
New in release OpenJDK 8u272 (2020-10-20):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u272
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
* New features
- JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
* Security fixes
- JDK-8233624: Enhance JNI linkage
- JDK-8236196: Improve string pooling
- JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
- JDK-8237995, CVE-2020-14782: Enhance certificate processing
- JDK-8240124: Better VM Interning
- JDK-8241114, CVE-2020-14792: Better range handling
- JDK-8242680, CVE-2020-14796: Improved URI Support
- JDK-8242685, CVE-2020-14797: Better Path Validation
- JDK-8242695, CVE-2020-14798: Enhanced buffer support
- JDK-8243302: Advanced class supports
- JDK-8244136, CVE-2020-14803: Improved Buffer supports
- JDK-8244479: Further constrain certificates
- JDK-8244955: Additional Fix for JDK-8240124
- JDK-8245407: Enhance zoning of times
- JDK-8245412: Better class definitions
- JDK-8245417: Improve certificate chain handling
- JDK-8248574: Improve jpeg processing
- JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
- JDK-8253019: Enhanced JPEG decoding
* Other changes
- JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
- JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
- JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
- JDK-8025886: replace [[ and == bash extensions in regtest
- JDK-8026236: Add PrimeTest for BigInteger
- JDK-8031625: javadoc problems referencing inner class constructors
- JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
- JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
- JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
- JDK-8046274: Removing dependency on jakarta-regexp
- JDK-8048933: -XX:+TraceExceptions output should include the message
- JDK-8057003: Large reference arrays cause extremely long synchronization times
- JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
- JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
- JDK-8062947: Fix exception message to correctly represent LDAP connection failure
- JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
- JDK-8075774: Small readability and performance improvements for zipfs
- JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
- JDK-8078334: Mark regression tests using randomness
- JDK-8078880: Mark a few more intermittently failuring security-libs
- JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
- JDK-8132206: move ScanTest.java into OpenJDK
- JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
- JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
- JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
- JDK-8144539: Update PKCS11 tests to run with security manager
- JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
- JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
- JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
- JDK-8151788: NullPointerException from ntlm.Client.type3
- JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
- JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
- JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
- JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
- JDK-8154313: Generated javadoc scattered all over the place
- JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
- JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
- JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
- JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
- JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
- JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
- JDK-8166148: Fix for JDK-8165936 broke solaris builds
- JDK-8167300: Scheduling failures during gcm should be fatal
- JDK-8167615: Opensource unit/regression tests for JavaSound
- JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
- JDK-8169925: PKCS #11 Cryptographic Token Interface license
- JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
- JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
- JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
- JDK-8177628: Opensource unit/regression tests for ImageIO
- JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
- JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
- JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
- JDK-8184762: ZapStackSegments should use optimized memset
- JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
- JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
- JDK-8193137: Nashorn crashes when given an empty script file
- JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
- JDK-8194298: Add support for per Socket configuration of TCP keepalive
- JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
- JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
- JDK-8201633: Problems with AES-GCM native acceleration
- JDK-8203357: Container Metrics
- JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
- JDK-8210147: adjust some WSAGetLastError usages in windows network coding
- JDK-8211049: Second parameter of "initialize" method is not used
- JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
- JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
- JDK-8214862: assert(proj != __null) at compile.cpp:3251
- JDK-8216283: Allow shorter method sampling interval than 10 ms
- JDK-8217606: LdapContext#reconnect always opens a new connection
- JDK-8217647: JFR: recordings on 32-bit systems unreadable
- JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
- JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
- JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
- JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
- JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
- JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
- JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
- JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
- JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
- JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
- JDK-8224217: RecordingInfo should use textual representation of path
- JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
- JDK-8226575: OperatingSystemMXBean should be made container aware
- JDK-8226697: Several tests which need the @key headful keyword are missing it.
- JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
- JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
- JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
- JDK-8230303: JDB hangs when running monitor command
- JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
- JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
- JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
- JDK-8233097: Fontmetrics for large Fonts has zero width
- JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
- JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
- JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
- JDK-8235325: build failure on Linux after 8235243
- JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
- JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
- JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
- JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
- JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
- JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
- JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
- JDK-8238898: Missing hash characters for header on license file
- JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
- JDK-8239819: XToolkit: Misread of screen information memory
- JDK-8240295: hs_err elapsed time in seconds is not accurate enough
- JDK-8240676: Meet not symmetric failure when running lucene on jdk8
- JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
- JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
- JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
- JDK-8243138: Enhance BaseLdapServer to support starttls extended request
- JDK-8243320: Add SSL root certificates to Oracle Root CA program
- JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
- JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
- JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
- JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
- JDK-8245467: Remove 8u TLSv1.2 implementation files
- JDK-8245469: Remove DTLS protocol implementation
- JDK-8245470: Fix JDK8 compatibility issues
- JDK-8245471: Revert JDK-8148188
- JDK-8245472: Backport JDK-8038893 to JDK8
- JDK-8245473: OCSP stapling support
- JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
- JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
- JDK-8245477: Adjust TLS tests location
- JDK-8245653: Remove 8u TLS tests
- JDK-8245681: Add TLSv1.3 regression test from 11.0.7
- JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
- JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
- JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
- JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
- JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
- JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
- JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
- JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
- JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
- JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
- JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
- JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
- JDK-8251341: Minimal Java specification change
- JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
- JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
- JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
- JDK-8252573: 8u: Windows build failed after 8222079 backport
- JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
- JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
- JDK-8254937: Revert JDK-8148854 for 8u272
Notes on individual issues:
===========================
core-svc/java.lang.management:
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
============================================================================================
When executing in a container, or other virtualized operating
environment, the following `OperatingSystemMXBean` methods in this
release return container specific information, if
available. Otherwise, they return host specific data:
* getFreePhysicalMemorySize()
* getTotalPhysicalMemorySize()
* getFreeSwapSpaceSize()
* getTotalSwapSpaceSize()
* getSystemCpuLoad()
security-libs/java.security:
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
========================================================================
The Entrust root certificate has been added to the cacerts truststore:
Alias Name: entrustrootcag4
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
=========================================================
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
Alias Name: sslrootrsaca
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
Alias Name: sslrootevrsaca
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
Alias Name: sslrooteccca
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
security-libs/javax.crypto:pkcs11:
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
=======================================================================
The SunPKCS11 provider has been updated with support for PKCS#11
v2.40. This version adds support for more algorithms such as the
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
digests, and RSASSA-PSS signatures when the corresponding PKCS11
mechanisms are supported by the underlying PKCS11 library.
security-libs/javax.security:
JDK-8242059: Support for canonicalize in krb5.conf
==================================================
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
canonicalization is requested by clients in TGT requests to KDC
services (AS protocol). Otherwise, and by default, it is not
requested.
The new default behavior is different from previous releases where
name canonicalization was always requested by clients in TGT requests
to KDC services (provided that support for RFC 6806[1] was not
explicitly disabled with the *sun.security.krb5.disableReferrals*
system or security properties).
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
[1]: https://tools.ietf.org/html/rfc6806
security-libs/javax.xml.crypto:
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
=====================================================================
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
New features include:
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
in RFC 6931.
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
============================================================================================================
The upgrade to the Apache Santuario libraries (see above) introduced
an issue where XML signature using Base64 encoding resulted in
appending `&#xd` or `&#13` to the encoded output. This behavioural
change was made in the Apache Santuario codebase to comply with RFC
2045. The Santuario team has adopted a position of keeping their
libraries compliant with RFC 2045.
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
data in a format without `&#xd` or `&#13`.
Therefore a new system property, specific to the 8 update stream,
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
available to fall back to the legacy Base64 encoded format.
Users can set this flag in one of two ways:
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
This new system property is disabled by default. It has no effect on
default behaviour nor when
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
is set.
Later JDK family versions will only support the recommended property:
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
====================================================================
Following JDK's update to tzdata2020b, the long-obsolete files
pacificnew and systemv have been removed. As a result, the
"US/Pacific-New" zone name declared in the pacificnew data file is no
longer available for use.
Information regarding the update can be viewed at
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
New in release OpenJDK 8u265 (2020-07-27):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u265
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
* Bug fixes
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
New in release OpenJDK 8u262 (2020-07-14):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/oj8u262
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
* New features
- JDK-8223147: JFR Backport
* Security fixes
- JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
- JDK-8230613: Better ASCII conversions
- JDK-8231800: Better listing of arrays
- JDK-8232014: Expand DTD support
- JDK-8233255: Better Swing Buttons
- JDK-8234032: Improve basic calendar services
- JDK-8234042: Better factory production of certificates
- JDK-8234418: Better parsing with CertificateFactory
- JDK-8234836: Improve serialization handling
- JDK-8236191: Enhance OID processing
- JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
- JDK-8238002, CVE-2020-14581: Better matrix operations
- JDK-8238804: Enhance key handling process
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- JDK-8238843: Enhanced font handing
- JDK-8238920, CVE-2020-14583: Better Buffer support
- JDK-8238925: Enhance WAV file playback
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
- JDK-8240482: Improved WAV file playback
- JDK-8241379: Update JCEKS support
- JDK-8241522: Manifest improved jar headers redux
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
* Other changes
- JDK-4949105: Access Bridge lacks html tags parsing
- JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
- JDK-8003209: JFR events for network utilization
- JDK-8030680: 292 cleanup from default method code assessment
- JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
- JDK-8037866: Replace the Fun class in tests with lambdas
- JDK-8041626: Shutdown tracing event
- JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
- JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
- JDK-8076475: Misuses of strncpy/strncat
- JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
- JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
- JDK-8146612: C2: Precedence edges specification violated
- JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
- JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
- JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
- JDK-8165675: Trace event for thread park has incorrect unit for timeout
- JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
- JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
- JDK-8176182: 4 security tests are not run
- JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
- JDK-8178910: Problemlist sample tests
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
- JDK-8183925: Decouple crash protection from watcher thread
- JDK-8191393: Random crashes during cfree+0x1c
- JDK-8195817: JFR.stop should require name of recording
- JDK-8195818: JFR.start should increase autogenerated name by one
- JDK-8195819: Remove recording=x from jcmd JFR.check output
- JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
- JDK-8199712: Flight Recorder
- JDK-8202578: Revisit location for class unload events
- JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
- JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
- JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
- JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
- JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
- JDK-8203929: Limit amount of data for JFR.dump
- JDK-8205516: JFR tool
- JDK-8207392: [PPC64] Implement JFR profiling
- JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
- JDK-8209960: -Xlog:jfr* doesn't work with the JFR
- JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
- JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
- JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
- JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
- JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
- JDK-8213421: Line number information for execution samples always 0
- JDK-8213617: JFR should record the PID of the recorded process
- JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
- JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
- JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
- JDK-8213966: The ZGC JFR events should be marked as experimental
- JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
- JDK-8214750: Unnecessary <p> tags in jfr classes
- JDK-8214896: JFR Tool left files behind
- JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
- JDK-8214925: JFR tool fails to execute
- JDK-8215175: Inconsistencies in JFR event metadata
- JDK-8215237: jdk.jfr.Recording javadoc does not compile
- JDK-8215284: Reduce noise induced by periodic task getFileSize()
- JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
- JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
- JDK-8215771: The jfr tool should pretty print reference chains
- JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
- JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
- JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
- JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
- JDK-8216578: Remove unused/obsolete method in JFR code
- JDK-8216995: Clean up JFR command line processing
- JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
- JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
- JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
- JDK-8220293: Deadlock in JFR string pool
- JDK-8223689: Add JFR Thread Sampling Support
- JDK-8223690: Add JFR BiasedLock Event Support
- JDK-8223691: Add JFR G1 Region Type Change Event Support
- JDK-8223692: Add JFR G1 Heap Summary Event Support
- JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
- JDK-8224475: JTextPane does not show images in HTML rendering
- JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
- JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
- JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
- JDK-8226779: [TESTBUG] Test JFR API from Java agent
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
- JDK-8227269: Slow class loading when running with JDWP
- JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
- JDK-8229366: JFR backport allows unchecked writing to memory
- JDK-8229401: Fix JFR code cache test failures
- JDK-8229708: JFR backport code does not initialize
- JDK-8229873: 8229401 broke jdk8u-jfr-incubator
- JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
- JDK-8229899: Make java.io.File.isInvalid() less racy
- JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
- JDK-8230597: Update GIFlib library to the 5.2.1
- JDK-8230707: JFR related tests are failing
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
- JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
- JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
- JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
- JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
- JDK-8231995: two jtreg tests failed after 8229366 is fixed
- JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
- JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
- JDK-8233880: Support compilers with multi-digit major version numbers
- JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
- JDK-8236008: Some backup files were accidentally left in the hotspot tree
- JDK-8236074: Missed package-info
- JDK-8236174: Should update javadoc since tags
- JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
- JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
- JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
- JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
- JDK-8238589: Necessary code cleanup in JFR for JDK8u
- JDK-8238590: Enable JFR by default during compilation in 8u
- JDK-8239055: Wrong implementation of VMState.hasListener
- JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
- JDK-8239479: minimal1 and zero builds are failing
- JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
- JDK-8239867: correct over use of INCLUDE_JFR macro
- JDK-8240375: Disable JFR by default for July 2020 release
- JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
- JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
- JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
- JDK-8241750: x86_32 build failure after JDK-8227269
- JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
- JDK-8242788: Non-PCH build is broken after JDK-8191393
- JDK-8242883: Incomplete backport of JDK-8078268: backport test part
- JDK-8243059: Build fails when --with-vendor-name contains a comma
- JDK-8243474: [TESTBUG] removed three tests of 0 bytes
- JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
- JDK-8244461: [JDK 8u] Build fails with glibc 2.32
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
- JDK-8244777: ClassLoaderStats VM Op uses constant hash value
- JDK-8244843: JapanEraNameCompatTest fails
- JDK-8245167: Top package in method profiling shows null in JMC
- JDK-8246223: Windows build fails after JDK-8227269
- JDK-8246703: [TESTBUG] Add test for JDK-8233197
- JDK-8248399: Build installs jfr binary when JFR is disabled
- JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
Notes on individual issues:
===========================
hotspot/jfr:
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
=========================================================
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
JFR is a low-overhead framework to collect and provide data helpful to
troubleshoot the performance of the OpenJDK runtime and of Java
applications. It consists of a new API to define custom events under
the jdk.jfr namespace and a JMX interface to interact with the
framework. The recording can also be initiated with the application
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
the +XX:EnableTracing feature introduced in JEP 167, providing a more
efficient way to retrieve the same information. For compatibility
reasons, +XX:EnableTracing is still accepted, however no data will be
printed.
While JFR is not built by default upstream, it is included in Red Hat
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
hotspot/runtime:
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
=========================================================================================
JFR will be disabled with a warning message if it is enabled during
CDS dumping. The user will see the following warning message:
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
if JFR is enabled during CDS dumping such as in the following command
line:
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
security-libs/java.security:
JDK-8244167: Removal of Comodo Root CA Certificate
==================================================
The following expired Comodo root CA certificate was removed from the
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
JDK-8244166: Removal of DocuSign Root CA Certificate
====================================================
The following expired DocuSign root CA certificate was removed from
the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
security-libs/javax.crypto:pkcs11:
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
============================================================================================================================
The SunPKCS11 security provider can now be initialized with NSS when
FIPS-enabled external modules are configured in the Security Modules
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
throw a RuntimeException with the message: "FIPS flag set for
non-internal module" when such a library was configured for NSS in
non-FIPS mode.
This change allows the JDK to work properly with recent NSS releases
on GNU/Linux operating systems when the system-wide FIPS policy is
turned on.
Further information can be found in JDK-8238555.
New in release OpenJDK 8u252 (2020-04-14):
===========================================
Live versions of these release notes can be found at:

70
SOURCES/jdk8042159-allow_using_system_installed_lcms2.patch → SOURCES/jdk8042159-allow_using_system_installed_lcms2-jdk.patch
View File

@ -1,59 +1,9 @@
diff -ruN jdk8/common/autoconf/libraries.m4 jdk8/common/autoconf/libraries.m4
--- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500
+++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500
@@ -676,6 +676,46 @@
###############################################################################
#
+ # Check for the lcms2 library
+ #
+
+ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms],
+ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])])
+
+ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile,
+ [ LCMS_FOUND=yes ],
+ [ LCMS_FOUND=no ])
+
+ AC_MSG_CHECKING([for which lcms to use])
+
+ DEFAULT_LCMS=bundled
+
+ #
+ # If user didn't specify, use DEFAULT_LCMS
+ #
+ if test "x${with_lcms}" = "x"; then
+ with_lcms=${DEFAULT_LCMS}
+ fi
+
+ if test "x${with_lcms}" = "xbundled"; then
+ USE_EXTERNAL_LCMS=false
+ AC_MSG_RESULT([bundled])
+ elif test "x${with_lcms}" = "xsystem"; then
+ if test "x${LCMS_FOUND}" = "xyes"; then
+ USE_EXTERNAL_LCMS=true
+ AC_MSG_RESULT([system])
+ else
+ AC_MSG_RESULT([system not found])
+ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!])
+ fi
+ else
+ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled'])
+ fi
+
+ AC_SUBST(USE_EXTERNAL_LCMS)
+
+ ###############################################################################
+ #
# Check for the png library
#
diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.gmk
--- openjdk/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 22:04:38.040440133 -0500
+++ openjdk/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 22:05:11.475356411 -0500
@@ -666,18 +666,35 @@
##########################################################################################
diff --git openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk openjdk/jdk/make/lib/Awt2dLibraries.gmk
--- openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk
+++ openjdk/jdk/make/lib/Awt2dLibraries.gmk
@@ -665,18 +665,35 @@
endif
endif
+LIBLCMS_DIR := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms
+
@ -89,7 +39,7 @@ diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.
CFLAGS_solaris := -xc99=no_lib, \
CFLAGS_windows := -DCMS_IS_WINDOWS_, \
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \
@@ -685,10 +702,10 @@
@@ -684,10 +701,10 @@
$(call SET_SHARED_LIBRARY_ORIGIN), \
LDFLAGS_solaris := /usr/lib$(OPENJDK_TARGET_CPU_ISADIR)/libm.so.2, \
LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \
@ -104,9 +54,9 @@ diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
RC_FLAGS := $(RC_FLAGS) \
-D "JDK_FNAME=lcms.dll" \
diff -r 3d1c3b0b73a3 src/share/native/sun/java2d/cmm/lcms/LCMS.c
--- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c Tue Sep 08 22:31:26 2015 +0300
+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c Thu Oct 15 05:29:28 2015 +0100
diff --git openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
@@ -30,7 +30,7 @@
#include "jni_util.h"
#include "Trace.h"

50
SOURCES/jdk8042159-allow_using_system_installed_lcms2-root.patch Normal file
View File

@ -0,0 +1,50 @@
diff -ruN openjdk/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4
--- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500
+++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500
@@ -676,6 +676,46 @@
###############################################################################
#
+ # Check for the lcms2 library
+ #
+
+ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms],
+ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])])
+
+ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile,
+ [ LCMS_FOUND=yes ],
+ [ LCMS_FOUND=no ])
+
+ AC_MSG_CHECKING([for which lcms to use])
+
+ DEFAULT_LCMS=bundled
+
+ #
+ # If user didn't specify, use DEFAULT_LCMS
+ #
+ if test "x${with_lcms}" = "x"; then
+ with_lcms=${DEFAULT_LCMS}
+ fi
+
+ if test "x${with_lcms}" = "xbundled"; then
+ USE_EXTERNAL_LCMS=false
+ AC_MSG_RESULT([bundled])
+ elif test "x${with_lcms}" = "xsystem"; then
+ if test "x${LCMS_FOUND}" = "xyes"; then
+ USE_EXTERNAL_LCMS=true
+ AC_MSG_RESULT([system])
+ else
+ AC_MSG_RESULT([system not found])
+ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!])
+ fi
+ else
+ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled'])
+ fi
+
+ AC_SUBST(USE_EXTERNAL_LCMS)
+
+ ###############################################################################
+ #
# Check for the png library
#

191
SOURCES/jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch
View File

@ -1,191 +0,0 @@
# HG changeset patch
# User stefank
# Date 1525453613 -3600
# Fri May 04 18:06:53 2018 +0100
# Node ID 07a1135a327362f157955d470fad5df07cc35164
# Parent de79964656fc652f2085dac4fe99bcc128b5a3b1
8062808, PR3548: Turn on the -Wreturn-type warning
Reviewed-by: mgerdin, tschatzl, coleenp, jrose, kbarrett
diff --git openjdk.orig/hotspot/make/linux/makefiles/gcc.make openjdk/hotspot/make/linux/makefiles/gcc.make
--- openjdk.orig/hotspot/make/linux/makefiles/gcc.make
+++ openjdk/hotspot/make/linux/makefiles/gcc.make
@@ -210,7 +210,7 @@
WARNINGS_ARE_ERRORS += -Wno-return-type -Wno-empty-body
endif
-WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wundef -Wunused-function -Wunused-value
+WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wundef -Wunused-function -Wunused-value -Wreturn-type
ifeq ($(USE_CLANG),)
# Since GCC 4.3, -Wconversion has changed its meanings to warn these implicit
diff --git openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
--- openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad
+++ openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
@@ -1250,6 +1250,7 @@
Unimplemented();
+ return 0; // Mute compiler
}
#ifndef PRODUCT
diff --git openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
--- openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
+++ openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
@@ -541,6 +541,7 @@
err.report_and_die();
ShouldNotReachHere();
+ return true; // Mute compiler
}
void os::Linux::init_thread_fpu_state(void) {
diff --git openjdk.orig/hotspot/src/share/vm/classfile/defaultMethods.cpp openjdk/hotspot/src/share/vm/classfile/defaultMethods.cpp
--- openjdk.orig/hotspot/src/share/vm/classfile/defaultMethods.cpp
+++ openjdk/hotspot/src/share/vm/classfile/defaultMethods.cpp
@@ -506,7 +506,7 @@
ss.write((const char*)name->bytes(), name->utf8_length());
ss.write((const char*)signature->bytes(), signature->utf8_length());
ss.print(" is abstract");
- return SymbolTable::new_symbol(ss.base(), (int)ss.size(), CHECK_NULL);
+ return SymbolTable::new_symbol(ss.base(), (int)ss.size(), THREAD);
}
Symbol* MethodFamily::generate_conflicts_message(GrowableArray<Method*>* methods, TRAPS) const {
@@ -521,7 +521,7 @@
ss.print(".");
ss.write((const char*)name->bytes(), name->utf8_length());
}
- return SymbolTable::new_symbol(ss.base(), (int)ss.size(), CHECK_NULL);
+ return SymbolTable::new_symbol(ss.base(), (int)ss.size(), THREAD);
}
diff --git openjdk.orig/hotspot/src/share/vm/classfile/symbolTable.cpp openjdk/hotspot/src/share/vm/classfile/symbolTable.cpp
--- openjdk.orig/hotspot/src/share/vm/classfile/symbolTable.cpp
+++ openjdk/hotspot/src/share/vm/classfile/symbolTable.cpp
@@ -249,7 +249,7 @@
MutexLocker ml(SymbolTable_lock, THREAD);
// Otherwise, add to symbol to table
- return the_table()->basic_add(index, (u1*)name, len, hashValue, true, CHECK_NULL);
+ return the_table()->basic_add(index, (u1*)name, len, hashValue, true, THREAD);
}
Symbol* SymbolTable::lookup(const Symbol* sym, int begin, int end, TRAPS) {
@@ -288,7 +288,7 @@
// Grab SymbolTable_lock first.
MutexLocker ml(SymbolTable_lock, THREAD);
- return the_table()->basic_add(index, (u1*)buffer, len, hashValue, true, CHECK_NULL);
+ return the_table()->basic_add(index, (u1*)buffer, len, hashValue, true, THREAD);
}
Symbol* SymbolTable::lookup_only(const char* name, int len,
diff --git openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
--- openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp
+++ openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
@@ -229,15 +229,15 @@
class_name->as_C_string(),
class_loader.is_null() ? "null" : class_loader->klass()->name()->as_C_string()));
if (FieldType::is_array(class_name)) {
- return resolve_array_class_or_null(class_name, class_loader, protection_domain, CHECK_NULL);
+ return resolve_array_class_or_null(class_name, class_loader, protection_domain, THREAD);
} else if (FieldType::is_obj(class_name)) {
ResourceMark rm(THREAD);
// Ignore wrapping L and ;.
TempNewSymbol name = SymbolTable::new_symbol(class_name->as_C_string() + 1,
class_name->utf8_length() - 2, CHECK_NULL);
- return resolve_instance_class_or_null(name, class_loader, protection_domain, CHECK_NULL);
+ return resolve_instance_class_or_null(name, class_loader, protection_domain, THREAD);
} else {
- return resolve_instance_class_or_null(class_name, class_loader, protection_domain, CHECK_NULL);
+ return resolve_instance_class_or_null(class_name, class_loader, protection_domain, THREAD);
}
}
diff --git openjdk.orig/hotspot/src/share/vm/memory/heapInspection.hpp openjdk/hotspot/src/share/vm/memory/heapInspection.hpp
--- openjdk.orig/hotspot/src/share/vm/memory/heapInspection.hpp
+++ openjdk/hotspot/src/share/vm/memory/heapInspection.hpp
@@ -367,7 +367,7 @@
_csv_format(csv_format), _print_help(print_help),
_print_class_stats(print_class_stats), _columns(columns) {}
void heap_inspection(outputStream* st) NOT_SERVICES_RETURN;
- size_t populate_table(KlassInfoTable* cit, BoolObjectClosure* filter = NULL) NOT_SERVICES_RETURN;
+ size_t populate_table(KlassInfoTable* cit, BoolObjectClosure* filter = NULL) NOT_SERVICES_RETURN_(0);
static void find_instances_at_safepoint(Klass* k, GrowableArray<oop>* result) NOT_SERVICES_RETURN;
private:
void iterate_over_heap(KlassInfoTable* cit, BoolObjectClosure* filter = NULL);
diff --git openjdk.orig/hotspot/src/share/vm/memory/metaspaceShared.hpp openjdk/hotspot/src/share/vm/memory/metaspaceShared.hpp
--- openjdk.orig/hotspot/src/share/vm/memory/metaspaceShared.hpp
+++ openjdk/hotspot/src/share/vm/memory/metaspaceShared.hpp
@@ -93,7 +93,7 @@
static void preload_and_dump(TRAPS) NOT_CDS_RETURN;
static int preload_and_dump(const char * class_list_path,
GrowableArray<Klass*>* class_promote_order,
- TRAPS) NOT_CDS_RETURN;
+ TRAPS) NOT_CDS_RETURN_(0);
static ReservedSpace* shared_rs() {
CDS_ONLY(return _shared_rs);
diff --git openjdk.orig/hotspot/src/share/vm/oops/constantPool.hpp openjdk/hotspot/src/share/vm/oops/constantPool.hpp
--- openjdk.orig/hotspot/src/share/vm/oops/constantPool.hpp
+++ openjdk/hotspot/src/share/vm/oops/constantPool.hpp
@@ -352,7 +352,7 @@
Klass* klass_at(int which, TRAPS) {
constantPoolHandle h_this(THREAD, this);
- return klass_at_impl(h_this, which, CHECK_NULL);
+ return klass_at_impl(h_this, which, THREAD);
}
Symbol* klass_name_at(int which); // Returns the name, w/o resolving.
diff --git openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp openjdk/hotspot/src/share/vm/prims/jvm.cpp
--- openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp
+++ openjdk/hotspot/src/share/vm/prims/jvm.cpp
@@ -4244,7 +4244,7 @@
JVM_DTraceProvider* providers))
JVMWrapper("JVM_DTraceActivate");
return DTraceJSDT::activate(
- version, module_name, providers_count, providers, CHECK_0);
+ version, module_name, providers_count, providers, THREAD);
JVM_END
JVM_ENTRY(jboolean,JVM_DTraceIsProbeEnabled(JNIEnv* env, jmethodID method))
diff --git openjdk.orig/hotspot/src/share/vm/runtime/reflection.cpp openjdk/hotspot/src/share/vm/runtime/reflection.cpp
--- openjdk.orig/hotspot/src/share/vm/runtime/reflection.cpp
+++ openjdk/hotspot/src/share/vm/runtime/reflection.cpp
@@ -1093,7 +1093,7 @@
} else {
if (rtype == T_BOOLEAN || rtype == T_BYTE || rtype == T_CHAR || rtype == T_SHORT)
narrow((jvalue*) result.get_value_addr(), rtype, CHECK_NULL);
- return box((jvalue*) result.get_value_addr(), rtype, CHECK_NULL);
+ return box((jvalue*) result.get_value_addr(), rtype, THREAD);
}
}
diff --git openjdk.orig/hotspot/src/share/vm/runtime/sharedRuntime.cpp openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp
--- openjdk.orig/hotspot/src/share/vm/runtime/sharedRuntime.cpp
+++ openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp
@@ -1046,7 +1046,7 @@
// last java frame on stack (which includes native call frames)
vframeStream vfst(thread, true); // Do not skip and javaCalls
- return find_callee_info_helper(thread, vfst, bc, callinfo, CHECK_(Handle()));
+ return find_callee_info_helper(thread, vfst, bc, callinfo, THREAD);
}
diff --git openjdk.orig/hotspot/src/share/vm/services/memTracker.hpp openjdk/hotspot/src/share/vm/services/memTracker.hpp
--- openjdk.orig/hotspot/src/share/vm/services/memTracker.hpp
+++ openjdk/hotspot/src/share/vm/services/memTracker.hpp
@@ -64,7 +64,7 @@
const NativeCallStack& stack, MEMFLAGS flag = mtNone) { }
static inline void record_virtual_memory_commit(void* addr, size_t size, const NativeCallStack& stack) { }
static inline Tracker get_virtual_memory_uncommit_tracker() { return Tracker(); }
- static inline Tracker get_virtual_memory_release_tracker() { }
+ static inline Tracker get_virtual_memory_release_tracker() { return Tracker(); }
static inline void record_virtual_memory_type(void* addr, MEMFLAGS flag) { }
static inline void record_thread_stack(void* addr, size_t size) { }
static inline void release_thread_stack(void* addr, size_t size) { }

10
SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch
View File

@ -34,12 +34,12 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots
diff --git openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
--- openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
+++ openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
@@ -100,7 +100,7 @@
case T_DOUBLE:
case T_VOID:
@@ -102,7 +102,7 @@
return result;
- default : ShouldNotReachHere();
+ default : ShouldNotReachHere(); return NULL_WORD;
default:
ShouldNotReachHere();
- return result; // silence compiler warnings
+ return NULL_WORD; // silence compiler warnings
}
}

68
SOURCES/jdk8154313-generated_javadoc_scattered_all_over_the_place.patch
View File

@ -1,68 +0,0 @@
--- jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.069477682 +0200
+++ jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.014477059 +0200
@@ -220,6 +220,12 @@
JRE_API_DOCSDIR = $(DOCSDIR)/jre/api
PLATFORM_DOCSDIR = $(DOCSDIR)/platform
+
+JAVADOC_ARCHIVE_NAME := jdk-$(FULL_VERSION)-docs.zip
+JAVADOC_ARCHIVE_ASSEMBLY_DIR := $(DOCSTMPDIR)/zip-docs
+JAVADOC_ARCHIVE_DIR := $(OUTPUT_ROOT)/bundles
+JAVADOC_ARCHIVE := $(JAVADOC_ARCHIVE_DIR)/$(JAVADOC_ARCHIVE_NAME)
+
# The non-core api javadocs need to be able to access the root of the core
# api directory, so for jdk/api or jre/api to get to the core api/
# directory we would use this:
@@ -319,6 +325,37 @@
all: docs
docs: coredocs otherdocs
+#
+# Optional target which bundles all generated javadocs into a zip
+# archive. The dependency on docs is handled in Main.gmk. Incremental
+# building of docs is currently broken so if you invoke zip-docs after
+# docs, the docs are always rebuilt.
+#
+
+zip-docs: $(JAVADOC_ARCHIVE)
+
+#
+# Add the core docs as prerequisite to the archive to trigger a rebuild
+# if the core docs were rebuilt. Ideally any doc rebuild should trigger
+# this, but the way prerequisites are currently setup in this file, that
+# is hard to achieve.
+#
+
+$(JAVADOC_ARCHIVE): $(COREAPI_INDEX_FILE)
+ @$(ECHO) "Compressing javadoc to single $(JAVADOC_ARCHIVE_NAME)" ;
+ $(MKDIR) -p $(JAVADOC_ARCHIVE_DIR) ;
+ $(RM) -r $(JAVADOC_ARCHIVE_ASSEMBLY_DIR) ;
+ $(MKDIR) -p $(JAVADOC_ARCHIVE_ASSEMBLY_DIR);
+ all_roots=`$(FIND) $(DOCSDIR) | $(GREP) index.html `; \
+ pushd $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); \
+ for index_file in $${all_roots} ; do \
+ target_dir=`dirname $${index_file}`; \
+ name=`$(ECHO) $${target_dir} | $(SED) "s;/spec;;" | $(SED) "s;.*/;;"`; \
+ $(LN) -s $${target_dir} $${name}; \
+ done; \
+ $(ZIP) -q -r $(JAVADOC_ARCHIVE) * ; \
+ popd ;
+
#################################################################
# Production Targets -- USE THESE TARGETS WHEN:
# a) You're generating docs outside of release engineering's
--- jdk8/make/Main.gmk 2016-04-01 16:53:41.311480424 +0200
+++ jdk8/make/Main.gmk 2016-04-01 16:53:41.266479914 +0200
@@ -165,6 +165,12 @@
@($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk docs)
@$(call TargetExit)
+zip-docs: docs zip-docs-only
+zip-docs-only: start-make
+ @$(call TargetEnter)
+ @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk zip-docs)
+ @$(call TargetExit)
+
sign-jars: jdk sign-jars-only
sign-jars-only: start-make
@$(call TargetEnter)

257
SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch
View File

@ -1,257 +0,0 @@
# HG changeset patch
# User weijun
# Date 1513099798 -28800
# Wed Dec 13 01:29:58 2017 +0800
# Node ID aa8f2e25f003feddf362892b2820fa2839c854b6
# Parent 9ebb70cb99a472b5fee9ac08240b7979468c2fa5
8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
Reviewed-by: weijun
Contributed-by: Martin Balao <mbalao@redhat.com>
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
@@ -196,13 +196,23 @@
}
if (configDir != null) {
- File configBase = new File(configDir);
- if (configBase.isDirectory() == false ) {
- throw new IOException("configDir must be a directory: " + configDir);
+ String configDirPath = null;
+ String sqlPrefix = "sql:/";
+ if (!configDir.startsWith(sqlPrefix)) {
+ configDirPath = configDir;
+ } else {
+ StringBuilder configDirPathSB = new StringBuilder(configDir);
+ configDirPath = configDirPathSB.substring(sqlPrefix.length());
}
- File secmodFile = new File(configBase, "secmod.db");
- if (secmodFile.isFile() == false) {
- throw new FileNotFoundException(secmodFile.getPath());
+ File configBase = new File(configDirPath);
+ if (configBase.isDirectory() == false ) {
+ throw new IOException("configDir must be a directory: " + configDirPath);
+ }
+ if (!configDir.startsWith(sqlPrefix)) {
+ File secmodFile = new File(configBase, "secmod.db");
+ if (secmodFile.isFile() == false) {
+ throw new FileNotFoundException(secmodFile.getPath());
+ }
}
}
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
@@ -0,0 +1,8 @@
+// How to create key4.db and cert9.db
+cd <path-for-db>
+echo "" > 1
+echo "test12" > 2
+modutil -create -force -dbdir sql:/$(pwd)
+modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/$(pwd)
+modutil -changepw "NSS Certificate DB" -force -dbdir sql:/$(pwd) -pwfile $(pwd)/1 -newpwfile $(pwd)/2
+
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8165996
+ * @summary Test NSS DB Sqlite
+ * @library ../
+ * @modules java.base/sun.security.rsa
+ * java.base/sun.security.provider
+ * java.base/sun.security.jca
+ * java.base/sun.security.tools.keytool
+ * java.base/sun.security.x509
+ * java.base/com.sun.crypto.provider
+ * jdk.crypto.cryptoki/sun.security.pkcs11:+open
+ * @run main/othervm/timeout=120 TestNssDbSqlite
+ * @author Martin Balao (mbalao@redhat.com)
+ */
+
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.Signature;
+
+import sun.security.rsa.SunRsaSign;
+import sun.security.jca.ProviderList;
+import sun.security.jca.Providers;
+import sun.security.tools.keytool.CertAndKeyGen;
+import sun.security.x509.X500Name;
+
+public final class TestNssDbSqlite extends SecmodTest {
+
+ private static final boolean enableDebug = true;
+
+ private static Provider sunPKCS11NSSProvider;
+ private static Provider sunRsaSignProvider;
+ private static Provider sunJCEProvider;
+ private static KeyStore ks;
+ private static char[] passphrase = "test12".toCharArray();
+ private static PrivateKey privateKey;
+ private static Certificate certificate;
+
+ public static void main(String[] args) throws Exception {
+
+ initialize();
+
+ if (enableDebug) {
+ System.out.println("SunPKCS11 provider: " +
+ sunPKCS11NSSProvider);
+ }
+
+ testRetrieveKeysFromKeystore();
+
+ System.out.println("Test PASS - OK");
+ }
+
+ private static void testRetrieveKeysFromKeystore() throws Exception {
+
+ String plainText = "known plain text";
+
+ ks.setKeyEntry("root_ca_1", privateKey, passphrase,
+ new Certificate[]{certificate});
+ PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
+
+ Signature sS = Signature.getInstance(
+ "SHA256withRSA", sunPKCS11NSSProvider);
+ sS.initSign(k1);
+ sS.update(plainText.getBytes());
+ byte[] generatedSignature = sS.sign();
+
+ if (enableDebug) {
+ System.out.println("Generated signature: ");
+ for (byte b : generatedSignature) {
+ System.out.printf("0x%02x, ", (int)(b) & 0xFF);
+ }
+ System.out.println("");
+ }
+
+ Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
+ sV.initVerify(certificate);
+ sV.update(plainText.getBytes());
+ if(!sV.verify(generatedSignature)){
+ throw new Exception("Couldn't verify signature");
+ }
+ }
+
+ private static void initialize() throws Exception {
+ initializeProvider();
+ }
+
+ private static void initializeProvider () throws Exception {
+ useSqlite(true);
+ if (!initSecmod()) {
+ return;
+ }
+
+ sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
+ sunJCEProvider = new com.sun.crypto.provider.SunJCE();
+ sunRsaSignProvider = new SunRsaSign();
+ Providers.setProviderList(ProviderList.newList(
+ sunJCEProvider, sunPKCS11NSSProvider,
+ new sun.security.provider.Sun(), sunRsaSignProvider));
+
+ ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
+ ks.load(null, passphrase);
+
+ CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
+ gen.generate(2048);
+ privateKey = gen.getPrivateKey();
+ certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
+ }
+}
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
@@ -0,0 +1,13 @@
+# config file for secmod KeyStore access using sqlite backend
+
+name = NSS-Sqlite
+
+nssLibraryDirectory = ${pkcs11test.nss.libdir}
+
+nssDbMode = readWrite
+
+nssModule = keystore
+
+nssSecmodDirectory = ${pkcs11test.nss.db}
+
+attributes = compatibility
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
@@ -34,6 +34,11 @@
static String DBDIR;
static char[] password = "test12".toCharArray();
static String keyAlias = "mykey";
+ static boolean useSqlite = false;
+
+ static void useSqlite(boolean b) {
+ useSqlite = b;
+ }
static boolean initSecmod() throws Exception {
useNSS();
@@ -49,14 +54,24 @@
safeReload(LIBPATH + System.mapLibraryName("nssckbi"));
DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
- System.setProperty("pkcs11test.nss.db", DBDIR);
+ if (useSqlite) {
+ System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
+ } else {
+ System.setProperty("pkcs11test.nss.db", DBDIR);
+ }
File dbdirFile = new File(DBDIR);
if (dbdirFile.exists() == false) {
dbdirFile.mkdir();
}
- copyFile("secmod.db", BASE, DBDIR);
- copyFile("key3.db", BASE, DBDIR);
- copyFile("cert8.db", BASE, DBDIR);
+
+ if (useSqlite) {
+ copyFile("key4.db", BASE, DBDIR);
+ copyFile("cert9.db", BASE, DBDIR);
+ } else {
+ copyFile("secmod.db", BASE, DBDIR);
+ copyFile("key3.db", BASE, DBDIR);
+ copyFile("cert8.db", BASE, DBDIR);
+ }
return true;
}

32
SOURCES/jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch
View File

@ -1,32 +0,0 @@
# HG changeset patch
# User andrew
# Date 1518667645 0
# Thu Feb 15 04:07:25 2018 +0000
# Node ID 1d35411eb7bdf16191e220ffe3b1dc4d5d0c6041
# Parent 999983606f5c61b093c6f6316a7b26c4cd4ca79e
8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8
Summary: Fix issue discovered by -Wreturn-type on systems without LP64.
Reviewed-by: aph
diff --git openjdk.orig/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp
--- openjdk.orig/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp
+++ openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp
@@ -457,6 +457,7 @@
long long unsigned int oldval,
long long unsigned int newval) {
ShouldNotCallThis();
+ return 0;
}
};
#endif // !_LP64
diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
--- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
+++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
@@ -498,6 +498,7 @@
long long unsigned int oldval,
long long unsigned int newval) {
ShouldNotCallThis();
+ return 0;
}
};
#endif // !_LP64

22
SOURCES/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
View File

@ -319,3 +319,25 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotsp
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize);
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
@@ -41,7 +41,7 @@
}
size_t G1CMObjArrayProcessor::process_array_slice(objArrayOop obj, HeapWord* start_from, size_t remaining) {
- size_t words_to_scan = MIN2(remaining, ObjArrayMarkingStride);
+ size_t words_to_scan = MIN2(remaining, (size_t) ObjArrayMarkingStride);
if (remaining > ObjArrayMarkingStride) {
push_array_slice(start_from + ObjArrayMarkingStride);
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
@@ -150,5 +150,5 @@
return value;
}
- return (size_t)1 << (log2_intptr(value) + 1);
+ return (size_t)1 << (log2_intptr((uintptr_t) value) + 1);
}

19
SOURCES/pr3519-fix_further_functions_with_a_missing_return_value.patch
View File

@ -1,19 +0,0 @@
# HG changeset patch
# User andrew
# Date 1518669922 0
# Thu Feb 15 04:45:22 2018 +0000
# Node ID adaf109718c10888cce5b6e73af7f3e15a7ab0db
# Parent 3ade0115344b77e6d00462044e0cf68722685bfe
PR3519: Fix further functions with a missing return value.
diff --git openjdk.orig/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp openjdk/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp
--- openjdk.orig/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp
+++ openjdk/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp
@@ -205,6 +205,7 @@
return Address(base, tmp, Address::lsl(addr->scale()));
}
}
+ return Address();
}
Address LIR_Assembler::as_Address_hi(LIR_Address* addr) {

2
SOURCES/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch
View File

@ -32,7 +32,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupT
- " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " UINTX_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n"
+ " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " SIZE_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n"
" [Resize Count: " UINTX_FORMAT ", Shrink Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS "), Grow Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS ")]\n"
" [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: 0x%x]\n"
" [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: " UINT64_FORMAT "]\n"
" [Age Threshold: " UINTX_FORMAT "]",
diff --git openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp openjdk/hotspot/src/share/vm/memory/blockOffsetTable.cpp
--- openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp

38
SOURCES/pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
View File

@ -1,38 +0,0 @@
# HG changeset patch
# User andrew
# Date 1529475043 -3600
# Wed Jun 20 07:10:43 2018 +0100
# Node ID f6341f4635dacb56678264d29a88cd052b74036b
# Parent 30520d5018b509b0ae68f5fcc9a5c540e3e5b2de
PR3601: Fix additional -Wreturn-type issues introduced by 8061651
diff --git openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp openjdk/hotspot/src/share/vm/prims/jvm.cpp
--- openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp
+++ openjdk/hotspot/src/share/vm/prims/jvm.cpp
@@ -835,7 +835,7 @@
JVM_ENTRY(jboolean, JVM_KnownToNotExist(JNIEnv *env, jobject loader, const char *classname))
JVMWrapper("JVM_KnownToNotExist");
#if INCLUDE_CDS
- return ClassLoaderExt::known_to_not_exist(env, loader, classname, CHECK_(false));
+ return ClassLoaderExt::known_to_not_exist(env, loader, classname, THREAD);
#else
return false;
#endif
@@ -845,7 +845,7 @@
JVM_ENTRY(jobjectArray, JVM_GetResourceLookupCacheURLs(JNIEnv *env, jobject loader))
JVMWrapper("JVM_GetResourceLookupCacheURLs");
#if INCLUDE_CDS
- return ClassLoaderExt::get_lookup_cache_urls(env, loader, CHECK_NULL);
+ return ClassLoaderExt::get_lookup_cache_urls(env, loader, THREAD);
#else
return NULL;
#endif
@@ -855,7 +855,7 @@
JVM_ENTRY(jintArray, JVM_GetResourceLookupCache(JNIEnv *env, jobject loader, const char *resource_name))
JVMWrapper("JVM_GetResourceLookupCache");
#if INCLUDE_CDS
- return ClassLoaderExt::get_lookup_cache(env, loader, resource_name, CHECK_NULL);
+ return ClassLoaderExt::get_lookup_cache(env, loader, resource_name, THREAD);
#else
return NULL;
#endif

44
SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass.patch
View File

@ -1,44 +0,0 @@
diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp
+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp
@@ -103,6 +103,8 @@
# include <inttypes.h>
# include <sys/ioctl.h>
+#include <sys/prctl.h>
+
PRAGMA_FORMAT_MUTE_WARNINGS_FOR_GCC
#ifndef _GNU_SOURCE
@@ -4997,6 +4999,31 @@
}
}
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+#define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+#define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+# undef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+# undef PR_SPEC_NOT_AFFECTED
+# undef PR_SPEC_PRCTL
+# undef PR_SPEC_ENABLE
+# undef PR_SPEC_DISABLE
+# define PR_SPEC_NOT_AFFECTED 0
+# define PR_SPEC_PRCTL (1UL << 0)
+# define PR_SPEC_ENABLE (1UL << 1)
+# define PR_SPEC_DISABLE (1UL << 2)
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
// this is called _before_ most of the global arguments have been parsed
void os::init(void) {
char dummy; /* used to get a guess on initial stack address */

54
SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
View File

@ -1,54 +0,0 @@
diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp
+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp
@@ -5001,26 +5001,43 @@
/* Per task speculation control */
#ifndef PR_GET_SPECULATION_CTRL
-#define PR_GET_SPECULATION_CTRL 52
+# define PR_GET_SPECULATION_CTRL 52
#endif
#ifndef PR_SET_SPECULATION_CTRL
-#define PR_SET_SPECULATION_CTRL 53
+# define PR_SET_SPECULATION_CTRL 53
#endif
/* Speculation control variants */
-# undef PR_SPEC_STORE_BYPASS
+#ifndef PR_SPEC_STORE_BYPASS
# define PR_SPEC_STORE_BYPASS 0
+#endif
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
-# undef PR_SPEC_NOT_AFFECTED
-# undef PR_SPEC_PRCTL
-# undef PR_SPEC_ENABLE
-# undef PR_SPEC_DISABLE
+
+#ifndef PR_SPEC_NOT_AFFECTED
# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
static void set_speculation() __attribute__((constructor));
static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
}

12
SOURCES/rh1582504-rsa_default_for_keytool.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
@@ -1004,7 +1004,7 @@
}
} else if (command == GENKEYPAIR) {
if (keyAlgName == null) {
- keyAlgName = "DSA";
+ keyAlgName = "RSA";
}
doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName);
kssave = true;

128
SOURCES/rh1750419-redhat_alt_java.patch Normal file
View File

@ -0,0 +1,128 @@
diff --git openjdk.orig/jdk/make/CompileLaunchers.gmk openjdk/jdk/make/CompileLaunchers.gmk
--- openjdk.orig/jdk/make/CompileLaunchers.gmk
+++ openjdk/jdk/make/CompileLaunchers.gmk
@@ -255,6 +255,32 @@
endif
endif
+$(eval $(call SetupLauncher,alt-java, \
+ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \
+ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
+ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
+
+$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX): $(BUILD_LAUNCHER_alt-java)
+ $(MKDIR) -p $(@D)
+ $(RM) $@
+ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) $@
+
+$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT): $(BUILD_LAUNCHER_alt-java)
+ $(MKDIR) -p $(@D)
+ $(RM) $@
+ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT) $@
+
+ifeq ($(OPENJDK_TARGET_OS), linux)
+ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX)
+ ifeq ($(ENABLE_DEBUG_SYMBOLS), true)
+ ifneq ($(POST_STRIP_CMD), )
+ ifneq ($(STRIP_POLICY), no_strip)
+ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT)
+ endif
+ endif
+ endif
+endif
+
ifeq ($(OPENJDK_TARGET_OS), windows)
$(eval $(call SetupLauncher,javaw, \
-DJAVAW -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \
diff --git openjdk.orig/jdk/src/share/bin/alt_main.h openjdk/jdk/src/share/bin/alt_main.h
new file mode 100644
--- /dev/null
+++ openjdk/jdk/src/share/bin/alt_main.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#ifdef REDHAT_ALT_JAVA
+
+#include <sys/prctl.h>
+
+
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+# define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+# define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+#ifndef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+#endif
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+
+#ifndef PR_SPEC_NOT_AFFECTED
+# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
+# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
+# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
+# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
+#endif // REDHAT_ALT_JAVA
diff --git openjdk.orig/jdk/src/share/bin/main.c openjdk/jdk/src/share/bin/main.c
--- openjdk.orig/jdk/src/share/bin/main.c
+++ openjdk/jdk/src/share/bin/main.c
@@ -32,6 +32,10 @@
#include "defines.h"
+#if defined(linux) && defined(__x86_64)
+#include "alt_main.h"
+#endif
+
#ifdef _MSC_VER
#if _MSC_VER > 1400 && _MSC_VER < 1600

327
SOURCES/rh1860986-disable_tlsv1.3_in_fips_mode.patch Normal file
View File

@ -0,0 +1,327 @@
diff -r bbc65dfa59d1 src/share/classes/java/security/SystemConfigurator.java
--- openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Sat Aug 01 23:16:51 2020 -0300
@@ -1,11 +1,13 @@
/*
- * Copyright (c) 2019, Red Hat, Inc.
+ * Copyright (c) 2019, 2020, Red Hat, Inc.
*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
@@ -34,10 +36,10 @@
import java.util.Iterator;
import java.util.Map.Entry;
import java.util.Properties;
-import java.util.function.Consumer;
-import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecuritySystemConfiguratorAccess;
import sun.security.util.Debug;
/**
@@ -47,7 +49,7 @@
*
*/
-class SystemConfigurator {
+final class SystemConfigurator {
private static final Debug sdebug =
Debug.getInstance("properties");
@@ -61,15 +63,16 @@
private static final String CRYPTO_POLICIES_CONFIG =
CRYPTO_POLICIES_BASE_DIR + "/config";
- private static final class SecurityProviderInfo {
- int number;
- String key;
- String value;
- SecurityProviderInfo(int number, String key, String value) {
- this.number = number;
- this.key = key;
- this.value = value;
- }
+ private static boolean systemFipsEnabled = false;
+
+ static {
+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
+ new JavaSecuritySystemConfiguratorAccess() {
+ @Override
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
+ });
}
/*
@@ -128,9 +131,9 @@
String nonFipsKeystoreType = props.getProperty("keystore.type");
props.put("keystore.type", keystoreTypeValue);
if (keystoreTypeValue.equals("PKCS11")) {
- // If keystore.type is PKCS11, javax.net.ssl.keyStore
- // must be "NONE". See JDK-8238264.
- System.setProperty("javax.net.ssl.keyStore", "NONE");
+ // If keystore.type is PKCS11, javax.net.ssl.keyStore
+ // must be "NONE". See JDK-8238264.
+ System.setProperty("javax.net.ssl.keyStore", "NONE");
}
if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
// If no trustStoreType has been set, use the
@@ -144,12 +147,13 @@
sdebug.println("FIPS mode default keystore.type = " +
keystoreTypeValue);
sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
- System.getProperty("javax.net.ssl.keyStore", ""));
+ System.getProperty("javax.net.ssl.keyStore", ""));
sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
System.getProperty("javax.net.ssl.trustStoreType", ""));
}
}
loadedProps = true;
+ systemFipsEnabled = true;
}
} catch (Exception e) {
if (sdebug != null) {
@@ -165,20 +165,37 @@
return loadedProps;
}
+ /**
+ * Returns whether or not global system FIPS alignment is enabled.
+ *
+ * Value is always 'false' before java.security.Security class is
+ * initialized.
+ *
+ * Call from out of this package through SharedSecrets:
+ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ * .isSystemFipsEnabled();
+ *
+ * @return a boolean value indicating whether or not global
+ * system FIPS alignment is enabled.
+ */
+ static boolean isSystemFipsEnabled() {
+ return systemFipsEnabled;
+ }
+
/*
* FIPS is enabled only if crypto-policies are set to "FIPS"
* and the com.redhat.fips property is true.
*/
private static boolean enableFips() throws Exception {
- boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
- if (fipsEnabled) {
- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
- return pattern.matcher(cryptoPoliciesConfig).find();
- } else {
- return false;
- }
+ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (shouldEnable) {
+ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+ return pattern.matcher(cryptoPoliciesConfig).find();
+ } else {
+ return false;
+ }
}
}
diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
new file mode 100644
--- /dev/null
+++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2020, Red Hat, Inc.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.misc;
+
+public interface JavaSecuritySystemConfiguratorAccess {
+ boolean isSystemFipsEnabled();
+}
diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
+++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
@@ -63,6 +63,7 @@
private static JavaObjectInputStreamReadString javaObjectInputStreamReadString;
private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
+ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
@@ -248,4 +249,12 @@
}
return javaxCryptoSealedObjectAccess;
}
+
+ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
+ javaSecuritySystemConfiguratorAccess = jssca;
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
+ return javaSecuritySystemConfiguratorAccess;
+ }
}
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -31,6 +31,7 @@
import java.security.cert.*;
import java.util.*;
import javax.net.ssl.*;
+import sun.misc.SharedSecrets;
import sun.security.action.GetPropertyAction;
import sun.security.provider.certpath.AlgorithmChecker;
import sun.security.validator.Validator;
@@ -539,20 +540,38 @@
static {
if (SunJSSE.isFIPS()) {
- supportedProtocols = Arrays.asList(
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- );
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ supportedProtocols = Arrays.asList(
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ );
- serverDefaultProtocols = getAvailableProtocols(
- new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- });
+ serverDefaultProtocols = getAvailableProtocols(
+ new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ });
+ } else {
+ supportedProtocols = Arrays.asList(
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ );
+
+ serverDefaultProtocols = getAvailableProtocols(
+ new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ });
+ }
} else {
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
@@ -612,6 +631,16 @@
static ProtocolVersion[] getSupportedProtocols() {
if (SunJSSE.isFIPS()) {
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ return new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ }
return new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
@@ -939,6 +968,16 @@
static ProtocolVersion[] getProtocols() {
if (SunJSSE.isFIPS()) {
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ return new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ }
return new ProtocolVersion[]{
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
@@ -30,6 +30,8 @@
import java.security.*;
+import sun.misc.SharedSecrets;
+
/**
* The JSSE provider.
*
@@ -215,8 +217,13 @@
"sun.security.ssl.SSLContextImpl$TLS11Context");
put("SSLContext.TLSv1.2",
"sun.security.ssl.SSLContextImpl$TLS12Context");
- put("SSLContext.TLSv1.3",
- "sun.security.ssl.SSLContextImpl$TLS13Context");
+ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ put("SSLContext.TLSv1.3",
+ "sun.security.ssl.SSLContextImpl$TLS13Context");
+ }
put("SSLContext.TLS",
"sun.security.ssl.SSLContextImpl$TLSContext");
if (isfips == false) {

20
SOURCES/rh1868759-pkcs11_cancel_on_failure.patch Normal file
View File

@ -0,0 +1,20 @@
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 06:57:19 2020 +0100
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:56:48 2020 -0300
@@ -627,7 +627,7 @@
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
- reset(false);
+ reset(true);
throw new ProviderException("update() failed", e);
}
}
@@ -745,7 +745,7 @@
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
- reset(false);
+ reset(true);
throw new ProviderException("update() failed", e);
}
}

65
SOURCES/rh1906862-always_initialise_configurator_access.patch Normal file
View File

@ -0,0 +1,65 @@
# HG changeset patch
# User andrew
# Date 1608219816 0
# Thu Dec 17 15:43:36 2020 +0000
# Node ID db5d1b28bfce04352b3a48960bf836f6eb20804b
# Parent a2cfa397150e99b813354226d536eb8509b5850b
RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
@@ -30,6 +30,8 @@
import java.util.concurrent.ConcurrentHashMap;
import java.io.*;
import java.net.URL;
+import sun.misc.SharedSecrets;
+import sun.misc.JavaSecuritySystemConfiguratorAccess;
import sun.security.util.Debug;
import sun.security.util.PropertyExpander;
@@ -69,6 +71,15 @@
}
static {
+ // Initialise here as used by code with system properties disabled
+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
+ new JavaSecuritySystemConfiguratorAccess() {
+ @Override
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
+ });
+
// doPrivileged here because there are multiple
// things in initialize that might require privs.
// (the FileInputStream call and the File.exists call,
diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
@@ -39,8 +39,6 @@
import java.util.Properties;
import java.util.regex.Pattern;
-import sun.misc.SharedSecrets;
-import sun.misc.JavaSecuritySystemConfiguratorAccess;
import sun.security.util.Debug;
/**
@@ -66,16 +64,6 @@
private static boolean systemFipsEnabled = false;
- static {
- SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
- new JavaSecuritySystemConfiguratorAccess() {
- @Override
- public boolean isSystemFipsEnabled() {
- return SystemConfigurator.isSystemFipsEnabled();
- }
- });
- }
-
/*
* Invoked when java.security.Security class is initialized, if
* java.security.disableSystemPropertiesFile property is not set and

511
SPECS/java-1.8.0-openjdk.spec
View File

@ -62,7 +62,7 @@
%global multilib_arches %{power64} sparc64 x86_64
%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
%global jfr_arches x86_64 sparcv9 sparc64 %{aarch64} ${power64}
%global jfr_arches %{jit_arches}
%global fastdebug_arches x86_64
# By default, we build a debug build during main build on JIT architectures
@ -113,11 +113,8 @@
%global bootstrap_build 1
%endif
%if %{bootstrap_build}
%global release_targets bootcycle-images zip-docs
%else
%global release_targets images zip-docs
%endif
%global bootstrap_targets images
%global release_targets images docs-zip
# No docs nor bootcycle for debug builds
%global debug_targets images
@ -228,10 +225,31 @@
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
# Define vendor information used by OpenJDK
%global oj_vendor Red Hat, Inc.
%global oj_vendor_url "https://www.redhat.com/"
# Define what url should JVM offer in case of a crash report
# order may be important, epel may have rhel declared
%if 0%{?epel}
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel}
%else
%if 0%{?fedora}
# Does not work for rawhide, keeps the version field empty
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
%else
%if 0%{?rhel}
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
%else
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
%endif
%endif
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
%global shenandoah_revision aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20
%global shenandoah_revision aarch64-shenandoah-jdk8u282-b08
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@ -247,12 +265,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 2
%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 0
%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@ -275,7 +293,7 @@
# images stub
%global jdkimage j2sdk-image
# output dir stub
%define buildoutputdir() %{expand:%{top_level_dir_name}/build/jdk8.build%{?1}}
%define buildoutputdir() %{expand:build/jdk8.build%{?1}}
# we can copy the javadoc to not arched dir, or make it not noarch
%define uniquejavadocdir() %{expand:%{fullversion}%{?1}}
# main id and dir of this jdk
@ -290,6 +308,7 @@
%define jredir() %{expand:%{sdkdir -- %{?1}}/jre}
%define sdkbindir() %{expand:%{_jvmdir}/%{sdkdir -- %{?1}}/bin}
%define jrebindir() %{expand:%{_jvmdir}/%{jredir -- %{?1}}/bin}
%global alt_java_name alt-java
%global rpm_state_dir %{_localstatedir}/lib/rpm-state/
@ -336,6 +355,7 @@ ext=.gz
alternatives \\
--install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
--slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\
--slave %{_bindir}/orbd orbd %{jrebindir -- %{?1}}/orbd \\
@ -348,6 +368,8 @@ alternatives \\
--slave %{_bindir}/unpack200 unpack200 %{jrebindir -- %{?1}}/unpack200 \\
--slave %{_mandir}/man1/java.1$ext java.1$ext \\
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/%{alt_java_name}.1$ext %{alt_java_name}.1$ext \\
%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/jjs.1$ext jjs.1$ext \\
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/keytool.1$ext keytool.1$ext \\
@ -436,7 +458,9 @@ alternatives \\
--slave %{_bindir}/jconsole jconsole %{sdkbindir -- %{?1}}/jconsole \\
--slave %{_bindir}/jdb jdb %{sdkbindir -- %{?1}}/jdb \\
--slave %{_bindir}/jdeps jdeps %{sdkbindir -- %{?1}}/jdeps \\
%ifarch %{jfr_arches}
--slave %{_bindir}/jfr jfr %{sdkbindir -- %{?1}}/jfr \\
%endif
--slave %{_bindir}/jhat jhat %{sdkbindir -- %{?1}}/jhat \\
--slave %{_bindir}/jinfo jinfo %{sdkbindir -- %{?1}}/jinfo \\
--slave %{_bindir}/jmap jmap %{sdkbindir -- %{?1}}/jmap \\
@ -595,9 +619,9 @@ exit 0
%defattr(-,root,root,-)
%dir %{_sysconfdir}/.java/.systemPrefs
%dir %{_sysconfdir}/.java
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/THIRD_PARTY_README
%license %{_jvmdir}/%{jredir -- %{?1}}/ASSEMBLY_EXCEPTION
%license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE
%license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
%dir %{_jvmdir}/%{sdkdir -- %{?1}}
%{_jvmdir}/%{jrelnk -- %{?1}}
@ -607,6 +631,7 @@ exit 0
%dir %{_jvmdir}/%{jredir -- %{?1}}/bin
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib
%{_jvmdir}/%{jredir -- %{?1}}/bin/java
%{_jvmdir}/%{jredir -- %{?1}}/bin/%{alt_java_name}
%{_jvmdir}/%{jredir -- %{?1}}/bin/jjs
%{_jvmdir}/%{jredir -- %{?1}}/bin/keytool
%{_jvmdir}/%{jredir -- %{?1}}/bin/orbd
@ -638,6 +663,7 @@ exit 0
%{_jvmdir}/%{jredir -- %{?1}}/lib/logging.properties
%{_jvmdir}/%{jredir -- %{?1}}/lib/calendars.properties
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/orbd-%{uniquesuffix -- %{?1}}.1*
@ -754,9 +780,9 @@ exit 0
%define files_devel() %{expand:
%defattr(-,root,root,-)
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/ASSEMBLY_EXCEPTION
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/LICENSE
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/THIRD_PARTY_README
%license %{_jvmdir}/%{sdkdir -- %{?1}}/ASSEMBLY_EXCEPTION
%license %{_jvmdir}/%{sdkdir -- %{?1}}/LICENSE
%license %{_jvmdir}/%{sdkdir -- %{?1}}/THIRD_PARTY_README
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/bin
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/include
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib
@ -768,6 +794,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jar
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jarsigner
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/java
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/%{alt_java_name}
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javac
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javadoc
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javah
@ -777,7 +804,9 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jconsole
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdb
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeps
%ifarch %{jfr_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jfr
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhat
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jjs
@ -918,8 +947,9 @@ Provides: java%{?1} = %{epoch}:%{javaver}
Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
Requires: tzdata-java >= 2015d
# Require zoneinfo data provided by tzdata-java subpackage.
# 2020b required as of JDK-8254177 in October CPU
Requires: tzdata-java >= 2020b
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
@ -1109,6 +1139,9 @@ Source20: repackReproduciblePolycies.sh
Source100: config.guess
Source101: config.sub
# Ensure vendor settings are correct
Source16: CheckVendor.java
############################################
#
# RPM/distribution specific patches
@ -1127,10 +1160,18 @@ Patch3: rh1648644-java_access_bridge_privileged_security.patch
Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch
# RH1648249: Add PKCS11 provider to java.security
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
Patch1003: rh1582504-rsa_default_for_keytool.patch
# FIPS support patches
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
Patch1001: rh1655466-global_crypto_and_fips.patch
# RH1760838: No ciphersuites available for SSLSocket in FIPS mode
Patch1002: rh1760838-fips_default_keystore_type.patch
# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
Patch1005: rh1906862-always_initialise_configurator_access.patch
#############################################
#
@ -1150,8 +1191,6 @@ Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch
Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
# PR3083, RH1346460: Regression in SSL debug output without an ECC provider
Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
# PR3601: Fix additional -Wreturn-type issues introduced by 8061651
Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
@ -1159,9 +1198,10 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav
Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# PR3655: Allow use of system crypto policy to be disabled by the user
Patch401: pr3655-toggle_system_crypto_policy.patch
# RH1566890: CVE-2018-3639
Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
# RH1868759: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer
Patch540: rh1868759-pkcs11_cancel_on_failure.patch
# enable build of speculative store bypass hardened alt-java
Patch600: rh1750419-redhat_alt_java.patch
#############################################
#
@ -1178,8 +1218,6 @@ Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch
# x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround)
Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
# AArch64: PR3519: Fix further functions with a missing return value (AArch64)
Patch106: pr3519-fix_further_functions_with_a_missing_return_value.patch
# S390 ambiguous log2_intptr calls
Patch107: s390-8214206_fix.patch
@ -1195,31 +1233,23 @@ Patch107: s390-8214206_fix.patch
# S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary
# This fixes printf warnings that lead to build failure with -Werror=format-security from optflags
Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch
# S8154313: Generated javadoc scattered all over the place
Patch578: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch
# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch
# 8143245, PR3548: Zero build requires disabled warnings
Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch
# 8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8
Patch575: jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch
# 8062808, PR3548: Turn on the -Wreturn-type warning
Patch577: jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch
# s390: JDK-8203030, Type fixing for s390
Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
# 8035341: Allow using a system installed libpng
Patch202: jdk8035341-allow_using_system_installed_libpng.patch
# 8042159: Allow using a system-installed lcms2
Patch203: jdk8042159-allow_using_system_installed_lcms2.patch
# JDK-8165996, PR3506, RH1760437: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
# RPM version excludes binary diffs and a patch to PKCS11Test.java which creates a lengthy bug trail
Patch579: jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch
Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
#############################################
#
# Patches appearing in 8u222
# Patches appearing in 8u282
#
# This section includes patches which are present
# in the listed OpenJDK 8u release and should be
@ -1302,7 +1332,8 @@ BuildRequires: java-1.8.0-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
BuildRequires: tzdata-java >= 2015d
# 2020b required as of JDK-8254177 in October CPU
BuildRequires: tzdata-java >= 2020b
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@ -1608,6 +1639,7 @@ sh %{SOURCE12}
%patch201
%patch202
%patch203
%patch204
# System security policy fixes
%patch400
@ -1623,7 +1655,6 @@ sh %{SOURCE12}
%patch107
# AArch64 fixes
%patch106
# x86 fixes
%patch105
@ -1632,24 +1663,22 @@ sh %{SOURCE12}
%patch502
%patch504
%patch512
%patch578
%patch523
%patch528
%patch530
%patch529
%patch531
%patch571
%patch574
%patch575
%patch577
%patch579
%patch580
%patch539
%patch540
# RPM-only fixes
%patch539
%patch600
%patch1000
%patch1001
%patch1002
%patch1003
%patch1004
%patch1005
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@ -1745,23 +1774,31 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
bash ./autogen.sh
)
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
debugbuild=release
else
# change --something to something
debugbuild=`echo $suffix | sed "s/-//g"`
fi
function buildjdk() {
local outputdir=${1}
local buildjdk=${2}
local maketargets=${3}
local debuglevel=${4}
# Variable used in hs_err hook on build failures
top_dir_abs_path=$(pwd)/%{top_level_dir_name}
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
# Variable used in hs_err hook on build failures
local top_builddir_abs_path=$(pwd)/${outputdir}
mkdir -p %{buildoutputdir -- $suffix}
pushd %{buildoutputdir -- $suffix}
echo "Using output directory: ${outputdir}";
echo "Checking build JDK ${buildjdk} is operational..."
${buildjdk}/bin/java -version
echo "Using make targets: ${maketargets}"
echo "Using debuglevel: ${debuglevel}"
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
bash ../../configure \
mkdir -p ${outputdir}
pushd ${outputdir}
bash ${top_srcdir_abs_path}/configure \
%ifarch %{jfr_arches}
--enable-jfr \
%else
--disable-jfr \
%endif
%ifnarch %{jit_arches}
--with-jvm-variants=zero \
@ -1770,8 +1807,12 @@ bash ../../configure \
--with-milestone=%{milestone} \
--with-update-version=%{updatever} \
--with-build-number=%{buildver} \
--with-boot-jdk=/usr/lib/jvm/java-openjdk \
--with-debug-level=$debugbuild \
--with-vendor-name="%{oj_vendor}" \
--with-vendor-url="%{oj_vendor_url}" \
--with-vendor-bug-url="%{oj_vendor_bug_url}" \
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
--enable-unlimited-crypto \
--with-zlib=system \
--with-libjpeg=system \
@ -1785,8 +1826,44 @@ bash ../../configure \
--with-extra-ldflags="%{ourldflags}" \
--with-num-cores="$NUM_PROC"
cat spec.gmk
cat hotspot-spec.gmk
cat spec.gmk
cat hotspot-spec.gmk
make \
JAVAC_FLAGS=-g \
LOG=trace \
SCTP_WERROR= \
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
# the build (erroneously) removes read permissions from some jars
# this is a regression in OpenJDK 7 (our compiler):
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
chmod ugo+r images/%{jdkimage}/lib/ct.sym
# remove redundant *diz and *debuginfo files
find images/%{jdkimage} -iname '*.diz' -exec rm -v {} \;
find images/%{jdkimage} -iname '*.debuginfo' -exec rm -v {} \;
# Build screws up permissions on binaries
# https://bugs.openjdk.java.net/browse/JDK-8173610
find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
popd >& /dev/null
}
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
debugbuild=release
else
# change --something to something
debugbuild=`echo $suffix | sed "s/-//g"`
fi
systemjdk=/usr/lib/jvm/java-openjdk
builddir=%{buildoutputdir -- $suffix}
bootbuilddir=boot${builddir}
# Debug builds don't need same targets as release for
# build speed-up
@ -1794,28 +1871,14 @@ maketargets="%{release_targets}"
if echo $debugbuild | grep -q "debug" ; then
maketargets="%{debug_targets}"
fi
make \
JAVAC_FLAGS=-g \
LOG=trace \
SCTP_WERROR= \
$maketargets || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false )
# the build (erroneously) removes read permissions from some jars
# this is a regression in OpenJDK 7 (our compiler):
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
chmod ugo+r images/%{jdkimage}/lib/ct.sym
# remove redundant *diz and *debuginfo files
find images/%{jdkimage} -iname '*.diz' -exec rm {} \;
find images/%{jdkimage} -iname '*.debuginfo' -exec rm {} \;
# Build screws up permissions on binaries
# https://bugs.openjdk.java.net/browse/JDK-8173610
find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
popd >& /dev/null
%if %{bootstrap_build}
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
rm -rf ${bootbuilddir}
%else
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
%endif
# Install nss.cfg right away as we will be using the JRE above
export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
@ -1830,6 +1893,12 @@ install -m 644 nss.fips.cfg $JAVA_HOME/jre/lib/security/
rm $JAVA_HOME/jre/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat
# add alt-java man page
pushd ${JAVA_HOME}
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd
# build cycles
done
@ -1848,6 +1917,10 @@ $JAVA_HOME/bin/java TestCryptoLevel
$JAVA_HOME/bin/javac -d . %{SOURCE14}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Check debug symbols are present and can identify code
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
do
@ -1941,9 +2014,9 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien
# Install main files.
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
cp -a bin include lib src.zip $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
cp -a jre/bin jre/lib $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
%if %{with_systemtap}
# Install systemtap support files
@ -2046,6 +2119,13 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
| sed 's|'$RPM_BUILD_ROOT'||' \
| sed 's|^|%doc |' \
>> %{name}-demo.files"$suffix"
# Find documentation directories.
find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/sample \
-type d | sort \
| sed 's|'$RPM_BUILD_ROOT'||' \
| sed 's|^|%dir |' \
>> %{name}-demo.files"$suffix"
# Create links which leads to separately installed java-atk-bridge and allow configuration
# links points to java-atk-wrapper - an dependence
@ -2298,6 +2378,267 @@ require "copy_jdk_configs.lua"
%endif
%changelog
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b08-1
- Update to aarch64-shenandoah-jdk8u282-b08 (GA)
- Update release notes for 8u282-b08.
- Resolves: rhbz#1908967
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b07-0.1.ea
- Update to aarch64-shenandoah-jdk8u282-b07 (EA)
- Update release notes for 8u282-b07.
- Fix placement issue in release notes, caught by comparing with vanilla version.
- Resolves: rhbz#1903904
* Wed Jan 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b06-0.1.ea
- Update to aarch64-shenandoah-jdk8u282-b06 (EA)
- Update release notes for 8u282-b06.
- Resolves: rhbz#1903904
* Mon Jan 11 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u282-b05 (EA)
- Update release notes for 8u282-b05 and make some minor corrections.
- Resolves: rhbz#1903904
* Wed Jan 06 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u282-b04 (EA)
- Update release notes for 8u282-b04.
- Remove upstreamed patch PR3519
- Resolves: rhbz#1903904
* Sat Jan 02 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u282-b03 (EA)
- Update release notes for 8u282-b03.
- Resolves: rhbz#1903904
* Fri Dec 18 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b02-0.2.ea
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs.
- Resolves: rhbz#1906862
* Wed Dec 16 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u282-b02 (EA)
- Update release notes for 8u282-b02.
- Resolves: rhbz#1903904
* Mon Dec 07 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u282-b01 (EA)
- Update release notes for 8u282-b01.
- Switch to EA mode.
- Require tzdata 2020b due to resource changes in JDK-8254177
- Remove PR3601, covered upstream by JDK-8062808.
- Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727.
- Extend RH1750419 alt-java fix to include external debuginfo, following JDK-8252395
- Resolves: rhbz#1903904
* Fri Nov 27 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.275.b01-3
- added patch600, rh1750419-redhat_alt_java.patch
- Replaced alt-java palceholder by real pathced alt-java
- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch
- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
- both suprassed by new patch
- Resolves: rhbz#1750419
* Fri Nov 06 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.275.b01-2
- Update to aarch64-shenandoah-jdk8u275-b01 (GA)
- Update release notes for 8u275.
- Remove JDK-8223940/RH1892216 backport now included in upstream 8u275.
- Remove JDK-8236512/RH1889414 backport now included in upstream 8u275.
- Resolves: rhbz#1895060
* Fri Oct 30 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-6
- Add backport of JDK-8223940: "Private key not supported by chosen signature algorithm" to handle lack of provider RSAPSS support
- Resolves: rhbz#1892216
* Fri Oct 30 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.272.b10-5
- Added gating test for ipa server
- Resolves: rhbz#1892216
* Thu Oct 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-4
- Bump release number to build on RHEL 8.4.0 branch.
- Resolves: rhbz#1876665
- Resolves: rhbz#1889414
* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-3
- Add backport of JDK-8236512 to correct use of killSession
- Resolves: rhbz#1889414
* Tue Oct 20 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-2
- Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour"
- Resolves: rhbz#1876665
* Sat Oct 17 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-1
- Update to aarch64-shenandoah-jdk8u272-b10.
- Switch to GA mode for final release.
- Update release notes for 8u272 release.
- Add backport of JDK-8254177 to update to tzdata 2020b
- Require tzdata 2020b due to resource changes in JDK-8254177
- Delay tzdata 2020b dependency until tzdata update has shipped.
- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
- This tarball is embargoed until 2020-10-20 @ 1pm PT.
- Resolves: rhbz#1876665
* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b09-0.2.ea
- Include a test in the RPM to check the build has the correct vendor information.
- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value.
- Improve quoting of vendor name
- Resolves: rhbz#1876665
* Thu Oct 15 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.272.b09-0.2.ea
- Set vendor property and vendor URLs
- Made URLs to be preconfigured by OS
- Resolves: rhbz#1876665
* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b09-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b09 (EA).
- Resolves: rhbz#1876665
* Tue Oct 13 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b08-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b08 (EA).
- Resolves: rhbz#1876665
* Tue Oct 13 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b07-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b07 (EA).
- Resolves: rhbz#1876665
* Mon Oct 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b06-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b06.
- Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3)
- Remove JDK-8165996/PR3506/RH1760437 & JDK-8251117/RH1860990 as now applied upstream.
- Replace JDK-8223482/RH1860965 with RH1860986 (disable TLSv1.3 when using the NSS-FIPS provider)
- Resolves: rhbz#1876665
* Mon Oct 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b05-0.3.ea
- Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR
- Resolves: rhbz#1876665
* Thu Oct 08 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b05-0.2.ea
- Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28.
- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464
- Resolves: rhbz#1876665
* Thu Oct 08 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b05.
- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003
- Resolves: rhbz#1876665
* Wed Oct 07 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b04.
- Update tarball generation script to use PR3795, following inclusion of JDK-8177334
- Resolves: rhbz#1876665
* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b03.
- Resolves: rhbz#1876665
* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b02.
- Remove JDK-8154313 backport now applied upstream.
- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream.
- Resolves: rhbz#1876665
* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u272-b01.
- Switch to EA mode.
- Add debugging output for build.
- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default.
- Resolves: rhbz#1876665
* Thu Sep 17 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-4
- Add patch to cancel PKCS#11 operations on failure (RH1868759)
- Resolves: rhbz#1868759
* Tue Aug 25 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-3
- Add backport of JDK-8251117 to allow key length to be retrieved from PKCS#11 FIPS keys
- Resolves: rhbz#1860993
* Tue Aug 25 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-2
- Add backport of JDK-8223482 so PKCS#11 FIPS provider does not offer unsupported ciphers.
- Resolves: rhbz#1860965
* Mon Jul 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-1
- Update to aarch64-shenandoah-jdk8u265-b01.
- Update release notes for 8u265 release.
- Resolves: rhbz#1860453
* Mon Jul 27 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.262.b10-3
- ASSEMBLY_EXCEPTION LICENSE THIRD_PARTY_README moved to fully versioned dirs
- Resolves: rhbz#1831665
* Thu Jul 16 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b10-2
- Remove issues in NEWS file duplicated between 8u252 & 8u262 releases.
- Resolves: rhbz#1838811
* Sun Jul 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b10-1
- Update to aarch64-shenandoah-jdk8u262-b10.
- Switch to GA mode for final release.
- Update release notes for 8u262 release.
- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded.
- Split JDK-8042159 patch into per-repo patches as upstream.
- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk
- Resolves: rhbz#1838811
* Sat Jul 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.3.ea
- Restructure the build so a minimal initial build is then used for the final build (with docs)
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
- Resolves: rhbz#1838811
* Fri Jul 10 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.2.ea
- Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03
- Resolves: rhbz#1838811
* Fri Jul 10 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.1.ea
- With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR.
- Resolves: rhbz#1838811
* Thu Jul 09 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b09.
- Resolves: rhbz#1838811
* Wed Jul 08 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b08-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b08.
- Resolves: rhbz#1838811
* Tue Jul 07 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b07-0.3.ea
- Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18.
- Resolves: rhbz#1838811
* Sun Jul 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b07-0.2.ea
- Sync alt-java support with java-11-openjdk version.
- Resolves: rhbz#1838811
* Sat Jul 04 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.262.b07-0.2.ea
- Created copy of java as alt-java and adapted alternatives and man pages
- Resolves: rhbz#1838811
* Fri Jul 03 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b07-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b07.
- Require tzdata 2020a so system tzdata matches resource updates in b07
- Resolves: rhbz#1838811
* Tue Jun 30 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b06-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b06.
- Resolves: rhbz#1838811
* Mon Jun 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.4.ea
- Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04.
- Resolves: rhbz#1838811
* Mon Jun 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.3.ea
- Add directories to files directive for demo package.
- Resolves: rhbz#1649801
* Sun Jun 28 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.2.ea
- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
- Resolves: rhbz#1582504
* Sat Jun 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b05.
- Resolves: rhbz#1838811
* Fri Jun 26 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b04.
- Resolves: rhbz#1838811
* Wed Jun 24 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b03-0.2.ea
- Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20.
- Resolves: rhbz#1838811