import java-1.8.0-openjdk-1.8.0.282.b08-1.el8
This commit is contained in:
parent
14f10e9895
commit
10709f9253
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz
|
||||
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
57112674fa8d81e4b09c1eec880ed362a7f98a67 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz
|
||||
de58a4f646ca65cafbd2166d7d08eb330adaf4e6 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
|
||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
57
SOURCES/CheckVendor.java
Normal file
57
SOURCES/CheckVendor.java
Normal file
@ -0,0 +1,57 @@
|
||||
/* CheckVendor -- Check the vendor properties match specified values.
|
||||
Copyright (C) 2020 Red Hat, Inc.
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as
|
||||
published by the Free Software Foundation, either version 3 of the
|
||||
License, or (at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public class CheckVendor {
|
||||
|
||||
public static void main(String[] args) {
|
||||
if (args.length < 3) {
|
||||
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL>");
|
||||
System.exit(1);
|
||||
}
|
||||
|
||||
String vendor = System.getProperty("java.vendor");
|
||||
String expectedVendor = args[0];
|
||||
String vendorURL = System.getProperty("java.vendor.url");
|
||||
String expectedVendorURL = args[1];
|
||||
String vendorBugURL = System.getProperty("java.vendor.url.bug");
|
||||
String expectedVendorBugURL = args[2];
|
||||
|
||||
if (!expectedVendor.equals(vendor)) {
|
||||
System.err.printf("Invalid vendor %s, expected %s\n",
|
||||
vendor, expectedVendor);
|
||||
System.exit(2);
|
||||
}
|
||||
|
||||
if (!expectedVendorURL.equals(vendorURL)) {
|
||||
System.err.printf("Invalid vendor URL %s, expected %s\n",
|
||||
vendorURL, expectedVendorURL);
|
||||
System.exit(3);
|
||||
}
|
||||
|
||||
if (!expectedVendorBugURL.equals(vendorBugURL)) {
|
||||
System.err.printf("Invalid vendor bug URL%s, expected %s\n",
|
||||
vendorBugURL, expectedVendorBugURL);
|
||||
System.exit(4);
|
||||
}
|
||||
|
||||
System.err.printf("Vendor information verified as %s, %s, %s\n",
|
||||
vendor, vendorURL, vendorBugURL);
|
||||
}
|
||||
}
|
750
SOURCES/NEWS
750
SOURCES/NEWS
@ -3,6 +3,756 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 8u282 (2021-01-19):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk8u282
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
|
||||
|
||||
* Security fixes
|
||||
- JDK-8247619: Improve Direct Buffering of Characters
|
||||
* Other changes
|
||||
- JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
|
||||
- JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
|
||||
- JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
|
||||
- JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
|
||||
- JDK-8030350: Enable additional compiler warnings for GCC
|
||||
- JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
|
||||
- JDK-8036122: Fix warning 'format not a string literal'
|
||||
- JDK-8039279: Move awt tests to openjdk repository
|
||||
- JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
|
||||
- JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
|
||||
- JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
|
||||
- JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
|
||||
- JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
|
||||
- JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
|
||||
- JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
|
||||
- JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
|
||||
- JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
|
||||
- JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
|
||||
- JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
|
||||
- JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
|
||||
- JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
|
||||
- JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
|
||||
- JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
|
||||
- JDK-8051440: move tests about maximizing undecorated to OpenJDK
|
||||
- JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
|
||||
- JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
|
||||
- JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
|
||||
- JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
|
||||
- JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
|
||||
- JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
|
||||
- JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
|
||||
- JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
|
||||
- JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
|
||||
- JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
|
||||
- JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
|
||||
- JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
|
||||
- JDK-8062808: Turn on the -Wreturn-type warning
|
||||
- JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
|
||||
- JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
|
||||
- JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
|
||||
- JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
|
||||
- JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
|
||||
- JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
|
||||
- JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
|
||||
- JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
|
||||
- JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
|
||||
- JDK-8068275: Some tests failed after JDK-8063104
|
||||
- JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
|
||||
- JDK-8074807: Fix some tests unnecessary using internal API
|
||||
- JDK-8076315: move 4 manual functional swing tests to regression suite
|
||||
- JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
|
||||
- JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
|
||||
- JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
|
||||
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
|
||||
- JDK-8148916: Mark bug6400879.java as intermittently failing
|
||||
- JDK-8148983: Fix extra comma in changes for JDK-8148916
|
||||
- JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
|
||||
- JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
|
||||
- JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
|
||||
- JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
|
||||
- JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
|
||||
- JDK-8165808: Add release barriers when allocating objects with concurrent collection
|
||||
- JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
|
||||
- JDK-8166583: Add oopDesc::klass_or_null_acquire()
|
||||
- JDK-8166663: Simplify oops_on_card_seq_iterate_careful
|
||||
- JDK-8166862: CMS needs klass_or_null_acquire
|
||||
- JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
|
||||
- JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
|
||||
- JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
|
||||
- JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
|
||||
- JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
|
||||
- JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
|
||||
- JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
|
||||
- JDK-8207766: [testbug] Adapt tests for Aix.
|
||||
- JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
|
||||
- JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
|
||||
- JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
|
||||
- JDK-8217362: Emergency dump does not work when disk=false is set
|
||||
- JDK-8217766: Container Support doesn't work for some Join Controllers combinations
|
||||
- JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
|
||||
- JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
|
||||
- JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
|
||||
- JDK-8220657: JFR.dump does not work when filename is set
|
||||
- JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
|
||||
- JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
|
||||
- JDK-8221710: [TESTBUG] more configurable parameters for docker testing
|
||||
- JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
|
||||
- JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
|
||||
- JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
|
||||
- JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
|
||||
- JDK-8229868: Update Apache Santuario TPRM version
|
||||
- JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
|
||||
- JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
|
||||
- JDK-8232114: JVM crashed at imjpapi.dll in native code
|
||||
- JDK-8233548: Update CUP to v0.11b
|
||||
- JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
|
||||
- JDK-8234339: replace JLI_StrTok in java_md_solinux.c
|
||||
- JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
|
||||
- JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
|
||||
- JDK-8242335: Additional Tests for RSASSA-PSS
|
||||
- JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
|
||||
- JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
|
||||
- JDK-8245400: Upgrade to LittleCMS 2.11
|
||||
- JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
|
||||
- JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
|
||||
- JDK-8249176: Update GlobalSignR6CA test certificates
|
||||
- JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
|
||||
- JDK-8250636: iso8601_time returns incorrect offset part on MacOS
|
||||
- JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
|
||||
- JDK-8250928: JFR: Improve hash algorithm for stack traces
|
||||
- JDK-8251365: Build failure on AIX after 8250636
|
||||
- JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
|
||||
- JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
|
||||
- JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
|
||||
- JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
|
||||
- JDK-8252497: Incorrect numeric currency code for ROL
|
||||
- JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
|
||||
- JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
|
||||
- JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
|
||||
- JDK-8253036: Support building the Zero assembler port on AArch64
|
||||
- JDK-8253284: Zero OrderAccess barrier mappings are incorrect
|
||||
- JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
|
||||
- JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
|
||||
- JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
|
||||
- JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
|
||||
- JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
|
||||
- JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
|
||||
- JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
|
||||
- JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
|
||||
- JDK-8255003: Build failures on Solaris
|
||||
- JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
|
||||
- JDK-8255269: Unsigned overflow in g1Policy.cpp
|
||||
- JDK-8255603: Memory/Performance regression after JDK-8210985
|
||||
- JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
|
||||
- JDK-8256618: Zero: Linux x86_32 build still fails
|
||||
- JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
|
||||
- JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
|
||||
- JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
|
||||
- JDK-8258630: Add expiry exception for QuoVadis root certificate
|
||||
* AArch64 port
|
||||
- Fix AArch64 build failure after JDK-8062808 backport
|
||||
* Shenandoah
|
||||
- Fix racy update of code roots
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/javax.xml.crypto:
|
||||
|
||||
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
|
||||
===========================================================================
|
||||
The XML Signature implementation in the `java.xml.crypto` module has
|
||||
been updated to version 2.1.3 of Apache Santuario. New features
|
||||
include:
|
||||
|
||||
* Added support for embedding elliptic curve public keys in the
|
||||
KeyValue element
|
||||
|
||||
New in release OpenJDK 8u275 (2020-11-05):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk8u275
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
|
||||
|
||||
* Regression fixes
|
||||
- JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
|
||||
- JDK-8223940: Private key not supported by chosen signature algorithm
|
||||
- JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
|
||||
- JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
|
||||
|
||||
New in release OpenJDK 8u272 (2020-10-20):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk8u272
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
|
||||
|
||||
* New features
|
||||
- JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
|
||||
* Security fixes
|
||||
- JDK-8233624: Enhance JNI linkage
|
||||
- JDK-8236196: Improve string pooling
|
||||
- JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
|
||||
- JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
|
||||
- JDK-8237995, CVE-2020-14782: Enhance certificate processing
|
||||
- JDK-8240124: Better VM Interning
|
||||
- JDK-8241114, CVE-2020-14792: Better range handling
|
||||
- JDK-8242680, CVE-2020-14796: Improved URI Support
|
||||
- JDK-8242685, CVE-2020-14797: Better Path Validation
|
||||
- JDK-8242695, CVE-2020-14798: Enhanced buffer support
|
||||
- JDK-8243302: Advanced class supports
|
||||
- JDK-8244136, CVE-2020-14803: Improved Buffer supports
|
||||
- JDK-8244479: Further constrain certificates
|
||||
- JDK-8244955: Additional Fix for JDK-8240124
|
||||
- JDK-8245407: Enhance zoning of times
|
||||
- JDK-8245412: Better class definitions
|
||||
- JDK-8245417: Improve certificate chain handling
|
||||
- JDK-8248574: Improve jpeg processing
|
||||
- JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
|
||||
- JDK-8253019: Enhanced JPEG decoding
|
||||
* Other changes
|
||||
- JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
|
||||
- JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
|
||||
- JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
|
||||
- JDK-8025886: replace [[ and == bash extensions in regtest
|
||||
- JDK-8026236: Add PrimeTest for BigInteger
|
||||
- JDK-8031625: javadoc problems referencing inner class constructors
|
||||
- JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
|
||||
- JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
|
||||
- JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
|
||||
- JDK-8046274: Removing dependency on jakarta-regexp
|
||||
- JDK-8048933: -XX:+TraceExceptions output should include the message
|
||||
- JDK-8057003: Large reference arrays cause extremely long synchronization times
|
||||
- JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
|
||||
- JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
|
||||
- JDK-8062947: Fix exception message to correctly represent LDAP connection failure
|
||||
- JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
|
||||
- JDK-8075774: Small readability and performance improvements for zipfs
|
||||
- JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
|
||||
- JDK-8078334: Mark regression tests using randomness
|
||||
- JDK-8078880: Mark a few more intermittently failuring security-libs
|
||||
- JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
|
||||
- JDK-8132206: move ScanTest.java into OpenJDK
|
||||
- JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
|
||||
- JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
|
||||
- JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
|
||||
- JDK-8144539: Update PKCS11 tests to run with security manager
|
||||
- JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
|
||||
- JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
|
||||
- JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
|
||||
- JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
|
||||
- JDK-8151788: NullPointerException from ntlm.Client.type3
|
||||
- JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
|
||||
- JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
|
||||
- JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
|
||||
- JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
|
||||
- JDK-8154313: Generated javadoc scattered all over the place
|
||||
- JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
|
||||
- JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
|
||||
- JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
|
||||
- JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
|
||||
- JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
|
||||
- JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
|
||||
- JDK-8166148: Fix for JDK-8165936 broke solaris builds
|
||||
- JDK-8167300: Scheduling failures during gcm should be fatal
|
||||
- JDK-8167615: Opensource unit/regression tests for JavaSound
|
||||
- JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
|
||||
- JDK-8169925: PKCS #11 Cryptographic Token Interface license
|
||||
- JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
|
||||
- JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
|
||||
- JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
|
||||
- JDK-8177628: Opensource unit/regression tests for ImageIO
|
||||
- JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
|
||||
- JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
|
||||
- JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
|
||||
- JDK-8184762: ZapStackSegments should use optimized memset
|
||||
- JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
|
||||
- JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
|
||||
- JDK-8193137: Nashorn crashes when given an empty script file
|
||||
- JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
|
||||
- JDK-8194298: Add support for per Socket configuration of TCP keepalive
|
||||
- JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
|
||||
- JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
|
||||
- JDK-8201633: Problems with AES-GCM native acceleration
|
||||
- JDK-8203357: Container Metrics
|
||||
- JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
|
||||
- JDK-8210147: adjust some WSAGetLastError usages in windows network coding
|
||||
- JDK-8211049: Second parameter of "initialize" method is not used
|
||||
- JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
|
||||
- JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
|
||||
- JDK-8214862: assert(proj != __null) at compile.cpp:3251
|
||||
- JDK-8216283: Allow shorter method sampling interval than 10 ms
|
||||
- JDK-8217606: LdapContext#reconnect always opens a new connection
|
||||
- JDK-8217647: JFR: recordings on 32-bit systems unreadable
|
||||
- JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
|
||||
- JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
|
||||
- JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
|
||||
- JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
|
||||
- JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
|
||||
- JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
|
||||
- JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
|
||||
- JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
|
||||
- JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
|
||||
- JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
|
||||
- JDK-8224217: RecordingInfo should use textual representation of path
|
||||
- JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
|
||||
- JDK-8226575: OperatingSystemMXBean should be made container aware
|
||||
- JDK-8226697: Several tests which need the @key headful keyword are missing it.
|
||||
- JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
|
||||
- JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
|
||||
- JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
|
||||
- JDK-8230303: JDB hangs when running monitor command
|
||||
- JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
|
||||
- JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
|
||||
- JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
|
||||
- JDK-8233097: Fontmetrics for large Fonts has zero width
|
||||
- JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
|
||||
- JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
|
||||
- JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
|
||||
- JDK-8235325: build failure on Linux after 8235243
|
||||
- JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
|
||||
- JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
|
||||
- JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
|
||||
- JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
|
||||
- JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
|
||||
- JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
|
||||
- JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
|
||||
- JDK-8238898: Missing hash characters for header on license file
|
||||
- JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
|
||||
- JDK-8239819: XToolkit: Misread of screen information memory
|
||||
- JDK-8240295: hs_err elapsed time in seconds is not accurate enough
|
||||
- JDK-8240676: Meet not symmetric failure when running lucene on jdk8
|
||||
- JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
|
||||
- JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
|
||||
- JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
|
||||
- JDK-8243138: Enhance BaseLdapServer to support starttls extended request
|
||||
- JDK-8243320: Add SSL root certificates to Oracle Root CA program
|
||||
- JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
|
||||
- JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
|
||||
- JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
|
||||
- JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
|
||||
- JDK-8245467: Remove 8u TLSv1.2 implementation files
|
||||
- JDK-8245469: Remove DTLS protocol implementation
|
||||
- JDK-8245470: Fix JDK8 compatibility issues
|
||||
- JDK-8245471: Revert JDK-8148188
|
||||
- JDK-8245472: Backport JDK-8038893 to JDK8
|
||||
- JDK-8245473: OCSP stapling support
|
||||
- JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
|
||||
- JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
|
||||
- JDK-8245477: Adjust TLS tests location
|
||||
- JDK-8245653: Remove 8u TLS tests
|
||||
- JDK-8245681: Add TLSv1.3 regression test from 11.0.7
|
||||
- JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
|
||||
- JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
|
||||
- JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
|
||||
- JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
|
||||
- JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
|
||||
- JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
|
||||
- JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
|
||||
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
|
||||
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
|
||||
- JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
|
||||
- JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
|
||||
- JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
|
||||
- JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
|
||||
- JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
|
||||
- JDK-8251341: Minimal Java specification change
|
||||
- JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
|
||||
- JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
|
||||
- JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
|
||||
- JDK-8252573: 8u: Windows build failed after 8222079 backport
|
||||
- JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
|
||||
- JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
|
||||
- JDK-8254937: Revert JDK-8148854 for 8u272
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-svc/java.lang.management:
|
||||
|
||||
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
|
||||
============================================================================================
|
||||
When executing in a container, or other virtualized operating
|
||||
environment, the following `OperatingSystemMXBean` methods in this
|
||||
release return container specific information, if
|
||||
available. Otherwise, they return host specific data:
|
||||
|
||||
* getFreePhysicalMemorySize()
|
||||
* getTotalPhysicalMemorySize()
|
||||
* getFreeSwapSpaceSize()
|
||||
* getTotalSwapSpaceSize()
|
||||
* getSystemCpuLoad()
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
|
||||
========================================================================
|
||||
The Entrust root certificate has been added to the cacerts truststore:
|
||||
|
||||
Alias Name: entrustrootcag4
|
||||
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
|
||||
|
||||
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
|
||||
=========================================================
|
||||
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
|
||||
|
||||
Alias Name: sslrootrsaca
|
||||
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
|
||||
|
||||
Alias Name: sslrootevrsaca
|
||||
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
|
||||
|
||||
Alias Name: sslrooteccca
|
||||
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
|
||||
|
||||
security-libs/javax.crypto:pkcs11:
|
||||
|
||||
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
|
||||
=======================================================================
|
||||
The SunPKCS11 provider has been updated with support for PKCS#11
|
||||
v2.40. This version adds support for more algorithms such as the
|
||||
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
|
||||
digests, and RSASSA-PSS signatures when the corresponding PKCS11
|
||||
mechanisms are supported by the underlying PKCS11 library.
|
||||
|
||||
security-libs/javax.security:
|
||||
|
||||
JDK-8242059: Support for canonicalize in krb5.conf
|
||||
==================================================
|
||||
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
|
||||
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
|
||||
canonicalization is requested by clients in TGT requests to KDC
|
||||
services (AS protocol). Otherwise, and by default, it is not
|
||||
requested.
|
||||
|
||||
The new default behavior is different from previous releases where
|
||||
name canonicalization was always requested by clients in TGT requests
|
||||
to KDC services (provided that support for RFC 6806[1] was not
|
||||
explicitly disabled with the *sun.security.krb5.disableReferrals*
|
||||
system or security properties).
|
||||
|
||||
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
|
||||
[1]: https://tools.ietf.org/html/rfc6806
|
||||
|
||||
security-libs/javax.xml.crypto:
|
||||
|
||||
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
|
||||
=====================================================================
|
||||
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
|
||||
|
||||
New features include:
|
||||
|
||||
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
|
||||
in RFC 6931.
|
||||
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
|
||||
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
|
||||
|
||||
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
|
||||
============================================================================================================
|
||||
The upgrade to the Apache Santuario libraries (see above) introduced
|
||||
an issue where XML signature using Base64 encoding resulted in
|
||||
appending `
` or `
` to the encoded output. This behavioural
|
||||
change was made in the Apache Santuario codebase to comply with RFC
|
||||
2045. The Santuario team has adopted a position of keeping their
|
||||
libraries compliant with RFC 2045.
|
||||
|
||||
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
|
||||
data in a format without `
` or `
`.
|
||||
|
||||
Therefore a new system property, specific to the 8 update stream,
|
||||
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
|
||||
available to fall back to the legacy Base64 encoded format.
|
||||
|
||||
Users can set this flag in one of two ways:
|
||||
|
||||
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
|
||||
|
||||
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
|
||||
|
||||
This new system property is disabled by default. It has no effect on
|
||||
default behaviour nor when
|
||||
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
|
||||
is set.
|
||||
|
||||
Later JDK family versions will only support the recommended property:
|
||||
|
||||
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
|
||||
|
||||
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
|
||||
====================================================================
|
||||
Following JDK's update to tzdata2020b, the long-obsolete files
|
||||
pacificnew and systemv have been removed. As a result, the
|
||||
"US/Pacific-New" zone name declared in the pacificnew data file is no
|
||||
longer available for use.
|
||||
|
||||
Information regarding the update can be viewed at
|
||||
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
|
||||
|
||||
New in release OpenJDK 8u265 (2020-07-27):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk8u265
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
|
||||
|
||||
* Bug fixes
|
||||
- JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
|
||||
- JDK-8250546: Expect changed behaviour reported in JDK-8249846
|
||||
|
||||
New in release OpenJDK 8u262 (2020-07-14):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/oj8u262
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
|
||||
|
||||
* New features
|
||||
- JDK-8223147: JFR Backport
|
||||
* Security fixes
|
||||
- JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
|
||||
- JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
|
||||
- JDK-8230613: Better ASCII conversions
|
||||
- JDK-8231800: Better listing of arrays
|
||||
- JDK-8232014: Expand DTD support
|
||||
- JDK-8233255: Better Swing Buttons
|
||||
- JDK-8234032: Improve basic calendar services
|
||||
- JDK-8234042: Better factory production of certificates
|
||||
- JDK-8234418: Better parsing with CertificateFactory
|
||||
- JDK-8234836: Improve serialization handling
|
||||
- JDK-8236191: Enhance OID processing
|
||||
- JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
|
||||
- JDK-8237592, CVE-2020-14577: Enhance certificate verification
|
||||
- JDK-8238002, CVE-2020-14581: Better matrix operations
|
||||
- JDK-8238804: Enhance key handling process
|
||||
- JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
|
||||
- JDK-8238843: Enhanced font handing
|
||||
- JDK-8238920, CVE-2020-14583: Better Buffer support
|
||||
- JDK-8238925: Enhance WAV file playback
|
||||
- JDK-8240119, CVE-2020-14593: Less Affine Transformations
|
||||
- JDK-8240482: Improved WAV file playback
|
||||
- JDK-8241379: Update JCEKS support
|
||||
- JDK-8241522: Manifest improved jar headers redux
|
||||
- JDK-8242136, CVE-2020-14621: Better XML namespace handling
|
||||
* Other changes
|
||||
- JDK-4949105: Access Bridge lacks html tags parsing
|
||||
- JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
|
||||
- JDK-8003209: JFR events for network utilization
|
||||
- JDK-8030680: 292 cleanup from default method code assessment
|
||||
- JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
|
||||
- JDK-8037866: Replace the Fun class in tests with lambdas
|
||||
- JDK-8041626: Shutdown tracing event
|
||||
- JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
|
||||
- JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
|
||||
- JDK-8076475: Misuses of strncpy/strncat
|
||||
- JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
|
||||
- JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
|
||||
- JDK-8146612: C2: Precedence edges specification violated
|
||||
- JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
|
||||
- JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
|
||||
- JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
|
||||
- JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
|
||||
- JDK-8165675: Trace event for thread park has incorrect unit for timeout
|
||||
- JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
|
||||
- JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
|
||||
- JDK-8176182: 4 security tests are not run
|
||||
- JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
|
||||
- JDK-8178910: Problemlist sample tests
|
||||
- JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
|
||||
- JDK-8183925: Decouple crash protection from watcher thread
|
||||
- JDK-8191393: Random crashes during cfree+0x1c
|
||||
- JDK-8195817: JFR.stop should require name of recording
|
||||
- JDK-8195818: JFR.start should increase autogenerated name by one
|
||||
- JDK-8195819: Remove recording=x from jcmd JFR.check output
|
||||
- JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
|
||||
- JDK-8199712: Flight Recorder
|
||||
- JDK-8202578: Revisit location for class unload events
|
||||
- JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
|
||||
- JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
|
||||
- JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
|
||||
- JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
|
||||
- JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
|
||||
- JDK-8203929: Limit amount of data for JFR.dump
|
||||
- JDK-8205516: JFR tool
|
||||
- JDK-8207392: [PPC64] Implement JFR profiling
|
||||
- JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
|
||||
- JDK-8209960: -Xlog:jfr* doesn't work with the JFR
|
||||
- JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
|
||||
- JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
|
||||
- JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
|
||||
- JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
|
||||
- JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
|
||||
- JDK-8213421: Line number information for execution samples always 0
|
||||
- JDK-8213617: JFR should record the PID of the recorded process
|
||||
- JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
|
||||
- JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
|
||||
- JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
|
||||
- JDK-8213966: The ZGC JFR events should be marked as experimental
|
||||
- JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
|
||||
- JDK-8214750: Unnecessary <p> tags in jfr classes
|
||||
- JDK-8214896: JFR Tool left files behind
|
||||
- JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
|
||||
- JDK-8214925: JFR tool fails to execute
|
||||
- JDK-8215175: Inconsistencies in JFR event metadata
|
||||
- JDK-8215237: jdk.jfr.Recording javadoc does not compile
|
||||
- JDK-8215284: Reduce noise induced by periodic task getFileSize()
|
||||
- JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
|
||||
- JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
|
||||
- JDK-8215771: The jfr tool should pretty print reference chains
|
||||
- JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
|
||||
- JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
|
||||
- JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
|
||||
- JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
|
||||
- JDK-8216578: Remove unused/obsolete method in JFR code
|
||||
- JDK-8216995: Clean up JFR command line processing
|
||||
- JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
|
||||
- JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
|
||||
- JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
|
||||
- JDK-8220293: Deadlock in JFR string pool
|
||||
- JDK-8223689: Add JFR Thread Sampling Support
|
||||
- JDK-8223690: Add JFR BiasedLock Event Support
|
||||
- JDK-8223691: Add JFR G1 Region Type Change Event Support
|
||||
- JDK-8223692: Add JFR G1 Heap Summary Event Support
|
||||
- JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
|
||||
- JDK-8224475: JTextPane does not show images in HTML rendering
|
||||
- JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
|
||||
- JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
|
||||
- JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
|
||||
- JDK-8226779: [TESTBUG] Test JFR API from Java agent
|
||||
- JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
|
||||
- JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
|
||||
- JDK-8227269: Slow class loading when running with JDWP
|
||||
- JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
|
||||
- JDK-8229366: JFR backport allows unchecked writing to memory
|
||||
- JDK-8229401: Fix JFR code cache test failures
|
||||
- JDK-8229708: JFR backport code does not initialize
|
||||
- JDK-8229873: 8229401 broke jdk8u-jfr-incubator
|
||||
- JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
|
||||
- JDK-8229899: Make java.io.File.isInvalid() less racy
|
||||
- JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
|
||||
- JDK-8230597: Update GIFlib library to the 5.2.1
|
||||
- JDK-8230707: JFR related tests are failing
|
||||
- JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
|
||||
- JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
|
||||
- JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
|
||||
- JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
|
||||
- JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
|
||||
- JDK-8231995: two jtreg tests failed after 8229366 is fixed
|
||||
- JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
|
||||
- JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
|
||||
- JDK-8233880: Support compilers with multi-digit major version numbers
|
||||
- JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
|
||||
- JDK-8236008: Some backup files were accidentally left in the hotspot tree
|
||||
- JDK-8236074: Missed package-info
|
||||
- JDK-8236174: Should update javadoc since tags
|
||||
- JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
|
||||
- JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
|
||||
- JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
|
||||
- JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
|
||||
- JDK-8238589: Necessary code cleanup in JFR for JDK8u
|
||||
- JDK-8238590: Enable JFR by default during compilation in 8u
|
||||
- JDK-8239055: Wrong implementation of VMState.hasListener
|
||||
- JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
|
||||
- JDK-8239479: minimal1 and zero builds are failing
|
||||
- JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
|
||||
- JDK-8239867: correct over use of INCLUDE_JFR macro
|
||||
- JDK-8240375: Disable JFR by default for July 2020 release
|
||||
- JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
|
||||
- JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
|
||||
- JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
|
||||
- JDK-8241750: x86_32 build failure after JDK-8227269
|
||||
- JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
|
||||
- JDK-8242788: Non-PCH build is broken after JDK-8191393
|
||||
- JDK-8242883: Incomplete backport of JDK-8078268: backport test part
|
||||
- JDK-8243059: Build fails when --with-vendor-name contains a comma
|
||||
- JDK-8243474: [TESTBUG] removed three tests of 0 bytes
|
||||
- JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
|
||||
- JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
|
||||
- JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
|
||||
- JDK-8244461: [JDK 8u] Build fails with glibc 2.32
|
||||
- JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
|
||||
- JDK-8244777: ClassLoaderStats VM Op uses constant hash value
|
||||
- JDK-8244843: JapanEraNameCompatTest fails
|
||||
- JDK-8245167: Top package in method profiling shows null in JMC
|
||||
- JDK-8246223: Windows build fails after JDK-8227269
|
||||
- JDK-8246703: [TESTBUG] Add test for JDK-8233197
|
||||
- JDK-8248399: Build installs jfr binary when JFR is disabled
|
||||
- JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
hotspot/jfr:
|
||||
|
||||
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
|
||||
=========================================================
|
||||
|
||||
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
|
||||
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
|
||||
|
||||
JFR is a low-overhead framework to collect and provide data helpful to
|
||||
troubleshoot the performance of the OpenJDK runtime and of Java
|
||||
applications. It consists of a new API to define custom events under
|
||||
the jdk.jfr namespace and a JMX interface to interact with the
|
||||
framework. The recording can also be initiated with the application
|
||||
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
|
||||
the +XX:EnableTracing feature introduced in JEP 167, providing a more
|
||||
efficient way to retrieve the same information. For compatibility
|
||||
reasons, +XX:EnableTracing is still accepted, however no data will be
|
||||
printed.
|
||||
|
||||
While JFR is not built by default upstream, it is included in Red Hat
|
||||
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
|
||||
|
||||
hotspot/runtime:
|
||||
|
||||
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
|
||||
=========================================================================================
|
||||
|
||||
JFR will be disabled with a warning message if it is enabled during
|
||||
CDS dumping. The user will see the following warning message:
|
||||
|
||||
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
|
||||
|
||||
if JFR is enabled during CDS dumping such as in the following command
|
||||
line:
|
||||
|
||||
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8244167: Removal of Comodo Root CA Certificate
|
||||
==================================================
|
||||
|
||||
The following expired Comodo root CA certificate was removed from the
|
||||
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
|
||||
|
||||
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
|
||||
|
||||
JDK-8244166: Removal of DocuSign Root CA Certificate
|
||||
====================================================
|
||||
|
||||
The following expired DocuSign root CA certificate was removed from
|
||||
the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
|
||||
|
||||
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
|
||||
|
||||
security-libs/javax.crypto:pkcs11:
|
||||
|
||||
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
|
||||
============================================================================================================================
|
||||
|
||||
The SunPKCS11 security provider can now be initialized with NSS when
|
||||
FIPS-enabled external modules are configured in the Security Modules
|
||||
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
|
||||
throw a RuntimeException with the message: "FIPS flag set for
|
||||
non-internal module" when such a library was configured for NSS in
|
||||
non-FIPS mode.
|
||||
|
||||
This change allows the JDK to work properly with recent NSS releases
|
||||
on GNU/Linux operating systems when the system-wide FIPS policy is
|
||||
turned on.
|
||||
|
||||
Further information can be found in JDK-8238555.
|
||||
|
||||
New in release OpenJDK 8u252 (2020-04-14):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
@ -1,59 +1,9 @@
|
||||
diff -ruN jdk8/common/autoconf/libraries.m4 jdk8/common/autoconf/libraries.m4
|
||||
--- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500
|
||||
+++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500
|
||||
@@ -676,6 +676,46 @@
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
+ # Check for the lcms2 library
|
||||
+ #
|
||||
+
|
||||
+ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms],
|
||||
+ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])])
|
||||
+
|
||||
+ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile,
|
||||
+ [ LCMS_FOUND=yes ],
|
||||
+ [ LCMS_FOUND=no ])
|
||||
+
|
||||
+ AC_MSG_CHECKING([for which lcms to use])
|
||||
+
|
||||
+ DEFAULT_LCMS=bundled
|
||||
+
|
||||
+ #
|
||||
+ # If user didn't specify, use DEFAULT_LCMS
|
||||
+ #
|
||||
+ if test "x${with_lcms}" = "x"; then
|
||||
+ with_lcms=${DEFAULT_LCMS}
|
||||
+ fi
|
||||
+
|
||||
+ if test "x${with_lcms}" = "xbundled"; then
|
||||
+ USE_EXTERNAL_LCMS=false
|
||||
+ AC_MSG_RESULT([bundled])
|
||||
+ elif test "x${with_lcms}" = "xsystem"; then
|
||||
+ if test "x${LCMS_FOUND}" = "xyes"; then
|
||||
+ USE_EXTERNAL_LCMS=true
|
||||
+ AC_MSG_RESULT([system])
|
||||
+ else
|
||||
+ AC_MSG_RESULT([system not found])
|
||||
+ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!])
|
||||
+ fi
|
||||
+ else
|
||||
+ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled'])
|
||||
+ fi
|
||||
+
|
||||
+ AC_SUBST(USE_EXTERNAL_LCMS)
|
||||
+
|
||||
+ ###############################################################################
|
||||
+ #
|
||||
# Check for the png library
|
||||
#
|
||||
|
||||
diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.gmk
|
||||
--- openjdk/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 22:04:38.040440133 -0500
|
||||
+++ openjdk/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 22:05:11.475356411 -0500
|
||||
@@ -666,18 +666,35 @@
|
||||
|
||||
##########################################################################################
|
||||
diff --git openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk openjdk/jdk/make/lib/Awt2dLibraries.gmk
|
||||
--- openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk
|
||||
+++ openjdk/jdk/make/lib/Awt2dLibraries.gmk
|
||||
@@ -665,18 +665,35 @@
|
||||
endif
|
||||
endif
|
||||
|
||||
+LIBLCMS_DIR := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms
|
||||
+
|
||||
@ -89,7 +39,7 @@ diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.
|
||||
CFLAGS_solaris := -xc99=no_lib, \
|
||||
CFLAGS_windows := -DCMS_IS_WINDOWS_, \
|
||||
MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \
|
||||
@@ -685,10 +702,10 @@
|
||||
@@ -684,10 +701,10 @@
|
||||
$(call SET_SHARED_LIBRARY_ORIGIN), \
|
||||
LDFLAGS_solaris := /usr/lib$(OPENJDK_TARGET_CPU_ISADIR)/libm.so.2, \
|
||||
LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \
|
||||
@ -104,9 +54,9 @@ diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.
|
||||
VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \
|
||||
RC_FLAGS := $(RC_FLAGS) \
|
||||
-D "JDK_FNAME=lcms.dll" \
|
||||
diff -r 3d1c3b0b73a3 src/share/native/sun/java2d/cmm/lcms/LCMS.c
|
||||
--- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c Tue Sep 08 22:31:26 2015 +0300
|
||||
+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c Thu Oct 15 05:29:28 2015 +0100
|
||||
diff --git openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
|
||||
--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
|
||||
+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c
|
||||
@@ -30,7 +30,7 @@
|
||||
#include "jni_util.h"
|
||||
#include "Trace.h"
|
@ -0,0 +1,50 @@
|
||||
diff -ruN openjdk/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4
|
||||
--- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500
|
||||
+++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500
|
||||
@@ -676,6 +676,46 @@
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
+ # Check for the lcms2 library
|
||||
+ #
|
||||
+
|
||||
+ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms],
|
||||
+ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])])
|
||||
+
|
||||
+ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile,
|
||||
+ [ LCMS_FOUND=yes ],
|
||||
+ [ LCMS_FOUND=no ])
|
||||
+
|
||||
+ AC_MSG_CHECKING([for which lcms to use])
|
||||
+
|
||||
+ DEFAULT_LCMS=bundled
|
||||
+
|
||||
+ #
|
||||
+ # If user didn't specify, use DEFAULT_LCMS
|
||||
+ #
|
||||
+ if test "x${with_lcms}" = "x"; then
|
||||
+ with_lcms=${DEFAULT_LCMS}
|
||||
+ fi
|
||||
+
|
||||
+ if test "x${with_lcms}" = "xbundled"; then
|
||||
+ USE_EXTERNAL_LCMS=false
|
||||
+ AC_MSG_RESULT([bundled])
|
||||
+ elif test "x${with_lcms}" = "xsystem"; then
|
||||
+ if test "x${LCMS_FOUND}" = "xyes"; then
|
||||
+ USE_EXTERNAL_LCMS=true
|
||||
+ AC_MSG_RESULT([system])
|
||||
+ else
|
||||
+ AC_MSG_RESULT([system not found])
|
||||
+ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!])
|
||||
+ fi
|
||||
+ else
|
||||
+ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled'])
|
||||
+ fi
|
||||
+
|
||||
+ AC_SUBST(USE_EXTERNAL_LCMS)
|
||||
+
|
||||
+ ###############################################################################
|
||||
+ #
|
||||
# Check for the png library
|
||||
#
|
||||
|
@ -1,191 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User stefank
|
||||
# Date 1525453613 -3600
|
||||
# Fri May 04 18:06:53 2018 +0100
|
||||
# Node ID 07a1135a327362f157955d470fad5df07cc35164
|
||||
# Parent de79964656fc652f2085dac4fe99bcc128b5a3b1
|
||||
8062808, PR3548: Turn on the -Wreturn-type warning
|
||||
Reviewed-by: mgerdin, tschatzl, coleenp, jrose, kbarrett
|
||||
|
||||
diff --git openjdk.orig/hotspot/make/linux/makefiles/gcc.make openjdk/hotspot/make/linux/makefiles/gcc.make
|
||||
--- openjdk.orig/hotspot/make/linux/makefiles/gcc.make
|
||||
+++ openjdk/hotspot/make/linux/makefiles/gcc.make
|
||||
@@ -210,7 +210,7 @@
|
||||
WARNINGS_ARE_ERRORS += -Wno-return-type -Wno-empty-body
|
||||
endif
|
||||
|
||||
-WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wundef -Wunused-function -Wunused-value
|
||||
+WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wundef -Wunused-function -Wunused-value -Wreturn-type
|
||||
|
||||
ifeq ($(USE_CLANG),)
|
||||
# Since GCC 4.3, -Wconversion has changed its meanings to warn these implicit
|
||||
diff --git openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
|
||||
--- openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad
|
||||
+++ openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
|
||||
@@ -1250,6 +1250,7 @@
|
||||
|
||||
|
||||
Unimplemented();
|
||||
+ return 0; // Mute compiler
|
||||
}
|
||||
|
||||
#ifndef PRODUCT
|
||||
diff --git openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
|
||||
--- openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
|
||||
+++ openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp
|
||||
@@ -541,6 +541,7 @@
|
||||
err.report_and_die();
|
||||
|
||||
ShouldNotReachHere();
|
||||
+ return true; // Mute compiler
|
||||
}
|
||||
|
||||
void os::Linux::init_thread_fpu_state(void) {
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/classfile/defaultMethods.cpp openjdk/hotspot/src/share/vm/classfile/defaultMethods.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/classfile/defaultMethods.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/classfile/defaultMethods.cpp
|
||||
@@ -506,7 +506,7 @@
|
||||
ss.write((const char*)name->bytes(), name->utf8_length());
|
||||
ss.write((const char*)signature->bytes(), signature->utf8_length());
|
||||
ss.print(" is abstract");
|
||||
- return SymbolTable::new_symbol(ss.base(), (int)ss.size(), CHECK_NULL);
|
||||
+ return SymbolTable::new_symbol(ss.base(), (int)ss.size(), THREAD);
|
||||
}
|
||||
|
||||
Symbol* MethodFamily::generate_conflicts_message(GrowableArray<Method*>* methods, TRAPS) const {
|
||||
@@ -521,7 +521,7 @@
|
||||
ss.print(".");
|
||||
ss.write((const char*)name->bytes(), name->utf8_length());
|
||||
}
|
||||
- return SymbolTable::new_symbol(ss.base(), (int)ss.size(), CHECK_NULL);
|
||||
+ return SymbolTable::new_symbol(ss.base(), (int)ss.size(), THREAD);
|
||||
}
|
||||
|
||||
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/classfile/symbolTable.cpp openjdk/hotspot/src/share/vm/classfile/symbolTable.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/classfile/symbolTable.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/classfile/symbolTable.cpp
|
||||
@@ -249,7 +249,7 @@
|
||||
MutexLocker ml(SymbolTable_lock, THREAD);
|
||||
|
||||
// Otherwise, add to symbol to table
|
||||
- return the_table()->basic_add(index, (u1*)name, len, hashValue, true, CHECK_NULL);
|
||||
+ return the_table()->basic_add(index, (u1*)name, len, hashValue, true, THREAD);
|
||||
}
|
||||
|
||||
Symbol* SymbolTable::lookup(const Symbol* sym, int begin, int end, TRAPS) {
|
||||
@@ -288,7 +288,7 @@
|
||||
// Grab SymbolTable_lock first.
|
||||
MutexLocker ml(SymbolTable_lock, THREAD);
|
||||
|
||||
- return the_table()->basic_add(index, (u1*)buffer, len, hashValue, true, CHECK_NULL);
|
||||
+ return the_table()->basic_add(index, (u1*)buffer, len, hashValue, true, THREAD);
|
||||
}
|
||||
|
||||
Symbol* SymbolTable::lookup_only(const char* name, int len,
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp
|
||||
@@ -229,15 +229,15 @@
|
||||
class_name->as_C_string(),
|
||||
class_loader.is_null() ? "null" : class_loader->klass()->name()->as_C_string()));
|
||||
if (FieldType::is_array(class_name)) {
|
||||
- return resolve_array_class_or_null(class_name, class_loader, protection_domain, CHECK_NULL);
|
||||
+ return resolve_array_class_or_null(class_name, class_loader, protection_domain, THREAD);
|
||||
} else if (FieldType::is_obj(class_name)) {
|
||||
ResourceMark rm(THREAD);
|
||||
// Ignore wrapping L and ;.
|
||||
TempNewSymbol name = SymbolTable::new_symbol(class_name->as_C_string() + 1,
|
||||
class_name->utf8_length() - 2, CHECK_NULL);
|
||||
- return resolve_instance_class_or_null(name, class_loader, protection_domain, CHECK_NULL);
|
||||
+ return resolve_instance_class_or_null(name, class_loader, protection_domain, THREAD);
|
||||
} else {
|
||||
- return resolve_instance_class_or_null(class_name, class_loader, protection_domain, CHECK_NULL);
|
||||
+ return resolve_instance_class_or_null(class_name, class_loader, protection_domain, THREAD);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/memory/heapInspection.hpp openjdk/hotspot/src/share/vm/memory/heapInspection.hpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/memory/heapInspection.hpp
|
||||
+++ openjdk/hotspot/src/share/vm/memory/heapInspection.hpp
|
||||
@@ -367,7 +367,7 @@
|
||||
_csv_format(csv_format), _print_help(print_help),
|
||||
_print_class_stats(print_class_stats), _columns(columns) {}
|
||||
void heap_inspection(outputStream* st) NOT_SERVICES_RETURN;
|
||||
- size_t populate_table(KlassInfoTable* cit, BoolObjectClosure* filter = NULL) NOT_SERVICES_RETURN;
|
||||
+ size_t populate_table(KlassInfoTable* cit, BoolObjectClosure* filter = NULL) NOT_SERVICES_RETURN_(0);
|
||||
static void find_instances_at_safepoint(Klass* k, GrowableArray<oop>* result) NOT_SERVICES_RETURN;
|
||||
private:
|
||||
void iterate_over_heap(KlassInfoTable* cit, BoolObjectClosure* filter = NULL);
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/memory/metaspaceShared.hpp openjdk/hotspot/src/share/vm/memory/metaspaceShared.hpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/memory/metaspaceShared.hpp
|
||||
+++ openjdk/hotspot/src/share/vm/memory/metaspaceShared.hpp
|
||||
@@ -93,7 +93,7 @@
|
||||
static void preload_and_dump(TRAPS) NOT_CDS_RETURN;
|
||||
static int preload_and_dump(const char * class_list_path,
|
||||
GrowableArray<Klass*>* class_promote_order,
|
||||
- TRAPS) NOT_CDS_RETURN;
|
||||
+ TRAPS) NOT_CDS_RETURN_(0);
|
||||
|
||||
static ReservedSpace* shared_rs() {
|
||||
CDS_ONLY(return _shared_rs);
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/oops/constantPool.hpp openjdk/hotspot/src/share/vm/oops/constantPool.hpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/oops/constantPool.hpp
|
||||
+++ openjdk/hotspot/src/share/vm/oops/constantPool.hpp
|
||||
@@ -352,7 +352,7 @@
|
||||
|
||||
Klass* klass_at(int which, TRAPS) {
|
||||
constantPoolHandle h_this(THREAD, this);
|
||||
- return klass_at_impl(h_this, which, CHECK_NULL);
|
||||
+ return klass_at_impl(h_this, which, THREAD);
|
||||
}
|
||||
|
||||
Symbol* klass_name_at(int which); // Returns the name, w/o resolving.
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp openjdk/hotspot/src/share/vm/prims/jvm.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/prims/jvm.cpp
|
||||
@@ -4244,7 +4244,7 @@
|
||||
JVM_DTraceProvider* providers))
|
||||
JVMWrapper("JVM_DTraceActivate");
|
||||
return DTraceJSDT::activate(
|
||||
- version, module_name, providers_count, providers, CHECK_0);
|
||||
+ version, module_name, providers_count, providers, THREAD);
|
||||
JVM_END
|
||||
|
||||
JVM_ENTRY(jboolean,JVM_DTraceIsProbeEnabled(JNIEnv* env, jmethodID method))
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/runtime/reflection.cpp openjdk/hotspot/src/share/vm/runtime/reflection.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/runtime/reflection.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/runtime/reflection.cpp
|
||||
@@ -1093,7 +1093,7 @@
|
||||
} else {
|
||||
if (rtype == T_BOOLEAN || rtype == T_BYTE || rtype == T_CHAR || rtype == T_SHORT)
|
||||
narrow((jvalue*) result.get_value_addr(), rtype, CHECK_NULL);
|
||||
- return box((jvalue*) result.get_value_addr(), rtype, CHECK_NULL);
|
||||
+ return box((jvalue*) result.get_value_addr(), rtype, THREAD);
|
||||
}
|
||||
}
|
||||
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/runtime/sharedRuntime.cpp openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/runtime/sharedRuntime.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp
|
||||
@@ -1046,7 +1046,7 @@
|
||||
// last java frame on stack (which includes native call frames)
|
||||
vframeStream vfst(thread, true); // Do not skip and javaCalls
|
||||
|
||||
- return find_callee_info_helper(thread, vfst, bc, callinfo, CHECK_(Handle()));
|
||||
+ return find_callee_info_helper(thread, vfst, bc, callinfo, THREAD);
|
||||
}
|
||||
|
||||
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/services/memTracker.hpp openjdk/hotspot/src/share/vm/services/memTracker.hpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/services/memTracker.hpp
|
||||
+++ openjdk/hotspot/src/share/vm/services/memTracker.hpp
|
||||
@@ -64,7 +64,7 @@
|
||||
const NativeCallStack& stack, MEMFLAGS flag = mtNone) { }
|
||||
static inline void record_virtual_memory_commit(void* addr, size_t size, const NativeCallStack& stack) { }
|
||||
static inline Tracker get_virtual_memory_uncommit_tracker() { return Tracker(); }
|
||||
- static inline Tracker get_virtual_memory_release_tracker() { }
|
||||
+ static inline Tracker get_virtual_memory_release_tracker() { return Tracker(); }
|
||||
static inline void record_virtual_memory_type(void* addr, MEMFLAGS flag) { }
|
||||
static inline void record_thread_stack(void* addr, size_t size) { }
|
||||
static inline void release_thread_stack(void* addr, size_t size) { }
|
@ -34,12 +34,12 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots
|
||||
diff --git openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
|
||||
--- openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
|
||||
+++ openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp
|
||||
@@ -100,7 +100,7 @@
|
||||
case T_DOUBLE:
|
||||
case T_VOID:
|
||||
@@ -102,7 +102,7 @@
|
||||
return result;
|
||||
- default : ShouldNotReachHere();
|
||||
+ default : ShouldNotReachHere(); return NULL_WORD;
|
||||
default:
|
||||
ShouldNotReachHere();
|
||||
- return result; // silence compiler warnings
|
||||
+ return NULL_WORD; // silence compiler warnings
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,68 +0,0 @@
|
||||
--- jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.069477682 +0200
|
||||
+++ jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.014477059 +0200
|
||||
@@ -220,6 +220,12 @@
|
||||
JRE_API_DOCSDIR = $(DOCSDIR)/jre/api
|
||||
PLATFORM_DOCSDIR = $(DOCSDIR)/platform
|
||||
|
||||
+
|
||||
+JAVADOC_ARCHIVE_NAME := jdk-$(FULL_VERSION)-docs.zip
|
||||
+JAVADOC_ARCHIVE_ASSEMBLY_DIR := $(DOCSTMPDIR)/zip-docs
|
||||
+JAVADOC_ARCHIVE_DIR := $(OUTPUT_ROOT)/bundles
|
||||
+JAVADOC_ARCHIVE := $(JAVADOC_ARCHIVE_DIR)/$(JAVADOC_ARCHIVE_NAME)
|
||||
+
|
||||
# The non-core api javadocs need to be able to access the root of the core
|
||||
# api directory, so for jdk/api or jre/api to get to the core api/
|
||||
# directory we would use this:
|
||||
@@ -319,6 +325,37 @@
|
||||
all: docs
|
||||
docs: coredocs otherdocs
|
||||
|
||||
+#
|
||||
+# Optional target which bundles all generated javadocs into a zip
|
||||
+# archive. The dependency on docs is handled in Main.gmk. Incremental
|
||||
+# building of docs is currently broken so if you invoke zip-docs after
|
||||
+# docs, the docs are always rebuilt.
|
||||
+#
|
||||
+
|
||||
+zip-docs: $(JAVADOC_ARCHIVE)
|
||||
+
|
||||
+#
|
||||
+# Add the core docs as prerequisite to the archive to trigger a rebuild
|
||||
+# if the core docs were rebuilt. Ideally any doc rebuild should trigger
|
||||
+# this, but the way prerequisites are currently setup in this file, that
|
||||
+# is hard to achieve.
|
||||
+#
|
||||
+
|
||||
+$(JAVADOC_ARCHIVE): $(COREAPI_INDEX_FILE)
|
||||
+ @$(ECHO) "Compressing javadoc to single $(JAVADOC_ARCHIVE_NAME)" ;
|
||||
+ $(MKDIR) -p $(JAVADOC_ARCHIVE_DIR) ;
|
||||
+ $(RM) -r $(JAVADOC_ARCHIVE_ASSEMBLY_DIR) ;
|
||||
+ $(MKDIR) -p $(JAVADOC_ARCHIVE_ASSEMBLY_DIR);
|
||||
+ all_roots=`$(FIND) $(DOCSDIR) | $(GREP) index.html `; \
|
||||
+ pushd $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); \
|
||||
+ for index_file in $${all_roots} ; do \
|
||||
+ target_dir=`dirname $${index_file}`; \
|
||||
+ name=`$(ECHO) $${target_dir} | $(SED) "s;/spec;;" | $(SED) "s;.*/;;"`; \
|
||||
+ $(LN) -s $${target_dir} $${name}; \
|
||||
+ done; \
|
||||
+ $(ZIP) -q -r $(JAVADOC_ARCHIVE) * ; \
|
||||
+ popd ;
|
||||
+
|
||||
#################################################################
|
||||
# Production Targets -- USE THESE TARGETS WHEN:
|
||||
# a) You're generating docs outside of release engineering's
|
||||
--- jdk8/make/Main.gmk 2016-04-01 16:53:41.311480424 +0200
|
||||
+++ jdk8/make/Main.gmk 2016-04-01 16:53:41.266479914 +0200
|
||||
@@ -165,6 +165,12 @@
|
||||
@($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk docs)
|
||||
@$(call TargetExit)
|
||||
|
||||
+zip-docs: docs zip-docs-only
|
||||
+zip-docs-only: start-make
|
||||
+ @$(call TargetEnter)
|
||||
+ @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk zip-docs)
|
||||
+ @$(call TargetExit)
|
||||
+
|
||||
sign-jars: jdk sign-jars-only
|
||||
sign-jars-only: start-make
|
||||
@$(call TargetEnter)
|
@ -1,257 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User weijun
|
||||
# Date 1513099798 -28800
|
||||
# Wed Dec 13 01:29:58 2017 +0800
|
||||
# Node ID aa8f2e25f003feddf362892b2820fa2839c854b6
|
||||
# Parent 9ebb70cb99a472b5fee9ac08240b7979468c2fa5
|
||||
8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
|
||||
Reviewed-by: weijun
|
||||
Contributed-by: Martin Balao <mbalao@redhat.com>
|
||||
|
||||
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
|
||||
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
|
||||
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
|
||||
@@ -196,13 +196,23 @@
|
||||
}
|
||||
|
||||
if (configDir != null) {
|
||||
- File configBase = new File(configDir);
|
||||
- if (configBase.isDirectory() == false ) {
|
||||
- throw new IOException("configDir must be a directory: " + configDir);
|
||||
+ String configDirPath = null;
|
||||
+ String sqlPrefix = "sql:/";
|
||||
+ if (!configDir.startsWith(sqlPrefix)) {
|
||||
+ configDirPath = configDir;
|
||||
+ } else {
|
||||
+ StringBuilder configDirPathSB = new StringBuilder(configDir);
|
||||
+ configDirPath = configDirPathSB.substring(sqlPrefix.length());
|
||||
}
|
||||
- File secmodFile = new File(configBase, "secmod.db");
|
||||
- if (secmodFile.isFile() == false) {
|
||||
- throw new FileNotFoundException(secmodFile.getPath());
|
||||
+ File configBase = new File(configDirPath);
|
||||
+ if (configBase.isDirectory() == false ) {
|
||||
+ throw new IOException("configDir must be a directory: " + configDirPath);
|
||||
+ }
|
||||
+ if (!configDir.startsWith(sqlPrefix)) {
|
||||
+ File secmodFile = new File(configBase, "secmod.db");
|
||||
+ if (secmodFile.isFile() == false) {
|
||||
+ throw new FileNotFoundException(secmodFile.getPath());
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
|
||||
@@ -0,0 +1,8 @@
|
||||
+// How to create key4.db and cert9.db
|
||||
+cd <path-for-db>
|
||||
+echo "" > 1
|
||||
+echo "test12" > 2
|
||||
+modutil -create -force -dbdir sql:/$(pwd)
|
||||
+modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/$(pwd)
|
||||
+modutil -changepw "NSS Certificate DB" -force -dbdir sql:/$(pwd) -pwfile $(pwd)/1 -newpwfile $(pwd)/2
|
||||
+
|
||||
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
|
||||
@@ -0,0 +1,134 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.
|
||||
+ *
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
+ * This code is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License version 2 only, as
|
||||
+ * published by the Free Software Foundation.
|
||||
+ *
|
||||
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||
+ * accompanied this code).
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License version
|
||||
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+ *
|
||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
+ * or visit www.oracle.com if you need additional information or have any
|
||||
+ * questions.
|
||||
+ */
|
||||
+
|
||||
+/*
|
||||
+ * @test
|
||||
+ * @bug 8165996
|
||||
+ * @summary Test NSS DB Sqlite
|
||||
+ * @library ../
|
||||
+ * @modules java.base/sun.security.rsa
|
||||
+ * java.base/sun.security.provider
|
||||
+ * java.base/sun.security.jca
|
||||
+ * java.base/sun.security.tools.keytool
|
||||
+ * java.base/sun.security.x509
|
||||
+ * java.base/com.sun.crypto.provider
|
||||
+ * jdk.crypto.cryptoki/sun.security.pkcs11:+open
|
||||
+ * @run main/othervm/timeout=120 TestNssDbSqlite
|
||||
+ * @author Martin Balao (mbalao@redhat.com)
|
||||
+ */
|
||||
+
|
||||
+import java.security.PrivateKey;
|
||||
+import java.security.cert.Certificate;
|
||||
+import java.security.KeyStore;
|
||||
+import java.security.Provider;
|
||||
+import java.security.Signature;
|
||||
+
|
||||
+import sun.security.rsa.SunRsaSign;
|
||||
+import sun.security.jca.ProviderList;
|
||||
+import sun.security.jca.Providers;
|
||||
+import sun.security.tools.keytool.CertAndKeyGen;
|
||||
+import sun.security.x509.X500Name;
|
||||
+
|
||||
+public final class TestNssDbSqlite extends SecmodTest {
|
||||
+
|
||||
+ private static final boolean enableDebug = true;
|
||||
+
|
||||
+ private static Provider sunPKCS11NSSProvider;
|
||||
+ private static Provider sunRsaSignProvider;
|
||||
+ private static Provider sunJCEProvider;
|
||||
+ private static KeyStore ks;
|
||||
+ private static char[] passphrase = "test12".toCharArray();
|
||||
+ private static PrivateKey privateKey;
|
||||
+ private static Certificate certificate;
|
||||
+
|
||||
+ public static void main(String[] args) throws Exception {
|
||||
+
|
||||
+ initialize();
|
||||
+
|
||||
+ if (enableDebug) {
|
||||
+ System.out.println("SunPKCS11 provider: " +
|
||||
+ sunPKCS11NSSProvider);
|
||||
+ }
|
||||
+
|
||||
+ testRetrieveKeysFromKeystore();
|
||||
+
|
||||
+ System.out.println("Test PASS - OK");
|
||||
+ }
|
||||
+
|
||||
+ private static void testRetrieveKeysFromKeystore() throws Exception {
|
||||
+
|
||||
+ String plainText = "known plain text";
|
||||
+
|
||||
+ ks.setKeyEntry("root_ca_1", privateKey, passphrase,
|
||||
+ new Certificate[]{certificate});
|
||||
+ PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
|
||||
+
|
||||
+ Signature sS = Signature.getInstance(
|
||||
+ "SHA256withRSA", sunPKCS11NSSProvider);
|
||||
+ sS.initSign(k1);
|
||||
+ sS.update(plainText.getBytes());
|
||||
+ byte[] generatedSignature = sS.sign();
|
||||
+
|
||||
+ if (enableDebug) {
|
||||
+ System.out.println("Generated signature: ");
|
||||
+ for (byte b : generatedSignature) {
|
||||
+ System.out.printf("0x%02x, ", (int)(b) & 0xFF);
|
||||
+ }
|
||||
+ System.out.println("");
|
||||
+ }
|
||||
+
|
||||
+ Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
|
||||
+ sV.initVerify(certificate);
|
||||
+ sV.update(plainText.getBytes());
|
||||
+ if(!sV.verify(generatedSignature)){
|
||||
+ throw new Exception("Couldn't verify signature");
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private static void initialize() throws Exception {
|
||||
+ initializeProvider();
|
||||
+ }
|
||||
+
|
||||
+ private static void initializeProvider () throws Exception {
|
||||
+ useSqlite(true);
|
||||
+ if (!initSecmod()) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
|
||||
+ sunJCEProvider = new com.sun.crypto.provider.SunJCE();
|
||||
+ sunRsaSignProvider = new SunRsaSign();
|
||||
+ Providers.setProviderList(ProviderList.newList(
|
||||
+ sunJCEProvider, sunPKCS11NSSProvider,
|
||||
+ new sun.security.provider.Sun(), sunRsaSignProvider));
|
||||
+
|
||||
+ ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
|
||||
+ ks.load(null, passphrase);
|
||||
+
|
||||
+ CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
|
||||
+ gen.generate(2048);
|
||||
+ privateKey = gen.getPrivateKey();
|
||||
+ certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
|
||||
+ }
|
||||
+}
|
||||
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
|
||||
@@ -0,0 +1,13 @@
|
||||
+# config file for secmod KeyStore access using sqlite backend
|
||||
+
|
||||
+name = NSS-Sqlite
|
||||
+
|
||||
+nssLibraryDirectory = ${pkcs11test.nss.libdir}
|
||||
+
|
||||
+nssDbMode = readWrite
|
||||
+
|
||||
+nssModule = keystore
|
||||
+
|
||||
+nssSecmodDirectory = ${pkcs11test.nss.db}
|
||||
+
|
||||
+attributes = compatibility
|
||||
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
|
||||
--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
|
||||
+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
|
||||
@@ -34,6 +34,11 @@
|
||||
static String DBDIR;
|
||||
static char[] password = "test12".toCharArray();
|
||||
static String keyAlias = "mykey";
|
||||
+ static boolean useSqlite = false;
|
||||
+
|
||||
+ static void useSqlite(boolean b) {
|
||||
+ useSqlite = b;
|
||||
+ }
|
||||
|
||||
static boolean initSecmod() throws Exception {
|
||||
useNSS();
|
||||
@@ -49,14 +54,24 @@
|
||||
safeReload(LIBPATH + System.mapLibraryName("nssckbi"));
|
||||
|
||||
DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
|
||||
- System.setProperty("pkcs11test.nss.db", DBDIR);
|
||||
+ if (useSqlite) {
|
||||
+ System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
|
||||
+ } else {
|
||||
+ System.setProperty("pkcs11test.nss.db", DBDIR);
|
||||
+ }
|
||||
File dbdirFile = new File(DBDIR);
|
||||
if (dbdirFile.exists() == false) {
|
||||
dbdirFile.mkdir();
|
||||
}
|
||||
- copyFile("secmod.db", BASE, DBDIR);
|
||||
- copyFile("key3.db", BASE, DBDIR);
|
||||
- copyFile("cert8.db", BASE, DBDIR);
|
||||
+
|
||||
+ if (useSqlite) {
|
||||
+ copyFile("key4.db", BASE, DBDIR);
|
||||
+ copyFile("cert9.db", BASE, DBDIR);
|
||||
+ } else {
|
||||
+ copyFile("secmod.db", BASE, DBDIR);
|
||||
+ copyFile("key3.db", BASE, DBDIR);
|
||||
+ copyFile("cert8.db", BASE, DBDIR);
|
||||
+ }
|
||||
return true;
|
||||
}
|
||||
|
@ -1,32 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User andrew
|
||||
# Date 1518667645 0
|
||||
# Thu Feb 15 04:07:25 2018 +0000
|
||||
# Node ID 1d35411eb7bdf16191e220ffe3b1dc4d5d0c6041
|
||||
# Parent 999983606f5c61b093c6f6316a7b26c4cd4ca79e
|
||||
8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8
|
||||
Summary: Fix issue discovered by -Wreturn-type on systems without LP64.
|
||||
Reviewed-by: aph
|
||||
|
||||
diff --git openjdk.orig/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp
|
||||
--- openjdk.orig/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp
|
||||
+++ openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp
|
||||
@@ -457,6 +457,7 @@
|
||||
long long unsigned int oldval,
|
||||
long long unsigned int newval) {
|
||||
ShouldNotCallThis();
|
||||
+ return 0;
|
||||
}
|
||||
};
|
||||
#endif // !_LP64
|
||||
diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
|
||||
--- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
|
||||
+++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp
|
||||
@@ -498,6 +498,7 @@
|
||||
long long unsigned int oldval,
|
||||
long long unsigned int newval) {
|
||||
ShouldNotCallThis();
|
||||
+ return 0;
|
||||
}
|
||||
};
|
||||
#endif // !_LP64
|
@ -319,3 +319,25 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotsp
|
||||
if (PrintGCDetails && Verbose) {
|
||||
// Too early to use gclog_or_tty
|
||||
tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize);
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
|
||||
@@ -41,7 +41,7 @@
|
||||
}
|
||||
|
||||
size_t G1CMObjArrayProcessor::process_array_slice(objArrayOop obj, HeapWord* start_from, size_t remaining) {
|
||||
- size_t words_to_scan = MIN2(remaining, ObjArrayMarkingStride);
|
||||
+ size_t words_to_scan = MIN2(remaining, (size_t) ObjArrayMarkingStride);
|
||||
|
||||
if (remaining > ObjArrayMarkingStride) {
|
||||
push_array_slice(start_from + ObjArrayMarkingStride);
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
|
||||
@@ -150,5 +150,5 @@
|
||||
return value;
|
||||
}
|
||||
|
||||
- return (size_t)1 << (log2_intptr(value) + 1);
|
||||
+ return (size_t)1 << (log2_intptr((uintptr_t) value) + 1);
|
||||
}
|
||||
|
@ -1,19 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User andrew
|
||||
# Date 1518669922 0
|
||||
# Thu Feb 15 04:45:22 2018 +0000
|
||||
# Node ID adaf109718c10888cce5b6e73af7f3e15a7ab0db
|
||||
# Parent 3ade0115344b77e6d00462044e0cf68722685bfe
|
||||
PR3519: Fix further functions with a missing return value.
|
||||
|
||||
diff --git openjdk.orig/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp openjdk/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp
|
||||
--- openjdk.orig/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp
|
||||
+++ openjdk/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp
|
||||
@@ -205,6 +205,7 @@
|
||||
return Address(base, tmp, Address::lsl(addr->scale()));
|
||||
}
|
||||
}
|
||||
+ return Address();
|
||||
}
|
||||
|
||||
Address LIR_Assembler::as_Address_hi(LIR_Address* addr) {
|
@ -32,7 +32,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupT
|
||||
- " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " UINTX_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n"
|
||||
+ " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " SIZE_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n"
|
||||
" [Resize Count: " UINTX_FORMAT ", Shrink Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS "), Grow Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS ")]\n"
|
||||
" [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: 0x%x]\n"
|
||||
" [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: " UINT64_FORMAT "]\n"
|
||||
" [Age Threshold: " UINTX_FORMAT "]",
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp openjdk/hotspot/src/share/vm/memory/blockOffsetTable.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp
|
||||
|
@ -1,38 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User andrew
|
||||
# Date 1529475043 -3600
|
||||
# Wed Jun 20 07:10:43 2018 +0100
|
||||
# Node ID f6341f4635dacb56678264d29a88cd052b74036b
|
||||
# Parent 30520d5018b509b0ae68f5fcc9a5c540e3e5b2de
|
||||
PR3601: Fix additional -Wreturn-type issues introduced by 8061651
|
||||
|
||||
diff --git openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp openjdk/hotspot/src/share/vm/prims/jvm.cpp
|
||||
--- openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp
|
||||
+++ openjdk/hotspot/src/share/vm/prims/jvm.cpp
|
||||
@@ -835,7 +835,7 @@
|
||||
JVM_ENTRY(jboolean, JVM_KnownToNotExist(JNIEnv *env, jobject loader, const char *classname))
|
||||
JVMWrapper("JVM_KnownToNotExist");
|
||||
#if INCLUDE_CDS
|
||||
- return ClassLoaderExt::known_to_not_exist(env, loader, classname, CHECK_(false));
|
||||
+ return ClassLoaderExt::known_to_not_exist(env, loader, classname, THREAD);
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
@@ -845,7 +845,7 @@
|
||||
JVM_ENTRY(jobjectArray, JVM_GetResourceLookupCacheURLs(JNIEnv *env, jobject loader))
|
||||
JVMWrapper("JVM_GetResourceLookupCacheURLs");
|
||||
#if INCLUDE_CDS
|
||||
- return ClassLoaderExt::get_lookup_cache_urls(env, loader, CHECK_NULL);
|
||||
+ return ClassLoaderExt::get_lookup_cache_urls(env, loader, THREAD);
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
||||
@@ -855,7 +855,7 @@
|
||||
JVM_ENTRY(jintArray, JVM_GetResourceLookupCache(JNIEnv *env, jobject loader, const char *resource_name))
|
||||
JVMWrapper("JVM_GetResourceLookupCache");
|
||||
#if INCLUDE_CDS
|
||||
- return ClassLoaderExt::get_lookup_cache(env, loader, resource_name, CHECK_NULL);
|
||||
+ return ClassLoaderExt::get_lookup_cache(env, loader, resource_name, THREAD);
|
||||
#else
|
||||
return NULL;
|
||||
#endif
|
@ -1,44 +0,0 @@
|
||||
diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
|
||||
--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp
|
||||
+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp
|
||||
@@ -103,6 +103,8 @@
|
||||
# include <inttypes.h>
|
||||
# include <sys/ioctl.h>
|
||||
|
||||
+#include <sys/prctl.h>
|
||||
+
|
||||
PRAGMA_FORMAT_MUTE_WARNINGS_FOR_GCC
|
||||
|
||||
#ifndef _GNU_SOURCE
|
||||
@@ -4997,6 +4999,31 @@
|
||||
}
|
||||
}
|
||||
|
||||
+/* Per task speculation control */
|
||||
+#ifndef PR_GET_SPECULATION_CTRL
|
||||
+#define PR_GET_SPECULATION_CTRL 52
|
||||
+#endif
|
||||
+#ifndef PR_SET_SPECULATION_CTRL
|
||||
+#define PR_SET_SPECULATION_CTRL 53
|
||||
+#endif
|
||||
+/* Speculation control variants */
|
||||
+# undef PR_SPEC_STORE_BYPASS
|
||||
+# define PR_SPEC_STORE_BYPASS 0
|
||||
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
|
||||
+# undef PR_SPEC_NOT_AFFECTED
|
||||
+# undef PR_SPEC_PRCTL
|
||||
+# undef PR_SPEC_ENABLE
|
||||
+# undef PR_SPEC_DISABLE
|
||||
+# define PR_SPEC_NOT_AFFECTED 0
|
||||
+# define PR_SPEC_PRCTL (1UL << 0)
|
||||
+# define PR_SPEC_ENABLE (1UL << 1)
|
||||
+# define PR_SPEC_DISABLE (1UL << 2)
|
||||
+
|
||||
+static void set_speculation() __attribute__((constructor));
|
||||
+static void set_speculation() {
|
||||
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||
+}
|
||||
+
|
||||
// this is called _before_ most of the global arguments have been parsed
|
||||
void os::init(void) {
|
||||
char dummy; /* used to get a guess on initial stack address */
|
@ -1,54 +0,0 @@
|
||||
diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
|
||||
--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp
|
||||
+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp
|
||||
@@ -5001,26 +5001,43 @@
|
||||
|
||||
/* Per task speculation control */
|
||||
#ifndef PR_GET_SPECULATION_CTRL
|
||||
-#define PR_GET_SPECULATION_CTRL 52
|
||||
+# define PR_GET_SPECULATION_CTRL 52
|
||||
#endif
|
||||
#ifndef PR_SET_SPECULATION_CTRL
|
||||
-#define PR_SET_SPECULATION_CTRL 53
|
||||
+# define PR_SET_SPECULATION_CTRL 53
|
||||
#endif
|
||||
/* Speculation control variants */
|
||||
-# undef PR_SPEC_STORE_BYPASS
|
||||
+#ifndef PR_SPEC_STORE_BYPASS
|
||||
# define PR_SPEC_STORE_BYPASS 0
|
||||
+#endif
|
||||
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
|
||||
-# undef PR_SPEC_NOT_AFFECTED
|
||||
-# undef PR_SPEC_PRCTL
|
||||
-# undef PR_SPEC_ENABLE
|
||||
-# undef PR_SPEC_DISABLE
|
||||
+
|
||||
+#ifndef PR_SPEC_NOT_AFFECTED
|
||||
# define PR_SPEC_NOT_AFFECTED 0
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_PRCTL
|
||||
# define PR_SPEC_PRCTL (1UL << 0)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_ENABLE
|
||||
# define PR_SPEC_ENABLE (1UL << 1)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE
|
||||
# define PR_SPEC_DISABLE (1UL << 2)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_FORCE_DISABLE
|
||||
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE_NOEXEC
|
||||
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||
+#endif
|
||||
|
||||
static void set_speculation() __attribute__((constructor));
|
||||
static void set_speculation() {
|
||||
+ if ( prctl(PR_SET_SPECULATION_CTRL,
|
||||
+ PR_SPEC_STORE_BYPASS,
|
||||
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
|
||||
+ return;
|
||||
+ }
|
||||
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||
}
|
||||
|
12
SOURCES/rh1582504-rsa_default_for_keytool.patch
Normal file
12
SOURCES/rh1582504-rsa_default_for_keytool.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
|
||||
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java
|
||||
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
|
||||
@@ -1004,7 +1004,7 @@
|
||||
}
|
||||
} else if (command == GENKEYPAIR) {
|
||||
if (keyAlgName == null) {
|
||||
- keyAlgName = "DSA";
|
||||
+ keyAlgName = "RSA";
|
||||
}
|
||||
doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName);
|
||||
kssave = true;
|
128
SOURCES/rh1750419-redhat_alt_java.patch
Normal file
128
SOURCES/rh1750419-redhat_alt_java.patch
Normal file
@ -0,0 +1,128 @@
|
||||
diff --git openjdk.orig/jdk/make/CompileLaunchers.gmk openjdk/jdk/make/CompileLaunchers.gmk
|
||||
--- openjdk.orig/jdk/make/CompileLaunchers.gmk
|
||||
+++ openjdk/jdk/make/CompileLaunchers.gmk
|
||||
@@ -255,6 +255,32 @@
|
||||
endif
|
||||
endif
|
||||
|
||||
+$(eval $(call SetupLauncher,alt-java, \
|
||||
+ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \
|
||||
+ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
|
||||
+ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
|
||||
+
|
||||
+$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX): $(BUILD_LAUNCHER_alt-java)
|
||||
+ $(MKDIR) -p $(@D)
|
||||
+ $(RM) $@
|
||||
+ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) $@
|
||||
+
|
||||
+$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT): $(BUILD_LAUNCHER_alt-java)
|
||||
+ $(MKDIR) -p $(@D)
|
||||
+ $(RM) $@
|
||||
+ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT) $@
|
||||
+
|
||||
+ifeq ($(OPENJDK_TARGET_OS), linux)
|
||||
+ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX)
|
||||
+ ifeq ($(ENABLE_DEBUG_SYMBOLS), true)
|
||||
+ ifneq ($(POST_STRIP_CMD), )
|
||||
+ ifneq ($(STRIP_POLICY), no_strip)
|
||||
+ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT)
|
||||
+ endif
|
||||
+ endif
|
||||
+ endif
|
||||
+endif
|
||||
+
|
||||
ifeq ($(OPENJDK_TARGET_OS), windows)
|
||||
$(eval $(call SetupLauncher,javaw, \
|
||||
-DJAVAW -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \
|
||||
diff --git openjdk.orig/jdk/src/share/bin/alt_main.h openjdk/jdk/src/share/bin/alt_main.h
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ openjdk/jdk/src/share/bin/alt_main.h
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
+ * This code is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License version 2 only, as
|
||||
+ * published by the Free Software Foundation. Oracle designates this
|
||||
+ * particular file as subject to the "Classpath" exception as provided
|
||||
+ * by Oracle in the LICENSE file that accompanied this code.
|
||||
+ *
|
||||
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||
+ * accompanied this code).
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License version
|
||||
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+ *
|
||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
+ * or visit www.oracle.com if you need additional information or have any
|
||||
+ * questions.
|
||||
+ */
|
||||
+
|
||||
+#ifdef REDHAT_ALT_JAVA
|
||||
+
|
||||
+#include <sys/prctl.h>
|
||||
+
|
||||
+
|
||||
+/* Per task speculation control */
|
||||
+#ifndef PR_GET_SPECULATION_CTRL
|
||||
+# define PR_GET_SPECULATION_CTRL 52
|
||||
+#endif
|
||||
+#ifndef PR_SET_SPECULATION_CTRL
|
||||
+# define PR_SET_SPECULATION_CTRL 53
|
||||
+#endif
|
||||
+/* Speculation control variants */
|
||||
+#ifndef PR_SPEC_STORE_BYPASS
|
||||
+# define PR_SPEC_STORE_BYPASS 0
|
||||
+#endif
|
||||
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
|
||||
+
|
||||
+#ifndef PR_SPEC_NOT_AFFECTED
|
||||
+# define PR_SPEC_NOT_AFFECTED 0
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_PRCTL
|
||||
+# define PR_SPEC_PRCTL (1UL << 0)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_ENABLE
|
||||
+# define PR_SPEC_ENABLE (1UL << 1)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE
|
||||
+# define PR_SPEC_DISABLE (1UL << 2)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_FORCE_DISABLE
|
||||
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE_NOEXEC
|
||||
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||
+#endif
|
||||
+
|
||||
+static void set_speculation() __attribute__((constructor));
|
||||
+static void set_speculation() {
|
||||
+ if ( prctl(PR_SET_SPECULATION_CTRL,
|
||||
+ PR_SPEC_STORE_BYPASS,
|
||||
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
|
||||
+ return;
|
||||
+ }
|
||||
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||
+}
|
||||
+
|
||||
+#endif // REDHAT_ALT_JAVA
|
||||
diff --git openjdk.orig/jdk/src/share/bin/main.c openjdk/jdk/src/share/bin/main.c
|
||||
--- openjdk.orig/jdk/src/share/bin/main.c
|
||||
+++ openjdk/jdk/src/share/bin/main.c
|
||||
@@ -32,6 +32,10 @@
|
||||
|
||||
#include "defines.h"
|
||||
|
||||
+#if defined(linux) && defined(__x86_64)
|
||||
+#include "alt_main.h"
|
||||
+#endif
|
||||
+
|
||||
#ifdef _MSC_VER
|
||||
#if _MSC_VER > 1400 && _MSC_VER < 1600
|
||||
|
327
SOURCES/rh1860986-disable_tlsv1.3_in_fips_mode.patch
Normal file
327
SOURCES/rh1860986-disable_tlsv1.3_in_fips_mode.patch
Normal file
@ -0,0 +1,327 @@
|
||||
diff -r bbc65dfa59d1 src/share/classes/java/security/SystemConfigurator.java
|
||||
--- openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
|
||||
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Sat Aug 01 23:16:51 2020 -0300
|
||||
@@ -1,11 +1,13 @@
|
||||
/*
|
||||
- * Copyright (c) 2019, Red Hat, Inc.
|
||||
+ * Copyright (c) 2019, 2020, Red Hat, Inc.
|
||||
*
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
- * published by the Free Software Foundation.
|
||||
+ * published by the Free Software Foundation. Oracle designates this
|
||||
+ * particular file as subject to the "Classpath" exception as provided
|
||||
+ * by Oracle in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
@@ -34,10 +36,10 @@
|
||||
import java.util.Iterator;
|
||||
import java.util.Map.Entry;
|
||||
import java.util.Properties;
|
||||
-import java.util.function.Consumer;
|
||||
-import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
+import sun.misc.SharedSecrets;
|
||||
+import sun.misc.JavaSecuritySystemConfiguratorAccess;
|
||||
import sun.security.util.Debug;
|
||||
|
||||
/**
|
||||
@@ -47,7 +49,7 @@
|
||||
*
|
||||
*/
|
||||
|
||||
-class SystemConfigurator {
|
||||
+final class SystemConfigurator {
|
||||
|
||||
private static final Debug sdebug =
|
||||
Debug.getInstance("properties");
|
||||
@@ -61,15 +63,16 @@
|
||||
private static final String CRYPTO_POLICIES_CONFIG =
|
||||
CRYPTO_POLICIES_BASE_DIR + "/config";
|
||||
|
||||
- private static final class SecurityProviderInfo {
|
||||
- int number;
|
||||
- String key;
|
||||
- String value;
|
||||
- SecurityProviderInfo(int number, String key, String value) {
|
||||
- this.number = number;
|
||||
- this.key = key;
|
||||
- this.value = value;
|
||||
- }
|
||||
+ private static boolean systemFipsEnabled = false;
|
||||
+
|
||||
+ static {
|
||||
+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
|
||||
+ new JavaSecuritySystemConfiguratorAccess() {
|
||||
+ @Override
|
||||
+ public boolean isSystemFipsEnabled() {
|
||||
+ return SystemConfigurator.isSystemFipsEnabled();
|
||||
+ }
|
||||
+ });
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -128,9 +131,9 @@
|
||||
String nonFipsKeystoreType = props.getProperty("keystore.type");
|
||||
props.put("keystore.type", keystoreTypeValue);
|
||||
if (keystoreTypeValue.equals("PKCS11")) {
|
||||
- // If keystore.type is PKCS11, javax.net.ssl.keyStore
|
||||
- // must be "NONE". See JDK-8238264.
|
||||
- System.setProperty("javax.net.ssl.keyStore", "NONE");
|
||||
+ // If keystore.type is PKCS11, javax.net.ssl.keyStore
|
||||
+ // must be "NONE". See JDK-8238264.
|
||||
+ System.setProperty("javax.net.ssl.keyStore", "NONE");
|
||||
}
|
||||
if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
|
||||
// If no trustStoreType has been set, use the
|
||||
@@ -144,12 +147,13 @@
|
||||
sdebug.println("FIPS mode default keystore.type = " +
|
||||
keystoreTypeValue);
|
||||
sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
|
||||
- System.getProperty("javax.net.ssl.keyStore", ""));
|
||||
+ System.getProperty("javax.net.ssl.keyStore", ""));
|
||||
sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
|
||||
System.getProperty("javax.net.ssl.trustStoreType", ""));
|
||||
}
|
||||
}
|
||||
loadedProps = true;
|
||||
+ systemFipsEnabled = true;
|
||||
}
|
||||
} catch (Exception e) {
|
||||
if (sdebug != null) {
|
||||
@@ -165,20 +165,37 @@
|
||||
return loadedProps;
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Returns whether or not global system FIPS alignment is enabled.
|
||||
+ *
|
||||
+ * Value is always 'false' before java.security.Security class is
|
||||
+ * initialized.
|
||||
+ *
|
||||
+ * Call from out of this package through SharedSecrets:
|
||||
+ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ * .isSystemFipsEnabled();
|
||||
+ *
|
||||
+ * @return a boolean value indicating whether or not global
|
||||
+ * system FIPS alignment is enabled.
|
||||
+ */
|
||||
+ static boolean isSystemFipsEnabled() {
|
||||
+ return systemFipsEnabled;
|
||||
+ }
|
||||
+
|
||||
/*
|
||||
* FIPS is enabled only if crypto-policies are set to "FIPS"
|
||||
* and the com.redhat.fips property is true.
|
||||
*/
|
||||
private static boolean enableFips() throws Exception {
|
||||
- boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
|
||||
- if (fipsEnabled) {
|
||||
- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
|
||||
- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
|
||||
- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
|
||||
- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
|
||||
- return pattern.matcher(cryptoPoliciesConfig).find();
|
||||
- } else {
|
||||
- return false;
|
||||
- }
|
||||
+ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
|
||||
+ if (shouldEnable) {
|
||||
+ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
|
||||
+ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
|
||||
+ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
|
||||
+ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
|
||||
+ return pattern.matcher(cryptoPoliciesConfig).find();
|
||||
+ } else {
|
||||
+ return false;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
|
||||
new file mode 100644
|
||||
--- /dev/null
|
||||
+++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
|
||||
@@ -0,0 +1,30 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2020, Red Hat, Inc.
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
+ * This code is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License version 2 only, as
|
||||
+ * published by the Free Software Foundation. Oracle designates this
|
||||
+ * particular file as subject to the "Classpath" exception as provided
|
||||
+ * by Oracle in the LICENSE file that accompanied this code.
|
||||
+ *
|
||||
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||
+ * accompanied this code).
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License version
|
||||
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+ *
|
||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
+ * or visit www.oracle.com if you need additional information or have any
|
||||
+ * questions.
|
||||
+ */
|
||||
+
|
||||
+package sun.misc;
|
||||
+
|
||||
+public interface JavaSecuritySystemConfiguratorAccess {
|
||||
+ boolean isSystemFipsEnabled();
|
||||
+}
|
||||
diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
|
||||
--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
|
||||
+++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
|
||||
@@ -63,6 +63,7 @@
|
||||
private static JavaObjectInputStreamReadString javaObjectInputStreamReadString;
|
||||
private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
|
||||
private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
|
||||
+ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
|
||||
|
||||
public static JavaUtilJarAccess javaUtilJarAccess() {
|
||||
if (javaUtilJarAccess == null) {
|
||||
@@ -248,4 +249,12 @@
|
||||
}
|
||||
return javaxCryptoSealedObjectAccess;
|
||||
}
|
||||
+
|
||||
+ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
|
||||
+ javaSecuritySystemConfiguratorAccess = jssca;
|
||||
+ }
|
||||
+
|
||||
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
|
||||
+ return javaSecuritySystemConfiguratorAccess;
|
||||
+ }
|
||||
}
|
||||
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
|
||||
@@ -31,6 +31,7 @@
|
||||
import java.security.cert.*;
|
||||
import java.util.*;
|
||||
import javax.net.ssl.*;
|
||||
+import sun.misc.SharedSecrets;
|
||||
import sun.security.action.GetPropertyAction;
|
||||
import sun.security.provider.certpath.AlgorithmChecker;
|
||||
import sun.security.validator.Validator;
|
||||
@@ -539,20 +540,38 @@
|
||||
|
||||
static {
|
||||
if (SunJSSE.isFIPS()) {
|
||||
- supportedProtocols = Arrays.asList(
|
||||
- ProtocolVersion.TLS13,
|
||||
- ProtocolVersion.TLS12,
|
||||
- ProtocolVersion.TLS11,
|
||||
- ProtocolVersion.TLS10
|
||||
- );
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ supportedProtocols = Arrays.asList(
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ );
|
||||
|
||||
- serverDefaultProtocols = getAvailableProtocols(
|
||||
- new ProtocolVersion[] {
|
||||
- ProtocolVersion.TLS13,
|
||||
- ProtocolVersion.TLS12,
|
||||
- ProtocolVersion.TLS11,
|
||||
- ProtocolVersion.TLS10
|
||||
- });
|
||||
+ serverDefaultProtocols = getAvailableProtocols(
|
||||
+ new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ });
|
||||
+ } else {
|
||||
+ supportedProtocols = Arrays.asList(
|
||||
+ ProtocolVersion.TLS13,
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ );
|
||||
+
|
||||
+ serverDefaultProtocols = getAvailableProtocols(
|
||||
+ new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS13,
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ });
|
||||
+ }
|
||||
} else {
|
||||
supportedProtocols = Arrays.asList(
|
||||
ProtocolVersion.TLS13,
|
||||
@@ -612,6 +631,16 @@
|
||||
|
||||
static ProtocolVersion[] getSupportedProtocols() {
|
||||
if (SunJSSE.isFIPS()) {
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ return new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ }
|
||||
return new ProtocolVersion[] {
|
||||
ProtocolVersion.TLS13,
|
||||
ProtocolVersion.TLS12,
|
||||
@@ -939,6 +968,16 @@
|
||||
|
||||
static ProtocolVersion[] getProtocols() {
|
||||
if (SunJSSE.isFIPS()) {
|
||||
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ return new ProtocolVersion[] {
|
||||
+ ProtocolVersion.TLS12,
|
||||
+ ProtocolVersion.TLS11,
|
||||
+ ProtocolVersion.TLS10
|
||||
+ };
|
||||
+ }
|
||||
return new ProtocolVersion[]{
|
||||
ProtocolVersion.TLS12,
|
||||
ProtocolVersion.TLS11,
|
||||
diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
|
||||
--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
|
||||
+++ openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
|
||||
@@ -30,6 +30,8 @@
|
||||
|
||||
import java.security.*;
|
||||
|
||||
+import sun.misc.SharedSecrets;
|
||||
+
|
||||
/**
|
||||
* The JSSE provider.
|
||||
*
|
||||
@@ -215,8 +217,13 @@
|
||||
"sun.security.ssl.SSLContextImpl$TLS11Context");
|
||||
put("SSLContext.TLSv1.2",
|
||||
"sun.security.ssl.SSLContextImpl$TLS12Context");
|
||||
- put("SSLContext.TLSv1.3",
|
||||
- "sun.security.ssl.SSLContextImpl$TLS13Context");
|
||||
+ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
|
||||
+ .isSystemFipsEnabled()) {
|
||||
+ // RH1860986: TLSv1.3 key derivation not supported with
|
||||
+ // the Security Providers available in system FIPS mode.
|
||||
+ put("SSLContext.TLSv1.3",
|
||||
+ "sun.security.ssl.SSLContextImpl$TLS13Context");
|
||||
+ }
|
||||
put("SSLContext.TLS",
|
||||
"sun.security.ssl.SSLContextImpl$TLSContext");
|
||||
if (isfips == false) {
|
20
SOURCES/rh1868759-pkcs11_cancel_on_failure.patch
Normal file
20
SOURCES/rh1868759-pkcs11_cancel_on_failure.patch
Normal file
@ -0,0 +1,20 @@
|
||||
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 06:57:19 2020 +0100
|
||||
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:56:48 2020 -0300
|
||||
@@ -627,7 +627,7 @@
|
||||
throw (ShortBufferException)
|
||||
(new ShortBufferException().initCause(e));
|
||||
}
|
||||
- reset(false);
|
||||
+ reset(true);
|
||||
throw new ProviderException("update() failed", e);
|
||||
}
|
||||
}
|
||||
@@ -745,7 +745,7 @@
|
||||
throw (ShortBufferException)
|
||||
(new ShortBufferException().initCause(e));
|
||||
}
|
||||
- reset(false);
|
||||
+ reset(true);
|
||||
throw new ProviderException("update() failed", e);
|
||||
}
|
||||
}
|
@ -0,0 +1,65 @@
|
||||
# HG changeset patch
|
||||
# User andrew
|
||||
# Date 1608219816 0
|
||||
# Thu Dec 17 15:43:36 2020 +0000
|
||||
# Node ID db5d1b28bfce04352b3a48960bf836f6eb20804b
|
||||
# Parent a2cfa397150e99b813354226d536eb8509b5850b
|
||||
RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
|
||||
|
||||
diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
|
||||
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
|
||||
+++ openjdk/jdk/src/share/classes/java/security/Security.java
|
||||
@@ -30,6 +30,8 @@
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.io.*;
|
||||
import java.net.URL;
|
||||
+import sun.misc.SharedSecrets;
|
||||
+import sun.misc.JavaSecuritySystemConfiguratorAccess;
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.PropertyExpander;
|
||||
|
||||
@@ -69,6 +71,15 @@
|
||||
}
|
||||
|
||||
static {
|
||||
+ // Initialise here as used by code with system properties disabled
|
||||
+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
|
||||
+ new JavaSecuritySystemConfiguratorAccess() {
|
||||
+ @Override
|
||||
+ public boolean isSystemFipsEnabled() {
|
||||
+ return SystemConfigurator.isSystemFipsEnabled();
|
||||
+ }
|
||||
+ });
|
||||
+
|
||||
// doPrivileged here because there are multiple
|
||||
// things in initialize that might require privs.
|
||||
// (the FileInputStream call and the File.exists call,
|
||||
diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
|
||||
--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
|
||||
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
|
||||
@@ -39,8 +39,6 @@
|
||||
import java.util.Properties;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
-import sun.misc.SharedSecrets;
|
||||
-import sun.misc.JavaSecuritySystemConfiguratorAccess;
|
||||
import sun.security.util.Debug;
|
||||
|
||||
/**
|
||||
@@ -66,16 +64,6 @@
|
||||
|
||||
private static boolean systemFipsEnabled = false;
|
||||
|
||||
- static {
|
||||
- SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
|
||||
- new JavaSecuritySystemConfiguratorAccess() {
|
||||
- @Override
|
||||
- public boolean isSystemFipsEnabled() {
|
||||
- return SystemConfigurator.isSystemFipsEnabled();
|
||||
- }
|
||||
- });
|
||||
- }
|
||||
-
|
||||
/*
|
||||
* Invoked when java.security.Security class is initialized, if
|
||||
* java.security.disableSystemPropertiesFile property is not set and
|
@ -62,7 +62,7 @@
|
||||
%global multilib_arches %{power64} sparc64 x86_64
|
||||
%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
|
||||
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
|
||||
%global jfr_arches x86_64 sparcv9 sparc64 %{aarch64} ${power64}
|
||||
%global jfr_arches %{jit_arches}
|
||||
%global fastdebug_arches x86_64
|
||||
|
||||
# By default, we build a debug build during main build on JIT architectures
|
||||
@ -113,11 +113,8 @@
|
||||
%global bootstrap_build 1
|
||||
%endif
|
||||
|
||||
%if %{bootstrap_build}
|
||||
%global release_targets bootcycle-images zip-docs
|
||||
%else
|
||||
%global release_targets images zip-docs
|
||||
%endif
|
||||
%global bootstrap_targets images
|
||||
%global release_targets images docs-zip
|
||||
# No docs nor bootcycle for debug builds
|
||||
%global debug_targets images
|
||||
|
||||
@ -228,10 +225,31 @@
|
||||
%global origin openjdk
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{origin}
|
||||
|
||||
# Define vendor information used by OpenJDK
|
||||
%global oj_vendor Red Hat, Inc.
|
||||
%global oj_vendor_url "https://www.redhat.com/"
|
||||
# Define what url should JVM offer in case of a crash report
|
||||
# order may be important, epel may have rhel declared
|
||||
%if 0%{?epel}
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel}
|
||||
%else
|
||||
%if 0%{?fedora}
|
||||
# Does not work for rawhide, keeps the version field empty
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
|
||||
%else
|
||||
%if 0%{?rhel}
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
|
||||
%else
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
|
||||
%endif
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||
%global shenandoah_project aarch64-port
|
||||
%global shenandoah_repo jdk8u-shenandoah
|
||||
%global shenandoah_revision aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20
|
||||
%global shenandoah_revision aarch64-shenandoah-jdk8u282-b08
|
||||
# Define old aarch64/jdk8u tree variables for compatibility
|
||||
%global project %{shenandoah_project}
|
||||
%global repo %{shenandoah_repo}
|
||||
@ -247,12 +265,12 @@
|
||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||
# eg jdk8u60-b27 -> b27
|
||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||
%global rpmrelease 2
|
||||
%global rpmrelease 1
|
||||
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
||||
# Release will be (where N is usually a number starting at 1):
|
||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||
# - N%%{?extraver}{?dist} for GA releases
|
||||
%global is_ga 0
|
||||
%global is_ga 1
|
||||
%if %{is_ga}
|
||||
%global milestone fcs
|
||||
%global milestone_version %{nil}
|
||||
@ -275,7 +293,7 @@
|
||||
# images stub
|
||||
%global jdkimage j2sdk-image
|
||||
# output dir stub
|
||||
%define buildoutputdir() %{expand:%{top_level_dir_name}/build/jdk8.build%{?1}}
|
||||
%define buildoutputdir() %{expand:build/jdk8.build%{?1}}
|
||||
# we can copy the javadoc to not arched dir, or make it not noarch
|
||||
%define uniquejavadocdir() %{expand:%{fullversion}%{?1}}
|
||||
# main id and dir of this jdk
|
||||
@ -290,6 +308,7 @@
|
||||
%define jredir() %{expand:%{sdkdir -- %{?1}}/jre}
|
||||
%define sdkbindir() %{expand:%{_jvmdir}/%{sdkdir -- %{?1}}/bin}
|
||||
%define jrebindir() %{expand:%{_jvmdir}/%{jredir -- %{?1}}/bin}
|
||||
%global alt_java_name alt-java
|
||||
|
||||
%global rpm_state_dir %{_localstatedir}/lib/rpm-state/
|
||||
|
||||
@ -336,6 +355,7 @@ ext=.gz
|
||||
alternatives \\
|
||||
--install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
|
||||
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
|
||||
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
|
||||
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
|
||||
--slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\
|
||||
--slave %{_bindir}/orbd orbd %{jrebindir -- %{?1}}/orbd \\
|
||||
@ -348,6 +368,8 @@ alternatives \\
|
||||
--slave %{_bindir}/unpack200 unpack200 %{jrebindir -- %{?1}}/unpack200 \\
|
||||
--slave %{_mandir}/man1/java.1$ext java.1$ext \\
|
||||
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1$ext \\
|
||||
--slave %{_mandir}/man1/%{alt_java_name}.1$ext %{alt_java_name}.1$ext \\
|
||||
%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1$ext \\
|
||||
--slave %{_mandir}/man1/jjs.1$ext jjs.1$ext \\
|
||||
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1$ext \\
|
||||
--slave %{_mandir}/man1/keytool.1$ext keytool.1$ext \\
|
||||
@ -436,7 +458,9 @@ alternatives \\
|
||||
--slave %{_bindir}/jconsole jconsole %{sdkbindir -- %{?1}}/jconsole \\
|
||||
--slave %{_bindir}/jdb jdb %{sdkbindir -- %{?1}}/jdb \\
|
||||
--slave %{_bindir}/jdeps jdeps %{sdkbindir -- %{?1}}/jdeps \\
|
||||
%ifarch %{jfr_arches}
|
||||
--slave %{_bindir}/jfr jfr %{sdkbindir -- %{?1}}/jfr \\
|
||||
%endif
|
||||
--slave %{_bindir}/jhat jhat %{sdkbindir -- %{?1}}/jhat \\
|
||||
--slave %{_bindir}/jinfo jinfo %{sdkbindir -- %{?1}}/jinfo \\
|
||||
--slave %{_bindir}/jmap jmap %{sdkbindir -- %{?1}}/jmap \\
|
||||
@ -595,9 +619,9 @@ exit 0
|
||||
%defattr(-,root,root,-)
|
||||
%dir %{_sysconfdir}/.java/.systemPrefs
|
||||
%dir %{_sysconfdir}/.java
|
||||
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION
|
||||
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
|
||||
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/THIRD_PARTY_README
|
||||
%license %{_jvmdir}/%{jredir -- %{?1}}/ASSEMBLY_EXCEPTION
|
||||
%license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE
|
||||
%license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README
|
||||
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
|
||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}
|
||||
%{_jvmdir}/%{jrelnk -- %{?1}}
|
||||
@ -607,6 +631,7 @@ exit 0
|
||||
%dir %{_jvmdir}/%{jredir -- %{?1}}/bin
|
||||
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib
|
||||
%{_jvmdir}/%{jredir -- %{?1}}/bin/java
|
||||
%{_jvmdir}/%{jredir -- %{?1}}/bin/%{alt_java_name}
|
||||
%{_jvmdir}/%{jredir -- %{?1}}/bin/jjs
|
||||
%{_jvmdir}/%{jredir -- %{?1}}/bin/keytool
|
||||
%{_jvmdir}/%{jredir -- %{?1}}/bin/orbd
|
||||
@ -638,6 +663,7 @@ exit 0
|
||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/logging.properties
|
||||
%{_jvmdir}/%{jredir -- %{?1}}/lib/calendars.properties
|
||||
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1*
|
||||
%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1*
|
||||
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1*
|
||||
%{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1*
|
||||
%{_mandir}/man1/orbd-%{uniquesuffix -- %{?1}}.1*
|
||||
@ -754,9 +780,9 @@ exit 0
|
||||
|
||||
%define files_devel() %{expand:
|
||||
%defattr(-,root,root,-)
|
||||
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/ASSEMBLY_EXCEPTION
|
||||
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/LICENSE
|
||||
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/THIRD_PARTY_README
|
||||
%license %{_jvmdir}/%{sdkdir -- %{?1}}/ASSEMBLY_EXCEPTION
|
||||
%license %{_jvmdir}/%{sdkdir -- %{?1}}/LICENSE
|
||||
%license %{_jvmdir}/%{sdkdir -- %{?1}}/THIRD_PARTY_README
|
||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/bin
|
||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/include
|
||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib
|
||||
@ -768,6 +794,7 @@ exit 0
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jar
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jarsigner
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/java
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/%{alt_java_name}
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javac
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javadoc
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/javah
|
||||
@ -777,7 +804,9 @@ exit 0
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jconsole
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdb
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeps
|
||||
%ifarch %{jfr_arches}
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jfr
|
||||
%endif
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhat
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jjs
|
||||
@ -918,8 +947,9 @@ Provides: java%{?1} = %{epoch}:%{javaver}
|
||||
Requires: ca-certificates
|
||||
# Require javapackages-filesystem for ownership of /usr/lib/jvm/
|
||||
Requires: javapackages-filesystem
|
||||
# Require zone-info data provided by tzdata-java sub-package
|
||||
Requires: tzdata-java >= 2015d
|
||||
# Require zoneinfo data provided by tzdata-java subpackage.
|
||||
# 2020b required as of JDK-8254177 in October CPU
|
||||
Requires: tzdata-java >= 2020b
|
||||
# libsctp.so.1 is being `dlopen`ed on demand
|
||||
Requires: lksctp-tools%{?_isa}
|
||||
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
|
||||
@ -1109,6 +1139,9 @@ Source20: repackReproduciblePolycies.sh
|
||||
Source100: config.guess
|
||||
Source101: config.sub
|
||||
|
||||
# Ensure vendor settings are correct
|
||||
Source16: CheckVendor.java
|
||||
|
||||
############################################
|
||||
#
|
||||
# RPM/distribution specific patches
|
||||
@ -1127,10 +1160,18 @@ Patch3: rh1648644-java_access_bridge_privileged_security.patch
|
||||
Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch
|
||||
# RH1648249: Add PKCS11 provider to java.security
|
||||
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
|
||||
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
|
||||
Patch1003: rh1582504-rsa_default_for_keytool.patch
|
||||
|
||||
# FIPS support patches
|
||||
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
|
||||
Patch1001: rh1655466-global_crypto_and_fips.patch
|
||||
# RH1760838: No ciphersuites available for SSLSocket in FIPS mode
|
||||
Patch1002: rh1760838-fips_default_keystore_type.patch
|
||||
# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
|
||||
Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
|
||||
# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
|
||||
Patch1005: rh1906862-always_initialise_configurator_access.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1150,8 +1191,6 @@ Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch
|
||||
Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
|
||||
# PR3083, RH1346460: Regression in SSL debug output without an ECC provider
|
||||
Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
|
||||
# PR3601: Fix additional -Wreturn-type issues introduced by 8061651
|
||||
Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
|
||||
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
|
||||
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
|
||||
Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
|
||||
@ -1159,9 +1198,10 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav
|
||||
Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
||||
# PR3655: Allow use of system crypto policy to be disabled by the user
|
||||
Patch401: pr3655-toggle_system_crypto_policy.patch
|
||||
# RH1566890: CVE-2018-3639
|
||||
Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch
|
||||
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
|
||||
# RH1868759: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer
|
||||
Patch540: rh1868759-pkcs11_cancel_on_failure.patch
|
||||
# enable build of speculative store bypass hardened alt-java
|
||||
Patch600: rh1750419-redhat_alt_java.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1178,8 +1218,6 @@ Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
|
||||
Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch
|
||||
# x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround)
|
||||
Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
|
||||
# AArch64: PR3519: Fix further functions with a missing return value (AArch64)
|
||||
Patch106: pr3519-fix_further_functions_with_a_missing_return_value.patch
|
||||
# S390 ambiguous log2_intptr calls
|
||||
Patch107: s390-8214206_fix.patch
|
||||
|
||||
@ -1195,31 +1233,23 @@ Patch107: s390-8214206_fix.patch
|
||||
# S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary
|
||||
# This fixes printf warnings that lead to build failure with -Werror=format-security from optflags
|
||||
Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch
|
||||
# S8154313: Generated javadoc scattered all over the place
|
||||
Patch578: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch
|
||||
# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
|
||||
Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch
|
||||
# 8143245, PR3548: Zero build requires disabled warnings
|
||||
Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch
|
||||
# 8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8
|
||||
Patch575: jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch
|
||||
# 8062808, PR3548: Turn on the -Wreturn-type warning
|
||||
Patch577: jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch
|
||||
# s390: JDK-8203030, Type fixing for s390
|
||||
Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
|
||||
# 8035341: Allow using a system installed libpng
|
||||
Patch202: jdk8035341-allow_using_system_installed_libpng.patch
|
||||
# 8042159: Allow using a system-installed lcms2
|
||||
Patch203: jdk8042159-allow_using_system_installed_lcms2.patch
|
||||
# JDK-8165996, PR3506, RH1760437: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
|
||||
# RPM version excludes binary diffs and a patch to PKCS11Test.java which creates a lengthy bug trail
|
||||
Patch579: jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch
|
||||
Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
|
||||
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
|
||||
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
|
||||
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
# Patches appearing in 8u222
|
||||
# Patches appearing in 8u282
|
||||
#
|
||||
# This section includes patches which are present
|
||||
# in the listed OpenJDK 8u release and should be
|
||||
@ -1302,7 +1332,8 @@ BuildRequires: java-1.8.0-openjdk-devel
|
||||
%ifnarch %{jit_arches}
|
||||
BuildRequires: libffi-devel
|
||||
%endif
|
||||
BuildRequires: tzdata-java >= 2015d
|
||||
# 2020b required as of JDK-8254177 in October CPU
|
||||
BuildRequires: tzdata-java >= 2020b
|
||||
# Earlier versions have a bug in tree vectorization on PPC
|
||||
BuildRequires: gcc >= 4.8.3-8
|
||||
|
||||
@ -1608,6 +1639,7 @@ sh %{SOURCE12}
|
||||
%patch201
|
||||
%patch202
|
||||
%patch203
|
||||
%patch204
|
||||
|
||||
# System security policy fixes
|
||||
%patch400
|
||||
@ -1623,7 +1655,6 @@ sh %{SOURCE12}
|
||||
%patch107
|
||||
|
||||
# AArch64 fixes
|
||||
%patch106
|
||||
|
||||
# x86 fixes
|
||||
%patch105
|
||||
@ -1632,24 +1663,22 @@ sh %{SOURCE12}
|
||||
%patch502
|
||||
%patch504
|
||||
%patch512
|
||||
%patch578
|
||||
%patch523
|
||||
%patch528
|
||||
%patch530
|
||||
%patch529
|
||||
%patch531
|
||||
%patch571
|
||||
%patch574
|
||||
%patch575
|
||||
%patch577
|
||||
%patch579
|
||||
%patch580
|
||||
%patch539
|
||||
%patch540
|
||||
|
||||
# RPM-only fixes
|
||||
%patch539
|
||||
%patch600
|
||||
%patch1000
|
||||
%patch1001
|
||||
%patch1002
|
||||
%patch1003
|
||||
%patch1004
|
||||
%patch1005
|
||||
|
||||
# RHEL-only patches
|
||||
%if ! 0%{?fedora} && 0%{?rhel} <= 7
|
||||
@ -1745,23 +1774,31 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
|
||||
bash ./autogen.sh
|
||||
)
|
||||
|
||||
for suffix in %{build_loop} ; do
|
||||
if [ "x$suffix" = "x" ] ; then
|
||||
debugbuild=release
|
||||
else
|
||||
# change --something to something
|
||||
debugbuild=`echo $suffix | sed "s/-//g"`
|
||||
fi
|
||||
function buildjdk() {
|
||||
local outputdir=${1}
|
||||
local buildjdk=${2}
|
||||
local maketargets=${3}
|
||||
local debuglevel=${4}
|
||||
|
||||
# Variable used in hs_err hook on build failures
|
||||
top_dir_abs_path=$(pwd)/%{top_level_dir_name}
|
||||
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
|
||||
# Variable used in hs_err hook on build failures
|
||||
local top_builddir_abs_path=$(pwd)/${outputdir}
|
||||
|
||||
mkdir -p %{buildoutputdir -- $suffix}
|
||||
pushd %{buildoutputdir -- $suffix}
|
||||
echo "Using output directory: ${outputdir}";
|
||||
echo "Checking build JDK ${buildjdk} is operational..."
|
||||
${buildjdk}/bin/java -version
|
||||
echo "Using make targets: ${maketargets}"
|
||||
echo "Using debuglevel: ${debuglevel}"
|
||||
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
|
||||
|
||||
bash ../../configure \
|
||||
mkdir -p ${outputdir}
|
||||
pushd ${outputdir}
|
||||
|
||||
bash ${top_srcdir_abs_path}/configure \
|
||||
%ifarch %{jfr_arches}
|
||||
--enable-jfr \
|
||||
%else
|
||||
--disable-jfr \
|
||||
%endif
|
||||
%ifnarch %{jit_arches}
|
||||
--with-jvm-variants=zero \
|
||||
@ -1770,8 +1807,12 @@ bash ../../configure \
|
||||
--with-milestone=%{milestone} \
|
||||
--with-update-version=%{updatever} \
|
||||
--with-build-number=%{buildver} \
|
||||
--with-boot-jdk=/usr/lib/jvm/java-openjdk \
|
||||
--with-debug-level=$debugbuild \
|
||||
--with-vendor-name="%{oj_vendor}" \
|
||||
--with-vendor-url="%{oj_vendor_url}" \
|
||||
--with-vendor-bug-url="%{oj_vendor_bug_url}" \
|
||||
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
|
||||
--with-boot-jdk=${buildjdk} \
|
||||
--with-debug-level=${debuglevel} \
|
||||
--enable-unlimited-crypto \
|
||||
--with-zlib=system \
|
||||
--with-libjpeg=system \
|
||||
@ -1785,8 +1826,44 @@ bash ../../configure \
|
||||
--with-extra-ldflags="%{ourldflags}" \
|
||||
--with-num-cores="$NUM_PROC"
|
||||
|
||||
cat spec.gmk
|
||||
cat hotspot-spec.gmk
|
||||
cat spec.gmk
|
||||
cat hotspot-spec.gmk
|
||||
|
||||
make \
|
||||
JAVAC_FLAGS=-g \
|
||||
LOG=trace \
|
||||
SCTP_WERROR= \
|
||||
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
|
||||
|
||||
# the build (erroneously) removes read permissions from some jars
|
||||
# this is a regression in OpenJDK 7 (our compiler):
|
||||
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
|
||||
find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
|
||||
chmod ugo+r images/%{jdkimage}/lib/ct.sym
|
||||
|
||||
# remove redundant *diz and *debuginfo files
|
||||
find images/%{jdkimage} -iname '*.diz' -exec rm -v {} \;
|
||||
find images/%{jdkimage} -iname '*.debuginfo' -exec rm -v {} \;
|
||||
|
||||
# Build screws up permissions on binaries
|
||||
# https://bugs.openjdk.java.net/browse/JDK-8173610
|
||||
find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
|
||||
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
|
||||
|
||||
popd >& /dev/null
|
||||
}
|
||||
|
||||
for suffix in %{build_loop} ; do
|
||||
if [ "x$suffix" = "x" ] ; then
|
||||
debugbuild=release
|
||||
else
|
||||
# change --something to something
|
||||
debugbuild=`echo $suffix | sed "s/-//g"`
|
||||
fi
|
||||
|
||||
systemjdk=/usr/lib/jvm/java-openjdk
|
||||
builddir=%{buildoutputdir -- $suffix}
|
||||
bootbuilddir=boot${builddir}
|
||||
|
||||
# Debug builds don't need same targets as release for
|
||||
# build speed-up
|
||||
@ -1794,28 +1871,14 @@ maketargets="%{release_targets}"
|
||||
if echo $debugbuild | grep -q "debug" ; then
|
||||
maketargets="%{debug_targets}"
|
||||
fi
|
||||
make \
|
||||
JAVAC_FLAGS=-g \
|
||||
LOG=trace \
|
||||
SCTP_WERROR= \
|
||||
$maketargets || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false )
|
||||
|
||||
# the build (erroneously) removes read permissions from some jars
|
||||
# this is a regression in OpenJDK 7 (our compiler):
|
||||
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
|
||||
find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
|
||||
chmod ugo+r images/%{jdkimage}/lib/ct.sym
|
||||
|
||||
# remove redundant *diz and *debuginfo files
|
||||
find images/%{jdkimage} -iname '*.diz' -exec rm {} \;
|
||||
find images/%{jdkimage} -iname '*.debuginfo' -exec rm {} \;
|
||||
|
||||
# Build screws up permissions on binaries
|
||||
# https://bugs.openjdk.java.net/browse/JDK-8173610
|
||||
find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
|
||||
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
|
||||
|
||||
popd >& /dev/null
|
||||
%if %{bootstrap_build}
|
||||
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
|
||||
buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
|
||||
rm -rf ${bootbuilddir}
|
||||
%else
|
||||
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
|
||||
%endif
|
||||
|
||||
# Install nss.cfg right away as we will be using the JRE above
|
||||
export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
|
||||
@ -1830,6 +1893,12 @@ install -m 644 nss.fips.cfg $JAVA_HOME/jre/lib/security/
|
||||
rm $JAVA_HOME/jre/lib/tzdb.dat
|
||||
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat
|
||||
|
||||
# add alt-java man page
|
||||
pushd ${JAVA_HOME}
|
||||
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
|
||||
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
|
||||
popd
|
||||
|
||||
# build cycles
|
||||
done
|
||||
|
||||
@ -1848,6 +1917,10 @@ $JAVA_HOME/bin/java TestCryptoLevel
|
||||
$JAVA_HOME/bin/javac -d . %{SOURCE14}
|
||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
|
||||
|
||||
# Check correct vendor values have been set
|
||||
$JAVA_HOME/bin/javac -d . %{SOURCE16}
|
||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
|
||||
|
||||
# Check debug symbols are present and can identify code
|
||||
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
|
||||
do
|
||||
@ -1941,9 +2014,9 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien
|
||||
|
||||
# Install main files.
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
cp -a bin include lib src.zip $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
|
||||
cp -a jre/bin jre/lib $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
|
||||
cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
|
||||
|
||||
%if %{with_systemtap}
|
||||
# Install systemtap support files
|
||||
@ -2046,6 +2119,13 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
|
||||
| sed 's|'$RPM_BUILD_ROOT'||' \
|
||||
| sed 's|^|%doc |' \
|
||||
>> %{name}-demo.files"$suffix"
|
||||
# Find documentation directories.
|
||||
find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
|
||||
$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/sample \
|
||||
-type d | sort \
|
||||
| sed 's|'$RPM_BUILD_ROOT'||' \
|
||||
| sed 's|^|%dir |' \
|
||||
>> %{name}-demo.files"$suffix"
|
||||
|
||||
# Create links which leads to separately installed java-atk-bridge and allow configuration
|
||||
# links points to java-atk-wrapper - an dependence
|
||||
@ -2298,6 +2378,267 @@ require "copy_jdk_configs.lua"
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b08-1
|
||||
- Update to aarch64-shenandoah-jdk8u282-b08 (GA)
|
||||
- Update release notes for 8u282-b08.
|
||||
- Resolves: rhbz#1908967
|
||||
|
||||
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b07-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u282-b07 (EA)
|
||||
- Update release notes for 8u282-b07.
|
||||
- Fix placement issue in release notes, caught by comparing with vanilla version.
|
||||
- Resolves: rhbz#1903904
|
||||
|
||||
* Wed Jan 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b06-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u282-b06 (EA)
|
||||
- Update release notes for 8u282-b06.
|
||||
- Resolves: rhbz#1903904
|
||||
|
||||
* Mon Jan 11 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b05-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u282-b05 (EA)
|
||||
- Update release notes for 8u282-b05 and make some minor corrections.
|
||||
- Resolves: rhbz#1903904
|
||||
|
||||
* Wed Jan 06 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b04-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u282-b04 (EA)
|
||||
- Update release notes for 8u282-b04.
|
||||
- Remove upstreamed patch PR3519
|
||||
- Resolves: rhbz#1903904
|
||||
|
||||
* Sat Jan 02 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b03-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u282-b03 (EA)
|
||||
- Update release notes for 8u282-b03.
|
||||
- Resolves: rhbz#1903904
|
||||
|
||||
* Fri Dec 18 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b02-0.2.ea
|
||||
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs.
|
||||
- Resolves: rhbz#1906862
|
||||
|
||||
* Wed Dec 16 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b02-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u282-b02 (EA)
|
||||
- Update release notes for 8u282-b02.
|
||||
- Resolves: rhbz#1903904
|
||||
|
||||
* Mon Dec 07 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b01-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u282-b01 (EA)
|
||||
- Update release notes for 8u282-b01.
|
||||
- Switch to EA mode.
|
||||
- Require tzdata 2020b due to resource changes in JDK-8254177
|
||||
- Remove PR3601, covered upstream by JDK-8062808.
|
||||
- Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727.
|
||||
- Extend RH1750419 alt-java fix to include external debuginfo, following JDK-8252395
|
||||
- Resolves: rhbz#1903904
|
||||
|
||||
* Fri Nov 27 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.275.b01-3
|
||||
- added patch600, rh1750419-redhat_alt_java.patch
|
||||
- Replaced alt-java palceholder by real pathced alt-java
|
||||
- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch
|
||||
- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
|
||||
- both suprassed by new patch
|
||||
- Resolves: rhbz#1750419
|
||||
|
||||
* Fri Nov 06 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.275.b01-2
|
||||
- Update to aarch64-shenandoah-jdk8u275-b01 (GA)
|
||||
- Update release notes for 8u275.
|
||||
- Remove JDK-8223940/RH1892216 backport now included in upstream 8u275.
|
||||
- Remove JDK-8236512/RH1889414 backport now included in upstream 8u275.
|
||||
- Resolves: rhbz#1895060
|
||||
|
||||
* Fri Oct 30 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-6
|
||||
- Add backport of JDK-8223940: "Private key not supported by chosen signature algorithm" to handle lack of provider RSAPSS support
|
||||
- Resolves: rhbz#1892216
|
||||
|
||||
* Fri Oct 30 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.272.b10-5
|
||||
- Added gating test for ipa server
|
||||
- Resolves: rhbz#1892216
|
||||
|
||||
* Thu Oct 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-4
|
||||
- Bump release number to build on RHEL 8.4.0 branch.
|
||||
- Resolves: rhbz#1876665
|
||||
- Resolves: rhbz#1889414
|
||||
|
||||
* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-3
|
||||
- Add backport of JDK-8236512 to correct use of killSession
|
||||
- Resolves: rhbz#1889414
|
||||
|
||||
* Tue Oct 20 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-2
|
||||
- Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour"
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Sat Oct 17 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b10-1
|
||||
- Update to aarch64-shenandoah-jdk8u272-b10.
|
||||
- Switch to GA mode for final release.
|
||||
- Update release notes for 8u272 release.
|
||||
- Add backport of JDK-8254177 to update to tzdata 2020b
|
||||
- Require tzdata 2020b due to resource changes in JDK-8254177
|
||||
- Delay tzdata 2020b dependency until tzdata update has shipped.
|
||||
- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302
|
||||
- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955
|
||||
- This tarball is embargoed until 2020-10-20 @ 1pm PT.
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b09-0.2.ea
|
||||
- Include a test in the RPM to check the build has the correct vendor information.
|
||||
- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value.
|
||||
- Improve quoting of vendor name
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Thu Oct 15 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.272.b09-0.2.ea
|
||||
- Set vendor property and vendor URLs
|
||||
- Made URLs to be preconfigured by OS
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b09-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b09 (EA).
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Tue Oct 13 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b08-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b08 (EA).
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Tue Oct 13 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b07-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b07 (EA).
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Mon Oct 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b06-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b06.
|
||||
- Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3)
|
||||
- Remove JDK-8165996/PR3506/RH1760437 & JDK-8251117/RH1860990 as now applied upstream.
|
||||
- Replace JDK-8223482/RH1860965 with RH1860986 (disable TLSv1.3 when using the NSS-FIPS provider)
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Mon Oct 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b05-0.3.ea
|
||||
- Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Thu Oct 08 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b05-0.2.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28.
|
||||
- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Thu Oct 08 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b05-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b05.
|
||||
- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Wed Oct 07 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b04-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b04.
|
||||
- Update tarball generation script to use PR3795, following inclusion of JDK-8177334
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b03-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b03.
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b02-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b02.
|
||||
- Remove JDK-8154313 backport now applied upstream.
|
||||
- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream.
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.272.b01-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u272-b01.
|
||||
- Switch to EA mode.
|
||||
- Add debugging output for build.
|
||||
- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default.
|
||||
- Resolves: rhbz#1876665
|
||||
|
||||
* Thu Sep 17 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-4
|
||||
- Add patch to cancel PKCS#11 operations on failure (RH1868759)
|
||||
- Resolves: rhbz#1868759
|
||||
|
||||
* Tue Aug 25 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-3
|
||||
- Add backport of JDK-8251117 to allow key length to be retrieved from PKCS#11 FIPS keys
|
||||
- Resolves: rhbz#1860993
|
||||
|
||||
* Tue Aug 25 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-2
|
||||
- Add backport of JDK-8223482 so PKCS#11 FIPS provider does not offer unsupported ciphers.
|
||||
- Resolves: rhbz#1860965
|
||||
|
||||
* Mon Jul 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.265.b01-1
|
||||
- Update to aarch64-shenandoah-jdk8u265-b01.
|
||||
- Update release notes for 8u265 release.
|
||||
- Resolves: rhbz#1860453
|
||||
|
||||
* Mon Jul 27 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.262.b10-3
|
||||
- ASSEMBLY_EXCEPTION LICENSE THIRD_PARTY_README moved to fully versioned dirs
|
||||
- Resolves: rhbz#1831665
|
||||
|
||||
* Thu Jul 16 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b10-2
|
||||
- Remove issues in NEWS file duplicated between 8u252 & 8u262 releases.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Sun Jul 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b10-1
|
||||
- Update to aarch64-shenandoah-jdk8u262-b10.
|
||||
- Switch to GA mode for final release.
|
||||
- Update release notes for 8u262 release.
|
||||
- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded.
|
||||
- Split JDK-8042159 patch into per-repo patches as upstream.
|
||||
- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Sat Jul 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.3.ea
|
||||
- Restructure the build so a minimal initial build is then used for the final build (with docs)
|
||||
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Fri Jul 10 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.2.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Fri Jul 10 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.1.ea
|
||||
- With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Thu Jul 09 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b09-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b09.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Wed Jul 08 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b08-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b08.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Tue Jul 07 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b07-0.3.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Sun Jul 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b07-0.2.ea
|
||||
- Sync alt-java support with java-11-openjdk version.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Sat Jul 04 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.262.b07-0.2.ea
|
||||
- Created copy of java as alt-java and adapted alternatives and man pages
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Fri Jul 03 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b07-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b07.
|
||||
- Require tzdata 2020a so system tzdata matches resource updates in b07
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Tue Jun 30 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b06-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b06.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Mon Jun 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.4.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Mon Jun 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.3.ea
|
||||
- Add directories to files directive for demo package.
|
||||
- Resolves: rhbz#1649801
|
||||
|
||||
* Sun Jun 28 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.2.ea
|
||||
- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
|
||||
- Resolves: rhbz#1582504
|
||||
|
||||
* Sat Jun 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b05-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b05.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Fri Jun 26 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b04-0.1.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b04.
|
||||
- Resolves: rhbz#1838811
|
||||
|
||||
* Wed Jun 24 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b03-0.2.ea
|
||||
- Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20.
|
||||
- Resolves: rhbz#1838811
|
||||
|
Loading…
Reference in New Issue
Block a user