Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/java-1.8.0-openjdk.git#f40d1185163fbdbe6cedd0b04dabc7d20e436f5a
This commit is contained in:
DistroBaker 2020-12-18 21:35:56 +00:00
parent 64af1e4cdd
commit 1406e35ef0
4 changed files with 128 additions and 108 deletions

View File

@ -260,7 +260,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 1 %global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases) # Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases, # - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -1286,9 +1286,6 @@ Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch
Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
# PR3083, RH1346460: Regression in SSL debug output without an ECC provider # PR3083, RH1346460: Regression in SSL debug output without an ECC provider
Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
# RH1566890: CVE-2018-3639
Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
# PR3601: Fix additional -Wreturn-type issues introduced by 8061651 # PR3601: Fix additional -Wreturn-type issues introduced by 8061651
Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) # PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
@ -1298,6 +1295,8 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav
Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# PR3655: Allow use of system crypto policy to be disabled by the user # PR3655: Allow use of system crypto policy to be disabled by the user
Patch401: pr3655-toggle_system_crypto_policy.patch Patch401: pr3655-toggle_system_crypto_policy.patch
# enable build of spectre/meltdown hardened alt-java
Patch600: rh1750419-redhat_alt_java.patch
# JDK-8218811: replace open by os::open in hotspot coding # JDK-8218811: replace open by os::open in hotspot coding
# This fixes a GCC 10 build issue # This fixes a GCC 10 build issue
Patch111: jdk8218811-perfMemory_linux.patch Patch111: jdk8218811-perfMemory_linux.patch
@ -1725,8 +1724,6 @@ sh %{SOURCE12}
%patch512 %patch512
%patch523 %patch523
%patch528 %patch528
%patch529
%patch531
%patch530 %patch530
%patch571 %patch571
%patch574 %patch574
@ -1738,6 +1735,7 @@ sh %{SOURCE12}
# RPM-only fixes # RPM-only fixes
%patch539 %patch539
%patch600
%patch1000 %patch1000
# RHEL-only patches # RHEL-only patches
@ -1941,11 +1939,8 @@ install -m 644 nss.cfg $JAVA_HOME/jre/lib/security/
rm $JAVA_HOME/jre/lib/tzdb.dat rm $JAVA_HOME/jre/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat
# Create fake alt-java as a placeholder for future alt-java
pushd ${JAVA_HOME}
cp -a jre/bin/java jre/bin/%{alt_java_name}
cp -a bin/java bin/%{alt_java_name}
# add alt-java man page # add alt-java man page
pushd ${JAVA_HOME}
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd popd
@ -2425,6 +2420,14 @@ require "copy_jdk_configs.lua"
%endif %endif
%changelog %changelog
* Fri Nov 27 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.275.b01-2
- added patch600, rh1750419-redhat_alt_java.patch
- Replaced alt-java palceholder by real pathced alt-java
- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch
- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
- both suprassed by new patch
* Mon Nov 23 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.275.b01-1 * Mon Nov 23 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.275.b01-1
- Created copy of java as alt-java and adapted alternatives and man pages - Created copy of java as alt-java and adapted alternatives and man pages

View File

@ -1,44 +0,0 @@
diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp
+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp
@@ -103,6 +103,8 @@
# include <inttypes.h>
# include <sys/ioctl.h>
+#include <sys/prctl.h>
+
PRAGMA_FORMAT_MUTE_WARNINGS_FOR_GCC
#ifndef _GNU_SOURCE
@@ -4997,6 +4999,31 @@
}
}
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+#define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+#define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+# undef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+# undef PR_SPEC_NOT_AFFECTED
+# undef PR_SPEC_PRCTL
+# undef PR_SPEC_ENABLE
+# undef PR_SPEC_DISABLE
+# define PR_SPEC_NOT_AFFECTED 0
+# define PR_SPEC_PRCTL (1UL << 0)
+# define PR_SPEC_ENABLE (1UL << 1)
+# define PR_SPEC_DISABLE (1UL << 2)
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
// this is called _before_ most of the global arguments have been parsed
void os::init(void) {
char dummy; /* used to get a guess on initial stack address */

View File

@ -1,54 +0,0 @@
diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp
--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp
+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp
@@ -5001,26 +5001,43 @@
/* Per task speculation control */
#ifndef PR_GET_SPECULATION_CTRL
-#define PR_GET_SPECULATION_CTRL 52
+# define PR_GET_SPECULATION_CTRL 52
#endif
#ifndef PR_SET_SPECULATION_CTRL
-#define PR_SET_SPECULATION_CTRL 53
+# define PR_SET_SPECULATION_CTRL 53
#endif
/* Speculation control variants */
-# undef PR_SPEC_STORE_BYPASS
+#ifndef PR_SPEC_STORE_BYPASS
# define PR_SPEC_STORE_BYPASS 0
+#endif
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
-# undef PR_SPEC_NOT_AFFECTED
-# undef PR_SPEC_PRCTL
-# undef PR_SPEC_ENABLE
-# undef PR_SPEC_DISABLE
+
+#ifndef PR_SPEC_NOT_AFFECTED
# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
static void set_speculation() __attribute__((constructor));
static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
}

View File

@ -0,0 +1,115 @@
diff -r 25e94aa812b2 make/CompileLaunchers.gmk
--- openjdk/jdk/make/CompileLaunchers.gmk Wed Feb 05 12:20:36 2020 -0300
+++ openjdk/jdk/make/CompileLaunchers.gmk Tue Jun 02 17:15:28 2020 +0100
@@ -234,6 +234,20 @@
BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/java$(EXE_SUFFIX)
+$(eval $(call SetupLauncher,alt-java, \
+ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \
+ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
+ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
+
+$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX): $(BUILD_LAUNCHER_alt-java)
+ $(MKDIR) -p $(@D)
+ $(RM) $@
+ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) $@
+
+ifeq ($(OPENJDK_TARGET_OS), linux)
+ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX)
+endif
+
ifeq ($(OPENJDK_TARGET_OS), windows)
$(eval $(call SetupLauncher,javaw, \
-DJAVAW -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \
diff -r 25e94aa812b2 src/share/bin/alt_main.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ openjdk/jdk/src/share/bin/alt_main.h Tue Jun 02 17:15:28 2020 +0100
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#ifdef REDHAT_ALT_JAVA
+
+#include <sys/prctl.h>
+
+
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+# define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+# define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+#ifndef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+#endif
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+
+#ifndef PR_SPEC_NOT_AFFECTED
+# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
+# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
+# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
+# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
+#endif // REDHAT_ALT_JAVA
diff -r 25e94aa812b2 src/share/bin/main.c
--- openjdk/jdk/src/share/bin/main.c Wed Feb 05 12:20:36 2020 -0300
+++ openjdk/jdk/src/share/bin/main.c Tue Jun 02 17:15:28 2020 +0100
@@ -32,6 +32,10 @@
#include "defines.h"
+#if defined(linux) && defined(__x86_64)
+#include "alt_main.h"
+#endif
+
#ifdef _MSC_VER
#if _MSC_VER > 1400 && _MSC_VER < 1600