rpms/java-1.8.0-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import java-1.8.0-openjdk-1.8.0.262.b03-0.2.ea.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-07-28 10:04:24 -04:00 committed by Stepan Oksanichenko
parent 004dfac25d
commit 14f10e9895
15 changed files with 1023 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b09.tar.xz
SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

4
.java-1.8.0-openjdk.metadata
View File

@ -1,2 +1,2 @@
ca59ed55769893ca7a5bcff04612141f696ea2e9 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b09.tar.xz
cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
57112674fa8d81e4b09c1eec880ed362a7f98a67 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

113
SOURCES/NEWS Normal file
View File

@ -0,0 +1,113 @@
Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u252 (2020-04-14):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/oj8u252
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
* Security fixes
- JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- JDK-8225603: Enhancement for big integers
- JDK-8227542: Manifest improved jar headers
- JDK-8231415, CVE-2020-2773: Better signatures in XML
- JDK-8233250: Better X11 rendering
- JDK-8233410: Better Build Scripting
- JDK-8234027: Better JCEKS key support
- JDK-8234408, CVE-2020-2781: Improve TLS session handling
- JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- JDK-8235274, CVE-2020-2805: Enhance typing of methods
- JDK-8236201, CVE-2020-2830: Better Scanner conversions
- JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
* Other changes
- JDK-8005819: Support cross-realm MSSFU
- JDK-8022263: use same Clang warnings on BSD as on Linux
- JDK-8038631: Create wrapper for awt.Robot with additional functionality
- JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
- JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
- JDK-8068184: Fix for JDK-8032832 caused a deadlock
- JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
- JDK-8132130: some docs cleanup
- JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
- JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
- JDK-8144446: Automate the Marlin crash test
- JDK-8144526: Remove Marlin logging use of deleted internal API
- JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
- JDK-8144654: Improve Marlin logging
- JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
- JDK-8166976: TestCipherPBECons has wrong @run line
- JDK-8167409: Invalid value passed to critical JNI function
- JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
- JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
- JDK-8191227: issues with unsafe handle resolution
- JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
- JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
- JDK-8215756: Memory leaks in the AWT on macOS
- JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
- JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
- JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
- JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
- JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
- JDK-8229022: BufferedReader performance can be improved by using StringBuilder
- JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
- JDK-8229872: (fs) Increase buffer size used with getmntent
- JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
- JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
- JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
- JDK-8235904: Infinite loop when rendering huge lines
- JDK-8236179: C1 register allocation error with T_ADDRESS
- JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
- JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
- JDK-8241296: Segfault in JNIHandleBlock::oops_do()
- JDK-8241307: Marlin renderer should not be the default in 8u252
Notes on individual issues:
===========================
hotspot/svc:
JDK-8174881: Binary format for HPROF updated
============================================
When dumping the heap in binary format, HPROF format 1.0.2 is always
used now. Previously, format 1.0.1 was used for heaps smaller than
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
serviceability agent.
security-libs/java.security:
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
====================================================================================
The SunRsaSign and SunJCE providers have been enhanced with support
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
signature and OAEP using FIPS 180-4 digest algorithms. New
constructors and methods have been added to relevant JCA/JCE classes
under the `java.security.spec` and `javax.crypto.spec` packages for
supporting additional RSASSA-PSS parameters.
security-libs/javax.crypto:
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
============================================================
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
security-libs/javax.security:
JDK-8227564: Allow SASL Mechanisms to Be Restricted
===================================================
A security property named `jdk.sasl.disabledMechanisms` has been added
that can be used to disable SASL mechanisms. Any disabled mechanism
will be ignored if it is specified in the `mechanisms` argument of
`Sasl.createSaslClient` or the `mechanism` argument of
`Sasl.createSaslServer`. The default value for this security property
is empty, which means that no mechanisms are disabled out-of-the-box.

8
SOURCES/jconsole.desktop.in
View File

@ -1,8 +1,8 @@
[Desktop Entry]
Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@
Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@
Exec=@JAVA_HOME@/jconsole
Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
Comment=Monitor and manage OpenJDK applications
Exec=_SDKBINDIR_/jconsole
Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-tools-jconsole-JConsole

2
SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch
View File

@ -145,4 +145,4 @@ diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/thread_linux_zero.hpp o
+ return false; // silence compile warning
}
// These routines are only used on cpu architectures that
bool pd_get_top_frame_for_profiling(frame* fr_addr,

257
SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch Normal file
View File

@ -0,0 +1,257 @@
# HG changeset patch
# User weijun
# Date 1513099798 -28800
# Wed Dec 13 01:29:58 2017 +0800
# Node ID aa8f2e25f003feddf362892b2820fa2839c854b6
# Parent 9ebb70cb99a472b5fee9ac08240b7979468c2fa5
8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
Reviewed-by: weijun
Contributed-by: Martin Balao <mbalao@redhat.com>
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
@@ -196,13 +196,23 @@
}
if (configDir != null) {
- File configBase = new File(configDir);
- if (configBase.isDirectory() == false ) {
- throw new IOException("configDir must be a directory: " + configDir);
+ String configDirPath = null;
+ String sqlPrefix = "sql:/";
+ if (!configDir.startsWith(sqlPrefix)) {
+ configDirPath = configDir;
+ } else {
+ StringBuilder configDirPathSB = new StringBuilder(configDir);
+ configDirPath = configDirPathSB.substring(sqlPrefix.length());
}
- File secmodFile = new File(configBase, "secmod.db");
- if (secmodFile.isFile() == false) {
- throw new FileNotFoundException(secmodFile.getPath());
+ File configBase = new File(configDirPath);
+ if (configBase.isDirectory() == false ) {
+ throw new IOException("configDir must be a directory: " + configDirPath);
+ }
+ if (!configDir.startsWith(sqlPrefix)) {
+ File secmodFile = new File(configBase, "secmod.db");
+ if (secmodFile.isFile() == false) {
+ throw new FileNotFoundException(secmodFile.getPath());
+ }
}
}
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
@@ -0,0 +1,8 @@
+// How to create key4.db and cert9.db
+cd <path-for-db>
+echo "" > 1
+echo "test12" > 2
+modutil -create -force -dbdir sql:/$(pwd)
+modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/$(pwd)
+modutil -changepw "NSS Certificate DB" -force -dbdir sql:/$(pwd) -pwfile $(pwd)/1 -newpwfile $(pwd)/2
+
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8165996
+ * @summary Test NSS DB Sqlite
+ * @library ../
+ * @modules java.base/sun.security.rsa
+ * java.base/sun.security.provider
+ * java.base/sun.security.jca
+ * java.base/sun.security.tools.keytool
+ * java.base/sun.security.x509
+ * java.base/com.sun.crypto.provider
+ * jdk.crypto.cryptoki/sun.security.pkcs11:+open
+ * @run main/othervm/timeout=120 TestNssDbSqlite
+ * @author Martin Balao (mbalao@redhat.com)
+ */
+
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.Signature;
+
+import sun.security.rsa.SunRsaSign;
+import sun.security.jca.ProviderList;
+import sun.security.jca.Providers;
+import sun.security.tools.keytool.CertAndKeyGen;
+import sun.security.x509.X500Name;
+
+public final class TestNssDbSqlite extends SecmodTest {
+
+ private static final boolean enableDebug = true;
+
+ private static Provider sunPKCS11NSSProvider;
+ private static Provider sunRsaSignProvider;
+ private static Provider sunJCEProvider;
+ private static KeyStore ks;
+ private static char[] passphrase = "test12".toCharArray();
+ private static PrivateKey privateKey;
+ private static Certificate certificate;
+
+ public static void main(String[] args) throws Exception {
+
+ initialize();
+
+ if (enableDebug) {
+ System.out.println("SunPKCS11 provider: " +
+ sunPKCS11NSSProvider);
+ }
+
+ testRetrieveKeysFromKeystore();
+
+ System.out.println("Test PASS - OK");
+ }
+
+ private static void testRetrieveKeysFromKeystore() throws Exception {
+
+ String plainText = "known plain text";
+
+ ks.setKeyEntry("root_ca_1", privateKey, passphrase,
+ new Certificate[]{certificate});
+ PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
+
+ Signature sS = Signature.getInstance(
+ "SHA256withRSA", sunPKCS11NSSProvider);
+ sS.initSign(k1);
+ sS.update(plainText.getBytes());
+ byte[] generatedSignature = sS.sign();
+
+ if (enableDebug) {
+ System.out.println("Generated signature: ");
+ for (byte b : generatedSignature) {
+ System.out.printf("0x%02x, ", (int)(b) & 0xFF);
+ }
+ System.out.println("");
+ }
+
+ Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
+ sV.initVerify(certificate);
+ sV.update(plainText.getBytes());
+ if(!sV.verify(generatedSignature)){
+ throw new Exception("Couldn't verify signature");
+ }
+ }
+
+ private static void initialize() throws Exception {
+ initializeProvider();
+ }
+
+ private static void initializeProvider () throws Exception {
+ useSqlite(true);
+ if (!initSecmod()) {
+ return;
+ }
+
+ sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
+ sunJCEProvider = new com.sun.crypto.provider.SunJCE();
+ sunRsaSignProvider = new SunRsaSign();
+ Providers.setProviderList(ProviderList.newList(
+ sunJCEProvider, sunPKCS11NSSProvider,
+ new sun.security.provider.Sun(), sunRsaSignProvider));
+
+ ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
+ ks.load(null, passphrase);
+
+ CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
+ gen.generate(2048);
+ privateKey = gen.getPrivateKey();
+ certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
+ }
+}
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
@@ -0,0 +1,13 @@
+# config file for secmod KeyStore access using sqlite backend
+
+name = NSS-Sqlite
+
+nssLibraryDirectory = ${pkcs11test.nss.libdir}
+
+nssDbMode = readWrite
+
+nssModule = keystore
+
+nssSecmodDirectory = ${pkcs11test.nss.db}
+
+attributes = compatibility
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
@@ -34,6 +34,11 @@
static String DBDIR;
static char[] password = "test12".toCharArray();
static String keyAlias = "mykey";
+ static boolean useSqlite = false;
+
+ static void useSqlite(boolean b) {
+ useSqlite = b;
+ }
static boolean initSecmod() throws Exception {
useNSS();
@@ -49,14 +54,24 @@
safeReload(LIBPATH + System.mapLibraryName("nssckbi"));
DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
- System.setProperty("pkcs11test.nss.db", DBDIR);
+ if (useSqlite) {
+ System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
+ } else {
+ System.setProperty("pkcs11test.nss.db", DBDIR);
+ }
File dbdirFile = new File(DBDIR);
if (dbdirFile.exists() == false) {
dbdirFile.mkdir();
}
- copyFile("secmod.db", BASE, DBDIR);
- copyFile("key3.db", BASE, DBDIR);
- copyFile("cert8.db", BASE, DBDIR);
+
+ if (useSqlite) {
+ copyFile("key4.db", BASE, DBDIR);
+ copyFile("cert9.db", BASE, DBDIR);
+ } else {
+ copyFile("secmod.db", BASE, DBDIR);
+ copyFile("key3.db", BASE, DBDIR);
+ copyFile("cert8.db", BASE, DBDIR);
+ }
return true;
}

125
SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch Normal file
View File

@ -0,0 +1,125 @@
# HG changeset patch
# User mbalao
# Date 1529971845 -28800
# Tue Jun 26 08:10:45 2018 +0800
# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc
# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff
8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Reviewed-by: valeriep, weijun
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
@@ -197,7 +197,7 @@
if (configDir != null) {
String configDirPath = null;
- String sqlPrefix = "sql:/";
+ String sqlPrefix = "sql:";
if (!configDir.startsWith(sqlPrefix)) {
configDirPath = configDir;
} else {
diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
+++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
@@ -69,9 +69,14 @@
int res = 0;
FPTR_Initialize initialize =
(FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize");
+ #ifdef SECMOD_DEBUG
+ FPTR_GetError getError =
+ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError");
+ #endif // SECMOD_DEBUG
unsigned int flags = 0x00;
const char *configDir = NULL;
const char *functionName = NULL;
+ const char *configFile = NULL;
/* If we cannot initialize, exit now */
if (initialize == NULL) {
@@ -97,13 +102,18 @@
flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag
}
+ configFile = "secmod.db";
+ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) {
+ configFile = "pkcs11.txt";
+ }
+
/*
* If the NSS_Init function is requested then call NSS_Initialize to
* open the Cert, Key and Security Module databases, read only.
*/
if (strcmp("NSS_Init", functionName) == 0) {
flags = flags | 0x01; // NSS_INIT_READONLY flag
- res = initialize(configDir, "", "", "secmod.db", flags);
+ res = initialize(configDir, "", "", configFile, flags);
/*
* If the NSS_InitReadWrite function is requested then call
@@ -111,7 +121,7 @@
* read/write.
*/
} else if (strcmp("NSS_InitReadWrite", functionName) == 0) {
- res = initialize(configDir, "", "", "secmod.db", flags);
+ res = initialize(configDir, "", "", configFile, flags);
/*
* If the NSS_NoDB_Init function is requested then call
@@ -137,6 +147,13 @@
(*env)->ReleaseStringUTFChars(env, jConfigDir, configDir);
}
dprintf1("-res: %d\n", res);
+ #ifdef SECMOD_DEBUG
+ if (res == -1) {
+ if (getError != NULL) {
+ dprintf1("-NSS error: %d\n", getError());
+ }
+ }
+ #endif // SECMOD_DEBUG
return (res == 0) ? JNI_TRUE : JNI_FALSE;
}
diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
+++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
@@ -34,6 +34,10 @@
const char *certPrefix, const char *keyPrefix,
const char *secmodName, unsigned int flags);
+#ifdef SECMOD_DEBUG
+typedef int (*FPTR_GetError)(void);
+#endif //SECMOD_DEBUG
+
// in secmod.h
//extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
// PRBool recurse);
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
@@ -0,0 +1,4 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
@@ -55,7 +55,7 @@
DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
if (useSqlite) {
- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
+ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR);
} else {
System.setProperty("pkcs11test.nss.db", DBDIR);
}
@@ -67,6 +67,7 @@
if (useSqlite) {
copyFile("key4.db", BASE, DBDIR);
copyFile("cert9.db", BASE, DBDIR);
+ copyFile("pkcs11.txt", BASE, DBDIR);
} else {
copyFile("secmod.db", BASE, DBDIR);
copyFile("key3.db", BASE, DBDIR);

6
SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
View File

@ -10,7 +10,7 @@ Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
--- openjdk.orig///common/autoconf/flags.m4
+++ openjdk///common/autoconf/flags.m4
@@ -389,6 +389,21 @@
@@ -402,6 +402,21 @@
AC_SUBST($2CXXSTD_CXXFLAG)
fi
@ -44,11 +44,11 @@ diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/a
+ $(REALIGN_CFLAG)
EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@
EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@
EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@
diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in
--- openjdk.orig///common/autoconf/spec.gmk.in
+++ openjdk///common/autoconf/spec.gmk.in
@@ -334,6 +334,7 @@
@@ -366,6 +366,7 @@
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@

8
SOURCES/policytool.desktop.in
View File

@ -1,8 +1,8 @@
[Desktop Entry]
Name=OpenJDK @JAVA_MAJOR_VERSION@ Policy Tool @ARCH@
Comment=Manage OpenJDK @JAVA_MAJOR_VERSION@ policy files @ARCH@
Exec=@JRE_HOME@/policytool
Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
Name=OpenJDK @JAVA_VER@ for @target_cpu@ Policy Tool (@OPENJDK_VER@)
Comment=Manage OpenJDK policy files
Exec=_JREBINDIR_/policytool
Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-security-tools-PolicyTool

38
SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
View File

@ -7,18 +7,10 @@
PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
Summary: Add -systemlineendings option to keytool to allow system line endings to be used again.
diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/classes/sun/security/pkcs10/PKCS10.java
--- openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
@@ -30,6 +30,7 @@
import java.io.IOException;
import java.math.BigInteger;
+import java.security.AccessController;
import java.security.cert.CertificateException;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
@@ -39,6 +40,7 @@
@@ -35,6 +35,7 @@
import java.util.Base64;
@ -26,7 +18,7 @@ diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/class
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key;
@@ -76,6 +78,14 @@
@@ -74,6 +75,14 @@
* @author Hemma Prafullchandra
*/
public class PKCS10 {
@ -41,7 +33,7 @@ diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/class
/**
* Constructs an unsigned PKCS #10 certificate request. Before this
* request may be used, it must be encoded and signed. Then it
@@ -293,13 +303,39 @@
@@ -303,13 +312,39 @@
*/
public void print(PrintStream out)
throws IOException, SignatureException {
@ -83,10 +75,10 @@ diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/class
out.println("-----END NEW CERTIFICATE REQUEST-----");
}
diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java
--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
@@ -124,6 +124,7 @@
@@ -126,6 +126,7 @@
private String infilename = null;
private String outfilename = null;
private String srcksfname = null;
@ -94,7 +86,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/
// User-specified providers are added before any command is called.
// However, they are not removed before the end of the main() method.
@@ -186,7 +187,7 @@
@@ -188,7 +189,7 @@
CERTREQ("Generates.a.certificate.request",
ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME,
STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
@ -103,7 +95,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/
CHANGEALIAS("Changes.an.entry.s.alias",
ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS,
STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
@@ -319,6 +320,7 @@
@@ -321,6 +322,7 @@
STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
STOREPASS("storepass", "<arg>", "keystore.password"),
STORETYPE("storetype", "<storetype>", "keystore.type"),
@ -111,7 +103,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/
TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
V("v", null, "verbose.output"),
VALIDITY("validity", "<valDays>", "validity.number.of.days");
@@ -559,6 +561,8 @@
@@ -561,6 +563,8 @@
protectedPath = true;
} else if (collator.compare(flags, "-srcprotected") == 0) {
srcprotectedPath = true;
@ -120,7 +112,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/
} else {
System.err.println(rb.getString("Illegal.option.") + flags);
tinyHelp();
@@ -1463,7 +1467,7 @@
@@ -1464,7 +1468,7 @@
// Sign the request and base-64 encode it
request.encodeAndSign(subject, signature);
@ -129,13 +121,13 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/
checkWeak(rb.getString("the.generated.certificate.request"), request);
}
@@ -4540,4 +4544,3 @@
@@ -4544,4 +4548,3 @@
return new Pair<>(a,b);
}
}
-
diff --git a/src/share/classes/sun/security/tools/keytool/Resources.java b/src/share/classes/sun/security/tools/keytool/Resources.java
--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
@@ -168,6 +168,8 @@
"keystore password"}, //-storepass

2
SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
View File

@ -35,7 +35,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java open
+++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
@@ -41,6 +41,9 @@
public class ECUtil {
public final class ECUtil {
+ /* Are we debugging ? */
+ private static final Debug debug = Debug.getInstance("ecc");

29
SOURCES/rh1648644-java_access_bridge_privileged_security.patch
View File

@ -1,22 +1,23 @@
--- jdk8/jdk/src/share/lib/security/java.security-linux.orig
+++ jdk8/jdk/src/share/lib/security/java.security-linux
@@ -223,7 +223,9 @@
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
jdk.xml.internal.,\
- com.sun.activation.registries.
+ com.sun.activation.registries.,\
diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
--- openjdk.orig/jdk/src/share/lib/security/java.security-linux
+++ openjdk/jdk/src/share/lib/security/java.security-linux
@@ -226,7 +226,9 @@
com.sun.activation.registries.,\
jdk.jfr.events.,\
jdk.jfr.internal.,\
- jdk.management.jfr.internal.
+ jdk.management.jfr.internal.,\
+ org.GNOME.Accessibility.,\
+ org.GNOME.Bonobo.
#
# List of comma-separated packages that start with or equal this string
@@ -273,7 +275,9 @@
jdk.nashorn.internal.,\
jdk.nashorn.tools.,\
jdk.xml.internal.,\
- com.sun.activation.registries.
+ com.sun.activation.registries.,\
@@ -279,7 +281,9 @@
com.sun.activation.registries.,\
jdk.jfr.events.,\
jdk.jfr.internal.,\
- jdk.management.jfr.internal.
+ jdk.management.jfr.internal.,\
+ org.GNOME.Accessibility.,\
+ org.GNOME.Bonobo.

2
SOURCES/rh1655466-global_crypto_and_fips.patch
View File

@ -176,7 +176,7 @@ new file mode 100644
+ * and the com.redhat.fips property is true.
+ */
+ private static boolean enableFips() throws Exception {
+ boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "false"));
+ boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (fipsEnabled) {
+ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));

52
SOURCES/rh1760838-fips_default_keystore_type.patch Normal file
View File

@ -0,0 +1,52 @@
diff -r 6efbd7b35a10 src/share/classes/java/security/SystemConfigurator.java
--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Mon Mar 02 19:20:17 2020 -0300
@@ -123,6 +123,33 @@
}
props.put(fipsProviderKey, fipsProviderValue);
}
+ // Add other security properties
+ String keystoreTypeValue = (String) props.get("fips.keystore.type");
+ if (keystoreTypeValue != null) {
+ String nonFipsKeystoreType = props.getProperty("keystore.type");
+ props.put("keystore.type", keystoreTypeValue);
+ if (keystoreTypeValue.equals("PKCS11")) {
+ // If keystore.type is PKCS11, javax.net.ssl.keyStore
+ // must be "NONE". See JDK-8238264.
+ System.setProperty("javax.net.ssl.keyStore", "NONE");
+ }
+ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
+ // If no trustStoreType has been set, use the
+ // previous keystore.type under FIPS mode. In
+ // a default configuration, the Trust Store will
+ // be 'cacerts' (JKS type).
+ System.setProperty("javax.net.ssl.trustStoreType",
+ nonFipsKeystoreType);
+ }
+ if (sdebug != null) {
+ sdebug.println("FIPS mode default keystore.type = " +
+ keystoreTypeValue);
+ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
+ System.getProperty("javax.net.ssl.keyStore", ""));
+ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
+ System.getProperty("javax.net.ssl.trustStoreType", ""));
+ }
+ }
loadedProps = true;
}
} catch (Exception e) {
diff -r 6efbd7b35a10 src/share/lib/security/java.security-linux
--- openjdk.orig/jdk/src/share/lib/security/java.security-linux Thu Jan 23 18:22:31 2020 -0300
+++ openjdk/jdk/src/share/lib/security/java.security-linux Mon Mar 02 19:20:17 2020 -0300
@@ -179,6 +179,11 @@
keystore.type=jks
#
+# Default keystore type used when global crypto-policies are set to FIPS.
+#
+fips.keystore.type=PKCS11
+
+#
# Controls compatibility mode for the JKS keystore type.
#
# When set to 'true', the JKS keystore type supports loading

489
SPECS/java-1.8.0-openjdk.spec
View File

@ -4,18 +4,17 @@
#
# Examples:
#
# Produce release *and* slowdebug builds on x86_64 (default):
# Produce release, fastdebug *and* slowdebug builds on x86_64 (default):
# $ rpmbuild -ba java-1.8.0-openjdk.spec
#
# Produce only release builds (no slowdebug builds) on x86_64:
# $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug
# Produce only release builds (no debug builds) on x86_64:
# $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug --without fastdebug
#
# Only produce a release build on x86_64:
# $ fedpkg mockbuild --without slowdebug
#
# Only produce a debug build on x86_64:
# $ fedpkg local --without release
# $ rhpkg mockbuild --without slowdebug --without fastdebug
#
# Enable fastdebug builds by default on relevant arches.
%bcond_without fastdebug
# Enable slowdebug builds by default on relevant arches.
%bcond_without slowdebug
# Enable release builds by default on relevant arches.
@ -32,13 +31,16 @@
# See https://github.com/rpm-software-management/rpm/issues/127 to comments at "pmatilai commented on Aug 18, 2017"
# (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192)
%global debug_suffix_unquoted -slowdebug
%global fastdebug_suffix_unquoted -fastdebug
# quoted one for shell operations
%global debug_suffix "%{debug_suffix_unquoted}"
%global fastdebug_suffix "%{fastdebug_suffix_unquoted}"
%global normal_suffix ""
# if you want only debug build but providing java build only normal build but set normalbuild_parameter
%global debug_warning This package has full debug on. Install only in need and remove asap.
%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP.
%global debug_on with full debug on
%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP.
%global for_fastdebug_on with minimal debug on
%global for_debug for packages with debug on
%if %{with release}
@ -48,9 +50,9 @@
%endif
%if %{include_normal_build}
%global build_loop1 %{normal_suffix}
%global normal_build %{normal_suffix}
%else
%global build_loop1 %{nil}
%global normal_build %{nil}
%endif
%global aarch64 aarch64 arm64 armv8
@ -60,6 +62,8 @@
%global multilib_arches %{power64} sparc64 x86_64
%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
%global jfr_arches x86_64 sparcv9 sparc64 %{aarch64} ${power64}
%global fastdebug_arches x86_64
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@ -76,17 +80,32 @@
%global include_debug_build 0
%endif
%if %{include_debug_build}
%global build_loop2 %{debug_suffix}
# By default, we build a fastdebug build during main build only on fastdebug architectures
%if %{with fastdebug}
%ifarch %{fastdebug_arches}
%global include_fastdebug_build 1
%else
%global build_loop2 %{nil}
%global include_fastdebug_build 0
%endif
%endif
# if you disable both builds, then the build fails
%global build_loop %{build_loop1} %{build_loop2}
# note: that order: normal_suffix debug_suffix, in case of both enabled
# is expected in one single case at the end of the build
%global rev_build_loop %{build_loop2} %{build_loop1}
%if %{include_debug_build}
%global slowdebug_build %{debug_suffix}
%else
%global slowdebug_build %{nil}
%endif
%if %{include_fastdebug_build}
%global fastdebug_build %{fastdebug_suffix}
%else
%global fastdebug_build %{nil}
%endif
# If you disable both builds, then the build fails
# Note that the debug build requires the normal build for docs
%global build_loop %{normal_build} %{fastdebug_build} %{slowdebug_build}
# Test slowdebug first as it provides the best diagnostics
%global rev_build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
%ifarch %{jit_arches}
%global bootstrap_build 1
@ -139,47 +158,61 @@
# In some cases, the arch used by the JDK does
# not match _arch.
# Also, in some cases, the machine name used by SystemTap
# does not match that given by _build_cpu
# does not match that given by _target_cpu
%ifarch x86_64
%global archinstall amd64
%global stapinstall x86_64
%endif
%ifarch ppc
%global archinstall ppc
%global stapinstall powerpc
%endif
%ifarch %{ppc64be}
%global archinstall ppc64
%global stapinstall powerpc
%endif
%ifarch %{ppc64le}
%global archinstall ppc64le
%global stapinstall powerpc
%endif
%ifarch %{ix86}
%global archinstall i386
%global stapinstall i386
%endif
%ifarch ia64
%global archinstall ia64
%global stapinstall ia64
%endif
%ifarch s390
%global archinstall s390
%global stapinstall s390
%endif
%ifarch s390x
%global archinstall s390x
%global stapinstall s390
%endif
%ifarch %{arm}
%global archinstall arm
%global stapinstall arm
%endif
%ifarch %{aarch64}
%global archinstall aarch64
%global stapinstall arm64
%endif
# 32 bit sparc, optimized for v9
%ifarch sparcv9
%global archinstall sparc
%global stapinstall %{_target_cpu}
%endif
# 64 bit sparc
%ifarch sparc64
%global archinstall sparcv9
%global stapinstall %{_target_cpu}
%endif
%ifnarch %{jit_arches}
%global archinstall %{_arch}
# Need to support noarch for srpm build
%ifarch noarch
%global archinstall %{nil}
%global stapinstall %{nil}
%endif
%ifarch %{jit_arches}
@ -198,11 +231,13 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
%global shenandoah_revision aarch64-shenandoah-jdk8u232-b09
%global shenandoah_revision aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
%global revision %{shenandoah_revision}
# Define IcedTea version used for SystemTap tapsets and desktop files
%global icedteaver 3.15.0
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
@ -212,12 +247,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 3
%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@ -266,10 +301,10 @@
# and 32 bit architectures we place the tapsets under the arch
# specific dir (note that systemtap will only pickup the tapset
# for the primary arch for now). Systemtap uses the machine name
# aka build_cpu as architecture specific directory name.
# aka target_cpu as architecture specific directory name.
%global tapsetroot /usr/share/systemtap
%global tapsetdirttapset %{tapsetroot}/tapset/
%global tapsetdir %{tapsetdirttapset}/%{_build_cpu}
%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
%endif
# not-duplicated scriptlets for normal/debug packages
@ -401,6 +436,7 @@ alternatives \\
--slave %{_bindir}/jconsole jconsole %{sdkbindir -- %{?1}}/jconsole \\
--slave %{_bindir}/jdb jdb %{sdkbindir -- %{?1}}/jdb \\
--slave %{_bindir}/jdeps jdeps %{sdkbindir -- %{?1}}/jdeps \\
--slave %{_bindir}/jfr jfr %{sdkbindir -- %{?1}}/jfr \\
--slave %{_bindir}/jhat jhat %{sdkbindir -- %{?1}}/jhat \\
--slave %{_bindir}/jinfo jinfo %{sdkbindir -- %{?1}}/jinfo \\
--slave %{_bindir}/jmap jmap %{sdkbindir -- %{?1}}/jmap \\
@ -562,6 +598,7 @@ exit 0
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/THIRD_PARTY_README
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
%dir %{_jvmdir}/%{sdkdir -- %{?1}}
%{_jvmdir}/%{jrelnk -- %{?1}}
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security
@ -659,7 +696,7 @@ exit 0
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnet.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnio.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnpt.so
%ifarch x86_64 %{ix86} %{aarch64}
%ifarch %{sa_arches}
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsaproc.so
%endif
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so
@ -699,12 +736,20 @@ exit 0
%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/sunjce_provider.jar
%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/sunpkcs11.jar
%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/zipfs.jar
%ifarch %{jfr_arches}
%{_jvmdir}/%{jredir -- %{?1}}/lib/jfr.jar
%{_jvmdir}/%{jredir -- %{?1}}/lib/jfr/default.jfc
%{_jvmdir}/%{jredir -- %{?1}}/lib/jfr/profile.jfc
%endif
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/images
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/images/cursors
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/management
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/cmm
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/ext
%ifarch %{jfr_arches}
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/jfr
%endif
}
%define files_devel() %{expand:
@ -732,6 +777,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jconsole
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdb
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeps
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jfr
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhat
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jjs
@ -1025,15 +1071,18 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}.tar.xz
Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
# Custom README for -src subpackage
Source2: README.md
# Release notes
Source7: NEWS
# run update_systemtap.sh to regenerate or update systemtap sources
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
Source8: systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (3.x).
# Systemtap tapsets. Zipped up to keep it small.
Source8: tapsets-icedtea-%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea
Source9: jconsole.desktop.in
@ -1080,6 +1129,8 @@ Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_availab
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
Patch1001: rh1655466-global_crypto_and_fips.patch
# RH1760838: No ciphersuites available for SSLSocket in FIPS mode
Patch1002: rh1760838-fips_default_keystore_type.patch
#############################################
#
@ -1099,18 +1150,18 @@ Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch
Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
# PR3083, RH1346460: Regression in SSL debug output without an ECC provider
Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
# RH1566890: CVE-2018-3639
Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
# PR3601: Fix additional -Wreturn-type issues introduced by 8061651
Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch
# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts)
# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts
Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch
# PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy
Patch300: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# PR3655: Allow use of system crypto policy to be disabled by the user
Patch301: pr3655-toggle_system_crypto_policy.patch
Patch401: pr3655-toggle_system_crypto_policy.patch
# RH1566890: CVE-2018-3639
Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch
Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch
#############################################
#
@ -1145,7 +1196,7 @@ Patch107: s390-8214206_fix.patch
# This fixes printf warnings that lead to build failure with -Werror=format-security from optflags
Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch
# S8154313: Generated javadoc scattered all over the place
Patch400: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch
Patch578: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch
# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code
Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch
# 8143245, PR3548: Zero build requires disabled warnings
@ -1160,6 +1211,11 @@ Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
Patch202: jdk8035341-allow_using_system_installed_libpng.patch
# 8042159: Allow using a system-installed lcms2
Patch203: jdk8042159-allow_using_system_installed_lcms2.patch
# JDK-8165996, PR3506, RH1760437: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
# RPM version excludes binary diffs and a patch to PKCS11Test.java which creates a lengthy bug trail
Patch579: jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
#############################################
#
@ -1272,6 +1328,17 @@ The %{origin_nice} runtime environment %{majorver}.
%{debug_warning}
%endif
%if %{include_fastdebug_build}
%package fastdebug
Summary: %{origin_nice} Runtime Environment %{majorver} %{fastdebug_on}
Group: Development/Languages
%{java_rpo -- %{fastdebug_suffix_unquoted}}
%description fastdebug
The %{origin_nice} runtime environment.
%{fastdebug_warning}
%endif
%if %{include_normal_build}
%package headless
Summary: %{origin_nice} Headless Runtime Environment %{majorver}
@ -1295,6 +1362,18 @@ The %{origin_nice} runtime environment %{majorver} without audio and video suppo
%{debug_warning}
%endif
%if %{include_fastdebug_build}
%package headless-fastdebug
Summary: %{origin_nice} Runtime Environment %{fastdebug_on}
Group: Development/Languages
%{java_headless_rpo -- %{fastdebug_suffix_unquoted}}
%description headless-fastdebug
The %{origin_nice} runtime environment %{majorver} without audio and video support.
%{fastdebug_warning}
%endif
%if %{include_normal_build}
%package devel
Summary: %{origin_nice} Development Environment %{majorver}
@ -1318,6 +1397,18 @@ The %{origin_nice} development tools %{majorver}.
%{debug_warning}
%endif
%if %{include_fastdebug_build}
%package devel-fastdebug
Summary: %{origin_nice} Development Environment %{majorver} %{fastdebug_on}
Group: Development/Tools
%{java_devel_rpo -- %{fastdebug_suffix_unquoted}}
%description devel-fastdebug
The %{origin_nice} development tools %{majorver}.
%{fastdebug_warning}
%endif
%if %{include_normal_build}
%package demo
Summary: %{origin_nice} Demos %{majorver}
@ -1341,6 +1432,18 @@ The %{origin_nice} demos %{majorver}.
%{debug_warning}
%endif
%if %{include_fastdebug_build}
%package demo-fastdebug
Summary: %{origin_nice} Demos %{majorver} %{fastdebug_on}
Group: Development/Languages
%{java_demo_rpo -- %{fastdebug_suffix_unquoted}}
%description demo-fastdebug
The %{origin_nice} demos %{majorver}.
%{fastdebug_warning}
%endif
%if %{include_normal_build}
%package src
Summary: %{origin_nice} Source Bundle %{majorver}
@ -1365,6 +1468,18 @@ The java-%{origin}-src-slowdebug sub-package contains the complete %{origin_nice
class library source code for use by IDE indexers and debuggers. Debugging %{for_debug}.
%endif
%if %{include_fastdebug_build}
%package src-fastdebug
Summary: %{origin_nice} Source Bundle %{majorver} %{for_fastdebug}
Group: Development/Languages
%{java_src_rpo -- %{fastdebug_suffix_unquoted}}
%description src-fastdebug
The java-%{origin}-src-fastdebug sub-package contains the complete %{origin_nice} %{majorver}
class library source code for use by IDE indexers and debuggers. Debugging %{for_fastdebug}.
%endif
%if %{include_normal_build}
%package javadoc
Summary: %{origin_nice} %{majorver} API documentation
@ -1377,9 +1492,7 @@ BuildArch: noarch
%description javadoc
The %{origin_nice} %{majorver} API documentation.
%endif
%if %{include_normal_build}
%package javadoc-zip
Summary: %{origin_nice} %{majorver} API documentation compressed in single archive
Group: Documentation
@ -1390,10 +1503,8 @@ BuildArch: noarch
%{java_javadoc_rpo %{nil}}
%description javadoc-zip
The %{origin_nice} %{majorver} API documentation compressed in single archive.
%endif
The %{origin_nice} %{majorver} API documentation compressed in a single archive.
%if %{include_normal_build}
%package accessibility
Summary: %{origin_nice} %{majorver} accessibility connector
@ -1420,23 +1531,51 @@ Summary: %{origin_nice} %{majorver} accessibility connector %{for_debug}
See normal java-%{version}-openjdk-accessibility description.
%endif
%if %{include_fastdebug_build}
%package accessibility-fastdebug
Summary: %{origin_nice} %{majorver} accessibility connector %{for_fastdebug}
%{java_accessibility_rpo -- %{fastdebug_suffix_unquoted}}
%description accessibility-fastdebug
See normal java-%{version}-openjdk-accessibility description.
%endif
%prep
# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
%if 0%{?stapinstall:1}
echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
%else
%{error:Unrecognised architecture %{_target_cpu}}
%endif
if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then
echo "include_normal_build is %{include_normal_build}"
else
echo "include_normal_build is %{include_normal_build}, thats invalid. Use 1 for yes or 0 for no"
echo "include_normal_build is %{include_normal_build}, that is invalid. Use 1 for yes or 0 for no"
exit 11
fi
if [ %{include_debug_build} -eq 0 -o %{include_debug_build} -eq 1 ] ; then
echo "include_debug_build is %{include_debug_build}"
else
echo "include_debug_build is %{include_debug_build}, thats invalid. Use 1 for yes or 0 for no"
echo "include_debug_build is %{include_debug_build}, that is invalid. Use 1 for yes or 0 for no"
exit 12
fi
if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 ] ; then
echo "You have disabled both include_debug_build and include_normal_build. That is a no go."
if [ %{include_fastdebug_build} -eq 0 -o %{include_fastdebug_build} -eq 1 ] ; then
echo "include_fastdebug_build is %{include_fastdebug_build}"
else
echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no"
exit 13
fi
if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then
echo "You have disabled all builds (normal,fastdebug,debug). That is a no go."
exit 14
fi
if [ %{include_normal_build} -eq 0 ] ; then
echo "You have disabled the normal build, but this is required to provide docs for the debug build."
exit 15
fi
echo "Update version: %{updatever}"
echo "Build number: %{buildver}"
@ -1471,8 +1610,8 @@ sh %{SOURCE12}
%patch203
# System security policy fixes
%patch300
%patch301
%patch400
%patch401
%patch1
%patch3
@ -1493,21 +1632,24 @@ sh %{SOURCE12}
%patch502
%patch504
%patch512
%patch400
%patch578
%patch523
%patch528
%patch530
%patch529
%patch531
%patch530
%patch571
%patch574
%patch575
%patch577
%patch579
%patch580
# RPM-only fixes
%patch539
%patch1000
%patch1001
%patch1002
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@ -1522,11 +1664,14 @@ tar --strip-components=1 -x -I xz -f %{SOURCE8}
%if %{include_debug_build}
cp -r tapset tapset%{debug_suffix}
%endif
%if %{include_fastdebug_build}
cp -r tapset tapset%{fastdebug_suffix}
%endif
for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:%{version}-%{release}.%{_arch}.stp:g"`
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1
# TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86}
@ -1543,16 +1688,19 @@ done
%endif
# Prepare desktop files
# The _X_ syntax indicates variables that are replaced by make upstream
# The @X@ syntax indicates variables that are replaced by configure upstream
for suffix in %{build_loop} ; do
for file in %{SOURCE9} %{SOURCE10} ; do
FILE=`basename $file | sed -e s:\.in$::g`
EXT="${FILE##*.}"
NAME="${FILE%.*}"
OUTPUT_FILE=$NAME$suffix.$EXT
sed -e "s:@JAVA_HOME@:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE
sed -i -e "s:@JRE_HOME@:%{jrebindir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@ARCH@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE
sed -i -e "s:@JAVA_MAJOR_VERSION@:%{javaver}:g" $OUTPUT_FILE
sed -e "s:_SDKBINDIR_:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE
sed -i -e "s:_JREBINDIR_:%{jrebindir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@target_cpu@:%{_arch}:g" $OUTPUT_FILE
sed -i -e "s:@OPENJDK_VER@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE
sed -i -e "s:@JAVA_VER@:%{javaver}:g" $OUTPUT_FILE
sed -i -e "s:@JAVA_VENDOR@:%{origin}:g" $OUTPUT_FILE
done
done
@ -1590,7 +1738,8 @@ EXTRA_CPP_FLAGS="%ourcppflags"
# fix rpmlint warnings
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
%endif
export EXTRA_CFLAGS
EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
export EXTRA_CFLAGS EXTRA_ASFLAGS
(cd %{top_level_dir_name}/common/autoconf
bash ./autogen.sh
@ -1611,6 +1760,9 @@ mkdir -p %{buildoutputdir -- $suffix}
pushd %{buildoutputdir -- $suffix}
bash ../../configure \
%ifarch %{jfr_arches}
--enable-jfr \
%endif
%ifnarch %{jit_arches}
--with-jvm-variants=zero \
%endif
@ -1629,6 +1781,7 @@ bash ../../configure \
--with-stdc++lib=dynamic \
--with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
--with-extra-cflags="$EXTRA_CFLAGS" \
--with-extra-asflags="$EXTRA_ASFLAGS" \
--with-extra-ldflags="%{ourldflags}" \
--with-num-cores="$NUM_PROC"
@ -1848,10 +2001,15 @@ if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip
cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
fi
# Install release notes
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
install -d -m 755 ${commondocdir}
cp -a %{SOURCE7} ${commondocdir}
# Install icons and menu entries
for s in 16 24 32 48 ; do
install -D -p -m 644 \
@ -2034,6 +2192,33 @@ require "copy_jdk_configs.lua"
%endif
%if %{include_fastdebug_build}
%post fastdebug
%{post_script -- %{fastdebug_suffix_unquoted}}
%post headless-fastdebug
%{post_headless -- %{fastdebug_suffix_unquoted}}
%postun fastdebug
%{postun_script -- %{fastdebug_suffix_unquoted}}
%postun headless-fastdebug
%{postun_headless -- %{fastdebug_suffix_unquoted}}
%posttrans fastdebug
%{posttrans_script -- %{fastdebug_suffix_unquoted}}
%post devel-fastdebug
%{post_devel -- %{fastdebug_suffix_unquoted}}
%postun devel-fastdebug
%{postun_devel -- %{fastdebug_suffix_unquoted}}
%posttrans devel-fastdebug
%{posttrans_devel -- %{fastdebug_suffix_unquoted}}
%endif
%if %{include_normal_build}
%files
# main package builds always
@ -2062,9 +2247,8 @@ require "copy_jdk_configs.lua"
%files javadoc
%{files_javadoc %{nil}}
# this puts huge file to /usr/share
# unluckily ti is really a documentation file
# and unluckily it really is architecture-dependent, as eg. aot and grail are now x86_64 only
# This puts a huge documentation file in /usr/share
# It is now architecture-dependent, as eg. AOT and Graal are now x86_64 only
# same for debug variant
%files javadoc-zip
%{files_javadoc_zip %{nil}}
@ -2093,7 +2277,190 @@ require "copy_jdk_configs.lua"
%{files_accessibility -- %{debug_suffix_unquoted}}
%endif
%if %{include_fastdebug_build}
%files fastdebug
%{files_jre -- %{fastdebug_suffix_unquoted}}
%files headless-fastdebug
%{files_jre_headless -- %{fastdebug_suffix_unquoted}}
%files devel-fastdebug
%{files_devel -- %{fastdebug_suffix_unquoted}}
%files demo-fastdebug -f %{name}-demo.files-fastdebug
%{files_demo -- %{fastdebug_suffix_unquoted}}
%files src-fastdebug
%{files_src -- %{fastdebug_suffix_unquoted}}
%files accessibility-fastdebug
%{files_accessibility -- %{fastdebug_suffix_unquoted}}
%endif
%changelog
* Wed Jun 24 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b03-0.2.ea
- Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20.
- Resolves: rhbz#1838811
* Tue Jun 23 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b03.
- Resolves: rhbz#1838811
* Mon Jun 22 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b02-0.2.ea
- Introduce jfr_arches for architectures which support JFR.
- Fix path to jfr.jar.
- Use sa_arches for libsaproc.so inclusion.
- Resolves: rhbz#1838811
* Mon Jun 22 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b02-0.2.ea
- Explicitly list jfr.jar, default.jfc & profile.jfc in the spec file.
- Resolves: rhbz#1838811
* Sun Jun 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b02-0.2.ea
- Enable JFR in our builds, ahead of upstream default.
- Only enable JFR for JIT builds, as it is not supported with Zero.
- Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash.
- Resolves: rhbz#1838811
* Sun Jun 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b02.
- Resolves: rhbz#1838811
* Sat Jun 20 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.262.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u262-b01.
- Switch to EA mode.
- Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR
- Adjust RH1648644 following context changes due to introduction of JFR packages
- Add jfr binary to devel package and alternatives set
- Resolves: rhbz#1838811
* Tue Jun 02 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-7
- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
- Resolves: rhbz#1655466
* Mon Jun 01 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-6
- Use appropriate keystore types when in FIPS mode.
- Resolves: rhbz#1760838
* Fri May 22 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-5
- Add support for fastdebug builds on x86_64 only.
- Drop redundant slowdebug/debug sed invocation on the docs zip filename as it is only now built for non-debug.
- Resolves: rhbz#1836067
* Wed Apr 22 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-4
- Bump release number for RHEL 8.3.0.
- Resolves: rhbz#1810557
* Sun Apr 19 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-3
- Add release notes.
- Resolves: rhbz#1810557
* Sun Apr 19 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-2
- Make use of --with-extra-asflags introduced in jdk8u252-b01.
- Resolves: rhbz#1810557
* Mon Apr 06 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-1
- Update to aarch64-shenandoah-jdk8u252-b09.
- Switch to GA mode for final release.
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b08-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b08.
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b07-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b07.
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b06-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b06.
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b05.
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b04.
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b03.
- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b02.
- Resolves: rhbz#1810557
* Wed Apr 01 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u252-b01.
- Switch to EA mode.
- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change
- Resolves: rhbz#1810557
* Fri Mar 27 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-4
- Need to support noarch for creating source RPMs for non-scratch builds.
- Resolves: rhbz#1737112
* Tue Mar 24 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-4
- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
- Resolves: rhbz#1737112
* Mon Feb 24 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-3
- Add JDK-8165996/PR3506 & JDK-8195607/PR3776 to support NSS SQLite databases.
- Resolves: rhbz#1760437
* Sun Feb 23 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-2
- Sync SystemTap & desktop files with upstream IcedTea release 3.15.0, removing previous workarounds
- Resolves: rhbz#1737112
* Sun Feb 23 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-2
- Sync SystemTap & desktop files with upstream IcedTea release 3.11.0 using new script
- Resolves: rhbz#1737112
* Wed Jan 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-1
- Update to aarch64-shenandoah-jdk8u242-b08.
- Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions.
- Resolves: rhbz#1785753
* Wed Jan 15 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b07-2
- Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue.
- Resolves: rhbz#1785753
* Mon Jan 13 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b07-1
- Update to aarch64-shenandoah-jdk8u242-b07.
- Switch to GA mode for final release.
- Remove Shenandoah S390 patch which is now included upstream as JDK-8236829.
- Resolves: rhbz#1785753
* Sun Jan 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u242-b05.
- Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102.
- Revise b05 snapshot to include JDK-8236178.
- Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run
- Resolves: rhbz#1785753
* Sat Jan 04 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u242-b01.
- Switch to EA mode.
- Resolves: rhbz#1785753
* Sat Jan 04 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-6
- Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve.
- Regenerate source tarball using the updated script and add the -'4curve' suffix.
- Resolves: rhbz#1746879
* Thu Jan 02 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-5
- Revert SSBD removal for now, until appropriate messaging has been decided.
- Resolves: rhbz#1750419
* Tue Dec 24 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-4
- Remove CVE-2018-3639 mitigation due to performance regression and
OpenJDK position on speculative execution vulnerabilities.
https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html
- Resolves: rhbz#1750419
* Thu Nov 14 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-3
- Bump release number for RHEL 8.2.0.
- Resolves: rhbz#1753423