From 1876a0f8ad9f56229935efc405857af76dc69359 Mon Sep 17 00:00:00 2001
From: DistroBaker <osci-list@redhat.com>
Date: Sat, 19 Dec 2020 01:09:00 +0000
Subject: [PATCH] Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/java-1.8.0-openjdk.git#aa2fac59de9a77b026139755c77d0f89a671a3cc
---
 java-1.8.0-openjdk.spec         | 22 ++++++++++++++++++++--
 rh1750419-redhat_alt_java.patch | 13 +++++++++----
 2 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 6bbd0a4..4e4cbfc 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -80,6 +80,8 @@
 %global jit_arches      %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
 %global sa_arches       %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
 %global jfr_arches      x86_64 sparcv9 sparc64 %{aarch64} %{power64}
+# Set of architectures for which alt-java has SSB mitigation
+%global ssbd_arches x86_64
 
 # By default, we build a debug build during main build on JIT architectures
 %if %{with slowdebug}
@@ -260,7 +262,7 @@
 %global updatever       %(VERSION=%{whole_update}; echo ${VERSION##*u})
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease      2
+%global rpmrelease      3
 # Define milestone (EA for pre-releases, GA ("fcs") for releases)
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1295,7 +1297,7 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav
 Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
 # PR3655: Allow use of system crypto policy to be disabled by the user
 Patch401: pr3655-toggle_system_crypto_policy.patch
-# enable build of spectre/meltdown hardened alt-java
+# enable build of speculative store bypass hardened alt-java
 Patch600: rh1750419-redhat_alt_java.patch
 # JDK-8218811: replace open by os::open in hotspot coding
 # This fixes a GCC 10 build issue
@@ -1967,6 +1969,17 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
 $JAVA_HOME/bin/javac -d . %{SOURCE15}
 $JAVA_HOME/bin/java -Djava.security.disableSystemPropertiesFile=true $(echo $(basename %{SOURCE15})|sed "s|\.java||")
 
+# Check java launcher has no SSB mitigation
+if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
+
+# Check alt-java launcher has SSB mitigation on supported architectures
+%ifarch %{ssbd_arches}
+nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
+%else
+if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
+%endif
+
+
 # Check debug symbols are present and can identify code
 find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
 do
@@ -2420,6 +2433,11 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Thu Dec 17 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.275.b01-3
+- introduced nm based check to verify alt-java on x86_64 is patched, and no other alt-java or java is patched
+- patch600 rh1750419-redhat_alt_java.patch amended to die, if it is used wrongly
+- introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures
+
 * Fri Nov 27 2020 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.275.b01-2
 - added patch600, rh1750419-redhat_alt_java.patch 
 - Replaced alt-java palceholder by real pathced alt-java
diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch
index 5a7b2d8..b3cbff8 100644
--- a/rh1750419-redhat_alt_java.patch
+++ b/rh1750419-redhat_alt_java.patch
@@ -1,12 +1,13 @@
 diff -r 25e94aa812b2 make/CompileLaunchers.gmk
 --- openjdk/jdk/make/CompileLaunchers.gmk	Wed Feb 05 12:20:36 2020 -0300
 +++ openjdk/jdk/make/CompileLaunchers.gmk	Tue Jun 02 17:15:28 2020 +0100
-@@ -234,6 +234,20 @@
+@@ -234,6 +234,21 @@
  
  BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/java$(EXE_SUFFIX)
  
++#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
 +$(eval $(call SetupLauncher,alt-java, \
-+    -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \
++    -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA -Wno-error=cpp,,,user32.lib comctl32.lib, \
 +    $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
 +    $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
 +
@@ -102,12 +103,16 @@ diff -r 25e94aa812b2 src/share/bin/alt_main.h
 diff -r 25e94aa812b2 src/share/bin/main.c
 --- openjdk/jdk/src/share/bin/main.c	Wed Feb 05 12:20:36 2020 -0300
 +++ openjdk/jdk/src/share/bin/main.c	Tue Jun 02 17:15:28 2020 +0100
-@@ -32,6 +32,10 @@
+@@ -32,6 +32,14 @@
  
  #include "defines.h"
  
-+#if defined(linux) && defined(__x86_64)
++#ifdef REDHAT_ALT_JAVA
++#if defined(__linux__) && defined(__x86_64__)
 +#include "alt_main.h"
++#else
++#warning alt-java requested but SSB mitigation not available on this platform.
++#endif
 +#endif
 +
  #ifdef _MSC_VER