From 2262957a9ab8344962ff378adaa05e1491f3fadd Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 18 Apr 2024 13:15:39 +0000 Subject: [PATCH] import UBI java-1.8.0-openjdk-1.8.0.412.b08-2.el8 --- .gitignore | 2 +- .java-1.8.0-openjdk.metadata | 2 +- SOURCES/java-1.8.0-openjdk-portable.specfile | 235 ++++++++++---- .../jdk8186464-rh1433262-zip64_failure.patch | 286 ++++++++++++++++++ ...va_access_bridge_privileged_security.patch | 25 -- ...lite-libs_instead_of_pcsc-lite-devel.patch | 13 + SPECS/java-1.8.0-openjdk.spec | 182 ++++++++--- 7 files changed, 619 insertions(+), 126 deletions(-) create mode 100644 SOURCES/jdk8186464-rh1433262-zip64_failure.patch delete mode 100644 SOURCES/rh1648644-java_access_bridge_privileged_security.patch create mode 100644 SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch diff --git a/.gitignore b/.gitignore index c5c84f7..5dc44f4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06.tar.xz +SOURCES/shenandoah8u412-b08.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 7711961..c3fed7a 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -0ca0a2433bfd7aa62a21fc37c8079f540e672a9c SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06.tar.xz +9cb6b4c557e9a433fe4c16b3996f998335cec8a5 SOURCES/shenandoah8u412-b08.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/java-1.8.0-openjdk-portable.specfile b/SOURCES/java-1.8.0-openjdk-portable.specfile index 1231da3..6edeb9d 100644 --- a/SOURCES/java-1.8.0-openjdk-portable.specfile +++ b/SOURCES/java-1.8.0-openjdk-portable.specfile @@ -267,8 +267,8 @@ # Define version of OpenJDK 8 used %global project openjdk %global repo shenandoah-jdk8u -%global openjdk_revision jdk8u402-b06 -%global shenandoah_revision shenandoah-%{openjdk_revision} +%global openjdk_revision 8u412-b08 +%global shenandoah_revision shenandoah%{openjdk_revision} # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 3.15.0 # Define current Git revision for the FIPS support patches @@ -313,7 +313,7 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 1 +%global rpmrelease 2 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -427,14 +427,14 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv URL: http://openjdk.java.net/ # Shenandoah HotSpot -# aarch64-port/jdk8u-shenandoah contains an integration forest of -# OpenJDK 8u, the aarch64 port and Shenandoah +# openjdk/shenandoah-jdk8u contains an integration forest of +# OpenJDK 8u and the Shenandoah garbage collector # To regenerate, use: # VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION} +# FILE_NAME_ROOT=${VERSION} # REPO_ROOT= generate_source_tarball.sh # where the source is obtained from http://github.com/%%{project}/%%{repo} -Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz +Source0: %{shenandoah_revision}.tar.xz # Custom README for -src subpackage Source2: README.md @@ -445,12 +445,11 @@ Source7: NEWS # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (3.x). # Systemtap tapsets. Zipped up to keep it small. -Source8: tapsets-icedtea-%%{icedteaver}.tar.xz +Source8: tapsets-icedtea-%{icedteaver}.tar.xz # Desktop files. Adapted from IcedTea -# Disabled in portables -#Source9: jconsole.desktop.in -#Source10: policytool.desktop.in +Source9: jconsole.desktop.in +Source10: policytool.desktop.in # nss configuration file Source11: nss.cfg.in @@ -678,8 +677,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2023c required as of JDK-8305113 -BuildRequires: tzdata-java >= 2023c +# 2024a required as of JDK-8325150 +BuildRequires: tzdata-java >= 2024a # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -799,6 +798,9 @@ fi echo "Update version: %{updatever}" echo "Build number: %{buildver}" echo "Milestone: %{milestone}" +%ifnarch %{ix86} +export XZ_OPT="-T0" +%endif %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` @@ -821,6 +823,20 @@ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ # OpenJDK patches +# This syntax is deprecated: +# %patchN [...] +# and should be replaced with: +# %patch -PN [...] +# For example: +# %patch1001 -p1 +# becomes: +# %patch -P1001 -p1 +# The replacement format suggested by recent (circa Fedora 38) RPM +# deprecation messages: +# %patch N [...] +# is not backward-compatible with prior (circa RHEL-8) versions of +# rpmbuild. + %if %{system_libs} # Remove libraries that are linked sh %{SOURCE12} @@ -829,60 +845,60 @@ sh %{SOURCE12} # Do not enable them with system_libs, they do not work properly with bundled option # System library fixes %if %{system_libs} -%patch201 -%patch202 -%patch203 -%patch204 +%patch -P201 +%patch -P202 +%patch -P203 +%patch -P204 %endif -%patch1 -%patch5 +%patch -P1 +%patch -P5 # s390 build fixes -%patch102 -%patch103 -%patch107 +%patch -P102 +%patch -P103 +%patch -P107 # AArch64 fixes # x86 fixes -%patch105 +%patch -P105 # Upstreamable fixes -%patch502 -%patch512 -%patch523 -%patch528 -%patch571 -%patch574 -%patch112 -%patch581 -%patch541 -%patch12 +%patch -P502 +%patch -P512 +%patch -P523 +%patch -P528 +%patch -P571 +%patch -P574 +%patch -P112 +%patch -P581 +%patch -P541 +%patch -P12 pushd %{top_level_dir_name} # Add crypto policy and FIPS support -%patch1001 -p1 +%patch -P1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security -%patch1000 -p1 +%patch -P1000 -p1 # system cacerts support -%patch539 -p1 +%patch -P539 -p1 popd # RPM-only fixes -%patch600 -%patch1003 +%patch -P600 +%patch -P1003 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 -%patch534 +%patch -P534 %endif # Shenandoah patches # Extract systemtap tapsets %if %{with_systemtap} -tar --strip-components=1 -x -I xz -f %{SOURCE8} +tar --strip-components=1 -x -I 'xz -T0' -f %{SOURCE8} %if %{include_debug_build} cp -r tapset tapset%{debug_suffix} %endif @@ -921,6 +937,9 @@ export NUM_PROC=${NUM_PROC:-1} # Honor %%_smp_ncpus_max [ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} %endif +%ifnarch %{ix86} +export XZ_OPT="-T0" +%endif %ifarch s390x sparc64 alpha %{power64} %{aarch64} export ARCH_DATA_MODEL=64 @@ -1016,10 +1035,10 @@ function buildjdk() { cat hotspot-spec.gmk make \ - JAVAC_FLAGS=-g \ - LOG=trace \ - SCTP_WERROR= \ - ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) + JAVAC_FLAGS=-g \ + LOG=trace \ + SCTP_WERROR= \ + ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) popd } @@ -1099,12 +1118,20 @@ function genchecksum() { } function packagejdk() { + # Reusing OPENJDK_UPSTREAM_TAG_EPOCH for the modification times of all + # files in the portable tarballs eliminates one source of variability + # across RPM rebuilds. + VERSION_FILE="$(pwd)"/"%{top_level_dir_name}"/common/autoconf/version-numbers + OPENJDK_UPSTREAM_TAG_EPOCH="$(stat --format=%Y "${VERSION_FILE}")" + local imagesdir=$(pwd)/${1}/images local docdir=$(pwd)/${1}/docs local bundledir=$(pwd)/${1}/bundles local packagesdir=$(pwd)/${2} local srcdir=$(pwd)/%{top_level_dir_name} local tapsetdir=$(pwd)/tapset + local tar_time="$(date --utc --iso-8601=seconds --date=@"${OPENJDK_UPSTREAM_TAG_EPOCH}")" + local tar_opts="--mtime=${tar_time} --sort=name -cJf" echo "Packaging build from ${imagesdir} to ${packagesdir}..." mkdir -p ${packagesdir} @@ -1138,7 +1165,7 @@ function packagejdk() { # Release images have external debug symbols if [ "x$suffix" = "x" ] ; then # Keep the unstripped version for consumption by RHEL RPMs - tar -cJf ${unstrippedarchive} ${jdkname} + tar ${tar_opts} ${unstrippedarchive} ${jdkname} genchecksum ${unstrippedarchive} # Strip the files @@ -1151,32 +1178,32 @@ function packagejdk() { fi done - tar -cJf ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo) + tar ${tar_opts} ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo) genchecksum ${debugjdkarchive} - tar -cJf ${debugjrearchive} $(find ${jrename} -name \*.debuginfo) + tar ${tar_opts} ${debugjrearchive} $(find ${jdkname} -name \*.debuginfo) genchecksum ${debugjrearchive} - mkdir ${docname} - mv ${docdir} ${docname} - mv ${bundledir}/${built_doc_archive} ${docname} - tar -cJf ${docarchive} ${docname} - genchecksum ${docarchive} + mkdir ${docname} + mv ${docdir} ${docname} + mv ${bundledir}/${built_doc_archive} ${docname} + tar ${tar_opts} ${docarchive} ${docname} + genchecksum ${docarchive} - mkdir ${miscname} - for s in 16 24 32 48 ; do - cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname} - done + mkdir ${miscname} + for s in 16 24 32 48 ; do + cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname} + done %if %{with_systemtap} cp -a ${tapsetdir}* ${miscname} %endif - tar -cJf ${miscarchive} ${miscname} - genchecksum ${miscarchive} + tar ${tar_opts} ${miscarchive} ${miscname} + genchecksum ${miscarchive} fi - tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname} + tar ${tar_opts} ${jdkarchive} --exclude='**.debuginfo' ${jdkname} genchecksum ${jdkarchive} - tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename} + tar ${tar_opts} ${jrearchive} --exclude='**.debuginfo' ${jrename} genchecksum ${jrearchive} # Revert directory renaming so testing will run @@ -1496,6 +1523,94 @@ done %{_jvmdir}/%{miscportablearchive}.sha256sum %changelog +* Wed Apr 10 2024 Andrew Hughes - 1:1.8.0.412.b08-2 +- Add CVEs to release notes + +* Mon Apr 08 2024 Andrew Hughes - 1:1.8.0.412.b08-1 +- Update to shenandoah-jdk8u412-b08 (GA) +- Update release notes for shenandoah-8u412-b08. +- Complete release note for Certainly roots +- Switch to GA mode. +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** + +* Fri Apr 05 2024 Andrew Hughes - 1:1.8.0.412.b07-0.1.ea +- Update to shenandoah-jdk8u412-b07 (EA) +- Update release notes for shenandoah-8u412-b07. +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 + +* Fri Mar 29 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources +- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity +- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork +- generate_source_tarball.sh: Adapt version logic to work with 8u +- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086) +- generate_source_tarball.sh: Update examples in header for clarity +- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP +- generate_source_tarball.sh: Only add --depth=1 on non-local repositories +- icedtea_sync.sh: Reinstate from rhel-8.8.0 branch +- Move maintenance scripts to a scripts subdirectory +- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository +- jconsole.desktop.in: Restored by running icedtea_sync.sh +- policytool.desktop.in: Likewise. +- Restore IcedTea sources correctly in spec file +- discover_trees.sh: Set compile-command and indentation instructions for Emacs +- discover_trees.sh: shellcheck: Do not use -o (SC2166) +- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- discover_trees.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: Add authorship +- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs +- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) +- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: Set compile-command and indentation instructions for Emacs +- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) +- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) +- Remove pointless empty file generate_singlerepo_source_tarball.sh +- Remove pointless empty file update_main_sources.sh +- generate_source_tarball.sh: Handle an existing checkout +- generate_source_tarball.sh: Sync indentation with java-21-openjdk version +- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS + +* Fri Mar 29 2024 Thomas Fitzsimmons - 1:1.8.0.412.b01-0.2.ea +- generate_source_tarball.sh: Add WITH_TEMP environment variable +- generate_source_tarball.sh: Multithread xz on all available cores +- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable +- generate_source_tarball.sh: Update comment about tarball naming +- generate_source_tarball.sh: Reformat comment header +- generate_source_tarball.sh: Reformat and update help output +- generate_source_tarball.sh: Do a shallow clone, for speed +- generate_source_tarball.sh: Eliminate some removal prompting +- generate_source_tarball.sh: Make tarball reproducible +- generate_source_tarball.sh: Prefix temporary directory with temp- +- generate_source_tarball.sh: Remove temporary directory exit conditions +- generate_source_tarball.sh: Set compile-command in Emacs +- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT +- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks +- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) +- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) +- Use backward-compatible patch syntax +- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST +- generate_source_tarball.sh: Remove trailing period in echo +- generate_source_tarball.sh: Use long-style argument to grep +- generate_source_tarball.sh: Add license +- generate_source_tarball.sh: Add indentation instructions for Emacs + +* Fri Mar 22 2024 Andrew Hughes - 1:1.8.0.412.b01-0.1.ea +- Introduce tar_opts to avoid repetition of lengthy tar creation options +- Normalise whitespace +- Turn off xz multi-threading on i686 as it fails with an out of memory error + +* Fri Mar 22 2024 Thomas Fitzsimmons - 1:1.8.0.412.b01-0.1.ea +- Invoke xz in multi-threaded mode +- Make portable tarball modification times reproducible + +* Thu Mar 21 2024 Andrew Hughes - 1:1.8.0.412.b01-0.1.ea +- Update to shenandoah-jdk8u412-b01 (EA) +- Update release notes for shenandoah-8u412-b01. +- Switch to EA mode. + * Thu Jan 11 2024 Andrew Hughes - 1:1.8.0.402.b06-0.1.ea - Update to shenandoah-jdk8u402-b06 (GA) - Update release notes for shenandoah-8u402-b06. diff --git a/SOURCES/jdk8186464-rh1433262-zip64_failure.patch b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch new file mode 100644 index 0000000..572a36e --- /dev/null +++ b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch @@ -0,0 +1,286 @@ +# HG changeset patch +# User sherman +# Date 1505950914 25200 +# Wed Sep 20 16:41:54 2017 -0700 +# Node ID 723486922bfe4c17e3f5c067ce5e97229842fbcd +# Parent c8ac05bbe47771b3dafa2e7fc9a95d86d68d7c07 +8186464: ZipFile cannot read some InfoZip ZIP64 zip files +Reviewed-by: martin + +diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +index 26e2a5bf9e9..2630c118817 100644 +--- openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java ++++ openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +@@ -92,6 +92,7 @@ public class ZipFileSystem extends FileSystem { + private final boolean createNew; // create a new zip if not exists + private static final boolean isWindows = + System.getProperty("os.name").startsWith("Windows"); ++ private final boolean forceEnd64; + + // a threshold, in bytes, to decide whether to create a temp file + // for outputstream of a zip entry +@@ -112,12 +113,13 @@ public class ZipFileSystem extends FileSystem { + if (this.defaultDir.charAt(0) != '/') + throw new IllegalArgumentException("default dir should be absolute"); + ++ this.forceEnd64 = "true".equals(env.get("forceZIP64End")); + this.provider = provider; + this.zfpath = zfpath; + if (Files.notExists(zfpath)) { + if (createNew) { + try (OutputStream os = Files.newOutputStream(zfpath, CREATE_NEW, WRITE)) { +- new END().write(os, 0); ++ new END().write(os, 0, forceEnd64); + } + } else { + throw new FileSystemNotFoundException(zfpath.toString()); +@@ -1014,28 +1016,36 @@ public class ZipFileSystem extends FileSystem { + end.cenoff = ENDOFF(buf); + end.comlen = ENDCOM(buf); + end.endpos = pos + i; +- if (end.cenlen == ZIP64_MINVAL || +- end.cenoff == ZIP64_MINVAL || +- end.centot == ZIP64_MINVAL32) +- { +- // need to find the zip64 end; +- byte[] loc64 = new byte[ZIP64_LOCHDR]; +- if (readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR) +- != loc64.length) { +- return end; +- } +- long end64pos = ZIP64_LOCOFF(loc64); +- byte[] end64buf = new byte[ZIP64_ENDHDR]; +- if (readFullyAt(end64buf, 0, end64buf.length, end64pos) +- != end64buf.length) { +- return end; +- } +- // end64 found, re-calcualte everything. +- end.cenlen = ZIP64_ENDSIZ(end64buf); +- end.cenoff = ZIP64_ENDOFF(end64buf); +- end.centot = (int)ZIP64_ENDTOT(end64buf); // assume total < 2g +- end.endpos = end64pos; ++ // try if there is zip64 end; ++ byte[] loc64 = new byte[ZIP64_LOCHDR]; ++ if (end.endpos < ZIP64_LOCHDR || ++ readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR) ++ != loc64.length || ++ !locator64SigAt(loc64, 0)) { ++ return end; ++ } ++ long end64pos = ZIP64_LOCOFF(loc64); ++ byte[] end64buf = new byte[ZIP64_ENDHDR]; ++ if (readFullyAt(end64buf, 0, end64buf.length, end64pos) ++ != end64buf.length || ++ !end64SigAt(end64buf, 0)) { ++ return end; ++ } ++ // end64 found, ++ long cenlen64 = ZIP64_ENDSIZ(end64buf); ++ long cenoff64 = ZIP64_ENDOFF(end64buf); ++ long centot64 = ZIP64_ENDTOT(end64buf); ++ // double-check ++ if (cenlen64 != end.cenlen && end.cenlen != ZIP64_MINVAL || ++ cenoff64 != end.cenoff && end.cenoff != ZIP64_MINVAL || ++ centot64 != end.centot && end.centot != ZIP64_MINVAL32) { ++ return end; + } ++ // to use the end64 values ++ end.cenlen = cenlen64; ++ end.cenoff = cenoff64; ++ end.centot = (int)centot64; // assume total < 2g ++ end.endpos = end64pos; + return end; + } + } +@@ -1201,7 +1211,7 @@ public class ZipFileSystem extends FileSystem { + + // sync the zip file system, if there is any udpate + private void sync() throws IOException { +- //System.out.printf("->sync(%s) starting....!%n", toString()); ++ // System.out.printf("->sync(%s) starting....!%n", toString()); + // check ex-closer + if (!exChClosers.isEmpty()) { + for (ExChannelCloser ecc : exChClosers) { +@@ -1292,7 +1302,7 @@ public class ZipFileSystem extends FileSystem { + } + end.centot = elist.size(); + end.cenlen = written - end.cenoff; +- end.write(os, written); ++ end.write(os, written, forceEnd64); + } + if (!streams.isEmpty()) { + // +@@ -1849,8 +1859,8 @@ public class ZipFileSystem extends FileSystem { + long endpos; + int disktot; + +- void write(OutputStream os, long offset) throws IOException { +- boolean hasZip64 = false; ++ void write(OutputStream os, long offset, boolean forceEnd64) throws IOException { ++ boolean hasZip64 = forceEnd64; // false; + long xlen = cenlen; + long xoff = cenoff; + if (xlen >= ZIP64_MINVAL) { +@@ -1875,8 +1885,8 @@ public class ZipFileSystem extends FileSystem { + writeShort(os, 45); // version needed to extract + writeInt(os, 0); // number of this disk + writeInt(os, 0); // central directory start disk +- writeLong(os, centot); // number of directory entires on disk +- writeLong(os, centot); // number of directory entires ++ writeLong(os, centot); // number of directory entries on disk ++ writeLong(os, centot); // number of directory entries + writeLong(os, cenlen); // length of central directory + writeLong(os, cenoff); // offset of central directory + +diff --git openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c +index 5fd6fea049d..858e5814e92 100644 +--- openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c ++++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c +@@ -385,6 +385,9 @@ findEND64(jzfile *zip, void *end64buf, jlong endpos) + { + char loc64[ZIP64_LOCHDR]; + jlong end64pos; ++ if (endpos < ZIP64_LOCHDR) { ++ return -1; ++ } + if (readFullyAt(zip->zfd, loc64, ZIP64_LOCHDR, endpos - ZIP64_LOCHDR) == -1) { + return -1; // end64 locator not found + } +@@ -567,6 +570,7 @@ readCEN(jzfile *zip, jint knownTotal) + { + /* Following are unsigned 32-bit */ + jlong endpos, end64pos, cenpos, cenlen, cenoff; ++ jlong cenlen64, cenoff64, centot64; + /* Following are unsigned 16-bit */ + jint total, tablelen, i, j; + unsigned char *cenbuf = NULL; +@@ -594,13 +598,20 @@ readCEN(jzfile *zip, jint knownTotal) + cenlen = ENDSIZ(endbuf); + cenoff = ENDOFF(endbuf); + total = ENDTOT(endbuf); +- if (cenlen == ZIP64_MAGICVAL || cenoff == ZIP64_MAGICVAL || +- total == ZIP64_MAGICCOUNT) { +- unsigned char end64buf[ZIP64_ENDHDR]; +- if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) { +- cenlen = ZIP64_ENDSIZ(end64buf); +- cenoff = ZIP64_ENDOFF(end64buf); +- total = (jint)ZIP64_ENDTOT(end64buf); ++ unsigned char end64buf[ZIP64_ENDHDR]; ++ if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) { ++ // end64 candidate found, ++ cenlen64 = ZIP64_ENDSIZ(end64buf); ++ cenoff64 = ZIP64_ENDOFF(end64buf); ++ centot64 = ZIP64_ENDTOT(end64buf); ++ // double-check ++ if ((cenlen64 == cenlen || cenlen == ZIP64_MAGICVAL) && ++ (cenoff64 == cenoff || cenoff == ZIP64_MAGICVAL) && ++ (centot64 == total || total == ZIP64_MAGICCOUNT)) { ++ // to use the end64 values ++ cenlen = cenlen64; ++ cenoff = cenoff64; ++ total = (jint)centot64; + endpos = end64pos; + endhdrlen = ZIP64_ENDHDR; + } +diff --git openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +index ffe8a8ed712..9b380003893 100644 +--- openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java ++++ openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +@@ -22,7 +22,7 @@ + */ + + /* @test +- * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 ++ * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 8186464 + * @summary Make sure we can read a zip file. + @key randomness + * @run main/othervm ReadZip +@@ -31,12 +31,24 @@ + */ + + import java.io.*; ++import java.net.URI; + import java.nio.file.Files; ++import java.nio.file.FileSystem; ++import java.nio.file.FileSystems; ++import java.nio.file.Path; + import java.nio.file.Paths; + import java.nio.file.StandardCopyOption; + import java.nio.file.StandardOpenOption; ++import java.util.Collections; ++import java.util.HashMap; ++import java.util.List; ++import java.util.Map; + import java.util.zip.*; + ++import sun.misc.IOUtils; ++ ++import static java.nio.charset.StandardCharsets.US_ASCII; ++ + public class ReadZip { + private static void unreached (Object o) + throws Exception +@@ -144,8 +156,6 @@ public class ReadZip { + newZip.delete(); + } + +- +- + // Throw a FNF exception when read a non-existing zip file + try { unreached (new ZipFile( + new File(System.getProperty("test.src", "."), +@@ -153,5 +163,54 @@ public class ReadZip { + + String.valueOf(new java.util.Random().nextInt()) + + ".zip"))); + } catch (FileNotFoundException fnfe) {} ++ ++ // read a zip file with ZIP64 end ++ Path path = Paths.get(System.getProperty("test.dir", ""), "end64.zip"); ++ try { ++ URI uri = URI.create("jar:" + path.toUri()); ++ Map env = new HashMap<>(); ++ env.put("create", "true"); ++ env.put("forceZIP64End", "true"); ++ try (FileSystem fs = FileSystems.newFileSystem(uri, env)) { ++ Files.write(fs.getPath("hello"), "hello".getBytes()); ++ } ++ try (ZipFile zf = new ZipFile(path.toFile())) { ++ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("hello"))), ++ US_ASCII))) ++ throw new RuntimeException("zipfile: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ try (FileSystem fs = FileSystems.newFileSystem(uri, Collections.emptyMap())) { ++ if (!"hello".equals(new String(Files.readAllBytes(fs.getPath("hello"))))) ++ throw new RuntimeException("zipfs: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ } finally { ++ Files.deleteIfExists(path); ++ } ++ ++ // read a zip file created via "echo hello | zip dst.zip -", which uses ++ // ZIP64 end record ++ if (Files.notExists(Paths.get("/usr/bin/zip"))) ++ return; ++ try { ++ Process zip = new ProcessBuilder("zip", path.toString().toString(), "-").start(); ++ OutputStream os = zip.getOutputStream(); ++ os.write("hello".getBytes(US_ASCII)); ++ os.close(); ++ zip.waitFor(); ++ if (zip.exitValue() == 0 && Files.exists(path)) { ++ try (ZipFile zf = new ZipFile(path.toFile())) { ++ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("-")))))) ++ throw new RuntimeException("zipfile: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ } ++ } finally { ++ Files.deleteIfExists(path); ++ } + } + } diff --git a/SOURCES/rh1648644-java_access_bridge_privileged_security.patch b/SOURCES/rh1648644-java_access_bridge_privileged_security.patch deleted file mode 100644 index 28060ed..0000000 --- a/SOURCES/rh1648644-java_access_bridge_privileged_security.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux ---- openjdk.orig/jdk/src/share/lib/security/java.security-linux -+++ openjdk/jdk/src/share/lib/security/java.security-linux -@@ -226,7 +226,9 @@ - com.sun.activation.registries.,\ - jdk.jfr.events.,\ - jdk.jfr.internal.,\ -- jdk.management.jfr.internal. -+ jdk.management.jfr.internal.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo. - - # - # List of comma-separated packages that start with or equal this string -@@ -279,7 +281,9 @@ - com.sun.activation.registries.,\ - jdk.jfr.events.,\ - jdk.jfr.internal.,\ -- jdk.management.jfr.internal. -+ jdk.management.jfr.internal.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo. - - # - # Determines whether this properties file can be appended to diff --git a/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch b/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch new file mode 100644 index 0000000..e909809 --- /dev/null +++ b/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch @@ -0,0 +1,13 @@ +--- openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100 ++++ openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100 +@@ -48,8 +48,8 @@ + + private final static String PROP_NAME = "sun.security.smartcardio.library"; + +- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so"; +- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so"; ++ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1"; ++ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1"; + private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC"; + + PlatformPCSC() { diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index beafcaa..ff49a10 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -297,8 +297,8 @@ # Define version of OpenJDK 8 used %global project openjdk %global repo shenandoah-jdk8u -%global openjdk_revision jdk8u402-b06 -%global shenandoah_revision shenandoah-%{openjdk_revision} +%global openjdk_revision 8u412-b08 +%global shenandoah_revision shenandoah%{openjdk_revision} # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 # Define current Git revision for the FIPS support patches @@ -345,7 +345,7 @@ %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global rpmrelease 2 # Settings used by the portable build -%global portablerelease 1 +%global portablerelease 2 %global portablesuffix el8 %global portablebuilddir /builddir/build/BUILD @@ -1146,8 +1146,9 @@ Provides: jre%{?1} = %{epoch}:%{javaver} Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ Requires: javapackages-filesystem -# 2022g required as of JDK-8297804 -Requires: tzdata-java >= 2022g +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +Requires: tzdata-java >= 2023d # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1307,14 +1308,14 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv URL: http://openjdk.java.net/ # Shenandoah HotSpot -# aarch64-port/jdk8u-shenandoah contains an integration forest of -# OpenJDK 8u, the aarch64 port and Shenandoah +# openjdk/shenandoah-jdk8u contains an integration forest of +# OpenJDK 8u and the Shenandoah garbage collector # To regenerate, use: # VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION} +# FILE_NAME_ROOT=${VERSION} # REPO_ROOT= generate_source_tarball.sh # where the source is obtained from http://github.com/%%{project}/%%{repo} -Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz +Source0: %{shenandoah_revision}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (3.x). @@ -1378,8 +1379,6 @@ Source20: java-1.%{majorver}.0-openjdk-portable.specfile # Accessibility patches # Ignore AWTError when assistive technologies are loaded Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch -# Restrict access to java-atk-wrapper classes -Patch3: rh1648644-java_access_bridge_privileged_security.patch # Turn on AssumeMP by default on RHEL systems Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch # RH1648249: Add PKCS11 provider to java.security @@ -1431,10 +1430,14 @@ Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_t # Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts # as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch -# enable build of speculative store bypass hardened alt-java +# RH1684077, JDK-8009550: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo +Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) Patch600: rh1750419-redhat_alt_java.patch # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch +# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files +Patch12: jdk8186464-rh1433262-zip64_failure.patch ############################################# # @@ -1569,8 +1572,9 @@ BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}- %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2023c required as of JDK-8305113 -BuildRequires: tzdata-java >= 2023c +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +BuildRequires: tzdata-java >= 2023d # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1863,6 +1867,9 @@ fi echo "Update version: %{updatever}" echo "Build number: %{buildver}" echo "Milestone: %{milestone}" +%ifnarch %{ix86} +export XZ_OPT="-T0" +%endif %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` @@ -1883,6 +1890,20 @@ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ # OpenJDK patches +# This syntax is deprecated: +# %patchN [...] +# and should be replaced with: +# %patch -PN [...] +# For example: +# %patch1001 -p1 +# becomes: +# %patch -P1001 -p1 +# The replacement format suggested by recent (circa Fedora 38) RPM +# deprecation messages: +# %patch N [...] +# is not backward-compatible with prior (circa RHEL-8) versions of +# rpmbuild. + %if %{system_libs} # Remove libraries that are linked sh %{SOURCE12} @@ -1890,52 +1911,53 @@ sh %{SOURCE12} # System library fixes %if %{system_libs} -%patch201 -%patch202 -%patch203 -%patch204 +%patch -P201 +%patch -P202 +%patch -P203 +%patch -P204 %endif -%patch1 -%patch3 -%patch5 +%patch -P1 +%patch -P5 # s390 build fixes -%patch102 -%patch103 -%patch107 +%patch -P102 +%patch -P103 +%patch -P107 # AArch64 fixes # x86 fixes -%patch105 +%patch -P105 # Upstreamable fixes -%patch502 -%patch512 -%patch523 -%patch528 -%patch571 -%patch574 -%patch112 -%patch581 +%patch -P502 +%patch -P512 +%patch -P523 +%patch -P528 +%patch -P571 +%patch -P574 +%patch -P112 +%patch -P581 +%patch -P541 +%patch -P12 pushd %{top_level_dir_name} # Add crypto policy and FIPS support -%patch1001 -p1 +%patch -P1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security -%patch1000 -p1 +%patch -P1000 -p1 # system cacerts support -%patch539 -p1 +%patch -P539 -p1 popd # RPM-only fixes -%patch600 -%patch1003 +%patch -P600 +%patch -P1003 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 -%patch534 +%patch -P534 %endif # Shenandoah patches @@ -2632,6 +2654,88 @@ cjc.mainProgram(args) %endif %changelog +* Mon Apr 08 2024 Andrew Hughes - 1:1.8.0.412.b08-2 +- Update to shenandoah-jdk8u412-b08 (GA) +- Update release notes for shenandoah-8u412-b08. +- Complete release note for Certainly roots +- Switch to GA mode. +- Sync the copy of the portable specfile with the latest update +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** +- Resolves: RHEL-32396 + +* Fri Apr 05 2024 Andrew Hughes - 1:1.8.0.412.b07-0.2.ea +- Update to shenandoah-jdk8u412-b07 (EA) +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 +- Only require tzdata 2023d for now as 2024a is unavailable in buildroot +- Sync the copy of the portable specfile with the latest update +- Related: RHEL-30931 + +* Fri Mar 22 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Turn off xz multi-threading on i686 as it fails with an out of memory error +- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources +- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity +- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork +- generate_source_tarball.sh: Adapt version logic to work with 8u +- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086) +- generate_source_tarball.sh: Update examples in header for clarity +- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP +- generate_source_tarball.sh: Only add --depth=1 on non-local repositories +- Move maintenance scripts to a scripts subdirectory +- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository +- discover_trees.sh: Set compile-command and indentation instructions for Emacs +- discover_trees.sh: shellcheck: Do not use -o (SC2166) +- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- discover_trees.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: Add authorship +- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs +- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) +- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: Set compile-command and indentation instructions for Emacs +- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) +- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) +- Remove obsolete file generate_singlerepo_source_tarball.sh +- Remove obsolete file get_sources.sh +- Remove obsolete file update_main_sources.sh +- generate_source_tarball.sh: Handle an existing checkout +- generate_source_tarball.sh: Sync indentation with java-21-openjdk version +- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS +- Sync patch set with portable build +- Related: RHEL-30931 + +* Fri Mar 22 2024 Thomas Fitzsimmons - 1:1.8.0.412.b01-0.2.ea +- Invoke xz in multi-threaded mode +- generate_source_tarball.sh: Add WITH_TEMP environment variable +- generate_source_tarball.sh: Multithread xz on all available cores +- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable +- generate_source_tarball.sh: Update comment about tarball naming +- generate_source_tarball.sh: Reformat comment header +- generate_source_tarball.sh: Reformat and update help output +- generate_source_tarball.sh: Do a shallow clone, for speed +- generate_source_tarball.sh: Eliminate some removal prompting +- generate_source_tarball.sh: Make tarball reproducible +- generate_source_tarball.sh: Prefix temporary directory with temp- +- generate_source_tarball.sh: Remove temporary directory exit conditions +- generate_source_tarball.sh: Set compile-command in Emacs +- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT +- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks +- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) +- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) +- Use backward-compatible patch syntax +- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST +- generate_source_tarball.sh: Remove trailing period in echo +- generate_source_tarball.sh: Use long-style argument to grep +- generate_source_tarball.sh: Add license +- generate_source_tarball.sh: Add indentation instructions for Emacs +- Related: RHEL-30931 + +* Thu Mar 21 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Update to shenandoah-jdk8u412-b01 (EA) +- Switch to EA mode. +- Related: RHEL-30931 + * Thu Jan 11 2024 Andrew Hughes - 1:1.8.0.402.b06-0.2.ea - Update to shenandoah-jdk8u402-b06 (GA) - Sync the copy of the portable specfile with the latest update