import java-1.8.0-openjdk-1.8.0.322.b06-11.el8

This commit is contained in:
CentOS Sources 2022-05-10 03:00:08 -04:00 committed by Stepan Oksanichenko
parent e5bbbd99d0
commit 2f7c33ab8f
12 changed files with 852 additions and 201 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz SOURCES/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -1,2 +1,2 @@
a93b3d0fd5da1f95f22c85003fd3d4007e69ab32 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz c54dd40b6deb5defa8d4d7132d650080d0e300f4 SOURCES/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -3,70 +3,6 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u332 (2022-04-19):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u332
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
* Security fixes
- JDK-8269938: Enhance XML processing passes redux
- JDK-8270504, CVE-2022-21426: Better XPath expression handling
- JDK-8272255: Completely handle MIDI files
- JDK-8272261: Improve JFR recording file processing
- JDK-8272594: Better record of recordings
- JDK-8274221: More definite BER encodings
- JDK-8275151, CVE-2022-21443: Improved Object Identification
- JDK-8277227: Better identification of OIDs
- JDK-8277672, CVE-2022-21434: Better invocation handler handling
- JDK-8278008, CVE-2022-21476: Improve Santuario processing
- JDK-8278356: Improve file creation
- JDK-8278449: Improve keychain support
- JDK-8278805: Enhance BMP image loading
- JDK-8278972, CVE-2022-21496: Improve URL supports
- JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
* Other changes
- JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
- JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
- JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java
- JDK-8037259: xerces update: xpointer update
- JDK-8041523: Xerces Update: Serializer improvements from Xalan
- JDK-8141508: java.lang.invoke.LambdaConversionException: Invalid receiver type
- JDK-8162572: Update License Header for all JAXP sources
- JDK-8167014: jdeps: Missing message: warn.skipped.entry
- JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5
- JDK-8202822: Add .git to .hgignore
- JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 <cont> commands
- JDK-8209178: Proxied HttpsURLConnection doesn't send BODY when retrying POST request
- JDK-8210283: Support git as an SCM alternative in the build
- JDK-8218682: [TEST_BUG] DashOffset fails in mach5
- JDK-8225690: Multiple AttachListener threads can be created
- JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
- JDK-8227815: Minimal VM: set_state is not a member of AttachListener
- JDK-8240633: Memory leaks in the implementations of FileChooserUI
- JDK-8241768: git needs .gitattributes
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
- JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
- JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
- JDK-8270290: NTLM authentication fails if HEAD request is used
- JDK-8273229: Update OS detection code to recognize Windows Server 2022
- JDK-8273341: Update Siphash to version 1.0
- JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated
- JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
- JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
- JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
- JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack()
- JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
- JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
- JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
- JDK-8284920: Incorrect Token type causes XPath expression to return empty result
- JDK-8284936: Fix Java 7 bootstrap breakage due to use of Arrays.stream
* Shenandoah
- JDK-8260632: Build failures after JDK-8253353
- JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git
New in release OpenJDK 8u322 (2022-01-18): New in release OpenJDK 8u322 (2022-01-18):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:

View File

@ -22,7 +22,7 @@ diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/fla
+ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned. + # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned.
+ # While waiting for a better solution, the current workaround is to use -mstackrealign + # While waiting for a better solution, the current workaround is to use -mstackrealign
+ # This is also required on Linux systems which use libraries compiled with SSE instructions + # This is also required on Linux systems which use libraries compiled with SSE instructions
+ REALIGN_CFLAG="-mstackrealign" + REALIGN_CFLAG="-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4"
+ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [], + FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
+ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.]) + AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
+ ) + )

View File

@ -0,0 +1,13 @@
diff --git openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
--- openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
+++ openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
@@ -493,9 +493,6 @@
assert(labs(istate->_stack_base - istate->_stack_limit) == (istate->_method->max_stack() + extra_stack_entries
+ 1), "bad stack limit");
}
-#ifndef SHARK
- IA32_ONLY(assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1, "wrong"));
-#endif // !SHARK
}
// Verify linkages.
interpreterState l = istate;

View File

@ -0,0 +1,26 @@
diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
index cf4becb7db..4ab2ac0a31 100644
--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
ctx = getLdapCtxFromUrl(
r.getDomainName(), url, new LdapURL(u), env);
return ctx;
+ } catch (AuthenticationException e) {
+ // do not retry on a different endpoint to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
// try the next element
lastException = e;
@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
for (String u : urls) {
try {
return getUsingURL(u, env);
+ } catch (AuthenticationException e) {
+ // do not retry on a different URL to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
ex = e;
}

View File

@ -0,0 +1,23 @@
# HG changeset patch
# User zgu
# Date 1641313782 0
# Tue Jan 04 16:29:42 2022 +0000
# Node ID b694a28adaa2a602fedbc4aeba69b9c2350e7409
# Parent 3177fc2314df6deb4d4771148f27934a597dd1d7
8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
Reviewed-by: phh
diff --git openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
--- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
+++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
@@ -176,6 +176,10 @@
Thread* t = ThreadLocalStorage::get_thread_slow();
+ // Must do this before SignalHandlerMark, if crash protection installed we will longjmp away
+ // (no destructors can be run)
+ os::ThreadCrashProtection::check_crash_protection(sig, t);
+
SignalHandlerMark shm(t);
// Note: it's not uncommon that JNI code uses signal/sigset to install

View File

@ -0,0 +1,67 @@
# HG changeset patch
# User Andrew John Hughes <gnu_andrew@member.fsf.org>
# Date 1620365804 -3600
# Fri May 07 06:36:44 2021 +0100
# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8
# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b
PR3836: Extra compiler flags not passed to adlc build
diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make
--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make
+++ openjdk/hotspot/make/aix/makefiles/adlc.make
@@ -69,6 +69,11 @@
CFLAGS_WARN = -w
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make
--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make
+++ openjdk/hotspot/make/bsd/makefiles/adlc.make
@@ -71,6 +71,11 @@
endif
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make
--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make
+++ openjdk/hotspot/make/linux/makefiles/adlc.make
@@ -69,6 +69,11 @@
CFLAGS_WARN = $(WARNINGS_ARE_ERRORS)
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make
--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make
+++ openjdk/hotspot/make/solaris/makefiles/adlc.make
@@ -85,6 +85,10 @@
endif
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
ifeq ("${Platform_compiler}", "sparcWorks")
# Enable the following CFLAGS addition if you need to compare the
# built ELF objects.

View File

@ -1,6 +1,6 @@
name = NSS-FIPS name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@ nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = @NSS_SECMOD@ nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly nssDbMode = readOnly
nssModule = fips nssModule = fips

View File

@ -0,0 +1,98 @@
commit aaf92165ad1cbb1c9818eb60178c91293e13b053
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Mon Jan 24 15:13:14 2022 +0000
RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
index fa494b680f..b5aa5c749d 100644
--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
+++ openjdk/jdk/src/share/classes/java/security/Security.java
@@ -57,10 +57,6 @@ public final class Security {
private static final Debug sdebug =
Debug.getInstance("properties");
- /* System property file*/
- private static final String SYSTEM_PROPERTIES =
- "/etc/crypto-policies/back-ends/java.config";
-
/* The java.security properties */
private static Properties props;
@@ -202,13 +198,6 @@ public final class Security {
}
}
- String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
- if (disableSystemProps == null &&
- "true".equalsIgnoreCase(props.getProperty
- ("security.useSystemPropertiesFile"))) {
- loadedProps = loadedProps && SystemConfigurator.configure(props);
- }
-
if (!loadedProps) {
initializeStatic();
if (sdebug != null) {
@@ -217,6 +206,28 @@ public final class Security {
}
}
+ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+ if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
+ "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
+ if (!SystemConfigurator.configureSysProps(props)) {
+ if (sdebug != null) {
+ sdebug.println("WARNING: System properties could not be loaded.");
+ }
+ }
+ }
+
+ // FIPS support depends on the contents of java.security so
+ // ensure it has loaded first
+ if (loadedProps) {
+ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
+ if (sdebug != null) {
+ if (fipsEnabled) {
+ sdebug.println("FIPS support enabled.");
+ } else {
+ sdebug.println("FIPS support disabled.");
+ }
+ }
+ }
}
/*
diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
index d1f677597d..7da65b1d2c 100644
--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
+++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
@@ -76,7 +76,7 @@ final class SystemConfigurator {
* java.security.disableSystemPropertiesFile property is not set and
* security.useSystemPropertiesFile is true.
*/
- static boolean configure(Properties props) {
+ static boolean configureSysProps(Properties props) {
boolean loadedProps = false;
try (BufferedInputStream bis =
@@ -96,11 +96,19 @@ final class SystemConfigurator {
e.printStackTrace();
}
}
+ return loadedProps;
+ }
+
+ /*
+ * Invoked at the end of java.security.Security initialisation
+ * if java.security properties have been loaded
+ */
+ static boolean configureFIPS(Properties props) {
+ boolean loadedProps = false;
try {
if (enableFips()) {
if (sdebug != null) { sdebug.println("FIPS mode detected"); }
- loadedProps = false;
// Remove all security providers
Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
while (i.hasNext()) {

View File

@ -0,0 +1,220 @@
commit 820d1b1b23be6ea2fd34c687a1be384e7a9830e2
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Mon Feb 28 05:50:10 2022 +0000
RH2051605: Detect NSS at Runtime for FIPS detection
diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
index 34d0ff0ce9..8dcb7d9073 100644
--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
+++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
@@ -23,25 +23,99 @@
* questions.
*/
-#include <dlfcn.h>
#include <jni.h>
#include <jni_util.h>
+#include "jvm_md.h"
#include <stdio.h>
#ifdef SYSCONF_NSS
#include <nss3/pk11pub.h>
+#else
+#include <dlfcn.h>
#endif //SYSCONF_NSS
#include "java_security_SystemConfigurator.h"
+#define MSG_MAX_SIZE 256
#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
-#define MSG_MAX_SIZE 96
+typedef int (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE)(void);
+
+static SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE *getSystemFIPSEnabled;
static jmethodID debugPrintlnMethodID = NULL;
static jobject debugObj = NULL;
-static void throwIOException(JNIEnv *env, const char *msg);
-static void dbgPrint(JNIEnv *env, const char* msg);
+static void dbgPrint(JNIEnv *env, const char* msg)
+{
+ jstring jMsg;
+ if (debugObj != NULL) {
+ jMsg = (*env)->NewStringUTF(env, msg);
+ CHECK_NULL(jMsg);
+ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
+ }
+}
+
+static void throwIOException(JNIEnv *env, const char *msg)
+{
+ jclass cls = (*env)->FindClass(env, "java/io/IOException");
+ if (cls != 0)
+ (*env)->ThrowNew(env, cls, msg);
+}
+
+static void handle_msg(JNIEnv *env, const char* msg, int msg_bytes)
+{
+ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
+ dbgPrint(env, msg);
+ } else {
+ dbgPrint(env, "systemconf: cannot render message");
+ }
+}
+
+// Only used when NSS is not linked at build time
+#ifndef SYSCONF_NSS
+
+static void *nss_handle;
+
+static jboolean loadNSS(JNIEnv *env)
+{
+ char msg[MSG_MAX_SIZE];
+ int msg_bytes;
+ const char* errmsg;
+
+ nss_handle = dlopen(JNI_LIB_NAME("nss3"), RTLD_LAZY);
+ if (nss_handle == NULL) {
+ errmsg = dlerror();
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlopen: %s\n",
+ errmsg);
+ handle_msg(env, msg, msg_bytes);
+ return JNI_FALSE;
+ }
+ dlerror(); /* Clear errors */
+ getSystemFIPSEnabled = (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE*)dlsym(nss_handle, "SECMOD_GetSystemFIPSEnabled");
+ if ((errmsg = dlerror()) != NULL) {
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlsym: %s\n",
+ errmsg);
+ handle_msg(env, msg, msg_bytes);
+ return JNI_FALSE;
+ }
+ return JNI_TRUE;
+}
+
+static void closeNSS(JNIEnv *env)
+{
+ char msg[MSG_MAX_SIZE];
+ int msg_bytes;
+ const char* errmsg;
+
+ if (dlclose(nss_handle) != 0) {
+ errmsg = dlerror();
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "closeNSS: dlclose: %s\n",
+ errmsg);
+ handle_msg(env, msg, msg_bytes);
+ }
+}
+
+#endif
/*
* Class: java_security_SystemConfigurator
@@ -84,6 +158,14 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
debugObj = (*env)->NewGlobalRef(env, debugObj);
}
+#ifdef SYSCONF_NSS
+ getSystemFIPSEnabled = *SECMOD_GetSystemFIPSEnabled;
+#else
+ if (loadNSS(env) == JNI_FALSE) {
+ dbgPrint(env, "libsystemconf: Failed to load NSS library.");
+ }
+#endif
+
return (*env)->GetVersion(env);
}
@@ -99,6 +181,9 @@ JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
return; /* Should not happen */
}
+#ifndef SYSCONF_NSS
+ closeNSS(env);
+#endif
(*env)->DeleteGlobalRef(env, debugObj);
}
}
@@ -110,61 +195,30 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
char msg[MSG_MAX_SIZE];
int msg_bytes;
-#ifdef SYSCONF_NSS
-
- dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
- fips_enabled = SECMOD_GetSystemFIPSEnabled();
- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
- " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
- dbgPrint(env, msg);
+ if (getSystemFIPSEnabled != NULL) {
+ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
+ fips_enabled = (*getSystemFIPSEnabled)();
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
+ handle_msg(env, msg, msg_bytes);
+ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
} else {
- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
- " SECMOD_GetSystemFIPSEnabled return value");
- }
- return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
-
-#else // SYSCONF_NSS
+ FILE *fe;
- FILE *fe;
-
- dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
- if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
return JNI_FALSE;
- }
- fips_enabled = fgetc(fe);
- fclose(fe);
- if (fips_enabled == EOF) {
+ }
+ fips_enabled = fgetc(fe);
+ fclose(fe);
+ if (fips_enabled == EOF) {
throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
return JNI_FALSE;
- }
- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
- " read character is '%c'", fips_enabled);
- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
- dbgPrint(env, msg);
- } else {
- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
- " read character");
- }
- return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
-
-#endif // SYSCONF_NSS
-}
-
-static void throwIOException(JNIEnv *env, const char *msg)
-{
- jclass cls = (*env)->FindClass(env, "java/io/IOException");
- if (cls != 0)
- (*env)->ThrowNew(env, cls, msg);
-}
-
-static void dbgPrint(JNIEnv *env, const char* msg)
-{
- jstring jMsg;
- if (debugObj != NULL) {
- jMsg = (*env)->NewStringUTF(env, msg);
- CHECK_NULL(jMsg);
- (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
+ }
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " read character is '%c'", fips_enabled);
+ handle_msg(env, msg, msg_bytes);
+ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
}
}

View File

@ -21,6 +21,15 @@
%bcond_without release %bcond_without release
# Remove build artifacts by default # Remove build artifacts by default
%bcond_with artifacts %bcond_with artifacts
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
%bcond_without fresh_libjvm
# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
%if %{with fresh_libjvm}
%global build_hotspot_first 1
%else
%global build_hotspot_first 0
%endif
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs. # The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info. # This fixes detailed NMT and other tools which need minimal debug info.
@ -58,6 +67,20 @@
%global normal_build %{nil} %global normal_build %{nil}
%endif %endif
# We have hardcoded list of files, which is appearing in alternatives, and in files
# in alternatives those are slaves and master, very often triplicated by man pages
# in files all masters and slaves are ghosted
# the ghosts are here to allow installation via query like `dnf install /usr/bin/java`
# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ -e alternatives
# TODO - fix those hardcoded lists via single list
# Those files must *NOT* be ghosted for *slowdebug* packages
# FIXME - if you are moving jshell or jlink or similar, always modify all three sections
# you can check via headless and devels:
# rpm -ql --noghost java-11-openjdk-headless-11.0.1.13-8.fc29.x86_64.rpm | grep bin
# == rpm -ql java-11-openjdk-headless-slowdebug-11.0.1.13-8.fc29.x86_64.rpm | grep bin
# != rpm -ql java-11-openjdk-headless-11.0.1.13-8.fc29.x86_64.rpm | grep bin
# similarly for other %%{_jvmdir}/{jre,java} and %%{_javadocdir}/{java,java-zip}
%global aarch64 aarch64 arm64 armv8 %global aarch64 aarch64 arm64 armv8
# we need to distinguish between big and little endian PPC64 # we need to distinguish between big and little endian PPC64
%global ppc64le ppc64le %global ppc64le ppc64le
@ -69,7 +92,7 @@
# Set of architectures for which we build fastdebug builds # Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64 %global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler # Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches} %global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches) # Set of architectures which use the Zero assembler port (!jit_arches)
%global zero_arches %{arm} ppc s390 s390x %global zero_arches %{arm} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle # Set of architectures which run a full bootstrap cycle
@ -86,6 +109,8 @@
%global jfr_arches %{jit_arches} %global jfr_arches %{jit_arches}
# Set of architectures for which alt-java has SSB mitigation # Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64 %global ssbd_arches x86_64
# Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a debug build during main build on JIT architectures # By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug} %if %{with slowdebug}
@ -121,7 +146,7 @@
%global fastdebug_build %{nil} %global fastdebug_build %{nil}
%endif %endif
# If you disable both builds, then the build fails # If you disable all builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics # Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} %global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
@ -135,10 +160,22 @@
%global release_targets images docs-zip %global release_targets images docs-zip
# No docs nor bootcycle for debug builds # No docs nor bootcycle for debug builds
%global debug_targets images %global debug_targets images
# Target to use to just build HotSpot
%global hotspot_target hotspot
# JDK to use for bootstrapping
# Use OpenJDK 7 where available (on RHEL) to avoid
# having to use the rhel-7.x-java-unsafe-candidate hack
%if ! 0%{?fedora} && 0%{?rhel} <= 7
%global buildjdkver 1.7.0
%else
%global buildjdkver 1.8.0
%endif
%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
# Filter out flags from the optflags macro that cause problems with the OpenJDK build # Filter out flags from the optflags macro that cause problems with the OpenJDK build
# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs)
# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 # We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs)
# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings # We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings
# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++ # We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++
%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||') %global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||')
@ -159,17 +196,6 @@
%global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi) %global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi)
%global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi) %global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi)
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349.
# See also https://bugzilla.redhat.com/show_bug.cgi?id=1590796
# as to why some libraries *cannot* be excluded. In particular,
# these are:
# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so
%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
%global __provides_exclude ^(%{_privatelibs})$
%global __requires_exclude ^(%{_privatelibs})$
# In some cases, the arch used by the JDK does # In some cases, the arch used by the JDK does
# not match _arch. # not match _arch.
# Also, in some cases, the machine name used by SystemTap # Also, in some cases, the machine name used by SystemTap
@ -267,7 +293,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk %global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u %global shenandoah_repo shenandoah-jdk8u
%global shenandoah_revision shenandoah-jdk8u332-b09 %global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
# Define old aarch64/jdk8u tree variables for compatibility # Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project} %global project %{shenandoah_project}
%global repo %{shenandoah_repo} %global repo %{shenandoah_repo}
@ -283,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 1 %global rpmrelease 11
# Define milestone (EA for pre-releases, GA ("fcs") for releases) # Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases, # - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -318,6 +344,16 @@
# main id and dir of this jdk # main id and dir of this jdk
%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} %define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}}
# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349.
# See also https://bugzilla.redhat.com/show_bug.cgi?id=1590796
# as to why some libraries *cannot* be excluded. In particular,
# these are:
# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so
%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
%global __provides_exclude ^(%{_privatelibs})$
%global __requires_exclude ^(%{_privatelibs})$
%global etcjavasubdir %{_sysconfdir}/java/java-%{javaver}-%{origin} %global etcjavasubdir %{_sysconfdir}/java/java-%{javaver}-%{origin}
%define etcjavadir() %{expand:%{etcjavasubdir}/%{uniquesuffix -- %{?1}}} %define etcjavadir() %{expand:%{etcjavasubdir}/%{uniquesuffix -- %{?1}}}
# Standard JPackage directories and symbolic links. # Standard JPackage directories and symbolic links.
@ -339,6 +375,9 @@
%global alternatives_requires %{_sbindir}/alternatives %global alternatives_requires %{_sbindir}/alternatives
%endif %endif
%global family %{name}.%{_arch}
%global family_noarch %{name}
%if %{with_systemtap} %if %{with_systemtap}
# Where to install systemtap tapset (links) # Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir, # We would like these to be in a package specific sub-dir,
@ -356,6 +395,50 @@
# not-duplicated scriptlets for normal/debug packages # not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%define save_alternatives() %{expand:
# warning! alternatives are localised!
# LANG=cs_CZ.UTF-8 alternatives --display java | head
# LANG=en_US.UTF-8 alternatives --display java | head
function nonLocalisedAlternativesDisplayOfMaster() {
LANG=en_US.UTF-8 alternatives --display "$MASTER"
}
function headOfAbove() {
nonLocalisedAlternativesDisplayOfMaster | head -n $1
}
MASTER="%{?1}"
LOCAL_LINK="%{?2}"
FAMILY="%{?3}"
rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
if headOfAbove 1 | grep -q manual ; then
if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
fi
fi
fi
}
%define save_and_remove_alternatives() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
upgrade1_uninstal0=%{?3}
if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
%{save_alternatives %{?1} %{?2} %{?4}}
fi
alternatives --remove "%{?1}" "%{?2}"
}
%define set_if_needed_alternatives() %{expand:
MASTER="%{?1}"
FAMILY="%{?2}"
ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
if [ -e "$ALTERNATIVES_FILE" ] ; then
rm "$ALTERNATIVES_FILE"
alternatives --set $MASTER $FAMILY
fi
}
%define post_script() %{expand: %define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || : update-desktop-database %{_datadir}/applications &> /dev/null || :
@ -363,20 +446,19 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
exit 0 exit 0
} }
%define alternatives_java_install() %{expand:
%define post_headless() %{expand: if [ "x$debug" == "xtrue" ] ; then
%ifarch %{share_arches} set -x
%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null fi
%endif
PRIORITY=%{priority} PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1 let PRIORITY=PRIORITY-1
fi fi
ext=.gz ext=.gz
key=java
alternatives \\ alternatives \\
--install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\ --slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\ --slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\ --slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@ -414,12 +496,23 @@ alternatives \\
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\ --slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext %{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
%{set_if_needed_alternatives $key %{family}}
for X in %{origin} %{javaver} ; do for X in %{origin} %{javaver} ; do
alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch} key=jre_"$X"
alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
done done
update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch} key=jre_%{javaver}_%{origin}
alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
%ifarch %{share_arches}
%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
%endif
update-desktop-database %{_datadir}/applications &> /dev/null || : update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@ -446,26 +539,34 @@ exit 0
%define postun_headless() %{expand: %define postun_headless() %{expand:
alternatives --remove java %{jrebindir -- %{?1}}/java if [ "x$debug" == "xtrue" ] ; then
alternatives --remove jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} set -x
alternatives --remove jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} fi
alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
%{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
} }
%define posttrans_script() %{expand: %define posttrans_script() %{expand:
%{update_desktop_icons} %{update_desktop_icons}
} }
%define post_devel() %{expand:
%define alternatives_javac_install() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
PRIORITY=%{priority} PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1 let PRIORITY=PRIORITY-1
fi fi
ext=.gz ext=.gz
key=javac
alternatives \\ alternatives \\
--install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\ --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\ --slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\ --slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\ --slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@ -559,13 +660,20 @@ alternatives \\
--slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\ --slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\
%{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext %{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext
%{set_if_needed_alternatives $key %{family}}
for X in %{origin} %{javaver} ; do for X in %{origin} %{javaver} ; do
alternatives \\ key=java_sdk_"$X"
--install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch} alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
done done
update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch} key=java_sdk_%{javaver}_%{origin}
alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || : update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || : /bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@ -573,10 +681,14 @@ exit 0
} }
%define postun_devel() %{expand: %define postun_devel() %{expand:
alternatives --remove javac %{sdkbindir -- %{?1}}/javac if [ "x$debug" == "xtrue" ] ; then
alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} set -x
alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} fi
alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
%{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || : update-desktop-database %{_datadir}/applications &> /dev/null || :
@ -588,42 +700,54 @@ exit 0
} }
%define posttrans_devel() %{expand: %define posttrans_devel() %{expand:
%{alternatives_javac_install -- %{?1}}
%{update_desktop_icons} %{update_desktop_icons}
} }
%define post_javadoc() %{expand: %define alternatives_javadoc_install() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
PRIORITY=%{priority} PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1 let PRIORITY=PRIORITY-1
fi fi
alternatives \\ key=javadocdir
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\ alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
$PRIORITY --family %{name} %{set_if_needed_alternatives $key %{family_noarch}}
exit 0 exit 0
} }
%define postun_javadoc() %{expand: %define postun_javadoc() %{expand:
alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api if [ "x$debug" == "xtrue" ] ; then
set -x
fi
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0 exit 0
} }
%define post_javadoc_zip() %{expand: %define alternatives_javadoczip_install() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
PRIORITY=%{priority} PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1 let PRIORITY=PRIORITY-1
fi fi
key=javadoczip
alternatives \\ alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\ %{set_if_needed_alternatives $key %{family_noarch}}
$PRIORITY --family %{name}
exit 0 exit 0
} }
%define postun_javadoc_zip() %{expand: %define postun_javadoc_zip() %{expand:
alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip if [ "x$debug" == "xtrue" ] ; then
set -x
fi
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0 exit 0
} }
@ -744,8 +868,10 @@ exit 0
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnio.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnio.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnpt.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnpt.so
%ifarch %{sa_arches} %ifarch %{sa_arches}
%ifnarch %{zero_arches}
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsaproc.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsaproc.so
%endif %endif
%endif
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so
@ -865,8 +991,10 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jconsole.jar %{_jvmdir}/%{sdkdir -- %{?1}}/lib/jconsole.jar
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/orb.idl %{_jvmdir}/%{sdkdir -- %{?1}}/lib/orb.idl
%ifarch %{sa_arches} %ifarch %{sa_arches}
%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/sa-jdi.jar %{_jvmdir}/%{sdkdir -- %{?1}}/lib/sa-jdi.jar
%endif %endif
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/dt.jar %{_jvmdir}/%{sdkdir -- %{?1}}/lib/dt.jar
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jexec %{_jvmdir}/%{sdkdir -- %{?1}}/lib/jexec
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tools.jar %{_jvmdir}/%{sdkdir -- %{?1}}/lib/tools.jar
@ -983,6 +1111,8 @@ OrderWithRequires: copy-jdk-configs
%endif %endif
# for printing support # for printing support
Requires: cups-libs Requires: cups-libs
# for FIPS PKCS11 provider
Requires: nss
# Post requires alternatives to install tool alternatives # Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires} Requires(post): %{alternatives_requires}
# in version 1.7 and higher for --family switch # in version 1.7 and higher for --family switch
@ -1059,9 +1189,9 @@ Requires(postun): %{alternatives_requires}
Requires(postun): chkconfig >= 1.7 Requires(postun): chkconfig >= 1.7
# Standard JPackage javadoc provides # Standard JPackage javadoc provides
Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release} Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
} }
%define java_src_rpo() %{expand: %define java_src_rpo() %{expand:
@ -1209,6 +1339,10 @@ Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues # RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch Patch1015: rh2021263-fips_missing_native_returns.patch
# RH2052819: Fix FIPS reliance on crypto policies
Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
# RH2052829: Detect NSS at Runtime for FIPS detection
Patch1017: rh2052829-fips_runtime_nss_detection.patch
############################################# #############################################
# #
@ -1237,6 +1371,10 @@ Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
Patch401: pr3655-toggle_system_crypto_policy.patch Patch401: pr3655-toggle_system_crypto_policy.patch
# enable build of speculative store bypass hardened alt-java # enable build of speculative store bypass hardened alt-java
Patch600: rh1750419-redhat_alt_java.patch Patch600: rh1750419-redhat_alt_java.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
Patch113: jdk8275535-rh2053256-ldap_auth.patch
############################################# #############################################
# #
@ -1281,6 +1419,8 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 # JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch581: jdk8257794-remove_broken_assert.patch
############################################# #############################################
# #
@ -1291,6 +1431,7 @@ Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
# able to be removed once that release is out # able to be removed once that release is out
# and used by this RPM. # and used by this RPM.
############################################# #############################################
Patch700: jdk8279077-missing_crash_protector_ppc.patch
############################################# #############################################
# #
@ -1349,22 +1490,16 @@ BuildRequires: libXinerama-devel
BuildRequires: libXrender-devel BuildRequires: libXrender-devel
BuildRequires: libXt-devel BuildRequires: libXt-devel
BuildRequires: libXtst-devel BuildRequires: libXtst-devel
# Requirements for setting up the nss.cfg and FIPS support # Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel >= 3.53 BuildRequires: nss-devel
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel BuildRequires: xorg-x11-proto-devel
BuildRequires: zip BuildRequires: zip
BuildRequires: unzip BuildRequires: unzip
# Use OpenJDK 7 where available (on RHEL) to avoid
# having to use the rhel-7.x-java-unsafe-candidate hack
%if ! 0%{?fedora} && 0%{?rhel} <= 7
# Require a boot JDK which doesn't fail due to RH1482244 # Require a boot JDK which doesn't fail due to RH1482244
BuildRequires: java-1.7.0-openjdk-devel >= 1.7.0.151-2.6.11.3 BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
%else
BuildRequires: java-1.8.0-openjdk-devel
%endif
# Zero-assembler build requirement # Zero-assembler build requirement
%ifnarch %{jit_arches} %ifarch %{zero_arches}
BuildRequires: libffi-devel BuildRequires: libffi-devel
%endif %endif
# 2021e required as of JDK-8275766 in January 2022 CPU # 2021e required as of JDK-8275766 in January 2022 CPU
@ -1554,7 +1689,8 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:1.8.0.212.b04-4 Obsoletes: javadoc-slowdebug < 1:1.8.0.212.b04-4
BuildArch: noarch BuildArch: noarch
%{java_javadoc_rpo %{nil}} %{java_javadoc_rpo -- %{nil} -zip}
%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc %description javadoc
The %{origin_nice} %{majorver} API documentation. The %{origin_nice} %{majorver} API documentation.
@ -1566,7 +1702,7 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.212.b04-4 Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.212.b04-4
BuildArch: noarch BuildArch: noarch
%{java_javadoc_rpo %{nil}} %{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip %description javadoc-zip
The %{origin_nice} %{majorver} API documentation compressed in a single archive. The %{origin_nice} %{majorver} API documentation compressed in a single archive.
@ -1635,7 +1771,7 @@ else
exit 13 exit 13
fi fi
if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then
echo "You have disabled all builds (normal,fastdebug,debug). That is a no go." echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go."
exit 14 exit 14
fi fi
@ -1698,12 +1834,16 @@ sh %{SOURCE12}
%patch528 %patch528
%patch571 %patch571
%patch574 %patch574
%patch112
%patch580 %patch580
%patch539 %patch581
%patch113
# Upstreamed fixes # Upstreamed fixes
%patch700
# RPM-only fixes # RPM-only fixes
%patch539
%patch600 %patch600
%patch1000 %patch1000
%patch1001 %patch1001
@ -1717,6 +1857,8 @@ sh %{SOURCE12}
%patch1011 %patch1011
%patch1014 %patch1014
%patch1015 %patch1015
%patch1016
%patch1017
# RHEL-only patches # RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7 %if ! 0%{?fedora} && 0%{?rhel} <= 7
@ -1777,7 +1919,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg # Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build %build
# How many CPU's do we have? # How many CPU's do we have?
@ -1797,7 +1938,6 @@ export CFLAGS="$CFLAGS -mieee"
# We use ourcppflags because the OpenJDK build seems to # We use ourcppflags because the OpenJDK build seems to
# pass EXTRA_CFLAGS to the HotSpot C++ compiler... # pass EXTRA_CFLAGS to the HotSpot C++ compiler...
# Explicitly set the C++ standard as the default has changed on GCC >= 6
EXTRA_CFLAGS="%ourcppflags -Wno-error" EXTRA_CFLAGS="%ourcppflags -Wno-error"
EXTRA_CPP_FLAGS="%ourcppflags" EXTRA_CPP_FLAGS="%ourcppflags"
@ -1814,10 +1954,9 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
function buildjdk() { function buildjdk() {
local outputdir=${1} local outputdir=${1}
local installdir=${2} local buildjdk=${2}
local buildjdk=${3} local maketargets="${3}"
local maketargets=${4} local debuglevel=${4}
local debuglevel=${5}
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
# Variable used in hs_err hook on build failures # Variable used in hs_err hook on build failures
@ -1830,7 +1969,7 @@ function buildjdk() {
echo "Using debuglevel: ${debuglevel}" echo "Using debuglevel: ${debuglevel}"
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
mkdir -p ${outputdir} ${installdir} mkdir -p ${outputdir}
pushd ${outputdir} pushd ${outputdir}
bash ${top_srcdir_abs_path}/configure \ bash ${top_srcdir_abs_path}/configure \
@ -1839,7 +1978,7 @@ function buildjdk() {
%else %else
--disable-jfr \ --disable-jfr \
%endif %endif
%ifnarch %{jit_arches} %ifarch %{zero_arches}
--with-jvm-variants=zero \ --with-jvm-variants=zero \
%endif %endif
--with-native-debug-symbols=internal \ --with-native-debug-symbols=internal \
@ -1852,7 +1991,7 @@ function buildjdk() {
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
--with-boot-jdk=${buildjdk} \ --with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \ --with-debug-level=${debuglevel} \
--enable-sysconf-nss \ --disable-sysconf-nss \
--enable-unlimited-crypto \ --enable-unlimited-crypto \
--with-zlib=system \ --with-zlib=system \
--with-libjpeg=system \ --with-libjpeg=system \
@ -1875,24 +2014,16 @@ function buildjdk() {
SCTP_WERROR= \ SCTP_WERROR= \
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
# the build (erroneously) removes read permissions from some jars popd
# this is a regression in OpenJDK 7 (our compiler): }
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
chmod ugo+r images/%{jdkimage}/lib/ct.sym
# remove redundant *diz and *debuginfo files function installjdk() {
find images/%{jdkimage} -iname '*.diz' -exec rm -v {} \; local outputdir=${1}
find images/%{jdkimage} -iname '*.debuginfo' -exec rm -v {} \; local installdir=${2}
local imagepath=${installdir}/images/%{jdkimage}
# Build screws up permissions on binaries
# https://bugs.openjdk.java.net/browse/JDK-8173610
find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
popd >& /dev/null
echo "Installing build from ${outputdir} to ${installdir}..." echo "Installing build from ${outputdir} to ${installdir}..."
mkdir -p ${installdir}
echo "Installing images..." echo "Installing images..."
mv ${outputdir}/images ${installdir} mv ${outputdir}/images ${installdir}
if [ -d ${outputdir}/bundles ] ; then if [ -d ${outputdir}/bundles ] ; then
@ -1908,8 +2039,35 @@ function buildjdk() {
echo "Removing output directory..."; echo "Removing output directory...";
rm -rf ${outputdir} rm -rf ${outputdir}
%endif %endif
if [ -d ${imagepath} ] ; then
# the build (erroneously) removes read permissions from some jars
# this is a regression in OpenJDK 7 (our compiler):
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
chmod ugo+r ${imagepath}/lib/ct.sym
# remove redundant *diz and *debuginfo files
find ${imagepath} -iname '*.diz' -exec rm -v {} \;
find ${imagepath} -iname '*.debuginfo' -exec rm -v {} \;
# Build screws up permissions on binaries
# https://bugs.openjdk.java.net/browse/JDK-8173610
find ${imagepath} -iname '*.so' -exec chmod +x {} \;
find ${imagepath}/bin/ -exec chmod +x {} \;
fi
} }
%if %{build_hotspot_first}
# Build a fresh libjvm.so first and use it to bootstrap
cp -LR --preserve=mode,timestamps %{bootjdk} newboot
systemjdk=$(pwd)/newboot
buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server
%else
systemjdk=%{bootjdk}
%endif
for suffix in %{build_loop} ; do for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then if [ "x$suffix" = "x" ] ; then
debugbuild=release debugbuild=release
@ -1918,7 +2076,6 @@ else
debugbuild=`echo $suffix | sed "s/-//g"` debugbuild=`echo $suffix | sed "s/-//g"`
fi fi
systemjdk=/usr/lib/jvm/java-openjdk
builddir=%{buildoutputdir -- $suffix} builddir=%{buildoutputdir -- $suffix}
bootbuilddir=boot${builddir} bootbuilddir=boot${builddir}
installdir=%{installoutputdir -- $suffix} installdir=%{installoutputdir -- $suffix}
@ -1936,11 +2093,14 @@ else
fi fi
if ${run_bootstrap} ; then if ${run_bootstrap} ; then
buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} installjdk ${bootbuilddir} ${bootinstalldir}
buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
installjdk ${builddir} ${installdir}
%{!?with_artifacts:rm -rf ${bootinstalldir}} %{!?with_artifacts:rm -rf ${bootinstalldir}}
else else
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
installjdk ${builddir} ${installdir}
fi fi
# Install nss.cfg right away as we will be using the JRE above # Install nss.cfg right away as we will be using the JRE above
@ -2060,7 +2220,10 @@ quit
end end
run -version run -version
EOF EOF
%ifarch %{gdb_arches}
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif
# Check src.zip has all sources. See RHBZ#1130490 # Check src.zip has all sources. See RHBZ#1130490
jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe' jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
@ -2197,7 +2360,7 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
| sed 's|'$RPM_BUILD_ROOT'||' \ | sed 's|'$RPM_BUILD_ROOT'||' \
| sed 's|^|%doc |' \ | sed 's|^|%doc |' \
>> %{name}-demo.files"$suffix" >> %{name}-demo.files"$suffix"
# Find documentation directories. # Find demo directories.
find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/sample \ $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/sample \
-type d | sort \ -type d | sort \
@ -2308,6 +2471,9 @@ cjc.mainProgram(args)
%posttrans %posttrans
%{posttrans_script %{nil}} %{posttrans_script %{nil}}
%posttrans headless
%{alternatives_java_install %{nil}}
%post devel %post devel
%{post_devel %{nil}} %{post_devel %{nil}}
@ -2317,14 +2483,14 @@ cjc.mainProgram(args)
%posttrans devel %posttrans devel
%{posttrans_devel %{nil}} %{posttrans_devel %{nil}}
%post javadoc %posttrans javadoc
%{post_javadoc %{nil}} %{alternatives_javadoc_install %{nil}}
%postun javadoc %postun javadoc
%{postun_javadoc %{nil}} %{postun_javadoc %{nil}}
%post javadoc-zip %posttrans javadoc-zip
%{post_javadoc_zip %{nil}} %{alternatives_javadoczip_install %{nil}}
%postun javadoc-zip %postun javadoc-zip
%{postun_javadoc_zip %{nil}} %{postun_javadoc_zip %{nil}}
@ -2337,6 +2503,9 @@ cjc.mainProgram(args)
%post headless-slowdebug %post headless-slowdebug
%{post_headless -- %{debug_suffix_unquoted}} %{post_headless -- %{debug_suffix_unquoted}}
%posttrans headless-slowdebug
%{alternatives_java_install -- %{debug_suffix_unquoted}}
%postun slowdebug %postun slowdebug
%{postun_script -- %{debug_suffix_unquoted}} %{postun_script -- %{debug_suffix_unquoted}}
@ -2373,6 +2542,9 @@ cjc.mainProgram(args)
%posttrans fastdebug %posttrans fastdebug
%{posttrans_script -- %{fastdebug_suffix_unquoted}} %{posttrans_script -- %{fastdebug_suffix_unquoted}}
%posttrans headless-fastdebug
%{alternatives_java_install -- %{fastdebug_suffix_unquoted}}
%post devel-fastdebug %post devel-fastdebug
%{post_devel -- %{fastdebug_suffix_unquoted}} %{post_devel -- %{fastdebug_suffix_unquoted}}
@ -2463,31 +2635,73 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.332.b09-1 * Mon Feb 28 2022 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.322.b06-11
- Update to shenandoah-jdk8u332-b09 (GA) - Storing and restoring alterntives during update manually
- Update release notes for 8u332-b09. - Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
- Switch to GA mode for final release. -- The move of alternatives creation to posttrans to fix:
- This tarball is embargoed until 2022-04-19 @ 1pm PT. -- Bug 1200302 - dnf reinstall breaks alternatives
- Resolves: rhbz#2073422 -- Had caused the alternatives to be removed, and then created again,
-- instead of being added, and then removing the old, and thus persisting
-- the selection in family
-- Thus this fix, is storing the family of manually selected master, and if
-- stored, then it is restoring the family of the master
- Resolves: rhbz#2008192
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.332.b06-0.1.ea * Mon Feb 28 2022 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.322.b06-10
- Update to shenandoah-jdk8u332-b06 (EA) - Family extracted to globals
- Update release notes for shenandoah-8u332-b06. - Resolves: rhbz#2008192
- Switch to EA mode.
- Remove JDK-8279077 patch now upstream.
- Related: rhbz#2073422
* Mon Jan 24 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-2 * Mon Feb 28 2022 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.322.b06-9
- javadoc-zip got its own provides next to plain javadoc ones
- Resolves: rhbz#2008192
* Mon Feb 28 2022 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.322.b06-8
- alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
- Resolves: rhbz#2008192
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-7
- Add JDK-8275535 patch to fix LDAP authentication issue.
- Resolves: rhbz#2053285
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-6
- Detect NSS at runtime for FIPS detection
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Resolves: rhbz#2052828
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-5
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
- Resolves: rhbz#2052817
* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-4
- Refactor build functions so we can build just HotSpot without any attempt at installation.
- Introduce architecture restriction logic for the gdb test. (RH2041970)
- Pass compiler flags to the ADLC build (JDK-8281098)
- Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
- Sync minor placement differences with Fedora & RHEL 9
- Resolves: rhbz#2022815
* Mon Jan 24 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-3
- Fix FIPS issues in native code and with initialisation of java.security.Security - Fix FIPS issues in native code and with initialisation of java.security.Security
- Related: rhbz#2039366 - Resolves: rhbz#2021263
* Fri Jan 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-1 * Fri Jan 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-2
- Update to aarch64-shenandoah-jdk8u322-b06 (EA) - Update to aarch64-shenandoah-jdk8u322-b06 (EA)
- Update release notes for 8u322-b06. - Update release notes for 8u322-b06.
- Switch to GA mode for final release. - Switch to GA mode for final release.
- Resolves: rhbz#2039366
* Thu Jan 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b05 (EA)
- Update release notes for 8u322-b05.
- Require tzdata 2021e as of JDK-8275766. - Require tzdata 2021e as of JDK-8275766.
- Update tarball generation script to use git following shenandoah-jdk8u's move to github - Update tarball generation script to use git following shenandoah-jdk8u's move to github
- Resolves: rhbz#2039366 - Resolves: rhbz#2022815
* Tue Jan 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b04-0.2.ea * Tue Jan 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b04-0.2.ea
- Add backport of JDK-8279077 to fix crash on ppc64 - Add backport of JDK-8279077 to fix crash on ppc64
@ -2497,32 +2711,86 @@ cjc.mainProgram(args)
- Update to aarch64-shenandoah-jdk8u322-b04 (EA) - Update to aarch64-shenandoah-jdk8u322-b04 (EA)
- Update release notes for 8u322-b04. - Update release notes for 8u322-b04.
- Require tzdata 2021c as of JDK-8274407. - Require tzdata 2021c as of JDK-8274407.
- Switch to EA mode. - Related: rhbz#2022815
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
- Related: rhbz#2039366
* Fri Oct 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b07-2 * Fri Jan 07 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b03 (EA)
- Update release notes for 8u322-b03.
- Related: rhbz#2022815
* Fri Dec 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b02 (EA)
- Update release notes for 8u322-b02.
- Related: rhbz#2022815
* Tue Dec 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b01 (EA)
- Update release notes for 8u322-b01.
- Switch to EA mode.
- Related: rhbz#2022815
* Mon Dec 06 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b07-5
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
- Related: rhbz#2022815
* Mon Dec 06 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:1.8.0.312.b07-4
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
secmod.db file as part of nss
- Resolves: rhbz#2023532
* Fri Oct 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b07-3
- Update to aarch64-shenandoah-jdk8u312-b07 (EA) - Update to aarch64-shenandoah-jdk8u312-b07 (EA)
- Update release notes for 8u312-b07. - Update release notes for 8u312-b07.
- Switch to GA mode for final release. - Switch to GA mode for final release.
- This tarball is embargoed until 2021-10-19 @ 1pm PT. - Resolves: rhbz#2012339
- Resolves: rhbz#2011826
* Thu Oct 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b05-0.2.ea * Tue Oct 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b05-0.3.ea
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Resolves: rhbz#2014194
* Thu Oct 14 2021 Martin Balao <mbalao@redhat.com> - 1:1.8.0.312.b05-0.2.ea
- Add patch to allow plain key import.
- Resolves: rhbz#2014194
* Tue Oct 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07 - Update to aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07
- Update release notes for 8u312-b05-shenandoah-merge-2021-10-07. - Update release notes for 8u312-b05-shenandoah-merge-2021-10-07.
- Related: rhbz#1999937
* Thu Oct 07 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b05-0.2.ea
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Resolves: rhbz#1994659
* Thu Oct 07 2021 Martin Balao <mbalao@redhat.com> - 1:1.8.0.312.b05-0.2.ea
- Add patch to allow plain key import.
- Resolves: rhbz#1994659
* Thu Sep 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b05 (EA)
- Update release notes for 8u312-b05.
- Resolves: rhbz#1999937
* Mon Sep 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b04-0.2.ea
- Reduce disk footprint by removing build artifacts by default. - Reduce disk footprint by removing build artifacts by default.
- Related: rhbz#1999937
* Sun Sep 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b04 (EA)
- Update release notes for 8u312-b04.
- Related: rhbz#1999937
* Fri Sep 24 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b03 (EA)
- Update release notes for 8u312-b03.
- Related: rhbz#1999937
* Sun Sep 19 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b02 (EA)
- Update release notes for 8u312-b02.
- Related: rhbz#1999937
* Mon Sep 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b01 (EA)
- Update release notes for 8u312-b01.
- Switch to EA mode. - Switch to EA mode.
- Remove "-clean" suffix as no 8u312 builds are unclean.
- Related: rhbz#1999937
* Fri Sep 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.302.b08-4
- Remove non-Free test and demo files from source tarball. - Remove non-Free test and demo files from source tarball.
- Related: rhbz#2011826 - Related: rhbz#1999937
* Fri Aug 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.302.b08-3 * Fri Aug 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.302.b08-3
- Add patch to login to the NSS software token when in FIPS mode. - Add patch to login to the NSS software token when in FIPS mode.