Update to shenandoah-jdk8u372-b07 (GA)
Update release notes for shenandoah-8u372-b07. Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 Update generate_tarball.sh to add support for passing a boot JDK to the configure run Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs Drop JDK-8275535/RH2053256 patch which is now upstream Include JDK-8271199 backport early ahead of 8u382 (RH2175317) Drop hack for difference in local and portable build version Replace local copies of JDK portable binaries with build dependencies Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild. Remove duplicate use of README.md inside the *-src package (it is no longer about sources) Use portable build on x86_32 now one is available ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** Resolves: rhbz#2185182 Resolves: rhbz#2189329 Resolves: rhbz#2188023
This commit is contained in:
parent
ffd213c8a0
commit
345ac01c22
1
.gitignore
vendored
1
.gitignore
vendored
@ -282,3 +282,4 @@
|
||||
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.ppc64le.tar.xz
|
||||
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz
|
||||
/java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz
|
||||
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||
|
204
NEWS
204
NEWS
@ -3,6 +3,210 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 8u372 (2023-04-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u372
|
||||
|
||||
* CVEs
|
||||
- CVE-2023-21930
|
||||
- CVE-2023-21937
|
||||
- CVE-2023-21938
|
||||
- CVE-2023-21939
|
||||
- CVE-2023-21954
|
||||
- CVE-2023-21967
|
||||
- CVE-2023-21968
|
||||
* Security fixes
|
||||
- JDK-8287404: Improve ping times
|
||||
- JDK-8288436: Improve Xalan supports
|
||||
- JDK-8294474: Better AES support
|
||||
- JDK-8295304: Runtime support improvements
|
||||
- JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation
|
||||
- JDK-8296676, JDK-8296622: Improve String platform support
|
||||
- JDK-8296684: Improve String platform support
|
||||
- JDK-8296692: Improve String platform support
|
||||
- JDK-8296700: Improve String platform support
|
||||
- JDK-8296832: Improve Swing platform support
|
||||
- JDK-8297371: Improve UTF8 representation redux
|
||||
- JDK-8298191: Enhance object reclamation process
|
||||
- JDK-8298310: Enhance TLS session negotiation
|
||||
- JDK-8298667: Improved path handling
|
||||
- JDK-8299129: Enhance NameService lookups
|
||||
* New features
|
||||
- JDK-8230305: Cgroups v2: Container awareness
|
||||
* Other changes
|
||||
- JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html
|
||||
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
||||
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
||||
- JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be
|
||||
- JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation
|
||||
- JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java
|
||||
- JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows
|
||||
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
|
||||
- JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB
|
||||
- JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error
|
||||
- JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
|
||||
- JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu
|
||||
- JDK-8156579: Two JavaBeans tests failed
|
||||
- JDK-8156581: Cleanup of ProblemList.txt
|
||||
- JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail
|
||||
- JDK-8177560: @headful key can be removed from the tests for JavaSound
|
||||
- JDK-8196196: Headful tests should not be run in headless mode
|
||||
- JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails
|
||||
- JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp
|
||||
- JDK-8203485: [freetype] text rotated on 180 degrees is too narrow
|
||||
- JDK-8205959: Do not restart close if errno is EINTR
|
||||
- JDK-8216366: Add rationale to PER_CPU_SHARES define
|
||||
- JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
|
||||
- JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes)
|
||||
- JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12
|
||||
- JDK-8229202: Docker reporting causes secondary crashes in error handling
|
||||
- JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
|
||||
- JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation
|
||||
- JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
|
||||
- JDK-8234484: Add ability to configure third port for remote JMX
|
||||
- JDK-8237479: 8230305 causes slowdebug build failure
|
||||
- JDK-8239559: Cgroups: Incorrect detection logic on some systems
|
||||
- JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
|
||||
- JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
|
||||
- JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
|
||||
- JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
|
||||
- JDK-8242468: VS2019 build missing vcruntime140_1.dll
|
||||
- JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
|
||||
- JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
|
||||
- JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
|
||||
- JDK-8245654: Add Certigna Root CA
|
||||
- JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
|
||||
- JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
|
||||
- JDK-8252359: HotSpot Not Identifying it is Running in a Container
|
||||
- JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
|
||||
- JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
|
||||
- JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
|
||||
- JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
|
||||
- JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
|
||||
- JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
|
||||
- JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
|
||||
- JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
|
||||
- JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
|
||||
- JDK-8257620: Do not use objc_msgSend_stret to get macOS version
|
||||
- JDK-8262379: Add regression test for JDK-8257746
|
||||
- JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
|
||||
- JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
|
||||
- JDK-8270317: Large Allocation in CipherSuite
|
||||
- JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
||||
- JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
|
||||
- JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
|
||||
- JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
|
||||
- JDK-8280048: Missing comma in copyright header
|
||||
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
|
||||
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
|
||||
- JDK-8282947: JFR: Dump on shutdown live-locks in some conditions
|
||||
- JDK-8283277: ISO 4217 Amendment 171 Update
|
||||
- JDK-8283606: Tests may fail with zh locale on MacOS
|
||||
- JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
|
||||
- JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
|
||||
- JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
|
||||
- JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
|
||||
- JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
|
||||
- JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
|
||||
- JDK-8287109: Distrust.java failed with CertificateExpiredException
|
||||
- JDK-8287463: JFR: Disable TestDevNull.java on Windows
|
||||
- JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
|
||||
- JDK-8289549: ISO 4217 Amendment 172 Update
|
||||
- JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun
|
||||
- JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
|
||||
- JDK-8292083: Detected container memory limit may exceed physical machine memory
|
||||
- JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
|
||||
- JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
|
||||
- JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
|
||||
- JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
|
||||
- JDK-8294307: ISO 4217 Amendment 173 Update
|
||||
- JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features
|
||||
- JDK-8295322: Tests for JDK-8271459 were not backported to 11u
|
||||
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
||||
- JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process
|
||||
- JDK-8296239: ISO 4217 Amendment 174 Update
|
||||
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
||||
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
||||
- JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
|
||||
- JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
|
||||
- JDK-8297329: [8u] hotspot needs to recognise VS2019
|
||||
- JDK-8297739: Bump update version of OpenJDK: 8u372
|
||||
- JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's
|
||||
- JDK-8298027: Remove SCCS id's from awt jtreg tests
|
||||
- JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u
|
||||
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||
- JDK-8299445: EndingDotHostname.java fails because of compilation errors
|
||||
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||
- JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u
|
||||
- JDK-8299804: Fix non-portable code in hotspot shell tests in 8u
|
||||
- JDK-8300014: Some backports placed the tests in the wrong location
|
||||
- JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
|
||||
- JDK-8301122: [8u] Fix unreliable vs2010 download link
|
||||
- JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper
|
||||
- JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig
|
||||
- JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport
|
||||
- JDK-8301550: [8u] Enable additional linux build testing in GitHub
|
||||
- JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors
|
||||
- JDK-8301760: Fix possible leak in SpNegoContext dispose
|
||||
- JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391
|
||||
- JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391
|
||||
- JDK-8304053: Revert os specific stubs for SystemMetrics
|
||||
- JDK-8305113: (tz) Update Timezone Data to 2023c
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
hotspot:
|
||||
core-libs:
|
||||
|
||||
JDK-8305562: Cgroups v2: Container awareness
|
||||
============================================
|
||||
The HotSpot runtime code as well as the core libraries code in the JDK
|
||||
has been updated in order to detect a cgroup v2 host system when
|
||||
running OpenJDK within a Linux container.
|
||||
|
||||
Since the 8u202 release of OpenJDK, the container detection code
|
||||
recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later
|
||||
releases, both versions of the underlying cgroups pseudo filesystem
|
||||
will be detected and corresponding container limits applied to the
|
||||
OpenJDK runtime.
|
||||
|
||||
Without this enhancement, OpenJDK would not apply container resource
|
||||
limits when running on a cgroup v2 Linux host system, but would use
|
||||
the underlying hosts' resource limits instead.
|
||||
|
||||
client-libs/javax.swing:
|
||||
|
||||
JDK-8296832: Improve Swing platform support
|
||||
===========================================
|
||||
Earlier OpenJDK releases would always render HTML object tags embedded in
|
||||
Swing HTML components. With this release, rendering only occurs when the
|
||||
new system property "swing.html.object" is set to true. By default, it
|
||||
is set to false.
|
||||
|
||||
core-svc/javax.management:
|
||||
|
||||
JDK-8234484: Added Ability to Configure Third Port for Remote JMX
|
||||
=================================================================
|
||||
A local access port can now be configured for JMX connections by
|
||||
setting the property `com.sun.management.jmxremote.local.port`. This
|
||||
local port was previously selected at random, which could lead to port
|
||||
collisions. The property works in the same way as the existing
|
||||
properties for configuring the remote access port
|
||||
(`com.sun.management.jmxremote.port`) and the RMI port
|
||||
(`com.sun.management.jmxremote.rmi.port`)
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
|
||||
==========================================================
|
||||
The following root certificate has been added to the cacerts truststore:
|
||||
|
||||
Name: Certigna (Dhimyotis)
|
||||
Alias Name: certignarootca
|
||||
Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
|
||||
|
||||
New in release OpenJDK 8u362 (2023-01-17):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
36
README.md
36
README.md
@ -1,8 +1,34 @@
|
||||
Package of LTS OpenJDK 8
|
||||
OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages.
|
||||
OpenJDK 8 is a Long-Term Support (LTS) release of the Java platform.
|
||||
|
||||
JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives.
|
||||
For a list of major changes in OpenJDK 8 (java-1.8.0-openjdk), see the
|
||||
upstream release page: https://openjdk.org/projects/jdk8/features
|
||||
|
||||
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
|
||||
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf
|
||||
# Rebuilding the OpenJDK package
|
||||
|
||||
The OpenJDK packages are now created from a single build which is then
|
||||
packaged for different major versions of Red Hat Enterprise Linux
|
||||
(RHEL). This allows the OpenJDK team to focus their efforts on the
|
||||
development and testing of this single build, rather than having
|
||||
multiple builds which only differ by the platform they were built on.
|
||||
|
||||
This does make rebuilding the package slightly more complicated than a
|
||||
normal package. Modifications should be made to the
|
||||
`java-1.8.0-openjdk-portable.specfile` file, which can be found with
|
||||
this README file in the source RPM or installed in the documentation
|
||||
tree by the `java-1.8.0-openjdk-headless` RPM.
|
||||
|
||||
Once the modified `java-1.8.0-openjdk-portable` RPMs are built, they
|
||||
should be installed and will produce a number of tarballs in the
|
||||
`/usr/lib/jvm` directory. The `java-1.8.0-openjdk` RPMs can then be
|
||||
built, which will use these tarballs to create the usual RPMs found in
|
||||
RHEL. The `java-1.8.0-openjdk-portable` RPMs can be uninstalled once
|
||||
the desired final RPMs are produced.
|
||||
|
||||
Note that the `java-1.8.0-openjdk.spec` file has a hard requirement on
|
||||
the exact version of java-1.8.0-openjdk-portable to use, so this will
|
||||
need to be modified if the version or rpmrelease values are changed in
|
||||
`java-1.8.0-openjdk-portable.specfile`.
|
||||
|
||||
To reduce the number of RPMs involved, the `fastdebug` and `slowdebug`
|
||||
builds may be disabled using `--without fastdebug` and `--without
|
||||
slowdebug`.
|
||||
|
@ -53,29 +53,58 @@ if [ "x$1" = "xhelp" ] ; then
|
||||
echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
|
||||
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
|
||||
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
|
||||
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
|
||||
echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
|
||||
echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)"
|
||||
echo "JCONSOLE_JS_PATCH - the path to a patch to fix non-availiability of jconsole.js (optional; defaults to ${JCONSOLE_JS_PATCH_DEFAULT})"
|
||||
echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
|
||||
if [ "x$VERSION" = "x" ] ; then
|
||||
echo "No VERSION specified"
|
||||
exit -2
|
||||
exit 2
|
||||
fi
|
||||
echo "Version: ${VERSION}"
|
||||
|
||||
NUM_VER=${VERSION##jdk-}
|
||||
RELEASE_VER=${NUM_VER%%+*}
|
||||
BUILD_VER=${NUM_VER##*+}
|
||||
MAJOR_VER=${RELEASE_VER%%.*}
|
||||
echo "Major version is ${MAJOR_VER}, release ${RELEASE_VER}, build ${BUILD_VER}"
|
||||
|
||||
if [ "x$BOOT_JDK" = "x" ] ; then
|
||||
echo "No boot JDK specified".
|
||||
BOOT_JDK=/usr/lib/jvm/java-${MAJOR_VER}-openjdk;
|
||||
echo -n "Checking for ${BOOT_JDK}...";
|
||||
if [ -d ${BOOT_JDK} -a -x ${BOOT_JDK}/bin/java ] ; then
|
||||
echo "Boot JDK found at ${BOOT_JDK}";
|
||||
else
|
||||
echo "Not found";
|
||||
PREV_VER=$((${MAJOR_VER} - 1));
|
||||
BOOT_JDK=/usr/lib/jvm/java-${PREV_VER}-openjdk;
|
||||
echo -n "Checking for ${BOOT_JDK}...";
|
||||
if [ -d ${BOOT_JDK} -a -x ${BOOT_JDK}/bin/java ] ; then
|
||||
echo "Boot JDK found at ${BOOT_JDK}";
|
||||
else
|
||||
echo "Not found";
|
||||
exit 4;
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "Boot JDK: ${BOOT_JDK}";
|
||||
fi
|
||||
|
||||
# REPO_NAME is only needed when we default on REPO_ROOT and FILE_NAME_ROOT
|
||||
if [ "x$FILE_NAME_ROOT" = "x" -o "x$REPO_ROOT" = "x" ] ; then
|
||||
if [ "x$PROJECT_NAME" = "x" ] ; then
|
||||
echo "No PROJECT_NAME specified"
|
||||
exit -1
|
||||
exit 1
|
||||
fi
|
||||
echo "Project name: ${PROJECT_NAME}"
|
||||
if [ "x$REPO_NAME" = "x" ] ; then
|
||||
echo "No REPO_NAME specified"
|
||||
exit -3
|
||||
exit 3
|
||||
fi
|
||||
echo "Repository name: ${REPO_NAME}"
|
||||
fi
|
||||
@ -112,6 +141,7 @@ echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
|
||||
echo -e "\tREPO_ROOT: ${REPO_ROOT}"
|
||||
echo -e "\tPR3822: ${PR3822}"
|
||||
echo -e "\tJCONSOLE_JS_PATCH: ${JCONSOLE_JS_PATCH}"
|
||||
echo -e "\tBOOT_JDK: ${BOOT_JDK}"
|
||||
|
||||
mkdir "${FILE_NAME_ROOT}"
|
||||
pushd "${FILE_NAME_ROOT}"
|
||||
@ -166,11 +196,29 @@ popd
|
||||
# Generate .src-rev so build has knowledge of the revision the tarball was created from
|
||||
mkdir build
|
||||
pushd build
|
||||
sh ${PWD}/../openjdk/configure
|
||||
sh ${PWD}/../openjdk/configure --with-boot-jdk=${BOOT_JDK}
|
||||
make store-source-revision
|
||||
popd
|
||||
rm -rf build
|
||||
|
||||
# Remove commit checks
|
||||
echo "Removing $(find openjdk -name '.jcheck' -print)"
|
||||
find openjdk -name '.jcheck' -print0 | xargs -0 rm -r
|
||||
|
||||
# Remove history and GHA
|
||||
echo "find openjdk -name '.hgtags'"
|
||||
find openjdk -name '.hgtags' -exec rm -v '{}' '+'
|
||||
echo "find openjdk -name '.hgignore'"
|
||||
find openjdk -name '.hgignore' -exec rm -v '{}' '+'
|
||||
echo "find openjdk -name '.gitattributes'"
|
||||
find openjdk -name '.gitattributes' -exec rm -v '{}' '+'
|
||||
echo "find openjdk -name '.gitignore'"
|
||||
find openjdk -name '.gitignore' -exec rm -v '{}' '+'
|
||||
echo "find openjdk -name '.git'"
|
||||
find openjdk -name '.git' -exec rm -rv '{}' '+'
|
||||
echo "find openjdk -name '.github'"
|
||||
find openjdk -name '.github' -exec rm -rv '{}' '+'
|
||||
|
||||
echo "Compressing remaining forest"
|
||||
if [ "X$COMPRESSION" = "Xxz" ] ; then
|
||||
SWITCH=cJf
|
||||
|
2388
java-1.8.0-openjdk-portable.specfile
Normal file
2388
java-1.8.0-openjdk-portable.specfile
Normal file
File diff suppressed because it is too large
Load Diff
@ -132,7 +132,7 @@
|
||||
# Set of architectures where we verify backtraces with gdb
|
||||
%global gdb_arches %{jit_arches} %{zero_arches}
|
||||
# Set of architectures for which we have a portable build
|
||||
%global portable_build_arches %{aarch64} %{power64} x86_64
|
||||
%global portable_build_arches %{aarch64} %{ix86} %{power64} x86_64
|
||||
|
||||
# By default, we build a debug build during main build on JIT architectures
|
||||
%if %{with slowdebug}
|
||||
@ -338,7 +338,7 @@
|
||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||
%global shenandoah_project openjdk
|
||||
%global shenandoah_repo shenandoah-jdk8u
|
||||
%global openjdk_revision jdk8u362-b09
|
||||
%global openjdk_revision jdk8u372-b07
|
||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||
# Define old aarch64/jdk8u tree variables for compatibility
|
||||
%global project %{shenandoah_project}
|
||||
@ -354,15 +354,11 @@
|
||||
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
|
||||
# eg jdk8u60-b27 -> b27
|
||||
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
|
||||
%global rpmrelease 4
|
||||
%global rpmrelease 2
|
||||
# Settings used by the portable build
|
||||
%global portablerelease 4
|
||||
%global portablesuffix el7openjdkportable
|
||||
%global portablerelease 2
|
||||
%global portablesuffix el8
|
||||
%global portablebuilddir /builddir/build/BUILD
|
||||
# Temporary override until we have the portable version in sync
|
||||
# b09 only contains some build fixes for RHEL 6 & Windows
|
||||
%global portablebuildver b08
|
||||
%global portableversion %{javaver}.%{updatever}.%{portablebuildver}
|
||||
|
||||
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
|
||||
# Release will be (where N is usually a number starting at 1):
|
||||
@ -845,6 +841,8 @@ exit 0
|
||||
%license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE
|
||||
%license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README
|
||||
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
|
||||
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/README.md
|
||||
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/java-1.%{majorver}.0-openjdk-portable.specfile
|
||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}
|
||||
%{_jvmdir}/%{jrelnk -- %{?1}}
|
||||
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security
|
||||
@ -1190,7 +1188,6 @@ exit 0
|
||||
|
||||
%define files_src() %{expand:
|
||||
%defattr(-,root,root,-)
|
||||
%doc README.md
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/src.zip
|
||||
}
|
||||
|
||||
@ -1404,9 +1401,6 @@ URL: http://openjdk.java.net/
|
||||
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
|
||||
Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
|
||||
|
||||
# Custom README for -src subpackage
|
||||
Source2: README.md
|
||||
|
||||
# Release notes
|
||||
Source7: NEWS
|
||||
|
||||
@ -1443,70 +1437,22 @@ Source17: nss.fips.cfg.in
|
||||
# Ensure translations are available for new timezones
|
||||
Source18: TestTranslations.java
|
||||
|
||||
Source20: repackReproduciblePolycies.sh
|
||||
Source21: repackReproduciblePolycies.sh
|
||||
|
||||
# New versions of config files with aarch64 support. This is not upstream yet.
|
||||
Source100: config.guess
|
||||
Source101: config.sub
|
||||
|
||||
# TODO: Portable packages are not yet available in buildroot
|
||||
# Temporarily add them as sources
|
||||
|
||||
# aarch64
|
||||
Source1000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.aarch64.tar.xz
|
||||
Source1002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.aarch64.tar.xz
|
||||
Source1003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.aarch64.tar.xz
|
||||
Source1004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.aarch64.tar.xz
|
||||
Source1006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.aarch64.tar.xz
|
||||
|
||||
# ppc64le
|
||||
Source2000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.ppc64le.tar.xz
|
||||
Source2002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.ppc64le.tar.xz
|
||||
Source2003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.ppc64le.tar.xz
|
||||
Source2004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.ppc64le.tar.xz
|
||||
Source2006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.ppc64le.tar.xz
|
||||
|
||||
# s390x
|
||||
Source3000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.s390x.tar.xz
|
||||
Source3002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.s390x.tar.xz
|
||||
Source3003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.s390x.tar.xz
|
||||
|
||||
# x86_64
|
||||
Source4000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.x86_64.tar.xz
|
||||
Source4002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.x86_64.tar.xz
|
||||
Source4003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.x86_64.tar.xz
|
||||
Source4004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.x86_64.tar.xz
|
||||
Source4006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.x86_64.tar.xz
|
||||
# Include portable spec and instructions on how to rebuild
|
||||
Source19: README.md
|
||||
Source20: java-1.%{majorver}.0-openjdk-portable.specfile
|
||||
|
||||
# Setup variables to reference correct sources
|
||||
%ifarch %{aarch64}
|
||||
%global releasezip %{SOURCE1000}
|
||||
%global docszip %{SOURCE1002}
|
||||
%global misczip %{SOURCE1003}
|
||||
%global slowdebugzip %{SOURCE1004}
|
||||
%global fastdebugzip %{SOURCE1006}
|
||||
%endif
|
||||
%ifarch %{ppc64le}
|
||||
%global releasezip %{SOURCE2000}
|
||||
%global docszip %{SOURCE2002}
|
||||
%global misczip %{SOURCE2003}
|
||||
%global slowdebugzip %{SOURCE2004}
|
||||
%global fastdebugzip %{SOURCE2006}
|
||||
%endif
|
||||
%ifarch s390x
|
||||
%global releasezip %{SOURCE3000}
|
||||
%global docszip %{SOURCE3002}
|
||||
%global misczip %{SOURCE3003}
|
||||
%global slowdebugzip %{nil}
|
||||
%global fastdebugzip %{nil}
|
||||
%endif
|
||||
%ifarch x86_64
|
||||
%global releasezip %{SOURCE4000}
|
||||
%global docszip %{SOURCE4002}
|
||||
%global misczip %{SOURCE4003}
|
||||
%global slowdebugzip %{SOURCE4004}
|
||||
%global fastdebugzip %{SOURCE4006}
|
||||
%endif
|
||||
%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz
|
||||
%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz
|
||||
%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz
|
||||
%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
|
||||
%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
|
||||
|
||||
############################################
|
||||
#
|
||||
@ -1575,8 +1521,6 @@ Patch600: rh1750419-redhat_alt_java.patch
|
||||
Patch111: jdk8218811-perfMemory_linux.patch
|
||||
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
|
||||
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
|
||||
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
||||
Patch113: jdk8275535-rh2053256-ldap_auth.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1624,13 +1568,15 @@ Patch581: jdk8257794-remove_broken_assert.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
# Patches appearing in 8u362
|
||||
# Patches appearing in 8u382
|
||||
#
|
||||
# This section includes patches which are present
|
||||
# in the listed OpenJDK 8u release and should be
|
||||
# able to be removed once that release is out
|
||||
# and used by this RPM.
|
||||
#############################################
|
||||
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1697,12 +1643,17 @@ BuildRequires: unzip
|
||||
# For definitions and macros like jvmdir
|
||||
BuildRequires: javapackages-filesystem
|
||||
%ifarch %{portable_build_arches}
|
||||
# TODO: Portable packages are not yet available in buildroot
|
||||
#BuildRequires: %{name}-portable-unstripped = %{VERSION}
|
||||
#BuildRequires: %{name}-portable-docs = %{VERSION}
|
||||
#BuildRequires: %{name}-portable-misc = %{VERSION}
|
||||
#BuildRequires: %{name}-portable-devel-fastdebug = %{VERSION}
|
||||
#BuildRequires: %{name}-portable-devel-slowdebug = %{VERSION}
|
||||
%if %{include_normal_build}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
%endif
|
||||
%if %{include_fastdebug_build}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
%endif
|
||||
%if %{include_debug_build}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
%endif
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
%else
|
||||
# Require a boot JDK which doesn't fail due to RH1482244
|
||||
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
|
||||
@ -1712,8 +1663,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
|
||||
BuildRequires: libffi
|
||||
BuildRequires: libffi-devel
|
||||
%endif
|
||||
# 2022g required as of JDK-8297804
|
||||
BuildRequires: tzdata-java >= 2022g
|
||||
# 2023c required as of JDK-8305113
|
||||
BuildRequires: tzdata-java >= 2023c
|
||||
# Earlier versions have a bug in tree vectorization on PPC
|
||||
BuildRequires: gcc >= 4.8.3-8
|
||||
|
||||
@ -1982,8 +1933,6 @@ fi
|
||||
# For old patches
|
||||
ln -s %{top_level_dir_name} jdk8
|
||||
|
||||
cp %{SOURCE2} .
|
||||
|
||||
# replace outdated configure guess script
|
||||
#
|
||||
# the configure macro will do this too, but it also passes a few flags not
|
||||
@ -2028,7 +1977,6 @@ sh %{SOURCE12}
|
||||
%patch111
|
||||
%patch112
|
||||
%patch581
|
||||
%patch113
|
||||
|
||||
pushd %{top_level_dir_name}
|
||||
# Add crypto policy and FIPS support
|
||||
@ -2037,6 +1985,8 @@ pushd %{top_level_dir_name}
|
||||
%patch1000 -p1
|
||||
# cacerts patch; must follow FIPS patch as it also alters java.security
|
||||
%patch539 -p1
|
||||
# 8u382 fix
|
||||
%patch2001 -p1
|
||||
popd
|
||||
|
||||
# RPM-only fixes
|
||||
@ -2322,7 +2272,7 @@ for suffix in %{build_loop} ; do
|
||||
mkdir -p $(dirname ${installdir})
|
||||
mv %{name}* ${installdir}
|
||||
# Fix build paths in ELF files so it looks like we built them
|
||||
portablenvr="%{name}-portable-%{portableversion}-%{portablerelease}.%{portablesuffix}.%{_arch}"
|
||||
portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}"
|
||||
for file in $(find ${installdir} -type f) ; do
|
||||
if file ${file} | grep -q 'ELF'; then
|
||||
%{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file}
|
||||
@ -2534,7 +2484,7 @@ for suffix in %{build_loop} ; do
|
||||
miscdir=%{top_level_dir_name}/jdk/src/solaris/classes/sun/awt/X11
|
||||
%endif
|
||||
|
||||
# Install release notes
|
||||
# Install release notes and rebuild instructions
|
||||
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
|
||||
install -d -m 755 ${commondocdir}
|
||||
%ifarch %{portable_build_arches}
|
||||
@ -2542,6 +2492,7 @@ for suffix in %{build_loop} ; do
|
||||
%else
|
||||
cp -a %{SOURCE7} ${commondocdir}
|
||||
%endif
|
||||
cp -a %{SOURCE19} %{SOURCE20} ${commondocdir}
|
||||
|
||||
# Install the jdk
|
||||
pushd ${jdk_image}
|
||||
@ -2605,11 +2556,10 @@ if ! echo $suffix | grep -q "debug" ; then
|
||||
# Install Javadoc documentation
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
|
||||
cp -a ${docdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
|
||||
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip
|
||||
%ifarch %{portable_build_arches}
|
||||
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{portablebuildver}-docs.zip
|
||||
cp -a ${docdir}/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
|
||||
%else
|
||||
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
|
||||
cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
|
||||
%endif
|
||||
fi
|
||||
@ -2658,7 +2608,7 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
|
||||
| sed 's|^|%dir |' \
|
||||
>> %{name}-demo.files"$suffix"
|
||||
|
||||
bash %{SOURCE20} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver}
|
||||
bash %{SOURCE21} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver}
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1183793
|
||||
touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/security/java.security
|
||||
|
||||
@ -2900,6 +2850,24 @@ cjc.mainProgram(args)
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
|
||||
- Update to shenandoah-jdk8u372-b07 (GA)
|
||||
- Update release notes for shenandoah-8u372-b07.
|
||||
- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07
|
||||
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
|
||||
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
|
||||
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
|
||||
- Drop JDK-8275535/RH2053256 patch which is now upstream
|
||||
- Include JDK-8271199 backport early ahead of 8u382 (RH2175317)
|
||||
- Drop hack for difference in local and portable build version
|
||||
- Replace local copies of JDK portable binaries with build dependencies
|
||||
- Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild.
|
||||
- Remove duplicate use of README.md inside the *-src package (it is no longer about sources)
|
||||
- Use portable build on x86_32 now one is available
|
||||
- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. **
|
||||
- Resolves: rhbz#2185182
|
||||
- Resolves: rhbz#2189329
|
||||
|
||||
* Tue Feb 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-4
|
||||
- Drop use of portable build on s390x due to libffi compatibility issue (needs libffi.so.6)
|
||||
- Related: rhbz#2150202
|
||||
|
167
jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
Normal file
167
jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
Normal file
@ -0,0 +1,167 @@
|
||||
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
|
||||
Author: Alexey Bakhtin <abakhtin@openjdk.org>
|
||||
Date: Tue Apr 4 10:29:11 2023 +0000
|
||||
|
||||
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
|
||||
Reviewed-by: andrew, mbalao
|
||||
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
|
||||
|
||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
index a79e97d7c74..5378446b97b 100644
|
||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
@Override
|
||||
protected void engineInitVerify(PublicKey publicKey)
|
||||
throws InvalidKeyException {
|
||||
- if (!(publicKey instanceof RSAPublicKey)) {
|
||||
+ if (publicKey instanceof RSAPublicKey) {
|
||||
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
|
||||
+ isPublicKeyValid(rsaPubKey);
|
||||
+ this.pubKey = rsaPubKey;
|
||||
+ this.privKey = null;
|
||||
+ resetDigest();
|
||||
+ } else {
|
||||
throw new InvalidKeyException("key must be RSAPublicKey");
|
||||
}
|
||||
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
|
||||
- this.privKey = null;
|
||||
- resetDigest();
|
||||
}
|
||||
|
||||
// initialize for signing. See JCA doc
|
||||
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
@Override
|
||||
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
|
||||
throws InvalidKeyException {
|
||||
- if (!(privateKey instanceof RSAPrivateKey)) {
|
||||
+ if (privateKey instanceof RSAPrivateKey) {
|
||||
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
|
||||
+ isPrivateKeyValid(rsaPrivateKey);
|
||||
+ this.privKey = rsaPrivateKey;
|
||||
+ this.pubKey = null;
|
||||
+ this.random =
|
||||
+ (random == null ? JCAUtil.getSecureRandom() : random);
|
||||
+ resetDigest();
|
||||
+ } else {
|
||||
throw new InvalidKeyException("key must be RSAPrivateKey");
|
||||
}
|
||||
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
|
||||
- this.pubKey = null;
|
||||
- this.random =
|
||||
- (random == null? JCAUtil.getSecureRandom() : random);
|
||||
- resetDigest();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Validate the specified RSAPrivateKey
|
||||
+ */
|
||||
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
|
||||
+ try {
|
||||
+ if (prKey instanceof RSAPrivateCrtKey) {
|
||||
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
|
||||
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ crtKey.getModulus().bitLength(),
|
||||
+ crtKey.getPublicExponent());
|
||||
+ } else {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Some of the CRT-specific components are not available");
|
||||
+ }
|
||||
+ } else {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ prKey.getModulus().bitLength(),
|
||||
+ null);
|
||||
+ }
|
||||
+ } catch (InvalidKeyException ikEx) {
|
||||
+ throw ikEx;
|
||||
+ } catch (Exception e) {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Can not access private key components", e);
|
||||
+ }
|
||||
+ isValid(prKey);
|
||||
+ }
|
||||
+
|
||||
+ /**
|
||||
+ * Validate the specified RSAPublicKey
|
||||
+ */
|
||||
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
|
||||
+ try {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ pKey.getModulus().bitLength(),
|
||||
+ pKey.getPublicExponent());
|
||||
+ } catch (InvalidKeyException ikEx) {
|
||||
+ throw ikEx;
|
||||
+ } catch (Exception e) {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Can not access public key components", e);
|
||||
+ }
|
||||
+ isValid(pKey);
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Validate the specified RSAKey and its associated parameters against
|
||||
* internal signature parameters.
|
||||
*/
|
||||
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||
try {
|
||||
AlgorithmParameterSpec keyParams = rsaKey.getParams();
|
||||
// validate key parameters
|
||||
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
}
|
||||
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
|
||||
}
|
||||
- return rsaKey;
|
||||
} catch (SignatureException e) {
|
||||
throw new InvalidKeyException(e);
|
||||
}
|
||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
index 6b219937981..b3c1fae9672 100644
|
||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
|
||||
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
|
||||
// check all CRT-specific components are available, if any one
|
||||
// missing, return a non-CRT key instead
|
||||
- if ((key.getPublicExponent().signum() == 0) ||
|
||||
- (key.getPrimeExponentP().signum() == 0) ||
|
||||
- (key.getPrimeExponentQ().signum() == 0) ||
|
||||
- (key.getPrimeP().signum() == 0) ||
|
||||
- (key.getPrimeQ().signum() == 0) ||
|
||||
- (key.getCrtCoefficient().signum() == 0)) {
|
||||
+ if (checkComponents(key)) {
|
||||
+ return key;
|
||||
+ } else {
|
||||
return new RSAPrivateKeyImpl(
|
||||
key.algid,
|
||||
key.getModulus(),
|
||||
- key.getPrivateExponent()
|
||||
- );
|
||||
- } else {
|
||||
- return key;
|
||||
+ key.getPrivateExponent());
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Validate if all CRT-specific components are available.
|
||||
+ */
|
||||
+ static boolean checkComponents(RSAPrivateCrtKey key) {
|
||||
+ return !((key.getPublicExponent().signum() == 0) ||
|
||||
+ (key.getPrimeExponentP().signum() == 0) ||
|
||||
+ (key.getPrimeExponentQ().signum() == 0) ||
|
||||
+ (key.getPrimeP().signum() == 0) ||
|
||||
+ (key.getPrimeQ().signum() == 0) ||
|
||||
+ (key.getCrtCoefficient().signum() == 0));
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Generate a new key from the specified type and components.
|
||||
* Returns a CRT key if possible and a non-CRT key otherwise.
|
@ -1,26 +0,0 @@
|
||||
diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
index cf4becb7db..4ab2ac0a31 100644
|
||||
--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
ctx = getLdapCtxFromUrl(
|
||||
r.getDomainName(), url, new LdapURL(u), env);
|
||||
return ctx;
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different endpoint to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
// try the next element
|
||||
lastException = e;
|
||||
@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
for (String u : urls) {
|
||||
try {
|
||||
return getUsingURL(u, env);
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different URL to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
ex = e;
|
||||
}
|
20
sources
20
sources
@ -1,20 +1,2 @@
|
||||
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
|
||||
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz) = 2ed16c616189e7872ecf36c82e86b551b1e6efc4d11a93264db856f01191875a82ddaec3363b5f8296ea225a9a8edf4c0e1504ff27d8474088ba0b2f6fc061d5
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.aarch64.tar.xz) = 7fce6dc8ebceb8e0806da8539f06d126fa4b688c5c9522aa93e9493103fa1bff0608de0edb264ce4a86b25fc9f89973f6a054d72e98529f68c49150395c72b98
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.ppc64le.tar.xz) = 2bac5b118490e76efb843dd4f0a9c96e478c85d46cd765becc7e2525cb39b9e6fde1c58a416cd3ddbc7df078e31ba037e742af6821f8a03bc207f5d4d4e66612
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.s390x.tar.xz) = 9158b158a189f36c9b58a3e24c7e3e24feeaa7e15d3dbca085b4f20689ec2874be5d8b9bebf2b76320f5e934bf16b42daaa743f5b27a7b3bf9ec39f156245b09
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.x86_64.tar.xz) = 7189898f419e83a83e242ed45b2bda70b5c1e69f0fcdfd8bf721f1e99a7cc24220912aa110385466da294bd15c294fc923ce6baf57c84ed2b021e8d56f5c503c
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.aarch64.tar.xz) = 949110664035f93eccd6f47b2d5df7e43bb26ce120c97ec8a56fffd2f6e68d7b6fe368e4661d6bb7669726c24a47ed21985865a2eafc911ddd27def7bd1ae955
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.ppc64le.tar.xz) = 13f5982dd99e99fc88e22cd604575ae7e4430caaee9c86ae7f8ab332d2bbfe4cd97a343da4a9ffe5eb685b00ccdb9cb03d38e2779d279717a3ba32b81608bc54
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.x86_64.tar.xz) = b0ee5f1ab913655860005c0aeac36afcf47811eb1c026b05ef2927695829d4fe6f99f1b038107c99b8d12039122a48d08a5ae1f291804f4b4b5dc19529c8f903
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.aarch64.tar.xz) = 5cfe934f17949d7c4dfbd0f825957039c85d544bd09004e1825f7cca0c5ce34a6dbccc34150bc7d87cee055d538a5ffb435a9accc335000fac7193696d4fe40b
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.ppc64le.tar.xz) = fd5511e78fabb85a1a73a3d8e7dfca50f36852d45e0f598bc9d9813056ea509e539dad0d10546291a7bfadae4ae2b1897cdb635949fb41a195649db757619644
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.s390x.tar.xz) = 41488ef06b28013c96a04ec5c932b2e37ce3580f2beddec70760216e84e6de69206f8ba370788f8e382af2e42380d13c8f598cbc0ef6148bebeb6caed15e6358
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.x86_64.tar.xz) = 7805e8c6647250198e7c41cfa8ef1aec8ed6f6cbf62d816e9bf161b5177fd1f3007bf247205dc2360e5026060eb44921f17111694dc93cafa1ebf4fdde697086
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.aarch64.tar.xz) = f79d6086eec6c751aca4a2ba22ca03a30a24dc8d10a0115fbc5a901e1a9c4fdfb7fc463ff0cdaddba0b9285ef25aa9ab7b1c8c0e772c06e53617741484e010c7
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.ppc64le.tar.xz) = 870a2de374d90d53e2078a930b6df3800001489b1bcd01a8014c227a9dd8be86ae1038a92ae65730ffeba08df88a085ab9b00c337f95e7577593ace3e67ca128
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.x86_64.tar.xz) = 35cef5ec1fdf04e6095c4cc018948e07616102d9f82db11e5ad0c3e0ddd0fbc83d4b2c134d47e6311650a91ee7301c5606b7657486c6a71c4c7982aac103f048
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.aarch64.tar.xz) = 0b83725711408fedf3bae3cfeb4a670312085982699da6510652d2f516729082dae3733e1736815a035a355d55af8c70407196fc8377b0fd8dccc062711d2d0d
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.ppc64le.tar.xz) = d8267a6f30a379181f461ce030a0b325e69dde89cbab7eba82ec8431227f2d982350b60ecf3380cafc1943696a8d17f477baab87b4c9a38a454543f5091841af
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz) = bc80c58e6010f9722c932c4231e90c79b3285c6dc47fcffaeaf76839cd08e7602314d3648568354858c99f4b8163dc1cf3d4bf5e651dea8d715dde286a836c00
|
||||
SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz) = 0e4eed7f8d21473c07c4edd2cd764b659527676d5e8547403db60d2ca52a81567084f444b479bf1fa4f5cb3f863fce811d2be04d6608399f8fd5ab26b5720d00
|
||||
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz) = afc1324463883404f22cea3c37177d7b6164fc4cf285d958e7ec21aba976dc306045296eadaa296a31795be6b543ca0b742e0ba074689c3e5a50b9956383934b
|
||||
|
Loading…
Reference in New Issue
Block a user