import java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4

This commit is contained in:
CentOS Sources 2021-07-21 03:36:45 -04:00 committed by Andrew Lukoshko
parent bdc85dadd1
commit 3eca992179
6 changed files with 384 additions and 42 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -1,2 +1,2 @@
0cb5765ee97938f0999c2fb9054338aba5f55cb7 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz 72250f55a8932ac5b53e4d2dba0d7c5644201ef0 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -3,6 +3,253 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u302 (2021-07-20):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u302
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
* Security fixes
- JDK-8256157: Improve bytecode assembly
- JDK-8256491: Better HTTP transport
- JDK-8258432, CVE-2021-2341: Improve file transfers
- JDK-8260453: Improve Font Bounding
- JDK-8260960: Signs of jarsigner signing
- JDK-8260967, CVE-2021-2369: Better jar file validation
- JDK-8262380: Enhance XML processing passes
- JDK-8262403: Enhanced data transfer
- JDK-8262410: Enhanced rules for zones
- JDK-8262477: Enhance String Conclusions
- JDK-8262967: Improve Zip file support
- JDK-8264066, CVE-2021-2388: Enhance compiler validation
- JDK-8264079: Improve abstractions
- JDK-8264460: Improve NTLM support
* Other changes
- JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
- JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
- JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
- JDK-7106851: Test should not use System.exit
- JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
- JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
- JDK-8030123: java/beans/Introspector/Test8027648.java fails
- JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
- JDK-8033289: clang: clean up unused function warning
- JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
- JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
- JDK-8035000: clean up ActivationLibrary.DestroyThread
- JDK-8035054: JarFacade.c should not include ctype.h
- JDK-8035287: gcc warnings compiling various libraries files
- JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
- JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries
- JDK-8042891: Format issues embedded in macros for two g1 source files
- JDK-8043264: hsdis library not picked up correctly on expected paths
- JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang
- JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh
- JDK-8055754: filemap.cpp does not compile with clang
- JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
- JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
- JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
- JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
- JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
- JDK-8074835: Resolve disabled warnings for libj2gss
- JDK-8074836: Resolve disabled warnings for libosxkrb5
- JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
- JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
- JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
- JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
- JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
- JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
- JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
- JDK-8132148: G1 hs_err region dump legend out of sync with region values
- JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
- JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
- JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
- JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
- JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1
- JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
- JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
- JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
- JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
- JDK-8172188: JDI tests fail due to "permission denied" when creating temp file
- JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
- JDK-8178403: DirectAudio in JavaSound may hang and leak
- JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
- JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently
- JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
- JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
- JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
- JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
- JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
- JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
- JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
- JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
- JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
- JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max
- JDK-8206925: Support the certificate_authorities extension
- JDK-8209996: [PPC64] Fix JFR profiling
- JDK-8214345: infinite recursion while checking super class
- JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
- JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
- JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
- JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
- JDK-8228757: Fail fast if the handshake type is unknown
- JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
- JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
- JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
- JDK-8231949: [PPC64, s390]: Make async profiling more reliable
- JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
- JDK-8239053: [8u] clean up undefined-var-template warnings
- JDK-8239400: [8u] clean up undefined-var-template warnings
- JDK-8241649: Optimize Character.toString
- JDK-8241829: Cleanup the code for PrinterJob on windows
- JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
- JDK-8243559: Remove root certificates with 1024-bit keys
- JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
- JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
- JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
- JDK-8250876: Fix issues with cross-compile on macos
- JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
- JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
- JDK-8254631: Better support ALPN byte wire values in SunJSSE
- JDK-8255086: Update the root locale display names
- JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
- JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
- JDK-8257039: [8u] GenericTaskQueue destructor is incorrect
- JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
- JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
- JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
- JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
- JDK-8258419: RSA cipher buffer cleanup
- JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
- JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
- JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
- JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
- JDK-8259886: Improve SSL session cache performance and scalability
- JDK-8260029: aarch64: fix typo in verify_oop_array
- JDK-8260236: better init AnnotationCollector _contended_group
- JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
- JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
- JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
- JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
- JDK-8261867: Backport relevant test changes & additions from JDK-8130125
- JDK-8262110: DST starts from incorrect time in 2038
- JDK-8262446: DragAndDrop hangs on Windows
- JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
- JDK-8262730: Enable jdk8u MacOS external debug symbols
- JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
- JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395
- JDK-8263504: Some OutputMachOpcodes fields are uninitialized
- JDK-8263600: change rmidRunning to a simple lookup
- JDK-8264509: jdk8u MacOS zipped debug symbols won't build
- JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
- JDK-8264640: CMS ParScanClosure misses a barrier
- JDK-8264816: Weak handles leak causes GC to take longer
- JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
- JDK-8265666: Enable AIX build platform to make external debug symbols
- JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
- JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
- JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
- JDK-8266723: JFR periodic events are causing extra allocations
- JDK-8266929: Unable to use algorithms from 3p providers
- JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
- JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM
- JDK-8267545: [8u] Enable Xcode 12 builds on macOS
- JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
- JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
- JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow
- JDK-8269468: JDK-8269388 breaks the build on older GCCs
- JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
* Shenandoah
- [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
- [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous
- [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
- [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
- [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally
- [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
- [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
- [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127
- Shenandoah: Process weak roots during class unloading cycle
Notes on individual issues:
===========================
security-libs/java.security:
JDK-8256902: Removed Root Certificates with 1024-bit Keys
=========================================================
The following root certificates with weak 1024-bit RSA public keys
have been removed from the `cacerts` keystore:
Alias Name: thawtepremiumserverca [jdk]
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Alias Name: verisignclass2g2ca [jdk]
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Alias Name: verisignclass3ca [jdk]
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Alias Name: verisignclass3g2ca [jdk]
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Alias Name: verisigntsaca [jdk]
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
=================================================================
The following root certificate have been removed from the cacerts truststore:
Alias Name: soneraclass2ca
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
security-libs/javax.net.ssl:
JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
=========================================================================================
Certain TLS ALPN values couldn't be properly read or written by the
SunJSSE provider. This is due to the choice of Strings as the API
interface and the undocumented internal use of the UTF-8 Character Set
which converts characters larger than U+00007F (7-bit ASCII) into
multi-byte arrays that may not be expected by a peer.
ALPN values are now represented using the network byte representation
expected by the peer, which should require no modification for
standard 7-bit ASCII-based character Strings. However, SunJSSE now
encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
characters. This means applications that used characters above
U+000007F that were previously encoded using UTF-8 may need to either
be modified to perform the UTF-8 conversion, or set the Java security
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
See the updated guide at
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
for more information.
JDK-8244460: Support for certificate_authorities Extension
==========================================================
The "certificate_authorities" extension is an optional extension
introduced in TLS 1.3. It is used to indicate the certificate
authorities (CAs) that an endpoint supports and should be used by the
receiving endpoint to guide certificate selection.
With this JDK release, the "certificate_authorities" extension is
supported for TLS 1.3 in both the client and the server sides. This
extension is always present for client certificate selection, while it
is optional for server certificate selection.
Applications can enable this extension for server certificate
selection by setting the `jdk.tls.client.enableCAExtension` system
property to `true`. The default value of the property is `false`.
Note that if the client trusts more CAs than the size limit of the
extension (less than 2^16 bytes), the extension is not enabled. Also,
some server implementations do not allow handshake messages to exceed
2^14 bytes. Consequently, there may be interoperability issues when
`jdk.tls.client.enableCAExtension` is set to `true` and the client
trusts more CAs than the server implementation limit.
New in release OpenJDK 8u292 (2021-04-20): New in release OpenJDK 8u292 (2021-04-20):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:

View File

@ -0,0 +1,43 @@
import java.io.File;
import java.io.FileInputStream;
import java.security.Security;
import java.util.Properties;
public class TestSecurityProperties {
// JDK 11
private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
// JDK 8
private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";
public static void main(String[] args) {
Properties jdkProps = new Properties();
loadProperties(jdkProps);
for (Object key: jdkProps.keySet()) {
String sKey = (String)key;
String securityVal = Security.getProperty(sKey);
String jdkSecVal = jdkProps.getProperty(sKey);
if (!securityVal.equals(jdkSecVal)) {
String msg = "Expected value '" + jdkSecVal + "' for key '" +
sKey + "'" + " but got value '" + securityVal + "'";
throw new RuntimeException("Test failed! " + msg);
} else {
System.out.println("DEBUG: " + sKey + " = " + jdkSecVal + " as expected.");
}
}
System.out.println("TestSecurityProperties PASSED!");
}
private static void loadProperties(Properties props) {
String javaVersion = System.getProperty("java.version");
System.out.println("Debug: Java version is " + javaVersion);
String propsFile = JDK_PROPS_FILE_JDK_11;
if (javaVersion.startsWith("1.8.0")) {
propsFile = JDK_PROPS_FILE_JDK_8;
}
try (FileInputStream fin = new FileInputStream(new File(propsFile))) {
props.load(fin);
} catch (Exception e) {
throw new RuntimeException("Test failed!", e);
}
}
}

View File

@ -1,12 +1,13 @@
diff --git openjdk.orig/jdk/make/CompileLaunchers.gmk openjdk/jdk/make/CompileLaunchers.gmk diff --git openjdk.orig/jdk/make/CompileLaunchers.gmk openjdk/jdk/make/CompileLaunchers.gmk
--- openjdk.orig/jdk/make/CompileLaunchers.gmk --- openjdk.orig/jdk/make/CompileLaunchers.gmk
+++ openjdk/jdk/make/CompileLaunchers.gmk +++ openjdk/jdk/make/CompileLaunchers.gmk
@@ -255,6 +255,32 @@ @@ -255,6 +255,33 @@
endif endif
endif endif
+# -Wno-error=cpp is present to allow commented warning in ifdef part of main.c
+$(eval $(call SetupLauncher,alt-java, \ +$(eval $(call SetupLauncher,alt-java, \
+ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \ + -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA -Wno-error=cpp,,,user32.lib comctl32.lib, \
+ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \ + $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
+ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true)) + $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
+ +
@ -115,12 +116,16 @@ new file mode 100644
diff --git openjdk.orig/jdk/src/share/bin/main.c openjdk/jdk/src/share/bin/main.c diff --git openjdk.orig/jdk/src/share/bin/main.c openjdk/jdk/src/share/bin/main.c
--- openjdk.orig/jdk/src/share/bin/main.c --- openjdk.orig/jdk/src/share/bin/main.c
+++ openjdk/jdk/src/share/bin/main.c +++ openjdk/jdk/src/share/bin/main.c
@@ -32,6 +32,10 @@ @@ -32,6 +32,14 @@
#include "defines.h" #include "defines.h"
+#if defined(linux) && defined(__x86_64) +#ifdef REDHAT_ALT_JAVA
+#if defined(__linux__) && defined(__x86_64__)
+#include "alt_main.h" +#include "alt_main.h"
+#else
+#warning alt-java requested but SSB mitigation not available on this platform.
+#endif
+#endif +#endif
+ +
#ifdef _MSC_VER #ifdef _MSC_VER

View File

@ -60,16 +60,32 @@
# we need to distinguish between big and little endian PPC64 # we need to distinguish between big and little endian PPC64
%global ppc64le ppc64le %global ppc64le ppc64le
%global ppc64be ppc64 ppc64p7 %global ppc64be ppc64 ppc64p7
# Set of architectures which support multiple ABIs
%global multilib_arches %{power64} sparc64 x86_64 %global multilib_arches %{power64} sparc64 x86_64
%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} # Set of architectures for which we build slowdebug builds
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
%global jfr_arches %{jit_arches} # Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 %global fastdebug_arches x86_64
# Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches}
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches}
# Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches}
# Set of architectures which support the serviceability agent
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support class data sharing
# See https://bugzilla.redhat.com/show_bug.cgi?id=513605
# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT
%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support Java Flight Recorder (JFR)
%global jfr_arches %{jit_arches}
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
# By default, we build a debug build during main build on JIT architectures # By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug} %if %{with slowdebug}
%ifarch %{jit_arches} %ifarch %{debug_arches}
%ifnarch %{arm}
%global include_debug_build 1 %global include_debug_build 1
%else %else
%global include_debug_build 0 %global include_debug_build 0
@ -77,9 +93,6 @@
%else %else
%global include_debug_build 0 %global include_debug_build 0
%endif %endif
%else
%global include_debug_build 0
%endif
# By default, we build a fastdebug build during main build only on fastdebug architectures # By default, we build a fastdebug build during main build only on fastdebug architectures
%if %{with fastdebug} %if %{with fastdebug}
@ -88,6 +101,8 @@
%else %else
%global include_fastdebug_build 0 %global include_fastdebug_build 0
%endif %endif
%else
%global include_fastdebug_build 0
%endif %endif
%if %{include_debug_build} %if %{include_debug_build}
@ -103,12 +118,10 @@
%endif %endif
# If you disable both builds, then the build fails # If you disable both builds, then the build fails
# Note that the debug build requires the normal build for docs # Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{normal_build} %{fastdebug_build} %{slowdebug_build} %global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
# Test slowdebug first as it provides the best diagnostics
%global rev_build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
%ifarch %{jit_arches} %ifarch %{bootstrap_arches}
%global bootstrap_build 1 %global bootstrap_build 1
%else %else
%global bootstrap_build 1 %global bootstrap_build 1
@ -213,7 +226,7 @@
%global stapinstall %{nil} %global stapinstall %{nil}
%endif %endif
%ifarch %{jit_arches} %ifarch %{systemtap_arches}
%global with_systemtap 1 %global with_systemtap 1
%else %else
%global with_systemtap 0 %global with_systemtap 0
@ -250,7 +263,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port %global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah %global shenandoah_repo jdk8u-shenandoah
%global shenandoah_revision aarch64-shenandoah-jdk8u292-b10 %global shenandoah_revision aarch64-shenandoah-jdk8u302-b08
# Define old aarch64/jdk8u tree variables for compatibility # Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project} %global project %{shenandoah_project}
%global repo %{shenandoah_repo} %global repo %{shenandoah_repo}
@ -266,7 +279,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 1 %global rpmrelease 0
# Define milestone (EA for pre-releases, GA ("fcs") for releases) # Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases, # - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -347,13 +360,9 @@ exit 0
%define post_headless() %{expand: %define post_headless() %{expand:
%ifarch %{jit_arches} %ifarch %{share_arches}
# MetaspaceShared::generate_vtable_methods not implemented for PPC JIT
%ifnarch %{power64}
# see https://bugzilla.redhat.com/show_bug.cgi?id=513605
%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null %{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
%endif %endif
%endif
PRIORITY=%{priority} PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then if [ "%{?1}" == %{debug_suffix} ]; then
@ -687,12 +696,10 @@ exit 0
%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.fips.cfg %{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.cfg %config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.fips.cfg %config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.fips.cfg
%ifarch %{jit_arches} %ifarch %{share_arches}
%ifnarch %{power64}
%attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/server/classes.jsa %attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/server/classes.jsa
%attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/client/classes.jsa %attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/client/classes.jsa
%endif %endif
%endif
%dir %{etcjavasubdir} %dir %{etcjavasubdir}
%dir %{etcjavadir -- %{?1}} %dir %{etcjavadir -- %{?1}}
%dir %{etcjavadir -- %{?1}}/lib %dir %{etcjavadir -- %{?1}}/lib
@ -1141,8 +1148,14 @@ Source13: TestCryptoLevel.java
# Ensure ECDSA is working # Ensure ECDSA is working
Source14: TestECDSA.java Source14: TestECDSA.java
# Verify system crypto (policy) can be disabled via a property
Source15: TestSecurityProperties.java
# Ensure vendor settings are correct
Source16: CheckVendor.java
# nss fips configuration file # nss fips configuration file
Source15: nss.fips.cfg.in Source17: nss.fips.cfg.in
Source20: repackReproduciblePolycies.sh Source20: repackReproduciblePolycies.sh
@ -1150,9 +1163,6 @@ Source20: repackReproduciblePolycies.sh
Source100: config.guess Source100: config.guess
Source101: config.sub Source101: config.sub
# Ensure vendor settings are correct
Source16: CheckVendor.java
############################################ ############################################
# #
# RPM/distribution specific patches # RPM/distribution specific patches
@ -1525,7 +1535,7 @@ The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_n
Summary: %{origin_nice} %{majorver} API documentation Summary: %{origin_nice} %{majorver} API documentation
Group: Documentation Group: Documentation
Requires: javapackages-filesystem Requires: javapackages-filesystem
Obsoletes: javadoc-debug Obsoletes: javadoc-slowdebug < 1:1.8.0.212.b04-4
BuildArch: noarch BuildArch: noarch
%{java_javadoc_rpo %{nil}} %{java_javadoc_rpo %{nil}}
@ -1537,7 +1547,7 @@ The %{origin_nice} %{majorver} API documentation.
Summary: %{origin_nice} %{majorver} API documentation compressed in a single archive Summary: %{origin_nice} %{majorver} API documentation compressed in a single archive
Group: Documentation Group: Documentation
Requires: javapackages-filesystem Requires: javapackages-filesystem
Obsoletes: javadoc-zip-debug Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.212.b04-4
BuildArch: noarch BuildArch: noarch
%{java_javadoc_rpo %{nil}} %{java_javadoc_rpo %{nil}}
@ -1612,10 +1622,6 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{includ
echo "You have disabled all builds (normal,fastdebug,debug). That is a no go." echo "You have disabled all builds (normal,fastdebug,debug). That is a no go."
exit 14 exit 14
fi fi
if [ %{include_normal_build} -eq 0 ] ; then
echo "You have disabled the normal build, but this is required to provide docs for the debug build."
exit 15
fi
echo "Update version: %{updatever}" echo "Update version: %{updatever}"
echo "Build number: %{buildver}" echo "Build number: %{buildver}"
@ -1746,7 +1752,7 @@ done
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg # Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE15} > nss.fips.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build %build
@ -1913,7 +1919,7 @@ done
%check %check
# We test debug first as it will give better diagnostics on a crash # We test debug first as it will give better diagnostics on a crash
for suffix in %{rev_build_loop} ; do for suffix in %{build_loop} ; do
export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage} export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
@ -1925,10 +1931,25 @@ $JAVA_HOME/bin/java TestCryptoLevel
$JAVA_HOME/bin/javac -d . %{SOURCE14} $JAVA_HOME/bin/javac -d . %{SOURCE14}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check system crypto (policy) can be disabled
$JAVA_HOME/bin/javac -d . %{SOURCE15}
$JAVA_HOME/bin/java -Djava.security.disableSystemPropertiesFile=true $(echo $(basename %{SOURCE15})|sed "s|\.java||")
# Check correct vendor values have been set # Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16} $JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Check java launcher has no SSB mitigation
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
# Check alt-java launcher has SSB mitigation on supported architectures
%ifarch %{ssbd_arches}
nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
%else
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
%endif
# Check debug symbols are present and can identify code # Check debug symbols are present and can identify code
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
do do
@ -2386,6 +2407,32 @@ require "copy_jdk_configs.lua"
%endif %endif
%changelog %changelog
* Fri Jul 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.302.b08-0
- Update to aarch64-shenandoah-jdk8u302-b08 (EA)
- Update release notes for 8u302-b08.
- Switch to GA mode for final release.
- This tarball is embargoed until 2021-07-20 @ 1pm PT.
- Resolves: rhbz#1972395
* Thu Jul 08 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.302.b07-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b07 (EA)
- Update release notes for 8u302-b07.
- Switch to EA mode.
- Cleanup architecture handling
- Fixed not-including fastdebug build in case of --without fastdebug
- Re-order source files to sync with Fedora.
- Introduced nm based check to verify alt-java on x86_64 is patched, and no other alt-java or java is patched
- Patch600, rh1750419-redhat_alt_java.patch, amended to die, if it is used wrongly
- Introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures
- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
- Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
- Fix name of javadoc debug packages in Obsoletes declarations and add version where it was removed.
- Resolves: rhbz#1972395
* Mon Jun 28 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:1.8.0.302.b07-0.0.ea
- Add a test verifying system crypto policies can be disabled
- Resolves: rhbz#1972395
* Tue Apr 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b10-1 * Tue Apr 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b10-1
- Update to aarch64-shenandoah-jdk8u292-b10 (GA) - Update to aarch64-shenandoah-jdk8u292-b10 (GA)
- Update release notes for 8u292-b10. - Update release notes for 8u292-b10.