import UBI java-1.8.0-openjdk-1.8.0.382.b05-2.el9
This commit is contained in:
parent
c5f39fad13
commit
4887fdbef7
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||
5da51f425a78dbdcb00909544cac3385db461e54 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz
|
||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
119
SOURCES/NEWS
119
SOURCES/NEWS
@ -3,6 +3,125 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 8u382 (2023-07-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u382
|
||||
|
||||
* CVEs
|
||||
- CVE-2023-22045
|
||||
- CVE-2023-22049
|
||||
* Security fixes
|
||||
- JDK-8298676: Enhanced Look and Feel
|
||||
- JDK-8300596: Enhance Jar Signature validation
|
||||
- JDK-8304468: Better array usages
|
||||
- JDK-8305312: Enhanced path handling
|
||||
* Other changes
|
||||
- JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace
|
||||
- JDK-8151460: Metaspace counters can have inconsistent values
|
||||
- JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
|
||||
- JDK-8185736: missing default exception handler in calls to rethrow_Stub
|
||||
- JDK-8186801: Add regression test to test mapping based charsets (generated at build time)
|
||||
- JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
|
||||
- JDK-8241311: Move some charset mapping tests from closed to open
|
||||
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
|
||||
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
|
||||
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
- JDK-8276841: Add support for Visual Studio 2022
|
||||
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
|
||||
- JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
|
||||
- JDK-8282345: handle latest VS2022 in abstract_vm_version
|
||||
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
|
||||
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
|
||||
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
|
||||
- JDK-8293232: Fix race condition in pkcs11 SessionManager
|
||||
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
|
||||
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
|
||||
- JDK-8298108: Add a regression test for JDK-8297684
|
||||
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
|
||||
- JDK-8301119: Support for GB18030-2022
|
||||
- JDK-8301400: Allow additional characters for GB18030-2022 support
|
||||
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
|
||||
- JDK-8303028: Update system property for Java SE specification maintenance version
|
||||
- JDK-8303462: Bump update version of OpenJDK: 8u382
|
||||
- JDK-8304760: Add 2 Microsoft TLS roots
|
||||
- JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
|
||||
- JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
||||
- JDK-8305975: Add TWCA Global Root CA
|
||||
- JDK-8307134: Add GTS root CAs
|
||||
- JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8
|
||||
- JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow
|
||||
- JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-libs/java.lang:
|
||||
|
||||
JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
||||
===========================================================================
|
||||
In order to support "Implementation Level 2" of the GB18030-2022
|
||||
standard, the JDK must be able to use characters from the CJK Unified
|
||||
Ideographs Extension E block of Unicode 8.0. The addition of these
|
||||
characters forms Maintenance Release 5 of the Java SE 8 specification,
|
||||
which is implemented in this release of OpenJDK via the addition of a
|
||||
new UnicodeBlock instance,
|
||||
Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E.
|
||||
|
||||
core-libs/java.util.jar:
|
||||
|
||||
8300596: Enhance Jar Signature validation
|
||||
=========================================
|
||||
A System property "jdk.jar.maxSignatureFileSize" is introduced to
|
||||
configure the maximum number of bytes allowed for the
|
||||
signature-related files in a JAR file during verification. The default
|
||||
value is 8000000 bytes (8 MB).
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8307134: Added 4 GTS Root CA Certificates
|
||||
=============================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar1
|
||||
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar2
|
||||
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar3
|
||||
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar4
|
||||
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US
|
||||
|
||||
JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
|
||||
=====================================================================
|
||||
The following root certificates has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Microsoft Corporation
|
||||
Alias Name: microsoftecc2017
|
||||
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
||||
|
||||
Name: Microsoft Corporation
|
||||
Alias Name: microsoftrsa2017
|
||||
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
||||
|
||||
JDK-8305975: Added TWCA Root CA Certificate
|
||||
===========================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: TWCA
|
||||
Alias Name: twcaglobalrootca
|
||||
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
|
||||
|
||||
New in release OpenJDK 8u372 (2023-04-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
@ -256,9 +256,8 @@
|
||||
%global stapinstall %{nil}
|
||||
%endif
|
||||
|
||||
# Always off in portables
|
||||
%ifarch %{systemtap_arches}
|
||||
%global with_systemtap 0
|
||||
%global with_systemtap 1
|
||||
%else
|
||||
%global with_systemtap 0
|
||||
%endif
|
||||
@ -298,7 +297,7 @@
|
||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||
%global shenandoah_project openjdk
|
||||
%global shenandoah_repo shenandoah-jdk8u
|
||||
%global openjdk_revision jdk8u372-b07
|
||||
%global openjdk_revision jdk8u382-b05
|
||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||
# Define old aarch64/jdk8u tree variables for compatibility
|
||||
%global project %{shenandoah_project}
|
||||
@ -395,20 +394,6 @@
|
||||
%global alternatives_requires %{_sbindir}/alternatives
|
||||
%endif
|
||||
|
||||
%if %{with_systemtap}
|
||||
# Where to install systemtap tapset (links)
|
||||
# We would like these to be in a package specific sub-dir,
|
||||
# but currently systemtap doesn't support that, so we have to
|
||||
# use the root tapset dir for now. To distinguish between 64
|
||||
# and 32 bit architectures we place the tapsets under the arch
|
||||
# specific dir (note that systemtap will only pickup the tapset
|
||||
# for the primary arch for now). Systemtap uses the machine name
|
||||
# aka target_cpu as architecture specific directory name.
|
||||
%global tapsetroot /usr/share/systemtap
|
||||
%global tapsetdirttapset %{tapsetroot}/tapset/
|
||||
%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
|
||||
%endif
|
||||
|
||||
# Prevent brp-java-repack-jars from being run.
|
||||
%global __jar_repack 0
|
||||
|
||||
@ -465,8 +450,7 @@ Source7: NEWS
|
||||
# Use 'icedtea_sync.sh' to update the following
|
||||
# They are based on code contained in the IcedTea project (3.x).
|
||||
# Systemtap tapsets. Zipped up to keep it small.
|
||||
# Disabled in portables
|
||||
#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
|
||||
Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
|
||||
|
||||
# Desktop files. Adapted from IcedTea
|
||||
# Disabled in portables
|
||||
@ -628,8 +612,6 @@ Patch12: jdk8186464-rh1433262-zip64_failure.patch
|
||||
# able to be removed once that release is out
|
||||
# and used by this RPM.
|
||||
#############################################
|
||||
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -718,6 +700,8 @@ BuildRequires: lcms2-devel
|
||||
BuildRequires: libjpeg-devel
|
||||
BuildRequires: libpng-devel
|
||||
%else
|
||||
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
|
||||
Provides: bundled(zlib) = 1.2.13
|
||||
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
|
||||
Provides: bundled(giflib) = 5.2.1
|
||||
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
|
||||
@ -887,8 +871,6 @@ pushd %{top_level_dir_name}
|
||||
%patch1000 -p1
|
||||
# system cacerts support
|
||||
%patch539 -p1
|
||||
# 8u382 fix
|
||||
%patch2001 -p1
|
||||
popd
|
||||
|
||||
# RPM-only fixes
|
||||
@ -915,17 +897,7 @@ cp -r tapset tapset%{fastdebug_suffix}
|
||||
|
||||
for suffix in %{build_loop} ; do
|
||||
for file in "tapset"$suffix/*.in; do
|
||||
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
|
||||
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1
|
||||
# TODO find out which architectures other than i686 have a client vm
|
||||
%ifarch %{ix86}
|
||||
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
|
||||
%else
|
||||
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
|
||||
%endif
|
||||
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
|
||||
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
|
||||
sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
|
||||
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $file
|
||||
done
|
||||
done
|
||||
# systemtap tapsets ends
|
||||
@ -1136,6 +1108,7 @@ function packagejdk() {
|
||||
local bundledir=$(pwd)/${1}/bundles
|
||||
local packagesdir=$(pwd)/${2}
|
||||
local srcdir=$(pwd)/%{top_level_dir_name}
|
||||
local tapsetdir=$(pwd)/tapset
|
||||
|
||||
echo "Packaging build from ${imagesdir} to ${packagesdir}..."
|
||||
mkdir -p ${packagesdir}
|
||||
@ -1197,6 +1170,9 @@ function packagejdk() {
|
||||
for s in 16 24 32 48 ; do
|
||||
cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname}
|
||||
done
|
||||
%if %{with_systemtap}
|
||||
cp -a ${tapsetdir}* ${miscname}
|
||||
%endif
|
||||
tar -cJf ${miscarchive} ${miscname}
|
||||
genchecksum ${miscarchive}
|
||||
fi
|
||||
@ -1524,6 +1500,27 @@ done
|
||||
%{_jvmdir}/%{miscportablearchive}.sha256sum
|
||||
|
||||
%changelog
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-2
|
||||
- Re-enable SystemTap support and perform only substitutions possible without final NVR available
|
||||
- Include tapsets in the miscellaneous tarball
|
||||
- Drop unused globals for tapset installation
|
||||
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
|
||||
- Update to shenandoah-jdk8u372-b05 (GA)
|
||||
- Update release notes for shenandoah-8u372-b05.
|
||||
- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
|
||||
|
||||
* Fri Jul 07 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b04-0.1.ea
|
||||
- Update to shenandoah-jdk8u382-b04 (EA)
|
||||
- Update release notes for shenandoah-8u382-b04.
|
||||
|
||||
* Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
|
||||
- Update to shenandoah-jdk8u382-b01 (EA)
|
||||
- Update release notes for shenandoah-8u382-b01.
|
||||
- Switch to EA mode.
|
||||
- Remove JDK-8271199 patch which is now upstream.
|
||||
- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
|
||||
|
||||
* Thu Apr 27 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
|
||||
- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
|
||||
- Fix debug symbols flag to newboot and package naming
|
||||
|
@ -1,167 +0,0 @@
|
||||
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
|
||||
Author: Alexey Bakhtin <abakhtin@openjdk.org>
|
||||
Date: Tue Apr 4 10:29:11 2023 +0000
|
||||
|
||||
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
|
||||
Reviewed-by: andrew, mbalao
|
||||
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
|
||||
|
||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
index a79e97d7c74..5378446b97b 100644
|
||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
@Override
|
||||
protected void engineInitVerify(PublicKey publicKey)
|
||||
throws InvalidKeyException {
|
||||
- if (!(publicKey instanceof RSAPublicKey)) {
|
||||
+ if (publicKey instanceof RSAPublicKey) {
|
||||
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
|
||||
+ isPublicKeyValid(rsaPubKey);
|
||||
+ this.pubKey = rsaPubKey;
|
||||
+ this.privKey = null;
|
||||
+ resetDigest();
|
||||
+ } else {
|
||||
throw new InvalidKeyException("key must be RSAPublicKey");
|
||||
}
|
||||
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
|
||||
- this.privKey = null;
|
||||
- resetDigest();
|
||||
}
|
||||
|
||||
// initialize for signing. See JCA doc
|
||||
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
@Override
|
||||
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
|
||||
throws InvalidKeyException {
|
||||
- if (!(privateKey instanceof RSAPrivateKey)) {
|
||||
+ if (privateKey instanceof RSAPrivateKey) {
|
||||
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
|
||||
+ isPrivateKeyValid(rsaPrivateKey);
|
||||
+ this.privKey = rsaPrivateKey;
|
||||
+ this.pubKey = null;
|
||||
+ this.random =
|
||||
+ (random == null ? JCAUtil.getSecureRandom() : random);
|
||||
+ resetDigest();
|
||||
+ } else {
|
||||
throw new InvalidKeyException("key must be RSAPrivateKey");
|
||||
}
|
||||
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
|
||||
- this.pubKey = null;
|
||||
- this.random =
|
||||
- (random == null? JCAUtil.getSecureRandom() : random);
|
||||
- resetDigest();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Validate the specified RSAPrivateKey
|
||||
+ */
|
||||
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
|
||||
+ try {
|
||||
+ if (prKey instanceof RSAPrivateCrtKey) {
|
||||
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
|
||||
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ crtKey.getModulus().bitLength(),
|
||||
+ crtKey.getPublicExponent());
|
||||
+ } else {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Some of the CRT-specific components are not available");
|
||||
+ }
|
||||
+ } else {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ prKey.getModulus().bitLength(),
|
||||
+ null);
|
||||
+ }
|
||||
+ } catch (InvalidKeyException ikEx) {
|
||||
+ throw ikEx;
|
||||
+ } catch (Exception e) {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Can not access private key components", e);
|
||||
+ }
|
||||
+ isValid(prKey);
|
||||
+ }
|
||||
+
|
||||
+ /**
|
||||
+ * Validate the specified RSAPublicKey
|
||||
+ */
|
||||
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
|
||||
+ try {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ pKey.getModulus().bitLength(),
|
||||
+ pKey.getPublicExponent());
|
||||
+ } catch (InvalidKeyException ikEx) {
|
||||
+ throw ikEx;
|
||||
+ } catch (Exception e) {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Can not access public key components", e);
|
||||
+ }
|
||||
+ isValid(pKey);
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Validate the specified RSAKey and its associated parameters against
|
||||
* internal signature parameters.
|
||||
*/
|
||||
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||
try {
|
||||
AlgorithmParameterSpec keyParams = rsaKey.getParams();
|
||||
// validate key parameters
|
||||
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
}
|
||||
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
|
||||
}
|
||||
- return rsaKey;
|
||||
} catch (SignatureException e) {
|
||||
throw new InvalidKeyException(e);
|
||||
}
|
||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
index 6b219937981..b3c1fae9672 100644
|
||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
|
||||
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
|
||||
// check all CRT-specific components are available, if any one
|
||||
// missing, return a non-CRT key instead
|
||||
- if ((key.getPublicExponent().signum() == 0) ||
|
||||
- (key.getPrimeExponentP().signum() == 0) ||
|
||||
- (key.getPrimeExponentQ().signum() == 0) ||
|
||||
- (key.getPrimeP().signum() == 0) ||
|
||||
- (key.getPrimeQ().signum() == 0) ||
|
||||
- (key.getCrtCoefficient().signum() == 0)) {
|
||||
+ if (checkComponents(key)) {
|
||||
+ return key;
|
||||
+ } else {
|
||||
return new RSAPrivateKeyImpl(
|
||||
key.algid,
|
||||
key.getModulus(),
|
||||
- key.getPrivateExponent()
|
||||
- );
|
||||
- } else {
|
||||
- return key;
|
||||
+ key.getPrivateExponent());
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Validate if all CRT-specific components are available.
|
||||
+ */
|
||||
+ static boolean checkComponents(RSAPrivateCrtKey key) {
|
||||
+ return !((key.getPublicExponent().signum() == 0) ||
|
||||
+ (key.getPrimeExponentP().signum() == 0) ||
|
||||
+ (key.getPrimeExponentQ().signum() == 0) ||
|
||||
+ (key.getPrimeP().signum() == 0) ||
|
||||
+ (key.getPrimeQ().signum() == 0) ||
|
||||
+ (key.getCrtCoefficient().signum() == 0));
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Generate a new key from the specified type and components.
|
||||
* Returns a CRT key if possible and a non-CRT key otherwise.
|
@ -1,3 +1,8 @@
|
||||
# To rebuild this RPM, you must first rebuild the portable
|
||||
# RPM using the java-1.8.0-openjdk-portable.specfile, install
|
||||
# it and then adjust portablerelease and portablesuffix
|
||||
# to match the new portable.
|
||||
|
||||
# RPM conditionals so as to be able to dynamically produce
|
||||
# slowdebug/release builds. See:
|
||||
# http://rpm.org/user_doc/conditional_builds.html
|
||||
@ -338,7 +343,7 @@
|
||||
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
|
||||
%global shenandoah_project openjdk
|
||||
%global shenandoah_repo shenandoah-jdk8u
|
||||
%global openjdk_revision jdk8u372-b07
|
||||
%global openjdk_revision jdk8u382-b05
|
||||
%global shenandoah_revision shenandoah-%{openjdk_revision}
|
||||
# Define old aarch64/jdk8u tree variables for compatibility
|
||||
%global project %{shenandoah_project}
|
||||
@ -1365,6 +1370,8 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
|
||||
Name: java-%{javaver}-%{origin}
|
||||
Version: %{javaver}.%{updatever}.%{buildver}
|
||||
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
|
||||
# Equivalent for the portable build
|
||||
%global prelease %{?eaprefix}%{portablerelease}%{?extraver}
|
||||
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
|
||||
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
|
||||
# also included the epoch in their virtual provides. This created a
|
||||
@ -1448,11 +1455,11 @@ Source19: README.md
|
||||
Source20: java-1.%{majorver}.0-openjdk-portable.specfile
|
||||
|
||||
# Setup variables to reference correct sources
|
||||
%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz
|
||||
%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz
|
||||
%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz
|
||||
%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
|
||||
%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
|
||||
%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.unstripped.jdk.%{_arch}.tar.xz
|
||||
%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.docs.%{_arch}.tar.xz
|
||||
%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.misc.%{_arch}.tar.xz
|
||||
%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
|
||||
%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
|
||||
|
||||
############################################
|
||||
#
|
||||
@ -1575,8 +1582,7 @@ Patch581: jdk8257794-remove_broken_assert.patch
|
||||
# able to be removed once that release is out
|
||||
# and used by this RPM.
|
||||
#############################################
|
||||
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
|
||||
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1644,16 +1650,16 @@ BuildRequires: unzip
|
||||
BuildRequires: javapackages-filesystem
|
||||
%ifarch %{portable_build_arches}
|
||||
%if %{include_normal_build}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||
%endif
|
||||
%if %{include_fastdebug_build}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||
%endif
|
||||
%if %{include_debug_build}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||
%endif
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
|
||||
%else
|
||||
# Require a boot JDK which doesn't fail due to RH1482244
|
||||
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
|
||||
@ -1678,6 +1684,8 @@ BuildRequires: lcms2-devel
|
||||
BuildRequires: libjpeg-devel
|
||||
BuildRequires: libpng-devel
|
||||
%else
|
||||
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
|
||||
Provides: bundled(zlib) = 1.2.13
|
||||
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
|
||||
Provides: bundled(giflib) = 5.2.1
|
||||
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
|
||||
@ -1985,8 +1993,6 @@ pushd %{top_level_dir_name}
|
||||
%patch1000 -p1
|
||||
# cacerts patch; must follow FIPS patch as it also alters java.security
|
||||
%patch539 -p1
|
||||
# 8u382 fix
|
||||
%patch2001 -p1
|
||||
popd
|
||||
|
||||
# RPM-only fixes
|
||||
@ -2000,6 +2006,8 @@ popd
|
||||
|
||||
# Shenandoah patches
|
||||
|
||||
%ifnarch %{portable_build_arches}
|
||||
|
||||
# Extract systemtap tapsets
|
||||
%if %{with_systemtap}
|
||||
tar --strip-components=1 -x -I xz -f %{SOURCE8}
|
||||
@ -2010,7 +2018,6 @@ cp -r tapset tapset%{debug_suffix}
|
||||
cp -r tapset tapset%{fastdebug_suffix}
|
||||
%endif
|
||||
|
||||
|
||||
for suffix in %{build_loop} ; do
|
||||
for file in "tapset"$suffix/*.in; do
|
||||
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
|
||||
@ -2029,6 +2036,9 @@ done
|
||||
# systemtap tapsets ends
|
||||
%endif
|
||||
|
||||
# non-portable_build only section ends
|
||||
%endif
|
||||
|
||||
# Prepare desktop files
|
||||
# The _X_ syntax indicates variables that are replaced by make upstream
|
||||
# The @X@ syntax indicates variables that are replaced by configure upstream
|
||||
@ -2251,6 +2261,20 @@ function customisejdk() {
|
||||
fi
|
||||
}
|
||||
|
||||
%ifarch %{portable_build_arches}
|
||||
|
||||
mkdir -p $(dirname %{installoutputdir})
|
||||
|
||||
docdir=%{installoutputdir -- "-docs"}
|
||||
tar -xJf %{docszip}
|
||||
mv %{name}*.docs.* ${docdir}
|
||||
|
||||
miscdir=%{installoutputdir -- "-misc"}
|
||||
tar -xJf %{misczip}
|
||||
mv %{name}*.misc.* ${miscdir}
|
||||
|
||||
%endif
|
||||
|
||||
for suffix in %{build_loop} ; do
|
||||
|
||||
%ifarch %{portable_build_arches}
|
||||
@ -2269,16 +2293,31 @@ for suffix in %{build_loop} ; do
|
||||
|
||||
# TODO: should verify checksums when using packages from buildroot
|
||||
tar -xJf ${jdkzip}
|
||||
mkdir -p $(dirname ${installdir})
|
||||
mv %{name}* ${installdir}
|
||||
# Fix build paths in ELF files so it looks like we built them
|
||||
portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}"
|
||||
portablenvr="%{name}-portable-%{version}-%{prelease}.%{portablesuffix}.%{_arch}"
|
||||
for file in $(find ${installdir} -type f) ; do
|
||||
if file ${file} | grep -q 'ELF'; then
|
||||
%{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file}
|
||||
fi
|
||||
done
|
||||
|
||||
# Set tapset variables to match this build
|
||||
%if %{with_systemtap}
|
||||
for file in ${miscdir}/tapset${suffix}/*.in; do
|
||||
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
|
||||
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > ${OUTPUT_FILE}
|
||||
# TODO find out which architectures other than i686 have a client vm
|
||||
%ifarch %{ix86}
|
||||
sed -i -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" ${OUTPUT_FILE}
|
||||
%else
|
||||
sed -i -e "/@ABS_CLIENT_LIBJVM_SO@/d" ${OUTPUT_FILE}
|
||||
%endif
|
||||
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
|
||||
sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
|
||||
done
|
||||
%endif
|
||||
|
||||
%else
|
||||
|
||||
if [ "x$suffix" = "x" ] ; then
|
||||
@ -2328,18 +2367,6 @@ for suffix in %{build_loop} ; do
|
||||
# build cycles
|
||||
done
|
||||
|
||||
%ifarch %{portable_build_arches}
|
||||
|
||||
docdir=%{installoutputdir -- "-docs"}
|
||||
tar -xJf %{docszip}
|
||||
mv %{name}*.docs.* ${docdir}
|
||||
|
||||
miscdir=%{installoutputdir -- "-misc"}
|
||||
tar -xJf %{misczip}
|
||||
mv %{name}*.misc.* ${miscdir}
|
||||
|
||||
%endif
|
||||
|
||||
%check
|
||||
|
||||
# We test debug first as it will give better diagnostics on a crash
|
||||
@ -2477,7 +2504,7 @@ for suffix in %{build_loop} ; do
|
||||
%ifarch %{portable_build_arches}
|
||||
jdk_image=%{installoutputdir -- $suffix}
|
||||
docdir=$(pwd)/%{installoutputdir -- "-docs"}
|
||||
miscdir=%{installoutputdir -- "-misc"}
|
||||
miscdir=$(pwd)/%{installoutputdir -- "-misc"}
|
||||
%else
|
||||
jdk_image=%{installoutputdir -- $suffix}/images/%{jdkimage}
|
||||
docdir=%{installoutputdir -- $suffix}
|
||||
@ -2495,23 +2522,20 @@ for suffix in %{build_loop} ; do
|
||||
cp -a %{SOURCE19} %{SOURCE20} ${commondocdir}
|
||||
|
||||
# Install the jdk
|
||||
pushd ${jdk_image}
|
||||
|
||||
# Install jsa directories so we can owe them
|
||||
# Install jsa directories so we can own them
|
||||
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/
|
||||
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/client/
|
||||
|
||||
# Install main files.
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
|
||||
cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
|
||||
|
||||
%if %{with_systemtap}
|
||||
# Install systemtap support files
|
||||
install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
|
||||
%ifarch %{portable_build_arches}
|
||||
cp -a ${miscdir}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
|
||||
%else
|
||||
# note, that uniquesuffix is in BUILD dir in this case
|
||||
cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
|
||||
%endif
|
||||
pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
|
||||
tapsetFiles=`ls *.stp`
|
||||
popd
|
||||
@ -2527,6 +2551,14 @@ for suffix in %{build_loop} ; do
|
||||
ln -sf %{jredir -- $suffix} %{jrelnk -- $suffix}
|
||||
popd
|
||||
|
||||
pushd ${jdk_image}
|
||||
|
||||
# Install main files.
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
|
||||
cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
|
||||
|
||||
# Remove javaws man page
|
||||
rm -f man/man1/javaws*
|
||||
|
||||
@ -2550,7 +2582,7 @@ for suffix in %{build_loop} ; do
|
||||
fi
|
||||
cp -a sample $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
||||
|
||||
popd
|
||||
popd
|
||||
|
||||
if ! echo $suffix | grep -q "debug" ; then
|
||||
# Install Javadoc documentation
|
||||
@ -2850,6 +2882,45 @@ cjc.mainProgram(args)
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jul 19 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-2
|
||||
- Bump release number so we are newer than 9.0
|
||||
- Related: rhbz#2221106
|
||||
|
||||
* Sat Jul 15 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
|
||||
- The 'prelease' variable should refer to 'portablerelease', not 'rpmrelease'
|
||||
- Move file installation back within the pushd to jdk_image
|
||||
- Related: rhbz#2221106
|
||||
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
|
||||
- Update to shenandoah-jdk8u372-b05 (GA)
|
||||
- Update release notes for shenandoah-8u372-b05.
|
||||
- Sync the copy of the portable specfile with the latest update
|
||||
- Add note at top of spec file about rebuilding
|
||||
- Use tapsets from the misc tarball on portable builds
|
||||
- Make sure root installation directory is created first
|
||||
- Use in-place substitution for all but the first of the tapset changes
|
||||
- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
|
||||
- Resolves: rhbz#2221106
|
||||
|
||||
* Fri Jul 07 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b04-0.1.ea
|
||||
- Update to shenandoah-jdk8u382-b04 (EA)
|
||||
- Update release notes for shenandoah-8u382-b04.
|
||||
- Sync the copy of the portable specfile with the latest update
|
||||
- Resolves: rhbz#2217711
|
||||
|
||||
* Wed Jul 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
|
||||
- Introduce 'prelease' for the portable release versioning, to handle EA builds
|
||||
- Sync the copy of the portable specfile with the latest update
|
||||
- Related: rhbz#2217711
|
||||
|
||||
* Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
|
||||
- Update to shenandoah-jdk8u382-b01 (EA)
|
||||
- Update release notes for shenandoah-8u382-b01.
|
||||
- Switch to EA mode.
|
||||
- Remove JDK-8271199 patch which is now upstream.
|
||||
- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
|
||||
- Related: rhbz#2217711
|
||||
|
||||
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
|
||||
- Update to shenandoah-jdk8u372-b07 (GA)
|
||||
- Update release notes for shenandoah-8u372-b07.
|
||||
|
Loading…
Reference in New Issue
Block a user