import UBI java-1.8.0-openjdk-1.8.0.382.b05-2.el9

This commit is contained in:
Andrew Lukoshko 2023-07-20 16:54:41 +00:00
parent c5f39fad13
commit 4887fdbef7
6 changed files with 263 additions and 243 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -1,2 +1,2 @@
3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
5da51f425a78dbdcb00909544cac3385db461e54 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -3,6 +3,125 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u382 (2023-07-18):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u382
* CVEs
- CVE-2023-22045
- CVE-2023-22049
* Security fixes
- JDK-8298676: Enhanced Look and Feel
- JDK-8300596: Enhance Jar Signature validation
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
* Other changes
- JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace
- JDK-8151460: Metaspace counters can have inconsistent values
- JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
- JDK-8185736: missing default exception handler in calls to rethrow_Stub
- JDK-8186801: Add regression test to test mapping based charsets (generated at build time)
- JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
- JDK-8241311: Move some charset mapping tests from closed to open
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
- JDK-8276841: Add support for Visual Studio 2022
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
- JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
- JDK-8282345: handle latest VS2022 in abstract_vm_version
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
- JDK-8293232: Fix race condition in pkcs11 SessionManager
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
- JDK-8298108: Add a regression test for JDK-8297684
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
- JDK-8301119: Support for GB18030-2022
- JDK-8301400: Allow additional characters for GB18030-2022 support
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
- JDK-8303028: Update system property for Java SE specification maintenance version
- JDK-8303462: Bump update version of OpenJDK: 8u382
- JDK-8304760: Add 2 Microsoft TLS roots
- JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
- JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
- JDK-8305975: Add TWCA Global Root CA
- JDK-8307134: Add GTS root CAs
- JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8
- JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow
- JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119
Notes on individual issues:
===========================
core-libs/java.lang:
JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
===========================================================================
In order to support "Implementation Level 2" of the GB18030-2022
standard, the JDK must be able to use characters from the CJK Unified
Ideographs Extension E block of Unicode 8.0. The addition of these
characters forms Maintenance Release 5 of the Java SE 8 specification,
which is implemented in this release of OpenJDK via the addition of a
new UnicodeBlock instance,
Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E.
core-libs/java.util.jar:
8300596: Enhance Jar Signature validation
=========================================
A System property "jdk.jar.maxSignatureFileSize" is introduced to
configure the maximum number of bytes allowed for the
signature-related files in a JAR file during verification. The default
value is 8000000 bytes (8 MB).
security-libs/java.security:
JDK-8307134: Added 4 GTS Root CA Certificates
=============================================
The following root certificates have been added to the cacerts
truststore:
Name: Google Trust Services LLC
Alias Name: gtsrootcar1
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar2
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar3
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar4
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US
JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
=====================================================================
The following root certificates has been added to the cacerts
truststore:
Name: Microsoft Corporation
Alias Name: microsoftecc2017
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
Name: Microsoft Corporation
Alias Name: microsoftrsa2017
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
JDK-8305975: Added TWCA Root CA Certificate
===========================================
The following root certificate has been added to the cacerts
truststore:
Name: TWCA
Alias Name: twcaglobalrootca
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
New in release OpenJDK 8u372 (2023-04-18):
===========================================
Live versions of these release notes can be found at:

View File

@ -256,9 +256,8 @@
%global stapinstall %{nil}
%endif
# Always off in portables
%ifarch %{systemtap_arches}
%global with_systemtap 0
%global with_systemtap 1
%else
%global with_systemtap 0
%endif
@ -298,7 +297,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u372-b07
%global openjdk_revision jdk8u382-b05
%global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
@ -395,20 +394,6 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
# but currently systemtap doesn't support that, so we have to
# use the root tapset dir for now. To distinguish between 64
# and 32 bit architectures we place the tapsets under the arch
# specific dir (note that systemtap will only pickup the tapset
# for the primary arch for now). Systemtap uses the machine name
# aka target_cpu as architecture specific directory name.
%global tapsetroot /usr/share/systemtap
%global tapsetdirttapset %{tapsetroot}/tapset/
%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
%endif
# Prevent brp-java-repack-jars from being run.
%global __jar_repack 0
@ -465,8 +450,7 @@ Source7: NEWS
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (3.x).
# Systemtap tapsets. Zipped up to keep it small.
# Disabled in portables
#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea
# Disabled in portables
@ -628,8 +612,6 @@ Patch12: jdk8186464-rh1433262-zip64_failure.patch
# able to be removed once that release is out
# and used by this RPM.
#############################################
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
#############################################
#
@ -718,6 +700,8 @@ BuildRequires: lcms2-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%else
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
Provides: bundled(zlib) = 1.2.13
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
@ -887,8 +871,6 @@ pushd %{top_level_dir_name}
%patch1000 -p1
# system cacerts support
%patch539 -p1
# 8u382 fix
%patch2001 -p1
popd
# RPM-only fixes
@ -915,17 +897,7 @@ cp -r tapset tapset%{fastdebug_suffix}
for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1
# TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86}
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
%else
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
%endif
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $file
done
done
# systemtap tapsets ends
@ -1136,6 +1108,7 @@ function packagejdk() {
local bundledir=$(pwd)/${1}/bundles
local packagesdir=$(pwd)/${2}
local srcdir=$(pwd)/%{top_level_dir_name}
local tapsetdir=$(pwd)/tapset
echo "Packaging build from ${imagesdir} to ${packagesdir}..."
mkdir -p ${packagesdir}
@ -1197,6 +1170,9 @@ function packagejdk() {
for s in 16 24 32 48 ; do
cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname}
done
%if %{with_systemtap}
cp -a ${tapsetdir}* ${miscname}
%endif
tar -cJf ${miscarchive} ${miscname}
genchecksum ${miscarchive}
fi
@ -1524,6 +1500,27 @@ done
%{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-2
- Re-enable SystemTap support and perform only substitutions possible without final NVR available
- Include tapsets in the miscellaneous tarball
- Drop unused globals for tapset installation
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
- Update to shenandoah-jdk8u372-b05 (GA)
- Update release notes for shenandoah-8u372-b05.
- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
* Fri Jul 07 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b04-0.1.ea
- Update to shenandoah-jdk8u382-b04 (EA)
- Update release notes for shenandoah-8u382-b04.
* Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
- Update to shenandoah-jdk8u382-b01 (EA)
- Update release notes for shenandoah-8u382-b01.
- Switch to EA mode.
- Remove JDK-8271199 patch which is now upstream.
- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
* Thu Apr 27 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
- Fix debug symbols flag to newboot and package naming

View File

@ -1,167 +0,0 @@
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
Author: Alexey Bakhtin <abakhtin@openjdk.org>
Date: Tue Apr 4 10:29:11 2023 +0000
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Reviewed-by: andrew, mbalao
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
index a79e97d7c74..5378446b97b 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitVerify(PublicKey publicKey)
throws InvalidKeyException {
- if (!(publicKey instanceof RSAPublicKey)) {
+ if (publicKey instanceof RSAPublicKey) {
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
+ isPublicKeyValid(rsaPubKey);
+ this.pubKey = rsaPubKey;
+ this.privKey = null;
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPublicKey");
}
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
- this.privKey = null;
- resetDigest();
}
// initialize for signing. See JCA doc
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
throws InvalidKeyException {
- if (!(privateKey instanceof RSAPrivateKey)) {
+ if (privateKey instanceof RSAPrivateKey) {
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
+ isPrivateKeyValid(rsaPrivateKey);
+ this.privKey = rsaPrivateKey;
+ this.pubKey = null;
+ this.random =
+ (random == null ? JCAUtil.getSecureRandom() : random);
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPrivateKey");
}
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
- this.pubKey = null;
- this.random =
- (random == null? JCAUtil.getSecureRandom() : random);
- resetDigest();
}
/**
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
}
}
+ /**
+ * Validate the specified RSAPrivateKey
+ */
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
+ try {
+ if (prKey instanceof RSAPrivateCrtKey) {
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ crtKey.getModulus().bitLength(),
+ crtKey.getPublicExponent());
+ } else {
+ throw new InvalidKeyException(
+ "Some of the CRT-specific components are not available");
+ }
+ } else {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ prKey.getModulus().bitLength(),
+ null);
+ }
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access private key components", e);
+ }
+ isValid(prKey);
+ }
+
+ /**
+ * Validate the specified RSAPublicKey
+ */
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
+ try {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ pKey.getModulus().bitLength(),
+ pKey.getPublicExponent());
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access public key components", e);
+ }
+ isValid(pKey);
+ }
+
/**
* Validate the specified RSAKey and its associated parameters against
* internal signature parameters.
*/
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
try {
AlgorithmParameterSpec keyParams = rsaKey.getParams();
// validate key parameters
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
}
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
}
- return rsaKey;
} catch (SignatureException e) {
throw new InvalidKeyException(e);
}
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
index 6b219937981..b3c1fae9672 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
// check all CRT-specific components are available, if any one
// missing, return a non-CRT key instead
- if ((key.getPublicExponent().signum() == 0) ||
- (key.getPrimeExponentP().signum() == 0) ||
- (key.getPrimeExponentQ().signum() == 0) ||
- (key.getPrimeP().signum() == 0) ||
- (key.getPrimeQ().signum() == 0) ||
- (key.getCrtCoefficient().signum() == 0)) {
+ if (checkComponents(key)) {
+ return key;
+ } else {
return new RSAPrivateKeyImpl(
key.algid,
key.getModulus(),
- key.getPrivateExponent()
- );
- } else {
- return key;
+ key.getPrivateExponent());
}
}
+ /**
+ * Validate if all CRT-specific components are available.
+ */
+ static boolean checkComponents(RSAPrivateCrtKey key) {
+ return !((key.getPublicExponent().signum() == 0) ||
+ (key.getPrimeExponentP().signum() == 0) ||
+ (key.getPrimeExponentQ().signum() == 0) ||
+ (key.getPrimeP().signum() == 0) ||
+ (key.getPrimeQ().signum() == 0) ||
+ (key.getCrtCoefficient().signum() == 0));
+ }
+
/**
* Generate a new key from the specified type and components.
* Returns a CRT key if possible and a non-CRT key otherwise.

View File

@ -1,3 +1,8 @@
# To rebuild this RPM, you must first rebuild the portable
# RPM using the java-1.8.0-openjdk-portable.specfile, install
# it and then adjust portablerelease and portablesuffix
# to match the new portable.
# RPM conditionals so as to be able to dynamically produce
# slowdebug/release builds. See:
# http://rpm.org/user_doc/conditional_builds.html
@ -338,7 +343,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u372-b07
%global openjdk_revision jdk8u382-b05
%global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
@ -1365,6 +1370,8 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
# Equivalent for the portable build
%global prelease %{?eaprefix}%{portablerelease}%{?extraver}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -1448,11 +1455,11 @@ Source19: README.md
Source20: java-1.%{majorver}.0-openjdk-portable.specfile
# Setup variables to reference correct sources
%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz
%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz
%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz
%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.unstripped.jdk.%{_arch}.tar.xz
%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.docs.%{_arch}.tar.xz
%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.misc.%{_arch}.tar.xz
%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
############################################
#
@ -1575,8 +1582,7 @@ Patch581: jdk8257794-remove_broken_assert.patch
# able to be removed once that release is out
# and used by this RPM.
#############################################
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
#############################################
#
@ -1644,16 +1650,16 @@ BuildRequires: unzip
BuildRequires: javapackages-filesystem
%ifarch %{portable_build_arches}
%if %{include_normal_build}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
%endif
%if %{include_fastdebug_build}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
%endif
%if %{include_debug_build}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
%endif
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
%else
# Require a boot JDK which doesn't fail due to RH1482244
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
@ -1678,6 +1684,8 @@ BuildRequires: lcms2-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%else
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
Provides: bundled(zlib) = 1.2.13
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
@ -1985,8 +1993,6 @@ pushd %{top_level_dir_name}
%patch1000 -p1
# cacerts patch; must follow FIPS patch as it also alters java.security
%patch539 -p1
# 8u382 fix
%patch2001 -p1
popd
# RPM-only fixes
@ -2000,6 +2006,8 @@ popd
# Shenandoah patches
%ifnarch %{portable_build_arches}
# Extract systemtap tapsets
%if %{with_systemtap}
tar --strip-components=1 -x -I xz -f %{SOURCE8}
@ -2010,7 +2018,6 @@ cp -r tapset tapset%{debug_suffix}
cp -r tapset tapset%{fastdebug_suffix}
%endif
for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
@ -2029,6 +2036,9 @@ done
# systemtap tapsets ends
%endif
# non-portable_build only section ends
%endif
# Prepare desktop files
# The _X_ syntax indicates variables that are replaced by make upstream
# The @X@ syntax indicates variables that are replaced by configure upstream
@ -2251,6 +2261,20 @@ function customisejdk() {
fi
}
%ifarch %{portable_build_arches}
mkdir -p $(dirname %{installoutputdir})
docdir=%{installoutputdir -- "-docs"}
tar -xJf %{docszip}
mv %{name}*.docs.* ${docdir}
miscdir=%{installoutputdir -- "-misc"}
tar -xJf %{misczip}
mv %{name}*.misc.* ${miscdir}
%endif
for suffix in %{build_loop} ; do
%ifarch %{portable_build_arches}
@ -2269,16 +2293,31 @@ for suffix in %{build_loop} ; do
# TODO: should verify checksums when using packages from buildroot
tar -xJf ${jdkzip}
mkdir -p $(dirname ${installdir})
mv %{name}* ${installdir}
# Fix build paths in ELF files so it looks like we built them
portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}"
portablenvr="%{name}-portable-%{version}-%{prelease}.%{portablesuffix}.%{_arch}"
for file in $(find ${installdir} -type f) ; do
if file ${file} | grep -q 'ELF'; then
%{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file}
fi
done
# Set tapset variables to match this build
%if %{with_systemtap}
for file in ${miscdir}/tapset${suffix}/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > ${OUTPUT_FILE}
# TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86}
sed -i -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" ${OUTPUT_FILE}
%else
sed -i -e "/@ABS_CLIENT_LIBJVM_SO@/d" ${OUTPUT_FILE}
%endif
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
done
%endif
%else
if [ "x$suffix" = "x" ] ; then
@ -2328,18 +2367,6 @@ for suffix in %{build_loop} ; do
# build cycles
done
%ifarch %{portable_build_arches}
docdir=%{installoutputdir -- "-docs"}
tar -xJf %{docszip}
mv %{name}*.docs.* ${docdir}
miscdir=%{installoutputdir -- "-misc"}
tar -xJf %{misczip}
mv %{name}*.misc.* ${miscdir}
%endif
%check
# We test debug first as it will give better diagnostics on a crash
@ -2477,7 +2504,7 @@ for suffix in %{build_loop} ; do
%ifarch %{portable_build_arches}
jdk_image=%{installoutputdir -- $suffix}
docdir=$(pwd)/%{installoutputdir -- "-docs"}
miscdir=%{installoutputdir -- "-misc"}
miscdir=$(pwd)/%{installoutputdir -- "-misc"}
%else
jdk_image=%{installoutputdir -- $suffix}/images/%{jdkimage}
docdir=%{installoutputdir -- $suffix}
@ -2495,23 +2522,20 @@ for suffix in %{build_loop} ; do
cp -a %{SOURCE19} %{SOURCE20} ${commondocdir}
# Install the jdk
pushd ${jdk_image}
# Install jsa directories so we can owe them
# Install jsa directories so we can own them
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/client/
# Install main files.
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
%if %{with_systemtap}
# Install systemtap support files
install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
%ifarch %{portable_build_arches}
cp -a ${miscdir}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
%else
# note, that uniquesuffix is in BUILD dir in this case
cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
%endif
pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
tapsetFiles=`ls *.stp`
popd
@ -2527,6 +2551,14 @@ for suffix in %{build_loop} ; do
ln -sf %{jredir -- $suffix} %{jrelnk -- $suffix}
popd
pushd ${jdk_image}
# Install main files.
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
# Remove javaws man page
rm -f man/man1/javaws*
@ -2550,7 +2582,7 @@ for suffix in %{build_loop} ; do
fi
cp -a sample $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
popd
popd
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
@ -2850,6 +2882,45 @@ cjc.mainProgram(args)
%endif
%changelog
* Wed Jul 19 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-2
- Bump release number so we are newer than 9.0
- Related: rhbz#2221106
* Sat Jul 15 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
- The 'prelease' variable should refer to 'portablerelease', not 'rpmrelease'
- Move file installation back within the pushd to jdk_image
- Related: rhbz#2221106
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
- Update to shenandoah-jdk8u372-b05 (GA)
- Update release notes for shenandoah-8u372-b05.
- Sync the copy of the portable specfile with the latest update
- Add note at top of spec file about rebuilding
- Use tapsets from the misc tarball on portable builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
- Resolves: rhbz#2221106
* Fri Jul 07 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b04-0.1.ea
- Update to shenandoah-jdk8u382-b04 (EA)
- Update release notes for shenandoah-8u382-b04.
- Sync the copy of the portable specfile with the latest update
- Resolves: rhbz#2217711
* Wed Jul 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Sync the copy of the portable specfile with the latest update
- Related: rhbz#2217711
* Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
- Update to shenandoah-jdk8u382-b01 (EA)
- Update release notes for shenandoah-8u382-b01.
- Switch to EA mode.
- Remove JDK-8271199 patch which is now upstream.
- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
- Related: rhbz#2217711
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
- Update to shenandoah-jdk8u372-b07 (GA)
- Update release notes for shenandoah-8u372-b07.