From 824d24f2b99d27dea237344fe0c379705b74fcae Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 15 Sep 2025 12:05:51 +0000 Subject: [PATCH] import CS java-1.8.0-openjdk-1.8.0.462.b08-4.el9 --- .gitignore | 2 +- .java-1.8.0-openjdk.metadata | 2 +- SOURCES/NEWS | 1390 ++++++++- SOURCES/README.md | 36 +- SOURCES/fips-8u-6d1aade0648.patch | 137 +- SOURCES/java-1.8.0-openjdk-portable.specfile | 2631 +++++++++++++++++ .../jdk8141590-bundle_libffi-followup.patch | 51 + SOURCES/jdk8141590-bundle_libffi.patch | 763 +++++ .../jdk8186464-rh1433262-zip64_failure.patch | 286 ++ ...on_x86_linux_as_well_as_x86_mac_os_x.patch | 52 +- SOURCES/jdk8218811-perfMemory_linux.patch | 12 - SOURCES/jdk8275535-rh2053256-ldap_auth.patch | 26 - ...8-pr3836-pass_compiler_flags_to_adlc.patch | 67 - SOURCES/jdk8328999-update_giflib_5.2.2.patch | 2596 ++++++++++++++++ SOURCES/jdk8339414-fix_8202369_backport.patch | 63 + ...r_libunpack_and_the_unpack200_binary.patch | 107 +- ...-support_system_cacerts-8139f2361c2.patch} | 170 +- ...ibraries.sh => remove-intree-libraries.sh} | 0 ...ies.sh => repack_reproducible_policies.sh} | 2 +- ...sible_toolkit_crash_do_not_break_jvm.patch | 16 + ...lite-libs_instead_of_pcsc-lite-devel.patch | 13 + SPECS/java-1.8.0-openjdk.spec | 1057 +++++-- 22 files changed, 8817 insertions(+), 662 deletions(-) create mode 100644 SOURCES/java-1.8.0-openjdk-portable.specfile create mode 100644 SOURCES/jdk8141590-bundle_libffi-followup.patch create mode 100644 SOURCES/jdk8141590-bundle_libffi.patch create mode 100644 SOURCES/jdk8186464-rh1433262-zip64_failure.patch delete mode 100644 SOURCES/jdk8218811-perfMemory_linux.patch delete mode 100644 SOURCES/jdk8275535-rh2053256-ldap_auth.patch delete mode 100644 SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch create mode 100644 SOURCES/jdk8328999-update_giflib_5.2.2.patch create mode 100644 SOURCES/jdk8339414-fix_8202369_backport.patch rename SOURCES/{pr2888-rh2055274-support_system_cacerts.patch => pr2888-rh2055274-support_system_cacerts-8139f2361c2.patch} (50%) rename SOURCES/{java-1.8.0-openjdk-remove-intree-libraries.sh => remove-intree-libraries.sh} (100%) rename SOURCES/{repackReproduciblePolycies.sh => repack_reproducible_policies.sh} (97%) create mode 100644 SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch create mode 100644 SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch diff --git a/.gitignore b/.gitignore index 013fe09..1ec7af2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz +SOURCES/shenandoah8u462-b08.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 8f03300..be27acf 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -71e5a111b66d7a8e4234d35117e0fd663d39f9ce SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz +94dfa3718b7228b2c02cce1242172a0de3cbe70f SOURCES/shenandoah8u462-b08.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index b87597c..0a796bb 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,1379 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u462 (2025-07-15): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u462 + +* CVEs + - CVE-2025-30749 + - CVE-2025-30754 + - CVE-2025-30761 + - CVE-2025-50106 +* Changes + - JDK-8026976: ECParameters, Point does not match field size + - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed + - JDK-8046883: com/sun/jdi/ProcessAttachTest.sh gets "java.io.IOException: Invalid process identifier" on windows + - JDK-8071996: split_if accesses NULL region of ConstraintCast + - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java + - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names + - JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte + - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken + - JDK-8274597: Some of the dnd tests time out and fail intermittently + - JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test + - JDK-8278472: Invalid value set to CANDIDATEFORM structure + - JDK-8293107: GHA: Bump to Ubuntu 22.04 + - JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + - JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + - JDK-8341946: [8u] sun/security/pkcs11/ec/ tests fail on RHEL9 + - JDK-8345133: Test sun/security/tools/jarsigner/TsacertOptionTest.java failed: Warning found in stdout + - JDK-8345625: Better HTTP connections + - JDK-8346887: DrawFocusRect() may cause an assertion failure + - JDK-8348989: Better Glyph drawing + - JDK-8349111: Enhance Swing supports + - JDK-8349594: Enhance TLS protocol support + - JDK-8350498: Remove two Camerfirma root CA certificates + - JDK-8351098: Bump update version of OpenJDK: 8u462 + - JDK-8351422: Improve scripting supports + - JDK-8351439: [8u] test/java/util/TimeZone/tools/share/Makefile use wrong path to tzdb + - JDK-8352716: (tz) Update Timezone Data to 2025b + - JDK-8356096: ISO 4217 Amendment 179 Update + - JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + - JDK-8360147: Better Glyph drawing redux + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8303770: Remove Baltimore root certificate expiring in May 2025 +=================================================================== +The following root certificate from Baltimore has been removed from +the `cacerts` keystore: + +Alias Name: baltimorecybertrustca [jdk] +Distinguished Name: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE + +JDK-8350498: Remove two Camerfirma root CA certificates +======================================================= +The following expired root certificates from Camerfirma have been +removed from the `cacerts` keystore: + +Alias name: camerfirmachamberscommerceca [jdk] +CN=Chambers of Commerce Root +OU=http://www.chambersign.org +O=AC Camerfirma SA CIF A82743287 +C=EU +SHA256: 0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3 + +Alias name: camerfirmachambersignca [jdk] +CN=Global Chambersign Root - 2008 +O=AC Camerfirma S.A. +SERIALNUMBER=A82743287 +L=Madrid (see current address at www.camerfirma.com/address) +C=EU +SHA256: 13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA + +JDK-8359170: Add 2 TLS and 2 CS Sectigo roots +============================================= +The following root certificates have been added to the cacerts +truststore: + +Name: Sectigo Limited +Alias Name: sectigocodesignroote46 +Distinguished Name: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigocodesignrootr46 +Distinguished Name: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigotlsroote46 +Distinguished Name: Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigotlsrootr46 +Distinguished Name: Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB + +New in release OpenJDK 8u452 (2025-04-15): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u452 + +* CVEs + - CVE-2025-21587 + - CVE-2025-30691 + - CVE-2025-30698 +* Changes + - JDK-8037013: [TESTBUG] Fix test/java/lang/ClassLoader/Assert.sh on AIX + - JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo + - JDK-8068305: [TEST_BUG] Test java/awt/Mixing/HWDisappear.java fails with GTKL&F + - JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch + - JDK-8227651: Tests fail with SSLProtocolException: Input record too big + - JDK-8240235: jdk.test.lib.util.JarUtils updates jar files incorrectly + - JDK-8244966: Add .vscode to .hgignore and .gitignore + - JDK-8250825: C2 crashes with assert(field != __null) failed: missing field + - JDK-8255466: C2 crashes at ciObject::get_oop() const+0x0 + - JDK-8261020: Wrong format parameter in create_emergency_chunk_path + - JDK-8265019: Update tests for additional TestNG test permissions + - JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java + - JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML + - JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + - JDK-8309841: Jarsigner should print a warning if an entry is removed + - JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java java.lang.Exception: Could not find leak + - JDK-8326110: [8u] The Marlin tests should be updated after JDK-8241307 + - JDK-8337494: Clarify JarInputStream behavior + - JDK-8337692: Better TLS connection support + - JDK-8338430: Improve compiler transformations + - JDK-8339560: Unaddressed comments during code review of JDK-8337664 + - JDK-8339637: (tz) Update Timezone Data to 2024b + - JDK-8339644: Improve parsing of Day/Month in tzdata rules + - JDK-8339810: Clean up the code in sun.tools.jar.Main to properly close resources and use ZipFile during extract + - JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names + - JDK-8340660: [8u] Test com/sun/jdi/PrivateTransportTest.sh fails on MacOS + - JDK-8342562: Enhance Deflater operations + - JDK-8343007: Enhance Buffered Image handling + - JDK-8345504: Bump update version of OpenJDK: 8u452 + - JDK-8346140: [8u] tools/jar/ExtractFilesTest.java and tools/jar/MultipleManifestTest.java fails with jtreg5.1 + - JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs + - JDK-8347847: Enhance jar file support + - JDK-8347965: (tz) Update Timezone Data to 2025a + - JDK-8348211: [8u] sun/management/jmxremote/startstop/JMXStartStopTest.java fails after backport of JDK-8066708 + - JDK-8349166: Bad indentation in backport of JDK-8250825 + - JDK-8350816: [8u] Update TzdbZoneRulesCompiler to ignore HST/EST/MST links + - JDK-8352097: (tz) zone.tab update missed in 2025a backport + - JDK-8353433: XCG currency code not recognized in JDK 8u + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8309841: Jarsigner should print a warning if an entry is removed +==================================================================== +In previous OpenJDK releases, the jarsigner tool did not detect the +case where a file was removed from a signed JAR file but its signature +was still present. With this release, `jarsigner -verify` checks that +every signature has a matching file entry and prints a warning if this +is not the case. The `-verbose` option can also be added to the +command to see the names of the mismatched entries. + +security-libs/javax.net.ssl: + +JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs +============================================================================= +In accordance with similar plans recently announced by Google, +Mozilla, Apple and Microsoft, the JDK will not trust Transport Layer +Security (TLS) certificates issued after the 15th of April 2025 which +are anchored by Camerfirma root certificates. + +Certificates issued on or before April 15th, 2025 will continue to +be trusted until they expire. + +If a server's certificate chain is anchored by an affected +certificate, attempts to negotiate a TLS session will fail with an +Exception that indicates the trust anchor is not trusted. For example, + +"TLS server certificate issued after 2025-04-15 and anchored by a +distrusted legacy Camerfirma root CA: CN=Chambers of Commerce Root - +2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see +current address at www.camerfirma.com/address), C=EU" + +To check whether a certificate in a JDK keystore is affected by this +change, you can the `keytool` utility: + +keytool -v -list -alias -keystore + +If any of the certificates in the chain are affected by this change, +then you will need to update the certificate or contact the +organisation responsible for managing the certificate. + +These restrictions apply to the following Camerfirma root certificates +included in the JDK: + +Alias name: camerfirmachamberscommerceca [jdk] +CN=Chambers of Commerce Root +OU=http://www.chambersign.org +O=AC Camerfirma SA CIF A82743287 +C=EU +SHA256: 0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3 + +Alias name: camerfirmachambersca [jdk] +CN=Chambers of Commerce Root - 2008 +O=AC Camerfirma S.A. +SERIALNUMBER=A82743287 +L=Madrid (see current address at www.camerfirma.com/address) +C=EU +SHA256: 06:3E:4A:FA:C4:91:DF:D3:32:F3:08:9B:85:42:E9:46:17:D8:93:D7:FE:94:4E:10:A7:93:7E:E2:9D:96:93:C0 + +Alias name: camerfirmachambersignca [jdk] +CN=Global Chambersign Root - 2008 +O=AC Camerfirma S.A. +SERIALNUMBER=A82743287 +L=Madrid (see current address at www.camerfirma.com/address) +C=EU +SHA256: 13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA + +Users can, *at their own risk*, remove this restriction by modifying +the `java.security` configuration file (or override it by using the +`java.security.properties` system property) so "CAMERFIRMA_TLS" is no +longer listed in the `jdk.security.caDistrustPolicies` security +property. + +core-libs/java.time: + +JDK-8339637: (tz) Update Timezone Data to 2024b +=============================================== +This OpenJDK release upgrades the in-tree copy of the IANA timezone +database to 2024b. This timezone update is primarily concerned with +improving historical data for Mexico, Monogolia and Portugal. It also +makes Asia/Choibalsan an alias for Asia/Ulaanbaatar and makes the MET +timezone the same as CET. + +The 2024b update also makes a number of legacy timezone IDs equal to +geographical names rather than fixed offsets, as follows: + +* EST => America/Panama instead of -5:00 +* MST => America/Phoenix instead of -7:00 +* HST => Pacific/Honolulu instead of -10:00 + +For long term support releases of OpenJDK, this change is overridden +locally to retain the existing fixed offset mapping. + +New in release OpenJDK 8u442 (2025-01-21): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u442 + +* Changes + - JDK-8048003: test/compiler/8009761/Test8009761.java failed with: java.lang.RuntimeException: static java.lang.Object Test8009761.m3(boolean,boolean) not compiled + - JDK-8058322: Zero name_index item of MethodParameters attribute cause MalformedParameterException. + - JDK-8066708: JMXStartStopTest fails to connect to port 38112 + - JDK-8133287: (fs) java/nio/file/Files/probeContentType/ParallelProbes.java should use othervm mode + - JDK-8189687: Swing: Invalid position of candidate pop-up of InputMethod in Hi-DPI on Windows + - JDK-8209023: fix 2 compiler tests to avoid JDK-8208690 + - JDK-8239312: [macOS] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java + - JDK-8260380: Upgrade to LittleCMS 2.12 + - JDK-8315731: Open source several Swing Text related tests + - JDK-8335428: Enhanced Building of Processes + - JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files + - JDK-8336564: Enhance mask blit functionality redux + - JDK-8338402: GHA: some of bundles may not get removed + - JDK-8339133: [8u] Profiler crashes at guarantee(is_result_safe || is_in_asgct()): unsafe access to zombie method + - JDK-8339180: Enhanced Building of Processes: Follow-on Issue + - JDK-8339394: Bump update version of OpenJDK: 8u442 + - JDK-8339882: Replace ThreadLocalStorage::thread with Thread::current_or_null in jdk8 backport of JDK-8183925 + - JDK-8340815: Add SECURITY.md file + - JDK-8342822: jdk8u432-b06 does not compile on AIX + - JDK-8342841: [8u] Separate jdk_security_infra tests from jdk_tier1 + +Notes on individual issues: +=========================== + +core-libs/java.util.jar: + +JDK-8335912/JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files +=================================================================================================================== +In previous OpenJDK releases, when the jar tool extracted files from +an archive, it would overwrite any existing files with the same name +in the target directory. With this release, a new option ('-k') may be +specified so that existing files are not overwritten. + +The option may be specified as in the following example: + +* jar xkf foo.jar + +By default, the old behaviour remains in place and files will be +overwritten. + +New in release OpenJDK 8u432 (2024-10-15): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u432 + +* CVEs + - CVE-2024-21208 + - CVE-2024-21210 + - CVE-2024-21217 + - CVE-2024-21235 +* Security fixes + - JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property + - JDK-8313626, JDK-8307769: C2 crash due to unexpected exception control flow + - JDK-8328286: Enhance HTTP client + - JDK-8328544: Improve handling of vectorization + - JDK-8328726: Better Kerberos support + - JDK-8331446: Improve deserialization support + - JDK-8332644: Improve graph optimizations + - JDK-8335713: Enhance vectorization analysis +* Other changes + - JDK-4660158: TTY: NumberFormatException while trying to set values by 'set' command + - JDK-6544871: java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows. + - JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails + - JDK-8021775: compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50" + - JDK-8030204: com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found + - JDK-8030795: java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option + - JDK-8035395: sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use + - JDK-8075511: Enable -Woverloaded-virtual C++ warning for HotSpot build + - JDK-8137329: [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging" + - JDK-8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials + - JDK-8152207: Perform array bound checks while getting a length of bytecode instructions + - JDK-8193682: Infinite loop in ZipOutputStream.close() + - JDK-8196770: Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java + - JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04 + - JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp + - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + - JDK-8251188: Update LDAP tests not to use wildcard addresses + - JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java + - JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5 + - JDK-8278794: Infinite loop in DeflaterOutputStream.finish() + - JDK-8279164: Disable TLS_ECDH_* cipher suites + - JDK-8281096: Flags introduced by configure script are not passed to ADLC build + - JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" + - JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors + - JDK-8299677: Formatter.format might take a long time to format an integer or floating-point + - JDK-8305400: ISO 4217 Amendment 175 Update + - JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none" + - JDK-8307779: Relax the java.awt.Robot specification + - JDK-8309138: Fix container tests for jdks with symlinked conf dir + - JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin + - JDK-8315117: Update Zlib Data Compression Library to Version 1.3 + - JDK-8315863: [GHA] Update checkout action to use v4 + - JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes + - JDK-8318039: GHA: Bump macOS and Xcode versions + - JDK-8318951: Additional negative value check in JPEG decoding + - JDK-8320964: sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese + - JDK-8321480: ISO 4217 Amendment 176 Update + - JDK-8324632: Update Zlib Data Compression Library to Version 1.3.1 + - JDK-8324723: GHA: Upgrade some actions to avoid deprecated Node 16 + - JDK-8326351: Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1 + - JDK-8326521: JFR: CompilerPhase event test fails on windows 32 bit + - JDK-8326529: JFR: Test for CompilerCompile events fails due to time out + - JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails + - JDK-8330415: Update system property for Java SE specification maintenance version + - JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye + - JDK-8333126: Bump update version of OpenJDK: 8u432 + - JDK-8333669: [8u] GHA: Dead VS2010 download link + - JDK-8333724: Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1 + - JDK-8334653: ISO 4217 Amendment 177 Update + - JDK-8334905: [8u] The test java/awt/Mixing/AWT_Mixing/JButtonOverlapping.java started to fail after 8159690 + - JDK-8335851: [8u] Test JMXStartStopTest.java fails after JDK-8334415 + - JDK-8335894: [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir + - JDK-8336928: GHA: Bundle artifacts removal broken + - JDK-8337110: [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory + - JDK-8337312: [8u] Windows x86 VS2010 build broken by JDK-8320097 + - JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs + - JDK-8338144: [8u] Remove duplicate license files + - JDK-8341057: Add 2 SSL.com TLS roots + - JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 + +Notes on individual issues: +=========================== + +security-libs/javax.net.ssl: + +JDK-8279164: Disable TLS_ECDH_* cipher suites +============================================= +The TLS_ECDH cipher suites do not preserve forward secrecy and are +rarely used in practice. With this release, they are disabled by +adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in +the `java.security` configuration file. Attempts to use these suites +with this release will result in a `SSLHandshakeException` being +thrown. Note that ECDH cipher suites which use RC4 were already +disabled prior to this change. + +Users can, *at their own risk*, remove this restriction by modifying +the `java.security` configuration file (or override it by using the +`java.security.properties` system property) so "ECDH" is no longer +listed in the `jdk.tls.disabledAlgorithms` security property. + +This change has no effect on TLS_ECDHE cipher suites, which remain +enabled by default. + +JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs +JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 +==================================================================================================== +In accordance with similar plans recently announced by Google and +Mozilla, the JDK will not trust Transport Layer Security (TLS) +certificates issued after the 11th of November 2024 which are anchored +by Entrust root certificates. This includes certificates branded as +AffirmTrust, which are managed by Entrust. + +Certificates issued on or before November 11th, 2024 will continue to +be trusted until they expire. + +If a server's certificate chain is anchored by an affected +certificate, attempts to negotiate a TLS session will fail with an +Exception that indicates the trust anchor is not trusted. For example, + +"TLS server certificate issued after 2024-11-11 and anchored by a +distrusted legacy Entrust root CA: CN=Entrust.net Certification +Authority (2048), OU=(c) 1999 Entrust.net Limited, +OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), +O=Entrust.net" + +To check whether a certificate in a JDK keystore is affected by this +change, you can the `keytool` utility: + +keytool -v -list -alias -keystore + +If any of the certificates in the chain are affected by this change, +then you will need to update the certificate or contact the +organisation responsible for managing the certificate. + +These restrictions apply to the following Entrust root certificates +included in the JDK: + +Alias name: entrustevca [jdk] +CN=Entrust Root Certification Authority +OU=(c) 2006 Entrust, Inc. +OU=www.entrust.net/CPS is incorporated by reference +O=Entrust, Inc. +C=US +SHA256: 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C + +Alias name: entrustrootcaec1 [jdk] +CN=Entrust Root Certification Authority - EC1 +OU=(c) 2012 Entrust, Inc. - for authorized use only +OU=See www.entrust.net/legal-terms +O=Entrust, Inc. +C=US +SHA256: 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 + +Alias name: entrustrootcag2 [jdk] +CN=Entrust Root Certification Authority - G2 +OU=(c) 2009 Entrust, Inc. - for authorized use only +OU=See www.entrust.net/legal-terms +O=Entrust, Inc. +C=US +SHA256: 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 + +Alias name: entrustrootcag4 [jdk] +CN=Entrust Root Certification Authority - G4 +OU=(c) 2015 Entrust, Inc. - for authorized use only +OU=See www.entrust.net/legal-terms +O=Entrust, Inc. +C=US +SHA256: DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 + +Alias name: entrust2048ca [jdk] +CN=Entrust.net Certification Authority (2048) +OU=(c) 1999 Entrust.net Limited +OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) +O=Entrust.net +SHA256: 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77 + +Alias name: affirmtrustcommercialca [jdk] +CN=AffirmTrust Commercial +O=AffirmTrust +C=US +SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7 + +Alias name: affirmtrustnetworkingca [jdk] +CN=AffirmTrust Networking +O=AffirmTrust +C=US +SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B + +Alias name: affirmtrustpremiumca [jdk] +CN=AffirmTrust Premium +O=AffirmTrust +C=US +SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A + +Alias name: affirmtrustpremiumeccca [jdk] +CN=AffirmTrust Premium ECC +O=AffirmTrust +C=US +SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23 + +Users can, *at their own risk*, remove this restriction by modifying +the `java.security` configuration file (or override it by using the +`java.security.properties` system property) so "ENTRUST_TLS" is no +longer listed in the `jdk.security.caDistrustPolicies` security +property. + +security-libs/java.security: + +JDK-8341057: Add 2 SSL.com TLS roots +==================================== +The following root certificates have been added to the cacerts +truststore: + +Name: SSL.com +Alias Name: ssltlsrootecc2022 +Distinguished Name: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US + +Name: SSL.com +Alias Name: ssltlsrootrsa2022 +Distinguished Name: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US + +client-libs: + +JDK-8307779: Relax the java.awt.Robot specification +=================================================== +This release of OpenJDK 8 updates to the latest maintenance release of +the Java 8 specification. This relaxes the specification of three +methods in the `java.awt.Robot` class - `mouseMove(int,int)`, +`getPixelColor(int,int)` and `createScreenCapture(Rectangle)` - to +allow these methods to fail when the desktop environment does not +permit moving the mouse pointer or capturing screen content. + +core-libs/javax.naming: + +JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property +=============================================================================================================================== +With this OpenJDK release, the JDK implementation of the LDAP provider +no longer supports the deserialisation of Java objects by +default. This is achieved by the system property +`com.sun.jndi.ldap.object.trustSerialData` being set to `false` by +default. + +Note that this release also increases the scope of the +`com.sun.jndi.ldap.object.trustSerialData` to cover the reconstruction +of RMI remote objects from the `javaRemoteLocation` LDAP attribute. + +The result of this change is that transparent deserialisation of Java +objects will require an explicit opt-in. Applications that wish to +reconstruct Java objects and RMI stubs from LDAP attributes will need +to set the `com.sun.jndi.ldap.object.trustSerialData` to `true`. + +core-libs/java.net: + +JDK-8328286: Enhance HTTP client +================================ +This OpenJDK release limits the maximum header field size accepted by +the HTTP client within the JDK for all supported versions of the HTTP +protocol. The header field size is computed as the sum of the size of +the uncompressed header name, the size of the uncompressed header +value and a overhead of 32 bytes for each field section line. If a +peer sends a field section that exceeds this limit, a +`java.net.ProtocolException` will be raised. + +This release also introduces a new system property, +`jdk.http.maxHeaderSize`. This property can be used to alter the +maximum header field size (in bytes) or disable it by setting the +value to zero or a negative value. The default value is 393,216 bytes +or 384kB. + +core-libs/java.util.jar: + +JDK-8193682: Infinite loop in ZipOutputStream.close() +===================================================== +In previous releases, the `DeflaterOutputStream.close()`, +`GZIPOutputStream.finish()` and `ZipOutputStream.closeEntry()` methods +did not close the associated default JDK compressor when an exception +was thrown during closure. With this release, the default compressor +is closed before propogating the Throwable up the stack. In the case +of `ZipOutputStream`, this only happens when the exception is not a +`ZipException`. + +New in release OpenJDK 8u422 (2024-07-16): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u422 + +* CVEs + - CVE-2024-21131 + - CVE-2024-21138 + - CVE-2024-21140 + - CVE-2024-21144 + - CVE-2024-21145 + - CVE-2024-21147 +* Security fixes + - JDK-8314794: Improve UTF8 String supports + - JDK-8319859: Better symbol storage + - JDK-8320097: Improve Image transformations + - JDK-8320548: Improved loop handling + - JDK-8322106: Enhance Pack 200 loading + - JDK-8323231: Improve array management + - JDK-8323390: Enhance mask blit functionality + - JDK-8324559: Improve 2D image handling + - JDK-8325600: Better symbol storage +* Other changes + - JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 + - JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings + - JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/bug7123767.java: number of checked graphics configurations should be limited + - JDK-8159690: [TESTBUG] Mark headful tests with @key headful. + - JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails + - JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails + - JDK-8205407: [windows, vs<2017] C4800 after 8203197 + - JDK-8235834: IBM-943 charset encoder needs updating + - JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly" + - JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled + - JDK-8256152: tests fail because of ambiguous method resolution + - JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 + - JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. + - JDK-8268916: Tests for AffirmTrust roots + - JDK-8278067: Make HttpURLConnection default keep alive timeout configurable + - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 + - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value + - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately + - JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections + - JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + - JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + - JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + - JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. + - JDK-8316138: Add GlobalSign 2 TLS root certificates + - JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows + - JDK-8320005: Allow loading of shared objects with .a extension on AIX + - JDK-8324185: [8u] Accept Xcode 12+ builds on macOS + - JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing + - JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test + - JDK-8326686: Bump update version of OpenJDK: 8u422 + - JDK-8327440: Fix "bad source file" error during beaninfo generation + - JDK-8328809: [8u] Problem list some CA tests + - JDK-8328825: Google CAInterop test failures + - JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary + - JDK-8331791: [8u] AIX build break from JDK-8320005 backport + - JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test + - JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes + +Notes on individual issues: +=========================== + +core-libs/java.net: + +JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable +=========================================================================== +Two system properties have been added which control the keep alive +behavior of HttpURLConnection in the case where the server does not +specify a keep alive time. These are: + +* `http.keepAlive.time.server` +* `http.keepAlive.time.proxy` + +which control the number of seconds before an idle connection to a +server or proxy will be closed, respectively. If the server or proxy +specifies a keep alive time in a "Keep-Alive" response header, this +will take precedence over the values of these properties. + +security-libs/java.security: + +JDK-8316138: Add GlobalSign 2 TLS root certificates +=================================================== +The following root certificates have been added to the cacerts +truststore: + +Name: GlobalSign +Alias Name: globalsignr46 +Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE + +Name: GlobalSign +Alias Name: globalsigne46 +Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE + +New in release OpenJDK 8u412 (2024-04-16): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u412 + +* CVEs + - CVE-2024-21011 + - CVE-2024-21085 + - CVE-2024-21068 + - CVE-2024-21094 +* Security fixes + - JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array" + - JDK-8318340: Improve RSA key implementations + - JDK-8319851: Improve exception logging + - JDK-8322114: Improve Pack 200 handling + - JDK-8322122: Enhance generation of addresses +* Other changes + - JDK-8011180: Delete obsolete scripts + - JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build + - JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios + - JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X + - JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows + - JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388) + - JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache + - JDK-8168518: rcache interop with krb5-1.15 + - JDK-8183503: Update hotspot tests to allow for unique test classes directory + - JDK-8186095: upgrade to jtreg 4.2 b08 + - JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH + - JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails + - JDK-8208655: use JTreg skipped status in hotspot tests + - JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1 + - JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile + - JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system + - JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + - JDK-8224768: Test ActalisCA.java fails + - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits + - JDK-8251551: Use .md filename extension for README + - JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired + - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error + - JDK-8270517: Add Zero support for LoongArch + - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled + - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test + - JDK-8288132: Update test artifacts in QuoVadis CA interop tests + - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs + - JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + - JDK-8308592: Framework for CA interoperability testing + - JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955 + - JDK-8315042: NPE in PKCS7.parseOldSignedData + - JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set + - JDK-8320713: Bump update version of OpenJDK: 8u412 + - JDK-8321060: [8u] hotspot needs to recognise VS2022 + - JDK-8321408: Add Certainly roots R1 and E1 + - JDK-8322725: (tz) Update Timezone Data to 2023d + - JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + - JDK-8323202: [8u] Remove get_source.sh and hgforest.sh + - JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + - JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" + - JDK-8324530: Build error with gcc 10 + - JDK-8325150: (tz) Update Timezone Data to 2024a + +Notes on individual issues: +=========================== + +security-libs/org.ietf.jgss:krb5: + +JDK-8168518: rcache interop with krb5-1.15 +========================================== +The hash algorithm used in the Kerberos 5 replay cache file (rcache) +has been changed from MD5 to SHA256. This is the same algorithm used +by MIT krb5-1.15 and is interoperable with earlier releases of MIT +krb5. + +The MD5 algorithm can still be used by setting the new +jdk.krb5.rcache.useMD5 property to 'true': + +java -Djdk.krb5.rcache.useMD5=true ... + +This is useful where either the system has a coarse clock and has to +depend on hash values in replay attack detection, or interoperability +with the rcache files in older versions of OpenJDK is required. + +client-libs/java.awt: + +JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops +======================================================================= +The java.awt.SystemTray API is used to interact with the system's +desktop taskbar to provide notifications and may include an icon +representing an application. The GNOME desktop's support for taskbar +icons has not worked properly for several years, due to a platform +bug. This bug, in turn, affects the JDK's SystemTray support on GNOME +desktops. + +Therefore, in accordance with the SystemTray API specification, +java.awt.SystemTray.isSupported() will now return false on systems +that exhibit this bug, which is assumed to be those running a version +of GNOME Shell below 45. + +The impact of this change is likely to be minimal, as users of the +SystemTray API should already be able to handle isSupported() +returning false and the system tray on such platforms has already been +unsupported for a number of years for all applications. + +security-libs/java.security: + +JDK-8321408: Added Certainly R1 and E1 Root Certificates +======================================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Certainly +Alias Name: certainlyrootr1 +Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US + +Name: Certainly +Alias Name: certainlyroote1 +Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US + +New in release OpenJDK 8u402 (2024-01-16): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u402 + +* CVEs + - CVE-2024-20918 + - CVE-2024-20919 + - CVE-2024-20921 + - CVE-2024-20926 + - CVE-2024-20945 + - CVE-2024-20952 +* Security fixes + - JDK-8308204: Enhanced certificate processing + - JDK-8314284: Enhance Nashorn performance + - JDK-8314295: Enhance verification of verifier + - JDK-8314307: Improve loop handling + - JDK-8314468: Improve Compiler loops + - JDK-8316976: Improve signature handling + - JDK-8317547: Enhance TLS connection support +* Other changes + - JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion + - JDK-8029995: accept yes/no for boolean krb5.conf settings + - JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix. + - JDK-8176509: Use pandoc for converting build readme to html + - JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value + - JDK-8207404: MulticastSocket tests failing on AIX + - JDK-8212677: X11 default visual support for IM status window on VNC + - JDK-8239365: ProcessBuilder test modifications for AIX execution + - JDK-8271838: AmazonCA.java interop test fails + - JDK-8285398: Cache the results of constraint checks + - JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null + - JDK-8302017: Allocate BadPaddingException only if it will be thrown + - JDK-8305329: [8u] Unify test libraries into single test library - step 1 + - JDK-8307837: [8u] Check step in GHA should also print errors + - JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails + - JDK-8311813: C1: Uninitialized PhiResolver::_loop field + - JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar + - JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException + - JDK-8315280: Bump update version of OpenJDK: 8u402 + - JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher + - JDK-8317291: Missing null check for nmethod::is_native_method() + - JDK-8317373: Add Telia Root CA v2 + - JDK-8317374: Add Let's Encrypt ISRG Root X2 + - JDK-8318759: Add four DigiCert root certificates + - JDK-8319187: Add three eMudhra emSign roots + - JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero + - JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + +Notes on individual issues: +=========================== + +security-libs/org.ietf.jgss:krb5: + +JDK-8029995: accept yes/no for boolean krb5.conf settings +========================================================= +The krb5.conf configuration file now also accepts "yes" and "no", as +alternatives to the existing "true" and "false" support, when using +settings that take boolean values. + +security-libs/java.security: + +JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar +=============================================================================================================================== +A maximum signature file size property, jdk.jar.maxSignatureFileSize, +was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a +default of 8MB. This default proved to be too small for some JAR +files. This release, 8u402, increases it to 16MB. + +JDK-8317374: Added ISRG Root X2 CA Certificate from Let's Encrypt +================================================================= +The following root certificate has been added to the cacerts +truststore: + +Name: Let's Encrypt +Alias Name: letsencryptisrgx2 +Distinguished Name: CN=ISRG Root X2, O=Internet Security Research Group, C=US + +JDK-8318759: Added Four Root Certificates from DigiCert, Inc. +============================================================= +The following root certificates have been added to the cacerts +truststore: + +Name: DigiCert, Inc. +Alias Name: digicertcseccrootg5 +Distinguished Name: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US + +Name: DigiCert, Inc. +Alias Name: digicertcsrsarootg5 +Distinguished Name: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US + +Name: DigiCert, Inc. +Alias Name: digicerttlseccrootg5 +Distinguished Name: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US + +Name: DigiCert, Inc. +Alias Name: digicerttlsrsarootg5 +Distinguished Name: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US + +JDK-8319187: Added Three Root Certificates from eMudhra Technologies Limited +============================================================================ +The following root certificates have been added to the cacerts +truststore: + +Name: eMudhra Technologies Limited +Alias Name: emsignrootcag1 +Distinguished Name: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN + +Name: eMudhra Technologies Limited +Alias Name: emsigneccrootcag3 +Distinguished Name: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN + +Name: eMudhra Technologies Limited +Alias Name: emsignrootcag2 +Distinguished Name: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN + +JDK-8317373: Added Telia Root CA v2 Certificate +=============================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Telia Root CA v2 +Alias Name: teliarootcav2 +Distinguished Name: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI ``` + +New in release OpenJDK 8u392 (2023-10-17): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u392 + +* CVEs + - CVE-2023-22067 + - CVE-2023-22081 +* Security fixes + - JDK-8286503, JDK-8312367: Enhance security classes + - JDK-8297856: Improve handling of Bidi characters + - JDK-8303384: Improved communication in CORBA + - JDK-8305815, JDK-8307278: Update Libpng to 1.6.39 + - JDK-8309966: Enhanced TLS connections +* Other changes + - JDK-6722928: Provide a default native GSS-API library on Windows + - JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java + - JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal + - JDK-8139348: Deprecate 3DES and RC4 in Kerberos + - JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field" + - JDK-8200468: Port the native GSS-API bridge to Windows + - JDK-8202952: C2: Unexpected dead nodes after matching + - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + - JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update + - JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to + - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException + - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors + - JDK-8232225: Rework the fix for JDK-8071483 + - JDK-8242330: Arrays should be cloned in several JAAS Callback classes + - JDK-8253269: The CheckCommonColors test should provide more info on failure + - JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) + - JDK-8284910: Buffer clean in PasswordCallback + - JDK-8287073: NPE from CgroupV2Subsystem.getInstance() + - JDK-8287663: Add a regression test for JDK-8287073 + - JDK-8295685: Update Libpng to 1.6.38 + - JDK-8295894: Remove SECOM certificate that is expiring in September 2023 + - JDK-8308788: [8u] Remove duplicate HaricaCA.java test + - JDK-8309122: Bump update version of OpenJDK: 8u392 + - JDK-8309143: [8u] fix archiving inconsistencies in GHA + - JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms + - JDK-8314960: Add Certigna Root CA - 2 + - JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() + - JDK-8317040: Exclude cleaner test failing on older releases + +Notes on individual issues: +=========================== + +other-libs/corba:idl: + +JDK-8303384: Improved communication in CORBA +============================================ +The JDK's CORBA implementation now provides the option to limit +serialisation in stub objects to those with the "IOR:" prefix. For +ORB constrained stub classes: + +* _DynArrayStub +* _DynEnumStub +* _DynFixedStub +* _DynSequenceStub +* _DynStructStub +* _DynUnionStub +* _DynValueStub +* _DynAnyStub +* _DynAnyFactoryStub + +this is enabled by default and may be disabled by setting the system +property org.omg.DynamicAny.disableIORCheck to 'true'. + +For remote service stub classes: + +* _NamingContextStub +* _BindingIteratorStub +* _NamingContextExtStub +* _ServantActivatorStub +* _ServantLocatorStub +* _ServerManagerStub +* _ActivatorStub +* _RepositoryStub +* _InitialNameServiceStub +* _LocatorStub +* _ServerStub + +it is disabled by default and may be enabled by setting the system +property org.omg.CORBA.IDL.Stubs.enableIORCheck to 'true'. + +security-libs/org.ietf.jgss: + +JDK-6722928: Added a Default Native GSS-API Library on Windows +============================================================== + +A native GSS-API library named `sspi_bridge.dll` has been added to the +JDK on the Windows platform. As with native GSS-API library provision +on other operating systems, it will only be loaded when the +`sun.security.jgss.native` system property is set to "true". A user +can still load a third-party native GSS-API library instead by setting +the `sun.security.jgss.lib` system property to the appropriate path. + +The library is client-side only and uses the default credentials. +Native GSS support automatically uses cached credentials from the +underlying operating system, so the +`javax.security.auth.useSubjectCredsOnly` system property should be +set to false. + +The `com.sun.security.auth.module.Krb5LoginModule` does not call +native JGSS and so its use in your JAAS config should be avoided. + +security-libs/org.ietf.jgss:krb5: + +JDK-8139348: Deprecate 3DES and RC4 in Kerberos +=============================================== +The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) +are now deprecated and disabled by default. To re-enable them, you +can either enable all weak crypto (which also includes `des-cbc-crc` +and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the +`krb5.conf` configuration file or explicitly list all the preferred +encryption types using the `default_tkt_enctypes`, +`default_tgs_enctypes`, or `permitted_enctypes` settings. + +security-libs/java.security: + +JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate +================================================================== +The following root certificate from SECOM Trust System has been +removed from the `cacerts` keystore: + +Alias Name: secomscrootca1 [jdk] +Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP + +JDK-8314960: Added Certigna Root CA Certificate +=============================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR + +security-libs/javax.security: + +JDK-8242330: Arrays should be cloned in several JAAS Callback classes +===================================================================== +In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays +were not cloned when passed into a constructor or returned. This +allowed an external program to get access to the internal fields of +these classes. The classes have been updated to return cloned arrays. + +New in release OpenJDK 8u382 (2023-07-18): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u382 + +* CVEs + - CVE-2023-22045 + - CVE-2023-22049 +* Security fixes + - JDK-8298676: Enhanced Look and Feel + - JDK-8300596: Enhance Jar Signature validation + - JDK-8304468: Better array usages + - JDK-8305312: Enhanced path handling +* Other changes + - JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace + - JDK-8151460: Metaspace counters can have inconsistent values + - JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode + - JDK-8185736: missing default exception handler in calls to rethrow_Stub + - JDK-8186801: Add regression test to test mapping based charsets (generated at build time) + - JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color + - JDK-8241311: Move some charset mapping tests from closed to open + - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert + - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped + - JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key + - JDK-8276841: Add support for Visual Studio 2022 + - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode + - JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms + - JDK-8282345: handle latest VS2022 in abstract_vm_version + - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary + - JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4 + - JDK-8289301: P11Cipher should not throw out of bounds exception during padding + - JDK-8293232: Fix race condition in pkcs11 SessionManager + - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation + - JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13 + - JDK-8298108: Add a regression test for JDK-8297684 + - JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows + - JDK-8301119: Support for GB18030-2022 + - JDK-8301400: Allow additional characters for GB18030-2022 support + - JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message + - JDK-8303028: Update system property for Java SE specification maintenance version + - JDK-8303462: Bump update version of OpenJDK: 8u382 + - JDK-8304760: Add 2 Microsoft TLS roots + - JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue + - JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support + - JDK-8305975: Add TWCA Global Root CA + - JDK-8307134: Add GTS root CAs + - JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8 + - JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow + - JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119 + +Notes on individual issues: +=========================== + +core-libs/java.lang: + +JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support +=========================================================================== +In order to support "Implementation Level 2" of the GB18030-2022 +standard, the JDK must be able to use characters from the CJK Unified +Ideographs Extension E block of Unicode 8.0. The addition of these +characters forms Maintenance Release 5 of the Java SE 8 specification, +which is implemented in this release of OpenJDK via the addition of a +new UnicodeBlock instance, +Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E. + +core-libs/java.util.jar: + +8300596: Enhance Jar Signature validation +========================================= +A System property "jdk.jar.maxSignatureFileSize" is introduced to +configure the maximum number of bytes allowed for the +signature-related files in a JAR file during verification. The default +value is 8000000 bytes (8 MB). + +security-libs/java.security: + +JDK-8307134: Added 4 GTS Root CA Certificates +============================================= +The following root certificates have been added to the cacerts +truststore: + +Name: Google Trust Services LLC +Alias Name: gtsrootcar1 +Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US + +Name: Google Trust Services LLC +Alias Name: gtsrootcar2 +Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US + +Name: Google Trust Services LLC +Alias Name: gtsrootcar3 +Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US + +Name: Google Trust Services LLC +Alias Name: gtsrootcar4 +Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US + +JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates +===================================================================== +The following root certificates has been added to the cacerts +truststore: + +Name: Microsoft Corporation +Alias Name: microsoftecc2017 +Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US + +Name: Microsoft Corporation +Alias Name: microsoftrsa2017 +Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US + +JDK-8305975: Added TWCA Root CA Certificate +=========================================== +The following root certificate has been added to the cacerts +truststore: + +Name: TWCA +Alias Name: twcaglobalrootca +Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW + +New in release OpenJDK 8u372 (2023-04-18): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u372 + +* CVEs + - CVE-2023-21930 + - CVE-2023-21937 + - CVE-2023-21938 + - CVE-2023-21939 + - CVE-2023-21954 + - CVE-2023-21967 + - CVE-2023-21968 +* Security fixes + - JDK-8287404: Improve ping times + - JDK-8288436: Improve Xalan supports + - JDK-8294474: Better AES support + - JDK-8295304: Runtime support improvements + - JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation + - JDK-8296676, JDK-8296622: Improve String platform support + - JDK-8296684: Improve String platform support + - JDK-8296692: Improve String platform support + - JDK-8296700: Improve String platform support + - JDK-8296832: Improve Swing platform support + - JDK-8297371: Improve UTF8 representation redux + - JDK-8298191: Enhance object reclamation process + - JDK-8298310: Enhance TLS session negotiation + - JDK-8298667: Improved path handling + - JDK-8299129: Enhance NameService lookups +* New features + - JDK-8230305: Cgroups v2: Container awareness +* Other changes + - JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html + - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows + - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails + - JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be + - JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation + - JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java + - JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows + - JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled + - JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB + - JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error + - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing + - JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu + - JDK-8156579: Two JavaBeans tests failed + - JDK-8156581: Cleanup of ProblemList.txt + - JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail + - JDK-8177560: @headful key can be removed from the tests for JavaSound + - JDK-8196196: Headful tests should not be run in headless mode + - JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails + - JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp + - JDK-8203485: [freetype] text rotated on 180 degrees is too narrow + - JDK-8205959: Do not restart close if errno is EINTR + - JDK-8216366: Add rationale to PER_CPU_SHARES define + - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails + - JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes) + - JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12 + - JDK-8229202: Docker reporting causes secondary crashes in error handling + - JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy + - JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation + - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos + - JDK-8234484: Add ability to configure third port for remote JMX + - JDK-8237479: 8230305 causes slowdebug build failure + - JDK-8239559: Cgroups: Incorrect detection logic on some systems + - JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot + - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual + - JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111 + - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873 + - JDK-8242468: VS2019 build missing vcruntime140_1.dll + - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails + - JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java + - JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible) + - JDK-8245654: Add Certigna Root CA + - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows + - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked + - JDK-8252359: HotSpot Not Identifying it is Running in a Container + - JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota + - JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist + - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high + - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly + - JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems + - JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code + - JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection + - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards + - JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes + - JDK-8257620: Do not use objc_msgSend_stret to get macOS version + - JDK-8262379: Add regression test for JDK-8257746 + - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec + - JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics + - JDK-8270317: Large Allocation in CipherSuite + - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked + - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11 + - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc + - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10 + - JDK-8280048: Missing comma in copyright header + - JDK-8282398: EndingDotHostname.java test fails because SSL cert expired + - JDK-8282511: Use fixed certificate validation date in SSLExampleCert template + - JDK-8282947: JFR: Dump on shutdown live-locks in some conditions + - JDK-8283277: ISO 4217 Amendment 171 Update + - JDK-8283606: Tests may fail with zh locale on MacOS + - JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124 + - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox + - JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem + - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist + - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 + - JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller + - JDK-8287109: Distrust.java failed with CertificateExpiredException + - JDK-8287463: JFR: Disable TestDevNull.java on Windows + - JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete + - JDK-8289549: ISO 4217 Amendment 172 Update + - JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun + - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u + - JDK-8292083: Detected container memory limit may exceed physical machine memory + - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory + - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present + - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts + - JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings + - JDK-8294307: ISO 4217 Amendment 173 Update + - JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features + - JDK-8295322: Tests for JDK-8271459 were not backported to 11u + - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 + - JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process + - JDK-8296239: ISO 4217 Amendment 174 Update + - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing + - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException + - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent + - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 + - JDK-8297329: [8u] hotspot needs to recognise VS2019 + - JDK-8297739: Bump update version of OpenJDK: 8u372 + - JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's + - JDK-8298027: Remove SCCS id's from awt jtreg tests + - JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u + - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + - JDK-8299445: EndingDotHostname.java fails because of compilation errors + - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java + - JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u + - JDK-8299804: Fix non-portable code in hotspot shell tests in 8u + - JDK-8300014: Some backports placed the tests in the wrong location + - JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems + - JDK-8301122: [8u] Fix unreliable vs2010 download link + - JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper + - JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig + - JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport + - JDK-8301550: [8u] Enable additional linux build testing in GitHub + - JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors + - JDK-8301760: Fix possible leak in SpNegoContext dispose + - JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391 + - JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391 + - JDK-8304053: Revert os specific stubs for SystemMetrics + - JDK-8305113: (tz) Update Timezone Data to 2023c + +Notes on individual issues: +=========================== + +hotspot: +core-libs: + +JDK-8305562: Cgroups v2: Container awareness +============================================ +The HotSpot runtime code as well as the core libraries code in the JDK +has been updated in order to detect a cgroup v2 host system when +running OpenJDK within a Linux container. + +Since the 8u202 release of OpenJDK, the container detection code +recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later +releases, both versions of the underlying cgroups pseudo filesystem +will be detected and corresponding container limits applied to the +OpenJDK runtime. + +Without this enhancement, OpenJDK would not apply container resource +limits when running on a cgroup v2 Linux host system, but would use +the underlying hosts' resource limits instead. + +client-libs/javax.swing: + +JDK-8296832: Improve Swing platform support +=========================================== +Earlier OpenJDK releases would always render HTML object tags embedded in +Swing HTML components. With this release, rendering only occurs when the +new system property "swing.html.object" is set to true. By default, it +is set to false. + +core-svc/javax.management: + +JDK-8234484: Added Ability to Configure Third Port for Remote JMX +================================================================= +A local access port can now be configured for JMX connections by +setting the property `com.sun.management.jmxremote.local.port`. This +local port was previously selected at random, which could lead to port +collisions. The property works in the same way as the existing +properties for configuring the remote access port +(`com.sun.management.jmxremote.port`) and the RMI port +(`com.sun.management.jmxremote.rmi.port`) + +security-libs/java.security: + +JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate +========================================================== +The following root certificate has been added to the cacerts truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR + New in release OpenJDK 8u362 (2023-01-17): =========================================== Live versions of these release notes can be found at: @@ -84,6 +1457,8 @@ Live versions of these release notes can be found at: - JDK-8297804: (tz) Update Timezone Data to 2022g - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java + - JDK-8300178: JDK-8286496 causes build failure on older GCC + - JDK-8300225: JDK-8288516 causes build failure on Windows + VS2010 Notes on individual issues: =========================== @@ -291,19 +1666,6 @@ the current count of established connections and, if the configured limit has been reached, then the newly accepted connection will be closed immediately. -core-libs/java.net: - -JDK-8286918: Better HttpServer service -====================================== -The HttpServer can be optionally configured with a maximum connection -limit by setting the jdk.httpserver.maxConnections system property. A -value of 0 or a negative integer is ignored and considered to -represent no connection limit. In the case of a positive integer -value, any newly accepted connections will be first checked against -the current count of established connections and, if the configured -limit has been reached, then the newly accepted connection will be -closed immediately. - security-libs/javax.net.ssl: JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles @@ -501,7 +1863,7 @@ device paths such as `NUL:` are *not* used. New in release OpenJDK 8u332 (2022-04-22): =========================================== Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u332 + * https://bitly.com/openjdk8u332 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt * Security fixes diff --git a/SOURCES/README.md b/SOURCES/README.md index 61b3b69..f7d6f74 100644 --- a/SOURCES/README.md +++ b/SOURCES/README.md @@ -1,8 +1,34 @@ -Package of LTS OpenJDK 8 -OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages. +OpenJDK 8 is a Long-Term Support (LTS) release of the Java platform. -JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives. +For a list of major changes in OpenJDK 8 (java-1.8.0-openjdk), see the +upstream release page: https://openjdk.org/projects/jdk8/features -See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html -See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf +# Rebuilding the OpenJDK package +The OpenJDK packages are now created from a single build which is then +packaged for different major versions of Red Hat Enterprise Linux +(RHEL). This allows the OpenJDK team to focus their efforts on the +development and testing of this single build, rather than having +multiple builds which only differ by the platform they were built on. + +This does make rebuilding the package slightly more complicated than a +normal package. Modifications should be made to the +`java-1.8.0-openjdk-portable.specfile` file, which can be found with +this README file in the source RPM or installed in the documentation +tree by the `java-1.8.0-openjdk-headless` RPM. + +Once the modified `java-1.8.0-openjdk-portable` RPMs are built, they +should be installed and will produce a number of tarballs in the +`/usr/lib/jvm` directory. The `java-1.8.0-openjdk` RPMs can then be +built, which will use these tarballs to create the usual RPMs found in +RHEL. The `java-1.8.0-openjdk-portable` RPMs can be uninstalled once +the desired final RPMs are produced. + +Note that the `java-1.8.0-openjdk.spec` file has a hard requirement on +the exact version of java-1.8.0-openjdk-portable to use, so this will +need to be modified if the version or rpmrelease values are changed in +`java-1.8.0-openjdk-portable.specfile`. + +To reduce the number of RPMs involved, the `fastdebug` and `slowdebug` +builds may be disabled using `--without fastdebug` and `--without +slowdebug`. diff --git a/SOURCES/fips-8u-6d1aade0648.patch b/SOURCES/fips-8u-6d1aade0648.patch index 58ab6e5..a775969 100644 --- a/SOURCES/fips-8u-6d1aade0648.patch +++ b/SOURCES/fips-8u-6d1aade0648.patch @@ -1,5 +1,5 @@ diff --git a/common/autoconf/configure.ac b/common/autoconf/configure.ac -index 151e5a109f8..a8761b500e0 100644 +index 151e5a109f..a8761b500e 100644 --- a/common/autoconf/configure.ac +++ b/common/autoconf/configure.ac @@ -212,6 +212,7 @@ LIB_SETUP_FREETYPE @@ -11,10 +11,10 @@ index 151e5a109f8..a8761b500e0 100644 LIB_SETUP_ON_WINDOWS diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh -index 71fabf4dbb3..17f4f50673d 100644 +index c6144b1968..9ac55d20d3 100644 --- a/common/autoconf/generated-configure.sh +++ b/common/autoconf/generated-configure.sh -@@ -651,6 +651,9 @@ LLVM_CONFIG +@@ -655,6 +655,9 @@ ENABLE_LIBFFI_BUNDLING LIBFFI_LIBS LIBFFI_CFLAGS STATIC_CXX_SETTING @@ -24,15 +24,15 @@ index 71fabf4dbb3..17f4f50673d 100644 LIBDL LIBM LIBZIP_CAN_USE_MMAP -@@ -1111,6 +1114,7 @@ with_fontconfig +@@ -1119,6 +1122,7 @@ with_fontconfig with_fontconfig_include with_giflib with_zlib +enable_sysconf_nss with_stdc__lib - with_msvcr_dll - with_msvcp_dll -@@ -1218,6 +1222,8 @@ FREETYPE_CFLAGS + with_libffi + with_libffi_include +@@ -1232,6 +1236,8 @@ FREETYPE_CFLAGS FREETYPE_LIBS ALSA_CFLAGS ALSA_LIBS @@ -41,16 +41,16 @@ index 71fabf4dbb3..17f4f50673d 100644 LIBFFI_CFLAGS LIBFFI_LIBS CCACHE' -@@ -1871,6 +1877,8 @@ Optional Features: +@@ -1874,6 +1880,8 @@ Optional Features: disable bundling of the freetype library with the build result [enabled on Windows or when using --with-freetype, disabled otherwise] + --enable-sysconf-nss build the System Configurator (libsysconf) using the + system NSS library if available [disabled] - --enable-sjavac use sjavac to do fast incremental compiles - [disabled] - --disable-precompiled-headers -@@ -2115,6 +2123,8 @@ Some influential environment variables: + --enable-libffi-bundling + enable bundling of libffi.so to make the built JDK + runnable on more systems +@@ -2129,6 +2137,8 @@ Some influential environment variables: linker flags for FREETYPE, overriding pkg-config ALSA_CFLAGS C compiler flags for ALSA, overriding pkg-config ALSA_LIBS linker flags for ALSA, overriding pkg-config @@ -59,60 +59,7 @@ index 71fabf4dbb3..17f4f50673d 100644 LIBFFI_CFLAGS C compiler flags for LIBFFI, overriding pkg-config LIBFFI_LIBS linker flags for LIBFFI, overriding pkg-config -@@ -2879,6 +2889,52 @@ $as_echo "$ac_res" >&6; } - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - - } # ac_fn_c_check_header_compile -+ -+# ac_fn_c_try_link LINENO -+# ----------------------- -+# Try to link conftest.$ac_ext, and return whether this succeeded. -+ac_fn_c_try_link () -+{ -+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack -+ rm -f conftest.$ac_objext conftest$ac_exeext -+ if { { ac_try="$ac_link" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -+$as_echo "$ac_try_echo"; } >&5 -+ (eval "$ac_link") 2>conftest.err -+ ac_status=$? -+ if test -s conftest.err; then -+ grep -v '^ *+' conftest.err >conftest.er1 -+ cat conftest.er1 >&5 -+ mv -f conftest.er1 conftest.err -+ fi -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; } && { -+ test -z "$ac_c_werror_flag" || -+ test ! -s conftest.err -+ } && test -s conftest$ac_exeext && { -+ test "$cross_compiling" = yes || -+ test -x conftest$ac_exeext -+ }; then : -+ ac_retval=0 -+else -+ $as_echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ ac_retval=1 -+fi -+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information -+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would -+ # interfere with the next link command; also delete a directory that is -+ # left behind by Apple's compiler. We do this before executing the actions. -+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo -+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -+ as_fn_set_status $ac_retval -+ -+} # ac_fn_c_try_link - cat >config.log <<_ACEOF - This file contains any messages produced by compilers while - running configure, to aid debugging if configure makes a mistake. -@@ -4049,6 +4105,11 @@ fi +@@ -4109,6 +4119,11 @@ fi @@ -124,7 +71,7 @@ index 71fabf4dbb3..17f4f50673d 100644 # # Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -@@ -49304,6 +49365,157 @@ fi +@@ -50141,6 +50156,157 @@ fi LIBS="$save_LIBS" @@ -246,7 +193,7 @@ index 71fabf4dbb3..17f4f50673d 100644 +/* end confdefs.h. */ +#include +int -+main () ++main (void) +{ +SECMOD_GetSystemFIPSEnabled() + ; @@ -283,10 +230,10 @@ index 71fabf4dbb3..17f4f50673d 100644 # # statically link libstdc++ before C++ ABI is stablized on Linux unless diff --git a/common/autoconf/libraries.m4 b/common/autoconf/libraries.m4 -index 6efae578ea9..0080846255b 100644 +index 4ed8b4fdd6..caf293be72 100644 --- a/common/autoconf/libraries.m4 +++ b/common/autoconf/libraries.m4 -@@ -1067,3 +1067,63 @@ AC_DEFUN_ONCE([LIB_SETUP_ON_WINDOWS], +@@ -1216,3 +1216,63 @@ AC_DEFUN_ONCE([LIB_SETUP_ON_WINDOWS], BASIC_DEPRECATED_ARG_WITH([dxsdk-include]) fi ]) @@ -351,12 +298,12 @@ index 6efae578ea9..0080846255b 100644 + AC_SUBST(USE_SYSCONF_NSS) +]) diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in -index 506cf617087..7241593b1a4 100644 +index 8da3ac32a0..4d081d1b84 100644 --- a/common/autoconf/spec.gmk.in +++ b/common/autoconf/spec.gmk.in -@@ -312,6 +312,10 @@ CUPS_CFLAGS:=@CUPS_CFLAGS@ - ALSA_LIBS:=@ALSA_LIBS@ - ALSA_CFLAGS:=@ALSA_CFLAGS@ +@@ -317,6 +317,10 @@ ENABLE_LIBFFI_BUNDLING:=@ENABLE_LIBFFI_BUNDLING@ + LIBFFI_LIB_DIR:=@LIBFFI_LIB_DIR@ + LIBFFI_LIB_FILE:=@LIBFFI_LIB_FILE@ +USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@ +NSS_LIBS:=@NSS_LIBS@ @@ -366,7 +313,7 @@ index 506cf617087..7241593b1a4 100644 # Source file for cacerts diff --git a/common/bin/compare_exceptions.sh.incl b/common/bin/compare_exceptions.sh.incl -index 3b79a526f56..d2a0e39b206 100644 +index 3b79a526f5..d2a0e39b20 100644 --- a/common/bin/compare_exceptions.sh.incl +++ b/common/bin/compare_exceptions.sh.incl @@ -280,6 +280,7 @@ ACCEPTED_SMALL_SIZE_DIFF=" @@ -402,7 +349,7 @@ index 3b79a526f56..d2a0e39b206 100644 ./jre/lib/sparcv9/libunpack.so ./jre/lib/sparcv9/libverify.so diff --git a/common/nb_native/nbproject/configurations.xml b/common/nb_native/nbproject/configurations.xml -index d2beed0b93a..3b6aef98d9a 100644 +index d2beed0b93..3b6aef98d9 100644 --- a/common/nb_native/nbproject/configurations.xml +++ b/common/nb_native/nbproject/configurations.xml @@ -53,6 +53,9 @@ @@ -428,10 +375,10 @@ index d2beed0b93a..3b6aef98d9a 100644 ex="false" tool="0" diff --git a/jdk/make/lib/SecurityLibraries.gmk b/jdk/make/lib/SecurityLibraries.gmk -index b0b85d80448..47a41d7518d 100644 +index 84abb7e76b..cb4531b880 100644 --- a/jdk/make/lib/SecurityLibraries.gmk +++ b/jdk/make/lib/SecurityLibraries.gmk -@@ -289,3 +289,34 @@ ifeq ($(OPENJDK_TARGET_OS), solaris) +@@ -303,3 +303,34 @@ ifeq ($(OPENJDK_TARGET_OS), solaris) endif endif @@ -468,7 +415,7 @@ index b0b85d80448..47a41d7518d 100644 + diff --git a/jdk/make/mapfiles/libsystemconf/mapfile-vers b/jdk/make/mapfiles/libsystemconf/mapfile-vers new file mode 100644 -index 00000000000..a65ceb3b78c +index 0000000000..a65ceb3b78 --- /dev/null +++ b/jdk/make/mapfiles/libsystemconf/mapfile-vers @@ -0,0 +1,35 @@ @@ -508,7 +455,7 @@ index 00000000000..a65ceb3b78c + *; +}; diff --git a/jdk/src/share/classes/java/security/Security.java b/jdk/src/share/classes/java/security/Security.java -index 0db09da7061..813b907db3e 100644 +index 0db09da706..813b907db3 100644 --- a/jdk/src/share/classes/java/security/Security.java +++ b/jdk/src/share/classes/java/security/Security.java @@ -30,6 +30,8 @@ import java.util.*; @@ -640,7 +587,7 @@ index 0db09da7061..813b907db3e 100644 /* diff --git a/jdk/src/share/classes/java/security/SystemConfigurator.java b/jdk/src/share/classes/java/security/SystemConfigurator.java new file mode 100644 -index 00000000000..a24a0445db2 +index 0000000000..a24a0445db --- /dev/null +++ b/jdk/src/share/classes/java/security/SystemConfigurator.java @@ -0,0 +1,248 @@ @@ -894,7 +841,7 @@ index 00000000000..a24a0445db2 +} diff --git a/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java b/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java new file mode 100644 -index 00000000000..5c30a8b29c7 +index 0000000000..5c30a8b29c --- /dev/null +++ b/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java @@ -0,0 +1,31 @@ @@ -930,7 +877,7 @@ index 00000000000..5c30a8b29c7 + boolean isPlainKeySupportEnabled(); +} diff --git a/jdk/src/share/classes/sun/misc/SharedSecrets.java b/jdk/src/share/classes/sun/misc/SharedSecrets.java -index f065a2c685d..0dafe6f59cf 100644 +index f065a2c685..0dafe6f59c 100644 --- a/jdk/src/share/classes/sun/misc/SharedSecrets.java +++ b/jdk/src/share/classes/sun/misc/SharedSecrets.java @@ -31,6 +31,7 @@ import java.io.Console; @@ -967,7 +914,7 @@ index f065a2c685d..0dafe6f59cf 100644 } diff --git a/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java new file mode 100644 -index 00000000000..14d19450390 +index 0000000000..14d1945039 --- /dev/null +++ b/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java @@ -0,0 +1,290 @@ @@ -1262,7 +1209,7 @@ index 00000000000..14d19450390 + } +} diff --git a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java -index fedcd7743ef..f9d70863bd1 100644 +index fedcd7743e..f9d70863bd 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -26,6 +26,9 @@ @@ -1366,7 +1313,7 @@ index fedcd7743ef..f9d70863bd1 100644 if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) { throw new UnsupportedOperationException diff --git a/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java -index 2e42d1d9fb0..1b7eed1c656 100644 +index 2e42d1d9fb..1b7eed1c65 100644 --- a/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java +++ b/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java @@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper; @@ -1493,7 +1440,7 @@ index 2e42d1d9fb0..1b7eed1c656 100644 +} } diff --git a/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java -index ffee2c1603b..98119479823 100644 +index ffee2c1603..9811947982 100644 --- a/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java +++ b/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java @@ -33,8 +33,13 @@ import java.security.KeyStore.*; @@ -1532,7 +1479,7 @@ index ffee2c1603b..98119479823 100644 "FIPS mode: KeyStore must be " + "from provider " + SunJSSE.cryptoProvider.getName()); diff --git a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java -index 820e10164fc..6fe2c29389f 100644 +index 820e10164f..6fe2c29389 100644 --- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java +++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java @@ -31,6 +31,7 @@ import java.security.*; @@ -1630,7 +1577,7 @@ index 820e10164fc..6fe2c29389f 100644 ProtocolVersion.TLS13, ProtocolVersion.TLS12, diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java -index 2845dc37938..52337a7b6cf 100644 +index 2845dc3793..52337a7b6c 100644 --- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java @@ -30,6 +30,8 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER; @@ -1659,7 +1606,7 @@ index 2845dc37938..52337a7b6cf 100644 "sun.security.ssl.SSLContextImpl$TLSContext"); if (isfips == false) { diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix -index 7a93d4e6b59..681a24b905d 100644 +index 37bca2df46..730212b601 100644 --- a/jdk/src/share/lib/security/java.security-aix +++ b/jdk/src/share/lib/security/java.security-aix @@ -287,6 +287,13 @@ package.definition=sun.,\ @@ -1677,7 +1624,7 @@ index 7a93d4e6b59..681a24b905d 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux -index 145a84f94cf..789c19a8cba 100644 +index 9bb8e992fb..a1b3943b11 100644 --- a/jdk/src/share/lib/security/java.security-linux +++ b/jdk/src/share/lib/security/java.security-linux @@ -75,6 +75,14 @@ security.provider.7=com.sun.security.sasl.Provider @@ -1722,7 +1669,7 @@ index 145a84f94cf..789c19a8cba 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx -index 35fa140d7a5..d4da666af3b 100644 +index 7a765742e6..5abd95fff8 100644 --- a/jdk/src/share/lib/security/java.security-macosx +++ b/jdk/src/share/lib/security/java.security-macosx @@ -290,6 +290,13 @@ package.definition=sun.,\ @@ -1740,7 +1687,7 @@ index 35fa140d7a5..d4da666af3b 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris -index f79ba37ddb9..300132384a1 100644 +index f0100336f5..2f4c6c2fd6 100644 --- a/jdk/src/share/lib/security/java.security-solaris +++ b/jdk/src/share/lib/security/java.security-solaris @@ -288,6 +288,13 @@ package.definition=sun.,\ @@ -1758,7 +1705,7 @@ index f79ba37ddb9..300132384a1 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows -index d70503ce95f..64db5a5cd1e 100644 +index e51bdece13..b4a509753b 100644 --- a/jdk/src/share/lib/security/java.security-windows +++ b/jdk/src/share/lib/security/java.security-windows @@ -290,6 +290,13 @@ package.definition=sun.,\ @@ -1777,7 +1724,7 @@ index d70503ce95f..64db5a5cd1e 100644 # the javax.net.ssl package. diff --git a/jdk/src/solaris/native/java/security/systemconf.c b/jdk/src/solaris/native/java/security/systemconf.c new file mode 100644 -index 00000000000..8dcb7d9073f +index 0000000000..8dcb7d9073 --- /dev/null +++ b/jdk/src/solaris/native/java/security/systemconf.c @@ -0,0 +1,224 @@ diff --git a/SOURCES/java-1.8.0-openjdk-portable.specfile b/SOURCES/java-1.8.0-openjdk-portable.specfile new file mode 100644 index 0000000..0233cbe --- /dev/null +++ b/SOURCES/java-1.8.0-openjdk-portable.specfile @@ -0,0 +1,2631 @@ +# RPM conditionals so as to be able to dynamically produce +# slowdebug/release builds. See: +# http://rpm.org/user_doc/conditional_builds.html +# +# Examples: +# +# Produce release, fastdebug *and* slowdebug builds on x86_64 (default): +# $ rpmbuild -ba java-1.8.0-openjdk.spec +# +# Produce only release builds (no debug builds) on x86_64: +# $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug --without fastdebug +# +# Only produce a release build on x86_64: +# $ rhpkg mockbuild --without slowdebug --without fastdebug +# +# Enable fastdebug builds by default on relevant arches. +%bcond_without fastdebug +# Enable slowdebug builds by default on relevant arches. +%bcond_without slowdebug +# Enable release builds by default on relevant arches. +%bcond_without release +# Remove build artifacts by default +%bcond_with artifacts +# Build a fresh libjvm.so for use in a copy of the bootstrap JDK +%bcond_without fresh_libjvm +# Build with system libraries +%bcond_with system_libs + +# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so +%if %{with fresh_libjvm} +%global build_hotspot_first 1 +%else +%global build_hotspot_first 0 +%endif + +%if %{with system_libs} +%global system_libs 1 +%global link_type system +%global jpeg_lib |libjavajpeg[.]so.* +%else +%global system_libs 0 +%global link_type bundled +%global jpeg_lib |libjpeg[.]so.* +%endif + +# Turn off the debug package as we just produce a bunch of tarballs +%define debug_package %{nil} + +# note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros +# also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch +# see the difference between global and define: +# See https://github.com/rpm-software-management/rpm/issues/127 to comments at "pmatilai commented on Aug 18, 2017" +# (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192) +%global debug_suffix_unquoted -slowdebug +%global fastdebug_suffix_unquoted -fastdebug +# quoted one for shell operations +%global debug_suffix "%{debug_suffix_unquoted}" +%global fastdebug_suffix "%{fastdebug_suffix_unquoted}" +%global normal_suffix "" + +%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. +%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. +%global debug_on unoptimised with full debugging on +%global fastdebug_on optimised with full debugging on +%global for_fastdebug for packages with debugging on and optimisation +%global for_debug for packages with debugging on and no optimisation + +%if %{with release} +%global include_normal_build 1 +%else +%global include_normal_build 0 +%endif + +%if %{include_normal_build} +%global normal_build %{normal_suffix} +%else +%global normal_build %{nil} +%endif + +%global aarch64 aarch64 arm64 armv8 +# we need to distinguish between big and little endian PPC64 +%global ppc64le ppc64le +%global ppc64be ppc64 ppc64p7 +# Set of architectures which support multiple ABIs +%global multilib_arches %{power64} sparc64 x86_64 +# Set of architectures for which we build slowdebug builds +%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} +# Set of architectures for which we build fastdebug builds +%global fastdebug_arches x86_64 ppc64le aarch64 +# Set of architectures with a Just-In-Time (JIT) compiler +%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64 +# Set of architectures which use the Zero assembler port (!jit_arches) +%global zero_arches %{arm} ppc s390 s390x +# Set of architectures which run a full bootstrap cycle +%global bootstrap_arches %{jit_arches} %{zero_arches} +# Set of architectures which support SystemTap tapsets +%global systemtap_arches %{jit_arches} +# Set of architectures which support the serviceability agent +%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} +# Set of architectures which support class data sharing +# See https://bugzilla.redhat.com/show_bug.cgi?id=513605 +# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT +%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} +# Set of architectures which support Java Flight Recorder (JFR) +%global jfr_arches %{jit_arches} +# Set of architectures for which alt-java has SSB mitigation +%global ssbd_arches x86_64 +# Set of architectures where we verify backtraces with gdb +%global gdb_arches %{jit_arches} %{zero_arches} +# Architecture on which we run Java only tests +%global jdk_test_arch x86_64 + +# By default, we build a debug build during main build on JIT architectures +%if %{with slowdebug} +%ifarch %{debug_arches} +%global include_debug_build 1 +%else +%global include_debug_build 0 +%endif +%else +%global include_debug_build 0 +%endif + +# By default, we build a fastdebug build during main build only on fastdebug architectures +%if %{with fastdebug} +%ifarch %{fastdebug_arches} +%global include_fastdebug_build 1 +%else +%global include_fastdebug_build 0 +%endif +%else +%global include_fastdebug_build 0 +%endif + +%if %{include_debug_build} +%global slowdebug_build %{debug_suffix} +%else +%global slowdebug_build %{nil} +%endif + +%if %{include_fastdebug_build} +%global fastdebug_build %{fastdebug_suffix} +%else +%global fastdebug_build %{nil} +%endif + +# If you disable all builds, then the build fails +# Build and test slowdebug first as it provides the best diagnostics +%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} + +%if 0%{?flatpak} +%global bootstrap_build false +%else +%ifarch %{bootstrap_arches} +%global bootstrap_build true +%else +%global bootstrap_build false +%endif +%endif + +%global bootstrap_targets images +%global release_targets images docs-zip +# No docs nor bootcycle for debug builds +%global debug_targets images +# Target to use to just build HotSpot +%global hotspot_target hotspot + +# JDK to use for bootstrapping +# Use OpenJDK 7 where available (on RHEL) to avoid +# having to use the rhel-7.x-java-unsafe-candidate hack +%if ! 0%{?fedora} && 0%{?rhel} <= 7 +%global buildjdkver 1.7.0 +%else +%global buildjdkver 1.8.0 +%endif +%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk + +# Disable LTO as this causes build failures at the moment. +# See RHBZ#1861401 and https://bugs.gentoo.org/833097 +%define _lto_cflags %{nil} + +# Filter out flags from the optflags macro that cause problems with the OpenJDK build +# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 +# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) +# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings +# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++ +%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||') +%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||') +%global ourldflags %{__global_ldflags} + +# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path +# the initialization must be here. Later the pkg-config have buggy behavior +# looks like openjdk RPM specific bug +# Always set this so the nss.cfg file is not broken +%global NSS_LIBDIR %(pkg-config --variable=libdir nss) +%global NSS_LIBS %(pkg-config --libs nss) +%global NSS_CFLAGS %(pkg-config --cflags nss-softokn) +# see https://bugzilla.redhat.com/show_bug.cgi?id=1332456 +%global NSSSOFTOKN_BUILDTIME_NUMBER %(pkg-config --modversion nss-softokn || : ) +%global NSS_BUILDTIME_NUMBER %(pkg-config --modversion nss || : ) +# this is workaround for processing of requires during srpm creation +%global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi) +%global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi) + +# In some cases, the arch used by the JDK does +# not match _arch. +# Also, in some cases, the machine name used by SystemTap +# does not match that given by _target_cpu +%ifarch x86_64 +%global archinstall amd64 +%global stapinstall x86_64 +%endif +%ifarch ppc +%global archinstall ppc +%global stapinstall powerpc +%endif +%ifarch %{ppc64be} +%global archinstall ppc64 +%global stapinstall powerpc +%endif +%ifarch %{ppc64le} +%global archinstall ppc64le +%global stapinstall powerpc +%endif +%ifarch %{ix86} +%global archinstall i386 +%global stapinstall i386 +%endif +%ifarch ia64 +%global archinstall ia64 +%global stapinstall ia64 +%endif +%ifarch s390 +%global archinstall s390 +%global stapinstall s390 +%endif +%ifarch s390x +%global archinstall s390x +%global stapinstall s390 +%endif +%ifarch %{arm} +%global archinstall arm +%global stapinstall arm +%endif +%ifarch %{aarch64} +%global archinstall aarch64 +%global stapinstall arm64 +%endif +# 32 bit sparc, optimized for v9 +%ifarch sparcv9 +%global archinstall sparc +%global stapinstall %{_target_cpu} +%endif +# 64 bit sparc +%ifarch sparc64 +%global archinstall sparcv9 +%global stapinstall %{_target_cpu} +%endif +# Need to support noarch for srpm build +%ifarch noarch +%global archinstall %{nil} +%global stapinstall %{nil} +%endif + +%ifarch %{systemtap_arches} +%global with_systemtap 1 +%else +%global with_systemtap 0 +%endif + +# New Version-String scheme-style defines +%global majorver 8 +# Define version of OpenJDK 8 used +%global project openjdk +%global repo shenandoah-jdk8u +%global openjdk_revision 8u462-b08 +%global shenandoah_revision shenandoah%{openjdk_revision} +# Define IcedTea version used for SystemTap tapsets and desktop file +%global icedteaver 3.15.0 +# Define current Git revision for the FIPS support patches +%global fipsver 6d1aade0648 +# Define current Git revision for the cacerts patch +%global cacertsver 8139f2361c2 + +# Standard JPackage naming and versioning defines +%global origin openjdk +%global origin_nice OpenJDK +%global top_level_dir_name %{shenandoah_revision} + +# Settings for local security configuration +%global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} +%global cacerts_file /etc/pki/java/cacerts + +# Define vendor information used by OpenJDK +%global oj_vendor Red Hat, Inc. +%global oj_vendor_url "https://www.redhat.com/" +# Define what url should JVM offer in case of a crash report +# order may be important, epel may have rhel declared +%if 0%{?epel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{component}&version=epel%{epel} +%else +%if 0%{?fedora} +# Does not work for rawhide, keeps the version field empty +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} +%else +%if 0%{?rhel} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ +%else +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi +%endif +%endif +%endif + +# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 +%global version_tag %(VERSION=%{shenandoah_revision}; echo ${VERSION%%-shenandoah-merge*}) +# eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) +%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) +# eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 +%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) +# eg jdk8u60-b27 -> b27 +%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) +%global rpmrelease 1 +# Define milestone (EA for pre-releases, GA ("fcs") for releases) +# Release will be (where N is usually a number starting at 1): +# - 0.N%%{?extraver}%%{?dist} for EA releases, +# - N%%{?extraver}{?dist} for GA releases +%global is_ga 1 +%if %{is_ga} +%global milestone fcs +%global milestone_version %{nil} +%global extraver %{nil} +%global eaprefix %{nil} +%else +%global milestone ea +%global milestone_version "-ea" +%global extraver .%{milestone} +%global eaprefix 0. +%endif +# priority must be 7 digits in total. The expression is workarounding tip +%global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999}) + +%global javaver 1.%{majorver}.0 + +# parametrized macros are order-sensitive +%global compatiblename %{name} +%global fullversion %{compatiblename}-%{version}-%{release} +# images stub +%global jdkimage j2sdk-image +%global jreimage j2re-image +# output dir stub +%define buildoutputdir() %{expand:build/jdk8.build%{?1}} +%define installoutputdir() %{expand:install/jdk8.install%{?1}} +%define packageoutputdir() %{expand:packages/jdk8.packages%{?1}} +# we can copy the javadoc to not arched dir, or make it not noarch +%define uniquejavadocdir() %{expand:%{fullversion}%{?1}} +# main id and dir of this jdk +%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} +%define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jre;g") +%define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jdk;g") +%define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz} +%define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz} +%define jreportablename() %{expand:%{jreportablenameimpl -- %%{1}}} +%define jdkportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} +%define docportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.docs;g") +%define docportablearchive() %{docportablename}.tar.xz +%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.misc;g") +%define miscportablearchive() %{miscportablename}.tar.xz + +# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349. +# See also https://bugzilla.redhat.com/show_bug.cgi?id=1590796 +# as to why some libraries *cannot* be excluded. In particular, +# these are: +# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so +%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*%{jpeg_lib}|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.* +%global __provides_exclude ^(%{_privatelibs})$ +%global __requires_exclude ^(%{_privatelibs})$ + +# Standard JPackage directories and symbolic links. +%global sdkdir() %{expand:%{uniquesuffix %%1}} +%global jrelnk() %{expand:jre-%{javaver}-%{origin}-%{version}-%{release}.%{_arch}%1} + +%global jredir() %{expand:%{sdkdir %%1}/jre} +%global sdkbindir() %{expand:%{_jvmdir}/%{sdkdir %%1}/bin} +%global jrebindir() %{expand:%{_jvmdir}/%{jredir %%1}/bin} +%global alt_java_name alt-java +%global jvmjardir() %{expand:%{_jvmjardir}/%{uniquesuffix %%1}} + +%global rpm_state_dir %{_localstatedir}/lib/rpm-state/ + +# For flatpack builds hard-code /usr/sbin/alternatives, +# otherwise use %%{_sbindir} relative path. +%if 0%{?flatpak} +%global alternatives_requires /usr/sbin/alternatives +%else +%global alternatives_requires %{_sbindir}/alternatives +%endif + +# Prevent brp-java-repack-jars from being run. +%global __jar_repack 0 + +# portables have grown out of its component, moving back to java-x-vendor +# this expression, when declared as global, filled component with java-x-vendor portable +%define component %(echo %{name} | sed "s;-portable;;g") + +Name: java-%{javaver}-%{origin}-portable +Version: %{javaver}.%{updatever}.%{buildver} +Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} +# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons +# and this change was brought into RHEL-4. java-1.5.0-ibm packages +# also included the epoch in their virtual provides. This created a +# situation where in-the-wild java-1.5.0-ibm packages provided "java = +# 1:1.5.0". In RPM terms, "1.6.0 < 1:1.5.0" since 1.6.0 is +# interpreted as 0:1.6.0. So the "java >= 1.6.0" requirement would be +# satisfied by the 1:1.5.0 packages. Thus we need to set the epoch in +# JDK package >= 1.6.0 to 1, and packages referring to JDK virtual +# provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". + +Epoch: 1 +Summary: %{origin_nice} %{majorver} Runtime Environment portable edition +Group: Development/Languages + +# HotSpot code is licensed under GPLv2 +# JDK library code is licensed under GPLv2 with the Classpath exception +# The Apache license is used in code taken from Apache projects (primarily JAXP & JAXWS) +# DOM levels 2 & 3 and the XML digital signature schemas are licensed under the W3C Software License +# The JSR166 concurrency code is in the public domain +# The BSD and MIT licenses are used for a number of third-party libraries (see THIRD_PARTY_README) +# The OpenJDK source tree includes the JPEG library (IJG), zlib & libpng (zlib), giflib and LCMS (MIT) +# The test code includes copies of NSS under the Mozilla Public License v2.0 +# The PCSClite headers are under a BSD with advertising license +# The elliptic curve cryptography (ECC) source code is licensed under the LGPLv2.1 or any later version +License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib +URL: http://openjdk.java.net/ + +# Shenandoah HotSpot +# openjdk/shenandoah-jdk8u contains an integration forest of +# OpenJDK 8u and the Shenandoah garbage collector +# To regenerate, use: +# VERSION=%%{shenandoah_revision} +# FILE_NAME_ROOT=${VERSION} +# REPO_ROOT= generate_source_tarball.sh +# where the source is obtained from http://github.com/%%{project}/%%{repo} +Source0: %{shenandoah_revision}.tar.xz + +# Custom README for -src subpackage +Source2: README.md + +# Release notes +Source7: NEWS + +# Use 'icedtea_sync.sh' to update the following +# They are based on code contained in the IcedTea project (3.x). +# Systemtap tapsets. Zipped up to keep it small. +Source8: tapsets-icedtea-%{icedteaver}.tar.xz + +# Desktop files. Adapted from IcedTea +Source9: jconsole.desktop.in +Source10: policytool.desktop.in + +# nss configuration file +Source11: nss.cfg.in + +# Removed libraries that we link instead +Source12: remove-intree-libraries.sh + +# Ensure we aren't using the limited crypto policy +Source13: TestCryptoLevel.java + +# Ensure ECDSA is working +Source14: TestECDSA.java + +# Verify system crypto (policy) can be disabled via a property +Source15: TestSecurityProperties.java + +# Ensure vendor settings are correct +Source16: CheckVendor.java + +# nss fips configuration file +Source17: nss.fips.cfg.in + +# Ensure translations are available for new timezones +Source18: TestTranslations.java + +# New versions of config files with aarch64 support. This is not upstream yet. +Source100: config.guess +Source101: config.sub + +############################################ +# +# RPM/distribution specific patches +# +# This section includes patches specific to +# Fedora/RHEL which can not be upstreamed +# either in their current form or at all. +############################################ + +# Accessibility patches +# Ignore AWTError when assistive technologies are loaded +Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch +# Turn on AssumeMP by default on RHEL systems +Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch +# RH1648249: Add PKCS11 provider to java.security +Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1582504-rsa_default_for_keytool.patch + +# Crypto policy and FIPS support patches +# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips +# as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch +# Diff is limited to src and make subdirectories to exclude .github changes +# Fixes currently included: +# PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy +# PR3655: Allow use of system crypto policy to be disabled by the user +# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider +# RH1760838: No ciphersuites available for SSLSocket in FIPS mode +# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available +# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess +# RH1929465: Improve system FIPS detection +# RH1996182: Login to the NSS software token in FIPS mode +# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false +# RH2021263: Resolve outstanding FIPS issues +# RH2052819: Fix FIPS reliance on crypto policies +# RH2052829: Detect NSS at Runtime for FIPS detection +# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +# RH2090378: Revert to disabling system security properties and FIPS mode support together +Patch1001: fips-8u-%{fipsver}.patch + +############################################# +# +# Upstreamable patches +# +# This section includes patches which need to +# be reviewed & pushed to the current development +# tree of OpenJDK. +############################################# +# PR2737: Allow multiple initialization of PKCS11 libraries +Patch5: pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch +# Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions +Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch +# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings +Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch +# PR3083, RH1346460: Regression in SSL debug output without an ECC provider +Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch +# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) +# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts +# RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds +# Must be applied after the FIPS patch as it also changes java.security +# Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts +# as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch +Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch +Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) +Patch600: rh1750419-redhat_alt_java.patch + +############################################# +# +# Arch-specific upstreamable patches +# +# This section includes patches which need to +# be reviewed & pushed upstream and are specific +# to certain architectures. This usually means the +# current OpenJDK development branch, but may also +# include other trees e.g. for the AArch64 port for +# OpenJDK 8u. +############################################# +# s390: PR3593: Use "%z" for size_t on s390 as size_t != intptr_t +Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch +# x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) +Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch +# S390 ambiguous log2_intptr calls +Patch107: s390-8214206_fix.patch + +############################################# +# +# Patches which need backporting to 8u +# +# This section includes patches which have +# been pushed upstream to the latest OpenJDK +# development tree, but need to be backported +# to OpenJDK 8u. +############################################# +# S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary +# This fixes printf warnings that lead to build failure with -Werror=format-security from optflags +Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch +# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code +Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch +# 8143245, PR3548: Zero build requires disabled warnings +Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch +# s390: JDK-8203030, Type fixing for s390 +Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch +# 8035341: Allow using a system installed libpng +Patch202: jdk8035341-allow_using_system_installed_libpng.patch +# 8042159: Allow using a system-installed lcms2 +Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch +Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch +# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 +Patch581: jdk8257794-remove_broken_assert.patch +# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files +Patch12: jdk8186464-rh1433262-zip64_failure.patch +# JDK-8328999, RH2251025 - Update GIFlib to 5.2.2 (PR#571) +Patch13: jdk8328999-update_giflib_5.2.2.patch +# JDK-8141590 - Cannot build Zero with devkit +Patch14: jdk8141590-bundle_libffi.patch +Patch15: jdk8141590-bundle_libffi-followup.patch + +############################################# +# +# Patches appearing in 8u472 +# +# This section includes patches which are present +# in the listed OpenJDK 8u release and should be +# able to be removed once that release is out +# and used by this RPM. +############################################# +Patch901: jdk8339414-fix_8202369_backport.patch + +############################################# +# +# Patches ineligible for 8u +# +# This section includes patches which are present +# upstream, but ineligible for upstream 8u backport. +############################################# +# 8043805: Allow using a system-installed libjpeg +Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch + +############################################# +# +# Shenandoah fixes +# +# This section includes patches which are +# specific to the Shenandoah garbage collector +# and should be upstreamed to the appropriate +# trees. +############################################# + +############################################# +# +# Non-OpenJDK fixes +# +# This section includes patches to code other +# that from OpenJDK. +############################################# + +############################################# +# +# Dependencies +# +############################################# +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: alsa-lib-devel +BuildRequires: binutils +# cacerts build requirement. +BuildRequires: ca-certificates +BuildRequires: cups-devel +BuildRequires: desktop-file-utils +# elfutils only are OK for build without AOT +BuildRequires: elfutils-devel +BuildRequires: file +BuildRequires: fontconfig-devel +BuildRequires: freetype-devel +# Earlier versions have a bug in tree vectorization on PPC +BuildRequires: gcc >= 4.8.3-8 +BuildRequires: gcc-c++ +BuildRequires: gdb +BuildRequires: make +# Require a boot JDK which doesn't fail due to RH1482244 +BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 +BuildRequires: libxslt +BuildRequires: libX11-devel +BuildRequires: libXext-devel +BuildRequires: libXi-devel +BuildRequires: libXinerama-devel +BuildRequires: libXrender-devel +BuildRequires: libXt-devel +BuildRequires: libXtst-devel +# Requirement for setting up nss.cfg and nss.fips.cfg +BuildRequires: nss-devel +BuildRequires: pkgconfig +BuildRequires: xorg-x11-proto-devel +BuildRequires: tar +BuildRequires: unzip +BuildRequires: zip + +# Zero-assembler build requirement +%ifarch %{zero_arches} +BuildRequires: libffi-devel +%endif + +%if %{with_systemtap} +BuildRequires: systemtap-sdt-devel +%endif + +%if %{system_libs} +BuildRequires: giflib-devel +BuildRequires: lcms2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: zlib-devel +%else +# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h +Provides: bundled(giflib) = 5.2.2 +# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h +Provides: bundled(lcms2) = 2.11.0 +# Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h +Provides: bundled(libjpeg) = 6b +# Version in jdk/src/share/native/sun/awt/libpng/png.h +Provides: bundled(libpng) = 1.6.39 +# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h +Provides: bundled(zlib) = 1.3.1 +# We link statically against libstdc++ to increase portability +BuildRequires: libstdc++-static +%endif + +%description +The %{origin_nice} %{majorver} runtime environment - portable edition + +%if %{include_normal_build} +%package devel +Summary: %{origin_nice} %{majorver} Development Environment portable edition +Group: Development/Tools +%description devel +The %{origin_nice} %{majorver} development tools - portable edition +%endif + +%if %{include_debug_build} +%package slowdebug +Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{debug_on} +Group: Development/Languages +%description slowdebug +The %{origin_nice} %{majorver} runtime environment - portable edition +%{debug_warning} + +%package devel-slowdebug +Summary: %{origin_nice} %{majorver} Development Environment portable edition %{debug_on} +Group: Development/Tools +%description devel-slowdebug +The %{origin_nice} %{majorver} development tools - portable edition +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package fastdebug +Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{fastdebug_on} +Group: Development/Languages +%description fastdebug +The %{origin_nice} %{majorver} runtime environment - portable edition +%{fastdebug_warning} + +%package devel-fastdebug +Summary: %{origin_nice} %{majorver} Development Environment portable edition %{fastdebug_on} +Group: Development/Tools +%description devel-fastdebug +The %{origin_nice} %{majorver} development tools - portable edition +%{fastdebug_warning} +%endif + +%if %{include_normal_build} +%package unstripped +Summary: The %{origin_nice} %{majorver} runtime environment, unstripped. +Group: Development/Languages +%description unstripped +The %{origin_nice} %{majorver} runtime environment, unstripped. +%endif + +%package docs +Summary: %{origin_nice} %{majorver} API documentation +Group: Development/Languages +%description docs +The %{origin_nice} %{majorver} API documentation. + +%package misc +Summary: %{origin_nice} %{majorver} miscellany +Group: Development/Languages +%description misc +The %{origin_nice} %{majorver} miscellany. + +%prep +if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then + echo "include_normal_build is %{include_normal_build}" +else + echo "include_normal_build is %{include_normal_build}, that is invalid. Use 1 for yes or 0 for no" + exit 11 +fi +if [ %{include_debug_build} -eq 0 -o %{include_debug_build} -eq 1 ] ; then + echo "include_debug_build is %{include_debug_build}" +else + echo "include_debug_build is %{include_debug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 12 +fi +if [ %{include_fastdebug_build} -eq 0 -o %{include_fastdebug_build} -eq 1 ] ; then + echo "include_fastdebug_build is %{include_fastdebug_build}" +else + echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 13 +fi +if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then + echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go." + exit 14 +fi + +echo "Update version: %{updatever}" +echo "Build number: %{buildver}" +echo "Milestone: %{milestone}" +%ifnarch %{ix86} +export XZ_OPT="-T0" +%endif +%setup -q -c -n %{uniquesuffix ""} -T -a 0 +# https://bugzilla.redhat.com/show_bug.cgi?id=1189084 +prioritylength=`expr length %{priority}` +if [ $prioritylength -ne 7 ] ; then + echo "priority must be 7 digits in total, violated" + exit 14 +fi +# For old patches +ln -s %{top_level_dir_name} jdk8 +ln -s %{top_level_dir_name} openjdk + +cp %{SOURCE2} . + +# replace outdated configure guess script +# +# the configure macro will do this too, but it also passes a few flags not +# supported by openjdk configure script +cp %{SOURCE100} %{top_level_dir_name}/common/autoconf/build-aux/ +cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ + +# OpenJDK patches + +# This syntax is deprecated: +# %patchN [...] +# and should be replaced with: +# %patch -PN [...] +# For example: +# %patch1001 -p1 +# becomes: +# %patch -P1001 -p1 +# The replacement format suggested by recent (circa Fedora 38) RPM +# deprecation messages: +# %patch N [...] +# is not backward-compatible with prior (circa RHEL-8) versions of +# rpmbuild. + +%if %{system_libs} +# Remove libraries that are linked +sh %{SOURCE12} +%endif + +# Do not enable them with system_libs, they do not work properly with bundled option +# System library fixes +%if %{system_libs} +%patch -P201 +%patch -P202 +%patch -P203 +%patch -P204 +%endif + +%patch -P1 +%patch -P5 + +# s390 build fixes +%patch -P102 +%patch -P103 +%patch -P107 + +# AArch64 fixes + +# x86 fixes +pushd %{top_level_dir_name} +%patch -P105 -p1 +popd + +# Upstreamable fixes +%patch -P512 +%patch -P523 +%patch -P528 +%patch -P571 +%patch -P574 +%patch -P581 +%patch -P541 +%patch -P12 +pushd %{top_level_dir_name} +%patch -P502 -p1 +%patch -P13 -p1 +%patch -P14 -p1 +%patch -P15 -p1 +popd + +# Early fixes +pushd %{top_level_dir_name} +%patch -P901 -p1 +popd + +pushd %{top_level_dir_name} +# Add crypto policy and FIPS support +%patch -P1001 -p1 +# nss.cfg PKCS11 support; must come last as it also alters java.security +%patch -P1000 -p1 +# system cacerts support +%patch -P539 -p1 +popd + +# RPM-only fixes +%patch -P600 +%patch -P1003 + +# RHEL-only patches +%if ! 0%{?fedora} && 0%{?rhel} <= 7 +%patch -P534 +%endif + +# Shenandoah patches + +# Extract systemtap tapsets +%if %{with_systemtap} +tar --strip-components=1 -x -I 'xz -T0' -f %{SOURCE8} +%if %{include_debug_build} +cp -r tapset tapset%{debug_suffix} +%endif +%if %{include_fastdebug_build} +cp -r tapset tapset%{fastdebug_suffix} +%endif + + +for suffix in %{build_loop} ; do + for file in "tapset"$suffix/*.in; do + sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $file + done +done +# systemtap tapsets ends +%endif + +# Prepare desktop files +# Portables do not have desktop integration + +# Setup nss.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg + +# Setup nss.fips.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg + +# Setup security policy +#Commented because NA to portable +#sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %{security_file} + +%build + +# How many CPU's do we have? +export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) +export NUM_PROC=${NUM_PROC:-1} +%if 0%{?_smp_ncpus_max} +# Honor %%_smp_ncpus_max +[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} +%endif +%ifnarch %{ix86} +export XZ_OPT="-T0" +%endif + +%ifarch s390x sparc64 alpha %{power64} %{aarch64} +export ARCH_DATA_MODEL=64 +%endif +%ifarch alpha +export CFLAGS="$CFLAGS -mieee" +%endif + +# We use ourcppflags because the OpenJDK build seems to +# pass EXTRA_CFLAGS to the HotSpot C++ compiler... +EXTRA_CFLAGS="%ourcppflags -Wno-error" +EXTRA_CPP_FLAGS="%ourcppflags" +%ifarch %{power64} ppc +EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-tree-vectorize" +# fix rpmlint warnings +EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" +%endif +EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" +export EXTRA_CFLAGS EXTRA_ASFLAGS + +(cd %{top_level_dir_name}/common/autoconf + bash ./autogen.sh +) + +function buildjdk() { + local outputdir=${1} + local buildjdk=${2} + local maketargets="${3}" + local debuglevel=${4} + local link_opt=${5} + local debug_symbols=${6} + + local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} + # Variable used in hs_err hook on build failures + local top_builddir_abs_path=$(pwd)/${outputdir} + + echo "Using output directory: ${outputdir}"; + + if [ "x${link_opt}" = "xbundled" ] ; then + libc_link_opt="static"; + else + libc_link_opt="dynamic"; + fi + + echo "Checking build JDK ${buildjdk} is operational..." + ${buildjdk}/bin/java -version + echo "Using make targets: ${maketargets}" + echo "Using debuglevel: ${debuglevel}" + echo "Using link_opt: ${link_opt}" + echo "Using debug_symbols: ${debug_symbols}" + echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" + + mkdir -p ${outputdir} + pushd ${outputdir} + + bash ${top_srcdir_abs_path}/configure \ +%ifarch %{jfr_arches} + --enable-jfr \ +%else + --disable-jfr \ +%endif +%ifarch %{zero_arches} + --with-jvm-variants=zero \ + --enable-libffi-bundling \ +%endif + --with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \ + --with-native-debug-symbols=${debug_symbols} \ + --with-milestone=%{milestone} \ + --with-update-version=%{updatever} \ + --with-build-number=%{buildver} \ + --with-vendor-name="%{oj_vendor}" \ + --with-vendor-url="%{oj_vendor_url}" \ + --with-vendor-bug-url="%{oj_vendor_bug_url}" \ + --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ + --with-boot-jdk=${buildjdk} \ + --with-debug-level=${debuglevel} \ + --disable-sysconf-nss \ + --enable-unlimited-crypto \ + --with-zlib=${link_opt} \ + --with-giflib=${link_opt} \ +%if %{with system_libs} + --with-libjpeg=${link_opt} \ + --with-libpng=${link_opt} \ + --with-lcms=${link_opt} \ +%endif + --with-stdc++lib=${libc_link_opt} \ + --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ + --with-extra-cflags="$EXTRA_CFLAGS" \ + --with-extra-asflags="$EXTRA_ASFLAGS" \ + --with-extra-ldflags="%{ourldflags}" \ + --with-num-cores="$NUM_PROC" + + cat spec.gmk + cat hotspot-spec.gmk + + make \ + JAVAC_FLAGS=-g \ + LOG=trace \ + SCTP_WERROR= \ + ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) + + popd +} + +function installjdk() { + local outputdir=${1} + local installdir=${2} + local jdkimagepath=${installdir}/images/%{jdkimage} + local jreimagepath=${installdir}/images/%{jreimage} + + echo "Installing build from ${outputdir} to ${installdir}..." + mkdir -p ${installdir} + echo "Installing images..." + mv ${outputdir}/images ${installdir} + if [ -d ${outputdir}/bundles ] ; then + echo "Installing bundles..."; + mv ${outputdir}/bundles ${installdir} ; + fi + # On 8u, docs ends up at the top-level, not in images + if [ -d ${outputdir}/docs ] ; then + echo "Installing docs..."; + mv ${outputdir}/docs ${installdir} ; + fi + +%if !%{with artifacts} + echo "Removing output directory..."; + rm -rf ${outputdir} +%endif + + for imagepath in ${jdkimagepath} ${jreimagepath} ; do + + if [ -d ${imagepath} ] ; then + # the build (erroneously) removes read permissions from some jars + # this is a regression in OpenJDK 7 (our compiler): + # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 + find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; + + # Build screws up permissions on binaries + # https://bugs.openjdk.java.net/browse/JDK-8173610 + find ${imagepath} -iname '*.so' -exec chmod +x {} \; + find ${imagepath}/bin/ -exec chmod +x {} \; + + # Install local files which are distributed with the JDK + install -m 644 %{SOURCE7} ${imagepath} + + # Create fake alt-java as a placeholder for future alt-java + pushd ${imagepath} + # add alt-java man page + echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 + cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 + popd + + # Print release information + cat ${imagepath}/release + fi + done + + # Handle these outside the loop as install path differs between JDK and JRE image + install -m 644 nss.cfg ${jdkimagepath}/jre/lib/security/ + install -m 644 nss.cfg ${jreimagepath}/lib/security/ + # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) + install -m 644 nss.fips.cfg ${jdkimagepath}/jre/lib/security/ + install -m 644 nss.fips.cfg ${jreimagepath}/lib/security/ +} + +function genchecksum() { + local checkedfile=${1} + + checkdir=$(dirname ${1}) + checkfile=$(basename ${1}) + + echo "Generating checksum for ${checkfile} in ${checkdir}..." + pushd ${checkdir} + sha256sum ${checkfile} > ${checkfile}.sha256sum + sha256sum --check ${checkfile}.sha256sum + popd +} + +function packagejdk() { + # Reusing OPENJDK_UPSTREAM_TAG_EPOCH for the modification times of all + # files in the portable tarballs eliminates one source of variability + # across RPM rebuilds. + VERSION_FILE="$(pwd)"/"%{top_level_dir_name}"/common/autoconf/version-numbers + OPENJDK_UPSTREAM_TAG_EPOCH="$(stat --format=%Y "${VERSION_FILE}")" + + local imagesdir=$(pwd)/${1}/images + local docdir=$(pwd)/${1}/docs + local bundledir=$(pwd)/${1}/bundles + local packagesdir=$(pwd)/${2} + local srcdir=$(pwd)/%{top_level_dir_name} + local tapsetdir=$(pwd)/tapset + local tar_time="$(date --utc --iso-8601=seconds --date=@"${OPENJDK_UPSTREAM_TAG_EPOCH}")" + local tar_opts="--mtime=${tar_time} --sort=name -cJf" + + echo "Packaging build from ${imagesdir} to ${packagesdir}..." + mkdir -p ${packagesdir} + pushd ${imagesdir} + + if [ "x$suffix" = "x" ] ; then + nameSuffix="" + else + nameSuffix=`echo "$suffix"| sed s/-/./` + fi + + jdkname=%{jdkportablename -- "$nameSuffix"} + jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} + jrename=%{jreportablename -- "$nameSuffix"} + jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} + + # Rename directories for packaging + mv %{jdkimage} ${jdkname} + mv %{jreimage} ${jrename} + + # Release images have external debug symbols + if [ "x$suffix" = "x" ] ; then + debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"} + debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"} + unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"} + # We only use docs for the release build + docname=%{docportablename} + docarchive=${packagesdir}/%{docportablearchive} + built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip + # These are from the source tree so no debug variants + miscname=%{miscportablename} + miscarchive=${packagesdir}/%{miscportablearchive} + + # Keep the unstripped version for consumption by RHEL RPMs + tar ${tar_opts} ${unstrippedarchive} ${jdkname} + genchecksum ${unstrippedarchive} + + # Strip the files + for file in $(find ${jdkname} ${jrename} -type f) ; do + if file ${file} | grep -q 'ELF'; then + if ! echo ${file} | grep -q 'libffi' ; then + noextfile=${file/.so/}; + objcopy --only-keep-debug ${file} ${noextfile}.debuginfo; + objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file}; + strip -g ${file}; + fi + fi + done + + tar ${tar_opts} ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo) + genchecksum ${debugjdkarchive} + tar ${tar_opts} ${debugjrearchive} $(find ${jdkname} -name \*.debuginfo) + genchecksum ${debugjrearchive} + + mkdir ${docname} + mv ${docdir} ${docname} + mv ${bundledir}/${built_doc_archive} ${docname} + tar ${tar_opts} ${docarchive} ${docname} + genchecksum ${docarchive} + + mkdir ${miscname} + for s in 16 24 32 48 ; do + cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname} + done +%if %{with_systemtap} + cp -a ${tapsetdir}* ${miscname} +%endif + tar ${tar_opts} ${miscarchive} ${miscname} + genchecksum ${miscarchive} + fi + + tar ${tar_opts} ${jdkarchive} --exclude='**.debuginfo' ${jdkname} + genchecksum ${jdkarchive} + + tar ${tar_opts} ${jrearchive} --exclude='**.debuginfo' ${jrename} + genchecksum ${jrearchive} + + # Revert directory renaming so testing will run + # TODO: testing should run on the packaged JDK + mv ${jdkname} %{jdkimage} + mv ${jrename} %{jreimage} + + popd #images +} + +%if %{build_hotspot_first} + # Build a fresh libjvm.so first and use it to bootstrap + cp -LR --preserve=mode,timestamps %{bootjdk} newboot + systemjdk=$(pwd)/newboot + buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" "internal" + mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server +%else + systemjdk=%{bootjdk} +%endif + +for suffix in %{build_loop} ; do + + if [ "x$suffix" = "x" ] ; then + debugbuild=release + else + # change --something to something + debugbuild=`echo $suffix | sed "s/-//g"` + fi + # We build with internal debug symbols and do + # our own stripping for one version of the + # release build + debug_symbols=internal + + builddir=%{buildoutputdir -- ${suffix}} + bootbuilddir=boot${builddir} + installdir=%{installoutputdir -- ${suffix}} + bootinstalldir=boot${installdir} + packagesdir=%{packageoutputdir -- ${suffix}} + + link_opt="%{link_type}" +%if %{system_libs} + # Copy the source tree so we can remove all in-tree libraries + cp -a %{top_level_dir_name} %{top_level_dir_name_backup} + # Remove all libraries that are linked + sh %{SOURCE12} %{top_level_dir_name} full +%endif + # Debug builds don't need same targets as release for + # build speed-up. We also avoid bootstrapping these + # slower builds. + if echo $debugbuild | grep -q "debug" ; then + maketargets="%{debug_targets}" + run_bootstrap=false + else + maketargets="%{release_targets}" + run_bootstrap=%{bootstrap_build} + fi + if ${run_bootstrap} ; then + buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${bootbuilddir} ${bootinstalldir} + buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${builddir} ${installdir} + %{!?with_artifacts:rm -rf ${bootinstalldir}} + else + buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${builddir} ${installdir} + fi + packagejdk ${installdir} ${packagesdir} + +%if %{system_libs} + # Restore original source tree we modified by removing full in-tree sources + rm -rf %{top_level_dir_name} + mv %{top_level_dir_name_backup} %{top_level_dir_name} +%endif + +# build cycles +done + +%check + +# We test debug first as it will give better diagnostics on a crash +for suffix in %{build_loop} ; do + +export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} + +# Only test on one architecture (the fastest) for Java only tests +%ifarch %{jdk_test_arch} + + # Check unlimited policy has been used + $JAVA_HOME/bin/javac -d . %{SOURCE13} + $JAVA_HOME/bin/java TestCryptoLevel + + # Check ECC is working + $JAVA_HOME/bin/javac -d . %{SOURCE14} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + + # Check system crypto (policy) is active and can be disabled + # Test takes a single argument - true or false - to state whether system + # security properties are enabled or not. + # Portable specific: default is false + $JAVA_HOME/bin/javac -d . %{SOURCE15} + export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") + export SEC_DEBUG="-Djava.security.debug=properties" + $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false + $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false + + # Check correct vendor values have been set + $JAVA_HOME/bin/javac -d . %{SOURCE16} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} + + # Check translations are available for new timezones + $JAVA_HOME/bin/javac -d . %{SOURCE18} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE + + # Check src.zip has all sources. See RHBZ#1130490 + unzip -l $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe' + + # Check class files include useful debugging information + $JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from" + $JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable + $JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable + + # Check generated class files include useful debugging information + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from" + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable + +%else + + # Just run a basic java -version test on other architectures + $JAVA_HOME/bin/java -version + +%endif + +# Check java launcher has no SSB mitigation +if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi + +# Check alt-java launcher has SSB mitigation on supported architectures +%ifarch %{ssbd_arches} +nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation +%else +if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi +%endif + +# Release builds strip the debug symbols into external .debuginfo files +if [ "x$suffix" = "x" ] ; then + so_suffix="debuginfo" +else + so_suffix="so" +fi + +# Check debug symbols are present and can identify code +find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib +do + if [ -f "$lib" ] ; then + echo "Testing $lib for debug symbols" + # All these tests rely on RPM failing the build if the exit code of any set + # of piped commands is non-zero. + + # Test for .debug_* sections in the shared object. This is the main test + # Stripped objects will not contain these + eu-readelf -S "$lib" | grep "] .debug_" + test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 + + # Test FILE symbols. These will most likely be removed by anything that + # manipulates symbol tables because it's generally useless. So a nice test + # that nothing has messed with symbols + old_IFS="$IFS" + IFS=$'\n' + for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") + do + # We expect to see .cpp files, except for architectures like aarch64 and + # s390 where we expect .o and .oS files + echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$" + done + IFS="$old_IFS" + + # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking + if [ "`basename $lib`" = "libjvm.so" ]; then + eu-readelf -s "$lib" | \ + grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" + fi + + # Test that there are no .gnu_debuglink sections pointing to another + # debuginfo file. There shouldn't be any debuginfo files, so the link makes + # no sense either + eu-readelf -S "$lib" | grep 'gnu' + if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then + echo "bad .gnu_debuglink section." + eu-readelf -x .gnu_debuglink "$lib" + false + fi + fi +done + +# Make sure gdb can do a backtrace based on line numbers on libjvm.so +# javaCalls.cpp:58 should map to: +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# Using line number 1 might cause build problems. See: +# https://bugzilla.redhat.com/show_bug.cgi?id=1539664 +# https://bugzilla.redhat.com/show_bug.cgi?id=1538767 +gdb -q "$JAVA_HOME/bin/java" < - 1:1.8.0.462.b08-1 +- Update to 8u462-b08 (GA) +- Update release notes for 8u462-b08. +- Add early backport of JDK-8339414 +- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. ** +- Resolves: OPENJDK-3965 + +* Fri Apr 11 2025 Andrew Hughes - 1:1.8.0.452.b09-1 +- Update to 8u452-b09 (GA) +- Update release notes for 8u452-b09. +- Remove long option documentation from JDK-8335912/JDK-8337499 as not present in 8u +- ** This tarball is embargoed until 2025-04-15 @ 1pm PT. ** + +* Thu Jan 16 2025 Andrew Hughes - 1:1.8.0.442.b06-1 +- Update to 8u442-b06 (GA) +- Update release notes for 8u442-b06. +- Switch to GA mode for final release +- Revise JDK-8141590 backport to install libffi.so* in lib as well as jre/lib + +* Thu Jan 16 2025 Andrew Hughes - 1:1.8.0.442.b05-0.2.ea +- Include backport of JDK-8141590 to allow bundling of libffi on Zero architectures +- Rebase FIPS patch after application of 8141590 +- Add local patch on top of 8141590 to improve path detection for s390x +- Don't attempt to strip libffi.so* + +* Mon Jan 06 2025 Andrew Hughes - 1:1.8.0.442.b05-0.1.ea +- Update to 8u442-b05 (EA). +- Update release notes for 8u442-b05. +- Switch to EA mode for pre-release. + +* Fri Oct 11 2024 Andrew Hughes - 1:1.8.0.432.b06-1 +- Update to shenandoah-jdk8u432-b06 (GA) +- Update release notes for shenandoah-8u432-b06. +- Switch to GA mode. +- ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** + +* Thu Oct 10 2024 Andrew Hughes - 1:1.8.0.432.b05-0.1.ea +- Update to shenandoah-jdk8u432-b05 (EA) +- Update release notes for shenandoah-8u432-b05. +- Switch to EA mode. +- Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version +- Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration +- Bump version of bundled zlib to 1.3.1 following JDK-8324632 +- Add build dependency on make +- Reorganise build dependencies to retain alphabetical order for unconditional deps +- Include backport of JDK-8328999 to update giflib to 5.2.2 +- Bump version of bundled giflib to 5.2.2 following JDK-8328999 +- Add build scripts to repository to ease remembering all CentOS & RHEL targets and options +- Resolves: OPENJDK-3348 + +* Wed Jul 10 2024 Andrew Hughes - 1:1.8.0.422.b05-1.1 +- Update to shenandoah-jdk8u422-b05 (GA) +- Update release notes for shenandoah-8u422-b05. +- Rebase PR2462 patch following patched hunk being removed by JDK-8322106 +- Switch to GA mode. +- Limit Java only tests to one architecture using jdk_test_arch +- Remove unused policy repacking script repackReproduciblePolycies.sh +- Sync README.md with RHEL 8 +- Add missing build dependency on zlib-devel +- Update LCMS version to match JDK-8245400 +- Move unstripped, misc and doc tarball handling into normal build / no suffix blocks +- Drop unneeded tzdata-java build dependency following 11d4d3308dd3334acae563101c007be9db017b83 +- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** +- Resolves: OPENJDK-3183 +- Resolves: OPENJDK-3187 +- Resolves: OPENJDK-3193 + +* Tue Jul 09 2024 Andrew Hughes - 1:1.8.0.422.b01-0.1.ea +- Update to shenandoah-jdk8u422-b01 (EA) +- Update release notes for shenandoah-8u422-b01. +- Switch to EA mode. + +* Wed Apr 10 2024 Andrew Hughes - 1:1.8.0.412.b08-2 +- Add CVEs to release notes + +* Mon Apr 08 2024 Andrew Hughes - 1:1.8.0.412.b08-1 +- Update to shenandoah-jdk8u412-b08 (GA) +- Update release notes for shenandoah-8u412-b08. +- Complete release note for Certainly roots +- Switch to GA mode. +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** + +* Fri Apr 05 2024 Andrew Hughes - 1:1.8.0.412.b07-0.1.ea +- Update to shenandoah-jdk8u412-b07 (EA) +- Update release notes for shenandoah-8u412-b07. +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 + +* Fri Mar 29 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources +- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity +- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork +- generate_source_tarball.sh: Adapt version logic to work with 8u +- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086) +- generate_source_tarball.sh: Update examples in header for clarity +- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP +- generate_source_tarball.sh: Only add --depth=1 on non-local repositories +- icedtea_sync.sh: Reinstate from rhel-8.8.0 branch +- Move maintenance scripts to a scripts subdirectory +- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository +- jconsole.desktop.in: Restored by running icedtea_sync.sh +- policytool.desktop.in: Likewise. +- Restore IcedTea sources correctly in spec file +- discover_trees.sh: Set compile-command and indentation instructions for Emacs +- discover_trees.sh: shellcheck: Do not use -o (SC2166) +- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- discover_trees.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: Add authorship +- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs +- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) +- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: Set compile-command and indentation instructions for Emacs +- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) +- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) +- Remove pointless empty file generate_singlerepo_source_tarball.sh +- Remove pointless empty file update_main_sources.sh +- generate_source_tarball.sh: Handle an existing checkout +- generate_source_tarball.sh: Sync indentation with java-21-openjdk version +- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS + +* Fri Mar 29 2024 Thomas Fitzsimmons - 1:1.8.0.412.b01-0.2.ea +- generate_source_tarball.sh: Add WITH_TEMP environment variable +- generate_source_tarball.sh: Multithread xz on all available cores +- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable +- generate_source_tarball.sh: Update comment about tarball naming +- generate_source_tarball.sh: Reformat comment header +- generate_source_tarball.sh: Reformat and update help output +- generate_source_tarball.sh: Do a shallow clone, for speed +- generate_source_tarball.sh: Eliminate some removal prompting +- generate_source_tarball.sh: Make tarball reproducible +- generate_source_tarball.sh: Prefix temporary directory with temp- +- generate_source_tarball.sh: Remove temporary directory exit conditions +- generate_source_tarball.sh: Set compile-command in Emacs +- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT +- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks +- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) +- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) +- Use backward-compatible patch syntax +- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST +- generate_source_tarball.sh: Remove trailing period in echo +- generate_source_tarball.sh: Use long-style argument to grep +- generate_source_tarball.sh: Add license +- generate_source_tarball.sh: Add indentation instructions for Emacs + +* Fri Mar 22 2024 Andrew Hughes - 1:1.8.0.412.b01-0.1.ea +- Introduce tar_opts to avoid repetition of lengthy tar creation options +- Normalise whitespace +- Turn off xz multi-threading on i686 as it fails with an out of memory error + +* Fri Mar 22 2024 Thomas Fitzsimmons - 1:1.8.0.412.b01-0.1.ea +- Invoke xz in multi-threaded mode +- Make portable tarball modification times reproducible + +* Thu Mar 21 2024 Andrew Hughes - 1:1.8.0.412.b01-0.1.ea +- Update to shenandoah-jdk8u412-b01 (EA) +- Update release notes for shenandoah-8u412-b01. +- Switch to EA mode. + +* Thu Jan 11 2024 Andrew Hughes - 1:1.8.0.402.b06-0.1.ea +- Update to shenandoah-jdk8u402-b06 (GA) +- Update release notes for shenandoah-8u402-b06. +- Drop local copy of JDK-8312489 which is now included upstream +- Switch to GA mode. +- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. ** + +* Tue Dec 05 2023 Andrew Hughes - 1:1.8.0.402.b01-0.1.ea +- Update to shenandoah-jdk8u402-b01 (EA) +- Update release notes for shenandoah-8u402-b01. +- Switch to EA mode. +- Sync NEWS with vanilla branch version. + +* Wed Oct 11 2023 Andrew Hughes - 1:1.8.0.392.b08-1 +- Update to shenandoah-jdk8u392-b08 (GA) +- Update release notes for shenandoah-8u392-b08. +- Regenerate PR2462 patch following JDK-8315135 +- Bump version of bundled libpng to 1.6.39 +- Add backport of JDK-8312489 heading upstream for 8u402 (see OPENJDK-2095) +- Workaround undefined symbol: _ZN16G1TriggerClosure9do_oop_nvIjEEvPT_ by disabling LTO +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** + +* Fri Sep 29 2023 Andrew Hughes - 1:1.8.0.392.b01-1 +- Update to shenandoah-jdk8u392-b01 (GA) +- Update release notes for shenandoah-8u392-b01. +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball + +* Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-2 +- Re-enable SystemTap support and perform only substitutions possible without final NVR available +- Include tapsets in the miscellaneous tarball +- Drop unused globals for tapset installation + +* Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-1 +- Update to shenandoah-jdk8u382-b05 (GA) +- Update release notes for shenandoah-8u382-b05. +- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** + +* Fri Jul 07 2023 Andrew Hughes - 1:1.8.0.382.b04-0.1.ea +- Update to shenandoah-jdk8u382-b04 (EA) +- Update release notes for shenandoah-8u382-b04. + +* Wed Jun 28 2023 Andrew Hughes - 1:1.8.0.382.b01-0.1.ea +- Update to shenandoah-jdk8u382-b01 (EA) +- Update release notes for shenandoah-8u382-b01. +- Switch to EA mode. +- Remove JDK-8271199 patch which is now upstream. +- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update) + +* Thu Apr 27 2023 Andrew Hughes - 1:1.8.0.372.b07-2 +- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8 +- Fix debug symbols flag to newboot and package naming +- Disable debug_package as we only produce tarballs +- Drop redundant removal of empty RPM_BUILD_ROOT + +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-1 +- Update to shenandoah-jdk8u372-b07 (GA) +- Update release notes for shenandoah-8u372-b07. +- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 +- Reintroduce jconsole-plugin.patch from RHEL 9 +- Update generate_tarball.sh to add support for passing a boot JDK to the configure run +- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace +- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs +- Drop JDK-8275535/RH2053256 patch which is now upstream +- Include JDK-8271199 backport early ahead of 8u382 (RH2175317) +- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** +- Resolves: rhbz#2185182 +- Resolves: rhbz#2175317 + +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.362.b09-2 +- Reintroduce generate_source_tarball.sh from RHEL 9 + +* Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-1 +- Update to shenandoah-jdk8u352-b09 (GA) +- Update release notes for shenandoah-8u352-b09. +- Sync system cacerts support with RHEL 9, disabling using -Dsecurity.systemCACerts= +- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue + +* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-4 +- Build with internal debuginfo as in RHEL and then create a stripped variant ourselves for the portable release build +- Restore compiler flags to those used in RHEL +- Remove 8u portable only debug check using nm -aCl which takes a very long time and seems to be duplicated by other checks +- Add docs & icons to the portable output +- Make sure generated checksums work and don't include full path +- The docs directory is a top-level directory on OpenJDK 8, so needs to be moved to the install directory separately + +* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-3 +- Separate JDK packaging into a separate function +- Use variables to make it clearer what is going on +- Use a package output directory as we do for building and installing + +* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-2 +- Adapt the portable build to use the same system library handling as RHEL builds + +* Fri Jan 13 2023 Andrew Hughes - 1:1.8.0.362.b08-1 +- Update to shenandoah-jdk8u352-b08 (GA) +- Update release notes for shenandoah-8u352-b08. +- Fix broken links and missing release notes in older releases. +- Drop JDK-8195607/PR3776/RH1760437 now this is upstream +- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 +- Drop tzdata patches for 2022d & 2022e (JDK-8294357 & JDK-8295173) which are now upstream +- Update TestTranslations.java to test the new America/Ciudad_Juarez zone +- Drop RH1163501 patch which is not upstream or in 11, 17 & 19 packages and seems obsolete + - Patch was broken by inclusion of "JDK-8293554: Enhanced DH Key Exchanges" + - Patch was added for a specific corner case of a 4096-bit DH key on a Fedora host that no longer exists + - Fedora now appears to be using RSA and the JDK now supports ECC in preference to large DH keys +- Resolves: rhbz#2160111 + +* Fri Oct 14 2022 Andrew Hughes - 1:1.8.0.352.b08-1 +- Update to shenandoah-jdk8u352-b08 (GA) +- Update release notes for shenandoah-8u352-b08. +- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 +- Add test to ensure timezones can be translated +- Rebase FIPS patch against 8u352-b07 +- * This tarball is embargoed until 2022-10-18 @ 1pm PT. * +- Resolves: rhbz#2133695 + +* Mon Aug 29 2022 Jayashree Huttanagoudar - 1:1.8.0.345.b01-2 +- Added some previously missing piece related to flatpack builds in portable spec +- The change went into upstream branch in 8u292-b10(GA) itself + +* Mon Aug 29 2022 Stephan Bergmann - 1:1.8.0.345.b01-2 +- Disable copy-jdk-configs for Flatpak builds +- Fix flatpak builds by exempting them from bootstrap +- Resolves: rhbz#2102727 + +* Wed Aug 03 2022 Andrew Hughes - 1:1.8.0.345.b01-1 +- Update to shenandoah-jdk8u345-b01 (GA) +- Update release notes for 8u345-b01. +- Resolves: rhbz#2112405 + +* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b07-1 +- Update to shenandoah-jdk8u342-b07 (GA) +- Update release notes for shenandoah-8u342-b07. +- Print release file during build, which should now include a correct SOURCE value from .src-rev +- Include script to generate bug list for release notes +- Update tzdata requirement to 2022a to match JDK-8283350 +- Rebase JDK-8186464 patch so it applies after JDK-8190753 +- Switch to GA mode for final release. +- This tarball is embargoed until 2022-07-19 @ 1pm PT. +- Resolves: rhbz#2106502 + +* Sun Jul 17 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-5 +- System security properties are disabled by default on portable. +- Commented out lines which are not applicable for portable. +- Commented out BR for crypto-policies for portable + +* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-5 +- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository +- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +- * RH2090378: Revert to disabling system security properties and FIPS mode support together +- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch +- Rebase PR2888/RH2055274 cacerts patch so it applies after the current FIPS patch +- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk +- Enable system security properties in the RPM (now disabled by default in the FIPS repo) +- Improve security properties test to check both enabled and disabled behaviour +- Run security properties test with property debugging on +- Explicitly require crypto-policies during build and runtime for system security properties +- Resolves: rhbz#2097152 +- Resolves: rhbz#2100675 + +* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-4 +- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode +- Resolves: rhbz#2102435 + +* Thu May 19 2022 Jiri Vanek - 1:1.8.0.332.b09-3 +- to pass aqa: +- removed copy system tzdb in favour of in-tree +- removed Patch3: rh1648644-java_access_bridge_privileged_security.patch +- This is not intended to release untill we decide proper steps + +* Wed May 11 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-2 +- Add some missing chunk in %check from upstream spec. + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b09-1 +- Update to shenandoah-jdk8u332-b09 (GA) +- Update release notes for 8u332-b09. +- Switch to GA mode for final release. +- This tarball is embargoed until 2022-04-19 @ 1pm PT. +- Resolves: rhbz#2073422 + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.2.ea +- Allow the default keystore to be configured using security.systemCACerts +- Use of the property can now be disabled using -Djava.security.disableSystemCACerts=true +- Commented out the configuration line for RHEL which is NA for portable. +- Resolves: rhbz#2055274 + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.1.ea +- Update to shenandoah-jdk8u332-b06 (EA) +- Update release notes for shenandoah-8u332-b06. +- Minor corrections to previous changelog entry. +- Resolves: rhbz#2047536 + +* Sun Apr 17 2022 Andrew Hughes - 1:1.8.0.332.b01-0.1.ea +- Update to shenandoah-jdk8u332-b01 (EA) +- Update release notes for shenandoah-8u332-b01. +- Switch to EA mode. +- Remove JDK-8279077 patch now upstream. +- Related: rhbz#2047536 + +* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-10 +- Add JDK-8275535 patch to fix LDAP authentication issue. +- Resolves: rhbz#2053285 + +* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-9 +- Detect NSS at runtime for FIPS detection +- Resolves: rhbz#2052828 + +* Mon Feb 21 2022 Andrew Hughes - 1:1.8.0.322.b06-8 +- Refactor build functions so we can build just HotSpot without any attempt at installation. +- Introduce architecture restriction logic for the gdb test. (RH2041970) +- Pass compiler flags to the ADLC build (JDK-8281098) +- Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 +- Explicitly list JIT architectures rather than relying on those with slowdebug builds +- Disable the serviceability agent on Zero architectures even when the architecture itself is supported +- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds +- Sync minor placement differences with Fedora & RHEL 9 +- Resolves: rhbz#2022815 + +* Mon Jan 31 2022 Andrew Hughes - 1:1.8.0.322.b06-7 +- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. +- Related: rhbz#2022815 + +* Fri Jan 28 2022 Andrew Hughes - 1:1.8.0.322.b06-6 +- Reduce disk footprint by removing build artifacts by default. +- Related: rhbz#1999937 + +* Thu Jan 27 2022 Jayashree Huttanagoudar - 1:1.8.0.322.b06-5 +- Add some diagnostic messages to buildjdk() +- Add missing chmod instructions to buildjdk() + +* Thu Jan 27 2022 Andrew Hughes - 1:1.8.0.322.b06-5 +- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. +- Resolves: rhbz#1966233 + +* Tue Jan 25 2022 Andrew Hughes - 1:1.8.0.322.b06-4 +- Install nss.cfg and nss.fips.cfg into portable images. +- Consistently make use of jdkimage and jreimage variables. + +* Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-3 +- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent + +* Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-2 +- Fix FIPS issues in native code and with initialisation of java.security.Security +- Related: rhbz#2039366 + +* Fri Jan 21 2022 Andrew Hughes - 1:1.8.0.322.b06-1 +- Update to aarch64-shenandoah-jdk8u322-b06 (EA) +- Update release notes for 8u322-b06. +- Switch to GA mode for final release. +- Resolves: rhbz#2039366 + +* Thu Jan 20 2022 Andrew Hughes - 1:1.8.0.322.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b05 (EA) +- Update release notes for 8u322-b05. +- Require tzdata 2021e as of JDK-8275766. +- Update tarball generation script to use git following shenandoah-jdk8u's move to github +- Resolves: rhbz#2022815 + +* Tue Jan 18 2022 Andrew Hughes - 1:1.8.0.322.b04-0.2.ea +- Add backport of JDK-8279077 to fix crash on ppc64 +- Resolves: rhbz#2030399 + +* Mon Jan 10 2022 Andrew Hughes - 1:1.8.0.322.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b04 (EA) +- Update release notes for 8u322-b04. +- Require tzdata 2021c as of JDK-8274407. +- Related: rhbz#2022815 + +* Fri Jan 07 2022 Andrew Hughes - 1:1.8.0.322.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b03 (EA) +- Update release notes for 8u322-b03. +- Related: rhbz#2022815 + +* Fri Dec 17 2021 Andrew Hughes - 1:1.8.0.322.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b02 (EA) +- Update release notes for 8u322-b02. +- Related: rhbz#2022815 + +* Tue Dec 14 2021 Andrew Hughes - 1:1.8.0.322.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b01 (EA) +- Update release notes for 8u322-b01. +- Switch to EA mode. +- Related: rhbz#2022815 + +* Tue Dec 14 2021 Jayashree Huttanagoudar - 1:1.8.0.322.b01-0.1.ea +- Typo correction to the previous commit for restructuring the build. + +* Mon Dec 06 2021 Severin Gehwolf - 1:1.8.0.312.b07-5 +- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy + secmod.db file as part of nss +- Resolves: rhbz#2023532 + +* Mon Nov 22 2021 Jayashree Huttanagoudar - 1:1.8.0.312.b07-4 +- Fixed warnings for bogus date and macro expansion in comment line. + +* Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-3 +- added and enabled nss.cfg (source11: nss.cfg.in + patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch) +- added and enabled fips patches and nss.fips.cfg +- added and enabled source15: TestSecurityProperties.java test +- enabled patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch +- enabled patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch +- source17: nss.fips.cfg.in,patch1001: rh1655466-global_crypto_and_fips.patch + patch1001: rh1655466-global_crypto_and_fips.patch + patch1002: rh1818909-fips_default_keystore_type.patch patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch + patch1005: rh1915071-always_initialise_configurator_access.patch patch1006: rh1929465-improve_system_FIPS_detection-root.patch + patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch + patch1008: rh1996182-login_to_nss_software_token.patch patch1011: rh1991003-enable_fips_keys_import.patch + patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch +- Disable FIPS mode detection using NSS in favour of using /proc/sys/crypto/fips_enabled for now, so we don't link against NSS +-- effectively disabled Patch1008: rh1929465-improve_system_FIPS_detection.patch by settng --enable-sysconf-nss to --disable-sysconf-nss +-- the enable-sysconf-nss was bringing in hard depndence on nss. Without nss, even in non fips, jvm had not even started +- introduced ssbd_arches to have properly tested alt-java +-- added forgotten test for alt-java +- removed bad redeclaration of fastdebug_arches +- made TestECDSA non fatal, started to fail. Locally passed. TODO, fix + +* Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-2 +- cacerts symlink is resolved before passed to configure +- https://issues.redhat.com/browse/OPENJDK-487 + +* Fri Oct 15 2021 Andrew Hughes - 1:1.8.0.312.b07-1 +- Update to aarch64-shenandoah-jdk8u312-b07 (EA) +- Update release notes for 8u312-b07. +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-10-19 @ 1pm PT. +- Resolves: rhbz#2011826 + +* Mon Oct 04 2021 Jiri Vanek - 1:1.8.0.302.b08-2 +- fixed bugzilla component. It was pointing to java-x-vendor-portable due to recent rename + +* Mon Aug 16 2021 Jiri Vanek - 1:1.8.0.302.b08-1 +- renamed to java-1.8.0-openjdk-portable +- adapted pacakges to not contain double portbale in name + +* Fri Jul 16 2021 Andrew Hughes - 1:1.8.0.302.b08-0 +- Update to aarch64-shenandoah-jdk8u302-b08 (EA) +- Update release notes for 8u302-b08. +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-07-20 @ 1pm PT. +- added forgotten patch107 s390-8214206_fix.patch + +* Thu Jul 01 2021 Jiri Vanek - 1:1.8.0.302.b03-0.1.ea +- returned two wrongly removed patches +- returned and applied patch541 rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +- returned and applied patch12 jdk8186464-rh1433262-zip64_failure.patch + +* Sun Jun 27 2021 Andrew Hughes - 1:1.8.0.302.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b03 (EA) +- Update release notes for 8u302-b03. +- Resolves: rhbz#1967812 + +* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b10-1 +- Add CVE numbers. +- Require tzdata 2021a due to JDK-8260356 +- Resolves: rhbz#1938201 + +* Thu Apr 08 2021 Andrew Hughes - 1:1.8.0.292.b10-0 +- Update to aarch64-shenandoah-jdk8u292-b10 (GA) +- Update release notes for 8u292-b10. +- This tarball is embargoed until 2021-04-20 @ 1pm PT. +- Resolves: rhbz#1938201 + +* Thu Apr 08 2021 Stephan Bergmann - 1:1.8.0.292.b10-0 +- Hardcode /usr/sbin/alternatives for Flatpak builds +- Resolves: rhbz#1967813 + +* Tue Mar 30 2021 Andrew Hughes - 1:1.8.0.292.b09-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b09 (EA) +- Update release notes for 8u292-b09. +- Resolves: rhbz#1938081 + +* Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b08-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b08 (EA) +- Update release notes for 8u292-b08. +- Resolves: rhbz#1938081 + +* Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b07 (EA) +- Update release notes for 8u292-b07. +- Resolves: rhbz#1938081 + +* Mon Mar 22 2021 Andrew Hughes - 1:1.8.0.292.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b06 (EA) +- Update release notes for 8u292-b06. +- Require tzdata 2020f due to JDK-8259048 +- Resolves: rhbz#1938081 + +* Mon Mar 15 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b05-0.1.ea +- Remove patch s390-8214206_fix.patch as portable is not built for s390. + +* Mon Mar 15 2021 Andrew Hughes - 1:1.8.0.292.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA). +- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11. + +* Mon Mar 08 2021 Andrew Hughes - 1:1.8.0.292.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b05 (EA) +- Update release notes for 8u292-b05. + +* Fri Mar 05 2021 Andrew Hughes - 1:1.8.0.292.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b04 (EA) +- Update release notes for 8u292-b04. + +* Thu Mar 04 2021 Andrew Hughes - 1:1.8.0.292.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b03 (EA) +- Update release notes for 8u292-b03. + +* Tue Mar 02 2021 Andrew Hughes - 1:1.8.0.292.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b02 (EA) +- Update release notes for 8u292-b02. + +* Fri Feb 12 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b01-0.0.ea +- Update tzdata-java from 2020b to 2021a + +* Fri Feb 12 2021 Andrew Hughes - 1:1.8.0.292.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b01 (EA) +- Update release notes for 8u292-b01. +- Switch to EA mode. + +* Thu Feb 4 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-4 +- Changes to generate sha256sum for each linux-portable build artifacts inside RPM + +* Mon Jan 25 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-3 +- Cleanup package summary for fastdebug and slowdebug. +- Resolves: rhbz#1908963 + +* Mon Jan 25 2021 Andrew Hughes - 1:1.8.0.282.b08-2 +- Cleanup package descriptions and version number placement. +- Resolves: rhbz#1908963 + +* Mon Jan 18 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-1 +- Fix to address the extra src.zip bundled inside jdk tarball. + +* Sat Jan 16 2021 Andrew Hughes - 1:1.8.0.282.b08-0 +- Update to aarch64-shenandoah-jdk8u282-b08 (GA) +- Update release notes for 8u282-b08. +- This tarball is embargoed until 2021-01-19 @ 1pm PT. +- Resolves: rhbz#1908963 + +* Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b07 (EA) +- Update release notes for 8u282-b07. +- Fix placement issue in release notes, caught by comparing with vanilla version. +- Resolves: rhbz#1903904 + +* Wed Jan 13 2021 Andrew Hughes - 1:1.8.0.282.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b06 (EA) +- Update release notes for 8u282-b06. +- Resolves: rhbz#1903903 + +* Mon Jan 11 2021 Andrew Hughes - 1:1.8.0.282.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b05 (EA) +- Update release notes for 8u282-b05 and make some minor corrections. +- Resolves: rhbz#1903903 + +* Fri Jan 08 2021 Jiri Vanek - 1:1.8.0.282.b04-0.1.ea +- added patch600, rh1750419-redhat_alt_java.patch +- Replaced alt-java palceholder by real pathced alt-java +- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch +- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +- both suprassed by new patch +- Resolves: rhbz#1750419 + +* Wed Jan 06 2021 Andrew Hughes - 1:1.8.0.282.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b04 (EA) +- Update release notes for 8u282-b04. +- Remove upstreamed patch PR3519 +- Resolves: rhbz#1903903 + +* Sat Jan 02 2021 Andrew Hughes - 1:1.8.0.282.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b03 (EA) +- Update release notes for 8u282-b03. +- Resolves: rhbz#1903903 + +* Wed Dec 23 2020 Andrew Hughes - 1:1.8.0.282.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b02 (EA) +- Resolves: rhbz#1903903 + +* Tue Dec 22 2020 Jayashree Huttanagoudar - 1:1.8.0.282.b01-0.0.ea +- Remove upstreamed JDK-8252395 & JDK-8252975. + +* Tue Dec 22 2020 Andrew Hughes - 1:1.8.0.282.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b01 (EA) +- Update release notes for 8u282-b01. +- Switch to EA mode. +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Remove PR3601, covered upstream by JDK-8062808. +- Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727. +- Resolves: rhbz#1903903 + +* Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-3 +- Included patch to handle '--without fastdebug' option to mockbuild + +* Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-2 +- Align fastdebug/slowdebug changes with upstream rhel-8.4.0 spec + +* Tue Dec 01 2020 Jiri Vanek - 1:1.8.0.275.b01-1 +- added br of listdc++-static +- removed patch998 rh1649731-allow_to_build_on_rhel6_with_stdcpplib_autotools_2_63.patch +- removed patch999 gcc-4.4.7-x86-32-siphash64.patch +- initial on-el7 build (more tuning expected) + +* Fri Nov 06 2020 Andrew Hughes - 1:1.8.0.275.b01-0 +- Update to aarch64-shenandoah-jdk8u275-b01 (GA) +- Update release notes for 8u275. +- Resolves: rhbz#1895062 + +* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-3 +- Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour" +- Resolves: rhbz#1876665 + +* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-2 +- Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 +- Resolves: rhbz#1876665 + +* Tue Oct 20 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b10-1 +- Added patch to apply tzdata 2020b + +* Sat Oct 17 2020 Andrew Hughes - 1:1.8.0.272.b10-0 +- Update to aarch64-shenandoah-jdk8u272-b10. +- Switch to GA mode for final release. +- Update release notes for 8u272 release. +- Add backport of JDK-8254177 to update to tzdata 2020b +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Delay tzdata 2020b dependency until tzdata update has shipped. +- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 +- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 +- This tarball is embargoed until 2020-10-20 @ 1pm PT. +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Andrew Hughes - 1:1.8.0.272.b09-0.1.ea +- Include a test in the RPM to check the build has the correct vendor information. +- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. +- Improve quoting of vendor name +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Jiri Vanek - 1:1.8.0.272.b09-0.1.ea +- Set vendor property and vendor URLs +- Made URLs to be preconfigured by OS +- Resolves: rhbz#1876665 + +* Wed Oct 14 2020 Andrew Hughes - 1:1.8.0.272.b09-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b09 (EA). +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b08-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b08 (EA). +- Resolves: rhbz#1876665 + +* Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b07-0.5.ea +- Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR +- Resolves: rhbz#1876665 + +* Wed Sep 23 2020 Andrew Hughes - 1:1.8.0.272.b07-0.4.ea +- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes. +- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch. + +* Wed Sep 23 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.3.ea +- Placed upstream patches JDK-8252395 and JDK-8252975 under separate section +- So that these patches can be dropped easily once they are available in 8u282 GA release + +* Thu Sep 17 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.2.ea +- Added upstream patches for JDK-8252395 and JDK-8252975 +- JDK-8252395: To ensure debuginfo files get properly copied to the images directory +- JDK-8252975: Is to fix the build failure due to JDK-8252395 + +* Tue Sep 08 2020 Andrew Hughes - 1:1.8.0.272.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b07. + +* Thu Sep 03 2020 Andrew Hughes - 1:1.8.0.272.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b06. + +* Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea +- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 + +* Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. + +* Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea +- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 + +* Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b05. +- Fix context in JDK-8186464/RH1433262 patch, following JDK-8078334 @randomness tag addition. + +* Wed Aug 19 2020 Andrew Hughes - 1:1.8.0.272.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b04. + +* Mon Aug 17 2020 Andrew Hughes - 1:1.8.0.272.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b03. + +* Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea +- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. + +* Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b02. +- Remove JDK-8154313 backport now applied upstream. + +* Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea +- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. + +* Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b01. +- Switch to EA mode. +- Remove ZipConstants change from JDK-8186464 backport, now provided upstream by JDK-8075774 + +* Mon Jul 27 2020 Andrew Hughes - 1:1.8.0.265.b01-0 +- Update to aarch64-shenandoah-jdk8u265-b01. +- Update release notes for 8u265 release. +- Resolves: rhbz#1860453 + +* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 +- Introduce jfr_arches for architectures which support JFR. +- Resolves: rhbz#1838811 + +* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 +- Update to aarch64-shenandoah-jdk8u262-b10. +- Switch to GA mode for final release. +- Update release notes for 8u262 release. +- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. +- Split JDK-8042159 patch into per-repo patches as upstream. +- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk +- Resolves: rhbz#1838811 + +* Sat Jul 11 2020 Andrew Hughes - 1:1.8.0.262.b09-0.3.ea +- Restructure the build so a minimal initial build is then used for the final build (with docs) +- This reduces pressure on the system JDK and ensures the JDK being built can do a full build +- Resolves: rhbz#1838811 + +* Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea +- Sync alt-java support with java-11-openjdk version. +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Jiri Vanek - 1:1.8.0.262.b09-0.2.ea +- Created copy of java as alt-java and adapted alternatives and man pages +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b09. +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b08-0.3.ea +- Update to aarch64-shenandoah-jdk8u262-b08. +- Resolves: rhbz#1838811 + +* Tue Jul 07 2020 Andrew Hughes - 1:1.8.0.262.b07-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. +- Resolves: rhbz#1838811 + +* Fri Jul 03 2020 Andrew Hughes - 1:1.8.0.262.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b07. +- Require tzdata 2020a so system tzdata matches resource updates in b07 +- Resolves: rhbz#1838811 + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b06. +- Resolves: rhbz#1838811 + +* Mon Jun 08 2020 Jayashree Huttanagoudar - 1:1.8.0.262.b05-0.4.ea +- Removed patch jdk8243541-rh1838229-tzdata2020a.patch +- Portabel builds use upstream tzddb.dat, and we expect it to be synced with jdk code + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.4.ea +- Backport JDK-8186464 so ZIP64 archives < 4GB can be read. +- Resolves: rhbz#1433262 + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.3.ea +- Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. +- Resolves: rhbz#1838811 + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.2.ea +- Backport JDK-8243541 & require tzdata 2020a as latest tzdata package needs resource updates +- Resolves: rhbz#1838229 + +* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b05. +- Remove backports of JDK-8227269 & JDK-8241750 included upstream in 8u262-b05. +- Resolves: rhbz#1838811 + +* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b04. +- Resolves: rhbz#1838811 + +* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b03-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. +- Resolves: rhbz#1838811 + +* Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b03. +- Resolves: rhbz#1838811 + +* Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b02-0.2.ea +- Enable JFR in our builds, ahead of upstream default. +- Only enable JFR for JIT builds, as it is not supported with Zero. +- Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. +- Resolves: rhbz#1838811 + +* Wed Jun 03 2020 Andrew Hughes - 1:1.8.0.262.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b02. +- Resolves: rhbz#1838811 + +* Sun May 24 2020 Andrew Hughes - 1:1.8.0.262.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b01. +- Switch to EA mode. +- Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR + +* Sat May 23 2020 Andrew John Hughes - 1:1.8.0.252.b09-4 +- Add backports of JDK-8227269 & JDK-8241750 to resolve slow class loading with JDWP enabled. +- Resolves: rhbz#1751985 + +* Tue Apr 14 2020 Andrew Hughes - 1:1.8.0.252.b09-2 +- Add release notes. +- Resolves: rhbz#1810557 + +* Sun Apr 12 2020 Andrew Hughes - 1:1.8.0.252.b09-1 +- Make use of --with-extra-asflags introduced in jdk8u252-b01. +- Resolves: rhbz#1810557 + +* Mon Apr 06 2020 Andrew Hughes - 1:1.8.0.252.b09-0 +- Update to aarch64-shenandoah-jdk8u252-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1810557 + +* Fri Mar 27 2020 Andrew Hughes - 1:1.8.0.252.b08-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b08. +- Resolves: rhbz#1810557 + +* Tue Mar 24 2020 Andrew Hughes - 1:1.8.0.252.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b07. +- Resolves: rhbz#1810557 + +* Mon Mar 16 2020 Andrew Hughes - 1:1.8.0.252.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b06. +- Resolves: rhbz#1810557 + +* Fri Feb 28 2020 Andrew Hughes - 1:1.8.0.252.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b05. +- Resolves: rhbz#1810557 + +* Mon Feb 24 2020 Andrew Hughes - 1:1.8.0.252.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b04. +- Resolves: rhbz#1810557 + +* Wed Feb 19 2020 Andrew Hughes - 1:1.8.0.252.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b03. +- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 +- Resolves: rhbz#1810557 + +* Tue Feb 04 2020 Andrew Hughes - 1:1.8.0.252.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b02. +- Resolves: rhbz#1810557 + +* Mon Jan 27 2020 Andrew Hughes - 1:1.8.0.252.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b01. +- Switch to EA mode. +- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change +- Resolves: rhbz#1810557 + +* Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-3 +- get rid of openjdkportable in favour of el + +* Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-2 +- renamed static to more accurate portable + +* Wed Jan 15 2020 Jiri Vanek - 1:1.8.0.242.b08-1 +- sync with rhel 8.1 + +* Tue Oct 15 2019 Jiri Vanek - 1:1.8.0.232.b09-0 +- Update to aarch64-shenandoah-jdk8u232-b09. +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. + +* Mon Oct 07 2019 Jiri Vanek - 1:1.8.0.232.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u232-b01. +- Switch to EA mode. +- Drop JDK-8210761/RH1632174 as now upstream. +- Drop JDK-8223219 as now upstream. + +* Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-4 +- for release, build debugsymbols to special archive + +* Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-3 +- filtered out -g from extra flags + +* Thu Jul 11 2019 Andrew Hughes - 1:1.8.0.222.b10-1 +- Update to aarch64-shenandoah-jdk8u222-b10. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 +- Use normal_suffix for Javadoc zip filename to copy, as there is is no debug version. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 +- Provide Javadoc debug subpackages for now, but populate them from the normal build. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-1 +- Update to aarch64-shenandoah-jdk8u222-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1724452 + +* Tue Jul 02 2019 Andrew Hughes - 1:1.8.0.222.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b08. +- Adjust PR3083/RH134640 to apply after JDK-8182999 +- Resolves: rhbz#1724452 + +* Tue Jul 02 2019 Severin Gehwolf - 1:1.8.0.222.b07-0.3.ea +- Include 'ea' designator in Release when appropriate. +- Resolves: rhbz#1724452 + +* Wed Jun 26 2019 Severin Gehwolf - 1:1.8.0.222.b07-2 +- Don't produce javadoc/javadoc-zip sub packages for the debug variant build. +- Don't perform a bootcycle build for the debug variant build. +- Resolves: rhbz#1724452 + +* Tue Jun 25 2019 Andrew Hughes - 1:1.8.0.222.b07-1 +- Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13. +- Resolves: rhbz#1724452 + +* Fri Jun 14 2019 Andrew Hughes - 1:1.8.0.222.b06-1 +- Update to aarch64-shenandoah-jdk8u222-b06. +- Resolves: rhbz#1724452 + +* Thu Jun 06 2019 Andrew Hughes - 1:1.8.0.222.b05-1 +- Update to aarch64-shenandoah-jdk8u222-b05. +- Resolves: rhbz#1724452 + +* Sat May 25 2019 Andrew Hughes - 1:1.8.0.222.b04-1 +- Update to aarch64-shenandoah-jdk8u222-b04. +- Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream. +- Resolves: rhbz#1705328 + +* Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 +- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. +- Drop unused use_shenandoah_hotspot variable. +- Resolves: rhbz#1705328 + +* Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 +- Update to aarch64-shenandoah-jdk8u222-b03. +- Set milestone to "ea" as this is not the final release. +- Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u. +- Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes. +- Resolves: rhbz#1705328 + +* Mon May 13 2019 Andrew Hughes - 1:1.8.0.222.b02-1 +- Update to aarch64-shenandoah-jdk8u222-b02. +- Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100). +- Resolves: rhbz#1705328 + +* Thu May 02 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Update to aarch64-shenandoah-jdk8u222-b01. +- Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575. +- Drop 8171000, 8197546 & PR3634 as applied upstream. +- Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp +- Resolves: rhbz#1705328 + +* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-1 +- Update to aarch64-shenandoah-jdk8u212-b04. +- Resolves: rhbz#1693468 + +* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b03-0 +- Update to aarch64-shenandoah-jdk8u212-b03. +- Resolves: rhbz#1693468 + +* Tue Apr 09 2019 Andrew Hughes - 1:1.8.0.212.b02-0 +- Update to aarch64-shenandoah-jdk8u212-b02. +- Remove patches included upstream + - JDK-8197429/PR3546/RH153662{2,3} + - JDK-8184309/PR3596 +- Re-generate patches + - JDK-8203030 +- Add casts to resolve s390 ambiguity in calls to log2_intptr +- Resolves: rhbz#1693468 + +* Sun Apr 07 2019 Andrew Hughes - 1:1.8.0.202.b08-0 +- Update to aarch64-shenandoah-jdk8u202-b08. +- Remove patches included upstream + - JDK-8211387/PR3559 + - JDK-8073139/PR1758/RH1191652 + - JDK-8044235 + - JDK-8131048/PR3574/RH1498936 + - JDK-8164920/PR3574/RH1498936 +- Resolves: rhbz#1693468 + +* Thu Apr 04 2019 Andrew Hughes - 1:1.8.0.201.b13-0 +- Update to aarch64-shenandoah-jdk8u201-b13. +- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream. +- Resolves: rhbz#1693468 + +* Tue Apr 02 2019 Severin Gehwolf - 1:1.8.0.201.b09-3 +- Update patch for RH1566890. + - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to + rh1566890-CVE_2018_3639-speculative_store_bypass.patch + - Added dependent patch, + rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +- Resolves: rhbz#1693468 + +* Tue Mar 12 2019 Jiri Vanek - 1:1.8.0.201.b09-2 +- name adapted to current tag + +* Thu Feb 28 2019 Jiri Vanek jvanek@redhat.com - 1:1.8.0.201.b09-2 +- Replaced pcsc-lite-devel (which is in optional channel) with pcsc-lite-libs. +- added rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch to make jdk work with pcsc + +* Tue Feb 26 2019 Jiri Vanek - 1:1.8.0.201.b09-0 +- cripled rpms original specto roduce only portable build +- Resolves: rhbz#1661577 diff --git a/SOURCES/jdk8141590-bundle_libffi-followup.patch b/SOURCES/jdk8141590-bundle_libffi-followup.patch new file mode 100644 index 0000000..73b09ab --- /dev/null +++ b/SOURCES/jdk8141590-bundle_libffi-followup.patch @@ -0,0 +1,51 @@ +commit 928f3bf4a3017931ecc7012688e62d8a03264e61 +Author: Andrew Hughes +AuthorDate: Thu Jan 16 17:40:36 2025 +0000 +Commit: Andrew Hughes +CommitDate: Thu Jan 16 22:50:24 2025 +0000 + + Search /usr/lib64 on architectures other than x86_64 + +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index 587b4c2657..5aeebe49a3 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -4493,7 +4493,7 @@ VS_TOOLSET_SUPPORTED_2022=true + #CUSTOM_AUTOCONF_INCLUDE + + # Do not change or remove the following line, it is needed for consistency checks: +-DATE_WHEN_GENERATED=1737049912 ++DATE_WHEN_GENERATED=1737067804 + + ############################################################################### + # +@@ -50590,9 +50590,11 @@ $as_echo_n "checking for libffi lib file location... " >&6; } + as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5 + fi + else +- # Fallback on the default /usr/lib dir ++ # Fallback on the default /usr/lib and /usr/lib64 dirs + if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then + LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?" ++ elif test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?" + else + as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5 + fi +diff --git a/common/autoconf/libraries.m4 b/common/autoconf/libraries.m4 +index 4ed8b4fdd6..6ab6dbc075 100644 +--- a/common/autoconf/libraries.m4 ++++ b/common/autoconf/libraries.m4 +@@ -1121,9 +1121,11 @@ AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP], + AC_MSG_ERROR([Could not locate libffi.so.? for bundling]) + fi + else +- # Fallback on the default /usr/lib dir ++ # Fallback on the default /usr/lib and /usr/lib64 dirs + if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then + LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?" ++ elif test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?" + else + AC_MSG_ERROR([Could not locate libffi.so.? for bundling]) + fi diff --git a/SOURCES/jdk8141590-bundle_libffi.patch b/SOURCES/jdk8141590-bundle_libffi.patch new file mode 100644 index 0000000..a200be7 --- /dev/null +++ b/SOURCES/jdk8141590-bundle_libffi.patch @@ -0,0 +1,763 @@ +diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh +index ad3f7f232e..587b4c2657 100644 +--- a/common/autoconf/generated-configure.sh ++++ b/common/autoconf/generated-configure.sh +@@ -649,6 +649,9 @@ LLVM_LIBS + LLVM_LDFLAGS + LLVM_CFLAGS + LLVM_CONFIG ++LIBFFI_LIB_FILE ++LIBFFI_LIB_DIR ++ENABLE_LIBFFI_BUNDLING + LIBFFI_LIBS + LIBFFI_CFLAGS + STATIC_CXX_SETTING +@@ -1117,6 +1120,10 @@ with_fontconfig_include + with_giflib + with_zlib + with_stdc__lib ++with_libffi ++with_libffi_include ++with_libffi_lib ++enable_libffi_bundling + with_msvcr_dll + with_msvcp_dll + with_vcruntime_1_dll +@@ -1867,6 +1874,9 @@ Optional Features: + disable bundling of the freetype library with the + build result [enabled on Windows or when using + --with-freetype, disabled otherwise] ++ --enable-libffi-bundling ++ enable bundling of libffi.so to make the built JDK ++ runnable on more systems + --enable-sjavac use sjavac to do fast incremental compiles + [disabled] + --disable-precompiled-headers +@@ -1996,6 +2006,11 @@ Optional Packages: + force linking of the C++ runtime on Linux to either + static or dynamic, default is static with dynamic as + fallback ++ --with-libffi specify prefix directory for the libffi package ++ (expecting the libraries under PATH/lib and the ++ headers under PATH/include) ++ --with-libffi-include specify directory for the libffi include files ++ --with-libffi-lib specify directory for the libffi library + --with-msvcr-dll path to microsoft C runtime dll (msvcr*.dll) + (Windows only) [probed] + --with-msvcp-dll path to microsoft C++ runtime dll (msvcp*.dll) +@@ -2878,6 +2893,52 @@ $as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + + } # ac_fn_c_check_header_compile ++ ++# ac_fn_c_try_link LINENO ++# ----------------------- ++# Try to link conftest.$ac_ext, and return whether this succeeded. ++ac_fn_c_try_link () ++{ ++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack ++ rm -f conftest.$ac_objext conftest$ac_exeext ++ if { { ac_try="$ac_link" ++case "(($ac_try" in ++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; ++ *) ac_try_echo=$ac_try;; ++esac ++eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" ++$as_echo "$ac_try_echo"; } >&5 ++ (eval "$ac_link") 2>conftest.err ++ ac_status=$? ++ if test -s conftest.err; then ++ grep -v '^ *+' conftest.err >conftest.er1 ++ cat conftest.er1 >&5 ++ mv -f conftest.er1 conftest.err ++ fi ++ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 ++ test $ac_status = 0; } && { ++ test -z "$ac_c_werror_flag" || ++ test ! -s conftest.err ++ } && test -s conftest$ac_exeext && { ++ test "$cross_compiling" = yes || ++ test -x conftest$ac_exeext ++ }; then : ++ ac_retval=0 ++else ++ $as_echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ ac_retval=1 ++fi ++ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information ++ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would ++ # interfere with the next link command; also delete a directory that is ++ # left behind by Apple's compiler. We do this before executing the actions. ++ rm -rf conftest.dSYM conftest_ipa8_conftest.oo ++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno ++ as_fn_set_status $ac_retval ++ ++} # ac_fn_c_try_link + cat >config.log <<_ACEOF + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. +@@ -4432,7 +4493,7 @@ VS_TOOLSET_SUPPORTED_2022=true + #CUSTOM_AUTOCONF_INCLUDE + + # Do not change or remove the following line, it is needed for consistency checks: +-DATE_WHEN_GENERATED=1716396030 ++DATE_WHEN_GENERATED=1737049912 + + ############################################################################### + # +@@ -50215,8 +50276,70 @@ $as_echo "static" >&6; } + fi + + ++ ++# Check whether --with-libffi was given. ++if test "${with_libffi+set}" = set; then : ++ withval=$with_libffi; ++fi ++ ++ ++# Check whether --with-libffi-include was given. ++if test "${with_libffi_include+set}" = set; then : ++ withval=$with_libffi_include; ++fi ++ ++ ++# Check whether --with-libffi-lib was given. ++if test "${with_libffi_lib+set}" = set; then : ++ withval=$with_libffi_lib; ++fi ++ ++ # Check whether --enable-libffi-bundling was given. ++if test "${enable_libffi_bundling+set}" = set; then : ++ enableval=$enable_libffi_bundling; ++fi ++ ++ ++ # Check if ffi is needed + if test "x$JVM_VARIANT_ZERO" = xtrue || test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then +- # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS ++ NEEDS_LIB_FFI=true ++ else ++ NEEDS_LIB_FFI=false ++ fi ++ ++ if test "x$NEEDS_LIB_FFI" = xfalse; then ++ if test "x${with_libffi}" != x || test "x${with_libffi_include}" != x || test "x${with_libffi_lib}" != x; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libffi not used, so --with-libffi is ignored" >&5 ++$as_echo "$as_me: WARNING: libffi not used, so --with-libffi is ignored" >&2;} ++ fi ++ LIBFFI_CFLAGS= ++ LIBFFI_LIBS= ++ else ++ LIBFFI_FOUND=no ++ ++ if test "x${with_libffi}" = xno || test "x${with_libffi_include}" = xno || test "x${with_libffi_lib}" = xno; then ++ as_fn_error $? "It is not possible to disable the use of libffi. Remove the --without-libffi option." "$LINENO" 5 ++ fi ++ ++ if test "x${with_libffi}" != x; then ++ LIBFFI_LIB_PATH="${with_libffi}/lib" ++ LIBFFI_LIBS="-L${with_libffi}/lib -lffi" ++ LIBFFI_CFLAGS="-I${with_libffi}/include" ++ LIBFFI_FOUND=yes ++ fi ++ if test "x${with_libffi_include}" != x; then ++ LIBFFI_CFLAGS="-I${with_libffi_include}" ++ LIBFFI_FOUND=yes ++ fi ++ if test "x${with_libffi_lib}" != x; then ++ LIBFFI_LIB_PATH="${with_libffi_lib}" ++ LIBFFI_LIBS="-L${with_libffi_lib} -lffi" ++ LIBFFI_FOUND=yes ++ fi ++ # Do not try pkg-config if we have a sysroot set. ++ if test "x$SYSROOT" = x; then ++ if test "x$LIBFFI_FOUND" = xno; then ++ # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS + + pkg_failed=no + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBFFI" >&5 +@@ -50272,40 +50395,224 @@ fi + # Put the nasty error message in config.log where it belongs + echo "$LIBFFI_PKG_ERRORS" >&5 + +- as_fn_error $? "Package requirements (libffi) were not met: +- +-$LIBFFI_PKG_ERRORS +- +-Consider adjusting the PKG_CONFIG_PATH environment variable if you +-installed software in a non-standard prefix. +- +-Alternatively, you may set the environment variables LIBFFI_CFLAGS +-and LIBFFI_LIBS to avoid the need to call pkg-config. +-See the pkg-config man page for more details. +-" "$LINENO" 5 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++ LIBFFI_FOUND=no + elif test $pkg_failed = untried; then +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +-is in your PATH or set the PKG_CONFIG environment variable to the full +-path to pkg-config. +- +-Alternatively, you may set the environment variables LIBFFI_CFLAGS +-and LIBFFI_LIBS to avoid the need to call pkg-config. +-See the pkg-config man page for more details. +- +-To get pkg-config, see . +-See \`config.log' for more details" "$LINENO" 5; } ++ LIBFFI_FOUND=no + else + LIBFFI_CFLAGS=$pkg_cv_LIBFFI_CFLAGS + LIBFFI_LIBS=$pkg_cv_LIBFFI_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } +- : ++ LIBFFI_FOUND=yes ++fi ++ fi ++ fi ++ if test "x$LIBFFI_FOUND" = xno; then ++ for ac_header in ffi.h ++do : ++ ac_fn_cxx_check_header_mongrel "$LINENO" "ffi.h" "ac_cv_header_ffi_h" "$ac_includes_default" ++if test "x$ac_cv_header_ffi_h" = xyes; then : ++ cat >>confdefs.h <<_ACEOF ++#define HAVE_FFI_H 1 ++_ACEOF ++ ++ LIBFFI_FOUND=yes ++ LIBFFI_CFLAGS= ++ LIBFFI_LIBS=-lffi ++ ++else ++ LIBFFI_FOUND=no ++ ++fi ++ ++done ++ ++ fi ++ if test "x$LIBFFI_FOUND" = xno; then ++ ++ # Print a helpful message on how to acquire the necessary build dependency. ++ # ffi is the help tag: freetype, cups, pulse, alsa etc ++ MISSING_DEPENDENCY=ffi ++ ++ if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then ++ cygwin_help $MISSING_DEPENDENCY ++ elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then ++ msys_help $MISSING_DEPENDENCY ++ else ++ PKGHANDLER_COMMAND= ++ ++ case $PKGHANDLER in ++ apt-get) ++ apt_help $MISSING_DEPENDENCY ;; ++ yum) ++ yum_help $MISSING_DEPENDENCY ;; ++ port) ++ port_help $MISSING_DEPENDENCY ;; ++ pkgutil) ++ pkgutil_help $MISSING_DEPENDENCY ;; ++ pkgadd) ++ pkgadd_help $MISSING_DEPENDENCY ;; ++ esac ++ ++ if test "x$PKGHANDLER_COMMAND" != x; then ++ HELP_MSG="You might be able to fix this by running '$PKGHANDLER_COMMAND'." ++ fi ++ fi ++ ++ as_fn_error $? "Could not find libffi! $HELP_MSG" "$LINENO" 5 ++ fi ++ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libffi works" >&5 ++$as_echo_n "checking if libffi works... " >&6; } ++ ac_ext=c ++ac_cpp='$CPP $CPPFLAGS' ++ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ++ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ++ac_compiler_gnu=$ac_cv_c_compiler_gnu ++ ++ OLD_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $LIBFFI_CFLAGS" ++ OLD_LIBS="$LIBS" ++ LIBS="$LIBS $LIBFFI_LIBS" ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++#include ++int ++main (void) ++{ ++ ++ ffi_call(NULL, NULL, NULL, NULL); ++ return 0; ++ ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO"; then : ++ LIBFFI_WORKS=yes ++else ++ LIBFFI_WORKS=no ++ + fi ++rm -f core conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++ CFLAGS="$OLD_CFLAGS" ++ LIBS="$OLD_LIBS" ++ ac_ext=cpp ++ac_cpp='$CXXCPP $CPPFLAGS' ++ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' ++ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ++ac_compiler_gnu=$ac_cv_cxx_compiler_gnu ++ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBFFI_WORKS" >&5 ++$as_echo "$LIBFFI_WORKS" >&6; } + ++ if test "x$LIBFFI_WORKS" = xno; then ++ ++ # Print a helpful message on how to acquire the necessary build dependency. ++ # ffi is the help tag: freetype, cups, pulse, alsa etc ++ MISSING_DEPENDENCY=ffi ++ ++ if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then ++ cygwin_help $MISSING_DEPENDENCY ++ elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then ++ msys_help $MISSING_DEPENDENCY ++ else ++ PKGHANDLER_COMMAND= ++ ++ case $PKGHANDLER in ++ apt-get) ++ apt_help $MISSING_DEPENDENCY ;; ++ yum) ++ yum_help $MISSING_DEPENDENCY ;; ++ port) ++ port_help $MISSING_DEPENDENCY ;; ++ pkgutil) ++ pkgutil_help $MISSING_DEPENDENCY ;; ++ pkgadd) ++ pkgadd_help $MISSING_DEPENDENCY ;; ++ esac ++ ++ if test "x$PKGHANDLER_COMMAND" != x; then ++ HELP_MSG="You might be able to fix this by running '$PKGHANDLER_COMMAND'." ++ fi + fi + ++ as_fn_error $? "Found libffi but could not link and compile with it. $HELP_MSG" "$LINENO" 5 ++ fi ++ ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libffi should be bundled" >&5 ++$as_echo_n "checking if libffi should be bundled... " >&6; } ++ if test "x$enable_libffi_bundling" = "x"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 ++$as_echo "no" >&6; } ++ ENABLE_LIBFFI_BUNDLING=false ++ elif test "x$enable_libffi_bundling" = "xno"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, forced" >&5 ++$as_echo "no, forced" >&6; } ++ ENABLE_LIBFFI_BUNDLING=false ++ elif test "x$enable_libffi_bundling" = "xyes"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, forced" >&5 ++$as_echo "yes, forced" >&6; } ++ ENABLE_LIBFFI_BUNDLING=true ++ else ++ as_fn_error $? "Invalid value for --enable-libffi-bundling" "$LINENO" 5 ++ fi ++ ++ # Find the libffi.so.X to bundle ++ if test "x${ENABLE_LIBFFI_BUNDLING}" = "xtrue"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libffi lib file location" >&5 ++$as_echo_n "checking for libffi lib file location... " >&6; } ++ if test "x${LIBFFI_LIB_PATH}" != x; then ++ if test -e ${LIBFFI_LIB_PATH}/libffi.so.?; then ++ LIBFFI_LIB_FILE="${LIBFFI_LIB_PATH}/libffi.so.?" ++ else ++ as_fn_error $? "Could not locate libffi.so.? for bundling in ${LIBFFI_LIB_PATH}" "$LINENO" 5 ++ fi ++ else ++ # If we don't have an explicit path, look in a few obvious places ++ if test "x${OPENJDK_TARGET_CPU}" = "xx86"; then ++ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?" ++ elif test -e ${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.?" ++ else ++ as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5 ++ fi ++ elif test "x${OPENJDK_TARGET_CPU}" = "xx86_64"; then ++ if test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?" ++ elif test -e ${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.?" ++ else ++ as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5 ++ fi ++ else ++ # Fallback on the default /usr/lib dir ++ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?" ++ else ++ as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5 ++ fi ++ fi ++ fi ++ # Make sure the wildcard is evaluated ++ LIBFFI_LIB_FILE="$(ls ${LIBFFI_LIB_FILE})" ++ LIBFFI_LIB_DIR="$(dirname ${LIBFFI_LIB_FILE})" ++ LIBFFI_LIB_FILE="$(basename ${LIBFFI_LIB_FILE})" ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${LIBFFI_LIB_FILE} in ${LIBFFI_LIB_DIR}" >&5 ++$as_echo "${LIBFFI_LIB_FILE} in ${LIBFFI_LIB_DIR}" >&6; } ++ fi ++ fi ++ ++ ++ ++ ++ ++ ++ + if test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then + # Extract the first word of "llvm-config", so it can be a program name with args. + set dummy llvm-config; ac_word=$2 +diff --git a/common/autoconf/libraries.m4 b/common/autoconf/libraries.m4 +index 6efae578ea..4ed8b4fdd6 100644 +--- a/common/autoconf/libraries.m4 ++++ b/common/autoconf/libraries.m4 +@@ -988,12 +988,161 @@ AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP], + fi + AC_SUBST(STATIC_CXX_SETTING) + ++ AC_ARG_WITH(libffi, [AS_HELP_STRING([--with-libffi], ++ [specify prefix directory for the libffi package ++ (expecting the libraries under PATH/lib and the headers under PATH/include)])]) ++ AC_ARG_WITH(libffi-include, [AS_HELP_STRING([--with-libffi-include], ++ [specify directory for the libffi include files])]) ++ AC_ARG_WITH(libffi-lib, [AS_HELP_STRING([--with-libffi-lib], ++ [specify directory for the libffi library])]) ++ AC_ARG_ENABLE(libffi-bundling, [AS_HELP_STRING([--enable-libffi-bundling], ++ [enable bundling of libffi.so to make the built JDK runnable on more systems])]) ++ ++ # Check if ffi is needed + if test "x$JVM_VARIANT_ZERO" = xtrue || test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then +- # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS +- PKG_CHECK_MODULES([LIBFFI], [libffi]) ++ NEEDS_LIB_FFI=true ++ else ++ NEEDS_LIB_FFI=false ++ fi ++ ++ if test "x$NEEDS_LIB_FFI" = xfalse; then ++ if test "x${with_libffi}" != x || test "x${with_libffi_include}" != x || test "x${with_libffi_lib}" != x; then ++ AC_MSG_WARN([libffi not used, so --with-libffi is ignored]) ++ fi ++ LIBFFI_CFLAGS= ++ LIBFFI_LIBS= ++ else ++ LIBFFI_FOUND=no + ++ if test "x${with_libffi}" = xno || test "x${with_libffi_include}" = xno || test "x${with_libffi_lib}" = xno; then ++ AC_MSG_ERROR([It is not possible to disable the use of libffi. Remove the --without-libffi option.]) ++ fi ++ ++ if test "x${with_libffi}" != x; then ++ LIBFFI_LIB_PATH="${with_libffi}/lib" ++ LIBFFI_LIBS="-L${with_libffi}/lib -lffi" ++ LIBFFI_CFLAGS="-I${with_libffi}/include" ++ LIBFFI_FOUND=yes ++ fi ++ if test "x${with_libffi_include}" != x; then ++ LIBFFI_CFLAGS="-I${with_libffi_include}" ++ LIBFFI_FOUND=yes ++ fi ++ if test "x${with_libffi_lib}" != x; then ++ LIBFFI_LIB_PATH="${with_libffi_lib}" ++ LIBFFI_LIBS="-L${with_libffi_lib} -lffi" ++ LIBFFI_FOUND=yes ++ fi ++ # Do not try pkg-config if we have a sysroot set. ++ if test "x$SYSROOT" = x; then ++ if test "x$LIBFFI_FOUND" = xno; then ++ # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS ++ PKG_CHECK_MODULES([LIBFFI], [libffi], [LIBFFI_FOUND=yes], [LIBFFI_FOUND=no]) ++ fi ++ fi ++ if test "x$LIBFFI_FOUND" = xno; then ++ AC_CHECK_HEADERS([ffi.h], ++ [ ++ LIBFFI_FOUND=yes ++ LIBFFI_CFLAGS= ++ LIBFFI_LIBS=-lffi ++ ], ++ [LIBFFI_FOUND=no] ++ ) ++ fi ++ if test "x$LIBFFI_FOUND" = xno; then ++ HELP_MSG_MISSING_DEPENDENCY([ffi]) ++ AC_MSG_ERROR([Could not find libffi! $HELP_MSG]) ++ fi ++ ++ AC_MSG_CHECKING([if libffi works]) ++ AC_LANG_PUSH(C) ++ OLD_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $LIBFFI_CFLAGS" ++ OLD_LIBS="$LIBS" ++ LIBS="$LIBS $LIBFFI_LIBS" ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], ++ [ ++ ffi_call(NULL, NULL, NULL, NULL); ++ return 0; ++ ])], ++ [LIBFFI_WORKS=yes], ++ [LIBFFI_WORKS=no] ++ ) ++ CFLAGS="$OLD_CFLAGS" ++ LIBS="$OLD_LIBS" ++ AC_LANG_POP(C) ++ AC_MSG_RESULT([$LIBFFI_WORKS]) ++ ++ if test "x$LIBFFI_WORKS" = xno; then ++ HELP_MSG_MISSING_DEPENDENCY([ffi]) ++ AC_MSG_ERROR([Found libffi but could not link and compile with it. $HELP_MSG]) ++ fi ++ ++ AC_MSG_CHECKING([if libffi should be bundled]) ++ if test "x$enable_libffi_bundling" = "x"; then ++ AC_MSG_RESULT([no]) ++ ENABLE_LIBFFI_BUNDLING=false ++ elif test "x$enable_libffi_bundling" = "xno"; then ++ AC_MSG_RESULT([no, forced]) ++ ENABLE_LIBFFI_BUNDLING=false ++ elif test "x$enable_libffi_bundling" = "xyes"; then ++ AC_MSG_RESULT([yes, forced]) ++ ENABLE_LIBFFI_BUNDLING=true ++ else ++ AC_MSG_ERROR([Invalid value for --enable-libffi-bundling]) ++ fi ++ ++ # Find the libffi.so.X to bundle ++ if test "x${ENABLE_LIBFFI_BUNDLING}" = "xtrue"; then ++ AC_MSG_CHECKING([for libffi lib file location]) ++ if test "x${LIBFFI_LIB_PATH}" != x; then ++ if test -e ${LIBFFI_LIB_PATH}/libffi.so.?; then ++ LIBFFI_LIB_FILE="${LIBFFI_LIB_PATH}/libffi.so.?" ++ else ++ AC_MSG_ERROR([Could not locate libffi.so.? for bundling in ${LIBFFI_LIB_PATH}]) ++ fi ++ else ++ # If we don't have an explicit path, look in a few obvious places ++ if test "x${OPENJDK_TARGET_CPU}" = "xx86"; then ++ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?" ++ elif test -e ${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.?" ++ else ++ AC_MSG_ERROR([Could not locate libffi.so.? for bundling]) ++ fi ++ elif test "x${OPENJDK_TARGET_CPU}" = "xx86_64"; then ++ if test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?" ++ elif test -e ${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.?" ++ else ++ AC_MSG_ERROR([Could not locate libffi.so.? for bundling]) ++ fi ++ else ++ # Fallback on the default /usr/lib dir ++ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then ++ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?" ++ else ++ AC_MSG_ERROR([Could not locate libffi.so.? for bundling]) ++ fi ++ fi ++ fi ++ # Make sure the wildcard is evaluated ++ LIBFFI_LIB_FILE="$(ls ${LIBFFI_LIB_FILE})" ++ LIBFFI_LIB_DIR="$(dirname ${LIBFFI_LIB_FILE})" ++ LIBFFI_LIB_FILE="$(basename ${LIBFFI_LIB_FILE})" ++ AC_MSG_RESULT([${LIBFFI_LIB_FILE} in ${LIBFFI_LIB_DIR}]) ++ fi + fi + ++ AC_SUBST(LIBFFI_CFLAGS) ++ AC_SUBST(LIBFFI_LIBS) ++ AC_SUBST(ENABLE_LIBFFI_BUNDLING) ++ AC_SUBST(LIBFFI_LIB_DIR) ++ AC_SUBST(LIBFFI_LIB_FILE) ++ + if test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then + AC_CHECK_PROG([LLVM_CONFIG], [llvm-config], [llvm-config]) + +diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in +index 9573bb2cbd..8da3ac32a0 100644 +--- a/common/autoconf/spec.gmk.in ++++ b/common/autoconf/spec.gmk.in +@@ -311,6 +311,11 @@ FONTCONFIG_CFLAGS:=@FONTCONFIG_CFLAGS@ + CUPS_CFLAGS:=@CUPS_CFLAGS@ + ALSA_LIBS:=@ALSA_LIBS@ + ALSA_CFLAGS:=@ALSA_CFLAGS@ ++LIBFFI_LIBS:=@LIBFFI_LIBS@ ++LIBFFI_CFLAGS:=@LIBFFI_CFLAGS@ ++ENABLE_LIBFFI_BUNDLING:=@ENABLE_LIBFFI_BUNDLING@ ++LIBFFI_LIB_DIR:=@LIBFFI_LIB_DIR@ ++LIBFFI_LIB_FILE:=@LIBFFI_LIB_FILE@ + + PACKAGE_PATH=@PACKAGE_PATH@ + +diff --git a/hotspot/make/Makefile b/hotspot/make/Makefile +index ad195763be..b9114cb99a 100644 +--- a/hotspot/make/Makefile ++++ b/hotspot/make/Makefile +@@ -476,6 +476,8 @@ $(EXPORT_INCLUDE_DIR)/%: $(ZERO_BUILD_DIR)/../generated/jvmtifiles/% + # Unix + $(EXPORT_JRE_LIB_ARCH_DIR)/%.$(LIBRARY_SUFFIX): $(ZERO_BUILD_DIR)/%.$(LIBRARY_SUFFIX) + $(install-file) ++$(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE): $(LIBFFI_LIB_DIR)/$(LIBFFI_LIB_FILE) ++ $(install-file) + $(EXPORT_JRE_LIB_ARCH_DIR)/%.debuginfo: $(ZERO_BUILD_DIR)/%.debuginfo + $(install-file) + $(EXPORT_JRE_LIB_ARCH_DIR)/%.diz: $(ZERO_BUILD_DIR)/%.diz +diff --git a/hotspot/make/aix/makefiles/defs.make b/hotspot/make/aix/makefiles/defs.make +index b12c9c8df2..db10f6a68f 100644 +--- a/hotspot/make/aix/makefiles/defs.make ++++ b/hotspot/make/aix/makefiles/defs.make +@@ -220,4 +220,7 @@ ADD_SA_BINARIES/zero = + + EXPORT_LIST += $(ADD_SA_BINARIES/$(HS_ARCH)) + ++ifeq ($(ENABLE_LIBFFI_BUNDLING), true) ++ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE) ++endif + +diff --git a/hotspot/make/bsd/makefiles/defs.make b/hotspot/make/bsd/makefiles/defs.make +index 7cd21cc175..23436f12d8 100644 +--- a/hotspot/make/bsd/makefiles/defs.make ++++ b/hotspot/make/bsd/makefiles/defs.make +@@ -364,6 +364,10 @@ ADD_SA_BINARIES/zero = + + EXPORT_LIST += $(ADD_SA_BINARIES/$(HS_ARCH)) + ++ifeq ($(ENABLE_LIBFFI_BUNDLING), true) ++ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE) ++endif ++ + # Universal build settings + ifeq ($(OS_VENDOR), Darwin) + # Build universal binaries by default on Mac OS X +diff --git a/hotspot/make/linux/makefiles/defs.make b/hotspot/make/linux/makefiles/defs.make +index ec414639d2..0baa4f068d 100644 +--- a/hotspot/make/linux/makefiles/defs.make ++++ b/hotspot/make/linux/makefiles/defs.make +@@ -333,4 +333,6 @@ ADD_SA_BINARIES/zero = + + EXPORT_LIST += $(ADD_SA_BINARIES/$(HS_ARCH)) + +- ++ifeq ($(ENABLE_LIBFFI_BUNDLING), true) ++ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE) ++endif +diff --git a/hotspot/make/solaris/makefiles/defs.make b/hotspot/make/solaris/makefiles/defs.make +index c88351c82b..cb838e854d 100644 +--- a/hotspot/make/solaris/makefiles/defs.make ++++ b/hotspot/make/solaris/makefiles/defs.make +@@ -304,3 +304,7 @@ ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) + endif + endif + EXPORT_LIST += $(EXPORT_LIB_DIR)/sa-jdi.jar ++ ++ifeq ($(ENABLE_LIBFFI_BUNDLING), true) ++ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE) ++endif +diff --git a/hotspot/make/windows/makefiles/defs.make b/hotspot/make/windows/makefiles/defs.make +index 6b36f0e2bc..6f42c7ad37 100644 +--- a/hotspot/make/windows/makefiles/defs.make ++++ b/hotspot/make/windows/makefiles/defs.make +@@ -300,6 +300,10 @@ ifeq ($(BUILD_WIN_SA), 1) + MAKE_ARGS += BUILD_WIN_SA=1 + endif + ++ifeq ($(ENABLE_LIBFFI_BUNDLING), true) ++ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE) ++endif ++ + # Propagate compiler and tools paths from configure to nmake. + # Need to make sure they contain \\ and not /. + ifneq ($(SPEC),) +diff --git a/jdk/make/Images.gmk b/jdk/make/Images.gmk +index 2e378c9134..0edefd7b5c 100644 +--- a/jdk/make/Images.gmk ++++ b/jdk/make/Images.gmk +@@ -249,7 +249,8 @@ endif + + ifneq ($(findstring $(OPENJDK_TARGET_OS), linux solaris),) # If Linux or Solaris + JDK_LIB_FILES += $(LIBRARY_PREFIX)jli$(SHARED_LIBRARY_SUFFIX) \ +- $(LIBRARY_PREFIX)jawt$(SHARED_LIBRARY_SUFFIX) ++ $(LIBRARY_PREFIX)jawt$(SHARED_LIBRARY_SUFFIX) \ ++ $(LIBFFI_LIB_FILE) + endif + + # Find all files to copy from $(JDK_OUTPUTDIR)/lib +diff --git a/jdk/make/Import.gmk b/jdk/make/Import.gmk +index b115fa7f86..29fa2662a6 100644 +--- a/jdk/make/Import.gmk ++++ b/jdk/make/Import.gmk +@@ -114,7 +114,7 @@ endef + # + # Import hotspot + # +-HOTSPOT_IMPORT_FILES := $(addprefix $(LIBRARY_PREFIX), jvm.* saproc.* jsig.* sawindbg.* jvm_db.* jvm_dtrace.*) \ ++HOTSPOT_IMPORT_FILES := $(addprefix $(LIBRARY_PREFIX), jvm.* saproc.* jsig.* sawindbg.* jvm_db.* jvm_dtrace.* ffi.*) \ + Xusage.txt sa-jdi.jar + + ifeq ($(OPENJDK_TARGET_OS), macosx) +diff --git a/make/devkit/Tools.gmk b/make/devkit/Tools.gmk +index c2460105b7..cf2ef251ac 100644 +--- a/make/devkit/Tools.gmk ++++ b/make/devkit/Tools.gmk +@@ -82,8 +82,8 @@ RPM_LIST := \ + libXi libXi-devel \ + libXdmcp libXdmcp-devel \ + libXau libXau-devel \ +- libgcc +- ++ libgcc \ ++ libffi libffi-devel + + ifeq ($(ARCH),x86_64) + RPM_DIR ?= $(RPM_DIR_x86_64) +@@ -203,6 +203,18 @@ $(libs) : $(rpms) + @mkdir -p $(SYSROOT)/usr/lib + @touch $@ + ++########################################################################################## ++# Create links for ffi header files so that they become visible by default when using the ++# devkit. ++ ++$(SYSROOT)/usr/include/ffi.h: $(rpms) ++ cd $(@D) && rm $(@F) && ln -s ../lib/libffi-*/include/$(@F) . ++ ++$(SYSROOT)/usr/include/ffitarget.h: $(rpms) ++ cd $(@D) && rm $(@F) && ln -s ../lib/libffi-*/include/$(@F) . ++ ++SYSROOT_LINKS += $(SYSROOT)/usr/include/ffi.h $(SYSROOT)/usr/include/ffitarget.h ++ + ########################################################################################## + + # Define marker files for each source package to be compiled +@@ -479,7 +491,7 @@ rpms : $(rpms) + libs : $(libs) + sysroot : rpms libs + gcc : sysroot $(gcc) $(gccpatch) +-all : binutils gcc bfdlib $(PREFIX)/devkit.info ++all : binutils gcc bfdlib $(PREFIX)/devkit.info $(SYSROOT_LINKS) + + # this is only built for host. so separate. + ccache : $(ccache) diff --git a/SOURCES/jdk8186464-rh1433262-zip64_failure.patch b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch new file mode 100644 index 0000000..572a36e --- /dev/null +++ b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch @@ -0,0 +1,286 @@ +# HG changeset patch +# User sherman +# Date 1505950914 25200 +# Wed Sep 20 16:41:54 2017 -0700 +# Node ID 723486922bfe4c17e3f5c067ce5e97229842fbcd +# Parent c8ac05bbe47771b3dafa2e7fc9a95d86d68d7c07 +8186464: ZipFile cannot read some InfoZip ZIP64 zip files +Reviewed-by: martin + +diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +index 26e2a5bf9e9..2630c118817 100644 +--- openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java ++++ openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +@@ -92,6 +92,7 @@ public class ZipFileSystem extends FileSystem { + private final boolean createNew; // create a new zip if not exists + private static final boolean isWindows = + System.getProperty("os.name").startsWith("Windows"); ++ private final boolean forceEnd64; + + // a threshold, in bytes, to decide whether to create a temp file + // for outputstream of a zip entry +@@ -112,12 +113,13 @@ public class ZipFileSystem extends FileSystem { + if (this.defaultDir.charAt(0) != '/') + throw new IllegalArgumentException("default dir should be absolute"); + ++ this.forceEnd64 = "true".equals(env.get("forceZIP64End")); + this.provider = provider; + this.zfpath = zfpath; + if (Files.notExists(zfpath)) { + if (createNew) { + try (OutputStream os = Files.newOutputStream(zfpath, CREATE_NEW, WRITE)) { +- new END().write(os, 0); ++ new END().write(os, 0, forceEnd64); + } + } else { + throw new FileSystemNotFoundException(zfpath.toString()); +@@ -1014,28 +1016,36 @@ public class ZipFileSystem extends FileSystem { + end.cenoff = ENDOFF(buf); + end.comlen = ENDCOM(buf); + end.endpos = pos + i; +- if (end.cenlen == ZIP64_MINVAL || +- end.cenoff == ZIP64_MINVAL || +- end.centot == ZIP64_MINVAL32) +- { +- // need to find the zip64 end; +- byte[] loc64 = new byte[ZIP64_LOCHDR]; +- if (readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR) +- != loc64.length) { +- return end; +- } +- long end64pos = ZIP64_LOCOFF(loc64); +- byte[] end64buf = new byte[ZIP64_ENDHDR]; +- if (readFullyAt(end64buf, 0, end64buf.length, end64pos) +- != end64buf.length) { +- return end; +- } +- // end64 found, re-calcualte everything. +- end.cenlen = ZIP64_ENDSIZ(end64buf); +- end.cenoff = ZIP64_ENDOFF(end64buf); +- end.centot = (int)ZIP64_ENDTOT(end64buf); // assume total < 2g +- end.endpos = end64pos; ++ // try if there is zip64 end; ++ byte[] loc64 = new byte[ZIP64_LOCHDR]; ++ if (end.endpos < ZIP64_LOCHDR || ++ readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR) ++ != loc64.length || ++ !locator64SigAt(loc64, 0)) { ++ return end; ++ } ++ long end64pos = ZIP64_LOCOFF(loc64); ++ byte[] end64buf = new byte[ZIP64_ENDHDR]; ++ if (readFullyAt(end64buf, 0, end64buf.length, end64pos) ++ != end64buf.length || ++ !end64SigAt(end64buf, 0)) { ++ return end; ++ } ++ // end64 found, ++ long cenlen64 = ZIP64_ENDSIZ(end64buf); ++ long cenoff64 = ZIP64_ENDOFF(end64buf); ++ long centot64 = ZIP64_ENDTOT(end64buf); ++ // double-check ++ if (cenlen64 != end.cenlen && end.cenlen != ZIP64_MINVAL || ++ cenoff64 != end.cenoff && end.cenoff != ZIP64_MINVAL || ++ centot64 != end.centot && end.centot != ZIP64_MINVAL32) { ++ return end; + } ++ // to use the end64 values ++ end.cenlen = cenlen64; ++ end.cenoff = cenoff64; ++ end.centot = (int)centot64; // assume total < 2g ++ end.endpos = end64pos; + return end; + } + } +@@ -1201,7 +1211,7 @@ public class ZipFileSystem extends FileSystem { + + // sync the zip file system, if there is any udpate + private void sync() throws IOException { +- //System.out.printf("->sync(%s) starting....!%n", toString()); ++ // System.out.printf("->sync(%s) starting....!%n", toString()); + // check ex-closer + if (!exChClosers.isEmpty()) { + for (ExChannelCloser ecc : exChClosers) { +@@ -1292,7 +1302,7 @@ public class ZipFileSystem extends FileSystem { + } + end.centot = elist.size(); + end.cenlen = written - end.cenoff; +- end.write(os, written); ++ end.write(os, written, forceEnd64); + } + if (!streams.isEmpty()) { + // +@@ -1849,8 +1859,8 @@ public class ZipFileSystem extends FileSystem { + long endpos; + int disktot; + +- void write(OutputStream os, long offset) throws IOException { +- boolean hasZip64 = false; ++ void write(OutputStream os, long offset, boolean forceEnd64) throws IOException { ++ boolean hasZip64 = forceEnd64; // false; + long xlen = cenlen; + long xoff = cenoff; + if (xlen >= ZIP64_MINVAL) { +@@ -1875,8 +1885,8 @@ public class ZipFileSystem extends FileSystem { + writeShort(os, 45); // version needed to extract + writeInt(os, 0); // number of this disk + writeInt(os, 0); // central directory start disk +- writeLong(os, centot); // number of directory entires on disk +- writeLong(os, centot); // number of directory entires ++ writeLong(os, centot); // number of directory entries on disk ++ writeLong(os, centot); // number of directory entries + writeLong(os, cenlen); // length of central directory + writeLong(os, cenoff); // offset of central directory + +diff --git openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c +index 5fd6fea049d..858e5814e92 100644 +--- openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c ++++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c +@@ -385,6 +385,9 @@ findEND64(jzfile *zip, void *end64buf, jlong endpos) + { + char loc64[ZIP64_LOCHDR]; + jlong end64pos; ++ if (endpos < ZIP64_LOCHDR) { ++ return -1; ++ } + if (readFullyAt(zip->zfd, loc64, ZIP64_LOCHDR, endpos - ZIP64_LOCHDR) == -1) { + return -1; // end64 locator not found + } +@@ -567,6 +570,7 @@ readCEN(jzfile *zip, jint knownTotal) + { + /* Following are unsigned 32-bit */ + jlong endpos, end64pos, cenpos, cenlen, cenoff; ++ jlong cenlen64, cenoff64, centot64; + /* Following are unsigned 16-bit */ + jint total, tablelen, i, j; + unsigned char *cenbuf = NULL; +@@ -594,13 +598,20 @@ readCEN(jzfile *zip, jint knownTotal) + cenlen = ENDSIZ(endbuf); + cenoff = ENDOFF(endbuf); + total = ENDTOT(endbuf); +- if (cenlen == ZIP64_MAGICVAL || cenoff == ZIP64_MAGICVAL || +- total == ZIP64_MAGICCOUNT) { +- unsigned char end64buf[ZIP64_ENDHDR]; +- if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) { +- cenlen = ZIP64_ENDSIZ(end64buf); +- cenoff = ZIP64_ENDOFF(end64buf); +- total = (jint)ZIP64_ENDTOT(end64buf); ++ unsigned char end64buf[ZIP64_ENDHDR]; ++ if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) { ++ // end64 candidate found, ++ cenlen64 = ZIP64_ENDSIZ(end64buf); ++ cenoff64 = ZIP64_ENDOFF(end64buf); ++ centot64 = ZIP64_ENDTOT(end64buf); ++ // double-check ++ if ((cenlen64 == cenlen || cenlen == ZIP64_MAGICVAL) && ++ (cenoff64 == cenoff || cenoff == ZIP64_MAGICVAL) && ++ (centot64 == total || total == ZIP64_MAGICCOUNT)) { ++ // to use the end64 values ++ cenlen = cenlen64; ++ cenoff = cenoff64; ++ total = (jint)centot64; + endpos = end64pos; + endhdrlen = ZIP64_ENDHDR; + } +diff --git openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +index ffe8a8ed712..9b380003893 100644 +--- openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java ++++ openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +@@ -22,7 +22,7 @@ + */ + + /* @test +- * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 ++ * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 8186464 + * @summary Make sure we can read a zip file. + @key randomness + * @run main/othervm ReadZip +@@ -31,12 +31,24 @@ + */ + + import java.io.*; ++import java.net.URI; + import java.nio.file.Files; ++import java.nio.file.FileSystem; ++import java.nio.file.FileSystems; ++import java.nio.file.Path; + import java.nio.file.Paths; + import java.nio.file.StandardCopyOption; + import java.nio.file.StandardOpenOption; ++import java.util.Collections; ++import java.util.HashMap; ++import java.util.List; ++import java.util.Map; + import java.util.zip.*; + ++import sun.misc.IOUtils; ++ ++import static java.nio.charset.StandardCharsets.US_ASCII; ++ + public class ReadZip { + private static void unreached (Object o) + throws Exception +@@ -144,8 +156,6 @@ public class ReadZip { + newZip.delete(); + } + +- +- + // Throw a FNF exception when read a non-existing zip file + try { unreached (new ZipFile( + new File(System.getProperty("test.src", "."), +@@ -153,5 +163,54 @@ public class ReadZip { + + String.valueOf(new java.util.Random().nextInt()) + + ".zip"))); + } catch (FileNotFoundException fnfe) {} ++ ++ // read a zip file with ZIP64 end ++ Path path = Paths.get(System.getProperty("test.dir", ""), "end64.zip"); ++ try { ++ URI uri = URI.create("jar:" + path.toUri()); ++ Map env = new HashMap<>(); ++ env.put("create", "true"); ++ env.put("forceZIP64End", "true"); ++ try (FileSystem fs = FileSystems.newFileSystem(uri, env)) { ++ Files.write(fs.getPath("hello"), "hello".getBytes()); ++ } ++ try (ZipFile zf = new ZipFile(path.toFile())) { ++ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("hello"))), ++ US_ASCII))) ++ throw new RuntimeException("zipfile: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ try (FileSystem fs = FileSystems.newFileSystem(uri, Collections.emptyMap())) { ++ if (!"hello".equals(new String(Files.readAllBytes(fs.getPath("hello"))))) ++ throw new RuntimeException("zipfs: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ } finally { ++ Files.deleteIfExists(path); ++ } ++ ++ // read a zip file created via "echo hello | zip dst.zip -", which uses ++ // ZIP64 end record ++ if (Files.notExists(Paths.get("/usr/bin/zip"))) ++ return; ++ try { ++ Process zip = new ProcessBuilder("zip", path.toString().toString(), "-").start(); ++ OutputStream os = zip.getOutputStream(); ++ os.write("hello".getBytes(US_ASCII)); ++ os.close(); ++ zip.waitFor(); ++ if (zip.exitValue() == 0 && Files.exists(path)) { ++ try (ZipFile zf = new ZipFile(path.toFile())) { ++ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("-")))))) ++ throw new RuntimeException("zipfile: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ } ++ } finally { ++ Files.deleteIfExists(path); ++ } + } + } diff --git a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch index 0af9d51..aeef65a 100644 --- a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch +++ b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch @@ -7,10 +7,11 @@ PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X -diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4 ---- openjdk.orig///common/autoconf/flags.m4 -+++ openjdk///common/autoconf/flags.m4 -@@ -402,6 +402,21 @@ +diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4 +index 113bf367e2..bed030e8d1 100644 +--- a/common/autoconf/flags.m4 ++++ b/common/autoconf/flags.m4 +@@ -451,6 +451,21 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_JDK], AC_SUBST($2CXXSTD_CXXFLAG) fi @@ -32,23 +33,32 @@ diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/fla if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags]) fi -diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/autoconf/hotspot-spec.gmk.in ---- openjdk.orig///common/autoconf/hotspot-spec.gmk.in -+++ openjdk///common/autoconf/hotspot-spec.gmk.in -@@ -112,7 +112,8 @@ - RC:=@HOTSPOT_RC@ - - EXTRA_CFLAGS=@LEGACY_EXTRA_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \ -- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) -+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \ -+ $(REALIGN_CFLAG) - EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@ - EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@ - EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@ -diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in ---- openjdk.orig///common/autoconf/spec.gmk.in -+++ openjdk///common/autoconf/spec.gmk.in -@@ -366,6 +366,7 @@ +diff --git a/common/autoconf/hotspot-spec.gmk.in b/common/autoconf/hotspot-spec.gmk.in +index 3f86751d2b..f8a271383f 100644 +--- a/common/autoconf/hotspot-spec.gmk.in ++++ b/common/autoconf/hotspot-spec.gmk.in +@@ -114,13 +114,14 @@ RC:=@HOTSPOT_RC@ + # Retain EXTRA_{CFLAGS,CXXFLAGS,LDFLAGS,ASFLAGS} for the target flags to + # maintain compatibility with the existing Makefiles + EXTRA_CFLAGS=@LEGACY_TARGET_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \ +- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) ++ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \ ++ $(REALIGN_CFLAG) + EXTRA_CXXFLAGS=@LEGACY_TARGET_CXXFLAGS@ + EXTRA_LDFLAGS=@LEGACY_TARGET_LDFLAGS@ + EXTRA_ASFLAGS=@LEGACY_TARGET_ASFLAGS@ + # Define an equivalent set for the host flags (i.e. without sysroot options) + HOST_CFLAGS=@LEGACY_HOST_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \ +- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) ++ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) + HOST_CXXFLAGS=@LEGACY_HOST_CXXFLAGS@ + HOST_LDFLAGS=@LEGACY_HOST_LDFLAGS@ + HOST_ASFLAGS=@LEGACY_HOST_ASFLAGS@ +diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in +index 9573bb2cbd..fe7efc130c 100644 +--- a/common/autoconf/spec.gmk.in ++++ b/common/autoconf/spec.gmk.in +@@ -366,6 +366,7 @@ CXXFLAGS_JDKEXE:=@CXXFLAGS_JDKEXE@ NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@ NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@ diff --git a/SOURCES/jdk8218811-perfMemory_linux.patch b/SOURCES/jdk8218811-perfMemory_linux.patch deleted file mode 100644 index 7b3d2f7..0000000 --- a/SOURCES/jdk8218811-perfMemory_linux.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp ---- openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp -+++ openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp -@@ -878,7 +878,7 @@ - - // open the file - int result; -- RESTARTABLE(::open(filename, oflags), result); -+ RESTARTABLE(::open(filename, oflags, 0), result); - if (result == OS_ERR) { - if (errno == ENOENT) { - THROW_MSG_(vmSymbols::java_lang_IllegalArgumentException(), diff --git a/SOURCES/jdk8275535-rh2053256-ldap_auth.patch b/SOURCES/jdk8275535-rh2053256-ldap_auth.patch deleted file mode 100644 index ca3e985..0000000 --- a/SOURCES/jdk8275535-rh2053256-ldap_auth.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -index cf4becb7db..4ab2ac0a31 100644 ---- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor - ctx = getLdapCtxFromUrl( - r.getDomainName(), url, new LdapURL(u), env); - return ctx; -+ } catch (AuthenticationException e) { -+ // do not retry on a different endpoint to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - // try the next element - lastException = e; -@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor - for (String u : urls) { - try { - return getUsingURL(u, env); -+ } catch (AuthenticationException e) { -+ // do not retry on a different URL to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - ex = e; - } diff --git a/SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch b/SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch deleted file mode 100644 index 774a08e..0000000 --- a/SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch +++ /dev/null @@ -1,67 +0,0 @@ -# HG changeset patch -# User Andrew John Hughes -# Date 1620365804 -3600 -# Fri May 07 06:36:44 2021 +0100 -# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8 -# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b -PR3836: Extra compiler flags not passed to adlc build - -diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make ---- openjdk.orig/hotspot/make/aix/makefiles/adlc.make -+++ openjdk/hotspot/make/aix/makefiles/adlc.make -@@ -69,6 +69,11 @@ - CFLAGS_WARN = -w - CFLAGS += $(CFLAGS_WARN) - -+# Extra flags from gnumake's invocation or environment -+CFLAGS += $(EXTRA_CFLAGS) -+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS) -+ASFLAGS += $(EXTRA_ASFLAGS) -+ - OBJECTNAMES = \ - adlparse.o \ - archDesc.o \ -diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make ---- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make -+++ openjdk/hotspot/make/bsd/makefiles/adlc.make -@@ -71,6 +71,11 @@ - endif - CFLAGS += $(CFLAGS_WARN) - -+# Extra flags from gnumake's invocation or environment -+CFLAGS += $(EXTRA_CFLAGS) -+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS) -+ASFLAGS += $(EXTRA_ASFLAGS) -+ - OBJECTNAMES = \ - adlparse.o \ - archDesc.o \ -diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make ---- openjdk.orig/hotspot/make/linux/makefiles/adlc.make -+++ openjdk/hotspot/make/linux/makefiles/adlc.make -@@ -69,6 +69,11 @@ - CFLAGS_WARN = $(WARNINGS_ARE_ERRORS) - CFLAGS += $(CFLAGS_WARN) - -+# Extra flags from gnumake's invocation or environment -+CFLAGS += $(EXTRA_CFLAGS) -+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS) -+ASFLAGS += $(EXTRA_ASFLAGS) -+ - OBJECTNAMES = \ - adlparse.o \ - archDesc.o \ -diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make ---- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make -+++ openjdk/hotspot/make/solaris/makefiles/adlc.make -@@ -85,6 +85,10 @@ - endif - CFLAGS += $(CFLAGS_WARN) - -+# Extra flags from gnumake's invocation or environment -+CFLAGS += $(EXTRA_CFLAGS) -+ASFLAGS += $(EXTRA_ASFLAGS) -+ - ifeq ("${Platform_compiler}", "sparcWorks") - # Enable the following CFLAGS addition if you need to compare the - # built ELF objects. diff --git a/SOURCES/jdk8328999-update_giflib_5.2.2.patch b/SOURCES/jdk8328999-update_giflib_5.2.2.patch new file mode 100644 index 0000000..e9eb0de --- /dev/null +++ b/SOURCES/jdk8328999-update_giflib_5.2.2.patch @@ -0,0 +1,2596 @@ +diff --git a/THIRD_PARTY_README b/THIRD_PARTY_README +index f9aea78d64..605b36f100 100644 +--- a/THIRD_PARTY_README ++++ b/THIRD_PARTY_README +@@ -1696,7 +1696,7 @@ released under other open source licenses. + + ------------------------------------------------------------------------------- + +-%% This notice is provided with respect to GIFLIB 5.2.1 & libungif 4.1.3, ++%% This notice is provided with respect to GIFLIB 5.2.2 & libungif 4.1.3, + which may be included with JRE 8, JDK 8, and OpenJDK 8. + + --- begin of LICENSE --- +@@ -1721,6 +1721,29 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + THE SOFTWARE. + ++tree/README ++ ++== Authors == ++ ++Gershon Elber ++original giflib code ++ ++Toshio Kuratomi ++uncompressed gif writing code ++former maintainer ++ ++Eric Raymond ++current as well as long time former maintainer of giflib code ++ ++There have been many other contributors; see the attributions in the ++version-control history to learn more. ++ ++ ++tree/openbsd-reallocarray.c ++ ++Copyright (C) 2008 Otto Moerbeek ++SPDX-License-Identifier: MIT ++ + --- end of LICENSE --- + + ------------------------------------------------------------------------------- +diff --git a/jdk/src/share/native/sun/awt/giflib/dgif_lib.c b/jdk/src/share/native/sun/awt/giflib/dgif_lib.c +index 6ddfb46060..0b2860b4b5 100644 +--- a/jdk/src/share/native/sun/awt/giflib/dgif_lib.c ++++ b/jdk/src/share/native/sun/awt/giflib/dgif_lib.c +@@ -34,11 +34,11 @@ SPDX-License-Identifier: MIT + + *****************************************************************************/ + +-#include ++#include + #include + #include +-#include + #include ++#include + #include + + #ifdef _WIN32 +@@ -55,18 +55,19 @@ SPDX-License-Identifier: MIT + + /* avoid extra function call in case we use fread (TVT) */ + static int InternalRead(GifFileType *gif, GifByteType *buf, int len) { +- //fprintf(stderr, "### Read: %d\n", len); +- return +- (((GifFilePrivateType*)gif->Private)->Read ? +- ((GifFilePrivateType*)gif->Private)->Read(gif,buf,len) : +- fread(buf,1,len,((GifFilePrivateType*)gif->Private)->File)); ++ // fprintf(stderr, "### Read: %d\n", len); ++ return (((GifFilePrivateType *)gif->Private)->Read ++ ? ((GifFilePrivateType *)gif->Private)->Read(gif, buf, len) ++ : fread(buf, 1, len, ++ ((GifFilePrivateType *)gif->Private)->File)); + } + + static int DGifGetWord(GifFileType *GifFile, GifWord *Word); + static int DGifSetupDecompress(GifFileType *GifFile); + static int DGifDecompressLine(GifFileType *GifFile, GifPixelType *Line, + int LineLen); +-static int DGifGetPrefixChar(GifPrefixType *Prefix, int Code, int ClearCode); ++static int DGifGetPrefixChar(const GifPrefixType *Prefix, int Code, ++ int ClearCode); + static int DGifDecompressInput(GifFileType *GifFile, int *Code); + static int DGifBufferedInput(GifFileType *GifFile, GifByteType *Buf, + GifByteType *NextByte); +@@ -76,15 +77,14 @@ static int DGifBufferedInput(GifFileType *GifFile, GifByteType *Buf, + Returns dynamically allocated GifFileType pointer which serves as the GIF + info record. + ******************************************************************************/ +-GifFileType * +-DGifOpenFileName(const char *FileName, int *Error) +-{ ++GifFileType *DGifOpenFileName(const char *FileName, int *Error) { + int FileHandle; + GifFileType *GifFile; + + if ((FileHandle = open(FileName, O_RDONLY)) == -1) { +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_OPEN_FAILED; ++ } + return NULL; + } + +@@ -97,9 +97,7 @@ DGifOpenFileName(const char *FileName, int *Error) + Returns dynamically allocated GifFileType pointer which serves as the GIF + info record. + ******************************************************************************/ +-GifFileType * +-DGifOpenFileHandle(int FileHandle, int *Error) +-{ ++GifFileType *DGifOpenFileHandle(int FileHandle, int *Error) { + char Buf[GIF_STAMP_LEN + 1]; + GifFileType *GifFile; + GifFilePrivateType *Private; +@@ -107,13 +105,14 @@ DGifOpenFileHandle(int FileHandle, int *Error) + + GifFile = (GifFileType *)malloc(sizeof(GifFileType)); + if (GifFile == NULL) { +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_NOT_ENOUGH_MEM; ++ } + (void)close(FileHandle); + return NULL; + } + +- /*@i1@*/memset(GifFile, '\0', sizeof(GifFileType)); ++ /*@i1@*/ memset(GifFile, '\0', sizeof(GifFileType)); + + /* Belt and suspenders, in case the null pointer isn't zero */ + GifFile->SavedImages = NULL; +@@ -121,35 +120,38 @@ DGifOpenFileHandle(int FileHandle, int *Error) + + Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType)); + if (Private == NULL) { +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_NOT_ENOUGH_MEM; ++ } + (void)close(FileHandle); + free((char *)GifFile); + return NULL; + } + +- /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); ++ /*@i1@*/ memset(Private, '\0', sizeof(GifFilePrivateType)); + + #ifdef _WIN32 +- _setmode(FileHandle, O_BINARY); /* Make sure it is in binary mode. */ +-#endif /* _WIN32 */ ++ _setmode(FileHandle, O_BINARY); /* Make sure it is in binary mode. */ ++#endif /* _WIN32 */ + +- f = fdopen(FileHandle, "rb"); /* Make it into a stream: */ ++ f = fdopen(FileHandle, "rb"); /* Make it into a stream: */ + + /*@-mustfreeonly@*/ + GifFile->Private = (void *)Private; + Private->FileHandle = FileHandle; + Private->File = f; + Private->FileState = FILE_STATE_READ; +- Private->Read = NULL; /* don't use alternate input method (TVT) */ +- GifFile->UserData = NULL; /* TVT */ ++ Private->Read = NULL; /* don't use alternate input method (TVT) */ ++ GifFile->UserData = NULL; /* TVT */ + /*@=mustfreeonly@*/ + + /* Let's see if this is a GIF file: */ + /* coverity[check_return] */ +- if (InternalRead(GifFile, (unsigned char *)Buf, GIF_STAMP_LEN) != GIF_STAMP_LEN) { +- if (Error != NULL) ++ if (InternalRead(GifFile, (unsigned char *)Buf, GIF_STAMP_LEN) != ++ GIF_STAMP_LEN) { ++ if (Error != NULL) { + *Error = D_GIF_ERR_READ_FAILED; ++ } + (void)fclose(f); + free((char *)Private); + free((char *)GifFile); +@@ -159,8 +161,9 @@ DGifOpenFileHandle(int FileHandle, int *Error) + /* Check for GIF prefix at start of file */ + Buf[GIF_STAMP_LEN] = 0; + if (strncmp(GIF_STAMP, Buf, GIF_VERSION_POS) != 0) { +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_NOT_GIF_FILE; ++ } + (void)fclose(f); + free((char *)Private); + free((char *)GifFile); +@@ -177,7 +180,7 @@ DGifOpenFileHandle(int FileHandle, int *Error) + GifFile->Error = 0; + + /* What version of GIF? */ +- Private->gif89 = (Buf[GIF_VERSION_POS] == '9'); ++ Private->gif89 = (Buf[GIF_VERSION_POS + 1] == '9'); + + return GifFile; + } +@@ -185,17 +188,16 @@ DGifOpenFileHandle(int FileHandle, int *Error) + /****************************************************************************** + GifFileType constructor with user supplied input function (TVT) + ******************************************************************************/ +-GifFileType * +-DGifOpen(void *userData, InputFunc readFunc, int *Error) +-{ ++GifFileType *DGifOpen(void *userData, InputFunc readFunc, int *Error) { + char Buf[GIF_STAMP_LEN + 1]; + GifFileType *GifFile; + GifFilePrivateType *Private; + + GifFile = (GifFileType *)malloc(sizeof(GifFileType)); + if (GifFile == NULL) { +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_NOT_ENOUGH_MEM; ++ } + return NULL; + } + +@@ -207,26 +209,29 @@ DGifOpen(void *userData, InputFunc readFunc, int *Error) + + Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType)); + if (!Private) { +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_NOT_ENOUGH_MEM; ++ } + free((char *)GifFile); + return NULL; + } +- /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); ++ /*@i1@*/ memset(Private, '\0', sizeof(GifFilePrivateType)); + + GifFile->Private = (void *)Private; + Private->FileHandle = 0; + Private->File = NULL; + Private->FileState = FILE_STATE_READ; + +- Private->Read = readFunc; /* TVT */ +- GifFile->UserData = userData; /* TVT */ ++ Private->Read = readFunc; /* TVT */ ++ GifFile->UserData = userData; /* TVT */ + + /* Lets see if this is a GIF file: */ + /* coverity[check_return] */ +- if (InternalRead(GifFile, (unsigned char *)Buf, GIF_STAMP_LEN) != GIF_STAMP_LEN) { +- if (Error != NULL) ++ if (InternalRead(GifFile, (unsigned char *)Buf, GIF_STAMP_LEN) != ++ GIF_STAMP_LEN) { ++ if (Error != NULL) { + *Error = D_GIF_ERR_READ_FAILED; ++ } + free((char *)Private); + free((char *)GifFile); + return NULL; +@@ -235,8 +240,9 @@ DGifOpen(void *userData, InputFunc readFunc, int *Error) + /* Check for GIF prefix at start of file */ + Buf[GIF_STAMP_LEN] = '\0'; + if (strncmp(GIF_STAMP, Buf, GIF_VERSION_POS) != 0) { +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_NOT_GIF_FILE; ++ } + free((char *)Private); + free((char *)GifFile); + return NULL; +@@ -245,15 +251,16 @@ DGifOpen(void *userData, InputFunc readFunc, int *Error) + if (DGifGetScreenDesc(GifFile) == GIF_ERROR) { + free((char *)Private); + free((char *)GifFile); +- if (Error != NULL) ++ if (Error != NULL) { + *Error = D_GIF_ERR_NO_SCRN_DSCR; ++ } + return NULL; + } + + GifFile->Error = 0; + + /* What version of GIF? */ +- Private->gif89 = (Buf[GIF_VERSION_POS] == '9'); ++ Private->gif89 = (Buf[GIF_VERSION_POS + 1] == '9'); + + return GifFile; + } +@@ -262,9 +269,7 @@ DGifOpen(void *userData, InputFunc readFunc, int *Error) + This routine should be called before any other DGif calls. Note that + this routine is called automatically from DGif file open routines. + ******************************************************************************/ +-int +-DGifGetScreenDesc(GifFileType *GifFile) +-{ ++int DGifGetScreenDesc(GifFileType *GifFile) { + int BitsPerPixel; + bool SortFlag; + GifByteType Buf[3]; +@@ -278,8 +283,9 @@ DGifGetScreenDesc(GifFileType *GifFile) + + /* Put the screen descriptor into the file: */ + if (DGifGetWord(GifFile, &GifFile->SWidth) == GIF_ERROR || +- DGifGetWord(GifFile, &GifFile->SHeight) == GIF_ERROR) ++ DGifGetWord(GifFile, &GifFile->SHeight) == GIF_ERROR) { + return GIF_ERROR; ++ } + + if (InternalRead(GifFile, Buf, 3) != 3) { + GifFile->Error = D_GIF_ERR_READ_FAILED; +@@ -292,7 +298,7 @@ DGifGetScreenDesc(GifFileType *GifFile) + BitsPerPixel = (Buf[0] & 0x07) + 1; + GifFile->SBackGroundColor = Buf[1]; + GifFile->AspectByte = Buf[2]; +- if (Buf[0] & 0x80) { /* Do we have global color map? */ ++ if (Buf[0] & 0x80) { /* Do we have global color map? */ + int i; + + GifFile->SColorMap = GifMakeMapObject(1 << BitsPerPixel, NULL); +@@ -327,23 +333,20 @@ DGifGetScreenDesc(GifFileType *GifFile) + return GIF_OK; + } + +-const char * +-DGifGetGifVersion(GifFileType *GifFile) +-{ +- GifFilePrivateType *Private = (GifFilePrivateType *) GifFile->Private; ++const char *DGifGetGifVersion(GifFileType *GifFile) { ++ GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + +- if (Private->gif89) ++ if (Private->gif89) { + return GIF89_STAMP; +- else ++ } else { + return GIF87_STAMP; ++ } + } + + /****************************************************************************** + This routine should be called before any attempt to read an image. + ******************************************************************************/ +-int +-DGifGetRecordType(GifFileType *GifFile, GifRecordType* Type) +-{ ++int DGifGetRecordType(GifFileType *GifFile, GifRecordType *Type) { + GifByteType Buf; + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + +@@ -359,29 +362,27 @@ DGifGetRecordType(GifFileType *GifFile, GifRecordType* Type) + return GIF_ERROR; + } + +- //fprintf(stderr, "### DGifGetRecordType: %02x\n", Buf); ++ // fprintf(stderr, "### DGifGetRecordType: %02x\n", Buf); + switch (Buf) { +- case DESCRIPTOR_INTRODUCER: +- *Type = IMAGE_DESC_RECORD_TYPE; +- break; +- case EXTENSION_INTRODUCER: +- *Type = EXTENSION_RECORD_TYPE; +- break; +- case TERMINATOR_INTRODUCER: +- *Type = TERMINATE_RECORD_TYPE; +- break; +- default: +- *Type = UNDEFINED_RECORD_TYPE; +- GifFile->Error = D_GIF_ERR_WRONG_RECORD; +- return GIF_ERROR; ++ case DESCRIPTOR_INTRODUCER: ++ *Type = IMAGE_DESC_RECORD_TYPE; ++ break; ++ case EXTENSION_INTRODUCER: ++ *Type = EXTENSION_RECORD_TYPE; ++ break; ++ case TERMINATOR_INTRODUCER: ++ *Type = TERMINATE_RECORD_TYPE; ++ break; ++ default: ++ *Type = UNDEFINED_RECORD_TYPE; ++ GifFile->Error = D_GIF_ERR_WRONG_RECORD; ++ return GIF_ERROR; + } + + return GIF_OK; + } + +-int +-DGifGetImageHeader(GifFileType *GifFile) +-{ ++int DGifGetImageHeader(GifFileType *GifFile) { + unsigned int BitsPerPixel; + GifByteType Buf[3]; + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; +@@ -395,8 +396,9 @@ DGifGetImageHeader(GifFileType *GifFile) + if (DGifGetWord(GifFile, &GifFile->Image.Left) == GIF_ERROR || + DGifGetWord(GifFile, &GifFile->Image.Top) == GIF_ERROR || + DGifGetWord(GifFile, &GifFile->Image.Width) == GIF_ERROR || +- DGifGetWord(GifFile, &GifFile->Image.Height) == GIF_ERROR) ++ DGifGetWord(GifFile, &GifFile->Image.Height) == GIF_ERROR) { + return GIF_ERROR; ++ } + if (InternalRead(GifFile, Buf, 1) != 1) { + GifFile->Error = D_GIF_ERR_READ_FAILED; + GifFreeMapObject(GifFile->Image.ColorMap); +@@ -415,7 +417,8 @@ DGifGetImageHeader(GifFileType *GifFile) + if (Buf[0] & 0x80) { + unsigned int i; + +- GifFile->Image.ColorMap = GifMakeMapObject(1 << BitsPerPixel, NULL); ++ GifFile->Image.ColorMap = ++ GifMakeMapObject(1 << BitsPerPixel, NULL); + if (GifFile->Image.ColorMap == NULL) { + GifFile->Error = D_GIF_ERR_NOT_ENOUGH_MEM; + return GIF_ERROR; +@@ -436,8 +439,8 @@ DGifGetImageHeader(GifFileType *GifFile) + } + } + +- Private->PixelCount = (long)GifFile->Image.Width * +- (long)GifFile->Image.Height; ++ Private->PixelCount = ++ (long)GifFile->Image.Width * (long)GifFile->Image.Height; + + /* Reset decompress algorithm parameters. */ + return DGifSetupDecompress(GifFile); +@@ -447,9 +450,7 @@ DGifGetImageHeader(GifFileType *GifFile) + This routine should be called before any attempt to read an image. + Note it is assumed the Image desc. header has been read. + ******************************************************************************/ +-int +-DGifGetImageDesc(GifFileType *GifFile) +-{ ++int DGifGetImageDesc(GifFileType *GifFile) { + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + SavedImage *sp; + +@@ -464,9 +465,9 @@ DGifGetImageDesc(GifFileType *GifFile) + } + + if (GifFile->SavedImages) { +- SavedImage* new_saved_images = +- (SavedImage *)reallocarray(GifFile->SavedImages, +- (GifFile->ImageCount + 1), sizeof(SavedImage)); ++ SavedImage *new_saved_images = (SavedImage *)reallocarray( ++ GifFile->SavedImages, (GifFile->ImageCount + 1), ++ sizeof(SavedImage)); + if (new_saved_images == NULL) { + GifFile->Error = D_GIF_ERR_NOT_ENOUGH_MEM; + return GIF_ERROR; +@@ -474,7 +475,7 @@ DGifGetImageDesc(GifFileType *GifFile) + GifFile->SavedImages = new_saved_images; + } else { + if ((GifFile->SavedImages = +- (SavedImage *) malloc(sizeof(SavedImage))) == NULL) { ++ (SavedImage *)malloc(sizeof(SavedImage))) == NULL) { + GifFile->Error = D_GIF_ERR_NOT_ENOUGH_MEM; + return GIF_ERROR; + } +@@ -483,9 +484,9 @@ DGifGetImageDesc(GifFileType *GifFile) + sp = &GifFile->SavedImages[GifFile->ImageCount]; + memcpy(&sp->ImageDesc, &GifFile->Image, sizeof(GifImageDesc)); + if (GifFile->Image.ColorMap != NULL) { +- sp->ImageDesc.ColorMap = GifMakeMapObject( +- GifFile->Image.ColorMap->ColorCount, +- GifFile->Image.ColorMap->Colors); ++ sp->ImageDesc.ColorMap = ++ GifMakeMapObject(GifFile->Image.ColorMap->ColorCount, ++ GifFile->Image.ColorMap->Colors); + if (sp->ImageDesc.ColorMap == NULL) { + GifFile->Error = D_GIF_ERR_NOT_ENOUGH_MEM; + return GIF_ERROR; +@@ -493,7 +494,7 @@ DGifGetImageDesc(GifFileType *GifFile) + } + sp->RasterBits = (unsigned char *)NULL; + sp->ExtensionBlockCount = 0; +- sp->ExtensionBlocks = (ExtensionBlock *) NULL; ++ sp->ExtensionBlocks = (ExtensionBlock *)NULL; + + GifFile->ImageCount++; + +@@ -503,11 +504,9 @@ DGifGetImageDesc(GifFileType *GifFile) + /****************************************************************************** + Get one full scanned line (Line) of length LineLen from GIF file. + ******************************************************************************/ +-int +-DGifGetLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) +-{ ++int DGifGetLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) { + GifByteType *Dummy; +- GifFilePrivateType *Private = (GifFilePrivateType *) GifFile->Private; ++ GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + + if (!IS_READABLE(Private)) { + /* This file was NOT open for reading: */ +@@ -515,8 +514,9 @@ DGifGetLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) + return GIF_ERROR; + } + +- if (!LineLen) ++ if (!LineLen) { + LineLen = GifFile->Image.Width; ++ } + + if ((Private->PixelCount -= LineLen) > 0xffff0000UL) { + GifFile->Error = D_GIF_ERR_DATA_TOO_BIG; +@@ -525,56 +525,59 @@ DGifGetLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) + + if (DGifDecompressLine(GifFile, Line, LineLen) == GIF_OK) { + if (Private->PixelCount == 0) { +- /* We probably won't be called any more, so let's clean up +- * everything before we return: need to flush out all the +- * rest of image until an empty block (size 0) ++ /* We probably won't be called any more, so let's clean ++ * up everything before we return: need to flush out all ++ * the rest of image until an empty block (size 0) + * detected. We use GetCodeNext. + */ +- do +- if (DGifGetCodeNext(GifFile, &Dummy) == GIF_ERROR) ++ do { ++ if (DGifGetCodeNext(GifFile, &Dummy) == ++ GIF_ERROR) { + return GIF_ERROR; +- while (Dummy != NULL) ; ++ } ++ } while (Dummy != NULL); + } + return GIF_OK; +- } else ++ } else { + return GIF_ERROR; ++ } + } + + /****************************************************************************** + Put one pixel (Pixel) into GIF file. + ******************************************************************************/ +-int +-DGifGetPixel(GifFileType *GifFile, GifPixelType Pixel) +-{ ++int DGifGetPixel(GifFileType *GifFile, GifPixelType Pixel) { + GifByteType *Dummy; +- GifFilePrivateType *Private = (GifFilePrivateType *) GifFile->Private; ++ GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + + if (!IS_READABLE(Private)) { + /* This file was NOT open for reading: */ + GifFile->Error = D_GIF_ERR_NOT_READABLE; + return GIF_ERROR; + } +- if (--Private->PixelCount > 0xffff0000UL) +- { ++ if (--Private->PixelCount > 0xffff0000UL) { + GifFile->Error = D_GIF_ERR_DATA_TOO_BIG; + return GIF_ERROR; + } + + if (DGifDecompressLine(GifFile, &Pixel, 1) == GIF_OK) { + if (Private->PixelCount == 0) { +- /* We probably won't be called any more, so let's clean up +- * everything before we return: need to flush out all the +- * rest of image until an empty block (size 0) ++ /* We probably won't be called any more, so let's clean ++ * up everything before we return: need to flush out all ++ * the rest of image until an empty block (size 0) + * detected. We use GetCodeNext. + */ +- do +- if (DGifGetCodeNext(GifFile, &Dummy) == GIF_ERROR) ++ do { ++ if (DGifGetCodeNext(GifFile, &Dummy) == ++ GIF_ERROR) { + return GIF_ERROR; +- while (Dummy != NULL) ; ++ } ++ } while (Dummy != NULL); + } + return GIF_OK; +- } else ++ } else { + return GIF_ERROR; ++ } + } + + /****************************************************************************** +@@ -584,13 +587,12 @@ DGifGetPixel(GifFileType *GifFile, GifPixelType Pixel) + The Extension should NOT be freed by the user (not dynamically allocated). + Note it is assumed the Extension description header has been read. + ******************************************************************************/ +-int +-DGifGetExtension(GifFileType *GifFile, int *ExtCode, GifByteType **Extension) +-{ ++int DGifGetExtension(GifFileType *GifFile, int *ExtCode, ++ GifByteType **Extension) { + GifByteType Buf; + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + +- //fprintf(stderr, "### -> DGifGetExtension:\n"); ++ // fprintf(stderr, "### -> DGifGetExtension:\n"); + if (!IS_READABLE(Private)) { + /* This file was NOT open for reading: */ + GifFile->Error = D_GIF_ERR_NOT_READABLE; +@@ -603,7 +605,8 @@ DGifGetExtension(GifFileType *GifFile, int *ExtCode, GifByteType **Extension) + return GIF_ERROR; + } + *ExtCode = Buf; +- //fprintf(stderr, "### <- DGifGetExtension: %02x, about to call next\n", Buf); ++ // fprintf(stderr, "### <- DGifGetExtension: %02x, about to call ++ // next\n", Buf); + + return DGifGetExtensionNext(GifFile, Extension); + } +@@ -613,30 +616,30 @@ DGifGetExtension(GifFileType *GifFile, int *ExtCode, GifByteType **Extension) + routine should be called until NULL Extension is returned. + The Extension should NOT be freed by the user (not dynamically allocated). + ******************************************************************************/ +-int +-DGifGetExtensionNext(GifFileType *GifFile, GifByteType ** Extension) +-{ ++int DGifGetExtensionNext(GifFileType *GifFile, GifByteType **Extension) { + GifByteType Buf; + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + +- //fprintf(stderr, "### -> DGifGetExtensionNext\n"); ++ // fprintf(stderr, "### -> DGifGetExtensionNext\n"); + if (InternalRead(GifFile, &Buf, 1) != 1) { + GifFile->Error = D_GIF_ERR_READ_FAILED; + return GIF_ERROR; + } +- //fprintf(stderr, "### DGifGetExtensionNext sees %d\n", Buf); ++ // fprintf(stderr, "### DGifGetExtensionNext sees %d\n", Buf); + + if (Buf > 0) { +- *Extension = Private->Buf; /* Use private unused buffer. */ +- (*Extension)[0] = Buf; /* Pascal strings notation (pos. 0 is len.). */ +- /* coverity[tainted_data,check_return] */ ++ *Extension = Private->Buf; /* Use private unused buffer. */ ++ (*Extension)[0] = ++ Buf; /* Pascal strings notation (pos. 0 is len.). */ ++ /* coverity[tainted_data,check_return] */ + if (InternalRead(GifFile, &((*Extension)[1]), Buf) != Buf) { + GifFile->Error = D_GIF_ERR_READ_FAILED; + return GIF_ERROR; + } +- } else ++ } else { + *Extension = NULL; +- //fprintf(stderr, "### <- DGifGetExtensionNext: %p\n", Extension); ++ } ++ // fprintf(stderr, "### <- DGifGetExtensionNext: %p\n", Extension); + + return GIF_OK; + } +@@ -647,19 +650,20 @@ DGifGetExtensionNext(GifFileType *GifFile, GifByteType ** Extension) + + int DGifExtensionToGCB(const size_t GifExtensionLength, + const GifByteType *GifExtension, +- GraphicsControlBlock *GCB) +-{ ++ GraphicsControlBlock *GCB) { + if (GifExtensionLength != 4) { + return GIF_ERROR; + } + + GCB->DisposalMode = (GifExtension[0] >> 2) & 0x07; + GCB->UserInputFlag = (GifExtension[0] & 0x02) != 0; +- GCB->DelayTime = UNSIGNED_LITTLE_ENDIAN(GifExtension[1], GifExtension[2]); +- if (GifExtension[0] & 0x01) ++ GCB->DelayTime = ++ UNSIGNED_LITTLE_ENDIAN(GifExtension[1], GifExtension[2]); ++ if (GifExtension[0] & 0x01) { + GCB->TransparentColor = (int)GifExtension[3]; +- else ++ } else { + GCB->TransparentColor = NO_TRANSPARENT_COLOR; ++ } + + return GIF_OK; + } +@@ -668,23 +672,27 @@ int DGifExtensionToGCB(const size_t GifExtensionLength, + Extract the Graphics Control Block for a saved image, if it exists. + ******************************************************************************/ + +-int DGifSavedExtensionToGCB(GifFileType *GifFile, +- int ImageIndex, GraphicsControlBlock *GCB) +-{ ++int DGifSavedExtensionToGCB(GifFileType *GifFile, int ImageIndex, ++ GraphicsControlBlock *GCB) { + int i; + +- if (ImageIndex < 0 || ImageIndex > GifFile->ImageCount - 1) ++ if (ImageIndex < 0 || ImageIndex > GifFile->ImageCount - 1) { + return GIF_ERROR; ++ } + + GCB->DisposalMode = DISPOSAL_UNSPECIFIED; + GCB->UserInputFlag = false; + GCB->DelayTime = 0; + GCB->TransparentColor = NO_TRANSPARENT_COLOR; + +- for (i = 0; i < GifFile->SavedImages[ImageIndex].ExtensionBlockCount; i++) { +- ExtensionBlock *ep = &GifFile->SavedImages[ImageIndex].ExtensionBlocks[i]; +- if (ep->Function == GRAPHICS_EXT_FUNC_CODE) +- return DGifExtensionToGCB(ep->ByteCount, ep->Bytes, GCB); ++ for (i = 0; i < GifFile->SavedImages[ImageIndex].ExtensionBlockCount; ++ i++) { ++ ExtensionBlock *ep = ++ &GifFile->SavedImages[ImageIndex].ExtensionBlocks[i]; ++ if (ep->Function == GRAPHICS_EXT_FUNC_CODE) { ++ return DGifExtensionToGCB(ep->ByteCount, ep->Bytes, ++ GCB); ++ } + } + + return GIF_ERROR; +@@ -693,13 +701,12 @@ int DGifSavedExtensionToGCB(GifFileType *GifFile, + /****************************************************************************** + This routine should be called last, to close the GIF file. + ******************************************************************************/ +-int +-DGifCloseFile(GifFileType *GifFile, int *ErrorCode) +-{ ++int DGifCloseFile(GifFileType *GifFile, int *ErrorCode) { + GifFilePrivateType *Private; + +- if (GifFile == NULL || GifFile->Private == NULL) ++ if (GifFile == NULL || GifFile->Private == NULL) { + return GIF_ERROR; ++ } + + if (GifFile->Image.ColorMap) { + GifFreeMapObject(GifFile->Image.ColorMap); +@@ -716,22 +723,25 @@ DGifCloseFile(GifFileType *GifFile, int *ErrorCode) + GifFile->SavedImages = NULL; + } + +- GifFreeExtensions(&GifFile->ExtensionBlockCount, &GifFile->ExtensionBlocks); ++ GifFreeExtensions(&GifFile->ExtensionBlockCount, ++ &GifFile->ExtensionBlocks); + +- Private = (GifFilePrivateType *) GifFile->Private; ++ Private = (GifFilePrivateType *)GifFile->Private; + + if (!IS_READABLE(Private)) { + /* This file was NOT open for reading: */ +- if (ErrorCode != NULL) ++ if (ErrorCode != NULL) { + *ErrorCode = D_GIF_ERR_NOT_READABLE; ++ } + free((char *)GifFile->Private); + free(GifFile); + return GIF_ERROR; + } + + if (Private->File && (fclose(Private->File) != 0)) { +- if (ErrorCode != NULL) ++ if (ErrorCode != NULL) { + *ErrorCode = D_GIF_ERR_CLOSE_FAILED; ++ } + free((char *)GifFile->Private); + free(GifFile); + return GIF_ERROR; +@@ -739,17 +749,16 @@ DGifCloseFile(GifFileType *GifFile, int *ErrorCode) + + free((char *)GifFile->Private); + free(GifFile); +- if (ErrorCode != NULL) ++ if (ErrorCode != NULL) { + *ErrorCode = D_GIF_SUCCEEDED; ++ } + return GIF_OK; + } + + /****************************************************************************** + Get 2 bytes (word) from the given file: + ******************************************************************************/ +-static int +-DGifGetWord(GifFileType *GifFile, GifWord *Word) +-{ ++static int DGifGetWord(GifFileType *GifFile, GifWord *Word) { + unsigned char c[2]; + + /* coverity[check_return] */ +@@ -769,9 +778,7 @@ DGifGetWord(GifFileType *GifFile, GifWord *Word) + to DGifGetCodeNext, until NULL block is returned. + The block should NOT be freed by the user (not dynamically allocated). + ******************************************************************************/ +-int +-DGifGetCode(GifFileType *GifFile, int *CodeSize, GifByteType **CodeBlock) +-{ ++int DGifGetCode(GifFileType *GifFile, int *CodeSize, GifByteType **CodeBlock) { + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + + if (!IS_READABLE(Private)) { +@@ -790,9 +797,7 @@ DGifGetCode(GifFileType *GifFile, int *CodeSize, GifByteType **CodeBlock) + called until NULL block is returned. + The block should NOT be freed by the user (not dynamically allocated). + ******************************************************************************/ +-int +-DGifGetCodeNext(GifFileType *GifFile, GifByteType **CodeBlock) +-{ ++int DGifGetCodeNext(GifFileType *GifFile, GifByteType **CodeBlock) { + GifByteType Buf; + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + +@@ -805,17 +810,19 @@ DGifGetCodeNext(GifFileType *GifFile, GifByteType **CodeBlock) + + /* coverity[lower_bounds] */ + if (Buf > 0) { +- *CodeBlock = Private->Buf; /* Use private unused buffer. */ +- (*CodeBlock)[0] = Buf; /* Pascal strings notation (pos. 0 is len.). */ +- /* coverity[tainted_data] */ ++ *CodeBlock = Private->Buf; /* Use private unused buffer. */ ++ (*CodeBlock)[0] = ++ Buf; /* Pascal strings notation (pos. 0 is len.). */ ++ /* coverity[tainted_data] */ + if (InternalRead(GifFile, &((*CodeBlock)[1]), Buf) != Buf) { + GifFile->Error = D_GIF_ERR_READ_FAILED; + return GIF_ERROR; + } + } else { + *CodeBlock = NULL; +- Private->Buf[0] = 0; /* Make sure the buffer is empty! */ +- Private->PixelCount = 0; /* And local info. indicate image read. */ ++ Private->Buf[0] = 0; /* Make sure the buffer is empty! */ ++ Private->PixelCount = ++ 0; /* And local info. indicate image read. */ + } + + return GIF_OK; +@@ -824,41 +831,43 @@ DGifGetCodeNext(GifFileType *GifFile, GifByteType **CodeBlock) + /****************************************************************************** + Setup the LZ decompression for this image: + ******************************************************************************/ +-static int +-DGifSetupDecompress(GifFileType *GifFile) +-{ ++static int DGifSetupDecompress(GifFileType *GifFile) { + int i, BitsPerPixel; + GifByteType CodeSize; + GifPrefixType *Prefix; + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + + /* coverity[check_return] */ +- if (InternalRead(GifFile, &CodeSize, 1) < 1) { /* Read Code size from file. */ +- return GIF_ERROR; /* Failed to read Code size. */ ++ if (InternalRead(GifFile, &CodeSize, 1) < ++ 1) { /* Read Code size from file. */ ++ GifFile->Error = D_GIF_ERR_READ_FAILED; ++ return GIF_ERROR; /* Failed to read Code size. */ + } + BitsPerPixel = CodeSize; + + /* this can only happen on a severely malformed GIF */ + if (BitsPerPixel > 8) { +- GifFile->Error = D_GIF_ERR_READ_FAILED; /* somewhat bogus error code */ +- return GIF_ERROR; /* Failed to read Code size. */ ++ GifFile->Error = ++ D_GIF_ERR_READ_FAILED; /* somewhat bogus error code */ ++ return GIF_ERROR; /* Failed to read Code size. */ + } + +- Private->Buf[0] = 0; /* Input Buffer empty. */ ++ Private->Buf[0] = 0; /* Input Buffer empty. */ + Private->BitsPerPixel = BitsPerPixel; + Private->ClearCode = (1 << BitsPerPixel); + Private->EOFCode = Private->ClearCode + 1; + Private->RunningCode = Private->EOFCode + 1; +- Private->RunningBits = BitsPerPixel + 1; /* Number of bits per code. */ +- Private->MaxCode1 = 1 << Private->RunningBits; /* Max. code + 1. */ +- Private->StackPtr = 0; /* No pixels on the pixel stack. */ ++ Private->RunningBits = BitsPerPixel + 1; /* Number of bits per code. */ ++ Private->MaxCode1 = 1 << Private->RunningBits; /* Max. code + 1. */ ++ Private->StackPtr = 0; /* No pixels on the pixel stack. */ + Private->LastCode = NO_SUCH_CODE; +- Private->CrntShiftState = 0; /* No information in CrntShiftDWord. */ ++ Private->CrntShiftState = 0; /* No information in CrntShiftDWord. */ + Private->CrntShiftDWord = 0; + + Prefix = Private->Prefix; +- for (i = 0; i <= LZ_MAX_CODE; i++) ++ for (i = 0; i <= LZ_MAX_CODE; i++) { + Prefix[i] = NO_SUCH_CODE; ++ } + + return GIF_OK; + } +@@ -869,14 +878,13 @@ DGifSetupDecompress(GifFileType *GifFile) + This routine can be called few times (one per scan line, for example), in + order the complete the whole image. + ******************************************************************************/ +-static int +-DGifDecompressLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) +-{ ++static int DGifDecompressLine(GifFileType *GifFile, GifPixelType *Line, ++ int LineLen) { + int i = 0; + int j, CrntCode, EOFCode, ClearCode, CrntPrefix, LastCode, StackPtr; + GifByteType *Stack, *Suffix; + GifPrefixType *Prefix; +- GifFilePrivateType *Private = (GifFilePrivateType *) GifFile->Private; ++ GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + + StackPtr = Private->StackPtr; + Prefix = Private->Prefix; +@@ -891,72 +899,88 @@ DGifDecompressLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) + } + + if (StackPtr != 0) { +- /* Let pop the stack off before continueing to read the GIF file: */ +- while (StackPtr != 0 && i < LineLen) ++ /* Let pop the stack off before continueing to read the GIF ++ * file: */ ++ while (StackPtr != 0 && i < LineLen) { + Line[i++] = Stack[--StackPtr]; ++ } + } + +- while (i < LineLen) { /* Decode LineLen items. */ +- if (DGifDecompressInput(GifFile, &CrntCode) == GIF_ERROR) ++ while (i < LineLen) { /* Decode LineLen items. */ ++ if (DGifDecompressInput(GifFile, &CrntCode) == GIF_ERROR) { + return GIF_ERROR; ++ } + + if (CrntCode == EOFCode) { +- /* Note however that usually we will not be here as we will stop +- * decoding as soon as we got all the pixel, or EOF code will +- * not be read at all, and DGifGetLine/Pixel clean everything. */ ++ /* Note however that usually we will not be here as we ++ * will stop decoding as soon as we got all the pixel, ++ * or EOF code will not be read at all, and ++ * DGifGetLine/Pixel clean everything. */ + GifFile->Error = D_GIF_ERR_EOF_TOO_SOON; + return GIF_ERROR; + } else if (CrntCode == ClearCode) { + /* We need to start over again: */ +- for (j = 0; j <= LZ_MAX_CODE; j++) ++ for (j = 0; j <= LZ_MAX_CODE; j++) { + Prefix[j] = NO_SUCH_CODE; ++ } + Private->RunningCode = Private->EOFCode + 1; + Private->RunningBits = Private->BitsPerPixel + 1; + Private->MaxCode1 = 1 << Private->RunningBits; + LastCode = Private->LastCode = NO_SUCH_CODE; + } else { +- /* Its regular code - if in pixel range simply add it to output +- * stream, otherwise trace to codes linked list until the prefix +- * is in pixel range: */ ++ /* Its regular code - if in pixel range simply add it to ++ * output stream, otherwise trace to codes linked list ++ * until the prefix is in pixel range: */ + if (CrntCode < ClearCode) { +- /* This is simple - its pixel scalar, so add it to output: */ ++ /* This is simple - its pixel scalar, so add it ++ * to output: */ + Line[i++] = CrntCode; + } else { +- /* Its a code to needed to be traced: trace the linked list +- * until the prefix is a pixel, while pushing the suffix +- * pixels on our stack. If we done, pop the stack in reverse +- * (thats what stack is good for!) order to output. */ ++ /* Its a code to needed to be traced: trace the ++ * linked list until the prefix is a pixel, ++ * while pushing the suffix pixels on our stack. ++ * If we done, pop the stack in reverse (thats ++ * what stack is good for!) order to output. */ + if (Prefix[CrntCode] == NO_SUCH_CODE) { + CrntPrefix = LastCode; + +- /* Only allowed if CrntCode is exactly the running code: +- * In that case CrntCode = XXXCode, CrntCode or the +- * prefix code is last code and the suffix char is +- * exactly the prefix of last code! */ +- if (CrntCode == Private->RunningCode - 2) { +- Suffix[Private->RunningCode - 2] = +- Stack[StackPtr++] = DGifGetPrefixChar(Prefix, +- LastCode, +- ClearCode); ++ /* Only allowed if CrntCode is exactly ++ * the running code: In that case ++ * CrntCode = XXXCode, CrntCode or the ++ * prefix code is last code and the ++ * suffix char is exactly the prefix of ++ * last code! */ ++ if (CrntCode == ++ Private->RunningCode - 2) { ++ Suffix[Private->RunningCode - ++ 2] = Stack[StackPtr++] = ++ DGifGetPrefixChar( ++ Prefix, LastCode, ++ ClearCode); + } else { +- Suffix[Private->RunningCode - 2] = +- Stack[StackPtr++] = DGifGetPrefixChar(Prefix, +- CrntCode, +- ClearCode); ++ Suffix[Private->RunningCode - ++ 2] = Stack[StackPtr++] = ++ DGifGetPrefixChar( ++ Prefix, CrntCode, ++ ClearCode); + } +- } else ++ } else { + CrntPrefix = CrntCode; ++ } + +- /* Now (if image is O.K.) we should not get a NO_SUCH_CODE +- * during the trace. As we might loop forever, in case of +- * defective image, we use StackPtr as loop counter and stop +- * before overflowing Stack[]. */ ++ /* Now (if image is O.K.) we should not get a ++ * NO_SUCH_CODE during the trace. As we might ++ * loop forever, in case of defective image, we ++ * use StackPtr as loop counter and stop before ++ * overflowing Stack[]. */ + while (StackPtr < LZ_MAX_CODE && +- CrntPrefix > ClearCode && CrntPrefix <= LZ_MAX_CODE) { ++ CrntPrefix > ClearCode && ++ CrntPrefix <= LZ_MAX_CODE) { + Stack[StackPtr++] = Suffix[CrntPrefix]; + CrntPrefix = Prefix[CrntPrefix]; + } +- if (StackPtr >= LZ_MAX_CODE || CrntPrefix > LZ_MAX_CODE) { ++ if (StackPtr >= LZ_MAX_CODE || ++ CrntPrefix > LZ_MAX_CODE) { + GifFile->Error = D_GIF_ERR_IMAGE_DEFECT; + return GIF_ERROR; + } +@@ -964,22 +988,29 @@ DGifDecompressLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) + Stack[StackPtr++] = CrntPrefix; + + /* Now lets pop all the stack into output: */ +- while (StackPtr != 0 && i < LineLen) ++ while (StackPtr != 0 && i < LineLen) { + Line[i++] = Stack[--StackPtr]; ++ } + } +- if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < (LZ_MAX_CODE+1) && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) { ++ if (LastCode != NO_SUCH_CODE && ++ Private->RunningCode - 2 < (LZ_MAX_CODE + 1) && ++ Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) { + Prefix[Private->RunningCode - 2] = LastCode; + + if (CrntCode == Private->RunningCode - 2) { +- /* Only allowed if CrntCode is exactly the running code: +- * In that case CrntCode = XXXCode, CrntCode or the +- * prefix code is last code and the suffix char is +- * exactly the prefix of last code! */ ++ /* Only allowed if CrntCode is exactly ++ * the running code: In that case ++ * CrntCode = XXXCode, CrntCode or the ++ * prefix code is last code and the ++ * suffix char is exactly the prefix of ++ * last code! */ + Suffix[Private->RunningCode - 2] = +- DGifGetPrefixChar(Prefix, LastCode, ClearCode); ++ DGifGetPrefixChar(Prefix, LastCode, ++ ClearCode); + } else { + Suffix[Private->RunningCode - 2] = +- DGifGetPrefixChar(Prefix, CrntCode, ClearCode); ++ DGifGetPrefixChar(Prefix, CrntCode, ++ ClearCode); + } + } + LastCode = CrntCode; +@@ -998,9 +1029,8 @@ DGifDecompressLine(GifFileType *GifFile, GifPixelType *Line, int LineLen) + If image is defective, we might loop here forever, so we limit the loops to + the maximum possible if image O.k. - LZ_MAX_CODE times. + ******************************************************************************/ +-static int +-DGifGetPrefixChar(GifPrefixType *Prefix, int Code, int ClearCode) +-{ ++static int DGifGetPrefixChar(const GifPrefixType *Prefix, int Code, ++ int ClearCode) { + int i = 0; + + while (Code > ClearCode && i++ <= LZ_MAX_CODE) { +@@ -1016,9 +1046,7 @@ DGifGetPrefixChar(GifPrefixType *Prefix, int Code, int ClearCode) + Interface for accessing the LZ codes directly. Set Code to the real code + (12bits), or to -1 if EOF code is returned. + ******************************************************************************/ +-int +-DGifGetLZCodes(GifFileType *GifFile, int *Code) +-{ ++int DGifGetLZCodes(GifFileType *GifFile, int *Code) { + GifByteType *CodeBlock; + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + +@@ -1028,15 +1056,18 @@ DGifGetLZCodes(GifFileType *GifFile, int *Code) + return GIF_ERROR; + } + +- if (DGifDecompressInput(GifFile, Code) == GIF_ERROR) ++ if (DGifDecompressInput(GifFile, Code) == GIF_ERROR) { + return GIF_ERROR; ++ } + + if (*Code == Private->EOFCode) { +- /* Skip rest of codes (hopefully only NULL terminating block): */ ++ /* Skip rest of codes (hopefully only NULL terminating block): ++ */ + do { +- if (DGifGetCodeNext(GifFile, &CodeBlock) == GIF_ERROR) ++ if (DGifGetCodeNext(GifFile, &CodeBlock) == GIF_ERROR) { + return GIF_ERROR; +- } while (CodeBlock != NULL) ; ++ } ++ } while (CodeBlock != NULL); + + *Code = -1; + } else if (*Code == Private->ClearCode) { +@@ -1055,15 +1086,10 @@ DGifGetLZCodes(GifFileType *GifFile, int *Code) + 8 bits (bytes) packets, into the real codes. + Returns GIF_OK if read successfully. + ******************************************************************************/ +-static int +-DGifDecompressInput(GifFileType *GifFile, int *Code) +-{ ++static int DGifDecompressInput(GifFileType *GifFile, int *Code) { + static const unsigned short CodeMasks[] = { +- 0x0000, 0x0001, 0x0003, 0x0007, +- 0x000f, 0x001f, 0x003f, 0x007f, +- 0x00ff, 0x01ff, 0x03ff, 0x07ff, +- 0x0fff +- }; ++ 0x0000, 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, ++ 0x007f, 0x00ff, 0x01ff, 0x03ff, 0x07ff, 0x0fff}; + + GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; + +@@ -1077,11 +1103,12 @@ DGifDecompressInput(GifFileType *GifFile, int *Code) + + while (Private->CrntShiftState < Private->RunningBits) { + /* Needs to get more bytes from input stream for next code: */ +- if (DGifBufferedInput(GifFile, Private->Buf, &NextByte) == GIF_ERROR) { ++ if (DGifBufferedInput(GifFile, Private->Buf, &NextByte) == ++ GIF_ERROR) { + return GIF_ERROR; + } +- Private->CrntShiftDWord |= +- ((unsigned long)NextByte) << Private->CrntShiftState; ++ Private->CrntShiftDWord |= ((unsigned long)NextByte) ++ << Private->CrntShiftState; + Private->CrntShiftState += 8; + } + *Code = Private->CrntShiftDWord & CodeMasks[Private->RunningBits]; +@@ -1109,9 +1136,8 @@ DGifDecompressInput(GifFileType *GifFile, int *Code) + The routine returns the next byte from its internal buffer (or read next + block in if buffer empty) and returns GIF_OK if succesful. + ******************************************************************************/ +-static int +-DGifBufferedInput(GifFileType *GifFile, GifByteType *Buf, GifByteType *NextByte) +-{ ++static int DGifBufferedInput(GifFileType *GifFile, GifByteType *Buf, ++ GifByteType *NextByte) { + if (Buf[0] == 0) { + /* Needs to read the next buffer - this one is empty: */ + /* coverity[check_return] */ +@@ -1120,8 +1146,8 @@ DGifBufferedInput(GifFileType *GifFile, GifByteType *Buf, GifByteType *NextByte) + return GIF_ERROR; + } + /* There shouldn't be any empty data blocks here as the LZW spec +- * says the LZW termination code should come first. Therefore we +- * shouldn't be inside this routine at that point. ++ * says the LZW termination code should come first. Therefore ++ * we shouldn't be inside this routine at that point. + */ + if (Buf[0] == 0) { + GifFile->Error = D_GIF_ERR_IMAGE_DEFECT; +@@ -1132,7 +1158,7 @@ DGifBufferedInput(GifFileType *GifFile, GifByteType *Buf, GifByteType *NextByte) + return GIF_ERROR; + } + *NextByte = Buf[1]; +- Buf[1] = 2; /* We use now the second place as last char read! */ ++ Buf[1] = 2; /* We use now the second place as last char read! */ + Buf[0]--; + } else { + *NextByte = Buf[Buf[1]++]; +@@ -1142,14 +1168,32 @@ DGifBufferedInput(GifFileType *GifFile, GifByteType *Buf, GifByteType *NextByte) + return GIF_OK; + } + ++/****************************************************************************** ++ This routine is called in case of error during parsing image. We need to ++ decrease image counter and reallocate memory for saved images. Not decreasing ++ ImageCount may lead to null pointer dereference, because the last element in ++ SavedImages may point to the spoilt image and null pointer buffers. ++*******************************************************************************/ ++void DGifDecreaseImageCounter(GifFileType *GifFile) { ++ GifFile->ImageCount--; ++ if (GifFile->SavedImages[GifFile->ImageCount].RasterBits != NULL) { ++ free(GifFile->SavedImages[GifFile->ImageCount].RasterBits); ++ } ++ ++ // Realloc array according to the new image counter. ++ SavedImage *correct_saved_images = (SavedImage *)reallocarray( ++ GifFile->SavedImages, GifFile->ImageCount, sizeof(SavedImage)); ++ if (correct_saved_images != NULL) { ++ GifFile->SavedImages = correct_saved_images; ++ } ++} ++ + /****************************************************************************** + This routine reads an entire GIF into core, hanging all its state info off + the GifFileType pointer. Call DGifOpenFileName() or DGifOpenFileHandle() + first to initialize I/O. Its inverse is EGifSpew(). + *******************************************************************************/ +-int +-DGifSlurp(GifFileType *GifFile) +-{ ++int DGifSlurp(GifFileType *GifFile) { + size_t ImageSize; + GifRecordType RecordType; + SavedImage *sp; +@@ -1160,103 +1204,130 @@ DGifSlurp(GifFileType *GifFile) + GifFile->ExtensionBlockCount = 0; + + do { +- if (DGifGetRecordType(GifFile, &RecordType) == GIF_ERROR) ++ if (DGifGetRecordType(GifFile, &RecordType) == GIF_ERROR) { + return (GIF_ERROR); ++ } + + switch (RecordType) { +- case IMAGE_DESC_RECORD_TYPE: +- if (DGifGetImageDesc(GifFile) == GIF_ERROR) +- return (GIF_ERROR); +- +- sp = &GifFile->SavedImages[GifFile->ImageCount - 1]; +- /* Allocate memory for the image */ +- if (sp->ImageDesc.Width <= 0 || sp->ImageDesc.Height <= 0 || +- sp->ImageDesc.Width > (INT_MAX / sp->ImageDesc.Height)) { +- return GIF_ERROR; +- } +- ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height; +- +- if (ImageSize > (SIZE_MAX / sizeof(GifPixelType))) { +- return GIF_ERROR; +- } +- sp->RasterBits = (unsigned char *)reallocarray(NULL, ImageSize, +- sizeof(GifPixelType)); +- +- if (sp->RasterBits == NULL) { +- return GIF_ERROR; +- } +- +- if (sp->ImageDesc.Interlace) { +- int i, j; +- /* +- * The way an interlaced image should be read - +- * offsets and jumps... +- */ +- int InterlacedOffset[] = { 0, 4, 2, 1 }; +- int InterlacedJumps[] = { 8, 8, 4, 2 }; +- /* Need to perform 4 passes on the image */ +- for (i = 0; i < 4; i++) +- for (j = InterlacedOffset[i]; +- j < sp->ImageDesc.Height; +- j += InterlacedJumps[i]) { +- if (DGifGetLine(GifFile, +- sp->RasterBits+j*sp->ImageDesc.Width, +- sp->ImageDesc.Width) == GIF_ERROR) +- return GIF_ERROR; +- } +- } +- else { +- if (DGifGetLine(GifFile,sp->RasterBits,ImageSize)==GIF_ERROR) +- return (GIF_ERROR); +- } +- +- if (GifFile->ExtensionBlocks) { +- sp->ExtensionBlocks = GifFile->ExtensionBlocks; +- sp->ExtensionBlockCount = GifFile->ExtensionBlockCount; +- +- GifFile->ExtensionBlocks = NULL; +- GifFile->ExtensionBlockCount = 0; +- } +- break; +- +- case EXTENSION_RECORD_TYPE: +- if (DGifGetExtension(GifFile,&ExtFunction,&ExtData) == GIF_ERROR) +- return (GIF_ERROR); +- /* Create an extension block with our data */ +- if (ExtData != NULL) { +- if (GifAddExtensionBlock(&GifFile->ExtensionBlockCount, +- &GifFile->ExtensionBlocks, +- ExtFunction, ExtData[0], &ExtData[1]) +- == GIF_ERROR) +- return (GIF_ERROR); +- } +- for (;;) { +- if (DGifGetExtensionNext(GifFile, &ExtData) == GIF_ERROR) +- return (GIF_ERROR); +- if (ExtData == NULL) +- break; +- /* Continue the extension block */ +- if (ExtData != NULL) +- if (GifAddExtensionBlock(&GifFile->ExtensionBlockCount, +- &GifFile->ExtensionBlocks, +- CONTINUE_EXT_FUNC_CODE, +- ExtData[0], &ExtData[1]) == GIF_ERROR) +- return (GIF_ERROR); +- } +- break; +- +- case TERMINATE_RECORD_TYPE: +- break; +- +- default: /* Should be trapped by DGifGetRecordType */ +- break; ++ case IMAGE_DESC_RECORD_TYPE: ++ if (DGifGetImageDesc(GifFile) == GIF_ERROR) { ++ return (GIF_ERROR); ++ } ++ ++ sp = &GifFile->SavedImages[GifFile->ImageCount - 1]; ++ /* Allocate memory for the image */ ++ if (sp->ImageDesc.Width <= 0 || ++ sp->ImageDesc.Height <= 0 || ++ sp->ImageDesc.Width > ++ (INT_MAX / sp->ImageDesc.Height)) { ++ DGifDecreaseImageCounter(GifFile); ++ return GIF_ERROR; ++ } ++ ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height; ++ ++ if (ImageSize > (SIZE_MAX / sizeof(GifPixelType))) { ++ DGifDecreaseImageCounter(GifFile); ++ return GIF_ERROR; ++ } ++ sp->RasterBits = (unsigned char *)reallocarray( ++ NULL, ImageSize, sizeof(GifPixelType)); ++ ++ if (sp->RasterBits == NULL) { ++ DGifDecreaseImageCounter(GifFile); ++ return GIF_ERROR; ++ } ++ ++ if (sp->ImageDesc.Interlace) { ++ int i, j; ++ /* ++ * The way an interlaced image should be read - ++ * offsets and jumps... ++ */ ++ static const int InterlacedOffset[] = {0, 4, 2, ++ 1}; ++ static const int InterlacedJumps[] = {8, 8, 4, ++ 2}; ++ /* Need to perform 4 passes on the image */ ++ for (i = 0; i < 4; i++) { ++ for (j = InterlacedOffset[i]; ++ j < sp->ImageDesc.Height; ++ j += InterlacedJumps[i]) { ++ if (DGifGetLine( ++ GifFile, ++ sp->RasterBits + ++ j * sp->ImageDesc ++ .Width, ++ sp->ImageDesc.Width) == ++ GIF_ERROR) { ++ DGifDecreaseImageCounter( ++ GifFile); ++ return GIF_ERROR; ++ } ++ } ++ } ++ } else { ++ if (DGifGetLine(GifFile, sp->RasterBits, ++ ImageSize) == GIF_ERROR) { ++ DGifDecreaseImageCounter(GifFile); ++ return GIF_ERROR; ++ } ++ } ++ ++ if (GifFile->ExtensionBlocks) { ++ sp->ExtensionBlocks = GifFile->ExtensionBlocks; ++ sp->ExtensionBlockCount = ++ GifFile->ExtensionBlockCount; ++ ++ GifFile->ExtensionBlocks = NULL; ++ GifFile->ExtensionBlockCount = 0; ++ } ++ break; ++ ++ case EXTENSION_RECORD_TYPE: ++ if (DGifGetExtension(GifFile, &ExtFunction, &ExtData) == ++ GIF_ERROR) { ++ return (GIF_ERROR); ++ } ++ /* Create an extension block with our data */ ++ if (ExtData != NULL) { ++ if (GifAddExtensionBlock( ++ &GifFile->ExtensionBlockCount, ++ &GifFile->ExtensionBlocks, ExtFunction, ++ ExtData[0], &ExtData[1]) == GIF_ERROR) { ++ return (GIF_ERROR); ++ } ++ } ++ for (;;) { ++ if (DGifGetExtensionNext(GifFile, &ExtData) == ++ GIF_ERROR) { ++ return (GIF_ERROR); ++ } ++ if (ExtData == NULL) { ++ break; ++ } ++ /* Continue the extension block */ ++ if (GifAddExtensionBlock( ++ &GifFile->ExtensionBlockCount, ++ &GifFile->ExtensionBlocks, ++ CONTINUE_EXT_FUNC_CODE, ExtData[0], ++ &ExtData[1]) == GIF_ERROR) { ++ return (GIF_ERROR); ++ } ++ } ++ break; ++ ++ case TERMINATE_RECORD_TYPE: ++ break; ++ ++ default: /* Should be trapped by DGifGetRecordType */ ++ break; + } + } while (RecordType != TERMINATE_RECORD_TYPE); + + /* Sanity check for corrupted file */ + if (GifFile->ImageCount == 0) { + GifFile->Error = D_GIF_ERR_NO_IMAG_DSCR; +- return(GIF_ERROR); ++ return (GIF_ERROR); + } + + return (GIF_OK); +diff --git a/jdk/src/share/native/sun/awt/giflib/gif_err.c b/jdk/src/share/native/sun/awt/giflib/gif_err.c +index db08838eff..3b6785f7c6 100644 +--- a/jdk/src/share/native/sun/awt/giflib/gif_err.c ++++ b/jdk/src/share/native/sun/awt/giflib/gif_err.c +@@ -38,82 +38,80 @@ SPDX-License-Identifier: MIT + /***************************************************************************** + Return a string description of the last GIF error + *****************************************************************************/ +-const char * +-GifErrorString(int ErrorCode) +-{ ++const char *GifErrorString(int ErrorCode) { + const char *Err; + + switch (ErrorCode) { +- case E_GIF_ERR_OPEN_FAILED: ++ case E_GIF_ERR_OPEN_FAILED: + Err = "Failed to open given file"; + break; +- case E_GIF_ERR_WRITE_FAILED: ++ case E_GIF_ERR_WRITE_FAILED: + Err = "Failed to write to given file"; + break; +- case E_GIF_ERR_HAS_SCRN_DSCR: ++ case E_GIF_ERR_HAS_SCRN_DSCR: + Err = "Screen descriptor has already been set"; + break; +- case E_GIF_ERR_HAS_IMAG_DSCR: ++ case E_GIF_ERR_HAS_IMAG_DSCR: + Err = "Image descriptor is still active"; + break; +- case E_GIF_ERR_NO_COLOR_MAP: ++ case E_GIF_ERR_NO_COLOR_MAP: + Err = "Neither global nor local color map"; + break; +- case E_GIF_ERR_DATA_TOO_BIG: ++ case E_GIF_ERR_DATA_TOO_BIG: + Err = "Number of pixels bigger than width * height"; + break; +- case E_GIF_ERR_NOT_ENOUGH_MEM: ++ case E_GIF_ERR_NOT_ENOUGH_MEM: + Err = "Failed to allocate required memory"; + break; +- case E_GIF_ERR_DISK_IS_FULL: ++ case E_GIF_ERR_DISK_IS_FULL: + Err = "Write failed (disk full?)"; + break; +- case E_GIF_ERR_CLOSE_FAILED: ++ case E_GIF_ERR_CLOSE_FAILED: + Err = "Failed to close given file"; + break; +- case E_GIF_ERR_NOT_WRITEABLE: ++ case E_GIF_ERR_NOT_WRITEABLE: + Err = "Given file was not opened for write"; + break; +- case D_GIF_ERR_OPEN_FAILED: ++ case D_GIF_ERR_OPEN_FAILED: + Err = "Failed to open given file"; + break; +- case D_GIF_ERR_READ_FAILED: ++ case D_GIF_ERR_READ_FAILED: + Err = "Failed to read from given file"; + break; +- case D_GIF_ERR_NOT_GIF_FILE: ++ case D_GIF_ERR_NOT_GIF_FILE: + Err = "Data is not in GIF format"; + break; +- case D_GIF_ERR_NO_SCRN_DSCR: ++ case D_GIF_ERR_NO_SCRN_DSCR: + Err = "No screen descriptor detected"; + break; +- case D_GIF_ERR_NO_IMAG_DSCR: ++ case D_GIF_ERR_NO_IMAG_DSCR: + Err = "No Image Descriptor detected"; + break; +- case D_GIF_ERR_NO_COLOR_MAP: ++ case D_GIF_ERR_NO_COLOR_MAP: + Err = "Neither global nor local color map"; + break; +- case D_GIF_ERR_WRONG_RECORD: ++ case D_GIF_ERR_WRONG_RECORD: + Err = "Wrong record type detected"; + break; +- case D_GIF_ERR_DATA_TOO_BIG: ++ case D_GIF_ERR_DATA_TOO_BIG: + Err = "Number of pixels bigger than width * height"; + break; +- case D_GIF_ERR_NOT_ENOUGH_MEM: ++ case D_GIF_ERR_NOT_ENOUGH_MEM: + Err = "Failed to allocate required memory"; + break; +- case D_GIF_ERR_CLOSE_FAILED: ++ case D_GIF_ERR_CLOSE_FAILED: + Err = "Failed to close given file"; + break; +- case D_GIF_ERR_NOT_READABLE: ++ case D_GIF_ERR_NOT_READABLE: + Err = "Given file was not opened for read"; + break; +- case D_GIF_ERR_IMAGE_DEFECT: ++ case D_GIF_ERR_IMAGE_DEFECT: + Err = "Image is defective, decoding aborted"; + break; +- case D_GIF_ERR_EOF_TOO_SOON: ++ case D_GIF_ERR_EOF_TOO_SOON: + Err = "Image EOF detected before image complete"; + break; +- default: ++ default: + Err = NULL; + break; + } +diff --git a/jdk/src/share/native/sun/awt/giflib/gif_hash.h b/jdk/src/share/native/sun/awt/giflib/gif_hash.h +index 6cabd0866e..bd00af6416 100644 +--- a/jdk/src/share/native/sun/awt/giflib/gif_hash.h ++++ b/jdk/src/share/native/sun/awt/giflib/gif_hash.h +@@ -33,27 +33,25 @@ SPDX-License-Identifier: MIT + #ifndef _GIF_HASH_H_ + #define _GIF_HASH_H_ + +-/** Begin JDK modifications to support building on Windows **/ + #ifndef _WIN32 + #include +-#endif +-/** End JDK modifications to support building on Windows **/ ++#endif /* _WIN32 */ + #include + +-#define HT_SIZE 8192 /* 12bits = 4096 or twice as big! */ +-#define HT_KEY_MASK 0x1FFF /* 13bits keys */ +-#define HT_KEY_NUM_BITS 13 /* 13bits keys */ +-#define HT_MAX_KEY 8191 /* 13bits - 1, maximal code possible */ +-#define HT_MAX_CODE 4095 /* Biggest code possible in 12 bits. */ ++#define HT_SIZE 8192 /* 12bits = 4096 or twice as big! */ ++#define HT_KEY_MASK 0x1FFF /* 13bits keys */ ++#define HT_KEY_NUM_BITS 13 /* 13bits keys */ ++#define HT_MAX_KEY 8191 /* 13bits - 1, maximal code possible */ ++#define HT_MAX_CODE 4095 /* Biggest code possible in 12 bits. */ + + /* The 32 bits of the long are divided into two parts for the key & code: */ + /* 1. The code is 12 bits as our compression algorithm is limited to 12bits */ +-/* 2. The key is 12 bits Prefix code + 8 bit new char or 20 bits. */ ++/* 2. The key is 12 bits Prefix code + 8 bit new char or 20 bits. */ + /* The key is the upper 20 bits. The code is the lower 12. */ +-#define HT_GET_KEY(l) (l >> 12) +-#define HT_GET_CODE(l) (l & 0x0FFF) +-#define HT_PUT_KEY(l) (l << 12) +-#define HT_PUT_CODE(l) (l & 0x0FFF) ++#define HT_GET_KEY(l) (l >> 12) ++#define HT_GET_CODE(l) (l & 0x0FFF) ++#define HT_PUT_KEY(l) (l << 12) ++#define HT_PUT_CODE(l) (l & 0x0FFF) + + typedef struct GifHashTableType { + uint32_t HTable[HT_SIZE]; +diff --git a/jdk/src/share/native/sun/awt/giflib/gif_lib.h b/jdk/src/share/native/sun/awt/giflib/gif_lib.h +index f739b36adf..716dc7e8ba 100644 +--- a/jdk/src/share/native/sun/awt/giflib/gif_lib.h ++++ b/jdk/src/share/native/sun/awt/giflib/gif_lib.h +@@ -39,27 +39,30 @@ extern "C" { + + #define GIFLIB_MAJOR 5 + #define GIFLIB_MINOR 2 +-#define GIFLIB_RELEASE 1 ++#define GIFLIB_RELEASE 2 + +-#define GIF_ERROR 0 +-#define GIF_OK 1 ++#define GIF_ERROR 0 ++#define GIF_OK 1 + + #include + /** Begin JDK modifications to support building using old compilers**/ +-//#include ++#ifndef _WIN32 ++#include ++#else + #ifdef bool + #undef bool + #endif + typedef int bool; + #define false 0 + #define true 1 ++#endif + /** End JDK modifications to support building using old compilers**/ + +-#define GIF_STAMP "GIFVER" /* First chars in file - GIF stamp. */ ++#define GIF_STAMP "GIFVER" /* First chars in file - GIF stamp. */ + #define GIF_STAMP_LEN sizeof(GIF_STAMP) - 1 +-#define GIF_VERSION_POS 3 /* Version first character in stamp. */ +-#define GIF87_STAMP "GIF87a" /* First chars in file - GIF stamp. */ +-#define GIF89_STAMP "GIF89a" /* First chars in file - GIF stamp. */ ++#define GIF_VERSION_POS 3 /* Version first character in stamp. */ ++#define GIF87_STAMP "GIF87a" /* First chars in file - GIF stamp. */ ++#define GIF89_STAMP "GIF89a" /* First chars in file - GIF stamp. */ + + typedef unsigned char GifPixelType; + typedef unsigned char *GifRowType; +@@ -75,24 +78,24 @@ typedef struct ColorMapObject { + int ColorCount; + int BitsPerPixel; + bool SortFlag; +- GifColorType *Colors; /* on malloc(3) heap */ ++ GifColorType *Colors; /* on malloc(3) heap */ + } ColorMapObject; + + typedef struct GifImageDesc { +- GifWord Left, Top, Width, Height; /* Current image dimensions. */ +- bool Interlace; /* Sequential/Interlaced lines. */ +- ColorMapObject *ColorMap; /* The local color map */ ++ GifWord Left, Top, Width, Height; /* Current image dimensions. */ ++ bool Interlace; /* Sequential/Interlaced lines. */ ++ ColorMapObject *ColorMap; /* The local color map */ + } GifImageDesc; + + typedef struct ExtensionBlock { + int ByteCount; +- GifByteType *Bytes; /* on malloc(3) heap */ +- int Function; /* The block function code */ +-#define CONTINUE_EXT_FUNC_CODE 0x00 /* continuation subblock */ +-#define COMMENT_EXT_FUNC_CODE 0xfe /* comment */ +-#define GRAPHICS_EXT_FUNC_CODE 0xf9 /* graphics control (GIF89) */ +-#define PLAINTEXT_EXT_FUNC_CODE 0x01 /* plaintext */ +-#define APPLICATION_EXT_FUNC_CODE 0xff /* application block (GIF89) */ ++ GifByteType *Bytes; /* on malloc(3) heap */ ++ int Function; /* The block function code */ ++#define CONTINUE_EXT_FUNC_CODE 0x00 /* continuation subblock */ ++#define COMMENT_EXT_FUNC_CODE 0xfe /* comment */ ++#define GRAPHICS_EXT_FUNC_CODE 0xf9 /* graphics control (GIF89) */ ++#define PLAINTEXT_EXT_FUNC_CODE 0x01 /* plaintext */ ++#define APPLICATION_EXT_FUNC_CODE 0xff /* application block (GIF89) */ + } ExtensionBlock; + + typedef struct SavedImage { +@@ -103,22 +106,22 @@ typedef struct SavedImage { + } SavedImage; + + typedef struct GifFileType { +- GifWord SWidth, SHeight; /* Size of virtual canvas */ +- GifWord SColorResolution; /* How many colors can we generate? */ +- GifWord SBackGroundColor; /* Background color for virtual canvas */ +- GifByteType AspectByte; /* Used to compute pixel aspect ratio */ +- ColorMapObject *SColorMap; /* Global colormap, NULL if nonexistent. */ +- int ImageCount; /* Number of current image (both APIs) */ +- GifImageDesc Image; /* Current image (low-level API) */ +- SavedImage *SavedImages; /* Image sequence (high-level API) */ +- int ExtensionBlockCount; /* Count extensions past last image */ ++ GifWord SWidth, SHeight; /* Size of virtual canvas */ ++ GifWord SColorResolution; /* How many colors can we generate? */ ++ GifWord SBackGroundColor; /* Background color for virtual canvas */ ++ GifByteType AspectByte; /* Used to compute pixel aspect ratio */ ++ ColorMapObject *SColorMap; /* Global colormap, NULL if nonexistent. */ ++ int ImageCount; /* Number of current image (both APIs) */ ++ GifImageDesc Image; /* Current image (low-level API) */ ++ SavedImage *SavedImages; /* Image sequence (high-level API) */ ++ int ExtensionBlockCount; /* Count extensions past last image */ + ExtensionBlock *ExtensionBlocks; /* Extensions past last image */ + int Error; /* Last error condition reported */ + void *UserData; /* hook to attach user data (TVT) */ + void *Private; /* Don't mess with this! */ + } GifFileType; + +-#define GIF_ASPECT_RATIO(n) ((n)+15.0/64.0) ++#define GIF_ASPECT_RATIO(n) ((n) + 15.0 / 64.0) + + typedef enum { + UNDEFINED_RECORD_TYPE, +@@ -129,12 +132,12 @@ typedef enum { + } GifRecordType; + + /* func type to read gif data from arbitrary sources (TVT) */ +-typedef int (*InputFunc) (GifFileType *, GifByteType *, int); ++typedef int (*InputFunc)(GifFileType *, GifByteType *, int); + + /* func type to write gif data to arbitrary targets. + * Returns count of bytes written. (MRB) + */ +-typedef int (*OutputFunc) (GifFileType *, const GifByteType *, int); ++typedef int (*OutputFunc)(GifFileType *, const GifByteType *, int); + + /****************************************************************************** + GIF89 structures +@@ -142,14 +145,14 @@ typedef int (*OutputFunc) (GifFileType *, const GifByteType *, int); + + typedef struct GraphicsControlBlock { + int DisposalMode; +-#define DISPOSAL_UNSPECIFIED 0 /* No disposal specified. */ +-#define DISPOSE_DO_NOT 1 /* Leave image in place */ +-#define DISPOSE_BACKGROUND 2 /* Set area too background color */ +-#define DISPOSE_PREVIOUS 3 /* Restore to previous content */ +- bool UserInputFlag; /* User confirmation required before disposal */ +- int DelayTime; /* pre-display delay in 0.01sec units */ +- int TransparentColor; /* Palette index for transparency, -1 if none */ +-#define NO_TRANSPARENT_COLOR -1 ++#define DISPOSAL_UNSPECIFIED 0 /* No disposal specified. */ ++#define DISPOSE_DO_NOT 1 /* Leave image in place */ ++#define DISPOSE_BACKGROUND 2 /* Set area too background color */ ++#define DISPOSE_PREVIOUS 3 /* Restore to previous content */ ++ bool UserInputFlag; /* User confirmation required before disposal */ ++ int DelayTime; /* pre-display delay in 0.01sec units */ ++ int TransparentColor; /* Palette index for transparency, -1 if none */ ++#define NO_TRANSPARENT_COLOR -1 + } GraphicsControlBlock; + + /****************************************************************************** +@@ -161,49 +164,44 @@ GifFileType *EGifOpenFileName(const char *GifFileName, + const bool GifTestExistence, int *Error); + GifFileType *EGifOpenFileHandle(const int GifFileHandle, int *Error); + GifFileType *EGifOpen(void *userPtr, OutputFunc writeFunc, int *Error); +-int EGifSpew(GifFileType * GifFile); ++int EGifSpew(GifFileType *GifFile); + const char *EGifGetGifVersion(GifFileType *GifFile); /* new in 5.x */ + int EGifCloseFile(GifFileType *GifFile, int *ErrorCode); + +-#define E_GIF_SUCCEEDED 0 +-#define E_GIF_ERR_OPEN_FAILED 1 /* And EGif possible errors. */ +-#define E_GIF_ERR_WRITE_FAILED 2 +-#define E_GIF_ERR_HAS_SCRN_DSCR 3 +-#define E_GIF_ERR_HAS_IMAG_DSCR 4 +-#define E_GIF_ERR_NO_COLOR_MAP 5 +-#define E_GIF_ERR_DATA_TOO_BIG 6 ++#define E_GIF_SUCCEEDED 0 ++#define E_GIF_ERR_OPEN_FAILED 1 /* And EGif possible errors. */ ++#define E_GIF_ERR_WRITE_FAILED 2 ++#define E_GIF_ERR_HAS_SCRN_DSCR 3 ++#define E_GIF_ERR_HAS_IMAG_DSCR 4 ++#define E_GIF_ERR_NO_COLOR_MAP 5 ++#define E_GIF_ERR_DATA_TOO_BIG 6 + #define E_GIF_ERR_NOT_ENOUGH_MEM 7 +-#define E_GIF_ERR_DISK_IS_FULL 8 +-#define E_GIF_ERR_CLOSE_FAILED 9 +-#define E_GIF_ERR_NOT_WRITEABLE 10 ++#define E_GIF_ERR_DISK_IS_FULL 8 ++#define E_GIF_ERR_CLOSE_FAILED 9 ++#define E_GIF_ERR_NOT_WRITEABLE 10 + + /* These are legacy. You probably do not want to call them directly */ +-int EGifPutScreenDesc(GifFileType *GifFile, +- const int GifWidth, const int GifHeight, +- const int GifColorRes, ++int EGifPutScreenDesc(GifFileType *GifFile, const int GifWidth, ++ const int GifHeight, const int GifColorRes, + const int GifBackGround, + const ColorMapObject *GifColorMap); +-int EGifPutImageDesc(GifFileType *GifFile, +- const int GifLeft, const int GifTop, ++int EGifPutImageDesc(GifFileType *GifFile, const int GifLeft, const int GifTop, + const int GifWidth, const int GifHeight, + const bool GifInterlace, + const ColorMapObject *GifColorMap); + void EGifSetGifVersion(GifFileType *GifFile, const bool gif89); +-int EGifPutLine(GifFileType *GifFile, GifPixelType *GifLine, +- int GifLineLen); ++int EGifPutLine(GifFileType *GifFile, GifPixelType *GifLine, int GifLineLen); + int EGifPutPixel(GifFileType *GifFile, const GifPixelType GifPixel); + int EGifPutComment(GifFileType *GifFile, const char *GifComment); + int EGifPutExtensionLeader(GifFileType *GifFile, const int GifExtCode); +-int EGifPutExtensionBlock(GifFileType *GifFile, +- const int GifExtLen, const void *GifExtension); ++int EGifPutExtensionBlock(GifFileType *GifFile, const int GifExtLen, ++ const void *GifExtension); + int EGifPutExtensionTrailer(GifFileType *GifFile); + int EGifPutExtension(GifFileType *GifFile, const int GifExtCode, +- const int GifExtLen, +- const void *GifExtension); ++ const int GifExtLen, const void *GifExtension); + int EGifPutCode(GifFileType *GifFile, int GifCodeSize, + const GifByteType *GifCodeBlock); +-int EGifPutCodeNext(GifFileType *GifFile, +- const GifByteType *GifCodeBlock); ++int EGifPutCodeNext(GifFileType *GifFile, const GifByteType *GifCodeBlock); + + /****************************************************************************** + GIF decoding routines +@@ -212,24 +210,25 @@ int EGifPutCodeNext(GifFileType *GifFile, + /* Main entry points */ + GifFileType *DGifOpenFileName(const char *GifFileName, int *Error); + GifFileType *DGifOpenFileHandle(int GifFileHandle, int *Error); +-int DGifSlurp(GifFileType * GifFile); +-GifFileType *DGifOpen(void *userPtr, InputFunc readFunc, int *Error); /* new one (TVT) */ +- int DGifCloseFile(GifFileType * GifFile, int *ErrorCode); +- +-#define D_GIF_SUCCEEDED 0 +-#define D_GIF_ERR_OPEN_FAILED 101 /* And DGif possible errors. */ +-#define D_GIF_ERR_READ_FAILED 102 +-#define D_GIF_ERR_NOT_GIF_FILE 103 +-#define D_GIF_ERR_NO_SCRN_DSCR 104 +-#define D_GIF_ERR_NO_IMAG_DSCR 105 +-#define D_GIF_ERR_NO_COLOR_MAP 106 +-#define D_GIF_ERR_WRONG_RECORD 107 +-#define D_GIF_ERR_DATA_TOO_BIG 108 ++int DGifSlurp(GifFileType *GifFile); ++GifFileType *DGifOpen(void *userPtr, InputFunc readFunc, ++ int *Error); /* new one (TVT) */ ++int DGifCloseFile(GifFileType *GifFile, int *ErrorCode); ++ ++#define D_GIF_SUCCEEDED 0 ++#define D_GIF_ERR_OPEN_FAILED 101 /* And DGif possible errors. */ ++#define D_GIF_ERR_READ_FAILED 102 ++#define D_GIF_ERR_NOT_GIF_FILE 103 ++#define D_GIF_ERR_NO_SCRN_DSCR 104 ++#define D_GIF_ERR_NO_IMAG_DSCR 105 ++#define D_GIF_ERR_NO_COLOR_MAP 106 ++#define D_GIF_ERR_WRONG_RECORD 107 ++#define D_GIF_ERR_DATA_TOO_BIG 108 + #define D_GIF_ERR_NOT_ENOUGH_MEM 109 +-#define D_GIF_ERR_CLOSE_FAILED 110 +-#define D_GIF_ERR_NOT_READABLE 111 +-#define D_GIF_ERR_IMAGE_DEFECT 112 +-#define D_GIF_ERR_EOF_TOO_SOON 113 ++#define D_GIF_ERR_CLOSE_FAILED 110 ++#define D_GIF_ERR_NOT_READABLE 111 ++#define D_GIF_ERR_IMAGE_DEFECT 112 ++#define D_GIF_ERR_EOF_TOO_SOON 113 + + /* These are legacy. You probably do not want to call them directly */ + int DGifGetScreenDesc(GifFileType *GifFile); +@@ -247,11 +246,10 @@ int DGifGetCodeNext(GifFileType *GifFile, GifByteType **GifCodeBlock); + int DGifGetLZCodes(GifFileType *GifFile, int *GifCode); + const char *DGifGetGifVersion(GifFileType *GifFile); + +- + /****************************************************************************** + Error handling and reporting. + ******************************************************************************/ +-extern const char *GifErrorString(int ErrorCode); /* new in 2012 - ESR */ ++extern const char *GifErrorString(int ErrorCode); /* new in 2012 - ESR */ + + /***************************************************************************** + Everything below this point is new after version 1.2, supporting `slurp +@@ -263,26 +261,26 @@ extern const char *GifErrorString(int ErrorCode); /* new in 2012 - ESR */ + ******************************************************************************/ + + extern ColorMapObject *GifMakeMapObject(int ColorCount, +- const GifColorType *ColorMap); ++ const GifColorType *ColorMap); + extern void GifFreeMapObject(ColorMapObject *Object); + extern ColorMapObject *GifUnionColorMap(const ColorMapObject *ColorIn1, +- const ColorMapObject *ColorIn2, +- GifPixelType ColorTransIn2[]); ++ const ColorMapObject *ColorIn2, ++ GifPixelType ColorTransIn2[]); + extern int GifBitSize(int n); + + /****************************************************************************** + Support for the in-core structures allocation (slurp mode). + ******************************************************************************/ + +-extern void GifApplyTranslation(SavedImage *Image, GifPixelType Translation[]); ++extern void GifApplyTranslation(SavedImage *Image, ++ const GifPixelType Translation[]); + extern int GifAddExtensionBlock(int *ExtensionBlock_Count, +- ExtensionBlock **ExtensionBlocks, +- int Function, ++ ExtensionBlock **ExtensionBlocks, int Function, + unsigned int Len, unsigned char ExtData[]); + extern void GifFreeExtensions(int *ExtensionBlock_Count, + ExtensionBlock **ExtensionBlocks); + extern SavedImage *GifMakeSavedImage(GifFileType *GifFile, +- const SavedImage *CopyFrom); ++ const SavedImage *CopyFrom); + extern void GifFreeSavedImages(GifFileType *GifFile); + + /****************************************************************************** +@@ -295,37 +293,31 @@ int DGifExtensionToGCB(const size_t GifExtensionLength, + size_t EGifGCBToExtension(const GraphicsControlBlock *GCB, + GifByteType *GifExtension); + +-int DGifSavedExtensionToGCB(GifFileType *GifFile, +- int ImageIndex, ++int DGifSavedExtensionToGCB(GifFileType *GifFile, int ImageIndex, + GraphicsControlBlock *GCB); + int EGifGCBToSavedExtension(const GraphicsControlBlock *GCB, +- GifFileType *GifFile, +- int ImageIndex); ++ GifFileType *GifFile, int ImageIndex); + + /****************************************************************************** + The library's internal utility font + ******************************************************************************/ + +-#define GIF_FONT_WIDTH 8 ++#define GIF_FONT_WIDTH 8 + #define GIF_FONT_HEIGHT 8 + extern const unsigned char GifAsciiTable8x8[][GIF_FONT_WIDTH]; + +-extern void GifDrawText8x8(SavedImage *Image, +- const int x, const int y, +- const char *legend, const int color); ++extern void GifDrawText8x8(SavedImage *Image, const int x, const int y, ++ const char *legend, const int color); + +-extern void GifDrawBox(SavedImage *Image, +- const int x, const int y, +- const int w, const int d, const int color); ++extern void GifDrawBox(SavedImage *Image, const int x, const int y, const int w, ++ const int d, const int color); + +-extern void GifDrawRectangle(SavedImage *Image, +- const int x, const int y, +- const int w, const int d, const int color); ++extern void GifDrawRectangle(SavedImage *Image, const int x, const int y, ++ const int w, const int d, const int color); + +-extern void GifDrawBoxedText8x8(SavedImage *Image, +- const int x, const int y, +- const char *legend, +- const int border, const int bg, const int fg); ++extern void GifDrawBoxedText8x8(SavedImage *Image, const int x, const int y, ++ const char *legend, const int border, ++ const int bg, const int fg); + + #ifdef __cplusplus + } +diff --git a/jdk/src/share/native/sun/awt/giflib/gif_lib_private.h b/jdk/src/share/native/sun/awt/giflib/gif_lib_private.h +index 4f832676ff..f905e0d7b4 100644 +--- a/jdk/src/share/native/sun/awt/giflib/gif_lib_private.h ++++ b/jdk/src/share/native/sun/awt/giflib/gif_lib_private.h +@@ -33,52 +33,54 @@ SPDX-License-Identifier: MIT + #ifndef _GIF_LIB_PRIVATE_H + #define _GIF_LIB_PRIVATE_H + +-#include "gif_lib.h" + #include "gif_hash.h" ++#include "gif_lib.h" + + #ifndef SIZE_MAX +- #define SIZE_MAX UINTPTR_MAX ++#define SIZE_MAX UINTPTR_MAX + #endif + +-#define EXTENSION_INTRODUCER 0x21 +-#define DESCRIPTOR_INTRODUCER 0x2c +-#define TERMINATOR_INTRODUCER 0x3b ++#define EXTENSION_INTRODUCER 0x21 ++#define DESCRIPTOR_INTRODUCER 0x2c ++#define TERMINATOR_INTRODUCER 0x3b + +-#define LZ_MAX_CODE 4095 /* Biggest code possible in 12 bits. */ +-#define LZ_BITS 12 ++#define LZ_MAX_CODE 4095 /* Biggest code possible in 12 bits. */ ++#define LZ_BITS 12 + +-#define FLUSH_OUTPUT 4096 /* Impossible code, to signal flush. */ +-#define FIRST_CODE 4097 /* Impossible code, to signal first. */ +-#define NO_SUCH_CODE 4098 /* Impossible code, to signal empty. */ ++#define FLUSH_OUTPUT 4096 /* Impossible code, to signal flush. */ ++#define FIRST_CODE 4097 /* Impossible code, to signal first. */ ++#define NO_SUCH_CODE 4098 /* Impossible code, to signal empty. */ + +-#define FILE_STATE_WRITE 0x01 +-#define FILE_STATE_SCREEN 0x02 +-#define FILE_STATE_IMAGE 0x04 +-#define FILE_STATE_READ 0x08 ++#define FILE_STATE_WRITE 0x01 ++#define FILE_STATE_SCREEN 0x02 ++#define FILE_STATE_IMAGE 0x04 ++#define FILE_STATE_READ 0x08 + +-#define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ) +-#define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE) ++#define IS_READABLE(Private) (Private->FileState & FILE_STATE_READ) ++#define IS_WRITEABLE(Private) (Private->FileState & FILE_STATE_WRITE) + + typedef struct GifFilePrivateType { +- GifWord FileState, FileHandle, /* Where all this data goes to! */ +- BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */ +- ClearCode, /* The CLEAR LZ code. */ +- EOFCode, /* The EOF LZ code. */ +- RunningCode, /* The next code algorithm can generate. */ +- RunningBits, /* The number of bits required to represent RunningCode. */ +- MaxCode1, /* 1 bigger than max. possible code, in RunningBits bits. */ +- LastCode, /* The code before the current code. */ +- CrntCode, /* Current algorithm code. */ +- StackPtr, /* For character stack (see below). */ +- CrntShiftState; /* Number of bits in CrntShiftDWord. */ +- unsigned long CrntShiftDWord; /* For bytes decomposition into codes. */ +- unsigned long PixelCount; /* Number of pixels in image. */ +- FILE *File; /* File as stream. */ +- InputFunc Read; /* function to read gif input (TVT) */ +- OutputFunc Write; /* function to write gif output (MRB) */ +- GifByteType Buf[256]; /* Compressed input is buffered here. */ ++ GifWord FileState, FileHandle, /* Where all this data goes to! */ ++ BitsPerPixel, /* Bits per pixel (Codes uses at least this + 1). */ ++ ClearCode, /* The CLEAR LZ code. */ ++ EOFCode, /* The EOF LZ code. */ ++ RunningCode, /* The next code algorithm can generate. */ ++ RunningBits, /* The number of bits required to represent ++ RunningCode. */ ++ MaxCode1, /* 1 bigger than max. possible code, in RunningBits bits. ++ */ ++ LastCode, /* The code before the current code. */ ++ CrntCode, /* Current algorithm code. */ ++ StackPtr, /* For character stack (see below). */ ++ CrntShiftState; /* Number of bits in CrntShiftDWord. */ ++ unsigned long CrntShiftDWord; /* For bytes decomposition into codes. */ ++ unsigned long PixelCount; /* Number of pixels in image. */ ++ FILE *File; /* File as stream. */ ++ InputFunc Read; /* function to read gif input (TVT) */ ++ OutputFunc Write; /* function to write gif output (MRB) */ ++ GifByteType Buf[256]; /* Compressed input is buffered here. */ + GifByteType Stack[LZ_MAX_CODE]; /* Decoded pixels are stacked here. */ +- GifByteType Suffix[LZ_MAX_CODE + 1]; /* So we can trace the codes. */ ++ GifByteType Suffix[LZ_MAX_CODE + 1]; /* So we can trace the codes. */ + GifPrefixType Prefix[LZ_MAX_CODE + 1]; + GifHashTableType *HashTable; + bool gif89; +diff --git a/jdk/src/share/native/sun/awt/giflib/gifalloc.c b/jdk/src/share/native/sun/awt/giflib/gifalloc.c +index 75b74b4fba..5aef304455 100644 +--- a/jdk/src/share/native/sun/awt/giflib/gifalloc.c ++++ b/jdk/src/share/native/sun/awt/giflib/gifalloc.c +@@ -30,59 +30,59 @@ SPDX-License-Identifier: MIT + + ****************************************************************************/ + +-#include + #include ++#include + #include + + #include "gif_lib.h" + #include "gif_lib_private.h" + +-#define MAX(x, y) (((x) > (y)) ? (x) : (y)) ++#define MAX(x, y) (((x) > (y)) ? (x) : (y)) + + /****************************************************************************** + Miscellaneous utility functions + ******************************************************************************/ + + /* return smallest bitfield size n will fit in */ +-int +-GifBitSize(int n) +-{ ++int GifBitSize(int n) { + register int i; + +- for (i = 1; i <= 8; i++) +- if ((1 << i) >= n) ++ for (i = 1; i <= 8; i++) { ++ if ((1 << i) >= n) { + break; ++ } ++ } + return (i); + } + + /****************************************************************************** +- Color map object functions ++ Color map object functions + ******************************************************************************/ + + /* + * Allocate a color map of given size; initialize with contents of + * ColorMap if that pointer is non-NULL. + */ +-ColorMapObject * +-GifMakeMapObject(int ColorCount, const GifColorType *ColorMap) +-{ ++ColorMapObject *GifMakeMapObject(int ColorCount, const GifColorType *ColorMap) { + ColorMapObject *Object; + + /*** FIXME: Our ColorCount has to be a power of two. Is it necessary to +- * make the user know that or should we automatically round up instead? */ ++ * make the user know that or should we automatically round up instead? ++ */ + if (ColorCount != (1 << GifBitSize(ColorCount))) { +- return ((ColorMapObject *) NULL); ++ return ((ColorMapObject *)NULL); + } + + Object = (ColorMapObject *)malloc(sizeof(ColorMapObject)); +- if (Object == (ColorMapObject *) NULL) { +- return ((ColorMapObject *) NULL); ++ if (Object == (ColorMapObject *)NULL) { ++ return ((ColorMapObject *)NULL); + } + +- Object->Colors = (GifColorType *)calloc(ColorCount, sizeof(GifColorType)); +- if (Object->Colors == (GifColorType *) NULL) { ++ Object->Colors = ++ (GifColorType *)calloc(ColorCount, sizeof(GifColorType)); ++ if (Object->Colors == (GifColorType *)NULL) { + free(Object); +- return ((ColorMapObject *) NULL); ++ return ((ColorMapObject *)NULL); + } + + Object->ColorCount = ColorCount; +@@ -90,19 +90,17 @@ GifMakeMapObject(int ColorCount, const GifColorType *ColorMap) + Object->SortFlag = false; + + if (ColorMap != NULL) { +- memcpy((char *)Object->Colors, +- (char *)ColorMap, ColorCount * sizeof(GifColorType)); ++ memcpy((char *)Object->Colors, (char *)ColorMap, ++ ColorCount * sizeof(GifColorType)); + } + + return (Object); + } + + /******************************************************************************* +-Free a color map object ++ Free a color map object + *******************************************************************************/ +-void +-GifFreeMapObject(ColorMapObject *Object) +-{ ++void GifFreeMapObject(ColorMapObject *Object) { + if (Object != NULL) { + (void)free(Object->Colors); + (void)free(Object); +@@ -110,17 +108,14 @@ GifFreeMapObject(ColorMapObject *Object) + } + + #ifdef DEBUG +-void +-DumpColorMap(ColorMapObject *Object, +- FILE * fp) +-{ ++void DumpColorMap(ColorMapObject *Object, FILE *fp) { + if (Object != NULL) { + int i, j, Len = Object->ColorCount; + + for (i = 0; i < Len; i += 4) { + for (j = 0; j < 4 && j < Len; j++) { +- (void)fprintf(fp, "%3d: %02x %02x %02x ", i + j, +- Object->Colors[i + j].Red, ++ (void)fprintf(fp, "%3d: %02x %02x %02x ", ++ i + j, Object->Colors[i + j].Red, + Object->Colors[i + j].Green, + Object->Colors[i + j].Blue); + } +@@ -137,11 +132,9 @@ DumpColorMap(ColorMapObject *Object, + copied iff they didn't exist before. ColorTransIn2 maps the old + ColorIn2 into the ColorUnion color map table./ + *******************************************************************************/ +-ColorMapObject * +-GifUnionColorMap(const ColorMapObject *ColorIn1, +- const ColorMapObject *ColorIn2, +- GifPixelType ColorTransIn2[]) +-{ ++ColorMapObject *GifUnionColorMap(const ColorMapObject *ColorIn1, ++ const ColorMapObject *ColorIn2, ++ GifPixelType ColorTransIn2[]) { + int i, j, CrntSlot, RoundUpTo, NewGifBitSize; + ColorMapObject *ColorUnion; + +@@ -152,17 +145,19 @@ GifUnionColorMap(const ColorMapObject *ColorIn1, + */ + + /* Allocate table which will hold the result for sure. */ +- ColorUnion = GifMakeMapObject(MAX(ColorIn1->ColorCount, +- ColorIn2->ColorCount) * 2, NULL); ++ ColorUnion = GifMakeMapObject( ++ MAX(ColorIn1->ColorCount, ColorIn2->ColorCount) * 2, NULL); + +- if (ColorUnion == NULL) ++ if (ColorUnion == NULL) { + return (NULL); ++ } + + /* + * Copy ColorIn1 to ColorUnion. + */ +- for (i = 0; i < ColorIn1->ColorCount; i++) ++ for (i = 0; i < ColorIn1->ColorCount; i++) { + ColorUnion->Colors[i] = ColorIn1->Colors[i]; ++ } + CrntSlot = ColorIn1->ColorCount; + + /* +@@ -172,22 +167,25 @@ GifUnionColorMap(const ColorMapObject *ColorIn1, + * of table 1. This is very useful if your display is limited to + * 16 colors. + */ +- while (ColorIn1->Colors[CrntSlot - 1].Red == 0 +- && ColorIn1->Colors[CrntSlot - 1].Green == 0 +- && ColorIn1->Colors[CrntSlot - 1].Blue == 0) ++ while (ColorIn1->Colors[CrntSlot - 1].Red == 0 && ++ ColorIn1->Colors[CrntSlot - 1].Green == 0 && ++ ColorIn1->Colors[CrntSlot - 1].Blue == 0) { + CrntSlot--; ++ } + + /* Copy ColorIn2 to ColorUnion (use old colors if they exist): */ + for (i = 0; i < ColorIn2->ColorCount && CrntSlot <= 256; i++) { + /* Let's see if this color already exists: */ +- for (j = 0; j < ColorIn1->ColorCount; j++) +- if (memcmp (&ColorIn1->Colors[j], &ColorIn2->Colors[i], +- sizeof(GifColorType)) == 0) ++ for (j = 0; j < ColorIn1->ColorCount; j++) { ++ if (memcmp(&ColorIn1->Colors[j], &ColorIn2->Colors[i], ++ sizeof(GifColorType)) == 0) { + break; ++ } ++ } + +- if (j < ColorIn1->ColorCount) +- ColorTransIn2[i] = j; /* color exists in Color1 */ +- else { ++ if (j < ColorIn1->ColorCount) { ++ ColorTransIn2[i] = j; /* color exists in Color1 */ ++ } else { + /* Color is new - copy it to a new slot: */ + ColorUnion->Colors[CrntSlot] = ColorIn2->Colors[i]; + ColorTransIn2[i] = CrntSlot++; +@@ -196,7 +194,7 @@ GifUnionColorMap(const ColorMapObject *ColorIn1, + + if (CrntSlot > 256) { + GifFreeMapObject(ColorUnion); +- return ((ColorMapObject *) NULL); ++ return ((ColorMapObject *)NULL); + } + + NewGifBitSize = GifBitSize(CrntSlot); +@@ -210,16 +208,17 @@ GifUnionColorMap(const ColorMapObject *ColorIn1, + * We know these slots exist because of the way ColorUnion's + * start dimension was computed. + */ +- for (j = CrntSlot; j < RoundUpTo; j++) ++ for (j = CrntSlot; j < RoundUpTo; j++) { + Map[j].Red = Map[j].Green = Map[j].Blue = 0; ++ } + + /* perhaps we can shrink the map? */ + if (RoundUpTo < ColorUnion->ColorCount) { +- GifColorType *new_map = (GifColorType *)reallocarray(Map, +- RoundUpTo, sizeof(GifColorType)); +- if( new_map == NULL ) { ++ GifColorType *new_map = (GifColorType *)reallocarray( ++ Map, RoundUpTo, sizeof(GifColorType)); ++ if (new_map == NULL) { + GifFreeMapObject(ColorUnion); +- return ((ColorMapObject *) NULL); ++ return ((ColorMapObject *)NULL); + } + ColorUnion->Colors = new_map; + } +@@ -234,49 +233,49 @@ GifUnionColorMap(const ColorMapObject *ColorIn1, + /******************************************************************************* + Apply a given color translation to the raster bits of an image + *******************************************************************************/ +-void +-GifApplyTranslation(SavedImage *Image, GifPixelType Translation[]) +-{ ++void GifApplyTranslation(SavedImage *Image, const GifPixelType Translation[]) { + register int i; +- register int RasterSize = Image->ImageDesc.Height * Image->ImageDesc.Width; ++ register int RasterSize = ++ Image->ImageDesc.Height * Image->ImageDesc.Width; + +- for (i = 0; i < RasterSize; i++) ++ for (i = 0; i < RasterSize; i++) { + Image->RasterBits[i] = Translation[Image->RasterBits[i]]; ++ } + } + + /****************************************************************************** + Extension record functions + ******************************************************************************/ +-int +-GifAddExtensionBlock(int *ExtensionBlockCount, +- ExtensionBlock **ExtensionBlocks, +- int Function, +- unsigned int Len, +- unsigned char ExtData[]) +-{ ++int GifAddExtensionBlock(int *ExtensionBlockCount, ++ ExtensionBlock **ExtensionBlocks, int Function, ++ unsigned int Len, unsigned char ExtData[]) { + ExtensionBlock *ep; + +- if (*ExtensionBlocks == NULL) +- *ExtensionBlocks=(ExtensionBlock *)malloc(sizeof(ExtensionBlock)); +- else { +- ExtensionBlock* ep_new = (ExtensionBlock *)reallocarray +- (*ExtensionBlocks, (*ExtensionBlockCount + 1), +- sizeof(ExtensionBlock)); +- if( ep_new == NULL ) ++ if (*ExtensionBlocks == NULL) { ++ *ExtensionBlocks = ++ (ExtensionBlock *)malloc(sizeof(ExtensionBlock)); ++ } else { ++ ExtensionBlock *ep_new = (ExtensionBlock *)reallocarray( ++ *ExtensionBlocks, (*ExtensionBlockCount + 1), ++ sizeof(ExtensionBlock)); ++ if (ep_new == NULL) { + return (GIF_ERROR); ++ } + *ExtensionBlocks = ep_new; + } + +- if (*ExtensionBlocks == NULL) ++ if (*ExtensionBlocks == NULL) { + return (GIF_ERROR); ++ } + + ep = &(*ExtensionBlocks)[(*ExtensionBlockCount)++]; + + ep->Function = Function; +- ep->ByteCount=Len; ++ ep->ByteCount = Len; + ep->Bytes = (GifByteType *)malloc(ep->ByteCount); +- if (ep->Bytes == NULL) ++ if (ep->Bytes == NULL) { + return (GIF_ERROR); ++ } + + if (ExtData != NULL) { + memcpy(ep->Bytes, ExtData, Len); +@@ -285,38 +284,36 @@ GifAddExtensionBlock(int *ExtensionBlockCount, + return (GIF_OK); + } + +-void +-GifFreeExtensions(int *ExtensionBlockCount, +- ExtensionBlock **ExtensionBlocks) +-{ ++void GifFreeExtensions(int *ExtensionBlockCount, ++ ExtensionBlock **ExtensionBlocks) { + ExtensionBlock *ep; + +- if (*ExtensionBlocks == NULL) ++ if (*ExtensionBlocks == NULL) { + return; ++ } + + for (ep = *ExtensionBlocks; +- ep < (*ExtensionBlocks + *ExtensionBlockCount); +- ep++) ++ ep < (*ExtensionBlocks + *ExtensionBlockCount); ep++) { + (void)free((char *)ep->Bytes); ++ } + (void)free((char *)*ExtensionBlocks); + *ExtensionBlocks = NULL; + *ExtensionBlockCount = 0; + } + + /****************************************************************************** +- Image block allocation functions ++ Image block allocation functions + ******************************************************************************/ + + /* Private Function: + * Frees the last image in the GifFile->SavedImages array + */ +-void +-FreeLastSavedImage(GifFileType *GifFile) +-{ ++void FreeLastSavedImage(GifFileType *GifFile) { + SavedImage *sp; + +- if ((GifFile == NULL) || (GifFile->SavedImages == NULL)) ++ if ((GifFile == NULL) || (GifFile->SavedImages == NULL)) { + return; ++ } + + /* Remove one SavedImage from the GifFile */ + GifFile->ImageCount--; +@@ -329,54 +326,58 @@ FreeLastSavedImage(GifFileType *GifFile) + } + + /* Deallocate the image data */ +- if (sp->RasterBits != NULL) ++ if (sp->RasterBits != NULL) { + free((char *)sp->RasterBits); ++ } + + /* Deallocate any extensions */ + GifFreeExtensions(&sp->ExtensionBlockCount, &sp->ExtensionBlocks); + + /*** FIXME: We could realloc the GifFile->SavedImages structure but is + * there a point to it? Saves some memory but we'd have to do it every +- * time. If this is used in GifFreeSavedImages then it would be inefficient +- * (The whole array is going to be deallocated.) If we just use it when +- * we want to free the last Image it's convenient to do it here. ++ * time. If this is used in GifFreeSavedImages then it would be ++ * inefficient (The whole array is going to be deallocated.) If we just ++ * use it when we want to free the last Image it's convenient to do it ++ * here. + */ + } + + /* + * Append an image block to the SavedImages array + */ +-SavedImage * +-GifMakeSavedImage(GifFileType *GifFile, const SavedImage *CopyFrom) +-{ +- if (GifFile->SavedImages == NULL) ++SavedImage *GifMakeSavedImage(GifFileType *GifFile, ++ const SavedImage *CopyFrom) { ++ // cppcheck-suppress ctunullpointer ++ if (GifFile->SavedImages == NULL) { + GifFile->SavedImages = (SavedImage *)malloc(sizeof(SavedImage)); +- else { +- SavedImage* newSavedImages = (SavedImage *)reallocarray(GifFile->SavedImages, +- (GifFile->ImageCount + 1), sizeof(SavedImage)); +- if( newSavedImages == NULL) ++ } else { ++ SavedImage *newSavedImages = (SavedImage *)reallocarray( ++ GifFile->SavedImages, (GifFile->ImageCount + 1), ++ sizeof(SavedImage)); ++ if (newSavedImages == NULL) { + return ((SavedImage *)NULL); ++ } + GifFile->SavedImages = newSavedImages; + } +- if (GifFile->SavedImages == NULL) ++ if (GifFile->SavedImages == NULL) { + return ((SavedImage *)NULL); +- else { ++ } else { + SavedImage *sp = &GifFile->SavedImages[GifFile->ImageCount++]; + + if (CopyFrom != NULL) { + memcpy((char *)sp, CopyFrom, sizeof(SavedImage)); + + /* +- * Make our own allocated copies of the heap fields in the +- * copied record. This guards against potential aliasing +- * problems. ++ * Make our own allocated copies of the heap fields in ++ * the copied record. This guards against potential ++ * aliasing problems. + */ + + /* first, the local color map */ + if (CopyFrom->ImageDesc.ColorMap != NULL) { + sp->ImageDesc.ColorMap = GifMakeMapObject( +- CopyFrom->ImageDesc.ColorMap->ColorCount, +- CopyFrom->ImageDesc.ColorMap->Colors); ++ CopyFrom->ImageDesc.ColorMap->ColorCount, ++ CopyFrom->ImageDesc.ColorMap->Colors); + if (sp->ImageDesc.ColorMap == NULL) { + FreeLastSavedImage(GifFile); + return (SavedImage *)(NULL); +@@ -384,32 +385,36 @@ GifMakeSavedImage(GifFileType *GifFile, const SavedImage *CopyFrom) + } + + /* next, the raster */ +- sp->RasterBits = (unsigned char *)reallocarray(NULL, +- (CopyFrom->ImageDesc.Height * +- CopyFrom->ImageDesc.Width), +- sizeof(GifPixelType)); ++ sp->RasterBits = (unsigned char *)reallocarray( ++ NULL, ++ (CopyFrom->ImageDesc.Height * ++ CopyFrom->ImageDesc.Width), ++ sizeof(GifPixelType)); + if (sp->RasterBits == NULL) { + FreeLastSavedImage(GifFile); + return (SavedImage *)(NULL); + } + memcpy(sp->RasterBits, CopyFrom->RasterBits, +- sizeof(GifPixelType) * CopyFrom->ImageDesc.Height * +- CopyFrom->ImageDesc.Width); ++ sizeof(GifPixelType) * ++ CopyFrom->ImageDesc.Height * ++ CopyFrom->ImageDesc.Width); + + /* finally, the extension blocks */ + if (CopyFrom->ExtensionBlocks != NULL) { +- sp->ExtensionBlocks = (ExtensionBlock *)reallocarray(NULL, +- CopyFrom->ExtensionBlockCount, +- sizeof(ExtensionBlock)); ++ sp->ExtensionBlocks = ++ (ExtensionBlock *)reallocarray( ++ NULL, CopyFrom->ExtensionBlockCount, ++ sizeof(ExtensionBlock)); + if (sp->ExtensionBlocks == NULL) { + FreeLastSavedImage(GifFile); + return (SavedImage *)(NULL); + } +- memcpy(sp->ExtensionBlocks, CopyFrom->ExtensionBlocks, +- sizeof(ExtensionBlock) * CopyFrom->ExtensionBlockCount); ++ memcpy(sp->ExtensionBlocks, ++ CopyFrom->ExtensionBlocks, ++ sizeof(ExtensionBlock) * ++ CopyFrom->ExtensionBlockCount); + } +- } +- else { ++ } else { + memset((char *)sp, '\0', sizeof(SavedImage)); + } + +@@ -417,9 +422,7 @@ GifMakeSavedImage(GifFileType *GifFile, const SavedImage *CopyFrom) + } + } + +-void +-GifFreeSavedImages(GifFileType *GifFile) +-{ ++void GifFreeSavedImages(GifFileType *GifFile) { + SavedImage *sp; + + if ((GifFile == NULL) || (GifFile->SavedImages == NULL)) { +@@ -432,10 +435,12 @@ GifFreeSavedImages(GifFileType *GifFile) + sp->ImageDesc.ColorMap = NULL; + } + +- if (sp->RasterBits != NULL) ++ if (sp->RasterBits != NULL) { + free((char *)sp->RasterBits); ++ } + +- GifFreeExtensions(&sp->ExtensionBlockCount, &sp->ExtensionBlocks); ++ GifFreeExtensions(&sp->ExtensionBlockCount, ++ &sp->ExtensionBlocks); + } + free((char *)GifFile->SavedImages); + GifFile->SavedImages = NULL; +diff --git a/jdk/src/share/native/sun/awt/giflib/openbsd-reallocarray.c b/jdk/src/share/native/sun/awt/giflib/openbsd-reallocarray.c +index 452df69d7c..7420af674c 100644 +--- a/jdk/src/share/native/sun/awt/giflib/openbsd-reallocarray.c ++++ b/jdk/src/share/native/sun/awt/giflib/openbsd-reallocarray.c +@@ -28,24 +28,22 @@ + * SPDX-License-Identifier: MIT + */ + +-#include + #include + #include + #include ++#include + + #ifndef SIZE_MAX +- #define SIZE_MAX UINTPTR_MAX ++#define SIZE_MAX UINTPTR_MAX + #endif + + /* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +-#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) ++#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +-void * +-openbsd_reallocarray(void *optr, size_t nmemb, size_t size) +-{ ++void *openbsd_reallocarray(void *optr, size_t nmemb, size_t size) { + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + nmemb > 0 && SIZE_MAX / nmemb < size) { + errno = ENOMEM; +@@ -93,7 +91,8 @@ openbsd_reallocarray(void *optr, size_t nmemb, size_t size) + * fuzzing on one platform may not detect zero-size allocation + * problems on other platforms. + */ +- if (size == 0 || nmemb == 0) ++ if (size == 0 || nmemb == 0) { + return NULL; ++ } + return realloc(optr, size * nmemb); + } diff --git a/SOURCES/jdk8339414-fix_8202369_backport.patch b/SOURCES/jdk8339414-fix_8202369_backport.patch new file mode 100644 index 0000000..3250ef4 --- /dev/null +++ b/SOURCES/jdk8339414-fix_8202369_backport.patch @@ -0,0 +1,63 @@ +commit 51b6307937d9584f8690e4916444e479eeafff28 +Author: Thomas Fitzsimmons +Date: Mon Jun 16 23:04:07 2025 +0000 + + 8339414: Fix JDK-8202369 incorrect backport for 8u + + Reviewed-by: andrew + +diff --git a/jdk/src/solaris/native/java/net/Inet4AddressImpl.c b/jdk/src/solaris/native/java/net/Inet4AddressImpl.c +index e30851df576..8b2e3cdce93 100644 +--- a/jdk/src/solaris/native/java/net/Inet4AddressImpl.c ++++ b/jdk/src/solaris/native/java/net/Inet4AddressImpl.c +@@ -332,37 +332,33 @@ Java_java_net_Inet4AddressImpl_getHostByAddr(JNIEnv *env, jobject this, + */ + JNIEXPORT jstring JNICALL + Java_java_net_Inet4AddressImpl_getLocalHostName(JNIEnv *env, jobject this) { +- char hostname[NI_MAXHOST+1]; ++ char hostname[NI_MAXHOST + 1]; + + hostname[0] = '\0'; + if (JVM_GetHostName(hostname, sizeof(hostname))) { +- /* Something went wrong, maybe networking is not setup? */ + strcpy(hostname, "localhost"); + } else { ++#if defined(__solaris__) ++ // try to resolve hostname via nameservice ++ // if it is known but getnameinfo fails, hostname will still be the ++ // value from gethostname + struct addrinfo hints, *res; +- int error; + ++ // make sure string is null-terminated + hostname[NI_MAXHOST] = '\0'; + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + hints.ai_family = AF_INET; + +- error = getaddrinfo(hostname, NULL, &hints, &res); +- +- if (error == 0) {/* host is known to name service */ +- getnameinfo(res->ai_addr, +- res->ai_addrlen, +- hostname, +- NI_MAXHOST, +- NULL, +- 0, +- NI_NAMEREQD); +- +- /* if getnameinfo fails hostname is still the value +- from gethostname */ +- ++ if (getaddrinfo(hostname, NULL, &hints, &res) == 0) { ++ getnameinfo(res->ai_addr, res->ai_addrlen, hostname, NI_MAXHOST, ++ NULL, 0, NI_NAMEREQD); + freeaddrinfo(res); + } ++#else ++ // make sure string is null-terminated ++ hostname[NI_MAXHOST] = '\0'; ++#endif + } + return (*env)->NewStringUTF(env, hostname); + } diff --git a/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch b/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch index 17e1f69..cbb72b6 100644 --- a/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch +++ b/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch @@ -7,10 +7,11 @@ 8074839: Resolve disabled warnings for libunpack and the unpack200 binary Reviewed-by: dholmes, ksrini -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h -@@ -63,7 +63,7 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +index bdaf95a2f6a..60c5b4f2a69 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +@@ -63,7 +63,7 @@ struct bytes { bytes res; res.ptr = ptr + beg; res.len = end - beg; @@ -19,10 +20,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openj return res; } // building C strings inside byte buffers: -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp -@@ -292,7 +292,7 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +index 5fbc7261fb3..4c002e779d8 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject if (uPtr->aborting()) { THROW_IOE(uPtr->get_abort_message()); @@ -31,16 +33,16 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openj } // We have fetched all the files. -@@ -310,7 +310,7 @@ - JNIEXPORT jlong JNICALL - Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { - unpacker* uPtr = get_unpacker(env, pObj, false); +@@ -312,7 +312,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { + // There's no need to create a new unpacker here if we don't already have one + // just to immediatly free it afterwards. + unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true); - CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0); size_t consumed = uPtr->input_consumed(); + // free_unpacker() will set the unpacker field on 'pObj' to null free_unpacker(env, pObj, uPtr); - return consumed; -@@ -320,6 +320,7 @@ +@@ -323,6 +323,7 @@ JNIEXPORT jboolean JNICALL Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj, jstring pProp, jstring pValue) { unpacker* uPtr = get_unpacker(env, pObj); @@ -48,10 +50,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openj const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); CHECK_EXCEPTION_RETURN_VALUE(prop, false); const char* value = env->GetStringUTFChars(pValue, JNI_FALSE); -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp -@@ -142,31 +142,28 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +index 6fbc43a18ae..722c8baaff0 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) { return progname; } @@ -101,10 +104,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp open } } -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp -@@ -222,9 +222,9 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +index a585535c513..8df3fade499 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +@@ -225,9 +225,9 @@ struct entry { } #ifdef PRODUCT @@ -116,7 +120,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op #endif }; -@@ -715,13 +715,13 @@ +@@ -719,13 +719,13 @@ void unpacker::read_file_header() { // Now we can size the whole archive. // Read everything else into a mega-buffer. rp = hdr.rp; @@ -134,7 +138,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op abort("EOF reading fixed input buffer"); return; } -@@ -735,7 +735,7 @@ +@@ -739,7 +739,7 @@ void unpacker::read_file_header() { return; } input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), @@ -143,7 +147,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op CHECK; assert(input.limit()[0] == 0); // Move all the bytes we read initially into the real buffer. -@@ -958,13 +958,13 @@ +@@ -962,13 +962,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { nentries = next_entry; // place a limit on future CP growth: @@ -159,18 +163,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op // Note that this CP does not include "empty" entries // for longs and doubles. Those are introduced when -@@ -982,8 +982,9 @@ - } - - // Initialize *all* our entries once -- for (int i = 0 ; i < maxentries ; i++) -+ for (uint i = 0 ; i < maxentries ; i++) { - entries[i].outputIndex = REQUESTED_NONE; -+ } - - initGroupIndexes(); - // Initialize hashTab to a generous power-of-two size. -@@ -3677,21 +3678,22 @@ +@@ -3694,21 +3694,22 @@ void cpool::computeOutputIndexes() { unpacker* debug_u; @@ -197,7 +190,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op case CONSTANT_Signature: if (value.b.ptr == null) return ref(0)->string(); -@@ -3711,26 +3713,28 @@ +@@ -3728,26 +3729,28 @@ char* entry::string() { break; default: if (nrefs == 0) { @@ -235,10 +228,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op } void print_cp_entries(int beg, int end) { -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h -@@ -209,7 +209,7 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +index 4ec595333c4..aad0c971ef2 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +@@ -209,7 +209,7 @@ struct unpacker { byte* rp; // read pointer (< rplimit <= input.limit()) byte* rplimit; // how much of the input block has been read? julong bytes_read; @@ -247,10 +241,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h open // callback to read at least one byte, up to available input typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen); -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp -@@ -81,7 +81,7 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +index da39a589545..1281d8b25c8 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger int assert_failed(const char* p) { char message[1<<12]; sprintf(message, "@assert failed: %s\n", p); @@ -259,10 +254,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ope breakpoint(); unpack_abort(message); return 0; -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp -@@ -84,7 +84,7 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +index f58c94956c0..343da3e183b 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) { } // Write data to the ZIP output stream. @@ -271,7 +267,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openj while (len > 0) { int rc = (int)fwrite(buff, 1, len, jarfp); if (rc <= 0) { -@@ -323,12 +323,12 @@ +@@ -323,12 +323,12 @@ void jar::write_central_directory() { // Total number of disks (int) header64[36] = (ushort)SWAP_BYTES(1); header64[37] = 0; @@ -286,10 +282,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openj PRINTCR((2, "writing zip comment\n")); // Write the comment. -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h -@@ -68,8 +68,8 @@ +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +index 14ffc9d65bd..9877f6f68ca 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +@@ -68,8 +68,8 @@ struct jar { } // Private Methods diff --git a/SOURCES/pr2888-rh2055274-support_system_cacerts.patch b/SOURCES/pr2888-rh2055274-support_system_cacerts-8139f2361c2.patch similarity index 50% rename from SOURCES/pr2888-rh2055274-support_system_cacerts.patch rename to SOURCES/pr2888-rh2055274-support_system_cacerts-8139f2361c2.patch index 1b88f2a..818e27a 100644 --- a/SOURCES/pr2888-rh2055274-support_system_cacerts.patch +++ b/SOURCES/pr2888-rh2055274-support_system_cacerts-8139f2361c2.patch @@ -1,5 +1,5 @@ diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java -index e7b4763db53..e8ec8467e6a 100644 +index e7b4763db53..0005e56f528 100644 --- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java +++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java @@ -31,6 +31,7 @@ import java.security.*; @@ -19,16 +19,17 @@ index e7b4763db53..e8ec8467e6a 100644 */ private static final class TrustStoreDescriptor { private static final String fileSep = File.separator; -@@ -76,7 +77,7 @@ final class TrustStoreManager { +@@ -76,7 +77,8 @@ final class TrustStoreManager { GetPropertyAction.privilegedGetProperty("java.home") + fileSep + "lib" + fileSep + "security"; private static final String defaultStore = - defaultStorePath + fileSep + "cacerts"; -+ KeyStoreUtil.getCacertsKeyStoreFile().getPath(); ++ AccessController.doPrivileged((PrivilegedAction) () -> ++ KeyStoreUtil.getCacertsKeyStorePath()); private static final String jsseDefaultStore = defaultStorePath + fileSep + "jssecacerts"; -@@ -139,6 +140,10 @@ final class TrustStoreManager { +@@ -139,6 +141,10 @@ final class TrustStoreManager { String storePropPassword = System.getProperty( "javax.net.ssl.trustStorePassword", ""); @@ -39,117 +40,56 @@ index e7b4763db53..e8ec8467e6a 100644 String temporaryName = ""; File temporaryFile = null; long temporaryTime = 0L; -@@ -146,21 +151,22 @@ final class TrustStoreManager { - String[] fileNames = - new String[] {storePropName, defaultStore}; - for (String fileName : fileNames) { -- File f = new File(fileName); -- if (f.isFile() && f.canRead()) { -- temporaryName = fileName;; -- temporaryFile = f; -- temporaryTime = f.lastModified(); -- -- break; -- } -- -- // Not break, the file is inaccessible. -- if (SSLLogger.isOn && -+ if (fileName != null && !"".equals(fileName)) { -+ File f = new File(fileName); -+ if (f.isFile() && f.canRead()) { -+ temporaryName = fileName;; -+ temporaryFile = f; -+ temporaryTime = f.lastModified(); -+ -+ break; -+ } -+ // Not break, the file is inaccessible. -+ if (SSLLogger.isOn && +@@ -160,7 +166,7 @@ final class TrustStoreManager { SSLLogger.isOn("trustmanager")) { -- SSLLogger.fine( -- "Inaccessible trust store: " + + SSLLogger.fine( + "Inaccessible trust store: " + - storePropName); -+ SSLLogger.fine( -+ "Inaccessible trust store: " + -+ fileName); -+ } ++ fileName); } } } else { diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java -index fcc77786da1..f554f83a8b4 100644 +index fcc77786da1..3a4388964cc 100644 --- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java +++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java -@@ -33,7 +33,10 @@ import java.io.InputStreamReader; +@@ -41,6 +41,8 @@ import java.text.Collator; + import java.util.Locale; + import java.util.ResourceBundle; - import java.net.URL; - -+import java.security.AccessController; - import java.security.KeyStore; -+import java.security.PrivilegedAction; -+import java.security.Security; - - import java.security.cert.X509Certificate; - import java.text.Collator; -@@ -54,6 +57,33 @@ public class KeyStoreUtil { ++import sun.security.util.SecurityProperties; ++ + /** + *

This class provides several utilities to KeyStore. + * +@@ -54,6 +56,8 @@ public class KeyStoreUtil { private static final String JKS = "jks"; -+ private static final String PROP_NAME = "security.systemCACerts"; -+ -+ /** -+ * Returns the value of the security property propName, which can be overridden -+ * by a system property of the same name -+ * -+ * @param propName the name of the system or security property -+ * @return the value of the system or security property -+ */ -+ @SuppressWarnings("removal") -+ public static String privilegedGetOverridable(String propName) { -+ if (System.getSecurityManager() == null) { -+ return getOverridableProperty(propName); -+ } else { -+ return AccessController.doPrivileged((PrivilegedAction) () -> getOverridableProperty(propName)); -+ } -+ } -+ -+ private static String getOverridableProperty(String propName) { -+ String val = System.getProperty(propName); -+ if (val == null) { -+ return Security.getProperty(propName); -+ } else { -+ return val; -+ } -+ } ++ private static final String SYSTEM_CA_CERTS_PROP = "security.systemCACerts"; + /** * Returns true if the certificate is self-signed, false otherwise. */ -@@ -96,20 +126,38 @@ public class KeyStoreUtil { +@@ -96,16 +100,30 @@ public class KeyStoreUtil { } } + /** + * Returns the path to the cacerts DB + */ -+ public static File getCacertsKeyStoreFile() ++ public static String getCacertsKeyStorePath() + { ++ // Check system DB first, preferring system property over security one ++ String systemDB = SecurityProperties ++ .privilegedGetOverridable(SYSTEM_CA_CERTS_PROP); ++ if (systemDB != null && !"".equals(systemDB) && ++ (new File(systemDB)).isFile()) { ++ return systemDB; ++ } + String sep = File.separator; -+ File file = null; -+ /* Check system cacerts DB first, preferring system property over security property */ -+ String systemDB = privilegedGetOverridable(PROP_NAME); -+ if (systemDB != null && !"".equals(systemDB)) { -+ file = new File(systemDB); -+ } -+ if (file == null || !file.exists()) { -+ file = new File(System.getProperty("java.home") + sep -+ + "lib" + sep + "security" + sep -+ + "cacerts"); -+ } -+ if (file.exists()) { -+ return file; -+ } -+ return null; ++ return System.getProperty("java.home") + sep ++ + "lib" + sep + "security" + sep + "cacerts"; + } + /** @@ -162,27 +102,21 @@ index fcc77786da1..f554f83a8b4 100644 - File file = new File(System.getProperty("java.home") + sep - + "lib" + sep + "security" + sep - + "cacerts"); -- if (!file.exists()) { -- return null; -- } - KeyStore caks = null; -+ File file = getCacertsKeyStoreFile(); -+ if (file == null) { return null; } - try (FileInputStream fis = new FileInputStream(file)) { - caks = KeyStore.getInstance(JKS); - caks.load(fis, null); ++ File file = new File(getCacertsKeyStorePath()); + if (!file.exists()) { + return null; + } diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix -index bfe0c593adb..093bc09bf95 100644 +index 681a24b905d..ecb8bc43a6c 100644 --- a/jdk/src/share/lib/security/java.security-aix +++ b/jdk/src/share/lib/security/java.security-aix -@@ -294,6 +294,13 @@ security.overridePropertiesFile=true +@@ -294,6 +294,12 @@ security.overridePropertiesFile=true # security.useSystemPropertiesFile=false +# +# Specifies the system certificate store -+# This property may be disabled using -+# -Djava.security.disableSystemCACerts=true ++# This property may be disabled using an empty value +# +security.systemCACerts=${java.home}/lib/security/cacerts + @@ -190,17 +124,16 @@ index bfe0c593adb..093bc09bf95 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux -index 9d1c8fe8a8e..16c9281cc1f 100644 +index 789c19a8cba..2546fdec9b2 100644 --- a/jdk/src/share/lib/security/java.security-linux +++ b/jdk/src/share/lib/security/java.security-linux -@@ -307,6 +307,13 @@ security.overridePropertiesFile=true +@@ -307,6 +307,12 @@ security.overridePropertiesFile=true # security.useSystemPropertiesFile=false +# +# Specifies the system certificate store -+# This property may be disabled using -+# -Djava.security.disableSystemCACerts=true ++# This property may be disabled using an empty value +# +security.systemCACerts=${java.home}/lib/security/cacerts + @@ -208,17 +141,16 @@ index 9d1c8fe8a8e..16c9281cc1f 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx -index 19047c61097..43e034cdeaf 100644 +index d4da666af3b..1a20027c02b 100644 --- a/jdk/src/share/lib/security/java.security-macosx +++ b/jdk/src/share/lib/security/java.security-macosx -@@ -297,6 +297,13 @@ security.overridePropertiesFile=true +@@ -297,6 +297,12 @@ security.overridePropertiesFile=true # security.useSystemPropertiesFile=false +# +# Specifies the system certificate store -+# This property may be disabled using -+# -Djava.security.disableSystemCACerts=true ++# This property may be disabled using an empty value +# +security.systemCACerts=${java.home}/lib/security/cacerts + @@ -226,17 +158,16 @@ index 19047c61097..43e034cdeaf 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris -index 7eda556ae13..325937e97fb 100644 +index 300132384a1..6299e0a3c7b 100644 --- a/jdk/src/share/lib/security/java.security-solaris +++ b/jdk/src/share/lib/security/java.security-solaris -@@ -295,6 +295,13 @@ security.overridePropertiesFile=true +@@ -295,6 +295,12 @@ security.overridePropertiesFile=true # security.useSystemPropertiesFile=false +# +# Specifies the system certificate store -+# This property may be disabled using -+# -Djava.security.disableSystemCACerts=true ++# This property may be disabled using an empty value +# +security.systemCACerts=${java.home}/lib/security/cacerts + @@ -244,17 +175,16 @@ index 7eda556ae13..325937e97fb 100644 # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows -index dfa1a669aa9..92ef777e065 100644 +index 64db5a5cd1e..823994f3466 100644 --- a/jdk/src/share/lib/security/java.security-windows +++ b/jdk/src/share/lib/security/java.security-windows -@@ -297,6 +297,13 @@ security.overridePropertiesFile=true +@@ -297,6 +297,12 @@ security.overridePropertiesFile=true # security.useSystemPropertiesFile=false +# +# Specifies the system certificate store -+# This property may be disabled using -+# -Djava.security.disableSystemCACerts=true ++# This property may be disabled using an empty value +# +security.systemCACerts=${java.home}/lib/security/cacerts + diff --git a/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh b/SOURCES/remove-intree-libraries.sh similarity index 100% rename from SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh rename to SOURCES/remove-intree-libraries.sh diff --git a/SOURCES/repackReproduciblePolycies.sh b/SOURCES/repack_reproducible_policies.sh similarity index 97% rename from SOURCES/repackReproduciblePolycies.sh rename to SOURCES/repack_reproducible_policies.sh index f356bd3..351e7a9 100644 --- a/SOURCES/repackReproduciblePolycies.sh +++ b/SOURCES/repack_reproducible_policies.sh @@ -17,7 +17,7 @@ fi d=`mktemp -d` NW=$d/$f pushd $d - jar xf $ORIG + unzip $ORIG cat $M # sed -i "s/Created-By.*/Created-By: 1.7.0/g" $M sed -i "s/Created-By.*/Created-By: $2/g" $M diff --git a/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch new file mode 100644 index 0000000..bddd702 --- /dev/null +++ b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch @@ -0,0 +1,16 @@ +diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java +--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500 ++++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500 +@@ -883,7 +883,11 @@ + return null; + } + }); +- loadAssistiveTechnologies(); ++ try { ++ loadAssistiveTechnologies(); ++ } catch ( AWTError error) { ++ // ignore silently ++ } + } + return toolkit; + } diff --git a/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch b/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch new file mode 100644 index 0000000..e909809 --- /dev/null +++ b/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch @@ -0,0 +1,13 @@ +--- openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100 ++++ openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100 +@@ -48,8 +48,8 @@ + + private final static String PROP_NAME = "sun.security.smartcardio.library"; + +- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so"; +- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so"; ++ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1"; ++ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1"; + private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC"; + + PlatformPCSC() { diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index ccf9e8e..2ec93de 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -1,3 +1,8 @@ +# To rebuild this RPM, you must first rebuild the portable +# RPM using the java-1.8.0-openjdk-portable.specfile, install +# it and then adjust portablerelease and portablesuffix +# to match the new portable. + # RPM conditionals so as to be able to dynamically produce # slowdebug/release builds. See: # http://rpm.org/user_doc/conditional_builds.html @@ -97,8 +102,7 @@ # similarly for other %%{_jvmdir}/{jre,java} and %%{_javadocdir}/{java,java-zip} %define is_release_build() %( if [ "%{?1}" == "%{debug_suffix_unquoted}" -o "%{?1}" == "%{fastdebug_suffix_unquoted}" ]; then echo "0" ; else echo "1"; fi ) -# while JDK is a techpreview(is_system_jdk=0), some provides are turned off. Once jdk stops to be an techpreview, move it to 1 -# as sytem JDK, we mean any JDK which can run whole system java stack without issues (like bytecode issues, module issues, dependencies...) +# Indicates whether this is the default JDK on this version of RHEL %global is_system_jdk 0 %global aarch64 aarch64 arm64 armv8 @@ -131,6 +135,15 @@ %global ssbd_arches x86_64 # Set of architectures where we verify backtraces with gdb %global gdb_arches %{jit_arches} %{zero_arches} +# Set of architectures for which we have a portable build +%global portable_build_arches %{aarch64} %{ix86} %{power64} x86_64 %{zero_arches} +# Architecture on which we run Java only tests +%if 0%{?centos} == 0 +# Temporarily include zero_arches until we can use a portable Zero build +%global jdk_test_arch x86_64 %{zero_arches} +%else +%global jdk_test_arch x86_64 +%endif # By default, we build a debug build during main build on JIT architectures %if %{with slowdebug} @@ -200,6 +213,9 @@ # See RHBZ#1861401 %define _lto_cflags %{nil} +# debugedit tool for rewriting ELF file paths +%global debugedit %{_rpmconfigdir}/debugedit + # Filter out flags from the optflags macro that cause problems with the OpenJDK build # We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 # We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) @@ -293,16 +309,22 @@ # New Version-String scheme-style defines %global majorver 8 - -# Define IcedTea version used for SystemTap tapsets and desktop file +# Define version of OpenJDK 8 used +%global project openjdk +%global repo shenandoah-jdk8u +%global openjdk_revision 8u462-b08 +%global shenandoah_revision shenandoah%{openjdk_revision} +# Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 # Define current Git revision for the FIPS support patches %global fipsver 6d1aade0648 +# Define current Git revision for the cacerts patch +%global cacertsver 8139f2361c2 # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{shenandoah_revision} # Settings for local security configuration %global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} @@ -321,33 +343,34 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif %endif %endif -# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. -%global shenandoah_project openjdk -%global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u362-b08 -%global shenandoah_revision shenandoah-%{openjdk_revision} -# Define old aarch64/jdk8u tree variables for compatibility -%global project %{shenandoah_project} -%global repo %{shenandoah_repo} -%global revision %{shenandoah_revision} - - # e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 -%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) +%global version_tag %(VERSION=%{shenandoah_revision}; echo ${VERSION%%-shenandoah-merge*}) # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) %global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 3 +# rpmrelease numbering must start at 2 to be later than the 9.0 RPM +%global rpmrelease 4 +# Settings used by the portable build +%global portablerelease 1 +# Portable suffix differs between RHEL and CentOS +%if 0%{?centos} == 0 +%global portablerhel 8 +%else +%global portablerhel 9 +%endif +%global portablesuffix el%{portablerhel} +%global portablebuilddir /builddir/build/BUILD + # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -391,7 +414,7 @@ # fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349 # https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14 # https://bugzilla.redhat.com/show_bug.cgi?id=1655938 -%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*%{jpeg_lib} +%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libffi[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*%{jpeg_lib} %global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.* %if %is_system_jdk %global __provides_exclude ^(%{_privatelibs})$ @@ -829,6 +852,8 @@ exit 0 %license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE %license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README %doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS +%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/README.md +%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/java-1.%{majorver}.0-openjdk-portable.specfile %dir %{_jvmdir}/%{sdkdir -- %{?1}} %{_jvmdir}/%{jrelnk -- %{?1}} %dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security @@ -907,6 +932,11 @@ exit 0 %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libawt.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libawt_headless.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libdt_socket.so +%ifarch %{zero_arches} +%if 0%{?rhel} != %{portablerhel} +%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libffi.so.* +%endif +%endif %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libfontmanager.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libhprof.so %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libinstrument.so @@ -990,11 +1020,12 @@ exit 0 %ifarch %{jfr_arches} %dir %{_jvmdir}/%{jredir -- %{?1}}/lib/jfr %endif +# RHEL-11313; alternatives not owned by packages %if %is_system_jdk %if %{is_release_build -- %{?1}} %ghost %{_bindir}/java %ghost %{_jvmdir}/jre -# https://bugzilla.redhat.com/show_bug.cgi?id=1312019 +%ghost %{_bindir}/%{alt_java_name} %ghost %{_bindir}/jjs %ghost %{_bindir}/keytool %ghost %{_bindir}/orbd @@ -1004,6 +1035,9 @@ exit 0 %ghost %{_bindir}/servertool %ghost %{_bindir}/tnameserv %ghost %{_bindir}/unpack200 +%ghost %{_jvmdir}/jre-%{origin} +%ghost %{_jvmdir}/jre-%{javaver} +%ghost %{_jvmdir}/jre-%{javaver}-%{origin} %endif %endif } @@ -1064,7 +1098,15 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/wsimport %{_jvmdir}/%{sdkdir -- %{?1}}/bin/xjc %{_jvmdir}/%{sdkdir -- %{?1}}/include/* -%{_jvmdir}/%{sdkdir -- %{?1}}/lib/%{archinstall} +%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/%{archinstall} +%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/%{archinstall}/jli +%ifarch %{zero_arches} +%if 0%{?rhel} != %{portablerhel} +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/%{archinstall}/libffi.so.* +%endif +%endif +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/%{archinstall}/libjawt.so +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/%{archinstall}/jli/libjli.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/ct.sym %if %{with_systemtap} %{_jvmdir}/%{sdkdir -- %{?1}}/tapset @@ -1090,8 +1132,8 @@ exit 0 %{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/javah-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jdb-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jdeps-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jhat-%{uniquesuffix -- %{?1}}.1* @@ -1116,8 +1158,10 @@ exit 0 %dir %{tapsetdir} %{tapsetdir}/*%{_arch}%{?1}.stp %endif +# RHEL-11313; alternatives not owned by packages %if %is_system_jdk %if %{is_release_build -- %{?1}} +%ghost %{_bindir}/javac %ghost %{_jvmdir}/java %ghost %{_bindir}/appletviewer %ghost %{_bindir}/clhsdb @@ -1126,9 +1170,6 @@ exit 0 %ghost %{_bindir}/idlj %ghost %{_bindir}/jar %ghost %{_bindir}/jarsigner -%ghost %{_bindir}/java -%ghost %{_bindir}/java-rmi.cgi -%ghost %{_bindir}/javac %ghost %{_bindir}/javadoc %ghost %{_bindir}/javah %ghost %{_bindir}/javap @@ -1136,6 +1177,7 @@ exit 0 %ghost %{_bindir}/jconsole %ghost %{_bindir}/jdb %ghost %{_bindir}/jdeps +%ghost %{_bindir}/jfr %ghost %{_bindir}/jhat %ghost %{_bindir}/jinfo %ghost %{_bindir}/jjs @@ -1146,22 +1188,16 @@ exit 0 %ghost %{_bindir}/jstack %ghost %{_bindir}/jstat %ghost %{_bindir}/jstatd -%ghost %{_bindir}/keytool %ghost %{_bindir}/native2ascii -%ghost %{_bindir}/orbd -%ghost %{_bindir}/pack200 -%ghost %{_bindir}/policytool %ghost %{_bindir}/rmic -%ghost %{_bindir}/rmid -%ghost %{_bindir}/rmiregistry %ghost %{_bindir}/schemagen %ghost %{_bindir}/serialver -%ghost %{_bindir}/servertool -%ghost %{_bindir}/tnameserv -%ghost %{_bindir}/unpack200 %ghost %{_bindir}/wsgen %ghost %{_bindir}/wsimport %ghost %{_bindir}/xjc +%ghost %{_jvmdir}/java-%{origin} +%ghost %{_jvmdir}/java-%{javaver} +%ghost %{_jvmdir}/java-%{javaver}-%{origin} %endif %endif } @@ -1174,7 +1210,6 @@ exit 0 %define files_src() %{expand: %defattr(-,root,root,-) -%doc README.md %{_jvmdir}/%{sdkdir -- %{?1}}/src.zip } @@ -1182,7 +1217,11 @@ exit 0 %defattr(-,root,root,-) %doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}} #javadoc is in jdk8 noarch, so also licnese file must be treated like it +%ifarch %{portable_build_arches} +%license %{installoutputdir -- %{?1}}/jre/LICENSE +%else %license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +%endif %if %is_system_jdk %if %{is_release_build -- %{?1}} %ghost %{_javadocdir}/java @@ -1194,7 +1233,11 @@ exit 0 %defattr(-,root,root,-) %doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip #javadoc is in jdk8 noarch, so also licnese file must be treated like it +%ifarch %{portable_build_arches} +%license %{installoutputdir -- %{?1}}/jre/LICENSE +%else %license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +%endif %if %is_system_jdk %if %{is_release_build -- %{?1}} %ghost %{_javadocdir}/java-zip @@ -1236,8 +1279,8 @@ Provides: jre%{?1} = %{epoch}:%{version}-%{release} Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros Requires: javapackages-filesystem -# 2022g required as of JDK-8297804 -Requires: tzdata-java >= 2022g +# 2025b required as of JDK-8352716 +Requires: tzdata-java >= 2025b # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1344,6 +1387,9 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} +# Equivalent for the portable build +%global pversion %{version} +%global prelease %{?eaprefix}%{portablerelease}%{?extraver} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1371,20 +1417,14 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv URL: http://openjdk.java.net/ # Shenandoah HotSpot -# aarch64-port/jdk8u-shenandoah contains an integration forest of -# OpenJDK 8u, the aarch64 port and Shenandoah +# openjdk/shenandoah-jdk8u contains an integration forest of +# OpenJDK 8u and the Shenandoah garbage collector # To regenerate, use: # VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} +# FILE_NAME_ROOT=${VERSION} # REPO_ROOT= generate_source_tarball.sh -# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} -Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz - -# Custom README for -src subpackage -Source2: README.md - -# Release notes -Source7: NEWS +# where the source is obtained from http://github.com/%%{project}/%%{repo} +Source0: %{shenandoah_revision}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (3.x). @@ -1399,7 +1439,7 @@ Source10: policytool.desktop.in Source11: nss.cfg.in # Removed libraries that we link instead -Source12: %{name}-remove-intree-libraries.sh +Source12: remove-intree-libraries.sh # Ensure we aren't using the limited crypto policy Source13: TestCryptoLevel.java @@ -1419,12 +1459,25 @@ Source17: nss.fips.cfg.in # Ensure translations are available for new timezones Source18: TestTranslations.java -Source20: repackReproduciblePolycies.sh - # New versions of config files with aarch64 support. This is not upstream yet. Source100: config.guess Source101: config.sub +# Include portable spec and instructions on how to rebuild +Source19: README.md +Source20: java-1.%{majorver}.0-openjdk-portable.specfile +Source21: NEWS + +# Repack export policy JARs with reproducible timestamps +Source22: repack_reproducible_policies.sh + +# Setup variables to reference correct sources +%global releasezip %{_jvmdir}/%{name}-portable-%{pversion}-%{prelease}.portable.unstripped.jdk.%{_arch}.tar.xz +%global docszip %{_jvmdir}/%{name}-portable-%{pversion}-%{prelease}.portable.docs.%{_arch}.tar.xz +%global misczip %{_jvmdir}/%{name}-portable-%{pversion}-%{prelease}.portable.misc.%{_arch}.tar.xz +%global slowdebugzip %{_jvmdir}/%{name}-portable-%{pversion}-%{prelease}.portable.slowdebug.jdk.%{_arch}.tar.xz +%global fastdebugzip %{_jvmdir}/%{name}-portable-%{pversion}-%{prelease}.portable.fastdebug.jdk.%{_arch}.tar.xz + ############################################ # # RPM/distribution specific patches @@ -1434,15 +1487,18 @@ Source101: config.sub # either in their current form or at all. ############################################ +# Accessibility patches +# Ignore AWTError when assistive technologies are loaded +Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Turn on AssumeMP by default on RHEL systems Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch -# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY -Patch1003: rh1582504-rsa_default_for_keytool.patch # RH1648249: Add PKCS11 provider to java.security Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1582504-rsa_default_for_keytool.patch # Crypto policy and FIPS support patches -# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips +# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips # as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch # Diff is limited to src and make subdirectories to exclude .github changes # Fixes currently included: @@ -1481,17 +1537,14 @@ Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_t # PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) # PR3575, RH1567204: System cacerts database handling should not affect jssecacerts # RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds -# Must be applied after FIPS patch as it also changes java.security -Patch539: pr2888-rh2055274-support_system_cacerts.patch -# enable build of speculative store bypass hardened alt-java +# Must be applied after the FIPS patch as it also changes java.security +# Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts +# as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch +Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch +# RH1684077, JDK-8009550: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo +Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) Patch600: rh1750419-redhat_alt_java.patch -# JDK-8218811: replace open by os::open in hotspot coding -# This fixes a GCC 10 build issue -Patch111: jdk8218811-perfMemory_linux.patch -# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build -Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch -# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked -Patch113: jdk8275535-rh2053256-ldap_auth.patch ############################################# # @@ -1536,16 +1589,25 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch # JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 Patch581: jdk8257794-remove_broken_assert.patch +# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files +Patch12: jdk8186464-rh1433262-zip64_failure.patch +# JDK-8328999, RH2251025 - Update GIFlib to 5.2.2 (PR#571) +Patch13: jdk8328999-update_giflib_5.2.2.patch +# JDK-8141590 - Cannot build Zero with devkit +Patch14: jdk8141590-bundle_libffi.patch +Patch15: jdk8141590-bundle_libffi-followup.patch ############################################# # -# Patches appearing in 8u362 +# Patches appearing in 8u472 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be # able to be removed once that release is out # and used by this RPM. ############################################# +Patch901: jdk8339414-fix_8202369_backport.patch + ############################################# # @@ -1607,16 +1669,34 @@ BuildRequires: nss-devel BuildRequires: crypto-policies BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel -BuildRequires: zip +BuildRequires: tar BuildRequires: unzip +BuildRequires: zip +# For definitions and macros like jvmdir +BuildRequires: javapackages-filesystem +%ifarch %{portable_build_arches} +%if %{include_normal_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{pversion}-%{prelease}.%{portablesuffix} +%endif +%if %{include_fastdebug_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{pversion}-%{prelease}.%{portablesuffix} +%endif +%if %{include_debug_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{pversion}-%{prelease}.%{portablesuffix} +%endif +BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{pversion}-%{prelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{pversion}-%{prelease}.%{portablesuffix} +%else # Require a boot JDK which doesn't fail due to RH1482244 BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 +%endif # Zero-assembler build requirement %ifarch %{zero_arches} +BuildRequires: libffi BuildRequires: libffi-devel %endif -# 2022g required as of JDK-8297804 -BuildRequires: tzdata-java >= 2022g +# 2025a required as of JDK-8347965 +BuildRequires: tzdata-java >= 2025a # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1629,18 +1709,23 @@ BuildRequires: giflib-devel BuildRequires: lcms2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel +BuildRequires: zlib-devel %else # Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h -Provides: bundled(giflib) = 5.2.1 +Provides: bundled(giflib) = 5.2.2 # Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h -Provides: bundled(lcms2) = 2.10.0 +Provides: bundled(lcms2) = 2.11.0 # Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h Provides: bundled(libjpeg) = 6b # Version in jdk/src/share/native/sun/awt/libpng/png.h -Provides: bundled(libpng) = 1.6.37 +Provides: bundled(libpng) = 1.6.39 +# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h +Provides: bundled(zlib) = 1.3.1 +%ifnarch %{portable_build_arches} # We link statically against libstdc++ to increase portability BuildRequires: libstdc++-static %endif +%endif # this is always built, also during debug-only build # when it is built in debug-only this package is just placeholder @@ -1873,6 +1958,9 @@ fi echo "Update version: %{updatever}" echo "Build number: %{buildver}" echo "Milestone: %{milestone}" +%ifnarch %{ix86} +export XZ_OPT="-T0" +%endif %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` @@ -1882,8 +1970,7 @@ if [ $prioritylength -ne 7 ] ; then fi # For old patches ln -s %{top_level_dir_name} jdk8 - -cp %{SOURCE2} . +ln -s %{top_level_dir_name} openjdk # replace outdated configure guess script # @@ -1894,6 +1981,20 @@ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ # OpenJDK patches +# This syntax is deprecated: +# %patchN [...] +# and should be replaced with: +# %patch -PN [...] +# For example: +# %patch1001 -p1 +# becomes: +# %patch -P1001 -p1 +# The replacement format suggested by recent (circa Fedora 38) RPM +# deprecation messages: +# %patch N [...] +# is not backward-compatible with prior (circa RHEL-8) versions of +# rpmbuild. + %if %{system_libs} # Remove libraries that are linked sh %{SOURCE12} @@ -1901,56 +2002,70 @@ sh %{SOURCE12} # System library fixes %if %{system_libs} -%patch201 -%patch202 -%patch203 -%patch204 +%patch -P201 +%patch -P202 +%patch -P203 +%patch -P204 %endif -%patch5 +%patch -P1 +%patch -P5 # s390 build fixes -%patch102 -%patch103 -%patch107 +%patch -P102 +%patch -P103 +%patch -P107 # AArch64 fixes # x86 fixes -%patch105 +pushd %{top_level_dir_name} +%patch -P105 -p1 +popd # Upstreamable fixes -%patch502 -%patch512 -%patch523 -%patch528 -%patch571 -%patch574 -%patch111 -%patch112 -%patch581 -%patch113 +%patch -P512 +%patch -P523 +%patch -P528 +%patch -P571 +%patch -P574 +%patch -P581 +%patch -P541 +%patch -P12 +pushd %{top_level_dir_name} +%patch -P502 -p1 +%patch -P13 -p1 +%patch -P14 -p1 +%patch -P15 -p1 +popd pushd %{top_level_dir_name} # Add crypto policy and FIPS support -%patch1001 -p1 +%patch -P1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security -%patch1000 -p1 +%patch -P1000 -p1 # cacerts patch; must follow FIPS patch as it also alters java.security -%patch539 -p1 +%patch -P539 -p1 +popd + +# Upstreamed fixes +pushd %{top_level_dir_name} +%patch -P901 -p1 popd # RPM-only fixes -%patch600 -%patch1003 +%patch -P600 +%patch -P1003 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 -%patch534 +%patch -P534 %endif # Shenandoah patches +%ifnarch %{portable_build_arches} + # Extract systemtap tapsets %if %{with_systemtap} tar --strip-components=1 -x -I xz -f %{SOURCE8} @@ -1961,7 +2076,6 @@ cp -r tapset tapset%{debug_suffix} cp -r tapset tapset%{fastdebug_suffix} %endif - for suffix in %{build_loop} ; do for file in "tapset"$suffix/*.in; do OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` @@ -1980,6 +2094,9 @@ done # systemtap tapsets ends %endif +# non-portable_build only section ends +%endif + # Prepare desktop files # The _X_ syntax indicates variables that are replaced by make upstream # The @X@ syntax indicates variables that are replaced by configure upstream @@ -2009,6 +2126,8 @@ sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %build +%ifnarch %{portable_build_arches} + # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -2056,7 +2175,7 @@ function buildjdk() { libc_link_opt="static"; else libc_link_opt="dynamic"; - fi + fi echo "Checking build JDK ${buildjdk} is operational..." ${buildjdk}/bin/java -version @@ -2104,13 +2223,13 @@ function buildjdk() { cat hotspot-spec.gmk make \ - JAVAC_FLAGS=-g \ - LOG=trace \ - SCTP_WERROR= \ - ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) + JAVAC_FLAGS=-g \ + LOG=trace \ + SCTP_WERROR= \ + ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) popd -} + } function installjdk() { local outputdir=${1} @@ -2122,12 +2241,12 @@ function installjdk() { echo "Installing images..." mv ${outputdir}/images ${installdir} if [ -d ${outputdir}/bundles ] ; then - echo "Installing bundles..."; - mv ${outputdir}/bundles ${installdir} ; + echo "Installing bundles..."; + mv ${outputdir}/bundles ${installdir} ; fi if [ -d ${outputdir}/docs ] ; then - echo "Installing docs..."; - mv ${outputdir}/docs ${installdir} ; + echo "Installing docs..."; + mv ${outputdir}/docs ${installdir} ; fi %if !%{with artifacts} @@ -2136,50 +2255,37 @@ function installjdk() { %endif if [ -d ${imagepath} ] ; then - # the build (erroneously) removes read permissions from some jars - # this is a regression in OpenJDK 7 (our compiler): - # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 - find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; - chmod ugo+r ${imagepath}/lib/ct.sym + # the build (erroneously) removes read permissions from some jars + # this is a regression in OpenJDK 7 (our compiler): + # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 + find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; + chmod ugo+r ${imagepath}/lib/ct.sym - # remove redundant *diz and *debuginfo files - find ${imagepath} -iname '*.diz' -exec rm -v {} \; - find ${imagepath} -iname '*.debuginfo' -exec rm -v {} \; + # remove redundant *diz and *debuginfo files + find ${imagepath} -iname '*.diz' -exec rm -v {} \; + find ${imagepath} -iname '*.debuginfo' -exec rm -v {} \; - # Build screws up permissions on binaries - # https://bugs.openjdk.java.net/browse/JDK-8173610 - find ${imagepath} -iname '*.so' -exec chmod +x {} \; - find ${imagepath}/bin/ -exec chmod +x {} \; + # Build screws up permissions on binaries + # https://bugs.openjdk.java.net/browse/JDK-8173610 + find ${imagepath} -iname '*.so' -exec chmod +x {} \; + find ${imagepath}/bin/ -exec chmod +x {} \; - # Install nss.cfg right away as we will be using the JRE above - install -m 644 nss.cfg ${imagepath}/jre/lib/security/ + # Install nss.cfg right away as we will be using the JRE above + install -m 644 nss.cfg ${imagepath}/jre/lib/security/ - # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) - install -m 644 nss.fips.cfg ${imagepath}/jre/lib/security/ + # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) + install -m 644 nss.fips.cfg ${imagepath}/jre/lib/security/ - # Turn on system security properties - sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ - ${imagepath}/jre/lib/security/java.security + # add alt-java man page + pushd ${imagepath} + echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 + cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 + popd - # Use system-wide tzdata - mv ${imagepath}/jre/lib/tzdb.dat{,.upstream} - ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/jre/lib/tzdb.dat + # Print release information + cat ${imagepath}/release - # Rename OpenJDK cacerts database - mv ${imagepath}/jre/lib/security/cacerts{,.upstream} - # Install cacerts symlink needed by some apps which hard-code the path - ln -sv %{cacerts_file} ${imagepath}/jre/lib/security - - # add alt-java man page - pushd ${imagepath} - echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 - cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 - popd - - # Print release information - cat ${imagepath}/release - - fi + fi } %if %{build_hotspot_first} @@ -2192,41 +2298,137 @@ function installjdk() { systemjdk=%{bootjdk} %endif +%endif # portable_builds + +function customisejdk() { + local imagepath=${1} + + if [ -d ${imagepath} ] ; then + # Turn on system security properties + sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ + ${imagepath}/jre/lib/security/java.security + + # Use system-wide tzdata + mv ${imagepath}/jre/lib/tzdb.dat{,.upstream} + ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/jre/lib/tzdb.dat + + # Rename OpenJDK cacerts database + mv ${imagepath}/jre/lib/security/cacerts{,.upstream} + # Install cacerts symlink needed by some apps which hard-code the path + ln -sv %{cacerts_file} ${imagepath}/jre/lib/security + fi +} + +%ifarch %{portable_build_arches} + +mkdir -p $(dirname %{installoutputdir}) + +docdir=%{installoutputdir -- "-docs"} +tar -xJf %{docszip} +mv %{name}*.docs.* ${docdir} + +miscdir=%{installoutputdir -- "-misc"} +tar -xJf %{misczip} +mv %{name}*.misc.* ${miscdir} + +%endif + for suffix in %{build_loop} ; do -if [ "x$suffix" = "x" ] ; then - debugbuild=release -else - # change --something to something - debugbuild=`echo $suffix | sed "s/-//g"` -fi -builddir=%{buildoutputdir -- $suffix} -bootbuilddir=boot${builddir} -installdir=%{installoutputdir -- $suffix} -bootinstalldir=boot${installdir} -link_opt="%{link_type}" +%ifarch %{portable_build_arches} -# Debug builds don't need same targets as release for -# build speed-up. We also avoid bootstrapping these -# slower builds. -if echo $debugbuild | grep -q "debug" ; then - maketargets="%{debug_targets}" - run_bootstrap=false -else - maketargets="%{release_targets}" - run_bootstrap=%{bootstrap_build} -fi + if [ "x$suffix" = "x" ] ; then + jdkzip=%{releasezip} + elif [ "x$suffix" = "x%{fastdebug_suffix_unquoted}" ] ; then + jdkzip=%{fastdebugzip} + else # slowdebug + jdkzip=%{slowdebugzip} + debugbuild=release + fi -if ${run_bootstrap} ; then - buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} - installjdk ${bootbuilddir} ${bootinstalldir} - buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} - installjdk ${builddir} ${installdir} - %{!?with_artifacts:rm -rf ${bootinstalldir}} -else - buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} - installjdk ${builddir} ${installdir} -fi + installdir=%{installoutputdir -- ${suffix}} + imagedir=${installdir} + + # TODO: should verify checksums when using packages from buildroot + tar -xJf ${jdkzip} + mv %{name}* ${installdir} +%ifarch %{zero_arches} + # We do not need the local copy of libffi.so if we are building on the same platform as the portable +%if 0%{?rhel} == %{portablerhel} + rm -vf ${installdir}/{,jre/}lib/%{archinstall}/libffi.* +%endif +%endif + # Fix build paths in ELF files so it looks like we built them + portablenvr="%{name}-portable-%{pversion}-%{prelease}.%{portablesuffix}.%{_arch}" + for file in $(find ${installdir} -type f) ; do + if ! echo ${file} | grep -q 'libffi' ; then + if file ${file} | grep -q 'ELF'; then + %{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file} + fi + fi + done + + # Set tapset variables to match this build +%if %{with_systemtap} + for file in ${miscdir}/tapset${suffix}/*.in; do + OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` + sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > ${OUTPUT_FILE} +# TODO find out which architectures other than i686 have a client vm +%ifarch %{ix86} + sed -i -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" ${OUTPUT_FILE} +%else + sed -i -e "/@ABS_CLIENT_LIBJVM_SO@/d" ${OUTPUT_FILE} +%endif + sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE + sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE + done +%endif + +%else + + if [ "x$suffix" = "x" ] ; then + debugbuild=release + else + # change --something to something + debugbuild=`echo $suffix | sed "s/-//g"` + fi + + builddir=%{buildoutputdir -- $suffix} + bootbuilddir=boot${builddir} + installdir=%{installoutputdir -- $suffix} + bootinstalldir=boot${installdir} + imagedir=${installdir}/images/%{jdkimage} + link_opt="%{link_type}" + + # Debug builds don't need same targets as release for + # build speed-up. We also avoid bootstrapping these + # slower builds. + if echo $debugbuild | grep -q "debug" ; then + maketargets="%{debug_targets}" + run_bootstrap=false + else + maketargets="%{release_targets}" + run_bootstrap=%{bootstrap_build} + fi + + if ${run_bootstrap} ; then + buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} + installjdk ${bootbuilddir} ${bootinstalldir} + buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} + installjdk ${builddir} ${installdir} + %{!?with_artifacts:rm -rf ${bootinstalldir}} + else + buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} + installjdk ${builddir} ${installdir} + fi + +%endif # portable_builds + + # Final setup on the main image + customisejdk ${imagedir} + + # Print release information + cat ${imagedir}/release # build cycles done @@ -2236,24 +2438,63 @@ done # We test debug first as it will give better diagnostics on a crash for suffix in %{build_loop} ; do +%ifarch %{portable_build_arches} +export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix} +%else export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} +%endif -# Check unlimited policy has been used -$JAVA_HOME/bin/javac -d . %{SOURCE13} -$JAVA_HOME/bin/java TestCryptoLevel +# Basic version check +$JAVA_HOME/jre/bin/java -version +$JAVA_HOME/bin/java -version -# Check ECC is working -$JAVA_HOME/bin/javac -d . %{SOURCE14} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") +# Only test on one architecture (the fastest) for Java only tests +%ifarch %{jdk_test_arch} -# Check system crypto (policy) is active and can be disabled -# Test takes a single argument - true or false - to state whether system -# security properties are enabled or not. -$JAVA_HOME/bin/javac -d . %{SOURCE15} -export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") -export SEC_DEBUG="-Djava.security.debug=properties" -$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true -$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false + # Check unlimited policy has been used + $JAVA_HOME/bin/javac -d . %{SOURCE13} + $JAVA_HOME/bin/java TestCryptoLevel + + # Check ECC is working + $JAVA_HOME/bin/javac -d . %{SOURCE14} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + + # Check system crypto (policy) is active and can be disabled + # Test takes a single argument - true or false - to state whether system + # security properties are enabled or not. + $JAVA_HOME/bin/javac -d . %{SOURCE15} + export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") + export SEC_DEBUG="-Djava.security.debug=properties" + $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true + $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false + + # Check correct vendor values have been set + $JAVA_HOME/bin/javac -d . %{SOURCE16} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} + + # Check translations are available for new timezones + $JAVA_HOME/bin/javac -d . %{SOURCE18} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE + + # Check src.zip has all sources. See RHBZ#1130490 + unzip -l $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe' + + # Check class files include useful debugging information + $JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from" + $JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable + $JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable + + # Check generated class files include useful debugging information + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from" + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable + +%else + + # Just run a basic java -version test on other architectures + $JAVA_HOME/bin/java -version + +%endif # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi @@ -2265,14 +2506,6 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi %endif -# Check correct vendor values have been set -$JAVA_HOME/bin/javac -d . %{SOURCE16} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} - -# Check translations are available for new timezones -$JAVA_HOME/bin/javac -d . %{SOURCE18} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE - # Check debug symbols are present and can identify code find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib do @@ -2319,7 +2552,7 @@ done # Make sure gdb can do a backtrace based on line numbers on libjvm.so # javaCalls.cpp:58 should map to: -# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 # Using line number 1 might cause build problems. See: # https://bugzilla.redhat.com/show_bug.cgi?id=1539664 # https://bugzilla.redhat.com/show_bug.cgi?id=1538767 @@ -2339,19 +2572,6 @@ EOF grep 'JavaCallWrapper::JavaCallWrapper' gdb.out %endif -# Check src.zip has all sources. See RHBZ#1130490 -jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe' - -# Check class files include useful debugging information -$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from" -$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable -$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable - -# Check generated class files include useful debugging information -$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from" -$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable -$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable - # build cycles check done @@ -2360,24 +2580,42 @@ STRIP_KEEP_SYMTAB=libjvm* for suffix in %{build_loop} ; do -# Install the jdk -pushd %{installoutputdir -- $suffix}/images/%{jdkimage} + # Should match same definitions in build section +%ifarch %{portable_build_arches} + jdk_image=%{installoutputdir -- $suffix} + docdir=$(pwd)/%{installoutputdir -- "-docs"} + miscdir=$(pwd)/%{installoutputdir -- "-misc"} +%else + jdk_image=%{installoutputdir -- $suffix}/images/%{jdkimage} + docdir=%{installoutputdir -- $suffix} + miscdir=%{top_level_dir_name}/jdk/src/solaris/classes/sun/awt/X11 +%endif -# Install jsa directories so we can owe them -mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/ -mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/client/ + # Install release notes and rebuild instructions + commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} + install -d -m 755 ${commondocdir} +%ifarch %{portable_build_arches} + mv ${jdk_image}/NEWS ${commondocdir} +%else + cp -a %{SOURCE21} ${commondocdir} +%endif + cp -a %{SOURCE19} %{SOURCE20} ${commondocdir} - # Install main files. - install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} - cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} - install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix} - cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix} + # Install the jdk + + # Install jsa directories so we can own them + mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/ + mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/client/ %if %{with_systemtap} # Install systemtap support files install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset +%ifarch %{portable_build_arches} + cp -a ${miscdir}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/ +%else # note, that uniquesuffix is in BUILD dir in this case cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/ +%endif pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/ tapsetFiles=`ls *.stp` popd @@ -2393,6 +2631,14 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien ln -sf %{jredir -- $suffix} %{jrelnk -- $suffix} popd + pushd ${jdk_image} + + # Install main files. + install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} + cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} + install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix} + cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix} + # Remove javaws man page rm -f man/man1/javaws* @@ -2410,31 +2656,30 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien # Install demos and samples. cp -a demo $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} mkdir -p sample/rmi - if [ ! -e sample/rmi/java-rmi.cgi ] ; then + if [ ! -e sample/rmi/java-rmi.cgi ] ; then # hack to allow --short-circuit on install mv bin/java-rmi.cgi sample/rmi fi cp -a sample $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} -popd + popd if ! echo $suffix | grep -q "debug" ; then # Install Javadoc documentation install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} - cp -a %{installoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} - built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/` + cp -a ${docdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} + built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip +%ifarch %{portable_build_arches} + cp -a ${docdir}/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip +%else cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip +%endif fi -# Install release notes -commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} -install -d -m 755 ${commondocdir} -cp -a %{SOURCE7} ${commondocdir} - # Install icons and menu entries for s in 16 24 32 48 ; do install -D -p -m 644 \ - %{top_level_dir_name}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png \ + ${miscdir}/java-icon${s}.png \ $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png done @@ -2475,7 +2720,7 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ | sed 's|^|%dir |' \ >> %{name}-demo.files"$suffix" -bash %{SOURCE20} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver} +bash %{SOURCE22} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver} # https://bugzilla.redhat.com/show_bug.cgi?id=1183793 touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/security/java.security @@ -2488,11 +2733,11 @@ for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy. done # stabilize permissions -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "ASSEMBLY_EXCEPTION" -exec chmod 644 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "LICENSE" -exec chmod 644 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "THIRD_PARTY_README" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "ASSEMBLY_EXCEPTION" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "LICENSE" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "THIRD_PARTY_README" -exec chmod 644 {} \; ; # end, dual install done @@ -2512,7 +2757,7 @@ local posix = require "posix" if (os.getenv("debug") == "true") then debug = true; print("cjc: in spec debug is on") -else +else debug = false; end @@ -2717,6 +2962,330 @@ cjc.mainProgram(args) %endif %changelog +* Thu Jul 10 2025 Andrew Hughes - 1:1.8.0.462.b08-4 +- Bump rpmrelease for CentOS build +- Remove obsolete hack to hardcode newer portable version on RHEL +- Related: RHEL-101648 +- Related: RHEL-102312 +- Related: RHEL-97496 + +* Thu Jul 10 2025 Andrew Hughes - 1:1.8.0.462.b08-3 +- Update to 8u462-b08 (GA) +- Update release notes for 8u462-b08. +- Require tzdata 2025b due to upstream inclusion of JDK-8352716 +- Add early backport of JDK-8339414 +- Sync the copy of the portable specfile with the latest update +- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. ** +- Resolves: RHEL-101648 +- Resolves: RHEL-102312 +- Resolves: RHEL-97496 + +* Sat Jun 14 2025 Andrew Hughes - 1:1.8.0.452.b09-3 +- Bump release number to appease 9.6-z erratum +- Related: RHEL-86967 +- Related: RHEL-86620 + +* Fri Apr 11 2025 Andrew Hughes - 1:1.8.0.452.b09-2 +- Update to 8u452-b09 (GA) +- Update release notes for 8u452-b09. +- Remove long option documentation from JDK-8335912/JDK-8337499 as not present in 8u +- Require tzdata 2025a due to upstream inclusion of JDK-8347965 +- Sync the copy of the portable specfile with the latest update +- ** This tarball is embargoed until 2025-04-15 @ 1pm PT. ** +- Resolves: RHEL-86967 +- Resolves: RHEL-86620 + +* Fri Jan 17 2025 Andrew Hughes - 1:1.8.0.442.b06-3 +- Bump rpmrelease for CentOS build +- Related: RHEL-73554 +- Related: RHEL-74302 +- Related: RHEL-73990 + +* Fri Jan 17 2025 Andrew Hughes - 1:1.8.0.442.b06-2 +- Update to 8u442-b06 (GA) +- Update release notes for 8u442-b06. +- Switch to GA mode for final release +- Revise JDK-8141590 backport to install libffi.so* in lib as well as jre/lib +- Sync the copy of the portable specfile with the latest update +- Remove libffi.so copying workaround now the portable build installs it in lib +- Add bundled libffi.so to _privatelibs +- Remove libffi.so copy if we are building on the same platform as the portable +- Resolves: RHEL-73554 +- Related: RHEL-74302 + +* Thu Jan 16 2025 Andrew Hughes - 1:1.8.0.442.b05-0.3.ea +- Add zero_arches to the portable_build_arches now that the portable build bundles libffi +- Temporarily workaround libffi.so not being in lib/%%{archinstall} by copying it +- Exclude libffi.so from the debugedit run +- Add a simple -version check on both the JDK and JRE bin/java +- Add libffi.so to the filelist, including expanding the lib/%%{archinstall} contents as with jre/lib +- Sync the copy of the portable specfile and new patches with the latest update +- Resolves: RHEL-74302 + +* Mon Jan 06 2025 Andrew Hughes - 1:1.8.0.442.b05-0.2.ea +- Update to 8u442-b05 (EA). +- Update release notes for 8u442-b05. +- Switch to EA mode for pre-release. +- Sync the copy of the portable specfile with the latest update +- Resolves: RHEL-73990 + +* Sat Oct 19 2024 Andrew Hughes - 1:1.8.0.432.b06-4 +- Bump rpmrelease for CentOS build +- Related: RHEL-58786 + +* Sat Oct 19 2024 Andrew Hughes - 1:1.8.0.432.b06-3 +- Rebuild RPM for 9.5 0day release +- Related: RHEL-58786 +- Related: RHEL-17187 + +* Fri Oct 11 2024 Andrew Hughes - 1:1.8.0.432.b06-2 +- Update to shenandoah-jdk8u432-b06 (GA) +- Update release notes for shenandoah-8u432-b06. +- Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version +- Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration +- Bump version of bundled zlib to 1.3.1 following JDK-8324632 +- Include backport of JDK-8328999 to update giflib to 5.2.2 +- Bump version of bundled giflib to 5.2.2 following JDK-8328999 +- Add build scripts to repository to ease remembering all CentOS & RHEL targets and options +- Sync the copy of the portable specfile with the latest update +- Resolves: RHEL-58786 +- Resolves: RHEL-17187 +- ** This tarball is embargoed until 2024-10-15 @ 1pm PT. ** + +* Wed Jul 10 2024 Andrew Hughes - 1:1.8.0.422.b05-3 +- Bump rpmrelease for CentOS build and update RHEL version hack following July 2025 update +- Related: RHEL-47013 + +* Wed Jul 10 2024 Andrew Hughes - 1:1.8.0.422.b05-2 +- Update to shenandoah-jdk8u422-b05 (GA) +- Update release notes for shenandoah-8u422-b05. +- Rebase PR2462 patch following patched hunk being removed by JDK-8322106 +- Switch to GA mode. +- Sync the copy of the portable specfile with the latest update +- Actually require tzdata 2024a now it is available in the buildroot +- Add missing build dependencies on zlib-devel and tar +- Update LCMS version to match JDK-8245400 +- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** +- Resolves: RHEL-46858 +- Resolves: RHEL-47013 + +* Tue Jul 09 2024 Andrew Hughes - 1:1.8.0.422.b01-0.2.ea +- Update to shenandoah-jdk8u422-b01 (EA) +- Update release notes for shenandoah-8u422-b01. +- Switch to EA mode. +- Sync the copy of the portable specfile with the latest update +- Update NEWS file and rename remove-intree-libraries.sh so portable can be rebuilt +- Document policy repacking script and rename to correct spelling and style +- Limit Java only tests to one architecture using jdk_test_arch +- Temporarily include Zero-based architectures in jdk_test_arch until they are portable +- Related: RHEL-46858 +- Resolves: RHEL-47057 +- Resolves: RHEL-47082 + +* Mon Apr 08 2024 Andrew Hughes - 1:1.8.0.412.b08-3 +- Bump rpmrelease for CentOS build +- Related: RHEL-32412 + +* Mon Apr 08 2024 Andrew Hughes - 1:1.8.0.412.b08-2 +- Update to shenandoah-jdk8u412-b08 (GA) +- Update release notes for shenandoah-jdk8u412-b08. +- Switch to GA mode. +- Sync the copy of the portable specfile with the latest update +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** +- Resolves: RHEL-32412 + +* Fri Apr 05 2024 Andrew Hughes - 1:1.8.0.412.b07-0.2.ea +- Update to shenandoah-jdk8u412-b07 (EA) +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 +- Only require tzdata 2023d for now as 2024a is unavailable in buildroot +- Sync the copy of the portable specfile with the latest update +- Resolves: RHEL-30937 + +* Fri Mar 22 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Turn off xz multi-threading on i686 as it fails with an out of memory error +- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources +- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity +- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork +- generate_source_tarball.sh: Adapt version logic to work with 8u +- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086) +- generate_source_tarball.sh: Update examples in header for clarity +- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP +- generate_source_tarball.sh: Only add --depth=1 on non-local repositories +- Move maintenance scripts to a scripts subdirectory +- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository +- discover_trees.sh: Set compile-command and indentation instructions for Emacs +- discover_trees.sh: shellcheck: Do not use -o (SC2166) +- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- discover_trees.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: Add authorship +- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs +- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) +- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: Set compile-command and indentation instructions for Emacs +- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) +- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) +- Remove obsolete file generate_singlerepo_source_tarball.sh +- Remove obsolete file get_sources.sh +- Remove obsolete file update_main_sources.sh +- generate_source_tarball.sh: Handle an existing checkout +- generate_source_tarball.sh: Sync indentation with java-21-openjdk version +- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS +- Sync patch set with portable build +- Related: RHEL-30937 + +* Fri Mar 22 2024 Thomas Fitzsimmons - 1:1.8.0.412.b01-0.2.ea +- Invoke xz in multi-threaded mode +- generate_source_tarball.sh: Add WITH_TEMP environment variable +- generate_source_tarball.sh: Multithread xz on all available cores +- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable +- generate_source_tarball.sh: Update comment about tarball naming +- generate_source_tarball.sh: Reformat comment header +- generate_source_tarball.sh: Reformat and update help output +- generate_source_tarball.sh: Do a shallow clone, for speed +- generate_source_tarball.sh: Eliminate some removal prompting +- generate_source_tarball.sh: Make tarball reproducible +- generate_source_tarball.sh: Prefix temporary directory with temp- +- generate_source_tarball.sh: Remove temporary directory exit conditions +- generate_source_tarball.sh: Set compile-command in Emacs +- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT +- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks +- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) +- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) +- Use backward-compatible patch syntax +- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST +- generate_source_tarball.sh: Remove trailing period in echo +- generate_source_tarball.sh: Use long-style argument to grep +- generate_source_tarball.sh: Add license +- generate_source_tarball.sh: Add indentation instructions for Emacs +- Related: RHEL-30937 + +* Thu Mar 21 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Update to shenandoah-jdk8u412-b01 (EA) +- Switch to EA mode. +- Related: RHEL-30937 + +* Thu Jan 11 2024 Andrew Hughes - 1:1.8.0.402.b06-2 +- Update to shenandoah-jdk8u402-b06 (GA) +- Update release notes for shenandoah-8u402-b06. +- Sync NEWS with vanilla branch version. +- Sync the copy of the portable specfile with the latest update +- Drop local copy of JDK-8312489 which is now included upstream +- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. ** +- Resolves: RHEL-17916 +- Resolves: RHEL-20989 + +* Mon Oct 16 2023 Andrew Hughes - 1:1.8.0.392.b08-4 +- Vary portablesuffix depending on whether we are on RHEL ('el8') or CentOS ('el9') +- Temporarily use a different portable version and release on RHEL while out of sync with CentOS +- Add zero_arches to the portable_build_arches on CentOS where there is no libffi issue +- Related: RHEL-12210 + +* Mon Oct 16 2023 Andrew Hughes - 1:1.8.0.392.b08-3 +- Revert jcmd move as jcmd will not operate without tools.jar +- Related: RHEL-13585 + +* Tue Oct 10 2023 Andrew Hughes - 1:1.8.0.392.b08-2 +- Update to shenandoah-jdk8u392-b08 (GA) +- Update release notes for shenandoah-8u392-b08. +- Sync the copy of the portable specfile with the latest update +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Regenerate PR2462 patch following JDK-8315135 +- Bump version of bundled libpng to 1.6.39 +- Add backport of JDK-8312489 heading upstream for 8u402 (see OPENJDK-2095) +- Add missing JFR, alt-java, jre-* and java-* alternative ghosts +- Move jcmd to the headless package +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** +- Resolves: RHEL-12210 +- Resolves: RHEL-13579 +- Resolves: RHEL-13580 +- Resolves: RHEL-13581 +- Resolves: RHEL-11315 +- Resolves: RHEL-13585 +- Resolves: RHEL-2381 + +* Fri Sep 29 2023 Andrew Hughes - 1:1.8.0.392.b01-1 +- Update to shenandoah-jdk8u392-b01 (GA) +- Update release notes for shenandoah-8u392-b01. +- Sync the copy of the portable specfile with the latest update +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Related: RHEL-12209 + +* Wed Jul 19 2023 Andrew Hughes - 1:1.8.0.382.b05-2 +- Update to shenandoah-jdk8u382-b05 (GA) +- Update release notes for shenandoah-8u382-b05. +- Sync the copy of the portable specfile with the latest update +- Add note at top of spec file about rebuilding +- Use tapsets from the misc tarball on portable builds +- Make sure root installation directory is created first +- Use in-place substitution for all but the first of the tapset changes +- The 'prelease' variable should refer to 'portablerelease', not 'rpmrelease' +- Bump release number so we are newer than 9.0 +- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** +- Resolves: rhbz#2221106 + +* Fri Jul 07 2023 Andrew Hughes - 1:1.8.0.382.b04-0.1.ea +- Update to shenandoah-jdk8u382-b04 (EA) +- Update release notes for shenandoah-8u382-b04. +- Sync the copy of the portable specfile with the latest update +- Resolves: rhbz#2217711 + +* Wed Jul 05 2023 Andrew Hughes - 1:1.8.0.382.b01-0.1.ea +- Introduce 'prelease' for the portable release versioning, to handle EA builds +- Sync the copy of the portable specfile with the latest update +- Related: rhbz#2217711 + +* Wed Jun 28 2023 Andrew Hughes - 1:1.8.0.382.b01-0.1.ea +- Update to shenandoah-jdk8u382-b01 (EA) +- Update release notes for shenandoah-8u382-b01. +- Switch to EA mode. +- Remove JDK-8271199 patch which is now upstream. +- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update) +- Related: rhbz#2217711 + +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-2 +- Update to shenandoah-jdk8u372-b07 (GA) +- Update release notes for shenandoah-8u372-b07. +- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 +- Update generate_tarball.sh to add support for passing a boot JDK to the configure run +- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace +- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs +- Drop JDK-8275535/RH2053256 patch which is now upstream +- Include JDK-8271199 backport early ahead of 8u382 (RH2175317) +- Drop hack for difference in local and portable build version +- Replace local copies of JDK portable binaries with build dependencies +- Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild. +- Remove duplicate use of README.md inside the *-src package (it is no longer about sources) +- Use portable build on x86_32 now one is available +- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** +- Resolves: rhbz#2185182 +- Resolves: rhbz#2189329 + +* Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 +- Drop use of portable build on s390x due to libffi compatibility issue (needs libffi.so.6) +- Related: rhbz#2150202 + +* Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 +- Add explicit libffi dependency for s390x build +- Related: rhbz#2150202 + +* Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 +- On portable architectures, replace build section with extraction of existing builds from portables +- Rewrite ELF files so the source file path is correct and debugsources can be assembled +- Resolves: rhbz#2150202 + +* Tue Jan 24 2023 Andrew Hughes - 1:1.8.0.362.b09-3 +- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue +- Update to shenandoah-jdk8u352-b09 (GA) +- Update release notes for shenandoah-8u352-b09. +- Resolves: rhbz#2162714 + * Fri Jan 13 2023 Andrew Hughes - 1:1.8.0.362.b08-3 - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. @@ -3117,7 +3686,7 @@ cjc.mainProgram(args) - introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures * Fri Nov 27 2020 Jiri Vanek - 1:1.8.0.275.b01-2 -- added patch600, rh1750419-redhat_alt_java.patch +- added patch600, rh1750419-redhat_alt_java.patch - Replaced alt-java palceholder by real pathced alt-java - remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch - remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch @@ -4108,7 +4677,7 @@ cjc.mainProgram(args) * Thu Nov 03 2016 jvanek - 1:1.8.0.111-2.b16 - added dont-add-unnecessary-debug-links.patch @@ -4179,7 +4748,7 @@ renamed: jdk8-archivedJavadoc.patch -> jdk8154313-generated_javadoc_scattered_al - added patch519, jdwpCrash.abrt.patch to fix trasnportation error * Fri May 13 2016 jvanek - 1:1.8.0.91-6.b14 -- Enable weak reference discovery in ShenandoahMarkCompact. Otherwise we never process any weak references in full-gc. +- Enable weak reference discovery in ShenandoahMarkCompact. Otherwise we never process any weak references in full-gc. * Tue May 03 2016 jvanek - 1:1.8.0.91-5.b14 - Restricted to depend on exactly same version of nss as used for build