diff --git a/.gitignore b/.gitignore index 1ed05dc..00e22cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz +SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index ccea57f..53c78a9 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -5da51f425a78dbdcb00909544cac3385db461e54 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz +2ca27b0d535c9dcf71679cad14be5660d0554f82 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 305d2cf..84da7f8 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,152 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u392 (2023-10-17): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u392 + +* CVEs + - CVE-2023-22067 + - CVE-2023-22081 +* Security fixes + - JDK-8286503, JDK-8312367: Enhance security classes + - JDK-8297856: Improve handling of Bidi characters + - JDK-8303384: Improved communication in CORBA + - JDK-8305815, JDK-8307278: Update Libpng to 1.6.39 + - JDK-8309966: Enhanced TLS connections +* Other changes + - JDK-6722928: Provide a default native GSS-API library on Windows + - JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java + - JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal + - JDK-8139348: Deprecate 3DES and RC4 in Kerberos + - JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field" + - JDK-8200468: Port the native GSS-API bridge to Windows + - JDK-8202952: C2: Unexpected dead nodes after matching + - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + - JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update + - JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to + - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException + - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors + - JDK-8232225: Rework the fix for JDK-8071483 + - JDK-8242330: Arrays should be cloned in several JAAS Callback classes + - JDK-8253269: The CheckCommonColors test should provide more info on failure + - JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) + - JDK-8284910: Buffer clean in PasswordCallback + - JDK-8287073: NPE from CgroupV2Subsystem.getInstance() + - JDK-8287663: Add a regression test for JDK-8287073 + - JDK-8295685: Update Libpng to 1.6.38 + - JDK-8295894: Remove SECOM certificate that is expiring in September 2023 + - JDK-8308788: [8u] Remove duplicate HaricaCA.java test + - JDK-8309122: Bump update version of OpenJDK: 8u392 + - JDK-8309143: [8u] fix archiving inconsistencies in GHA + - JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms + - JDK-8314960: Add Certigna Root CA - 2 + - JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() + - JDK-8317040: Exclude cleaner test failing on older releases + +Notes on individual issues: +=========================== + +other-libs/corba:idl: + +8303384: Improved communication in CORBA +======================================== +The JDK's CORBA implementation now provides the option to limit +serialisation in stub objects to those with the "IOR:" prefix. For +ORB constrained stub classes: + +* _DynArrayStub +* _DynEnumStub +* _DynFixedStub +* _DynSequenceStub +* _DynStructStub +* _DynUnionStub +* _DynValueStub +* _DynAnyStub +* _DynAnyFactoryStub + +this is enabled by default and may be disabled by setting the system +property org.omg.DynamicAny.disableIORCheck to 'true'. + +For remote service stub classes: + +* _NamingContextStub +* _BindingIteratorStub +* _NamingContextExtStub +* _ServantActivatorStub +* _ServantLocatorStub +* _ServerManagerStub +* _ActivatorStub +* _RepositoryStub +* _InitialNameServiceStub +* _LocatorStub +* _ServerStub + +it is disabled by default and may be enabled by setting the system +property org.omg.CORBA.IDL.Stubs.enableIORCheck to 'true'. + +security-libs/org.ietf.jgss: + +JDK-6722928: Added a Default Native GSS-API Library on Windows +============================================================== + +A native GSS-API library named `sspi_bridge.dll` has been added to the +JDK on the Windows platform. As with native GSS-API library provision +on other operating systems, it will only be loaded when the +`sun.security.jgss.native` system property is set to "true". A user +can still load a third-party native GSS-API library instead by setting +the `sun.security.jgss.lib` system property to the appropriate path. + +The library is client-side only and uses the default credentials. +Native GSS support automatically uses cached credentials from the +underlying operating system, so the +`javax.security.auth.useSubjectCredsOnly` system property should be +set to false. + +The `com.sun.security.auth.module.Krb5LoginModule` does not call +native JGSS and so its use in your JAAS config should be avoided. + +security-libs/org.ietf.jgss:krb5: + +JDK-8139348: Deprecate 3DES and RC4 in Kerberos +=============================================== +The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) +are now deprecated and disabled by default. To re-enable them, you +can either enable all weak crypto (which also includes `des-cbc-crc` +and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the +`krb5.conf` configuration file or explicitly list all the preferred +encryption types using the `default_tkt_enctypes`, +`default_tgs_enctypes`, or `permitted_enctypes` settings. + +security-libs/java.security: + +JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate +================================================================== +The following root certificate from SECOM Trust System has been +removed from the `cacerts` keystore: + +Alias Name: secomscrootca1 [jdk] +Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP + +JDK-8314960: Added Certigna Root CA Certificate +=============================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR + +security-libs/javax.security: + +JDK-8242330: Arrays should be cloned in several JAAS Callback classes +===================================================================== +In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays +were not cloned when passed into a constructor or returned. This +allowed an external program to get access to the internal fields of +these classes. The classes have been updated to return cloned arrays. + New in release OpenJDK 8u382 (2023-07-18): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/java-1.8.0-openjdk-portable.specfile b/SOURCES/java-1.8.0-openjdk-portable.specfile index caf4cd3..eaa8267 100644 --- a/SOURCES/java-1.8.0-openjdk-portable.specfile +++ b/SOURCES/java-1.8.0-openjdk-portable.specfile @@ -264,11 +264,22 @@ # New Version-String scheme-style defines %global majorver 8 +# Define version of OpenJDK 8 used +%global project openjdk +%global repo shenandoah-jdk8u +%global openjdk_revision jdk8u392-b08 +%global shenandoah_revision shenandoah-%{openjdk_revision} +# Define IcedTea version used for SystemTap tapsets and desktop file +%global icedteaver 3.15.0 +# Define current Git revision for the FIPS support patches +%global fipsver 6d1aade0648 +# Define current Git revision for the cacerts patch +%global cacertsver 8139f2361c2 # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{shenandoah_revision} # Settings for local security configuration %global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} @@ -287,38 +298,22 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif %endif %endif -# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. -%global shenandoah_project openjdk -%global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u382-b05 -%global shenandoah_revision shenandoah-%{openjdk_revision} -# Define old aarch64/jdk8u tree variables for compatibility -%global project %{shenandoah_project} -%global repo %{shenandoah_repo} -%global revision %{shenandoah_revision} -# Define IcedTea version used for SystemTap tapsets and desktop file -%global icedteaver 3.15.0 -# Define current Git revision for the FIPS support patches -%global fipsver 6d1aade0648 -# Define current Git revision for the cacerts patch -%global cacertsver 8139f2361c2 - # e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 -%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) +%global version_tag %(VERSION=%{shenandoah_revision}; echo ${VERSION%%-shenandoah-merge*}) # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) %global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 2 +%global rpmrelease 1 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -436,10 +431,10 @@ URL: http://openjdk.java.net/ # OpenJDK 8u, the aarch64 port and Shenandoah # To regenerate, use: # VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} +# FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION} # REPO_ROOT= generate_source_tarball.sh -# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} -Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz +# where the source is obtained from http://github.com/%%{project}/%%{repo} +Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz # Custom README for -src subpackage Source2: README.md @@ -602,6 +597,8 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch Patch581: jdk8257794-remove_broken_assert.patch # JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files Patch12: jdk8186464-rh1433262-zip64_failure.patch +# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar +Patch2000: jdk8312489-max_sig_default_increase.patch ############################################# # @@ -709,7 +706,7 @@ Provides: bundled(lcms2) = 2.10.0 # Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h Provides: bundled(libjpeg) = 6b # Version in jdk/src/share/native/sun/awt/libpng/png.h -Provides: bundled(libpng) = 1.6.37 +Provides: bundled(libpng) = 1.6.39 # We link statically against libstdc++ to increase portability BuildRequires: libstdc++-static %endif @@ -813,6 +810,7 @@ if [ $prioritylength -ne 7 ] ; then fi # For old patches ln -s %{top_level_dir_name} jdk8 +ln -s %{top_level_dir_name} openjdk cp %{SOURCE2} . @@ -871,6 +869,8 @@ pushd %{top_level_dir_name} %patch1000 -p1 # system cacerts support %patch539 -p1 +# JDK-8312489 backport, proposed for 8u402: https://github.com/openjdk/jdk8u-dev/pull/381 +%patch2000 -p1 popd # RPM-only fixes @@ -1500,14 +1500,29 @@ done %{_jvmdir}/%{miscportablearchive}.sha256sum %changelog +* Wed Oct 11 2023 Andrew Hughes - 1:1.8.0.392.b08-1 +- Update to shenandoah-jdk8u392-b08 (GA) +- Update release notes for shenandoah-8u392-b08. +- Regenerate PR2462 patch following JDK-8315135 +- Bump version of bundled libpng to 1.6.39 +- Add backport of JDK-8312489 heading upstream for 8u402 (see OPENJDK-2095) +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** + +* Fri Sep 29 2023 Andrew Hughes - 1:1.8.0.392.b01-1 +- Update to shenandoah-jdk8u392-b01 (GA) +- Update release notes for shenandoah-8u392-b01. +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball + * Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-2 - Re-enable SystemTap support and perform only substitutions possible without final NVR available - Include tapsets in the miscellaneous tarball - Drop unused globals for tapset installation * Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-1 -- Update to shenandoah-jdk8u372-b05 (GA) -- Update release notes for shenandoah-8u372-b05. +- Update to shenandoah-jdk8u382-b05 (GA) +- Update release notes for shenandoah-8u382-b05. - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** * Fri Jul 07 2023 Andrew Hughes - 1:1.8.0.382.b04-0.1.ea diff --git a/SOURCES/jdk8312489-max_sig_default_increase.patch b/SOURCES/jdk8312489-max_sig_default_increase.patch new file mode 100644 index 0000000..adf9e09 --- /dev/null +++ b/SOURCES/jdk8312489-max_sig_default_increase.patch @@ -0,0 +1,48 @@ +commit c38a36f124a7eb28920cc367cb01b67d973a55c0 +Author: Andrew John Hughes +Date: Wed Oct 11 01:42:03 2023 +0100 + + Backport e47a84f23dd2608c6f5748093eefe301fb5bf750 + +diff --git a/jdk/src/share/classes/java/util/jar/JarFile.java b/jdk/src/share/classes/java/util/jar/JarFile.java +index a26dcc4a1c7..ac2e1c9d6a8 100644 +--- a/jdk/src/share/classes/java/util/jar/JarFile.java ++++ b/jdk/src/share/classes/java/util/jar/JarFile.java +@@ -436,7 +436,9 @@ class JarFile extends ZipFile { + throw new IOException("Unsupported size: " + uncompressedSize + + " for JarEntry " + ze.getName() + + ". Allowed max size: " + +- SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes"); ++ SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " + ++ "You can use the jdk.jar.maxSignatureFileSize " + ++ "system property to increase the default value."); + } + int len = (int)uncompressedSize; + byte[] b = IOUtils.readAllBytes(is); +diff --git a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java +index c335e964f63..afdfa406b92 100644 +--- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java ++++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java +@@ -855,16 +855,16 @@ public class SignatureFileVerifier { + * the maximum allowed number of bytes for the signature-related files + * in a JAR file. + */ +- Integer tmp = AccessController.doPrivileged(new GetIntegerAction( +- "jdk.jar.maxSignatureFileSize", 8000000)); ++ int tmp = AccessController.doPrivileged(new GetIntegerAction( ++ "jdk.jar.maxSignatureFileSize", 16000000)); + if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { + if (debug != null) { +- debug.println("Default signature file size 8000000 bytes " + +- "is used as the specified size for the " + +- "jdk.jar.maxSignatureFileSize system property " + ++ debug.println("The default signature file size of 16000000 bytes " + ++ "will be used for the jdk.jar.maxSignatureFileSize " + ++ "system property since the specified value " + + "is out of range: " + tmp); + } +- tmp = 8000000; ++ tmp = 16000000; + } + return tmp; + } diff --git a/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch b/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch index 17e1f69..5f05d73 100644 --- a/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch +++ b/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch @@ -7,10 +7,11 @@ 8074839: Resolve disabled warnings for libunpack and the unpack200 binary Reviewed-by: dholmes, ksrini -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +index bdaf95a2f6a..60c5b4f2a69 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h -@@ -63,7 +63,7 @@ +@@ -63,7 +63,7 @@ struct bytes { bytes res; res.ptr = ptr + beg; res.len = end - beg; @@ -19,10 +20,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openj return res; } // building C strings inside byte buffers: -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +index 5fbc7261fb3..4c002e779d8 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp -@@ -292,7 +292,7 @@ +@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject if (uPtr->aborting()) { THROW_IOE(uPtr->get_abort_message()); @@ -31,16 +33,16 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openj } // We have fetched all the files. -@@ -310,7 +310,7 @@ - JNIEXPORT jlong JNICALL - Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { - unpacker* uPtr = get_unpacker(env, pObj, false); +@@ -312,7 +312,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { + // There's no need to create a new unpacker here if we don't already have one + // just to immediatly free it afterwards. + unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true); - CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0); size_t consumed = uPtr->input_consumed(); + // free_unpacker() will set the unpacker field on 'pObj' to null free_unpacker(env, pObj, uPtr); - return consumed; -@@ -320,6 +320,7 @@ +@@ -323,6 +323,7 @@ JNIEXPORT jboolean JNICALL Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj, jstring pProp, jstring pValue) { unpacker* uPtr = get_unpacker(env, pObj); @@ -48,10 +50,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openj const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); CHECK_EXCEPTION_RETURN_VALUE(prop, false); const char* value = env->GetStringUTFChars(pValue, JNI_FALSE); -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +index 6fbc43a18ae..722c8baaff0 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp -@@ -142,31 +142,28 @@ +@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) { return progname; } @@ -101,10 +104,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp open } } -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +index 56f391b1e87..f0a25f8cd20 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp -@@ -222,9 +222,9 @@ +@@ -225,9 +225,9 @@ struct entry { } #ifdef PRODUCT @@ -116,7 +120,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op #endif }; -@@ -715,13 +715,13 @@ +@@ -718,13 +718,13 @@ void unpacker::read_file_header() { // Now we can size the whole archive. // Read everything else into a mega-buffer. rp = hdr.rp; @@ -134,7 +138,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op abort("EOF reading fixed input buffer"); return; } -@@ -735,7 +735,7 @@ +@@ -738,7 +738,7 @@ void unpacker::read_file_header() { return; } input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), @@ -143,7 +147,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op CHECK; assert(input.limit()[0] == 0); // Move all the bytes we read initially into the real buffer. -@@ -958,13 +958,13 @@ +@@ -961,13 +961,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { nentries = next_entry; // place a limit on future CP growth: @@ -159,7 +163,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op // Note that this CP does not include "empty" entries // for longs and doubles. Those are introduced when -@@ -982,8 +982,9 @@ +@@ -985,8 +985,9 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { } // Initialize *all* our entries once @@ -170,7 +174,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op initGroupIndexes(); // Initialize hashTab to a generous power-of-two size. -@@ -3677,21 +3678,22 @@ +@@ -3681,21 +3682,22 @@ void cpool::computeOutputIndexes() { unpacker* debug_u; @@ -197,7 +201,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op case CONSTANT_Signature: if (value.b.ptr == null) return ref(0)->string(); -@@ -3711,26 +3713,28 @@ +@@ -3715,26 +3717,28 @@ char* entry::string() { break; default: if (nrefs == 0) { @@ -235,10 +239,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op } void print_cp_entries(int beg, int end) { -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +index cec7a88b24e..ed5f3336a59 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h -@@ -209,7 +209,7 @@ +@@ -209,7 +209,7 @@ struct unpacker { byte* rp; // read pointer (< rplimit <= input.limit()) byte* rplimit; // how much of the input block has been read? julong bytes_read; @@ -247,10 +252,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h open // callback to read at least one byte, up to available input typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen); -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +index e5197e1a3f1..40a10055ea5 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp -@@ -81,7 +81,7 @@ +@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger int assert_failed(const char* p) { char message[1<<12]; sprintf(message, "@assert failed: %s\n", p); @@ -259,10 +265,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ope breakpoint(); unpack_abort(message); return 0; -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +index f58c94956c0..343da3e183b 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp -@@ -84,7 +84,7 @@ +@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) { } // Write data to the ZIP output stream. @@ -271,7 +278,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openj while (len > 0) { int rc = (int)fwrite(buff, 1, len, jarfp); if (rc <= 0) { -@@ -323,12 +323,12 @@ +@@ -323,12 +323,12 @@ void jar::write_central_directory() { // Total number of disks (int) header64[36] = (ushort)SWAP_BYTES(1); header64[37] = 0; @@ -286,10 +293,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openj PRINTCR((2, "writing zip comment\n")); // Write the comment. -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +index 14ffc9d65bd..9877f6f68ca 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h -@@ -68,8 +68,8 @@ +@@ -68,8 +68,8 @@ struct jar { } // Private Methods diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index f26a4c9..161229c 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -102,8 +102,7 @@ # similarly for other %%{_jvmdir}/{jre,java} and %%{_javadocdir}/{java,java-zip} %define is_release_build() %( if [ "%{?1}" == "%{debug_suffix_unquoted}" -o "%{?1}" == "%{fastdebug_suffix_unquoted}" ]; then echo "0" ; else echo "1"; fi ) -# while JDK is a techpreview(is_system_jdk=0), some provides are turned off. Once jdk stops to be an techpreview, move it to 1 -# as sytem JDK, we mean any JDK which can run whole system java stack without issues (like bytecode issues, module issues, dependencies...) +# Indicates whether this is the default JDK on this version of RHEL %global is_system_jdk 0 %global aarch64 aarch64 arm64 armv8 @@ -303,8 +302,12 @@ # New Version-String scheme-style defines %global majorver 8 - -# Define IcedTea version used for SystemTap tapsets and desktop file +# Define version of OpenJDK 8 used +%global project openjdk +%global repo shenandoah-jdk8u +%global openjdk_revision jdk8u392-b08 +%global shenandoah_revision shenandoah-%{openjdk_revision} +# Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 # Define current Git revision for the FIPS support patches %global fipsver 6d1aade0648 @@ -314,7 +317,7 @@ # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{shenandoah_revision} # Settings for local security configuration %global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} @@ -333,35 +336,24 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif %endif %endif -# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. -%global shenandoah_project openjdk -%global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u382-b05 -%global shenandoah_revision shenandoah-%{openjdk_revision} -# Define old aarch64/jdk8u tree variables for compatibility -%global project %{shenandoah_project} -%global repo %{shenandoah_repo} -%global revision %{shenandoah_revision} - - # e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 -%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) +%global version_tag %(VERSION=%{shenandoah_revision}; echo ${VERSION%%-shenandoah-merge*}) # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) %global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 2 +%global rpmrelease 3 # Settings used by the portable build -%global portablerelease 2 +%global portablerelease 1 %global portablesuffix el8 %global portablebuilddir /builddir/build/BUILD @@ -1009,11 +1001,12 @@ exit 0 %ifarch %{jfr_arches} %dir %{_jvmdir}/%{jredir -- %{?1}}/lib/jfr %endif +# RHEL-11313; alternatives not owned by packages %if %is_system_jdk %if %{is_release_build -- %{?1}} %ghost %{_bindir}/java %ghost %{_jvmdir}/jre -# https://bugzilla.redhat.com/show_bug.cgi?id=1312019 +%ghost %{_bindir}/%{alt_java_name} %ghost %{_bindir}/jjs %ghost %{_bindir}/keytool %ghost %{_bindir}/orbd @@ -1023,6 +1016,9 @@ exit 0 %ghost %{_bindir}/servertool %ghost %{_bindir}/tnameserv %ghost %{_bindir}/unpack200 +%ghost %{_jvmdir}/jre-%{origin} +%ghost %{_jvmdir}/jre-%{javaver} +%ghost %{_jvmdir}/jre-%{javaver}-%{origin} %endif %endif } @@ -1109,8 +1105,8 @@ exit 0 %{_mandir}/man1/javadoc-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/javah-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/javap-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jcmd-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jconsole-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jdb-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jdeps-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jhat-%{uniquesuffix -- %{?1}}.1* @@ -1135,8 +1131,10 @@ exit 0 %dir %{tapsetdir} %{tapsetdir}/*%{_arch}%{?1}.stp %endif +# RHEL-11313; alternatives not owned by packages %if %is_system_jdk %if %{is_release_build -- %{?1}} +%ghost %{_bindir}/javac %ghost %{_jvmdir}/java %ghost %{_bindir}/appletviewer %ghost %{_bindir}/clhsdb @@ -1145,9 +1143,6 @@ exit 0 %ghost %{_bindir}/idlj %ghost %{_bindir}/jar %ghost %{_bindir}/jarsigner -%ghost %{_bindir}/java -%ghost %{_bindir}/java-rmi.cgi -%ghost %{_bindir}/javac %ghost %{_bindir}/javadoc %ghost %{_bindir}/javah %ghost %{_bindir}/javap @@ -1155,6 +1150,7 @@ exit 0 %ghost %{_bindir}/jconsole %ghost %{_bindir}/jdb %ghost %{_bindir}/jdeps +%ghost %{_bindir}/jfr %ghost %{_bindir}/jhat %ghost %{_bindir}/jinfo %ghost %{_bindir}/jjs @@ -1165,22 +1161,16 @@ exit 0 %ghost %{_bindir}/jstack %ghost %{_bindir}/jstat %ghost %{_bindir}/jstatd -%ghost %{_bindir}/keytool %ghost %{_bindir}/native2ascii -%ghost %{_bindir}/orbd -%ghost %{_bindir}/pack200 -%ghost %{_bindir}/policytool %ghost %{_bindir}/rmic -%ghost %{_bindir}/rmid -%ghost %{_bindir}/rmiregistry %ghost %{_bindir}/schemagen %ghost %{_bindir}/serialver -%ghost %{_bindir}/servertool -%ghost %{_bindir}/tnameserv -%ghost %{_bindir}/unpack200 %ghost %{_bindir}/wsgen %ghost %{_bindir}/wsimport %ghost %{_bindir}/xjc +%ghost %{_jvmdir}/java-%{origin} +%ghost %{_jvmdir}/java-%{javaver} +%ghost %{_jvmdir}/java-%{javaver}-%{origin} %endif %endif } @@ -1403,10 +1393,10 @@ URL: http://openjdk.java.net/ # OpenJDK 8u, the aarch64 port and Shenandoah # To regenerate, use: # VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} +# FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION} # REPO_ROOT= generate_source_tarball.sh -# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} -Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz +# where the source is obtained from http://github.com/%%{project}/%%{repo} +Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz # Release notes Source7: NEWS @@ -1572,6 +1562,8 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch # JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 Patch581: jdk8257794-remove_broken_assert.patch +# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar +Patch2000: jdk8312489-max_sig_default_increase.patch ############################################# # @@ -1693,7 +1685,7 @@ Provides: bundled(lcms2) = 2.10.0 # Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h Provides: bundled(libjpeg) = 6b # Version in jdk/src/share/native/sun/awt/libpng/png.h -Provides: bundled(libpng) = 1.6.37 +Provides: bundled(libpng) = 1.6.39 %ifnarch %{portable_build_arches} # We link statically against libstdc++ to increase portability BuildRequires: libstdc++-static @@ -1940,6 +1932,7 @@ if [ $prioritylength -ne 7 ] ; then fi # For old patches ln -s %{top_level_dir_name} jdk8 +ln -s %{top_level_dir_name} openjdk # replace outdated configure guess script # @@ -1993,6 +1986,8 @@ pushd %{top_level_dir_name} %patch1000 -p1 # cacerts patch; must follow FIPS patch as it also alters java.security %patch539 -p1 +# JDK-8312489 backport, proposed for 8u402: https://github.com/openjdk/jdk8u-dev/pull/381 +%patch2000 -p1 popd # RPM-only fixes @@ -2882,23 +2877,50 @@ cjc.mainProgram(args) %endif %changelog +* Mon Oct 16 2023 Andrew Hughes - 1:1.8.0.392.b08-3 +- Revert jcmd move as jcmd will not operate without tools.jar +- Related: RHEL-13605 + +* Tue Oct 10 2023 Andrew Hughes - 1:1.8.0.392.b08-2 +- Update to shenandoah-jdk8u392-b08 (GA) +- Update release notes for shenandoah-8u392-b08. +- Sync the copy of the portable specfile with the latest update +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Regenerate PR2462 patch following JDK-8315135 +- Bump version of bundled libpng to 1.6.39 +- Add backport of JDK-8312489 heading upstream for 8u402 (see OPENJDK-2095) +- Add missing JFR, alt-java, jre-* and java-* alternative ghosts +- Move jcmd to the headless package +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** +- Resolves: RHEL-12208 +- Resolves: RHEL-13587 +- Resolves: RHEL-13590 +- Resolves: RHEL-13593 +- Resolves: RHEL-13583 +- Resolves: RHEL-13605 +- Resolves: RHEL-13615 + +* Fri Sep 29 2023 Andrew Hughes - 1:1.8.0.392.b01-1 +- Update to shenandoah-jdk8u392-b01 (GA) +- Update release notes for shenandoah-8u392-b01. +- Sync the copy of the portable specfile with the latest update +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Related: RHEL-12209 + * Wed Jul 19 2023 Andrew Hughes - 1:1.8.0.382.b05-2 -- Bump release number so we are newer than 9.0 -- Related: rhbz#2221106 - -* Sat Jul 15 2023 Andrew Hughes - 1:1.8.0.382.b05-1 -- The 'prelease' variable should refer to 'portablerelease', not 'rpmrelease' -- Move file installation back within the pushd to jdk_image -- Related: rhbz#2221106 - -* Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-1 -- Update to shenandoah-jdk8u372-b05 (GA) -- Update release notes for shenandoah-8u372-b05. +- Update to shenandoah-jdk8u382-b05 (GA) +- Update release notes for shenandoah-8u382-b05. - Sync the copy of the portable specfile with the latest update - Add note at top of spec file about rebuilding - Use tapsets from the misc tarball on portable builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes +- The 'prelease' variable should refer to 'portablerelease', not 'rpmrelease' +- Bump release number so we are newer than 9.0 - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2221106