diff --git a/.gitignore b/.gitignore index 3d74887..0238052 100644 --- a/.gitignore +++ b/.gitignore @@ -290,3 +290,4 @@ /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz /openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz +/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b01-4curve.tar.xz diff --git a/java-1.8.0-openjdk-portable.specfile b/java-1.8.0-openjdk-portable.specfile index 9197600..d4ec700 100644 --- a/java-1.8.0-openjdk-portable.specfile +++ b/java-1.8.0-openjdk-portable.specfile @@ -298,7 +298,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project openjdk %global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u372-b07 +%global openjdk_revision jdk8u382-b01 %global shenandoah_revision shenandoah-%{openjdk_revision} # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} @@ -319,12 +319,12 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 2 +%global rpmrelease 1 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 1 +%global is_ga 0 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -628,8 +628,6 @@ Patch12: jdk8186464-rh1433262-zip64_failure.patch # able to be removed once that release is out # and used by this RPM. ############################################# -# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key -Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch ############################################# # @@ -718,6 +716,8 @@ BuildRequires: lcms2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel %else +# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h +Provides: bundled(zlib) = 1.2.13 # Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.1 # Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h @@ -887,8 +887,6 @@ pushd %{top_level_dir_name} %patch1000 -p1 # system cacerts support %patch539 -p1 -# 8u382 fix -%patch2001 -p1 popd # RPM-only fixes @@ -1524,6 +1522,13 @@ done %{_jvmdir}/%{miscportablearchive}.sha256sum %changelog +* Wed Jun 28 2023 Andrew Hughes - 1:1.8.0.382.b01-0.1.ea +- Update to shenandoah-jdk8u382-b01 (EA) +- Update release notes for shenandoah-8u382-b01. +- Switch to EA mode. +- Remove JDK-8271199 patch which is now upstream. +- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update) + * Thu Apr 27 2023 Andrew Hughes - 1:1.8.0.372.b07-2 - Sync with existing RHEL 8 build, in order to start building portables on RHEL 8 - Fix debug symbols flag to newboot and package naming diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index 6a13486..e4f8dc3 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -318,7 +318,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project openjdk %global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u372-b07 +%global openjdk_revision jdk8u382-b01 %global shenandoah_revision shenandoah-%{openjdk_revision} # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} @@ -339,9 +339,9 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 4 +%global rpmrelease 1 # Settings used by the portable build -%global portablerelease 2 +%global portablerelease 1 %global portablesuffix el8 %global portablebuilddir /builddir/build/BUILD @@ -349,7 +349,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 1 +%global is_ga 0 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -1260,6 +1260,8 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} +# Equivalent for the portable build +%global prelease %{?eaprefix}%{rpmrelease}%{?extraver} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1341,11 +1343,11 @@ Source19: README.md Source20: java-1.%{majorver}.0-openjdk-portable.specfile # Setup variables to reference correct sources -%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz -%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz -%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz -%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz -%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz +%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.unstripped.jdk.%{_arch}.tar.xz +%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.docs.%{_arch}.tar.xz +%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.misc.%{_arch}.tar.xz +%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.slowdebug.jdk.%{_arch}.tar.xz +%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.fastdebug.jdk.%{_arch}.tar.xz ############################################ # @@ -1470,8 +1472,7 @@ Patch581: jdk8257794-remove_broken_assert.patch # able to be removed once that release is out # and used by this RPM. ############################################# -# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key -Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch + ############################################# # @@ -1537,16 +1538,16 @@ BuildRequires: unzip # For definitions and macros like jvmdir BuildRequires: javapackages-filesystem %if %{include_normal_build} -BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{prelease}.%{portablesuffix} %endif %if %{include_fastdebug_build} -BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix} %endif %if %{include_debug_build} -BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix} %endif -BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} -BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{prelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{prelease}.%{portablesuffix} # Zero-assembler build requirement %ifarch %{zero_arches} BuildRequires: libffi-devel @@ -1566,6 +1567,8 @@ BuildRequires: lcms2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel %else +# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h +Provides: bundled(zlib) = 1.2.13 # Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.1 # Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h @@ -1906,8 +1909,6 @@ pushd %{top_level_dir_name} %patch1000 -p1 # system cacerts support %patch539 -p1 -# 8u382 fix -%patch2001 -p1 popd # RPM-only fixes @@ -2016,7 +2017,7 @@ for suffix in %{build_loop} ; do mkdir -p $(dirname ${installdir}) mv %{name}* ${installdir} # Fix build paths in ELF files so it looks like we built them - portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}" + portablenvr="%{name}-portable-%{version}-%{prelease}.%{portablesuffix}.%{_arch}" for file in $(find ${installdir} -type f) ; do if file ${file} | grep -q 'ELF'; then %{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file} @@ -2557,6 +2558,15 @@ cjc.mainProgram(args) %endif %changelog +* Wed Jul 05 2023 Andrew Hughes - 1:1.8.0.382.b01-0.1.ea +- Update to shenandoah-jdk8u382-b01 (EA) +- Switch to EA mode. +- Remove JDK-8271199 patch which is now upstream. +- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update) +- Introduce 'prelease' for the portable release versioning, to handle EA builds +- Sync the copy of the portable specfile with the latest update +- Related: RHEL-12211 + * Thu Apr 27 2023 Andrew Hughes - 1:1.8.0.372.b07-4 - Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild. - Remove duplicate use of README.md inside the *-src package (it is no longer about sources) diff --git a/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch b/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch deleted file mode 100644 index 42ac516..0000000 --- a/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch +++ /dev/null @@ -1,167 +0,0 @@ -commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99 -Author: Alexey Bakhtin -Date: Tue Apr 4 10:29:11 2023 +0000 - - 8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key - - Reviewed-by: andrew, mbalao - Backport-of: f6232982b91cb2314e96ddbde3984836a810a556 - -diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java -index a79e97d7c74..5378446b97b 100644 ---- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java -+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java -@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi { - @Override - protected void engineInitVerify(PublicKey publicKey) - throws InvalidKeyException { -- if (!(publicKey instanceof RSAPublicKey)) { -+ if (publicKey instanceof RSAPublicKey) { -+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey; -+ isPublicKeyValid(rsaPubKey); -+ this.pubKey = rsaPubKey; -+ this.privKey = null; -+ resetDigest(); -+ } else { - throw new InvalidKeyException("key must be RSAPublicKey"); - } -- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey); -- this.privKey = null; -- resetDigest(); - } - - // initialize for signing. See JCA doc -@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi { - @Override - protected void engineInitSign(PrivateKey privateKey, SecureRandom random) - throws InvalidKeyException { -- if (!(privateKey instanceof RSAPrivateKey)) { -+ if (privateKey instanceof RSAPrivateKey) { -+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey; -+ isPrivateKeyValid(rsaPrivateKey); -+ this.privKey = rsaPrivateKey; -+ this.pubKey = null; -+ this.random = -+ (random == null ? JCAUtil.getSecureRandom() : random); -+ resetDigest(); -+ } else { - throw new InvalidKeyException("key must be RSAPrivateKey"); - } -- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey); -- this.pubKey = null; -- this.random = -- (random == null? JCAUtil.getSecureRandom() : random); -- resetDigest(); - } - - /** -@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi { - } - } - -+ /** -+ * Validate the specified RSAPrivateKey -+ */ -+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException { -+ try { -+ if (prKey instanceof RSAPrivateCrtKey) { -+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey; -+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) { -+ RSAKeyFactory.checkRSAProviderKeyLengths( -+ crtKey.getModulus().bitLength(), -+ crtKey.getPublicExponent()); -+ } else { -+ throw new InvalidKeyException( -+ "Some of the CRT-specific components are not available"); -+ } -+ } else { -+ RSAKeyFactory.checkRSAProviderKeyLengths( -+ prKey.getModulus().bitLength(), -+ null); -+ } -+ } catch (InvalidKeyException ikEx) { -+ throw ikEx; -+ } catch (Exception e) { -+ throw new InvalidKeyException( -+ "Can not access private key components", e); -+ } -+ isValid(prKey); -+ } -+ -+ /** -+ * Validate the specified RSAPublicKey -+ */ -+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException { -+ try { -+ RSAKeyFactory.checkRSAProviderKeyLengths( -+ pKey.getModulus().bitLength(), -+ pKey.getPublicExponent()); -+ } catch (InvalidKeyException ikEx) { -+ throw ikEx; -+ } catch (Exception e) { -+ throw new InvalidKeyException( -+ "Can not access public key components", e); -+ } -+ isValid(pKey); -+ } -+ - /** - * Validate the specified RSAKey and its associated parameters against - * internal signature parameters. - */ -- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException { -+ private void isValid(RSAKey rsaKey) throws InvalidKeyException { - try { - AlgorithmParameterSpec keyParams = rsaKey.getParams(); - // validate key parameters -@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi { - } - checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength()); - } -- return rsaKey; - } catch (SignatureException e) { - throw new InvalidKeyException(e); - } -diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java -index 6b219937981..b3c1fae9672 100644 ---- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java -+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java -@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl - RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded); - // check all CRT-specific components are available, if any one - // missing, return a non-CRT key instead -- if ((key.getPublicExponent().signum() == 0) || -- (key.getPrimeExponentP().signum() == 0) || -- (key.getPrimeExponentQ().signum() == 0) || -- (key.getPrimeP().signum() == 0) || -- (key.getPrimeQ().signum() == 0) || -- (key.getCrtCoefficient().signum() == 0)) { -+ if (checkComponents(key)) { -+ return key; -+ } else { - return new RSAPrivateKeyImpl( - key.algid, - key.getModulus(), -- key.getPrivateExponent() -- ); -- } else { -- return key; -+ key.getPrivateExponent()); - } - } - -+ /** -+ * Validate if all CRT-specific components are available. -+ */ -+ static boolean checkComponents(RSAPrivateCrtKey key) { -+ return !((key.getPublicExponent().signum() == 0) || -+ (key.getPrimeExponentP().signum() == 0) || -+ (key.getPrimeExponentQ().signum() == 0) || -+ (key.getPrimeP().signum() == 0) || -+ (key.getPrimeQ().signum() == 0) || -+ (key.getCrtCoefficient().signum() == 0)); -+ } -+ - /** - * Generate a new key from the specified type and components. - * Returns a CRT key if possible and a non-CRT key otherwise. diff --git a/sources b/sources index 808ed42..3b9cfac 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671 -SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz) = afc1324463883404f22cea3c37177d7b6164fc4cf285d958e7ec21aba976dc306045296eadaa296a31795be6b543ca0b742e0ba074689c3e5a50b9956383934b +SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b01-4curve.tar.xz) = e6219684046922a4fcfc577fe3457d28a48e79f3bb57b575b0195273b559293a8a8990197d5a37ca63d6a9d9c50ebf41b7d7630b1b16841df6396eb58b72f404