diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index e54a6d4..bc2178d 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -985,7 +985,7 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 0%{?dist} +Release: 1%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1095,7 +1095,8 @@ Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_ # PR3083, RH1346460: Regression in SSL debug output without an ECC provider Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch # RH1566890: CVE-2018-3639 -Patch529: rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639.patch +Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch +Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch # PR3601: Fix additional -Wreturn-type issues introduced by 8061651 Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch # Support for building the SunEC provider with the system NSS installation @@ -1585,6 +1586,7 @@ sh %{SOURCE12} %patch523 %patch528 %patch529 +%patch531 %patch530 %patch563 %patch564 @@ -2267,6 +2269,13 @@ require "copy_jdk_configs.lua" %endif %changelog +* Mon May 13 2019 Severin Gehwolf - 1:1.8.0.212.b04-1 +- Update patch for RH1566890. + - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to + rh1566890-CVE_2018_3639-speculative_store_bypass.patch + - Added dependent patch, + rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch + * Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-0 - Update to aarch64-shenandoah-jdk8u212-b04. diff --git a/rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639.patch b/rh1566890-CVE_2018_3639-speculative_store_bypass.patch similarity index 100% rename from rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639.patch rename to rh1566890-CVE_2018_3639-speculative_store_bypass.patch diff --git a/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch b/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch new file mode 100644 index 0000000..94ef9d4 --- /dev/null +++ b/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch @@ -0,0 +1,54 @@ +diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp +--- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp ++++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp +@@ -5001,26 +5001,43 @@ + + /* Per task speculation control */ + #ifndef PR_GET_SPECULATION_CTRL +-#define PR_GET_SPECULATION_CTRL 52 ++# define PR_GET_SPECULATION_CTRL 52 + #endif + #ifndef PR_SET_SPECULATION_CTRL +-#define PR_SET_SPECULATION_CTRL 53 ++# define PR_SET_SPECULATION_CTRL 53 + #endif + /* Speculation control variants */ +-# undef PR_SPEC_STORE_BYPASS ++#ifndef PR_SPEC_STORE_BYPASS + # define PR_SPEC_STORE_BYPASS 0 ++#endif + /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ +-# undef PR_SPEC_NOT_AFFECTED +-# undef PR_SPEC_PRCTL +-# undef PR_SPEC_ENABLE +-# undef PR_SPEC_DISABLE ++ ++#ifndef PR_SPEC_NOT_AFFECTED + # define PR_SPEC_NOT_AFFECTED 0 ++#endif ++#ifndef PR_SPEC_PRCTL + # define PR_SPEC_PRCTL (1UL << 0) ++#endif ++#ifndef PR_SPEC_ENABLE + # define PR_SPEC_ENABLE (1UL << 1) ++#endif ++#ifndef PR_SPEC_DISABLE + # define PR_SPEC_DISABLE (1UL << 2) ++#endif ++#ifndef PR_SPEC_FORCE_DISABLE ++# define PR_SPEC_FORCE_DISABLE (1UL << 3) ++#endif ++#ifndef PR_SPEC_DISABLE_NOEXEC ++# define PR_SPEC_DISABLE_NOEXEC (1UL << 4) ++#endif + + static void set_speculation() __attribute__((constructor)); + static void set_speculation() { ++ if ( prctl(PR_SET_SPECULATION_CTRL, ++ PR_SPEC_STORE_BYPASS, ++ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) { ++ return; ++ } + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); + } +