From dc4e79abbb1edfcc9694d6e8dc8bebe6acae581c Mon Sep 17 00:00:00 2001
From: Jiri Vanek <jvanek@redhat.com>
Date: Thu, 20 Oct 2016 10:31:31 +0200
Subject: [PATCH] Updated to security update u111 - updated to
 aarch64-jdk8u111-b16 (from aarch64-port/jdk8u) - updated to
 aarch64-shenandoah-jdk8u111-b16 (from aarch64-port/jdk8u-shenandoah) of
 hotspot - used aarch64-port-jdk8u-aarch64-jdk8u111-b16.tar.xz as new sources
 - used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u111-b16.tar.xz
 as new sources for hotspot - adapted patches

---
 .gitignore                     |  2 +
 8157306-pr3121-rh1360863.patch | 29 ------------
 always_assumemp.patch          | 12 +++++
 corba_typo_fix.patch           | 24 ----------
 java-1.8.0-openjdk.spec        | 84 +++++++++++++---------------------
 rh1367357.patch                | 11 +++++
 sources                        |  4 +-
 update_package.sh              |  4 +-
 8 files changed, 60 insertions(+), 110 deletions(-)
 delete mode 100644 8157306-pr3121-rh1360863.patch
 create mode 100644 always_assumemp.patch
 delete mode 100644 corba_typo_fix.patch
 create mode 100644 rh1367357.patch

diff --git a/.gitignore b/.gitignore
index 744712e..1126169 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,5 @@
 /systemtap-tapset-3.1.0.tar.xz
 /aarch64-port-jdk8u-aarch64-jdk8u102-b14.tar.xz
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u102-b14.tar.xz
+/aarch64-port-jdk8u-aarch64-jdk8u111-b16.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u111-b16.tar.xz
diff --git a/8157306-pr3121-rh1360863.patch b/8157306-pr3121-rh1360863.patch
deleted file mode 100644
index 8cb69ae..0000000
--- a/8157306-pr3121-rh1360863.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-# HG changeset patch
-# User aph
-# Date 1470065634 -3600
-#      Mon Aug 01 16:33:54 2016 +0100
-# Node ID ee9bffb3bd390b2ad805c7b59d7d2ab8a68a4367
-# Parent  ab3e0bde3c15bbba60de4decabcd70ffef657448
-8157306, PR3121: Random infrequent null pointer exceptions in javac
-Reviewed-by: kvn
-
-diff -r ab3e0bde3c15 -r ee9bffb3bd39 src/share/vm/opto/lcm.cpp
---- openjdk/hotspot/src/share/vm/opto/lcm.cpp	Tue Jul 26 04:42:03 2016 +0100
-+++ openjdk/hotspot/src/share/vm/opto/lcm.cpp	Mon Aug 01 16:33:54 2016 +0100
-@@ -1090,11 +1090,14 @@
-     Block *sb = block->_succs[i];
-     // Clone the entire area; ignoring the edge fixup for now.
-     for( uint j = end; j > beg; j-- ) {
--      // It is safe here to clone a node with anti_dependence
--      // since clones dominate on each path.
-       Node *clone = block->get_node(j-1)->clone();
-       sb->insert_node(clone, 1);
-       map_node_to_block(clone, sb);
-+#ifdef AARCH64
-+      if (clone->needs_anti_dependence_check()) {
-+        insert_anti_dependences(sb, clone);
-+      }
-+#endif
-     }
-   }
- 
diff --git a/always_assumemp.patch b/always_assumemp.patch
new file mode 100644
index 0000000..b0a874d
--- /dev/null
+++ b/always_assumemp.patch
@@ -0,0 +1,12 @@
+diff --git a/src/share/vm/runtime/globals.hpp b/src/share/vm/runtime/globals.hpp
+--- openjdk/hotspot/src/share/vm/runtime/globals.hpp
++++ openjdk/hotspot/src/share/vm/runtime/globals.hpp
+@@ -530,7 +530,7 @@
+   lp64_product(intx, ObjectAlignmentInBytes, 8,                             \
+           "Default object alignment in bytes, 8 is minimum")                \
+                                                                             \
+-  product(bool, AssumeMP, false,                                            \
++  product(bool, AssumeMP, true,                                             \
+           "Instruct the VM to assume multiple processors are available")    \
+                                                                             \
+   /* UseMembar is theoretically a temp flag used for memory barrier         \
diff --git a/corba_typo_fix.patch b/corba_typo_fix.patch
deleted file mode 100644
index 9756a8a..0000000
--- a/corba_typo_fix.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -r 5c43ac1f2a59 src/share/classes/javax/rmi/CORBA/Util.java
---- openjdk.orig/corba/src/share/classes/javax/rmi/CORBA/Util.java	Fri Jul 01 04:11:22 2016 +0100
-+++ openjdk/corba/src/share/classes/javax/rmi/CORBA/Util.java	Mon Jul 04 16:04:39 2016 +0100
-@@ -413,8 +413,18 @@
-                 // check that a serialization permission has been
-                 // set to allow the loading of the Util delegate
-                 // which provides access to custom ValueHandler
--                sm.checkPermission(new SerializablePermission(
--                        "enableCustomValueHanlder"));
-+                try {
-+                    sm.checkPermission(new SerializablePermission(
-+                        "enableCustomValueHandler"));
-+                } catch (SecurityException ex1) {
-+                    // Fallback: See if the permission is mis-spelt
-+                    try {
-+                        sm.checkPermission(new SerializablePermission(
-+                            "enableCustomValueHanlder"));
-+                    } catch (SecurityException ex2) {
-+                        throw ex1; // Throw original exception
-+                    }
-+                }
-             }
-         }
-     }
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 6dfbf0c..a74760b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -27,8 +27,8 @@
 %global multilib_arches %{power64} sparc64 x86_64
 %global jit_arches      %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
 
-# by default we build debug build during main build only on intel arches
-%ifarch %{ix86} x86_64 %{aarch64} %{ppc64le}
+# By default, we build a debug build during main build on JIT architectures
+%ifarch %{jit_arches}
 %global include_debug_build 1
 %else
 %global include_debug_build 0
@@ -170,7 +170,7 @@
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
 %global project         aarch64-port
 %global repo            jdk8u
-%global revision        aarch64-jdk8u102-b14
+%global revision        aarch64-jdk8u111-b16
 # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60  (dont forget spec escape % by %%)
 %global whole_update    %(VERSION=%{revision}; echo ${VERSION%%-*})
 # eg  jdk8u60 -> 60 or aarch64-jdk8u60 -> 60
@@ -254,7 +254,8 @@ if [ "$1" -gt 1 ]; then
        "${sum}" = '400cc64d4dd31f36dc0cc2c701d603db' -o \\
        "${sum}" = '321342219bb130d238ff144b9e5dbfc1' -o \\
        "${sum}" = '134a37a84983b620f4d8d51a550c0c38' -o \\
-       "${sum}" = '5ea976e209d0d0b5b6ab148416123e02' ]; then
+       "${sum}" = '5ea976e209d0d0b5b6ab148416123e02' -o \\
+       "${sum}" = '5ab4c77cf14fbd7f7ee6f51a7a73d88c' ]; then
     if [ -f "${javasecurity}.rpmnew" ]; then
       mv -f "${javasecurity}.rpmnew" "${javasecurity}"
     fi
@@ -794,7 +795,7 @@ Obsoletes: java-1.7.0-openjdk-accessibility%1
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}
-Release: 5.%{buildver}%{?dist}
+Release: 1.%{buildver}%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
 # and this change was brought into RHEL-4.  java-1.5.0-ibm packages
 # also included the epoch in their virtual provides.  This created a
@@ -850,7 +851,7 @@ Source20: repackReproduciblePolycies.sh
 Source100: config.guess
 Source101: config.sub
 # shenandoah hotpost
-Source999: aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u102-b14.tar.xz
+Source999: aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u111-b16.tar.xz
 
 # RPM/distribution specific patches
 
@@ -919,8 +920,6 @@ Patch507: pr2842-02.patch
 Patch400: 8154313.patch
 # S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate
 Patch526: 6260348-pr3066.patch
-# S8157306, PR3121, RH1360863: Random infrequent null pointer exceptions in javac
-Patch531: 8157306-pr3121-rh1360863.patch
 # S8162384, PR3122, RH1358661: Performance regression: bimorphic inlining may be bypassed by type speculation
 Patch532: 8162384-pr3122-rh1358661.patch
 
@@ -938,19 +937,17 @@ Patch606: 8154210.patch
 # S8158260, PR2991, RH1341258: JVM on PPC64 LE crashes due to an illegal instruction in JITed code
 Patch524: 8158260-pr2991-rh1341258.patch
 
-# Patches upstream and appearing in 8u122
-Patch607: 8167200.hotspotAarch64.patch
-
 # Patches ineligible for 8u
 # 8043805: Allow using a system-installed libjpeg
 Patch201: system-libjpeg.patch
-Patch204: hotspot-remove-debuglink.patch
 
 # Local fixes
 # PR1834, RH1022017: Reduce curves reported by SSL to those in NSS
 Patch525: pr1834-rh1022017.patch
-# Temporary fix for typo in CORBA security patch
-Patch529: corba_typo_fix.patch
+# RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read()
+Patch533: rh1367357.patch
+# Turn on AssumeMP by default on RHEL systems
+Patch534: always_assumemp.patch
 
 # Non-OpenJDK fixes
 
@@ -960,7 +957,6 @@ BuildRequires: alsa-lib-devel
 BuildRequires: binutils
 BuildRequires: cups-devel
 BuildRequires: desktop-file-utils
-Buildrequires: elfutils
 BuildRequires: fontconfig
 BuildRequires: freetype-devel
 BuildRequires: giflib-devel
@@ -1239,7 +1235,6 @@ sh %{SOURCE12}
 %patch201
 %patch202
 %patch203
-%patch204
 
 %patch1
 %patch3
@@ -1283,11 +1278,13 @@ sh %{SOURCE12}
 %patch526
 %patch527
 %patch528
-%patch529
-%patch531
 %patch532
+%patch533
 
-%patch607
+# RHEL-only patches
+%if 0%{?rhel}
+%patch534
+%endif
 
 # Extract systemtap tapsets
 %if %{with_systemtap}
@@ -1463,36 +1460,17 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
 
 # Check debug symbols are present and can identify code
 SERVER_JVM="$JAVA_HOME/jre/lib/%{archinstall}/server/libjvm.so"
+if [ -f "$SERVER_JVM" ] ; then
+  nm -aCl "$SERVER_JVM" | grep javaCalls.cpp
+fi
 CLIENT_JVM="$JAVA_HOME/jre/lib/%{archinstall}/client/libjvm.so"
+if [ -f "$CLIENT_JVM" ] ; then
+  nm -aCl "$CLIENT_JVM" | grep javaCalls.cpp
+fi
 ZERO_JVM="$JAVA_HOME/jre/lib/%{archinstall}/zero/libjvm.so"
-jvms=("$SERVER_JVM" "$CLIENT_JVM" "$ZERO_JVM")
-for lib in "${jvms[@]}"; do
-  if [ -f "$lib" ] ; then
-    echo "Testing $lib for debug symbols"
-    # All these tests rely on RPM failing the build if the exit code of any set
-    # of piped commands is non-zero.
-
-    # Test for .debug_* sections in the shared object. This is the  main test.
-    # Stripped objects will not contain these.
-    eu-readelf -S "$lib" | grep "] .debug_"
-    test $(eu-readelf -S "$lib" | egrep "\]\ .debug_(info|abbrev)" | wc --lines) == 2
-
-    # Test FILE symbols. These will most likely be removed by anyting that
-    # manipulates symbol tables because it's generally useless. So a nice test
-    # that nothing has messed with symbols.
-    eu-readelf -s "$lib" | grep "00000000      0 FILE    LOCAL  DEFAULT      ABS javaCalls.cpp"
-
-    # Test that there are no .gnu_debuglink sections pointing to another
-    # debuginfo file. There shouldn't be any debuginfo files, so the link makes
-    # no sense either.
-    eu-readelf -S "$lib" | grep 'gnu'
-    if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then
-        echo "bad .gnu_debuglink section."
-        eu-readelf -x .gnu_debuglink "$lib"
-        false
-    fi
-  fi
-done
+if [ -f "$ZERO_JVM" ] ; then
+  nm -aCl "$ZERO_JVM" | grep javaCalls.cpp
+fi
 
 # Check src.zip has all sources. See RHBZ#1130490
 jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
@@ -1902,12 +1880,12 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
-* Fri Oct 14 2016 Omair Majid <omajid@redhat.com> - 1:1.8.0.102-5.b14
-- added hotspot-remove-debuglink.patch
-- removed grep on javaCalls, and replace by eu-readelfs on libraries
-
-* Wed Oct 5 2016  Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.102-4.b14
-- added patch for failing scala stuff
+* Wed Oct 19 2016 jvanek <jvanek@redhat.com> - 1:1.8.0.111-1.b16
+- updated to aarch64-jdk8u111-b16 (from aarch64-port/jdk8u)
+- updated to aarch64-shenandoah-jdk8u111-b16 (from aarch64-port/jdk8u-shenandoah) of hotspot
+- used aarch64-port-jdk8u-aarch64-jdk8u111-b16.tar.xz as new sources
+- used aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u111-b16.tar.xz as new sources for hotspot
+- adapted patches
 
 * Wed Oct 5 2016  Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.102-3.b14
 - debug subpackages allowed on aarch64 and ppc64le
diff --git a/rh1367357.patch b/rh1367357.patch
new file mode 100644
index 0000000..254be99
--- /dev/null
+++ b/rh1367357.patch
@@ -0,0 +1,11 @@
+diff --git a/src/share/native/sun/java2d/cmm/lcms/cmstypes.c b/src/share/native/sun/java2d/cmm/lcms/cmstypes.c
+--- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c
++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c
+@@ -1484,6 +1484,7 @@
+ 
+         // Check for overflow
+         if (Offset < (SizeOfHeader + 8)) goto Error;
++        if ((Offset + Len) > SizeOfTag + 8) goto Error;
+ 
+         // True begin of the string
+         BeginOfThisString = Offset - SizeOfHeader - 8;
diff --git a/sources b/sources
index be169f3..2b903ea 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 822e321b710defc8f9c8ec97a6f34b55  systemtap-tapset-3.1.0.tar.xz
-fd982589a6345c6dd3698256bed45d3d  aarch64-port-jdk8u-aarch64-jdk8u102-b14.tar.xz
-76ebec7a595c567a66b9d15fdc530a56  aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u102-b14.tar.xz
+f33dff82e5c0d33d81d8100576b612eb  aarch64-port-jdk8u-aarch64-jdk8u111-b16.tar.xz
+dcb3a75964f52a50bb32b2179132724f  aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u111-b16.tar.xz
diff --git a/update_package.sh b/update_package.sh
index 92534ab..3a47bef 100755
--- a/update_package.sh
+++ b/update_package.sh
@@ -24,7 +24,7 @@ if [ "x$REPO_NAME" = "x" ] ; then
     REPO_NAME="jdk8u"
 fi
 if [ "x$VERSION" = "x" ] ; then
-    VERSION="aarch64-jdk8u102-b14"
+    VERSION="aarch64-jdk8u111-b16"
 fi
 
 if [ "x$COMPRESSION" = "x" ] ; then
@@ -102,7 +102,7 @@ if [ "x$VERSION" = "xtip" ] ; then
     VERSION="tip"
 else
 	#hardcoding version for anything else except tip
-    VERSION="aarch64-shenandoah-jdk8u102-b14"
+    VERSION="aarch64-shenandoah-jdk8u111-b16"
 fi
 MAIN_REPO_NAME=$REPO_NAME
 REPO_NAME=jdk8u-shenandoah