rpms/java-1.8.0-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

updated to security u45

Browse Source 
- removed patch6: disable-doclint-by-default.patch
- added patch d318d83c4e74.patch
- added  rhbz1206656_fix_current_stack_pointer.patch
- renamed PStack-808293.patch -> java-1.8.0-openjdk-PStack-808293.patch
- renamed remove-intree-libraries.sh -> java-1.8.0-openjdk-remove-intree-libraries.sh
- renamed to preven conflix with jdk7
This commit is contained in:
Jiri Vanek 2015-04-15 09:11:21 +02:00
parent 63b333f1af
commit f3b229270b
7 changed files with 167 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.gitignore vendored
View File

@ -29,11 +29,13 @@
/jdk8u-jdk8u40-b01.tar.xz
/jdk8u-jdk8u40-b02.tar.xz
/jdk8u-jdk8u20-b26.tar.xz
/jdk8u-jdk8u25-b17.tar.xz
/aarch64-hotspot-jdk8u40-b02.tar.xz
/aarch64-hotspot-jdk8u40-b02-c6375c27cbfa.tar.xz
/aarch64-hotspot-jdk8u40-b04-a6df78e590bb.tar.xz
/jdk8-jdk8u40-b12-aarch64.tar.xz
/jdk8u-jdk8u40-b12.tar.xz
/aarch64-hotspot-jdk8u40-b04-d0ea7bcfcd8c.tar.xz
/jdk8-jdk8u40-b12-aarch64-1263.tar.xz
/jdk8u40-jdk8u40-b25.tar.xz
/jdk8-jdk8u40-b25-aarch64-jdk8u40-b25.tar.xz
/jdk8-jdk8u40-b12-aarch64-hs3135441ed942.tar.xz
/jdk8u-jdk8u31-b13.tar.xz
/jdk8-jdk8u45-b13-aarch64-jdk8u45-b13.tar.xz
/jdk8u45-jdk8u45-b13.tar.xz

114
d318d83c4e74.patch Normal file
View File

@ -0,0 +1,114 @@
--- jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHKeyPairGenerator.java Wed Apr 08 14:25:54 2015 +0100
@@ -1,5 +1,6 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -80,10 +81,10 @@
* @param random the source of randomness
*/
public void initialize(int keysize, SecureRandom random) {
- if ((keysize < 512) || (keysize > 2048) || (keysize % 64 != 0)) {
+ if ((keysize < 512) || (keysize > 4096) || (keysize % 64 != 0)) {
throw new InvalidParameterException("Keysize must be multiple "
+ "of 64, and can only range "
- + "from 512 to 2048 "
+ + "from 512 to 4096 "
+ "(inclusive)");
}
this.pSize = keysize;
@@ -115,11 +116,11 @@
params = (DHParameterSpec)algParams;
pSize = params.getP().bitLength();
- if ((pSize < 512) || (pSize > 2048) ||
+ if ((pSize < 512) || (pSize > 4096) ||
(pSize % 64 != 0)) {
throw new InvalidAlgorithmParameterException
("Prime size must be multiple of 64, and can only range "
- + "from 512 to 2048 (inclusive)");
+ + "from 512 to 4096 (inclusive)");
}
// exponent size is optional, could be 0
--- jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/src/share/classes/com/sun/crypto/provider/DHParameterGenerator.java Wed Apr 08 14:25:54 2015 +0100
@@ -1,5 +1,6 @@
/*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -60,11 +61,11 @@
private static void checkKeySize(int keysize)
throws InvalidAlgorithmParameterException {
- if ((keysize != 2048) &&
+ if ((keysize != 2048) && (keysize != 4096) &&
((keysize < 512) || (keysize > 1024) || (keysize % 64 != 0))) {
throw new InvalidAlgorithmParameterException(
"Keysize must be multiple of 64 ranging from "
- + "512 to 1024 (inclusive), or 2048");
+ + "512 to 1024 (inclusive), or 2048, or 4096");
}
}
--- jdk8/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/src/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java Wed Apr 08 14:25:54 2015 +0100
@@ -278,11 +278,11 @@
// this restriction is in the spec for DSA
// since we currently use DSA parameters for DH as well,
// it also applies to DH if no parameters are specified
- if ((keySize != 2048) &&
+ if ((keySize != 2048) && (keySize != 4096) &&
((keySize > 1024) || ((keySize & 0x3f) != 0))) {
throw new InvalidAlgorithmParameterException(algorithm +
" key must be multiples of 64 if less than 1024 bits" +
- ", or 2048 bits");
+ ", or 2048 bits, or 4096 bits");
}
}
}
--- jdk8/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java Tue Mar 17 00:09:12 2015 +0300
+++ jdk8/jdk/test/com/sun/crypto/provider/KeyAgreement/TestExponentSize.java Wed Apr 08 14:25:54 2015 +0100
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014 Red Hat Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -58,7 +59,7 @@
*/
private enum Sizes {
two56(256), three84(384), five12(512), seven68(768), ten24(1024),
- twenty48(2048);
+ twenty48(2048), forty96(4096);
private final int intSize;
private final BigInteger bigIntValue;
@@ -130,6 +131,19 @@
kp = kpg.generateKeyPair();
checkKeyPair(kp, Sizes.twenty48, Sizes.five12);
+ kpg.initialize(Sizes.forty96.getIntSize());
+ kp = kpg.generateKeyPair();
+ checkKeyPair(kp, Sizes.forty96, Sizes.twenty48);
+
+ publicKey = (DHPublicKey)kp.getPublic();
+ p = publicKey.getParams().getP();
+ g = publicKey.getParams().getG();
+
+ // test w/ all values specified
+ kpg.initialize(new DHParameterSpec(p, g, Sizes.ten24.getIntSize()));
+ kp = kpg.generateKeyPair();
+ checkKeyPair(kp, Sizes.forty96, Sizes.ten24);
+
System.out.println("OK");
}

58
disable-doclint-by-default.patch
View File

@ -1,58 +0,0 @@
Disable doclint by default
OpenJDK 8 adds and enables doclint by default. This catches issues in
javadoc comments. It is too strict, breaks javadoc compilation and, in
general, breaks the build for old code known to build with previous
versions of OpenJDK.
See: http://blog.joda.org/2014/02/turning-off-doclint-in-jdk-8-javadoc.html
See: https://lists.fedoraproject.org/pipermail/java-devel/2014-February/005150.html
Author: Andrew John Hughes <ahughes@redhat.com>
Author: Emmanuel Bourg <ebourg@apache.org>
--- jdk8/langtools/src/share/classes/com/sun/tools/javadoc/DocEnv.java
+++ jdk8/langtools/src/share/classes/com/sun/tools/javadoc/DocEnv.java
@@ -811,10 +811,9 @@
doclintOpts.add(opt == null ? DocLint.XMSGS_OPTION : DocLint.XMSGS_CUSTOM_PREFIX + opt);
}
- if (doclintOpts.isEmpty()) {
- doclintOpts.add(DocLint.XMSGS_OPTION);
- } else if (doclintOpts.size() == 1
- && doclintOpts.get(0).equals(DocLint.XMSGS_CUSTOM_PREFIX + "none")) {
+ if (doclintOpts.isEmpty() ||
+ (doclintOpts.size() == 1
+ && doclintOpts.get(0).equals(DocLint.XMSGS_CUSTOM_PREFIX + "none"))) {
return;
}
--- jdk8/langtools/test/tools/javadoc/doclint/DocLintTest.java
+++ jdk8/langtools/test/tools/javadoc/doclint/DocLintTest.java
@@ -130,12 +130,12 @@
};
test(Collections.<String>emptyList(),
- Main.Result.ERROR,
- EnumSet.of(Message.DL_ERR9A, Message.DL_WRN12A));
+ Main.Result.OK,
+ EnumSet.of(Message.JD_WRN10, Message.JD_WRN13));
test(Arrays.asList(rawDiags),
- Main.Result.ERROR,
- EnumSet.of(Message.DL_ERR9, Message.DL_WRN12));
+ Main.Result.OK,
+ EnumSet.of(Message.JD_WRN10, Message.JD_WRN13));
test(Arrays.asList("-Xdoclint:none"),
Main.Result.OK,
@@ -158,8 +158,8 @@
EnumSet.of(Message.DL_WRN12));
test(Arrays.asList(rawDiags, "-private"),
- Main.Result.ERROR,
- EnumSet.of(Message.DL_ERR6, Message.DL_ERR9, Message.DL_WRN12));
+ Main.Result.OK,
+ EnumSet.of(Message.JD_WRN10, Message.JD_WRN13));
test(Arrays.asList(rawDiags, "-Xdoclint:syntax", "-private"),
Main.Result.ERROR,

0
PStack-808293.patch → java-1.8.0-openjdk-PStack-808293.patch
View File

0
remove-intree-libraries.sh → java-1.8.0-openjdk-remove-intree-libraries.sh
View File

65
java-1.8.0-openjdk.spec
View File

@ -113,11 +113,11 @@
# Standard JPackage naming and versioning defines.
%global origin openjdk
%global updatever 40
%global buildver b25
%global aarch64_updatever 40
%global aarch64_buildver b25
%global aarch64_changesetid aarch64-jdk8u40-b25
%global updatever 45
%global buildver b13
%global aarch64_updatever 45
%global aarch64_buildver b13
%global aarch64_changesetid aarch64-jdk8u45-b13
# priority must be 7 digits in total
%global priority 18000%{updatever}
%global javaver 1.8.0
@ -635,7 +635,7 @@ Obsoletes: java-1.7.0-openjdk-accessibility%1
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}
Release: 27.%{buildver}%{?dist}
Release: 31.%{buildver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@ -645,6 +645,7 @@ Release: 27.%{buildver}%{?dist}
# satisfied by the 1:1.5.0 packages. Thus we need to set the epoch in
# JDK package >= 1.6.0 to 1, and packages referring to JDK virtual
# provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0".
Epoch: 1
Summary: OpenJDK Runtime Environment
Group: Development/Languages
@ -655,7 +656,7 @@ URL: http://openjdk.java.net/
# Source from upstrem OpenJDK8 project. To regenerate, use
# ./generate_source_tarball.sh jdk8u jdk8u jdk8u%%{updatever}-%%{buildver}
# ./generate_source_tarball.sh aarch64-port jdk8 %%{aarch64_hg_tag}
Source0: jdk8u40-jdk8u%{updatever}-%{buildver}.tar.xz
Source0: jdk8u45-jdk8u%{updatever}-%{buildver}.tar.xz
Source1: jdk8-jdk8u%{aarch64_updatever}-%{aarch64_buildver}-%{aarch64_changesetid}.tar.xz
# Custom README for -src subpackage
@ -675,7 +676,7 @@ Source10: policytool.desktop.in
Source11: nss.cfg
# Removed libraries that we link instead
Source12: remove-intree-libraries.sh
Source12: %{name}-remove-intree-libraries.sh
# Ensure we aren't using the limited crypto policy
Source13: TestCryptoLevel.java
@ -694,11 +695,9 @@ Patch1: %{name}-accessible-toolkit.patch
# Restrict access to java-atk-wrapper classes
Patch3: java-atk-wrapper-security.patch
# RHBZ 808293
Patch4: PStack-808293.patch
Patch4: %{name}-PStack-808293.patch
# Allow multiple initialization of PKCS11 libraries
Patch5: multiple-pkcs11-library-init.patch
# Disable doclint for compatibility
Patch6: disable-doclint-by-default.patch
# Include all sources in src.zip
Patch7: include-all-srcs.patch
# Problem discovered with make 4.0
@ -721,15 +720,22 @@ Patch204: zero-interpreter-fix.patch
Patch300: jstack-pr1845.patch
# Fixed in upstream 9. See upstream bug:
# https://bugs.openjdk.java.net/browse/JDK-8064815
Patch400: ppc_stack_overflow_fix.patch
# Fixed in upstream 9. See upstream bug:
# https://bugs.openjdk.java.net/browse/JDK-8067330
Patch401: fix_ZERO_ARCHDEF_ppc.patch
# Fixed in upstream 9. See upstream bug:
# https://bugs.openjdk.java.net/browse/JDK-8067331
Patch402: atomic_linux_zero.inline.hpp.patch
# Fixes StackOverflowError on ARM32 bit Zero. See RHBZ#1206656
Patch403: rhbz1206656_fix_current_stack_pointer.patch
#both upstreamed, will fly away in u60
#both upstreamed, will fly away in u60 (bug IDs are Red Hat bug IDs)
Patch501: 1182011_JavaPrintApiDoesNotPrintUmlautCharsWithPostscriptOutputCorrectly.patch
Patch502: 1182694_javaApplicationMenuMisbehave.patch
Patch503: d318d83c4e74.patch
Patch9999: enableArm64.patch
@ -985,9 +991,8 @@ cp %{SOURCE101} jdk8/common/autoconf/build-aux/
# Remove libraries that are linked
sh %{SOURCE12}
%ifarch %{aarch64}
# Add AArch64 support to configure & JDK build
%patch9999
%endif
%patch201
%patch202
@ -1000,7 +1005,6 @@ sh %{SOURCE12}
%patch3
%patch4
%patch5
%patch6
%patch7
%patch12
%patch13
@ -1027,6 +1031,7 @@ tar xzf %{SOURCE8}
%patch501
%patch502
%patch503
%if %{include_debug_build}
cp -r tapset tapset%{debug_suffix}
@ -1048,7 +1053,7 @@ for suffix in %{build_loop} ; do
done
done
# systemtap tapsets ends
%endif
%endif
# Prepare desktop files
for suffix in %{build_loop} ; do
@ -1077,9 +1082,11 @@ export CFLAGS="$CFLAGS -mieee"
%endif
EXTRA_CFLAGS="-fstack-protector-strong"
#see https://bugzilla.redhat.com/show_bug.cgi?id=1120792
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-devirtualize -Wno-return-local-addr"
EXTRA_CPP_FLAGS="-fno-devirtualize -Wno-return-local-addr"
# Disable various optimizations to fix miscompliation. See:
# - https://bugzilla.redhat.com/show_bug.cgi?id=1120792
# - https://bugzilla.redhat.com/show_bug.cgi?id=1208369
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-devirtualize -fno-tree-vrp"
EXTRA_CPP_FLAGS="-fno-devirtualize -fno-tree-vrp"
# PPC/PPC64 needs -fno-tree-vectorize since -O3 would
# otherwise generate wrong code producing segfaults.
%ifarch %{power64} ppc
@ -1130,6 +1137,9 @@ bash ../../configure \
--with-extra-cflags="$EXTRA_CFLAGS" \
--with-num-cores="$NUM_PROC"
cat spec.gmk
cat hotspot-spec.gmk
# The combination of FULL_DEBUG_SYMBOLS=0 and ALT_OBJCOPY=/does_not_exist
# disables FDS for all build configs and reverts to pre-FDS make logic.
# STRIP_POLICY=none says don't do any stripping. DEBUG_BINARIES=true says
@ -1706,8 +1716,23 @@ end
%{files_accessibility %{debug_suffix_unquoted}}
%endif
%changelog
* Fri Apr 10 2015 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.45-31.b13
- repacked sources
* Tue Apr 07 2015 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.45-30.b13
- updated to security u45
- removed patch6: disable-doclint-by-default.patch
- added patch d318d83c4e74.patch
- added rhbz1206656_fix_current_stack_pointer.patch
- renamed PStack-808293.patch -> java-1.8.0-openjdk-PStack-808293.patch
- renamed remove-intree-libraries.sh -> java-1.8.0-openjdk-remove-intree-libraries.sh
- renamed to preven conflix with jdk7
* Tue Apr 03 2015 Omair Majid <omajid@redhat.com> - 1:1.8.0.40-27.b25
- Add -fno-tree-vrp to flags to prevent hotspot miscompilation.
- Resolves: RHBZ#1208369
* Thu Apr 02 2015 Jiri Vanek <jvanek@redhat.com> - 1:1.8.0.40-27.b25
- bumped release. Needed rebuild by itself on arm

4
sources
View File

@ -1,3 +1,3 @@
3a7c67223ec3d78d5d36f3ead9d37718 jdk8u40-jdk8u40-b25.tar.xz
94ca5a45c3cb3b85c4577d0891166007 systemtap-tapset.tar.gz
affef71503099bc136b7066f9aa083a8 jdk8-jdk8u40-b25-aarch64-jdk8u40-b25.tar.xz
753feced879e36b1250fb37aa45cea75 jdk8-jdk8u45-b13-aarch64-jdk8u45-b13.tar.xz
44789f3467fc8df3c82946dd0db097a6 jdk8u45-jdk8u45-b13.tar.xz