* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together
Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
Explicitly require crypto-policies during build and runtime for system security properties
Resolves: rhbz#2099801
Resolves: rhbz#2100678
* Family extracted to globals
* Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
- The move of alternatives creation to posttrans to fix:
- Bug 1200302 - dnf reinstall breaks alternatives
- Had caused the alternatives to be removed, and then created again,
- instead of being added, and then removing the old, and thus persisting
- the selection in family
- Thus this fix, is storing the family of manually selected master, and if
- stored, then it is restoring the family of the master
* Resolves: rhbz#2008202
Introduce architecture restriction logic for the gdb test. (RH2041970)
Replace GCC 11 patch to remove use of the register keyword with correct fix to ADLC build (JDK-8281098)
Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
Related: rhbz#2022823
Update release notes for 8u322-b05.
Switch to EA mode.
Require tzdata 2021c as of JDK-8274407.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github
Resolves: rhbz#2022823
Fedora 35 and better no longer ship the legacy secmod.db file as part
of the nss package. Explicitly tell OpenJDK to use sqlite-based sec
mode.
Resolves: rhbz#2023533
Port FIPS system detection support to OpenJDK 8u
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
Resolves: rhbz#1971696
Update release notes for 8u302-b08.
Switch to GA mode for final release.
Remove non-Free test and demo files from source tarball.
Resolves: rhbz#1967813
Update release notes for 8u302-b07.
Switch to EA mode.
Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
Resolves: rhbz#1967813
Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Add JDK-8195607/PR3776 to support NSS SQLite databases.
Use appropriate keystore types when in FIPS mode (RH1760838)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Resolves: rhbz#1971696
Update release notes for 8u292-b10.
Hardcode /usr/sbin/alternatives for Flatpak builds
Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes
Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.
Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.
Require tzdata 2020f due to JDK-8259048
Require tzdata 2021a due to JDK-8260356
Resolves: rhbz#1967813
Removed libatk-wrapper[.]so.* from global _privatelibs
Removed files_accessibility and java_accessibility_rpo macros
Removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and
patch3 rh1648644-java_access_bridge_privileged_security.patch
Removal of accessibility{,-slowdebug,-fastdebug} subpackages
No longer creating symlinks of %%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 to
libatk-wrapper.so and %%{_libdir}/java-atk-wrapper/java-atk-wrapper.jar to java-atk-wrapper.jar
No longer creating %%{_jvmdir}/%{jredir -- $suffix}/lib/accessibility.properties
with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
Removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
Fix upgrade path after removal of accessibility subpackage. As main accessibility was
requiring main package, main package no have to obsolete
java-1.8.0-openjdk-accessibility-{release, slowdebug, fastdebug} < 1:1.8.0.282.b08-5
otherwise update fails
Resolves: rhbz#1971728
Andrew Hughes
Francisco Ferrari Bihurriet
Jiri Vanek
Florian Weimer
Mohan Boddu
DistroBaker