OpenJDK Runtime Environment
0e6069cde3
Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Add JDK-8195607/PR3776 to support NSS SQLite databases.
Use appropriate keystore types when in FIPS mode (RH1760838)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
|
||
|---|---|---|
| .gitignore | ||
| CheckVendor.java | ||
| config.guess | ||
| config.sub | ||
| generate_singlerepo_source_tarball.sh | ||
| generate_source_tarball.sh | ||
| icedtea_sync.sh | ||
| java-1.8.0-openjdk-gcc11.patch | ||
| java-1.8.0-openjdk-remove-intree-libraries.sh | ||
| java-1.8.0-openjdk.spec | ||
| jconsole.desktop.in | ||
| jdk8035341-allow_using_system_installed_libpng.patch | ||
| jdk8042159-allow_using_system_installed_lcms2-jdk.patch | ||
| jdk8042159-allow_using_system_installed_lcms2-root.patch | ||
| jdk8043805-allow_using_system_installed_libjpeg.patch | ||
| jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch | ||
| jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch | ||
| jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch | ||
| jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch | ||
| jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch | ||
| jdk8218811-perfMemory_linux.patch | ||
| NEWS | ||
| nss.cfg.in | ||
| nss.fips.cfg.in | ||
| policytool.desktop.in | ||
| pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch | ||
| pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch | ||
| pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch | ||
| pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch | ||
| pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch | ||
| pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch | ||
| pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch | ||
| pr3655-toggle_system_crypto_policy.patch | ||
| README.md | ||
| repackReproduciblePolycies.sh | ||
| rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch | ||
| rh1582504-rsa_default_for_keytool.patch | ||
| rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch | ||
| rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch | ||
| rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch | ||
| rh1655466-global_crypto_and_fips.patch | ||
| rh1750419-redhat_alt_java.patch | ||
| rh1760838-fips_default_keystore_type.patch | ||
| rh1860986-disable_tlsv1.3_in_fips_mode.patch | ||
| rh1906862-always_initialise_configurator_access.patch | ||
| s390-8214206_fix.patch | ||
| sources | ||
| TestCryptoLevel.java | ||
| TestECDSA.java | ||
| TestSecurityProperties.java | ||
| update_main_sources.sh | ||
Package of LTS OpenJDK 8 OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages.
JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives.
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf