From 19a00b350ce26427f1f9d9a11ec920b45eebf82a Mon Sep 17 00:00:00 2001
From: Andrew Hughes <gnu.andrew@redhat.com>
Date: Wed, 17 Apr 2019 05:34:59 +0100
Subject: [PATCH] Add patch for RH1566890

---
 java-11-openjdk.spec                          | 22 ++++---
 ...E_2018_3639-speculative_store_bypass.patch | 61 +++++++++++++++++++
 2 files changed, 75 insertions(+), 8 deletions(-)
 create mode 100644 rh1566890-CVE_2018_3639-speculative_store_bypass.patch

diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 4be61e4..ba4c5d4 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -946,7 +946,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
 
 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 8%{?dist}
+Release: 9%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -1019,13 +1019,6 @@ Patch2:    rh1648644-java_access_bridge_privileged_security.patch
 # Not currently suitable to go upstream as it disables curves
 # for all providers unconditionally
 Patch525: rh1022017-reduce_ssl_curves.patch
-Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
-# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
-Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
-# System NSS via SunEC Provider
-Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
-# PR3695: Allow use of system crypto policy to be disabled by the user
-Patch6: pr3695-toggle_system_crypto_policy.patch
 
 #############################################
 #
@@ -1045,6 +1038,15 @@ Patch6: pr3695-toggle_system_crypto_policy.patch
 Patch8:    jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch
 # 8210425, RHBZ#1632174: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization
 Patch9:    jdk8210425-rh1632174-sharedRuntimeTrig_sharedRuntimeTrans_compiled_without_optimization.patch
+Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
+# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
+Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
+# System NSS via SunEC Provider
+Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
+# RH1566890: CVE-2018-3639
+Patch6:    rh1566890-CVE_2018_3639-speculative_store_bypass.patch
+# PR3695: Allow use of system crypto policy to be disabled by the user
+Patch7: pr3695-toggle_system_crypto_policy.patch
 
 #############################################
 #
@@ -1314,6 +1316,7 @@ pushd %{top_level_dir_name}
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
@@ -1872,6 +1875,9 @@ require "copy_jdk_configs.lua"
 
 
 %changelog
+* Thu Mar 21 2019 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.2.7-9
+- Add patch for RH1566890
+
 * Wed Mar 20 2019 Peter Robinson <pbrobinson@fedoraproject.org> 1:11.0.2.7-8
 - Drop chkconfig dep, 1.7 shipped in f24
 
diff --git a/rh1566890-CVE_2018_3639-speculative_store_bypass.patch b/rh1566890-CVE_2018_3639-speculative_store_bypass.patch
new file mode 100644
index 0000000..bd52828
--- /dev/null
+++ b/rh1566890-CVE_2018_3639-speculative_store_bypass.patch
@@ -0,0 +1,61 @@
+diff --git openjdk/src/hotspot/os/linux/os_linux.cpp openjdk/src/hotspot/os/linux/os_linux.cpp
+--- openjdk/src/hotspot/os/linux/os_linux.cpp
++++ openjdk/src/hotspot/os/linux/os_linux.cpp
+@@ -107,6 +107,8 @@
+ # include <inttypes.h>
+ # include <sys/ioctl.h>
+ 
++#include <sys/prctl.h>
++
+ #ifndef _GNU_SOURCE
+   #define _GNU_SOURCE
+   #include <sched.h>
+@@ -4984,6 +4986,48 @@
+ extern void report_error(char* file_name, int line_no, char* title,
+                          char* format, ...);
+ 
++/* Per task speculation control */
++#ifndef PR_GET_SPECULATION_CTRL
++# define PR_GET_SPECULATION_CTRL    52
++#endif
++#ifndef PR_SET_SPECULATION_CTRL
++# define PR_SET_SPECULATION_CTRL    53
++#endif
++/* Speculation control variants */
++#ifndef PR_SPEC_STORE_BYPASS
++# define PR_SPEC_STORE_BYPASS          0
++#endif
++/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
++
++#ifndef PR_SPEC_NOT_AFFECTED
++# define PR_SPEC_NOT_AFFECTED          0
++#endif
++#ifndef PR_SPEC_PRCTL
++# define PR_SPEC_PRCTL                 (1UL << 0)
++#endif
++#ifndef PR_SPEC_ENABLE
++# define PR_SPEC_ENABLE                (1UL << 1)
++#endif
++#ifndef PR_SPEC_DISABLE
++# define PR_SPEC_DISABLE               (1UL << 2)
++#endif
++#ifndef PR_SPEC_FORCE_DISABLE
++# define PR_SPEC_FORCE_DISABLE         (1UL << 3)
++#endif
++#ifndef PR_SPEC_DISABLE_NOEXEC
++# define PR_SPEC_DISABLE_NOEXEC        (1UL << 4)
++#endif
++
++static void set_speculation() __attribute__((constructor));
++static void set_speculation() {
++  if ( prctl(PR_SET_SPECULATION_CTRL,
++             PR_SPEC_STORE_BYPASS,
++             PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
++    return;
++  }
++  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
++}
++
+ // this is called _before_ most of the global arguments have been parsed
+ void os::init(void) {
+   char dummy;   // used to get a guess on initial stack address