import java-11-openjdk-11.0.14.1.1-6.el8
This commit is contained in:
parent
e2de325c39
commit
cfb881c040
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/jdk-updates-jdk11u-jdk-11.0.13+8-4curve.tar.xz
|
||||
SOURCES/jdk-updates-jdk11u-jdk-11.0.14.1+1-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
e36bde565834fe738fd222d419cfedc23ab80cee SOURCES/jdk-updates-jdk11u-jdk-11.0.13+8-4curve.tar.xz
|
||||
dc2a5d071dcf324a925de54709e153c6df94dd43 SOURCES/jdk-updates-jdk11u-jdk-11.0.14.1+1-4curve.tar.xz
|
||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
514
SOURCES/NEWS
514
SOURCES/NEWS
@ -3,6 +3,520 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 11.0.14.1 (2022-02-08):
|
||||
=============================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk110141
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.1.txt
|
||||
|
||||
* Other changes
|
||||
- JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient
|
||||
- JDK-8280786: Build failure on Solaris after 8262392
|
||||
- JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1
|
||||
|
||||
New in release OpenJDK 11.0.14 (2022-01-18):
|
||||
=============================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk11014
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.txt
|
||||
|
||||
* New features
|
||||
- JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
|
||||
* Security fixes
|
||||
- JDK-8217375: jarsigner breaks old signature with long lines in manifest
|
||||
- JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
|
||||
- JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
|
||||
- JDK-8268488: More valuable DerValues
|
||||
- JDK-8268494: Better inlining of inlined interfaces
|
||||
- JDK-8268512: More content for ContentInfo
|
||||
- JDK-8268795: Enhance digests of Jar files
|
||||
- JDK-8268801: Improve PKCS attribute handling
|
||||
- JDK-8268813, CVE-2022-21283: Better String matching
|
||||
- JDK-8269151: Better construction of EncryptedPrivateKeyInfo
|
||||
- JDK-8269944: Better HTTP transport redux
|
||||
- JDK-8270386, CVE-2022-21291: Better verification of scan methods
|
||||
- JDK-8270392, CVE-2022-21293: Improve String constructions
|
||||
- JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
|
||||
- JDK-8270492, CVE-2022-21282: Better resolution of URIs
|
||||
- JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
|
||||
- JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
|
||||
- JDK-8270952, CVE-2022-21277: Improve TIFF file handling
|
||||
- JDK-8271962: Better TrueType font loading
|
||||
- JDK-8271968: Better canonical naming
|
||||
- JDK-8271987: Manifest improved manifest entries
|
||||
- JDK-8272014, CVE-2022-21305: Better array indexing
|
||||
- JDK-8272026, CVE-2022-21340: Verify Jar Verification
|
||||
- JDK-8272236, CVE-2022-21341: Improve serial forms for transport
|
||||
- JDK-8272272: Enhance jcmd communication
|
||||
- JDK-8272462: Enhance image handling
|
||||
- JDK-8273290: Enhance sound handling
|
||||
- JDK-8273756, CVE-2022-21360: Enhance BMP image support
|
||||
- JDK-8273838, CVE-2022-21365: Enhanced BMP processing
|
||||
- JDK-8274096, CVE-2022-21366: Improve decoding of image files
|
||||
- JDK-8279541: Improve HarfBuzz
|
||||
* Other changes
|
||||
- JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.html fails
|
||||
- JDK-7105119: [TEST_BUG] [macosx] In test UIDefaults.toString() must be called with the invokeLater()
|
||||
- JDK-7151826: [TEST_BUG] [macosx] The test javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
|
||||
- JDK-7179006: [macosx] Print-to-file doesn't work: printing to the default printer instead
|
||||
- JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/bug4726194.java fails on MacOSX
|
||||
- JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong number of thread end events
|
||||
- JDK-8039261: [TEST_BUG]: There is not a minimal security level in Java Preferences and the TestApplet.html is blocked.
|
||||
- JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/AltTabCrashTest.java fails with exception
|
||||
- JDK-8075909: [TEST_BUG] The regression-swing case failed as it does not have the 'Open' button when select 'subdir' folder with NimbusLAF
|
||||
- JDK-8078219: Verify lack of @test tag in files in java/net test directory
|
||||
- JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails with "RuntimeException: Process terminated prematurely"
|
||||
- JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java timed out intermittently
|
||||
- JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails intermittently
|
||||
- JDK-8131745: java/lang/management/ThreadMXBean/AllThreadIds.java still fails intermittently
|
||||
- JDK-8136517: [macosx]Test java/awt/Focus/8073453/AWTFocusTransitionTest.java fails on MacOSX
|
||||
- JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
|
||||
- JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/Test6541987.java fails
|
||||
- JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/bug4760494.java leaves key pressed
|
||||
- JDK-8159904: [TEST_BUG] Failure on solaris of java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
|
||||
- JDK-8163086: java/awt/Window/TranslucentJAppletTest/TranslucentJAppletTest.java fails
|
||||
- JDK-8165828: [TEST_BUG] The reg case:javax/swing/plaf/metal/MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look and Feel
|
||||
- JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not fired! on Windows
|
||||
- JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException: Default button is not pressed
|
||||
- JDK-8169959: javax/swing/JTable/6263446/bug6263446.java: Table should be editing
|
||||
- JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/7156657/bug7156657.java fails on OS X
|
||||
- JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails on Windows
|
||||
- JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java fails intermittently
|
||||
- JDK-8179880: Refactor javax/security shell tests to plain java tests
|
||||
- JDK-8180568: Refactor javax/crypto shell tests to plain java tests
|
||||
- JDK-8180569: Refactor sun/security/krb5/ shell tests to plain java tests
|
||||
- JDK-8180571: Refactor sun/security/pkcs11 shell tests to plain java tests and fix failures
|
||||
- JDK-8180573: Refactor sun/security/tools shell tests to plain java tests
|
||||
- JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
|
||||
- JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream
|
||||
- JDK-8195703: BasicJDWPConnectionTest.java: 'App exited unexpectedly with 2'
|
||||
- JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java fails
|
||||
- JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java fails
|
||||
- JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/NoEventsTest.java fails on Windows
|
||||
- JDK-8197811: Test java/awt/Choice/PopupPosTest/PopupPosTest.java fails on Windows
|
||||
- JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java fails on mac
|
||||
- JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java fails on mac
|
||||
- JDK-8198619: java/awt/Focus/FocusTraversalPolicy/ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java fails on mac
|
||||
- JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java fails on mac
|
||||
- JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/SubMenuShowTest/SubMenuShowTest.html fails on mac
|
||||
- JDK-8199138: Add RISC-V support to Zero
|
||||
- JDK-8199529: javax/swing/text/Utilities/8142966/SwingFontMetricsTest.java fails on windows
|
||||
- JDK-8201224: Make string buffer size dynamic in mlvmJvmtiUtils.c
|
||||
- JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/FollowReferences/followref003/TestDescription.java fails with "Location mismatch" errors
|
||||
- JDK-8204161: [TESTBUG] auto failed with the "Applet thread threw exception: java.lang.UnsupportedOperationException" exception
|
||||
- JDK-8206085: Refactor langtools/tools/javac/versions/Versions.java
|
||||
- JDK-8207936: TestZipFile failed with java.lang.AssertionError exception
|
||||
- JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
|
||||
- JDK-8209611: use C++ compiler for hotspot tests
|
||||
- JDK-8210182: Remove macros for C compilation from vmTestBase but non jvmti
|
||||
- JDK-8210198: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[A-F] tests
|
||||
- JDK-8210205: build fails on AIX in hotspot cpp tests (for example getstacktr001.cpp)
|
||||
- JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION on windows-x86
|
||||
- JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java back to tier1
|
||||
- JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[A-N] tests
|
||||
- JDK-8210392: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
|
||||
- JDK-8210395: Add doc to SecurityTools.java
|
||||
- JDK-8210429: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[G-Z] tests
|
||||
- JDK-8210481: Remove #ifdef cplusplus from vmTestbase
|
||||
- JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[N-R] tests
|
||||
- JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[R-U] tests
|
||||
- JDK-8210689: Remove the multi-line old C style for string literals
|
||||
- JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti/unit tests
|
||||
- JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
|
||||
- JDK-8210920: Native C++ tests are not using CXXFLAGS
|
||||
- JDK-8210984: [TESTBUG] hs203t003 fails with "# ERROR: hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti, thread)"
|
||||
- JDK-8211036: Remove the NSK_STUB macros from vmTestbase for non jvmti
|
||||
- JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[G-I]*
|
||||
- JDK-8211148: var in implicit lambdas shouldn't be accepted for source < 11
|
||||
- JDK-8211171: move JarUtils to top-level testlibrary
|
||||
- JDK-8211227: Inconsistent TLS protocol version in debug output
|
||||
- JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[A-G]*
|
||||
- JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
|
||||
- JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[I-S]*
|
||||
- JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[A-E]
|
||||
- JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[E-M]
|
||||
- JDK-8211905: Remove multiple casts for EM06 file
|
||||
- JDK-8211999: Window positioning bugs due to overlapping GraphicsDevice bounds (Windows/HiDPI)
|
||||
- JDK-8212082: Remove the NSK_CPP_STUB macros for remaining vmTestbase/jvmti/[sS]*
|
||||
- JDK-8212083: Handle remaining gc/lock native code and fix two strings
|
||||
- JDK-8212148: Remove remaining NSK_CPP_STUBs
|
||||
- JDK-8213110: Remove the use of applets in automatic tests
|
||||
- JDK-8213189: Make restricted headers in HTTP Client configurable and remove Date by default
|
||||
- JDK-8213263: fix legal headers in test/langtools
|
||||
- JDK-8213296: Fix legal headers in test/jdk/java/net
|
||||
- JDK-8213301: Fix legal headers in jdk logging tests
|
||||
- JDK-8213305: Fix legal headers in test/java/math
|
||||
- JDK-8213306: Fix legal headers in test/java/nio
|
||||
- JDK-8213328: Update test copyrights in test/java/util/zip and test/jdk/tools
|
||||
- JDK-8213330: Fix legal headers in i18n tests
|
||||
- JDK-8213707: [TEST] vmTestbase/nsk/stress/except/except011.java failed due to wrong class name
|
||||
- JDK-8214469: [macos] PIT: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails
|
||||
- JDK-8215410: Regression test for JDK-8214994
|
||||
- JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
|
||||
- JDK-8215624: Add parallel heap iteration for jmap –histo
|
||||
- JDK-8215889: assert(!_unloading) failed: This oop is not available to unloading class loader data with ZGC
|
||||
- JDK-8216318: The usage of Disposer in the java.awt.Robot can be deleted
|
||||
- JDK-8216417: cleanup of IPv6 scope-id handling
|
||||
- JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java failed with UnsupportedOperation exception
|
||||
- JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX
|
||||
- JDK-8217633: Configurable extensions with system properties
|
||||
- JDK-8217882: java/net/httpclient/MaxStreams.java failed once
|
||||
- JDK-8217903: java/net/httpclient/Response204.java fails with 404
|
||||
- JDK-8218483: Crash in "assert(_daemon_threads_count->get_value() > daemon_count) failed: thread count mismatch 5 : 5"
|
||||
- JDK-8219986: Change to Xcode 10.1 for building on Macosx at Oracle
|
||||
- JDK-8220575: Correctly format test URI's that contain a retrieved IPv6 address
|
||||
- JDK-8221259: New tests for java.net.Socket to exercise long standing behavior
|
||||
- JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails on MacOS + Solaris
|
||||
- JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/FocusTraversal.java fails on ubuntu
|
||||
- JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
|
||||
- JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed()) failed: Must invalidate if TypeFuncs differ
|
||||
- JDK-8223137: Rename predicate 'do_unroll_only()' to 'is_unroll_only()'.
|
||||
- JDK-8223138: Small clean-up in loop-tree support.
|
||||
- JDK-8223139: Rename mandatory policy-do routines.
|
||||
- JDK-8223140: Clean-up in 'ok_to_convert()'
|
||||
- JDK-8223141: Change (count) suffix _ct into _cnt.
|
||||
- JDK-8223400: Replace some enums with static const members in hotspot/runtime
|
||||
- JDK-8223658: Performance regression of XML.validation in 13-b19
|
||||
- JDK-8223923: C2: Missing interference with mismatched unsafe accesses
|
||||
- JDK-8224829: AsyncSSLSocketClose.java has timing issue
|
||||
- JDK-8225083: Remove Google certificate that is expiring in December 2021
|
||||
- JDK-8226514: Replace wildcard address with loopback or local host in tests - part 17
|
||||
- JDK-8226943: compile error in libfollowref003.cpp with XCode 10.2 on macosx
|
||||
- JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed due to "SSLException: An established connection was aborted by the software in your host machine"
|
||||
- JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java fails on Windows7
|
||||
- JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently positions text
|
||||
- JDK-8230019: [REDO] compiler/types/correctness/* tests fail with "assert(recv == __null || recv->is_klass()) failed: wrong type"
|
||||
- JDK-8230067: Add optional automatic retry when running jtreg tests
|
||||
- JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests may fail on some platforms
|
||||
- JDK-8231501: VM crash in MethodData::clean_extra_data(CleanExtraDataClosure*): fatal error: unexpected tag 99
|
||||
- JDK-8233403: Improve verbosity of some httpclient tests
|
||||
- JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
|
||||
- JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on MacOS
|
||||
- JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on MacOS
|
||||
- JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
|
||||
- JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
|
||||
- JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on macos
|
||||
- JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java is failing on macos
|
||||
- JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails on macos
|
||||
- JDK-8233562: [TESTBUG] Swing StyledEditorKit test bug4506788.java fails on MacOS
|
||||
- JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing
|
||||
- JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on MacoS
|
||||
- JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos
|
||||
- JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java fails on macos
|
||||
- JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
|
||||
- JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails on macos
|
||||
- JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java fails on macos
|
||||
- JDK-8233637: [TESTBUG] Swing ActionListenerCalledTwiceTest.java fails on macos
|
||||
- JDK-8233638: [TESTBUG] Swing test ScreenMenuBarInputTwice.java fails on macos
|
||||
- JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails on macos
|
||||
- JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java fails on macos
|
||||
- JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on macos
|
||||
- JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is failing on macos
|
||||
- JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is failing on macos
|
||||
- JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture Recognition in all the platforms
|
||||
- JDK-8234823: java/net/Socket/Timeouts.java testcase testTimedConnect2() fails on Windows 10
|
||||
- JDK-8235784: java/lang/invoke/VarHandles/VarHandleTestByteArrayAsInt.java fails due to timeout with fastdebug bits
|
||||
- JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -Xcomp -XX:TieredStopAtLevel=1
|
||||
- JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60), cond_wait
|
||||
- JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT, when using proxy tunnel
|
||||
- JDK-8237354: Add option to jcmd to write a gzipped heap dump
|
||||
- JDK-8237589: Fix copyright header formatting
|
||||
- JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version
|
||||
- JDK-8239334: Tab Size does not work correctly in JTextArea with setLineWrap on
|
||||
- JDK-8239422: [TESTBUG] compiler/c1/TestPrintIRDuringConstruction.java failed when C1 is disabled
|
||||
- JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
|
||||
- JDK-8240256: Better resource cleaning for SunPKCS11 Provider
|
||||
- JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test Server
|
||||
- JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/bug8020708.java fails in mach5 ubuntu system
|
||||
- JDK-8242793: Incorrect copyright header in ContinuousCallSiteTargetChange.java
|
||||
- JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
|
||||
- JDK-8244292: Headful clients failing with --illegal-access=deny
|
||||
- JDK-8245147: Refactor and improve utility of test/langtools/tools/javac/versions/Versions.java
|
||||
- JDK-8245165: Update bug id for javax/swing/text/StyledEditorKit/4506788/bug4506788.java in ProblemList
|
||||
- JDK-8245665: Test WeakAlg.java should only make sure no warning for weak signature algorithms by keytool on root CA
|
||||
- JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails after 8241072 (multi-homed systems)
|
||||
- JDK-8246807: Incorrect copyright header in TimeZoneDatePermissionCheck.sh
|
||||
- JDK-8247403: JShell: No custom input (e.g. from GUI) possible with JavaShellToolBuilder
|
||||
- JDK-8247510: typo in IllegalHandshakeMessage
|
||||
- JDK-8248187: [TESTBUG] javax/swing/plaf/basic/BasicGraphicsUtils/8132119/bug8132119.java fails with String is not properly drawn
|
||||
- JDK-8248341: ProblemList java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java
|
||||
- JDK-8248500: AArch64: Remove the r18 dependency on Windows AArch64
|
||||
- JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
|
||||
- JDK-8249195: Change to Xcode 11.3.1 for building on Macos at Oracle
|
||||
- JDK-8250521: Configure initial RTO to use minimal retry for loopback connections on Windows
|
||||
- JDK-8250810: Push missing parts of JDK-8248817
|
||||
- JDK-8250839: Improve test template SSLEngineTemplate with SSLContextTemplate
|
||||
- JDK-8250863: Build error with GCC 10 in NetworkInterface.c and k_standard.c
|
||||
- JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/gf08t001/TestDriver.java fails
|
||||
- JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
|
||||
- JDK-8251377: [macos11] JTabbedPane selected tab text is barely legible
|
||||
- JDK-8251570: JDK-8215624 causes assert(worker_id < _n_workers) failed: Invalid worker_id
|
||||
- JDK-8251930: AArch64: Native types mismatch in hotspot
|
||||
- JDK-8252049: Native memory leak in ciMethodData ctor
|
||||
- JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x friendly
|
||||
- JDK-8252114: Windows-AArch64: Enable and test ZGC and ShenandoahGC
|
||||
- JDK-8253015: Aarch64: Move linux code out from generic CPU feature detection
|
||||
- JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
|
||||
- JDK-8253497: Core Libs Terminology Refresh
|
||||
- JDK-8253682: The AppletInitialFocusTest1.java is unstable
|
||||
- JDK-8253763: ParallelObjectIterator should have virtual destructor
|
||||
- JDK-8253866: Security Libs Terminology Refresh
|
||||
- JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in "try throwing in GET_BODY"
|
||||
- JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java intermittently failing with TestServer: start exception: java.io.IOException: Invalid preface
|
||||
- JDK-8255264: Support for identifying the full range of IPv4 localhost addresses on Windows
|
||||
- JDK-8255716: AArch64: Regression: JVM crashes if manually offline a core
|
||||
- JDK-8255722: Create a new test for rotated blit
|
||||
- JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad
|
||||
- JDK-8256066: Tests use deprecated TestNG API that is no longer available in new versions
|
||||
- JDK-8256152: tests fail because of ambiguous method resolution
|
||||
- JDK-8256182: Update qemu-debootstrap cross-compilation recipe
|
||||
- JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/FullscreenWindowProps.java failed
|
||||
- JDK-8256202: Some tweaks for jarsigner tests PosixPermissionsTest and SymLinkTest
|
||||
- JDK-8256372: [macos] Unexpected symbol was displayed on JTextField with Monospaced font
|
||||
- JDK-8256956: RegisterImpl::max_slots_per_register is incorrect on AMD64
|
||||
- JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with InvalidPathException on windows
|
||||
- JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
|
||||
- JDK-8259237: Demo selection changes with left/right arrow key. No need to press space for selection.
|
||||
- JDK-8260571: Add PrintMetaspaceStatistics to print metaspace statistics upon VM exit
|
||||
- JDK-8260690: JConsole User Guide Link from the Help menu is not accessible by keyboard
|
||||
- JDK-8261036: Reduce classes loaded by CleanerFactory initialization
|
||||
- JDK-8261071: AArch64: Refactor interpreter native wrappers
|
||||
- JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch implementation
|
||||
- JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled
|
||||
- JDK-8261297: NMT: Final report should use scale 1
|
||||
- JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java fails because Reserved memory size is too big
|
||||
- JDK-8261916: gtest/GTestWrapper.java vmErrorTest.unimplemented1_vm_assert failed
|
||||
- JDK-8262438: sun/security/ssl/SSLLogger/LoggingFormatConsistency.java failed with "SocketException: Socket is closed"
|
||||
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
|
||||
- JDK-8262844: (fs) FileStore.supportsFileAttributeView might return false negative in case of ext3
|
||||
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
|
||||
- JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
|
||||
- JDK-8263303: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
|
||||
- JDK-8263362: Avoid division by 0 in java/awt/font/TextJustifier.java justify
|
||||
- JDK-8263773: Reenable German localization for builds at Oracle
|
||||
- JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java failed with "java.lang.RuntimeException: Wrong method"
|
||||
- JDK-8264526: javax/swing/text/html/parser/Parser/8078268/bug8078268.java timeout
|
||||
- JDK-8264824: java/net/Inet6Address/B6206527.java doesn't close ServerSocket properly
|
||||
- JDK-8265019: Update tests for additional TestNG test permissions
|
||||
- JDK-8265173: [test] divert spurious log output away from stream under test in ProcessBuilder Basic test
|
||||
- JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
|
||||
- JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java
|
||||
- JDK-8266579: Update test/jdk/java/lang/ProcessHandle/PermissionTest.java & test/jdk/java/sql/testng/util/TestPolicy.java
|
||||
- JDK-8266949: Check possibility to disable OperationTimedOut on Unix
|
||||
- JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg tests on many-core machines
|
||||
- JDK-8267256: Extend minimal retry for loopback connections on Windows to PlainSocketImpl
|
||||
- JDK-8267304: Bump global JTReg memory limit to 768m
|
||||
- JDK-8267652: c2 loop unrolling by 8 results in reading memory past array
|
||||
- JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected
|
||||
- JDK-8268093: Manual Testcase: "sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE
|
||||
- JDK-8268555: Update HttpClient tests that use ITestContext to jtreg 6+1
|
||||
- JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can be in outer loop or out of both loops only
|
||||
- JDK-8269034: AccessControlException for SunPKCS11 daemon threads
|
||||
- JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to accessClassAndFindClass
|
||||
- JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
|
||||
- JDK-8269656: The test test/langtools/tools/javac/versions/Versions.java has duplicate test cycles
|
||||
- JDK-8269768: JFR Terminology Refresh
|
||||
- JDK-8269951: [macos] Focus not painted in JButton when setBorderPainted(false) is invoked
|
||||
- JDK-8269984: [macos] JTabbedPane title looks like disabled
|
||||
- JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags
|
||||
- JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to run in all LaFs, including Aqua on macOS
|
||||
- JDK-8270216: [macOS] Update named used for Java run loop mode
|
||||
- JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
|
||||
- JDK-8270290: NTLM authentication fails if HEAD request is used
|
||||
- JDK-8270317: Large Allocation in CipherSuite
|
||||
- JDK-8270344: Session resumption errors
|
||||
- JDK-8270517: Add Zero support for LoongArch
|
||||
- JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
|
||||
- JDK-8270886: Crash in PhaseIdealLoop::verify_strip_mined_scheduling
|
||||
- JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with "lists don't have the same size expected"
|
||||
- JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
|
||||
- JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java
|
||||
- JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
|
||||
- JDK-8271490: [ppc] [s390]: Crash in JavaThread::pd_get_top_frame_for_profiling
|
||||
- JDK-8271560: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java still fails due to "An established connection was aborted by the software in your host machine"
|
||||
- JDK-8271567: AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions
|
||||
- JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
|
||||
- JDK-8272181: Windows-AArch64:Backport fix of `Backtracing broken on PAC enabled systems`
|
||||
- JDK-8272316: Wrong Boot JDK help message in 11
|
||||
- JDK-8272318: Improve performance of HeapDumpAllTest
|
||||
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
|
||||
- JDK-8272570: C2: crash in PhaseCFG::global_code_motion
|
||||
- JDK-8272574: C2: assert(false) failed: Bad graph detected in build_loop_late
|
||||
- JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182
|
||||
- JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
|
||||
- JDK-8272720: Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit
|
||||
- JDK-8272783: Epsilon: Refactor tests to improve performance
|
||||
- JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed
|
||||
- JDK-8272828: Add correct licenses to jszip.md
|
||||
- JDK-8272836: Limit run time for java/lang/invoke/LFCaching tests
|
||||
- JDK-8272850: Drop zapping values in the Zap* option descriptions
|
||||
- JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
|
||||
- JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test groups
|
||||
- JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java fails by timeout
|
||||
- JDK-8273026: Slow LoginContext.login() on multi threading application
|
||||
- JDK-8273229: Update OS detection code to recognize Windows Server 2022
|
||||
- JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on Windows 32bit
|
||||
- JDK-8273308: PatternMatchTest.java fails on CI
|
||||
- JDK-8273314: Add tier4 test groups
|
||||
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
|
||||
- JDK-8273358: macOS Monterey does not have the font Times needed by Serif
|
||||
- JDK-8273373: Zero: Cannot invoke JVM in primordial threads on Zero
|
||||
- JDK-8273498: compiler/c2/Test7179138_1.java timed out
|
||||
- JDK-8273541: Cleaner Thread creates with normal priority instead of MAX_PRIORITY - 2
|
||||
- JDK-8273547: [11u] [JVMCI] Partial module-info.java backport of JDK-8223332
|
||||
- JDK-8273606: Zero: SPARC64 build fails with si_band type mismatch
|
||||
- JDK-8273646: Add openssl from path variable also in to Default System Openssl Path in OpensslArtifactFetcher
|
||||
- JDK-8273671: Backport of 8260616 misses one JNF header inclusion removal
|
||||
- JDK-8273790: Potential cyclic dependencies between Gregorian and CalendarSystem
|
||||
- JDK-8273795: Zero SPARC64 debug builds fail due to missing interpreter fields
|
||||
- JDK-8273826: Correct Manifest file name and NPE checks
|
||||
- JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral
|
||||
- JDK-8273924: ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add()
|
||||
- JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file path contains '+' character
|
||||
- JDK-8273968: JCK javax_xml tests fail in CI
|
||||
- JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
|
||||
- JDK-8274083: Update testing docs to mention tiered testing
|
||||
- JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork is deprecated
|
||||
- JDK-8274326: [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m
|
||||
- JDK-8274329: Fix non-portable HotSpot code in MethodMatcher::parse_method_pattern
|
||||
- JDK-8274381: missing CAccessibility definitions in JNI code
|
||||
- JDK-8274407: (tz) Update Timezone Data to 2021c
|
||||
- JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
|
||||
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
|
||||
- JDK-8274522: java/lang/management/ManagementFactory/MXBeanException.java test fails with Shenandoah
|
||||
- JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with NoSuchElementException after JDK-8271287
|
||||
- JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently fails on weak memory model platform
|
||||
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
|
||||
- JDK-8274840: Update OS detection code to recognize Windows 11
|
||||
- JDK-8274860: gcc 10.2.1 produces an uninitialized warning in sharedRuntimeTrig.cpp
|
||||
- JDK-8275051: Shenandoah: Correct ordering of requested gc cause and gc request flag
|
||||
- JDK-8275131: Exceptions after a touchpad gesture on macOS
|
||||
- JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
|
||||
- JDK-8275766: (tz) Update Timezone Data to 2021e
|
||||
- JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
|
||||
- JDK-8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance
|
||||
- JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
|
||||
- JDK-8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32
|
||||
- JDK-8276201: Shenandoah: Race results degenerated GC to enter wrong entry point
|
||||
- JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
|
||||
- JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
|
||||
- JDK-8276774: Cookie stored in CookieHandler not sent if user headers contain cookie
|
||||
- JDK-8276854: Windows GHA builds fail due to broken Cygwin
|
||||
- JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify output array sizes
|
||||
- JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
|
||||
- JDK-8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint
|
||||
- JDK-8277815: Fix mistakes in legal header backports
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-svc/tools:
|
||||
|
||||
JDK-8250554: New Option Added to jcmd for Writing a gzipped Heap Dump
|
||||
=====================================================================
|
||||
A new integer option `gz` has been added to the `GC.heap_dump`
|
||||
diagnostic command. If it is specified, it will enable the gzip
|
||||
compression of the written heap dump. The supplied value is the
|
||||
compression level. It can range from 1 (fastest) to 9 (slowest, but
|
||||
best compression). The recommended level is 1.
|
||||
|
||||
security-libs/javax.net.ssl:
|
||||
|
||||
JDK-8260310: Configurable Extensions With System Properties
|
||||
===========================================================
|
||||
Two new system properties have been added. The system property,
|
||||
`jdk.tls.client.disableExtensions`, is used to disable TLS extensions
|
||||
used in the client. The system property,
|
||||
`jdk.tls.server.disableExtensions`, is used to disable TLS extensions
|
||||
used in the server. If an extension is disabled, it will be neither
|
||||
produced nor processed in the handshake messages.
|
||||
|
||||
The property string is a list of comma separated standard TLS
|
||||
extension names, as registered in the IANA documentation (for example,
|
||||
server_name, status_request, and signature_algorithms_cert). Note that
|
||||
the extension names are case sensitive. Unknown, unsupported,
|
||||
misspelled and duplicated TLS extension name tokens will be ignored.
|
||||
|
||||
Please note that the impact of blocking TLS extensions is
|
||||
complicated. For example, a TLS connection may not be able to be
|
||||
established if a mandatory extension is disabled. Please do not
|
||||
disable mandatory extensions, and do not use this feature unless you
|
||||
clearly understand the impact.
|
||||
|
||||
security-libs/javax.crypto:pkcs11:
|
||||
|
||||
JDK-8272907: New SunPKCS11 Configuration Properties
|
||||
===================================================
|
||||
The SunPKCS11 provider gains new provider configuration attributes to
|
||||
better control native resources usage. The SunPKCS11 provider consumes
|
||||
native resources in order to work with native PKCS11 libraries. To
|
||||
manage and better control the native resources, additional
|
||||
configuration attributes are added to control the frequency of
|
||||
clearing native references as well as whether to destroy the
|
||||
underlying PKCS11 Token after logout.
|
||||
|
||||
The 3 new attributes for the SunPKCS11 provider configuration file
|
||||
are:
|
||||
|
||||
1) `destroyTokenAfterLogout` (boolean, defaults to false)
|
||||
|
||||
If set to true, when `java.security.AuthProvider.logout()` is called
|
||||
upon the SunPKCS11 provider instance, the underlying Token object will
|
||||
be destroyed and resources will be freed. This essentially renders the
|
||||
SunPKCS11 provider instance unusable after `logout()` calls. Note that
|
||||
a PKCS11 provider with this attribute set to `true` should not be
|
||||
added to the system provider list since the provider object is not
|
||||
usable after a `logout()` method call.
|
||||
|
||||
2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds)
|
||||
|
||||
This defines the frequency for clearing native references during busy
|
||||
periods (such as, how often should the cleaner thread processes the
|
||||
no-longer-needed native references in the queue to free up native
|
||||
memory). Note that the cleaner thread will switch to the
|
||||
'longInterval' frequency after 200 failed tries (such as, when no
|
||||
references are found in the queue).
|
||||
|
||||
3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds)
|
||||
|
||||
This defines the frequency for checking native reference during
|
||||
non-busy period (such as, how often should the cleaner thread check
|
||||
the queue for native references). Note that the cleaner thread will
|
||||
switch back to the 'shortInterval' value if native PKCS11 references
|
||||
for cleaning are detected.
|
||||
|
||||
core-libs/java.nio:
|
||||
|
||||
JDK-8271517: Zip File System Provider Throws ZipException when entry name element contains "." or "."
|
||||
=====================================================================================================
|
||||
The ZIP file system provider has been changed to reject existing ZIP
|
||||
files that contain entries with "." or ".." in name elements. ZIP
|
||||
files with these entries can not be used as a file system. Invoking
|
||||
the `java.nio.file.FileSystems.newFileSystem(...)` methods will throw
|
||||
`ZipException` if the ZIP file contains these entries.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8272535: Removed Google's GlobalSign Root Certificate
|
||||
=========================================================
|
||||
The following root certificate from Google has been removed from the
|
||||
`cacerts` keystore:
|
||||
|
||||
Alias Name: globalsignr2ca [jdk]
|
||||
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
|
||||
|
||||
core-libs/java.time:
|
||||
|
||||
JDK-8274857: Update Timezone Data to 2021c
|
||||
===========================================
|
||||
IANA Time Zone Database, on which JDK's Date/Time libraries are based,
|
||||
has been updated to version 2021c
|
||||
(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
|
||||
that with this update, some of the time zone rules prior to the year
|
||||
1970 have been modified according to the changes which were introduced
|
||||
with 2021b. For more detail, refer to the announcement of 2021b
|
||||
(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
|
||||
|
||||
New in release OpenJDK 11.0.13 (2021-10-19):
|
||||
=============================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
12
SOURCES/jdk8257794-remove_broken_assert.patch
Normal file
12
SOURCES/jdk8257794-remove_broken_assert.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git openjdk.orig/src/hotspot/share/interpreter/bytecodeInterpreter.cpp openjdk/src/hotspot/share/interpreter/bytecodeInterpreter.cpp
|
||||
index d18d70b5f9..30ab380e40 100644
|
||||
--- openjdk.orig/src/hotspot/share/interpreter/bytecodeInterpreter.cpp
|
||||
+++ openjdk/src/hotspot/share/interpreter/bytecodeInterpreter.cpp
|
||||
@@ -481,7 +481,6 @@ BytecodeInterpreter::run(interpreterState istate) {
|
||||
#ifdef ASSERT
|
||||
if (istate->_msg != initialize) {
|
||||
assert(labs(istate->_stack_base - istate->_stack_limit) == (istate->_method->max_stack() + 1), "bad stack limit");
|
||||
- IA32_ONLY(assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1, "wrong"));
|
||||
}
|
||||
// Verify linkages.
|
||||
interpreterState l = istate;
|
26
SOURCES/jdk8275535-rh2053256-ldap_auth.patch
Normal file
26
SOURCES/jdk8275535-rh2053256-ldap_auth.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
index 300f3682655..6f3eb6c450b 100644
|
||||
--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
@@ -226,6 +226,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
ctx = getLdapCtxFromUrl(
|
||||
r.getDomainName(), url, new LdapURL(u), env);
|
||||
return ctx;
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different endpoint to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
// try the next element
|
||||
lastException = e;
|
||||
@@ -278,6 +282,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
for (String u : urls) {
|
||||
try {
|
||||
return getUsingURL(u, env);
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different URL to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
ex = e;
|
||||
}
|
@ -1,6 +1,6 @@
|
||||
name = NSS-FIPS
|
||||
nssLibraryDirectory = @NSS_LIBDIR@
|
||||
nssSecmodDirectory = @NSS_SECMOD@
|
||||
nssSecmodDirectory = sql:/etc/pki/nssdb
|
||||
nssDbMode = readOnly
|
||||
nssModule = fips
|
||||
|
||||
|
@ -1,18 +0,0 @@
|
||||
commit 598fe421216b0a437fa36ee91a29966599867aa3
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Mon Aug 30 16:12:52 2021 +0100
|
||||
|
||||
RH1996182: Extend default security policy to allow SunPKCS11 access to jdk.internal.misc
|
||||
|
||||
diff --git openjdk.orig/src/java.base/share/lib/security/default.policy openjdk/src/java.base/share/lib/security/default.policy
|
||||
index ab59a334cd..5db744ff17 100644
|
||||
--- openjdk.orig/src/java.base/share/lib/security/default.policy
|
||||
+++ openjdk/src/java.base/share/lib/security/default.policy
|
||||
@@ -124,6 +124,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
|
||||
grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
||||
permission java.lang.RuntimePermission
|
||||
"accessClassInPackage.com.sun.crypto.provider";
|
||||
+ permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
||||
permission java.lang.RuntimePermission
|
||||
"accessClassInPackage.sun.security.*";
|
||||
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
|
@ -5,7 +5,7 @@ Date: Fri Aug 27 19:42:07 2021 +0100
|
||||
RH1996182: Login to the NSS Software Token in FIPS Mode
|
||||
|
||||
diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
|
||||
index 0cf61732d7..2cd851587c 100644
|
||||
index 5460efcf8c..f08dc2fafc 100644
|
||||
--- openjdk.orig/src/java.base/share/classes/module-info.java
|
||||
+++ openjdk/src/java.base/share/classes/module-info.java
|
||||
@@ -182,6 +182,7 @@ module java.base {
|
||||
@ -17,19 +17,19 @@ index 0cf61732d7..2cd851587c 100644
|
||||
jdk.attach,
|
||||
jdk.charsets,
|
||||
diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
index b00b738b85..1eca1f8f0a 100644
|
||||
index 5e227f4531..164de8ff08 100644
|
||||
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
@@ -42,6 +42,8 @@ import javax.security.auth.callback.ConfirmationCallback;
|
||||
@@ -41,6 +41,8 @@ import javax.security.auth.callback.CallbackHandler;
|
||||
import javax.security.auth.callback.PasswordCallback;
|
||||
import javax.security.auth.callback.TextOutputCallback;
|
||||
|
||||
import jdk.internal.misc.InnocuousThread;
|
||||
+import jdk.internal.misc.SharedSecrets;
|
||||
+
|
||||
import sun.security.util.Debug;
|
||||
import sun.security.util.ResourcesMgr;
|
||||
import static sun.security.util.SecurityConstants.PROVIDER_VER;
|
||||
@@ -59,6 +61,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
@@ -58,6 +60,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||
*/
|
||||
public final class SunPKCS11 extends AuthProvider {
|
||||
|
||||
@ -39,7 +39,7 @@ index b00b738b85..1eca1f8f0a 100644
|
||||
private static final long serialVersionUID = -1354835039035306505L;
|
||||
|
||||
static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||
@@ -373,6 +378,24 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -374,6 +379,24 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
if (nssModule != null) {
|
||||
nssModule.setProvider(this);
|
||||
}
|
||||
|
28
SOURCES/rh2021263-fips_ensure_security_initialised.patch
Normal file
28
SOURCES/rh2021263-fips_ensure_security_initialised.patch
Normal file
@ -0,0 +1,28 @@
|
||||
commit 8a8452b9ae862755210a9a2f4e34b1aa3ec7343d
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Tue Jan 18 02:00:55 2022 +0000
|
||||
|
||||
RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
|
||||
|
||||
diff --git openjdk.orig/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java openjdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
|
||||
index 2ec51d57806..8489b940c43 100644
|
||||
--- openjdk.orig/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
|
||||
+++ openjdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
|
||||
@@ -36,6 +36,7 @@ import java.io.FilePermission;
|
||||
import java.io.ObjectInputStream;
|
||||
import java.io.RandomAccessFile;
|
||||
import java.security.ProtectionDomain;
|
||||
+import java.security.Security;
|
||||
import java.security.Signature;
|
||||
|
||||
/** A repository of "shared secrets", which are a mechanism for
|
||||
@@ -368,6 +369,9 @@ public class SharedSecrets {
|
||||
}
|
||||
|
||||
public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
|
||||
+ if (javaSecuritySystemConfiguratorAccess == null) {
|
||||
+ unsafe.ensureClassInitialized(Security.class);
|
||||
+ }
|
||||
return javaSecuritySystemConfiguratorAccess;
|
||||
}
|
||||
}
|
24
SOURCES/rh2021263-fips_missing_native_returns.patch
Normal file
24
SOURCES/rh2021263-fips_missing_native_returns.patch
Normal file
@ -0,0 +1,24 @@
|
||||
commit 1b5bd349bdfa7b9627ea58d819bc250a55112de2
|
||||
Author: Fridrich Strba <fstrba@suse.com>
|
||||
Date: Mon Jan 17 19:44:03 2022 +0000
|
||||
|
||||
RH2021263: Return in C code after having generated Java exception
|
||||
|
||||
diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
index 6f4656bfcb6..34d0ff0ce91 100644
|
||||
--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
+++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
|
||||
dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
|
||||
if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
|
||||
throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
|
||||
+ return JNI_FALSE;
|
||||
}
|
||||
fips_enabled = fgetc(fe);
|
||||
fclose(fe);
|
||||
if (fips_enabled == EOF) {
|
||||
throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
|
||||
+ return JNI_FALSE;
|
||||
}
|
||||
msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
" read character is '%c'", fips_enabled);
|
99
SOURCES/rh2021263-fips_separate_policy_and_fips_init.patch
Normal file
99
SOURCES/rh2021263-fips_separate_policy_and_fips_init.patch
Normal file
@ -0,0 +1,99 @@
|
||||
commit 0cd8cee94fe0f867b0b39890e00be620af1d9b07
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Tue Jan 18 02:09:27 2022 +0000
|
||||
|
||||
RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
|
||||
|
||||
diff --git openjdk.orig/src/java.base/share/classes/java/security/Security.java openjdk/src/java.base/share/classes/java/security/Security.java
|
||||
index 28ab1846173..f9726741afd 100644
|
||||
--- openjdk.orig/src/java.base/share/classes/java/security/Security.java
|
||||
+++ openjdk/src/java.base/share/classes/java/security/Security.java
|
||||
@@ -61,10 +61,6 @@ public final class Security {
|
||||
private static final Debug sdebug =
|
||||
Debug.getInstance("properties");
|
||||
|
||||
- /* System property file*/
|
||||
- private static final String SYSTEM_PROPERTIES =
|
||||
- "/etc/crypto-policies/back-ends/java.config";
|
||||
-
|
||||
/* The java.security properties */
|
||||
private static Properties props;
|
||||
|
||||
@@ -206,22 +202,36 @@ public final class Security {
|
||||
}
|
||||
}
|
||||
|
||||
+ if (!loadedProps) {
|
||||
+ initializeStatic();
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("unable to load security properties " +
|
||||
+ "-- using defaults");
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
|
||||
if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
|
||||
"true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
|
||||
- if (SystemConfigurator.configure(props)) {
|
||||
- loadedProps = true;
|
||||
+ if (!SystemConfigurator.configureSysProps(props)) {
|
||||
+ if (sdebug != null) {
|
||||
+ sdebug.println("WARNING: System properties could not be loaded.");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
- if (!loadedProps) {
|
||||
- initializeStatic();
|
||||
+ // FIPS support depends on the contents of java.security so
|
||||
+ // ensure it has loaded first
|
||||
+ if (loadedProps) {
|
||||
+ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
|
||||
if (sdebug != null) {
|
||||
- sdebug.println("unable to load security properties " +
|
||||
- "-- using defaults");
|
||||
+ if (fipsEnabled) {
|
||||
+ sdebug.println("FIPS support enabled.");
|
||||
+ } else {
|
||||
+ sdebug.println("FIPS support disabled.");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
-
|
||||
}
|
||||
|
||||
/*
|
||||
diff --git openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
index 874c6221ebe..b7ed41acf0f 100644
|
||||
--- openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
+++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||
@@ -76,7 +76,7 @@ final class SystemConfigurator {
|
||||
* java.security.disableSystemPropertiesFile property is not set and
|
||||
* security.useSystemPropertiesFile is true.
|
||||
*/
|
||||
- static boolean configure(Properties props) {
|
||||
+ static boolean configureSysProps(Properties props) {
|
||||
boolean loadedProps = false;
|
||||
|
||||
try (BufferedInputStream bis =
|
||||
@@ -96,11 +96,19 @@ final class SystemConfigurator {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
+ return loadedProps;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Invoked at the end of java.security.Security initialisation
|
||||
+ * if java.security properties have been loaded
|
||||
+ */
|
||||
+ static boolean configureFIPS(Properties props) {
|
||||
+ boolean loadedProps = false;
|
||||
|
||||
try {
|
||||
if (enableFips()) {
|
||||
if (sdebug != null) { sdebug.println("FIPS mode detected"); }
|
||||
- loadedProps = false;
|
||||
// Remove all security providers
|
||||
Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
|
||||
while (i.hasNext()) {
|
220
SOURCES/rh2052829-fips_runtime_nss_detection.patch
Normal file
220
SOURCES/rh2052829-fips_runtime_nss_detection.patch
Normal file
@ -0,0 +1,220 @@
|
||||
commit e2be09f982af1cc05f5e6556d51900bca4757416
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Mon Feb 28 05:30:32 2022 +0000
|
||||
|
||||
RH2051605: Detect NSS at Runtime for FIPS detection
|
||||
|
||||
diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
index 34d0ff0ce91..8dcb7d9073f 100644
|
||||
--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
+++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
|
||||
@@ -23,25 +23,99 @@
|
||||
* questions.
|
||||
*/
|
||||
|
||||
-#include <dlfcn.h>
|
||||
#include <jni.h>
|
||||
#include <jni_util.h>
|
||||
+#include "jvm_md.h"
|
||||
#include <stdio.h>
|
||||
|
||||
#ifdef SYSCONF_NSS
|
||||
#include <nss3/pk11pub.h>
|
||||
+#else
|
||||
+#include <dlfcn.h>
|
||||
#endif //SYSCONF_NSS
|
||||
|
||||
#include "java_security_SystemConfigurator.h"
|
||||
|
||||
+#define MSG_MAX_SIZE 256
|
||||
#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
|
||||
-#define MSG_MAX_SIZE 96
|
||||
|
||||
+typedef int (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE)(void);
|
||||
+
|
||||
+static SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE *getSystemFIPSEnabled;
|
||||
static jmethodID debugPrintlnMethodID = NULL;
|
||||
static jobject debugObj = NULL;
|
||||
|
||||
-static void throwIOException(JNIEnv *env, const char *msg);
|
||||
-static void dbgPrint(JNIEnv *env, const char* msg);
|
||||
+static void dbgPrint(JNIEnv *env, const char* msg)
|
||||
+{
|
||||
+ jstring jMsg;
|
||||
+ if (debugObj != NULL) {
|
||||
+ jMsg = (*env)->NewStringUTF(env, msg);
|
||||
+ CHECK_NULL(jMsg);
|
||||
+ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void throwIOException(JNIEnv *env, const char *msg)
|
||||
+{
|
||||
+ jclass cls = (*env)->FindClass(env, "java/io/IOException");
|
||||
+ if (cls != 0)
|
||||
+ (*env)->ThrowNew(env, cls, msg);
|
||||
+}
|
||||
+
|
||||
+static void handle_msg(JNIEnv *env, const char* msg, int msg_bytes)
|
||||
+{
|
||||
+ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
|
||||
+ dbgPrint(env, msg);
|
||||
+ } else {
|
||||
+ dbgPrint(env, "systemconf: cannot render message");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+// Only used when NSS is not linked at build time
|
||||
+#ifndef SYSCONF_NSS
|
||||
+
|
||||
+static void *nss_handle;
|
||||
+
|
||||
+static jboolean loadNSS(JNIEnv *env)
|
||||
+{
|
||||
+ char msg[MSG_MAX_SIZE];
|
||||
+ int msg_bytes;
|
||||
+ const char* errmsg;
|
||||
+
|
||||
+ nss_handle = dlopen(JNI_LIB_NAME("nss3"), RTLD_LAZY);
|
||||
+ if (nss_handle == NULL) {
|
||||
+ errmsg = dlerror();
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlopen: %s\n",
|
||||
+ errmsg);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return JNI_FALSE;
|
||||
+ }
|
||||
+ dlerror(); /* Clear errors */
|
||||
+ getSystemFIPSEnabled = (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE*)dlsym(nss_handle, "SECMOD_GetSystemFIPSEnabled");
|
||||
+ if ((errmsg = dlerror()) != NULL) {
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlsym: %s\n",
|
||||
+ errmsg);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return JNI_FALSE;
|
||||
+ }
|
||||
+ return JNI_TRUE;
|
||||
+}
|
||||
+
|
||||
+static void closeNSS(JNIEnv *env)
|
||||
+{
|
||||
+ char msg[MSG_MAX_SIZE];
|
||||
+ int msg_bytes;
|
||||
+ const char* errmsg;
|
||||
+
|
||||
+ if (dlclose(nss_handle) != 0) {
|
||||
+ errmsg = dlerror();
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "closeNSS: dlclose: %s\n",
|
||||
+ errmsg);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Class: java_security_SystemConfigurator
|
||||
@@ -84,6 +158,14 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
|
||||
debugObj = (*env)->NewGlobalRef(env, debugObj);
|
||||
}
|
||||
|
||||
+#ifdef SYSCONF_NSS
|
||||
+ getSystemFIPSEnabled = *SECMOD_GetSystemFIPSEnabled;
|
||||
+#else
|
||||
+ if (loadNSS(env) == JNI_FALSE) {
|
||||
+ dbgPrint(env, "libsystemconf: Failed to load NSS library.");
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
return (*env)->GetVersion(env);
|
||||
}
|
||||
|
||||
@@ -99,6 +181,9 @@ JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
|
||||
if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
|
||||
return; /* Should not happen */
|
||||
}
|
||||
+#ifndef SYSCONF_NSS
|
||||
+ closeNSS(env);
|
||||
+#endif
|
||||
(*env)->DeleteGlobalRef(env, debugObj);
|
||||
}
|
||||
}
|
||||
@@ -110,61 +195,30 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
|
||||
char msg[MSG_MAX_SIZE];
|
||||
int msg_bytes;
|
||||
|
||||
-#ifdef SYSCONF_NSS
|
||||
-
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
|
||||
- fips_enabled = SECMOD_GetSystemFIPSEnabled();
|
||||
- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
- " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
|
||||
- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
|
||||
- dbgPrint(env, msg);
|
||||
+ if (getSystemFIPSEnabled != NULL) {
|
||||
+ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
|
||||
+ fips_enabled = (*getSystemFIPSEnabled)();
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
+ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
|
||||
} else {
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
|
||||
- " SECMOD_GetSystemFIPSEnabled return value");
|
||||
- }
|
||||
- return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
|
||||
-
|
||||
-#else // SYSCONF_NSS
|
||||
+ FILE *fe;
|
||||
|
||||
- FILE *fe;
|
||||
-
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
|
||||
- if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
|
||||
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
|
||||
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
|
||||
throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
|
||||
return JNI_FALSE;
|
||||
- }
|
||||
- fips_enabled = fgetc(fe);
|
||||
- fclose(fe);
|
||||
- if (fips_enabled == EOF) {
|
||||
+ }
|
||||
+ fips_enabled = fgetc(fe);
|
||||
+ fclose(fe);
|
||||
+ if (fips_enabled == EOF) {
|
||||
throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
|
||||
return JNI_FALSE;
|
||||
- }
|
||||
- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
- " read character is '%c'", fips_enabled);
|
||||
- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
|
||||
- dbgPrint(env, msg);
|
||||
- } else {
|
||||
- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
|
||||
- " read character");
|
||||
- }
|
||||
- return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
|
||||
-
|
||||
-#endif // SYSCONF_NSS
|
||||
-}
|
||||
-
|
||||
-static void throwIOException(JNIEnv *env, const char *msg)
|
||||
-{
|
||||
- jclass cls = (*env)->FindClass(env, "java/io/IOException");
|
||||
- if (cls != 0)
|
||||
- (*env)->ThrowNew(env, cls, msg);
|
||||
-}
|
||||
-
|
||||
-static void dbgPrint(JNIEnv *env, const char* msg)
|
||||
-{
|
||||
- jstring jMsg;
|
||||
- if (debugObj != NULL) {
|
||||
- jMsg = (*env)->NewStringUTF(env, msg);
|
||||
- CHECK_NULL(jMsg);
|
||||
- (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
|
||||
+ }
|
||||
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
|
||||
+ " read character is '%c'", fips_enabled);
|
||||
+ handle_msg(env, msg, msg_bytes);
|
||||
+ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
|
||||
}
|
||||
}
|
@ -23,6 +23,8 @@
|
||||
%bcond_without staticlibs
|
||||
# Remove build artifacts by default
|
||||
%bcond_with artifacts
|
||||
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
|
||||
%bcond_without fresh_libjvm
|
||||
|
||||
# Workaround for stripping of debug symbols from static libraries
|
||||
%if %{with staticlibs}
|
||||
@ -32,6 +34,13 @@
|
||||
%global include_staticlibs 0
|
||||
%endif
|
||||
|
||||
# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
|
||||
%if %{with fresh_libjvm}
|
||||
%global build_hotspot_first 1
|
||||
%else
|
||||
%global build_hotspot_first 0
|
||||
%endif
|
||||
|
||||
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
|
||||
# This fixes detailed NMT and other tools which need minimal debug info.
|
||||
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
|
||||
@ -76,7 +85,7 @@
|
||||
# in alternatives those are slaves and master, very often triplicated by man pages
|
||||
# in files all masters and slaves are ghosted
|
||||
# the ghosts are here to allow installation via query like `dnf install /usr/bin/java`
|
||||
# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_
|
||||
# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ -e alternatives
|
||||
# TODO - fix those hardcoded lists via single list
|
||||
# Those files must *NOT* be ghosted for *slowdebug* packages
|
||||
# FIXME - if you are moving jshell or jlink or similar, always modify all three sections
|
||||
@ -102,7 +111,9 @@
|
||||
# Set of architectures for which we build fastdebug builds
|
||||
%global fastdebug_arches x86_64 ppc64le aarch64
|
||||
# Set of architectures with a Just-In-Time (JIT) compiler
|
||||
%global jit_arches %{debug_arches} %{arm}
|
||||
%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64
|
||||
# Set of architectures which use the Zero assembler port (!jit_arches)
|
||||
%global zero_arches ppc s390
|
||||
# Set of architectures which run a full bootstrap cycle
|
||||
%global bootstrap_arches %{jit_arches}
|
||||
# Set of architectures which support SystemTap tapsets
|
||||
@ -121,6 +132,8 @@
|
||||
%global zgc_arches x86_64
|
||||
# Set of architectures for which alt-java has SSB mitigation
|
||||
%global ssbd_arches x86_64
|
||||
# Set of architectures where we verify backtraces with gdb
|
||||
%global gdb_arches %{jit_arches} %{zero_arches}
|
||||
|
||||
# By default, we build a slowdebug build during main build on JIT architectures
|
||||
%if %{with slowdebug}
|
||||
@ -174,7 +187,7 @@
|
||||
%global fastdebug_build %{nil}
|
||||
%endif
|
||||
|
||||
# If you disable both builds, then the build fails
|
||||
# If you disable all builds, then the build fails
|
||||
# Build and test slowdebug first as it provides the best diagnostics
|
||||
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
|
||||
|
||||
@ -185,9 +198,9 @@
|
||||
%endif
|
||||
|
||||
%ifarch %{bootstrap_arches}
|
||||
%global bootstrap_build 1
|
||||
%global bootstrap_build true
|
||||
%else
|
||||
%global bootstrap_build 1
|
||||
%global bootstrap_build false
|
||||
%endif
|
||||
|
||||
%if %{include_staticlibs}
|
||||
@ -208,6 +221,11 @@
|
||||
%global release_targets images docs-zip
|
||||
# No docs nor bootcycle for debug builds
|
||||
%global debug_targets images
|
||||
# Target to use to just build HotSpot
|
||||
%global hotspot_target hotspot
|
||||
|
||||
# JDK to use for bootstrapping
|
||||
%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
|
||||
|
||||
# Disable LTO as this causes build failures at the moment.
|
||||
# See RHBZ#1861401
|
||||
@ -297,8 +315,8 @@
|
||||
# New Version-String scheme-style defines
|
||||
%global featurever 11
|
||||
%global interimver 0
|
||||
%global updatever 13
|
||||
%global patchver 0
|
||||
%global updatever 14
|
||||
%global patchver 1
|
||||
# If you bump featurever, you must bump also vendor_version_string
|
||||
# Used via new version scheme. JDK 11 was
|
||||
# GA'ed in September 2018 => 18.9
|
||||
@ -344,8 +362,8 @@
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 8
|
||||
%global rpmrelease 3
|
||||
%global buildver 1
|
||||
%global rpmrelease 6
|
||||
#%%global tagsuffix %%{nil}
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
@ -394,8 +412,8 @@
|
||||
%global jdkimage jdk
|
||||
%global static_libs_image static-libs
|
||||
# output dir stub
|
||||
%define buildoutputdir() %{expand:build/jdk11.build%{?1}}
|
||||
%define installoutputdir() %{expand:install/jdk11.install%{?1}}
|
||||
%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
|
||||
%define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}}
|
||||
# we can copy the javadoc to not arched dir, or make it not noarch
|
||||
%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}}
|
||||
# main id and dir of this jdk
|
||||
@ -410,7 +428,7 @@
|
||||
%if %is_system_jdk
|
||||
%global __provides_exclude ^(%{_privatelibs})$
|
||||
%global __requires_exclude ^(%{_privatelibs})$
|
||||
# Never generate lib-style provides/requires for slowdebug packages
|
||||
# Never generate lib-style provides/requires for any debug packages
|
||||
%global __provides_exclude_from ^.*/%{uniquesuffix -- %{debug_suffix_unquoted}}/.*$
|
||||
%global __requires_exclude_from ^.*/%{uniquesuffix -- %{debug_suffix_unquoted}}/.*$
|
||||
%global __provides_exclude_from ^.*/%{uniquesuffix -- %{fastdebug_suffix_unquoted}}/.*$
|
||||
@ -443,6 +461,9 @@
|
||||
%global alternatives_requires %{_sbindir}/alternatives
|
||||
%endif
|
||||
|
||||
%global family %{name}.%{_arch}
|
||||
%global family_noarch %{name}
|
||||
|
||||
%if %{with_systemtap}
|
||||
# Where to install systemtap tapset (links)
|
||||
# We would like these to be in a package specific sub-dir,
|
||||
@ -460,6 +481,50 @@
|
||||
# not-duplicated scriptlets for normal/debug packages
|
||||
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
|
||||
|
||||
%define save_alternatives() %{expand:
|
||||
# warning! alternatives are localised!
|
||||
# LANG=cs_CZ.UTF-8 alternatives --display java | head
|
||||
# LANG=en_US.UTF-8 alternatives --display java | head
|
||||
function nonLocalisedAlternativesDisplayOfMaster() {
|
||||
LANG=en_US.UTF-8 alternatives --display "$MASTER"
|
||||
}
|
||||
function headOfAbove() {
|
||||
nonLocalisedAlternativesDisplayOfMaster | head -n $1
|
||||
}
|
||||
MASTER="%{?1}"
|
||||
LOCAL_LINK="%{?2}"
|
||||
FAMILY="%{?3}"
|
||||
rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
|
||||
if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
|
||||
if headOfAbove 1 | grep -q manual ; then
|
||||
if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
|
||||
headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
%define save_and_remove_alternatives() %{expand:
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
upgrade1_uninstal0=%{?3}
|
||||
if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
|
||||
%{save_alternatives %{?1} %{?2} %{?4}}
|
||||
fi
|
||||
alternatives --remove "%{?1}" "%{?2}"
|
||||
}
|
||||
|
||||
%define set_if_needed_alternatives() %{expand:
|
||||
MASTER="%{?1}"
|
||||
FAMILY="%{?2}"
|
||||
ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
|
||||
if [ -e "$ALTERNATIVES_FILE" ] ; then
|
||||
rm "$ALTERNATIVES_FILE"
|
||||
alternatives --set $MASTER $FAMILY
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
%define post_script() %{expand:
|
||||
update-desktop-database %{_datadir}/applications &> /dev/null || :
|
||||
@ -467,20 +532,19 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
|
||||
exit 0
|
||||
}
|
||||
|
||||
|
||||
%define post_headless() %{expand:
|
||||
%ifarch %{share_arches}
|
||||
%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
|
||||
%endif
|
||||
|
||||
%define alternatives_java_install() %{expand:
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
PRIORITY=%{priority}
|
||||
if [ "%{?1}" == %{debug_suffix} ]; then
|
||||
let PRIORITY=PRIORITY-1
|
||||
fi
|
||||
|
||||
ext=.gz
|
||||
key=java
|
||||
alternatives \\
|
||||
--install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
|
||||
--install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
|
||||
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{sdkdir -- %{?1}} \\
|
||||
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
|
||||
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
|
||||
@ -506,12 +570,23 @@ alternatives \\
|
||||
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
|
||||
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
|
||||
|
||||
%{set_if_needed_alternatives $key %{family}}
|
||||
|
||||
for X in %{origin} %{javaver} ; do
|
||||
alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
|
||||
key=jre_"$X"
|
||||
alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
|
||||
%{set_if_needed_alternatives $key %{family}}
|
||||
done
|
||||
|
||||
update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
|
||||
key=jre_%{javaver}_%{origin}
|
||||
alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
|
||||
%{set_if_needed_alternatives $key %{family}}
|
||||
}
|
||||
|
||||
%define post_headless() %{expand:
|
||||
%ifarch %{share_arches}
|
||||
%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
|
||||
%endif
|
||||
|
||||
update-desktop-database %{_datadir}/applications &> /dev/null || :
|
||||
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
||||
@ -538,26 +613,34 @@ exit 0
|
||||
|
||||
|
||||
%define postun_headless() %{expand:
|
||||
alternatives --remove java %{jrebindir -- %{?1}}/java
|
||||
alternatives --remove jre_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
|
||||
alternatives --remove jre_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
|
||||
alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
|
||||
%{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
|
||||
%{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
|
||||
%{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
|
||||
%{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
|
||||
}
|
||||
|
||||
%define posttrans_script() %{expand:
|
||||
%{update_desktop_icons}
|
||||
}
|
||||
|
||||
%define post_devel() %{expand:
|
||||
|
||||
%define alternatives_javac_install() %{expand:
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
PRIORITY=%{priority}
|
||||
if [ "%{?1}" == %{debug_suffix} ]; then
|
||||
let PRIORITY=PRIORITY-1
|
||||
fi
|
||||
|
||||
ext=.gz
|
||||
key=javac
|
||||
alternatives \\
|
||||
--install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
|
||||
--install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
|
||||
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
|
||||
%ifarch %{aot_arches}
|
||||
--slave %{_bindir}/jaotc jaotc %{sdkbindir -- %{?1}}/jaotc \\
|
||||
@ -565,7 +648,9 @@ alternatives \\
|
||||
--slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\
|
||||
--slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\
|
||||
%ifarch %{sa_arches}
|
||||
%ifnarch %{zero_arches}
|
||||
--slave %{_bindir}/jhsdb jhsdb %{sdkbindir -- %{?1}}/jhsdb \\
|
||||
%endif
|
||||
%endif
|
||||
--slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\
|
||||
--slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\
|
||||
@ -623,15 +708,22 @@ alternatives \\
|
||||
--slave %{_mandir}/man1/rmic.1$ext rmic.1$ext \\
|
||||
%{_mandir}/man1/rmic-%{uniquesuffix -- %{?1}}.1$ext \\
|
||||
--slave %{_mandir}/man1/serialver.1$ext serialver.1$ext \\
|
||||
%{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext \\
|
||||
%{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext
|
||||
|
||||
%{set_if_needed_alternatives $key %{family}}
|
||||
|
||||
for X in %{origin} %{javaver} ; do
|
||||
alternatives \\
|
||||
--install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
|
||||
key=java_sdk_"$X"
|
||||
alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
|
||||
%{set_if_needed_alternatives $key %{family}}
|
||||
done
|
||||
|
||||
update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
|
||||
key=java_sdk_%{javaver}_%{origin}
|
||||
alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
|
||||
%{set_if_needed_alternatives $key %{family}}
|
||||
}
|
||||
|
||||
%define post_devel() %{expand:
|
||||
update-desktop-database %{_datadir}/applications &> /dev/null || :
|
||||
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
|
||||
|
||||
@ -639,10 +731,14 @@ exit 0
|
||||
}
|
||||
|
||||
%define postun_devel() %{expand:
|
||||
alternatives --remove javac %{sdkbindir -- %{?1}}/javac
|
||||
alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
|
||||
alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
|
||||
alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
|
||||
%{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
|
||||
%{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
|
||||
%{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
|
||||
%{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
|
||||
|
||||
update-desktop-database %{_datadir}/applications &> /dev/null || :
|
||||
|
||||
@ -654,42 +750,54 @@ exit 0
|
||||
}
|
||||
|
||||
%define posttrans_devel() %{expand:
|
||||
%{alternatives_javac_install -- %{?1}}
|
||||
%{update_desktop_icons}
|
||||
}
|
||||
|
||||
%define post_javadoc() %{expand:
|
||||
|
||||
%define alternatives_javadoc_install() %{expand:
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
PRIORITY=%{priority}
|
||||
if [ "%{?1}" == %{debug_suffix} ]; then
|
||||
let PRIORITY=PRIORITY-1
|
||||
fi
|
||||
|
||||
alternatives \\
|
||||
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
|
||||
$PRIORITY --family %{name}
|
||||
key=javadocdir
|
||||
alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
|
||||
%{set_if_needed_alternatives $key %{family_noarch}}
|
||||
exit 0
|
||||
}
|
||||
|
||||
%define postun_javadoc() %{expand:
|
||||
alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
|
||||
%{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
|
||||
exit 0
|
||||
}
|
||||
|
||||
%define post_javadoc_zip() %{expand:
|
||||
|
||||
%define alternatives_javadoczip_install() %{expand:
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
PRIORITY=%{priority}
|
||||
if [ "%{?1}" == %{debug_suffix} ]; then
|
||||
let PRIORITY=PRIORITY-1
|
||||
fi
|
||||
|
||||
alternatives \\
|
||||
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
|
||||
$PRIORITY --family %{name}
|
||||
key=javadoczip
|
||||
alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
|
||||
%{set_if_needed_alternatives $key %{family_noarch}}
|
||||
exit 0
|
||||
}
|
||||
|
||||
%define postun_javadoc_zip() %{expand:
|
||||
alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
|
||||
if [ "x$debug" == "xtrue" ] ; then
|
||||
set -x
|
||||
fi
|
||||
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
|
||||
%{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
|
||||
exit 0
|
||||
}
|
||||
|
||||
@ -760,8 +868,10 @@ exit 0
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/librmi.so
|
||||
# Some architectures don't have the serviceability agent
|
||||
%ifarch %{sa_arches}
|
||||
%ifnarch %{zero_arches}
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsaproc.so
|
||||
%endif
|
||||
%endif
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsunec.so
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so
|
||||
@ -795,7 +905,7 @@ exit 0
|
||||
%dir %{etcjavadir -- %{?1}}/conf/security/policy/limited
|
||||
%dir %{etcjavadir -- %{?1}}/conf/security/policy/unlimited
|
||||
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/default.policy
|
||||
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/blacklisted.certs
|
||||
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/blocked.certs
|
||||
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/public_suffix_list.dat
|
||||
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/policy/limited/exempt_local.policy
|
||||
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/policy/limited/default_local.policy
|
||||
@ -855,8 +965,10 @@ exit 0
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jimage
|
||||
# Some architectures don't have the serviceability agent
|
||||
%ifarch %{sa_arches}
|
||||
%ifnarch %{zero_arches}
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhsdb
|
||||
%endif
|
||||
%endif
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jlink
|
||||
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jmap
|
||||
@ -1015,8 +1127,8 @@ Requires: ca-certificates
|
||||
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
|
||||
Requires: javapackages-filesystem
|
||||
# Require zone-info data provided by tzdata-java sub-package
|
||||
# 2021a required as of JDK-8260356 in April 2021 CPU
|
||||
Requires: tzdata-java >= 2021a
|
||||
# 2021e required as of JDK-8275766 in January 2022 CPU
|
||||
Requires: tzdata-java >= 2021e
|
||||
# for support of kernel stream control
|
||||
# libsctp.so.1 is being `dlopen`ed on demand
|
||||
Requires: lksctp-tools%{?_isa}
|
||||
@ -1029,6 +1141,8 @@ OrderWithRequires: copy-jdk-configs
|
||||
%endif
|
||||
# for printing support
|
||||
Requires: cups-libs
|
||||
# for FIPS PKCS11 provider
|
||||
Requires: nss
|
||||
# Post requires alternatives to install tool alternatives
|
||||
Requires(post): %{alternatives_requires}
|
||||
# Postun requires alternatives to uninstall tool alternatives
|
||||
@ -1111,10 +1225,10 @@ Requires(post): %{alternatives_requires}
|
||||
Requires(postun): %{alternatives_requires}
|
||||
|
||||
# Standard JPackage javadoc provides
|
||||
Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
|
||||
Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
|
||||
Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
|
||||
Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
|
||||
%if %is_system_jdk
|
||||
Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
|
||||
Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
|
||||
%endif
|
||||
}
|
||||
|
||||
@ -1236,9 +1350,15 @@ Patch1007: rh1915071-always_initialise_configurator_access.patch
|
||||
Patch1008: rh1929465-improve_system_FIPS_detection.patch
|
||||
# RH1996182: Login to the NSS software token in FIPS mode
|
||||
Patch1009: rh1996182-login_to_nss_software_token.patch
|
||||
Patch1010: rh1996182-extend_security_policy.patch
|
||||
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
|
||||
Patch1011: rh1991003-enable_fips_keys_import.patch
|
||||
# RH2021263: Resolve outstanding FIPS issues
|
||||
Patch1014: rh2021263-fips_ensure_security_initialised.patch
|
||||
Patch1015: rh2021263-fips_missing_native_returns.patch
|
||||
# RH2052819: Fix FIPS reliance on crypto policies
|
||||
Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
|
||||
# RH2052829: Detect NSS at Runtime for FIPS detection
|
||||
Patch1017: rh2052829-fips_runtime_nss_detection.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1262,6 +1382,20 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
|
||||
Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
||||
# PR3695: Allow use of system crypto policy to be disabled by the user
|
||||
Patch7: pr3695-toggle_system_crypto_policy.patch
|
||||
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
||||
Patch8: jdk8275535-rh2053256-ldap_auth.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
# Backportable patches
|
||||
#
|
||||
# This section includes patches which are
|
||||
# present in the current development tree, but
|
||||
# need to be reviewed & pushed to the appropriate
|
||||
# updates tree of OpenJDK.
|
||||
#############################################
|
||||
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
|
||||
Patch101: jdk8257794-remove_broken_assert.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1298,8 +1432,8 @@ BuildRequires: libXrandr-devel
|
||||
BuildRequires: libXrender-devel
|
||||
BuildRequires: libXt-devel
|
||||
BuildRequires: libXtst-devel
|
||||
# Requirements for setting up the nss.cfg and FIPS support
|
||||
BuildRequires: nss-devel >= 3.53
|
||||
# Requirement for setting up nss.cfg and nss.fips.cfg
|
||||
BuildRequires: nss-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: xorg-x11-proto-devel
|
||||
BuildRequires: zip
|
||||
@ -1307,11 +1441,11 @@ BuildRequires: unzip
|
||||
BuildRequires: javapackages-filesystem
|
||||
BuildRequires: java-%{buildjdkver}-openjdk-devel
|
||||
# Zero-assembler build requirement
|
||||
%ifnarch %{jit_arches}
|
||||
%ifarch %{zero_arches}
|
||||
BuildRequires: libffi-devel
|
||||
%endif
|
||||
# 2021a required as of JDK-8260356 in April 2021 CPU
|
||||
BuildRequires: tzdata-java >= 2021a
|
||||
# 2021e required as of JDK-8275766 in January 2022 CPU
|
||||
BuildRequires: tzdata-java >= 2021e
|
||||
# Earlier versions have a bug in tree vectorization on PPC
|
||||
BuildRequires: gcc >= 4.8.3-8
|
||||
|
||||
@ -1593,7 +1727,7 @@ Group: Documentation
|
||||
Requires: javapackages-filesystem
|
||||
Obsoletes: javadoc-debug
|
||||
|
||||
%{java_javadoc_rpo %{nil}}
|
||||
%{java_javadoc_rpo -- %{nil} %{nil}}
|
||||
|
||||
%description javadoc
|
||||
The %{origin_nice} %{featurever} API documentation.
|
||||
@ -1606,7 +1740,8 @@ Group: Documentation
|
||||
Requires: javapackages-filesystem
|
||||
Obsoletes: javadoc-zip-debug
|
||||
|
||||
%{java_javadoc_rpo %{nil}}
|
||||
%{java_javadoc_rpo -- %{nil} -zip}
|
||||
%{java_javadoc_rpo -- %{nil} %{nil}}
|
||||
|
||||
%description javadoc-zip
|
||||
The %{origin_nice} %{featurever} API documentation compressed in a single archive.
|
||||
@ -1664,6 +1799,8 @@ pushd %{top_level_dir_name}
|
||||
%patch7 -p1
|
||||
popd # openjdk
|
||||
|
||||
%patch101
|
||||
|
||||
%patch1000
|
||||
%patch600
|
||||
%patch1001
|
||||
@ -1673,8 +1810,13 @@ popd # openjdk
|
||||
%patch1007
|
||||
%patch1008
|
||||
%patch1009
|
||||
%patch1010
|
||||
%patch1011
|
||||
%patch1014
|
||||
%patch1015
|
||||
%patch1016
|
||||
%patch1017
|
||||
|
||||
%patch8
|
||||
|
||||
# Extract systemtap tapsets
|
||||
%if %{with_systemtap}
|
||||
@ -1727,7 +1869,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
|
||||
|
||||
# Setup nss.fips.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
|
||||
sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
|
||||
|
||||
%build
|
||||
# How many CPU's do we have?
|
||||
@ -1754,17 +1895,21 @@ EXTRA_CPP_FLAGS="%ourcppflags"
|
||||
# fix rpmlint warnings
|
||||
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
|
||||
%endif
|
||||
%ifarch %{ix86}
|
||||
# Align stack boundary on x86_32
|
||||
EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
|
||||
EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
|
||||
%endif
|
||||
# Fixes annocheck warnings in assembler files due to missing build notes
|
||||
EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
|
||||
export EXTRA_CFLAGS EXTRA_ASFLAGS
|
||||
export EXTRA_CFLAGS EXTRA_CPP_FLAGS EXTRA_ASFLAGS
|
||||
|
||||
function buildjdk() {
|
||||
local outputdir=${1}
|
||||
local installdir=${2}
|
||||
local buildjdk=${3}
|
||||
local maketargets="${4}"
|
||||
local debuglevel=${5}
|
||||
local link_opt=${6}
|
||||
local buildjdk=${2}
|
||||
local maketargets="${3}"
|
||||
local debuglevel=${4}
|
||||
local link_opt=${5}
|
||||
|
||||
local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
|
||||
local top_dir_abs_build_path=$(pwd)/${outputdir}
|
||||
@ -1777,11 +1922,11 @@ function buildjdk() {
|
||||
echo "Using link_opt: ${link_opt}"
|
||||
echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
|
||||
|
||||
mkdir -p ${outputdir} ${installdir}
|
||||
mkdir -p ${outputdir}
|
||||
pushd ${outputdir}
|
||||
|
||||
bash ${top_dir_abs_src_path}/configure \
|
||||
%ifnarch %{jit_arches}
|
||||
%ifarch %{zero_arches}
|
||||
--with-jvm-variants=zero \
|
||||
%endif
|
||||
%ifarch %{ppc64le}
|
||||
@ -1798,7 +1943,7 @@ function buildjdk() {
|
||||
--with-boot-jdk=${buildjdk} \
|
||||
--with-debug-level=${debuglevel} \
|
||||
--with-native-debug-symbols="%{debug_symbols}" \
|
||||
--enable-sysconf-nss \
|
||||
--disable-sysconf-nss \
|
||||
--enable-unlimited-crypto \
|
||||
--with-zlib=system \
|
||||
--with-libjpeg=${link_opt} \
|
||||
@ -1826,8 +1971,15 @@ function buildjdk() {
|
||||
$maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
|
||||
|
||||
popd
|
||||
}
|
||||
|
||||
function installjdk() {
|
||||
local outputdir=${1}
|
||||
local installdir=${2}
|
||||
local imagepath=${installdir}/images/%{jdkimage}
|
||||
|
||||
echo "Installing build from ${outputdir} to ${installdir}..."
|
||||
mkdir -p ${installdir}
|
||||
echo "Installing images..."
|
||||
mv ${outputdir}/images ${installdir}
|
||||
if [ -d ${outputdir}/bundles ] ; then
|
||||
@ -1843,38 +1995,46 @@ function buildjdk() {
|
||||
echo "Removing output directory...";
|
||||
rm -rf ${outputdir}
|
||||
%endif
|
||||
|
||||
if [ -d ${imagepath} ] ; then
|
||||
# the build (erroneously) removes read permissions from some jars
|
||||
# this is a regression in OpenJDK 7 (our compiler):
|
||||
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
|
||||
find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
|
||||
|
||||
# Build screws up permissions on binaries
|
||||
# https://bugs.openjdk.java.net/browse/JDK-8173610
|
||||
find ${imagepath} -iname '*.so' -exec chmod +x {} \;
|
||||
find ${imagepath}/bin/ -exec chmod +x {} \;
|
||||
|
||||
# Install nss.cfg right away as we will be using the JRE above
|
||||
install -m 644 nss.cfg ${imagepath}/conf/security/
|
||||
|
||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
||||
|
||||
# Use system-wide tzdata
|
||||
rm ${imagepath}/lib/tzdb.dat
|
||||
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
|
||||
|
||||
# Create fake alt-java as a placeholder for future alt-java
|
||||
pushd ${imagepath}
|
||||
# add alt-java man page
|
||||
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
|
||||
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
|
||||
popd
|
||||
fi
|
||||
}
|
||||
|
||||
function installjdk() {
|
||||
local imagepath=${1}
|
||||
|
||||
# the build (erroneously) removes read permissions from some jars
|
||||
# this is a regression in OpenJDK 7 (our compiler):
|
||||
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
|
||||
find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
|
||||
|
||||
# Build screws up permissions on binaries
|
||||
# https://bugs.openjdk.java.net/browse/JDK-8173610
|
||||
find ${imagepath} -iname '*.so' -exec chmod +x {} \;
|
||||
find ${imagepath}/bin/ -exec chmod +x {} \;
|
||||
|
||||
# Install nss.cfg right away as we will be using the JRE above
|
||||
install -m 644 nss.cfg ${imagepath}/conf/security/
|
||||
|
||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
||||
|
||||
# Use system-wide tzdata
|
||||
rm ${imagepath}/lib/tzdb.dat
|
||||
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
|
||||
|
||||
# Create fake alt-java as a placeholder for future alt-java
|
||||
pushd ${imagepath}
|
||||
# add alt-java man page
|
||||
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
|
||||
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
|
||||
popd
|
||||
}
|
||||
%if %{build_hotspot_first}
|
||||
# Build a fresh libjvm.so first and use it to bootstrap
|
||||
cp -LR --preserve=mode,timestamps %{bootjdk} newboot
|
||||
systemjdk=$(pwd)/newboot
|
||||
buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
|
||||
mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server
|
||||
%else
|
||||
systemjdk=%{bootjdk}
|
||||
%endif
|
||||
|
||||
for suffix in %{build_loop} ; do
|
||||
|
||||
@ -1885,7 +2045,6 @@ for suffix in %{build_loop} ; do
|
||||
debugbuild=`echo $suffix | sed "s/-//g"`
|
||||
fi
|
||||
|
||||
systemjdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk
|
||||
|
||||
for loop in %{main_suffix} %{staticlibs_loop} ; do
|
||||
|
||||
@ -1902,18 +2061,25 @@ for suffix in %{build_loop} ; do
|
||||
# Use system libraries
|
||||
link_opt="system"
|
||||
# Debug builds don't need same targets as release for
|
||||
# build speed-up
|
||||
maketargets="%{release_targets}"
|
||||
# build speed-up. We also avoid bootstrapping these
|
||||
# slower builds.
|
||||
if echo $debugbuild | grep -q "debug" ; then
|
||||
maketargets="%{debug_targets}"
|
||||
maketargets="%{debug_targets}"
|
||||
run_bootstrap=false
|
||||
else
|
||||
maketargets="%{release_targets}"
|
||||
run_bootstrap=%{bootstrap_build}
|
||||
fi
|
||||
if ${run_bootstrap} ; then
|
||||
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
|
||||
installjdk ${bootbuilddir} ${bootinstalldir}
|
||||
buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
|
||||
installjdk ${builddir} ${installdir}
|
||||
%{!?with_artifacts:rm -rf ${bootinstalldir}}
|
||||
else
|
||||
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
|
||||
installjdk ${builddir} ${installdir}
|
||||
fi
|
||||
%if %{bootstrap_build}
|
||||
buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
|
||||
buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
|
||||
%{!?with_artifacts:rm -rf ${bootinstalldir}}
|
||||
%else
|
||||
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
|
||||
%endif
|
||||
# Restore original source tree we modified by removing full in-tree sources
|
||||
rm -rf %{top_level_dir_name}
|
||||
mv %{top_level_dir_name_backup} %{top_level_dir_name}
|
||||
@ -1923,15 +2089,12 @@ for suffix in %{build_loop} ; do
|
||||
# Static library cycle only builds the static libraries
|
||||
maketargets="%{static_libs_target}"
|
||||
# Always just do the one build for the static libraries
|
||||
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
|
||||
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
|
||||
installjdk ${builddir} ${installdir}
|
||||
fi
|
||||
|
||||
done # end of main / staticlibs loop
|
||||
|
||||
# Final setup on the main image
|
||||
top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
|
||||
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||
|
||||
# build cycles
|
||||
done # end of release / debug cycle loop
|
||||
|
||||
@ -2040,20 +2203,16 @@ gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
|
||||
handle SIGSEGV pass nostop noprint
|
||||
handle SIGILL pass nostop noprint
|
||||
set breakpoint pending on
|
||||
break javaCalls.cpp:1
|
||||
break javaCalls.cpp:58
|
||||
commands 1
|
||||
backtrace
|
||||
quit
|
||||
end
|
||||
run -version
|
||||
EOF
|
||||
%if 0%{?fedora} > 0
|
||||
# This fails on s390x for some reason. Disable for now. See:
|
||||
# https://koji.fedoraproject.org/koji/taskinfo?taskID=41499227
|
||||
%ifnarch s390x
|
||||
%ifarch %{gdb_arches}
|
||||
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
|
||||
%endif
|
||||
%endif
|
||||
|
||||
# Check src.zip has all sources. See RHBZ#1130490
|
||||
$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
|
||||
@ -2280,6 +2439,9 @@ end
|
||||
%posttrans
|
||||
%{posttrans_script %{nil}}
|
||||
|
||||
%posttrans headless
|
||||
%{alternatives_java_install %{nil}}
|
||||
|
||||
%post devel
|
||||
%{post_devel %{nil}}
|
||||
|
||||
@ -2289,14 +2451,14 @@ end
|
||||
%posttrans devel
|
||||
%{posttrans_devel %{nil}}
|
||||
|
||||
%post javadoc
|
||||
%{post_javadoc %{nil}}
|
||||
%posttrans javadoc
|
||||
%{alternatives_javadoc_install %{nil}}
|
||||
|
||||
%postun javadoc
|
||||
%{postun_javadoc %{nil}}
|
||||
|
||||
%post javadoc-zip
|
||||
%{post_javadoc_zip %{nil}}
|
||||
%posttrans javadoc-zip
|
||||
%{alternatives_javadoczip_install %{nil}}
|
||||
|
||||
%postun javadoc-zip
|
||||
%{postun_javadoc_zip %{nil}}
|
||||
@ -2309,6 +2471,9 @@ end
|
||||
%post headless-slowdebug
|
||||
%{post_headless -- %{debug_suffix_unquoted}}
|
||||
|
||||
%posttrans headless-slowdebug
|
||||
%{alternatives_java_install -- %{debug_suffix_unquoted}}
|
||||
|
||||
%postun slowdebug
|
||||
%{postun_script -- %{debug_suffix_unquoted}}
|
||||
|
||||
@ -2344,6 +2509,9 @@ end
|
||||
%posttrans fastdebug
|
||||
%{posttrans_script -- %{fastdebug_suffix_unquoted}}
|
||||
|
||||
%posttrans headless-fastdebug
|
||||
%{alternatives_java_install -- %{fastdebug_suffix_unquoted}}
|
||||
|
||||
%post devel-fastdebug
|
||||
%{post_devel -- %{fastdebug_suffix_unquoted}}
|
||||
|
||||
@ -2450,6 +2618,100 @@ end
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-6
|
||||
- Detect NSS at runtime for FIPS detection
|
||||
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
|
||||
- Resolves: rhbz#2052827
|
||||
|
||||
* Fri Feb 25 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-5
|
||||
- Add JDK-8275535 patch to fix LDAP authentication issue.
|
||||
- Resolves: rhbz#2053284
|
||||
|
||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.1.1-4
|
||||
- Storing and restoring alterntives during update manually
|
||||
- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
|
||||
-- The move of alternatives creation to posttrans to fix:
|
||||
-- Bug 1200302 - dnf reinstall breaks alternatives
|
||||
-- Had caused the alternatives to be removed, and then created again,
|
||||
-- instead of being added, and then removing the old, and thus persisting
|
||||
-- the selection in family
|
||||
-- Thus this fix, is storing the family of manually selected master, and if
|
||||
-- stored, then it is restoring the family of the master
|
||||
- Resolves: rhbz#2008192
|
||||
|
||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.1.1-3
|
||||
- Family extracted to globals
|
||||
- Resolves: rhbz#2008192
|
||||
|
||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.1.1-2
|
||||
- alternatives creation moved to posttrans
|
||||
- Thus fixing the old reisntall issue:
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
|
||||
- Resolves: rhbz#2008192
|
||||
|
||||
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-1
|
||||
- Update to jdk-11.0.14.1+1
|
||||
- Update release notes to 11.0.14.1+1
|
||||
- Require tzdata 2021e as of JDK-8275766.
|
||||
- Resolves: rhbz#2052809
|
||||
- Resolves: rhbz#1966234
|
||||
|
||||
* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-6
|
||||
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
|
||||
- Resolves: rhbz#2052816
|
||||
|
||||
* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-5
|
||||
- Refactor build functions so we can build just HotSpot without any attempt at installation.
|
||||
- Sync gdb test with java-1.8.0-openjdk.
|
||||
- Improve architecture restrictions for the gdb test.
|
||||
- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
|
||||
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
|
||||
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
|
||||
- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
|
||||
- Related: rhbz#2052809
|
||||
|
||||
* Fri Feb 11 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.0.9-5
|
||||
- Give javadoc-zip its own Provides, next to the plain javadoc ones
|
||||
- Related: rhbz#2052809
|
||||
|
||||
* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-4
|
||||
- Fix FIPS issues in native code and with initialisation of java.security.Security
|
||||
- Resolves: rhbz#2021559
|
||||
|
||||
* Thu Feb 10 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.14.0.9-3
|
||||
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
|
||||
secmod.db file as part of nss
|
||||
- Resolves: rhbz#2023534
|
||||
|
||||
* Mon Jan 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-2
|
||||
- Update to jdk-11.0.14.0+9
|
||||
- Update release notes to 11.0.14.0+9
|
||||
- Switch to GA mode for final release.
|
||||
- Resolves: rhbz#2039366
|
||||
|
||||
* Fri Jan 14 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.8-0.1.ea
|
||||
- Update to jdk-11.0.14.0+8
|
||||
- Update release notes to 11.0.14.0+8
|
||||
- Resolves: rhbz#2022821
|
||||
|
||||
* Thu Jan 13 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.1-0.1.ea
|
||||
- Update to jdk-11.0.14.0+1
|
||||
- Update release notes to 11.0.14.0+1
|
||||
- Switch to EA mode for 11.0.14 pre-release builds.
|
||||
- Rename blacklisted.certs to blocked.certs following JDK-8253866
|
||||
- Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034
|
||||
- Related: rhbz#2022821
|
||||
|
||||
* Thu Jan 13 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-5
|
||||
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
|
||||
- Related: rhbz#2022821
|
||||
|
||||
* Wed Dec 01 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.13.0.8-4
|
||||
- Replaced hardcoded 11 by featurever where appropriate
|
||||
- Fixed comment of `for slowdebug` to correct `any debug`
|
||||
- Related: rhbz#2022821
|
||||
|
||||
* Wed Oct 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-3
|
||||
- Update to jdk-11.0.13.0+8
|
||||
- Update release notes to 11.0.13.0+8
|
||||
|
Loading…
Reference in New Issue
Block a user