import java-11-openjdk-11.0.13.0.7-0.1.ea.el8
This commit is contained in:
parent
75536b7803
commit
fd2a6ad7b3
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/jdk-updates-jdk11u-jdk-11.0.12+7-4curve.tar.xz
|
SOURCES/jdk-updates-jdk11u-jdk-11.0.13+7-4curve.tar.xz
|
||||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
7459fbf6c597831b6039c3a608048131cb637528 SOURCES/jdk-updates-jdk11u-jdk-11.0.12+7-4curve.tar.xz
|
a460b6663729a172c3d9464b8dc5e6bf2f92ff98 SOURCES/jdk-updates-jdk11u-jdk-11.0.13+7-4curve.tar.xz
|
||||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||||
|
325
SOURCES/NEWS
325
SOURCES/NEWS
@ -3,6 +3,331 @@ Key:
|
|||||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||||
|
|
||||||
|
New in release OpenJDK 11.0.13 (2021-10-19):
|
||||||
|
=============================================
|
||||||
|
Live versions of these release notes can be found at:
|
||||||
|
* https://bitly.com/openjdk11013
|
||||||
|
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt
|
||||||
|
|
||||||
|
* Other changes
|
||||||
|
- JDK-8024368: private methods are allocated vtable indices
|
||||||
|
- JDK-8042902: Test java/net/Inet6Address/serialize/Inet6AddressSerializationTest.java fails intermittently
|
||||||
|
- JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites
|
||||||
|
- JDK-8158066: SourceDebugExtensionTest fails to rename file
|
||||||
|
- JDK-8163326: Update the default enabled cipher suites preference
|
||||||
|
- JDK-8168304: Make all of DependencyContext_test available in product mode
|
||||||
|
- JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java fails intermittently with BindException
|
||||||
|
- JDK-8181313: SA: Remove libthread_db dependency on Linux
|
||||||
|
- JDK-8193214: Incorrect annotations.without.processors warnings with JDK 9
|
||||||
|
- JDK-8194230: jdk/internal/jrtfs/remote/RemoteRuntimeImageTest.java fails with java.lang.NullPointerException
|
||||||
|
- JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
|
||||||
|
- JDK-8199931: java/net/MulticastSocket/UnreferencedMulticastSockets.java fails with "incorrect data received"
|
||||||
|
- JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK version changes
|
||||||
|
- JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java failed on Mac 10.13 with zh_CN and zh_TW locales.
|
||||||
|
- JDK-8207316: java/nio/channels/spi/SelectorProvider/inheritedChannel/InheritedChannelTest.java failed
|
||||||
|
- JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64
|
||||||
|
- JDK-8208363: test/jdk/java/lang/Package/PackageFromManifest.java missing module dependencies declaration
|
||||||
|
- JDK-8209380: ARM: cleanup maybe-uninitialized and reorder compiler warnings
|
||||||
|
- JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh to plain java test
|
||||||
|
- JDK-8209772: Refactor shell test java/util/ServiceLoader/basic/basic.sh to java
|
||||||
|
- JDK-8209773: Refactor shell test javax/naming/module/basic.sh to java
|
||||||
|
- JDK-8209832: Refactor jdk/internal/reflect/Reflection/GetCallerClassTest.sh to plain java test
|
||||||
|
- JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh to plain java test
|
||||||
|
- JDK-8210406: Refactor java.util.PluggableLocale:i18n shell tests to plain java tests
|
||||||
|
- JDK-8210407: Refactor java.util.Calendar:i18n shell tests to plain java tests
|
||||||
|
- JDK-8210495: compiler crashes because of illegal signature in otherwise legal code
|
||||||
|
- JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time image layout
|
||||||
|
- JDK-8210802: temp files left by tests in jdk/java/net/httpclient
|
||||||
|
- JDK-8210819: Update the host name in CNameTest.java
|
||||||
|
- JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain java test
|
||||||
|
- JDK-8210934: Move sun/net/www/protocol/http/GetErrorStream.java to OpenJDK
|
||||||
|
- JDK-8210959: JShell fails and exits when statement throws an exception whose message contains a '%'.
|
||||||
|
- JDK-8211055: Provide print to a file (PDF) feature even when printer was not connected
|
||||||
|
- JDK-8211092: test/jdk/sun/net/www/http/HttpClient/MultiThreadTest.java fails intermittently when cleaning up
|
||||||
|
- JDK-8211296: Remove HotSpot deprecation warning suppression for Mac/clang
|
||||||
|
- JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails with cleaning up
|
||||||
|
- JDK-8212040: Compilation error due to wrong usage of NSPrintJobDispositionValue in mac10.12
|
||||||
|
- JDK-8212695: Add explicit timeout to several HTTP Client tests
|
||||||
|
- JDK-8212718: Refactor some annotation processor tests to better use collections
|
||||||
|
- JDK-8213007: Update the link in test/jdk/sun/security/provider/SecureRandom/DrbgCavp.java
|
||||||
|
- JDK-8213137: Remove static initialization of monitor/mutex instances
|
||||||
|
- JDK-8213235: java/nio/channels/SocketChannel/AsyncCloseChannel.java fails with threads that didn't exit
|
||||||
|
- JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests to plain java tests
|
||||||
|
- JDK-8213576: Make test AsyncCloseChannel.java run in othervm
|
||||||
|
- JDK-8213694: Test Timeout.java should run in othervm mode
|
||||||
|
- JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/except/except002 and except003
|
||||||
|
- JDK-8213922: fix ctw stand-alone build
|
||||||
|
- JDK-8214195: Align stdout messages in test/jdk/java/math/BigInteger/PrimitiveConversionTests.java
|
||||||
|
- JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java failed with incorrect jtreg tags order
|
||||||
|
- JDK-8214937: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed due to unexpected expiration date
|
||||||
|
- JDK-8216532: tools/launcher/Test7029048.java fails (Solaris)
|
||||||
|
- JDK-8217825: Verify @AfterTest is used correctly in WebSocket tests
|
||||||
|
- JDK-8218145: block_if_requested is not proper inlined due to size
|
||||||
|
- JDK-8219417: bump jtreg requiredVersion to b14
|
||||||
|
- JDK-8219552: bump jtreg requiredVersion to b14 in test/jdk/sanity/client/
|
||||||
|
- JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
|
||||||
|
- JDK-8220445: Support for side by side MSVC Toolset versions
|
||||||
|
- JDK-8221988: add possibility to build with Visual Studio 2019
|
||||||
|
- JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use Dependencies::find_unique_concrete_method() for non-virtual methods
|
||||||
|
- JDK-8224853: CDS address sanitizer errors
|
||||||
|
- JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
|
||||||
|
- JDK-8225583: Examine the HttpResponse.BodySubscribers for null handling and multiple subscriptions
|
||||||
|
- JDK-8225690: Multiple AttachListener threads can be created
|
||||||
|
- JDK-8225790: Two NestedDialogs tests fail on Ubuntu
|
||||||
|
- JDK-8226319: Add forgotten test/jdk/java/net/httpclient/BodySubscribersTest.java
|
||||||
|
- JDK-8226533: JVMCI: findUniqueConcreteMethod should handle statically bindable methods directly
|
||||||
|
- JDK-8226602: Test convenience reactive primitives from java.net.http with RS TCK
|
||||||
|
- JDK-8226683: Remove review suggestion from fix to 8219804
|
||||||
|
- JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
|
||||||
|
- JDK-8227766: CheckUnhandledOops is broken in MemAllocator
|
||||||
|
- JDK-8227815: Minimal VM: set_state is not a member of AttachListener
|
||||||
|
- JDK-8230674: Heap dumps should exclude dormant CDS archived objects of unloaded classes
|
||||||
|
- JDK-8230808: Remove Access::equals()
|
||||||
|
- JDK-8230841: Remove oopDesc::equals()
|
||||||
|
- JDK-8231717: Improve performance of charset decoding when charset is always compactable
|
||||||
|
- JDK-8232243: Wrong caret position in JTextPane on Windows with a screen resolution > 100%
|
||||||
|
- JDK-8232782: Shenandoah: streamline post-LRB CAS barrier (aarch64)
|
||||||
|
- JDK-8233790: Forward output from heap dumper to jcmd/jmap
|
||||||
|
- JDK-8233989: Create an IPv4 version of java/net/MulticastSocket/SetLoopbackMode.java
|
||||||
|
- JDK-8234510: Remove file seeking requirement for writing a heap dump
|
||||||
|
- JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file
|
||||||
|
- JDK-8235216: typo in test filename
|
||||||
|
- JDK-8235866: bump jtreg requiredVersion to 4.2b16
|
||||||
|
- JDK-8236111: narrow allowSmartActionArgs disabling
|
||||||
|
- JDK-8236413: AbstractConnectTimeout should tolerate both NoRouteToHostException and UnresolvedAddressException
|
||||||
|
- JDK-8236671: NullPointerException in JKS keystore
|
||||||
|
- JDK-8238930: problem list compiler/c2/Test8004741.java
|
||||||
|
- JDK-8238943: switch to jtreg 5.0
|
||||||
|
- JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS breaks QuietOption.java test
|
||||||
|
- JDK-8240983: Incorrect copyright header in Apache Santuario 2.1.3 files
|
||||||
|
- JDK-8241336: Some java.net tests failed with NoRouteToHostException on MacOS with special network configuration
|
||||||
|
- JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler
|
||||||
|
- JDK-8241768: git needs .gitattributes
|
||||||
|
- JDK-8242882: opening jar file with large manifest might throw NegativeArraySizeException
|
||||||
|
- JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty"
|
||||||
|
- JDK-8245134: test/lib/jdk/test/lib/security/KeyStoreUtils.java should allow to specify aliases
|
||||||
|
- JDK-8246261: TCKLocalTime.java failed due to "AssertionError: expected [18:14:22] but found [18:14:23]"
|
||||||
|
- JDK-8246387: switch to jtreg 5.1
|
||||||
|
- JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed allocating blob
|
||||||
|
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
|
||||||
|
- JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/TextLayout/ArabicDiacriticTest.java can leave frame open
|
||||||
|
- JDK-8248403: AArch64: Remove uses of kernel integer types
|
||||||
|
- JDK-8248414: AArch64: Remove uses of long and unsigned long ints
|
||||||
|
- JDK-8248657: Windows: strengthening in ThreadCritical regarding memory model
|
||||||
|
- JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread
|
||||||
|
- JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC
|
||||||
|
- JDK-8248671: AArch64: Remove unused variables
|
||||||
|
- JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper
|
||||||
|
- JDK-8248816: C1: Fix signature conflict in LIRGenerator::strength_reduce_multiply
|
||||||
|
- JDK-8249095: tools/javac/launcher/SourceLauncherTest.java fails on Windows
|
||||||
|
- JDK-8249548: backward focus traversal gets stuck in button group
|
||||||
|
- JDK-8249773: Upgrade ReceiveISA.java test to be resilient to failure due to stray packets and interference
|
||||||
|
- JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o bug-id
|
||||||
|
- JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses @ignore w/o bug-id
|
||||||
|
- JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses @ignore w/o bug-id
|
||||||
|
- JDK-8250588: Shenandoah: LRB needs to save/restore fp registers for runtime call
|
||||||
|
- JDK-8250824: AArch64: follow up for JDK-8248414
|
||||||
|
- JDK-8251166: Add automated testcases for changes done in JDK-8214112
|
||||||
|
- JDK-8251252: Add automated testcase for fix done in JDK-8214253
|
||||||
|
- JDK-8251254: Add automated test for fix done in JDK-8218472
|
||||||
|
- JDK-8251361: Potential race between Logger configuration and GCs in HttpURLConWithProxy test
|
||||||
|
- JDK-8251549: Update docs on building for Git
|
||||||
|
- JDK-8251945: SIGSEGV in PackageEntry::purge_qualified_exports()
|
||||||
|
- JDK-8252194: Add automated test for fix done in JDK-8218469
|
||||||
|
- JDK-8252648: Shenandoah: name gang tasks consistently
|
||||||
|
- JDK-8252825: Add automated test for fix done in JDK-8218479
|
||||||
|
- JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java fails intermittently with C1
|
||||||
|
- JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially consistent
|
||||||
|
- JDK-8253048: AArch64: When CallLeaf, no need to preserve callee-saved registers in caller
|
||||||
|
- JDK-8253424: Add support for running pre-submit testing using GitHub Actions
|
||||||
|
- JDK-8253631: Remove unimplemented CompileBroker methods after JEP-165
|
||||||
|
- JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably
|
||||||
|
- JDK-8253899: Make IsClassUnloadingEnabled signature match specification
|
||||||
|
- JDK-8254024: Enhance native libs for AWT and Swing to work with GraalVM Native Image
|
||||||
|
- JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command
|
||||||
|
- JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow
|
||||||
|
- JDK-8254175: Build no-pch configuration in debug mode for submit checks
|
||||||
|
- JDK-8254244: Some code emitted by TemplateTable::branch is unused when running TieredCompilation
|
||||||
|
- JDK-8254270: linux 32 bit build doesn't compile libjdwp/log_messages.c
|
||||||
|
- JDK-8254282: Add Linux x86_32 builds to submit workflow
|
||||||
|
- JDK-8254850: Update terminology in java.awt.GridBagLayout source code comments
|
||||||
|
- JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
|
||||||
|
- JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
|
||||||
|
- JDK-8255305: Add Linux x86_32 tier1 to submit workflow
|
||||||
|
- JDK-8255352: Archive important test outputs in submit workflow
|
||||||
|
- JDK-8255373: Submit workflow artifact name is always "test-results_.zip"
|
||||||
|
- JDK-8255452: Doing GC during JVMTI MethodExit event posting breaks return oop
|
||||||
|
- JDK-8255718: Zero: VM should know it runs in interpreter-only mode
|
||||||
|
- JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F on Manjaro Linux
|
||||||
|
- JDK-8255810: Zero: build fails without JVMTI
|
||||||
|
- JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch
|
||||||
|
- JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow
|
||||||
|
- JDK-8256215: Shenandoah: re-organize saving/restoring machine state in assembler code
|
||||||
|
- JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for x86_32 and lower -XX:+UseSSE
|
||||||
|
- JDK-8256277: Github Action build on macOS should define OS and Xcode versions
|
||||||
|
- JDK-8256354: Github Action build on Windows should define OS and MSVC versions
|
||||||
|
- JDK-8256393: Github Actions build on Linux should define OS and GCC versions
|
||||||
|
- JDK-8256414: add optimized build to submit workflow
|
||||||
|
- JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing
|
||||||
|
- JDK-8257056: Submit workflow should apt-get update to avoid package installation errors
|
||||||
|
- JDK-8257148: Remove obsolete code in AWTView.m
|
||||||
|
- JDK-8257497: Update keytool to create AKID from the SKID of the issuing certificate as specified by RFC 5280
|
||||||
|
- JDK-8257620: Do not use objc_msgSend_stret to get macOS version
|
||||||
|
- JDK-8257913: Add more known library locations to simplify Linux cross-compilation
|
||||||
|
- JDK-8258703: Incorrect 512-bit vector registers restore on x86_32
|
||||||
|
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
|
||||||
|
- JDK-8259535: ECDSA SignatureValue do not always have the specified length
|
||||||
|
- JDK-8259679: GitHub actions should use MSVC 14.28
|
||||||
|
- JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386"
|
||||||
|
- JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386"
|
||||||
|
- JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
|
||||||
|
- JDK-8260923: Add more tests for SSLSocket input/output shutdown
|
||||||
|
- JDK-8261072: AArch64: Fix MacroAssembler::get_thread convention
|
||||||
|
- JDK-8261147: C2: Node is wrongly marked as reduction resulting in a wrong execution due to wrong vector instructions
|
||||||
|
- JDK-8261238: NMT should not limit baselining by size threshold
|
||||||
|
- JDK-8261496: Shenandoah: reconsider pacing updates memory ordering
|
||||||
|
- JDK-8261652: Remove some dead comments from os_bsd_x86
|
||||||
|
- JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync with the StackFrameStream
|
||||||
|
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
|
||||||
|
- JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
|
||||||
|
- JDK-8262392: Update Mesa 3-D Headers to version 21.0.3
|
||||||
|
- JDK-8262409: sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions. SSL test failures caused by java failed with "Server reported the wrong exception"
|
||||||
|
- JDK-8262470: Printed GlyphVector outline with low DPI has bad quality on Windows
|
||||||
|
- JDK-8262862: Harden tests sun/security/x509/URICertStore/ExtensionsWithLDAP.java and krb5/canonicalize/Test.java
|
||||||
|
- JDK-8263136: C4530 was reported from VS 2019 at access bridge
|
||||||
|
- JDK-8263227: C2: inconsistent spilling due to dead nodes in exception block
|
||||||
|
- JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
|
||||||
|
- JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X)
|
||||||
|
- JDK-8263432: javac may report an invalid package/class clash on case insensitive filesystems
|
||||||
|
- JDK-8263490: [macos] Crash occurs on JPasswordField with activated InputMethod
|
||||||
|
- JDK-8263531: Remove unused buffer int
|
||||||
|
- JDK-8263667: Avoid running GitHub actions on branches named pr/*
|
||||||
|
- JDK-8263776: [JVMCI] add helper to perform Java upcalls
|
||||||
|
- JDK-8264016: [JVMCI] add some thread local fields for use by JVMCI
|
||||||
|
- JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
|
||||||
|
- JDK-8265132: C2 compilation fails with assert "missing precedence edge"
|
||||||
|
- JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after fix for JDK-8264821
|
||||||
|
- JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay description
|
||||||
|
- JDK-8265756: AArch64: initialize memory allocated for locals according to Windows AArch64 stack page growth requirement in template interpreter
|
||||||
|
- JDK-8265761: Font with missed font family name is not properly printed on Windows
|
||||||
|
- JDK-8265773: incorrect jdeps message "jdk8internals" to describe a removed JDK internal API
|
||||||
|
- JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
|
||||||
|
- JDK-8266018: Shenandoah: fix an incorrect assert
|
||||||
|
- JDK-8266206: Build failure after JDK-8264752 with older GCCs
|
||||||
|
- JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
|
||||||
|
- JDK-8266288: assert root method not found in witnessed_reabstraction_in_supers is too strong
|
||||||
|
- JDK-8266404: Fatal error report generated with -XX:+CrashOnOutOfMemoryError should not contain suggestion to submit a bug report
|
||||||
|
- JDK-8266480: Implicit null check optimization does not update control of hoisted memory operation
|
||||||
|
- JDK-8266615: C2 incorrectly folds subtype checks involving an interface array
|
||||||
|
- JDK-8266642: Improve ResolvedMethodTable hash function
|
||||||
|
- JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
|
||||||
|
- JDK-8266761: AssertionError in sun.net.httpserver.ServerImpl.responseCompleted
|
||||||
|
- JDK-8266813: Shenandoah: Use shorter instruction sequence for checking if marking in progress
|
||||||
|
- JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due to uninitialized BasicObjectLock::_displaced_header
|
||||||
|
- JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use Metaspace with less classes
|
||||||
|
- JDK-8267396: Avoid recording "pc" in unhandled oops detector for better performance
|
||||||
|
- JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java test failed with assertion
|
||||||
|
- JDK-8267424: CTW: C1 fails with "State must not be null"
|
||||||
|
- JDK-8267459: Pasting Unicode characters into JShell does not work.
|
||||||
|
- JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
|
||||||
|
- JDK-8267666: Add option to jcmd GC.heap_dump to use existing file
|
||||||
|
- JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13
|
||||||
|
- JDK-8267751: (test) jtreg.SkippedException has no serial VersionUID
|
||||||
|
- JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle min_jint correctly
|
||||||
|
- JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
|
||||||
|
- JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
|
||||||
|
- JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info.
|
||||||
|
- JDK-8268347: C2: nested locks optimization may create unbalanced monitor enter/exit code
|
||||||
|
- JDK-8268360: Missing check for infinite loop during node placement
|
||||||
|
- JDK-8268362: [REDO] C2 crash when compile negative Arrays.copyOf length after loop
|
||||||
|
- JDK-8268366: Incorrect calculation of has_fpu_registers in C1 linear scan
|
||||||
|
- JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to missing null check
|
||||||
|
- JDK-8268417: Add test from JDK-8268360
|
||||||
|
- JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance
|
||||||
|
- JDK-8268617: [11u REDO] - WebSocket over authenticating proxy fails with NPE
|
||||||
|
- JDK-8268620: InfiniteLoopException test may fail on x86 platforms
|
||||||
|
- JDK-8268635: Corrupt oop in ClassLoaderData
|
||||||
|
- JDK-8268699: Shenandoah: Add test for JDK-8268127
|
||||||
|
- JDK-8268771: javadoc -notimestamp option does not work on index.html
|
||||||
|
- JDK-8268775: Password is being converted to String in AccessibleJPasswordField
|
||||||
|
- JDK-8268776: Test `ADatagramSocket.java` missing /othervm from @run tag
|
||||||
|
- JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
|
||||||
|
- JDK-8269304: Regression ~5% in 2005 in b27
|
||||||
|
- JDK-8269415: [11u] Remove ea from DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u
|
||||||
|
- JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient
|
||||||
|
- JDK-8269529: javax/swing/reliability/HangDuringStaticInitialization.java fails in Windows debug build
|
||||||
|
- JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
|
||||||
|
- JDK-8269614: [s390] Interpreter checks wrong bit for slow path instance allocation
|
||||||
|
- JDK-8269650: Optimize gc-locker in [Get|Release]StringCritical for latin string
|
||||||
|
- JDK-8269661: JNI_GetStringCritical does not lock char array
|
||||||
|
- JDK-8269668: [aarch64] java.library.path not including /usr/lib64
|
||||||
|
- JDK-8269795: C2: Out of bounds array load floats above its range check in loop peeling resulting in SEGV
|
||||||
|
- JDK-8269847: JDK-8269594 backport breaks 11u builds
|
||||||
|
- JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0
|
||||||
|
- JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
|
||||||
|
- JDK-8269882: stack-use-after-scope in NewObjectA
|
||||||
|
- JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
|
||||||
|
- JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode
|
||||||
|
- JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
|
||||||
|
- JDK-8270184: [TESTBUG] Add coverage for jvmci ResolvedJavaType.toJavaName() for lambdas
|
||||||
|
- JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns incorrect type name for lambdas
|
||||||
|
- JDK-8270556: Exclude security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA
|
||||||
|
- JDK-8270893: IndexOutOfBoundsException while reading large TIFF file
|
||||||
|
- JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies
|
||||||
|
- JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
|
||||||
|
- JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
|
||||||
|
- JDK-8272197: Update 11u GHA workflow with Shenandoah configurations
|
||||||
|
- JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790
|
||||||
|
- JDK-8272472: StackGuardPages test doesn't build with glibc 2.34
|
||||||
|
- JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used
|
||||||
|
- JDK-8272628: Problemlist gc/stress/gcbasher/TestGCBasherWithCMS.java for x86_32
|
||||||
|
- JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848
|
||||||
|
- JDK-8272772: Shenandoah: compiler/c2/aarch64/TestVolatilesShenandoah.java fails in 11u
|
||||||
|
- JDK-8273939: Backport of 8248414 to JDK11 breaks MacroAssembler::adrp
|
||||||
|
|
||||||
|
Notes on individual issues:
|
||||||
|
===========================
|
||||||
|
|
||||||
|
security-libs/java.security:
|
||||||
|
|
||||||
|
JDK-8271434: Removed IdenTrust Root Certificate
|
||||||
|
===============================================
|
||||||
|
The following root certificate from IdenTrust has been removed from
|
||||||
|
the `cacerts` keystore:
|
||||||
|
|
||||||
|
Alias Name: identrustdstx3 [jdk]
|
||||||
|
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
|
||||||
|
|
||||||
|
JDK-8261922: Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280
|
||||||
|
=====================================================================================================
|
||||||
|
The `gencert` command of the `keytool` utility has been updated to
|
||||||
|
create AKID from the SKID of the issuing certificate as specified by
|
||||||
|
RFC 5280.
|
||||||
|
|
||||||
|
security-libs/javax.net.ssl:
|
||||||
|
|
||||||
|
JDK-8210799: ChaCha20 and Poly1305 TLS Cipher Suites
|
||||||
|
====================================================
|
||||||
|
New TLS cipher suites using the `ChaCha20-Poly1305` algorithm have
|
||||||
|
been added to JSSE. These cipher suites are enabled by default. The
|
||||||
|
TLS_CHACHA20_POLY1305_SHA256 cipher suite is available for TLS 1.3.
|
||||||
|
The following cipher suites are available for TLS 1.2:
|
||||||
|
|
||||||
|
* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
|
||||||
|
|
||||||
|
Refer to the "Java Secure Socket Extension (JSSE) Reference Guide" for
|
||||||
|
details on these new TLS cipher suites.
|
||||||
|
|
||||||
|
JDK-8219551: Updated the Default Enabled Cipher Suites Preference
|
||||||
|
=================================================================
|
||||||
|
The preference of the default enabled cipher suites has been
|
||||||
|
changed. The compatibility impact should be minimal. If needed,
|
||||||
|
applications can customize the enabled cipher suites and the
|
||||||
|
preference. For more details, refer to the SunJSSE provider
|
||||||
|
documentation and the JSSE Reference Guide documentation.
|
||||||
|
|
||||||
New in release OpenJDK 11.0.12 (2021-07-20):
|
New in release OpenJDK 11.0.12 (2021-07-20):
|
||||||
=============================================
|
=============================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
|
@ -1,32 +0,0 @@
|
|||||||
From ec03fdb752f2dc0833784a6877a4c232a8cdd9d2 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Severin Gehwolf <sgehwolf@redhat.com>
|
|
||||||
Date: Wed, 14 Jul 2021 12:06:39 +0200
|
|
||||||
Subject: [PATCH] Backport e14801cdd9b108aa4ca47d0bc1dc67fca575764c
|
|
||||||
|
|
||||||
---
|
|
||||||
src/hotspot/os/linux/os_linux.cpp | 7 +++++++
|
|
||||||
1 file changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/hotspot/os/linux/os_linux.cpp b/src/hotspot/os/linux/os_linux.cpp
|
|
||||||
index e8baf704e3a..12b75b733b5 100644
|
|
||||||
--- a/src/hotspot/os/linux/os_linux.cpp
|
|
||||||
+++ b/src/hotspot/os/linux/os_linux.cpp
|
|
||||||
@@ -413,8 +413,15 @@ void os::init_system_properties_values() {
|
|
||||||
// 7: The default directories, normally /lib and /usr/lib.
|
|
||||||
#if defined(AMD64) || (defined(_LP64) && defined(SPARC)) || defined(PPC64) || defined(S390)
|
|
||||||
#define DEFAULT_LIBPATH "/usr/lib64:/lib64:/lib:/usr/lib"
|
|
||||||
+#else
|
|
||||||
+#if defined(AARCH64)
|
|
||||||
+ // Use 32-bit locations first for AARCH64 (a 64-bit architecture), since some systems
|
|
||||||
+ // might not adhere to the FHS and it would be a change in behaviour if we used
|
|
||||||
+ // DEFAULT_LIBPATH of other 64-bit architectures which prefer the 64-bit paths.
|
|
||||||
+ #define DEFAULT_LIBPATH "/lib:/usr/lib:/usr/lib64:/lib64"
|
|
||||||
#else
|
|
||||||
#define DEFAULT_LIBPATH "/lib:/usr/lib"
|
|
||||||
+#endif // AARCH64
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// Base path of extensions installed on the system.
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
590
SOURCES/rh1991003-enable_fips_keys_import.patch
Normal file
590
SOURCES/rh1991003-enable_fips_keys_import.patch
Normal file
@ -0,0 +1,590 @@
|
|||||||
|
diff --git openjdk.orig/src/java.base/share/classes/java/security/Security.java openjdk/src/java.base/share/classes/java/security/Security.java
|
||||||
|
index 53f32d12cc..28ab184617 100644
|
||||||
|
--- openjdk.orig/src/java.base/share/classes/java/security/Security.java
|
||||||
|
+++ openjdk/src/java.base/share/classes/java/security/Security.java
|
||||||
|
@@ -82,6 +82,10 @@ public final class Security {
|
||||||
|
public boolean isSystemFipsEnabled() {
|
||||||
|
return SystemConfigurator.isSystemFipsEnabled();
|
||||||
|
}
|
||||||
|
+ @Override
|
||||||
|
+ public boolean isPlainKeySupportEnabled() {
|
||||||
|
+ return SystemConfigurator.isPlainKeySupportEnabled();
|
||||||
|
+ }
|
||||||
|
});
|
||||||
|
|
||||||
|
// doPrivileged here because there are multiple
|
||||||
|
diff --git openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||||
|
index 5565acb7c6..874c6221eb 100644
|
||||||
|
--- openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||||
|
+++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
|
||||||
|
@@ -55,6 +55,7 @@ final class SystemConfigurator {
|
||||||
|
CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
|
||||||
|
|
||||||
|
private static boolean systemFipsEnabled = false;
|
||||||
|
+ private static boolean plainKeySupportEnabled = false;
|
||||||
|
|
||||||
|
private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
|
||||||
|
|
||||||
|
@@ -149,6 +150,16 @@ final class SystemConfigurator {
|
||||||
|
}
|
||||||
|
loadedProps = true;
|
||||||
|
systemFipsEnabled = true;
|
||||||
|
+ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport",
|
||||||
|
+ "true");
|
||||||
|
+ plainKeySupportEnabled = !"false".equals(plainKeySupport);
|
||||||
|
+ if (sdebug != null) {
|
||||||
|
+ if (plainKeySupportEnabled) {
|
||||||
|
+ sdebug.println("FIPS support enabled with plain key support");
|
||||||
|
+ } else {
|
||||||
|
+ sdebug.println("FIPS support enabled without plain key support");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
} catch (Exception e) {
|
||||||
|
if (sdebug != null) {
|
||||||
|
@@ -176,6 +187,19 @@ final class SystemConfigurator {
|
||||||
|
return systemFipsEnabled;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Returns {@code true} if system FIPS alignment is enabled
|
||||||
|
+ * and plain key support is allowed. Plain key support is
|
||||||
|
+ * enabled by default but can be disabled with
|
||||||
|
+ * {@code -Dcom.redhat.fips.plainKeySupport=false}.
|
||||||
|
+ *
|
||||||
|
+ * @return a boolean indicating whether plain key support
|
||||||
|
+ * should be enabled.
|
||||||
|
+ */
|
||||||
|
+ static boolean isPlainKeySupportEnabled() {
|
||||||
|
+ return plainKeySupportEnabled;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* OpenJDK FIPS mode will be enabled only if the com.redhat.fips
|
||||||
|
* system property is true (default) and the system is in FIPS mode.
|
||||||
|
diff --git openjdk.orig/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
|
||||||
|
index d8caa5640c..21bc6d0b59 100644
|
||||||
|
--- openjdk.orig/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
|
||||||
|
+++ openjdk/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
|
||||||
|
@@ -27,4 +27,5 @@ package jdk.internal.misc;
|
||||||
|
|
||||||
|
public interface JavaSecuritySystemConfiguratorAccess {
|
||||||
|
boolean isSystemFipsEnabled();
|
||||||
|
+ boolean isPlainKeySupportEnabled();
|
||||||
|
}
|
||||||
|
diff --git openjdk.orig/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java openjdk/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
|
||||||
|
index ffee2c1603..ff3d5e0e4a 100644
|
||||||
|
--- openjdk.orig/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
|
||||||
|
+++ openjdk/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
|
||||||
|
@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
|
||||||
|
|
||||||
|
import javax.net.ssl.*;
|
||||||
|
|
||||||
|
+import jdk.internal.misc.SharedSecrets;
|
||||||
|
+
|
||||||
|
abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
|
||||||
|
|
||||||
|
+ private static final boolean plainKeySupportEnabled = SharedSecrets
|
||||||
|
+ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
|
||||||
|
+
|
||||||
|
X509ExtendedKeyManager keyManager;
|
||||||
|
boolean isInitialized;
|
||||||
|
|
||||||
|
@@ -62,7 +67,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
|
||||||
|
KeyStoreException, NoSuchAlgorithmException,
|
||||||
|
UnrecoverableKeyException {
|
||||||
|
if ((ks != null) && SunJSSE.isFIPS()) {
|
||||||
|
- if (ks.getProvider() != SunJSSE.cryptoProvider) {
|
||||||
|
+ if (ks.getProvider() != SunJSSE.cryptoProvider &&
|
||||||
|
+ !plainKeySupportEnabled) {
|
||||||
|
throw new KeyStoreException("FIPS mode: KeyStore must be "
|
||||||
|
+ "from provider " + SunJSSE.cryptoProvider.getName());
|
||||||
|
}
|
||||||
|
@@ -91,8 +97,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
|
||||||
|
keyManager = new X509KeyManagerImpl(
|
||||||
|
Collections.<Builder>emptyList());
|
||||||
|
} else {
|
||||||
|
- if (SunJSSE.isFIPS() &&
|
||||||
|
- (ks.getProvider() != SunJSSE.cryptoProvider)) {
|
||||||
|
+ if (SunJSSE.isFIPS() && (ks.getProvider() != SunJSSE.cryptoProvider)
|
||||||
|
+ && !plainKeySupportEnabled) {
|
||||||
|
throw new KeyStoreException(
|
||||||
|
"FIPS mode: KeyStore must be " +
|
||||||
|
"from provider " + SunJSSE.cryptoProvider.getName());
|
||||||
|
diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..b848a1fd78
|
||||||
|
--- /dev/null
|
||||||
|
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
|
||||||
|
@@ -0,0 +1,290 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright (c) 2021, Red Hat, Inc.
|
||||||
|
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
+ *
|
||||||
|
+ * This code is free software; you can redistribute it and/or modify it
|
||||||
|
+ * under the terms of the GNU General Public License version 2 only, as
|
||||||
|
+ * published by the Free Software Foundation. Oracle designates this
|
||||||
|
+ * particular file as subject to the "Classpath" exception as provided
|
||||||
|
+ * by Oracle in the LICENSE file that accompanied this code.
|
||||||
|
+ *
|
||||||
|
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
+ * accompanied this code).
|
||||||
|
+ *
|
||||||
|
+ * You should have received a copy of the GNU General Public License version
|
||||||
|
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
+ *
|
||||||
|
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
+ * or visit www.oracle.com if you need additional information or have any
|
||||||
|
+ * questions.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+package sun.security.pkcs11;
|
||||||
|
+
|
||||||
|
+import java.math.BigInteger;
|
||||||
|
+import java.security.KeyFactory;
|
||||||
|
+import java.security.Provider;
|
||||||
|
+import java.security.Security;
|
||||||
|
+import java.util.HashMap;
|
||||||
|
+import java.util.Map;
|
||||||
|
+import java.util.concurrent.locks.ReentrantLock;
|
||||||
|
+
|
||||||
|
+import javax.crypto.Cipher;
|
||||||
|
+import javax.crypto.spec.DHPrivateKeySpec;
|
||||||
|
+import javax.crypto.spec.IvParameterSpec;
|
||||||
|
+
|
||||||
|
+import sun.security.jca.JCAUtil;
|
||||||
|
+import sun.security.pkcs11.TemplateManager;
|
||||||
|
+import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
|
||||||
|
+import sun.security.pkcs11.wrapper.CK_MECHANISM;
|
||||||
|
+import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
|
||||||
|
+import sun.security.pkcs11.wrapper.PKCS11Exception;
|
||||||
|
+import sun.security.rsa.RSAUtil.KeyType;
|
||||||
|
+import sun.security.util.Debug;
|
||||||
|
+import sun.security.util.ECUtil;
|
||||||
|
+
|
||||||
|
+final class FIPSKeyImporter {
|
||||||
|
+
|
||||||
|
+ private static final Debug debug =
|
||||||
|
+ Debug.getInstance("sunpkcs11");
|
||||||
|
+
|
||||||
|
+ private static P11Key importerKey = null;
|
||||||
|
+ private static final ReentrantLock importerKeyLock = new ReentrantLock();
|
||||||
|
+ private static CK_MECHANISM importerKeyMechanism = null;
|
||||||
|
+ private static Cipher importerCipher = null;
|
||||||
|
+
|
||||||
|
+ private static Provider sunECProvider = null;
|
||||||
|
+ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
|
||||||
|
+
|
||||||
|
+ private static KeyFactory DHKF = null;
|
||||||
|
+ private static final ReentrantLock DHKFLock = new ReentrantLock();
|
||||||
|
+
|
||||||
|
+ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
|
||||||
|
+ throws PKCS11Exception {
|
||||||
|
+ long keyID = -1;
|
||||||
|
+ Token token = sunPKCS11.getToken();
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Private or Secret key will be imported in" +
|
||||||
|
+ " system FIPS mode.");
|
||||||
|
+ }
|
||||||
|
+ if (importerKey == null) {
|
||||||
|
+ importerKeyLock.lock();
|
||||||
|
+ try {
|
||||||
|
+ if (importerKey == null) {
|
||||||
|
+ if (importerKeyMechanism == null) {
|
||||||
|
+ // Importer Key creation has not been tried yet. Try it.
|
||||||
|
+ createImporterKey(token);
|
||||||
|
+ }
|
||||||
|
+ if (importerKey == null || importerCipher == null) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importer Key could not be" +
|
||||||
|
+ " generated.");
|
||||||
|
+ }
|
||||||
|
+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
|
||||||
|
+ }
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importer Key successfully" +
|
||||||
|
+ " generated.");
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ } finally {
|
||||||
|
+ importerKeyLock.unlock();
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ long importerKeyID = importerKey.getKeyID();
|
||||||
|
+ try {
|
||||||
|
+ byte[] keyBytes = null;
|
||||||
|
+ byte[] encKeyBytes = null;
|
||||||
|
+ long keyClass = 0L;
|
||||||
|
+ long keyType = 0L;
|
||||||
|
+ Map<Long, CK_ATTRIBUTE> attrsMap = new HashMap<>();
|
||||||
|
+ for (CK_ATTRIBUTE attr : attributes) {
|
||||||
|
+ if (attr.type == CKA_CLASS) {
|
||||||
|
+ keyClass = attr.getLong();
|
||||||
|
+ } else if (attr.type == CKA_KEY_TYPE) {
|
||||||
|
+ keyType = attr.getLong();
|
||||||
|
+ }
|
||||||
|
+ attrsMap.put(attr.type, attr);
|
||||||
|
+ }
|
||||||
|
+ BigInteger v = null;
|
||||||
|
+ if (keyClass == CKO_PRIVATE_KEY) {
|
||||||
|
+ if (keyType == CKK_RSA) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importing an RSA private key...");
|
||||||
|
+ }
|
||||||
|
+ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
|
||||||
|
+ KeyType.RSA,
|
||||||
|
+ null,
|
||||||
|
+ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO
|
||||||
|
+ ).getEncoded();
|
||||||
|
+ } else if (keyType == CKK_DSA) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importing a DSA private key...");
|
||||||
|
+ }
|
||||||
|
+ keyBytes = new sun.security.provider.DSAPrivateKey(
|
||||||
|
+ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO
|
||||||
|
+ ).getEncoded();
|
||||||
|
+ if (token.config.getNssNetscapeDbWorkaround() &&
|
||||||
|
+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
|
||||||
|
+ attrsMap.put(CKA_NETSCAPE_DB,
|
||||||
|
+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
|
||||||
|
+ }
|
||||||
|
+ } else if (keyType == CKK_EC) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importing an EC private key...");
|
||||||
|
+ }
|
||||||
|
+ if (sunECProvider == null) {
|
||||||
|
+ sunECProviderLock.lock();
|
||||||
|
+ try {
|
||||||
|
+ if (sunECProvider == null) {
|
||||||
|
+ sunECProvider = Security.getProvider("SunEC");
|
||||||
|
+ }
|
||||||
|
+ } finally {
|
||||||
|
+ sunECProviderLock.unlock();
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ keyBytes = ECUtil.generateECPrivateKey(
|
||||||
|
+ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ECUtil.getECParameterSpec(sunECProvider,
|
||||||
|
+ attrsMap.get(CKA_EC_PARAMS).getByteArray()))
|
||||||
|
+ .getEncoded();
|
||||||
|
+ if (token.config.getNssNetscapeDbWorkaround() &&
|
||||||
|
+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
|
||||||
|
+ attrsMap.put(CKA_NETSCAPE_DB,
|
||||||
|
+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
|
||||||
|
+ }
|
||||||
|
+ } else if (keyType == CKK_DH) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importing a Diffie-Hellman private key...");
|
||||||
|
+ }
|
||||||
|
+ if (DHKF == null) {
|
||||||
|
+ DHKFLock.lock();
|
||||||
|
+ try {
|
||||||
|
+ if (DHKF == null) {
|
||||||
|
+ DHKF = KeyFactory.getInstance(
|
||||||
|
+ "DH", P11Util.getSunJceProvider());
|
||||||
|
+ }
|
||||||
|
+ } finally {
|
||||||
|
+ DHKFLock.unlock();
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ DHPrivateKeySpec spec = new DHPrivateKeySpec
|
||||||
|
+ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO,
|
||||||
|
+ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
|
||||||
|
+ ? v : BigInteger.ZERO);
|
||||||
|
+ keyBytes = DHKF.generatePrivate(spec).getEncoded();
|
||||||
|
+ if (token.config.getNssNetscapeDbWorkaround() &&
|
||||||
|
+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
|
||||||
|
+ attrsMap.put(CKA_NETSCAPE_DB,
|
||||||
|
+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Unrecognized private key type.");
|
||||||
|
+ }
|
||||||
|
+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
|
||||||
|
+ }
|
||||||
|
+ } else if (keyClass == CKO_SECRET_KEY) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importing a secret key...");
|
||||||
|
+ }
|
||||||
|
+ keyBytes = attrsMap.get(CKA_VALUE).getByteArray();
|
||||||
|
+ }
|
||||||
|
+ if (keyBytes == null || keyBytes.length == 0) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Private or secret key plain bytes could" +
|
||||||
|
+ " not be obtained. Import failed.");
|
||||||
|
+ }
|
||||||
|
+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
|
||||||
|
+ }
|
||||||
|
+ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey,
|
||||||
|
+ new IvParameterSpec((byte[])importerKeyMechanism.pParameter),
|
||||||
|
+ null);
|
||||||
|
+ attributes = new CK_ATTRIBUTE[attrsMap.size()];
|
||||||
|
+ attrsMap.values().toArray(attributes);
|
||||||
|
+ encKeyBytes = importerCipher.doFinal(keyBytes);
|
||||||
|
+ attributes = token.getAttributes(TemplateManager.O_IMPORT,
|
||||||
|
+ keyClass, keyType, attributes);
|
||||||
|
+ keyID = token.p11.C_UnwrapKey(hSession,
|
||||||
|
+ importerKeyMechanism, importerKeyID, encKeyBytes, attributes);
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Imported key ID: " + keyID);
|
||||||
|
+ }
|
||||||
|
+ } catch (Throwable t) {
|
||||||
|
+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
|
||||||
|
+ } finally {
|
||||||
|
+ importerKey.releaseKeyID();
|
||||||
|
+ }
|
||||||
|
+ return Long.valueOf(keyID);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ private static void createImporterKey(Token token) {
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Generating Importer Key...");
|
||||||
|
+ }
|
||||||
|
+ byte[] iv = new byte[16];
|
||||||
|
+ JCAUtil.getSecureRandom().nextBytes(iv);
|
||||||
|
+ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv);
|
||||||
|
+ try {
|
||||||
|
+ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE,
|
||||||
|
+ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] {
|
||||||
|
+ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
|
||||||
|
+ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)});
|
||||||
|
+ Session s = null;
|
||||||
|
+ try {
|
||||||
|
+ s = token.getObjSession();
|
||||||
|
+ long keyID = token.p11.C_GenerateKey(
|
||||||
|
+ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN),
|
||||||
|
+ attributes);
|
||||||
|
+ if (debug != null) {
|
||||||
|
+ debug.println("Importer Key ID: " + keyID);
|
||||||
|
+ }
|
||||||
|
+ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES",
|
||||||
|
+ 256 >> 3, null);
|
||||||
|
+ } catch (PKCS11Exception e) {
|
||||||
|
+ // best effort
|
||||||
|
+ } finally {
|
||||||
|
+ token.releaseSession(s);
|
||||||
|
+ }
|
||||||
|
+ if (importerKey != null) {
|
||||||
|
+ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||||
|
+ }
|
||||||
|
+ } catch (Throwable t) {
|
||||||
|
+ // best effort
|
||||||
|
+ importerKey = null;
|
||||||
|
+ importerCipher = null;
|
||||||
|
+ // importerKeyMechanism value is kept initialized to indicate that
|
||||||
|
+ // Importer Key creation has been tried and failed.
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
|
index 1eca1f8f0a..72674a7330 100644
|
||||||
|
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
|
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
|
@@ -26,6 +26,9 @@
|
||||||
|
package sun.security.pkcs11;
|
||||||
|
|
||||||
|
import java.io.*;
|
||||||
|
+import java.lang.invoke.MethodHandle;
|
||||||
|
+import java.lang.invoke.MethodHandles;
|
||||||
|
+import java.lang.invoke.MethodType;
|
||||||
|
import java.util.*;
|
||||||
|
|
||||||
|
import java.security.*;
|
||||||
|
@@ -64,6 +67,26 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
private static final boolean systemFipsEnabled = SharedSecrets
|
||||||
|
.getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
|
||||||
|
|
||||||
|
+ private static final boolean plainKeySupportEnabled = SharedSecrets
|
||||||
|
+ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
|
||||||
|
+
|
||||||
|
+ private static final MethodHandle fipsImportKey;
|
||||||
|
+ static {
|
||||||
|
+ MethodHandle fipsImportKeyTmp = null;
|
||||||
|
+ if (plainKeySupportEnabled) {
|
||||||
|
+ try {
|
||||||
|
+ fipsImportKeyTmp = MethodHandles.lookup().findStatic(
|
||||||
|
+ FIPSKeyImporter.class, "importKey",
|
||||||
|
+ MethodType.methodType(Long.class, SunPKCS11.class,
|
||||||
|
+ long.class, CK_ATTRIBUTE[].class));
|
||||||
|
+ } catch (Throwable t) {
|
||||||
|
+ throw new SecurityException("FIPS key importer initialization" +
|
||||||
|
+ " failed", t);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ fipsImportKey = fipsImportKeyTmp;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
private static final long serialVersionUID = -1354835039035306505L;
|
||||||
|
|
||||||
|
static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||||
|
@@ -319,10 +342,15 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
// request multithreaded access first
|
||||||
|
initArgs.flags = CKF_OS_LOCKING_OK;
|
||||||
|
PKCS11 tmpPKCS11;
|
||||||
|
+ MethodHandle fipsKeyImporter = null;
|
||||||
|
+ if (plainKeySupportEnabled) {
|
||||||
|
+ fipsKeyImporter = MethodHandles.insertArguments(
|
||||||
|
+ fipsImportKey, 0, this);
|
||||||
|
+ }
|
||||||
|
try {
|
||||||
|
tmpPKCS11 = PKCS11.getInstance(
|
||||||
|
library, functionList, initArgs,
|
||||||
|
- config.getOmitInitialize());
|
||||||
|
+ config.getOmitInitialize(), fipsKeyImporter);
|
||||||
|
} catch (PKCS11Exception e) {
|
||||||
|
if (debug != null) {
|
||||||
|
debug.println("Multi-threaded initialization failed: " + e);
|
||||||
|
@@ -338,7 +366,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
initArgs.flags = 0;
|
||||||
|
}
|
||||||
|
tmpPKCS11 = PKCS11.getInstance(library,
|
||||||
|
- functionList, initArgs, config.getOmitInitialize());
|
||||||
|
+ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter);
|
||||||
|
}
|
||||||
|
p11 = tmpPKCS11;
|
||||||
|
|
||||||
|
diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
|
||||||
|
index 04a369f453..8d2081abaa 100644
|
||||||
|
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
|
||||||
|
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
|
||||||
|
@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.IOException;
|
||||||
|
+import java.lang.invoke.MethodHandle;
|
||||||
|
import java.util.*;
|
||||||
|
|
||||||
|
import java.security.AccessController;
|
||||||
|
@@ -150,16 +151,28 @@ public class PKCS11 {
|
||||||
|
|
||||||
|
public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
|
||||||
|
String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
|
||||||
|
- boolean omitInitialize) throws IOException, PKCS11Exception {
|
||||||
|
+ boolean omitInitialize, MethodHandle fipsKeyImporter)
|
||||||
|
+ throws IOException, PKCS11Exception {
|
||||||
|
// we may only call C_Initialize once per native .so/.dll
|
||||||
|
// so keep a cache using the (non-canonicalized!) path
|
||||||
|
PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
|
||||||
|
if (pkcs11 == null) {
|
||||||
|
+ boolean nssFipsMode = fipsKeyImporter != null;
|
||||||
|
if ((pInitArgs != null)
|
||||||
|
&& ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
|
||||||
|
- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
|
||||||
|
+ if (nssFipsMode) {
|
||||||
|
+ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
|
||||||
|
+ fipsKeyImporter);
|
||||||
|
+ } else {
|
||||||
|
+ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
|
||||||
|
+ if (nssFipsMode) {
|
||||||
|
+ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
|
||||||
|
+ functionList, fipsKeyImporter);
|
||||||
|
+ } else {
|
||||||
|
+ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
if (omitInitialize == false) {
|
||||||
|
try {
|
||||||
|
@@ -1909,4 +1922,69 @@ static class SynchronizedPKCS11 extends PKCS11 {
|
||||||
|
super.C_GenerateRandom(hSession, randomData);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+// PKCS11 subclass that allows using plain private or secret keys in
|
||||||
|
+// FIPS-configured NSS Software Tokens. Only used when System FIPS
|
||||||
|
+// is enabled.
|
||||||
|
+static class FIPSPKCS11 extends PKCS11 {
|
||||||
|
+ private MethodHandle fipsKeyImporter;
|
||||||
|
+ FIPSPKCS11(String pkcs11ModulePath, String functionListName,
|
||||||
|
+ MethodHandle fipsKeyImporter) throws IOException {
|
||||||
|
+ super(pkcs11ModulePath, functionListName);
|
||||||
|
+ this.fipsKeyImporter = fipsKeyImporter;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public synchronized long C_CreateObject(long hSession,
|
||||||
|
+ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
|
||||||
|
+ // Creating sensitive key objects from plain key material in a
|
||||||
|
+ // FIPS-configured NSS Software Token is not allowed. We apply
|
||||||
|
+ // a key-unwrapping scheme to achieve so.
|
||||||
|
+ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
|
||||||
|
+ try {
|
||||||
|
+ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
|
||||||
|
+ .longValue();
|
||||||
|
+ } catch (Throwable t) {
|
||||||
|
+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return super.C_CreateObject(hSession, pTemplate);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// FIPSPKCS11 synchronized counterpart.
|
||||||
|
+static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 {
|
||||||
|
+ private MethodHandle fipsKeyImporter;
|
||||||
|
+ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName,
|
||||||
|
+ MethodHandle fipsKeyImporter) throws IOException {
|
||||||
|
+ super(pkcs11ModulePath, functionListName);
|
||||||
|
+ this.fipsKeyImporter = fipsKeyImporter;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ public synchronized long C_CreateObject(long hSession,
|
||||||
|
+ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
|
||||||
|
+ // See FIPSPKCS11::C_CreateObject.
|
||||||
|
+ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
|
||||||
|
+ try {
|
||||||
|
+ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
|
||||||
|
+ .longValue();
|
||||||
|
+ } catch (Throwable t) {
|
||||||
|
+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return super.C_CreateObject(hSession, pTemplate);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+private static class FIPSPKCS11Helper {
|
||||||
|
+ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) {
|
||||||
|
+ for (CK_ATTRIBUTE attr : pTemplate) {
|
||||||
|
+ if (attr.type == CKA_CLASS &&
|
||||||
|
+ (attr.getLong() == CKO_PRIVATE_KEY ||
|
||||||
|
+ attr.getLong() == CKO_SECRET_KEY)) {
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
}
|
@ -7,12 +7,12 @@
|
|||||||
# Produce release, fastdebug *and* slowdebug builds on x86_64 (default):
|
# Produce release, fastdebug *and* slowdebug builds on x86_64 (default):
|
||||||
# $ rpmbuild -ba java-11-openjdk.spec
|
# $ rpmbuild -ba java-11-openjdk.spec
|
||||||
#
|
#
|
||||||
# Produce only release builds (no debug builds) on x86_64:
|
# Produce only release builds (no slowdebug builds) on x86_64:
|
||||||
# $ rpmbuild -ba java-11-openjdk.spec --without slowdebug --without fastdebug
|
# $ rpmbuild -ba java-11-openjdk.spec --without slowdebug --without fastdebug
|
||||||
#
|
#
|
||||||
# Only produce a release build on x86_64:
|
# Only produce a release build on x86_64:
|
||||||
# $ rhpkg mockbuild --without slowdebug --without fastdebug
|
# $ rhpkg mockbuild --without slowdebug --without fastdebug
|
||||||
#
|
|
||||||
# Enable fastdebug builds by default on relevant arches.
|
# Enable fastdebug builds by default on relevant arches.
|
||||||
%bcond_without fastdebug
|
%bcond_without fastdebug
|
||||||
# Enable slowdebug builds by default on relevant arches.
|
# Enable slowdebug builds by default on relevant arches.
|
||||||
@ -21,6 +21,8 @@
|
|||||||
%bcond_without release
|
%bcond_without release
|
||||||
# Enable static library builds by default.
|
# Enable static library builds by default.
|
||||||
%bcond_without staticlibs
|
%bcond_without staticlibs
|
||||||
|
# Remove build artifacts by default
|
||||||
|
%bcond_with artifacts
|
||||||
|
|
||||||
# Workaround for stripping of debug symbols from static libraries
|
# Workaround for stripping of debug symbols from static libraries
|
||||||
%if %{with staticlibs}
|
%if %{with staticlibs}
|
||||||
@ -120,7 +122,7 @@
|
|||||||
# Set of architectures for which alt-java has SSB mitigation
|
# Set of architectures for which alt-java has SSB mitigation
|
||||||
%global ssbd_arches x86_64
|
%global ssbd_arches x86_64
|
||||||
|
|
||||||
# By default, we build a debug build during main build on JIT architectures
|
# By default, we build a slowdebug build during main build on JIT architectures
|
||||||
%if %{with slowdebug}
|
%if %{with slowdebug}
|
||||||
%ifarch %{debug_arches}
|
%ifarch %{debug_arches}
|
||||||
%global include_debug_build 1
|
%global include_debug_build 1
|
||||||
@ -188,22 +190,28 @@
|
|||||||
%global bootstrap_build 1
|
%global bootstrap_build 1
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{bootstrap_build}
|
|
||||||
%global release_targets bootcycle-images docs-zip
|
|
||||||
%else
|
|
||||||
%global release_targets images docs-zip
|
|
||||||
%endif
|
|
||||||
# No docs nor bootcycle for debug builds
|
|
||||||
%global debug_targets images
|
|
||||||
|
|
||||||
%if %{include_staticlibs}
|
%if %{include_staticlibs}
|
||||||
# Extra target for producing the static-libraries. Separate from
|
# Extra target for producing the static-libraries. Separate from
|
||||||
# other targets since this target is configured to use in-tree
|
# other targets since this target is configured to use in-tree
|
||||||
# AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib
|
# AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib
|
||||||
# and possibly others
|
# and possibly others
|
||||||
%global static_libs_target static-libs-image
|
%global static_libs_target static-libs-image
|
||||||
|
%else
|
||||||
|
%global static_libs_target %{nil}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# RPM JDK builds keep the debug symbols internal, to be later stripped by RPM
|
||||||
|
%global debug_symbols internal
|
||||||
|
|
||||||
|
# unlike portables,the rpms have to use static_libs_target very dynamically
|
||||||
|
%global bootstrap_targets images
|
||||||
|
%global release_targets images docs-zip
|
||||||
|
# No docs nor bootcycle for debug builds
|
||||||
|
%global debug_targets images
|
||||||
|
|
||||||
|
# Disable LTO as this causes build failures at the moment.
|
||||||
|
# See RHBZ#1861401
|
||||||
|
%define _lto_cflags %{nil}
|
||||||
|
|
||||||
# Filter out flags from the optflags macro that cause problems with the OpenJDK build
|
# Filter out flags from the optflags macro that cause problems with the OpenJDK build
|
||||||
# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
|
# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
|
||||||
@ -289,7 +297,7 @@
|
|||||||
# New Version-String scheme-style defines
|
# New Version-String scheme-style defines
|
||||||
%global featurever 11
|
%global featurever 11
|
||||||
%global interimver 0
|
%global interimver 0
|
||||||
%global updatever 12
|
%global updatever 13
|
||||||
%global patchver 0
|
%global patchver 0
|
||||||
# If you bump featurever, you must bump also vendor_version_string
|
# If you bump featurever, you must bump also vendor_version_string
|
||||||
# Used via new version scheme. JDK 11 was
|
# Used via new version scheme. JDK 11 was
|
||||||
@ -337,7 +345,7 @@
|
|||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||||
%global buildver 7
|
%global buildver 7
|
||||||
%global rpmrelease 4
|
%global rpmrelease 1
|
||||||
#%%global tagsuffix %%{nil}
|
#%%global tagsuffix %%{nil}
|
||||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
@ -366,7 +374,7 @@
|
|||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
# - N%%{?extraver}{?dist} for GA releases
|
# - N%%{?extraver}{?dist} for GA releases
|
||||||
%global is_ga 1
|
%global is_ga 0
|
||||||
%if %{is_ga}
|
%if %{is_ga}
|
||||||
%global ea_designator ""
|
%global ea_designator ""
|
||||||
%global ea_designator_zip ""
|
%global ea_designator_zip ""
|
||||||
@ -387,6 +395,7 @@
|
|||||||
%global static_libs_image static-libs
|
%global static_libs_image static-libs
|
||||||
# output dir stub
|
# output dir stub
|
||||||
%define buildoutputdir() %{expand:build/jdk11.build%{?1}}
|
%define buildoutputdir() %{expand:build/jdk11.build%{?1}}
|
||||||
|
%define installoutputdir() %{expand:install/jdk11.install%{?1}}
|
||||||
# we can copy the javadoc to not arched dir, or make it not noarch
|
# we can copy the javadoc to not arched dir, or make it not noarch
|
||||||
%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}}
|
%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}}
|
||||||
# main id and dir of this jdk
|
# main id and dir of this jdk
|
||||||
@ -1022,12 +1031,8 @@ OrderWithRequires: copy-jdk-configs
|
|||||||
Requires: cups-libs
|
Requires: cups-libs
|
||||||
# Post requires alternatives to install tool alternatives
|
# Post requires alternatives to install tool alternatives
|
||||||
Requires(post): %{alternatives_requires}
|
Requires(post): %{alternatives_requires}
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(post): chkconfig >= 1.7
|
|
||||||
# Postun requires alternatives to uninstall tool alternatives
|
# Postun requires alternatives to uninstall tool alternatives
|
||||||
Requires(postun): %{alternatives_requires}
|
Requires(postun): %{alternatives_requires}
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(postun): chkconfig >= 1.7
|
|
||||||
# for optional support of kernel stream control, card reader and printing bindings
|
# for optional support of kernel stream control, card reader and printing bindings
|
||||||
%if 0%{?rhel} >= 8
|
%if 0%{?rhel} >= 8
|
||||||
Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa}
|
Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa}
|
||||||
@ -1052,12 +1057,8 @@ Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
|||||||
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
# Post requires alternatives to install tool alternatives
|
# Post requires alternatives to install tool alternatives
|
||||||
Requires(post): %{alternatives_requires}
|
Requires(post): %{alternatives_requires}
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(post): chkconfig >= 1.7
|
|
||||||
# Postun requires alternatives to uninstall tool alternatives
|
# Postun requires alternatives to uninstall tool alternatives
|
||||||
Requires(postun): %{alternatives_requires}
|
Requires(postun): %{alternatives_requires}
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(postun): chkconfig >= 1.7
|
|
||||||
|
|
||||||
# Standard JPackage devel provides
|
# Standard JPackage devel provides
|
||||||
Provides: java-sdk-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release}
|
Provides: java-sdk-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release}
|
||||||
@ -1098,6 +1099,7 @@ Provides: java-%{javaver}-demo%{?1} = %{epoch}:%{version}-%{release}
|
|||||||
Provides: java-%{javaver}-%{origin}-demo%{?1} = %{epoch}:%{version}-%{release}
|
Provides: java-%{javaver}-%{origin}-demo%{?1} = %{epoch}:%{version}-%{release}
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
Provides: java-demo%{?1} = %{epoch}:%{version}-%{release}
|
Provides: java-demo%{?1} = %{epoch}:%{version}-%{release}
|
||||||
|
Provides: java-%{origin}-demo%{?1} = %{epoch}:%{version}-%{release}
|
||||||
%endif
|
%endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1105,12 +1107,8 @@ Provides: java-demo%{?1} = %{epoch}:%{version}-%{release}
|
|||||||
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||||
# Post requires alternatives to install javadoc alternative
|
# Post requires alternatives to install javadoc alternative
|
||||||
Requires(post): %{alternatives_requires}
|
Requires(post): %{alternatives_requires}
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(post): chkconfig >= 1.7
|
|
||||||
# Postun requires alternatives to uninstall javadoc alternative
|
# Postun requires alternatives to uninstall javadoc alternative
|
||||||
Requires(postun): %{alternatives_requires}
|
Requires(postun): %{alternatives_requires}
|
||||||
# in version 1.7 and higher for --family switch
|
|
||||||
Requires(postun): chkconfig >= 1.7
|
|
||||||
|
|
||||||
# Standard JPackage javadoc provides
|
# Standard JPackage javadoc provides
|
||||||
Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
|
Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
|
||||||
@ -1128,6 +1126,7 @@ Provides: java-%{javaver}-src%{?1} = %{epoch}:%{version}-%{release}
|
|||||||
Provides: java-%{javaver}-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
|
Provides: java-%{javaver}-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
|
Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
|
||||||
|
Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
|
||||||
%endif
|
%endif
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1149,7 +1148,9 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
|
|||||||
|
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Summary: %{origin_nice} %{featurever} Runtime Environment
|
Summary: %{origin_nice} %{featurever} Runtime Environment
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
# HotSpot code is licensed under GPLv2
|
# HotSpot code is licensed under GPLv2
|
||||||
# JDK library code is licensed under GPLv2 with the Classpath exception
|
# JDK library code is licensed under GPLv2 with the Classpath exception
|
||||||
@ -1217,7 +1218,7 @@ Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
|
|||||||
Patch2: rh1648644-java_access_bridge_privileged_security.patch
|
Patch2: rh1648644-java_access_bridge_privileged_security.patch
|
||||||
# NSS via SunPKCS11 Provider (disabled due to memory leak).
|
# NSS via SunPKCS11 Provider (disabled due to memory leak).
|
||||||
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
|
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
|
||||||
# enable build of speculative store bypass hardened alt-java
|
# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
|
||||||
Patch600: rh1750419-redhat_alt_java.patch
|
Patch600: rh1750419-redhat_alt_java.patch
|
||||||
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
|
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
|
||||||
Patch1003: rh1842572-rsa_default_for_keytool.patch
|
Patch1003: rh1842572-rsa_default_for_keytool.patch
|
||||||
@ -1236,6 +1237,8 @@ Patch1008: rh1929465-improve_system_FIPS_detection.patch
|
|||||||
# RH1996182: Login to the NSS software token in FIPS mode
|
# RH1996182: Login to the NSS software token in FIPS mode
|
||||||
Patch1009: rh1996182-login_to_nss_software_token.patch
|
Patch1009: rh1996182-login_to_nss_software_token.patch
|
||||||
Patch1010: rh1996182-extend_security_policy.patch
|
Patch1010: rh1996182-extend_security_policy.patch
|
||||||
|
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
|
||||||
|
Patch1011: rh1991003-enable_fips_keys_import.patch
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
@ -1269,8 +1272,6 @@ Patch7: pr3695-toggle_system_crypto_policy.patch
|
|||||||
# able to be removed once that release is out
|
# able to be removed once that release is out
|
||||||
# and used by this RPM.
|
# and used by this RPM.
|
||||||
#############################################
|
#############################################
|
||||||
# JDK-8269668, RH1977671: [aarch64] java.library.path not including /usr/lib64
|
|
||||||
Patch8: jdk8269668-rh1977671-aarch64_lib_path_fix.patch
|
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: automake
|
BuildRequires: automake
|
||||||
@ -1317,6 +1318,7 @@ BuildRequires: gcc >= 4.8.3-8
|
|||||||
%if %{with_systemtap}
|
%if %{with_systemtap}
|
||||||
BuildRequires: systemtap-sdt-devel
|
BuildRequires: systemtap-sdt-devel
|
||||||
%endif
|
%endif
|
||||||
|
BuildRequires: make
|
||||||
|
|
||||||
# this is always built, also during debug-only build
|
# this is always built, also during debug-only build
|
||||||
# when it is built in debug-only this package is just placeholder
|
# when it is built in debug-only this package is just placeholder
|
||||||
@ -1328,7 +1330,9 @@ The %{origin_nice} %{featurever} runtime environment.
|
|||||||
%if %{include_debug_build}
|
%if %{include_debug_build}
|
||||||
%package slowdebug
|
%package slowdebug
|
||||||
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
|
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_rpo -- %{debug_suffix_unquoted}}
|
%{java_rpo -- %{debug_suffix_unquoted}}
|
||||||
%description slowdebug
|
%description slowdebug
|
||||||
@ -1339,7 +1343,9 @@ The %{origin_nice} %{featurever} runtime environment.
|
|||||||
%if %{include_fastdebug_build}
|
%if %{include_fastdebug_build}
|
||||||
%package fastdebug
|
%package fastdebug
|
||||||
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
|
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_rpo -- %{fastdebug_suffix_unquoted}}
|
%{java_rpo -- %{fastdebug_suffix_unquoted}}
|
||||||
%description fastdebug
|
%description fastdebug
|
||||||
@ -1350,7 +1356,9 @@ The %{origin_nice} %{featurever} runtime environment.
|
|||||||
%if %{include_normal_build}
|
%if %{include_normal_build}
|
||||||
%package headless
|
%package headless
|
||||||
Summary: %{origin_nice} %{featurever} Headless Runtime Environment
|
Summary: %{origin_nice} %{featurever} Headless Runtime Environment
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_headless_rpo %{nil}}
|
%{java_headless_rpo %{nil}}
|
||||||
|
|
||||||
@ -1385,7 +1393,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
|
|||||||
%if %{include_normal_build}
|
%if %{include_normal_build}
|
||||||
%package devel
|
%package devel
|
||||||
Summary: %{origin_nice} %{featurever} Development Environment
|
Summary: %{origin_nice} %{featurever} Development Environment
|
||||||
Group: Development/Tools
|
%if 0%{?rhel} <= 8
|
||||||
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_devel_rpo %{nil}}
|
%{java_devel_rpo %{nil}}
|
||||||
|
|
||||||
@ -1396,7 +1406,9 @@ The %{origin_nice} %{featurever} development tools.
|
|||||||
%if %{include_debug_build}
|
%if %{include_debug_build}
|
||||||
%package devel-slowdebug
|
%package devel-slowdebug
|
||||||
Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
|
Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
|
||||||
Group: Development/Tools
|
%if 0%{?rhel} <= 8
|
||||||
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_devel_rpo -- %{debug_suffix_unquoted}}
|
%{java_devel_rpo -- %{debug_suffix_unquoted}}
|
||||||
|
|
||||||
@ -1457,7 +1469,9 @@ The %{origin_nice} %{featurever} libraries for static linking.
|
|||||||
%if %{include_normal_build}
|
%if %{include_normal_build}
|
||||||
%package jmods
|
%package jmods
|
||||||
Summary: JMods for %{origin_nice} %{featurever}
|
Summary: JMods for %{origin_nice} %{featurever}
|
||||||
Group: Development/Tools
|
%if 0%{?rhel} <= 8
|
||||||
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_jmods_rpo %{nil}}
|
%{java_jmods_rpo %{nil}}
|
||||||
|
|
||||||
@ -1468,7 +1482,9 @@ The JMods for %{origin_nice} %{featurever}.
|
|||||||
%if %{include_debug_build}
|
%if %{include_debug_build}
|
||||||
%package jmods-slowdebug
|
%package jmods-slowdebug
|
||||||
Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
|
Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
|
||||||
Group: Development/Tools
|
%if 0%{?rhel} <= 8
|
||||||
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_jmods_rpo -- %{debug_suffix_unquoted}}
|
%{java_jmods_rpo -- %{debug_suffix_unquoted}}
|
||||||
|
|
||||||
@ -1492,7 +1508,9 @@ The JMods for %{origin_nice} %{featurever}.
|
|||||||
%if %{include_normal_build}
|
%if %{include_normal_build}
|
||||||
%package demo
|
%package demo
|
||||||
Summary: %{origin_nice} %{featurever} Demos
|
Summary: %{origin_nice} %{featurever} Demos
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_demo_rpo %{nil}}
|
%{java_demo_rpo %{nil}}
|
||||||
|
|
||||||
@ -1503,7 +1521,9 @@ The %{origin_nice} %{featurever} demos.
|
|||||||
%if %{include_debug_build}
|
%if %{include_debug_build}
|
||||||
%package demo-slowdebug
|
%package demo-slowdebug
|
||||||
Summary: %{origin_nice} %{featurever} Demos %{debug_on}
|
Summary: %{origin_nice} %{featurever} Demos %{debug_on}
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_demo_rpo -- %{debug_suffix_unquoted}}
|
%{java_demo_rpo -- %{debug_suffix_unquoted}}
|
||||||
|
|
||||||
@ -1527,7 +1547,9 @@ The %{origin_nice} %{featurever} demos.
|
|||||||
%if %{include_normal_build}
|
%if %{include_normal_build}
|
||||||
%package src
|
%package src
|
||||||
Summary: %{origin_nice} %{featurever} Source Bundle
|
Summary: %{origin_nice} %{featurever} Source Bundle
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_src_rpo %{nil}}
|
%{java_src_rpo %{nil}}
|
||||||
|
|
||||||
@ -1539,7 +1561,9 @@ class library source code for use by IDE indexers and debuggers.
|
|||||||
%if %{include_debug_build}
|
%if %{include_debug_build}
|
||||||
%package src-slowdebug
|
%package src-slowdebug
|
||||||
Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
|
Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Development/Languages
|
Group: Development/Languages
|
||||||
|
%endif
|
||||||
|
|
||||||
%{java_src_rpo -- %{debug_suffix_unquoted}}
|
%{java_src_rpo -- %{debug_suffix_unquoted}}
|
||||||
|
|
||||||
@ -1563,7 +1587,9 @@ The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_n
|
|||||||
%if %{include_normal_build}
|
%if %{include_normal_build}
|
||||||
%package javadoc
|
%package javadoc
|
||||||
Summary: %{origin_nice} %{featurever} API documentation
|
Summary: %{origin_nice} %{featurever} API documentation
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Documentation
|
Group: Documentation
|
||||||
|
%endif
|
||||||
Requires: javapackages-filesystem
|
Requires: javapackages-filesystem
|
||||||
Obsoletes: javadoc-debug
|
Obsoletes: javadoc-debug
|
||||||
|
|
||||||
@ -1574,7 +1600,9 @@ The %{origin_nice} %{featurever} API documentation.
|
|||||||
|
|
||||||
%package javadoc-zip
|
%package javadoc-zip
|
||||||
Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
|
Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
|
||||||
|
%if 0%{?rhel} <= 8
|
||||||
Group: Documentation
|
Group: Documentation
|
||||||
|
%endif
|
||||||
Requires: javapackages-filesystem
|
Requires: javapackages-filesystem
|
||||||
Obsoletes: javadoc-zip-debug
|
Obsoletes: javadoc-zip-debug
|
||||||
|
|
||||||
@ -1634,7 +1662,6 @@ pushd %{top_level_dir_name}
|
|||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
%patch8 -p1
|
|
||||||
popd # openjdk
|
popd # openjdk
|
||||||
|
|
||||||
%patch1000
|
%patch1000
|
||||||
@ -1647,6 +1674,7 @@ popd # openjdk
|
|||||||
%patch1008
|
%patch1008
|
||||||
%patch1009
|
%patch1009
|
||||||
%patch1010
|
%patch1010
|
||||||
|
%patch1011
|
||||||
|
|
||||||
# Extract systemtap tapsets
|
# Extract systemtap tapsets
|
||||||
%if %{with_systemtap}
|
%if %{with_systemtap}
|
||||||
@ -1658,7 +1686,6 @@ cp -r tapset tapset%{debug_suffix}
|
|||||||
cp -r tapset tapset%{fastdebug_suffix}
|
cp -r tapset tapset%{fastdebug_suffix}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
|
||||||
for suffix in %{build_loop} ; do
|
for suffix in %{build_loop} ; do
|
||||||
for file in "tapset"$suffix/*.in; do
|
for file in "tapset"$suffix/*.in; do
|
||||||
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
|
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
|
||||||
@ -1727,45 +1754,33 @@ EXTRA_CPP_FLAGS="%ourcppflags"
|
|||||||
# fix rpmlint warnings
|
# fix rpmlint warnings
|
||||||
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
|
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
|
||||||
%endif
|
%endif
|
||||||
|
# Fixes annocheck warnings in assembler files due to missing build notes
|
||||||
EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
|
EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
|
||||||
export EXTRA_CFLAGS EXTRA_ASFLAGS
|
export EXTRA_CFLAGS EXTRA_ASFLAGS
|
||||||
|
|
||||||
for suffix in %{build_loop} ; do
|
function buildjdk() {
|
||||||
if [ "x$suffix" = "x" ] ; then
|
local outputdir=${1}
|
||||||
debugbuild=release
|
local installdir=${2}
|
||||||
else
|
local buildjdk=${3}
|
||||||
# change --something to something
|
local maketargets="${4}"
|
||||||
debugbuild=`echo $suffix | sed "s/-//g"`
|
local debuglevel=${5}
|
||||||
fi
|
local link_opt=${6}
|
||||||
|
|
||||||
for loop in %{main_suffix} %{staticlibs_loop} ; do
|
local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
|
||||||
|
local top_dir_abs_build_path=$(pwd)/${outputdir}
|
||||||
|
|
||||||
if test "x${loop}" = "x%{main_suffix}" ; then
|
echo "Using output directory: ${outputdir}";
|
||||||
# Copy the source tree so we can remove all in-tree libraries
|
echo "Checking build JDK ${buildjdk} is operational..."
|
||||||
cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
|
${buildjdk}/bin/java -version
|
||||||
# Remove all libraries that are linked
|
echo "Using make targets: ${maketargets}"
|
||||||
sh %{SOURCE12} %{top_level_dir_name} full
|
echo "Using debuglevel: ${debuglevel}"
|
||||||
# Variable used by configure and hs_err hook on build failures
|
echo "Using link_opt: ${link_opt}"
|
||||||
link_opt="system"
|
echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
|
||||||
# Debug builds don't need same targets as release for
|
|
||||||
# build speed-up
|
|
||||||
maketargets="%{release_targets}"
|
|
||||||
if echo $debugbuild | grep -q "debug" ; then
|
|
||||||
maketargets="%{debug_targets}"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
# Variable used by configure and hs_err hook on build failures
|
|
||||||
link_opt="bundled"
|
|
||||||
# Static library cycle only builds the static libraries
|
|
||||||
maketargets="%{static_libs_target}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
|
mkdir -p ${outputdir} ${installdir}
|
||||||
top_dir_abs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}${loop}}
|
pushd ${outputdir}
|
||||||
mkdir -p ${top_dir_abs_build_path}
|
|
||||||
pushd ${top_dir_abs_build_path}
|
|
||||||
|
|
||||||
bash ${top_dir_abs_src_path}/configure \
|
bash ${top_dir_abs_src_path}/configure \
|
||||||
%ifnarch %{jit_arches}
|
%ifnarch %{jit_arches}
|
||||||
--with-jvm-variants=zero \
|
--with-jvm-variants=zero \
|
||||||
%endif
|
%endif
|
||||||
@ -1780,9 +1795,9 @@ bash ${top_dir_abs_src_path}/configure \
|
|||||||
--with-vendor-url="%{oj_vendor_url}" \
|
--with-vendor-url="%{oj_vendor_url}" \
|
||||||
--with-vendor-bug-url="%{oj_vendor_bug_url}" \
|
--with-vendor-bug-url="%{oj_vendor_bug_url}" \
|
||||||
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
|
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
|
||||||
--with-boot-jdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk \
|
--with-boot-jdk=${buildjdk} \
|
||||||
--with-debug-level=$debugbuild \
|
--with-debug-level=${debuglevel} \
|
||||||
--with-native-debug-symbols=internal \
|
--with-native-debug-symbols="%{debug_symbols}" \
|
||||||
--enable-sysconf-nss \
|
--enable-sysconf-nss \
|
||||||
--enable-unlimited-crypto \
|
--enable-unlimited-crypto \
|
||||||
--with-zlib=system \
|
--with-zlib=system \
|
||||||
@ -1801,54 +1816,121 @@ bash ${top_dir_abs_src_path}/configure \
|
|||||||
--with-jvm-features="%{shenandoah_feature},%{zgc_feature}" \
|
--with-jvm-features="%{shenandoah_feature},%{zgc_feature}" \
|
||||||
--disable-warnings-as-errors
|
--disable-warnings-as-errors
|
||||||
|
|
||||||
make \
|
cat spec.gmk
|
||||||
|
|
||||||
|
make \
|
||||||
JAVAC_FLAGS=-g \
|
JAVAC_FLAGS=-g \
|
||||||
LOG=trace \
|
LOG=trace \
|
||||||
WARNINGS_ARE_ERRORS="-Wno-error" \
|
WARNINGS_ARE_ERRORS="-Wno-error" \
|
||||||
CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
|
CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
|
||||||
$maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
|
$maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
|
||||||
|
|
||||||
popd >& /dev/null
|
popd
|
||||||
|
|
||||||
# Restore original source tree if we modified it by removing full in-tree sources
|
echo "Installing build from ${outputdir} to ${installdir}..."
|
||||||
if [ -d %{top_level_dir_name_backup} ] ; then
|
echo "Installing images..."
|
||||||
|
mv ${outputdir}/images ${installdir}
|
||||||
|
if [ -d ${outputdir}/bundles ] ; then
|
||||||
|
echo "Installing bundles...";
|
||||||
|
mv ${outputdir}/bundles ${installdir} ;
|
||||||
|
fi
|
||||||
|
if [ -d ${outputdir}/docs ] ; then
|
||||||
|
echo "Installing docs...";
|
||||||
|
mv ${outputdir}/docs ${installdir} ;
|
||||||
|
fi
|
||||||
|
|
||||||
|
%if !%{with artifacts}
|
||||||
|
echo "Removing output directory...";
|
||||||
|
rm -rf ${outputdir}
|
||||||
|
%endif
|
||||||
|
}
|
||||||
|
|
||||||
|
function installjdk() {
|
||||||
|
local imagepath=${1}
|
||||||
|
|
||||||
|
# the build (erroneously) removes read permissions from some jars
|
||||||
|
# this is a regression in OpenJDK 7 (our compiler):
|
||||||
|
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
|
||||||
|
find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
|
||||||
|
|
||||||
|
# Build screws up permissions on binaries
|
||||||
|
# https://bugs.openjdk.java.net/browse/JDK-8173610
|
||||||
|
find ${imagepath} -iname '*.so' -exec chmod +x {} \;
|
||||||
|
find ${imagepath}/bin/ -exec chmod +x {} \;
|
||||||
|
|
||||||
|
# Install nss.cfg right away as we will be using the JRE above
|
||||||
|
install -m 644 nss.cfg ${imagepath}/conf/security/
|
||||||
|
|
||||||
|
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||||
|
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
||||||
|
|
||||||
|
# Use system-wide tzdata
|
||||||
|
rm ${imagepath}/lib/tzdb.dat
|
||||||
|
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
|
||||||
|
|
||||||
|
# Create fake alt-java as a placeholder for future alt-java
|
||||||
|
pushd ${imagepath}
|
||||||
|
# add alt-java man page
|
||||||
|
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
|
||||||
|
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
|
||||||
|
popd
|
||||||
|
}
|
||||||
|
|
||||||
|
for suffix in %{build_loop} ; do
|
||||||
|
|
||||||
|
if [ "x$suffix" = "x" ] ; then
|
||||||
|
debugbuild=release
|
||||||
|
else
|
||||||
|
# change --something to something
|
||||||
|
debugbuild=`echo $suffix | sed "s/-//g"`
|
||||||
|
fi
|
||||||
|
|
||||||
|
systemjdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk
|
||||||
|
|
||||||
|
for loop in %{main_suffix} %{staticlibs_loop} ; do
|
||||||
|
|
||||||
|
builddir=%{buildoutputdir -- ${suffix}${loop}}
|
||||||
|
bootbuilddir=boot${builddir}
|
||||||
|
installdir=%{installoutputdir -- ${suffix}${loop}}
|
||||||
|
bootinstalldir=boot${installdir}
|
||||||
|
|
||||||
|
if test "x${loop}" = "x%{main_suffix}" ; then
|
||||||
|
# Copy the source tree so we can remove all in-tree libraries
|
||||||
|
cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
|
||||||
|
# Remove all libraries that are linked
|
||||||
|
sh %{SOURCE12} %{top_level_dir_name} full
|
||||||
|
# Use system libraries
|
||||||
|
link_opt="system"
|
||||||
|
# Debug builds don't need same targets as release for
|
||||||
|
# build speed-up
|
||||||
|
maketargets="%{release_targets}"
|
||||||
|
if echo $debugbuild | grep -q "debug" ; then
|
||||||
|
maketargets="%{debug_targets}"
|
||||||
|
fi
|
||||||
|
%if %{bootstrap_build}
|
||||||
|
buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
|
||||||
|
buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
|
||||||
|
%{!?with_artifacts:rm -rf ${bootinstalldir}}
|
||||||
|
%else
|
||||||
|
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
|
||||||
|
%endif
|
||||||
|
# Restore original source tree we modified by removing full in-tree sources
|
||||||
rm -rf %{top_level_dir_name}
|
rm -rf %{top_level_dir_name}
|
||||||
mv %{top_level_dir_name_backup} %{top_level_dir_name}
|
mv %{top_level_dir_name_backup} %{top_level_dir_name}
|
||||||
fi
|
else
|
||||||
|
# Use bundled libraries for building statically
|
||||||
|
link_opt="bundled"
|
||||||
|
# Static library cycle only builds the static libraries
|
||||||
|
maketargets="%{static_libs_target}"
|
||||||
|
# Always just do the one build for the static libraries
|
||||||
|
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
|
||||||
|
fi
|
||||||
|
|
||||||
done # end of main / staticlibs loop
|
done # end of main / staticlibs loop
|
||||||
|
|
||||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
# Final setup on the main image
|
||||||
|
top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
|
||||||
# the build (erroneously) removes read permissions from some jars
|
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||||
# this is a regression in OpenJDK 7 (our compiler):
|
|
||||||
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
|
|
||||||
find ${top_dir_abs_main_build_path}/images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
|
|
||||||
|
|
||||||
# Build screws up permissions on binaries
|
|
||||||
# https://bugs.openjdk.java.net/browse/JDK-8173610
|
|
||||||
find ${top_dir_abs_main_build_path}/images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
|
|
||||||
find ${top_dir_abs_main_build_path}/images/%{jdkimage}/bin/ -exec chmod +x {} \;
|
|
||||||
|
|
||||||
# Install nss.cfg right away as we will be using the JRE above
|
|
||||||
export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
|
|
||||||
|
|
||||||
# Install nss.cfg right away as we will be using the JRE above
|
|
||||||
install -m 644 nss.cfg $JAVA_HOME/conf/security/
|
|
||||||
|
|
||||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
|
||||||
install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
|
|
||||||
|
|
||||||
# Use system-wide tzdata
|
|
||||||
rm $JAVA_HOME/lib/tzdb.dat
|
|
||||||
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/lib/tzdb.dat
|
|
||||||
|
|
||||||
# Create fake alt-java as a placeholder for future alt-java
|
|
||||||
pushd ${JAVA_HOME}
|
|
||||||
# add alt-java man page
|
|
||||||
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
|
|
||||||
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
|
|
||||||
popd
|
|
||||||
|
|
||||||
# build cycles
|
# build cycles
|
||||||
done # end of release / debug cycle loop
|
done # end of release / debug cycle loop
|
||||||
@ -1858,9 +1940,9 @@ done # end of release / debug cycle loop
|
|||||||
# We test debug first as it will give better diagnostics on a crash
|
# We test debug first as it will give better diagnostics on a crash
|
||||||
for suffix in %{build_loop} ; do
|
for suffix in %{build_loop} ; do
|
||||||
|
|
||||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
|
||||||
%if %{include_staticlibs}
|
%if %{include_staticlibs}
|
||||||
top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticlibs_loop}}
|
top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
|
export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||||
@ -1903,8 +1985,9 @@ readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
|
|||||||
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
|
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
so_suffix="so"
|
||||||
# Check debug symbols are present and can identify code
|
# Check debug symbols are present and can identify code
|
||||||
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
|
find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
|
||||||
do
|
do
|
||||||
if [ -f "$lib" ] ; then
|
if [ -f "$lib" ] ; then
|
||||||
echo "Testing $lib for debug symbols"
|
echo "Testing $lib for debug symbols"
|
||||||
@ -1964,10 +2047,16 @@ quit
|
|||||||
end
|
end
|
||||||
run -version
|
run -version
|
||||||
EOF
|
EOF
|
||||||
|
%if 0%{?fedora} > 0
|
||||||
|
# This fails on s390x for some reason. Disable for now. See:
|
||||||
|
# https://koji.fedoraproject.org/koji/taskinfo?taskID=41499227
|
||||||
|
%ifnarch s390x
|
||||||
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
|
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
# Check src.zip has all sources. See RHBZ#1130490
|
# Check src.zip has all sources. See RHBZ#1130490
|
||||||
jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
|
$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
|
||||||
|
|
||||||
# Check class files include useful debugging information
|
# Check class files include useful debugging information
|
||||||
$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
|
$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
|
||||||
@ -1987,9 +2076,9 @@ STRIP_KEEP_SYMTAB=libjvm*
|
|||||||
|
|
||||||
for suffix in %{build_loop} ; do
|
for suffix in %{build_loop} ; do
|
||||||
|
|
||||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
|
||||||
%if %{include_staticlibs}
|
%if %{include_staticlibs}
|
||||||
top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticlibs_loop}}
|
top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}}
|
||||||
%endif
|
%endif
|
||||||
jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage}
|
jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||||
|
|
||||||
@ -2057,7 +2146,7 @@ if ! echo $suffix | grep -q "debug" ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Install release notes
|
# Install release notes
|
||||||
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir $suffix}
|
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
|
||||||
install -d -m 755 ${commondocdir}
|
install -d -m 755 ${commondocdir}
|
||||||
cp -a %{SOURCE10} ${commondocdir}
|
cp -a %{SOURCE10} ${commondocdir}
|
||||||
|
|
||||||
@ -2237,7 +2326,6 @@ end
|
|||||||
|
|
||||||
%posttrans devel-slowdebug
|
%posttrans devel-slowdebug
|
||||||
%{posttrans_devel -- %{debug_suffix_unquoted}}
|
%{posttrans_devel -- %{debug_suffix_unquoted}}
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{include_fastdebug_build}
|
%if %{include_fastdebug_build}
|
||||||
@ -2333,7 +2421,6 @@ end
|
|||||||
|
|
||||||
%files src-slowdebug
|
%files src-slowdebug
|
||||||
%{files_src -- %{debug_suffix_unquoted}}
|
%{files_src -- %{debug_suffix_unquoted}}
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{include_fastdebug_build}
|
%if %{include_fastdebug_build}
|
||||||
@ -2363,6 +2450,49 @@ end
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.7-0.1.ea
|
||||||
|
- Update to jdk-11.0.13.0+7
|
||||||
|
- Update release notes to 11.0.13.0+7
|
||||||
|
- Resolves: rhbz#1999938
|
||||||
|
|
||||||
|
* Mon Oct 11 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.1-0.1.ea
|
||||||
|
- Update to jdk-11.0.13.0+1
|
||||||
|
- Update release notes to 11.0.13.0+1
|
||||||
|
- Update tarball generation script to use git following OpenJDK 11u's move to github
|
||||||
|
- Switch to EA mode for 11.0.13 pre-release builds.
|
||||||
|
- Remove "-clean" suffix as no 11.0.13 builds are unclean.
|
||||||
|
- Drop JDK-8269668 patch which is now applied upstream.
|
||||||
|
- Related: rhbz#1999938
|
||||||
|
|
||||||
|
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-9
|
||||||
|
- The bootstrap JDK is now in bootinstalldir, not bootbuilddir.
|
||||||
|
- Related: rhbz#1999938
|
||||||
|
|
||||||
|
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-9
|
||||||
|
- Reduce disk footprint by removing build artifacts by default.
|
||||||
|
- Related: rhbz#1999938
|
||||||
|
|
||||||
|
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-8
|
||||||
|
- Restructure the build so a minimal initial build is then used for the final build (with docs)
|
||||||
|
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
|
||||||
|
- Related: rhbz#1999938
|
||||||
|
|
||||||
|
* Tue Oct 05 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-7
|
||||||
|
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
|
||||||
|
- Resolves: rhbz#1991003
|
||||||
|
|
||||||
|
* Tue Oct 05 2021 Martin Balao <mbalao@redhat.com> - 1:11.0.12.0.7-7
|
||||||
|
- Add patch to allow plain key import.
|
||||||
|
- Resolves: rhbz#1991003
|
||||||
|
|
||||||
|
* Mon Sep 06 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.12.0.7-6
|
||||||
|
- Minor cosmetic improvements to make spec more comparable between variants
|
||||||
|
- Related: rhbz#1999938
|
||||||
|
|
||||||
|
* Mon Sep 06 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-5
|
||||||
|
- Remove non-Free test from source tarball.
|
||||||
|
- Related: rhbz#1999938
|
||||||
|
|
||||||
* Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-4
|
* Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-4
|
||||||
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc.
|
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc.
|
||||||
- Resolves: rhbz#1997357
|
- Resolves: rhbz#1997357
|
||||||
|
Loading…
Reference in New Issue
Block a user