Update release notes to 11.0.14.0+1
Switch to EA mode for 11.0.14 pre-release builds.
Rename blacklisted.certs to blocked.certs following JDK-8253866
Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
Update release notes to 11.0.13.0+1
Update tarball generation script to use git following OpenJDK 11u's move to github
Switch to EA mode for 11.0.13 pre-release builds.
Remove "-clean" suffix as no 11.0.13 builds are unclean.
Drop JDK-8269668 patch which is now applied upstream.
Update release notes to 11.0.12.0+1
Switch to EA mode for 11.0.12 pre-release builds.
Update ECC patch following JDK-8226374 (bug ID yet to be confirmed)
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
Resolves: rhbz#1830090
There does not appear to be any value in having copy-jdk-config in Flatpak
builds (where a given Flatpak bundles one specific JDK, so no need for a
"Utility script to transfer JDKs configuration files between updates or for
archiving.")
And at least when trying to do a LibreOffice Flatpak build from Fedora 34 RPM
specs (which includes java-11-openjdk among its components), the #!/usr/bin/lua
shebang in copy_jdk_configs.lua would have caused a requirement on
/usr/bin/lua, but which a lua RPM bundled in the Flatpak would not provide (as
it would provide /app/bin/lua instead). And the easiest way to work around that
issue is to just disable the unnecessary copy-jdk-configs.
