Merge branch 'c8' into a8-portable
This commit is contained in:
commit
3696ea5d1d
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/openjdk-jdk17u-jdk-17.0.8+7.tar.xz
|
||||
SOURCES/openjdk-17.0.9+9.tar.xz
|
||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
e7d88f78da7625ba448daacff2d9995367eef250 SOURCES/openjdk-jdk17u-jdk-17.0.8+7.tar.xz
|
||||
a58b92201b1d3e26d8375f67708fe2e740cd39eb SOURCES/openjdk-17.0.9+9.tar.xz
|
||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
|
@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80
|
||||
+ AC_SUBST(NSS_LIBDIR)
|
||||
+])
|
||||
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
|
||||
index a65d91ee974..a8f054c1397 100644
|
||||
index 366682cf044..1f8d782f419 100644
|
||||
--- a/make/autoconf/libraries.m4
|
||||
+++ b/make/autoconf/libraries.m4
|
||||
@@ -33,6 +33,7 @@ m4_include([lib-std.m4])
|
||||
@ -2508,7 +2508,7 @@ index 00000000000..dc8bc72fccb
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
|
||||
index fab52688c04..29337576f37 100644
|
||||
index 9be02033877..4dd055a9ccf 100644
|
||||
--- a/src/java.base/share/conf/security/java.security
|
||||
+++ b/src/java.base/share/conf/security/java.security
|
||||
@@ -82,6 +82,17 @@ security.provider.tbd=Apple
|
||||
@ -3496,7 +3496,7 @@ index 00000000000..f8d505ca815
|
||||
+}
|
||||
\ No newline at end of file
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||
index 9b69072280e..5696b904979 100644
|
||||
index 0736ce997e4..0a937fef377 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||
@@ -37,6 +37,8 @@ import javax.crypto.*;
|
||||
@ -3518,18 +3518,18 @@ index 9b69072280e..5696b904979 100644
|
||||
private static final long serialVersionUID = -2575874101938349339L;
|
||||
|
||||
private static final String PUBLIC = "public";
|
||||
@@ -136,9 +141,7 @@ abstract class P11Key implements Key, Length {
|
||||
@@ -139,9 +144,7 @@ abstract class P11Key implements Key, Length {
|
||||
this.tokenObject = tokenObject;
|
||||
this.sensitive = sensitive;
|
||||
this.extractable = extractable;
|
||||
- char[] tokenLabel = this.token.tokenInfo.label;
|
||||
- boolean isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
|
||||
- isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
|
||||
- && tokenLabel[2] == 'S');
|
||||
+ boolean isNSS = P11Util.isNSS(this.token);
|
||||
+ isNSS = P11Util.isNSS(this.token);
|
||||
boolean extractKeyInfo = (!DISABLE_NATIVE_KEYS_EXTRACTION && isNSS &&
|
||||
extractable && !tokenObject);
|
||||
this.keyIDHolder = new NativeKeyHolder(this, keyID, session,
|
||||
@@ -379,7 +382,9 @@ abstract class P11Key implements Key, Length {
|
||||
@@ -383,7 +386,9 @@ abstract class P11Key implements Key, Length {
|
||||
new CK_ATTRIBUTE(CKA_SENSITIVE),
|
||||
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
|
||||
});
|
||||
@ -3540,13 +3540,13 @@ index 9b69072280e..5696b904979 100644
|
||||
return new P11PrivateKey
|
||||
(session, keyID, algorithm, keyLength, attributes);
|
||||
} else {
|
||||
@@ -461,7 +466,8 @@ abstract class P11Key implements Key, Length {
|
||||
@@ -465,7 +470,8 @@ abstract class P11Key implements Key, Length {
|
||||
}
|
||||
public String getFormat() {
|
||||
token.ensureValid();
|
||||
- if (sensitive || (extractable == false)) {
|
||||
- if (sensitive || !extractable || (isNSS && tokenObject)) {
|
||||
+ if (!plainKeySupportEnabled &&
|
||||
+ (sensitive || (extractable == false))) {
|
||||
+ (sensitive || !extractable || (isNSS && tokenObject))) {
|
||||
return null;
|
||||
} else {
|
||||
return "RAW";
|
@ -27,7 +27,7 @@
|
||||
# Enable static library builds by default.
|
||||
%bcond_without staticlibs
|
||||
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
|
||||
%bcond_without fresh_libjvm
|
||||
%bcond_with fresh_libjvm
|
||||
# Build with system libraries
|
||||
%bcond_with system_libs
|
||||
|
||||
@ -326,7 +326,7 @@
|
||||
# New Version-String scheme-style defines
|
||||
%global featurever 17
|
||||
%global interimver 0
|
||||
%global updatever 8
|
||||
%global updatever 9
|
||||
%global patchver 0
|
||||
# buildjdkver is usually same as %%{featurever},
|
||||
# but in time of bootstrap of next jdk, it is featurever-1,
|
||||
@ -355,7 +355,7 @@
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
|
||||
%else
|
||||
%if 0%{?rhel}
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
|
||||
%global oj_vendor_bug_url https://access.redhat.com/support/cases/
|
||||
%else
|
||||
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
|
||||
%endif
|
||||
@ -366,14 +366,22 @@
|
||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||
# Define current Git revision for the FIPS support patches
|
||||
%global fipsver bf363eecce3
|
||||
%global fipsver 51e1d00be4e
|
||||
%global javaver %{featurever}
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
|
||||
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
|
||||
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
|
||||
|
||||
# The tag used to create the OpenJDK tarball
|
||||
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
|
||||
|
||||
# Standard JPackage naming and versioning defines
|
||||
%global origin openjdk
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name %{vcstag}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 7
|
||||
%global buildver 9
|
||||
%global rpmrelease 1
|
||||
#%%global tagsuffix %%{nil}
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
@ -388,14 +396,6 @@
|
||||
# for techpreview, using 1, so slowdebugs can have 0
|
||||
%global priority %( printf '%08d' 1 )
|
||||
%endif
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
%global javaver %{featurever}
|
||||
|
||||
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
|
||||
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
|
||||
|
||||
# The tag used to create the OpenJDK tarball
|
||||
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
|
||||
|
||||
# Define milestone (EA for pre-releases, GA for releases)
|
||||
# Release will be (where N is usually a number starting at 1):
|
||||
@ -405,7 +405,7 @@
|
||||
%if %{is_ga}
|
||||
%global build_type GA
|
||||
%global ea_designator ""
|
||||
%global ea_designator_zip ""
|
||||
%global ea_designator_zip %{nil}
|
||||
%global extraver %{nil}
|
||||
%global eaprefix %{nil}
|
||||
%else
|
||||
@ -560,7 +560,7 @@ URL: http://openjdk.java.net/
|
||||
|
||||
|
||||
# The source tarball, generated using generate_source_tarball.sh
|
||||
Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
|
||||
Source0: https://openjdk-sources.osci.io/openjdk%{featurever}/open%{vcstag}%{ea_designator_zip}.tar.xz
|
||||
|
||||
# Use 'icedtea_sync.sh' to update the following
|
||||
# They are based on code contained in the IcedTea project (6.x).
|
||||
@ -659,9 +659,11 @@ Patch1001: fips-17u-%{fipsver}.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
# OpenJDK patches appearing in 17.0.8
|
||||
# OpenJDK patches appearing in 17.0.10
|
||||
#
|
||||
#############################################
|
||||
# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
||||
Patch2000: jdk8312489-max_sig_default_increase.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -737,17 +739,17 @@ BuildRequires: libjpeg-devel
|
||||
BuildRequires: libpng-devel
|
||||
%else
|
||||
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
|
||||
Provides: bundled(freetype) = 2.12.1
|
||||
Provides: bundled(freetype) = 2.13.0
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
|
||||
Provides: bundled(giflib) = 5.2.1
|
||||
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
|
||||
Provides: bundled(harfbuzz) = 7.0.1
|
||||
Provides: bundled(harfbuzz) = 7.2.0
|
||||
# Version in src/java.desktop/share/native/liblcms/lcms2.h
|
||||
Provides: bundled(lcms2) = 2.15.0
|
||||
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
|
||||
Provides: bundled(libjpeg) = 6b
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
|
||||
Provides: bundled(libpng) = 1.6.37
|
||||
Provides: bundled(libpng) = 1.6.39
|
||||
# We link statically against libstdc++ to increase portability
|
||||
BuildRequires: libstdc++-static
|
||||
%endif
|
||||
@ -947,9 +949,12 @@ pushd %{top_level_dir_name}
|
||||
%patch1001 -p1
|
||||
# nss.cfg PKCS11 support; must come last as it also alters java.security
|
||||
%patch1000 -p1
|
||||
# JDK-8312489 backport, coming in 17.0.10
|
||||
%patch2000 -p1
|
||||
# alt-java support
|
||||
%patch600 -p1
|
||||
popd # openjdk
|
||||
|
||||
%patch600
|
||||
|
||||
# The OpenJDK version file includes the current
|
||||
# upstream version information. For some reason,
|
||||
@ -1692,6 +1697,29 @@ done
|
||||
%{_jvmdir}/%{miscportablearchive}.sha256sum
|
||||
|
||||
%changelog
|
||||
* Thu Oct 12 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.9.0.9-1
|
||||
- Update to jdk-17.0.9+9 (GA)
|
||||
- Update release notes to 17.0.9+9
|
||||
- Re-generate FIPS patch against 17.0.9+1 following backport of JDK-8209398
|
||||
- Bump libpng version to 1.6.39 following JDK-8305815
|
||||
- Bump HarfBuzz version to 7.2.0 following JDK-8307301
|
||||
- Bump freetype version to 2.13.0 following JDK-8306881
|
||||
- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal
|
||||
- Sync generate_tarball.sh with 11u version
|
||||
- Update bug URL for RHEL to point to the Red Hat customer portal
|
||||
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
|
||||
- Use upstream release URL for OpenJDK source
|
||||
- Apply all patches using -p1
|
||||
- Temporarily turn off 'fresh_libjvm' due to removal of JVM_IsThreadAlive (JDK-8305425)
|
||||
- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. **
|
||||
|
||||
* Sat Sep 02 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.8.1.1-1
|
||||
- Update to jdk-17.0.8.1+1 (GA)
|
||||
- Update release notes to 17.0.8.1+1
|
||||
- Add backport of JDK-8312489 already upstream in 17.0.10 (see OPENJDK-2095)
|
||||
- Update openjdk_news script to specify subdirectory last
|
||||
- Add missing discover_trees script required by openjdk_news
|
||||
|
||||
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.8.0.7-1
|
||||
- Update to jdk-17.0.8+7 (GA)
|
||||
- Update release notes to 17.0.8+7
|
||||
|
50
SOURCES/jdk8312489-max_sig_default_increase.patch
Normal file
50
SOURCES/jdk8312489-max_sig_default_increase.patch
Normal file
@ -0,0 +1,50 @@
|
||||
commit 5b613e3ebed6c141146e743e64c894fe4f39421e
|
||||
Author: Andrew John Hughes <andrew@openjdk.org>
|
||||
Date: Fri Sep 1 15:53:41 2023 +0000
|
||||
|
||||
8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
||||
|
||||
Backport-of: e47a84f23dd2608c6f5748093eefe301fb5bf750
|
||||
|
||||
diff --git a/src/java.base/share/classes/java/util/jar/JarFile.java b/src/java.base/share/classes/java/util/jar/JarFile.java
|
||||
index bd538649a4f..70cf99504e4 100644
|
||||
--- a/src/java.base/share/classes/java/util/jar/JarFile.java
|
||||
+++ b/src/java.base/share/classes/java/util/jar/JarFile.java
|
||||
@@ -803,7 +803,9 @@ private byte[] getBytes(ZipEntry ze) throws IOException {
|
||||
throw new IOException("Unsupported size: " + uncompressedSize +
|
||||
" for JarEntry " + ze.getName() +
|
||||
". Allowed max size: " +
|
||||
- SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes");
|
||||
+ SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " +
|
||||
+ "You can use the jdk.jar.maxSignatureFileSize " +
|
||||
+ "system property to increase the default value.");
|
||||
}
|
||||
int len = (int)uncompressedSize;
|
||||
int bytesRead;
|
||||
diff --git a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
|
||||
index 4ea9255ba0a..05acdcb9474 100644
|
||||
--- a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
|
||||
+++ b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
|
||||
@@ -856,16 +856,16 @@ private static int initializeMaxSigFileSize() {
|
||||
* the maximum allowed number of bytes for the signature-related files
|
||||
* in a JAR file.
|
||||
*/
|
||||
- Integer tmp = GetIntegerAction.privilegedGetProperty(
|
||||
- "jdk.jar.maxSignatureFileSize", 8000000);
|
||||
+ int tmp = GetIntegerAction.privilegedGetProperty(
|
||||
+ "jdk.jar.maxSignatureFileSize", 16000000);
|
||||
if (tmp < 0 || tmp > MAX_ARRAY_SIZE) {
|
||||
if (debug != null) {
|
||||
- debug.println("Default signature file size 8000000 bytes " +
|
||||
- "is used as the specified size for the " +
|
||||
- "jdk.jar.maxSignatureFileSize system property " +
|
||||
+ debug.println("The default signature file size of 16000000 bytes " +
|
||||
+ "will be used for the jdk.jar.maxSignatureFileSize " +
|
||||
+ "system property since the specified value " +
|
||||
"is out of range: " + tmp);
|
||||
}
|
||||
- tmp = 8000000;
|
||||
+ tmp = 16000000;
|
||||
}
|
||||
return tmp;
|
||||
}
|
Loading…
Reference in New Issue
Block a user