rpms/java-17-openjdk
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to jdk-17.0.3.0+7

Browse Source 
Update release notes to 17.0.3.0+7
Need to include the '.S' suffix in debuginfo checks after JDK-8284661
Explicitly require crypto-policies during build and runtime for system security properties
Make use of the vendor version string to store our version & release rather than an upstream release date
Include a test in the RPM to check the build has the correct vendor information.
Fix issue where CheckVendor.java test erroneously passes when it should fail.
Add proper quoting so '&' is not treated as a special character by the shell.

Resolves: rhbz#2084218
This commit is contained in:
Andrew Hughes 2022-07-17 18:28:01 +01:00
parent a4d2ca79e8
commit c308709d10
5 changed files with 175 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -14,3 +14,4 @@
/openjdk-jdk17u-17usec.17.0.3+5-220408.tar.xz
/openjdk-jdk17u-jdk-17.0.3+7.tar.xz
/openjdk-jdk17u-jdk-17.0.4+1.tar.xz
/openjdk-jdk17u-jdk-17.0.4+7.tar.xz

65
CheckVendor.java Normal file
View File

@ -0,0 +1,65 @@
/* CheckVendor -- Check the vendor properties match specified values.
Copyright (C) 2020 Red Hat, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @test
*/
public class CheckVendor {
public static void main(String[] args) {
if (args.length < 4) {
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL> <VENDOR-VERSION-STRING>");
System.exit(1);
}
String vendor = System.getProperty("java.vendor");
String expectedVendor = args[0];
String vendorURL = System.getProperty("java.vendor.url");
String expectedVendorURL = args[1];
String vendorBugURL = System.getProperty("java.vendor.url.bug");
String expectedVendorBugURL = args[2];
String vendorVersionString = System.getProperty("java.vendor.version");
String expectedVendorVersionString = args[3];
if (!expectedVendor.equals(vendor)) {
System.err.printf("Invalid vendor %s, expected %s\n",
vendor, expectedVendor);
System.exit(2);
}
if (!expectedVendorURL.equals(vendorURL)) {
System.err.printf("Invalid vendor URL %s, expected %s\n",
vendorURL, expectedVendorURL);
System.exit(3);
}
if (!expectedVendorBugURL.equals(vendorBugURL)) {
System.err.printf("Invalid vendor bug URL %s, expected %s\n",
vendorBugURL, expectedVendorBugURL);
System.exit(4);
}
if (!expectedVendorVersionString.equals(vendorVersionString)) {
System.err.printf("Invalid vendor version string %s, expected %s\n",
vendorVersionString, expectedVendorVersionString);
System.exit(5);
}
System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
vendor, vendorURL, vendorBugURL, vendorVersionString);
}
}

52
NEWS
View File

@ -10,8 +10,14 @@ Live versions of these release notes can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.4.txt
* Other changes
- JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn
- JDK-8181571: printing to CUPS fails on mac sandbox app
- JDK-8193682: Infinite loop in ZipOutputStream.close()
- JDK-8206187: javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java fails with Port already in use
- JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test
- JDK-8214733: runtime/8176717/TestInheritFD.java timed out
- JDK-8236136: tests which use CompilationMode shouldn't be run w/ TieredStopAtLevel
- JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
- JDK-8249592: Robot.mouseMove moves cursor to incorrect location when display scale varies and Java runs in DPI Unaware mode
- JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR
- JDK-8255266: Update Public Suffix List to 3c213aa
@ -26,6 +32,7 @@ Live versions of these release notes can be found at:
- JDK-8268231: Aarch64: Use Ldp in intrinsics for String.compareTo
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
- JDK-8268595: java/io/Serializable/serialFilter/GlobalFilterTest.java#id1 failed in timeout
- JDK-8268773: Improvements related to: Failed to start thread - pthread_create failed (EAGAIN)
- JDK-8268906: gc/g1/mixedgc/TestOldGenCollectionUsage.java assumes that GCs take 1ms minimum
- JDK-8269077: TestSystemGC uses "require vm.gc.G1" for large pages subtest
- JDK-8269129: Multiple tier1 tests in hotspot/jtreg/compiler are failing for client VMs
@ -60,6 +67,7 @@ Live versions of these release notes can be found at:
- JDK-8274233: Minor cleanup for ToolBox
- JDK-8274244: ReportOnImportedModuleAnnotation.java fails on rerun
- JDK-8274561: sun/net/ftp/TestFtpTimeValue.java timed out on slow machines
- JDK-8274687: JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend
- JDK-8274735: javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image
- JDK-8274751: Drag And Drop hangs on Windows
- JDK-8274855: vectorapi tests failing with assert(!vbox->is_Phi()) failed
@ -125,6 +133,7 @@ Live versions of these release notes can be found at:
- JDK-8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
- JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest clang
- JDK-8280543: Update the "java" and "jcmd" tool specification for CDS
- JDK-8280593: [PPC64, S390] redundant allocation of MacroAssembler in StubGenerator ctor
- JDK-8280600: C2: assert(!had_error) failed: bad dominance
- JDK-8280684: JfrRecorderService failes with guarantee(num_written > 0) when no space left on device.
- JDK-8280799: С2: assert(false) failed: cyclic dependency prevents range check elimination
@ -150,8 +159,10 @@ Live versions of these release notes can be found at:
- JDK-8281771: Crash in java_lang_invoke_MethodType::print_signature
- JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after JDK-8280799
- JDK-8281822: Test failures on non-DTrace builds due to incomplete DTrace* flags handling
- JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder
- JDK-8282045: When loop strip mining fails, safepoints are removed from loop anyway
- JDK-8282142: [TestCase] compiler/inlining/ResolvedClassTest.java will fail when --with-jvm-features=-compiler1
- JDK-8282170: JVMTI SetBreakpoint metaspace allocation test
- JDK-8282172: CompileBroker::log_metaspace_failure is called from non-Java/compiler threads
- JDK-8282225: GHA: Allow one concurrent run per PR only
- JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
@ -160,6 +171,7 @@ Live versions of these release notes can be found at:
- JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic on x86
- JDK-8282345: handle latest VS2022 in abstract_vm_version
- JDK-8282382: Report glibc malloc tunables in error reports
- JDK-8282422: JTable.print() failed with UnsupportedCharsetException on AIX ko_KR locale
- JDK-8282444: Module finder incorrectly assumes default file system path-separator character
- JDK-8282499: Bump update version for OpenJDK: jdk-17.0.4
- JDK-8282509: [exploded image] ResolvedClassTest fails with similar output
@ -170,31 +182,71 @@ Live versions of these release notes can be found at:
- JDK-8282628: Potential memory leak in sun.font.FontConfigManager.getFontConfig()
- JDK-8282874: Bad performance on gather/scatter API caused by different IntSpecies of indexMap
- JDK-8282887: Potential memory leak in sun.util.locale.provider.HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
- JDK-8282929: Localized monetary symbols are not reflected in `toLocalizedPattern` return value
- JDK-8283017: GHA: Workflows break with update release versions
- JDK-8283187: C2: loop candidate for superword not always unrolled fully if superword fails
- JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in fontpath.c
- JDK-8283249: CompressedClassPointers.java fails on ppc with 'Narrow klass shift: 0' missing
- JDK-8283279: [Testbug] Improve TestGetSwapSpaceSize
- JDK-8283315: jrt-fs.jar not always deterministically built
- JDK-8283323: libharfbuzz optimization level results in extreme build times
- JDK-8283347: [macos] Bad JNI lookup accessibilityHitTest is shown when Screen magnifier is enabled
- JDK-8283350: (tz) Update Timezone Data to 2022a
- JDK-8283408: Fix a C2 crash when filling arrays with unsafe
- JDK-8283422: Create a new test for JDK-8254790
- JDK-8283451: C2: assert(_base == Long) failed: Not a Long
- JDK-8283469: Don't use memset to initialize members in FileMapInfo and fix memory leak
- JDK-8283497: [windows] print TMP and TEMP in hs_err and VM.info
- JDK-8283641: Large value for CompileThresholdScaling causes assert
- JDK-8283725: Launching java with "-Xlog:gc*=trace,safepoint*=trace,class*=trace" crashes the JVM
- JDK-8283834: Unmappable character for US-ASCII encoding in TestPredicateInputBelowLoopPredicate
- JDK-8284023: java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
- JDK-8284033: Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
- JDK-8284094: Memory leak in invoker_completeInvokeRequest()
- JDK-8284369: TestFailedAllocationBadGraph fails with -XX:TieredStopAtLevel < 4
- JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer
- JDK-8284437: Building from different users/workspace is not always deterministic
- JDK-8284458: CodeHeapState::aggregate() leaks blob_name
- JDK-8284507: GHA: Only check test results if testing was not skipped
- JDK-8284532: Memory leak in BitSet::BitMapFragmentTable in JFR leak profiler
- JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
- JDK-8284603: [17u] Update Boot JDK used in GHA to 17.0.2
- JDK-8284620: CodeBuffer may leak _overflow_arena
- JDK-8284622: Update versions of some Github Actions used in JDK workflow
- JDK-8284661: Reproducible assembly builds without relative linking
- JDK-8284754: print more interesting env variables in hs_err and VM.info
- JDK-8284758: [linux] improve print_container_info
- JDK-8284848: C2: Compiler blackhole arguments should be treated as globally escaping
- JDK-8284866: Add test to JDK-8273056
- JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java
- JDK-8284992: Fix misleading Vector API doc for LSHR operator
- JDK-8285342: Zero build failure with clang due to values not handled in switch
- JDK-8285394: Compiler blackholes can be eliminated due to stale ciMethod::intrinsic_id()
- JDK-8285397: JNI exception pending in CUPSfuncs.c:250
- JDK-8285445: cannot open file "NUL:"
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
- JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java
- JDK-8285686: Update FreeType to 2.12.0
- JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with version from head
- JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head
- JDK-8285728: Alpine Linux build fails with busybox tar
- JDK-8285828: runtime/execstack/TestCheckJDK.java fails with zipped debug symbols
- JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/AttachReturnError.java fails on Alpine
- JDK-8285956: (fs) Excessive default poll interval in PollingWatchService
- JDK-8286013: Incorrect test configurations for compiler/stable/TestStableShort.java
- JDK-8286029: Add classpath exemption to globals_vectorApiSupport_***.S.inc
- JDK-8286198: [linux] Fix process-memory information
- JDK-8286293: Tests ShortResponseBody and ShortResponseBodyWithRetry should use less resources
- JDK-8286444: javac errors after JDK-8251329 are not helpful enough to find root cause
- JDK-8286594: (zipfs) Mention paths with dot elements in ZipException and cleanups
- JDK-8286601: Mac Aarch: Excessive warnings to be ignored for build jdk
- JDK-8286855: javac error on invalid jar should only print filename
- JDK-8287109: Distrust.java failed with CertificateExpiredException
- JDK-8287119: Add Distrust.java to ProblemList
- JDK-8287162: (zipfs) Performance regression related to support for POSIX file permissions
- JDK-8287336: GHA: Workflows break on patch versions
- JDK-8287362: FieldAccessWatch testcase failed on AIX platform
- JDK-8287378: GHA: Update cygwin to fix issues in langtools tests on Windows
Notes on individual issues:
===========================

85
java-17-openjdk.spec
View File

@ -307,10 +307,6 @@
%global interimver 0
%global updatever 4
%global patchver 0
# If you bump featurever, you must also bump vendor_version_string
# Used via new version scheme. JDK 17 was
# GA'ed in September 2021 => 21.9
%global vendor_version_string 21.9
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
# and this it is better to change it here, on single place
@ -325,6 +321,27 @@
%global lts_designator_zip ""
%endif
# Define vendor information used by OpenJDK
%global oj_vendor Red Hat, Inc.
%global oj_vendor_url https://www.redhat.com/
# Define what url should JVM offer in case of a crash report
# order may be important, epel may have rhel declared
%if 0%{?epel}
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel}
%else
%if 0%{?fedora}
# Does not work for rawhide, keeps the version field empty
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
%else
%if 0%{?rhel}
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
%else
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
%endif
%endif
%endif
%global oj_vendor_version (Red_Hat-%{version}-%{release})
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
@ -335,7 +352,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 1
%global buildver 7
%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@ -377,23 +394,6 @@
%global eaprefix 0.
%endif
# Define what url should JVM offer in case of a crash report
# order may be important, epel may have rhel declared
%if 0%{?epel}
%global bugs https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel}
%else
%if 0%{?fedora}
# Does not work for rawhide, keeps the version field empty
%global bugs https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
%else
%if 0%{?rhel}
%global bugs https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
%else
%global bugs https://bugzilla.redhat.com/enter_bug.cgi
%endif
%endif
%endif
# parametrized macros are order-sensitive
%global compatiblename java-%{featurever}-%{origin}
%global fullversion %{compatiblename}-%{version}-%{release}
@ -1119,6 +1119,8 @@ OrderWithRequires: copy-jdk-configs
%endif
# for printing support
Requires: cups-libs
# for system security properties
Requires: crypto-policies
# for FIPS PKCS11 provider
Requires: nss
# Post requires alternatives to install tool alternatives
@ -1293,6 +1295,9 @@ Source14: TestECDSA.java
# Verify system crypto (policy) can be disabled via a property
Source15: TestSecurityProperties.java
# Ensure vendor settings are correct
Source16: CheckVendor.java
# nss fips configuration file
Source17: nss.fips.cfg.in
@ -1382,6 +1387,8 @@ BuildRequires: libXt-devel
BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel
# Requirement for system security property test
BuildRequires: crypto-policies
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@ -1710,6 +1717,8 @@ The %{origin_nice} %{featurever} API documentation compressed in a single archiv
%prep
echo "Preparing %{oj_vendor_version}"
# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
%if 0%{?stapinstall:1}
echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
@ -1905,11 +1914,11 @@ function buildjdk() {
--with-version-build=%{buildver} \
--with-version-pre="%{ea_designator}" \
--with-version-opt=%{lts_designator} \
--with-vendor-version-string="%{vendor_version_string}" \
--with-vendor-name="Red Hat, Inc." \
--with-vendor-url="https://www.redhat.com/" \
--with-vendor-bug-url="%{bugs}" \
--with-vendor-vm-bug-url="%{bugs}" \
--with-vendor-version-string="%{oj_vendor_version}" \
--with-vendor-name="%{oj_vendor}" \
--with-vendor-url="%{oj_vendor_url}" \
--with-vendor-bug-url="%{oj_vendor_bug_url}" \
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
--with-native-debug-symbols="%{debug_symbols}" \
@ -2014,9 +2023,9 @@ function debugcheckjdk() {
IFS=$'\n'
for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
do
# We expect to see .cpp files, except for architectures like aarch64 and
# We expect to see .cpp and .S files, except for architectures like aarch64 and
# s390 where we expect .o and .oS files
echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|S|oS))?$"
done
IFS="$old_IFS"
@ -2294,6 +2303,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
%endif
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}"
%if %{include_staticlibs}
# Check debug symbols in static libraries (smoke test)
export STATIC_LIBS_HOME=${JAVA_HOME}/%{static_libs_install_dir}
@ -2561,6 +2574,20 @@ cjc.mainProgram(args)
%endif
%changelog
* Sat Jul 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.1.ea
- Update to jdk-17.0.3.0+7
- Update release notes to 17.0.3.0+7
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
- Explicitly require crypto-policies during build and runtime for system security properties
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
- Resolves: rhbz#2084218
* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Related: rhbz#2084218
* Tue Jul 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.1-0.1.ea
- Update to jdk-17.0.4.0+1
- Update release notes to 17.0.4.0+1

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-jdk17u-jdk-17.0.4+1.tar.xz) = 4ec0d557f9b7bdee4987b4f19c90ea8b986f9d29c87f3a526021d144ab7d39eecddf1e926fedf31f4b0fb1936d689c76886bab08400badd50d035cb4ba38c3b1
SHA512 (openjdk-jdk17u-jdk-17.0.4+7.tar.xz) = ddc6823a8c7a8fd0d3a126aa0180876f32e24ba7e6e900bd1103b19661467296dc828e564d9f63378a57f1e06922cb083f3ede78858eab33b3a2e43570a32419