Compare commits
No commits in common. "c8-beta" and "c9-beta" have entirely different histories.
@ -1127,7 +1127,7 @@ Requires: lksctp-tools%{?_isa}
|
||||
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
|
||||
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
|
||||
# considered as regression
|
||||
Requires: copy-jdk-configs >= 3.3
|
||||
Requires: copy-jdk-configs >= 4.0
|
||||
OrderWithRequires: copy-jdk-configs
|
||||
%endif
|
||||
# for printing support
|
||||
@ -1375,7 +1375,7 @@ Patch1001: fips-17u-%{fipsver}.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
# OpenJDK patches appearing in 17.0.5
|
||||
# OpenJDK patches appearing in 17.0.3
|
||||
#
|
||||
#############################################
|
||||
|
||||
@ -2423,9 +2423,10 @@ else
|
||||
return
|
||||
end
|
||||
end
|
||||
-- run content of included file with fake args
|
||||
arg = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
|
||||
require "copy_jdk_configs.lua"
|
||||
arg = nil ; -- it is better to null the arg up, no meter if they exists or not, and use cjc as module in unified way, instead of relaying on "main" method during require "copy_jdk_configs.lua"
|
||||
cjc = require "copy_jdk_configs.lua"
|
||||
args = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
|
||||
cjc.mainProgram(args)
|
||||
|
||||
%post
|
||||
%{post_script %{nil}}
|
||||
@ -2627,7 +2628,7 @@ require "copy_jdk_configs.lua"
|
||||
- Drop local copy of JDK-8293834 now this is upstream
|
||||
- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
|
||||
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
|
||||
- Resolves: rhbz#2150195
|
||||
- Resolves: rhbz#2150198
|
||||
|
||||
* Sat Dec 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.1-0.3.ea
|
||||
- Update to jdk-17.0.6+1
|
||||
@ -2637,7 +2638,7 @@ require "copy_jdk_configs.lua"
|
||||
- Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
|
||||
- Drop JDK-8275535 local patch now this has been accepted and backported upstream
|
||||
- Bump tzdata requirement to 2022e now the package is available in RHEL
|
||||
- Related: rhbz#2150195
|
||||
- Related: rhbz#2150198
|
||||
|
||||
* Wed Nov 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-5
|
||||
- Update FIPS support to bring in latest changes
|
||||
@ -2645,7 +2646,7 @@ require "copy_jdk_configs.lua"
|
||||
- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||
- * Remove forgotten dead code from RH2020290 and RH2104724
|
||||
- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
|
||||
- Resolves: rhbz#2117972
|
||||
- Resolves: rhbz#2118493
|
||||
|
||||
* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-2
|
||||
- Update to jdk-17.0.5+8 (GA)
|
||||
@ -2662,8 +2663,7 @@ require "copy_jdk_configs.lua"
|
||||
* Tue Oct 04 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.7-0.2.ea
|
||||
- Update to jdk-17.0.5+7
|
||||
- Update release notes to 17.0.5+7
|
||||
- Drop JDK-8288985 patch that is now upstream
|
||||
- Resolves: rhbz#2130617
|
||||
- Resolves: rhbz#2130622
|
||||
|
||||
* Mon Oct 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.1-0.2.ea
|
||||
- Update to jdk-17.0.5+1
|
||||
@ -2671,21 +2671,16 @@ require "copy_jdk_configs.lua"
|
||||
- Switch to EA mode for 17.0.5 pre-release builds.
|
||||
- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
|
||||
- Bump FreeType bundled version to 2.12.1 following JDK-8290334
|
||||
- Related: rhbz#2130617
|
||||
|
||||
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-6
|
||||
- Backport JDK-8288985 to enable use of ChaCha20-Poly1305 with the PKCS11 provider
|
||||
- Upstream backport in progress: https://github.com/openjdk/jdk17u-dev/pull/650
|
||||
- Resolves: rhbz#2006351
|
||||
- Related: rhbz#2130622
|
||||
|
||||
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-5
|
||||
- Switch to static builds, reducing system dependencies and making build more portable
|
||||
- Resolves: rhbz#2121263
|
||||
- Resolves: rhbz#2121268
|
||||
|
||||
* Mon Aug 29 2022 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.4.1.1-4
|
||||
- Fix flatpak builds (catering for their uncompressed manual pages)
|
||||
- Fix flatpak builds by exempting them from bootstrap
|
||||
- Resolves: rhbz#2102734
|
||||
- Resolves: rhbz#2102726
|
||||
|
||||
* Mon Aug 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-3
|
||||
- Update FIPS support to bring in latest changes
|
||||
@ -2694,23 +2689,23 @@ require "copy_jdk_configs.lua"
|
||||
- * Build the systemconf library on all platforms
|
||||
- * RH2048582: Support PKCS#12 keystores
|
||||
- * RH2020290: Support TLS 1.3 in FIPS mode
|
||||
- Resolves: rhbz#2104724
|
||||
- Resolves: rhbz#2092507
|
||||
- Resolves: rhbz#2048582
|
||||
- Resolves: rhbz#2020290
|
||||
- Resolves: rhbz#2104725
|
||||
- Resolves: rhbz#2117758
|
||||
- Resolves: rhbz#2115164
|
||||
- Resolves: rhbz#2029665
|
||||
|
||||
* Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
|
||||
- Update to jdk-17.0.4.1+1
|
||||
- Update release notes to 17.0.4.1+1
|
||||
- Add patch to provide translations for Europe/Kyiv added in tzdata2022b
|
||||
- Add test to ensure timezones can be translated
|
||||
- Resolves: rhbz#2119531
|
||||
- Resolves: rhbz#2119532
|
||||
|
||||
* Fri Jul 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.8-3
|
||||
- Update to jdk-17.0.4.0+8
|
||||
- Update release notes to 17.0.4.0+8
|
||||
- Switch to GA mode for release
|
||||
- Resolves: rhbz#2106522
|
||||
- Resolves: rhbz#2106524
|
||||
|
||||
* Wed Jul 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.2.ea
|
||||
- Revert the following changes until copy-java-configs has adapted to relative symlinks:
|
||||
@ -2720,58 +2715,56 @@ require "copy_jdk_configs.lua"
|
||||
- * Use relative symlinks so they work within the image
|
||||
- * Run debug symbols check during build stage, before the install strips them
|
||||
- The move of turning on system security properties is retained so we don't ship with them off
|
||||
- Related: rhbz#2100674
|
||||
|
||||
* Wed Jul 20 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.4.0.7-0.2.ea
|
||||
- retutrned absolute symlinks
|
||||
- relative symlinks are breaking cjc, and deeper investigations are necessary
|
||||
-- why cjc intentionally skips relative symllinks
|
||||
- images have to be workarounded differently
|
||||
- Related: rhbz#2100674
|
||||
- Related: rhbz#2084218
|
||||
|
||||
* Sat Jul 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.1.ea
|
||||
- Update to jdk-17.0.4.0+7
|
||||
- Update release notes to 17.0.4.0+7
|
||||
- Switch to EA mode for 17.0.4 pre-release builds.
|
||||
- Update to jdk-17.0.3.0+7
|
||||
- Update release notes to 17.0.3.0+7
|
||||
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
|
||||
- Explicitly require crypto-policies during build and runtime for system security properties
|
||||
- Make use of the vendor version string to store our version & release rather than an upstream release date
|
||||
- Include a test in the RPM to check the build has the correct vendor information.
|
||||
- Resolves: rhbz#2084218
|
||||
|
||||
* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
|
||||
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
|
||||
- Add proper quoting so '&' is not treated as a special character by the shell.
|
||||
- Related: rhbz#2084218
|
||||
|
||||
* Tue Jul 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.1-0.1.ea
|
||||
- Update to jdk-17.0.4.0+1
|
||||
- Update release notes to 17.0.4.0+1
|
||||
- Switch to EA mode for 17.0.4 pre-release builds.
|
||||
- Print release file during build, which should now include a correct SOURCE value from .src-rev
|
||||
- Update tarball script with IcedTea GitHub URL and .src-rev generation
|
||||
- Include script to generate bug list for release notes
|
||||
- Update tzdata requirement to 2022a to match JDK-8283350
|
||||
- Move EA designator check to prep so failures can be caught earlier
|
||||
- Make EA designator check non-fatal while upstream is not maintaining it
|
||||
- Explicitly require crypto-policies during build and runtime for system security properties
|
||||
- Make use of the vendor version string to store our version & release rather than an upstream release date
|
||||
- Include a test in the RPM to check the build has the correct vendor information.
|
||||
- Resolves: rhbz#2083316
|
||||
- Related: rhbz#2084218
|
||||
|
||||
* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
|
||||
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
|
||||
- Add proper quoting so '&' is not treated as a special character by the shell.
|
||||
- Related: rhbz#2083316
|
||||
|
||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
|
||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
|
||||
- Fix whitespace in spec file
|
||||
- Related: rhbz#2100674
|
||||
- Related: rhbz#2100677
|
||||
|
||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
|
||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
|
||||
- Sequence spec file sections as they are run by rpmbuild (build, install then test)
|
||||
- Related: rhbz#2100674
|
||||
- Related: rhbz#2100677
|
||||
|
||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
|
||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
|
||||
- Turn on system security properties as part of the build's install section
|
||||
- Move cacerts replacement to install section and retain original of this and tzdb.dat
|
||||
- Run tests on the installed image, rather than the build image
|
||||
- Introduce variables to refer to the static library installation directories
|
||||
- Use relative symlinks so they work within the image
|
||||
- Run debug symbols check during build stage, before the install strips them
|
||||
- Related: rhbz#2100674
|
||||
- Related: rhbz#2100677
|
||||
|
||||
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-5
|
||||
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-4
|
||||
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
|
||||
- Resolves: rhbz#2007331
|
||||
- Resolves: rhbz#2102433
|
||||
|
||||
* Tue Jun 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-4
|
||||
* Wed Jun 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-3
|
||||
- Update FIPS support to bring in latest changes
|
||||
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
|
||||
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
|
||||
@ -2779,64 +2772,51 @@ require "copy_jdk_configs.lua"
|
||||
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
|
||||
- Improve security properties test to check both enabled and disabled behaviour
|
||||
- Run security properties test with property debugging on
|
||||
- Resolves: rhbz#2099840
|
||||
- Resolves: rhbz#2100674
|
||||
|
||||
* Tue Jun 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-3
|
||||
- Add rpminspect.yaml to turn off Java bytecode inspections
|
||||
- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
|
||||
- Resolves: rhbz#2101524
|
||||
- Resolves: rhbz#2099844
|
||||
- Resolves: rhbz#2100677
|
||||
|
||||
* Sun Jun 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-2
|
||||
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
|
||||
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
|
||||
- RH2023467: Enable FIPS keys export
|
||||
- RH2094027: SunEC runtime permission for FIPS
|
||||
- Resolves: rhbz#2023467
|
||||
- Resolves: rhbz#2094027
|
||||
- Resolves: rhbz#2029657
|
||||
- Resolves: rhbz#2096117
|
||||
|
||||
* Wed Apr 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-1
|
||||
- April 2022 security update to jdk 17.0.3+7
|
||||
- Update to jdk-17.0.3.0+7 release tarball
|
||||
- April 2022 security update to jdk 17.0.3+6
|
||||
- Update to jdk-17.0.3.0+6 pre-release tarball (17usec.17.0.3+5-220408)
|
||||
- Add JDK-8284548 regression fix missing from pre-release tarball but in jdk-17.0.3+6/jdk-17.0.3-ga
|
||||
- Update release notes to 17.0.3.0+6
|
||||
- Add missing README.md and generate_source_tarball.sh
|
||||
- Switch to GA mode for release
|
||||
- JDK-8283911 patch no longer needed now we're GA...
|
||||
- Resolves: rhbz#2073577
|
||||
- Resolves: rhbz#2073579
|
||||
|
||||
* Wed Apr 06 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.5-0.1.ea
|
||||
- Update to jdk-17.0.3.0+5
|
||||
- Update release notes to 17.0.3.0+5
|
||||
- Resolves: rhbz#2050456
|
||||
- Resolves: rhbz#2050460
|
||||
|
||||
* Tue Mar 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.1-0.1.ea
|
||||
- Update to jdk-17.0.3.0+1
|
||||
- Update release notes to 17.0.3.0+1
|
||||
- Switch to EA mode for 17.0.3 pre-release builds.
|
||||
- Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
|
||||
- Related: rhbz#2050456
|
||||
- Related: rhbz#2050460
|
||||
|
||||
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-15
|
||||
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-13
|
||||
- Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
|
||||
- Resolves: rhbz#2052070
|
||||
- Resolves: rhbz#2055383
|
||||
|
||||
* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-14
|
||||
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-12
|
||||
- Add rpminspect.yaml to turn off Java bytecode inspections
|
||||
- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
|
||||
- Resolves: rhbz#2023540
|
||||
|
||||
* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-11
|
||||
- Introduce tests/tests.yml, based on the one in java-11-openjdk
|
||||
- Resolves: rhbz#2058493
|
||||
|
||||
* Sun Feb 27 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.2.0.8-13
|
||||
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
|
||||
secmod.db file as part of nss
|
||||
- Resolves: rhbz#2023536
|
||||
|
||||
* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-12
|
||||
- Detect NSS at runtime for FIPS detection
|
||||
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
|
||||
- Resolves: rhbz#2051605
|
||||
|
||||
* Fri Feb 25 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-11
|
||||
- Add JDK-8275535 patch to fix LDAP authentication issue.
|
||||
- Resolves: rhbz#2053256
|
||||
- Resolves: rhbz#2058490
|
||||
|
||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-10
|
||||
- Storing and restoring alterntives during update manually
|
||||
@ -2848,28 +2828,30 @@ require "copy_jdk_configs.lua"
|
||||
-- the selection in family
|
||||
-- Thus this fix, is storing the family of manually selected master, and if
|
||||
-- stored, then it is restoring the family of the master
|
||||
- Resolves: rhbz#2008200
|
||||
- Resolves: rhbz#2008206
|
||||
|
||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-9
|
||||
- Family extracted to globals
|
||||
- Resolves: rhbz#2008200
|
||||
- Related: rhbz#2008206
|
||||
|
||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-8
|
||||
- alternatives creation moved to posttrans
|
||||
- Thus fixing the old reisntall issue:
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
|
||||
- Resolves: rhbz#2008200
|
||||
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-8
|
||||
- Detect NSS at runtime for FIPS detection
|
||||
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
|
||||
- Resolves: rhbz#2052829
|
||||
|
||||
* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-7
|
||||
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-7
|
||||
- Add JDK-8275535 patch to fix LDAP authentication issue.
|
||||
- Resolves: rhbz#2053521
|
||||
|
||||
* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-6
|
||||
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
|
||||
- Resolves: rhbz#2051590
|
||||
- Resolves: rhbz#2052819
|
||||
|
||||
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-6
|
||||
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-5
|
||||
- Fix FIPS issues in native code and with initialisation of java.security.Security
|
||||
- Resolves: rhbz#2023378
|
||||
- Resolves: rhbz#2023531
|
||||
|
||||
* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-5
|
||||
* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-4
|
||||
- Restructure the build so a minimal initial build is then used for the final build (with docs)
|
||||
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
|
||||
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
|
||||
@ -2882,92 +2864,108 @@ require "copy_jdk_configs.lua"
|
||||
- Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
|
||||
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
|
||||
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
|
||||
- Resolves: rhbz#2022822
|
||||
- Resolves: rhbz#2022826
|
||||
|
||||
* Thu Feb 17 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-5
|
||||
* Thu Feb 17 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-4
|
||||
- Replaced tabs by sets of spaces to make rpmlint happy
|
||||
- javadoc-zip gets its own provides next to plain javadoc ones
|
||||
- Resolves: rhbz#2022822
|
||||
- Resolves: rhbz#2022826
|
||||
|
||||
* Tue Feb 08 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-4
|
||||
* Wed Feb 16 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-3
|
||||
- Minor cosmetic improvements to make spec more comparable between variants
|
||||
- Related: rhbz#2022822
|
||||
- Related: rhbz#2022826
|
||||
|
||||
* Thu Feb 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-3
|
||||
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2
|
||||
- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
|
||||
- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
|
||||
- Related: rhbz#2022822
|
||||
- Related: rhbz#2022826
|
||||
|
||||
* Thu Feb 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2
|
||||
- Extend LTS check to exclude EPEL.
|
||||
- Related: rhbz#2022822
|
||||
|
||||
* Thu Feb 03 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.2.0.8-2
|
||||
- Set LTS designator.
|
||||
- Related: rhbz#2022822
|
||||
|
||||
* Wed Jan 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-1
|
||||
* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-1
|
||||
- January 2022 security update to jdk 17.0.2+8
|
||||
- Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
|
||||
- Rename libsvml.so to libjsvml.so following JDK-8276025
|
||||
- Resolves: rhbz#2039366
|
||||
- Drop JDK-8276572 patch which is now upstream
|
||||
- Resolves: rhbz#2039392
|
||||
|
||||
* Thu Oct 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-3
|
||||
* Thu Feb 10 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-3
|
||||
- Sync desktop files with upstream IcedTea release 3.15.0 using new script
|
||||
- Related: rhbz#2013842
|
||||
- Related: rhbz#2022826
|
||||
|
||||
* Tue Oct 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-2
|
||||
- Drop JDK-8272332/RH2004078 patch which is upstream in 17.0.1
|
||||
- Resolves: rhbz#2013842
|
||||
* Mon Nov 29 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.1.0.12-2
|
||||
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
|
||||
secmod.db file as part of nss
|
||||
- Resolves: rhbz#2023537
|
||||
|
||||
* Wed Oct 20 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-2
|
||||
* Tue Nov 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-1
|
||||
- Drop JDK-8272332 patch now included upstream.
|
||||
- Resolves: rhbz#2013846
|
||||
|
||||
* Tue Nov 16 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-1
|
||||
- October CPU update to jdk 17.0.1+12
|
||||
- Dropped commented-out source line
|
||||
- Resolves: rhbz#2013842
|
||||
- Resolves: rhbz#2013846
|
||||
|
||||
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-6
|
||||
* Tue Nov 09 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-8
|
||||
- Extend LTS check to exclude EPEL.
|
||||
- Related: rhbz#2013846
|
||||
|
||||
* Tue Nov 09 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.35-8
|
||||
- Set LTS designator.
|
||||
- Related: rhbz#2013846
|
||||
|
||||
* Mon Nov 08 2021 Jiri Vanek <jvanek@redhat.com> - 1:17.0.0.0.35-7
|
||||
- alternatives creation moved to posttrans
|
||||
- Thus fixing the old reinstall issue:
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
|
||||
- Resolves: rhbz#2008206
|
||||
|
||||
* Fri Nov 05 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-6
|
||||
- Patch syslookup.c so it actually has some code to be compiled into libsyslookup
|
||||
- Related: rhbz#2013846
|
||||
|
||||
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5
|
||||
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
|
||||
- Resolves: rhbz#1994661
|
||||
- Resolves: rhbz#1994682
|
||||
|
||||
* Sun Oct 10 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.35-6
|
||||
* Sun Oct 10 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.35-5
|
||||
- Add patch to allow plain key import.
|
||||
- Resolves: rhbz#1994661
|
||||
- Resolves: rhbz#1994682
|
||||
|
||||
* Mon Sep 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5
|
||||
* Mon Sep 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-4
|
||||
- Update release notes to document the major changes between OpenJDK 11 & 17.
|
||||
- Resolves: rhbz#2003072
|
||||
- Resolves: rhbz#2000925
|
||||
|
||||
* Thu Sep 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-3
|
||||
- Update to jdk-17+35, also known as jdk-17-ga.
|
||||
- Switch to GA mode.
|
||||
- Add JDK-8272332 fix so we actually link against HarfBuzz.
|
||||
- Resolves: rhbz#2003072
|
||||
- Resolves: rhbz#2004078
|
||||
- Resolves: rhbz#2000925
|
||||
|
||||
* Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.5.ea
|
||||
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
|
||||
- Resolves: rhbz#1996182
|
||||
- Resolves: rhbz#1997359
|
||||
|
||||
* Sat Aug 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.4.ea
|
||||
- Fix unused function compiler warning found in systemconf.c
|
||||
- Related: rhbz#1995150
|
||||
- Related: rhbz#1995889
|
||||
|
||||
* Sat Aug 28 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.4.ea
|
||||
- Add patch to login to the NSS software token when in FIPS mode.
|
||||
- Resolves: rhbz#1996182
|
||||
- Resolves: rhbz#1997359
|
||||
|
||||
* Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.3.ea
|
||||
- Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
|
||||
- Resolves: rhbz#1995150
|
||||
- Resolves: rhbz#1995889
|
||||
|
||||
* Fri Aug 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.2.ea
|
||||
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
|
||||
- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
|
||||
- Related: rhbz#1995150
|
||||
- Related: rhbz#1995889
|
||||
|
||||
* Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.2.ea
|
||||
- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
|
||||
- Related: rhbz#1995150
|
||||
- Related: rhbz#1995889
|
||||
|
||||
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.1.ea
|
||||
- Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
|
||||
@ -2978,51 +2976,56 @@ require "copy_jdk_configs.lua"
|
||||
- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
|
||||
- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
|
||||
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
|
||||
- Related: rhbz#1995150
|
||||
- Related: rhbz#1995889
|
||||
|
||||
* Thu Aug 26 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.1.ea
|
||||
- Support the FIPS mode crypto policy (RH1655466)
|
||||
- Use appropriate keystore types when in FIPS mode (RH1818909)
|
||||
- Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
|
||||
- Related: rhbz#1995150
|
||||
- Related: rhbz#1995889
|
||||
|
||||
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.0.ea
|
||||
- Update to jdk-17+33, including JDWP fix and July 2021 CPU
|
||||
- Resolves: rhbz#1959487
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.5.ea
|
||||
- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
|
||||
- Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
|
||||
- Resolves: rhbz#1959487
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Wed Aug 25 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.4.ea
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:17.0.0.0.26-0.4.ea.1
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
* Wed Jul 14 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.4.ea
|
||||
- Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch which made the SunPKCS provider show up again
|
||||
- Resolves: rhbz#1959487
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Wed Aug 25 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.3.ea
|
||||
- Re-enable TestSecurityProperties after inclusion of PR3695
|
||||
- Resolves: rhbz#1959487
|
||||
|
||||
* Wed Aug 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.3.ea
|
||||
- Add PR3695 to allow the system crypto policy to be turned off
|
||||
- Resolves: rhbz#1959487
|
||||
|
||||
* Wed Jul 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
||||
- Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot.
|
||||
- Resolves: rhbz#1959487
|
||||
|
||||
* Wed Jul 14 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
||||
- Update buildjdkver to 17 so as to build with itself
|
||||
- Resolves: rhbz#1959487
|
||||
|
||||
* Tue Jul 13 2021 Jiri Vanek <jvanek@redhat.com> - 1:17.0.0.0.26-0.1.ea
|
||||
* Tue Jul 13 2021 Jiri Vanek <pmikova@redhat.com> - 1:17.0.0.0.26-0.3.ea
|
||||
- Add gating support
|
||||
- Resolves: rhbz#1959487
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Fri Jun 25 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
||||
- Re-enable TestSecurityProperties after inclusion of PR3695
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Fri Jun 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
||||
- Add PR3695 to allow the system crypto policy to be turned off
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Fri Jun 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.1.ea
|
||||
- Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot.
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Thu Jun 24 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.1.ea
|
||||
- Update buildjdkver to 17 so as to build with itself
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Mon Jun 21 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.0.ea
|
||||
- Rename as java-17-openjdk and bootstrap using boot JDK in local sources
|
||||
- Rename to java-17-openjdk and bootstrap using boot JDK in local sources
|
||||
- Exclude x86 as this is not supported by OpenJDK 17
|
||||
- Resolves: rhbz#1959487
|
||||
- Use unzip to test src.zip to avoid looking for jar on path
|
||||
- Resolves: rhbz#1870625
|
||||
|
||||
* Fri Jun 11 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.0.ea.rolling
|
||||
- update sources to jdk 17.0.0+26
|
||||
@ -3036,6 +3039,9 @@ require "copy_jdk_configs.lua"
|
||||
- add lib/libsvml.so for intel
|
||||
- skip debuginfo check for libsyslookup.so on s390x
|
||||
|
||||
* Fri May 07 2021 Jiri Vanek <jvanek@redhat.com> - 1:16.0.1.0.9-2.rolling
|
||||
- removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction
|
||||
|
||||
* Thu Apr 29 2021 Jiri Vanek <jvanek@redhat.com> - 1:16.0.1.0.9-2.rolling
|
||||
- adapted to debug handling in newer cjc
|
||||
- The rest of the "rpm 4.17" patch must NOT be backported, as on rpm 4.16 and down, it would casue double execution
|
||||
|
||||
Loading…
Reference in New Issue
Block a user