Compare commits
No commits in common. "c8-beta" and "imports/c9/java-17-openjdk-17.0.6.0.10-3.el9_1" have entirely different histories.
c8-beta
...
imports/c9
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
|
SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
|
||||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
95213324016613e314e5c97dc87f31a0576df00c SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
|
fc29dd4013a289be075afdcb29c8df29d1349c0d SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
|
||||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||||
|
48
SOURCES/NEWS
48
SOURCES/NEWS
@ -9,6 +9,21 @@ Live versions of these release notes can be found at:
|
|||||||
* https://bitly.com/openjdk1706
|
* https://bitly.com/openjdk1706
|
||||||
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
|
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
|
||||||
|
|
||||||
|
* CVEs
|
||||||
|
- CVE-2023-21835
|
||||||
|
- CVE-2023-21843
|
||||||
|
* Security fixes
|
||||||
|
- JDK-8286070: Improve UTF8 representation
|
||||||
|
- JDK-8286496: Improve Thread labels
|
||||||
|
- JDK-8287411: Enhance DTLS performance
|
||||||
|
- JDK-8288516: Enhance font creation
|
||||||
|
- JDK-8289350: Better media supports
|
||||||
|
- JDK-8293554: Enhanced DH Key Exchanges
|
||||||
|
- JDK-8293598: Enhance InetAddress address handling
|
||||||
|
- JDK-8293717: Objective view of ObjectView
|
||||||
|
- JDK-8293734: Improve BMP image handling
|
||||||
|
- JDK-8293742: Better Banking of Sounds
|
||||||
|
- JDK-8295687: Better BMP bounds
|
||||||
* Other changes
|
* Other changes
|
||||||
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
||||||
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
||||||
@ -252,10 +267,12 @@ Live versions of these release notes can be found at:
|
|||||||
- JDK-8295554: Move the "sizecalc.h" to the correct location
|
- JDK-8295554: Move the "sizecalc.h" to the correct location
|
||||||
- JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
|
- JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
|
||||||
- JDK-8295714: GHA ::set-output is deprecated and will be removed
|
- JDK-8295714: GHA ::set-output is deprecated and will be removed
|
||||||
|
- JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
|
||||||
- JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
|
- JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
|
||||||
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
||||||
- JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
|
- JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
|
||||||
- JDK-8296108: (tz) Update Timezone Data to 2022f
|
- JDK-8296108: (tz) Update Timezone Data to 2022f
|
||||||
|
- JDK-8296239: ISO 4217 Amendment 174 Update
|
||||||
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
||||||
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
||||||
- JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
|
- JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
|
||||||
@ -278,10 +295,33 @@ Live versions of these release notes can be found at:
|
|||||||
- JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
|
- JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
|
||||||
- JDK-8297656: AArch64: Enable AES/GCM Intrinsics
|
- JDK-8297656: AArch64: Enable AES/GCM Intrinsics
|
||||||
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
||||||
|
- JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6
|
||||||
|
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||||
|
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||||
|
|
||||||
Notes on individual issues:
|
Notes on individual issues:
|
||||||
===========================
|
===========================
|
||||||
|
|
||||||
|
client-libs/javax.imageio:
|
||||||
|
|
||||||
|
JDK-8295687: Better BMP bounds
|
||||||
|
==============================
|
||||||
|
Loading a linked ICC profile within a BMP image is now disabled by
|
||||||
|
default. To re-enable it, set the new system property
|
||||||
|
`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
|
||||||
|
replaces the old property,
|
||||||
|
`sun.imageio.plugins.bmp.disableLinkedProfiles`.
|
||||||
|
|
||||||
|
client-libs/javax.sound:
|
||||||
|
|
||||||
|
JDK-8293742: Better Banking of Sounds
|
||||||
|
=====================================
|
||||||
|
Previously, the SoundbankReader implementation,
|
||||||
|
`com.sun.media.sound.JARSoundbankReader`, would download a JAR
|
||||||
|
soundbank from a URL. This behaviour is now disabled by default. To
|
||||||
|
re-enable it, set the new system property `jdk.sound.jarsoundbank` to
|
||||||
|
`true`.
|
||||||
|
|
||||||
security-libs/java.security:
|
security-libs/java.security:
|
||||||
|
|
||||||
JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
|
JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
|
||||||
@ -302,6 +342,14 @@ the same change is made in third party modules. Developers of third
|
|||||||
party modules are advised to verify that their logout() method does not
|
party modules are advised to verify that their logout() method does not
|
||||||
throw a NullPointerException.
|
throw a NullPointerException.
|
||||||
|
|
||||||
|
security-libs/javax.net.ssl:
|
||||||
|
|
||||||
|
JDK-8287411: Enhance DTLS performance
|
||||||
|
=====================================
|
||||||
|
The JDK now exchanges DTLS cookies for all handshakes, new and
|
||||||
|
resumed. The previous behaviour can be re-enabled by setting the new
|
||||||
|
system property `jdk.tls.enableDtlsResumeCookie` to `false`.
|
||||||
|
|
||||||
New in release OpenJDK 17.0.5 (2022-10-18):
|
New in release OpenJDK 17.0.5 (2022-10-18):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
|
@ -2644,7 +2644,7 @@ index 00000000000..55bbba98b7a
|
|||||||
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||||
+
|
+
|
||||||
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
|
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
|
||||||
index b22f26947af..3ee2ce6ea88 100644
|
index b22f26947af..02bea84e210 100644
|
||||||
--- a/src/java.base/share/lib/security/default.policy
|
--- a/src/java.base/share/lib/security/default.policy
|
||||||
+++ b/src/java.base/share/lib/security/default.policy
|
+++ b/src/java.base/share/lib/security/default.policy
|
||||||
@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
|
@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
|
||||||
@ -2663,6 +2663,15 @@ index b22f26947af..3ee2ce6ea88 100644
|
|||||||
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
|
||||||
permission java.lang.RuntimePermission
|
permission java.lang.RuntimePermission
|
||||||
"accessClassInPackage.sun.security.*";
|
"accessClassInPackage.sun.security.*";
|
||||||
|
@@ -140,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
||||||
|
permission java.util.PropertyPermission "os.name", "read";
|
||||||
|
permission java.util.PropertyPermission "os.arch", "read";
|
||||||
|
permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
|
||||||
|
+ permission java.util.PropertyPermission "fips.nssdb.path", "read,write";
|
||||||
|
+ permission java.util.PropertyPermission "fips.nssdb.pin", "read";
|
||||||
|
permission java.security.SecurityPermission "putProviderProperty.*";
|
||||||
|
permission java.security.SecurityPermission "clearProviderProperties.*";
|
||||||
|
permission java.security.SecurityPermission "removeProviderProperty.*";
|
||||||
diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c
|
diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 00000000000..ddf9befe5bc
|
index 00000000000..ddf9befe5bc
|
||||||
@ -4120,7 +4129,7 @@ index 262cfc062ad..72b64f72c0a 100644
|
|||||||
Provider p = sun;
|
Provider p = sun;
|
||||||
if (p == null) {
|
if (p == null) {
|
||||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
index aa35e8fa668..f4d7c9cc201 100644
|
index aa35e8fa668..1855e5631bd 100644
|
||||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||||
@@ -26,6 +26,9 @@
|
@@ -26,6 +26,9 @@
|
||||||
@ -4186,7 +4195,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
private static final long serialVersionUID = -1354835039035306505L;
|
private static final long serialVersionUID = -1354835039035306505L;
|
||||||
|
|
||||||
static final Debug debug = Debug.getInstance("sunpkcs11");
|
static final Debug debug = Debug.getInstance("sunpkcs11");
|
||||||
@@ -115,6 +153,18 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -115,6 +153,29 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
return AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
|
return AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
|
||||||
@Override
|
@Override
|
||||||
public SunPKCS11 run() throws Exception {
|
public SunPKCS11 run() throws Exception {
|
||||||
@ -4197,15 +4206,26 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
+ * fips.nssdb.path System property after expansion.
|
+ * fips.nssdb.path System property after expansion.
|
||||||
+ * Security properties expansion is unsupported.
|
+ * Security properties expansion is unsupported.
|
||||||
+ */
|
+ */
|
||||||
+ System.setProperty(
|
+ String nssdbPath =
|
||||||
+ FIPS_NSSDB_PATH_PROP,
|
|
||||||
+ SecurityProperties.privilegedGetOverridable(
|
+ SecurityProperties.privilegedGetOverridable(
|
||||||
+ FIPS_NSSDB_PATH_PROP));
|
+ FIPS_NSSDB_PATH_PROP);
|
||||||
|
+ if (System.getSecurityManager() != null) {
|
||||||
|
+ AccessController.doPrivileged(
|
||||||
|
+ (PrivilegedAction<Void>) () -> {
|
||||||
|
+ System.setProperty(
|
||||||
|
+ FIPS_NSSDB_PATH_PROP,
|
||||||
|
+ nssdbPath);
|
||||||
|
+ return null;
|
||||||
|
+ });
|
||||||
|
+ } else {
|
||||||
|
+ System.setProperty(
|
||||||
|
+ FIPS_NSSDB_PATH_PROP, nssdbPath);
|
||||||
|
+ }
|
||||||
+ }
|
+ }
|
||||||
return new SunPKCS11(new Config(newConfigName));
|
return new SunPKCS11(new Config(newConfigName));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
@@ -320,10 +370,19 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -320,10 +381,19 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
// request multithreaded access first
|
// request multithreaded access first
|
||||||
initArgs.flags = CKF_OS_LOCKING_OK;
|
initArgs.flags = CKF_OS_LOCKING_OK;
|
||||||
PKCS11 tmpPKCS11;
|
PKCS11 tmpPKCS11;
|
||||||
@ -4226,7 +4246,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
} catch (PKCS11Exception e) {
|
} catch (PKCS11Exception e) {
|
||||||
if (debug != null) {
|
if (debug != null) {
|
||||||
debug.println("Multi-threaded initialization failed: " + e);
|
debug.println("Multi-threaded initialization failed: " + e);
|
||||||
@@ -339,11 +398,12 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -339,11 +409,12 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
initArgs.flags = 0;
|
initArgs.flags = 0;
|
||||||
}
|
}
|
||||||
tmpPKCS11 = PKCS11.getInstance(library,
|
tmpPKCS11 = PKCS11.getInstance(library,
|
||||||
@ -4241,7 +4261,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
if (p11Info.cryptokiVersion.major < 2) {
|
if (p11Info.cryptokiVersion.major < 2) {
|
||||||
throw new ProviderException("Only PKCS#11 v2.0 and later "
|
throw new ProviderException("Only PKCS#11 v2.0 and later "
|
||||||
+ "supported, library version is v" + p11Info.cryptokiVersion);
|
+ "supported, library version is v" + p11Info.cryptokiVersion);
|
||||||
@@ -417,14 +477,19 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -417,14 +488,19 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
final String className;
|
final String className;
|
||||||
final List<String> aliases;
|
final List<String> aliases;
|
||||||
final int[] mechanisms;
|
final int[] mechanisms;
|
||||||
@ -4262,7 +4282,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
}
|
}
|
||||||
private P11Service service(Token token, int mechanism) {
|
private P11Service service(Token token, int mechanism) {
|
||||||
return new P11Service
|
return new P11Service
|
||||||
@@ -458,18 +523,29 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -458,18 +534,29 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
|
||||||
private static void d(String type, String algorithm, String className,
|
private static void d(String type, String algorithm, String className,
|
||||||
int[] m) {
|
int[] m) {
|
||||||
@ -4295,7 +4315,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static void register(Descriptor d) {
|
private static void register(Descriptor d) {
|
||||||
@@ -525,6 +601,7 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -525,6 +612,7 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
String P11Cipher = "sun.security.pkcs11.P11Cipher";
|
String P11Cipher = "sun.security.pkcs11.P11Cipher";
|
||||||
String P11RSACipher = "sun.security.pkcs11.P11RSACipher";
|
String P11RSACipher = "sun.security.pkcs11.P11RSACipher";
|
||||||
String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher";
|
String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher";
|
||||||
@ -4303,7 +4323,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
String P11Signature = "sun.security.pkcs11.P11Signature";
|
String P11Signature = "sun.security.pkcs11.P11Signature";
|
||||||
String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature";
|
String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature";
|
||||||
|
|
||||||
@@ -587,6 +664,30 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -587,6 +675,30 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(MAC, "SslMacSHA1", P11Mac,
|
d(MAC, "SslMacSHA1", P11Mac,
|
||||||
m(CKM_SSL3_SHA1_MAC));
|
m(CKM_SSL3_SHA1_MAC));
|
||||||
|
|
||||||
@ -4334,7 +4354,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
d(KPG, "RSA", P11KeyPairGenerator,
|
d(KPG, "RSA", P11KeyPairGenerator,
|
||||||
getAliases("PKCS1"),
|
getAliases("PKCS1"),
|
||||||
m(CKM_RSA_PKCS_KEY_PAIR_GEN));
|
m(CKM_RSA_PKCS_KEY_PAIR_GEN));
|
||||||
@@ -685,6 +786,66 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -685,6 +797,66 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(SKF, "ChaCha20", P11SecretKeyFactory,
|
d(SKF, "ChaCha20", P11SecretKeyFactory,
|
||||||
m(CKM_CHACHA20_POLY1305));
|
m(CKM_CHACHA20_POLY1305));
|
||||||
|
|
||||||
@ -4401,7 +4421,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
// XXX attributes for Ciphers (supported modes, padding)
|
// XXX attributes for Ciphers (supported modes, padding)
|
||||||
dA(CIP, "ARCFOUR", P11Cipher,
|
dA(CIP, "ARCFOUR", P11Cipher,
|
||||||
m(CKM_RC4));
|
m(CKM_RC4));
|
||||||
@@ -754,6 +915,46 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -754,6 +926,46 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
|
d(CIP, "RSA/ECB/NoPadding", P11RSACipher,
|
||||||
m(CKM_RSA_X_509));
|
m(CKM_RSA_X_509));
|
||||||
|
|
||||||
@ -4448,7 +4468,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
d(SIG, "RawDSA", P11Signature,
|
d(SIG, "RawDSA", P11Signature,
|
||||||
List.of("NONEwithDSA"),
|
List.of("NONEwithDSA"),
|
||||||
m(CKM_DSA));
|
m(CKM_DSA));
|
||||||
@@ -1144,9 +1345,21 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1144,9 +1356,21 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
if (ds == null) {
|
if (ds == null) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -4470,7 +4490,13 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
supportedAlgs.put(d, integerMech);
|
supportedAlgs.put(d, integerMech);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -1225,6 +1438,27 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1220,11 +1444,52 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
+ @SuppressWarnings("removal")
|
||||||
|
public Object newInstance(Object param)
|
||||||
|
throws NoSuchAlgorithmException {
|
||||||
if (token.isValid() == false) {
|
if (token.isValid() == false) {
|
||||||
throw new NoSuchAlgorithmException("Token has been removed");
|
throw new NoSuchAlgorithmException("Token has been removed");
|
||||||
}
|
}
|
||||||
@ -4488,7 +4514,26 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
+ * property.
|
+ * property.
|
||||||
+ */
|
+ */
|
||||||
+ try {
|
+ try {
|
||||||
+ token.ensureLoggedIn(null);
|
+ if (System.getSecurityManager() != null) {
|
||||||
|
+ try {
|
||||||
|
+ AccessController.doPrivileged(
|
||||||
|
+ (PrivilegedExceptionAction<Void>) () -> {
|
||||||
|
+ token.ensureLoggedIn(null);
|
||||||
|
+ return null;
|
||||||
|
+ });
|
||||||
|
+ } catch (PrivilegedActionException pae) {
|
||||||
|
+ Exception e = pae.getException();
|
||||||
|
+ if (e instanceof LoginException le) {
|
||||||
|
+ throw le;
|
||||||
|
+ } else if (e instanceof PKCS11Exception p11e) {
|
||||||
|
+ throw p11e;
|
||||||
|
+ } else {
|
||||||
|
+ throw new RuntimeException(e);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ token.ensureLoggedIn(null);
|
||||||
|
+ }
|
||||||
+ } catch (PKCS11Exception | LoginException e) {
|
+ } catch (PKCS11Exception | LoginException e) {
|
||||||
+ throw new ProviderException("FIPS: error during the Token" +
|
+ throw new ProviderException("FIPS: error during the Token" +
|
||||||
+ " login required for the " + getType() +
|
+ " login required for the " + getType() +
|
||||||
@ -4498,7 +4543,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
try {
|
try {
|
||||||
return newInstance0(param);
|
return newInstance0(param);
|
||||||
} catch (PKCS11Exception e) {
|
} catch (PKCS11Exception e) {
|
||||||
@@ -1244,6 +1478,8 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1244,6 +1509,8 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
} else if (algorithm.endsWith("GCM/NoPadding") ||
|
} else if (algorithm.endsWith("GCM/NoPadding") ||
|
||||||
algorithm.startsWith("ChaCha20-Poly1305")) {
|
algorithm.startsWith("ChaCha20-Poly1305")) {
|
||||||
return new P11AEADCipher(token, algorithm, mechanism);
|
return new P11AEADCipher(token, algorithm, mechanism);
|
||||||
@ -4507,7 +4552,7 @@ index aa35e8fa668..f4d7c9cc201 100644
|
|||||||
} else {
|
} else {
|
||||||
return new P11Cipher(token, algorithm, mechanism);
|
return new P11Cipher(token, algorithm, mechanism);
|
||||||
}
|
}
|
||||||
@@ -1579,6 +1815,9 @@ public final class SunPKCS11 extends AuthProvider {
|
@@ -1579,6 +1846,9 @@ public final class SunPKCS11 extends AuthProvider {
|
||||||
try {
|
try {
|
||||||
session = token.getOpSession();
|
session = token.getOpSession();
|
||||||
p11.C_Logout(session.id());
|
p11.C_Logout(session.id());
|
@ -361,14 +361,14 @@
|
|||||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||||
# Define current Git revision for the FIPS support patches
|
# Define current Git revision for the FIPS support patches
|
||||||
%global fipsver 72d08e3226f
|
%global fipsver 257d544b594
|
||||||
|
|
||||||
# Standard JPackage naming and versioning defines
|
# Standard JPackage naming and versioning defines
|
||||||
%global origin openjdk
|
%global origin openjdk
|
||||||
%global origin_nice OpenJDK
|
%global origin_nice OpenJDK
|
||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||||
%global buildver 9
|
%global buildver 10
|
||||||
%global rpmrelease 3
|
%global rpmrelease 3
|
||||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
@ -395,7 +395,7 @@
|
|||||||
# Release will be (where N is usually a number starting at 1):
|
# Release will be (where N is usually a number starting at 1):
|
||||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||||
# - N%%{?extraver}{?dist} for GA releases
|
# - N%%{?extraver}{?dist} for GA releases
|
||||||
%global is_ga 0
|
%global is_ga 1
|
||||||
%if %{is_ga}
|
%if %{is_ga}
|
||||||
%global build_type GA
|
%global build_type GA
|
||||||
%global ea_designator ""
|
%global ea_designator ""
|
||||||
@ -1127,7 +1127,7 @@ Requires: lksctp-tools%{?_isa}
|
|||||||
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
|
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
|
||||||
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
|
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
|
||||||
# considered as regression
|
# considered as regression
|
||||||
Requires: copy-jdk-configs >= 3.3
|
Requires: copy-jdk-configs >= 4.0
|
||||||
OrderWithRequires: copy-jdk-configs
|
OrderWithRequires: copy-jdk-configs
|
||||||
%endif
|
%endif
|
||||||
# for printing support
|
# for printing support
|
||||||
@ -1365,6 +1365,7 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
|
|||||||
# Add nss.fips.cfg support to OpenJDK tree
|
# Add nss.fips.cfg support to OpenJDK tree
|
||||||
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||||
# Remove forgotten dead code from RH2020290 and RH2104724
|
# Remove forgotten dead code from RH2020290 and RH2104724
|
||||||
|
# OJ1357: Fix issue on FIPS with a SecurityManager in place
|
||||||
Patch1001: fips-17u-%{fipsver}.patch
|
Patch1001: fips-17u-%{fipsver}.patch
|
||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
@ -1375,7 +1376,7 @@ Patch1001: fips-17u-%{fipsver}.patch
|
|||||||
|
|
||||||
#############################################
|
#############################################
|
||||||
#
|
#
|
||||||
# OpenJDK patches appearing in 17.0.5
|
# OpenJDK patches appearing in 17.0.3
|
||||||
#
|
#
|
||||||
#############################################
|
#############################################
|
||||||
|
|
||||||
@ -2161,10 +2162,14 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
|
|||||||
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Check translations are available for new timezones
|
%if ! 0%{?flatpak}
|
||||||
|
# Check translations are available for new timezones (during flatpak builds, the
|
||||||
|
# tzdb.dat used by this test is not where the test expects it, so this is
|
||||||
|
# disabled for flatpak builds)
|
||||||
$JAVA_HOME/bin/javac -d . %{SOURCE18}
|
$JAVA_HOME/bin/javac -d . %{SOURCE18}
|
||||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
|
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
|
||||||
$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR
|
$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR
|
||||||
|
%endif
|
||||||
|
|
||||||
%if %{include_staticlibs}
|
%if %{include_staticlibs}
|
||||||
# Check debug symbols in static libraries (smoke test)
|
# Check debug symbols in static libraries (smoke test)
|
||||||
@ -2423,9 +2428,10 @@ else
|
|||||||
return
|
return
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
-- run content of included file with fake args
|
arg = nil ; -- it is better to null the arg up, no meter if they exists or not, and use cjc as module in unified way, instead of relaying on "main" method during require "copy_jdk_configs.lua"
|
||||||
arg = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
|
cjc = require "copy_jdk_configs.lua"
|
||||||
require "copy_jdk_configs.lua"
|
args = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
|
||||||
|
cjc.mainProgram(args)
|
||||||
|
|
||||||
%post
|
%post
|
||||||
%{post_script %{nil}}
|
%{post_script %{nil}}
|
||||||
@ -2621,15 +2627,35 @@ require "copy_jdk_configs.lua"
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Wed Jan 04 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.3.ea
|
* Sat Jan 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
|
||||||
|
- Add missing release note for JDK-8295687
|
||||||
|
- Resolves: rhbz#2160111
|
||||||
|
|
||||||
|
* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
|
||||||
|
- Update FIPS support to bring in latest changes
|
||||||
|
- * OJ1357: Fix issue on FIPS with a SecurityManager in place
|
||||||
|
- Related: rhbz#2147476
|
||||||
|
|
||||||
|
* Fri Jan 13 2023 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.6.0.10-3
|
||||||
|
- Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat
|
||||||
|
- Related: rhbz#2160111
|
||||||
|
|
||||||
|
* Wed Jan 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-2
|
||||||
|
- Update to jdk-17.0.6.0+10
|
||||||
|
- Update release notes to 17.0.6.0+10
|
||||||
|
- Switch to GA mode for release
|
||||||
|
- ** This tarball is embargoed until 2023-01-17 @ 1pm PT. **
|
||||||
|
- Related: rhbz#2153097
|
||||||
|
|
||||||
|
* Wed Jan 04 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.2.ea
|
||||||
- Update to jdk-17.0.6+9
|
- Update to jdk-17.0.6+9
|
||||||
- Update release notes to 17.0.6+9
|
- Update release notes to 17.0.6+9
|
||||||
- Drop local copy of JDK-8293834 now this is upstream
|
- Drop local copy of JDK-8293834 now this is upstream
|
||||||
- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
|
- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
|
||||||
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
|
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
|
||||||
- Resolves: rhbz#2150195
|
- Resolves: rhbz#2153097
|
||||||
|
|
||||||
* Sat Dec 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.1-0.3.ea
|
* Sat Dec 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.1-0.2.ea
|
||||||
- Update to jdk-17.0.6+1
|
- Update to jdk-17.0.6+1
|
||||||
- Update release notes to 17.0.6+1
|
- Update release notes to 17.0.6+1
|
||||||
- Switch to EA mode for 17.0.6 pre-release builds.
|
- Switch to EA mode for 17.0.6 pre-release builds.
|
||||||
@ -2637,55 +2663,38 @@ require "copy_jdk_configs.lua"
|
|||||||
- Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
|
- Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
|
||||||
- Drop JDK-8275535 local patch now this has been accepted and backported upstream
|
- Drop JDK-8275535 local patch now this has been accepted and backported upstream
|
||||||
- Bump tzdata requirement to 2022e now the package is available in RHEL
|
- Bump tzdata requirement to 2022e now the package is available in RHEL
|
||||||
- Related: rhbz#2150195
|
- Related: rhbz#2153097
|
||||||
|
|
||||||
* Wed Nov 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-5
|
* Wed Nov 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-4
|
||||||
- Update FIPS support to bring in latest changes
|
- Update FIPS support to bring in latest changes
|
||||||
- * Add nss.fips.cfg support to OpenJDK tree
|
- * Add nss.fips.cfg support to OpenJDK tree
|
||||||
- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||||
- * Remove forgotten dead code from RH2020290 and RH2104724
|
- * Remove forgotten dead code from RH2020290 and RH2104724
|
||||||
- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
|
- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
|
||||||
- Resolves: rhbz#2117972
|
- Resolves: rhbz#2147476
|
||||||
|
|
||||||
* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-2
|
* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-1
|
||||||
- Update to jdk-17.0.5+8 (GA)
|
- Update to jdk-17.0.5+8 (GA)
|
||||||
- Update release notes to 17.0.5+8 (GA)
|
- Update release notes to 17.0.5+8 (GA)
|
||||||
- Switch to GA mode for final release.
|
- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
|
||||||
|
- Bump FreeType bundled version to 2.12.1 following JDK-8290334
|
||||||
- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
|
- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
|
||||||
- Update CLDR data with Europe/Kyiv (JDK-8293834)
|
- Update CLDR data with Europe/Kyiv (JDK-8293834)
|
||||||
- Drop JDK-8292223 patch which we found to be unnecessary
|
- Drop JDK-8292223 patch which we found to be unnecessary
|
||||||
- Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
|
- Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
|
||||||
- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds
|
- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds
|
||||||
- Remove freetype sources along with zlib sources
|
- Remove freetype sources along with zlib sources
|
||||||
|
- Resolves: rhbz#2132933
|
||||||
- Resolves: rhbz#2133695
|
- Resolves: rhbz#2133695
|
||||||
|
|
||||||
* Tue Oct 04 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.7-0.2.ea
|
|
||||||
- Update to jdk-17.0.5+7
|
|
||||||
- Update release notes to 17.0.5+7
|
|
||||||
- Drop JDK-8288985 patch that is now upstream
|
|
||||||
- Resolves: rhbz#2130617
|
|
||||||
|
|
||||||
* Mon Oct 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.1-0.2.ea
|
|
||||||
- Update to jdk-17.0.5+1
|
|
||||||
- Update release notes to 17.0.5+1
|
|
||||||
- Switch to EA mode for 17.0.5 pre-release builds.
|
|
||||||
- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
|
|
||||||
- Bump FreeType bundled version to 2.12.1 following JDK-8290334
|
|
||||||
- Related: rhbz#2130617
|
|
||||||
|
|
||||||
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-6
|
|
||||||
- Backport JDK-8288985 to enable use of ChaCha20-Poly1305 with the PKCS11 provider
|
|
||||||
- Upstream backport in progress: https://github.com/openjdk/jdk17u-dev/pull/650
|
|
||||||
- Resolves: rhbz#2006351
|
|
||||||
|
|
||||||
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-5
|
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-5
|
||||||
- Switch to static builds, reducing system dependencies and making build more portable
|
- Switch to static builds, reducing system dependencies and making build more portable
|
||||||
- Resolves: rhbz#2121263
|
- Resolves: rhbz#2121268
|
||||||
|
|
||||||
* Mon Aug 29 2022 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.4.1.1-4
|
* Mon Aug 29 2022 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.4.1.1-4
|
||||||
- Fix flatpak builds (catering for their uncompressed manual pages)
|
- Fix flatpak builds (catering for their uncompressed manual pages)
|
||||||
- Fix flatpak builds by exempting them from bootstrap
|
- Fix flatpak builds by exempting them from bootstrap
|
||||||
- Resolves: rhbz#2102734
|
- Resolves: rhbz#2102726
|
||||||
|
|
||||||
* Mon Aug 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-3
|
* Mon Aug 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-3
|
||||||
- Update FIPS support to bring in latest changes
|
- Update FIPS support to bring in latest changes
|
||||||
@ -2694,23 +2703,23 @@ require "copy_jdk_configs.lua"
|
|||||||
- * Build the systemconf library on all platforms
|
- * Build the systemconf library on all platforms
|
||||||
- * RH2048582: Support PKCS#12 keystores
|
- * RH2048582: Support PKCS#12 keystores
|
||||||
- * RH2020290: Support TLS 1.3 in FIPS mode
|
- * RH2020290: Support TLS 1.3 in FIPS mode
|
||||||
- Resolves: rhbz#2104724
|
- Resolves: rhbz#2104725
|
||||||
- Resolves: rhbz#2092507
|
- Resolves: rhbz#2117758
|
||||||
- Resolves: rhbz#2048582
|
- Resolves: rhbz#2115164
|
||||||
- Resolves: rhbz#2020290
|
- Resolves: rhbz#2029665
|
||||||
|
|
||||||
* Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
|
* Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
|
||||||
- Update to jdk-17.0.4.1+1
|
- Update to jdk-17.0.4.1+1
|
||||||
- Update release notes to 17.0.4.1+1
|
- Update release notes to 17.0.4.1+1
|
||||||
- Add patch to provide translations for Europe/Kyiv added in tzdata2022b
|
- Add patch to provide translations for Europe/Kyiv added in tzdata2022b
|
||||||
- Add test to ensure timezones can be translated
|
- Add test to ensure timezones can be translated
|
||||||
- Resolves: rhbz#2119531
|
- Resolves: rhbz#2119532
|
||||||
|
|
||||||
* Fri Jul 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.8-3
|
* Fri Jul 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.8-3
|
||||||
- Update to jdk-17.0.4.0+8
|
- Update to jdk-17.0.4.0+8
|
||||||
- Update release notes to 17.0.4.0+8
|
- Update release notes to 17.0.4.0+8
|
||||||
- Switch to GA mode for release
|
- Switch to GA mode for release
|
||||||
- Resolves: rhbz#2106522
|
- Resolves: rhbz#2106524
|
||||||
|
|
||||||
* Wed Jul 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.2.ea
|
* Wed Jul 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.2.ea
|
||||||
- Revert the following changes until copy-java-configs has adapted to relative symlinks:
|
- Revert the following changes until copy-java-configs has adapted to relative symlinks:
|
||||||
@ -2720,58 +2729,56 @@ require "copy_jdk_configs.lua"
|
|||||||
- * Use relative symlinks so they work within the image
|
- * Use relative symlinks so they work within the image
|
||||||
- * Run debug symbols check during build stage, before the install strips them
|
- * Run debug symbols check during build stage, before the install strips them
|
||||||
- The move of turning on system security properties is retained so we don't ship with them off
|
- The move of turning on system security properties is retained so we don't ship with them off
|
||||||
- Related: rhbz#2100674
|
- Related: rhbz#2084218
|
||||||
|
|
||||||
* Wed Jul 20 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.4.0.7-0.2.ea
|
|
||||||
- retutrned absolute symlinks
|
|
||||||
- relative symlinks are breaking cjc, and deeper investigations are necessary
|
|
||||||
-- why cjc intentionally skips relative symllinks
|
|
||||||
- images have to be workarounded differently
|
|
||||||
- Related: rhbz#2100674
|
|
||||||
|
|
||||||
* Sat Jul 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.1.ea
|
* Sat Jul 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.1.ea
|
||||||
- Update to jdk-17.0.4.0+7
|
- Update to jdk-17.0.3.0+7
|
||||||
- Update release notes to 17.0.4.0+7
|
- Update release notes to 17.0.3.0+7
|
||||||
- Switch to EA mode for 17.0.4 pre-release builds.
|
|
||||||
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
|
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
|
||||||
|
- Explicitly require crypto-policies during build and runtime for system security properties
|
||||||
|
- Make use of the vendor version string to store our version & release rather than an upstream release date
|
||||||
|
- Include a test in the RPM to check the build has the correct vendor information.
|
||||||
|
- Resolves: rhbz#2084218
|
||||||
|
|
||||||
|
* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
|
||||||
|
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
|
||||||
|
- Add proper quoting so '&' is not treated as a special character by the shell.
|
||||||
|
- Related: rhbz#2084218
|
||||||
|
|
||||||
|
* Tue Jul 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.1-0.1.ea
|
||||||
|
- Update to jdk-17.0.4.0+1
|
||||||
|
- Update release notes to 17.0.4.0+1
|
||||||
|
- Switch to EA mode for 17.0.4 pre-release builds.
|
||||||
- Print release file during build, which should now include a correct SOURCE value from .src-rev
|
- Print release file during build, which should now include a correct SOURCE value from .src-rev
|
||||||
- Update tarball script with IcedTea GitHub URL and .src-rev generation
|
- Update tarball script with IcedTea GitHub URL and .src-rev generation
|
||||||
- Include script to generate bug list for release notes
|
- Include script to generate bug list for release notes
|
||||||
- Update tzdata requirement to 2022a to match JDK-8283350
|
- Update tzdata requirement to 2022a to match JDK-8283350
|
||||||
- Move EA designator check to prep so failures can be caught earlier
|
- Move EA designator check to prep so failures can be caught earlier
|
||||||
- Make EA designator check non-fatal while upstream is not maintaining it
|
- Make EA designator check non-fatal while upstream is not maintaining it
|
||||||
- Explicitly require crypto-policies during build and runtime for system security properties
|
- Related: rhbz#2084218
|
||||||
- Make use of the vendor version string to store our version & release rather than an upstream release date
|
|
||||||
- Include a test in the RPM to check the build has the correct vendor information.
|
|
||||||
- Resolves: rhbz#2083316
|
|
||||||
|
|
||||||
* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
|
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
|
||||||
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
|
|
||||||
- Add proper quoting so '&' is not treated as a special character by the shell.
|
|
||||||
- Related: rhbz#2083316
|
|
||||||
|
|
||||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
|
|
||||||
- Fix whitespace in spec file
|
- Fix whitespace in spec file
|
||||||
- Related: rhbz#2100674
|
- Related: rhbz#2100677
|
||||||
|
|
||||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
|
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
|
||||||
- Sequence spec file sections as they are run by rpmbuild (build, install then test)
|
- Sequence spec file sections as they are run by rpmbuild (build, install then test)
|
||||||
- Related: rhbz#2100674
|
- Related: rhbz#2100677
|
||||||
|
|
||||||
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-6
|
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
|
||||||
- Turn on system security properties as part of the build's install section
|
- Turn on system security properties as part of the build's install section
|
||||||
- Move cacerts replacement to install section and retain original of this and tzdb.dat
|
- Move cacerts replacement to install section and retain original of this and tzdb.dat
|
||||||
- Run tests on the installed image, rather than the build image
|
- Run tests on the installed image, rather than the build image
|
||||||
- Introduce variables to refer to the static library installation directories
|
- Introduce variables to refer to the static library installation directories
|
||||||
- Use relative symlinks so they work within the image
|
- Use relative symlinks so they work within the image
|
||||||
- Run debug symbols check during build stage, before the install strips them
|
- Run debug symbols check during build stage, before the install strips them
|
||||||
- Related: rhbz#2100674
|
- Related: rhbz#2100677
|
||||||
|
|
||||||
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-5
|
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-4
|
||||||
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
|
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
|
||||||
- Resolves: rhbz#2007331
|
- Resolves: rhbz#2102433
|
||||||
|
|
||||||
* Tue Jun 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-4
|
* Wed Jun 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-3
|
||||||
- Update FIPS support to bring in latest changes
|
- Update FIPS support to bring in latest changes
|
||||||
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
|
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
|
||||||
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
|
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
|
||||||
@ -2779,64 +2786,51 @@ require "copy_jdk_configs.lua"
|
|||||||
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
|
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
|
||||||
- Improve security properties test to check both enabled and disabled behaviour
|
- Improve security properties test to check both enabled and disabled behaviour
|
||||||
- Run security properties test with property debugging on
|
- Run security properties test with property debugging on
|
||||||
- Resolves: rhbz#2099840
|
- Resolves: rhbz#2099844
|
||||||
- Resolves: rhbz#2100674
|
- Resolves: rhbz#2100677
|
||||||
|
|
||||||
* Tue Jun 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-3
|
|
||||||
- Add rpminspect.yaml to turn off Java bytecode inspections
|
|
||||||
- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
|
|
||||||
- Resolves: rhbz#2101524
|
|
||||||
|
|
||||||
* Sun Jun 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-2
|
* Sun Jun 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-2
|
||||||
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
|
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
|
||||||
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
|
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
|
||||||
- RH2023467: Enable FIPS keys export
|
- RH2023467: Enable FIPS keys export
|
||||||
- RH2094027: SunEC runtime permission for FIPS
|
- RH2094027: SunEC runtime permission for FIPS
|
||||||
- Resolves: rhbz#2023467
|
- Resolves: rhbz#2029657
|
||||||
- Resolves: rhbz#2094027
|
- Resolves: rhbz#2096117
|
||||||
|
|
||||||
* Wed Apr 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-1
|
* Wed Apr 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-1
|
||||||
- April 2022 security update to jdk 17.0.3+7
|
- April 2022 security update to jdk 17.0.3+6
|
||||||
- Update to jdk-17.0.3.0+7 release tarball
|
- Update to jdk-17.0.3.0+6 pre-release tarball (17usec.17.0.3+5-220408)
|
||||||
|
- Add JDK-8284548 regression fix missing from pre-release tarball but in jdk-17.0.3+6/jdk-17.0.3-ga
|
||||||
- Update release notes to 17.0.3.0+6
|
- Update release notes to 17.0.3.0+6
|
||||||
- Add missing README.md and generate_source_tarball.sh
|
- Add missing README.md and generate_source_tarball.sh
|
||||||
- Switch to GA mode for release
|
- Switch to GA mode for release
|
||||||
- JDK-8283911 patch no longer needed now we're GA...
|
- JDK-8283911 patch no longer needed now we're GA...
|
||||||
- Resolves: rhbz#2073577
|
- Resolves: rhbz#2073579
|
||||||
|
|
||||||
* Wed Apr 06 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.5-0.1.ea
|
* Wed Apr 06 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.5-0.1.ea
|
||||||
- Update to jdk-17.0.3.0+5
|
- Update to jdk-17.0.3.0+5
|
||||||
- Update release notes to 17.0.3.0+5
|
- Update release notes to 17.0.3.0+5
|
||||||
- Resolves: rhbz#2050456
|
- Resolves: rhbz#2050460
|
||||||
|
|
||||||
* Tue Mar 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.1-0.1.ea
|
* Tue Mar 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.1-0.1.ea
|
||||||
- Update to jdk-17.0.3.0+1
|
- Update to jdk-17.0.3.0+1
|
||||||
- Update release notes to 17.0.3.0+1
|
- Update release notes to 17.0.3.0+1
|
||||||
- Switch to EA mode for 17.0.3 pre-release builds.
|
- Switch to EA mode for 17.0.3 pre-release builds.
|
||||||
- Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
|
- Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
|
||||||
- Related: rhbz#2050456
|
- Related: rhbz#2050460
|
||||||
|
|
||||||
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-15
|
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-13
|
||||||
- Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
|
- Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
|
||||||
- Resolves: rhbz#2052070
|
- Resolves: rhbz#2055383
|
||||||
|
|
||||||
* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-14
|
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-12
|
||||||
|
- Add rpminspect.yaml to turn off Java bytecode inspections
|
||||||
|
- java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
|
||||||
|
- Resolves: rhbz#2023540
|
||||||
|
|
||||||
|
* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-11
|
||||||
- Introduce tests/tests.yml, based on the one in java-11-openjdk
|
- Introduce tests/tests.yml, based on the one in java-11-openjdk
|
||||||
- Resolves: rhbz#2058493
|
- Resolves: rhbz#2058490
|
||||||
|
|
||||||
* Sun Feb 27 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.2.0.8-13
|
|
||||||
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
|
|
||||||
secmod.db file as part of nss
|
|
||||||
- Resolves: rhbz#2023536
|
|
||||||
|
|
||||||
* Sun Feb 27 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-12
|
|
||||||
- Detect NSS at runtime for FIPS detection
|
|
||||||
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
|
|
||||||
- Resolves: rhbz#2051605
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-11
|
|
||||||
- Add JDK-8275535 patch to fix LDAP authentication issue.
|
|
||||||
- Resolves: rhbz#2053256
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-10
|
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-10
|
||||||
- Storing and restoring alterntives during update manually
|
- Storing and restoring alterntives during update manually
|
||||||
@ -2848,28 +2842,30 @@ require "copy_jdk_configs.lua"
|
|||||||
-- the selection in family
|
-- the selection in family
|
||||||
-- Thus this fix, is storing the family of manually selected master, and if
|
-- Thus this fix, is storing the family of manually selected master, and if
|
||||||
-- stored, then it is restoring the family of the master
|
-- stored, then it is restoring the family of the master
|
||||||
- Resolves: rhbz#2008200
|
- Resolves: rhbz#2008206
|
||||||
|
|
||||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-9
|
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-9
|
||||||
- Family extracted to globals
|
- Family extracted to globals
|
||||||
- Resolves: rhbz#2008200
|
- Related: rhbz#2008206
|
||||||
|
|
||||||
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-8
|
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-8
|
||||||
- alternatives creation moved to posttrans
|
- Detect NSS at runtime for FIPS detection
|
||||||
- Thus fixing the old reisntall issue:
|
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
|
||||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
|
- Resolves: rhbz#2052829
|
||||||
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
|
|
||||||
- Resolves: rhbz#2008200
|
|
||||||
|
|
||||||
* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-7
|
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-7
|
||||||
|
- Add JDK-8275535 patch to fix LDAP authentication issue.
|
||||||
|
- Resolves: rhbz#2053521
|
||||||
|
|
||||||
|
* Mon Feb 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-6
|
||||||
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
|
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
|
||||||
- Resolves: rhbz#2051590
|
- Resolves: rhbz#2052819
|
||||||
|
|
||||||
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-6
|
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-5
|
||||||
- Fix FIPS issues in native code and with initialisation of java.security.Security
|
- Fix FIPS issues in native code and with initialisation of java.security.Security
|
||||||
- Resolves: rhbz#2023378
|
- Resolves: rhbz#2023531
|
||||||
|
|
||||||
* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-5
|
* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-4
|
||||||
- Restructure the build so a minimal initial build is then used for the final build (with docs)
|
- Restructure the build so a minimal initial build is then used for the final build (with docs)
|
||||||
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
|
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
|
||||||
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
|
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
|
||||||
@ -2882,92 +2878,108 @@ require "copy_jdk_configs.lua"
|
|||||||
- Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
|
- Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
|
||||||
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
|
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
|
||||||
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
|
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
|
||||||
- Resolves: rhbz#2022822
|
- Resolves: rhbz#2022826
|
||||||
|
|
||||||
* Thu Feb 17 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-5
|
* Thu Feb 17 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-4
|
||||||
- Replaced tabs by sets of spaces to make rpmlint happy
|
- Replaced tabs by sets of spaces to make rpmlint happy
|
||||||
- javadoc-zip gets its own provides next to plain javadoc ones
|
- javadoc-zip gets its own provides next to plain javadoc ones
|
||||||
- Resolves: rhbz#2022822
|
- Resolves: rhbz#2022826
|
||||||
|
|
||||||
* Tue Feb 08 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-4
|
* Wed Feb 16 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-3
|
||||||
- Minor cosmetic improvements to make spec more comparable between variants
|
- Minor cosmetic improvements to make spec more comparable between variants
|
||||||
- Related: rhbz#2022822
|
- Related: rhbz#2022826
|
||||||
|
|
||||||
* Thu Feb 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-3
|
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2
|
||||||
- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
|
- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
|
||||||
- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
|
- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
|
||||||
- Related: rhbz#2022822
|
- Related: rhbz#2022826
|
||||||
|
|
||||||
* Thu Feb 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2
|
* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-1
|
||||||
- Extend LTS check to exclude EPEL.
|
|
||||||
- Related: rhbz#2022822
|
|
||||||
|
|
||||||
* Thu Feb 03 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.2.0.8-2
|
|
||||||
- Set LTS designator.
|
|
||||||
- Related: rhbz#2022822
|
|
||||||
|
|
||||||
* Wed Jan 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-1
|
|
||||||
- January 2022 security update to jdk 17.0.2+8
|
- January 2022 security update to jdk 17.0.2+8
|
||||||
- Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
|
- Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
|
||||||
- Rename libsvml.so to libjsvml.so following JDK-8276025
|
- Rename libsvml.so to libjsvml.so following JDK-8276025
|
||||||
- Resolves: rhbz#2039366
|
- Drop JDK-8276572 patch which is now upstream
|
||||||
|
- Resolves: rhbz#2039392
|
||||||
|
|
||||||
* Thu Oct 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-3
|
* Thu Feb 10 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-3
|
||||||
- Sync desktop files with upstream IcedTea release 3.15.0 using new script
|
- Sync desktop files with upstream IcedTea release 3.15.0 using new script
|
||||||
- Related: rhbz#2013842
|
- Related: rhbz#2022826
|
||||||
|
|
||||||
* Tue Oct 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-2
|
* Mon Nov 29 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.1.0.12-2
|
||||||
- Drop JDK-8272332/RH2004078 patch which is upstream in 17.0.1
|
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
|
||||||
- Resolves: rhbz#2013842
|
secmod.db file as part of nss
|
||||||
|
- Resolves: rhbz#2023537
|
||||||
|
|
||||||
* Wed Oct 20 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-2
|
* Tue Nov 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.1.0.12-1
|
||||||
|
- Drop JDK-8272332 patch now included upstream.
|
||||||
|
- Resolves: rhbz#2013846
|
||||||
|
|
||||||
|
* Tue Nov 16 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-1
|
||||||
- October CPU update to jdk 17.0.1+12
|
- October CPU update to jdk 17.0.1+12
|
||||||
- Dropped commented-out source line
|
- Dropped commented-out source line
|
||||||
- Resolves: rhbz#2013842
|
- Resolves: rhbz#2013846
|
||||||
|
|
||||||
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-6
|
* Tue Nov 09 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-8
|
||||||
|
- Extend LTS check to exclude EPEL.
|
||||||
|
- Related: rhbz#2013846
|
||||||
|
|
||||||
|
* Tue Nov 09 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.35-8
|
||||||
|
- Set LTS designator.
|
||||||
|
- Related: rhbz#2013846
|
||||||
|
|
||||||
|
* Mon Nov 08 2021 Jiri Vanek <jvanek@redhat.com> - 1:17.0.0.0.35-7
|
||||||
|
- alternatives creation moved to posttrans
|
||||||
|
- Thus fixing the old reinstall issue:
|
||||||
|
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
|
||||||
|
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
|
||||||
|
- Resolves: rhbz#2008206
|
||||||
|
|
||||||
|
* Fri Nov 05 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-6
|
||||||
|
- Patch syslookup.c so it actually has some code to be compiled into libsyslookup
|
||||||
|
- Related: rhbz#2013846
|
||||||
|
|
||||||
|
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5
|
||||||
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
|
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
|
||||||
- Resolves: rhbz#1994661
|
- Resolves: rhbz#1994682
|
||||||
|
|
||||||
* Sun Oct 10 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.35-6
|
* Sun Oct 10 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.35-5
|
||||||
- Add patch to allow plain key import.
|
- Add patch to allow plain key import.
|
||||||
- Resolves: rhbz#1994661
|
- Resolves: rhbz#1994682
|
||||||
|
|
||||||
* Mon Sep 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5
|
* Mon Sep 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-4
|
||||||
- Update release notes to document the major changes between OpenJDK 11 & 17.
|
- Update release notes to document the major changes between OpenJDK 11 & 17.
|
||||||
- Resolves: rhbz#2003072
|
- Resolves: rhbz#2000925
|
||||||
|
|
||||||
* Thu Sep 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-3
|
* Thu Sep 16 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-3
|
||||||
- Update to jdk-17+35, also known as jdk-17-ga.
|
- Update to jdk-17+35, also known as jdk-17-ga.
|
||||||
- Switch to GA mode.
|
- Switch to GA mode.
|
||||||
- Add JDK-8272332 fix so we actually link against HarfBuzz.
|
- Add JDK-8272332 fix so we actually link against HarfBuzz.
|
||||||
- Resolves: rhbz#2003072
|
- Resolves: rhbz#2000925
|
||||||
- Resolves: rhbz#2004078
|
|
||||||
|
|
||||||
* Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.5.ea
|
* Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.5.ea
|
||||||
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
|
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
|
||||||
- Resolves: rhbz#1996182
|
- Resolves: rhbz#1997359
|
||||||
|
|
||||||
* Sat Aug 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.4.ea
|
* Sat Aug 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.4.ea
|
||||||
- Fix unused function compiler warning found in systemconf.c
|
- Fix unused function compiler warning found in systemconf.c
|
||||||
- Related: rhbz#1995150
|
- Related: rhbz#1995889
|
||||||
|
|
||||||
* Sat Aug 28 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.4.ea
|
* Sat Aug 28 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.4.ea
|
||||||
- Add patch to login to the NSS software token when in FIPS mode.
|
- Add patch to login to the NSS software token when in FIPS mode.
|
||||||
- Resolves: rhbz#1996182
|
- Resolves: rhbz#1997359
|
||||||
|
|
||||||
* Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.3.ea
|
* Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.3.ea
|
||||||
- Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
|
- Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
|
||||||
- Resolves: rhbz#1995150
|
- Resolves: rhbz#1995889
|
||||||
|
|
||||||
* Fri Aug 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.2.ea
|
* Fri Aug 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.2.ea
|
||||||
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
|
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
|
||||||
- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
|
- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
|
||||||
- Related: rhbz#1995150
|
- Related: rhbz#1995889
|
||||||
|
|
||||||
* Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.2.ea
|
* Fri Aug 27 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.2.ea
|
||||||
- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
|
- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
|
||||||
- Related: rhbz#1995150
|
- Related: rhbz#1995889
|
||||||
|
|
||||||
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.1.ea
|
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.1.ea
|
||||||
- Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
|
- Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
|
||||||
@ -2978,51 +2990,56 @@ require "copy_jdk_configs.lua"
|
|||||||
- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
|
- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
|
||||||
- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
|
- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
|
||||||
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
|
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
|
||||||
- Related: rhbz#1995150
|
- Related: rhbz#1995889
|
||||||
|
|
||||||
* Thu Aug 26 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.1.ea
|
* Thu Aug 26 2021 Martin Balao <mbalao@redhat.com> - 1:17.0.0.0.33-0.1.ea
|
||||||
- Support the FIPS mode crypto policy (RH1655466)
|
- Support the FIPS mode crypto policy (RH1655466)
|
||||||
- Use appropriate keystore types when in FIPS mode (RH1818909)
|
- Use appropriate keystore types when in FIPS mode (RH1818909)
|
||||||
- Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
|
- Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
|
||||||
- Related: rhbz#1995150
|
- Related: rhbz#1995889
|
||||||
|
|
||||||
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.0.ea
|
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.33-0.0.ea
|
||||||
- Update to jdk-17+33, including JDWP fix and July 2021 CPU
|
- Update to jdk-17+33, including JDWP fix and July 2021 CPU
|
||||||
- Resolves: rhbz#1959487
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.5.ea
|
* Thu Aug 26 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.5.ea
|
||||||
- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
|
- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
|
||||||
- Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
|
- Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
|
||||||
- Resolves: rhbz#1959487
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
* Wed Aug 25 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.4.ea
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:17.0.0.0.26-0.4.ea.1
|
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
|
* Wed Jul 14 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.4.ea
|
||||||
- Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch which made the SunPKCS provider show up again
|
- Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch which made the SunPKCS provider show up again
|
||||||
- Resolves: rhbz#1959487
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
* Wed Aug 25 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.3.ea
|
* Tue Jul 13 2021 Jiri Vanek <pmikova@redhat.com> - 1:17.0.0.0.26-0.3.ea
|
||||||
- Re-enable TestSecurityProperties after inclusion of PR3695
|
|
||||||
- Resolves: rhbz#1959487
|
|
||||||
|
|
||||||
* Wed Aug 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.3.ea
|
|
||||||
- Add PR3695 to allow the system crypto policy to be turned off
|
|
||||||
- Resolves: rhbz#1959487
|
|
||||||
|
|
||||||
* Wed Jul 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
|
||||||
- Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot.
|
|
||||||
- Resolves: rhbz#1959487
|
|
||||||
|
|
||||||
* Wed Jul 14 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
|
||||||
- Update buildjdkver to 17 so as to build with itself
|
|
||||||
- Resolves: rhbz#1959487
|
|
||||||
|
|
||||||
* Tue Jul 13 2021 Jiri Vanek <jvanek@redhat.com> - 1:17.0.0.0.26-0.1.ea
|
|
||||||
- Add gating support
|
- Add gating support
|
||||||
- Resolves: rhbz#1959487
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
|
* Fri Jun 25 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
||||||
|
- Re-enable TestSecurityProperties after inclusion of PR3695
|
||||||
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
|
* Fri Jun 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.2.ea
|
||||||
|
- Add PR3695 to allow the system crypto policy to be turned off
|
||||||
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
|
* Fri Jun 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.1.ea
|
||||||
|
- Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot.
|
||||||
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
|
* Thu Jun 24 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.0.0.26-0.1.ea
|
||||||
|
- Update buildjdkver to 17 so as to build with itself
|
||||||
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
* Mon Jun 21 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.0.ea
|
* Mon Jun 21 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.26-0.0.ea
|
||||||
- Rename as java-17-openjdk and bootstrap using boot JDK in local sources
|
- Rename to java-17-openjdk and bootstrap using boot JDK in local sources
|
||||||
- Exclude x86 as this is not supported by OpenJDK 17
|
- Exclude x86 as this is not supported by OpenJDK 17
|
||||||
- Resolves: rhbz#1959487
|
- Use unzip to test src.zip to avoid looking for jar on path
|
||||||
|
- Resolves: rhbz#1870625
|
||||||
|
|
||||||
* Fri Jun 11 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.0.ea.rolling
|
* Fri Jun 11 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.0.0.26-0.0.ea.rolling
|
||||||
- update sources to jdk 17.0.0+26
|
- update sources to jdk 17.0.0+26
|
||||||
@ -3036,6 +3053,9 @@ require "copy_jdk_configs.lua"
|
|||||||
- add lib/libsvml.so for intel
|
- add lib/libsvml.so for intel
|
||||||
- skip debuginfo check for libsyslookup.so on s390x
|
- skip debuginfo check for libsyslookup.so on s390x
|
||||||
|
|
||||||
|
* Fri May 07 2021 Jiri Vanek <jvanek@redhat.com> - 1:16.0.1.0.9-2.rolling
|
||||||
|
- removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction
|
||||||
|
|
||||||
* Thu Apr 29 2021 Jiri Vanek <jvanek@redhat.com> - 1:16.0.1.0.9-2.rolling
|
* Thu Apr 29 2021 Jiri Vanek <jvanek@redhat.com> - 1:16.0.1.0.9-2.rolling
|
||||||
- adapted to debug handling in newer cjc
|
- adapted to debug handling in newer cjc
|
||||||
- The rest of the "rpm 4.17" patch must NOT be backported, as on rpm 4.16 and down, it would casue double execution
|
- The rest of the "rpm 4.17" patch must NOT be backported, as on rpm 4.16 and down, it would casue double execution
|
||||||
|
Loading…
Reference in New Issue
Block a user