OpenJDK 17 Runtime Environment
b267c4cf63
- Update to jdk-17+35, also known as jdk-17-ga. - Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot. - Update buildjdkver to 17 so as to build with itself - Add possibility to disable system crypto policy - Add PR3695 to allow the system crypto policy to be turned off - Re-enable TestSecurityProperties after inclusion of PR3695 - Added gating.yaml - Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch - Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. - Remove restriction on disabling product build, as debug packages no longer have javadoc packages. - Update to jdk-17+33, including JDWP fix and July 2021 CPU - Support the FIPS mode crypto policy (RH1655466) - Update RH1655466 FIPS patch with changes in OpenJDK 8 version. - SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. - Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg. - No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable. - Disable FIPS mode support unless com.redhat.fips is set to "true". - Use appropriate keystore types when in FIPS mode (RH1818909) - Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable). - Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986) - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071) - Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library. - Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure. - Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM. - Add patch to disable non-FIPS crypto in the SUN and SunEC security providers. - Add patch to login to the NSS software token when in FIPS mode. - Fix unused function compiler warning found in systemconf.c - Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access. - Add JDK-8272332 fix so we actually link against HarfBuzz. - Update release notes to document the major changes between OpenJDK 11 & 17. - Add FIPS patch to allow plain key import. - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false - Patch syslookup.c so it actually has some code to be compiled into libsyslookup - alternatives creation moved to posttrans - Set LTS designator on RHEL, but not Fedora or EPEL. Related: RHEL-45216 |
||
|---|---|---|
| .gitignore | ||
| gating.yaml | ||
| java-17-openjdk.spec | ||
| jconsole.desktop.in | ||
| jdk8272332-rh2004078-broken_harfbuzz_linking.patch | ||
| jdk8276572-fake_libsyslookup_causes_tooling_issues.patch | ||
| NEWS | ||
| nss.cfg.in | ||
| nss.fips.cfg.in | ||
| pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch | ||
| pr3695-toggle_system_crypto_policy.patch | ||
| remove-intree-libraries.sh | ||
| rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch | ||
| rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch | ||
| rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch | ||
| rh1648644-java_access_bridge_privileged_security.patch | ||
| rh1655466-global_crypto_and_fips.patch | ||
| rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch | ||
| rh1750419-redhat_alt_java.patch | ||
| rh1818909-fips_default_keystore_type.patch | ||
| rh1860986-disable_tlsv1.3_in_fips_mode.patch | ||
| rh1915071-always_initialise_configurator_access.patch | ||
| rh1929465-dont_define_unused_throwioexception.patch | ||
| rh1929465-improve_system_FIPS_detection.patch | ||
| rh1991003-enable_fips_keys_import.patch | ||
| rh1995150-disable_non-fips_crypto.patch | ||
| rh1996182-extend_security_policy.patch | ||
| rh1996182-login_to_nss_software_token.patch | ||
| sources | ||
| TestCryptoLevel.java | ||
| TestECDSA.java | ||
| TestSecurityProperties.java | ||