Update to jdk-21.0.3+7 (EA)
- Update release notes to 21.0.3+7 - Require tzdata 2024a due to upstream inclusion of JDK-8322725 - Only require tzdata 2023d for now as 2024a is unavailable in buildroot - Drop JDK-8009550 which is now available upstream - Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254 Resolves: RHEL-52723
This commit is contained in:
parent
0933e70f18
commit
bab44f5cce
1
.gitignore
vendored
1
.gitignore
vendored
@ -16,3 +16,4 @@
|
||||
/openjdk-21.0.2+12.tar.xz
|
||||
/openjdk-21.0.2+13.tar.xz
|
||||
/openjdk-21.0.3+1-ea.tar.xz
|
||||
/openjdk-21.0.3+7-ea.tar.xz
|
||||
|
@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80
|
||||
+ AC_SUBST(NSS_LIBDIR)
|
||||
+])
|
||||
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
|
||||
index a1fc81564b1..ebad69d9dcf 100644
|
||||
index 51d4f724c33..feb0bcf3e75 100644
|
||||
--- a/make/autoconf/libraries.m4
|
||||
+++ b/make/autoconf/libraries.m4
|
||||
@@ -35,6 +35,7 @@ m4_include([lib-std.m4])
|
||||
@ -127,7 +127,7 @@ index a1fc81564b1..ebad69d9dcf 100644
|
||||
|
||||
################################################################################
|
||||
# Determine which libraries are needed for this configuration
|
||||
@@ -134,6 +135,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
|
||||
@@ -128,6 +129,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
|
||||
LIB_SETUP_X11
|
||||
|
||||
LIB_TESTS_SETUP_GTEST
|
||||
@ -136,10 +136,10 @@ index a1fc81564b1..ebad69d9dcf 100644
|
||||
BASIC_JDKLIB_LIBS=""
|
||||
BASIC_JDKLIB_LIBS_TARGET=""
|
||||
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
|
||||
index 0f85917814e..9419562b654 100644
|
||||
index f6def153c82..4d7abc33427 100644
|
||||
--- a/make/autoconf/spec.gmk.in
|
||||
+++ b/make/autoconf/spec.gmk.in
|
||||
@@ -867,6 +867,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
|
||||
@@ -873,6 +873,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
|
||||
# Libraries
|
||||
#
|
||||
|
||||
@ -2959,7 +2959,7 @@ index 00000000000..f8d505ca815
|
||||
+}
|
||||
\ No newline at end of file
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||
index 6b26297b1b4..7ee5e07756c 100644
|
||||
index c3b412885a6..0e7ce73b158 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
|
||||
@@ -37,6 +37,8 @@ import javax.crypto.*;
|
||||
@ -2981,20 +2981,21 @@ index 6b26297b1b4..7ee5e07756c 100644
|
||||
private static final String PUBLIC = "public";
|
||||
private static final String PRIVATE = "private";
|
||||
private static final String SECRET = "secret";
|
||||
@@ -401,8 +406,10 @@ abstract class P11Key implements Key, Length {
|
||||
@@ -401,9 +406,10 @@ abstract class P11Key implements Key, Length {
|
||||
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
|
||||
});
|
||||
|
||||
- boolean keySensitive = (attrs[0].getBoolean() ||
|
||||
- attrs[1].getBoolean() || !attrs[2].getBoolean());
|
||||
- boolean keySensitive =
|
||||
- (attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
|
||||
- attrs[1].getBoolean() || !attrs[2].getBoolean();
|
||||
+ boolean exportable = plainKeySupportEnabled && !algorithm.equals("DH");
|
||||
+ boolean keySensitive = (!exportable &&
|
||||
+ (attrs[0].getBoolean() ||
|
||||
+ attrs[1].getBoolean() || !attrs[2].getBoolean()));
|
||||
+ ((attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
|
||||
+ attrs[1].getBoolean() || !attrs[2].getBoolean()));
|
||||
|
||||
return switch (algorithm) {
|
||||
case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm,
|
||||
@@ -454,7 +461,8 @@ abstract class P11Key implements Key, Length {
|
||||
@@ -455,7 +461,8 @@ abstract class P11Key implements Key, Length {
|
||||
|
||||
public String getFormat() {
|
||||
token.ensureValid();
|
||||
@ -3004,7 +3005,7 @@ index 6b26297b1b4..7ee5e07756c 100644
|
||||
return null;
|
||||
} else {
|
||||
return "RAW";
|
||||
@@ -1624,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference<P11Key> {
|
||||
@@ -1625,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference<P11Key> {
|
||||
this.clear();
|
||||
}
|
||||
}
|
||||
@ -3204,7 +3205,7 @@ index 5cd6828d293..bae49c4e8a9 100644
|
||||
debug.println("logout succeeded");
|
||||
}
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
|
||||
index 3378409ca1c..7602a92a252 100644
|
||||
index a6f5f0a8764..9a07c96ca4e 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
|
||||
@@ -33,6 +33,7 @@ import java.lang.ref.*;
|
@ -349,7 +349,7 @@
|
||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||
# Define current Git revision for the FIPS support patches
|
||||
%global fipsver 75ffdc48eda
|
||||
%global fipsver 0a42e29b391
|
||||
# Define JDK versions
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
%global javaver %{featurever}
|
||||
@ -363,7 +363,7 @@
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{vcstag}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 1
|
||||
%global buildver 7
|
||||
%global rpmrelease 1
|
||||
# Settings used by the portable build
|
||||
%global portablerelease 1
|
||||
@ -1153,7 +1153,8 @@ Requires: ca-certificates
|
||||
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
|
||||
Requires: javapackages-filesystem
|
||||
# Require zone-info data provided by tzdata-java sub-package
|
||||
# 2023d required as of JDK-8322725
|
||||
# 2024a required as of JDK-8325150
|
||||
# Use 2023d until 2024a is in the buildroot
|
||||
Requires: tzdata-java >= 2023d
|
||||
# for support of kernel stream control
|
||||
# libsctp.so.1 is being `dlopen`ed on demand
|
||||
@ -1413,10 +1414,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
|
||||
#
|
||||
#############################################
|
||||
|
||||
# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
|
||||
# PR: https://github.com/openjdk/jdk/pull/15409
|
||||
Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch
|
||||
|
||||
# Currently empty
|
||||
|
||||
#############################################
|
||||
@ -1482,7 +1479,8 @@ BuildRequires: %{pkgnameroot}-misc = %{epoch}:%{version}-%{prelease}.%{portables
|
||||
%ifarch %{zero_arches}
|
||||
BuildRequires: libffi-devel
|
||||
%endif
|
||||
# 2023d required as of JDK-8322725
|
||||
# 2024a required as of JDK-8325150
|
||||
# Use 2023d until 2024a is in the buildroot
|
||||
BuildRequires: tzdata-java >= 2023d
|
||||
# Earlier versions have a bug in tree vectorization on PPC
|
||||
BuildRequires: gcc >= 4.8.3-8
|
||||
@ -1888,8 +1886,6 @@ sh %{SOURCE12} %{top_level_dir_name}
|
||||
pushd %{top_level_dir_name}
|
||||
# Add crypto policy and FIPS support
|
||||
%patch -P1001 -p1
|
||||
# Patches in need of upstreaming
|
||||
%patch -P6 -p1
|
||||
popd # openjdk
|
||||
|
||||
|
||||
@ -2513,6 +2509,15 @@ cjc.mainProgram(args)
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sun Aug 04 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.7-0.1.ea
|
||||
- Update to jdk-21.0.3+7 (EA)
|
||||
- Update release notes to 21.0.3+7
|
||||
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
|
||||
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
|
||||
- Drop JDK-8009550 which is now available upstream
|
||||
- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254
|
||||
- Resolves: RHEL-52723
|
||||
|
||||
* Sat Aug 03 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:21.0.3.0.1-0.1.ea
|
||||
- Invoke xz in multi-threaded mode
|
||||
- generate_source_tarball.sh: Add WITH_TEMP environment variable
|
||||
|
@ -1,125 +0,0 @@
|
||||
commit d0523302416bc6507696f20d1068f16427bcf6b8
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Thu Aug 24 01:23:49 2023 +0100
|
||||
|
||||
8009550: PlatformPCSC should load versioned so
|
||||
|
||||
diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java
|
||||
index bff273c6548..e5a6b288ff8 100644
|
||||
--- a/src/java.base/share/classes/sun/security/util/Debug.java
|
||||
+++ b/src/java.base/share/classes/sun/security/util/Debug.java
|
||||
@@ -81,6 +81,7 @@ public static void Help()
|
||||
System.err.println("logincontext login context results");
|
||||
System.err.println("jca JCA engine class debugging");
|
||||
System.err.println("keystore KeyStore debugging");
|
||||
+ System.err.println("pcsc Smartcard library debugging");
|
||||
System.err.println("policy loading and granting");
|
||||
System.err.println("provider security provider debugging");
|
||||
System.err.println("pkcs11 PKCS11 session manager debugging");
|
||||
diff --git a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
index bacff32efbc..d9f605ada1e 100644
|
||||
--- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
+++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
@@ -1,5 +1,6 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
+ * Copyright (c) 2023, Red Hat Inc. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -46,8 +47,13 @@ class PlatformPCSC {
|
||||
|
||||
private static final String PROP_NAME = "sun.security.smartcardio.library";
|
||||
|
||||
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
|
||||
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
|
||||
+ private static final String[] LIB_TEMPLATES = { "/usr/$LIBISA/libpcsclite.so",
|
||||
+ "/usr/local/$LIBISA/libpcsclite.so",
|
||||
+ "/usr/lib/$ARCH-linux-gnu/libpcsclite.so",
|
||||
+ "/usr/lib/arm-linux-gnueabi/libpcsclite.so",
|
||||
+ "/usr/lib/arm-linux-gnueabihf/libpcsclite.so",
|
||||
+ "/usr/lib/$ARCH-kfreebsd-gnu/libpcsclite.so" };
|
||||
+ private static final String[] LIB_SUFFIXES = { ".1", ".0", "" };
|
||||
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
|
||||
|
||||
PlatformPCSC() {
|
||||
@@ -73,23 +79,38 @@ public Throwable run() {
|
||||
});
|
||||
|
||||
// expand $LIBISA to the system specific directory name for libraries
|
||||
+ // expand $ARCH to the Debian system architecture in use
|
||||
private static String expand(String lib) {
|
||||
int k = lib.indexOf("$LIBISA");
|
||||
- if (k == -1) {
|
||||
- return lib;
|
||||
+ if (k != -1) {
|
||||
+ String libDir;
|
||||
+ if ("64".equals(System.getProperty("sun.arch.data.model"))) {
|
||||
+ // assume Linux convention
|
||||
+ libDir = "lib64";
|
||||
+ } else {
|
||||
+ // must be 32-bit
|
||||
+ libDir = "lib";
|
||||
+ }
|
||||
+ lib = lib.replace("$LIBISA", libDir);
|
||||
}
|
||||
- String s1 = lib.substring(0, k);
|
||||
- String s2 = lib.substring(k + 7);
|
||||
- String libDir;
|
||||
- if ("64".equals(System.getProperty("sun.arch.data.model"))) {
|
||||
- // assume Linux convention
|
||||
- libDir = "lib64";
|
||||
- } else {
|
||||
- // must be 32-bit
|
||||
- libDir = "lib";
|
||||
+
|
||||
+ k = lib.indexOf("$ARCH");
|
||||
+ if (k != -1) {
|
||||
+ String arch = System.getProperty("os.arch");
|
||||
+ lib = lib.replace("$ARCH", getDebianArchitecture(arch));
|
||||
}
|
||||
- String s = s1 + libDir + s2;
|
||||
- return s;
|
||||
+
|
||||
+ return lib;
|
||||
+ }
|
||||
+
|
||||
+ private static String getDebianArchitecture(String jdkArch) {
|
||||
+ return switch (jdkArch) {
|
||||
+ case "amd64" -> "x86_64";
|
||||
+ case "ppc" -> "powerpc";
|
||||
+ case "ppc64" -> "powerpc64";
|
||||
+ case "ppc64le" -> "powerpc64le";
|
||||
+ default -> jdkArch;
|
||||
+ };
|
||||
}
|
||||
|
||||
private static String getLibraryName() throws IOException {
|
||||
@@ -98,15 +119,18 @@ private static String getLibraryName() throws IOException {
|
||||
if (lib.length() != 0) {
|
||||
return lib;
|
||||
}
|
||||
- lib = expand(LIB1);
|
||||
- if (new File(lib).isFile()) {
|
||||
- // if LIB1 exists, use that
|
||||
- return lib;
|
||||
- }
|
||||
- lib = expand(LIB2);
|
||||
- if (new File(lib).isFile()) {
|
||||
- // if LIB2 exists, use that
|
||||
- return lib;
|
||||
+
|
||||
+ for (String template : LIB_TEMPLATES) {
|
||||
+ for (String suffix : LIB_SUFFIXES) {
|
||||
+ lib = expand(template) + suffix;
|
||||
+ if (debug != null) {
|
||||
+ debug.println("Looking for " + lib);
|
||||
+ }
|
||||
+ if (new File(lib).isFile()) {
|
||||
+ // if library exists, use that
|
||||
+ return lib;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
// As of macos 11, framework libraries have been removed from the file
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
|
||||
SHA512 (openjdk-21.0.3+1-ea.tar.xz) = 5b1eb2fc253787a22857c4a5b644f2eeec4774d860c9d90d76f8daf4a40299941fd2865baee4811a16e7c80b4d7dadd1413514fb68d218431f94445a89ea1b75
|
||||
SHA512 (openjdk-21.0.3+7-ea.tar.xz) = 086e753c6f5139c2123a34ca25b09983b7068d94a47206499d9b03dbb6c6de23609ab15de66d93e9b7ed7282293831885e2be222f6b7f47966d5f8e683386e12
|
||||
|
Loading…
Reference in New Issue
Block a user