Update to jdk-21.0.3+7 (EA)

- Update release notes to 21.0.3+7
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
- Drop JDK-8009550 which is now available upstream
- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254

Resolves: RHEL-52723
This commit is contained in:
Andrew Hughes 2024-04-13 14:56:57 +01:00
parent 0933e70f18
commit bab44f5cce
5 changed files with 31 additions and 149 deletions

1
.gitignore vendored
View File

@ -16,3 +16,4 @@
/openjdk-21.0.2+12.tar.xz
/openjdk-21.0.2+13.tar.xz
/openjdk-21.0.3+1-ea.tar.xz
/openjdk-21.0.3+7-ea.tar.xz

View File

@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80
+ AC_SUBST(NSS_LIBDIR)
+])
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
index a1fc81564b1..ebad69d9dcf 100644
index 51d4f724c33..feb0bcf3e75 100644
--- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4
@@ -35,6 +35,7 @@ m4_include([lib-std.m4])
@ -127,7 +127,7 @@ index a1fc81564b1..ebad69d9dcf 100644
################################################################################
# Determine which libraries are needed for this configuration
@@ -134,6 +135,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
@@ -128,6 +129,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
LIB_SETUP_X11
LIB_TESTS_SETUP_GTEST
@ -136,10 +136,10 @@ index a1fc81564b1..ebad69d9dcf 100644
BASIC_JDKLIB_LIBS=""
BASIC_JDKLIB_LIBS_TARGET=""
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
index 0f85917814e..9419562b654 100644
index f6def153c82..4d7abc33427 100644
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
@@ -867,6 +867,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
@@ -873,6 +873,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
# Libraries
#
@ -2959,7 +2959,7 @@ index 00000000000..f8d505ca815
+}
\ No newline at end of file
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
index 6b26297b1b4..7ee5e07756c 100644
index c3b412885a6..0e7ce73b158 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
@@ -37,6 +37,8 @@ import javax.crypto.*;
@ -2981,20 +2981,21 @@ index 6b26297b1b4..7ee5e07756c 100644
private static final String PUBLIC = "public";
private static final String PRIVATE = "private";
private static final String SECRET = "secret";
@@ -401,8 +406,10 @@ abstract class P11Key implements Key, Length {
@@ -401,9 +406,10 @@ abstract class P11Key implements Key, Length {
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
});
- boolean keySensitive = (attrs[0].getBoolean() ||
- attrs[1].getBoolean() || !attrs[2].getBoolean());
- boolean keySensitive =
- (attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
- attrs[1].getBoolean() || !attrs[2].getBoolean();
+ boolean exportable = plainKeySupportEnabled && !algorithm.equals("DH");
+ boolean keySensitive = (!exportable &&
+ (attrs[0].getBoolean() ||
+ attrs[1].getBoolean() || !attrs[2].getBoolean()));
+ ((attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
+ attrs[1].getBoolean() || !attrs[2].getBoolean()));
return switch (algorithm) {
case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm,
@@ -454,7 +461,8 @@ abstract class P11Key implements Key, Length {
@@ -455,7 +461,8 @@ abstract class P11Key implements Key, Length {
public String getFormat() {
token.ensureValid();
@ -3004,7 +3005,7 @@ index 6b26297b1b4..7ee5e07756c 100644
return null;
} else {
return "RAW";
@@ -1624,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference<P11Key> {
@@ -1625,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference<P11Key> {
this.clear();
}
}
@ -3204,7 +3205,7 @@ index 5cd6828d293..bae49c4e8a9 100644
debug.println("logout succeeded");
}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
index 3378409ca1c..7602a92a252 100644
index a6f5f0a8764..9a07c96ca4e 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
@@ -33,6 +33,7 @@ import java.lang.ref.*;

View File

@ -349,7 +349,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver 75ffdc48eda
%global fipsver 0a42e29b391
# Define JDK versions
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
@ -363,7 +363,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 1
%global buildver 7
%global rpmrelease 1
# Settings used by the portable build
%global portablerelease 1
@ -1153,7 +1153,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
# 2023d required as of JDK-8322725
# 2024a required as of JDK-8325150
# Use 2023d until 2024a is in the buildroot
Requires: tzdata-java >= 2023d
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
@ -1413,10 +1414,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
#
#############################################
# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
# PR: https://github.com/openjdk/jdk/pull/15409
Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch
# Currently empty
#############################################
@ -1482,7 +1479,8 @@ BuildRequires: %{pkgnameroot}-misc = %{epoch}:%{version}-%{prelease}.%{portables
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
# 2023d required as of JDK-8322725
# 2024a required as of JDK-8325150
# Use 2023d until 2024a is in the buildroot
BuildRequires: tzdata-java >= 2023d
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@ -1888,8 +1886,6 @@ sh %{SOURCE12} %{top_level_dir_name}
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
%patch -P1001 -p1
# Patches in need of upstreaming
%patch -P6 -p1
popd # openjdk
@ -2513,6 +2509,15 @@ cjc.mainProgram(args)
%endif
%changelog
* Sun Aug 04 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.7-0.1.ea
- Update to jdk-21.0.3+7 (EA)
- Update release notes to 21.0.3+7
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
- Drop JDK-8009550 which is now available upstream
- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254
- Resolves: RHEL-52723
* Sat Aug 03 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:21.0.3.0.1-0.1.ea
- Invoke xz in multi-threaded mode
- generate_source_tarball.sh: Add WITH_TEMP environment variable

View File

@ -1,125 +0,0 @@
commit d0523302416bc6507696f20d1068f16427bcf6b8
Author: Andrew Hughes <gnu.andrew@redhat.com>
Date: Thu Aug 24 01:23:49 2023 +0100
8009550: PlatformPCSC should load versioned so
diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java
index bff273c6548..e5a6b288ff8 100644
--- a/src/java.base/share/classes/sun/security/util/Debug.java
+++ b/src/java.base/share/classes/sun/security/util/Debug.java
@@ -81,6 +81,7 @@ public static void Help()
System.err.println("logincontext login context results");
System.err.println("jca JCA engine class debugging");
System.err.println("keystore KeyStore debugging");
+ System.err.println("pcsc Smartcard library debugging");
System.err.println("policy loading and granting");
System.err.println("provider security provider debugging");
System.err.println("pkcs11 PKCS11 session manager debugging");
diff --git a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
index bacff32efbc..d9f605ada1e 100644
--- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
+++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Red Hat Inc. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,8 +47,13 @@ class PlatformPCSC {
private static final String PROP_NAME = "sun.security.smartcardio.library";
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+ private static final String[] LIB_TEMPLATES = { "/usr/$LIBISA/libpcsclite.so",
+ "/usr/local/$LIBISA/libpcsclite.so",
+ "/usr/lib/$ARCH-linux-gnu/libpcsclite.so",
+ "/usr/lib/arm-linux-gnueabi/libpcsclite.so",
+ "/usr/lib/arm-linux-gnueabihf/libpcsclite.so",
+ "/usr/lib/$ARCH-kfreebsd-gnu/libpcsclite.so" };
+ private static final String[] LIB_SUFFIXES = { ".1", ".0", "" };
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
PlatformPCSC() {
@@ -73,23 +79,38 @@ public Throwable run() {
});
// expand $LIBISA to the system specific directory name for libraries
+ // expand $ARCH to the Debian system architecture in use
private static String expand(String lib) {
int k = lib.indexOf("$LIBISA");
- if (k == -1) {
- return lib;
+ if (k != -1) {
+ String libDir;
+ if ("64".equals(System.getProperty("sun.arch.data.model"))) {
+ // assume Linux convention
+ libDir = "lib64";
+ } else {
+ // must be 32-bit
+ libDir = "lib";
+ }
+ lib = lib.replace("$LIBISA", libDir);
}
- String s1 = lib.substring(0, k);
- String s2 = lib.substring(k + 7);
- String libDir;
- if ("64".equals(System.getProperty("sun.arch.data.model"))) {
- // assume Linux convention
- libDir = "lib64";
- } else {
- // must be 32-bit
- libDir = "lib";
+
+ k = lib.indexOf("$ARCH");
+ if (k != -1) {
+ String arch = System.getProperty("os.arch");
+ lib = lib.replace("$ARCH", getDebianArchitecture(arch));
}
- String s = s1 + libDir + s2;
- return s;
+
+ return lib;
+ }
+
+ private static String getDebianArchitecture(String jdkArch) {
+ return switch (jdkArch) {
+ case "amd64" -> "x86_64";
+ case "ppc" -> "powerpc";
+ case "ppc64" -> "powerpc64";
+ case "ppc64le" -> "powerpc64le";
+ default -> jdkArch;
+ };
}
private static String getLibraryName() throws IOException {
@@ -98,15 +119,18 @@ private static String getLibraryName() throws IOException {
if (lib.length() != 0) {
return lib;
}
- lib = expand(LIB1);
- if (new File(lib).isFile()) {
- // if LIB1 exists, use that
- return lib;
- }
- lib = expand(LIB2);
- if (new File(lib).isFile()) {
- // if LIB2 exists, use that
- return lib;
+
+ for (String template : LIB_TEMPLATES) {
+ for (String suffix : LIB_SUFFIXES) {
+ lib = expand(template) + suffix;
+ if (debug != null) {
+ debug.println("Looking for " + lib);
+ }
+ if (new File(lib).isFile()) {
+ // if library exists, use that
+ return lib;
+ }
+ }
}
// As of macos 11, framework libraries have been removed from the file

View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-21.0.3+1-ea.tar.xz) = 5b1eb2fc253787a22857c4a5b644f2eeec4774d860c9d90d76f8daf4a40299941fd2865baee4811a16e7c80b4d7dadd1413514fb68d218431f94445a89ea1b75
SHA512 (openjdk-21.0.3+7-ea.tar.xz) = 086e753c6f5139c2123a34ca25b09983b7068d94a47206499d9b03dbb6c6de23609ab15de66d93e9b7ed7282293831885e2be222f6b7f47966d5f8e683386e12