Commit Graph

193 Commits

Author SHA1 Message Date
Andrew John Hughes
f2132d86ba Add patch to login to the NSS software token when in FIPS mode.
Fix unused function compiler warning found in systemconf.c
Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
2021-10-01 02:13:43 +01:00
Andrew John Hughes
37b7b79aff Update release notes to document the major changes between OpenJDK 11 & 17. 2021-09-27 02:43:04 +01:00
Andrew John Hughes
53cd241c34 Add patch to disable non-FIPS crypto in the SUN and SunEC security providers. 2021-09-16 02:11:23 +01:00
Andrew John Hughes
37b0e84cf4 Update to jdk-17+35, also known as jdk-17-ga.
Switch to GA mode.
2021-09-15 00:07:30 +01:00
Andrew John Hughes
619b0b263e Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
2021-09-08 04:41:40 +01:00
Andrew John Hughes
e426a3c6f9 Support the FIPS mode crypto policy (RH1655466)
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
2021-09-06 01:15:24 +01:00
Jiri Vanek
e16ee29c24 alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
2021-08-31 18:26:42 +02:00
Andrew John Hughes
e79cabf8e2 Update to jdk-17+33, including JDWP fix and July 2021 CPU
Resolves: rhbz#1972529
2021-07-30 06:27:26 +01:00
Fedora Release Engineering
e3ed81b032 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 08:57:38 +00:00
Andrew John Hughes
7bc094fb91 Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
2021-07-07 07:02:16 +01:00
Petra Mikova
e22fd4035f Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
It makes the SunPKCS provider show up again
Resolves: rhbz#1971120
2021-06-28 18:04:36 +02:00
Severin Gehwolf
2849b03224 Add PR3695 to allow the system crypto policy to be turned off.
- Adds patch from java-11-openjdk so as to be able to properly
  toggle the system crypto policy
- Fixes test TestSecurityProperties.java which was failing
2021-06-24 18:37:35 +02:00
Severin Gehwolf
4a0847cae5 Update buildjdkver to 17 2021-06-24 14:39:12 +02:00
Petra Mikova
825f19b8f0 Fix bogus date in changelog to get rid of the warning 2021-06-21 14:11:16 +02:00
Petra Mikova
404b8548a4 Update to JDK 17
Change path to version-number.conf
Bump sources to 17.0.0+26
Change vendor_version_string
Set is_ga to 0, as this is early access build
removed rmid binary from files and from slaves
removed JAVAC_FLAGS=-g from make command, as it breaks the build since JDK-8258407
add lib/libsyslookup.so to files
renamed lib/security/blacklisted.certs to lib/security/blocked.certs
add lib/libsvml.so for intel
skip debuginfo check for libsyslookup.so on s390x
2021-06-18 20:11:48 +02:00
Jiri Vanek
a1a350dc3a removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction 2021-05-07 15:04:52 +02:00
Jiri
51bd7e14da Disable copy-jdk-configs for Flatpak builds 2021-04-30 08:22:12 +02:00
Jiri
3d30d08e0a Adapted to rpm 4.17 and cjc 4.0
As rpm 4.17 dropped arg from varaibale table, cjc now have to be sued as
module. cjc 4.0 was converted to module
2021-04-30 08:21:21 +02:00
Petra Mikova
cd1b221136 Add forgotten changelog 2021-04-26 12:04:21 +02:00
Petra Mikova
ed8c45a36f April CPU update
Generated new sources and removed obsoleted patch
2021-04-21 16:38:36 +02:00
Severin Gehwolf
7ba3ca3fe3 Perform static library build on a separate source tree with bundled image libraries
Make static library build optional
Ported from java-11-openjdk. Work of Andrew Hughes.
2021-03-11 19:03:35 +01:00
Jiri
551c2470a9 bumped buildjdkver to build by itself - 16 2021-03-09 14:06:19 +01:00
Jiri
fbb116c651 fixed suggests of wrong pcsc-lite-devel%{?_isa} to correct pcsc-lite-libs%{?_isa} 2021-03-09 10:09:20 +01:00
Andrew John Hughes
c5efa6bf32 Update to jdk-16.0.0.0+36
Update tarball generation script to use git following OpenJDK's move to github
Update tarball generation script to use PR3823 which handles JDK-8235710 changes
Use upstream default for version-pre rather than setting it to "ea" or ""
Drop libsunec.so which is no longer generated, thanks to JDK-8235710
Drop unnecessary compiler flags, dating back to work on GCC 6 & 10
Adapt RH1750419 alt-java patch to still apply after some variable re-naming in the makefiles
Update filever to remove any trailing zeros, as in the OpenJDK build, and use for source filename
Use system harfbuzz now this is supported.
Pass SOURCE_DATE_EPOCH to build for reproducible builds
2021-02-23 17:04:55 +00:00
Andrew John Hughes
7f939719de Hardcode /usr/sbin/alternatives for Flatpak builds
/usr/sbin/alternatives is not under the Flatpak build's %{_prefix},
which is set to /app.

(See <https://pagure.io/packaging-committee/issue/848> "Clarify the
use of path macros with respect to build dependencies").

Found when trying to do a LibreOffice Flatpak build from RHEL RPM
specs, which includes java-1.8.0-openjdk among its components.
2021-02-19 03:26:43 +00:00
Fedora Release Engineering
73660e4cfb - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 14:43:13 +00:00
Andrew John Hughes
ca2c8684b4 Update to jdk-15.0.2.0+7
Add release notes for 15.0.1.0 & 15.0.2.0
Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
Still use 15.0.x rather than 15.0.x.0 for file naming, as the trailing zero is omitted from tags.
Cleanup debug package descriptions and version number placement.
Remove unused patch files.
2021-01-22 13:25:56 +00:00
Andrew John Hughes
b6e8960be7 Use -march=i686 for x86 builds if -fcf-protection is detected (needs CMOV) 2021-01-19 17:40:54 +00:00
Tom Stellard
31af2fd707 Add BuildRequires: make
https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot
2021-01-05 15:34:04 +00:00
Jiri Vanek
b589be7c4e Fixed typo in variable 2021-01-04 12:07:04 +01:00
Jiri
92dbe308db fixed missing condition for fastdebug packages being counted as debug ones 2020-12-22 11:02:38 +01:00
Jiri
b17bd784ca removed lib-style provides for fastdebug_suffix_unquoted 2020-12-20 16:16:02 +01:00
Jiri
f1c21a95e3 Added few missing majorver into descriptions 2020-12-20 12:52:49 +01:00
Jiri
ff16d76c57 many cosmetic changes taken from more maintained jdk11
- introduced debug_arches, bootstrap_arches, systemtap_arches, fastdebug_arches, sa_arches, share_arches, shenandoah_arches, zgc_arches
  instead of various hardcoded ifarches
- updated systemtap
- added requires excludes for debug pkgs
- removed redundant logic around jsa files
- added runtime requires of lksctp-tools and libXcomposite%
- added and used Source15 TestSecurityProperties.java, but is made always positive as jdk15 now does not honor system policies
- s390x excluded form fastdebug build
2020-12-20 09:15:28 +01:00
Jiri Vanek
29495176b1 Added checks and restrictions around alt-java 2020-12-17 15:00:23 +01:00
Jiri Vanek
ed681ea347 Fixed not-including fastdebugbuild in case of --without fastdebug 2020-12-10 15:53:10 +01:00
Jiri Vanek
49dc59a59a moved wrongly placed icenses to acompany other ones
this bad placement was killng parallel-installability and thus having bad impact to leapp if used
2020-12-10 15:53:10 +01:00
Jiri
30e2db7344 Redeffined linux -> __linux__ and __x86_64 -> __x86_64__; should be backported to jdk11 and jdk8 2020-12-10 09:39:34 +01:00
Jiri
cf132698ce Fixes comment for speculative store bypass patch 2020-12-07 19:54:31 +01:00
Jiri
1ed171d1c7 Replaced alt-java palceholder by real pathced alt-java
- added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch
- no longer copying of java->alt-java as it is created by  patch600
2020-12-07 19:37:12 +01:00
Jiri
b1f2c50f6a Create a copy of java as alt-java with alternatives and man pages
- java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there...
2020-11-23 23:16:42 +01:00
Petra Mikova
cadeb47ec0 October CPU 2020 update 2020-10-29 14:07:16 +01:00
Severin Gehwolf
29d5d3d74f Fix directory ownership of static-libs sub-package 2020-10-22 12:01:01 +02:00
Jiri Vanek
4848b860de Build static-libs-image and add resulting files via -static-libs sub-package. 2020-10-13 14:36:31 +02:00
Petra Mikova
01a09a2b74 Add support for fastdebug builds on 64 bit architectures 2020-09-23 18:25:16 +02:00
Severin Gehwolf
57a00fe359 Update for JDK 15 GA 2020-09-15 18:00:52 +02:00
Petra Mikova
a64f9d7aa2 Update to OpenJDK 15
- Update to jdk 15.0.0.36 tag
- Modify rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
- Update vendor version string to 20.9
- Remove jjs binaries from files after JEP 372: Nashorn removal
- Remove rmic binaries from files after JDK-8225319
2020-09-03 14:54:00 +02:00
Severin Gehwolf
05a8506fe4 Disable LTO for passing debuginfo check 2020-07-27 15:19:12 +02:00
Petra Mikova
a3e31f598f July 2020 CPU
Update to 14.0.2+12 sources
Remove upstreamed patches jdk8237879-make_4_3_build_fixes.patch, jdk8235833-posixplatform_cpp_should_not_include_sysctl_h.patch, jdk8243059-build_fails_when_with_vendor_contains_comma.patch
2020-07-22 17:02:04 +02:00
Petra Mikova
f8b9b4d90e Fix changes in Provides from system_jdk support.
Re-introduce java-openjdk-src & java-openjdk-demo for system_jdk builds.
Fix accidental renaming of java-openjdk-devel to java-devel-openjdk.
2020-07-09 17:40:06 +02:00