Sync the copy of the portable specfile with the latest update
Related: RHEL-155000 Related: RHEL-146649 Related: RHEL-148327 Related: RHEL-148830
This commit is contained in:
Andrew Hughes
parent
a95cdd67f4
commit
be99dd1d42
@ -376,7 +376,7 @@
|
||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||
# Define current Git revision for the FIPS support patches
|
||||
%global fipsver df044414ef4
|
||||
%global fipsver e55ada9353e
|
||||
# Define JDK versions
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
%global javaver %{featurever}
|
||||
@ -391,7 +391,7 @@
|
||||
%global top_level_dir_name %{vcstag}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 10
|
||||
%global rpmrelease 2
|
||||
%global rpmrelease 3
|
||||
#%%global tagsuffix %%{nil}
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
@ -643,37 +643,9 @@ Source18: TestTranslations.java
|
||||
# as follows: git diff %%{vcstag} src make test > fips-25u-$(git show -s --format=%h HEAD).patch
|
||||
# Diff is limited to src and make subdirectories to exclude .github changes
|
||||
# Fixes currently included:
|
||||
# PR3183, RH1340845: Follow system wide crypto policy
|
||||
# PR3695: Allow use of system crypto policy to be disabled by the user
|
||||
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
|
||||
# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode
|
||||
# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
|
||||
# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
|
||||
# RH1929465: Improve system FIPS detection
|
||||
# RH1995150: Disable non-FIPS crypto in SUN and SunEC security providers
|
||||
# RH1996182: Login to the NSS software token in FIPS mode
|
||||
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
|
||||
# RH2021263: Resolve outstanding FIPS issues
|
||||
# RH2052819: Fix FIPS reliance on crypto policies
|
||||
# RH2052829: Detect NSS at Runtime for FIPS detection
|
||||
# RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
|
||||
# RH2023467: Enable FIPS keys export
|
||||
# RH2094027: SunEC runtime permission for FIPS
|
||||
# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
|
||||
# RH2090378: Revert to disabling system security properties and FIPS mode support together
|
||||
# RH2104724: Avoid import/export of DH private keys
|
||||
# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
|
||||
# Build the systemconf library on all platforms
|
||||
# RH2048582: Support PKCS#12 keystores [now part of JDK-8301553 upstream]
|
||||
# RH2020290: Support TLS 1.3 in FIPS mode
|
||||
# Add nss.fips.cfg support to OpenJDK tree
|
||||
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||
# Remove forgotten dead code from RH2020290 and RH2104724
|
||||
# OJ1357: Fix issue on FIPS with a SecurityManager in place
|
||||
# RH2134669: Add missing attributes when registering services in FIPS mode.
|
||||
# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
|
||||
# RH1940064: Enable XML Signature provider in FIPS mode
|
||||
# RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
|
||||
# OPENJDK-2108: Internal __redhat_fips__ property
|
||||
# OPENJDK-2123: Algorithms lockdown
|
||||
# OPENJDK-4559: Red Hat Build of OpenJDK 25 should not restrict all the providers in FIPS
|
||||
Patch1001: fips-%{featurever}u-%{fipsver}.patch
|
||||
|
||||
#############################################
|
||||
@ -692,6 +664,15 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
|
||||
# JDK-8372534: Update Libpng to 1.6.51
|
||||
# Integrated in 25.0.3
|
||||
Patch2001: jdk8372534-libpng-1.6.51.patch
|
||||
# JDK-8375063: Update Libpng to 1.6.54
|
||||
# Integrated in 25.0.3
|
||||
Patch2002: jdk8375063-libpng-1.6.54.patch
|
||||
# JDK-8375057: Update HarfBuzz to 12.3.2
|
||||
# Integrated in 25.0.3
|
||||
Patch2003: jdk8375057-harfbuzz-12.3.2.patch
|
||||
# JDK-8377526: Update Libpng to 1.6.55
|
||||
# Integrated in 25.0.3
|
||||
Patch2004: jdk8377526-libpng-1.6.55.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -778,13 +759,13 @@ Provides: bundled(freetype) = 2.13.3
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
|
||||
Provides: bundled(giflib) = 5.2.2
|
||||
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
|
||||
Provides: bundled(harfbuzz) = 10.4.0
|
||||
Provides: bundled(harfbuzz) = 12.3.2
|
||||
# Version in src/java.desktop/share/native/liblcms/lcms2.h
|
||||
Provides: bundled(lcms2) = 2.17.0
|
||||
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
|
||||
Provides: bundled(libjpeg) = 6b
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
|
||||
Provides: bundled(libpng) = 1.6.51
|
||||
Provides: bundled(libpng) = 1.6.55
|
||||
# Version in src/java.base/share/native/libzip/zlib/zlib.h
|
||||
Provides: bundled(zlib) = 1.3.1
|
||||
# We link statically against libstdc++ to increase portability
|
||||
@ -1005,8 +986,11 @@ sh %{SOURCE12} %{top_level_dir_name}
|
||||
pushd %{top_level_dir_name}
|
||||
# Add crypto policy and FIPS support
|
||||
%patch -P1001 -p1
|
||||
# Add libpng update ahead of 25.0.3
|
||||
# Add libpng & harfbuzz updates ahead of 25.0.3
|
||||
%patch -P2001 -p1
|
||||
%patch -P2002 -p1
|
||||
%patch -P2003 -p1
|
||||
%patch -P2004 -p1
|
||||
popd # openjdk
|
||||
|
||||
echo "Generating %{alt_java_name} man page"
|
||||
@ -1974,6 +1958,20 @@ done
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Mar 03 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-3
|
||||
- Update FIPS patch to e55ada9353e to include the fix for the too restrictive provider lockdown
|
||||
- Fix FIPS issue list to represent the new 25u version
|
||||
- Add JDK-8375063 libpng 1.6.54 ahead of 25.0.3
|
||||
- Add JDK-8375057 harfbuzz 12.3.2 ahead of 25.0.3
|
||||
- Add JDK-8377526 libpng 1.6.55 ahead of 25.0.3
|
||||
- Bump libpng version to 1.6.55 following JDK-8375063 & JDK-8377526
|
||||
- Bump harfbuzz version to 12.3.2 following JDK-8375057
|
||||
- Resolves: OPENJDK-4570
|
||||
- Resolves: OPENJDK-4304
|
||||
- Resolves: OPENJDK-4524
|
||||
- Resolves: OPENJDK-4544
|
||||
- Resolves: OPENJDK-4553
|
||||
|
||||
* Mon Jan 12 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-2
|
||||
- Add JDK-8372534 libpng 1.6.51 ahead of 25.0.3
|
||||
- Bump libpng version to 1.6.51 following JDK-8372534
|
||||
|
||||
@ -2618,9 +2618,14 @@ exit 0
|
||||
- Add tagging scripts with signature checks and gating handling
|
||||
- Update tagged versions to include 9.8.0-z, 9.9.0, 10.2-z & 10.3.
|
||||
- Add gating scripts to simplify obtaining results and waiving issues
|
||||
- Sync the copy of the portable specfile with the latest update
|
||||
- Resolves: RHEL-155327
|
||||
- Resolves: RHEL-155337
|
||||
- Resolves: RHEL-155339
|
||||
- Related: RHEL-155000
|
||||
- Related: RHEL-146649
|
||||
- Related: RHEL-148327
|
||||
- Related: RHEL-148830
|
||||
|
||||
* Wed Mar 11 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.2.0.10-3
|
||||
- Disable abidiff inspection in rpminspect.yaml to avoid an out-of-memory error on the CentOS test farm
|
||||
|
||||
Loading…
Reference in New Issue
Block a user