Exclude %{bootjdkpkg}-portable-devel%{?bootdebugpkg:-%{bootdebugpkg}} from BR for bootstrap build

Portable
2025-10-08 18:55:39 +03:00 · 2025-10-07 14:50:13 +03:00
10 changed files with 110 additions and 3703 deletions
--- a/.gitignore
+++ b/.gitignore
@ -39,8 +39,3 @@
 /openjdk-21.0.8+8-ea.tar.xz
 /openjdk-21.0.8+9.tar.xz
 /openjdk-22.0.2+9.tar.xz
-/openjdk-23.0.2+7.tar.xz
-/openjdk-24.0.2+12.tar.xz
-/openjdk-25+36.tar.xz
-/openjdk-25.0.1+8.tar.xz
-/nssadapter-0.1.0.tar.xz
--- a/561
+++ b/561
@ -3,96 +3,7 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

-New in release OpenJDK 25.0.1 (2025-10-21):
-===========================================
-
-* CVEs
-  - CVE-2025-53057
-  - CVE-2025-53066
-  - CVE-2025-61748
-* Changes
-  - JDK-8315131: Clarify VarHandle set/get access on 32-bit platforms
-  - JDK-8352637: Enhance bytecode verification
-  - JDK-8356294: Enhance Path Factories
-  - JDK-8356587: Missing object ID X in pool jdk.types.Method
-  - JDK-8357826: Avoid running some jtreg tests when asan is configured
-  - JDK-8358452: JNI exception pending in Java_sun_awt_screencast_ScreencastHelper_remoteDesktopKeyImpl of screencast_pipewire.c:1214 (ID: 51119)
-  - JDK-8358577: Test serviceability/jvmti/thread/GetCurrentContendedMonitor/contmon01/contmon01.java failed: unexpexcted monitor object
-  - JDK-8358819: The first year is not displayed correctly in Japanese Calendar
-  - JDK-8359059: Bump version numbers for 25.0.1
-  - JDK-8359218: RISC-V: Only enable CRC32 intrinsic when AvoidUnalignedAccess == false
-  - JDK-8359270: C2: alignment check should consider base offset when emitting arraycopy runtime call
-  - JDK-8359454: Enhance String handling
-  - JDK-8359596: Behavior change when both -Xlint:options and -Xlint:-options flags are given
-  - JDK-8360179: RISC-V: Only enable BigInteger intrinsics when AvoidUnalignedAccess == false
-  - JDK-8360533: ContainerRuntimeVersionTestUtils fromVersionString fails with some docker versions
-  - JDK-8360647: [XWayland] [OL10] NumPad keys are not triggered
-  - JDK-8360679: Shenandoah: AOT saved adapter calls into broken GC barrier stub
-  - JDK-8360937: Enhance certificate handling
-  - JDK-8361212: Remove AffirmTrust root CAs
-  - JDK-8361532: RISC-V: Several vector tests fail after JDK-8354383
-  - JDK-8361829: [TESTBUG] RISC-V: compiler/vectorization/runner/BasicIntOpTest.java fails with RVV but not Zvbb
-  - JDK-8362109: Change milestone to fcs for all releases
-  - JDK-8362882: Update SubmissionPublisher() specification to reflect use of ForkJoinPool.asyncCommonPool()
-  - JDK-8366223: ZGC: ZPageAllocator::cleanup_failed_commit_multi_partition is broken
-  - JDK-8367031: [backout] Change java.time month/day field types to 'byte'
-  - JDK-8368308: ISO 4217 Amendment 180 Update
-
-Notes on individual issues:
-===========================
-
-core-libs/java.io:serialization:
-
-JDK-8367031: [backout] Change java.time month/day field types to 'byte'
-=======================================================================
-In the initial release of OpenJDK 25, attempting to read serialised
-Class objects created by earlier versions of OpenJDK for several of
-the `java.time` classes would fail with a
-`InvalidClassException`. Similarly, `java.time` Class objects
-serialised with OpenJDK 25 could not be read by older OpenJDK
-versions.  This was due to the type of the day and month fields in
-these classes being changed to `byte`. This change has now been
-reverted and compatibility between OpenJDK 25 and older versions
-restored.
-
-Note that this incompatibility occurred with the `Class` object and
-not an instance of the object i.e. `writeObject(LocalDate.class)`
-would produce incompatible serialised data, but
-`writeObject(LocalDate.now())` would not.
-
-security-libs/java.security:
-
-JDK-8361212: Remove AffirmTrust root CAs
-========================================
-The following root certificates from AffirmTrust, which were
-deactivated in the 21.0.5 release of October 2024, have been removed
-from the `cacerts` keystore:
-
-Alias name: affirmtrustcommercialca [jdk]
-CN=AffirmTrust Commercial
-O=AffirmTrust
-C=US
-SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7
-
-Alias name: affirmtrustnetworkingca [jdk]
-CN=AffirmTrust Networking
-O=AffirmTrust
-C=US
-SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B
-
-Alias name: affirmtrustpremiumca [jdk]
-CN=AffirmTrust Premium
-O=AffirmTrust
-C=US
-SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A
-
-Alias name: affirmtrustpremiumeccca [jdk]
-CN=AffirmTrust Premium ECC
-O=AffirmTrust
-C=US
-SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23
-
-New in release OpenJDK 25.0.0 (2025-09-16):
+New in release OpenJDK 22.0.0 (2024-03-19):
 ===========================================
 Major changes are listed below.  Some changes may have been backported
 to earlier releases following their first appearance in OpenJDK 22
@ -104,27 +15,16 @@ NEW FEATURES
 Language Features
 =================

-Flexible Constructor Bodies
+Statements before super(...)
 ============================
 https://openjdk.org/jeps/447
-https://openjdk.org/jeps/482
-https://openjdk.org/jeps/492
-https://openjdk.org/jeps/513

-In constructors in the Java programming language, allow statements to
-appear before an explicit constructor invocation, i.e., super(..) or
-this(..). The statements cannot reference the instance under
-construction, but they can initialize its fields. Initializing fields
-before invoking another constructor makes a class more reliable when
-methods are overridden.
+In constructors in the Java programming language, allow statements
+that do not reference the instance being created to appear before an
+explicit constructor invocation (i.e. super()).

-This language feature is now finalised (JEP 513). It was first
-introduced as a preview language feature
-(http://openjdk.java.net/jeps/12) in OpenJDK 22 (JEP 447) under the
-name "Statements before super(...)".  It reached a second preview in
-OpenJDK 23 (JEP 482) with the addition of allowing fields to be
-initialized before invoking another constructor. It reached a third
-preview in OpenJDK 24 (JEP 492).
+This is a preview language feature (http://openjdk.java.net/jeps/12)
+introduced in OpenJDK 22 (JEP 447).

 Unnamed Patterns and Variables
 ==============================
@ -136,37 +36,22 @@ component without stating the component's name or type, and unnamed
 variables, which can be initialized but not used. Both are denoted by
 an underscore character, _.

-This feature is now finalised (JEP 456). It was a preview feature
+This feature is now final. It was a preview feature
 (http://openjdk.java.net/jeps/12) in OpenJDK 21 (JEP 443).

-Primitive Types in Patterns, instanceof, and switch
-===================================================
-https://openjdk.org/jeps/455
-https://openjdk.org/jeps/488
-https://openjdk.org/jeps/507
+String Templates
+================
+https://openjdk.org/jeps/430
+https://openjdk.org/jeps/459

-Enhance pattern matching by allowing primitive type patterns in all
-pattern contexts, and extend instanceof and switch to work with all
-primitive types.
+Enhance the Java programming language with string templates. String
+templates complement Java's existing string literals and text blocks
+by coupling literal text with embedded expressions and template
+processors to produce specialized results.

-This is a preview language feature (http://openjdk.java.net/jeps/12)
-introduced in OpenJDK 23 (JEP 455) with a second preview in OpenJDK 24
-(JEP 488) and reaching a third in OpenJDK 25 (JEP 507).
-
-Module Import Declarations
-==========================
-https://openjdk.org/jeps/476
-https://openjdk.org/jeps/494
-https://openjdk.org/jeps/511
-
-Enhance the Java programming language with the ability to succinctly
-import all of the packages exported by a module. This simplifies the
-reuse of modular libraries, but does not require the importing code to
-be in a module itself.
-
-This language feature is now finalised (JEP 511). It was introduced as
-a preview language feature (http://openjdk.java.net/jeps/12) in
-OpenJDK 23 (JEP 476) and had a second preview in OpenJDK 24 (JEP 494).
+This is a preview feature (http://openjdk.java.net/jeps/12) introduced
+in OpenJDK 21 (JEP 430) and reaching its second preview in OpenJDK 22
+(JEP 459).

 Library Features
 ================
@ -187,41 +72,25 @@ foreign memory (i.e., memory not managed by the JVM), the API enables
 Java programs to call native libraries and process native data without
 the brittleness and danger of JNI.

-This API is now finalised (JEP 454). It was first introduced in
-incubation (https://openjdk.java.net/jeps/11) in OpenJDK 17 (JEP 412),
-and is an evolution of the Foreign Memory Access API (OpenJDK 14
-through 16) and Foreign Linker API (OpenJDK 16) (see release notes for
+This API is now finalised. It was first introduced in incubation
+(https://openjdk.java.net/jeps/11) in OpenJDK 17 (JEP 412), and is an
+evolution of the Foreign Memory Access API (OpenJDK 14 through 16) and
+Foreign Linker API (OpenJDK 16) (see release notes for
 java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP
 419) before its inclusion as a preview feature
 (http://openjdk.java.net/jeps/12) in OpenJDK 19 (JEP 424). A second
 preview took place in OpenJDK 20 (JEP 434) and a third and final
 preview in OpenJDK 21 (JEP 442).

-Prepare to Restrict the Use of JNI
-==================================
-https://openjdk.org/jeps/472
-
-Issue warnings about uses of the Java Native Interface (JNI) and
-adjust the Foreign Function & Memory (FFM) API to issue warnings in a
-consistent manner. All such warnings aim to prepare developers for a
-future release that ensures integrity by default by uniformly
-restricting JNI and the FFM API. Application developers can avoid both
-current warnings and future restrictions by selectively enabling these
-interfaces where essential using the --enable-native-access
-command-line option.
-
 Class-File API
 ==============
 https://openjdk.org/jeps/457
-https://openjdk.org/jeps/466
-https://openjdk.org/jeps/484

 Provide a standard API for parsing, generating, and transforming Java
 class files.

-This API is now finalised (JEP 484). It was introduced as a preview
-library feature (http://openjdk.java.net/jeps/12) in OpenJDK 22 (JEP
-457) with a second preview in OpenJDK 23 (JEP 466).
+This is a preview library feature (http://openjdk.java.net/jeps/12)
+introduced in OpenJDK 22 (JEP 457).

 Vector API
 ==========
@ -232,9 +101,6 @@ https://openjdk.org/jeps/426
 https://openjdk.org/jeps/438
 https://openjdk.org/jeps/448
 https://openjdk.org/jeps/460
-https://openjdk.org/jeps/469
-https://openjdk.org/jeps/489
-https://openjdk.org/jeps/508

 Introduce an API to express vector computations that reliably compile
 at runtime to optimal vector hardware instructions on supported CPU
@ -245,23 +111,19 @@ This is an incubation feature (https://openjdk.java.net/jeps/11)
 introduced in OpenJDK 16 (JEP 338). A second round of incubation took
 place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third,
 OpenJDK 19 a fourth (JEP 426), OpenJDK 20 (JEP 438) a fifth, OpenJDK
-21 a sixth (JEP 448), OpenJDK 22 a seventh (JEP 460), OpenJDK 23 an
-eighth (JEP 469), OpenJDK 24 a ninth (JEP 489) and it reaches its
-tenth in OpenJDK 25 (JEP 508).
+21 a sixth (JEP 448) and it reaches its seventh in OpenJDK 22 (JEP
+460).

 Stream Gatherers
 ================
 https://openjdk.org/jeps/461
-https://openjdk.org/jeps/473
-https://openjdk.org/jeps/485

 Enhance the Stream API to support custom intermediate operations. This
 will allow stream pipelines to transform data in ways that are not
 easily achievable with the existing built-in intermediate operations.

-This API is now finalised (JEP 485). It was introduced as a preview
-library feature (http://openjdk.java.net/jeps/12) in OpenJDK 22 (JEP
-461) with a second preview in OpenJDK 23 (JEP 473).
+This is a preview library feature (http://openjdk.java.net/jeps/12)
+introduced in OpenJDK 22 (JEP 461).

 Structured Concurrency
 ======================
@ -269,9 +131,6 @@ https://openjdk.org/jeps/428
 https://openjdk.org/jeps/437
 https://openjdk.org/jeps/453
 https://openjdk.org/jeps/462
-https://openjdk.org/jeps/480
-https://openjdk.org/jeps/499
-https://openjdk.org/jeps/505

 Simplify multithreaded programming by introducing an API for
 structured concurrency. Structured concurrency treats multiple tasks
@ -283,124 +142,41 @@ This API was first introduced in incubation
 (https://openjdk.java.net/jeps/11) in OpenJDK 19 (JEP 428) and had a
 second round of incubation in OpenJDK 20 (JEP 437). It became a
 preview feature (http://openjdk.java.net/jeps/12) in OpenJDK 21 (JEP
-453), reached its second preview in OpenJDK 22 (JEP 462), had a third
-preview in OpenJDK 23 (JEP 480), a fourth in OpenJDK 24 (JEP 499) and
-reaches its fifth in OpenJDK 25 (JEP 505).
+453) and reaches its second preview in OpenJDK 22 (JEP 462).

-Compact Source Files and Instance Main Methods
-==============================================
+Implicitly Declared Classes and Instance Main Methods
+=====================================================
 https://openjdk.org/jeps/445
 https://openjdk.org/jeps/463
-https://openjdk.org/jeps/477
-https://openjdk.org/jeps/495
-https://openjdk.org/jeps/512

-Evolve the Java programming language so that beginners can write their
-first programs without needing to understand language features
-designed for large programs. Far from using a separate dialect of the
-language, beginners can write streamlined declarations for
-single-class programs and then seamlessly expand their programs to use
-more advanced features as their skills grow. Experienced developers
-can likewise enjoy writing small programs succinctly, without the need
-for constructs intended for programming in the large.
+Evolve the Java language so that students can write their first
+programs without needing to understand language features designed for
+large programs. Far from using a separate dialect of Java, students
+can write streamlined declarations for single-class programs and then
+seamlessly expand their programs to use more advanced features as
+their skills grow.

-This library feature is now finalised (JEP 512) with some minor
-changes from the last release. It was first introduced as a preview
+This library feature was introduced as a preview
 (http://openjdk.java.net/jeps/12) in OpenJDK 21 (JEP 445) under the
-name "Unnamed Classes and Instance Main Methods". It reached a second
-preview in OpenJDK 22 (JEP 463) and a third in OpenJDK 23 (JEP 477)
-under the new name, "Implicitly Declared Classes and Instance Main
-Methods", due to the move away from unnamed classes to an implicitly
-declared name chosen by the host system. It had a fourth preview in
-OpenJDK 24 (JEP 495) with new terminology and a revised title ("Simple
-Source Files and Instance Main Methods"), but otherwise unchanged.
+name "Unnamed Classes and Instance Main Methods". It reaches a second
+preview in OpenJDK 22 (JEP 463) under a new name, due to the move away
+from unnamed classes to an implicitly declared name chosen by the host
+system.

 Scoped Values
 =============
 https://openjdk.org/jeps/429
 https://openjdk.org/jeps/446
 https://openjdk.org/jeps/464
-https://openjdk.org/jeps/481
-https://openjdk.org/jeps/487
-https://openjdk.org/jeps/506

 Introduce scoped values, which enable the sharing of immutable data
 within and across threads. They are preferred to thread-local
 variables, especially when using large numbers of virtual threads.

-This API is now finalised (JEP 506). This API was first introduced in
-incubation (https://openjdk.java.net/jeps/11) in OpenJDK 20 (JEP
-429). It became a preview feature (http://openjdk.java.net/jeps/12) in
-OpenJDK 21 (JEP 446), had a second preview in OpenJDK 22 (JEP 464), a
-third in OpenJDK 23 (JEP 481) and a fourth in OpenJDK 24 (JEP 487).
-
-Key Derivation Function API
-===========================
-https://openjdk.org/jeps/478
-https://openjdk.org/jeps/510
-
-Introduce an API for Key Derivation Functions (KDFs), which are
-cryptographic algorithms for deriving additional keys from a secret
-key and other data.
-
-This API is now finalised (JEP 510). It was first introduced as a
-preview library feature (http://openjdk.java.net/jeps/12) in OpenJDK
-24 (JEP 478).
-
-Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
-==================================================================
-https://openjdk.org/jeps/496
-
-Enhance the security of Java applications by providing an
-implementation of the quantum-resistant Module-Lattice-Based
-Key-Encapsulation Mechanism (ML-KEM). Key encapsulation mechanisms
-(KEMs) are used to secure symmetric keys over insecure communication
-channels using public key cryptography. ML-KEM is designed to be
-secure against future quantum computing attacks. It has been
-standardized by the United States National Institute of Standards and
-Technology (NIST) in FIPS 203 [0].
-
-[0] https://csrc.nist.gov/pubs/fips/203/final
-
-Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm
-==================================================================
-https://openjdk.org/jeps/497
-
-Enhance the security of Java applications by providing an
-implementation of the quantum-resistant Module-Lattice-Based Digital
-Signature Algorithm (ML-DSA). Digital signatures are used to detect
-unauthorized modifications to data and to authenticate the identity of
-signatories. ML-DSA is designed to be secure against future quantum
-computing attacks. It has been standardized by the United States
-National Institute of Standards and Technology (NIST) in FIPS 204 [0].
-
-[0] https://csrc.nist.gov/pubs/fips/204/final
-
-PEM Encodings of Cryptographic Objects
-======================================
-https://openjdk.org/jeps/470
-
-Introduce an API for encoding objects that represent cryptographic
-keys, certificates, and certificate revocation lists into the
-widely-used Privacy-Enhanced Mail (PEM) transport format, and for
-decoding from that format back into objects.
-
-This is a preview library feature (http://openjdk.java.net/jeps/12)
-introduced in OpenJDK 25 (JEP 470).
-
-Stable Values
-=============
-https://openjdk.org/jeps/502
-
-Introduce an API for stable values, which are objects that hold
-immutable data. Stable values are treated as constants by the JVM,
-enabling the same performance optimizations that are enabled by
-declaring a field final. Compared to final fields, however, stable
-values offer greater flexibility as to the timing of their
-initialization.
-
-This is a preview library feature (http://openjdk.java.net/jeps/12)
-introduced in OpenJDK 25 (JEP 502).
+This API was first introduced in incubation
+(https://openjdk.java.net/jeps/11) in OpenJDK 20 (JEP 429). It became a
+preview feature (http://openjdk.java.net/jeps/12) in OpenJDK 21 (JEP
+446) and reaches its second preview in OpenJDK 22 (JEP 464).

 Virtual Machine Enhancements
 ============================
@ -413,144 +189,6 @@ Reduce latency by implementing region pinning in G1, so that garbage
 collection need not be disabled during Java Native Interface (JNI)
 critical regions.

-ZGC: Generational Mode by Default
-=================================
-https://openjdk.org/jeps/439
-https://openjdk.org/jeps/474
-
-Switch the default mode of the Z Garbage Collector (ZGC) to the
-generational mode. Deprecate the non-generational mode, with the
-intent to remove it in a future release.
-
-Late Barrier Expansion for G1
-=============================
-https://openjdk.org/jeps/475
-
-Simplify the implementation of the G1 garbage collector's barriers,
-which record information about application memory accesses, by
-shifting their expansion from early in the C2 JIT's compilation
-pipeline to later.
-
-Ahead-of-Time Class Loading & Linking
-=====================================
-https://openjdk.org/jeps/483
-https://openjdk.org/jeps/514
-
-Improve startup time by making the classes of an application instantly
-available, in a loaded and linked state, when the HotSpot Java Virtual
-Machine starts. Achieve this by monitoring the application during one
-run and storing the loaded and linked forms of all classes in a cache
-for use in subsequent runs. Lay a foundation for future improvements
-to both startup and warmup time.
-
-Using this feature requires a two stage process:
-
-1. Create the Ahead-of-Time cache from a training run of the
-application using the option `--XX:AOTCacheOutput=<cache name>` where
-`<cache name>` is the cache reference to use in later runs.
-
-2. When running the application in testing or production, use the
-option `-XX:AOTCache=<cache name>` to run the application with the
-cache generated in #2.
-
-Previously, in OpenJDK 24 (JEP 483), the training run and cache
-creation were handled by two separate steps:
-
-1. Populate the Ahead-of-Time configuration data with a training run
-of the application using the options `-XX:AOTMode=record
-XX:AOTConfiguration=<config name>` where `<config name>` is the
-configuration reference to use in #2.
-
-2. Create the Ahead-of-Time cache using the options
-`-XX:AOTMode=create -XX:AOTConfiguration=<config name>
-XX:AOTCache=<cache name>` where `<config name>` is the configuration
-reference from #1 and `<cache name>` is the cache reference to use in
-later runs.
-
-JEP 514 ("Ahead-of-Time Command-Line Ergonomics") in OpenJDK 25 adds
-the option `--XX:AOTCacheOutput` which performs both the above steps
-from a single command-line invocation using a temporary configuration
-file.  A new environment variable, `JDK_AOT_VM_OPTIONS`, can be used
-to pass options to the cache creation step without affecting the
-training run step.
-
-Ahead-of-Time Method Profiling
-==============================
-https://openjdk.org/jeps/515
-
-Improve warmup time by making method-execution profiles from a
-previous run of an application instantly available, when the HotSpot
-Java Virtual Machine starts. This will enable the JIT compiler to
-generate native code immediately upon application startup, rather than
-having to wait for profiles to be collected.
-
-Synchronize Virtual Threads without Pinning
-===========================================
-https://openjdk.org/jeps/491
-
-Improve the scalability of Java code that uses synchronized methods
-and statements by arranging for virtual threads that block in such
-constructs to release their underlying platform threads for use by
-other virtual threads. This will eliminate nearly all cases of virtual
-threads being pinned to platform threads, which severely restricts the
-number of virtual threads available to handle an application's
-workload.
-
-Compact Object Headers
-======================
-https://openjdk.org/jeps/450
-https://openjdk.org/jeps/519
-
-Reduce the size of object headers in the HotSpot JVM from between 96
-and 128 bits down to 64 bits on 64-bit architectures. This will reduce
-heap size, improve deployment density, and increase data locality.
-
-This is now a production feature in OpenJDK 25 (JEP 519) enabled using
-`-XX:+UseCompactObjectHeaders`. It was first introduced as an
-experimental feature (JEP 450) that also required the use of
-`-XX:+UnlockExperimentalVMOptions`.
-
-Generational Shenandoah
-=======================
-https://openjdk.org/jeps/404
-https://openjdk.org/jeps/521
-
-Enhance the Shenandoah garbage collector with experimental
-generational collection capabilities to improve sustainable
-throughput, load-spike resilience, and memory utilization.
-
-This is now a production feature in OpenJDK 25 (JEP 521) enabled using
-`-XX:ShenandoahGCMode=generational`. It was first introduced as an
-experimental feature (JEP 404) that also required the use of
-`-XX:+UnlockExperimentalVMOptions`.
-
-JFR Cooperative Sampling
-========================
-https://openjdk.org/jeps/518
-
-Improve the stability of the JDK Flight Recorder (JFR) when it
-asynchronously samples Java thread stacks. Achieve this by walking
-call stacks only at safepoints, while minimizing safepoint bias.
-
-JFR Method Timing & Tracing
-===========================
-https://openjdk.org/jeps/520
-
-Extend the JDK Flight Recorder (JFR) with facilities for method timing
-and tracing via bytecode instrumentation.
-
-JFR CPU-Time Profiling
-======================
-https://openjdk.org/jeps/509
-
-Enhance the JDK Flight Recorder (JFR) to capture more accurate
-CPU-time profiling information on Linux.
-
-This is an experimental feature so its JFR events are tagged with the
-`@Experimental` annotation. Unlike other experimental virtual machine
-features, it does not need to be explicitly enabled with
-`-XX:+UnlockExperimentalVMOptions`.
-
 Tools
 =====

@ -563,108 +201,3 @@ supplied as multiple files of Java source code. This will make the
 transition from small programs to larger ones more gradual, enabling
 developers to choose whether and when to go to the trouble of
 configuring a build tool.
-
-Markdown Documentation Comments
-===============================
-https://openjdk.org/jeps/467
-
-Enable JavaDoc documentation comments to be written in Markdown rather
-than solely in a mixture of HTML and JavaDoc @-tags.
-
-Linking Run-Time Images without JMODs
-=====================================
-https://openjdk.org/jeps/493
-
-Reduce the size of the JDK by approximately 25% by enabling the jlink
-tool to create custom run-time images without using the JDK's JMOD
-files.
-
-This feature must be enabled when the JDK is built using the
--enable-linkable-runtime option.  It will not be enabled by default,
-and some JDK vendors may choose not to enable it.
-
-DEPRECATIONS
-============
-
-Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal
-==================================================================
-https://openjdk.org/jeps/471
-
-Deprecate the memory-access methods in sun.misc.Unsafe for removal in
-a future release. These unsupported methods have been superseded by
-standard APIs, namely the VarHandle API (JEP 193, OpenJDK 9) and the
-Foreign Function & Memory API (JEP 454, OpenJDK 22). We strongly
-encourage library developers to migrate from sun.misc.Unsafe to
-supported replacements, so that applications can migrate smoothly to
-modern JDK releases.
-
-Warn upon Use of Memory-Access Methods in sun.misc.Unsafe
-=========================================================
-https://openjdk.org/jeps/498
-
-Issue a warning at run time on the first occasion that any
-memory-access method in sun.misc.Unsafe is invoked. All of these
-unsupported methods were terminally deprecated in JDK 23 (see JEP 471
-above). They have been superseded by standard APIs, namely the
-VarHandle API (JEP 193, OpenJDK 9) and the Foreign Function & Memory
-API (JEP 454, OpenJDK 22). We strongly encourage library developers to
-migrate from sun.misc.Unsafe to supported replacements, so that
-applications can migrate smoothly to modern JDK releases.
-
-Permanently Disable the Security Manager
-========================================
-https://openjdk.org/jeps/486
-
-The Security Manager has not been the primary means of securing
-client-side Java code for many years, it has rarely been used to
-secure server-side code, and it is costly to maintain. We therefore
-deprecated it for removal in OpenJDK 17 via JEP 411 (2021). As the
-next step toward removing the Security Manager, we will revise the
-Java Platform specification so that developers cannot enable it and
-other Platform classes do not refer to it. This change will have no
-impact on the vast majority of applications, libraries, and tools. We
-will remove the Security Manager API in a future release.
-
-REMOVALS
-========
-
-String Templates
-================
-https://openjdk.org/jeps/430
-https://openjdk.org/jeps/459
-https://openjdk.org/jeps/465
-
-This was a preview feature (http://openjdk.java.net/jeps/12)
-introduced in OpenJDK 21 (JEP 430) with a second preview in OpenJDK 22
-(JEP 459).  A third preview was proposed but ultimately withdrawn for
-OpenJDK 23 (JEP 465) and the feature is no longer present.  See [0]
-for further explanation.
-
-[0] https://mail.openjdk.org/pipermail/amber-spec-experts/2024-April/004106.html
-
-Remove the Windows & Linux 32-bit x86 Ports
-===========================================
-https://openjdk.org/jeps/449
-https://openjdk.org/jeps/479
-https://openjdk.org/jeps/501
-https://openjdk.org/jeps/503
-
-Remove the source code and build support for the Windows (JEP 479) &
-Linux (JEP 503) 32-bit x86 ports. The Windows port was deprecated for
-removal in JDK 21 by JEP 449 and the Linux port was deprecated for
-removal in JDK 24 by JEP 501. Both deprecations took place with the
-express intent to remove the ports in a future release.
-
-Following this removal of these 32-bit x86 ports, the
-architecture-agnostic Zero port is the only way to run Java programs
-on 32-bit x86 processors.
-
-ZGC: Remove the Non-Generational Mode
-=====================================
-https://openjdk.org/jeps/439
-https://openjdk.org/jeps/474
-https://openjdk.org/jeps/490
-
-Remove the non-generational mode of the Z Garbage Collector (ZGC),
-keeping the generational mode as the default for ZGC (see JEP 439 &
-474).
--- a/TestSecurityProperties.java
+++ b/TestSecurityProperties.java
@ -21,32 +21,15 @@ import java.security.Security;
 import java.util.Properties;

 public class TestSecurityProperties {
-    private static final String JAVA_HOME = System.getProperty("java.home");
    // JDK 11
-    private static final String JDK_PROPS_FILE_JDK_11 = JAVA_HOME + "/conf/security/java.security";
+    private static final String JDK_PROPS_FILE_JDK_11 = System.getProperty("java.home") + "/conf/security/java.security";
    // JDK 8
-    private static final String JDK_PROPS_FILE_JDK_8 = JAVA_HOME + "/lib/security/java.security";
-    // JDK 25
-    // Omit fips.properties files since they are not relevant to this test.
-    // Omit JAVA_HOME + "/conf/security/redhat/crypto-policies.properties" which simply includes
-    // true/crypto-policies.properties in case redhat.crypto-policies is left undefined.
-    private static final String[] JDK_PROPS_FILES_JDK_25_ENABLED = {
-            JAVA_HOME + "/conf/security/redhat/true/crypto-policies.properties",
-            "/etc/crypto-policies/back-ends/java.config"
-    };
-    private static final String[] JDK_PROPS_FILES_JDK_25_DISABLED = {
-            JAVA_HOME + "/conf/security/redhat/false/crypto-policies.properties"
-    };
+    private static final String JDK_PROPS_FILE_JDK_8 = System.getProperty("java.home") + "/lib/security/java.security";

    private static final String POLICY_FILE = "/etc/crypto-policies/back-ends/java.config";

    private static final String MSG_PREFIX = "DEBUG: ";

-    private static final String javaVersion = System.getProperty("java.version");
-
-    // float for java 1.8
-    private static final float JAVA_FEATURE = Float.parseFloat(System.getProperty("java.specification.version"));
-
    public static void main(String[] args) {
        if (args.length == 0) {
            System.err.println("TestSecurityProperties <true|false>");
@ -57,24 +40,18 @@ public class TestSecurityProperties {
        boolean enabled = Boolean.valueOf(args[0]);
        System.out.println(MSG_PREFIX + "System security properties enabled: " + enabled);
        Properties jdkProps = new Properties();
-        loadProperties(jdkProps, enabled);
+        loadProperties(jdkProps);
        if (enabled) {
            loadPolicy(jdkProps);
        }
-        for (Object key : jdkProps.keySet()) {
-            String sKey = (String) key;
-            if (JAVA_FEATURE >= 25 && sKey.equals("include")) {
-                // Avoid the following exception on 25: IllegalArgumentException: Key 'include' is
-                // reserved and cannot be used as a Security property name.  Hard-code the includes
-                // in JDK_PROPS_FILES_JDK_25_ENABLED and JDK_PROPS_FILES_JDK_25_DISABLED instead.
-                continue;
-            }
+        for (Object key: jdkProps.keySet()) {
+            String sKey = (String)key;
            System.out.println(MSG_PREFIX + "Checking " + sKey);
            String securityVal = Security.getProperty(sKey);
            String jdkSecVal = jdkProps.getProperty(sKey);
            if (!jdkSecVal.equals(securityVal)) {
                String msg = "Expected value '" + jdkSecVal + "' for key '" +
-                        sKey + "'" + " but got value '" + securityVal + "'";
+                             sKey + "'" + " but got value '" + securityVal + "'";
                throw new RuntimeException("Test failed! " + msg);
            } else {
                System.out.println(MSG_PREFIX + sKey + " = " + jdkSecVal + " as expected.");
@ -83,26 +60,17 @@ public class TestSecurityProperties {
        System.out.println("TestSecurityProperties PASSED!");
    }

-    private static void loadPropertiesFile(Properties props, String propsFile) {
-        try (FileInputStream fin = new FileInputStream(propsFile)) {
-            props.load(fin);
-        } catch (Exception e) {
-            throw new RuntimeException("Test failed!", e);
-        }
-    }
-
-    private static void loadProperties(Properties props, boolean enabled) {
+    private static void loadProperties(Properties props) {
+        String javaVersion = System.getProperty("java.version");
        System.out.println(MSG_PREFIX + "Java version is " + javaVersion);
        String propsFile = JDK_PROPS_FILE_JDK_11;
        if (javaVersion.startsWith("1.8.0")) {
            propsFile = JDK_PROPS_FILE_JDK_8;
        }
-        loadPropertiesFile(props, propsFile);
-        if (JAVA_FEATURE >= 25) {
-            for (String file : enabled ? JDK_PROPS_FILES_JDK_25_ENABLED : JDK_PROPS_FILES_JDK_25_DISABLED) {
-                System.out.println(MSG_PREFIX + "Loading " + file);
-                loadPropertiesFile(props, file);
-            }
+        try (FileInputStream fin = new FileInputStream(propsFile)) {
+            props.load(fin);
+        } catch (Exception e) {
+            throw new RuntimeException("Test failed!", e);
        }
    }

@ -115,17 +83,3 @@ public class TestSecurityProperties {
    }

 }
-
-/*
- * Local Variables:
- * compile-command: "\
- * /usr/lib/jvm/java-25-openjdk/bin/javac TestSecurityProperties.java \
- * && (/usr/lib/jvm/java-25-openjdk/bin/java                                TestSecurityProperties false ; [[ $? == 1 ]]) \
- * && (/usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=true  TestSecurityProperties false ; [[ $? == 1 ]]) \
- * && (/usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=false TestSecurityProperties true  ; [[ $? == 1 ]]) \
- * &&  /usr/lib/jvm/java-25-openjdk/bin/java                                TestSecurityProperties true                   \
- * &&  /usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=true  TestSecurityProperties true                   \
- * &&  /usr/lib/jvm/java-25-openjdk/bin/java -Dredhat.crypto-policies=false TestSecurityProperties false"                 \
- * fill-column: 124
- * End:
- */
--- a/TestTranslations.java
+++ b/TestTranslations.java
@ -52,9 +52,9 @@ public class TestTranslations {
        map.put(Locale.FRANCE, new String[] { "heure normale des Rocheuses", "UTC\u221207:00", "MST",
                                              "heure d\u2019\u00e9t\u00e9 des Rocheuses", "UTC\u221206:00", "MST",
                                              "heure des Rocheuses", "UTC\u221207:00", "MST"});
-        map.put(Locale.GERMANY, new String[] { "Rocky-Mountains-Normalzeit", "GMT-07:00", "MST",
-                                               "Rocky-Mountains-Sommerzeit", "GMT-06:00", "MST",
-                                               "Rocky-Mountains-Zeit", "GMT-07:00", "MST"});
+        map.put(Locale.GERMANY, new String[] { "Rocky-Mountain-Normalzeit", "GMT-07:00", "MST",
+                                               "Rocky-Mountain-Sommerzeit", "GMT-06:00", "MST",
+                                               "Rocky-Mountain-Zeit", "GMT-07:00", "MST"});
        CIUDAD_JUAREZ = Collections.unmodifiableMap(map);
    }

--- a/create-redhat-properties-files.bash
+++ b/create-redhat-properties-files.bash
@ -1,166 +0,0 @@
-#!/bin/bash
-#
-# Create Red Hat OpenJDK security properties directory hierarchy.
-#
-# Copyright (C) 2025 IBM Corporation. All rights reserved.
-#
-# Written by:
-#     Francisco Ferrari Bihurriet <fferrari@redhat.com>
-#     Thomas Fitzsimmons <fitzsim@redhat.com>
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-# Usage:
-#
-# bash create-redhat-properties-files.bash <target directory> <nssadapter path>
-#
-# Example usage in spec file:
-#
-# bash -x create-redhat-properties-files.bash ${installdir}/conf/security \
-#     %{_libdir}/%{sdkdir -- ${suffix}}/libnssadapter.so
-#
-# When you make changes to the file set here, also update the %files
-# section in the spec file, and the JDK_PROPS_FILES_JDK_25 variables
-# in TestSecurityProperties.java.
-
-[[ $# == 2 ]] || exit 1
-
-SECURITY="${1}"
-NSSADAPTER="${2}"
-VENDOR="${SECURITY}"/redhat
-install --directory --mode=755 "${VENDOR}"
-install --directory --mode=755 "${VENDOR}"/true
-install --directory --mode=755 "${VENDOR}"/false
-
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/SunPKCS11-FIPS.cfg
-install --mode 644 /dev/stdin "${VENDOR}"/SunPKCS11-FIPS.cfg <<EOF
-name = FIPS
-library = ${NSSADAPTER}
-slot = 3
-nssUseSecmod = false
-attributes(*,CKO_SECRET_KEY,*)={ CKA_SIGN=true CKA_ENCRYPT=true }
-EOF
-
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/false/crypto-policies.properties
-install --mode 644 /dev/stdin "${VENDOR}"/false/crypto-policies.properties <<'EOF'
-# Empty on purpose, for ${redhat.crypto-policies}=false
-EOF
-
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/true/crypto-policies.properties
-install --mode 644 /dev/stdin "${VENDOR}"/true/crypto-policies.properties <<'EOF'
-#
-# Apply the system-wide crypto policy
-#
-include /etc/crypto-policies/back-ends/java.config
-
-#
-# Apply the FIPS-specific security properties, if needed
-#
-include ../${__redhat_fips__}/fips.properties
-EOF
-
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/crypto-policies.properties
-install --mode 644 /dev/stdin "${VENDOR}"/crypto-policies.properties <<'EOF'
-#
-# Default choice for the crypto-policies setup
-#
-include true/crypto-policies.properties
-EOF
-
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/false/fips.properties
-install --mode 644 /dev/stdin "${VENDOR}"/false/fips.properties <<'EOF'
-# Empty on purpose, for when FIPS is disabled.
-EOF
-
-# /usr/lib/jvm/java-25-openjdk/conf/security/redhat/true/fips.properties
-install --mode 644 /dev/stdin "${VENDOR}"/true/fips.properties <<'EOF'
-#
-# Enable the downstream-patch RedHatFIPSFilter code
-#
-__redhat_fips_filter__=true
-
-#
-# FIPS mode Security Providers List
-#
-security.provider.1=SunPKCS11 ${java.home}/conf/security/redhat/SunPKCS11-FIPS.cfg
-security.provider.2=SUN
-security.provider.3=SunEC
-security.provider.4=SunJSSE
-security.provider.5=SunJCE
-security.provider.6=SunRsaSign
-security.provider.7=XMLDSig
-security.provider.8=
-#                   ^ empty on purpose, to finish the Providers List
-
-#
-# FIPS mode default keystore type
-#
-keystore.type=pkcs12
-EOF
-
-cat >> "${SECURITY}"/java.security <<'EOF'
-
-#
-# System-wide crypto-policies and FIPS setup
-#
-# The following crypto-policies setup automatically detects when the system
-# is in FIPS mode and configures OpenJDK accordingly. If OpenJDK needs to
-# ignore the system and disable its FIPS setup, just disable the usage of
-# the system crypto-policies, by any of the methods described below.
-#
-# The redhat.crypto-policies system property is a boolean switch that
-# controls the usage on a per-run basis. For example, pass
-# -Dredhat.crypto-policies=false to disable the system crypto-policies.
-#
-# This setup consists of the following files in $JAVA_HOME/conf/security:
-#
-#   'redhat/false/crypto-policies.properties' (policies usage disabled file)
-#      Empty file, applied when the boolean switch is passed as false.
-#
-#   'redhat/true/crypto-policies.properties' (policies usage enabled file)
-#      Performs the crypto-policies and FIPS setup, applied when the boolean
-#      switch is passed as true.
-#
-#   'redhat/crypto-policies.properties' (policies usage default file)
-#      Determines the default choice by including one of the previous files,
-#      applied when the boolean switch is not passed.
-#      The system crypto-policies usage is enabled by default:
-#        include true/crypto-policies.properties
-#
-# To enable or disable the usage of the crypto-policies on a per-deployment
-# basis, edit the policies usage default file, changing the included file.
-# For example, execute the following command to persistently disable the
-# crypto-policies:
-#   sed -i s/true/false/ $JAVA_HOME/conf/security/redhat/crypto-policies.properties
-# Applications can still override this on a per-run basis, for example by
-# passing -Dredhat.crypto-policies=true.
-#
-# To disable the redhat.crypto-policies boolean switch, modify the following
-# include directive as follows. Replace ${redhat.crypto-policies} by true to
-# force-apply the system crypto-policies:
-#   include redhat/true/crypto-policies.properties
-# Remove or comment out the include directive to force-disable the setup:
-#   #include redhat/${redhat.crypto-policies}/crypto-policies.properties
-#
-include redhat/${redhat.crypto-policies}/crypto-policies.properties
-#       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-# WARNING: anything placed after this include directive will apply on top
-# of the described setup. Adding properties below this section is strongly
-# discouraged, as it poses a risk of overriding the system crypto-policies
-# or invalidating the FIPS deployment.
-EOF
-
-# Local Variables:
-# compile-command: "shellcheck create-redhat-properties-files.bash"
-# End:
--- a/fips-25u-df044414ef4.patch
+++ b/fips-25u-df044414ef4.patch
@ -1,92 +0,0 @@
-diff --git a/src/java.base/share/classes/java/security/Provider.java b/src/java.base/share/classes/java/security/Provider.java
-index de2845fb550..b1e416b90f4 100644
--- a/src/java.base/share/classes/java/security/Provider.java
-+++ b/src/java.base/share/classes/java/security/Provider.java
-@@ -1203,6 +1203,39 @@ public Set<Service> getServices() {
-         return serviceSet;
-     }
- 
-+    /* vvvvvvvvvvvvvvvvvvvvvvvvvvvvv FIPS PATCH vvvvvvvvvvvvvvvvvvvvvvvvvvvvv */
-+    private static final class RedHatFIPSFilter {
-+        static final boolean IS_ON = Boolean.parseBoolean(
-+                Security.getProperty("__redhat_fips_filter__"));
-+        private static final Set<String> ANY_SERVICE_TYPE = Set.of();
-+        private static final Map<String, Set<String>> ALLOW_LIST = Map.of(
-+                "SunPKCS11-FIPS", ANY_SERVICE_TYPE,
-+                "SUN", Set.of(
-+                        "AlgorithmParameterGenerator",
-+                        "AlgorithmParameters", "CertificateFactory",
-+                        "CertPathBuilder", "CertPathValidator", "CertStore",
-+                        "Configuration", "KeyStore"),
-+                "SunEC", Set.of(
-+                        "AlgorithmParameters", "KeyFactory"),
-+                "SunJSSE", ANY_SERVICE_TYPE,
-+                "SunJCE", Set.of(
-+                        "AlgorithmParameters",
-+                        "AlgorithmParameterGenerator", "KeyFactory",
-+                        "SecretKeyFactory"),
-+                "SunRsaSign", Set.of(
-+                        "KeyFactory", "AlgorithmParameters"),
-+                "XMLDSig", ANY_SERVICE_TYPE
-+        );
-+
-+        static boolean isAllowed(String provName, String serviceType) {
-+            Set<String> allowedServiceTypes = ALLOW_LIST.get(provName);
-+            return allowedServiceTypes != null &&
-+                    (allowedServiceTypes == ANY_SERVICE_TYPE ||
-+                            allowedServiceTypes.contains(serviceType));
-+        }
-+    }
-+    /* ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ FIPS PATCH ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ */
-+
-     /**
-      * Add a service. If a service of the same type with the same algorithm
-      * name exists, and it was added using {@link #putService putService()},
-@@ -1231,6 +1264,15 @@ protected void putService(Service s) {
-                     ("service.getProvider() must match this Provider object");
-         }
-         String type = s.getType();
-+        /* vvvvvvvvvvvvvvvvvvvvvvvvvvv FIPS PATCH vvvvvvvvvvvvvvvvvvvvvvvvvvv */
-+        if (RedHatFIPSFilter.IS_ON && !RedHatFIPSFilter.isAllowed(name, type)) {
-+            if (debug != null) {
-+                debug.println("The previous " + name + ".putService() call " +
-+                        "was skipped by " + RedHatFIPSFilter.class.getName());
-+            }
-+            return;
-+        }
-+        /* ^^^^^^^^^^^^^^^^^^^^^^^^^^^ FIPS PATCH ^^^^^^^^^^^^^^^^^^^^^^^^^^^ */
-         String algorithm = s.getAlgorithm();
-         ServiceKey key = new ServiceKey(type, algorithm, true);
-         implRemoveService(serviceMap.get(key));
-diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
-index 6969fe8a8e1..4501d5971c4 100644
--- a/src/java.base/share/classes/java/security/Security.java
-+++ b/src/java.base/share/classes/java/security/Security.java
-@@ -323,7 +323,27 @@ public Properties getInitialProperties() {
-     }
- 
-     private static void initialize() {
-+        /* vvvvvvvvvvvvvvvvvvvvvvvvvvv FIPS PATCH vvvvvvvvvvvvvvvvvvvvvvvvvvv */
-+        /*   This 'include'-directives-only magic property is an internal     */
-+        /*   implementation detail that could (and probably will!) change.    */
-+        /*   Red Hat customers should NOT rely on this for their own use.     */
-+        String fipsKernelFlag = "/proc/sys/crypto/fips_enabled";
-+        boolean fipsModeOn;
-+        try (InputStream is = new java.io.FileInputStream(fipsKernelFlag)) {
-+            fipsModeOn = is.read() == '1';
-+        } catch (IOException ioe) {
-+            fipsModeOn = false;
-+            if (sdebug != null) {
-+                sdebug.println("Failed to read FIPS kernel file: " + ioe);
-+            }
-+        }
-+        String fipsMagicPropName = "__redhat_fips__";
-+        System.setProperty(fipsMagicPropName, "" + fipsModeOn);
-+        /* ^^^^^^^^^^^^^^^^^^^^^^^^^^^ FIPS PATCH ^^^^^^^^^^^^^^^^^^^^^^^^^^^ */
-         SecPropLoader.loadAll();
-+        /* vvvvvvvvvvvvvvvvvvvvvvvvvvv FIPS PATCH vvvvvvvvvvvvvvvvvvvvvvvvvvv */
-+        System.clearProperty(fipsMagicPropName);
-+        /* ^^^^^^^^^^^^^^^^^^^^^^^^^^^ FIPS PATCH ^^^^^^^^^^^^^^^^^^^^^^^^^^^ */
-         initialSecurityProperties = (Properties) props.clone();
-         if (sdebug != null) {
-             for (String key : props.stringPropertyNames()) {
--- a/java-25-openjdk-portable.specfile
+++ b/java-25-openjdk-portable.specfile
@ -226,7 +226,7 @@
 # other targets since this target is configured to use in-tree
 # AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib
 # and possibly others
-%global static_libs_target static-libs-graal-image
+%global static_libs_target static-libs-image
 %else
 %global static_libs_target %{nil}
 %endif
@ -247,13 +247,6 @@
 %global dtsversion 10
 %endif

-# Check if pandoc is available to generate docs (including man pages)
-%if 0%{?rhel} == 8
-%global pandoc_available 1
-%else
-%global pandoc_available 0
-%endif
-
 # Filter out flags from the optflags macro that cause problems with the OpenJDK build
 # We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
 # We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs)
@ -334,9 +327,10 @@
 %endif

 # New Version-String scheme-style defines
-%global featurever 25
+%global featurever 22
+%global fakefeaturever 25
 %global interimver 0
-%global updatever 1
+%global updatever 2
 %global patchver 0
 # buildjdkver is usually same as %%{featurever},
 # but in time of bootstrap of next jdk, it is featurever-1,
@ -351,6 +345,21 @@
  %global lts_designator ""
  %global lts_designator_zip ""
 %endif
+# JDK to use for bootstrapping
+%global bootjdkpkg java-%{fakefeaturever}-openjdk
+%ifarch %{fastdebug_arches}
+%global bootdebugpkg fastdebug
+%endif
+%global bootjdkzip %{_jvmdir}/%{bootjdkpkg}-*.portable%{?bootdebugpkg:.%{bootdebugpkg}}.jdk.%{_arch}.tar.xz
+%global bootjdk %{_builddir}/%{bootjdkpkg}.boot
+# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
+# This will only work where the bootstrap JDK is the same major version
+# as the JDK being built
+%if %{with fresh_libjvm} && %{buildjdkver} == %{featurever}
+%global build_hotspot_first 1
+%else
+%global build_hotspot_first 0
+%endif

 # Define vendor information used by OpenJDK
 %global oj_vendor Red Hat, Inc.
@ -376,10 +385,11 @@
 # Define IcedTea version used for SystemTap tapsets and desktop file
 %global icedteaver      6.0.0pre00-c848b93a8598
 # Define current Git revision for the FIPS support patches
-%global fipsver df044414ef4
+%global fipsver 9203d50836c
 # Define JDK versions
 %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
-%global javaver         %{featurever}
+# Force 25 until we are actually ready to build that JDK version
+%global javaver         %{fakefeaturever}
 # Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
 %global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
 # The tag used to create the OpenJDK tarball
@ -390,7 +400,7 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{vcstag}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        8
+%global buildver        9
 %global rpmrelease      2
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
@ -426,16 +436,16 @@
 %endif

 # parametrized macros are order-sensitive
-%global compatiblename  java-%{featurever}-%{origin}
+%global compatiblename  java-%{fakefeaturever}-%{origin}
 %global fullversion     %{compatiblename}-%{version}-%{release}
 # images directories from upstream build
 %global jdkimage                jdk
-%global static_libs_image       static-libs-graal
+%global static_libs_image       static-libs
 # output dir stub
-%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
-%define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}}
+%define buildoutputdir() %{expand:build/jdk%{fakefeaturever}.build%{?1}}
+%define installoutputdir() %{expand:install/jdk%{fakefeaturever}.install%{?1}}
 %global altjavaoutputdir install/altjava.install
-%define packageoutputdir() %{expand:packages/jdk%{featurever}.packages%{?1}}
+%define packageoutputdir() %{expand:packages/jdk%{fakefeaturever}.packages%{?1}}
 # we can copy the javadoc to not arched dir, or make it not noarch
 %define uniquejavadocdir()    %{expand:%{fullversion}.%{_arch}%{?1}}
 # main id and dir of this jdk
@ -458,22 +468,6 @@
 %define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.misc;g")
 %define miscportablearchive()  %{miscportablename}.tar.xz

-# JDK to use for bootstrapping
-%global bootjdkpkg java-%{featurever}-%{origin}
-%ifarch %{fastdebug_arches}
-%global bootdebugpkg fastdebug
-%endif
-%global bootjdkzip %{_jvmdir}/%{bootjdkpkg}-*.portable%{?bootdebugpkg:.%{bootdebugpkg}}.jdk.%{_arch}.tar.xz
-%global bootjdk %{_builddir}/%{uniquesuffix -- ""}/%{bootjdkpkg}.boot
-# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
-# This will only work where the bootstrap JDK is the same major version
-# as the JDK being built
-%if %{with fresh_libjvm} && %{buildjdkver} == %{featurever}
-%global build_hotspot_first 1
-%else
-%global build_hotspot_first 0
-%endif
-
 #################################################################
 # fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349
 #         https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14
@ -603,7 +597,7 @@ Source0: https://openjdk-sources.osci.io/openjdk%{featurever}/open%{vcstag}%{ea_
 # Use 'icedtea_sync.sh' to update the following
 # They are based on code contained in the IcedTea project (6.x).
 # Systemtap tapsets. Zipped up to keep it small.
-Source8: tapsets-icedtea-%{icedteaver}.tar.xz
+Source8: tapsets-icedtea-%%{icedteaver}.tar.xz

 # Desktop files. Adapted from IcedTea
 # Disabled in portables
@ -640,7 +634,7 @@ Source18: TestTranslations.java
 ############################################
 # Crypto policy and FIPS support patches
 # Patch is generated from the fips-25u tree at https://github.com/rh-openjdk/jdk/tree/fips-25u
-# as follows: git diff %%{vcstag} src make test > fips-25u-$(git show -s --format=%h HEAD).patch
+# as follows: git diff %%{vcstag} src make test > fips-21u-$(git show -s --format=%h HEAD).patch
 # Diff is limited to src and make subdirectories to exclude .github changes
 # Fixes currently included:
 # PR3183, RH1340845: Follow system wide crypto policy
@ -674,7 +668,7 @@ Source18: TestTranslations.java
 # test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
 # RH1940064: Enable XML Signature provider in FIPS mode
 # RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
-Patch1001: fips-%{featurever}u-%{fipsver}.patch
+# Disabled until 25: Patch1001: fips-%{featurever}u-%{fipsver}.patch

 #############################################
 #
@ -744,14 +738,13 @@ BuildRequires: zip
 BuildRequires: tar
 BuildRequires: unzip
 BuildRequires: javapackages-filesystem
-BuildRequires: %{bootjdkpkg}-portable-devel%{?bootdebugpkg:-%{bootdebugpkg}} >= %{buildjdkver}
 # Zero-assembler build requirement
 %ifarch %{zero_arches}
 BuildRequires: libffi-devel
 %endif
 # Full documentation build requirements
 # pandoc is only available on RHEL/CentOS 8
-%if %{pandoc_available}
+%if 0%{?rhel} == 8
 BuildRequires: graphviz
 BuildRequires: pandoc
 %endif
@ -1003,15 +996,10 @@ sh %{SOURCE12} %{top_level_dir_name}
 # rpmbuild.
 pushd %{top_level_dir_name}
 # Add crypto policy and FIPS support
-%patch -P1001 -p1
+# Disabled until 25
+#%patch -P1001 -p1
 popd # openjdk

-echo "Generating %{alt_java_name} man page"
-altjavamanpage=%{top_level_dir_name}/src/java.base/share/man/%{alt_java_name}.md
-altjavatext="Hardened java binary recommended for launching untrusted code from the Web e.g. javaws"
-sed -r -e 's|([^/.])java([^./])|\1alt-java\2|g' %{top_level_dir_name}/src/java.base/share/man/java.md | \
-    sed -e 's|JAVA(|ALT-JAVA(|' | \
-    sed -e "s|java - launch a Java application|alt-java - ${altjavatext}|" >> ${altjavamanpage}

 # The OpenJDK version file includes the current
 # upstream version information. For some reason,
@ -1077,7 +1065,7 @@ pushd %{_jvmdir}
 sha256sum --check %{bootjdkzip}.sha256sum
 popd
 tar -xJf %{bootjdkzip}
-mv java-%{featurever}-openjdk-%{buildjdkver}* %{bootjdk}
+mv java-%{fakefeaturever}-openjdk-%{featurever}* %{bootjdk}
 # Print release information
 echo "Installed boot JDK:"
 cat %{bootjdk}/release
@ -1372,7 +1360,6 @@ function installjdk() {
    # legacy-jre-image target does not install any man pages for the JRE
    # We copy the jdk man directory and then remove pages for binaries that
    # don't exist in the JRE
-%if %{pandoc_available}
    cp -a ${jdkimagepath}/man ${jreimagepath}
    for manpage in $(find ${jreimagepath}/man -name '*.1'); do
        filename=$(basename ${manpage});
@ -1382,7 +1369,6 @@ function installjdk() {
            rm -f ${manpage};
        fi;
    done
-%endif

    for imagepath in ${jdkimagepath} ${jreimagepath} ${unstripped}; do

@ -1533,7 +1519,7 @@ function packagejdk() {
 %if %{with_systemtap}
        cp -a ${tapsetdir}* ${miscname}
 %endif
-        cp -av ${altjavadir}/%{alt_java_name} ${miscname}
+        cp -av ${altjavadir}/%{alt_java_name}{,.1} ${miscname}
        createtar ${miscname} ${miscarchive}
        genchecksum ${miscarchive}
    fi
@ -1574,6 +1560,10 @@ function packagejdk() {
 echo "Building %{SOURCE11}"
 mkdir -p %{altjavaoutputdir}
 LD_LIBRARY_PATH="${LIBPATH}" ${GCC} ${EXTRA_CFLAGS} -o %{altjavaoutputdir}/%{alt_java_name} %{SOURCE11}
+echo "Generating %{alt_java_name} man page"
+altjavamanpage=%{altjavaoutputdir}/%{alt_java_name}.1
+echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > ${altjavamanpage}
+cat %{top_level_dir_name}/src/java.base/share/man/java.1 >> ${altjavamanpage}

 echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"

@ -1727,14 +1717,14 @@ $JAVA_HOME/bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -versi
  unzip -l $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'

  # Check class files include useful debugging information
-  $JAVA_HOME/bin/javap -c -l java.lang.Object | grep "Compiled from"
-  $JAVA_HOME/bin/javap -c -l java.lang.Object | grep LineNumberTable
-  $JAVA_HOME/bin/javap -c -l java.lang.Object | grep LocalVariableTable
+  $JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
+  $JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
+  $JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable

  # Check generated class files include useful debugging information
-  $JAVA_HOME/bin/javap -c -l java.nio.ByteBuffer | grep "Compiled from"
-  $JAVA_HOME/bin/javap -c -l java.nio.ByteBuffer | grep LineNumberTable
-  $JAVA_HOME/bin/javap -c -l java.nio.ByteBuffer | grep LocalVariableTable
+  $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
+  $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
+  $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable

 %else

@ -1966,48 +1956,6 @@ done
 %endif

 %changelog
-* Tue Dec 02 2025 Severin Gehwolf <sgehwolf@redhat.com> - 1:25.0.1.0.8-2
- Switch from static-libs-image to static-libs-graal-image to avoid large unneeded libjvm.a
- Resolves: OPENJDK-4197
-
-* Tue Dec 02 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-2
- Incorporate new FIPS patch for 25u
- Resolves: OPENJDK-4184
-
-* Mon Nov 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-1
- Update to jdk-25.0.1+8 (GA)
- Update release notes to 25.0.1+8
- Related: RHELBU-3203
-
-* Mon Nov 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.0.0.36-2
- Drop fakefeaturever and rebuild with ourselves now we have reached OpenJDK 25
- Related: RHELBU-3203
-
-* Sun Nov 09 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.0.0.36-1
- Update to jdk-25.0.0+36 (GA)
- Update release notes with features of JDK 25
- Mention finalisation JEP for features finalised in JDK 22, 23 & 24
- Resolves: RHELBU-3203
-
-* Wed Nov 05 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:24.0.2.0.12-1
- Update to jdk-24.0.2+12 (GA)
- Update release notes with features of JDK 24
- Generate alt-java.md during prep following removal of pre-generated man pages in JDK-8344056
- Introduce pandoc_available global for conditional handling of both pandoc dependency and manpages
- Adjust TestTranslations.java with updated German translations from CLDR 46 (JDK-8333582) (Mountain->Mountains)
- Run javap with the disassembled code (-c) option now required for -l by JDK-8345145
- Related: RHELBU-3203
-
-* Sat Oct 25 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:23.0.2.0.7-1
- Update to jdk-23.0.2+7 (GA)
- Update release notes with features of JDK 23
- Switch buildjdkver to featurever + 1
- Use buildjdkver in the path to the extracted bootstrap JDK
- Move bootstrap declarations later so they can use variables like uniquesuffix
- Fix bootjdk so it uses our build subdirectory created in setup (_builddir only gives the top-level BUILD)
- Fix double '%' in specification of IcedTea sources
- Related: RHELBU-3203
-
 * Mon Sep 22 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:22.0.2.0.9-2
 - Build using ourselves rather than the system JDK as java-25-openjdk is unavailable on older systems
 - Switch buildjdkver back to featurever temporarily for this rebuild
--- a/java-25-openjdk.spec
+++ b/java-25-openjdk.spec
--- a/java-25-openjdk.spec
+++ b/java-25-openjdk.spec
@ -0,0 +1 @@
+java-25-openjdk-portable.specfile
--- a/nssadapter-ldflags.patch
+++ b/nssadapter-ldflags.patch
@ -1,41 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 5175f21..571748a 100644
--- a/Makefile
-+++ b/Makefile
-@@ -13,12 +13,12 @@ DEVEL_PKGS    = nss nss-softokn
- LIB_DIR       = $(shell pkg-config --variable=libdir nss-softokn)
- SHARED_LIBS   = pthread softokn3 nss3
- STATIC_LIBS   = freebl
-SHR_CFLAGS    = -shared -fPIC -fvisibility=hidden -Wl,--exclude-libs,ALL       \
-                $(addprefix -l,$(SHARED_LIBS))                                 \
-+SHR_CFLAGS    = -shared -fPIC -fvisibility=hidden                              \
-                 $(strip $(shell pkg-config --cflags $(DEVEL_PKGS)))            \
-                 -Wpedantic -Wall -Wextra -Wconversion -Werror
- DBG_CFLAGS    = -Wno-error=unused-variable -Wno-error=unused-parameter -DDEBUG \
-                 -O0 -g
-+SHR_LDFLAGS   = -Wl,--exclude-libs,ALL $(addprefix -l,$(SHARED_LIBS))
- 
- # https://clang.llvm.org/docs/ClangFormatStyleOptions.html
- CLANG_FORMAT_STYLE = {                                                         \
-@@ -53,10 +53,12 @@ endif
- 
- .PHONY: release ## Build the library in RELEASE mode (default)
- release: BLD_CFLAGS = $(SHR_CFLAGS) $(CFLAGS)
-+release: BLD_LDFLAGS = $(SHR_LDFLAGS) $(LDFLAGS)
- release: $(CLEAN_IF_PREVIOUS_BUILD_MODE_IS_DEBUG) $(OUTPUT)
- 
- .PHONY: debug ## Build the library in DEBUG mode
- debug: BLD_CFLAGS = $(SHR_CFLAGS) $(DBG_CFLAGS) $(CFLAGS)
-+debug: BLD_LDFLAGS = $(SHR_LDFLAGS) $(LDFLAGS)
- debug: CREATE_DBG_SENTINEL_IF_NEEDED = touch $(DBG_SENTINEL)
- debug: $(CLEAN_IF_PREVIOUS_BUILD_MODE_IS_RELEASE) $(OUTPUT)
- 
-@@ -73,7 +75,7 @@ $(BIN_DIR):
- 
- $(OUTPUT): $(BIN_DIR) $(SRC_FILES)
- 	@$(CREATE_DBG_SENTINEL_IF_NEEDED)
-	$(CC) $(BLD_CFLAGS) $(filter %.c, $+)                                      \
-+	$(CC) $(BLD_CFLAGS) $(filter %.c, $+) $(BLD_LDFLAGS) \
- 	      $(addprefix $(LIB_DIR)/lib,$(addsuffix .a,$(STATIC_LIBS))) -o $@
- 
- 
--- a/3
+++ b/3
@ -1,3 +1,2 @@
 SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-25.0.1+8.tar.xz) = eb84d876f81ca02803283e8294c89b6acbed3753426811c3bcc228615c9618deefc85da4aa702800cac2feb103e628ee8b92292b316e9d7e12a58b6de69c5085
-SHA512 (nssadapter-0.1.0.tar.xz) = 581f49d1a27550e3a2fa0a9d407f43c507627a8439827904d14daaf24e071d9f73884a2abe4cb3d36d26f1af09ef7d20724b2d40c9bac202e0316fac6c1a636b
+SHA512 (openjdk-22.0.2+9.tar.xz) = 960746381f56cb516a2298f75dbf877554b59e73752dc29b040b8629b153174d2ea2f612d3479b511aaac293e4d336c798a58fd1ba4d2b9d5933899f64d04313
Author	SHA1	Message	Date
eabdullin	6c2ab26cd7	Exclude %{bootjdkpkg}-portable-devel%{?bootdebugpkg:-%{bootdebugpkg}} from BR for bootstrap build	2025-10-08 18:55:39 +03:00
eabdullin	91dc9761a6	Portable	2025-10-07 14:50:13 +03:00