From 1f247b3a79be392f8d50381632e7cb41e977ee13 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 28 2020 08:51:27 +0000 Subject: import java-1.8.0-openjdk-1.8.0.242.b08-4.el8 --- diff --git a/.gitignore b/.gitignore index 8253140..fc7b991 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u252-b09.tar.xz -SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz +SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u242-b08-4curve.tar.xz +SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index e7b45ff..44b8e22 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -76398522a859f5d17da94b0cd9f7ef8ccf22b31b SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u252-b09.tar.xz -cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz +c274c0cdb494aa6954f3e525121ab46c2293b7e6 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u242-b08-4curve.tar.xz +c1e848fdb04f351350fe2aeda17fc22a3ed41d3e SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS deleted file mode 100644 index 59f5724..0000000 --- a/SOURCES/NEWS +++ /dev/null @@ -1,113 +0,0 @@ -Key: - -JDK-X - https://bugs.openjdk.java.net/browse/JDK-X -CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY - -New in release OpenJDK 8u252 (2020-04-14): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/oj8u252 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt - -* Security fixes - - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - - JDK-8225603: Enhancement for big integers - - JDK-8227542: Manifest improved jar headers - - JDK-8231415, CVE-2020-2773: Better signatures in XML - - JDK-8233250: Better X11 rendering - - JDK-8233410: Better Build Scripting - - JDK-8234027: Better JCEKS key support - - JDK-8234408, CVE-2020-2781: Improve TLS session handling - - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - - JDK-8235274, CVE-2020-2805: Enhance typing of methods - - JDK-8236201, CVE-2020-2830: Better Scanner conversions - - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap -* Other changes - - JDK-8005819: Support cross-realm MSSFU - - JDK-8022263: use same Clang warnings on BSD as on Linux - - JDK-8038631: Create wrapper for awt.Robot with additional functionality - - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid - - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests - - JDK-8068184: Fix for JDK-8032832 caused a deadlock - - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature - - JDK-8132130: some docs cleanup - - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit - - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal - - JDK-8144446: Automate the Marlin crash test - - JDK-8144526: Remove Marlin logging use of deleted internal API - - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats - - JDK-8144654: Improve Marlin logging - - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins - - JDK-8166976: TestCipherPBECons has wrong @run line - - JDK-8167409: Invalid value passed to critical JNI function - - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant - - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT - - JDK-8191227: issues with unsafe handle resolution - - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider - - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object - - JDK-8215756: Memory leaks in the AWT on macOS - - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win) - - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread - - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions - - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test - - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test - - JDK-8229022: BufferedReader performance can be improved by using StringBuilder - - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC - - JDK-8229872: (fs) Increase buffer size used with getmntent - - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception - - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type - - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 - - JDK-8235904: Infinite loop when rendering huge lines - - JDK-8236179: C1 register allocation error with T_ADDRESS - - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read - - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call - - JDK-8241296: Segfault in JNIHandleBlock::oops_do() - - JDK-8241307: Marlin renderer should not be the default in 8u252 - -Notes on individual issues: -=========================== - -hotspot/svc: - -JDK-8174881: Binary format for HPROF updated -============================================ - -When dumping the heap in binary format, HPROF format 1.0.2 is always -used now. Previously, format 1.0.1 was used for heaps smaller than -2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the -serviceability agent. - -security-libs/java.security: - -JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature -==================================================================================== - -The SunRsaSign and SunJCE providers have been enhanced with support -for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS -signature and OAEP using FIPS 180-4 digest algorithms. New -constructors and methods have been added to relevant JCA/JCE classes -under the `java.security.spec` and `javax.crypto.spec` packages for -supporting additional RSASSA-PSS parameters. - -security-libs/javax.crypto: - -JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI -============================================================ - -The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider. - -security-libs/javax.security: - -JDK-8227564: Allow SASL Mechanisms to Be Restricted -=================================================== - -A security property named `jdk.sasl.disabledMechanisms` has been added -that can be used to disable SASL mechanisms. Any disabled mechanism -will be ignored if it is specified in the `mechanisms` argument of -`Sasl.createSaslClient` or the `mechanism` argument of -`Sasl.createSaslServer`. The default value for this security property -is empty, which means that no mechanisms are disabled out-of-the-box. diff --git a/SOURCES/jconsole.desktop.in b/SOURCES/jconsole.desktop.in index a8917c1..8a3b04d 100644 --- a/SOURCES/jconsole.desktop.in +++ b/SOURCES/jconsole.desktop.in @@ -1,8 +1,8 @@ [Desktop Entry] -Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@ -Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@ -Exec=@JAVA_HOME@/jconsole -Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@ +Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@) +Comment=Monitor and manage OpenJDK applications +Exec=_SDKBINDIR_/jconsole +Icon=java-@JAVA_VER@-@JAVA_VENDOR@ Terminal=false Type=Application StartupWMClass=sun-tools-jconsole-JConsole diff --git a/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch b/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch new file mode 100644 index 0000000..d7afbc6 --- /dev/null +++ b/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch @@ -0,0 +1,257 @@ +# HG changeset patch +# User weijun +# Date 1513099798 -28800 +# Wed Dec 13 01:29:58 2017 +0800 +# Node ID aa8f2e25f003feddf362892b2820fa2839c854b6 +# Parent 9ebb70cb99a472b5fee9ac08240b7979468c2fa5 +8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite +Reviewed-by: weijun +Contributed-by: Martin Balao + +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java +@@ -196,13 +196,23 @@ + } + + if (configDir != null) { +- File configBase = new File(configDir); +- if (configBase.isDirectory() == false ) { +- throw new IOException("configDir must be a directory: " + configDir); ++ String configDirPath = null; ++ String sqlPrefix = "sql:/"; ++ if (!configDir.startsWith(sqlPrefix)) { ++ configDirPath = configDir; ++ } else { ++ StringBuilder configDirPathSB = new StringBuilder(configDir); ++ configDirPath = configDirPathSB.substring(sqlPrefix.length()); + } +- File secmodFile = new File(configBase, "secmod.db"); +- if (secmodFile.isFile() == false) { +- throw new FileNotFoundException(secmodFile.getPath()); ++ File configBase = new File(configDirPath); ++ if (configBase.isDirectory() == false ) { ++ throw new IOException("configDir must be a directory: " + configDirPath); ++ } ++ if (!configDir.startsWith(sqlPrefix)) { ++ File secmodFile = new File(configBase, "secmod.db"); ++ if (secmodFile.isFile() == false) { ++ throw new FileNotFoundException(secmodFile.getPath()); ++ } + } + } + +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE +@@ -0,0 +1,8 @@ ++// How to create key4.db and cert9.db ++cd ++echo "" > 1 ++echo "test12" > 2 ++modutil -create -force -dbdir sql:/$(pwd) ++modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/$(pwd) ++modutil -changepw "NSS Certificate DB" -force -dbdir sql:/$(pwd) -pwfile $(pwd)/1 -newpwfile $(pwd)/2 ++ +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java +@@ -0,0 +1,134 @@ ++/* ++ * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates. ++ * ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 8165996 ++ * @summary Test NSS DB Sqlite ++ * @library ../ ++ * @modules java.base/sun.security.rsa ++ * java.base/sun.security.provider ++ * java.base/sun.security.jca ++ * java.base/sun.security.tools.keytool ++ * java.base/sun.security.x509 ++ * java.base/com.sun.crypto.provider ++ * jdk.crypto.cryptoki/sun.security.pkcs11:+open ++ * @run main/othervm/timeout=120 TestNssDbSqlite ++ * @author Martin Balao (mbalao@redhat.com) ++ */ ++ ++import java.security.PrivateKey; ++import java.security.cert.Certificate; ++import java.security.KeyStore; ++import java.security.Provider; ++import java.security.Signature; ++ ++import sun.security.rsa.SunRsaSign; ++import sun.security.jca.ProviderList; ++import sun.security.jca.Providers; ++import sun.security.tools.keytool.CertAndKeyGen; ++import sun.security.x509.X500Name; ++ ++public final class TestNssDbSqlite extends SecmodTest { ++ ++ private static final boolean enableDebug = true; ++ ++ private static Provider sunPKCS11NSSProvider; ++ private static Provider sunRsaSignProvider; ++ private static Provider sunJCEProvider; ++ private static KeyStore ks; ++ private static char[] passphrase = "test12".toCharArray(); ++ private static PrivateKey privateKey; ++ private static Certificate certificate; ++ ++ public static void main(String[] args) throws Exception { ++ ++ initialize(); ++ ++ if (enableDebug) { ++ System.out.println("SunPKCS11 provider: " + ++ sunPKCS11NSSProvider); ++ } ++ ++ testRetrieveKeysFromKeystore(); ++ ++ System.out.println("Test PASS - OK"); ++ } ++ ++ private static void testRetrieveKeysFromKeystore() throws Exception { ++ ++ String plainText = "known plain text"; ++ ++ ks.setKeyEntry("root_ca_1", privateKey, passphrase, ++ new Certificate[]{certificate}); ++ PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase); ++ ++ Signature sS = Signature.getInstance( ++ "SHA256withRSA", sunPKCS11NSSProvider); ++ sS.initSign(k1); ++ sS.update(plainText.getBytes()); ++ byte[] generatedSignature = sS.sign(); ++ ++ if (enableDebug) { ++ System.out.println("Generated signature: "); ++ for (byte b : generatedSignature) { ++ System.out.printf("0x%02x, ", (int)(b) & 0xFF); ++ } ++ System.out.println(""); ++ } ++ ++ Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider); ++ sV.initVerify(certificate); ++ sV.update(plainText.getBytes()); ++ if(!sV.verify(generatedSignature)){ ++ throw new Exception("Couldn't verify signature"); ++ } ++ } ++ ++ private static void initialize() throws Exception { ++ initializeProvider(); ++ } ++ ++ private static void initializeProvider () throws Exception { ++ useSqlite(true); ++ if (!initSecmod()) { ++ return; ++ } ++ ++ sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg"); ++ sunJCEProvider = new com.sun.crypto.provider.SunJCE(); ++ sunRsaSignProvider = new SunRsaSign(); ++ Providers.setProviderList(ProviderList.newList( ++ sunJCEProvider, sunPKCS11NSSProvider, ++ new sun.security.provider.Sun(), sunRsaSignProvider)); ++ ++ ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider); ++ ks.load(null, passphrase); ++ ++ CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); ++ gen.generate(2048); ++ privateKey = gen.getPrivateKey(); ++ certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365); ++ } ++} +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg +@@ -0,0 +1,13 @@ ++# config file for secmod KeyStore access using sqlite backend ++ ++name = NSS-Sqlite ++ ++nssLibraryDirectory = ${pkcs11test.nss.libdir} ++ ++nssDbMode = readWrite ++ ++nssModule = keystore ++ ++nssSecmodDirectory = ${pkcs11test.nss.db} ++ ++attributes = compatibility +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java +--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java ++++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java +@@ -34,6 +34,11 @@ + static String DBDIR; + static char[] password = "test12".toCharArray(); + static String keyAlias = "mykey"; ++ static boolean useSqlite = false; ++ ++ static void useSqlite(boolean b) { ++ useSqlite = b; ++ } + + static boolean initSecmod() throws Exception { + useNSS(); +@@ -49,14 +54,24 @@ + safeReload(LIBPATH + System.mapLibraryName("nssckbi")); + + DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb"; +- System.setProperty("pkcs11test.nss.db", DBDIR); ++ if (useSqlite) { ++ System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR); ++ } else { ++ System.setProperty("pkcs11test.nss.db", DBDIR); ++ } + File dbdirFile = new File(DBDIR); + if (dbdirFile.exists() == false) { + dbdirFile.mkdir(); + } +- copyFile("secmod.db", BASE, DBDIR); +- copyFile("key3.db", BASE, DBDIR); +- copyFile("cert8.db", BASE, DBDIR); ++ ++ if (useSqlite) { ++ copyFile("key4.db", BASE, DBDIR); ++ copyFile("cert9.db", BASE, DBDIR); ++ } else { ++ copyFile("secmod.db", BASE, DBDIR); ++ copyFile("key3.db", BASE, DBDIR); ++ copyFile("cert8.db", BASE, DBDIR); ++ } + return true; + } + diff --git a/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch b/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch new file mode 100644 index 0000000..ddab642 --- /dev/null +++ b/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch @@ -0,0 +1,125 @@ +# HG changeset patch +# User mbalao +# Date 1529971845 -28800 +# Tue Jun 26 08:10:45 2018 +0800 +# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc +# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff +8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 +Reviewed-by: valeriep, weijun + +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java +@@ -197,7 +197,7 @@ + + if (configDir != null) { + String configDirPath = null; +- String sqlPrefix = "sql:/"; ++ String sqlPrefix = "sql:"; + if (!configDir.startsWith(sqlPrefix)) { + configDirPath = configDir; + } else { +diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c +--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c ++++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c +@@ -69,9 +69,14 @@ + int res = 0; + FPTR_Initialize initialize = + (FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize"); ++ #ifdef SECMOD_DEBUG ++ FPTR_GetError getError = ++ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError"); ++ #endif // SECMOD_DEBUG + unsigned int flags = 0x00; + const char *configDir = NULL; + const char *functionName = NULL; ++ const char *configFile = NULL; + + /* If we cannot initialize, exit now */ + if (initialize == NULL) { +@@ -97,13 +102,18 @@ + flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag + } + ++ configFile = "secmod.db"; ++ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) { ++ configFile = "pkcs11.txt"; ++ } ++ + /* + * If the NSS_Init function is requested then call NSS_Initialize to + * open the Cert, Key and Security Module databases, read only. + */ + if (strcmp("NSS_Init", functionName) == 0) { + flags = flags | 0x01; // NSS_INIT_READONLY flag +- res = initialize(configDir, "", "", "secmod.db", flags); ++ res = initialize(configDir, "", "", configFile, flags); + + /* + * If the NSS_InitReadWrite function is requested then call +@@ -111,7 +121,7 @@ + * read/write. + */ + } else if (strcmp("NSS_InitReadWrite", functionName) == 0) { +- res = initialize(configDir, "", "", "secmod.db", flags); ++ res = initialize(configDir, "", "", configFile, flags); + + /* + * If the NSS_NoDB_Init function is requested then call +@@ -137,6 +147,13 @@ + (*env)->ReleaseStringUTFChars(env, jConfigDir, configDir); + } + dprintf1("-res: %d\n", res); ++ #ifdef SECMOD_DEBUG ++ if (res == -1) { ++ if (getError != NULL) { ++ dprintf1("-NSS error: %d\n", getError()); ++ } ++ } ++ #endif // SECMOD_DEBUG + + return (res == 0) ? JNI_TRUE : JNI_FALSE; + } +diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h +--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h ++++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h +@@ -34,6 +34,10 @@ + const char *certPrefix, const char *keyPrefix, + const char *secmodName, unsigned int flags); + ++#ifdef SECMOD_DEBUG ++typedef int (*FPTR_GetError)(void); ++#endif //SECMOD_DEBUG ++ + // in secmod.h + //extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent, + // PRBool recurse); +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt +@@ -0,0 +1,4 @@ ++library= ++name=NSS Internal PKCS #11 Module ++parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' ++NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) +diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java +--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java ++++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java +@@ -55,7 +55,7 @@ + + DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb"; + if (useSqlite) { +- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR); ++ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR); + } else { + System.setProperty("pkcs11test.nss.db", DBDIR); + } +@@ -67,6 +67,7 @@ + if (useSqlite) { + copyFile("key4.db", BASE, DBDIR); + copyFile("cert9.db", BASE, DBDIR); ++ copyFile("pkcs11.txt", BASE, DBDIR); + } else { + copyFile("secmod.db", BASE, DBDIR); + copyFile("key3.db", BASE, DBDIR); diff --git a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch index ae48068..533ea2d 100644 --- a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch +++ b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch @@ -10,7 +10,7 @@ Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4 --- openjdk.orig///common/autoconf/flags.m4 +++ openjdk///common/autoconf/flags.m4 -@@ -402,6 +402,21 @@ +@@ -389,6 +389,21 @@ AC_SUBST($2CXXSTD_CXXFLAG) fi @@ -44,11 +44,11 @@ diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/a + $(REALIGN_CFLAG) EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@ EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@ - EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@ + diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in --- openjdk.orig///common/autoconf/spec.gmk.in +++ openjdk///common/autoconf/spec.gmk.in -@@ -366,6 +366,7 @@ +@@ -334,6 +334,7 @@ NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@ NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@ diff --git a/SOURCES/policytool.desktop.in b/SOURCES/policytool.desktop.in index e38c0ec..5f4cb4a 100644 --- a/SOURCES/policytool.desktop.in +++ b/SOURCES/policytool.desktop.in @@ -1,8 +1,8 @@ [Desktop Entry] -Name=OpenJDK @JAVA_MAJOR_VERSION@ Policy Tool @ARCH@ -Comment=Manage OpenJDK @JAVA_MAJOR_VERSION@ policy files @ARCH@ -Exec=@JRE_HOME@/policytool -Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@ +Name=OpenJDK @JAVA_VER@ for @target_cpu@ Policy Tool (@OPENJDK_VER@) +Comment=Manage OpenJDK policy files +Exec=_JREBINDIR_/policytool +Icon=java-@JAVA_VER@-@JAVA_VENDOR@ Terminal=false Type=Application StartupWMClass=sun-security-tools-PolicyTool diff --git a/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch b/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch index 06973aa..4859ca6 100644 --- a/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch +++ b/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch @@ -7,10 +7,18 @@ PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings Summary: Add -systemlineendings option to keytool to allow system line endings to be used again. -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/classes/sun/security/pkcs10/PKCS10.java +--- openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java -@@ -35,6 +35,7 @@ +@@ -30,6 +30,7 @@ + import java.io.IOException; + import java.math.BigInteger; + ++import java.security.AccessController; + import java.security.cert.CertificateException; + import java.security.NoSuchAlgorithmException; + import java.security.InvalidKeyException; +@@ -39,6 +40,7 @@ import java.util.Base64; @@ -18,7 +26,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java op import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.X509Key; -@@ -74,6 +75,14 @@ +@@ -76,6 +78,14 @@ * @author Hemma Prafullchandra */ public class PKCS10 { @@ -33,7 +41,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java op /** * Constructs an unsigned PKCS #10 certificate request. Before this * request may be used, it must be encoded and signed. Then it -@@ -303,13 +312,39 @@ +@@ -293,13 +303,39 @@ */ public void print(PrintStream out) throws IOException, SignatureException { @@ -75,10 +83,10 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java op out.println("-----END NEW CERTIFICATE REQUEST-----"); } -diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java ---- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java +diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java -@@ -126,6 +126,7 @@ +@@ -124,6 +124,7 @@ private String infilename = null; private String outfilename = null; private String srcksfname = null; @@ -86,7 +94,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja // User-specified providers are added before any command is called. // However, they are not removed before the end of the main() method. -@@ -188,7 +189,7 @@ +@@ -186,7 +187,7 @@ CERTREQ("Generates.a.certificate.request", ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, @@ -95,7 +103,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja CHANGEALIAS("Changes.an.entry.s.alias", ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, -@@ -321,6 +322,7 @@ +@@ -319,6 +320,7 @@ STARTDATE("startdate", "", "certificate.validity.start.date.time"), STOREPASS("storepass", "", "keystore.password"), STORETYPE("storetype", "", "keystore.type"), @@ -103,7 +111,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), V("v", null, "verbose.output"), VALIDITY("validity", "", "validity.number.of.days"); -@@ -561,6 +563,8 @@ +@@ -559,6 +561,8 @@ protectedPath = true; } else if (collator.compare(flags, "-srcprotected") == 0) { srcprotectedPath = true; @@ -112,7 +120,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja } else { System.err.println(rb.getString("Illegal.option.") + flags); tinyHelp(); -@@ -1464,7 +1468,7 @@ +@@ -1463,7 +1467,7 @@ // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); @@ -121,13 +129,13 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja checkWeak(rb.getString("the.generated.certificate.request"), request); } -@@ -4544,4 +4548,3 @@ +@@ -4540,4 +4544,3 @@ return new Pair<>(a,b); } } - -diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java ---- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +diff --git a/src/share/classes/sun/security/tools/keytool/Resources.java b/src/share/classes/sun/security/tools/keytool/Resources.java +--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java @@ -168,6 +168,8 @@ "keystore password"}, //-storepass diff --git a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch index 00e3a2e..b52c087 100644 --- a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch +++ b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch @@ -35,7 +35,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java open +++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java @@ -41,6 +41,9 @@ - public final class ECUtil { + public class ECUtil { + /* Are we debugging ? */ + private static final Debug debug = Debug.getInstance("ecc"); diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index cf8a07a..951a792 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -139,47 +139,61 @@ # In some cases, the arch used by the JDK does # not match _arch. # Also, in some cases, the machine name used by SystemTap -# does not match that given by _build_cpu +# does not match that given by _target_cpu %ifarch x86_64 %global archinstall amd64 +%global stapinstall x86_64 %endif %ifarch ppc %global archinstall ppc +%global stapinstall powerpc %endif %ifarch %{ppc64be} %global archinstall ppc64 +%global stapinstall powerpc %endif %ifarch %{ppc64le} %global archinstall ppc64le +%global stapinstall powerpc %endif %ifarch %{ix86} %global archinstall i386 +%global stapinstall i386 %endif %ifarch ia64 %global archinstall ia64 +%global stapinstall ia64 %endif %ifarch s390 %global archinstall s390 +%global stapinstall s390 %endif %ifarch s390x %global archinstall s390x +%global stapinstall s390 %endif %ifarch %{arm} %global archinstall arm +%global stapinstall arm %endif %ifarch %{aarch64} %global archinstall aarch64 +%global stapinstall arm64 %endif # 32 bit sparc, optimized for v9 %ifarch sparcv9 %global archinstall sparc +%global stapinstall %{_target_cpu} %endif # 64 bit sparc %ifarch sparc64 %global archinstall sparcv9 +%global stapinstall %{_target_cpu} %endif -%ifnarch %{jit_arches} -%global archinstall %{_arch} +# Need to support noarch for srpm build +%ifarch noarch +%global archinstall %{nil} +%global stapinstall %{nil} %endif %ifarch %{jit_arches} @@ -198,11 +212,13 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u252-b09 +%global shenandoah_revision aarch64-shenandoah-jdk8u242-b08 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} %global revision %{shenandoah_revision} +# Define IcedTea version used for SystemTap tapsets and desktop files +%global icedteaver 3.15.0 # e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 %global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) @@ -212,7 +228,7 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 2 +%global rpmrelease 4 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -266,10 +282,10 @@ # and 32 bit architectures we place the tapsets under the arch # specific dir (note that systemtap will only pickup the tapset # for the primary arch for now). Systemtap uses the machine name -# aka build_cpu as architecture specific directory name. +# aka target_cpu as architecture specific directory name. %global tapsetroot /usr/share/systemtap %global tapsetdirttapset %{tapsetroot}/tapset/ -%global tapsetdir %{tapsetdirttapset}/%{_build_cpu} +%global tapsetdir %{tapsetdirttapset}/%{stapinstall} %endif # not-duplicated scriptlets for normal/debug packages @@ -562,7 +578,6 @@ exit 0 %license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION %license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE %license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/THIRD_PARTY_README -%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS %dir %{_jvmdir}/%{sdkdir -- %{?1}} %{_jvmdir}/%{jrelnk -- %{?1}} %dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security @@ -1026,17 +1041,15 @@ URL: http://openjdk.java.net/ # FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} # REPO_ROOT= generate_source_tarball.sh # where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} -Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}.tar.xz +Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz # Custom README for -src subpackage Source2: README.md -# Release notes -Source7: NEWS - -# run update_systemtap.sh to regenerate or update systemtap sources -# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives -Source8: systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz +# Use 'icedtea_sync.sh' to update the following +# They are based on code contained in the IcedTea project (3.x). +# Systemtap tapsets. Zipped up to keep it small. +Source8: tapsets-icedtea-%{icedteaver}.tar.xz # Desktop files. Adapted from IcedTea Source9: jconsole.desktop.in @@ -1163,6 +1176,11 @@ Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch Patch202: jdk8035341-allow_using_system_installed_libpng.patch # 8042159: Allow using a system-installed lcms2 Patch203: jdk8042159-allow_using_system_installed_lcms2.patch +# JDK-8165996, PR3506, RH1760437: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite +# RPM version excludes binary diffs and a patch to PKCS11Test.java which creates a lengthy bug trail +Patch579: jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch +# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 +Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch ############################################# # @@ -1424,6 +1442,14 @@ See normal java-%{version}-openjdk-accessibility description. %endif %prep + +# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-( +%if 0%{?stapinstall:1} + echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}" +%else + %{error:Unrecognised architecture %{_target_cpu}} +%endif + if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then echo "include_normal_build is %{include_normal_build}" else @@ -1506,6 +1532,8 @@ sh %{SOURCE12} %patch574 %patch575 %patch577 +%patch579 +%patch580 # RPM-only fixes %patch539 @@ -1529,7 +1557,7 @@ cp -r tapset tapset%{debug_suffix} for suffix in %{build_loop} ; do for file in "tapset"$suffix/*.in; do - OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:%{version}-%{release}.%{_arch}.stp:g"` + OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1 # TODO find out which architectures other than i686 have a client vm %ifarch %{ix86} @@ -1546,16 +1574,19 @@ done %endif # Prepare desktop files +# The _X_ syntax indicates variables that are replaced by make upstream +# The @X@ syntax indicates variables that are replaced by configure upstream for suffix in %{build_loop} ; do for file in %{SOURCE9} %{SOURCE10} ; do FILE=`basename $file | sed -e s:\.in$::g` EXT="${FILE##*.}" NAME="${FILE%.*}" OUTPUT_FILE=$NAME$suffix.$EXT - sed -e "s:@JAVA_HOME@:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE - sed -i -e "s:@JRE_HOME@:%{jrebindir -- $suffix}:g" $OUTPUT_FILE - sed -i -e "s:@ARCH@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE - sed -i -e "s:@JAVA_MAJOR_VERSION@:%{javaver}:g" $OUTPUT_FILE + sed -e "s:_SDKBINDIR_:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE + sed -i -e "s:_JREBINDIR_:%{jrebindir -- $suffix}:g" $OUTPUT_FILE + sed -i -e "s:@target_cpu@:%{_arch}:g" $OUTPUT_FILE + sed -i -e "s:@OPENJDK_VER@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE + sed -i -e "s:@JAVA_VER@:%{javaver}:g" $OUTPUT_FILE sed -i -e "s:@JAVA_VENDOR@:%{origin}:g" $OUTPUT_FILE done done @@ -1593,8 +1624,7 @@ EXTRA_CPP_FLAGS="%ourcppflags" # fix rpmlint warnings EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif -EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" -export EXTRA_CFLAGS EXTRA_ASFLAGS +export EXTRA_CFLAGS (cd %{top_level_dir_name}/common/autoconf bash ./autogen.sh @@ -1633,7 +1663,6 @@ bash ../../configure \ --with-stdc++lib=dynamic \ --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ --with-extra-cflags="$EXTRA_CFLAGS" \ - --with-extra-asflags="$EXTRA_ASFLAGS" \ --with-extra-ldflags="%{ourldflags}" \ --with-num-cores="$NUM_PROC" @@ -1857,11 +1886,6 @@ if ! echo $suffix | grep -q "debug" ; then cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip fi -# Install release notes -commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} -install -d -m 755 ${commondocdir} -cp -a %{SOURCE7} ${commondocdir} - # Install icons and menu entries for s in 16 24 32 48 ; do install -D -p -m 644 \ @@ -2104,64 +2128,36 @@ require "copy_jdk_configs.lua" %endif %changelog -* Tue Apr 14 2020 Andrew Hughes - 1:1.8.0.252.b09-2 -- Add release notes. -- Resolves: rhbz#1810557 - -* Sun Apr 12 2020 Andrew Hughes - 1:1.8.0.252.b09-1 -- Make use of --with-extra-asflags introduced in jdk8u252-b01. -- Resolves: rhbz#1810557 - -* Mon Apr 06 2020 Andrew Hughes - 1:1.8.0.252.b09-0 -- Update to aarch64-shenandoah-jdk8u252-b09. -- Switch to GA mode for final release. -- Resolves: rhbz#1810557 +* Fri Mar 27 2020 Andrew John Hughes - 1:1.8.0.242.b08-4 +- Need to support noarch for creating source RPMs for non-scratch builds. +- Resolves: rhbz#1737112 -* Fri Mar 27 2020 Andrew Hughes - 1:1.8.0.252.b08-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b08. -- Resolves: rhbz#1810557 +* Tue Mar 24 2020 Andrew John Hughes - 1:1.8.0.242.b08-4 +- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64) +- Resolves: rhbz#1737112 -* Tue Mar 24 2020 Andrew Hughes - 1:1.8.0.252.b07-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b07. -- Resolves: rhbz#1810557 +* Mon Feb 24 2020 Andrew John Hughes - 1:1.8.0.242.b08-3 +- Add JDK-8165996/PR3506 & JDK-8195607/PR3776 to support NSS SQLite databases. +- Resolves: rhbz#1760437 -* Mon Mar 16 2020 Andrew Hughes - 1:1.8.0.252.b06-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b06. -- Resolves: rhbz#1810557 +* Sun Feb 23 2020 Andrew John Hughes - 1:1.8.0.242.b08-2 +- Sync SystemTap & desktop files with upstream IcedTea release 3.15.0, removing previous workarounds +- Resolves: rhbz#1737112 -* Fri Feb 28 2020 Andrew Hughes - 1:1.8.0.252.b05-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b05. -- Resolves: rhbz#1810557 +* Sun Feb 23 2020 Andrew John Hughes - 1:1.8.0.242.b08-2 +- Sync SystemTap & desktop files with upstream IcedTea release 3.11.0 using new script +- Resolves: rhbz#1737112 -* Mon Feb 24 2020 Andrew Hughes - 1:1.8.0.252.b04-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b04. -- Resolves: rhbz#1810557 - -* Wed Feb 19 2020 Andrew Hughes - 1:1.8.0.252.b03-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b03. -- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 -- Resolves: rhbz#1810557 - -* Tue Feb 04 2020 Andrew Hughes - 1:1.8.0.252.b02-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b02. -- Resolves: rhbz#1810557 - -* Mon Jan 27 2020 Andrew Hughes - 1:1.8.0.252.b01-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b01. -- Switch to EA mode. -- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change -- Resolves: rhbz#1810557 - -* Wed Jan 15 2020 Andrew Hughes - 1:1.8.0.242.b08-0 +* Wed Jan 15 2020 Andrew Hughes - 1:1.8.0.242.b08-1 - Update to aarch64-shenandoah-jdk8u242-b08. - Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. - Resolves: rhbz#1785753 -* Wed Jan 15 2020 Andrew John Hughes - 1:1.8.0.242.b07-1 +* Wed Jan 15 2020 Andrew John Hughes - 1:1.8.0.242.b07-2 - Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. - Resolves: rhbz#1785753 -* Mon Jan 13 2020 Andrew Hughes - 1:1.8.0.242.b07-0 +* Mon Jan 13 2020 Andrew Hughes - 1:1.8.0.242.b07-1 - Update to aarch64-shenandoah-jdk8u242-b07. - Switch to GA mode for final release. - Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. @@ -2174,20 +2170,29 @@ require "copy_jdk_configs.lua" - Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run - Resolves: rhbz#1785753 -* Thu Jan 02 2020 Andrew Hughes - 1:1.8.0.242.b01-0.0.ea +* Sat Jan 04 2020 Andrew Hughes - 1:1.8.0.242.b01-0.1.ea - Update to aarch64-shenandoah-jdk8u242-b01. - Switch to EA mode. - Resolves: rhbz#1785753 -* Thu Jan 02 2020 Andrew Hughes - 1:1.8.0.232.b09-4 +* Sat Jan 04 2020 Andrew Hughes - 1:1.8.0.232.b09-6 +- Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve. +- Regenerate source tarball using the updated script and add the -'4curve' suffix. +- Resolves: rhbz#1746879 + +* Thu Jan 02 2020 Andrew Hughes - 1:1.8.0.232.b09-5 - Revert SSBD removal for now, until appropriate messaging has been decided. -- Resolves: rhbz#1785753 +- Resolves: rhbz#1750419 -* Tue Dec 24 2019 Andrew John Hughes - 1:1.8.0.232.b09-3 +* Tue Dec 24 2019 Andrew John Hughes - 1:1.8.0.232.b09-4 - Remove CVE-2018-3639 mitigation due to performance regression and OpenJDK position on speculative execution vulnerabilities. https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html -- Resolves: rhbz#1785753 +- Resolves: rhbz#1750419 + +* Thu Nov 14 2019 Andrew John Hughes - 1:1.8.0.232.b09-3 +- Bump release number for RHEL 8.2.0. +- Resolves: rhbz#1753423 * Fri Oct 25 2019 Andrew John Hughes - 1:1.8.0.232.b09-2 - Disable FIPS mode support unless com.redhat.fips is set to "true".