diff --git a/.gitignore b/.gitignore
index 8253140..fc7b991 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u252-b09.tar.xz
-SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
+SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u242-b08-4curve.tar.xz
+SOURCES/tapsets-icedtea-3.15.0.tar.xz
diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata
index e7b45ff..44b8e22 100644
--- a/.java-1.8.0-openjdk.metadata
+++ b/.java-1.8.0-openjdk.metadata
@@ -1,2 +1,2 @@
-76398522a859f5d17da94b0cd9f7ef8ccf22b31b SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u252-b09.tar.xz
-cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
+c274c0cdb494aa6954f3e525121ab46c2293b7e6 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u242-b08-4curve.tar.xz
+c1e848fdb04f351350fe2aeda17fc22a3ed41d3e SOURCES/tapsets-icedtea-3.15.0.tar.xz
diff --git a/SOURCES/NEWS b/SOURCES/NEWS
deleted file mode 100644
index 59f5724..0000000
--- a/SOURCES/NEWS
+++ /dev/null
@@ -1,113 +0,0 @@
-Key:
-
-JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
-CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-
-New in release OpenJDK 8u252 (2020-04-14):
-===========================================
-Live versions of these release notes can be found at:
- * https://bitly.com/oj8u252
- * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
-
-* Security fixes
- - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- - JDK-8225603: Enhancement for big integers
- - JDK-8227542: Manifest improved jar headers
- - JDK-8231415, CVE-2020-2773: Better signatures in XML
- - JDK-8233250: Better X11 rendering
- - JDK-8233410: Better Build Scripting
- - JDK-8234027: Better JCEKS key support
- - JDK-8234408, CVE-2020-2781: Improve TLS session handling
- - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- - JDK-8235274, CVE-2020-2805: Enhance typing of methods
- - JDK-8236201, CVE-2020-2830: Better Scanner conversions
- - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
-* Other changes
- - JDK-8005819: Support cross-realm MSSFU
- - JDK-8022263: use same Clang warnings on BSD as on Linux
- - JDK-8038631: Create wrapper for awt.Robot with additional functionality
- - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
- - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
- - JDK-8068184: Fix for JDK-8032832 caused a deadlock
- - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
- - JDK-8132130: some docs cleanup
- - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
- - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
- - JDK-8144446: Automate the Marlin crash test
- - JDK-8144526: Remove Marlin logging use of deleted internal API
- - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
- - JDK-8144654: Improve Marlin logging
- - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
- - JDK-8166976: TestCipherPBECons has wrong @run line
- - JDK-8167409: Invalid value passed to critical JNI function
- - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
- - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
- - JDK-8191227: issues with unsafe handle resolution
- - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
- - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
- - JDK-8215756: Memory leaks in the AWT on macOS
- - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
- - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
- - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
- - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
- - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
- - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
- - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
- - JDK-8229872: (fs) Increase buffer size used with getmntent
- - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
- - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
- - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
- - JDK-8235904: Infinite loop when rendering huge lines
- - JDK-8236179: C1 register allocation error with T_ADDRESS
- - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
- - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
- - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
- - JDK-8241307: Marlin renderer should not be the default in 8u252
-
-Notes on individual issues:
-===========================
-
-hotspot/svc:
-
-JDK-8174881: Binary format for HPROF updated
-============================================
-
-When dumping the heap in binary format, HPROF format 1.0.2 is always
-used now. Previously, format 1.0.1 was used for heaps smaller than
-2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
-serviceability agent.
-
-security-libs/java.security:
-
-JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
-====================================================================================
-
-The SunRsaSign and SunJCE providers have been enhanced with support
-for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
-signature and OAEP using FIPS 180-4 digest algorithms. New
-constructors and methods have been added to relevant JCA/JCE classes
-under the `java.security.spec` and `javax.crypto.spec` packages for
-supporting additional RSASSA-PSS parameters.
-
-security-libs/javax.crypto:
-
-JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
-============================================================
-
-The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
-
-security-libs/javax.security:
-
-JDK-8227564: Allow SASL Mechanisms to Be Restricted
-===================================================
-
-A security property named `jdk.sasl.disabledMechanisms` has been added
-that can be used to disable SASL mechanisms. Any disabled mechanism
-will be ignored if it is specified in the `mechanisms` argument of
-`Sasl.createSaslClient` or the `mechanism` argument of
-`Sasl.createSaslServer`. The default value for this security property
-is empty, which means that no mechanisms are disabled out-of-the-box.
diff --git a/SOURCES/jconsole.desktop.in b/SOURCES/jconsole.desktop.in
index a8917c1..8a3b04d 100644
--- a/SOURCES/jconsole.desktop.in
+++ b/SOURCES/jconsole.desktop.in
@@ -1,8 +1,8 @@
[Desktop Entry]
-Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@
-Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@
-Exec=@JAVA_HOME@/jconsole
-Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
+Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
+Comment=Monitor and manage OpenJDK applications
+Exec=_SDKBINDIR_/jconsole
+Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-tools-jconsole-JConsole
diff --git a/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch b/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch
new file mode 100644
index 0000000..d7afbc6
--- /dev/null
+++ b/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch
@@ -0,0 +1,257 @@
+# HG changeset patch
+# User weijun
+# Date 1513099798 -28800
+# Wed Dec 13 01:29:58 2017 +0800
+# Node ID aa8f2e25f003feddf362892b2820fa2839c854b6
+# Parent 9ebb70cb99a472b5fee9ac08240b7979468c2fa5
+8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
+Reviewed-by: weijun
+Contributed-by: Martin Balao <mbalao@redhat.com>
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+@@ -196,13 +196,23 @@
+ }
+
+ if (configDir != null) {
+- File configBase = new File(configDir);
+- if (configBase.isDirectory() == false ) {
+- throw new IOException("configDir must be a directory: " + configDir);
++ String configDirPath = null;
++ String sqlPrefix = "sql:/";
++ if (!configDir.startsWith(sqlPrefix)) {
++ configDirPath = configDir;
++ } else {
++ StringBuilder configDirPathSB = new StringBuilder(configDir);
++ configDirPath = configDirPathSB.substring(sqlPrefix.length());
+ }
+- File secmodFile = new File(configBase, "secmod.db");
+- if (secmodFile.isFile() == false) {
+- throw new FileNotFoundException(secmodFile.getPath());
++ File configBase = new File(configDirPath);
++ if (configBase.isDirectory() == false ) {
++ throw new IOException("configDir must be a directory: " + configDirPath);
++ }
++ if (!configDir.startsWith(sqlPrefix)) {
++ File secmodFile = new File(configBase, "secmod.db");
++ if (secmodFile.isFile() == false) {
++ throw new FileNotFoundException(secmodFile.getPath());
++ }
+ }
+ }
+
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE
+@@ -0,0 +1,8 @@
++// How to create key4.db and cert9.db
++cd <path-for-db>
++echo "" > 1
++echo "test12" > 2
++modutil -create -force -dbdir sql:/$(pwd)
++modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/$(pwd)
++modutil -changepw "NSS Certificate DB" -force -dbdir sql:/$(pwd) -pwfile $(pwd)/1 -newpwfile $(pwd)/2
++
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java
+@@ -0,0 +1,134 @@
++/*
++ * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates.
++ *
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++/*
++ * @test
++ * @bug 8165996
++ * @summary Test NSS DB Sqlite
++ * @library ../
++ * @modules java.base/sun.security.rsa
++ * java.base/sun.security.provider
++ * java.base/sun.security.jca
++ * java.base/sun.security.tools.keytool
++ * java.base/sun.security.x509
++ * java.base/com.sun.crypto.provider
++ * jdk.crypto.cryptoki/sun.security.pkcs11:+open
++ * @run main/othervm/timeout=120 TestNssDbSqlite
++ * @author Martin Balao (mbalao@redhat.com)
++ */
++
++import java.security.PrivateKey;
++import java.security.cert.Certificate;
++import java.security.KeyStore;
++import java.security.Provider;
++import java.security.Signature;
++
++import sun.security.rsa.SunRsaSign;
++import sun.security.jca.ProviderList;
++import sun.security.jca.Providers;
++import sun.security.tools.keytool.CertAndKeyGen;
++import sun.security.x509.X500Name;
++
++public final class TestNssDbSqlite extends SecmodTest {
++
++ private static final boolean enableDebug = true;
++
++ private static Provider sunPKCS11NSSProvider;
++ private static Provider sunRsaSignProvider;
++ private static Provider sunJCEProvider;
++ private static KeyStore ks;
++ private static char[] passphrase = "test12".toCharArray();
++ private static PrivateKey privateKey;
++ private static Certificate certificate;
++
++ public static void main(String[] args) throws Exception {
++
++ initialize();
++
++ if (enableDebug) {
++ System.out.println("SunPKCS11 provider: " +
++ sunPKCS11NSSProvider);
++ }
++
++ testRetrieveKeysFromKeystore();
++
++ System.out.println("Test PASS - OK");
++ }
++
++ private static void testRetrieveKeysFromKeystore() throws Exception {
++
++ String plainText = "known plain text";
++
++ ks.setKeyEntry("root_ca_1", privateKey, passphrase,
++ new Certificate[]{certificate});
++ PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase);
++
++ Signature sS = Signature.getInstance(
++ "SHA256withRSA", sunPKCS11NSSProvider);
++ sS.initSign(k1);
++ sS.update(plainText.getBytes());
++ byte[] generatedSignature = sS.sign();
++
++ if (enableDebug) {
++ System.out.println("Generated signature: ");
++ for (byte b : generatedSignature) {
++ System.out.printf("0x%02x, ", (int)(b) & 0xFF);
++ }
++ System.out.println("");
++ }
++
++ Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider);
++ sV.initVerify(certificate);
++ sV.update(plainText.getBytes());
++ if(!sV.verify(generatedSignature)){
++ throw new Exception("Couldn't verify signature");
++ }
++ }
++
++ private static void initialize() throws Exception {
++ initializeProvider();
++ }
++
++ private static void initializeProvider () throws Exception {
++ useSqlite(true);
++ if (!initSecmod()) {
++ return;
++ }
++
++ sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg");
++ sunJCEProvider = new com.sun.crypto.provider.SunJCE();
++ sunRsaSignProvider = new SunRsaSign();
++ Providers.setProviderList(ProviderList.newList(
++ sunJCEProvider, sunPKCS11NSSProvider,
++ new sun.security.provider.Sun(), sunRsaSignProvider));
++
++ ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider);
++ ks.load(null, passphrase);
++
++ CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA");
++ gen.generate(2048);
++ privateKey = gen.getPrivateKey();
++ certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365);
++ }
++}
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg
+@@ -0,0 +1,13 @@
++# config file for secmod KeyStore access using sqlite backend
++
++name = NSS-Sqlite
++
++nssLibraryDirectory = ${pkcs11test.nss.libdir}
++
++nssDbMode = readWrite
++
++nssModule = keystore
++
++nssSecmodDirectory = ${pkcs11test.nss.db}
++
++attributes = compatibility
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
+--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
++++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
+@@ -34,6 +34,11 @@
+ static String DBDIR;
+ static char[] password = "test12".toCharArray();
+ static String keyAlias = "mykey";
++ static boolean useSqlite = false;
++
++ static void useSqlite(boolean b) {
++ useSqlite = b;
++ }
+
+ static boolean initSecmod() throws Exception {
+ useNSS();
+@@ -49,14 +54,24 @@
+ safeReload(LIBPATH + System.mapLibraryName("nssckbi"));
+
+ DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
+- System.setProperty("pkcs11test.nss.db", DBDIR);
++ if (useSqlite) {
++ System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
++ } else {
++ System.setProperty("pkcs11test.nss.db", DBDIR);
++ }
+ File dbdirFile = new File(DBDIR);
+ if (dbdirFile.exists() == false) {
+ dbdirFile.mkdir();
+ }
+- copyFile("secmod.db", BASE, DBDIR);
+- copyFile("key3.db", BASE, DBDIR);
+- copyFile("cert8.db", BASE, DBDIR);
++
++ if (useSqlite) {
++ copyFile("key4.db", BASE, DBDIR);
++ copyFile("cert9.db", BASE, DBDIR);
++ } else {
++ copyFile("secmod.db", BASE, DBDIR);
++ copyFile("key3.db", BASE, DBDIR);
++ copyFile("cert8.db", BASE, DBDIR);
++ }
+ return true;
+ }
+
diff --git a/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch b/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
new file mode 100644
index 0000000..ddab642
--- /dev/null
+++ b/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
@@ -0,0 +1,125 @@
+# HG changeset patch
+# User mbalao
+# Date 1529971845 -28800
+# Tue Jun 26 08:10:45 2018 +0800
+# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc
+# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff
+8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
+Reviewed-by: valeriep, weijun
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+@@ -197,7 +197,7 @@
+
+ if (configDir != null) {
+ String configDirPath = null;
+- String sqlPrefix = "sql:/";
++ String sqlPrefix = "sql:";
+ if (!configDir.startsWith(sqlPrefix)) {
+ configDirPath = configDir;
+ } else {
+diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
+--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
++++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
+@@ -69,9 +69,14 @@
+ int res = 0;
+ FPTR_Initialize initialize =
+ (FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize");
++ #ifdef SECMOD_DEBUG
++ FPTR_GetError getError =
++ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError");
++ #endif // SECMOD_DEBUG
+ unsigned int flags = 0x00;
+ const char *configDir = NULL;
+ const char *functionName = NULL;
++ const char *configFile = NULL;
+
+ /* If we cannot initialize, exit now */
+ if (initialize == NULL) {
+@@ -97,13 +102,18 @@
+ flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag
+ }
+
++ configFile = "secmod.db";
++ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) {
++ configFile = "pkcs11.txt";
++ }
++
+ /*
+ * If the NSS_Init function is requested then call NSS_Initialize to
+ * open the Cert, Key and Security Module databases, read only.
+ */
+ if (strcmp("NSS_Init", functionName) == 0) {
+ flags = flags | 0x01; // NSS_INIT_READONLY flag
+- res = initialize(configDir, "", "", "secmod.db", flags);
++ res = initialize(configDir, "", "", configFile, flags);
+
+ /*
+ * If the NSS_InitReadWrite function is requested then call
+@@ -111,7 +121,7 @@
+ * read/write.
+ */
+ } else if (strcmp("NSS_InitReadWrite", functionName) == 0) {
+- res = initialize(configDir, "", "", "secmod.db", flags);
++ res = initialize(configDir, "", "", configFile, flags);
+
+ /*
+ * If the NSS_NoDB_Init function is requested then call
+@@ -137,6 +147,13 @@
+ (*env)->ReleaseStringUTFChars(env, jConfigDir, configDir);
+ }
+ dprintf1("-res: %d\n", res);
++ #ifdef SECMOD_DEBUG
++ if (res == -1) {
++ if (getError != NULL) {
++ dprintf1("-NSS error: %d\n", getError());
++ }
++ }
++ #endif // SECMOD_DEBUG
+
+ return (res == 0) ? JNI_TRUE : JNI_FALSE;
+ }
+diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
+--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
++++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
+@@ -34,6 +34,10 @@
+ const char *certPrefix, const char *keyPrefix,
+ const char *secmodName, unsigned int flags);
+
++#ifdef SECMOD_DEBUG
++typedef int (*FPTR_GetError)(void);
++#endif //SECMOD_DEBUG
++
+ // in secmod.h
+ //extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
+ // PRBool recurse);
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
+@@ -0,0 +1,4 @@
++library=
++name=NSS Internal PKCS #11 Module
++parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
++NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
+--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
++++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
+@@ -55,7 +55,7 @@
+
+ DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
+ if (useSqlite) {
+- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
++ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR);
+ } else {
+ System.setProperty("pkcs11test.nss.db", DBDIR);
+ }
+@@ -67,6 +67,7 @@
+ if (useSqlite) {
+ copyFile("key4.db", BASE, DBDIR);
+ copyFile("cert9.db", BASE, DBDIR);
++ copyFile("pkcs11.txt", BASE, DBDIR);
+ } else {
+ copyFile("secmod.db", BASE, DBDIR);
+ copyFile("key3.db", BASE, DBDIR);
diff --git a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
index ae48068..533ea2d 100644
--- a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
+++ b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
@@ -10,7 +10,7 @@ Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
--- openjdk.orig///common/autoconf/flags.m4
+++ openjdk///common/autoconf/flags.m4
-@@ -402,6 +402,21 @@
+@@ -389,6 +389,21 @@
AC_SUBST($2CXXSTD_CXXFLAG)
fi
@@ -44,11 +44,11 @@ diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/a
+ $(REALIGN_CFLAG)
EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@
EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@
- EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@
+
diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in
--- openjdk.orig///common/autoconf/spec.gmk.in
+++ openjdk///common/autoconf/spec.gmk.in
-@@ -366,6 +366,7 @@
+@@ -334,6 +334,7 @@
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@
diff --git a/SOURCES/policytool.desktop.in b/SOURCES/policytool.desktop.in
index e38c0ec..5f4cb4a 100644
--- a/SOURCES/policytool.desktop.in
+++ b/SOURCES/policytool.desktop.in
@@ -1,8 +1,8 @@
[Desktop Entry]
-Name=OpenJDK @JAVA_MAJOR_VERSION@ Policy Tool @ARCH@
-Comment=Manage OpenJDK @JAVA_MAJOR_VERSION@ policy files @ARCH@
-Exec=@JRE_HOME@/policytool
-Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
+Name=OpenJDK @JAVA_VER@ for @target_cpu@ Policy Tool (@OPENJDK_VER@)
+Comment=Manage OpenJDK policy files
+Exec=_JREBINDIR_/policytool
+Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-security-tools-PolicyTool
diff --git a/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch b/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
index 06973aa..4859ca6 100644
--- a/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
+++ b/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch
@@ -7,10 +7,18 @@
PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings
Summary: Add -systemlineendings option to keytool to allow system line endings to be used again.
-diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
+diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/classes/sun/security/pkcs10/PKCS10.java
+--- openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java
-@@ -35,6 +35,7 @@
+@@ -30,6 +30,7 @@
+ import java.io.IOException;
+ import java.math.BigInteger;
+
++import java.security.AccessController;
+ import java.security.cert.CertificateException;
+ import java.security.NoSuchAlgorithmException;
+ import java.security.InvalidKeyException;
+@@ -39,6 +40,7 @@
import java.util.Base64;
@@ -18,7 +26,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java op
import sun.security.util.*;
import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key;
-@@ -74,6 +75,14 @@
+@@ -76,6 +78,14 @@
* @author Hemma Prafullchandra
*/
public class PKCS10 {
@@ -33,7 +41,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java op
/**
* Constructs an unsigned PKCS #10 certificate request. Before this
* request may be used, it must be encoded and signed. Then it
-@@ -303,13 +312,39 @@
+@@ -293,13 +303,39 @@
*/
public void print(PrintStream out)
throws IOException, SignatureException {
@@ -75,10 +83,10 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java op
out.println("-----END NEW CERTIFICATE REQUEST-----");
}
-diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
---- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java
+--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
-@@ -126,6 +126,7 @@
+@@ -124,6 +124,7 @@
private String infilename = null;
private String outfilename = null;
private String srcksfname = null;
@@ -86,7 +94,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja
// User-specified providers are added before any command is called.
// However, they are not removed before the end of the main() method.
-@@ -188,7 +189,7 @@
+@@ -186,7 +187,7 @@
CERTREQ("Generates.a.certificate.request",
ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME,
STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS,
@@ -95,7 +103,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja
CHANGEALIAS("Changes.an.entry.s.alias",
ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS,
STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG,
-@@ -321,6 +322,7 @@
+@@ -319,6 +320,7 @@
STARTDATE("startdate", "<startdate>", "certificate.validity.start.date.time"),
STOREPASS("storepass", "<arg>", "keystore.password"),
STORETYPE("storetype", "<storetype>", "keystore.type"),
@@ -103,7 +111,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja
TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"),
V("v", null, "verbose.output"),
VALIDITY("validity", "<valDays>", "validity.number.of.days");
-@@ -561,6 +563,8 @@
+@@ -559,6 +561,8 @@
protectedPath = true;
} else if (collator.compare(flags, "-srcprotected") == 0) {
srcprotectedPath = true;
@@ -112,7 +120,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja
} else {
System.err.println(rb.getString("Illegal.option.") + flags);
tinyHelp();
-@@ -1464,7 +1468,7 @@
+@@ -1463,7 +1467,7 @@
// Sign the request and base-64 encode it
request.encodeAndSign(subject, signature);
@@ -121,13 +129,13 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.ja
checkWeak(rb.getString("the.generated.certificate.request"), request);
}
-@@ -4544,4 +4548,3 @@
+@@ -4540,4 +4544,3 @@
return new Pair<>(a,b);
}
}
-
-diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
---- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
+diff --git a/src/share/classes/sun/security/tools/keytool/Resources.java b/src/share/classes/sun/security/tools/keytool/Resources.java
+--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java
@@ -168,6 +168,8 @@
"keystore password"}, //-storepass
diff --git a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
index 00e3a2e..b52c087 100644
--- a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
+++ b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch
@@ -35,7 +35,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java open
+++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java
@@ -41,6 +41,9 @@
- public final class ECUtil {
+ public class ECUtil {
+ /* Are we debugging ? */
+ private static final Debug debug = Debug.getInstance("ecc");
diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec
index cf8a07a..951a792 100644
--- a/SPECS/java-1.8.0-openjdk.spec
+++ b/SPECS/java-1.8.0-openjdk.spec
@@ -139,47 +139,61 @@
# In some cases, the arch used by the JDK does
# not match _arch.
# Also, in some cases, the machine name used by SystemTap
-# does not match that given by _build_cpu
+# does not match that given by _target_cpu
%ifarch x86_64
%global archinstall amd64
+%global stapinstall x86_64
%endif
%ifarch ppc
%global archinstall ppc
+%global stapinstall powerpc
%endif
%ifarch %{ppc64be}
%global archinstall ppc64
+%global stapinstall powerpc
%endif
%ifarch %{ppc64le}
%global archinstall ppc64le
+%global stapinstall powerpc
%endif
%ifarch %{ix86}
%global archinstall i386
+%global stapinstall i386
%endif
%ifarch ia64
%global archinstall ia64
+%global stapinstall ia64
%endif
%ifarch s390
%global archinstall s390
+%global stapinstall s390
%endif
%ifarch s390x
%global archinstall s390x
+%global stapinstall s390
%endif
%ifarch %{arm}
%global archinstall arm
+%global stapinstall arm
%endif
%ifarch %{aarch64}
%global archinstall aarch64
+%global stapinstall arm64
%endif
# 32 bit sparc, optimized for v9
%ifarch sparcv9
%global archinstall sparc
+%global stapinstall %{_target_cpu}
%endif
# 64 bit sparc
%ifarch sparc64
%global archinstall sparcv9
+%global stapinstall %{_target_cpu}
%endif
-%ifnarch %{jit_arches}
-%global archinstall %{_arch}
+# Need to support noarch for srpm build
+%ifarch noarch
+%global archinstall %{nil}
+%global stapinstall %{nil}
%endif
%ifarch %{jit_arches}
@@ -198,11 +212,13 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u252-b09
+%global shenandoah_revision aarch64-shenandoah-jdk8u242-b08
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
%global revision %{shenandoah_revision}
+# Define IcedTea version used for SystemTap tapsets and desktop files
+%global icedteaver 3.15.0
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
@@ -212,7 +228,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 4
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -266,10 +282,10 @@
# and 32 bit architectures we place the tapsets under the arch
# specific dir (note that systemtap will only pickup the tapset
# for the primary arch for now). Systemtap uses the machine name
-# aka build_cpu as architecture specific directory name.
+# aka target_cpu as architecture specific directory name.
%global tapsetroot /usr/share/systemtap
%global tapsetdirttapset %{tapsetroot}/tapset/
-%global tapsetdir %{tapsetdirttapset}/%{_build_cpu}
+%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
%endif
# not-duplicated scriptlets for normal/debug packages
@@ -562,7 +578,6 @@ exit 0
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/THIRD_PARTY_README
-%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
%dir %{_jvmdir}/%{sdkdir -- %{?1}}
%{_jvmdir}/%{jrelnk -- %{?1}}
%dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security
@@ -1026,17 +1041,15 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
-Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}.tar.xz
+Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
# Custom README for -src subpackage
Source2: README.md
-# Release notes
-Source7: NEWS
-
-# run update_systemtap.sh to regenerate or update systemtap sources
-# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
-Source8: systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz
+# Use 'icedtea_sync.sh' to update the following
+# They are based on code contained in the IcedTea project (3.x).
+# Systemtap tapsets. Zipped up to keep it small.
+Source8: tapsets-icedtea-%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea
Source9: jconsole.desktop.in
@@ -1163,6 +1176,11 @@ Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
Patch202: jdk8035341-allow_using_system_installed_libpng.patch
# 8042159: Allow using a system-installed lcms2
Patch203: jdk8042159-allow_using_system_installed_lcms2.patch
+# JDK-8165996, PR3506, RH1760437: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
+# RPM version excludes binary diffs and a patch to PKCS11Test.java which creates a lengthy bug trail
+Patch579: jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch
+# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
+Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
#############################################
#
@@ -1424,6 +1442,14 @@ See normal java-%{version}-openjdk-accessibility description.
%endif
%prep
+
+# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
+%if 0%{?stapinstall:1}
+ echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
+%else
+ %{error:Unrecognised architecture %{_target_cpu}}
+%endif
+
if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then
echo "include_normal_build is %{include_normal_build}"
else
@@ -1506,6 +1532,8 @@ sh %{SOURCE12}
%patch574
%patch575
%patch577
+%patch579
+%patch580
# RPM-only fixes
%patch539
@@ -1529,7 +1557,7 @@ cp -r tapset tapset%{debug_suffix}
for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do
- OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:%{version}-%{release}.%{_arch}.stp:g"`
+ OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1
# TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86}
@@ -1546,16 +1574,19 @@ done
%endif
# Prepare desktop files
+# The _X_ syntax indicates variables that are replaced by make upstream
+# The @X@ syntax indicates variables that are replaced by configure upstream
for suffix in %{build_loop} ; do
for file in %{SOURCE9} %{SOURCE10} ; do
FILE=`basename $file | sed -e s:\.in$::g`
EXT="${FILE##*.}"
NAME="${FILE%.*}"
OUTPUT_FILE=$NAME$suffix.$EXT
- sed -e "s:@JAVA_HOME@:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE
- sed -i -e "s:@JRE_HOME@:%{jrebindir -- $suffix}:g" $OUTPUT_FILE
- sed -i -e "s:@ARCH@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE
- sed -i -e "s:@JAVA_MAJOR_VERSION@:%{javaver}:g" $OUTPUT_FILE
+ sed -e "s:_SDKBINDIR_:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE
+ sed -i -e "s:_JREBINDIR_:%{jrebindir -- $suffix}:g" $OUTPUT_FILE
+ sed -i -e "s:@target_cpu@:%{_arch}:g" $OUTPUT_FILE
+ sed -i -e "s:@OPENJDK_VER@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE
+ sed -i -e "s:@JAVA_VER@:%{javaver}:g" $OUTPUT_FILE
sed -i -e "s:@JAVA_VENDOR@:%{origin}:g" $OUTPUT_FILE
done
done
@@ -1593,8 +1624,7 @@ EXTRA_CPP_FLAGS="%ourcppflags"
# fix rpmlint warnings
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
%endif
-EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
-export EXTRA_CFLAGS EXTRA_ASFLAGS
+export EXTRA_CFLAGS
(cd %{top_level_dir_name}/common/autoconf
bash ./autogen.sh
@@ -1633,7 +1663,6 @@ bash ../../configure \
--with-stdc++lib=dynamic \
--with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
--with-extra-cflags="$EXTRA_CFLAGS" \
- --with-extra-asflags="$EXTRA_ASFLAGS" \
--with-extra-ldflags="%{ourldflags}" \
--with-num-cores="$NUM_PROC"
@@ -1857,11 +1886,6 @@ if ! echo $suffix | grep -q "debug" ; then
cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
fi
-# Install release notes
-commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
-install -d -m 755 ${commondocdir}
-cp -a %{SOURCE7} ${commondocdir}
-
# Install icons and menu entries
for s in 16 24 32 48 ; do
install -D -p -m 644 \
@@ -2104,64 +2128,36 @@ require "copy_jdk_configs.lua"
%endif
%changelog
-* Tue Apr 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-2
-- Add release notes.
-- Resolves: rhbz#1810557
-
-* Sun Apr 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-1
-- Make use of --with-extra-asflags introduced in jdk8u252-b01.
-- Resolves: rhbz#1810557
-
-* Mon Apr 06 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b09-0
-- Update to aarch64-shenandoah-jdk8u252-b09.
-- Switch to GA mode for final release.
-- Resolves: rhbz#1810557
+* Fri Mar 27 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-4
+- Need to support noarch for creating source RPMs for non-scratch builds.
+- Resolves: rhbz#1737112
-* Fri Mar 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b08-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b08.
-- Resolves: rhbz#1810557
+* Tue Mar 24 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-4
+- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
+- Resolves: rhbz#1737112
-* Tue Mar 24 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b07-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b07.
-- Resolves: rhbz#1810557
+* Mon Feb 24 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-3
+- Add JDK-8165996/PR3506 & JDK-8195607/PR3776 to support NSS SQLite databases.
+- Resolves: rhbz#1760437
-* Mon Mar 16 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b06-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b06.
-- Resolves: rhbz#1810557
+* Sun Feb 23 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-2
+- Sync SystemTap & desktop files with upstream IcedTea release 3.15.0, removing previous workarounds
+- Resolves: rhbz#1737112
-* Fri Feb 28 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b05-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b05.
-- Resolves: rhbz#1810557
+* Sun Feb 23 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-2
+- Sync SystemTap & desktop files with upstream IcedTea release 3.11.0 using new script
+- Resolves: rhbz#1737112
-* Mon Feb 24 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b04-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b04.
-- Resolves: rhbz#1810557
-
-* Wed Feb 19 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b03-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b03.
-- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978
-- Resolves: rhbz#1810557
-
-* Tue Feb 04 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b02-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b02.
-- Resolves: rhbz#1810557
-
-* Mon Jan 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.252.b01-0.0.ea
-- Update to aarch64-shenandoah-jdk8u252-b01.
-- Switch to EA mode.
-- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change
-- Resolves: rhbz#1810557
-
-* Wed Jan 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-0
+* Wed Jan 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b08-1
- Update to aarch64-shenandoah-jdk8u242-b08.
- Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions.
- Resolves: rhbz#1785753
-* Wed Jan 15 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b07-1
+* Wed Jan 15 2020 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b07-2
- Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue.
- Resolves: rhbz#1785753
-* Mon Jan 13 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b07-0
+* Mon Jan 13 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b07-1
- Update to aarch64-shenandoah-jdk8u242-b07.
- Switch to GA mode for final release.
- Remove Shenandoah S390 patch which is now included upstream as JDK-8236829.
@@ -2174,20 +2170,29 @@ require "copy_jdk_configs.lua"
- Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run
- Resolves: rhbz#1785753
-* Thu Jan 02 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b01-0.0.ea
+* Sat Jan 04 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.242.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u242-b01.
- Switch to EA mode.
- Resolves: rhbz#1785753
-* Thu Jan 02 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-4
+* Sat Jan 04 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-6
+- Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve.
+- Regenerate source tarball using the updated script and add the -'4curve' suffix.
+- Resolves: rhbz#1746879
+
+* Thu Jan 02 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-5
- Revert SSBD removal for now, until appropriate messaging has been decided.
-- Resolves: rhbz#1785753
+- Resolves: rhbz#1750419
-* Tue Dec 24 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-3
+* Tue Dec 24 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-4
- Remove CVE-2018-3639 mitigation due to performance regression and
OpenJDK position on speculative execution vulnerabilities.
https://mail.openjdk.java.net/pipermail/vuln-announce/2019-July/000002.html
-- Resolves: rhbz#1785753
+- Resolves: rhbz#1750419
+
+* Thu Nov 14 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-3
+- Bump release number for RHEL 8.2.0.
+- Resolves: rhbz#1753423
* Fri Oct 25 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:1.8.0.232.b09-2
- Disable FIPS mode support unless com.redhat.fips is set to "true".