diff --git a/.gitignore b/.gitignore index 3a01a08..010e1ba 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/aarch64-port-jdk8u-aarch64-jdk8u111-b15.tar.xz +SOURCES/aarch64-port-jdk8u-aarch64-jdk8u102-b14.tar.xz SOURCES/systemtap-tapset-3.1.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index a9e203a..3ceac4b 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -c32fc4a2f70f097b8726e396cceaad1bdad461b6 SOURCES/aarch64-port-jdk8u-aarch64-jdk8u111-b15.tar.xz +4c11157a3c6ae41fb5345769a1f5cebd0de50d91 SOURCES/aarch64-port-jdk8u-aarch64-jdk8u102-b14.tar.xz 44b09844ec2e90db08d3d883993e0dbab0c1988a SOURCES/systemtap-tapset-3.1.0.tar.xz diff --git a/SOURCES/8154313.patch b/SOURCES/8154313.patch new file mode 100644 index 0000000..3a43c5f --- /dev/null +++ b/SOURCES/8154313.patch @@ -0,0 +1,68 @@ +--- jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.069477682 +0200 ++++ jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.014477059 +0200 +@@ -220,6 +220,12 @@ + JRE_API_DOCSDIR = $(DOCSDIR)/jre/api + PLATFORM_DOCSDIR = $(DOCSDIR)/platform + ++ ++JAVADOC_ARCHIVE_NAME := jdk-$(FULL_VERSION)-docs.zip ++JAVADOC_ARCHIVE_ASSEMBLY_DIR := $(DOCSTMPDIR)/zip-docs ++JAVADOC_ARCHIVE_DIR := $(OUTPUT_ROOT)/bundles ++JAVADOC_ARCHIVE := $(JAVADOC_ARCHIVE_DIR)/$(JAVADOC_ARCHIVE_NAME) ++ + # The non-core api javadocs need to be able to access the root of the core + # api directory, so for jdk/api or jre/api to get to the core api/ + # directory we would use this: +@@ -319,6 +325,37 @@ + all: docs + docs: coredocs otherdocs + ++# ++# Optional target which bundles all generated javadocs into a zip ++# archive. The dependency on docs is handled in Main.gmk. Incremental ++# building of docs is currently broken so if you invoke zip-docs after ++# docs, the docs are always rebuilt. ++# ++ ++zip-docs: $(JAVADOC_ARCHIVE) ++ ++# ++# Add the core docs as prerequisite to the archive to trigger a rebuild ++# if the core docs were rebuilt. Ideally any doc rebuild should trigger ++# this, but the way prerequisites are currently setup in this file, that ++# is hard to achieve. ++# ++ ++$(JAVADOC_ARCHIVE): $(COREAPI_INDEX_FILE) ++ @$(ECHO) "Compressing javadoc to single $(JAVADOC_ARCHIVE_NAME)" ; ++ $(MKDIR) -p $(JAVADOC_ARCHIVE_DIR) ; ++ $(RM) -r $(JAVADOC_ARCHIVE_ASSEMBLY_DIR) ; ++ $(MKDIR) -p $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); ++ all_roots=`$(FIND) $(DOCSDIR) | $(GREP) index.html `; \ ++ pushd $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); \ ++ for index_file in $${all_roots} ; do \ ++ target_dir=`dirname $${index_file}`; \ ++ name=`$(ECHO) $${target_dir} | $(SED) "s;/spec;;" | $(SED) "s;.*/;;"`; \ ++ $(LN) -s $${target_dir} $${name}; \ ++ done; \ ++ $(ZIP) -q -r $(JAVADOC_ARCHIVE) * ; \ ++ popd ; ++ + ################################################################# + # Production Targets -- USE THESE TARGETS WHEN: + # a) You're generating docs outside of release engineering's +--- jdk8/make/Main.gmk 2016-04-01 16:53:41.311480424 +0200 ++++ jdk8/make/Main.gmk 2016-04-01 16:53:41.266479914 +0200 +@@ -165,6 +165,12 @@ + @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk docs) + @$(call TargetExit) + ++zip-docs: docs zip-docs-only ++zip-docs-only: start-make ++ @$(call TargetEnter) ++ @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk zip-docs) ++ @$(call TargetExit) ++ + sign-jars: jdk sign-jars-only + sign-jars-only: start-make + @$(call TargetEnter) diff --git a/SOURCES/8157306-pr3121-rh1360863.patch b/SOURCES/8157306-pr3121-rh1360863.patch new file mode 100644 index 0000000..8cb69ae --- /dev/null +++ b/SOURCES/8157306-pr3121-rh1360863.patch @@ -0,0 +1,29 @@ +# HG changeset patch +# User aph +# Date 1470065634 -3600 +# Mon Aug 01 16:33:54 2016 +0100 +# Node ID ee9bffb3bd390b2ad805c7b59d7d2ab8a68a4367 +# Parent ab3e0bde3c15bbba60de4decabcd70ffef657448 +8157306, PR3121: Random infrequent null pointer exceptions in javac +Reviewed-by: kvn + +diff -r ab3e0bde3c15 -r ee9bffb3bd39 src/share/vm/opto/lcm.cpp +--- openjdk/hotspot/src/share/vm/opto/lcm.cpp Tue Jul 26 04:42:03 2016 +0100 ++++ openjdk/hotspot/src/share/vm/opto/lcm.cpp Mon Aug 01 16:33:54 2016 +0100 +@@ -1090,11 +1090,14 @@ + Block *sb = block->_succs[i]; + // Clone the entire area; ignoring the edge fixup for now. + for( uint j = end; j > beg; j-- ) { +- // It is safe here to clone a node with anti_dependence +- // since clones dominate on each path. + Node *clone = block->get_node(j-1)->clone(); + sb->insert_node(clone, 1); + map_node_to_block(clone, sb); ++#ifdef AARCH64 ++ if (clone->needs_anti_dependence_check()) { ++ insert_anti_dependences(sb, clone); ++ } ++#endif + } + } + diff --git a/SOURCES/8162384-pr3122-rh1358661.patch b/SOURCES/8162384-pr3122-rh1358661.patch new file mode 100644 index 0000000..ff38413 --- /dev/null +++ b/SOURCES/8162384-pr3122-rh1358661.patch @@ -0,0 +1,54 @@ +# HG changeset patch +# User roland +# Date 1469615613 -7200 +# Wed Jul 27 12:33:33 2016 +0200 +# Node ID fd29eff8b797daa41a68394ced7fe80c9e8c96e9 +# Parent ee9bffb3bd390b2ad805c7b59d7d2ab8a68a4367 +8162384, PR3122: Performance regression: bimorphic inlining may be bypassed by type speculation +Summary: when speculation fails at a call fallback to profile data at the call site +Reviewed-by: kvn + +diff -r ee9bffb3bd39 -r fd29eff8b797 src/share/vm/opto/doCall.cpp +--- openjdk/hotspot/src/share/vm/opto/doCall.cpp Mon Aug 01 16:33:54 2016 +0100 ++++ openjdk/hotspot/src/share/vm/opto/doCall.cpp Wed Jul 27 12:33:33 2016 +0200 +@@ -205,16 +205,22 @@ + + int morphism = profile.morphism(); + if (speculative_receiver_type != NULL) { +- // We have a speculative type, we should be able to resolve +- // the call. We do that before looking at the profiling at +- // this invoke because it may lead to bimorphic inlining which +- // a speculative type should help us avoid. +- receiver_method = callee->resolve_invoke(jvms->method()->holder(), +- speculative_receiver_type); +- if (receiver_method == NULL) { ++ if (!too_many_traps(caller, bci, Deoptimization::Reason_speculate_class_check)) { ++ // We have a speculative type, we should be able to resolve ++ // the call. We do that before looking at the profiling at ++ // this invoke because it may lead to bimorphic inlining which ++ // a speculative type should help us avoid. ++ receiver_method = callee->resolve_invoke(jvms->method()->holder(), ++ speculative_receiver_type); ++ if (receiver_method == NULL) { ++ speculative_receiver_type = NULL; ++ } else { ++ morphism = 1; ++ } ++ } else { ++ // speculation failed before. Use profiling at the call ++ // (could allow bimorphic inlining for instance). + speculative_receiver_type = NULL; +- } else { +- morphism = 1; + } + } + if (receiver_method == NULL && +@@ -252,7 +258,7 @@ + Deoptimization::Reason_bimorphic : + (speculative_receiver_type == NULL ? Deoptimization::Reason_class_check : Deoptimization::Reason_speculate_class_check); + if ((morphism == 1 || (morphism == 2 && next_hit_cg != NULL)) && +- !too_many_traps(jvms->method(), jvms->bci(), reason) ++ !too_many_traps(caller, bci, reason) + ) { + // Generate uncommon trap for class check failure path + // in case of monomorphic or bimorphic virtual call site. diff --git a/SOURCES/TestECDSA.java b/SOURCES/TestECDSA.java new file mode 100644 index 0000000..6eb9cb2 --- /dev/null +++ b/SOURCES/TestECDSA.java @@ -0,0 +1,49 @@ +/* TestECDSA -- Ensure ECDSA signatures are working. + Copyright (C) 2016 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +import java.math.BigInteger; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Signature; + +/** + * @test + */ +public class TestECDSA { + + public static void main(String[] args) throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("EC"); + KeyPair key = keyGen.generateKeyPair(); + + byte[] data = "This is a string to sign".getBytes("UTF-8"); + + Signature dsa = Signature.getInstance("NONEwithECDSA"); + dsa.initSign(key.getPrivate()); + dsa.update(data); + byte[] sig = dsa.sign(); + System.out.println("Signature: " + new BigInteger(1, sig).toString(16)); + + Signature dsaCheck = Signature.getInstance("NONEwithECDSA"); + dsaCheck.initVerify(key.getPublic()); + dsaCheck.update(data); + boolean success = dsaCheck.verify(sig); + if (!success) { + throw new RuntimeException("Test failed. Signature verification error"); + } + System.out.println("Test passed."); + } +} diff --git a/SOURCES/always_assumemp.patch b/SOURCES/always_assumemp.patch deleted file mode 100644 index b0a874d..0000000 --- a/SOURCES/always_assumemp.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/src/share/vm/runtime/globals.hpp b/src/share/vm/runtime/globals.hpp ---- openjdk/hotspot/src/share/vm/runtime/globals.hpp -+++ openjdk/hotspot/src/share/vm/runtime/globals.hpp -@@ -530,7 +530,7 @@ - lp64_product(intx, ObjectAlignmentInBytes, 8, \ - "Default object alignment in bytes, 8 is minimum") \ - \ -- product(bool, AssumeMP, false, \ -+ product(bool, AssumeMP, true, \ - "Instruct the VM to assume multiple processors are available") \ - \ - /* UseMembar is theoretically a temp flag used for memory barrier \ diff --git a/SOURCES/corba_typo_fix.patch b/SOURCES/corba_typo_fix.patch new file mode 100644 index 0000000..9756a8a --- /dev/null +++ b/SOURCES/corba_typo_fix.patch @@ -0,0 +1,24 @@ +diff -r 5c43ac1f2a59 src/share/classes/javax/rmi/CORBA/Util.java +--- openjdk.orig/corba/src/share/classes/javax/rmi/CORBA/Util.java Fri Jul 01 04:11:22 2016 +0100 ++++ openjdk/corba/src/share/classes/javax/rmi/CORBA/Util.java Mon Jul 04 16:04:39 2016 +0100 +@@ -413,8 +413,18 @@ + // check that a serialization permission has been + // set to allow the loading of the Util delegate + // which provides access to custom ValueHandler +- sm.checkPermission(new SerializablePermission( +- "enableCustomValueHanlder")); ++ try { ++ sm.checkPermission(new SerializablePermission( ++ "enableCustomValueHandler")); ++ } catch (SecurityException ex1) { ++ // Fallback: See if the permission is mis-spelt ++ try { ++ sm.checkPermission(new SerializablePermission( ++ "enableCustomValueHanlder")); ++ } catch (SecurityException ex2) { ++ throw ex1; // Throw original exception ++ } ++ } + } + } + } diff --git a/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh b/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh index 5803037..1f022f6 100644 --- a/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh +++ b/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh @@ -5,7 +5,6 @@ JPEG_SRC=jdk8/jdk/src/share/native/sun/awt/image/jpeg GIF_SRC=jdk8/jdk/src/share/native/sun/awt/giflib PNG_SRC=jdk8/jdk/src/share/native/sun/awt/libpng LCMS_SRC=jdk8/jdk/src/share/native/sun/java2d/cmm/lcms -SUNEC_SRC=jdk8/jdk/src/share/native/sun/security/ec/impl echo "Removing built-in libs (they will be linked)" @@ -129,10 +128,3 @@ rm -vf ${LCMS_SRC}/lcms2.h rm -vf ${LCMS_SRC}/lcms2_internal.h rm -vf ${LCMS_SRC}/lcms2_plugin.h fi - -echo "Removing SunEC sources" -if [ ! -d ${SUNEC_SRC} ]; then - echo "${SUNEC_SRC} does not exist. Refusing to proceed." - exit 1 -fi -rm -rvf ${SUNEC_SRC} diff --git a/SOURCES/pr1834-rh1022017.patch b/SOURCES/pr1834-rh1022017.patch new file mode 100644 index 0000000..1b3c903 --- /dev/null +++ b/SOURCES/pr1834-rh1022017.patch @@ -0,0 +1,44 @@ +diff -r a5c3d9643077 src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java +--- openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Tue Feb 10 16:24:28 2015 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/SupportedEllipticCurvesExtension.java Thu May 14 04:01:02 2015 +0100 +@@ -37,25 +37,11 @@ + // the extension value to send in the ClientHello message + static final SupportedEllipticCurvesExtension DEFAULT; + +- private static final boolean fips; +- + static { +- int[] ids; +- fips = SunJSSE.isFIPS(); +- if (fips == false) { +- ids = new int[] { +- // NIST curves first +- // prefer NIST P-256, rest in order of increasing key length +- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14, +- // non-NIST curves +- 15, 16, 17, 2, 18, 4, 5, 20, 8, 22, +- }; +- } else { +- ids = new int[] { +- // same as above, but allow only NIST curves in FIPS mode +- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14, +- }; +- } ++ int[] ids = new int[] { ++ // NSS currently only supports these three NIST curves ++ 23, 24, 25 ++ }; + DEFAULT = new SupportedEllipticCurvesExtension(ids); + } + +@@ -150,10 +136,6 @@ + if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) { + return false; + } +- if (fips == false) { +- // in non-FIPS mode, we support all valid indices +- return true; +- } + return DEFAULT.contains(index); + } + diff --git a/SOURCES/pr1983-jdk.patch b/SOURCES/pr1983-jdk.patch new file mode 100644 index 0000000..a0b4e1a --- /dev/null +++ b/SOURCES/pr1983-jdk.patch @@ -0,0 +1,693 @@ +# HG changeset patch +# User andrew +# Date 1453863246 0 +# Wed Jan 27 02:54:06 2016 +0000 +# Node ID 48c15869ecd568263249af4b9a4e98d4e57f9a8f +# Parent afd392dfaed501ac674a7cc3e37353ce300969c7 +PR1983: Support using the system installation of NSS with the SunEC provider +Summary: Apply code changes from PR1699 & PR1742 & forward-port Makefile changes to the new build. + +diff -r afd392dfaed5 -r 48c15869ecd5 make/lib/SecurityLibraries.gmk +--- openjdk/jdk/make/lib/SecurityLibraries.gmk Tue Jan 26 22:26:26 2016 +0000 ++++ openjdk/jdk/make/lib/SecurityLibraries.gmk Wed Jan 27 02:54:06 2016 +0000 +@@ -218,8 +218,17 @@ + + ifeq ($(ENABLE_INTREE_EC), yes) + +- BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec \ ++ BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec ++ ++ ifeq ($(USE_EXTERNAL_NSS), true) ++ BUILD_LIBSUNEC_IMPL_DIR := ++ BUILD_LIBSUNEC_FLAGS += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC ++ else ++ BUILD_LIBSUNEC_IMPL_DIR := \ ++ $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl ++ BUILD_LIBSUNEC_FLAGS += \ + -I$(JDK_TOPDIR)/src/share/native/sun/security/ec/impl ++ endif + + # + # On sol-sparc...all libraries are compiled with -xregs=no%appl +@@ -235,8 +244,8 @@ + $(eval $(call SetupNativeCompilation,BUILD_LIBSUNEC, \ + LIBRARY := sunec, \ + OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ +- SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec \ +- $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl, \ ++ SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec/ECC_JNI.cpp \ ++ $(BUILD_LIBSUNEC_IMPL_DIR), \ + LANG := C++, \ + OPTIMIZATION := LOW, \ + CFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CFLAGS_JDKLIB)) \ +@@ -248,8 +257,8 @@ + LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \ + LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_SUFFIX := $(LIBCXX), \ +- LDFLAGS_SUFFIX_linux := -lc, \ +- LDFLAGS_SUFFIX_solaris := -lc, \ ++ LDFLAGS_SUFFIX_linux := -lc $(NSS_LIBS), \ ++ LDFLAGS_SUFFIX_solaris := -lc $(NSS_LIBS), \ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ + -D "JDK_FNAME=sunec.dll" \ +diff -r afd392dfaed5 -r 48c15869ecd5 src/share/native/sun/security/ec/ECC_JNI.cpp +--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Tue Jan 26 22:26:26 2016 +0000 ++++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 02:54:06 2016 +0000 +@@ -24,7 +24,7 @@ + */ + + #include +-#include "impl/ecc_impl.h" ++#include "ecc_impl.h" + + #define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException" + #define INVALID_ALGORITHM_PARAMETER_EXCEPTION \ +@@ -89,7 +89,7 @@ + */ + JNIEXPORT jobjectArray + JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair +- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed) ++ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed) + { + ECPrivateKey *privKey = NULL; // contains both public and private values + ECParams *ecparams = NULL; +@@ -190,7 +190,7 @@ + */ + JNIEXPORT jbyteArray + JNICALL Java_sun_security_ec_ECDSASignature_signDigest +- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed) ++ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed) + { + jbyte* pDigestBuffer = NULL; + jint jDigestLength = env->GetArrayLength(digest); +@@ -299,7 +299,7 @@ + */ + JNIEXPORT jboolean + JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest +- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) ++ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) + { + jboolean isValid = false; + +@@ -384,7 +384,7 @@ + */ + JNIEXPORT jbyteArray + JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey +- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) ++ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) + { + jbyteArray jSecret = NULL; + ECParams *ecparams = NULL; +diff -r afd392dfaed5 -r 48c15869ecd5 src/share/native/sun/security/ec/ecc_impl.h +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h Wed Jan 27 02:54:06 2016 +0000 +@@ -0,0 +1,298 @@ ++/* ++ * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. ++ * Use is subject to license terms. ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public License ++ * along with this library; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ********************************************************************* ++ * ++ * The Original Code is the Netscape security libraries. ++ * ++ * The Initial Developer of the Original Code is ++ * Netscape Communications Corporation. ++ * Portions created by the Initial Developer are Copyright (C) 1994-2000 ++ * the Initial Developer. All Rights Reserved. ++ * ++ * Contributor(s): ++ * Dr Vipul Gupta and ++ * Douglas Stebila , Sun Microsystems Laboratories ++ * ++ * Last Modified Date from the Original Code: November 2013 ++ *********************************************************************** */ ++ ++#ifndef _ECC_IMPL_H ++#define _ECC_IMPL_H ++ ++#ifdef __cplusplus ++extern "C" { ++#endif ++ ++#include ++ ++#ifdef SYSTEM_NSS ++#include ++#include ++#include ++#ifdef LEGACY_NSS ++#include ++#else ++#include ++#endif ++#else ++#include "ecl-exp.h" ++#endif ++ ++/* ++ * Multi-platform definitions ++ */ ++#ifdef __linux__ ++#define B_FALSE FALSE ++#define B_TRUE TRUE ++typedef unsigned char uint8_t; ++typedef unsigned long ulong_t; ++typedef enum { B_FALSE, B_TRUE } boolean_t; ++#endif /* __linux__ */ ++ ++#ifdef _ALLBSD_SOURCE ++#include ++#define B_FALSE FALSE ++#define B_TRUE TRUE ++typedef unsigned long ulong_t; ++typedef enum boolean { B_FALSE, B_TRUE } boolean_t; ++#endif /* _ALLBSD_SOURCE */ ++ ++#ifdef AIX ++#define B_FALSE FALSE ++#define B_TRUE TRUE ++typedef unsigned char uint8_t; ++typedef unsigned long ulong_t; ++#endif /* AIX */ ++ ++#ifdef _WIN32 ++typedef unsigned char uint8_t; ++typedef unsigned long ulong_t; ++typedef enum boolean { B_FALSE, B_TRUE } boolean_t; ++#define strdup _strdup /* Replace POSIX name with ISO C++ name */ ++#endif /* _WIN32 */ ++ ++#ifndef _KERNEL ++#include ++#endif /* _KERNEL */ ++ ++#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */ ++#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */ ++#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */ ++#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */ ++#define EC_MIN_KEY_LEN 112 /* min key length in bits */ ++#define EC_MAX_KEY_LEN 571 /* max key length in bits */ ++#define EC_MAX_OID_LEN 10 /* max length of OID buffer */ ++ ++/* ++ * Various structures and definitions from NSS are here. ++ */ ++ ++#ifndef SYSTEM_NSS ++#ifdef _KERNEL ++#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f)) ++#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f)) ++#define PORT_ArenaGrow(a, b, c, d) NULL ++#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f)) ++#define PORT_Alloc(n, f) kmem_alloc((n), (f)) ++#else ++#define PORT_ArenaAlloc(a, n, f) malloc((n)) ++#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n)) ++#define PORT_ArenaGrow(a, b, c, d) NULL ++#define PORT_ZAlloc(n, f) calloc(1, (n)) ++#define PORT_Alloc(n, f) malloc((n)) ++#endif ++ ++#define PORT_NewArena(b) (char *)12345 ++#define PORT_ArenaMark(a) NULL ++#define PORT_ArenaUnmark(a, b) ++#define PORT_ArenaRelease(a, m) ++#define PORT_FreeArena(a, b) ++#define PORT_Strlen(s) strlen((s)) ++#define PORT_SetError(e) ++ ++#define PRBool boolean_t ++#define PR_TRUE B_TRUE ++#define PR_FALSE B_FALSE ++ ++#ifdef _KERNEL ++#define PORT_Assert ASSERT ++#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l)) ++#else ++#define PORT_Assert assert ++#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l)) ++#endif ++ ++#endif ++ ++#define CHECK_OK(func) if (func == NULL) goto cleanup ++#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup ++ ++#ifndef SYSTEM_NSS ++typedef enum { ++ siBuffer = 0, ++ siClearDataBuffer = 1, ++ siCipherDataBuffer = 2, ++ siDERCertBuffer = 3, ++ siEncodedCertBuffer = 4, ++ siDERNameBuffer = 5, ++ siEncodedNameBuffer = 6, ++ siAsciiNameString = 7, ++ siAsciiString = 8, ++ siDEROID = 9, ++ siUnsignedInteger = 10, ++ siUTCTime = 11, ++ siGeneralizedTime = 12 ++} SECItemType; ++ ++typedef struct SECItemStr SECItem; ++ ++struct SECItemStr { ++ SECItemType type; ++ unsigned char *data; ++ unsigned int len; ++}; ++ ++typedef SECItem SECKEYECParams; ++ ++typedef enum { ec_params_explicit, ++ ec_params_named ++} ECParamsType; ++ ++typedef enum { ec_field_GFp = 1, ++ ec_field_GF2m ++} ECFieldType; ++ ++struct ECFieldIDStr { ++ int size; /* field size in bits */ ++ ECFieldType type; ++ union { ++ SECItem prime; /* prime p for (GFp) */ ++ SECItem poly; /* irreducible binary polynomial for (GF2m) */ ++ } u; ++ int k1; /* first coefficient of pentanomial or ++ * the only coefficient of trinomial ++ */ ++ int k2; /* two remaining coefficients of pentanomial */ ++ int k3; ++}; ++typedef struct ECFieldIDStr ECFieldID; ++ ++struct ECCurveStr { ++ SECItem a; /* contains octet stream encoding of ++ * field element (X9.62 section 4.3.3) ++ */ ++ SECItem b; ++ SECItem seed; ++}; ++typedef struct ECCurveStr ECCurve; ++ ++typedef void PRArenaPool; ++ ++struct ECParamsStr { ++ PRArenaPool * arena; ++ ECParamsType type; ++ ECFieldID fieldID; ++ ECCurve curve; ++ SECItem base; ++ SECItem order; ++ int cofactor; ++ SECItem DEREncoding; ++ ECCurveName name; ++ SECItem curveOID; ++}; ++typedef struct ECParamsStr ECParams; ++ ++struct ECPublicKeyStr { ++ ECParams ecParams; ++ SECItem publicValue; /* elliptic curve point encoded as ++ * octet stream. ++ */ ++}; ++typedef struct ECPublicKeyStr ECPublicKey; ++ ++struct ECPrivateKeyStr { ++ ECParams ecParams; ++ SECItem publicValue; /* encoded ec point */ ++ SECItem privateValue; /* private big integer */ ++ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ ++}; ++typedef struct ECPrivateKeyStr ECPrivateKey; ++ ++typedef enum _SECStatus { ++ SECBufferTooSmall = -3, ++ SECWouldBlock = -2, ++ SECFailure = -1, ++ SECSuccess = 0 ++} SECStatus; ++#endif ++ ++#ifdef _KERNEL ++#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l)) ++#else ++/* ++ This function is no longer required because the random bytes are now ++ supplied by the caller. Force a failure. ++*/ ++#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure ++#endif ++#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup ++#define MP_TO_SEC_ERROR(err) ++ ++#define SECITEM_TO_MPINT(it, mp) \ ++ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len)) ++ ++extern int ecc_knzero_random_generator(uint8_t *, size_t); ++extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t); ++ ++#ifdef SYSTEM_NSS ++#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) ++#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d) ++#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigestWithSeed(a,b,c,d,e) ++#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) ++#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) ++#else ++extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int); ++ ++extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int); ++extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *, ++ int); ++extern void SECITEM_FreeItem(SECItem *, boolean_t); ++ ++/* This function has been modified to accept an array of random bytes */ ++extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey, ++ const unsigned char* random, int randomlen, int); ++/* This function has been modified to accept an array of random bytes */ ++extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *, ++ const unsigned char* random, int randomlen, int); ++extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *, ++ const SECItem *, int); ++extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t, ++ SECItem *, int); ++#endif ++ ++#ifdef __cplusplus ++} ++#endif ++ ++#endif /* _ECC_IMPL_H */ +diff -r afd392dfaed5 -r 48c15869ecd5 src/share/native/sun/security/ec/impl/ecc_impl.h +--- openjdk/jdk/src/share/native/sun/security/ec/impl/ecc_impl.h Tue Jan 26 22:26:26 2016 +0000 ++++ /dev/null Thu Jan 01 00:00:00 1970 +0000 +@@ -1,271 +0,0 @@ +-/* +- * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved. +- * Use is subject to license terms. +- * +- * This library is free software; you can redistribute it and/or +- * modify it under the terms of the GNU Lesser General Public +- * License as published by the Free Software Foundation; either +- * version 2.1 of the License, or (at your option) any later version. +- * +- * This library is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- * Lesser General Public License for more details. +- * +- * You should have received a copy of the GNU Lesser General Public License +- * along with this library; if not, write to the Free Software Foundation, +- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +- * +- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +- * or visit www.oracle.com if you need additional information or have any +- * questions. +- */ +- +-/* ********************************************************************* +- * +- * The Original Code is the Netscape security libraries. +- * +- * The Initial Developer of the Original Code is +- * Netscape Communications Corporation. +- * Portions created by the Initial Developer are Copyright (C) 1994-2000 +- * the Initial Developer. All Rights Reserved. +- * +- * Contributor(s): +- * Dr Vipul Gupta and +- * Douglas Stebila , Sun Microsystems Laboratories +- * +- * Last Modified Date from the Original Code: November 2013 +- *********************************************************************** */ +- +-#ifndef _ECC_IMPL_H +-#define _ECC_IMPL_H +- +-#ifdef __cplusplus +-extern "C" { +-#endif +- +-#include +-#include "ecl-exp.h" +- +-/* +- * Multi-platform definitions +- */ +-#ifdef __linux__ +-#define B_FALSE FALSE +-#define B_TRUE TRUE +-typedef unsigned char uint8_t; +-typedef unsigned long ulong_t; +-typedef enum { B_FALSE, B_TRUE } boolean_t; +-#endif /* __linux__ */ +- +-#ifdef _ALLBSD_SOURCE +-#include +-#define B_FALSE FALSE +-#define B_TRUE TRUE +-typedef unsigned long ulong_t; +-typedef enum boolean { B_FALSE, B_TRUE } boolean_t; +-#endif /* _ALLBSD_SOURCE */ +- +-#ifdef AIX +-#define B_FALSE FALSE +-#define B_TRUE TRUE +-typedef unsigned char uint8_t; +-typedef unsigned long ulong_t; +-#endif /* AIX */ +- +-#ifdef _WIN32 +-typedef unsigned char uint8_t; +-typedef unsigned long ulong_t; +-typedef enum boolean { B_FALSE, B_TRUE } boolean_t; +-#define strdup _strdup /* Replace POSIX name with ISO C++ name */ +-#endif /* _WIN32 */ +- +-#ifndef _KERNEL +-#include +-#endif /* _KERNEL */ +- +-#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */ +-#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */ +-#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */ +-#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */ +-#define EC_MIN_KEY_LEN 112 /* min key length in bits */ +-#define EC_MAX_KEY_LEN 571 /* max key length in bits */ +-#define EC_MAX_OID_LEN 10 /* max length of OID buffer */ +- +-/* +- * Various structures and definitions from NSS are here. +- */ +- +-#ifdef _KERNEL +-#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f)) +-#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f)) +-#define PORT_ArenaGrow(a, b, c, d) NULL +-#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f)) +-#define PORT_Alloc(n, f) kmem_alloc((n), (f)) +-#else +-#define PORT_ArenaAlloc(a, n, f) malloc((n)) +-#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n)) +-#define PORT_ArenaGrow(a, b, c, d) NULL +-#define PORT_ZAlloc(n, f) calloc(1, (n)) +-#define PORT_Alloc(n, f) malloc((n)) +-#endif +- +-#define PORT_NewArena(b) (char *)12345 +-#define PORT_ArenaMark(a) NULL +-#define PORT_ArenaUnmark(a, b) +-#define PORT_ArenaRelease(a, m) +-#define PORT_FreeArena(a, b) +-#define PORT_Strlen(s) strlen((s)) +-#define PORT_SetError(e) +- +-#define PRBool boolean_t +-#define PR_TRUE B_TRUE +-#define PR_FALSE B_FALSE +- +-#ifdef _KERNEL +-#define PORT_Assert ASSERT +-#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l)) +-#else +-#define PORT_Assert assert +-#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l)) +-#endif +- +-#define CHECK_OK(func) if (func == NULL) goto cleanup +-#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup +- +-typedef enum { +- siBuffer = 0, +- siClearDataBuffer = 1, +- siCipherDataBuffer = 2, +- siDERCertBuffer = 3, +- siEncodedCertBuffer = 4, +- siDERNameBuffer = 5, +- siEncodedNameBuffer = 6, +- siAsciiNameString = 7, +- siAsciiString = 8, +- siDEROID = 9, +- siUnsignedInteger = 10, +- siUTCTime = 11, +- siGeneralizedTime = 12 +-} SECItemType; +- +-typedef struct SECItemStr SECItem; +- +-struct SECItemStr { +- SECItemType type; +- unsigned char *data; +- unsigned int len; +-}; +- +-typedef SECItem SECKEYECParams; +- +-typedef enum { ec_params_explicit, +- ec_params_named +-} ECParamsType; +- +-typedef enum { ec_field_GFp = 1, +- ec_field_GF2m +-} ECFieldType; +- +-struct ECFieldIDStr { +- int size; /* field size in bits */ +- ECFieldType type; +- union { +- SECItem prime; /* prime p for (GFp) */ +- SECItem poly; /* irreducible binary polynomial for (GF2m) */ +- } u; +- int k1; /* first coefficient of pentanomial or +- * the only coefficient of trinomial +- */ +- int k2; /* two remaining coefficients of pentanomial */ +- int k3; +-}; +-typedef struct ECFieldIDStr ECFieldID; +- +-struct ECCurveStr { +- SECItem a; /* contains octet stream encoding of +- * field element (X9.62 section 4.3.3) +- */ +- SECItem b; +- SECItem seed; +-}; +-typedef struct ECCurveStr ECCurve; +- +-typedef void PRArenaPool; +- +-struct ECParamsStr { +- PRArenaPool * arena; +- ECParamsType type; +- ECFieldID fieldID; +- ECCurve curve; +- SECItem base; +- SECItem order; +- int cofactor; +- SECItem DEREncoding; +- ECCurveName name; +- SECItem curveOID; +-}; +-typedef struct ECParamsStr ECParams; +- +-struct ECPublicKeyStr { +- ECParams ecParams; +- SECItem publicValue; /* elliptic curve point encoded as +- * octet stream. +- */ +-}; +-typedef struct ECPublicKeyStr ECPublicKey; +- +-struct ECPrivateKeyStr { +- ECParams ecParams; +- SECItem publicValue; /* encoded ec point */ +- SECItem privateValue; /* private big integer */ +- SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ +-}; +-typedef struct ECPrivateKeyStr ECPrivateKey; +- +-typedef enum _SECStatus { +- SECBufferTooSmall = -3, +- SECWouldBlock = -2, +- SECFailure = -1, +- SECSuccess = 0 +-} SECStatus; +- +-#ifdef _KERNEL +-#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l)) +-#else +-/* +- This function is no longer required because the random bytes are now +- supplied by the caller. Force a failure. +-*/ +-#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure +-#endif +-#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup +-#define MP_TO_SEC_ERROR(err) +- +-#define SECITEM_TO_MPINT(it, mp) \ +- CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len)) +- +-extern int ecc_knzero_random_generator(uint8_t *, size_t); +-extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t); +- +-extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int); +-extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int); +-extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *, +- int); +-extern void SECITEM_FreeItem(SECItem *, boolean_t); +-/* This function has been modified to accept an array of random bytes */ +-extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey, +- const unsigned char* random, int randomlen, int); +-/* This function has been modified to accept an array of random bytes */ +-extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *, +- const unsigned char* random, int randomlen, int); +-extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *, +- const SECItem *, int); +-extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t, +- SECItem *, int); +- +-#ifdef __cplusplus +-} +-#endif +- +-#endif /* _ECC_IMPL_H */ +diff -r afd392dfaed5 -r 48c15869ecd5 src/solaris/javavm/export/jni_md.h +--- openjdk/jdk/src/solaris/javavm/export/jni_md.h Tue Jan 26 22:26:26 2016 +0000 ++++ openjdk/jdk/src/solaris/javavm/export/jni_md.h Wed Jan 27 02:54:06 2016 +0000 +@@ -36,6 +36,11 @@ + #define JNIEXPORT + #define JNIIMPORT + #endif ++#if (defined(__GNUC__)) || __has_attribute(unused) ++ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__)) ++#else ++ #define UNUSED(x) UNUSED_ ## x ++#endif + + #define JNICALL + diff --git a/SOURCES/pr1983-root.patch b/SOURCES/pr1983-root.patch new file mode 100644 index 0000000..100472b --- /dev/null +++ b/SOURCES/pr1983-root.patch @@ -0,0 +1,89 @@ +# HG changeset patch +# User andrew +# Date 1453863007 0 +# Wed Jan 27 02:50:07 2016 +0000 +# Node ID f0635543beb309c4da1bb88c906a76ee4b75e16d +# Parent 4a5a0d4e1ae0feec2f47d17be380d6fcd5eff126 +PR1983: Support using the system installation of NSS with the SunEC provider +Summary: Add new configure option --enable-system-nss + +diff -r 92af9369869f common/autoconf/jdk-options.m4 +--- openjdk/common/autoconf/jdk-options.m4 Thu Jan 21 22:17:02 2016 +0000 ++++ openjdk/common/autoconf/jdk-options.m4 Wed Jan 27 05:32:12 2016 +0000 +@@ -414,9 +414,10 @@ + # + AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC], + [ +- AC_MSG_CHECKING([if elliptic curve crypto implementation is present]) ++ AC_REQUIRE([LIB_SETUP_MISC_LIBS]) ++ AC_MSG_CHECKING([if the elliptic curve crypto implementation is present]) + +- if test -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then ++ if test "x${system_nss}" = "xyes" -o -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then + ENABLE_INTREE_EC=yes + AC_MSG_RESULT([yes]) + else +diff -r 92af9369869f common/autoconf/libraries.m4 +--- openjdk/common/autoconf/libraries.m4 Thu Jan 21 22:17:02 2016 +0000 ++++ openjdk/common/autoconf/libraries.m4 Wed Jan 27 05:32:12 2016 +0000 +@@ -731,6 +731,47 @@ + LIBDL="$LIBS" + AC_SUBST(LIBDL) + LIBS="$save_LIBS" ++ ++ ############################################################################### ++ # ++ # Check for the NSS libraries ++ # ++ ++ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries]) ++ ++ # default is bundled ++ DEFAULT_SYSTEM_NSS=no ++ ++ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss], ++ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])], ++ [ ++ case "${enableval}" in ++ yes) ++ system_nss=yes ++ ;; ++ *) ++ system_nss=no ++ ;; ++ esac ++ ], ++ [ ++ system_nss=${DEFAULT_SYSTEM_NSS} ++ ]) ++ AC_MSG_RESULT([$system_nss]) ++ ++ if test "x${system_nss}" = "xyes"; then ++ PKG_CHECK_MODULES(NSS, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no]) ++ if test "x${NSS_SOFTOKN_FOUND}" = "xyes"; then ++ NSS_LIBS="$NSS_LIBS -lfreebl"; ++ USE_EXTERNAL_NSS=true ++ else ++ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.]) ++ fi ++ else ++ USE_EXTERNAL_NSS=false ++ fi ++ AC_SUBST(USE_EXTERNAL_NSS) ++ + ]) + + AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP], +diff -r 92af9369869f common/autoconf/spec.gmk.in +--- openjdk/common/autoconf/spec.gmk.in Thu Jan 21 22:17:02 2016 +0000 ++++ openjdk/common/autoconf/spec.gmk.in Wed Jan 27 05:32:12 2016 +0000 +@@ -647,6 +647,9 @@ + # Read-only single-machine data + INSTALL_SYSCONFDIR=@sysconfdir@ + ++USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@ ++NSS_LIBS:=@NSS_LIBS@ ++NSS_CFLAGS:=@NSS_CFLAGS@ + + #################################################### + # diff --git a/SOURCES/pr2127.patch b/SOURCES/pr2127.patch new file mode 100644 index 0000000..b08822a --- /dev/null +++ b/SOURCES/pr2127.patch @@ -0,0 +1,178 @@ +# HG changeset patch +# User andrew +# Date 1453866306 0 +# Wed Jan 27 03:45:06 2016 +0000 +# Node ID 0ff7720931e8dbf7de25720bdc93b18527ab89e8 +# Parent 48c15869ecd568263249af4b9a4e98d4e57f9a8f +PR2127: SunEC provider crashes when built using system NSS +Summary: Use NSS memory management functions + +diff -r 48c15869ecd5 -r 0ff7720931e8 src/share/native/sun/security/ec/ECC_JNI.cpp +--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 02:54:06 2016 +0000 ++++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000 +@@ -32,6 +32,13 @@ + #define INVALID_PARAMETER_EXCEPTION \ + "java/security/InvalidParameterException" + #define KEY_EXCEPTION "java/security/KeyException" ++#define INTERNAL_ERROR "java/lang/InternalError" ++ ++#ifdef SYSTEM_NSS ++#define SYSTEM_UNUSED(x) UNUSED(x) ++#else ++#define SYSTEM_UNUSED(x) x ++#endif + + extern "C" { + +@@ -49,8 +56,13 @@ + /* + * Deep free of the ECParams struct + */ +-void FreeECParams(ECParams *ecparams, jboolean freeStruct) ++void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct)) + { ++#ifdef SYSTEM_NSS ++ // Needs to be freed using the matching method to the one ++ // that allocated it. PR_TRUE means the memory is zeroed. ++ PORT_FreeArena(ecparams->arena, PR_TRUE); ++#else + // Use B_FALSE to free the SECItem->data element, but not the SECItem itself + // Use B_TRUE to free both + +@@ -64,6 +76,7 @@ + SECITEM_FreeItem(&ecparams->curveOID, B_FALSE); + if (freeStruct) + free(ecparams); ++#endif + } + + jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem) +@@ -108,6 +121,13 @@ + goto cleanup; + } + ++#ifdef SYSTEM_NSS ++ if (SECOID_Init() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ goto cleanup; ++ } ++#endif ++ + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -163,16 +183,26 @@ + if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); ++#ifdef SYSTEM_NSS ++ if (SECOID_Shutdown() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++#endif + } + if (ecparams) { + FreeECParams(ecparams, true); + } + if (privKey) { + FreeECParams(&privKey->ecParams, false); ++#ifndef SYSTEM_NSS ++ // The entire ECPrivateKey is allocated in the arena ++ // when using system NSS, so only the in-tree version ++ // needs to clear these manually. + SECITEM_FreeItem(&privKey->version, B_FALSE); + SECITEM_FreeItem(&privKey->privateValue, B_FALSE); + SECITEM_FreeItem(&privKey->publicValue, B_FALSE); + free(privKey); ++#endif + } + + if (pSeedBuffer) { +@@ -223,6 +253,13 @@ + goto cleanup; + } + ++#ifdef SYSTEM_NSS ++ if (SECOID_Init() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ goto cleanup; ++ } ++#endif ++ + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -270,6 +307,11 @@ + if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); ++#ifdef SYSTEM_NSS ++ if (SECOID_Shutdown() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++#endif + } + if (privKey.privateValue.data) { + env->ReleaseByteArrayElements(privateKey, +@@ -336,6 +378,13 @@ + goto cleanup; + } + ++#ifdef SYSTEM_NSS ++ if (SECOID_Init() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ goto cleanup; ++ } ++#endif ++ + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -356,9 +405,15 @@ + + cleanup: + { +- if (params_item.data) ++ if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); ++#ifdef SYSTEM_NSS ++ if (SECOID_Shutdown() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++#endif ++ } + + if (pubKey.publicValue.data) + env->ReleaseByteArrayElements(publicKey, +@@ -419,6 +474,13 @@ + goto cleanup; + } + ++#ifdef SYSTEM_NSS ++ if (SECOID_Init() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ goto cleanup; ++ } ++#endif ++ + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -460,9 +522,15 @@ + env->ReleaseByteArrayElements(publicKey, + (jbyte *) publicValue_item.data, JNI_ABORT); + +- if (params_item.data) ++ if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); ++#ifdef SYSTEM_NSS ++ if (SECOID_Shutdown() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++#endif ++ } + + if (ecparams) + FreeECParams(ecparams, true); diff --git a/SOURCES/pr2815.patch b/SOURCES/pr2815.patch new file mode 100644 index 0000000..db14f10 --- /dev/null +++ b/SOURCES/pr2815.patch @@ -0,0 +1,189 @@ +# HG changeset patch +# User andrew +# Date 1453867347 0 +# Wed Jan 27 04:02:27 2016 +0000 +# Node ID 26e2e029ee256e9815fdc324831a03d8582255e1 +# Parent 0ff7720931e8dbf7de25720bdc93b18527ab89e8 +PR2815: Race condition in SunEC provider with system NSS +Summary: Perform initialisation and shutdown only when library is loaded or SunEC is finalized respectively + +diff -r 0ff7720931e8 -r 26e2e029ee25 make/mapfiles/libsunec/mapfile-vers +--- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 03:45:06 2016 +0000 ++++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 04:02:27 2016 +0000 +@@ -31,6 +31,8 @@ + Java_sun_security_ec_ECDSASignature_signDigest; + Java_sun_security_ec_ECDSASignature_verifySignedDigest; + Java_sun_security_ec_ECDHKeyAgreement_deriveKey; ++ Java_sun_security_ec_SunEC_initialize; ++ Java_sun_security_ec_SunEC_cleanup; + local: + *; + }; +diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/classes/sun/security/ec/SunEC.java +--- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 03:45:06 2016 +0000 ++++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 04:02:27 2016 +0000 +@@ -58,6 +58,7 @@ + AccessController.doPrivileged(new PrivilegedAction() { + public Void run() { + System.loadLibrary("sunec"); // check for native library ++ initialize(); + return null; + } + }); +@@ -81,4 +82,22 @@ + } + } + ++ /** ++ * Cleanup native resources during finalisation. ++ */ ++ @Override ++ protected void finalize() { ++ cleanup(); ++ } ++ ++ /** ++ * Initialize the native code. ++ */ ++ private static native void initialize(); ++ ++ /** ++ * Cleanup in the native layer. ++ */ ++ private static native void cleanup(); ++ + } +diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/native/sun/security/ec/ECC_JNI.cpp +--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000 ++++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 04:02:27 2016 +0000 +@@ -121,13 +121,6 @@ + goto cleanup; + } + +-#ifdef SYSTEM_NSS +- if (SECOID_Init() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- goto cleanup; +- } +-#endif +- + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -183,11 +176,6 @@ + if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); +-#ifdef SYSTEM_NSS +- if (SECOID_Shutdown() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- } +-#endif + } + if (ecparams) { + FreeECParams(ecparams, true); +@@ -253,13 +241,6 @@ + goto cleanup; + } + +-#ifdef SYSTEM_NSS +- if (SECOID_Init() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- goto cleanup; +- } +-#endif +- + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -307,11 +288,6 @@ + if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); +-#ifdef SYSTEM_NSS +- if (SECOID_Shutdown() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- } +-#endif + } + if (privKey.privateValue.data) { + env->ReleaseByteArrayElements(privateKey, +@@ -378,13 +354,6 @@ + goto cleanup; + } + +-#ifdef SYSTEM_NSS +- if (SECOID_Init() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- goto cleanup; +- } +-#endif +- + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -408,11 +377,6 @@ + if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); +-#ifdef SYSTEM_NSS +- if (SECOID_Shutdown() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- } +-#endif + } + + if (pubKey.publicValue.data) +@@ -474,13 +438,6 @@ + goto cleanup; + } + +-#ifdef SYSTEM_NSS +- if (SECOID_Init() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- goto cleanup; +- } +-#endif +- + // Fill a new ECParams using the supplied OID + if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { + /* bad curve OID */ +@@ -525,11 +482,6 @@ + if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); +-#ifdef SYSTEM_NSS +- if (SECOID_Shutdown() != SECSuccess) { +- ThrowException(env, INTERNAL_ERROR); +- } +-#endif + } + + if (ecparams) +@@ -539,4 +491,26 @@ + return jSecret; + } + ++JNIEXPORT void ++JNICALL Java_sun_security_ec_SunEC_initialize ++ (JNIEnv *env, jclass UNUSED(clazz)) ++{ ++#ifdef SYSTEM_NSS ++ if (SECOID_Init() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++#endif ++} ++ ++JNIEXPORT void ++JNICALL Java_sun_security_ec_SunEC_cleanup ++ (JNIEnv *env, jclass UNUSED(clazz)) ++{ ++#ifdef SYSTEM_NSS ++ if (SECOID_Shutdown() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++#endif ++} ++ + } /* extern "C" */ diff --git a/SOURCES/pr2842-01.patch b/SOURCES/pr2842-01.patch new file mode 100644 index 0000000..4ee4c55 --- /dev/null +++ b/SOURCES/pr2842-01.patch @@ -0,0 +1,22 @@ +# HG changeset patch +# User mduigou +# Date 1389723922 28800 +# Tue Jan 14 10:25:22 2014 -0800 +# Node ID 842cc183c9f6d29270ff002238248978c08f0a66 +# Parent f0635543beb309c4da1bb88c906a76ee4b75e16d +8031668, PR2842: TOOLCHAIN_FIND_COMPILER unexpectedly resolves symbolic links +Reviewed-by: erikj, ihse + +diff -r f0635543beb3 -r 842cc183c9f6 common/autoconf/toolchain.m4 +--- openjdk/./common/autoconf/toolchain.m4 Wed Jan 27 02:50:07 2016 +0000 ++++ openjdk/./common/autoconf/toolchain.m4 Tue Jan 14 10:25:22 2014 -0800 +@@ -188,8 +188,8 @@ + $1="$PROPER_COMPILER_$1" + else + AC_MSG_RESULT([no, keeping $1]) +- $1="$TEST_COMPILER" + fi ++ + TOOLCHAIN_CHECK_COMPILER_VERSION([$1], [$COMPILER_NAME]) + ]) + diff --git a/SOURCES/pr2842-02.patch b/SOURCES/pr2842-02.patch new file mode 100644 index 0000000..f5268fc --- /dev/null +++ b/SOURCES/pr2842-02.patch @@ -0,0 +1,65 @@ +# HG changeset patch +# User ihse +# Date 1454642639 0 +# Fri Feb 05 03:23:59 2016 +0000 +# Node ID 61798573efe5a9efa67e268a52cf61263abb4396 +# Parent 842cc183c9f6d29270ff002238248978c08f0a66 +8148351, PR2842: Only display resolved symlink for compiler, do not change path +Reviewed-by: erikj + +diff -r 5096b6468914 common/autoconf/toolchain.m4 +--- openjdk/./common/autoconf/toolchain.m4 Tue Jan 14 10:25:22 2014 -0800 ++++ openjdk/./common/autoconf/toolchain.m4 Fri Feb 05 20:02:15 2016 +0000 +@@ -147,38 +147,22 @@ + fi + BASIC_FIXUP_EXECUTABLE($1) + TEST_COMPILER="[$]$1" +- # Don't remove symbolic links on AIX because 'xlc_r' and 'xlC_r' may all be links +- # to 'xlc' but it is crucial that we invoke the compiler with the right name! +- if test "x$OPENJDK_BUILD_OS" != xaix; then +- AC_MSG_CHECKING([resolved symbolic links for $1]) +- BASIC_REMOVE_SYMBOLIC_LINKS(TEST_COMPILER) +- AC_MSG_RESULT([$TEST_COMPILER]) +- fi +- AC_MSG_CHECKING([if $1 is disguised ccache]) + +- COMPILER_BASENAME=`$BASENAME "$TEST_COMPILER"` +- if test "x$COMPILER_BASENAME" = "xccache"; then +- AC_MSG_RESULT([yes, trying to find proper $COMPILER_NAME compiler]) +- # We /usr/lib/ccache in the path, so cc is a symlink to /usr/bin/ccache. +- # We want to control ccache invocation ourselves, so ignore this cc and try +- # searching again. ++ AC_MSG_CHECKING([resolved symbolic links for $1]) ++ SYMLINK_ORIGINAL="$TEST_COMPILER" ++ BASIC_REMOVE_SYMBOLIC_LINKS(SYMLINK_ORIGINAL) ++ if test "x$TEST_COMPILER" = "x$SYMLINK_ORIGINAL"; then ++ AC_MSG_RESULT([no symlink]) ++ else ++ AC_MSG_RESULT([$SYMLINK_ORIGINAL]) + +- # Remove the path to the fake ccache cc from the PATH +- RETRY_COMPILER_SAVED_PATH="$PATH" +- COMPILER_DIRNAME=`$DIRNAME [$]$1` +- PATH="`$ECHO $PATH | $SED -e "s,$COMPILER_DIRNAME,,g" -e "s,::,:,g" -e "s,^:,,g"`" +- +- # Try again looking for our compiler +- AC_CHECK_TOOLS(PROPER_COMPILER_$1, $3) +- BASIC_FIXUP_EXECUTABLE(PROPER_COMPILER_$1) +- PATH="$RETRY_COMPILER_SAVED_PATH" +- +- AC_MSG_CHECKING([for resolved symbolic links for $1]) +- BASIC_REMOVE_SYMBOLIC_LINKS(PROPER_COMPILER_$1) +- AC_MSG_RESULT([$PROPER_COMPILER_$1]) +- $1="$PROPER_COMPILER_$1" +- else +- AC_MSG_RESULT([no, keeping $1]) ++ # We can't handle ccache by gcc wrappers, since we need to know if we're ++ # using ccache. Instead ccache usage must be controlled by a configure option. ++ COMPILER_BASENAME=`$BASENAME "$SYMLINK_ORIGINAL"` ++ if test "x$COMPILER_BASENAME" = "xccache"; then ++ AC_MSG_NOTICE([Please use --enable-ccache instead of providing a wrapped compiler.]) ++ AC_MSG_ERROR([$TEST_COMPILER is a symbolic link to ccache. This is not supported.]) ++ fi + fi + + TOOLCHAIN_CHECK_COMPILER_VERSION([$1], [$COMPILER_NAME]) diff --git a/SOURCES/pr2899.patch b/SOURCES/pr2899.patch new file mode 100644 index 0000000..58fb3c8 --- /dev/null +++ b/SOURCES/pr2899.patch @@ -0,0 +1,23 @@ +# HG changeset patch +# User andrew +# Date 1459313680 -3600 +# Wed Mar 30 05:54:40 2016 +0100 +# Node ID 9dc0eca5fa8926e6a952fa4f1931e78aa1f52443 +# Parent 8957aff589013e671f02d38023d5ff245ef27e87 +PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed +Contributed-by: Alex Kashchenko + +diff -r 8957aff58901 -r 9dc0eca5fa89 src/share/native/sun/security/ec/ecc_impl.h +--- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h Wed Mar 30 04:48:56 2016 +0100 ++++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h Wed Mar 30 05:54:40 2016 +0100 +@@ -267,8 +267,8 @@ + + #ifdef SYSTEM_NSS + #define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) +-#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d) +-#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigestWithSeed(a,b,c,d,e) ++#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b) ++#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigest(a,b,c) + #define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) + #define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) + #else diff --git a/SOURCES/pr2934.patch b/SOURCES/pr2934.patch new file mode 100644 index 0000000..21e769d --- /dev/null +++ b/SOURCES/pr2934.patch @@ -0,0 +1,90 @@ +# HG changeset patch +# User andrew +# Date 1461349033 -3600 +# Fri Apr 22 19:17:13 2016 +0100 +# Node ID dab76de2f91cf1791c03560a3f45aaa69f8351fd +# Parent 3fa42705acab6d69b6141f47ebba4f85739a338c +PR2934: SunEC provider throwing KeyException with current NSS +Summary: Initialise the random number generator and feed the seed to it. + +diff -r 3fa42705acab -r dab76de2f91c src/share/native/sun/security/ec/ECC_JNI.cpp +--- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Apr 20 03:39:11 2016 +0100 ++++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Fri Apr 22 19:17:13 2016 +0100 +@@ -134,8 +134,17 @@ + env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); + + // Generate the new keypair (using the supplied seed) ++#ifdef SYSTEM_NSS ++ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) ++ != SECSuccess) { ++ ThrowException(env, KEY_EXCEPTION); ++ goto cleanup; ++ } ++ if (EC_NewKey(ecparams, &privKey) != SECSuccess) { ++#else + if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer, + jSeedLength, 0) != SECSuccess) { ++#endif + ThrowException(env, KEY_EXCEPTION); + goto cleanup; + } +@@ -267,8 +276,18 @@ + env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); + + // Sign the digest (using the supplied seed) ++#ifdef SYSTEM_NSS ++ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) ++ != SECSuccess) { ++ ThrowException(env, KEY_EXCEPTION); ++ goto cleanup; ++ } ++ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item) ++ != SECSuccess) { ++#else + if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item, + (unsigned char *) pSeedBuffer, jSeedLength, 0) != SECSuccess) { ++#endif + ThrowException(env, KEY_EXCEPTION); + goto cleanup; + } +@@ -499,6 +518,9 @@ + if (SECOID_Init() != SECSuccess) { + ThrowException(env, INTERNAL_ERROR); + } ++ if (RNG_RNGInit() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } + #endif + } + +@@ -507,6 +529,7 @@ + (JNIEnv *env, jclass UNUSED(clazz)) + { + #ifdef SYSTEM_NSS ++ RNG_RNGShutdown(); + if (SECOID_Shutdown() != SECSuccess) { + ThrowException(env, INTERNAL_ERROR); + } +diff -r 3fa42705acab -r dab76de2f91c src/share/native/sun/security/ec/ecc_impl.h +--- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h Wed Apr 20 03:39:11 2016 +0100 ++++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h Fri Apr 22 19:17:13 2016 +0100 +@@ -254,8 +254,10 @@ + This function is no longer required because the random bytes are now + supplied by the caller. Force a failure. + */ ++#ifndef SYSTEM_NSS + #define RNG_GenerateGlobalRandomBytes(p,l) SECFailure + #endif ++#endif + #define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup + #define MP_TO_SEC_ERROR(err) + +@@ -267,8 +269,6 @@ + + #ifdef SYSTEM_NSS + #define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) +-#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b) +-#define ECDSA_SignDigest(a,b,c,d,e,f) ECDSA_SignDigest(a,b,c) + #define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) + #define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) + #else diff --git a/SOURCES/pr2974-rh1337583.patch b/SOURCES/pr2974-rh1337583.patch new file mode 100644 index 0000000..5c00050 --- /dev/null +++ b/SOURCES/pr2974-rh1337583.patch @@ -0,0 +1,148 @@ +# HG changeset patch +# User andrew +# Date 1464316115 -3600 +# Fri May 27 03:28:35 2016 +0100 +# Node ID 794541fbbdc323f7da8a5cee75611f977eee66ee +# Parent 0be28a33e12dfc9ae1e4be381530643f691d351a +PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings +Summary: Add -systemlineendings option to keytool to allow system line endings to be used again. + +diff -r 0be28a33e12d -r 794541fbbdc3 src/share/classes/sun/security/pkcs10/PKCS10.java +--- openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java Tue Dec 29 10:40:43 2015 -0500 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java Fri May 27 03:28:35 2016 +0100 +@@ -30,6 +30,7 @@ + import java.io.IOException; + import java.math.BigInteger; + ++import java.security.AccessController; + import java.security.cert.CertificateException; + import java.security.NoSuchAlgorithmException; + import java.security.InvalidKeyException; +@@ -39,6 +40,7 @@ + + import java.util.Base64; + ++import sun.security.action.GetPropertyAction; + import sun.security.util.*; + import sun.security.x509.AlgorithmId; + import sun.security.x509.X509Key; +@@ -76,6 +78,14 @@ + * @author Hemma Prafullchandra + */ + public class PKCS10 { ++ ++ private static final byte[] sysLineEndings; ++ ++ static { ++ sysLineEndings = ++ AccessController.doPrivileged(new GetPropertyAction("line.separator")).getBytes(); ++ } ++ + /** + * Constructs an unsigned PKCS #10 certificate request. Before this + * request may be used, it must be encoded and signed. Then it +@@ -286,13 +296,39 @@ + */ + public void print(PrintStream out) + throws IOException, SignatureException { ++ print(out, false); ++ } ++ ++ /** ++ * Prints an E-Mailable version of the certificate request on the print ++ * stream passed. The format is a common base64 encoded one, supported ++ * by most Certificate Authorities because Netscape web servers have ++ * used this for some time. Some certificate authorities expect some ++ * more information, in particular contact information for the web ++ * server administrator. ++ * ++ * @param out the print stream where the certificate request ++ * will be printed. ++ * @param systemLineEndings true if the request should be terminated ++ * using the system line endings. ++ * @exception IOException when an output operation failed ++ * @exception SignatureException when the certificate request was ++ * not yet signed. ++ */ ++ public void print(PrintStream out, boolean systemLineEndings) ++ throws IOException, SignatureException { ++ byte[] lineEndings; ++ + if (encoded == null) + throw new SignatureException("Cert request was not signed"); + ++ if (systemLineEndings) ++ lineEndings = sysLineEndings; ++ else ++ lineEndings = new byte[] {'\r', '\n'}; // CRLF + +- byte[] CRLF = new byte[] {'\r', '\n'}; + out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); +- out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(encoded)); ++ out.println(Base64.getMimeEncoder(64, lineEndings).encodeToString(encoded)); + out.println("-----END NEW CERTIFICATE REQUEST-----"); + } + +diff -r 0be28a33e12d -r 794541fbbdc3 src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java Tue Dec 29 10:40:43 2015 -0500 ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java Fri May 27 03:28:35 2016 +0100 +@@ -117,6 +117,7 @@ + private String infilename = null; + private String outfilename = null; + private String srcksfname = null; ++ private boolean systemLineEndings = false; + + // User-specified providers are added before any command is called. + // However, they are not removed before the end of the main() method. +@@ -163,7 +164,7 @@ + CERTREQ("Generates.a.certificate.request", + ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, + STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, +- PROVIDERARG, PROVIDERPATH, V, PROTECTED), ++ PROVIDERARG, PROVIDERPATH, SYSTEMLINEENDINGS, V, PROTECTED), + CHANGEALIAS("Changes.an.entry.s.alias", + ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, + STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, +@@ -296,6 +297,7 @@ + STARTDATE("startdate", "", "certificate.validity.start.date.time"), + STOREPASS("storepass", "", "keystore.password"), + STORETYPE("storetype", "", "keystore.type"), ++ SYSTEMLINEENDINGS("systemlineendings", null, "system.line.endings"), + TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), + V("v", null, "verbose.output"), + VALIDITY("validity", "", "validity.number.of.days"); +@@ -537,6 +539,8 @@ + protectedPath = true; + } else if (collator.compare(flags, "-srcprotected") == 0) { + srcprotectedPath = true; ++ } else if (collator.compare(flags, "-systemlineendings") == 0) { ++ systemLineEndings = true; + } else { + System.err.println(rb.getString("Illegal.option.") + flags); + tinyHelp(); +@@ -1335,7 +1339,7 @@ + + // Sign the request and base-64 encode it + request.encodeAndSign(subject, signature); +- request.print(out); ++ request.print(out, systemLineEndings); + } + + /** +@@ -4191,4 +4195,3 @@ + return new Pair<>(a,b); + } + } +- +diff -r 0be28a33e12d -r 794541fbbdc3 src/share/classes/sun/security/tools/keytool/Resources.java +--- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java Tue Dec 29 10:40:43 2015 -0500 ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java Fri May 27 03:28:35 2016 +0100 +@@ -168,6 +168,8 @@ + "keystore password"}, //-storepass + {"keystore.type", + "keystore type"}, //-storetype ++ {"system.line.endings", ++ "use system line endings rather than CRLF to terminate output"}, //-systemlineendings + {"trust.certificates.from.cacerts", + "trust certificates from cacerts"}, //-trustcacerts + {"verbose.output", diff --git a/SOURCES/pr2974-rh1343832.patch b/SOURCES/pr2974-rh1343832.patch deleted file mode 100644 index 5c00050..0000000 --- a/SOURCES/pr2974-rh1343832.patch +++ /dev/null @@ -1,148 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1464316115 -3600 -# Fri May 27 03:28:35 2016 +0100 -# Node ID 794541fbbdc323f7da8a5cee75611f977eee66ee -# Parent 0be28a33e12dfc9ae1e4be381530643f691d351a -PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings -Summary: Add -systemlineendings option to keytool to allow system line endings to be used again. - -diff -r 0be28a33e12d -r 794541fbbdc3 src/share/classes/sun/security/pkcs10/PKCS10.java ---- openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java Tue Dec 29 10:40:43 2015 -0500 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java Fri May 27 03:28:35 2016 +0100 -@@ -30,6 +30,7 @@ - import java.io.IOException; - import java.math.BigInteger; - -+import java.security.AccessController; - import java.security.cert.CertificateException; - import java.security.NoSuchAlgorithmException; - import java.security.InvalidKeyException; -@@ -39,6 +40,7 @@ - - import java.util.Base64; - -+import sun.security.action.GetPropertyAction; - import sun.security.util.*; - import sun.security.x509.AlgorithmId; - import sun.security.x509.X509Key; -@@ -76,6 +78,14 @@ - * @author Hemma Prafullchandra - */ - public class PKCS10 { -+ -+ private static final byte[] sysLineEndings; -+ -+ static { -+ sysLineEndings = -+ AccessController.doPrivileged(new GetPropertyAction("line.separator")).getBytes(); -+ } -+ - /** - * Constructs an unsigned PKCS #10 certificate request. Before this - * request may be used, it must be encoded and signed. Then it -@@ -286,13 +296,39 @@ - */ - public void print(PrintStream out) - throws IOException, SignatureException { -+ print(out, false); -+ } -+ -+ /** -+ * Prints an E-Mailable version of the certificate request on the print -+ * stream passed. The format is a common base64 encoded one, supported -+ * by most Certificate Authorities because Netscape web servers have -+ * used this for some time. Some certificate authorities expect some -+ * more information, in particular contact information for the web -+ * server administrator. -+ * -+ * @param out the print stream where the certificate request -+ * will be printed. -+ * @param systemLineEndings true if the request should be terminated -+ * using the system line endings. -+ * @exception IOException when an output operation failed -+ * @exception SignatureException when the certificate request was -+ * not yet signed. -+ */ -+ public void print(PrintStream out, boolean systemLineEndings) -+ throws IOException, SignatureException { -+ byte[] lineEndings; -+ - if (encoded == null) - throw new SignatureException("Cert request was not signed"); - -+ if (systemLineEndings) -+ lineEndings = sysLineEndings; -+ else -+ lineEndings = new byte[] {'\r', '\n'}; // CRLF - -- byte[] CRLF = new byte[] {'\r', '\n'}; - out.println("-----BEGIN NEW CERTIFICATE REQUEST-----"); -- out.println(Base64.getMimeEncoder(64, CRLF).encodeToString(encoded)); -+ out.println(Base64.getMimeEncoder(64, lineEndings).encodeToString(encoded)); - out.println("-----END NEW CERTIFICATE REQUEST-----"); - } - -diff -r 0be28a33e12d -r 794541fbbdc3 src/share/classes/sun/security/tools/keytool/Main.java ---- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java Tue Dec 29 10:40:43 2015 -0500 -+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java Fri May 27 03:28:35 2016 +0100 -@@ -117,6 +117,7 @@ - private String infilename = null; - private String outfilename = null; - private String srcksfname = null; -+ private boolean systemLineEndings = false; - - // User-specified providers are added before any command is called. - // However, they are not removed before the end of the main() method. -@@ -163,7 +164,7 @@ - CERTREQ("Generates.a.certificate.request", - ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, - STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, -- PROVIDERARG, PROVIDERPATH, V, PROTECTED), -+ PROVIDERARG, PROVIDERPATH, SYSTEMLINEENDINGS, V, PROTECTED), - CHANGEALIAS("Changes.an.entry.s.alias", - ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, - STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, -@@ -296,6 +297,7 @@ - STARTDATE("startdate", "", "certificate.validity.start.date.time"), - STOREPASS("storepass", "", "keystore.password"), - STORETYPE("storetype", "", "keystore.type"), -+ SYSTEMLINEENDINGS("systemlineendings", null, "system.line.endings"), - TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), - V("v", null, "verbose.output"), - VALIDITY("validity", "", "validity.number.of.days"); -@@ -537,6 +539,8 @@ - protectedPath = true; - } else if (collator.compare(flags, "-srcprotected") == 0) { - srcprotectedPath = true; -+ } else if (collator.compare(flags, "-systemlineendings") == 0) { -+ systemLineEndings = true; - } else { - System.err.println(rb.getString("Illegal.option.") + flags); - tinyHelp(); -@@ -1335,7 +1339,7 @@ - - // Sign the request and base-64 encode it - request.encodeAndSign(subject, signature); -- request.print(out); -+ request.print(out, systemLineEndings); - } - - /** -@@ -4191,4 +4195,3 @@ - return new Pair<>(a,b); - } - } -- -diff -r 0be28a33e12d -r 794541fbbdc3 src/share/classes/sun/security/tools/keytool/Resources.java ---- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java Tue Dec 29 10:40:43 2015 -0500 -+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java Fri May 27 03:28:35 2016 +0100 -@@ -168,6 +168,8 @@ - "keystore password"}, //-storepass - {"keystore.type", - "keystore type"}, //-storetype -+ {"system.line.endings", -+ "use system line endings rather than CRLF to terminate output"}, //-systemlineendings - {"trust.certificates.from.cacerts", - "trust certificates from cacerts"}, //-trustcacerts - {"verbose.output", diff --git a/SOURCES/removeSunEcProvider-RH1154143.patch b/SOURCES/removeSunEcProvider-RH1154143.patch deleted file mode 100644 index 02955a2..0000000 --- a/SOURCES/removeSunEcProvider-RH1154143.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -r 1fe56343ecc8 src/share/lib/security/java.security-linux ---- openjdk/jdk/src/share/lib/security/java.security-linux Tue Jan 12 21:01:12 2016 +0000 -+++ openjdk/jdk/src/share/lib/security/java.security-linux Tue Jan 12 23:59:19 2016 +0000 -@@ -67,13 +67,13 @@ - # - security.provider.1=sun.security.provider.Sun - security.provider.2=sun.security.rsa.SunRsaSign --security.provider.3=sun.security.ec.SunEC --security.provider.4=com.sun.net.ssl.internal.ssl.Provider --security.provider.5=com.sun.crypto.provider.SunJCE --security.provider.6=sun.security.jgss.SunProvider --security.provider.7=com.sun.security.sasl.Provider --security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI --security.provider.9=sun.security.smartcardio.SunPCSC -+security.provider.3=com.sun.net.ssl.internal.ssl.Provider -+security.provider.4=com.sun.crypto.provider.SunJCE -+security.provider.5=sun.security.jgss.SunProvider -+security.provider.6=com.sun.security.sasl.Provider -+security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI -+security.provider.8=sun.security.smartcardio.SunPCSC -+ - - # - # Sun Provider SecureRandom seed source. -@@ -509,7 +509,7 @@ - # - # Example: - # jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 --jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768 -+jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, EC, ECDHE, ECDH - - # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS) - # processing in JSSE implementation. diff --git a/SOURCES/rh1176206-jdk.patch b/SOURCES/rh1176206-jdk.patch new file mode 100644 index 0000000..23b8e52 --- /dev/null +++ b/SOURCES/rh1176206-jdk.patch @@ -0,0 +1,67 @@ +--- openjdk/jdk/make/lib/Awt2dLibraries.gmk 2016-02-29 17:11:00.497484904 +0100 ++++ openjdk/jdk/make/lib/Awt2dLibraries.gmk 2016-02-29 17:11:00.402486574 +0100 +@@ -618,7 +618,7 @@ + XRSurfaceData.c \ + XRBackendNative.c + +- LIBAWT_XAWT_LDFLAGS_SUFFIX := $(LIBM) -lawt -lXext -lX11 -lXrender $(LIBDL) -lXtst -lXi -ljava -ljvm -lc ++ LIBAWT_XAWT_LDFLAGS_SUFFIX := $(LIBM) -lawt -lXext -lX11 -lXrender -lXcomposite $(LIBDL) -lXtst -lXi -ljava -ljvm -lc + + ifeq ($(OPENJDK_TARGET_OS), linux) + # To match old build, add this to LDFLAGS instead of suffix. +--- openjdk/jdk/src/solaris/native/sun/awt/awt_Robot.c 2016-02-29 17:11:00.777479982 +0100 ++++ openjdk/jdk/src/solaris/native/sun/awt/awt_Robot.c 2016-02-29 17:11:00.677481740 +0100 +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + #include + #include + #include "robot_common.h" +@@ -88,6 +89,32 @@ + return isXTestAvailable; + } + ++static Bool hasXCompositeOverlayExtension(Display *display) { ++ ++ int xoverlay = False; ++ int eventBase, errorBase; ++ if (XCompositeQueryExtension(display, &eventBase, &errorBase)) { ++ int major = 0; ++ int minor = 0; ++ ++ XCompositeQueryVersion(display, &major, &minor); ++ if (major > 0 || minor >= 3) ++ xoverlay = True; ++ } ++ ++ return xoverlay; ++} ++ ++static jboolean isXCompositeDisplay(Display *display, int screenNumber) { ++ ++ char NET_WM_CM_Sn[25]; ++ snprintf(NET_WM_CM_Sn, sizeof(NET_WM_CM_Sn), "_NET_WM_CM_S%d\0", screenNumber); ++ ++ Atom managerSelection = XInternAtom(display, NET_WM_CM_Sn, 0); ++ Window owner = XGetSelectionOwner(display, managerSelection); ++ ++ return owner != 0; ++} + + static XImage *getWindowImage(Display * display, Window window, + int32_t x, int32_t y, +@@ -232,6 +259,12 @@ + DASSERT(adata != NULL); + + rootWindow = XRootWindow(awt_display, adata->awt_visInfo.screen); ++ if (isXCompositeDisplay(awt_display, adata->awt_visInfo.screen) && ++ hasXCompositeOverlayExtension(awt_display)) ++ { ++ rootWindow = XCompositeGetOverlayWindow(awt_display, rootWindow); ++ } ++ + image = getWindowImage(awt_display, rootWindow, x, y, width, height); + + /* Array to use to crunch around the pixel values */ diff --git a/SOURCES/rh1176206-root.patch b/SOURCES/rh1176206-root.patch new file mode 100644 index 0000000..db1061c --- /dev/null +++ b/SOURCES/rh1176206-root.patch @@ -0,0 +1,31 @@ +--- openjdk/common/autoconf/help.m4 2016-02-29 17:10:45.542747800 +0100 ++++ openjdk/common/autoconf/help.m4 2016-02-29 17:10:45.500748539 +0100 +@@ -112,7 +112,7 @@ + pulse) + PKGHANDLER_COMMAND="sudo apt-get install libpulse-dev" ;; + x11) +- PKGHANDLER_COMMAND="sudo apt-get install libX11-dev libxext-dev libxrender-dev libxtst-dev libxt-dev" ;; ++ PKGHANDLER_COMMAND="sudo apt-get install libX11-dev libxext-dev libxrender-dev libxtst-dev libxt-dev libXcomposite-dev" ;; + ccache) + PKGHANDLER_COMMAND="sudo apt-get install ccache" ;; + esac +--- openjdk/common/autoconf/libraries.m4 2016-02-29 17:10:45.716744742 +0100 ++++ openjdk/common/autoconf/libraries.m4 2016-02-29 17:10:45.675745462 +0100 +@@ -153,7 +153,7 @@ + CFLAGS="$CFLAGS $X_CFLAGS" + + # Need to include Xlib.h and Xutil.h to avoid "present but cannot be compiled" warnings on Solaris 10 +- AC_CHECK_HEADERS([X11/extensions/shape.h X11/extensions/Xrender.h X11/extensions/XTest.h X11/Intrinsic.h], ++ AC_CHECK_HEADERS([X11/extensions/shape.h X11/extensions/Xrender.h X11/extensions/XTest.h X11/Intrinsic.h X11/extensions/Xcomposite.h], + [X11_A_OK=yes], + [X11_A_OK=no; break], + [ +@@ -167,7 +167,7 @@ + + if test "x$X11_A_OK" = xno && test "x$X11_NOT_NEEDED" != xyes; then + HELP_MSG_MISSING_DEPENDENCY([x11]) +- AC_MSG_ERROR([Could not find all X11 headers (shape.h Xrender.h XTest.h Intrinsic.h). $HELP_MSG]) ++ AC_MSG_ERROR([Could not find all X11 headers (shape.h Xrender.h XTest.h Intrinsic.h Xcomposite.h). $HELP_MSG]) + fi + + AC_SUBST(X_CFLAGS) diff --git a/SOURCES/rh1367357.patch b/SOURCES/rh1367357.patch deleted file mode 100644 index 254be99..0000000 --- a/SOURCES/rh1367357.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff --git a/src/share/native/sun/java2d/cmm/lcms/cmstypes.c b/src/share/native/sun/java2d/cmm/lcms/cmstypes.c ---- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c -+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/cmstypes.c -@@ -1484,6 +1484,7 @@ - - // Check for overflow - if (Offset < (SizeOfHeader + 8)) goto Error; -+ if ((Offset + Len) > SizeOfTag + 8) goto Error; - - // True begin of the string - BeginOfThisString = Offset - SizeOfHeader - 8; diff --git a/SOURCES/s390-size_t_format_flags.patch b/SOURCES/s390-size_t_format_flags.patch index 451c806..b9ae9ab 100644 --- a/SOURCES/s390-size_t_format_flags.patch +++ b/SOURCES/s390-size_t_format_flags.patch @@ -128,3 +128,16 @@ diff -r cf43a852f486 src/share/vm/utilities/globalDefinitions.hpp #define INTX_FORMAT "%" PRIdPTR #define UINTX_FORMAT "%" PRIuPTR +diff -r 388e9d0905e6 src/share/vm/memory/collectorPolicy.cpp +--- openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp Mon Apr 11 11:33:18 2016 +0000 ++++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp Tue Apr 12 04:12:50 2016 +0100 +@@ -1056,7 +1056,8 @@ + size_t expected = msp.scale_by_NewRatio_aligned(initial_heap_size); + assert(msp.initial_gen0_size() == expected, err_msg("%zu != %zu", msp.initial_gen0_size(), expected)); + assert(FLAG_IS_ERGO(NewSize) && NewSize == expected, +- err_msg("NewSize should have been set ergonomically to %zu, but was %zu", expected, NewSize)); ++ err_msg("NewSize should have been set ergonomically to " SIZE_FORMAT ", but was " UINTX_FORMAT, ++ expected, NewSize)); + } + + private: diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index a017e9c..0af647e 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -20,16 +20,8 @@ %global build_loop1 %{nil} %endif -%global aarch64 aarch64 arm64 armv8 -# sometimes we need to distinguish big and little endian PPC64 -%global ppc64le ppc64le -%global ppc64be ppc64 ppc64p7 -%global multilib_arches %{power64} sparc64 x86_64 -%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} -%global debug_arches %{ix86} x86_64 - -# By default, we build a debug build during main build on JIT architectures -%ifarch %{debug_arches} +# by default we build debug build during main build only on intel arches +%ifarch %{ix86} x86_64 %global include_debug_build 1 %else %global include_debug_build 0 @@ -50,7 +42,7 @@ %ifarch %{jit_arches} %global bootstrap_build 1 %else -%global bootstrap_build 0 +%global bootstrap_build 1 %endif %if %{bootstrap_build} @@ -59,6 +51,13 @@ %global targets all %endif +%global aarch64 aarch64 arm64 armv8 +# sometimes we need to distinguish big and little endian PPC64 +%global ppc64le ppc64le +%global ppc64be ppc64 ppc64p7 +%global multilib_arches %{power64} sparc64 x86_64 +%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} + %ifarch %{aarch64} # Disable hardened build on AArch64 as it didn't bootcycle %undefine _hardened_build @@ -80,6 +79,15 @@ #looks liekopenjdk RPM specific bug # Always set this so the nss.cfg file is not broken %global NSS_LIBDIR %(pkg-config --variable=libdir nss) +%global NSS_LIBS %(pkg-config --libs nss) +%global NSS_CFLAGS %(pkg-config --cflags nss-softokn) +# see https://bugzilla.redhat.com/show_bug.cgi?id=1332456 +%global NSSSOFTOKN_BUILDTIME_NUMBER %(pkg-config --modversion nss-softokn || : ) +%global NSS_BUILDTIME_NUMBER %(pkg-config --modversion nss || : ) +#this is worakround for processing of requires during srpm creation +%global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi) +%global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi) + # fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349 %global _privatelibs libmawt[.]so.* @@ -148,7 +156,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global project aarch64-port %global repo jdk8u -%global revision aarch64-jdk8u111-b15 +%global revision aarch64-jdk8u102-b14 # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) %global whole_update %(VERSION=%{revision}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 @@ -180,6 +188,8 @@ %global jrebindir() %{expand:%{_jvmdir}/%{jredir %%1}/bin} %global jvmjardir() %{expand:%{_jvmjardir}/%{uniquesuffix %%1}} +%global rpm_state_dir %{_localstatedir}/lib/rpm-state/ + %if %{with_systemtap} # Where to install systemtap tapset (links) # We would like these to be in a package specific subdir, @@ -230,8 +240,7 @@ if [ "$1" -gt 1 ]; then "${sum}" = '400cc64d4dd31f36dc0cc2c701d603db' -o \\ "${sum}" = '321342219bb130d238ff144b9e5dbfc1' -o \\ "${sum}" = '134a37a84983b620f4d8d51a550c0c38' -o \\ - "${sum}" = '5ea976e209d0d0b5b6ab148416123e02' -o \\ - "${sum}" = 'b727442b4ac0e3b8a26ec9741ad463e5' ]; then + "${sum}" = '5ea976e209d0d0b5b6ab148416123e02' ]; then if [ -f "${javasecurity}.rpmnew" ]; then mv -f "${javasecurity}.rpmnew" "${javasecurity}" fi @@ -253,7 +262,7 @@ fi ext=.gz alternatives \\ - --install %{_bindir}/java java %{jrebindir %%1}/java $PRIORITY \\ + --install %{_bindir}/java java %{jrebindir %%1}/java $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir %%1} \\ --slave %{_jvmjardir}/jre jre_exports %{_jvmjardir}/%{jrelnk %%1} \\ --slave %{_bindir}/jjs jjs %{jrebindir %%1}/jjs \\ @@ -292,12 +301,12 @@ alternatives \\ for X in %{origin} %{javaver} ; do alternatives \\ --install %{_jvmdir}/jre-"$X" \\ - jre_"$X" %{_jvmdir}/%{jredir %%1} $PRIORITY \\ + jre_"$X" %{_jvmdir}/%{jredir %%1} $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmjardir}/jre-"$X" \\ jre_"$X"_exports %{_jvmdir}/%{jredir %%1} done -update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk %%1} $PRIORITY \\ +update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk %%1} $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmjardir}/jre-%{javaver} jre_%{javaver}_%{origin}_exports %{jvmjardir %%1} update-desktop-database %{_datadir}/applications &> /dev/null || : @@ -335,7 +344,7 @@ fi ext=.gz alternatives \\ - --install %{_bindir}/javac javac %{sdkbindir %%1}/javac $PRIORITY \\ + --install %{_bindir}/javac javac %{sdkbindir %%1}/javac $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir %%1} \\ --slave %{_jvmjardir}/java java_sdk_exports %{_jvmjardir}/%{sdkdir %%1} \\ --slave %{_bindir}/appletviewer appletviewer %{sdkbindir %%1}/appletviewer \\ @@ -428,12 +437,12 @@ alternatives \\ for X in %{origin} %{javaver} ; do alternatives \\ --install %{_jvmdir}/java-"$X" \\ - java_sdk_"$X" %{_jvmdir}/%{sdkdir %%1} $PRIORITY \\ + java_sdk_"$X" %{_jvmdir}/%{sdkdir %%1} $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmjardir}/java-"$X" \\ java_sdk_"$X"_exports %{_jvmjardir}/%{sdkdir %%1} done -update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir %%1} $PRIORITY \\ +update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir %%1} $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmjardir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin}_exports %{_jvmjardir}/%{sdkdir %%1} update-desktop-database %{_datadir}/applications &> /dev/null || : @@ -470,7 +479,7 @@ fi alternatives \\ --install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir %%1}/api \\ - $PRIORITY + $PRIORITY --family %{name} exit 0 } @@ -479,6 +488,24 @@ exit 0 exit 0 } +%global post_javadoc_zip() %{expand: + +PRIORITY=%{priority} +if [ "%1" == %{debug_suffix} ]; then + let PRIORITY=PRIORITY-1 +fi + +alternatives \\ + --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir %%1}.zip \\ + $PRIORITY --family %{name} +exit 0 +} + +%global postun_javadoc_zip() %{expand: + alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir %%1}.zip +exit 0 +} + %global files_jre() %{expand: %{_datadir}/icons/hicolor/*x*/apps/java-%{javaver}.png %{_datadir}/applications/*policytool%1.desktop @@ -593,6 +620,12 @@ exit 0 %doc %{buildoutputdir %%1}/images/%{j2sdkimage}/jre/LICENSE } +%global files_javadoc_zip() %{expand: +%defattr(-,root,root,-) +%doc %{_javadocdir}/%{uniquejavadocdir %%1}.zip +%doc %{buildoutputdir %%1}/images/%{j2sdkimage}/jre/LICENSE +} + %global files_accessibility() %{expand: %{_jvmdir}/%{jredir %%1}/lib/%{archinstall}/libatk-wrapper.so %{_jvmdir}/%{jredir %%1}/lib/ext/java-atk-wrapper.jar @@ -601,7 +634,7 @@ exit 0 # not-duplicated requires/provides/obsolate for normal/debug packages %global java_rpo() %{expand: -Requires: fontconfig +Requires: fontconfig%{?_isa} Requires: xorg-x11-fonts-Type1 # Requires rest of java @@ -633,11 +666,21 @@ Requires: jpackage-utils # Require zoneinfo data provided by tzdata-java subpackage. Requires: tzdata-java >= 2015d # libsctp.so.1 is being `dlopen`ed on demand -Requires: lksctp-tools +Requires: lksctp-tools%{?_isa} +# there is a need to depend on the exact version of NSS +Requires: nss%{?_isa} %{NSS_BUILDTIME_VERSION} +Requires: nss-softokn%{?_isa} %{NSSSOFTOKN_BUILDTIME_VERSION} +# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum eforce it, not rpm transaction and so no configs are persisted when pure rpm -u is run. I t may be consiedered as regression +Requires: copy-jdk-configs >= 1.1-3 +OrderWithRequires: copy-jdk-configs # Post requires alternatives to install tool alternatives. Requires(post): %{_sbindir}/alternatives +# in version 1.7 and higher for --family switch +Requires(post): chkconfig >= 1.7 # Postun requires alternatives to uninstall tool alternatives. Requires(postun): %{_sbindir}/alternatives +# in version 1.7 and higher for --family switch +Requires(postun): chkconfig >= 1.7 # Standard JPackage base provides. Provides: jre-%{javaver}-%{origin}-headless%1 = %{epoch}:%{version}-%{release} @@ -659,6 +702,9 @@ Provides: jce%1 = %{epoch}:%{version} Provides: jdbc-stdext%1 = 4.1 Provides: java-sasl%1 = %{epoch}:%{version} +#https://bugzilla.redhat.com/show_bug.cgi?id=1312019 +Provides: /usr/bin/jjs + #Obsoletes: java-1.7.0-openjdk-headless%1 } @@ -668,17 +714,21 @@ Requires: %{name}%1 = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%1 = %{epoch}:%{version}-%{release} # Post requires alternatives to install tool alternatives. Requires(post): %{_sbindir}/alternatives +# in version 1.7 and higher for --family switch +Requires(post): chkconfig >= 1.7 # Postun requires alternatives to uninstall tool alternatives. Requires(postun): %{_sbindir}/alternatives +# in version 1.7 and higher for --family switch +Requires(postun): chkconfig >= 1.7 # Standard JPackage devel provides. -#Provides: java-sdk-%{javaver}-%{origin}%1 = %{epoch}:%{version} -#Provides: java-sdk-%{javaver}%1 = %{epoch}:%{version} -#Provides: java-sdk-%{origin}%1 = %{epoch}:%{version} -#Provides: java-sdk%1 = %{epoch}:%{javaver} -#Provides: java-%{javaver}-devel%1 = %{epoch}:%{version} -#Provides: java-devel-%{origin}%1 = %{epoch}:%{version} -#Provides: java-devel%1 = %{epoch}:%{javaver} +Provides: java-sdk-%{javaver}-%{origin}%1 = %{epoch}:%{version} +Provides: java-sdk-%{javaver}%1 = %{epoch}:%{version} +Provides: java-sdk-%{origin}%1 = %{epoch}:%{version} +Provides: java-sdk%1 = %{epoch}:%{javaver} +Provides: java-%{javaver}-devel%1 = %{epoch}:%{version} +Provides: java-devel-%{origin}%1 = %{epoch}:%{version} +Provides: java-devel%1 = %{epoch}:%{javaver} #Obsoletes: java-1.7.0-openjdk-devel%1 #Obsoletes: java-1.5.0-gcj-devel%1 @@ -696,8 +746,12 @@ OrderWithRequires: %{name}-headless%1 = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%1 = %{epoch}:%{version}-%{release} # Post requires alternatives to install javadoc alternative. Requires(post): %{_sbindir}/alternatives +# in version 1.7 and higher for --family switch +Requires(post): chkconfig >= 1.7 # Postun requires alternatives to uninstall javadoc alternative. Requires(postun): %{_sbindir}/alternatives +# in version 1.7 and higher for --family switch +Requires(postun): chkconfig >= 1.7 # Standard JPackage javadoc provides. Provides: java-javadoc%1 = %{epoch}:%{version}-%{release} @@ -726,7 +780,7 @@ OrderWithRequires: %{name}-headless%1 = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever} -Release: 1.%{buildver}%{?dist} +Release: 4.%{buildver}%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons, # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -746,7 +800,7 @@ URL: http://openjdk.java.net/ # aarch64-port now contains integration forest of both aarch64 and normal jdk # Source from upstream OpenJDK8 project. To regenerate, use -# VERSION=aarch64-jdk8u111-b15 FILE_NAME_ROOT=aarch64-port-jdk8u-${VERSION} +# VERSION=aarch64-jdk8u102-b14 FILE_NAME_ROOT=aarch64-port-jdk8u-${VERSION} # REPO_ROOT= generate_source_tarball.sh # where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} Source0: %{project}-%{repo}-%{revision}.tar.xz @@ -773,6 +827,9 @@ Source12: %{name}-remove-intree-libraries.sh # Ensure we aren't using the limited crypto policy Source13: TestCryptoLevel.java +# Ensure ECDSA is working +Source14: TestECDSA.java + Source20: repackReproduciblePolycies.sh # New versions of config files with aarch64 support. This is not upstream yet. @@ -792,12 +849,28 @@ Patch3: java-atk-wrapper-security.patch Patch5: multiple-pkcs11-library-init.patch # PR2095, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure (sync with IcedTea 2.x) Patch504: rh1163501.patch -# S4890063, PR2304, RH1214835: HPROF: default text truncated when using doe=n option (upstreaming post-CPU 2015/07) +# S4890063, PR2304, RH1214835: HPROF: default text truncated when using doe=n option Patch511: rh1214835.patch # Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions Patch512: no_strict_overflow.patch +# Support for building the SunEC provider with the system NSS installation +# PR1983: Support using the system installation of NSS with the SunEC provider +# PR2127: SunEC provider crashes when built using system NSS +# PR2815: Race condition in SunEC provider with system NSS +# PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed +# PR2934: SunEC provider throwing KeyException with current NSS +Patch513: pr1983-jdk.patch +Patch514: pr1983-root.patch +Patch515: pr2127.patch +Patch516: pr2815.patch +Patch517: pr2899.patch +Patch518: pr2934.patch +# S8150954, RH1176206, PR2866: Taking screenshots on x11 composite desktop produces wrong result +# In progress: http://mail.openjdk.java.net/pipermail/awt-dev/2016-March/010742.html +Patch508: rh1176206-jdk.patch +Patch509: rh1176206-root.patch # RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings -Patch523: pr2974-rh1343832.patch +Patch523: pr2974-rh1337583.patch # PR3083, RH1346460: Regression in SSL debug output without an ECC provider Patch528: pr3083-rh1346460.patch @@ -823,8 +896,17 @@ Patch203: system-lcms.patch # PR2462: Backport "8074839: Resolve disabled warnings for libunpack and the unpack200 binary" # This fixes printf warnings that lead to build failure with -Werror=format-security from optflags Patch502: pr2462.patch +# S8148351, PR2842: Only display resolved symlink for compiler, do not change path +Patch506: pr2842-01.patch +Patch507: pr2842-02.patch +# S8154313: Generated javadoc scattered all over the place +Patch400: 8154313.patch # S6260348, PR3066: GTK+ L&F JTextComponent not respecting desktop caret blink rate Patch526: 6260348-pr3066.patch +# S8157306, PR3121, RH1360863: Random infrequent null pointer exceptions in javac +Patch531: 8157306-pr3121-rh1360863.patch +# S8162384, PR3122, RH1358661: Performance regression: bimorphic inlining may be bypassed by type speculation +Patch532: 8162384-pr3122-rh1358661.patch # Patches upstream and appearing in 8u111 # S8159244, PR3074: Partially initialized string object created by C2's string concat optimization may escape @@ -845,12 +927,10 @@ Patch524: 8158260-pr2991-rh1341258.patch Patch201: system-libjpeg.patch # Local fixes -# Turns off ECC support as we don't ship the SunEC provider currently -Patch12: removeSunEcProvider-RH1154143.patch -# RH1367357: lcms2: Out-of-bounds read in Type_MLU_Read() -Patch533: rh1367357.patch -# Turn on AssumeMP by default on RHEL systems -Patch534: always_assumemp.patch +# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS +Patch525: pr1834-rh1022017.patch +# Temporary fix for typo in CORBA security patch +Patch529: corba_typo_fix.patch # Non-OpenJDK fixes @@ -878,7 +958,6 @@ BuildRequires: libXtst-devel BuildRequires: nss-devel BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel -#BuildRequires: redhat-lsb BuildRequires: zip BuildRequires: java-1.8.0-openjdk-devel # Zero-assembler build requirement. @@ -886,6 +965,10 @@ BuildRequires: java-1.8.0-openjdk-devel BuildRequires: libffi-devel %endif BuildRequires: tzdata-java >= 2015d +# Earlier versions have a bug in tree vectorization on PPC +BuildRequires: gcc >= 4.8.3-8 +# Build requirements for SunEC system NSS support +BuildRequires: nss-softokn-freebl-devel >= 3.16.1 # cacerts build requirement. BuildRequires: openssl @@ -893,7 +976,6 @@ BuildRequires: openssl BuildRequires: systemtap-sdt-devel %endif - # this is built always, also during debug-only build # when it is built in debug-only, then this package is just placeholder %{java_rpo %{nil}} @@ -1016,6 +1098,19 @@ BuildArch: noarch The OpenJDK API documentation. %endif +%if %{include_normal_build} +%package javadoc-zip +Summary: OpenJDK API Documentation compressed in single archive +Group: Documentation +Requires: javapackages-tools +BuildArch: noarch + +%{java_javadoc_rpo %{nil}} + +%description javadoc-zip +The OpenJDK API documentation compressed in single archive. +%endif + %if %{include_debug_build} %package javadoc-debug Summary: OpenJDK API Documentation %{for_debug} @@ -1029,6 +1124,20 @@ BuildArch: noarch The OpenJDK API documentation %{for_debug}. %endif +%if %{include_debug_build} +%package javadoc-zip-debug +Summary: OpenJDK API Documentation compressed in single archive %{for_debug} +Group: Documentation +Requires: javapackages-tools +BuildArch: noarch + +%{java_javadoc_rpo %{debug_suffix_unquoted}} + +%description javadoc-zip-debug +The OpenJDK API documentation compressed in single archive %{for_debug}. +%endif + + %if %{include_normal_build} %package accessibility Summary: OpenJDK accessibility connector @@ -1105,7 +1214,6 @@ sh %{SOURCE12} %patch3 %patch5 %patch7 -%patch12 # s390 build fixes %patch100 @@ -1124,20 +1232,29 @@ sh %{SOURCE12} %patch502 %patch504 +%patch506 +%patch507 +%patch508 +%patch509 %patch511 %patch512 +%patch513 +%patch514 +%patch515 +%patch516 +%patch517 +%patch518 +%patch400 %patch521 %patch522 %patch523 +%patch525 %patch526 %patch527 %patch528 -%patch533 - -# RHEL-only patches -%if 0%{?rhel} -%patch534 -%endif +%patch529 +%patch531 +%patch532 # Extract systemtap tapsets %if %{with_systemtap} @@ -1200,15 +1317,10 @@ export CFLAGS="$CFLAGS -mieee" %endif # We use ourcppflags because the OpenJDK build seems to -# pass these to the HotSpot C++ compiler... +# pass EXTRA_CFLAGS to the HotSpot C++ compiler... EXTRA_CFLAGS="%ourcppflags" -# Disable various optimizations to fix miscompliation. See: -# - https://bugzilla.redhat.com/show_bug.cgi?id=1120792 -EXTRA_CPP_FLAGS="%ourcppflags -fno-tree-vrp" -# PPC/PPC64 needs -fno-tree-vectorize since -O3 would -# otherwise generate wrong code producing segfaults. +EXTRA_CPP_FLAGS="%ourcppflags" %ifarch %{power64} ppc -EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-tree-vectorize" # fix rpmlint warnings EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif @@ -1228,6 +1340,8 @@ fi mkdir -p %{buildoutputdir $suffix} pushd %{buildoutputdir $suffix} +NSS_LIBS="%{NSS_LIBS} -lfreebl" \ +NSS_CFLAGS="%{NSS_CFLAGS}" \ bash ../../configure \ %ifnarch %{jit_arches} --with-jvm-variants=zero \ @@ -1239,6 +1353,7 @@ bash ../../configure \ --with-boot-jdk=/usr/lib/jvm/java-openjdk \ --with-debug-level=$debugbuild \ --enable-unlimited-crypto \ + --enable-system-nss \ --with-zlib=system \ --with-libjpeg=system \ --with-giflib=system \ @@ -1266,6 +1381,8 @@ make \ LOG=trace \ %{targets} +make zip-docs + # the build (erroneously) removes read permissions from some jars # this is a regression in OpenJDK 7 (our compiler): # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 @@ -1305,6 +1422,10 @@ export JAVA_HOME=$(pwd)/%{buildoutputdir $suffix}/images/%{j2sdkimage} $JAVA_HOME/bin/javac -d . %{SOURCE13} $JAVA_HOME/bin/java TestCryptoLevel +# Check ECC is working +$JAVA_HOME/bin/javac -d . %{SOURCE14} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + # Check debug symbols are present and can identify code SERVER_JVM="$JAVA_HOME/jre/lib/%{archinstall}/server/libjvm.so" if [ -f "$SERVER_JVM" ] ; then @@ -1331,8 +1452,6 @@ $JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from" $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable - -#build cycles done %install @@ -1444,6 +1563,7 @@ popd # Install Javadoc documentation. install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} cp -a %{buildoutputdir $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir $suffix} +cp -a %{buildoutputdir $suffix}/bundles/jdk-%{javaver}_%{updatever}$suffix-%{buildver}-docs.zip $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir $suffix}.zip # Install icons and menu entries. for s in 16 24 32 48 ; do @@ -1542,6 +1662,8 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}/demo \ popd bash %{SOURCE20} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir $suffix} %{javaver} +# https://bugzilla.redhat.com/show_bug.cgi?id=1183793 +touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir $suffix}/lib/security/java.security # end, dual install done @@ -1549,173 +1671,45 @@ done %if %{include_normal_build} # intentioanlly only for non-debug %pretrans headless -p --- see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue - +-- see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue +-- see https://bugzilla.redhat.com/show_bug.cgi?id=1290388 for pretrans over pre +-- if copy-jdk-configs is in transaction, it installs in pretrans to temp +-- if copy_jdk_configs is in temp, then it means that copy-jdk-configs is in tranasction and so is +-- preferred over one in %%{_libexecdir}. If it is not in transaction, then depends +-- whether copy-jdk-configs is installed or not. If so, then configs are copied +-- (copy_jdk_configs from %%{_libexecdir} used) or not copied at all local posix = require "posix" +local debug = false -local currentjvm = "%{uniquesuffix %{nil}}" -local jvmdir = "%{_jvmdir %{nil}}" -local jvmDestdir = jvmdir -local origname = "%{name}" -local origjavaver = "%{javaver}" ---trasnform substitute names to lua patterns ---all percentages must be doubled for case of RPM escapingg -local name = string.gsub(string.gsub(origname, "%%-", "%%%%-"), "%%.", "%%%%.") -local javaver = string.gsub(origjavaver, "%%.", "%%%%.") -local arch ="%{_arch}" -local debug = false; - -local jvms = { } - -local caredFiles = {"jre/lib/calendars.properties", - "jre/lib/content-types.properties", - "jre/lib/flavormap.properties", - "jre/lib/logging.properties", - "jre/lib/net.properties", - "jre/lib/psfontj2d.properties", - "jre/lib/sound.properties", - "jre/lib/deployment.properties", - "jre/lib/deployment.config", - "jre/lib/security/US_export_policy.jar", - "jre/lib/security/java.policy", - "jre/lib/security/java.security", - "jre/lib/security/local_policy.jar", - "jre/lib/security/nss.cfg,", - "jre/lib/ext"} - -function splitToTable(source, pattern) - local i1 = string.gmatch(source, pattern) - local l1 = {} - for i in i1 do - table.insert(l1, i) - end - return l1 -end - -if (debug) then - print("started") -end; - -foundJvms = posix.dir(jvmdir); -if (foundJvms == nil) then - if (debug) then - print("no, or nothing in "..jvmdir.." exit") - end; - return -end - -if (debug) then - print("found "..#foundJvms.."jvms") -end; +SOURCE1 = "%{rpm_state_dir}/copy_jdk_configs.lua" +SOURCE2 = "%{_libexecdir}/copy_jdk_configs.lua" -for i,p in pairs(foundJvms) do --- regex similar to %{_jvmdir}/%{name}-%{javaver}*%{_arch} bash command ---all percentages must be doubled for case of RPM escapingg - if (string.find(p, name.."%%-"..javaver..".*"..arch) ~= nil ) then - if (debug) then - print("matched: "..p) - end; - if (currentjvm == p) then - if (debug) then - print("this jdk is already installed. exiting lua script") - end; - return - end ; - table.insert(jvms, p) - else - if (debug) then - print("NOT matched: "..p) - end; - end -end +local stat1 = posix.stat(SOURCE1, "type"); +local stat2 = posix.stat(SOURCE2, "type"); -if (#jvms <=0) then + if (stat1 ~= nil) then if (debug) then - print("no matching jdk in "..jvmdir.." exit") + print(SOURCE1 .." exists - copy-jdk-configs in transaction, using this one.") end; - return -end; - -if (debug) then - print("matched "..#jvms.." jdk in "..jvmdir) -end; - ---full names are like java-1.7.0-openjdk-1.7.0.60-2.4.5.1.fc20.x86_64 -table.sort(jvms , function(a,b) --- version-sort --- split on non word: . - - local l1 = splitToTable(a, "[^%.-]+") - local l2 = splitToTable(b, "[^%.-]+") - for x = 1, math.min(#l1, #l2) do - local l1x = tonumber(l1[x]) - local l2x = tonumber(l2[x]) - if (l1x ~= nil and l2x ~= nil)then ---if hunks are numbers, go with them - if (l1x < l2x) then return true; end - if (l1x > l2x) then return false; end - else - if (l1[x] < l2[x]) then return true; end - if (l1[x] > l2[x]) then return false; end - end --- if hunks are equals then move to another pair of hunks - end -return a - 1:1.8.0.111-1.b15 -- Keep debug architecture set the same on RHEL 7.2 -- Resolves: rhbz#1381990 - -* Mon Oct 10 2016 Andrew Hughes - 1:1.8.0.111-1.b15 -- Bump release for rebuild. -- Resolves: rhbz#1381990 - -* Mon Oct 10 2016 Andrew Hughes - 1:1.8.0.111-1.b15 -- Turn debug builds on for all JIT architectures. Always AssumeMP on RHEL. -- Resolves: rhbz#1381990 - -* Fri Oct 07 2016 Andrew Hughes - 1:1.8.0.111-0.b15 -- Update to aarch64-jdk8u111-b15, with AArch64 fix for S8160591. -- Swap java.security md5sum for 7.2.z version with ECC patch. -- Resolves: rhbz#1381990 - -* Fri Oct 07 2016 Andrew Hughes - 1:1.8.0.111-0.b14 -- Update to aarch64-jdk8u111-b14. -- Add latest md5sum for java.security file due to jar signing property addition. -- Drop S8157306 and the CORBA typo fix, both of which appear upstream in u111. -- Add LCMS 2 patch to fix Red Hat security issue RH1367357 in the local OpenJDK copy. -- Resolves: rhbz#1381990 - -* Wed Aug 31 2016 Jiri Vanek - 1:1.8.0.102-1.b14 +* Wed Sep 14 2016 Andrew Hughes - 1:1.8.0.102-4.b14 +- Runtime native library requirements need to match the architecture of the JDK +- Resolves: rhbz#1375224 + +* Mon Sep 05 2016 Andrew Hughes - 1:1.8.0.102-3.b14 +- Rebuild java-1.8.0-openjdk for GCC aarch64 stack epilogue code generation fix (RH1372750) +- Resolves: rhbz#1359857 + +* Wed Aug 31 2016 Jiri Vanek - 1:1.8.0.102-2.b14 - declared check_sum_presented_in_spec and used in prep and check - it is checking that latest packed java.security is mentioned in listing -- Resolves: rhbz#1368440 +- Resolves: rhbz#1295754 + +* Mon Aug 29 2016 Jiri Vanek - 1:1.8.0.102-2.b14 +- @prefix@ in tapsetfiles substitued by prefix as necessary to work with systemtap3 (rhbz1371005) +- Resolves: rhbz#1295754 -* Tue Aug 30 2016 Jiri Vanek - 1:1.8.0.102-1.b14 -- New variable, @prefix@, needs to be substituted in tapsets (rhbz1371005) -- Resolves: rhbz#1368440 +* Thu Aug 25 2016 jvanek - 1:1.8.0.102-1.b14 +- jjs provides moved to headless +- Resolves: rhbz#1312019 -* Tue Aug 23 2016 Andrew Hughes - 1:1.8.0.102-0.b14 +* Mon Aug 08 2016 Andrew Hughes - 1:1.8.0.102-0.b14 - Update to aarch64-jdk8u102-b14. - Drop 8140620, 8148752 and 6961123, all of which appear upstream in u102. - Move 8159244 to 8u111 section as it only appears to be in unpublished u102 b31. - Move 8158260 to 8u112 section following its backport to 8u. -- Resolves: rhbz#1368440 +- Resolves: rhbz#1359857 -* Tue Aug 23 2016 Andrew Hughes - 1:1.8.0.101-5.b15 +* Wed Aug 03 2016 Andrew Hughes - 1:1.8.0.101-9.b15 - Update to aarch64-jdk8u101-b15. - Rebase SystemTap tarball on IcedTea 3.1.0 versions so as to avoid patching. - Drop additional hunk for 8147771 which is now applied upstream. -- Resolves: rhbz#1368440 - -* Tue Aug 09 2016 Andrew Hughes - 1:1.8.0.101-4.b13 -- Fix regression in SSL debug output when no ECC provider is available. -- Resolves: rhbz#1365618 - -* Mon Aug 01 2016 Andrew Hughes - 1:1.8.0.101-4.b13 -- Add upstream patch for S8157306, documented & applied on all archs with conditional in patch -- Resolves: rhbz#1365620 - -* Mon Jul 11 2016 Andrew Hughes - 1:1.8.0.101-3.b13 +- Resolves: rhbz#1359857 + +* Mon Aug 01 2016 Andrew Hughes - 1:1.8.0.101-8.b13 +- Replace patch for S8162384 with upstream version. Document correctly along with SystemTap RH1204159 patch. +- Resolves: rhbz#1358661 + +* Mon Aug 01 2016 Andrew Hughes - 1:1.8.0.101-8.b13 +- Replace patch for S8157306 with upstream version, documented & applied on all archs with conditional in patch +- Resolves: rhbz#1360863 + +* Thu Jul 28 2016 Jiri Vanek - 1:1.8.0.101-7.b13 +- added patch532 hotspot-1358661.patch - to fix performance of bimorphic inlining may be bypassed by type speculation +- rhbz1358661 +- added patch301 bz1204159_java8.patch - to fix systemtap on multiple jdks +- rhbz1204159 +- added patch531 hotspot-8157306.changeset - to fix rare NPE injavac on aarch64 +- rhbz1360863 +- added all virtual provides of java-devel +- Resolves: rhbz#1216018 + +* Tue Jul 12 2016 Jiri Vanek - 1:1.8.0.101-5.b13 +- added Provides: /usr/bin/jjs +- Resolves: rhbz#1312019 + +* Mon Jul 11 2016 Andrew Hughes - 1:1.8.0.101-4.b13 - Replace bad 8159244 patch from upstream 8u with fresh backport from OpenJDK 9. -- Resolves: rhbz#1350036 +- Resolves: rhbz#1335322 -* Sun Jul 10 2016 Andrew Hughes - 1:1.8.0.101-2.b13 +* Sun Jul 10 2016 Andrew Hughes - 1:1.8.0.101-3.b13 - Add missing hunk from 8147771, missed due to inclusion of unneeded 8138811 -- Resolves: rhbz#1350036 +- Resolves: rhbz#1350037 -* Mon Jul 04 2016 Andrew Hughes - 1:1.8.0.101-1.b13 +* Mon Jul 04 2016 Andrew Hughes - 1:1.8.0.101-2.b13 - Add workaround for a typo in the CORBA security fix, 8079718 -- Resolves: rhbz#1350036 +- Resolves: rhbz#1350037 + +* Mon Jul 04 2016 Andrew Hughes - 1:1.8.0.101-2.b13 +- Fix regression in SSL debug output when no ECC provider is available. +- Resolves: rhbz#1346460 -* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.101-0.b13 +* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.101-1.b13 - Update to u101b13. -- Backport REPOS option in generate_source_tarball.sh +- Document REPOS option in generate_source_tarball.sh - Drop a leading zero from the priority as the update version is now three digits -- Resolves: rhbz#1350036 +- Resolves: rhbz#1350037 -* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.92-0.b14 +* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.92-9.b14 - Add additional fixes (S6260348, S8159244) for u92 update. -- Resolves: rhbz#1350036 +- Add bug ID to Javadoc patch. +- Resolves: rhbz#1335322 -* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.92-0.b14 +* Tue Jun 21 2016 Jiri Vanek - 1:1.8.0.92-7.b14 +- family restricted by arch +- Resolves: rhbz#1296442 +- Resolves: rhbz#1296414 + +* Mon Jun 20 2016 Andrew Hughes - 1:1.8.0.92-6.b14 - Update ppc64le fix with upstream version, S8158260. -- Resolves: rhbz#1350036 +- Resolves: rhbz#1341258 + +* Tue Jun 07 2016 Jiri Vanek - 1:1.8.0.92-5.b14 +- added --family option with chkconfig version full dependence +- added nss restricting requires +- added zipped javadoc subpackage +- extracted lua scripts +- Resolves: rhbz#1296442 +- Resolves: rhbz#1296414 + +* Tue Jun 07 2016 Jiri Vanek - 1:1.8.0.92-4.b14 +- added requires for copy-jdk-configs, to help with https://projects.engineering.redhat.com/browse/RCM-3654 +- Resolves: rhbz#1296442 -* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.92-0.b14 +* Thu Jun 02 2016 Andrew Hughes - 1:1.8.0.92-3.b14 +- Forwardport SSL fix to only report curves supported by NSS. +- Resolves: rhbz#1245810 + +* Thu Jun 02 2016 Andrew Hughes - 1:1.8.0.92-3.b14 - Add fix for ppc64le crash due to illegal instruction. -- Resolves: rhbz#1350036 +- Resolves: rhbz#1341258 -* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.92-0.b14 -- Add backport for S8148752. -- Resolves: rhbz#1350036 +* Wed Jun 01 2016 Andrew Hughes - 1:1.8.0.92-2.b14 +- Add fix for PKCS#10 output regression, adding -systemlineendings option. +- Move S8150954/RH1176206/PR2866 fix to correct section, as not in 9 yet. +- Resolves: rhbz#1337583 -* Fri Jul 01 2016 Andrew Hughes - 1:1.8.0.92-0.b14 +* Thu May 26 2016 Andrew Hughes - 1:1.8.0.92-1.b14 - Update to u92b14. - Remove upstreamed patches for AArch64 byte behaviour and template issue. - Remove upstreamed patches for Zero build failures 8087120 & 8143855. @@ -1932,90 +1973,233 @@ end - Add upstreamed patch 6961123 from u102 to fix application name in GNOME Shell. - Add upstreamed patches 8044762 & 8049226 from u112 to fix JDI issues. - Regenerate java-1.8.0-openjdk-rh1191652-root.patch against u92 -- Replace PR2974/RH1343832 patch with u92 version used in IcedTea 3. -- Resolves: rhbz#1350036 +- Resolves: rhbz#1335322 -* Wed Jun 01 2016 Andrew Hughes - 1:1.8.0.91-1.b14 -- Add fix for PKCS#10 output regression, adding -systemlineendings option. -- Resolves: rhbz#1343832 +* Fri May 13 2016 Andrew Hughes - 1:1.8.0.91-3.b14 +- Add backport for S8148752. +- Resolves: rhbz#1330188 + +* Fri Apr 22 2016 Andrew Hughes - 1:1.8.0.91-2.b14 +- Add fix for PR2934 / RH1329342 +- Re-enable ECDSA test which now passes. +- Resolves: rhbz#1245810 -* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-0.b14 +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Roll back release number as release 1 never succeeded, even with tests disabled. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 - Add additional fix to Zero patch to properly handle result on 64-bit big-endian -- Resolves: rhbz#1325422 +- Revert debugging options (aarch64 back to JIT, product build, no -Wno-error) +- Enable full bootstrap on all architectures to check we are good to go. +- Resolves: rhbz#1325423 -* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-0.b14 -- Revert settings to production defaults so we can at least get a build. -- Resolves: rhbz#1325422 +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Turn tests back on or build will not fail. +- Resolves: rhbz#1325423 -* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-0.b14 +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Temporarily remove power64 from JIT arches to see if endian issue appears on Zero. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Turn off Java-based checks in a vain attempt to get a complete build. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Turn off -Werror so s390 can build in slowdebug mode. +- Add fix for formatting issue found by previous s390 build. +- Resolves: rhbz#1325423 + +* Tue Apr 12 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Revert settings to production defaults so we can at least get a build. - Switch to a slowdebug build to try and unearth remaining issue on s390x. -- Resolves: rhbz#1325422 +- Resolves: rhbz#1325423 -* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-0.b14 -- Add missing comma in 8132051 patch. -- Resolves: rhbz#1325422 +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Disable ECDSA test for now until failure on RHEL 7 is fixed. +- Resolves: rhbz#1325423 -* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-0.b14 +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 - Add 8132051 port to Zero. - Turn on bootstrap build for all to ensure we are now good to go. -- Resolves: rhbz#1325422 +- Resolves: rhbz#1325423 -* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-0.b14 +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 - Add 8132051 port to AArch64. -- Resolves: rhbz#1325422 +- Resolves: rhbz#1325423 -* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-0.b14 +* Mon Apr 11 2016 Andrew Hughes - 1:1.8.0.91-1.b14 - Enable a full bootstrap on JIT archs. Full build held back by Zero archs anyway. -- Resolves: rhbz#1325422 +- Resolves: rhbz#1325423 + +* Sun Apr 10 2016 Andrew Hughes - 1:1.8.0.91-1.b14 +- Use basename of test file to avoid misinterpretation of full path as a package +- Resolves: rhbz#1325423 -* Sun Apr 10 2016 Andrew Hughes - 1:1.8.0.91-0.b14 +* Sun Apr 10 2016 Andrew Hughes - 1:1.8.0.91-1.b14 - Update to u91b14. -- Resolves: rhbz#1325422 +- Resolves: rhbz#1325423 -* Wed Mar 23 2016 Andrew Hughes - 1:1.8.0.77-0.b03 -- Remove what remains of the SunEC sources in the remove-intree-libraries script. -- Resolves: rhbz#1320664 +* Thu Mar 31 2016 Andrew Hughes - 1:1.8.0.77-3.b03 +- Fix typo in test invocation. +- Resolves: rhbz#1245810 + +* Thu Mar 31 2016 Andrew Hughes - 1:1.8.0.77-3.b03 +- Add ECDSA test to ensure ECC is working. +- Resolves: rhbz#1245810 + +* Wed Mar 30 2016 Andrew Hughes - 1:1.8.0.77-2.b03 +- Avoid WithSeed versions of NSS functions as they do not fully process the seed +- List current java.security md5sum so that java.security is replaced and ECC gets enabled. +- Resolves: rhbz#1245810 + +* Wed Mar 23 2016 Andrew Hughes - 1:1.8.0.77-1.b03 +- Bump release so 7.3 stays greater than 7.2.z +- Resolves: rhbz#1320665 * Wed Mar 23 2016 Andrew Hughes - 1:1.8.0.77-0.b03 - Update to u77b03. -- Drop 8146566 which is applied upstream. -- Replace s390 Java options patch with general version from IcedTea. -- Apply s390 patches unconditionally to avoid arch-specific patch failures. -- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le. -- Remove aarch64-specific suffix as update/build version are now the same as for other archs. -- Only use z format specifier on s390, not s390x. -- Adjust tarball generation script to allow ecc_impl.h to be included. -- Correct spelling mistakes in tarball generation script. -- Synchronise minor changes from Fedora. +- Resolves: rhbz#1320665 + +* Thu Mar 03 2016 Andrew Hughes - 1:1.8.0.72-13.b16 +- When using a compositing WM, the overlay window should be used, not the root window. +- Resolves: rhbz#1176206 + +* Mon Feb 29 2016 Omair Majid - 1:1.8.0.72-12.b15 - Use a simple backport for PR2462/8074839. - Don't backport the crc check for pack.gz. It's not tested well upstream. -- Resolves: rhbz#1320664 +- Resolves: rhbz#1307108 + +* Mon Feb 29 2016 Andrew Hughes - 1:1.8.0.72-5.b16 +- Fix regression introduced on s390 by large code cache change. +- Resolves: rhbz#1307108 + +* Mon Feb 29 2016 Andrew Hughes - 1:1.8.0.72-5.b16 +- Update to u72b16. +- Drop 8147805 and jvm.cfg fix which are applied upstream. +- Resolves: rhbz#1307108 + +* Wed Feb 24 2016 Andrew Hughes - 1:1.8.0.72-4.b15 +- Add patches to allow the SunEC provider to be built with the system NSS install. +- Re-generate source tarball so it includes ecc_impl.h. +- Adjust tarball generation script to allow ecc_impl.h to be included. +- Bring over NSS changes from java-1.7.0-openjdk spec file (NSS_CFLAGS/NSS_LIBS) +- Remove patch which disables the SunEC provider as it is now usable. +- Correct spelling mistakes in tarball generation script. +- Resolves: rhbz#1245810 + +* Wed Feb 24 2016 Andrew Hughes - 1:1.8.0.72-4.b15 +- Move completely unrelated AArch64 gcc 6 patch into separate file. +- Resolves: rhbz#1300630 + +* Tue Feb 23 2016 jvanek - 1:1.8.0.72-3.b15 +- returning accidentlay removed hunk from renamed and so wrongly merged remove_aarch64_jvm.cfg_divergence.patch +- Resolves: rhbz#1300630 + +* Mon Feb 22 2016 jvanek - 1:1.8.0.72-2.b15 +- sync from fedora +- Resolves: rhbz#1300630 + +* Fri Feb 19 2016 Andrew Hughes - 1:1.8.0.72-1.b15 +- Actually add the patch... +- Resolves: rhbz#1300630 -* Fri Jan 15 2016 Andrew Hughes - 1:1.8.0.71-2.b15 +* Fri Feb 19 2016 Andrew Hughes - 1:1.8.0.72-1.b15 +- Add backport of 8147805: aarch64: C1 segmentation fault due to inline Unsafe.getAndSetObject +- Resolves: rhbz#1300630 + +* Thu Feb 18 2016 Andrew Hughes - 1:1.8.0.72-0.b15 +- Remove unnecessary AArch64 port divergence on parsing jvm.cfg, broken by 9399aa7ef558 +- Resolves: rhbz#1307108 + +* Thu Feb 18 2016 Andrew Hughes - 1:1.8.0.72-0.b15 +- Only use z format specifier on s390, not s390x. +- Resolves: rhbz#1307108 + +* Wed Feb 17 2016 Andrew Hughes - 1:1.8.0.72-0.b15 +- Remove fragment of s390 size_t patch that unnecessarily removes a cast, breaking ppc64le. +- Remove aarch64-specific suffix as update/build version are now the same as for other archs. +- Resolves: rhbz#1307108 + +* Wed Feb 17 2016 Andrew Hughes - 1:1.8.0.72-0.b15 +- Replace s390 Java options patch with general version from IcedTea. +- Apply s390 patches unconditionally to avoid arch-specific patch failures. +- Resolves: rhbz#1307108 + +* Tue Feb 16 2016 Andrew Hughes - 1:1.8.0.72-0.b15 +- Update to u72b15. +- Drop 8146566 which is applied upstream. +- Resolves: rhbz#1307108 + +* Tue Feb 09 2016 Andrew Hughes - 1:1.8.0.71-6.b15 +- Define EXTRA_CPP_FLAGS again, after it was removed in the fix for 1146897. +- Resolves: rhbz#1146897 + +* Fri Feb 05 2016 Andrew Hughes - 1:1.8.0.71-5.b15 +- Backport S8148351: Only display resolved symlink for compiler, do not change path +- Resolves: rhbz#1256464 + +* Thu Feb 04 2016 Andrew Hughes - 1:1.8.0.71-4.b15 +- Resetting bootstrap after successful build. +- Resolves: rhbz#1146897 + +* Wed Feb 03 2016 Andrew Hughes - 1:1.8.0.71-4.b15 +- Remove -fno-tree-vectorize now a GCC is available with this bug fixed. +- Add build requirement on a GCC with working tree vectorization. +- Enable bootstrap temporarily to ensure the JDK is functional. +- Resolves: rhbz#1146897 + +* Fri Jan 15 2016 Andrew Hughes - 1:1.8.0.71-3.b15 - Add md5sum for previous java.security file so it gets updated. -- Resolves: rhbz#1295753 +- Resolves: rhbz#1295754 -* Thu Jan 14 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +* Thu Jan 14 2016 Andrew Hughes - 1:1.8.0.71-2.b15 - Restore upstream version of system LCMS patch removed by 'sync with Fedora' - Add patch to turn off strict overflow on IndicRearrangementProcessor{,2}.cpp -- Resolves: rhbz#1295753 +- Resolves: rhbz#1295754 -* Wed Jan 13 2016 Andrew Hughes - 1:1.8.0.71-0.b15 -- January 2016 security update to u71b15. +* Wed Jan 13 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +- Change correct specifier in src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp +- Resolves: rhbz#1295754 + +* Wed Jan 13 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +- Change correct specifier in src/share/vm/memory/blockOffsetTable.cpp +- Resolves: rhbz#1295754 + +* Wed Jan 13 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +- Make bootstrap build optional and turn it off by default. +- Fix remaining warnings in s390 fix and re-enable -Werror +- Resolves: rhbz#1295754 + +* Wed Jan 13 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +- Add additional fixes for s390 warnings in arguments.cpp +- Temporarily turn off -Werror on s390 to make progress +- Resolves: rhbz#1295754 + +* Wed Jan 13 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +- Actually apply the S390 fix... +- Resolves: rhbz#1295754 + +* Wed Jan 13 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +- Turn off additional CFLAGS/LDFLAGS on AArch64 as bootstrapping failed. +- Add patch for size_t formatting on s390 as size_t != intptr_t there. +- Resolves: rhbz#1295754 + +* Tue Jan 12 2016 Andrew Hughes - 1:1.8.0.71-1.b15 +- October 2015 security update to u71b15. - Improve verbosity and helpfulness of tarball generation script. - Remove RH1290936 workaround as RHEL does not have the hardened flags nor ARM32. - Update patch documentation using version originally written for Fedora. - Drop prelink requirement as we no longer use execstack. - Drop ifdefbugfix patch as this is fixed upstream. -- Provide optional boostrap build and turn it off by default. -- Turn off additional CFLAGS/LDFLAGS on AArch64 as bootstrapping failed. -- Add patch for size_t formatting on s390 as size_t != intptr_t there. -- Resolves: rhbz#1295753 +- Temporarily enable a full bootcycle to ensure flag changes don't break anything. +- Resolves: rhbz#1295754 * Tue Jan 12 2016 Jiri Vanek - 1:1.8.0.65-4.b17 - moved to integration forest - sync with fedora (all but extracted luas and family) -- Resolves: rhbz#1295753 +- Resolves: rhbz#1295754 * Mon Oct 19 2015 Jiri Vanek - 1:1.8.0.65-3.b17 - bumped release X.el7_1 is obviously > X.el7 :-/