diff --git a/.gitignore b/.gitignore index 1ed05dc..00e22cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz +SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index ccea57f..53c78a9 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -5da51f425a78dbdcb00909544cac3385db461e54 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz +2ca27b0d535c9dcf71679cad14be5660d0554f82 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index de59faf..0916d11 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,152 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u392 (2023-10-17): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u392 + +* CVEs + - CVE-2023-22067 + - CVE-2023-22081 +* Security fixes + - JDK-8286503, JDK-8312367: Enhance security classes + - JDK-8297856: Improve handling of Bidi characters + - JDK-8303384: Improved communication in CORBA + - JDK-8305815, JDK-8307278: Update Libpng to 1.6.39 + - JDK-8309966: Enhanced TLS connections +* Other changes + - JDK-6722928: Provide a default native GSS-API library on Windows + - JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java + - JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal + - JDK-8139348: Deprecate 3DES and RC4 in Kerberos + - JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field" + - JDK-8200468: Port the native GSS-API bridge to Windows + - JDK-8202952: C2: Unexpected dead nodes after matching + - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + - JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update + - JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to + - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException + - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors + - JDK-8232225: Rework the fix for JDK-8071483 + - JDK-8242330: Arrays should be cloned in several JAAS Callback classes + - JDK-8253269: The CheckCommonColors test should provide more info on failure + - JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) + - JDK-8284910: Buffer clean in PasswordCallback + - JDK-8287073: NPE from CgroupV2Subsystem.getInstance() + - JDK-8287663: Add a regression test for JDK-8287073 + - JDK-8295685: Update Libpng to 1.6.38 + - JDK-8295894: Remove SECOM certificate that is expiring in September 2023 + - JDK-8308788: [8u] Remove duplicate HaricaCA.java test + - JDK-8309122: Bump update version of OpenJDK: 8u392 + - JDK-8309143: [8u] fix archiving inconsistencies in GHA + - JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms + - JDK-8314960: Add Certigna Root CA - 2 + - JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() + - JDK-8317040: Exclude cleaner test failing on older releases + +Notes on individual issues: +=========================== + +other-libs/corba:idl: + +8303384: Improved communication in CORBA +======================================== +The JDK's CORBA implementation now provides the option to limit +serialisation in stub objects to those with the "IOR:" prefix. For +ORB constrained stub classes: + +* _DynArrayStub +* _DynEnumStub +* _DynFixedStub +* _DynSequenceStub +* _DynStructStub +* _DynUnionStub +* _DynValueStub +* _DynAnyStub +* _DynAnyFactoryStub + +this is enabled by default and may be disabled by setting the system +property org.omg.DynamicAny.disableIORCheck to 'true'. + +For remote service stub classes: + +* _NamingContextStub +* _BindingIteratorStub +* _NamingContextExtStub +* _ServantActivatorStub +* _ServantLocatorStub +* _ServerManagerStub +* _ActivatorStub +* _RepositoryStub +* _InitialNameServiceStub +* _LocatorStub +* _ServerStub + +it is disabled by default and may be enabled by setting the system +property org.omg.CORBA.IDL.Stubs.enableIORCheck to 'true'. + +security-libs/org.ietf.jgss: + +JDK-6722928: Added a Default Native GSS-API Library on Windows +============================================================== + +A native GSS-API library named `sspi_bridge.dll` has been added to the +JDK on the Windows platform. As with native GSS-API library provision +on other operating systems, it will only be loaded when the +`sun.security.jgss.native` system property is set to "true". A user +can still load a third-party native GSS-API library instead by setting +the `sun.security.jgss.lib` system property to the appropriate path. + +The library is client-side only and uses the default credentials. +Native GSS support automatically uses cached credentials from the +underlying operating system, so the +`javax.security.auth.useSubjectCredsOnly` system property should be +set to false. + +The `com.sun.security.auth.module.Krb5LoginModule` does not call +native JGSS and so its use in your JAAS config should be avoided. + +security-libs/org.ietf.jgss:krb5: + +JDK-8139348: Deprecate 3DES and RC4 in Kerberos +=============================================== +The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) +are now deprecated and disabled by default. To re-enable them, you +can either enable all weak crypto (which also includes `des-cbc-crc` +and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the +`krb5.conf` configuration file or explicitly list all the preferred +encryption types using the `default_tkt_enctypes`, +`default_tgs_enctypes`, or `permitted_enctypes` settings. + +security-libs/java.security: + +JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate +================================================================== +The following root certificate from SECOM Trust System has been +removed from the `cacerts` keystore: + +Alias Name: secomscrootca1 [jdk] +Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP + +JDK-8314960: Added Certigna Root CA Certificate +=============================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR + +security-libs/javax.security: + +JDK-8242330: Arrays should be cloned in several JAAS Callback classes +===================================================================== +In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays +were not cloned when passed into a constructor or returned. This +allowed an external program to get access to the internal fields of +these classes. The classes have been updated to return cloned arrays. + New in release OpenJDK 8u382 (2023-07-18): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/jdk8312489-max_sig_default_increase.patch b/SOURCES/jdk8312489-max_sig_default_increase.patch new file mode 100644 index 0000000..adf9e09 --- /dev/null +++ b/SOURCES/jdk8312489-max_sig_default_increase.patch @@ -0,0 +1,48 @@ +commit c38a36f124a7eb28920cc367cb01b67d973a55c0 +Author: Andrew John Hughes +Date: Wed Oct 11 01:42:03 2023 +0100 + + Backport e47a84f23dd2608c6f5748093eefe301fb5bf750 + +diff --git a/jdk/src/share/classes/java/util/jar/JarFile.java b/jdk/src/share/classes/java/util/jar/JarFile.java +index a26dcc4a1c7..ac2e1c9d6a8 100644 +--- a/jdk/src/share/classes/java/util/jar/JarFile.java ++++ b/jdk/src/share/classes/java/util/jar/JarFile.java +@@ -436,7 +436,9 @@ class JarFile extends ZipFile { + throw new IOException("Unsupported size: " + uncompressedSize + + " for JarEntry " + ze.getName() + + ". Allowed max size: " + +- SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes"); ++ SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " + ++ "You can use the jdk.jar.maxSignatureFileSize " + ++ "system property to increase the default value."); + } + int len = (int)uncompressedSize; + byte[] b = IOUtils.readAllBytes(is); +diff --git a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java +index c335e964f63..afdfa406b92 100644 +--- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java ++++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java +@@ -855,16 +855,16 @@ public class SignatureFileVerifier { + * the maximum allowed number of bytes for the signature-related files + * in a JAR file. + */ +- Integer tmp = AccessController.doPrivileged(new GetIntegerAction( +- "jdk.jar.maxSignatureFileSize", 8000000)); ++ int tmp = AccessController.doPrivileged(new GetIntegerAction( ++ "jdk.jar.maxSignatureFileSize", 16000000)); + if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { + if (debug != null) { +- debug.println("Default signature file size 8000000 bytes " + +- "is used as the specified size for the " + +- "jdk.jar.maxSignatureFileSize system property " + ++ debug.println("The default signature file size of 16000000 bytes " + ++ "will be used for the jdk.jar.maxSignatureFileSize " + ++ "system property since the specified value " + + "is out of range: " + tmp); + } +- tmp = 8000000; ++ tmp = 16000000; + } + return tmp; + } diff --git a/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch b/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch index 17e1f69..5f05d73 100644 --- a/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch +++ b/SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch @@ -7,10 +7,11 @@ 8074839: Resolve disabled warnings for libunpack and the unpack200 binary Reviewed-by: dholmes, ksrini -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +index bdaf95a2f6a..60c5b4f2a69 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h -@@ -63,7 +63,7 @@ +@@ -63,7 +63,7 @@ struct bytes { bytes res; res.ptr = ptr + beg; res.len = end - beg; @@ -19,10 +20,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openj return res; } // building C strings inside byte buffers: -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +index 5fbc7261fb3..4c002e779d8 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp -@@ -292,7 +292,7 @@ +@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject if (uPtr->aborting()) { THROW_IOE(uPtr->get_abort_message()); @@ -31,16 +33,16 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openj } // We have fetched all the files. -@@ -310,7 +310,7 @@ - JNIEXPORT jlong JNICALL - Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { - unpacker* uPtr = get_unpacker(env, pObj, false); +@@ -312,7 +312,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) { + // There's no need to create a new unpacker here if we don't already have one + // just to immediatly free it afterwards. + unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true); - CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL); + CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0); size_t consumed = uPtr->input_consumed(); + // free_unpacker() will set the unpacker field on 'pObj' to null free_unpacker(env, pObj, uPtr); - return consumed; -@@ -320,6 +320,7 @@ +@@ -323,6 +323,7 @@ JNIEXPORT jboolean JNICALL Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj, jstring pProp, jstring pValue) { unpacker* uPtr = get_unpacker(env, pObj); @@ -48,10 +50,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openj const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); CHECK_EXCEPTION_RETURN_VALUE(prop, false); const char* value = env->GetStringUTFChars(pValue, JNI_FALSE); -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +index 6fbc43a18ae..722c8baaff0 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp -@@ -142,31 +142,28 @@ +@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) { return progname; } @@ -101,10 +104,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp open } } -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +index 56f391b1e87..f0a25f8cd20 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp -@@ -222,9 +222,9 @@ +@@ -225,9 +225,9 @@ struct entry { } #ifdef PRODUCT @@ -116,7 +120,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op #endif }; -@@ -715,13 +715,13 @@ +@@ -718,13 +718,13 @@ void unpacker::read_file_header() { // Now we can size the whole archive. // Read everything else into a mega-buffer. rp = hdr.rp; @@ -134,7 +138,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op abort("EOF reading fixed input buffer"); return; } -@@ -735,7 +735,7 @@ +@@ -738,7 +738,7 @@ void unpacker::read_file_header() { return; } input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), @@ -143,7 +147,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op CHECK; assert(input.limit()[0] == 0); // Move all the bytes we read initially into the real buffer. -@@ -958,13 +958,13 @@ +@@ -961,13 +961,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { nentries = next_entry; // place a limit on future CP growth: @@ -159,7 +163,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op // Note that this CP does not include "empty" entries // for longs and doubles. Those are introduced when -@@ -982,8 +982,9 @@ +@@ -985,8 +985,9 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { } // Initialize *all* our entries once @@ -170,7 +174,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op initGroupIndexes(); // Initialize hashTab to a generous power-of-two size. -@@ -3677,21 +3678,22 @@ +@@ -3681,21 +3682,22 @@ void cpool::computeOutputIndexes() { unpacker* debug_u; @@ -197,7 +201,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op case CONSTANT_Signature: if (value.b.ptr == null) return ref(0)->string(); -@@ -3711,26 +3713,28 @@ +@@ -3715,26 +3717,28 @@ char* entry::string() { break; default: if (nrefs == 0) { @@ -235,10 +239,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp op } void print_cp_entries(int beg, int end) { -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +index cec7a88b24e..ed5f3336a59 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h -@@ -209,7 +209,7 @@ +@@ -209,7 +209,7 @@ struct unpacker { byte* rp; // read pointer (< rplimit <= input.limit()) byte* rplimit; // how much of the input block has been read? julong bytes_read; @@ -247,10 +252,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h open // callback to read at least one byte, up to available input typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen); -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +index e5197e1a3f1..40a10055ea5 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp -@@ -81,7 +81,7 @@ +@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger int assert_failed(const char* p) { char message[1<<12]; sprintf(message, "@assert failed: %s\n", p); @@ -259,10 +265,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ope breakpoint(); unpack_abort(message); return 0; -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +index f58c94956c0..343da3e183b 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp -@@ -84,7 +84,7 @@ +@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) { } // Write data to the ZIP output stream. @@ -271,7 +278,7 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openj while (len > 0) { int rc = (int)fwrite(buff, 1, len, jarfp); if (rc <= 0) { -@@ -323,12 +323,12 @@ +@@ -323,12 +323,12 @@ void jar::write_central_directory() { // Total number of disks (int) header64[36] = (ushort)SWAP_BYTES(1); header64[37] = 0; @@ -286,10 +293,11 @@ diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openj PRINTCR((2, "writing zip comment\n")); // Write the comment. -diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h ---- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +index 14ffc9d65bd..9877f6f68ca 100644 +--- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h -@@ -68,8 +68,8 @@ +@@ -68,8 +68,8 @@ struct jar { } // Private Methods diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 2aae8a2..cedf0cf 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -25,6 +25,9 @@ %global build_loop1 %{nil} %endif +# Indicates whether this is the default JDK on this version of RHEL +%global is_system_jdk 1 + %global aarch64 aarch64 arm64 armv8 # we need to distinguish between big and little endian PPC64 %global ppc64le ppc64le @@ -183,6 +186,13 @@ # New Version-String scheme-style defines %global majorver 8 +# Define version of OpenJDK 8 used +%global project openjdk +%global repo shenandoah-jdk8u +%global openjdk_revision jdk8u392-b08 +%global shenandoah_revision shenandoah-%{openjdk_revision} +# Define IcedTea version used for SystemTap tapsets and desktop files +%global icedteaver 3.15.0 # Convert an absolute path to a relative path. Each symbolic link is # specified relative to the directory in which it is installed so that @@ -193,7 +203,7 @@ # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{shenandoah_revision} # Define vendor information used by OpenJDK %global oj_vendor Red Hat, Inc. @@ -208,34 +218,22 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif %endif %endif -# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. -%global shenandoah_project openjdk -%global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u382-b05 -%global shenandoah_revision shenandoah-%{openjdk_revision} -# Define old aarch64/jdk8u tree variables for compatibility -%global project %{shenandoah_project} -%global repo %{shenandoah_repo} -%global revision %{shenandoah_revision} -# Define IcedTea version used for SystemTap tapsets and desktop files -%global icedteaver 3.15.0 - # e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 -%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) +%global version_tag %(VERSION=%{shenandoah_revision}; echo ${VERSION%%-shenandoah-merge*}) # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) %global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 1 +%global rpmrelease 2 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -253,7 +251,12 @@ %global eaprefix 0. %endif # priority must be 7 digits in total. The expression is workarounding tip +%if %is_system_jdk %global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999}) +%else +# for non-default using 1, so slowdebugs can have 0 +%global priority 00000%{interimver}1 +%endif %global javaver 1.%{majorver}.0 @@ -654,8 +657,8 @@ exit 0 %{_mandir}/man1/javadoc-%{uniquesuffix %%1}.1* %{_mandir}/man1/javah-%{uniquesuffix %%1}.1* %{_mandir}/man1/javap-%{uniquesuffix %%1}.1* -%{_mandir}/man1/jconsole-%{uniquesuffix %%1}.1* %{_mandir}/man1/jcmd-%{uniquesuffix %%1}.1* +%{_mandir}/man1/jconsole-%{uniquesuffix %%1}.1* %{_mandir}/man1/jdb-%{uniquesuffix %%1}.1* %{_mandir}/man1/jdeps-%{uniquesuffix %%1}.1* %{_mandir}/man1/jhat-%{uniquesuffix %%1}.1* @@ -728,13 +731,15 @@ Requires: gtk2%{?_isa} Provides: java-%{javaver}-%{origin} = %{epoch}:%{version}-%{release} # Standard JPackage base provides. -Provides: jre = %{javaver}%1 -Provides: jre-%{origin}%1 = %{epoch}:%{version}-%{release} Provides: jre-%{javaver}%1 = %{epoch}:%{version}-%{release} Provides: jre-%{javaver}-%{origin}%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk Provides: java-%{origin}%1 = %{epoch}:%{version}-%{release} -Provides: java%1 = %{epoch}:%{javaver} +Provides: jre-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java%1 = %{epoch}:%{version}-%{release} +Provides: jre%1 = %{epoch}:%{version}-%{release} +%endif # Standard JPackage extensions provides. Provides: java-fonts%1 = %{epoch}:%{version} @@ -770,14 +775,16 @@ Requires(postun): chkconfig >= 1.7 Requires: lksctp-tools%{?_isa}, pcsc-lite-libs%{?_isa}, cups-libs%{?_isa} # Standard JPackage base provides -Provides: jre-headless%1 = %{epoch}:%{javaver} Provides: jre-%{javaver}-%{origin}-headless%1 = %{epoch}:%{version}-%{release} -Provides: jre-%{origin}-headless%1 = %{epoch}:%{version}-%{release} Provides: jre-%{javaver}-headless%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-headless%%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-headless%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk Provides: java-%{origin}-headless%1 = %{epoch}:%{version}-%{release} -Provides: java-headless%1 = %{epoch}:%{javaver} +Provides: jre-%{origin}-headless%1 = %{epoch}:%{version}-%{release} +Provides: jre-headless%1 = %{epoch}:%{version}-%{release} +Provides: java-headless%1 = %{epoch}:%{version}-%{release} +%endif # Standard JPackage extensions provides. Provides: jndi%1 = %{epoch}:%{version} Provides: jndi-ldap%1 = %{epoch}:%{version} @@ -810,14 +817,16 @@ Requires(postun): %{_sbindir}/alternatives Requires(postun): chkconfig >= 1.7 # Standard JPackage devel provides. -Provides: java-sdk-%{javaver}-%{origin}%1 = %{epoch}:%{version} -Provides: java-sdk-%{javaver}%1 = %{epoch}:%{version} -Provides: java-sdk-%{origin}%1 = %{epoch}:%{version} -Provides: java-sdk%1 = %{epoch}:%{javaver} -Provides: java-%{javaver}-devel%1 = %{epoch}:%{version} -Provides: java-%{javaver}-%{origin}-devel%1 = %{epoch}:%{version} -Provides: java-devel-%{origin}%1 = %{epoch}:%{version} -Provides: java-devel%1 = %{epoch}:%{javaver} +Provides: java-sdk-%{javaver}-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java-sdk-%{javaver}%1 = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-devel%1 = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-%{origin}-devel%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk +Provides: java-devel-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java-sdk-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java-devel%1 = %{epoch}:%{version}-%{release} +Provides: java-sdk%1 = %{epoch}:%{version}-%{release} +%endif #Obsoletes: java-1.7.0-openjdk-devel%1 #Obsoletes: java-1.5.0-gcj-devel%1 @@ -828,9 +837,11 @@ Provides: java-devel%1 = %{epoch}:%{javaver} Requires: %{name}%1%{?_isa} = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%1%{?_isa} = %{epoch}:%{version}-%{release} -Provides: java-demo%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-demo%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-demo%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk +Provides: java-demo%1 = %{epoch}:%{version}-%{release} +%endif #Obsoletes: java-1.7.0-openjdk-demo%1 } @@ -847,9 +858,11 @@ Requires(postun): %{_sbindir}/alternatives Requires(postun): chkconfig >= 1.7 # Standard JPackage javadoc provides. -Provides: java-javadoc%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-javadoc%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-javadoc%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk +Provides: java-javadoc%1 = %{epoch}:%{version}-%{release} +%endif #Obsoletes: java-1.7.0-openjdk-javadoc%1 @@ -915,10 +928,10 @@ URL: http://openjdk.java.net/ # OpenJDK 8u, the aarch64 port and Shenandoah # To regenerate, use: # VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} +# FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION} # REPO_ROOT= generate_source_tarball.sh -# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} -Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz +# where the source is obtained from http://github.com/%%{project}/%%{repo} +Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz # Custom README for -src subpackage Source2: README.md @@ -1046,6 +1059,8 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch # JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files Patch12: jdk8186464-rh1433262-zip64_failure.patch +# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar +Patch2000: jdk8312489-max_sig_default_increase.patch ############################################# # @@ -1121,14 +1136,6 @@ BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel BuildRequires: zip BuildRequires: unzip -%ifarch %{arm} -BuildRequires: devtoolset-7-build -BuildRequires: devtoolset-7-binutils -BuildRequires: devtoolset-7-gcc -BuildRequires: devtoolset-7-gcc-c++ -BuildRequires: devtoolset-7-gdb -%endif - # Use OpenJDK 7 where available (on RHEL) to avoid # having to use the rhel-7.x-java-unsafe-candidate hack %if ! 0%{?fedora} && 0%{?rhel} <= 7 @@ -1382,6 +1389,7 @@ if [ $prioritylength -ne 7 ] ; then fi # For old patches ln -s %{top_level_dir_name} jdk8 +ln -s %{top_level_dir_name} openjdk cp %{SOURCE2} . @@ -1430,9 +1438,12 @@ sh %{SOURCE12} # Upstreamed fixes pushd %{top_level_dir_name} +# JDK-8312489 backport, proposed for 8u402: https://github.com/openjdk/jdk8u-dev/pull/381 +%patch2000 -p1 popd # RPM-only fixes +# system cacerts support %patch539 %patch600 @@ -1492,10 +1503,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg %build -%ifarch %{arm} -%{?enable_devtoolset7:%{enable_devtoolset7}} -%endif - # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -1519,9 +1526,6 @@ EXTRA_CPP_FLAGS="%ourcppflags" # fix rpmlint warnings EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif -%ifarch %{arm} -EXTRA_CFLAGS="$EXTRA_CFLAGS -Wno-nonnull" -%endif EXTRA_ASFLAGS="${EXTRA_CFLAGS}" export EXTRA_CFLAGS EXTRA_ASFLAGS @@ -2145,9 +2149,74 @@ require "copy_jdk_configs.lua" # important note, see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue # all config/noreplace files (and more) have to be declared in pretrans. See pretrans %{files_jre_headless %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_bindir}/java +%ghost %{_jvmdir}/jre +%ghost %{_jvmjardir}/jre +%ghost %{_bindir}/%{alt_java_name} +%ghost %{_bindir}/jjs +%ghost %{_bindir}/keytool +%ghost %{_bindir}/orbd +%ghost %{_bindir}/pack200 +%ghost %{_bindir}/rmid +%ghost %{_bindir}/rmiregistry +%ghost %{_bindir}/servertool +%ghost %{_bindir}/tnameserv +%ghost %{_bindir}/unpack200 +%ghost %{_jvmdir}/jre-%{origin} +%ghost %{_jvmjardir}/jre-%{origin} +%ghost %{_jvmdir}/jre-%{javaver} +%ghost %{_jvmjardir}/jre-%{javaver} +%ghost %{_jvmdir}/jre-%{javaver}-%{origin} +%ghost %{_jvmjardir}/jre-%{javaver}-%{origin} +%endif %files devel %{files_devel %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_bindir}/javac +%ghost %{_jvmdir}/java +%ghost %{_jvmjardir}/java +%ghost %{_bindir}/appletviewer +%ghost %{_bindir}/clhsdb +%ghost %{_bindir}/extcheck +%ghost %{_bindir}/hsdb +%ghost %{_bindir}/idlj +%ghost %{_bindir}/jar +%ghost %{_bindir}/jarsigner +%ghost %{_bindir}/javadoc +%ghost %{_bindir}/javah +%ghost %{_bindir}/javap +%ghost %{_bindir}/jcmd +%ghost %{_bindir}/jconsole +%ghost %{_bindir}/jdb +%ghost %{_bindir}/jdeps +%ghost %{_bindir}/jfr +%ghost %{_bindir}/jhat +%ghost %{_bindir}/jinfo +%ghost %{_bindir}/jmap +%ghost %{_bindir}/jps +%ghost %{_bindir}/jrunscript +%ghost %{_bindir}/jsadebugd +%ghost %{_bindir}/jstack +%ghost %{_bindir}/jstat +%ghost %{_bindir}/jstatd +%ghost %{_bindir}/native2ascii +%ghost %{_bindir}/rmic +%ghost %{_bindir}/schemagen +%ghost %{_bindir}/serialver +%ghost %{_bindir}/wsgen +%ghost %{_bindir}/wsimport +%ghost %{_bindir}/xjc +%ghost %{_jvmdir}/java-%{origin} +%ghost %{_jvmjardir}/java-%{origin} +%ghost %{_jvmdir}/java-%{javaver} +%ghost %{_jvmjardir}/java-%{origin} +%ghost %{_jvmdir}/java-%{javaver}-%{origin} +%ghost %{_jvmjardir}/java-%{javaver}-%{origin} +%endif %files demo -f %{name}-demo.files %{files_demo %{nil}} @@ -2157,13 +2226,21 @@ require "copy_jdk_configs.lua" %files javadoc %{files_javadoc %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_javadocdir}/java +%endif # this puts huge file to /usr/share -# unluckily ti is really a documentation file +# unluckily it is really a documentation file # and unluckily it really is architecture-dependent, as eg. aot and grail are now x86_64 only # same for debug variant %files javadoc-zip %{files_javadoc_zip %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_javadocdir}/java-zip +%endif %files accessibility %{files_accessibility %{nil}} @@ -2196,9 +2273,37 @@ require "copy_jdk_configs.lua" %endif %changelog +* Mon Oct 16 2023 Andrew Hughes - 1:1.8.0.392.b08-2 +- Revert jcmd move as jcmd will not operate without tools.jar +- Related: RHEL-13577 + +* Tue Oct 10 2023 Andrew Hughes - 1:1.8.0.392.b08-1 +- Update to shenandoah-jdk8u392-b08 (GA) +- Update release notes for shenandoah-8u392-b08. +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Regenerate PR2462 patch following JDK-8315135 +- Add backport of JDK-8312489 heading upstream for 8u402 (see OPENJDK-2095) +- Add missing JFR alternative ghost +- Move jcmd to the headless package +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** +- Resolves: RHEL-12212 +- Resolves: RHEL-13574 +- Resolves: RHEL-13575 +- Resolves: RHEL-13576 +- Resolves: RHEL-11319 +- Resolves: RHEL-13577 + +* Tue Oct 10 2023 Jiri Vanek - 1:1.8.0.392.b08-1 +- For non debug subpackages, ghosted all alternatives (rhbz1649776) +- For non system JDKs, if-outed versionless provides. +- Aligned versions to be %%{epoch}:%%{version}-%%{release} instead of chaotic +- Related: RHEL-11319 + * Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-1 -- Update to shenandoah-jdk8u372-b05 (GA) -- Update release notes for shenandoah-8u372-b05. +- Update to shenandoah-jdk8u382-b05 (GA) +- Update release notes for shenandoah-8u382-b05. - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - Resolves: rhbz#2221106