diff --git a/.gitignore b/.gitignore index 3fdee85..d4c4324 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u212-b04.tar.xz +SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b09.tar.xz SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 2adc4ec..03bd636 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -ca52171b9a47c3efd4714f974ca4e6c27d890c55 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u212-b04.tar.xz +ca59ed55769893ca7a5bcff04612141f696ea2e9 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b09.tar.xz cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/SOURCES/8223219-fstack-protector-hotspot.patch b/SOURCES/8223219-fstack-protector-hotspot.patch deleted file mode 100644 index ec69944..0000000 --- a/SOURCES/8223219-fstack-protector-hotspot.patch +++ /dev/null @@ -1,35 +0,0 @@ -diff --git openjdk.orig/hotspot/make/bsd/makefiles/gcc.make openjdk/hotspot/make/bsd/makefiles/gcc.make ---- openjdk.orig/hotspot/make/bsd/makefiles/gcc.make -+++ openjdk/hotspot/make/bsd/makefiles/gcc.make -@@ -190,7 +190,7 @@ - CFLAGS += -fno-exceptions - ifeq ($(USE_CLANG),) - CFLAGS += -pthread -- CFLAGS += -fcheck-new -fstack-protector -+ CFLAGS += -fcheck-new - # version 4 and above support fvisibility=hidden (matches jni_x86.h file) - # except 4.1.2 gives pointless warnings that can't be disabled (afaik) - ifneq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 3 \) \))" "0" -diff --git openjdk.orig/hotspot/make/linux/makefiles/gcc.make openjdk/hotspot/make/linux/makefiles/gcc.make ---- openjdk.orig/hotspot/make/linux/makefiles/gcc.make -+++ openjdk/hotspot/make/linux/makefiles/gcc.make -@@ -150,7 +150,7 @@ - CFLAGS += -fno-exceptions - CFLAGS += -D_REENTRANT - ifeq ($(USE_CLANG),) -- CFLAGS += -fcheck-new -fstack-protector -+ CFLAGS += -fcheck-new - # version 4 and above support fvisibility=hidden (matches jni_x86.h file) - # except 4.1.2 gives pointless warnings that can't be disabled (afaik) - ifneq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 3 \) \))" "0" -diff --git openjdk.orig/hotspot/make/solaris/makefiles/gcc.make openjdk/hotspot/make/solaris/makefiles/gcc.make ---- openjdk.orig/hotspot/make/solaris/makefiles/gcc.make -+++ openjdk/hotspot/make/solaris/makefiles/gcc.make -@@ -75,7 +75,6 @@ - CFLAGS += -fno-exceptions - CFLAGS += -D_REENTRANT - CFLAGS += -fcheck-new --CFLAGS += -fstack-protector - - ARCHFLAG = $(ARCHFLAG/$(BUILDARCH)) - diff --git a/SOURCES/8223219-fstack-protector-root.patch b/SOURCES/8223219-fstack-protector-root.patch deleted file mode 100644 index a73761c..0000000 --- a/SOURCES/8223219-fstack-protector-root.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4 ---- openjdk.orig/common/autoconf/flags.m4 -+++ openjdk/common/autoconf/flags.m4 -@@ -388,16 +388,8 @@ - CFLAGS_JDK="${CFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt" - CXXFLAGS_JDK="${CXXFLAGS_JDK} -qchars=signed -q64 -qfullpath -qsaveopt" - elif test "x$TOOLCHAIN_TYPE" = xgcc; then -- case $OPENJDK_TARGET_CPU_ARCH in -- x86 ) -- LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector" -- LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector" -- ;; -- x86_64 ) -- LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector" -- LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector" -- ;; -- esac -+ LEGACY_EXTRA_CFLAGS="$LEGACY_EXTRA_CFLAGS -fstack-protector" -+ LEGACY_EXTRA_CXXFLAGS="$LEGACY_EXTRA_CXXFLAGS -fstack-protector" - if test "x$OPENJDK_TARGET_OS" != xmacosx; then - LDFLAGS_JDK="$LDFLAGS_JDK -Wl,-z,relro" - LEGACY_EXTRA_LDFLAGS="$LEGACY_EXTRA_LDFLAGS -Wl,-z,relro" -@@ -464,10 +456,6 @@ - ppc ) - # on ppc we don't prevent gcc to omit frame pointer nor strict-aliasing - ;; -- x86 ) -- CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer -fstack-protector" -- CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing -fstack-protector" -- ;; - * ) - CCXXFLAGS_JDK="$CCXXFLAGS_JDK -fno-omit-frame-pointer" - CFLAGS_JDK="${CFLAGS_JDK} -fno-strict-aliasing" diff --git a/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh b/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh index b52d016..201a220 100644 --- a/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh +++ b/SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh @@ -129,10 +129,3 @@ rm -vf ${LCMS_SRC}/lcms2.h rm -vf ${LCMS_SRC}/lcms2_internal.h rm -vf ${LCMS_SRC}/lcms2_plugin.h fi - -# Get rid of in-tree SunEC until RH1656676 is implemented -echo "Removing SunEC native code" -mv -v openjdk/jdk/src/share/native/sun/security/ec/impl/ecc_impl.h . -rm -vrf openjdk/jdk/src/share/native/sun/security/ec/impl -mkdir openjdk/jdk/src/share/native/sun/security/ec/impl -mv -v ecc_impl.h openjdk/jdk/src/share/native/sun/security/ec/impl diff --git a/SOURCES/jdk8064786-pr3599-fix_debug_build_after_8062808_Turn_on_the_wreturn_type_warning.patch b/SOURCES/jdk8064786-pr3599-fix_debug_build_after_8062808_Turn_on_the_wreturn_type_warning.patch deleted file mode 100644 index 790ee0d..0000000 --- a/SOURCES/jdk8064786-pr3599-fix_debug_build_after_8062808_Turn_on_the_wreturn_type_warning.patch +++ /dev/null @@ -1,28 +0,0 @@ -# HG changeset patch -# User goetz -# Date 1415873641 -3600 -# Thu Nov 13 11:14:01 2014 +0100 -# Node ID 1878c4c1d04e1f3c6f67a19d36c35863d6b5f906 -# Parent 533473c67de6ff767710594639033c8e83523fe5 -8064786, PR3599: Fix debug build after 8062808: Turn on the -Wreturn-type warning -Reviewed-by: stefank, tschatzl - -diff --git openjdk.orig/hotspot/src/share/vm/prims/jni.cpp openjdk/hotspot/src/share/vm/prims/jni.cpp ---- openjdk.orig/hotspot/src/share/vm/prims/jni.cpp -+++ openjdk/hotspot/src/share/vm/prims/jni.cpp -@@ -708,6 +708,7 @@ - - THROW_OOP_(JNIHandles::resolve(obj), JNI_OK); - ShouldNotReachHere(); -+ return 0; // Mute compiler. - JNI_END - - #ifndef USDT2 -@@ -734,6 +735,7 @@ - Handle protection_domain (THREAD, k->protection_domain()); - THROW_MSG_LOADER_(name, (char *)message, class_loader, protection_domain, JNI_OK); - ShouldNotReachHere(); -+ return 0; // Mute compiler. - JNI_END - - diff --git a/SOURCES/jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch b/SOURCES/jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch deleted file mode 100644 index f1e3215..0000000 --- a/SOURCES/jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch +++ /dev/null @@ -1,55 +0,0 @@ -# HG changeset patch -# User coleenp -# Date 1525713256 -3600 -# Mon May 07 18:14:16 2018 +0100 -# Node ID bcbc64dfb629c5f188bbf59b8f986ad95963ed60 -# Parent 07a1135a327362f157955d470fad5df07cc35164 -8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers -Summary: change to include atomic.inline.hpp and allocation.inline.hpp only in .cpp files and some build fixes from Kim to build on ubuntu without devkits -Reviewed-by: kbarrett, sgehwolf, erikj - -diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hotspot/make/linux/makefiles/zeroshark.make ---- openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make -+++ openjdk/hotspot/make/linux/makefiles/zeroshark.make -@@ -1,5 +1,5 @@ - # --# Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. -+# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. - # Copyright 2007, 2008 Red Hat, Inc. - # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - # -@@ -25,8 +25,15 @@ - - # Setup common to Zero (non-Shark) and Shark versions of VM - --# override this from the main file because some version of llvm do not like -Wundef --WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wunused-function -Wunused-value -+# Some versions of llvm do not like -Wundef -+ifeq ($(USE_CLANG), true) -+ WARNING_FLAGS += -Wno-undef -+endif -+# Suppress some warning flags that are normally turned on for hotspot, -+# because some of the zero code has not been updated accordingly. -+WARNING_FLAGS += -Wno-return-type \ -+ -Wno-format-nonliteral -Wno-format-security \ -+ -Wno-maybe-uninitialized - - # The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized - OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) -@@ -42,5 +49,3 @@ - ifeq ($(ARCH_DATA_MODEL), 64) - CFLAGS += -D_LP64=1 - endif -- --OPT_CFLAGS/compactingPermGenGen.o = -O1 -diff --git openjdk.orig/hotspot/src/share/vm/runtime/java.cpp openjdk/hotspot/src/share/vm/runtime/java.cpp ---- openjdk.orig/hotspot/src/share/vm/runtime/java.cpp -+++ openjdk/hotspot/src/share/vm/runtime/java.cpp -@@ -45,6 +45,7 @@ - #include "runtime/arguments.hpp" - #include "runtime/biasedLocking.hpp" - #include "runtime/compilationPolicy.hpp" -+#include "runtime/deoptimization.hpp" - #include "runtime/fprofiler.hpp" - #include "runtime/init.hpp" - #include "runtime/interfaceSupport.hpp" diff --git a/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch b/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch index b0a88ea..298bbd3 100644 --- a/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch +++ b/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch @@ -17,8 +17,8 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots # Copyright 2007, 2008 Red Hat, Inc. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # -@@ -29,11 +29,6 @@ - ifeq ($(USE_CLANG), true) +@@ -29,12 +29,7 @@ + ifeq ($(JVM_VARIANT_ZEROSHARK), true) WARNING_FLAGS += -Wno-undef endif -# Suppress some warning flags that are normally turned on for hotspot, @@ -26,9 +26,11 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots -WARNING_FLAGS += -Wno-return-type \ - -Wno-format-nonliteral -Wno-format-security \ - -Wno-maybe-uninitialized +- ++ - # The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized - OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) + # If FDLIBM_CFLAGS is non-empty it holds CFLAGS needed to be passed to + # the compiler so as to be able to produce optimized objects diff --git openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp --- openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp +++ openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp @@ -60,7 +62,7 @@ diff --git openjdk.orig/hotspot/src/cpu/zero/vm/interpreterRT_zero.cpp openjdk/h switch (type) { case T_VOID: ftype = &ffi_type_void; -diff --git a/src/os_cpu/linux_zero/vm/os_linux_zero.cpp b/src/os_cpu/linux_zero/vm/os_linux_zero.cpp +diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp --- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp +++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp @@ -1,6 +1,6 @@ diff --git a/SOURCES/jdk8171000-pr3542-rh1402819-robot_createScreenCapture_crashes_in_wayland_mode.patch b/SOURCES/jdk8171000-pr3542-rh1402819-robot_createScreenCapture_crashes_in_wayland_mode.patch deleted file mode 100644 index d831aa9..0000000 --- a/SOURCES/jdk8171000-pr3542-rh1402819-robot_createScreenCapture_crashes_in_wayland_mode.patch +++ /dev/null @@ -1,121 +0,0 @@ -# HG changeset patch -# User kaddepalli -# Date 1517818481 -19800 -# Mon Feb 05 13:44:41 2018 +0530 -# Node ID b77308735540644d4710244e3c88865067f2905a -# Parent 39bfc94b1f4265b645c2970a58389acc779dafe9 -8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode -Reviewed-by: serb, mhalder - -diff --git openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c openjdk/jdk/src/solaris/native/sun/awt/multiVis.c ---- openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c -+++ openjdk/jdk/src/solaris/native/sun/awt/multiVis.c -@@ -394,77 +394,48 @@ - XRectangle bbox; /* bounding box of grabbed area */ - list_ptr regions;/* list of regions to read from */ - { -- image_region_type *reg; -- int32_t dst_x, dst_y; /* where in pixmap to write (UL) */ -- int32_t diff; -- -- XImage *reg_image,*ximage ; -- int32_t srcRect_x,srcRect_y,srcRect_width,srcRect_height ; -- int32_t rem ; -- int32_t bytes_per_line; -- int32_t bitmap_unit; -- -- bitmap_unit = sizeof (long); -- if (format == ZPixmap) -- bytes_per_line = width*depth/8; -- else -- bytes_per_line = width/8; -- -- -- /* Find out how many more bytes are required for padding so that -- ** bytes per scan line will be multiples of bitmap_unit bits */ -- if (format == ZPixmap) { -- rem = (bytes_per_line*8)%bitmap_unit; -- if (rem) -- bytes_per_line += (rem/8 + 1); -- } -+ XImage *ximage ; - - ximage = XCreateImage(disp,fakeVis,(uint32_t) depth,format,0,NULL, - (uint32_t)width,(uint32_t)height,8,0); - -- bytes_per_line = ximage->bytes_per_line; -- -- if (format == ZPixmap) -- ximage->data = malloc(height*bytes_per_line); -- else -- ximage->data = malloc(height*bytes_per_line*depth); -- -+ ximage->data = calloc(ximage->bytes_per_line*height*((format==ZPixmap)? 1 : depth), sizeof(char)); - ximage->bits_per_pixel = depth; /** Valid only if format is ZPixmap ***/ - -- for (reg = (image_region_type *) first_in_list( regions); reg; -+ for (image_region_type* reg = (image_region_type *) first_in_list( regions); reg; - reg = (image_region_type *) next_in_list( regions)) - { -- int32_t rect; -- struct my_XRegion *vis_reg; -- vis_reg = (struct my_XRegion *)(reg->visible_region); -- for (rect = 0; -- rect < vis_reg->numRects; -- rect++) -+ struct my_XRegion *vis_reg = (struct my_XRegion *)(reg->visible_region); -+ for (int32_t rect = 0; rect < vis_reg->numRects; rect++) - { -- /** ------------------------------------------------------------------------ -- Intersect bbox with visible part of region giving src rect & output -- location. Width is the min right side minus the max left side. -- Similar for height. Offset src rect so x,y are relative to -- origin of win, not the root-relative visible rect of win. -- ------------------------------------------------------------------------ **/ -- srcRect_width = MIN( vis_reg->rects[rect].x2, bbox.width + bbox.x) -- - MAX( vis_reg->rects[rect].x1, bbox.x); -+ /** ------------------------------------------------------------------------ -+ Intersect bbox with visible part of region giving src rect & output -+ location. Width is the min right side minus the max left side. -+ Similar for height. Offset src rect so x,y are relative to -+ origin of win, not the root-relative visible rect of win. -+ ------------------------------------------------------------------------ **/ -+ int32_t srcRect_width = MIN( vis_reg->rects[rect].x2, bbox.width + bbox.x) -+ - MAX( vis_reg->rects[rect].x1, bbox.x); -+ -+ int32_t srcRect_height = MIN( vis_reg->rects[rect].y2, bbox.height + bbox.y) -+ - MAX( vis_reg->rects[rect].y1, bbox.y); - -- srcRect_height = MIN( vis_reg->rects[rect].y2, bbox.height + bbox.y) -- - MAX( vis_reg->rects[rect].y1, bbox.y); -+ int32_t diff = bbox.x - vis_reg->rects[rect].x1; -+ int32_t srcRect_x = MAX( 0, diff) + (vis_reg->rects[rect].x1 - reg->x_rootrel - reg->border); -+ int32_t dst_x = MAX( 0, -diff) ; - -- diff = bbox.x - vis_reg->rects[rect].x1; -- srcRect_x = MAX( 0, diff) + (vis_reg->rects[rect].x1 - reg->x_rootrel - reg->border); -- dst_x = MAX( 0, -diff) ; -- diff = bbox.y - vis_reg->rects[rect].y1; -- srcRect_y = MAX( 0, diff) + (vis_reg->rects[rect].y1 - reg->y_rootrel - reg->border); -- dst_y = MAX( 0, -diff) ; -- reg_image = XGetImage(disp,reg->win,srcRect_x,srcRect_y, -- (uint32_t) srcRect_width, (uint32_t) srcRect_height,AllPlanes,format) ; -- TransferImage(disp,reg_image,srcRect_width, -- srcRect_height,reg,ximage,dst_x,dst_y) ; -- XDestroyImage(reg_image); -- } -+ diff = bbox.y - vis_reg->rects[rect].y1; -+ int32_t srcRect_y = MAX( 0, diff) + (vis_reg->rects[rect].y1 - reg->y_rootrel - reg->border); -+ int32_t dst_y = MAX( 0, -diff) ; -+ XImage* reg_image = XGetImage(disp,reg->win,srcRect_x,srcRect_y, -+ (uint32_t) srcRect_width, (uint32_t) srcRect_height,AllPlanes,format) ; -+ -+ if (reg_image) { -+ TransferImage(disp,reg_image,srcRect_width, -+ srcRect_height,reg,ximage,dst_x,dst_y) ; -+ XDestroyImage(reg_image); -+ } -+ } - } - return ximage ; - } diff --git a/SOURCES/jdk8197546-pr3542-rh1402819-fix_for_8171000_breaks_solaris_linux_builds.patch b/SOURCES/jdk8197546-pr3542-rh1402819-fix_for_8171000_breaks_solaris_linux_builds.patch deleted file mode 100644 index ba712ad..0000000 --- a/SOURCES/jdk8197546-pr3542-rh1402819-fix_for_8171000_breaks_solaris_linux_builds.patch +++ /dev/null @@ -1,35 +0,0 @@ -# HG changeset patch -# User prr -# Date 1518454604 28800 -# Mon Feb 12 08:56:44 2018 -0800 -# Node ID 556adf3a76aa81bf3918d7d46554dae7cc1d5c5c -# Parent b77308735540644d4710244e3c88865067f2905a -8197546: Fix for 8171000 breaks Solaris + Linux builds -Reviewed-by: serb, jdv - -diff --git openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c openjdk/jdk/src/solaris/native/sun/awt/multiVis.c ---- openjdk.orig/jdk/src/solaris/native/sun/awt/multiVis.c -+++ openjdk/jdk/src/solaris/native/sun/awt/multiVis.c -@@ -395,6 +395,8 @@ - list_ptr regions;/* list of regions to read from */ - { - XImage *ximage ; -+ image_region_type* reg; -+ int32_t rect; - - ximage = XCreateImage(disp,fakeVis,(uint32_t) depth,format,0,NULL, - (uint32_t)width,(uint32_t)height,8,0); -@@ -402,11 +404,11 @@ - ximage->data = calloc(ximage->bytes_per_line*height*((format==ZPixmap)? 1 : depth), sizeof(char)); - ximage->bits_per_pixel = depth; /** Valid only if format is ZPixmap ***/ - -- for (image_region_type* reg = (image_region_type *) first_in_list( regions); reg; -+ for (reg = (image_region_type *) first_in_list( regions); reg; - reg = (image_region_type *) next_in_list( regions)) - { - struct my_XRegion *vis_reg = (struct my_XRegion *)(reg->visible_region); -- for (int32_t rect = 0; rect < vis_reg->numRects; rect++) -+ for (rect = 0; rect < vis_reg->numRects; rect++) - { - /** ------------------------------------------------------------------------ - Intersect bbox with visible part of region giving src rect & output diff --git a/SOURCES/jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch b/SOURCES/jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch deleted file mode 100644 index 98bbad0..0000000 --- a/SOURCES/jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff --git openjdk.orig/jdk/make/lib/CoreLibraries.gmk openjdk/jdk/make/lib/CoreLibraries.gmk ---- openjdk.orig/jdk/make/lib/CoreLibraries.gmk -+++ openjdk/jdk/make/lib/CoreLibraries.gmk -@@ -37,21 +37,32 @@ ifeq ($(OPENJDK_TARGET_OS), solaris) - endif - - ifeq ($(OPENJDK_TARGET_OS), linux) -- ifeq ($(OPENJDK_TARGET_CPU), ppc64) -- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -- else ifeq ($(OPENJDK_TARGET_CPU), ppc64le) -- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -- else ifeq ($(OPENJDK_TARGET_CPU), aarch64) -- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -- endif --endif -- --ifneq ($(OPENJDK_TARGET_OS), macosx) -+ BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -+ LIBFDLIBM_CFLAGS_LINUX := -ffp-contract=off - # Unfortunately, '-ffp-contract' is only available since gcc 4.6. For ppc64le - # that's no problem since ppc64le support only appeared in gcc 4.8.3. But on - # ppc64 (big endian) we traditionally compiled with gcc 4.3 which only knows - # '-mno-fused-madd'. However, that's still not enough to get the float - # computations right - we additionally have to supply '-fno-strict-aliasing'. -+ # -+ # -+ ifeq ($(TOOLCHAIN_TYPE), gcc) -+ CC_VER_MAJOR := $(shell $(CC) -dumpversion | cut -d'.' -f1) -+ CC_VER_MINOR := $(shell $(CC) -dumpversion | cut -d'.' -f2) -+ endif -+ # Only GCC 4.6 and better have machine independent -ffp-contract=off. -+ # For other versions we need to explicitly set arch specific machine -+ # flags or keep optimization off. -+ ifeq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 6 \) \))" "0" -+ ifeq ($(OPENJDK_TARGET_CPU), ppc64) -+ LIBFDLIBM_CFLAGS_LINUX := -mno-fused-madd -fno-strict-aliasing -+ else -+ BUILD_LIBFDLIBM_OPTIMIZATION := NONE -+ endif -+ endif -+endif -+ -+ifneq ($(OPENJDK_TARGET_OS), macosx) - $(eval $(call SetupNativeCompilation,BUILD_LIBFDLIBM, \ - STATIC_LIBRARY := fdlibm, \ - OUTPUT_DIR := $(JDK_OUTPUTDIR)/objs, \ -@@ -62,9 +73,7 @@ ifneq ($(OPENJDK_TARGET_OS), macosx) - -I$(JDK_TOPDIR)/src/share/native/java/lang/fdlibm/include, \ - CFLAGS_windows_debug := -DLOGGING, \ - CFLAGS_aix := -qfloat=nomaf, \ -- CFLAGS_linux_ppc64 := -mno-fused-madd -fno-strict-aliasing, \ -- CFLAGS_linux_ppc64le := -ffp-contract=off, \ -- CFLAGS_linux_aarch64 := -ffp-contract=off, \ -+ CFLAGS_linux := $(LIBFDLIBM_CFLAGS_LINUX), \ - ARFLAGS := $(ARFLAGS), \ - OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libfdlibm, \ - DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES))) diff --git a/SOURCES/jdk8210425-rh1632174-01-compile_with_o2_and_ffp_contract_off_as_for_fdlibm.patch b/SOURCES/jdk8210425-rh1632174-01-compile_with_o2_and_ffp_contract_off_as_for_fdlibm.patch deleted file mode 100644 index 0b05ba6..0000000 --- a/SOURCES/jdk8210425-rh1632174-01-compile_with_o2_and_ffp_contract_off_as_for_fdlibm.patch +++ /dev/null @@ -1,83 +0,0 @@ -diff --git openjdk.orig/hotspot/make/linux/makefiles/amd64.make openjdk/hotspot/make/linux/makefiles/amd64.make ---- openjdk.orig/hotspot/make/linux/makefiles/amd64.make -+++ openjdk/hotspot/make/linux/makefiles/amd64.make -@@ -22,10 +22,13 @@ - # - # - --# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) --# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+ifeq ($(OPT_CFLAGS_NO_FMA),) -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+else -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+endif - # Must also specify if CPU is little endian - CFLAGS += -DVM_LITTLE_ENDIAN - -diff --git openjdk.orig/hotspot/make/linux/makefiles/gcc.make openjdk/hotspot/make/linux/makefiles/gcc.make ---- openjdk.orig/hotspot/make/linux/makefiles/gcc.make -+++ openjdk/hotspot/make/linux/makefiles/gcc.make -@@ -225,6 +225,16 @@ - OPT_CFLAGS/SIZE=-Os - OPT_CFLAGS/SPEED=-O3 - -+ifeq ($(USE_CLANG),) -+ # Only GCC 4.6 and better have machine independent -ffp-contract=off. -+ # For other versions we need to explicitly set arch specific machine -+ # flags or keep optimization off for them. -+ ifeq "$(shell expr \( $(CC_VER_MAJOR) \> 4 \) \| \( \( $(CC_VER_MAJOR) = 4 \) \& \( $(CC_VER_MINOR) \>= 6 \) \))" "1" -+ OPT_CFLAGS_NO_FMA = -ffp-contract=off -+ endif -+endif -+ -+ - # Hotspot uses very unstrict aliasing turn this optimization off - # This option is added to CFLAGS rather than OPT_CFLAGS - # so that OPT_CFLAGS overrides get this option too. -diff --git openjdk.orig/hotspot/make/linux/makefiles/i486.make openjdk/hotspot/make/linux/makefiles/i486.make ---- openjdk.orig/hotspot/make/linux/makefiles/i486.make -+++ openjdk/hotspot/make/linux/makefiles/i486.make -@@ -24,10 +24,13 @@ - - # TLS helper, assembled from .s file - --# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) --# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+ifeq ($(OPT_CFLAGS_NO_FMA),) -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+else -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+endif - # Must also specify if CPU is little endian - CFLAGS += -DVM_LITTLE_ENDIAN - -diff --git openjdk.orig/hotspot/make/linux/makefiles/ppc64.make openjdk/hotspot/make/linux/makefiles/ppc64.make ---- openjdk.orig/hotspot/make/linux/makefiles/ppc64.make -+++ openjdk/hotspot/make/linux/makefiles/ppc64.make -@@ -49,3 +49,17 @@ - # Use Power8, this is the first CPU to support PPC64 LE with ELFv2 ABI. - CFLAGS += -mcpu=power7 -mtune=power8 -minsert-sched-nops=regroup_exact -mno-multiple -mno-string - endif -+ -+ifeq ($(OPT_CFLAGS_NO_FMA),) -+ ifeq ($(OPENJDK_TARGET_CPU_ENDIAN),big) -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) -mno-fused-madd -fno-strict-aliasing -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) -mno-fused-madd -fno-strict-aliasing -+ else -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+ endif -+else -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+endif -+ diff --git a/SOURCES/jdk8210425-rh1632174-02-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_aarch64.patch b/SOURCES/jdk8210425-rh1632174-02-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_aarch64.patch deleted file mode 100644 index cf1b40b..0000000 --- a/SOURCES/jdk8210425-rh1632174-02-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_aarch64.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git openjdk.orig/hotspot/make/linux/makefiles/aarch64.make openjdk/hotspot/make/linux/makefiles/aarch64.make -index 3d17326..7cdb498 100644 ---- openjdk.orig/hotspot/make/linux/makefiles/aarch64.make -+++ openjdk/hotspot/make/linux/makefiles/aarch64.make -@@ -22,10 +22,13 @@ - # - # - --# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) --# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+ifeq ($(OPT_CFLAGS_NO_FMA),) -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+else -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+endif - # Must also specify if CPU is little endian - CFLAGS += -DVM_LITTLE_ENDIAN - diff --git a/SOURCES/jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch b/SOURCES/jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch deleted file mode 100644 index 6c1ebad..0000000 --- a/SOURCES/jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openjdk/hotspot/make/linux/makefiles/zeroshark.make -+++ openjdk/hotspot/make/linux/makefiles/zeroshark.make -@@ -30,10 +30,13 @@ ifeq ($(USE_CLANG), true) - WARNING_FLAGS += -Wno-undef - endif - --# The copied fdlibm routines in sharedRuntimeTrig.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) --# The copied fdlibm routines in sharedRuntimeTrans.o must not be optimized --OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+ifeq ($(OPT_CFLAGS_NO_FMA),) -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/NOOPT) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/NOOPT) -+else -+ OPT_CFLAGS/sharedRuntimeTrig.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+ OPT_CFLAGS/sharedRuntimeTrans.o = $(OPT_CFLAGS/SPEED) $(OPT_CFLAGS_NO_FMA) -+endif - - # Specify that the CPU is little endian, if necessary - ifeq ($(ZERO_ENDIANNESS), little) diff --git a/SOURCES/jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch b/SOURCES/jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch deleted file mode 100644 index be2650b..0000000 --- a/SOURCES/jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch +++ /dev/null @@ -1,29 +0,0 @@ -# HG changeset patch -# User sgehwolf -# Date 1537541916 -7200 -# Fri Sep 21 16:58:36 2018 +0200 -# Node ID 4010c90156d1bfeaf988dbfeb01520f2e3a66ea8 -# Parent 54afe70c50b6a6685763d00883e5173c0ba3a19d -8210761: libjsig is being compiled without optimization -Reviewed-by: erikj, ihse - -diff --git openjdk.orig/hotspot/make/linux/makefiles/jsig.make openjdk/hotspot/make/linux/makefiles/jsig.make ---- openjdk.orig/hotspot/make/linux/makefiles/jsig.make -+++ openjdk/hotspot/make/linux/makefiles/jsig.make -@@ -51,10 +51,15 @@ - JSIG_DEBUG_CFLAGS = -g - endif - -+# Optimize jsig lib at level -O3 unless it's a slowdebug build -+ifneq ($(DEBUG_LEVEL), slowdebug) -+ JSIG_OPT_FLAGS = $(OPT_CFLAGS) -+endif -+ - $(LIBJSIG): $(JSIGSRCDIR)/jsig.c $(LIBJSIG_MAPFILE) - @echo Making signal interposition lib... - $(QUIETLY) $(CC) $(SYMFLAG) $(ARCHFLAG) $(SHARED_FLAG) $(PICFLAG) \ -- $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl -+ $(LFLAGS_JSIG) $(JSIG_DEBUG_CFLAGS) $(JSIG_OPT_FLAGS) $(EXTRA_CFLAGS) -o $@ $< -ldl - ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1) - ifneq ($(STRIP_POLICY),no_strip) - $(QUIETLY) $(OBJCOPY) --only-keep-debug $@ $(LIBJSIG_DEBUGINFO) diff --git a/SOURCES/nss.fips.cfg.in b/SOURCES/nss.fips.cfg.in new file mode 100644 index 0000000..ead27be --- /dev/null +++ b/SOURCES/nss.fips.cfg.in @@ -0,0 +1,6 @@ +name = NSS-FIPS +nssLibraryDirectory = @NSS_LIBDIR@ +nssSecmodDirectory = @NSS_SECMOD@ +nssDbMode = readOnly +nssModule = fips + diff --git a/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch b/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch deleted file mode 100644 index 8165340..0000000 --- a/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff --git a/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java ---- openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java -+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java -@@ -168,20 +168,10 @@ - "contains no supported elliptic curves"); - } - } else { // default curves -- int[] ids; -- if (requireFips) { -- ids = new int[] { -- // only NIST curves in FIPS mode -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- }; -- } else { -- ids = new int[] { -- // NIST curves first -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- // non-NIST curves -- 22, -- }; -- } -+ int[] ids = new int[] { -+ // NSS currently only supports these three NIST curves -+ 23, 24, 25 -+ }; - - idList = new ArrayList<>(ids.length); - for (int curveId : ids) { diff --git a/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch b/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch deleted file mode 100644 index 31c285b..0000000 --- a/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch +++ /dev/null @@ -1,699 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1453863246 0 -# Wed Jan 27 02:54:06 2016 +0000 -# Node ID 48c15869ecd568263249af4b9a4e98d4e57f9a8f -# Parent afd392dfaed501ac674a7cc3e37353ce300969c7 -PR1983: Support using the system installation of NSS with the SunEC provider -Summary: Apply code changes from PR1699 & PR1742 & forward-port Makefile changes to the new build. -Updated 2017/07/04 to accomodate 8175110 - -diff -r 984a4af2ed4e make/lib/SecurityLibraries.gmk ---- openjdk/jdk/make/lib/SecurityLibraries.gmk -+++ openjdk/jdk/make/lib/SecurityLibraries.gmk -@@ -218,8 +218,17 @@ - - ifeq ($(ENABLE_INTREE_EC), yes) - -- BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec \ -+ BUILD_LIBSUNEC_FLAGS := -I$(JDK_TOPDIR)/src/share/native/sun/security/ec -+ -+ ifeq ($(USE_EXTERNAL_NSS), true) -+ BUILD_LIBSUNEC_IMPL_DIR := -+ BUILD_LIBSUNEC_FLAGS += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC -+ else -+ BUILD_LIBSUNEC_IMPL_DIR := \ -+ $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl -+ BUILD_LIBSUNEC_FLAGS += \ - -I$(JDK_TOPDIR)/src/share/native/sun/security/ec/impl -+ endif - - # - # On sol-sparc...all libraries are compiled with -xregs=no%appl -@@ -235,8 +244,8 @@ - $(eval $(call SetupNativeCompilation,BUILD_LIBSUNEC, \ - LIBRARY := sunec, \ - OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ -- SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec \ -- $(JDK_TOPDIR)/src/share/native/sun/security/ec/impl, \ -+ SRC := $(JDK_TOPDIR)/src/share/native/sun/security/ec/ECC_JNI.cpp \ -+ $(BUILD_LIBSUNEC_IMPL_DIR), \ - LANG := C++, \ - OPTIMIZATION := LOW, \ - CFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CFLAGS_JDKLIB)) \ -@@ -245,11 +254,12 @@ - CXXFLAGS := $(filter-out $(ECC_JNI_SOLSPARC_FILTER), $(CXXFLAGS_JDKLIB)) \ - $(BUILD_LIBSUNEC_FLAGS), \ - MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsunec/mapfile-vers, \ -- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \ -+ LDFLAGS := $(subst -Xlinker --as-needed,, \ -+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \ - LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \ - LDFLAGS_SUFFIX := $(LIBCXX), \ -- LDFLAGS_SUFFIX_linux := -lc, \ -- LDFLAGS_SUFFIX_solaris := -lc, \ -+ LDFLAGS_SUFFIX_linux := -lc $(NSS_LIBS), \ -+ LDFLAGS_SUFFIX_solaris := -lc $(NSS_LIBS), \ - VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ - RC_FLAGS := $(RC_FLAGS) \ - -D "JDK_FNAME=sunec.dll" \ -diff -r 984a4af2ed4e src/share/native/sun/security/ec/ECC_JNI.cpp ---- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp -+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp -@@ -24,7 +24,7 @@ - */ - - #include --#include "impl/ecc_impl.h" -+#include "ecc_impl.h" - - #define ILLEGAL_STATE_EXCEPTION "java/lang/IllegalStateException" - #define INVALID_ALGORITHM_PARAMETER_EXCEPTION \ -@@ -89,7 +89,7 @@ - */ - JNIEXPORT jobjectArray - JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair -- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed) -+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed) - { - ECPrivateKey *privKey = NULL; // contains both public and private values - ECParams *ecparams = NULL; -@@ -190,7 +190,7 @@ - */ - JNIEXPORT jbyteArray - JNICALL Java_sun_security_ec_ECDSASignature_signDigest -- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing) -+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing) - { - jbyte* pDigestBuffer = NULL; - jint jDigestLength = env->GetArrayLength(digest); -@@ -299,7 +299,7 @@ - */ - JNIEXPORT jboolean - JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest -- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) -+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) - { - jboolean isValid = false; - -@@ -384,7 +384,7 @@ - */ - JNIEXPORT jbyteArray - JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey -- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) -+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) - { - jbyteArray jSecret = NULL; - ECParams *ecparams = NULL; -diff -r 984a4af2ed4e src/share/native/sun/security/ec/ecc_impl.h ---- /dev/null -+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h -@@ -0,0 +1,298 @@ -+/* -+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved. -+ * Use is subject to license terms. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* ********************************************************************* -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Dr Vipul Gupta and -+ * Douglas Stebila , Sun Microsystems Laboratories -+ * -+ * Last Modified Date from the Original Code: May 2017 -+ *********************************************************************** */ -+ -+#ifndef _ECC_IMPL_H -+#define _ECC_IMPL_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#include -+ -+#ifdef SYSTEM_NSS -+#include -+#include -+#include -+#ifdef LEGACY_NSS -+#include -+#else -+#include -+#endif -+#else -+#include "ecl-exp.h" -+#endif -+ -+/* -+ * Multi-platform definitions -+ */ -+#ifdef __linux__ -+#define B_FALSE FALSE -+#define B_TRUE TRUE -+typedef unsigned char uint8_t; -+typedef unsigned long ulong_t; -+typedef enum { B_FALSE, B_TRUE } boolean_t; -+#endif /* __linux__ */ -+ -+#ifdef _ALLBSD_SOURCE -+#include -+#define B_FALSE FALSE -+#define B_TRUE TRUE -+typedef unsigned long ulong_t; -+typedef enum boolean { B_FALSE, B_TRUE } boolean_t; -+#endif /* _ALLBSD_SOURCE */ -+ -+#ifdef AIX -+#define B_FALSE FALSE -+#define B_TRUE TRUE -+typedef unsigned char uint8_t; -+typedef unsigned long ulong_t; -+#endif /* AIX */ -+ -+#ifdef _WIN32 -+typedef unsigned char uint8_t; -+typedef unsigned long ulong_t; -+typedef enum boolean { B_FALSE, B_TRUE } boolean_t; -+#define strdup _strdup /* Replace POSIX name with ISO C++ name */ -+#endif /* _WIN32 */ -+ -+#ifndef _KERNEL -+#include -+#endif /* _KERNEL */ -+ -+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */ -+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */ -+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */ -+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */ -+#define EC_MIN_KEY_LEN 112 /* min key length in bits */ -+#define EC_MAX_KEY_LEN 571 /* max key length in bits */ -+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */ -+ -+/* -+ * Various structures and definitions from NSS are here. -+ */ -+ -+#ifndef SYSTEM_NSS -+#ifdef _KERNEL -+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f)) -+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f)) -+#define PORT_ArenaGrow(a, b, c, d) NULL -+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f)) -+#define PORT_Alloc(n, f) kmem_alloc((n), (f)) -+#else -+#define PORT_ArenaAlloc(a, n, f) malloc((n)) -+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n)) -+#define PORT_ArenaGrow(a, b, c, d) NULL -+#define PORT_ZAlloc(n, f) calloc(1, (n)) -+#define PORT_Alloc(n, f) malloc((n)) -+#endif -+ -+#define PORT_NewArena(b) (char *)12345 -+#define PORT_ArenaMark(a) NULL -+#define PORT_ArenaUnmark(a, b) -+#define PORT_ArenaRelease(a, m) -+#define PORT_FreeArena(a, b) -+#define PORT_Strlen(s) strlen((s)) -+#define PORT_SetError(e) -+ -+#define PRBool boolean_t -+#define PR_TRUE B_TRUE -+#define PR_FALSE B_FALSE -+ -+#ifdef _KERNEL -+#define PORT_Assert ASSERT -+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l)) -+#else -+#define PORT_Assert assert -+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l)) -+#endif -+ -+#endif -+ -+#define CHECK_OK(func) if (func == NULL) goto cleanup -+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup -+ -+#ifndef SYSTEM_NSS -+typedef enum { -+ siBuffer = 0, -+ siClearDataBuffer = 1, -+ siCipherDataBuffer = 2, -+ siDERCertBuffer = 3, -+ siEncodedCertBuffer = 4, -+ siDERNameBuffer = 5, -+ siEncodedNameBuffer = 6, -+ siAsciiNameString = 7, -+ siAsciiString = 8, -+ siDEROID = 9, -+ siUnsignedInteger = 10, -+ siUTCTime = 11, -+ siGeneralizedTime = 12 -+} SECItemType; -+ -+typedef struct SECItemStr SECItem; -+ -+struct SECItemStr { -+ SECItemType type; -+ unsigned char *data; -+ unsigned int len; -+}; -+ -+typedef SECItem SECKEYECParams; -+ -+typedef enum { ec_params_explicit, -+ ec_params_named -+} ECParamsType; -+ -+typedef enum { ec_field_GFp = 1, -+ ec_field_GF2m -+} ECFieldType; -+ -+struct ECFieldIDStr { -+ int size; /* field size in bits */ -+ ECFieldType type; -+ union { -+ SECItem prime; /* prime p for (GFp) */ -+ SECItem poly; /* irreducible binary polynomial for (GF2m) */ -+ } u; -+ int k1; /* first coefficient of pentanomial or -+ * the only coefficient of trinomial -+ */ -+ int k2; /* two remaining coefficients of pentanomial */ -+ int k3; -+}; -+typedef struct ECFieldIDStr ECFieldID; -+ -+struct ECCurveStr { -+ SECItem a; /* contains octet stream encoding of -+ * field element (X9.62 section 4.3.3) -+ */ -+ SECItem b; -+ SECItem seed; -+}; -+typedef struct ECCurveStr ECCurve; -+ -+typedef void PRArenaPool; -+ -+struct ECParamsStr { -+ PRArenaPool * arena; -+ ECParamsType type; -+ ECFieldID fieldID; -+ ECCurve curve; -+ SECItem base; -+ SECItem order; -+ int cofactor; -+ SECItem DEREncoding; -+ ECCurveName name; -+ SECItem curveOID; -+}; -+typedef struct ECParamsStr ECParams; -+ -+struct ECPublicKeyStr { -+ ECParams ecParams; -+ SECItem publicValue; /* elliptic curve point encoded as -+ * octet stream. -+ */ -+}; -+typedef struct ECPublicKeyStr ECPublicKey; -+ -+struct ECPrivateKeyStr { -+ ECParams ecParams; -+ SECItem publicValue; /* encoded ec point */ -+ SECItem privateValue; /* private big integer */ -+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ -+}; -+typedef struct ECPrivateKeyStr ECPrivateKey; -+ -+typedef enum _SECStatus { -+ SECBufferTooSmall = -3, -+ SECWouldBlock = -2, -+ SECFailure = -1, -+ SECSuccess = 0 -+} SECStatus; -+#endif -+ -+#ifdef _KERNEL -+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l)) -+#else -+/* -+ This function is no longer required because the random bytes are now -+ supplied by the caller. Force a failure. -+*/ -+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure -+#endif -+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup -+#define MP_TO_SEC_ERROR(err) -+ -+#define SECITEM_TO_MPINT(it, mp) \ -+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len)) -+ -+extern int ecc_knzero_random_generator(uint8_t *, size_t); -+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t); -+ -+#ifdef SYSTEM_NSS -+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) -+#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d) -+#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigestWithSeed(a,b,c,d,e) -+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) -+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) -+#else -+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int); -+ -+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int); -+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *, -+ int); -+extern void SECITEM_FreeItem(SECItem *, boolean_t); -+ -+/* This function has been modified to accept an array of random bytes */ -+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey, -+ const unsigned char* random, int randomlen, int); -+/* This function has been modified to accept an array of random bytes */ -+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *, -+ const unsigned char* random, int randomlen, int, int timing); -+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *, -+ const SECItem *, int); -+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t, -+ SECItem *, int); -+#endif -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* _ECC_IMPL_H */ -diff -r 984a4af2ed4e src/share/native/sun/security/ec/impl/ecc_impl.h ---- openjdk/jdk/src/share/native/sun/security/ec/impl/ecc_impl.h -+++ /dev/null -@@ -1,271 +0,0 @@ --/* -- * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved. -- * Use is subject to license terms. -- * -- * This library is free software; you can redistribute it and/or -- * modify it under the terms of the GNU Lesser General Public -- * License as published by the Free Software Foundation; either -- * version 2.1 of the License, or (at your option) any later version. -- * -- * This library is distributed in the hope that it will be useful, -- * but WITHOUT ANY WARRANTY; without even the implied warranty of -- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -- * Lesser General Public License for more details. -- * -- * You should have received a copy of the GNU Lesser General Public License -- * along with this library; if not, write to the Free Software Foundation, -- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -- * -- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -- * or visit www.oracle.com if you need additional information or have any -- * questions. -- */ -- --/* ********************************************************************* -- * -- * The Original Code is the Netscape security libraries. -- * -- * The Initial Developer of the Original Code is -- * Netscape Communications Corporation. -- * Portions created by the Initial Developer are Copyright (C) 1994-2000 -- * the Initial Developer. All Rights Reserved. -- * -- * Contributor(s): -- * Dr Vipul Gupta and -- * Douglas Stebila , Sun Microsystems Laboratories -- * -- * Last Modified Date from the Original Code: May 2017 -- *********************************************************************** */ -- --#ifndef _ECC_IMPL_H --#define _ECC_IMPL_H -- --#ifdef __cplusplus --extern "C" { --#endif -- --#include --#include "ecl-exp.h" -- --/* -- * Multi-platform definitions -- */ --#ifdef __linux__ --#define B_FALSE FALSE --#define B_TRUE TRUE --typedef unsigned char uint8_t; --typedef unsigned long ulong_t; --typedef enum { B_FALSE, B_TRUE } boolean_t; --#endif /* __linux__ */ -- --#ifdef _ALLBSD_SOURCE --#include --#define B_FALSE FALSE --#define B_TRUE TRUE --typedef unsigned long ulong_t; --typedef enum boolean { B_FALSE, B_TRUE } boolean_t; --#endif /* _ALLBSD_SOURCE */ -- --#ifdef AIX --#define B_FALSE FALSE --#define B_TRUE TRUE --typedef unsigned char uint8_t; --typedef unsigned long ulong_t; --#endif /* AIX */ -- --#ifdef _WIN32 --typedef unsigned char uint8_t; --typedef unsigned long ulong_t; --typedef enum boolean { B_FALSE, B_TRUE } boolean_t; --#define strdup _strdup /* Replace POSIX name with ISO C++ name */ --#endif /* _WIN32 */ -- --#ifndef _KERNEL --#include --#endif /* _KERNEL */ -- --#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */ --#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */ --#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */ --#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */ --#define EC_MIN_KEY_LEN 112 /* min key length in bits */ --#define EC_MAX_KEY_LEN 571 /* max key length in bits */ --#define EC_MAX_OID_LEN 10 /* max length of OID buffer */ -- --/* -- * Various structures and definitions from NSS are here. -- */ -- --#ifdef _KERNEL --#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f)) --#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f)) --#define PORT_ArenaGrow(a, b, c, d) NULL --#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f)) --#define PORT_Alloc(n, f) kmem_alloc((n), (f)) --#else --#define PORT_ArenaAlloc(a, n, f) malloc((n)) --#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n)) --#define PORT_ArenaGrow(a, b, c, d) NULL --#define PORT_ZAlloc(n, f) calloc(1, (n)) --#define PORT_Alloc(n, f) malloc((n)) --#endif -- --#define PORT_NewArena(b) (char *)12345 --#define PORT_ArenaMark(a) NULL --#define PORT_ArenaUnmark(a, b) --#define PORT_ArenaRelease(a, m) --#define PORT_FreeArena(a, b) --#define PORT_Strlen(s) strlen((s)) --#define PORT_SetError(e) -- --#define PRBool boolean_t --#define PR_TRUE B_TRUE --#define PR_FALSE B_FALSE -- --#ifdef _KERNEL --#define PORT_Assert ASSERT --#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l)) --#else --#define PORT_Assert assert --#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l)) --#endif -- --#define CHECK_OK(func) if (func == NULL) goto cleanup --#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup -- --typedef enum { -- siBuffer = 0, -- siClearDataBuffer = 1, -- siCipherDataBuffer = 2, -- siDERCertBuffer = 3, -- siEncodedCertBuffer = 4, -- siDERNameBuffer = 5, -- siEncodedNameBuffer = 6, -- siAsciiNameString = 7, -- siAsciiString = 8, -- siDEROID = 9, -- siUnsignedInteger = 10, -- siUTCTime = 11, -- siGeneralizedTime = 12 --} SECItemType; -- --typedef struct SECItemStr SECItem; -- --struct SECItemStr { -- SECItemType type; -- unsigned char *data; -- unsigned int len; --}; -- --typedef SECItem SECKEYECParams; -- --typedef enum { ec_params_explicit, -- ec_params_named --} ECParamsType; -- --typedef enum { ec_field_GFp = 1, -- ec_field_GF2m --} ECFieldType; -- --struct ECFieldIDStr { -- int size; /* field size in bits */ -- ECFieldType type; -- union { -- SECItem prime; /* prime p for (GFp) */ -- SECItem poly; /* irreducible binary polynomial for (GF2m) */ -- } u; -- int k1; /* first coefficient of pentanomial or -- * the only coefficient of trinomial -- */ -- int k2; /* two remaining coefficients of pentanomial */ -- int k3; --}; --typedef struct ECFieldIDStr ECFieldID; -- --struct ECCurveStr { -- SECItem a; /* contains octet stream encoding of -- * field element (X9.62 section 4.3.3) -- */ -- SECItem b; -- SECItem seed; --}; --typedef struct ECCurveStr ECCurve; -- --typedef void PRArenaPool; -- --struct ECParamsStr { -- PRArenaPool * arena; -- ECParamsType type; -- ECFieldID fieldID; -- ECCurve curve; -- SECItem base; -- SECItem order; -- int cofactor; -- SECItem DEREncoding; -- ECCurveName name; -- SECItem curveOID; --}; --typedef struct ECParamsStr ECParams; -- --struct ECPublicKeyStr { -- ECParams ecParams; -- SECItem publicValue; /* elliptic curve point encoded as -- * octet stream. -- */ --}; --typedef struct ECPublicKeyStr ECPublicKey; -- --struct ECPrivateKeyStr { -- ECParams ecParams; -- SECItem publicValue; /* encoded ec point */ -- SECItem privateValue; /* private big integer */ -- SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ --}; --typedef struct ECPrivateKeyStr ECPrivateKey; -- --typedef enum _SECStatus { -- SECBufferTooSmall = -3, -- SECWouldBlock = -2, -- SECFailure = -1, -- SECSuccess = 0 --} SECStatus; -- --#ifdef _KERNEL --#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l)) --#else --/* -- This function is no longer required because the random bytes are now -- supplied by the caller. Force a failure. --*/ --#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure --#endif --#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup --#define MP_TO_SEC_ERROR(err) -- --#define SECITEM_TO_MPINT(it, mp) \ -- CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len)) -- --extern int ecc_knzero_random_generator(uint8_t *, size_t); --extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t); -- --extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int); --extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int); --extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *, -- int); --extern void SECITEM_FreeItem(SECItem *, boolean_t); --/* This function has been modified to accept an array of random bytes */ --extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey, -- const unsigned char* random, int randomlen, int); --/* This function has been modified to accept an array of random bytes */ --extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *, -- const unsigned char* random, int randomlen, int, int timing); --extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *, -- const SECItem *, int); --extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t, -- SECItem *, int); -- --#ifdef __cplusplus --} --#endif -- --#endif /* _ECC_IMPL_H */ -diff -r 984a4af2ed4e src/solaris/javavm/export/jni_md.h ---- openjdk/jdk/src/solaris/javavm/export/jni_md.h -+++ openjdk/jdk/src/solaris/javavm/export/jni_md.h -@@ -36,6 +36,11 @@ - #define JNIEXPORT - #define JNIIMPORT - #endif -+#if (defined(__GNUC__)) || __has_attribute(unused) -+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__)) -+#else -+ #define UNUSED(x) UNUSED_ ## x -+#endif - - #define JNICALL - diff --git a/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_root8.patch b/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_root8.patch deleted file mode 100644 index 100472b..0000000 --- a/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_root8.patch +++ /dev/null @@ -1,89 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1453863007 0 -# Wed Jan 27 02:50:07 2016 +0000 -# Node ID f0635543beb309c4da1bb88c906a76ee4b75e16d -# Parent 4a5a0d4e1ae0feec2f47d17be380d6fcd5eff126 -PR1983: Support using the system installation of NSS with the SunEC provider -Summary: Add new configure option --enable-system-nss - -diff -r 92af9369869f common/autoconf/jdk-options.m4 ---- openjdk/common/autoconf/jdk-options.m4 Thu Jan 21 22:17:02 2016 +0000 -+++ openjdk/common/autoconf/jdk-options.m4 Wed Jan 27 05:32:12 2016 +0000 -@@ -414,9 +414,10 @@ - # - AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC], - [ -- AC_MSG_CHECKING([if elliptic curve crypto implementation is present]) -+ AC_REQUIRE([LIB_SETUP_MISC_LIBS]) -+ AC_MSG_CHECKING([if the elliptic curve crypto implementation is present]) - -- if test -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then -+ if test "x${system_nss}" = "xyes" -o -d "${SRC_ROOT}/jdk/src/share/native/sun/security/ec/impl"; then - ENABLE_INTREE_EC=yes - AC_MSG_RESULT([yes]) - else -diff -r 92af9369869f common/autoconf/libraries.m4 ---- openjdk/common/autoconf/libraries.m4 Thu Jan 21 22:17:02 2016 +0000 -+++ openjdk/common/autoconf/libraries.m4 Wed Jan 27 05:32:12 2016 +0000 -@@ -731,6 +731,47 @@ - LIBDL="$LIBS" - AC_SUBST(LIBDL) - LIBS="$save_LIBS" -+ -+ ############################################################################### -+ # -+ # Check for the NSS libraries -+ # -+ -+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries]) -+ -+ # default is bundled -+ DEFAULT_SYSTEM_NSS=no -+ -+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss], -+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])], -+ [ -+ case "${enableval}" in -+ yes) -+ system_nss=yes -+ ;; -+ *) -+ system_nss=no -+ ;; -+ esac -+ ], -+ [ -+ system_nss=${DEFAULT_SYSTEM_NSS} -+ ]) -+ AC_MSG_RESULT([$system_nss]) -+ -+ if test "x${system_nss}" = "xyes"; then -+ PKG_CHECK_MODULES(NSS, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no]) -+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes"; then -+ NSS_LIBS="$NSS_LIBS -lfreebl"; -+ USE_EXTERNAL_NSS=true -+ else -+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.]) -+ fi -+ else -+ USE_EXTERNAL_NSS=false -+ fi -+ AC_SUBST(USE_EXTERNAL_NSS) -+ - ]) - - AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP], -diff -r 92af9369869f common/autoconf/spec.gmk.in ---- openjdk/common/autoconf/spec.gmk.in Thu Jan 21 22:17:02 2016 +0000 -+++ openjdk/common/autoconf/spec.gmk.in Wed Jan 27 05:32:12 2016 +0000 -@@ -647,6 +647,9 @@ - # Read-only single-machine data - INSTALL_SYSCONFDIR=@sysconfdir@ - -+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@ -+NSS_LIBS:=@NSS_LIBS@ -+NSS_CFLAGS:=@NSS_CFLAGS@ - - #################################################### - # diff --git a/SOURCES/pr2127-sunec_provider_crashes_when_built_using_system_nss_thus_use_of_nss_memory_management_functions.patch b/SOURCES/pr2127-sunec_provider_crashes_when_built_using_system_nss_thus_use_of_nss_memory_management_functions.patch deleted file mode 100644 index b08822a..0000000 --- a/SOURCES/pr2127-sunec_provider_crashes_when_built_using_system_nss_thus_use_of_nss_memory_management_functions.patch +++ /dev/null @@ -1,178 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1453866306 0 -# Wed Jan 27 03:45:06 2016 +0000 -# Node ID 0ff7720931e8dbf7de25720bdc93b18527ab89e8 -# Parent 48c15869ecd568263249af4b9a4e98d4e57f9a8f -PR2127: SunEC provider crashes when built using system NSS -Summary: Use NSS memory management functions - -diff -r 48c15869ecd5 -r 0ff7720931e8 src/share/native/sun/security/ec/ECC_JNI.cpp ---- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 02:54:06 2016 +0000 -+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000 -@@ -32,6 +32,13 @@ - #define INVALID_PARAMETER_EXCEPTION \ - "java/security/InvalidParameterException" - #define KEY_EXCEPTION "java/security/KeyException" -+#define INTERNAL_ERROR "java/lang/InternalError" -+ -+#ifdef SYSTEM_NSS -+#define SYSTEM_UNUSED(x) UNUSED(x) -+#else -+#define SYSTEM_UNUSED(x) x -+#endif - - extern "C" { - -@@ -49,8 +56,13 @@ - /* - * Deep free of the ECParams struct - */ --void FreeECParams(ECParams *ecparams, jboolean freeStruct) -+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct)) - { -+#ifdef SYSTEM_NSS -+ // Needs to be freed using the matching method to the one -+ // that allocated it. PR_TRUE means the memory is zeroed. -+ PORT_FreeArena(ecparams->arena, PR_TRUE); -+#else - // Use B_FALSE to free the SECItem->data element, but not the SECItem itself - // Use B_TRUE to free both - -@@ -64,6 +76,7 @@ - SECITEM_FreeItem(&ecparams->curveOID, B_FALSE); - if (freeStruct) - free(ecparams); -+#endif - } - - jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem) -@@ -108,6 +121,13 @@ - goto cleanup; - } - -+#ifdef SYSTEM_NSS -+ if (SECOID_Init() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ goto cleanup; -+ } -+#endif -+ - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -163,16 +183,26 @@ - if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); -+#ifdef SYSTEM_NSS -+ if (SECOID_Shutdown() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+#endif - } - if (ecparams) { - FreeECParams(ecparams, true); - } - if (privKey) { - FreeECParams(&privKey->ecParams, false); -+#ifndef SYSTEM_NSS -+ // The entire ECPrivateKey is allocated in the arena -+ // when using system NSS, so only the in-tree version -+ // needs to clear these manually. - SECITEM_FreeItem(&privKey->version, B_FALSE); - SECITEM_FreeItem(&privKey->privateValue, B_FALSE); - SECITEM_FreeItem(&privKey->publicValue, B_FALSE); - free(privKey); -+#endif - } - - if (pSeedBuffer) { -@@ -223,6 +253,13 @@ - goto cleanup; - } - -+#ifdef SYSTEM_NSS -+ if (SECOID_Init() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ goto cleanup; -+ } -+#endif -+ - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -270,6 +307,11 @@ - if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); -+#ifdef SYSTEM_NSS -+ if (SECOID_Shutdown() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+#endif - } - if (privKey.privateValue.data) { - env->ReleaseByteArrayElements(privateKey, -@@ -336,6 +378,13 @@ - goto cleanup; - } - -+#ifdef SYSTEM_NSS -+ if (SECOID_Init() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ goto cleanup; -+ } -+#endif -+ - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -356,9 +405,15 @@ - - cleanup: - { -- if (params_item.data) -+ if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); -+#ifdef SYSTEM_NSS -+ if (SECOID_Shutdown() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+#endif -+ } - - if (pubKey.publicValue.data) - env->ReleaseByteArrayElements(publicKey, -@@ -419,6 +474,13 @@ - goto cleanup; - } - -+#ifdef SYSTEM_NSS -+ if (SECOID_Init() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ goto cleanup; -+ } -+#endif -+ - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -460,9 +522,15 @@ - env->ReleaseByteArrayElements(publicKey, - (jbyte *) publicValue_item.data, JNI_ABORT); - -- if (params_item.data) -+ if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); -+#ifdef SYSTEM_NSS -+ if (SECOID_Shutdown() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+#endif -+ } - - if (ecparams) - FreeECParams(ecparams, true); diff --git a/SOURCES/pr2815-race_condition_in_sunec_provider_with_system_nss_fix.patch b/SOURCES/pr2815-race_condition_in_sunec_provider_with_system_nss_fix.patch deleted file mode 100644 index db14f10..0000000 --- a/SOURCES/pr2815-race_condition_in_sunec_provider_with_system_nss_fix.patch +++ /dev/null @@ -1,189 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1453867347 0 -# Wed Jan 27 04:02:27 2016 +0000 -# Node ID 26e2e029ee256e9815fdc324831a03d8582255e1 -# Parent 0ff7720931e8dbf7de25720bdc93b18527ab89e8 -PR2815: Race condition in SunEC provider with system NSS -Summary: Perform initialisation and shutdown only when library is loaded or SunEC is finalized respectively - -diff -r 0ff7720931e8 -r 26e2e029ee25 make/mapfiles/libsunec/mapfile-vers ---- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 03:45:06 2016 +0000 -+++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers Wed Jan 27 04:02:27 2016 +0000 -@@ -31,6 +31,8 @@ - Java_sun_security_ec_ECDSASignature_signDigest; - Java_sun_security_ec_ECDSASignature_verifySignedDigest; - Java_sun_security_ec_ECDHKeyAgreement_deriveKey; -+ Java_sun_security_ec_SunEC_initialize; -+ Java_sun_security_ec_SunEC_cleanup; - local: - *; - }; -diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/classes/sun/security/ec/SunEC.java ---- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 03:45:06 2016 +0000 -+++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java Wed Jan 27 04:02:27 2016 +0000 -@@ -58,6 +58,7 @@ - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - System.loadLibrary("sunec"); // check for native library -+ initialize(); - return null; - } - }); -@@ -81,4 +82,22 @@ - } - } - -+ /** -+ * Cleanup native resources during finalisation. -+ */ -+ @Override -+ protected void finalize() { -+ cleanup(); -+ } -+ -+ /** -+ * Initialize the native code. -+ */ -+ private static native void initialize(); -+ -+ /** -+ * Cleanup in the native layer. -+ */ -+ private static native void cleanup(); -+ - } -diff -r 0ff7720931e8 -r 26e2e029ee25 src/share/native/sun/security/ec/ECC_JNI.cpp ---- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 03:45:06 2016 +0000 -+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp Wed Jan 27 04:02:27 2016 +0000 -@@ -121,13 +121,6 @@ - goto cleanup; - } - --#ifdef SYSTEM_NSS -- if (SECOID_Init() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- goto cleanup; -- } --#endif -- - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -183,11 +176,6 @@ - if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); --#ifdef SYSTEM_NSS -- if (SECOID_Shutdown() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- } --#endif - } - if (ecparams) { - FreeECParams(ecparams, true); -@@ -253,13 +241,6 @@ - goto cleanup; - } - --#ifdef SYSTEM_NSS -- if (SECOID_Init() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- goto cleanup; -- } --#endif -- - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -307,11 +288,6 @@ - if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); --#ifdef SYSTEM_NSS -- if (SECOID_Shutdown() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- } --#endif - } - if (privKey.privateValue.data) { - env->ReleaseByteArrayElements(privateKey, -@@ -378,13 +354,6 @@ - goto cleanup; - } - --#ifdef SYSTEM_NSS -- if (SECOID_Init() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- goto cleanup; -- } --#endif -- - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -408,11 +377,6 @@ - if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); --#ifdef SYSTEM_NSS -- if (SECOID_Shutdown() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- } --#endif - } - - if (pubKey.publicValue.data) -@@ -474,13 +438,6 @@ - goto cleanup; - } - --#ifdef SYSTEM_NSS -- if (SECOID_Init() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- goto cleanup; -- } --#endif -- - // Fill a new ECParams using the supplied OID - if (EC_DecodeParams(¶ms_item, &ecparams, 0) != SECSuccess) { - /* bad curve OID */ -@@ -525,11 +482,6 @@ - if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); --#ifdef SYSTEM_NSS -- if (SECOID_Shutdown() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- } --#endif - } - - if (ecparams) -@@ -539,4 +491,26 @@ - return jSecret; - } - -+JNIEXPORT void -+JNICALL Java_sun_security_ec_SunEC_initialize -+ (JNIEnv *env, jclass UNUSED(clazz)) -+{ -+#ifdef SYSTEM_NSS -+ if (SECOID_Init() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+#endif -+} -+ -+JNIEXPORT void -+JNICALL Java_sun_security_ec_SunEC_cleanup -+ (JNIEnv *env, jclass UNUSED(clazz)) -+{ -+#ifdef SYSTEM_NSS -+ if (SECOID_Shutdown() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+#endif -+} -+ - } /* extern "C" */ diff --git a/SOURCES/pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch b/SOURCES/pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch index fc8f981..a42688d 100644 --- a/SOURCES/pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch +++ b/SOURCES/pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch @@ -5,42 +5,45 @@ # Node ID 3334efeacd8327a14b7d2f392f4546e3c29c594b # Parent 6b81fd2227d14226f2121f2d51b464536925686e PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) +PR3575: System cacerts database handling should not affect jssecacerts -diff --git a/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java b/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java ---- openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java -+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java -@@ -174,15 +174,20 @@ - storeFile = new File(storeFileName); - fis = getFileInputStream(storeFile); - } else { -- String javaHome = props.get("javaHome"); -- storeFile = new File(javaHome + sep + "lib" + sep -- + "security" + sep + -- "jssecacerts"); -+ /* Check system cacerts DB first; /etc/pki/java/cacerts */ -+ storeFile = new File(sep + "etc" + sep + "pki" + sep -+ + "java" + sep + "cacerts"); - if ((fis = getFileInputStream(storeFile)) == null) { -+ String javaHome = props.get("javaHome"); - storeFile = new File(javaHome + sep + "lib" + sep -- + "security" + sep + -- "cacerts"); -- fis = getFileInputStream(storeFile); -+ + "security" + sep + -+ "jssecacerts"); -+ if ((fis = getFileInputStream(storeFile)) == null) { -+ storeFile = new File(javaHome + sep + "lib" + sep -+ + "security" + sep + -+ "cacerts"); -+ fis = getFileInputStream(storeFile); -+ } - } - } +diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java ++++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java +@@ -72,7 +72,7 @@ + * The preference of the default trusted KeyStore is: + * javax.net.ssl.trustStore + * jssecacerts +- * cacerts ++ * cacerts (system and local) + */ + private static final class TrustStoreDescriptor { + private static final String fileSep = File.separator; +@@ -83,6 +83,10 @@ + defaultStorePath + fileSep + "cacerts"; + private static final String jsseDefaultStore = + defaultStorePath + fileSep + "jssecacerts"; ++ /* Check system cacerts DB: /etc/pki/java/cacerts */ ++ private static final String systemStore = ++ fileSep + "etc" + fileSep + "pki" + ++ fileSep + "java" + fileSep + "cacerts"; -diff --git a/src/share/classes/sun/security/tools/KeyStoreUtil.java b/src/share/classes/sun/security/tools/KeyStoreUtil.java ---- openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java + // the trust store name + private final String storeName; +@@ -146,7 +150,8 @@ + long temporaryTime = 0L; + if (!"NONE".equals(storePropName)) { + String[] fileNames = +- new String[] {storePropName, defaultStore}; ++ new String[] {storePropName, ++ systemStore, defaultStore}; + for (String fileName : fileNames) { + File f = new File(fileName); + if (f.isFile() && f.canRead()) { +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java +++ openjdk/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java -@@ -87,9 +87,14 @@ +@@ -108,9 +108,14 @@ throws Exception { String sep = File.separator; diff --git a/SOURCES/pr2899-dont_use_withseed_versions_of_nss_functions_as_they_dont_fully_process_the_seed.patch b/SOURCES/pr2899-dont_use_withseed_versions_of_nss_functions_as_they_dont_fully_process_the_seed.patch deleted file mode 100644 index ffdefb0..0000000 --- a/SOURCES/pr2899-dont_use_withseed_versions_of_nss_functions_as_they_dont_fully_process_the_seed.patch +++ /dev/null @@ -1,24 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1459313680 -3600 -# Wed Mar 30 05:54:40 2016 +0100 -# Node ID 9dc0eca5fa8926e6a952fa4f1931e78aa1f52443 -# Parent 8957aff589013e671f02d38023d5ff245ef27e87 -PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed -Contributed-by: Alex Kashchenko -Updated 2017/07/04 to accomodate 8175110 by Andrew Hughes - -diff -r e5fdbb82bd49 src/share/native/sun/security/ec/ecc_impl.h ---- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h -+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h -@@ -267,8 +267,8 @@ - - #ifdef SYSTEM_NSS - #define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) --#define EC_NewKey(a,b,c,d,e) EC_NewKeyFromSeed(a,b,c,d) --#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigestWithSeed(a,b,c,d,e) -+#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b) -+#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigest(a,b,c) - #define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) - #define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) - #else diff --git a/SOURCES/pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch b/SOURCES/pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch deleted file mode 100644 index 83385da..0000000 --- a/SOURCES/pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch +++ /dev/null @@ -1,91 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1461349033 -3600 -# Fri Apr 22 19:17:13 2016 +0100 -# Node ID dab76de2f91cf1791c03560a3f45aaa69f8351fd -# Parent 3fa42705acab6d69b6141f47ebba4f85739a338c -PR2934: SunEC provider throwing KeyException with current NSS -Summary: Initialise the random number generator and feed the seed to it. -Updated 2017/07/04 to accomodate 8175110 - -diff -r 8aed1e903a4c src/share/native/sun/security/ec/ECC_JNI.cpp ---- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp -+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp -@@ -134,8 +134,17 @@ - env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); - - // Generate the new keypair (using the supplied seed) -+#ifdef SYSTEM_NSS -+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) -+ != SECSuccess) { -+ ThrowException(env, KEY_EXCEPTION); -+ goto cleanup; -+ } -+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) { -+#else - if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer, - jSeedLength, 0) != SECSuccess) { -+#endif - ThrowException(env, KEY_EXCEPTION); - goto cleanup; - } -@@ -267,8 +276,18 @@ - env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); - - // Sign the digest (using the supplied seed) -+#ifdef SYSTEM_NSS -+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) -+ != SECSuccess) { -+ ThrowException(env, KEY_EXCEPTION); -+ goto cleanup; -+ } -+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item) -+ != SECSuccess) { -+#else - if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item, - (unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) { -+#endif - ThrowException(env, KEY_EXCEPTION); - goto cleanup; - } -@@ -499,6 +518,9 @@ - if (SECOID_Init() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - } -+ if (RNG_RNGInit() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } - #endif - } - -@@ -507,6 +529,7 @@ - (JNIEnv *env, jclass UNUSED(clazz)) - { - #ifdef SYSTEM_NSS -+ RNG_RNGShutdown(); - if (SECOID_Shutdown() != SECSuccess) { - ThrowException(env, INTERNAL_ERROR); - } -diff -r 8aed1e903a4c src/share/native/sun/security/ec/ecc_impl.h ---- openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h -+++ openjdk/jdk/src/share/native/sun/security/ec/ecc_impl.h -@@ -254,8 +254,10 @@ - This function is no longer required because the random bytes are now - supplied by the caller. Force a failure. - */ -+#ifndef SYSTEM_NSS - #define RNG_GenerateGlobalRandomBytes(p,l) SECFailure - #endif -+#endif - #define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup - #define MP_TO_SEC_ERROR(err) - -@@ -267,8 +269,6 @@ - - #ifdef SYSTEM_NSS - #define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) --#define EC_NewKey(a,b,c,d,e) EC_NewKey(a,b) --#define ECDSA_SignDigest(a,b,c,d,e,f,g) ECDSA_SignDigest(a,b,c) - #define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) - #define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) - #else diff --git a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch index d44ed1d..b52c087 100644 --- a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch +++ b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch @@ -7,9 +7,21 @@ PR3083, RH1346460: Regression in SSL debug output without an ECC provider Summary: Return null rather than throwing an exception when there's no ECC provider. -diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/Debug.java ---- openjdk/jdk/src/share/classes/sun/security/util/Debug.java Mon Jul 04 17:08:12 2016 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/util/Debug.java Mon Jul 04 18:21:29 2016 +0100 +diff --git openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java ++++ openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java +@@ -121,7 +121,7 @@ + private static void ensureCurveIsSupported(ECParameterSpec ecSpec) + throws InvalidAlgorithmParameterException { + +- AlgorithmParameters ecParams = ECUtil.getECParameters(null); ++ AlgorithmParameters ecParams = ECUtil.getECParameters(null, true); + byte[] encodedParams; + try { + ecParams.init(ecSpec); +diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java openjdk/jdk/src/share/classes/sun/security/util/Debug.java +--- openjdk.orig/jdk/src/share/classes/sun/security/util/Debug.java ++++ openjdk/jdk/src/share/classes/sun/security/util/Debug.java @@ -73,6 +73,7 @@ System.err.println("certpath PKIX CertPathBuilder and"); System.err.println(" CertPathValidator debugging"); @@ -18,9 +30,9 @@ diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/Debug.j System.err.println("gssloginconfig"); System.err.println(" GSS LoginConfigImpl debugging"); System.err.println("configfile JAAS ConfigFile loading"); -diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/ECUtil.java ---- openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java Mon Jul 04 17:08:12 2016 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java Mon Jul 04 18:21:29 2016 +0100 +diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java +--- openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java ++++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java @@ -41,6 +41,9 @@ public class ECUtil { @@ -34,11 +46,11 @@ diff -r bc6eab2038c6 -r a4541d1d8609 src/share/classes/sun/security/util/ECUtil. @@ -90,6 +93,10 @@ } - private static AlgorithmParameters getECParameters(Provider p) { + public static AlgorithmParameters getECParameters(Provider p) { + return getECParameters(p, false); + } + -+ private static AlgorithmParameters getECParameters(Provider p, boolean throwException) { ++ public static AlgorithmParameters getECParameters(Provider p, boolean throwException) { try { if (p != null) { return AlgorithmParameters.getInstance("EC", p); diff --git a/SOURCES/pr3479-rh1486025-sunec_provider_can_have_multiple_instances_leading_to_premature_nss_shutdown.patch b/SOURCES/pr3479-rh1486025-sunec_provider_can_have_multiple_instances_leading_to_premature_nss_shutdown.patch deleted file mode 100644 index 14c693b..0000000 --- a/SOURCES/pr3479-rh1486025-sunec_provider_can_have_multiple_instances_leading_to_premature_nss_shutdown.patch +++ /dev/null @@ -1,67 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1508194072 -3600 -# Mon Oct 16 23:47:52 2017 +0100 -# Node ID 5dcb55da00c1531264934559c9f10c2e0ae46420 -# Parent bf62c56e3604fee0018b19f65fd56c76dc156630 -PR3479, RH1486025: ECC and NSS JVM crash -Summary: SunEC provider can have multiple instances, leading to premature NSS shutdown -Contributed-by: Martin Balao - -diff --git a/make/mapfiles/libsunec/mapfile-vers b/make/mapfiles/libsunec/mapfile-vers ---- openjdk/jdk/make/mapfiles/libsunec/mapfile-vers -+++ openjdk/jdk/make/mapfiles/libsunec/mapfile-vers -@@ -32,7 +32,6 @@ - Java_sun_security_ec_ECDSASignature_verifySignedDigest; - Java_sun_security_ec_ECDHKeyAgreement_deriveKey; - Java_sun_security_ec_SunEC_initialize; -- Java_sun_security_ec_SunEC_cleanup; - local: - *; - }; -diff --git a/src/share/classes/sun/security/ec/SunEC.java b/src/share/classes/sun/security/ec/SunEC.java ---- openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java -+++ openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java -@@ -83,21 +83,8 @@ - } - - /** -- * Cleanup native resources during finalisation. -- */ -- @Override -- protected void finalize() { -- cleanup(); -- } -- -- /** - * Initialize the native code. - */ - private static native void initialize(); - -- /** -- * Cleanup in the native layer. -- */ -- private static native void cleanup(); -- - } -diff --git a/src/share/native/sun/security/ec/ECC_JNI.cpp b/src/share/native/sun/security/ec/ECC_JNI.cpp ---- openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp -+++ openjdk/jdk/src/share/native/sun/security/ec/ECC_JNI.cpp -@@ -525,14 +525,12 @@ - } - - JNIEXPORT void --JNICALL Java_sun_security_ec_SunEC_cleanup -- (JNIEnv *env, jclass UNUSED(clazz)) -+JNICALL JNI_OnUnload -+ (JavaVM *vm, void *reserved) - { - #ifdef SYSTEM_NSS - RNG_RNGShutdown(); -- if (SECOID_Shutdown() != SECSuccess) { -- ThrowException(env, INTERNAL_ERROR); -- } -+ SECOID_Shutdown(); - #endif - } - diff --git a/SOURCES/pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch b/SOURCES/pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch deleted file mode 100644 index ce24c59..0000000 --- a/SOURCES/pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch +++ /dev/null @@ -1,42 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1525111445 -3600 -# Mon Apr 30 19:04:05 2018 +0100 -# Node ID 388fc8da23044317c160678ffa8ff541c216a255 -# Parent 556adf3a76aa81bf3918d7d46554dae7cc1d5c5c -PR3575: System cacerts database handling should not affect jssecacerts - -diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java ---- openjdk.orig/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java -+++ openjdk/jdk/src/share/classes/sun/security/ssl/TrustManagerFactoryImpl.java -@@ -162,7 +162,7 @@ - * Try: - * javax.net.ssl.trustStore (if this variable exists, stop) - * jssecacerts -- * cacerts -+ * cacerts (system and local) - * - * If none exists, we use an empty keystore. - */ -@@ -174,14 +174,14 @@ - storeFile = new File(storeFileName); - fis = getFileInputStream(storeFile); - } else { -- /* Check system cacerts DB first; /etc/pki/java/cacerts */ -- storeFile = new File(sep + "etc" + sep + "pki" + sep -- + "java" + sep + "cacerts"); -+ String javaHome = props.get("javaHome"); -+ storeFile = new File(javaHome + sep + "lib" + sep -+ + "security" + sep + -+ "jssecacerts"); - if ((fis = getFileInputStream(storeFile)) == null) { -- String javaHome = props.get("javaHome"); -- storeFile = new File(javaHome + sep + "lib" + sep -- + "security" + sep + -- "jssecacerts"); -+ /* Check system cacerts DB first; /etc/pki/java/cacerts */ -+ storeFile = new File(sep + "etc" + sep + "pki" + sep -+ + "java" + sep + "cacerts"); - if ((fis = getFileInputStream(storeFile)) == null) { - storeFile = new File(javaHome + sep + "lib" + sep - + "security" + sep + diff --git a/SOURCES/pr3634-fix_shenandoah_for_size_t_on_s390.patch b/SOURCES/pr3634-fix_shenandoah_for_size_t_on_s390.patch deleted file mode 100644 index 20a4625..0000000 --- a/SOURCES/pr3634-fix_shenandoah_for_size_t_on_s390.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp ---- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp -+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeapRegion.cpp -@@ -524,8 +524,8 @@ - region_size = max_heap_size / ShenandoahTargetNumRegions; - - // Now make sure that we don't go over or under our limits. -- region_size = MAX2(ShenandoahMinRegionSize, region_size); -- region_size = MIN2(ShenandoahMaxRegionSize, region_size); -+ region_size = MAX2(ShenandoahMinRegionSize, region_size); -+ region_size = MIN2(ShenandoahMaxRegionSize, region_size); - - } else { - if (ShenandoahHeapRegionSize > initial_heap_size / MIN_NUM_REGIONS) { diff --git a/SOURCES/rh1655466-global_crypto_and_fips.patch b/SOURCES/rh1655466-global_crypto_and_fips.patch new file mode 100644 index 0000000..7987abb --- /dev/null +++ b/SOURCES/rh1655466-global_crypto_and_fips.patch @@ -0,0 +1,208 @@ +diff --git a/src/share/classes/javopenjdk.orig/jdk/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java +--- openjdk.orig/jdk/src/share/classes/java/security/Security.java ++++ openjdk/jdk/src/share/classes/java/security/Security.java +@@ -191,27 +191,7 @@ + if (disableSystemProps == null && + "true".equalsIgnoreCase(props.getProperty + ("security.useSystemPropertiesFile"))) { +- +- // now load the system file, if it exists, so its values +- // will win if they conflict with the earlier values +- try (BufferedInputStream bis = +- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { +- props.load(bis); +- loadedProps = true; +- +- if (sdebug != null) { +- sdebug.println("reading system security properties file " + +- SYSTEM_PROPERTIES); +- sdebug.println(props.toString()); +- } +- } catch (IOException e) { +- if (sdebug != null) { +- sdebug.println +- ("unable to load security properties from " + +- SYSTEM_PROPERTIES); +- e.printStackTrace(); +- } +- } ++ loadedProps = loadedProps && SystemConfigurator.configure(props); + } + + if (!loadedProps) { +diff --git a/src/share/classes/javopenjdk.orig/jdk/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java +@@ -0,0 +1,153 @@ ++/* ++ * Copyright (c) 2019, Red Hat, Inc. ++ * ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package java.security; ++ ++import java.io.BufferedInputStream; ++import java.io.FileInputStream; ++import java.io.IOException; ++ ++import java.nio.file.Files; ++import java.nio.file.FileSystems; ++import java.nio.file.Path; ++ ++import java.util.Iterator; ++import java.util.Map.Entry; ++import java.util.Properties; ++import java.util.function.Consumer; ++import java.util.regex.Matcher; ++import java.util.regex.Pattern; ++ ++import sun.security.util.Debug; ++ ++/** ++ * Internal class to align OpenJDK with global crypto-policies. ++ * Called from java.security.Security class initialization, ++ * during startup. ++ * ++ */ ++ ++class SystemConfigurator { ++ ++ private static final Debug sdebug = ++ Debug.getInstance("properties"); ++ ++ private static final String CRYPTO_POLICIES_BASE_DIR = ++ "/etc/crypto-policies"; ++ ++ private static final String CRYPTO_POLICIES_JAVA_CONFIG = ++ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config"; ++ ++ private static final String CRYPTO_POLICIES_CONFIG = ++ CRYPTO_POLICIES_BASE_DIR + "/config"; ++ ++ private static final class SecurityProviderInfo { ++ int number; ++ String key; ++ String value; ++ SecurityProviderInfo(int number, String key, String value) { ++ this.number = number; ++ this.key = key; ++ this.value = value; ++ } ++ } ++ ++ /* ++ * Invoked when java.security.Security class is initialized, if ++ * java.security.disableSystemPropertiesFile property is not set and ++ * security.useSystemPropertiesFile is true. ++ */ ++ static boolean configure(Properties props) { ++ boolean loadedProps = false; ++ ++ try (BufferedInputStream bis = ++ new BufferedInputStream( ++ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) { ++ props.load(bis); ++ loadedProps = true; ++ if (sdebug != null) { ++ sdebug.println("reading system security properties file " + ++ CRYPTO_POLICIES_JAVA_CONFIG); ++ sdebug.println(props.toString()); ++ } ++ } catch (IOException e) { ++ if (sdebug != null) { ++ sdebug.println("unable to load security properties from " + ++ CRYPTO_POLICIES_JAVA_CONFIG); ++ e.printStackTrace(); ++ } ++ } ++ ++ try { ++ if (enableFips()) { ++ if (sdebug != null) { sdebug.println("FIPS mode detected"); } ++ loadedProps = false; ++ // Remove all security providers ++ Iterator> i = props.entrySet().iterator(); ++ while (i.hasNext()) { ++ Entry e = i.next(); ++ if (((String) e.getKey()).startsWith("security.provider")) { ++ if (sdebug != null) { sdebug.println("Removing provider: " + e); } ++ i.remove(); ++ } ++ } ++ // Add FIPS security providers ++ String fipsProviderValue = null; ++ for (int n = 1; ++ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) { ++ String fipsProviderKey = "security.provider." + n; ++ if (sdebug != null) { ++ sdebug.println("Adding provider " + n + ": " + ++ fipsProviderKey + "=" + fipsProviderValue); ++ } ++ props.put(fipsProviderKey, fipsProviderValue); ++ } ++ loadedProps = true; ++ } ++ } catch (Exception e) { ++ if (sdebug != null) { ++ sdebug.println("unable to load FIPS configuration"); ++ e.printStackTrace(); ++ } ++ } ++ return loadedProps; ++ } ++ ++ /* ++ * FIPS is enabled only if crypto-policies are set to "FIPS" ++ * and the com.redhat.fips property is true. ++ */ ++ private static boolean enableFips() throws Exception { ++ boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "false")); ++ if (fipsEnabled) { ++ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG); ++ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath)); ++ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); } ++ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE); ++ return pattern.matcher(cryptoPoliciesConfig).find(); ++ } else { ++ return false; ++ } ++ } ++} +diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux +--- openjdk.orig/jdk/src/share/lib/security/java.security-linux ++++ openjdk/jdk/src/share/lib/security/java.security-linux +@@ -77,6 +77,14 @@ + #security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg + + # ++# Security providers used when global crypto-policies are set to FIPS. ++# ++fips.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.fips.cfg ++fips.provider.2=sun.security.provider.Sun ++fips.provider.3=sun.security.ec.SunEC ++fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS ++ ++# + # Sun Provider SecureRandom seed source. + # + # Select the primary source of seed data for the "SHA1PRNG" and diff --git a/SOURCES/s390-8214206_fix.patch b/SOURCES/s390-8214206_fix.patch index 93f12de..42902cf 100644 --- a/SOURCES/s390-8214206_fix.patch +++ b/SOURCES/s390-8214206_fix.patch @@ -7,10 +7,22 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray. address base = create_new_base_array(num_target_elems, target_elem_size_in_bytes); - initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, log2_intptr(mapping_granularity_in_bytes)); + initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, -+ log2_intptr((uintptr_t) mapping_granularity_in_bytes)); ++ log2_long(mapping_granularity_in_bytes)); } size_t bias() const { return _bias; } +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp +@@ -135,7 +135,7 @@ + void BinaryMagnitudeSeq::add(size_t val) { + Atomic::add(val, &_sum); + +- int mag = log2_intptr(val) + 1; ++ int mag = log2_long(val) + 1; + + // Defensively saturate for product bits: + if (mag < 0) { diff --git openjdk.orig/hotspot/src/share/vm/runtime/os.cpp openjdk/hotspot/src/share/vm/runtime/os.cpp --- openjdk.orig/hotspot/src/share/vm/runtime/os.cpp +++ openjdk/hotspot/src/share/vm/runtime/os.cpp @@ -19,19 +31,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/os.cpp openjdk/hotspot/src/ void os::set_memory_serialize_page(address page) { - int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64); -+ int count = log2_intptr((uintptr_t) sizeof(class JavaThread)) - log2_int(64); ++ int count = log2_long(sizeof(class JavaThread)) - log2_int(64); _mem_serialize_page = (volatile int32_t *)page; // We initialize the serialization page shift count here // We assume a cache line size of 64 bytes -diff --git openjdk.orig/hotspot/src/share/vm/utilities/numberSeq.cpp openjdk/hotspot/src/share/vm/utilities/numberSeq.cpp ---- openjdk.orig/hotspot/src/share/vm/utilities/numberSeq.cpp -+++ openjdk/hotspot/src/share/vm/utilities/numberSeq.cpp -@@ -369,7 +369,7 @@ - void BinaryMagnitudeSeq::add(size_t val) { - Atomic::add(val, &_sum); - -- int mag = log2_intptr(val) + 1; -+ int mag = log2_intptr((uintptr_t) val) + 1; - - // Defensively saturate for product bits: - if (mag < 0) { diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 06e06b3..056f322 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -76,13 +76,6 @@ %global include_debug_build 0 %endif -# Shenandoah HotSpot used everywhere, but built only on x86_64 and AArch64 -%ifarch x86_64 %{aarch64} -%global use_shenandoah_hotspot 1 -%else -%global use_shenandoah_hotspot 0 -%endif - %if %{include_debug_build} %global build_loop2 %{debug_suffix} %else @@ -102,11 +95,12 @@ %endif %if %{bootstrap_build} -%global targets bootcycle-images docs +%global release_targets bootcycle-images zip-docs %else -%global targets all +%global release_targets images zip-docs %endif - +# No docs nor bootcycle for debug builds +%global debug_targets images # Filter out flags from the optflags macro that cause problems with the OpenJDK build # We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) @@ -188,8 +182,6 @@ %global archinstall %{_arch} %endif - - %ifarch %{jit_arches} %global with_systemtap 1 %else @@ -206,18 +198,37 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u212-b04 +%global shenandoah_revision aarch64-shenandoah-jdk8u232-b09 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} %global revision %{shenandoah_revision} +# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 +%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) -%global whole_update %(VERSION=%{revision}; echo ${VERSION%%-*}) +%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 -%global buildver %(VERSION=%{revision}; echo ${VERSION##*-}) +%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) +%global rpmrelease 3 +# Define milestone (EA for pre-releases, GA ("fcs") for releases) +# Release will be (where N is usually a number starting at 1): +# - 0.N%%{?extraver}%%{?dist} for EA releases, +# - N%%{?extraver}{?dist} for GA releases +%global is_ga 1 +%if %{is_ga} +%global milestone fcs +%global milestone_version %{nil} +%global extraver %{nil} +%global eaprefix %{nil} +%else +%global milestone ea +%global milestone_version "-ea" +%global extraver .%{milestone} +%global eaprefix 0. +%endif # priority must be 7 digits in total. The expression is workarounding tip %global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999}) @@ -377,7 +388,9 @@ alternatives \\ --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\ --slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\ + --slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\ --slave %{_bindir}/extcheck extcheck %{sdkbindir -- %{?1}}/extcheck \\ + --slave %{_bindir}/hsdb hsdb %{sdkbindir -- %{?1}}/hsdb \\ --slave %{_bindir}/idlj idlj %{sdkbindir -- %{?1}}/idlj \\ --slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\ --slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\ @@ -556,8 +569,6 @@ exit 0 %dir %{_jvmdir}/%{jredir -- %{?1}} %dir %{_jvmdir}/%{jredir -- %{?1}}/bin %dir %{_jvmdir}/%{jredir -- %{?1}}/lib -%{_jvmdir}/%{jredir -- %{?1}}/bin/clhsdb -%{_jvmdir}/%{jredir -- %{?1}}/bin/hsdb %{_jvmdir}/%{jredir -- %{?1}}/bin/java %{_jvmdir}/%{jredir -- %{?1}}/bin/jjs %{_jvmdir}/%{jredir -- %{?1}}/bin/keytool @@ -601,7 +612,9 @@ exit 0 %{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/policytool-%{uniquesuffix -- %{?1}}.1* %{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.cfg +%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.fips.cfg %config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.cfg +%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.fips.cfg %ifarch %{jit_arches} %ifnarch %{power64} %attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/server/classes.jsa @@ -838,7 +851,9 @@ Requires: libXcomposite%{?_isa} Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} # for java-X-openjdk package's desktop binding +%if 0%{?fedora} || 0%{?rhel} >= 8 Recommends: gtk2%{?_isa} +%endif Provides: java-%{javaver}-%{origin} = %{epoch}:%{version}-%{release} @@ -861,9 +876,6 @@ Requires: javapackages-filesystem Requires: tzdata-java >= 2015d # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} -# there is a need to depend on the exact version of NSS -Requires: nss%{?_isa} %{NSS_BUILDTIME_VERSION} -Requires: nss-softokn%{?_isa} %{NSSSOFTOKN_BUILDTIME_VERSION} # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it, # not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be # considered as regression @@ -880,7 +892,9 @@ Requires(postun): %{_sbindir}/alternatives # in version 1.7 and higher for --family switch Requires(postun): chkconfig >= 1.7 # for optional support of kernel stream control, card reader and printing bindings +%if 0%{?fedora} || 0%{?rhel} >= 8 Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa} +%endif # Standard JPackage base provides Provides: jre-headless%{?1} = %{epoch}:%{javaver} @@ -975,7 +989,7 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas Name: java-%{javaver}-%{origin} Version: %{javaver}.%{updatever}.%{buildver} -Release: 3%{?dist} +Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -1037,6 +1051,9 @@ Source13: TestCryptoLevel.java # Ensure ECDSA is working Source14: TestECDSA.java +# nss fips configuration file +Source15: nss.fips.cfg.in + Source20: repackReproduciblePolycies.sh # New versions of config files with aarch64 support. This is not upstream yet. @@ -1057,12 +1074,12 @@ Source101: config.sub Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes Patch3: rh1648644-java_access_bridge_privileged_security.patch -# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS -# Not currently suitable to go upstream as it disables curves -# for all providers unconditionally -Patch525: pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch # Turn on AssumeMP by default on RHEL systems Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch +# RH1648249: Add PKCS11 provider to java.security +Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider +Patch1001: rh1655466-global_crypto_and_fips.patch ############################################# # @@ -1087,24 +1104,9 @@ Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch # PR3601: Fix additional -Wreturn-type issues introduced by 8061651 Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch -# Support for building the SunEC provider with the system NSS installation -# PR1983: Support using the system installation of NSS with the SunEC provider -# PR2127: SunEC provider crashes when built using system NSS -# PR2815: Race condition in SunEC provider with system NSS -# PR2899: Don't use WithSeed versions of NSS functions as they don't fully process the seed -# PR2934: SunEC provider throwing KeyException with current NSS -# PR3479, RH1486025: ECC and NSS JVM crash -Patch513: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk8.patch -Patch514: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_root8.patch -Patch515: pr2127-sunec_provider_crashes_when_built_using_system_nss_thus_use_of_nss_memory_management_functions.patch -Patch516: pr2815-race_condition_in_sunec_provider_with_system_nss_fix.patch -Patch517: pr2899-dont_use_withseed_versions_of_nss_functions_as_they_dont_fully_process_the_seed.patch -Patch518: pr2934-sunec_provider_throwing_keyexception_withine.separator_current_nss_thus_initialise_the_random_number_generator_and_feed_the_seed_to_it.patch -Patch519: pr3479-rh1486025-sunec_provider_can_have_multiple_instances_leading_to_premature_nss_shutdown.patch # PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) -Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch # PR3575, RH1567204: System cacerts database handling should not affect jssecacerts -Patch540: pr3575-rh1567204-system_cacerts_database_handling_no_longer_affect_jssecacerts.patch +Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch # PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy Patch300: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3655: Allow use of system crypto policy to be disabled by the user @@ -1144,20 +1146,12 @@ Patch107: s390-8214206_fix.patch Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch # S8154313: Generated javadoc scattered all over the place Patch400: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch -# 8171000, PR3542, RH1402819: Robot.createScreenCapture() crashes in wayland mode -Patch563: jdk8171000-pr3542-rh1402819-robot_createScreenCapture_crashes_in_wayland_mode.patch -# 8197546, PR3542, RH1402819: Fix for 8171000 breaks Solaris + Linux builds -Patch564: jdk8197546-pr3542-rh1402819-fix_for_8171000_breaks_solaris_linux_builds.patch # PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch -# 8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers -Patch573: jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch # 8143245, PR3548: Zero build requires disabled warnings Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch # 8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8 Patch575: jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch -# 8064786, PR3599: Fix debug build after 8062808: Turn on the -Wreturn-type warning -Patch576: jdk8064786-pr3599-fix_debug_build_after_8062808_Turn_on_the_wreturn_type_warning.patch # 8062808, PR3548: Turn on the -Wreturn-type warning Patch577: jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch # s390: JDK-8203030, Type fixing for s390 @@ -1166,23 +1160,6 @@ Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch Patch202: jdk8035341-allow_using_system_installed_libpng.patch # 8042159: Allow using a system-installed lcms2 Patch203: jdk8042159-allow_using_system_installed_lcms2.patch -# 8210761: libjsig is being compiled without optimization -Patch620: jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch -# 8210416: [linux] Poor StrictMath performance due to non-optimized compilation -Patch622: jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch -# 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization -# Upstream 8u part. -Patch623: jdk8210425-rh1632174-01-compile_with_o2_and_ffp_contract_off_as_for_fdlibm.patch -# 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization -# Aarch64-port 8u local part -Patch624: jdk8210425-rh1632174-02-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_aarch64.patch -# 8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization -# Zero part of the fix for (arm/s390 arches) -Patch625: jdk8210425-rh1632174-03-compile_with_o2_and_ffp_contract_off_as_for_fdlibm_zero.patch -# JDK-8223219: Backport of JDK-8199552 to OpenJDK 8 leads to duplicate -fstack-protector flags, -# overriding --with-extra-cflags -Patch626: 8223219-fstack-protector-root.patch -Patch627: 8223219-fstack-protector-hotspot.patch ############################################# # @@ -1213,8 +1190,6 @@ Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch # and should be upstreamed to the appropriate # trees. ############################################# -# PR3634: Shenandoah still broken on s390 with aarch64-shenandoah-jdk8u181-b16 -Patch582: pr3634-fix_shenandoah_for_size_t_on_s390.patch ############################################# # @@ -1223,7 +1198,6 @@ Patch582: pr3634-fix_shenandoah_for_size_t_on_s390.patch # This section includes patches to code other # that from OpenJDK. ############################################# -Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch ############################################# # @@ -1238,19 +1212,20 @@ BuildRequires: cups-devel BuildRequires: desktop-file-utils # elfutils only are OK for build without AOT BuildRequires: elfutils-devel -BuildRequires: fontconfig +BuildRequires: fontconfig-devel BuildRequires: freetype-devel BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: gdb -BuildRequires: gtk2-devel BuildRequires: lcms2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel BuildRequires: libxslt BuildRequires: libX11-devel +BuildRequires: libXext-devel BuildRequires: libXi-devel BuildRequires: libXinerama-devel +BuildRequires: libXrender-devel BuildRequires: libXt-devel BuildRequires: libXtst-devel # Requirements for setting up the nss.cfg @@ -1274,8 +1249,6 @@ BuildRequires: libffi-devel BuildRequires: tzdata-java >= 2015d # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 -# Build requirements for SunEC system NSS support -BuildRequires: nss-softokn-freebl-devel >= 3.16.1 %if %{with_systemtap} BuildRequires: systemtap-sdt-devel @@ -1397,6 +1370,7 @@ The java-%{origin}-src-slowdebug sub-package contains the complete %{origin_nice Summary: %{origin_nice} %{majorver} API documentation Group: Documentation Requires: javapackages-filesystem +Obsoletes: javadoc-debug BuildArch: noarch %{java_javadoc_rpo %{nil}} @@ -1410,6 +1384,7 @@ The %{origin_nice} %{majorver} API documentation. Summary: %{origin_nice} %{majorver} API documentation compressed in single archive Group: Documentation Requires: javapackages-filesystem +Obsoletes: javadoc-zip-debug BuildArch: noarch %{java_javadoc_rpo %{nil}} @@ -1418,33 +1393,6 @@ BuildArch: noarch The %{origin_nice} %{majorver} API documentation compressed in single archive. %endif -%if %{include_debug_build} -%package javadoc-slowdebug -Summary: %{origin_nice} %{majorver} API documentation %{for_debug} -Group: Documentation -Requires: javapackages-filesystem -BuildArch: noarch - -%{java_javadoc_rpo -- %{debug_suffix_unquoted}} - -%description javadoc-slowdebug -The %{origin_nice} %{majorver} API documentation %{for_debug}. -%endif - -%if %{include_debug_build} -%package javadoc-zip-slowdebug -Summary: %{origin_nice} %{majorver} API documentation compressed in single archive %{for_debug} -Group: Documentation -Requires: javapackages-filesystem -BuildArch: noarch - -%{java_javadoc_rpo -- %{debug_suffix_unquoted}} - -%description javadoc-zip-slowdebug -The %{origin_nice} %{majorver} API documentation compressed in single archive %{for_debug}. -%endif - - %if %{include_normal_build} %package accessibility Summary: %{origin_nice} %{majorver} accessibility connector @@ -1489,6 +1437,10 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 ] ; then echo "You have disabled both include_debug_build and include_normal_build. That is a no go." exit 13 fi + +echo "Update version: %{updatever}" +echo "Build number: %{buildver}" +echo "Milestone: %{milestone}" %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` @@ -1541,39 +1493,21 @@ sh %{SOURCE12} %patch502 %patch504 %patch512 -%patch513 -%patch514 -%patch515 -%patch516 -%patch517 -%patch518 -%patch519 %patch400 %patch523 %patch528 %patch529 %patch531 %patch530 -%patch563 -%patch564 %patch571 -%patch573 %patch574 %patch575 -%patch576 %patch577 -%patch620 -%patch622 -%patch623 -%patch624 -%patch625 -%patch626 -%patch627 # RPM-only fixes -%patch525 %patch539 -%patch540 +%patch1000 +%patch1001 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 @@ -1581,9 +1515,6 @@ sh %{SOURCE12} %endif # Shenandoah patches -%patch582 - -%patch1000 # Extract systemtap tapsets %if %{with_systemtap} @@ -1629,6 +1560,9 @@ done # Setup nss.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg +# Setup nss.fips.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE15} > nss.fips.cfg +sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg %build # How many CPU's do we have? @@ -1676,20 +1610,17 @@ top_dir_abs_path=$(pwd)/%{top_level_dir_name} mkdir -p %{buildoutputdir -- $suffix} pushd %{buildoutputdir -- $suffix} -NSS_LIBS="%{NSS_LIBS} -lfreebl" \ -NSS_CFLAGS="%{NSS_CFLAGS}" \ bash ../../configure \ %ifnarch %{jit_arches} --with-jvm-variants=zero \ %endif --with-native-debug-symbols=internal \ - --with-milestone="fcs" \ + --with-milestone=%{milestone} \ --with-update-version=%{updatever} \ --with-build-number=%{buildver} \ --with-boot-jdk=/usr/lib/jvm/java-openjdk \ --with-debug-level=$debugbuild \ --enable-unlimited-crypto \ - --enable-system-nss \ --with-zlib=system \ --with-libjpeg=system \ --with-giflib=system \ @@ -1704,13 +1635,17 @@ bash ../../configure \ cat spec.gmk cat hotspot-spec.gmk +# Debug builds don't need same targets as release for +# build speed-up +maketargets="%{release_targets}" +if echo $debugbuild | grep -q "debug" ; then + maketargets="%{debug_targets}" +fi make \ JAVAC_FLAGS=-g \ LOG=trace \ SCTP_WERROR= \ - %{targets} || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false ) - -make zip-docs + $maketargets || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false ) # the build (erroneously) removes read permissions from some jars # this is a regression in OpenJDK 7 (our compiler): @@ -1735,6 +1670,9 @@ export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage} # Install nss.cfg right away as we will be using the JRE above install -m 644 nss.cfg $JAVA_HOME/jre/lib/security/ +# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) +install -m 644 nss.fips.cfg $JAVA_HOME/jre/lib/security/ + # Use system-wide tzdata rm $JAVA_HOME/jre/lib/tzdb.dat ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat @@ -1906,12 +1844,13 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien popd - -# Install Javadoc documentation -install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} -cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} -built_doc_archive=`echo "jdk-%{javaver}_%{updatever}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/` -cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip +if ! echo $suffix | grep -q "debug" ; then + # Install Javadoc documentation + install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} + cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} + built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/` + cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip +fi # Install icons and menu entries for s in 16 24 32 48 ; do @@ -1973,7 +1912,7 @@ touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/securi # moving config files to /etc mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/unlimited/ mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/limited/ -for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy.jar lib/security/policy/unlimited/local_policy.jar lib/security/policy/limited/US_export_policy.jar lib/security/policy/limited/local_policy.jar lib/security/java.policy lib/security/java.security lib/security/blacklisted.certs lib/logging.properties lib/calendars.properties lib/security/nss.cfg ; do +for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy.jar lib/security/policy/unlimited/local_policy.jar lib/security/policy/limited/US_export_policy.jar lib/security/policy/limited/local_policy.jar lib/security/java.policy lib/security/java.security lib/security/blacklisted.certs lib/logging.properties lib/calendars.properties lib/security/nss.cfg lib/security/nss.fips.cfg ; do mv $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/$file ln -sf %{etcjavadir -- $suffix}/$file $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file done @@ -2093,17 +2032,6 @@ require "copy_jdk_configs.lua" %posttrans devel-slowdebug %{posttrans_devel -- %{debug_suffix_unquoted}} -%post javadoc-slowdebug -%{post_javadoc -- %{debug_suffix_unquoted}} - -%postun javadoc-slowdebug -%{postun_javadoc -- %{debug_suffix_unquoted}} - -%post javadoc-zip-slowdebug -%{post_javadoc_zip -- %{debug_suffix_unquoted}} - -%postun javadoc-zip-slowdebug -%{postun_javadoc_zip -- %{debug_suffix_unquoted}} %endif %if %{include_normal_build} @@ -2161,17 +2089,172 @@ require "copy_jdk_configs.lua" %files src-slowdebug %{files_src -- %{debug_suffix_unquoted}} -%files javadoc-slowdebug -%{files_javadoc -- %{debug_suffix_unquoted}} - -%files javadoc-zip-slowdebug -%{files_javadoc_zip -- %{debug_suffix_unquoted}} - %files accessibility-slowdebug %{files_accessibility -- %{debug_suffix_unquoted}} %endif %changelog +* Thu Nov 14 2019 Andrew John Hughes - 1:1.8.0.232.b09-3 +- Bump release number for RHEL 8.2.0. +- Resolves: rhbz#1753423 + +* Fri Oct 25 2019 Andrew John Hughes - 1:1.8.0.232.b09-2 +- Disable FIPS mode support unless com.redhat.fips is set to "true". +- Resolves: rhbz#1655466 + +* Fri Oct 11 2019 Andrew Hughes - 1:1.8.0.232.b09-1 +- Update to aarch64-shenandoah-jdk8u232-b09. +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. +- Resolves: rhbz#1753423 + +* Fri Oct 11 2019 Andrew Hughes - 1:1.8.0.232.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b08. +- Resolves: rhbz#1753423 + +* Fri Oct 11 2019 Andrew Hughes - 1:1.8.0.232.b05-0.2.ea +- Update to aarch64-shenandoah-jdk8u232-b05-shenandoah-merge-2019-09-09. +- Resolves: rhbz#1753423 + +* Thu Oct 10 2019 Andrew Hughes - 1:1.8.0.232.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b05. +- Drop upstreamed patch JDK-8141570/PR3548. +- Adjust context of JDK-8143245/PR3548 to apply against upstream JDK-8141570. +- Resolves: rhbz#1753423 + +* Mon Oct 07 2019 Andrew Hughes - 1:1.8.0.232.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b01. +- Switch to EA mode. +- Drop JDK-8210761/RH1632174 as now upstream. +- Drop JDK-8223219 as now upstream. +- JDK-8226870 removed clhsdb and hdsdb from the JRE bin directory, so we should do likewise. +- Add alternatives support for these two new SDK binaries. +- Resolves: rhbz#1753423 + +* Fri Sep 27 2019 Andrew Hughes - 1:1.8.0.222.b10-3 +- SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file. +- Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg. +- Resolves: rhbz#1750752 + +* Wed Aug 21 2019 Andrew Hughes - 1:1.8.0.222.b10-2 +- nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg +- Resolves: rhbz#1655466 + +* Thu Aug 15 2019 Andrew Hughes - 1:1.8.0.222.b10-2 +- Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal. +- Resolves: rhbz#1655466 + +* Thu Aug 15 2019 Martin Balao - 1:1.8.0.222.b10-2 +- Support the FIPS mode crypto policy on RHEL 8. +- Resolves: rhbz#1655466 + +* Thu Jul 11 2019 Andrew Hughes - 1:1.8.0.222.b10-1 +- Update to aarch64-shenandoah-jdk8u222-b10. +- Resolves: rhbz#1724452 + +* Tue Jul 09 2019 Andrew Hughes - 1:1.8.0.222.b09-2 +- Drop NSS runtime dependencies and patches to link against it. +- Resolves: rhbz#1678557 + +* Tue Jul 09 2019 Andrew Hughes - 1:1.8.0.222.b09-1 +- Update to aarch64-shenandoah-jdk8u222-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1724452 + +* Tue Jul 09 2019 Andrew Hughes - 1:1.8.0.222.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b08. +- Adjust PR3083/RH134640 to apply after JDK-8182999 +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b06. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b05. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b04. +- Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b03. +- Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u. +- Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b02. +- Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100). +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-2 +- Switch to EA mode +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- fontconfig build requirement should be fontconfig-devel, previously masked by Gtk2+ dependency +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Allow Recommends and Suggests on Fedora platforms too. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Add missing build requirements for libXext-devel and libXrender-devel, previously masked by Gtk2+ dependency. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Add new tarball to new format sources file. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Drop unnecessary build requirement on gtk2-devel, as OpenJDK searches for Gtk+ at runtime. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Make use of Recommends and Suggests dependent on RHEL 8+ environment. +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Update to aarch64-shenandoah-jdk8u222-b01. +- Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575. +- Drop 8171000 & 8197546 as applied upstream. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Andrew Hughes - 1:1.8.0.212.b04-5 +- Obsolete javadoc-debug and javadoc-debug-zip packages via javadoc and javadoc-zip respectively. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Severin Gehwolf - 1:1.8.0.212.b04-5 +- Include 'ea' designator in Release when appropriate. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Severin Gehwolf - 1:1.8.0.212.b04-5 +- Don't produce javadoc/javadoc-zip sub packages for the debug variant build. +- Don't perform a bootcycle build for the debug variant build. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Andrew Hughes - 1:1.8.0.212.b04-5 +- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. +- Drop unused use_shenandoah_hotspot variable. +- Resolves: rhbz#1724452 + +* Fri Jun 14 2019 Andrew Hughes - 1:1.8.0.212.b04-4 +- Update to aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30. +- Update version logic to handle -shenandoah* tag suffix. +- Drop PR3634 as applied upstream. +- Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp +- Update 8214206 to use log2_long rather than casting to intptr_t, which may be smaller than size_t. +- Resolves: rhbz#1688365 +- Resolves: rhbz#1688382 + * Thu May 02 2019 Andrew Hughes - 1:1.8.0.212.b04-3 - Remove additions to EXTRA_CFLAGS and EXTRA_CPP_FLAGS which are now made by upstream. - Resolves: rhbz#1693468