diff --git a/.gitignore b/.gitignore index 6e6d570..76939d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-jdk11u-jdk-11.0.20+8-4curve.tar.xz +SOURCES/openjdk-jdk11u-jdk-11.0.21+9.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index 2672782..09ddccd 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -27b1851203504050481d9a2c7b07a3bc39f23908 SOURCES/openjdk-jdk11u-jdk-11.0.20+8-4curve.tar.xz +ddc652d12c849ca56ef68be500ec71bfe88a5a29 SOURCES/openjdk-jdk11u-jdk-11.0.21+9.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index e71ed8d..cbea3a2 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,308 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 11.0.21 (2023-10-17): +============================================ +Live versions of these release notes can be found at: + * https://bit.ly/openjdk11021 + +* CVEs + - CVE-2023-22081 +* Security fixes + - JDK-8286503, JDK-8312367: Enhance security classes + - JDK-8296581: Better system proxy support + - JDK-8297856: Improve handling of Bidi characters + - JDK-8305815, JDK-8307278: Update Libpng to 1.6.39 + - JDK-8306881, JDK-8307286: Update FreeType to 2.13.0 + - JDK-8309966: Enhanced TLS connections +* Other changes + - JDK-6176679: Application freezes when copying an animated gif image to the system clipboard + - JDK-8023980: JCE doesn't provide any class to handle RSA private key in PKCS#1 + - JDK-8155246: Throw error if default java.security file is missing + - JDK-8158880: test/java/time/tck/java/time/format/TCKDateTimeFormatterBuilder.java fail with zh_CN locale + - JDK-8168261: Use server cipher suites preference by default + - JDK-8181383: com/sun/jdi/OptionTest.java fails intermittently with bind failed: Address already in use + - JDK-8201516: DebugNonSafepoints generates incorrect information + - JDK-8209398: sun/security/pkcs11/KeyStore/SecretKeysBasic.sh failed with "PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE" + - JDK-8211343: nsk_jvmti_parseoptions should handle multiple suboptions + - JDK-8212045: Add back the tests that were removed from HashesTest.java and AddExportsTest.java + - JDK-8216059: nsk_jvmti_parseoptions still has dependency on tilde separator + - JDK-8217237: HttpClient does not deal well with multi-valued WWW-Authenticate challenge headers + - JDK-8217395: Update langtools shell tests to use ${EXE_SUFFIX} + - JDK-8217612: (CL)HSDB cannot show some JVM flags + - JDK-8217850: CompressedClassSpaceSizeInJmapHeap fails after JDK-8217612 + - JDK-8218471: generate-unsafe-access-tests.sh does not correctly invoke build.tools.spp.Spp + - JDK-8219628: [TESTBUG] javadoc/doclet/InheritDocForUserTags fails with -othervm + - JDK-8220410: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed with missing expected output + - JDK-8221372: Test vmTestbase/nsk/jvmti/GetThreadState/thrstat001/TestDescription.java times out + - JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + - JDK-8223573: Replace wildcard address with loopback or local host in tests - part 4 + - JDK-8223714: HTTPSetAuthenticatorTest could be made more resilient + - JDK-8223783: sun/net/www/http/HttpClient/MultiThreadTest.java sometimes detect threads+1 connections + - JDK-8223856: Replace wildcard address with loopback or local host in tests - part 8 + - JDK-8224617: (fs) java/nio/file/FileStore/Basic.java found filesystem twice + - JDK-8224729: Cleanups in sun/security/provider/certpath/ldap/LDAPCertStoreImpl.java + - JDK-8224768: Test ActalisCA.java fails + - JDK-8225012: sanity/client/SwingSet/src/ToolTipDemoTest.java fails on Windows + - JDK-8226221: Update PKCS11 tests to use NSS 3.46 libs + - JDK-8228341: SignTwice.java fails intermittently on Windows + - JDK-8228403: SignTwice.java failed with java.io.FileNotFoundException: File name too long + - JDK-8229147: Linux os::create_thread() overcounts guardpage size with newer glibc (>=2.27) + - JDK-8229333: java/io/File/SetLastModified.java timed out + - JDK-8229338: clean up test/jdk/java/util/RandomAccess/Basic.java + - JDK-8229348: java/net/DatagramSocket/UnreferencedDatagramSockets.java fails intermittently + - JDK-8229481: sun/net/www/protocol/https/ChunkedOutputStream.java failed with a SSLException + - JDK-8229912: [TESTBUG] java/net/Socks/SocksIPv6Test fails without IPv6 + - JDK-8230132: java/net/NetworkInterface/NetworkInterfaceRetrievalTests.java to skip Teredo Tunneling Pseudo-Interface + - JDK-8231037: java/net/InetAddress/ptr/Lookup.java fails intermittently due to reverse lookup failed + - JDK-8231357: sun/security/pkcs11/Cipher/TestKATForGCM.java fails on SLES11 using mozilla-nss-3.14 + - JDK-8231516: network QuickAckTest.java failed due to "SocketException: maximum number of DatagramSockets reached" + - JDK-8232101: (sctp) Add minimal sanity tests for SCTP + - JDK-8232195: Enable BigInteger tests: DivisionOverflow, SymmetricRangeTests and StringConstructorOverflow + - JDK-8232840: java/math/BigInteger/largeMemory/SymmetricRangeTests.java fails due to "OutOfMemoryError: Requested array size exceeds VM limit" + - JDK-8232922: Add java/math/BigInteger/largeMemory/SymmetricRangeTests.java to ProblemList-Xcomp + - JDK-8234808: jdb quoted option parsing broken + - JDK-8236045: [TESTBUG] MismatchedWhiteBox test fails with missing WhiteBox$WhiteBoxPermission.class + - JDK-8237183: Bug ID missing for test in patch which fixed JDK-8230665 + - JDK-8238157: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java test failures because of revocation date + - JDK-8239007: java/math/BigInteger/largeMemory/ tests should be disabled on 32-bit platforms + - JDK-8239264: Clearup the legacy ObjectIdentifier constructor from int array + - JDK-8239333: Mark test AmazonCA.java with intermittent key + - JDK-8239537: cgroup MetricsTester testMemorySubsystem fails sometimes when testing memory.kmem.tcp.usage_in_bytes + - JDK-8240193: loadLibrary("osxsecurity") should not be removed + - JDK-8241097: java/math/BigInteger/largeMemory/SymmetricRangeTests.java requires -XX:+CompactStrings + - JDK-8242151: Improve OID mapping and reuse among JDK security providers for aliases registration + - JDK-8242330: Arrays should be cloned in several JAAS Callback classes + - JDK-8242897: KeyFactory.generatePublic( x509Spec ) failed with java.security.InvalidKeyException + - JDK-8243210: ClhsdbScanOops fails with NullPointerException in FileMapHeader.inCopiedVtableSpace + - JDK-8244078: ProcessTools executeTestJvm and createJavaProcessBuilder have inconsistent handling of test.*.opts + - JDK-8247895: SHA1PRNGReseed.java is calling setSeed(0) + - JDK-8247968: test/jdk/javax/crypto/SecretKeyFactory/security.properties has wrong header + - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken + - JDK-8249699: java/io/ByteArrayOutputStream/MaxCapacity.java should use @requires instead of @ignore + - JDK-8251517: [TESTBUG] com/sun/net/httpserver/bugs/B6393710.java does not scale socket timeout + - JDK-8252530: Fix inconsistencies in hotspot whitebox + - JDK-8254350: CompletableFuture.get may swallow InterruptedException + - JDK-8255348: NPE in PKIXCertPathValidator event logging code + - JDK-8257993: vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine/TestDescription.java crash intermittently + - JDK-8259796: timed CompletableFuture.get may swallow InterruptedException + - JDK-8260274: Cipher.init(int, key) does not use highest priority provider for random bytes + - JDK-8260878: com/sun/jdi/JdbOptions.java fails without jfr + - JDK-8260934: java/lang/StringBuilder/HugeCapacity.java fails without Compact Strings + - JDK-8263970: Manual test javax/swing/JTextField/JapaneseReadingAttributes/JapaneseReadingAttributes.java failed + - JDK-8265980: Fix systemDictionary and loaderConstraints printing + - JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML + - JDK-8268464: Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests + - JDK-8269091: javax/sound/sampled/Clip/SetPositionHang.java failed with ArrayIndexOutOfBoundsException: Array index out of range: -4 + - JDK-8270331: [TESTBUG] Error: Not a test or directory containing tests: java/awt/print/PrinterJob/InitToBlack.java + - JDK-8271838: AmazonCA.java interop test fails + - JDK-8273807: Zero: Drop incorrect test block from compiler/startup/NumCompilerThreadsCheck.java + - JDK-8274205: Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC + - JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test + - JDK-8275234: java/awt/GraphicsDevice/DisplayModes/CycleDMImage.java is entered twice in ProblemList + - JDK-8275303: sun/java2d/pipe/InterpolationQualityTest.java fails with D3D basic render driver + - JDK-8276651: java/lang/ProcessHandle tests fail with "RuntimeException: Input/output error" in java.lang.ProcessHandleImpl$Info.info0 + - JDK-8277353: java/security/MessageDigest/ThreadSafetyTest.java test times out + - JDK-8279536: jdk/nio/zipfs/ZipFSOutputStreamTest.java timed out + - JDK-8283756: (zipfs) ZipFSOutputStreamTest.testOutputStream should only check inflated bytes + - JDK-8284524: Create an automated test for JDK-4422362 + - JDK-8284767: Create an automated test for JDK-4422535 + - JDK-8284772: GHA: Use GCC Major Version Dependencies Only + - JDK-8284910: Buffer clean in PasswordCallback + - JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java failed with Default Button not pressed for L&F: com.sun.java.swing.plaf.motif.MotifLookAndFeel + - JDK-8286172: Create an automated test for JDK-4516019 + - JDK-8286481: Exception printed to stdout on Windows when storing transparent image in clipboard + - JDK-8286620: Create regression test for verifying setMargin() of JRadioButton + - JDK-8289508: Improve test coverage for XPath Axes: ancestor, ancestor-or-self, preceding, and preceding-sibling + - JDK-8289748: C2 compiled code crashes with SIGFPE with -XX:+StressLCM and -XX:+StressGCM + - JDK-8291444: GHA builds/tests won't run manually if disabled from automatic running + - JDK-8291830: jvmti/RedefineClasses/StressRedefine failed: assert(!is_null(v)) failed: narrow klass value can never be zero + - JDK-8292033: Move jdk.X509Certificate event logic to JCA layer + - JDK-8292297: Fix up loading of override java.security properties file + - JDK-8292443: Weak CAS VarHandle/Unsafe tests should test always-failing cases + - JDK-8293180: JQuery UI license file not updated + - JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections + - JDK-8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake" + - JDK-8293858: Change PKCS7 code to use default SecureRandom impl instead of SHA1PRNG + - JDK-8295737: macOS: Print content cut off when width > height with portrait orientation + - JDK-8295894: Remove SECOM certificate that is expiring in September 2023 + - JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java fails intermittently on a VM + - JDK-8297437: javadoc cannot link to old docs (with old style anchors) + - JDK-8297523: Various GetPrimitiveArrayCritical miss result - NULL check + - JDK-8297587: Upgrade JLine to 3.22.0 + - JDK-8297681: Unnecessary color conversion during 4BYTE_ABGR_PRE to INT_ARGB_PRE blit + - JDK-8297730: C2: Arraycopy intrinsic throws incorrect exception + - JDK-8297887: Update Siphash + - JDK-8297923: java.awt.ScrollPane broken after multiple scroll up/down + - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs + - JDK-8298921: Create a regression test for JDK-8139581 + - JDK-8298974: Add ftcolor.c to imported freetype sources + - JDK-8299424: containers/docker/TestMemoryWithCgroupV1.java fails on SLES12 ppc64le when testing Memory and Swap Limit + - JDK-8299658: C1 compilation crashes in LinearScan::resolve_exception_edge + - JDK-8299713: Test javax/swing/JTableHeader/6889007/bug6889007.java failed: Wrong type of cursor + - JDK-8300098: java/util/concurrent/ConcurrentHashMap/ConcurrentAssociateTest.java fails with internal timeout when executed with TieredCompilation1/3 + - JDK-8300659: Refactor TestMemoryAwareness to use WhiteBox api for host values + - JDK-8300751: [17u] Remove duplicate entry in javac.properties + - JDK-8301269: Update Commons BCEL to Version 6.7.0 + - JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument + - JDK-8301700: Increase the default TLS Diffie-Hellman group size from 1024-bit to 2048-bit + - JDK-8301959: Compile command in compiler.loopopts.TestRemoveEmptyCountedLoop does not work + - JDK-8302161: Upgrade jQuery UI to version 1.13.2 + - JDK-8302182: Update Public Suffix List to 88467c9 + - JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during unrolling + - JDK-8303809: Dispose context in SPNEGO NegotiatorImpl + - JDK-8304054: Linux: NullPointerException from FontConfiguration.getVersion in case no fonts are installed + - JDK-8304498: JShell does not switch to raw mode when there is no /bin/test + - JDK-8304867: Explicitly disable dtrace for ppc builds + - JDK-8305074: ProblemList javax/net/ssl/DTLS/RespondToRetransmit.java + - JDK-8305421: Work around JDK-8305420 in CDSJDITest.java + - JDK-8305763: Parsing a URI with an underscore goes through a silent exception, negatively impacting performance + - JDK-8305766: ProblemList runtime/CompressedOops/CompressedClassPointers.java + - JDK-8305950: Have -XshowSettings option display tzdata version + - JDK-8306133: Open source few AWT Drag & Drop related tests + - JDK-8306137: Open source several AWT ScrollPane related tests + - JDK-8306484: Open source several AWT Choice jtreg tests + - JDK-8306636: Disable compiler/c2/Test6905845.java with -XX:TieredStopAtLevel=3 + - JDK-8306638: Open source some AWT tests related to datatransfer and Toolkit + - JDK-8306682: Open source a few more AWT Choice tests + - JDK-8306718: Optimize and opensource some old AWT tests + - JDK-8306954: Open source five Focus related tests + - JDK-8306955: Open source several JComboBox jtreg tests + - JDK-8307078: Opensource and clean up five more AWT Focus related tests + - JDK-8307080: Open source some more JComboBox jtreg tests + - JDK-8307128: Open source some drag and drop tests 4 + - JDK-8307133: Open source some JTable jtreg tests + - JDK-8307135: java/awt/dnd/NotReallySerializableTest/NotReallySerializableTest.java failed + - JDK-8307301: Update HarfBuzz to 7.2.0 + - JDK-8307569: Build with gcc8 is broken after JDK-8307301 + - JDK-8307572: AArch64: Vector registers are clobbered by some macroassemblers + - JDK-8307603: [AIX] Broken build after JDK-8307301 + - JDK-8307604: gcc12 based Alpine build broken build after JDK-8307301 + - JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has invalid jtreg `@requires` clause + - JDK-8308156: VerifyCACerts.java misses blank in error output + - JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails + - JDK-8309108: Bump update version for OpenJDK: jdk-11.0.21 + - JDK-8309138: Fix container tests for jdks with symlinked conf dir + - JDK-8310054: ScrollPane insets are incorrect + - JDK-8310176: JDK 11 G1 crash during full GC with +UseStringDeduplication + - JDK-8310620: [11u] Problemlist failing aot tests on macos x64 + - JDK-8311033: [macos] PrinterJob does not take into account Sides attribute + - JDK-8311689: Wrong visible amount in Adjustable of ScrollPane + - JDK-8312138: jcmd VM.metaspace vslist has no newline character before the Class: label. + - JDK-8312555: Ideographic characters aren't stretched by AffineTransform.scale(2, 1) + - JDK-8313159: [11u] Fix test SSLEngineKeyLimit.java after Merge error + - JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) + - JDK-8313796: AsyncGetCallTrace crash on unreadable interpreter method pointer + - JDK-8313803: [11u] Exclude jdk/jfr/event/sampling/TestStackFrameLineNumbers.java + - JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le + - JDK-8314086: [11u] A typo in the fix for JDK-8312462 is causing test failure in ChildAlwaysOnTopTest.java + - JDK-8314950: CMS may miss NMT tag after mark stack expansion + - JDK-8314960: Add Certigna Root CA - 2 + - JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() + - JDK-8315529: [11u] Exclude some failing Z-GC tests + - JDK-8317040: Exclude cleaner test failing on older releases + - JDK-8317644: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.21 + +Notes on individual issues: +=========================== + +security-libs/javax.net.ssl: + +JDK-8301700: The Default TLS Diffie-Hellman Group Size Has Been Increased from 1024-bit to 2048-bit +=================================================================================================== +The JDK implementation of TLS 1.2 now uses a default Diffie Hellman +keysize of 2048 bits when a TLS_DHE cipher suite is negotiated and +either the client or server does not support FFDHE. + +The JDK TLS implementation supports FFDHE, which can negotiate a +stronger keysize, and this is enabled by default. + +As a workaround, users can revert to the previous key size by setting +the `jdk.tls.ephemeralDHKeySize` system property to 1024 (at their own +risk). + +This change does not affect TLS 1.3 as the minimum DH group size is +already 2048 bits. + +JDK-8168261: Use Server Cipher Suites Preference by Default +=========================================================== +The SunJSSE provider has been updated to use the local server-side +cipher suite preferences by default. Previously, the server would use +the preferences specified by the connecting client. To revert to the +previous behaviour, use `SSLParameters.setUseCipherSuitesOrder(false)` +on the server side. + +security-libs/javax.crypto: + +JDK-8023980: JDK Now Accepts RSA Keys in PKCS#1 Format +====================================================== +RSA private and public keys in PKCS#1 format can now be accepted by +JDK providers, such as the RSA `KeyFactory.impl` from the SunRsaSign +provider. The RSA private or public key object should have the PKCS#1 +format and an encoding matching the ASN.1 syntax for a PKCS#1 RSA +private key and public key. + +security-libs/javax.security: + +JDK-8242330: Arrays should be cloned in several JAAS Callback classes +===================================================================== +In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays +were not cloned when passed into a constructor or returned. This +allowed an external program to get access to the internal fields of +these classes. The classes have been updated to return cloned arrays. + +tools/launcher: + +JDK-8305950: `-XshowSettings:locale` Output Now Includes Tzdata Version +======================================================================= +The `-XshowSettings` launcher option has been enhanced to print the +tzdata version used by the JDK. The tzdata version is displayed as +part of the `locale` showSettings option. + +Example output using `-X:showSettings:locale`: + +Locale settings: + default locale = English + default display locale = English + default format locale = English + tzdata version = 2023c + +security-libs/java.security: + +JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate +================================================================== +The following root certificate from SECOM Trust System has been +removed from the `cacerts` keystore: + +Alias Name: secomscrootca1 [jdk] +Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP + +JDK-8314960: Added Certigna Root CA Certificate +=============================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR + +JDK-8155246: Throw Error If Default java.security File Fails to Load +==================================================================== +A hardcoded set of security properties was used in previous releases +when the `java.security` file could not be loaded. This set of +properties were poorly maintained and it was not obvious to the user +that they were being utilised. This release instead throws an +`InternalError` if the `java.security` file can not be loaded. + +New in release OpenJDK 11.0.20.1 (2023-08-24): +============================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk110201 + +* Other changes + - JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) + - JDK-8314678: Bump update version for OpenJDK: jdk-11.0.20.1 + New in release OpenJDK 11.0.20 (2023-07-18): ============================================= Live versions of these release notes can be found at: diff --git a/SOURCES/jdk8312489-max_sig_default_increase.patch b/SOURCES/jdk8312489-max_sig_default_increase.patch new file mode 100644 index 0000000..e0c4eeb --- /dev/null +++ b/SOURCES/jdk8312489-max_sig_default_increase.patch @@ -0,0 +1,50 @@ +commit 50074a04e62f91faa080b831d9ce343396ead252 +Author: Andrew John Hughes +Date: Tue Sep 5 20:48:42 2023 +0000 + + 8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar + + Backport-of: e47a84f23dd2608c6f5748093eefe301fb5bf750 + +diff --git a/src/java.base/share/classes/java/util/jar/JarFile.java b/src/java.base/share/classes/java/util/jar/JarFile.java +index cb7e308e0d..cce897c0d3 100644 +--- a/src/java.base/share/classes/java/util/jar/JarFile.java ++++ b/src/java.base/share/classes/java/util/jar/JarFile.java +@@ -809,7 +809,9 @@ class JarFile extends ZipFile { + throw new IOException("Unsupported size: " + uncompressedSize + + " for JarEntry " + ze.getName() + + ". Allowed max size: " + +- SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes"); ++ SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " + ++ "You can use the jdk.jar.maxSignatureFileSize " + ++ "system property to increase the default value."); + } + int len = (int)uncompressedSize; + int bytesRead; +diff --git a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java +index cb477fc134..a766b8249f 100644 +--- a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java ++++ b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java +@@ -852,16 +852,16 @@ public class SignatureFileVerifier { + * the maximum allowed number of bytes for the signature-related files + * in a JAR file. + */ +- Integer tmp = GetIntegerAction.privilegedGetProperty( +- "jdk.jar.maxSignatureFileSize", 8000000); ++ int tmp = GetIntegerAction.privilegedGetProperty( ++ "jdk.jar.maxSignatureFileSize", 16000000); + if (tmp < 0 || tmp > MAX_ARRAY_SIZE) { + if (debug != null) { +- debug.println("Default signature file size 8000000 bytes " + +- "is used as the specified size for the " + +- "jdk.jar.maxSignatureFileSize system property " + ++ debug.println("The default signature file size of 16000000 bytes " + ++ "will be used for the jdk.jar.maxSignatureFileSize " + ++ "system property since the specified value " + + "is out of range: " + tmp); + } +- tmp = 8000000; ++ tmp = 16000000; + } + return tmp; + } diff --git a/SOURCES/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch b/SOURCES/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch deleted file mode 100644 index 4efbe9a..0000000 --- a/SOURCES/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch +++ /dev/null @@ -1,88 +0,0 @@ - -# HG changeset patch -# User andrew -# Date 1478057514 0 -# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c -# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a -PR3183: Support Fedora/RHEL system crypto policy -diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java ---- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100 -+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000 -@@ -43,6 +43,9 @@ - * implementation-specific location, which is typically the properties file - * {@code conf/security/java.security} in the Java installation directory. - * -+ *

Additional default values of security properties are read from a -+ * system-specific location, if available.

-+ * - * @author Benjamin Renaud - * @since 1.1 - */ -@@ -52,6 +55,10 @@ - private static final Debug sdebug = - Debug.getInstance("properties"); - -+ /* System property file*/ -+ private static final String SYSTEM_PROPERTIES = -+ "/etc/crypto-policies/back-ends/java.config"; -+ - /* The java.security properties */ - private static Properties props; - -@@ -93,6 +100,7 @@ - if (sdebug != null) { - sdebug.println("reading security properties file: " + - propFile); -+ sdebug.println(props.toString()); - } - } catch (IOException e) { - if (sdebug != null) { -@@ -114,6 +122,31 @@ - } - - if ("true".equalsIgnoreCase(props.getProperty -+ ("security.useSystemPropertiesFile"))) { -+ -+ // now load the system file, if it exists, so its values -+ // will win if they conflict with the earlier values -+ try (BufferedInputStream bis = -+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { -+ props.load(bis); -+ loadedProps = true; -+ -+ if (sdebug != null) { -+ sdebug.println("reading system security properties file " + -+ SYSTEM_PROPERTIES); -+ sdebug.println(props.toString()); -+ } -+ } catch (IOException e) { -+ if (sdebug != null) { -+ sdebug.println -+ ("unable to load security properties from " + -+ SYSTEM_PROPERTIES); -+ e.printStackTrace(); -+ } -+ } -+ } -+ -+ if ("true".equalsIgnoreCase(props.getProperty - ("security.overridePropertiesFile"))) { - - String extraPropFile = System.getProperty -diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security ---- a/src/java.base/share/conf/security/java.security Wed Oct 26 03:51:39 2016 +0100 -+++ b/src/java.base/share/conf/security/java.security Wed Nov 02 03:31:54 2016 +0000 -@@ -276,6 +276,13 @@ - security.overridePropertiesFile=true - - # -+# Determines whether this properties file will be appended to -+# using the system properties file stored at -+# /etc/crypto-policies/back-ends/java.config -+# -+security.useSystemPropertiesFile=true -+ -+# - # Determines the default key and trust manager factory algorithms for - # the javax.net.ssl package. - # diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 1bd5894..1911cf1 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -78,6 +78,9 @@ %global build_loop1 %{nil} %endif +# Indicates whether this is the default JDK on this version of RHEL +%global is_system_jdk 0 + %global aarch64 aarch64 arm64 armv8 # we need to distinguish between big and little endian PPC64 %global ppc64le ppc64le @@ -88,6 +91,8 @@ %global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x # Set of architectures with a Just-In-Time (JIT) compiler %global jit_arches %{debug_arches} %{arm} +# Set of architectures which use the Zero assembler port (!jit_arches) +%global zero_arches ppc s390 # Set of architectures which run a full bootstrap cycle %global bootstrap_arches %{jit_arches} # Set of architectures which support SystemTap tapsets @@ -271,7 +276,7 @@ # New Version-String scheme-style defines %global featurever 11 %global interimver 0 -%global updatever 20 +%global updatever 21 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -299,7 +304,7 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif @@ -309,27 +314,29 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 3.15.0 +# Define JDK versions +%global javaver %{featurever} +%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} +# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames +%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) +# The tag used to create the OpenJDK tarball +%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 8 +%global buildver 9 %global rpmrelease 1 #%%global tagsuffix %%{nil} # priority must be 7 digits in total -# setting to 1, so debug ones can have 0 +%if %is_system_jdk +%global priority %( printf '%02d%02d%02d%02d' %{featurever} %{interimver} %{updatever} %{buildver} ) +%else +# for non-default using 1, so slowdebugs can have 0 %global priority 00000%{interimver}1 -%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} - -# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames -%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) - -# The tag used to create the OpenJDK tarball -%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} - -%global javaver %{featurever} +%endif # Define milestone (EA for pre-releases, GA for releases) # Release will be (where N is usually a number starting at 1): @@ -414,6 +421,7 @@ alternatives \\ --install %{_bindir}/java java %{jrebindir %%1}/java $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmdir}/jre jre %{_jvmdir}/%{sdkdir %%1} \\ --slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir %%1}/%{alt_java_name} \\ + --slave %{_bindir}/jcmd jcmd %{jrebindir %%1}/jcmd \\ --slave %{_bindir}/jjs jjs %{jrebindir %%1}/jjs \\ --slave %{_bindir}/keytool keytool %{jrebindir %%1}/keytool \\ --slave %{_bindir}/pack200 pack200 %{jrebindir %%1}/pack200 \\ @@ -424,6 +432,8 @@ alternatives \\ %{_mandir}/man1/java-%{uniquesuffix %%1}.1$ext \\ --slave %{_mandir}/man1/%{alt_java_name}.1$ext %{alt_java_name}.1$ext \\ %{_mandir}/man1/%{alt_java_name}-%{uniquesuffix %%1}.1$ext \\ + --slave %{_mandir}/man1/jcmd.1$ext jcmd.1$ext \\ + %{_mandir}/man1/jcmd-%{uniquesuffix %%1}.1$ext \\ --slave %{_mandir}/man1/jjs.1$ext jjs.1$ext \\ %{_mandir}/man1/jjs-%{uniquesuffix %%1}.1$ext \\ --slave %{_mandir}/man1/keytool.1$ext keytool.1$ext \\ @@ -496,13 +506,14 @@ alternatives \\ --slave %{_bindir}/jlink jlink %{sdkbindir %%1}/jlink \\ --slave %{_bindir}/jmod jmod %{sdkbindir %%1}/jmod \\ %ifarch %{sa_arches} +%ifnarch %{zero_arches} --slave %{_bindir}/jhsdb jhsdb %{sdkbindir %%1}/jhsdb \\ %endif +%endif --slave %{_bindir}/jar jar %{sdkbindir %%1}/jar \\ --slave %{_bindir}/jarsigner jarsigner %{sdkbindir %%1}/jarsigner \\ --slave %{_bindir}/javadoc javadoc %{sdkbindir %%1}/javadoc \\ --slave %{_bindir}/javap javap %{sdkbindir %%1}/javap \\ - --slave %{_bindir}/jcmd jcmd %{sdkbindir %%1}/jcmd \\ --slave %{_bindir}/jconsole jconsole %{sdkbindir %%1}/jconsole \\ --slave %{_bindir}/jdb jdb %{sdkbindir %%1}/jdb \\ --slave %{_bindir}/jdeps jdeps %{sdkbindir %%1}/jdeps \\ @@ -529,8 +540,6 @@ alternatives \\ %{_mandir}/man1/javadoc-%{uniquesuffix %%1}.1$ext \\ --slave %{_mandir}/man1/javap.1$ext javap.1$ext \\ %{_mandir}/man1/javap-%{uniquesuffix %%1}.1$ext \\ - --slave %{_mandir}/man1/jcmd.1$ext jcmd.1$ext \\ - %{_mandir}/man1/jcmd-%{uniquesuffix %%1}.1$ext \\ --slave %{_mandir}/man1/jconsole.1$ext jconsole.1$ext \\ %{_mandir}/man1/jconsole-%{uniquesuffix %%1}.1$ext \\ --slave %{_mandir}/man1/jdb.1$ext jdb.1$ext \\ @@ -643,6 +652,7 @@ exit 0 %dir %{_jvmdir}/%{sdkdir %%1}/bin %{_jvmdir}/%{sdkdir %%1}/bin/java %{_jvmdir}/%{sdkdir %%1}/bin/%{alt_java_name} +%{_jvmdir}/%{sdkdir %%1}/bin/jcmd %{_jvmdir}/%{sdkdir %%1}/bin/jjs %{_jvmdir}/%{sdkdir %%1}/bin/keytool %{_jvmdir}/%{sdkdir %%1}/bin/pack200 @@ -691,8 +701,10 @@ exit 0 %{_jvmdir}/%{sdkdir %%1}/lib/librmi.so # Some architectures don't have the serviceability agent %ifarch %{sa_arches} +%ifnarch %{zero_arches} %{_jvmdir}/%{sdkdir %%1}/lib/libsaproc.so %endif +%endif %{_jvmdir}/%{sdkdir %%1}/lib/libsctp.so %{_jvmdir}/%{sdkdir %%1}/lib/libsunec.so %{_jvmdir}/%{sdkdir %%1}/lib/libunpack.so @@ -703,6 +715,7 @@ exit 0 %{_jvmdir}/%{sdkdir %%1}/lib/jfr/profile.jfc %{_mandir}/man1/java-%{uniquesuffix %%1}.1* %{_mandir}/man1/%{alt_java_name}-%{uniquesuffix %%1}.1* +%{_mandir}/man1/jcmd-%{uniquesuffix %%1}.1* %{_mandir}/man1/jjs-%{uniquesuffix %%1}.1* %{_mandir}/man1/keytool-%{uniquesuffix %%1}.1* %{_mandir}/man1/pack200-%{uniquesuffix %%1}.1* @@ -750,7 +763,6 @@ exit 0 %{_jvmdir}/%{sdkdir %%1}/bin/javadoc %{_jvmdir}/%{sdkdir %%1}/bin/javap %{_jvmdir}/%{sdkdir %%1}/bin/jconsole -%{_jvmdir}/%{sdkdir %%1}/bin/jcmd %{_jvmdir}/%{sdkdir %%1}/bin/jdb %{_jvmdir}/%{sdkdir %%1}/bin/jdeps %{_jvmdir}/%{sdkdir %%1}/bin/jdeprscan @@ -758,8 +770,10 @@ exit 0 %{_jvmdir}/%{sdkdir %%1}/bin/jimage # Some architectures don't have the serviceability agent %ifarch %{sa_arches} +%ifnarch %{zero_arches} %{_jvmdir}/%{sdkdir %%1}/bin/jhsdb %endif +%endif %{_jvmdir}/%{sdkdir %%1}/bin/jinfo %{_jvmdir}/%{sdkdir %%1}/bin/jlink %{_jvmdir}/%{sdkdir %%1}/bin/jmap @@ -787,7 +801,6 @@ exit 0 %{_mandir}/man1/javadoc-%{uniquesuffix %%1}.1* %{_mandir}/man1/javap-%{uniquesuffix %%1}.1* %{_mandir}/man1/jconsole-%{uniquesuffix %%1}.1* -%{_mandir}/man1/jcmd-%{uniquesuffix %%1}.1* %{_mandir}/man1/jdb-%{uniquesuffix %%1}.1* %{_mandir}/man1/jdeps-%{uniquesuffix %%1}.1* %{_mandir}/man1/jinfo-%{uniquesuffix %%1}.1* @@ -855,13 +868,15 @@ Recommends: gtk3%{?_isa} Provides: java-%{javaver}-%{origin}%1 = %{epoch}:%{version}-%{release} # Standard JPackage base provides -#Provides: jre = %{javaver}%1 -#Provides: jre-%{origin}%1 = %{epoch}:%{version}-%{release} Provides: jre-%{javaver}%1 = %{epoch}:%{version}-%{release} Provides: jre-%{javaver}-%{origin}%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}%1 = %{epoch}:%{version}-%{release} -#Provides: java-%{origin}%1 = %{epoch}:%{version}-%{release} -#Provides: java%1 = %{epoch}:%{javaver} +%if %is_system_jdk +Provides: java-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: jre-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java%1 = %{epoch}:%{version}-%{release} +Provides: jre%1 = %{epoch}:%{version}-%{release} +%endif } %global java_headless_rpo() %{expand: @@ -869,8 +884,8 @@ Provides: java-%{javaver}%1 = %{epoch}:%{version}-%{release} Requires: ca-certificates # Require javapackages-tools for ownership of /usr/lib/jvm/ and macros Requires: javapackages-tools -# 2022g required as of JDK-8297804 -Requires: tzdata-java >= 2022g +# 2023c required as of JDK-8305113 +Requires: tzdata-java >= 2023c # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand %if 0%{?rhel} >= 8 @@ -898,21 +913,19 @@ Requires(postun): %{_sbindir}/alternatives # in version 1.7 and higher for --family switch Requires(postun): chkconfig >= 1.7 -# rhel7 do not have weak depndencies +# rhel7 does not have weak dependencies # Standard JPackage base provides -#Provides: jre-headless%1 = %{epoch}:%{javaver} Provides: jre-%{javaver}-%{origin}-headless%1 = %{epoch}:%{version}-%{release} -#Provides: jre-%{origin}-headless%1 = %{epoch}:%{version}-%{release} Provides: jre-%{javaver}-headless%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-headless%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-headless%1 = %{epoch}:%{version}-%{release} -#Provides: java-%{origin}-headless%1 = %{epoch}:%{version}-%{release} -#Provides: java-headless%1 = %{epoch}:%{javaver} - -# https://bugzilla.redhat.com/show_bug.cgi?id=1312019 -Provides: /usr/bin/jjs - +%if %is_system_jdk +Provides: java-%{origin}-headless%1 = %{epoch}:%{version}-%{release} +Provides: jre-%{origin}-headless%1 = %{epoch}:%{version}-%{release} +Provides: jre-headless%1 = %{epoch}:%{version}-%{release} +Provides: java-headless%1 = %{epoch}:%{version}-%{release} +%endif } %global java_devel_rpo() %{expand: @@ -929,20 +942,21 @@ Requires(postun): %{_sbindir}/alternatives Requires(postun): chkconfig >= 1.7 # Standard JPackage devel provides -Provides: java-sdk-%{javaver}-%{origin}%1 = %{epoch}:%{version} -Provides: java-sdk-%{javaver}%1 = %{epoch}:%{version} -#Provides: java-sdk-%{origin}%1 = %{epoch}:%{version} -#Provides: java-sdk%1 = %{epoch}:%{javaver} -Provides: java-%{javaver}-devel%1 = %{epoch}:%{version} -Provides: java-%{javaver}-%{origin}-devel%1 = %{epoch}:%{version} -#Provides: java-devel-%{origin}%1 = %{epoch}:%{version} -#Provides: java-devel%1 = %{epoch}:%{javaver} - +Provides: java-sdk-%{javaver}-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java-sdk-%{javaver}%1 = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-devel%1 = %{epoch}:%{version}-%{release} +Provides: java-%{javaver}-%{origin}-devel%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk +Provides: java-devel-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java-sdk-%{origin}%1 = %{epoch}:%{version}-%{release} +Provides: java-devel%1 = %{epoch}:%{version}-%{release} +Provides: java-sdk%1 = %{epoch}:%{version}-%{release} +%endif } %define java_static_libs_rpo() %{expand: -Requires: %{name}-devel%{?1}%{?_isa} = %{epoch}:%{version}-%{release} -OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} +Requires: %{name}-devel%1%{?_isa} = %{epoch}:%{version}-%{release} +OrderWithRequires: %{name}-headless%1%{?_isa} = %{epoch}:%{version}-%{release} } %define java_jmods_rpo() %{expand: @@ -961,9 +975,11 @@ Provides: java-%{javaver}-%{origin}-jmods%1 = %{epoch}:%{version}-%{release} Requires: %{name}%1%{?_isa} = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%1%{?_isa} = %{epoch}:%{version}-%{release} -Provides: java-demo%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-demo%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-demo%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk +Provides: java-demo%1 = %{epoch}:%{version}-%{release} +%endif } @@ -979,9 +995,11 @@ Requires(postun): %{_sbindir}/alternatives Requires(postun): chkconfig >= 1.7 # Standard JPackage javadoc provides. -Provides: java-javadoc%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-javadoc%1 = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-javadoc%1 = %{epoch}:%{version}-%{release} +%if %is_system_jdk +Provides: java-javadoc%1 = %{epoch}:%{version}-%{release} +%endif } %global java_src_rpo() %{expand: @@ -1035,7 +1053,7 @@ URL: http://openjdk.java.net/ # to regenerate source0 (jdk) run update_package.sh # update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives -Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz +Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (3.x). @@ -1072,17 +1090,13 @@ Source18: TestTranslations.java # ############################################ -# NSS via SunPKCS11 Provider (disabled comment -# due to memory leak). -Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch - # Ignore AWTError when assistive technologies are loaded Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch +# NSS via SunPKCS11 Provider (disabled due to memory leak). +Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch # Restrict access to java-atk-wrapper classes Patch2: rh1648644-java_access_bridge_privileged_security.patch Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch -# Follow system wide crypto policy RHBZ#1249083 -Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch # RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) Patch600: rh1750419-redhat_alt_java.patch @@ -1119,7 +1133,7 @@ Patch7: jdk8009550-rh910107-search_for_versioned_libpcsclite.patch ############################################# # -# Patches appearing in 11.0.20 +# Patches appearing in 11.0.21 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be @@ -1127,6 +1141,18 @@ Patch7: jdk8009550-rh910107-search_for_versioned_libpcsclite.patch # and used by this RPM. ############################################# +############################################# +# +# Patches appearing in 11.0.22 +# +# This section includes patches which are present +# in the listed OpenJDK 8u release and should be +# able to be removed once that release is out +# and used by this RPM. +############################################# +# JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar +Patch2000: jdk8312489-max_sig_default_increase.patch + BuildRequires: autoconf BuildRequires: automake BuildRequires: alsa-lib-devel @@ -1140,13 +1166,6 @@ BuildRequires: freetype-devel BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: gdb -%ifarch %{arm} -BuildRequires: devtoolset-7-build -BuildRequires: devtoolset-7-binutils -BuildRequires: devtoolset-7-gcc -BuildRequires: devtoolset-7-gcc-c++ -BuildRequires: devtoolset-7-gdb -%endif BuildRequires: gtk2-devel # LCMS on rhel7 is older then LCMS in intree JDK BuildRequires: lcms2-devel @@ -1166,7 +1185,7 @@ BuildRequires: zip BuildRequires: javapackages-tools BuildRequires: java-%{buildjdkver}-openjdk-devel # Zero-assembler build requirement -%ifnarch %{jit_arches} +%ifarch %{zero_arches} BuildRequires: libffi-devel %endif # 2023c required as of JDK-8305113 @@ -1464,12 +1483,16 @@ pushd %{top_level_dir_name} %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 +# nss.cfg PKCS11 support; must come last as it also alters java.security +%patch1000 -p1 +# Allow PCSC library to work with the versioned so %patch7 -p1 +# JDK-8312489 backport, coming in 11.0.22 +%patch2000 -p1 +# alt-java +%patch600 -p1 popd # openjdk -%patch1000 -%patch600 # Extract systemtap tapsets %if %{with_systemtap} @@ -1518,10 +1541,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg %build -%ifarch %{arm} -%{?enable_devtoolset7:%{enable_devtoolset7}} -%endif - # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -1539,12 +1558,12 @@ export CFLAGS="$CFLAGS -mieee" # We use ourcppflags because the OpenJDK build seems to # pass EXTRA_CFLAGS to the HotSpot C++ compiler... -# Explicitly set the C++ standard as the default has changed on GCC >= 6 -EXTRA_CFLAGS="%ourcppflags -std=gnu++98 -Wno-error -fno-delete-null-pointer-checks" -EXTRA_CPP_FLAGS="%ourcppflags -std=gnu++98 -fno-delete-null-pointer-checks" +EXTRA_CFLAGS="%ourcppflags" +EXTRA_CPP_FLAGS="%ourcppflags" %ifarch %{ix86} -EXTRA_CFLAGS="${EXTRA_CFLAGS} -mstackrealign" -EXTRA_CPP_FLAGS="${EXTRA_CPP_FLAGS} -mstackrealign" +# Align stack boundary on x86_32 +EXTRA_CFLAGS="${EXTRA_CFLAGS} -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4" +EXTRA_CPP_FLAGS="${EXTRA_CPP_FLAGS} -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4" %endif %ifarch %{power64} ppc @@ -1552,7 +1571,7 @@ EXTRA_CPP_FLAGS="${EXTRA_CPP_FLAGS} -mstackrealign" EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif EXTRA_ASFLAGS="${EXTRA_CFLAGS}" -export EXTRA_CFLAGS EXTRA_ASFLAGS +export EXTRA_CFLAGS EXTRA_CPP_FLAGS EXTRA_ASFLAGS function buildjdk() { local outputdir=${1} @@ -1577,7 +1596,7 @@ function buildjdk() { pushd ${outputdir} bash ${top_dir_abs_src_path}/configure \ -%ifnarch %{jit_arches} +%ifarch %{zero_arches} --with-jvm-variants=zero \ %endif %ifarch %{ppc64le} @@ -2113,9 +2132,57 @@ require "copy_jdk_configs.lua" # important note, see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue # all config/noreplace files (and more) have to be declared in pretrans. See pretrans %{files_jre_headless %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_bindir}/java +%ghost %{_jvmdir}/jre +%ghost %{_bindir}/%{alt_java_name} +%ghost %{_bindir}/jcmd +%ghost %{_bindir}/jjs +%ghost %{_bindir}/keytool +%ghost %{_bindir}/pack200 +%ghost %{_bindir}/rmid +%ghost %{_bindir}/rmiregistry +%ghost %{_bindir}/unpack200 +%ghost %{_jvmdir}/jre-%{origin} +%ghost %{_jvmdir}/jre-%{javaver} +%ghost %{_jvmdir}/jre-%{javaver}-%{origin} +%endif %files devel %{files_devel %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_bindir}/javac +%ghost %{_jvmdir}/java +%ghost %{_bindir}/jaotc +%ghost %{_bindir}/jlink +%ghost %{_bindir}/jmod +%ghost %{_bindir}/jhsdb +%ghost %{_bindir}/jar +%ghost %{_bindir}/jarsigner +%ghost %{_bindir}/javadoc +%ghost %{_bindir}/javap +%ghost %{_bindir}/jconsole +%ghost %{_bindir}/jdb +%ghost %{_bindir}/jdeps +%ghost %{_bindir}/jdeprscan +%ghost %{_bindir}/jfr +%ghost %{_bindir}/jimage +%ghost %{_bindir}/jinfo +%ghost %{_bindir}/jmap +%ghost %{_bindir}/jps +%ghost %{_bindir}/jrunscript +%ghost %{_bindir}/jshell +%ghost %{_bindir}/jstack +%ghost %{_bindir}/jstat +%ghost %{_bindir}/jstatd +%ghost %{_bindir}/rmic +%ghost %{_bindir}/serialver +%ghost %{_jvmdir}/java-%{origin} +%ghost %{_jvmdir}/java-%{javaver} +%ghost %{_jvmdir}/java-%{javaver}-%{origin} +%endif %if %{include_staticlibs} %files static-libs @@ -2133,13 +2200,22 @@ require "copy_jdk_configs.lua" %files javadoc %{files_javadoc %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_javadocdir}/java +%endif # this puts huge file to /usr/share -# unluckily ti is really a documentation file +# unluckily it is really a documentation file # and unluckily it really is architecture-dependent, as eg. aot and grail are now x86_64 only # same for debug variant %files javadoc-zip %{files_javadoc_zip %{nil}} +# RHEL-11313; alternatives not owned by packages +%if %is_system_jdk +%ghost %{_javadocdir}/java-zip +%endif + %endif %if %{include_debug_build} @@ -2174,6 +2250,44 @@ require "copy_jdk_configs.lua" %endif %changelog +* Fri Oct 13 2023 Andrew Hughes - 1:11.0.21.0.9-1 +- Update to jdk-11.0.21+9 (GA) +- Update release notes to 11.0.21+9 +- Remove system crypto policy patch which doesn't belong on RHEL 7 with no system policies +- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal +- Update bug URL for RHEL to point to the Red Hat customer portal +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Apply all patches using -p1 +- Drop local backport of JDK-8243210 which is upstream from 11.0.21+2 +- Add missing JFR alternative ghost +- Move jcmd to the headless package +- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment +- Disable the serviceability agent on Zero architectures even when the architecture itself is supported +- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** +- Resolves: RHEL-12217 +- Resolves: RHEL-12910 +- Resolves: RHEL-12913 +- Resolves: RHEL-11320 +- Resolves: RHEL-13227 +- Resolves: RHEL-13217 + +* Fri Oct 13 2023 Jiri Vanek - 1:11.0.21.0.9-1 +- For non debug subpackages, ghosted all alternatives (rhbz1649776) +- For non system JDKs, if-outed versionless provides. +- Aligned versions to be %%{epoch}:%%{version}-%%{release} instead of chaotic +- Related: RHEL-11320 + +* Tue Sep 05 2023 Andrew Hughes - 1:11.0.20.1.1-1 +- Update to jdk-11.0.20.1+1 (GA) +- Update release notes to 11.0.20.1+1 +- Add backport of JDK-8312489 already upstream in 11.0.22 (see OPENJDK-2095) +- Add backport of JDK-8243210 already upstream in 11.0.21 (see RH2229269) +- Update openjdk_news script to specify subdirectory last +- Add missing discover_trees script required by openjdk_news +- Synchronise runtime and buildtime tzdata requirements +- Update README.md to match the version in later RHEL releases +- Resolves: rhbz#2236229 + * Wed Jul 12 2023 Andrew Hughes - 1:11.0.20.0.8-1 - Update to jdk-11.0.20.0+8 (GA) - Update release notes to 11.0.20.0+8