diff --git a/.gitignore b/.gitignore index 27854a0..f3e363a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.4+11.tar.xz +SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.5+10.tar.xz SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index c8ec3c7..f6d771b 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -dcc5e78329858f75342094efdccce1e87d9cb1d9 SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.4+11.tar.xz +1e1a7b4b1df7be1b70de37f84ccb0ded61c7e9ea SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.5+10.tar.xz cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/SOURCES/rh1022017-reduce_ssl_curves.patch b/SOURCES/rh1022017-reduce_ssl_curves.patch deleted file mode 100644 index 6dab416..0000000 --- a/SOURCES/rh1022017-reduce_ssl_curves.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java ---- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java -+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java -@@ -515,50 +515,19 @@ - } - } else { // default groups - NamedGroup[] groups; -- if (requireFips) { -- groups = new NamedGroup[] { -- // only NIST curves in FIPS mode -- NamedGroup.SECP256_R1, -- NamedGroup.SECP384_R1, -- NamedGroup.SECP521_R1, -- NamedGroup.SECT283_K1, -- NamedGroup.SECT283_R1, -- NamedGroup.SECT409_K1, -- NamedGroup.SECT409_R1, -- NamedGroup.SECT571_K1, -- NamedGroup.SECT571_R1, -+ groups = new NamedGroup[] { -+ // only NIST curves in FIPS mode -+ NamedGroup.SECP256_R1, -+ NamedGroup.SECP384_R1, -+ NamedGroup.SECP521_R1, - -- // FFDHE 2048 -- NamedGroup.FFDHE_2048, -- NamedGroup.FFDHE_3072, -- NamedGroup.FFDHE_4096, -- NamedGroup.FFDHE_6144, -- NamedGroup.FFDHE_8192, -- }; -- } else { -- groups = new NamedGroup[] { -- // NIST curves first -- NamedGroup.SECP256_R1, -- NamedGroup.SECP384_R1, -- NamedGroup.SECP521_R1, -- NamedGroup.SECT283_K1, -- NamedGroup.SECT283_R1, -- NamedGroup.SECT409_K1, -- NamedGroup.SECT409_R1, -- NamedGroup.SECT571_K1, -- NamedGroup.SECT571_R1, -- -- // non-NIST curves -- NamedGroup.SECP256_K1, -- -- // FFDHE 2048 -- NamedGroup.FFDHE_2048, -- NamedGroup.FFDHE_3072, -- NamedGroup.FFDHE_4096, -- NamedGroup.FFDHE_6144, -- NamedGroup.FFDHE_8192, -- }; -- } -+ // FFDHE 2048 -+ NamedGroup.FFDHE_2048, -+ NamedGroup.FFDHE_3072, -+ NamedGroup.FFDHE_4096, -+ NamedGroup.FFDHE_6144, -+ NamedGroup.FFDHE_8192, -+ }; - - groupList = new ArrayList<>(groups.length); - for (NamedGroup group : groups) { diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index a331a45..b6cf1d6 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -188,7 +188,7 @@ # New Version-String scheme-style defines %global majorver 11 -%global securityver 4 +%global securityver 5 # buildjdkver is usually same as %%{majorver}, # but in time of bootstrap of next jdk, it is majorver-1, # and this it is better to change it here, on single place @@ -210,8 +210,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global minorver 0 -%global buildver 11 -%global rpmrelease 1 +%global buildver 10 +%global rpmrelease 0 #%%global tagsuffix %{nil} # priority must be 7 digits in total # setting to 1, so debug ones can have 0 @@ -938,10 +938,6 @@ Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes Patch2: rh1648644-java_access_bridge_privileged_security.patch -# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS -# Not currently suitable to go upstream as it disables curves -# for all providers unconditionally -Patch525: rh1022017-reduce_ssl_curves.patch Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch # Follow system wide crypto policy RHBZ#1249083 Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch @@ -984,13 +980,6 @@ BuildRequires: freetype-devel BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: gdb -%ifarch %{arm} -BuildRequires: devtoolset-7-build -BuildRequires: devtoolset-7-binutils -BuildRequires: devtoolset-7-gcc -BuildRequires: devtoolset-7-gcc-c++ -BuildRequires: devtoolset-7-gdb -%endif BuildRequires: gtk2-devel # LCMS on rhel7 is older then LCMS in intree JDK BuildRequires: lcms2-devel @@ -1244,7 +1233,6 @@ pushd %{top_level_dir_name} %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch525 -p1 popd # openjdk %patch1000 @@ -1295,10 +1283,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg %build -%ifarch %{arm} -%{?enable_devtoolset7:%{enable_devtoolset7}} -%endif - # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -1798,6 +1782,25 @@ require "copy_jdk_configs.lua" %endif %changelog +* Wed Oct 09 2019 Andrew Hughes - 1:11.0.5.10-0 +- Update to shenandoah-jdk-11.0.5+10 (GA) +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. +- Resolves: rhbz#1753423 + +* Wed Oct 09 2019 Andrew Hughes - 1:11.0.5.9-0.0.ea +- Update to shenandoah-jdk-11.0.5+9 (EA) +- Resolves: rhbz#1753423 + +* Fri Sep 06 2019 Andrew John Hughes - 1:11.0.5.2-0.0.ea +- Update to shenandoah-jdk-11.0.5+2 (EA) +- Resolves: rhbz#1753423 + +* Mon Aug 12 2019 Andrew Hughes - 1:11.0.5.1-0.0.ea +- Update to shenandoah-jdk-11.0.5+1 (EA) +- Switch to EA mode for 11.0.5 pre-release builds. +- Resolves: rhbz#1753423 + * Tue Jul 09 2019 Andrew Hughes - 1:11.0.4.11-1 - Update to shenandoah-jdk-11.0.4+11 (GA) - Switch to GA mode for final release.