diff --git a/.gitignore b/.gitignore index 27854a0..f3e363a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.4+11.tar.xz +SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.5+10.tar.xz SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index c8ec3c7..f6d771b 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -dcc5e78329858f75342094efdccce1e87d9cb1d9 SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.4+11.tar.xz +1e1a7b4b1df7be1b70de37f84ccb0ded61c7e9ea SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.5+10.tar.xz cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/SOURCES/rh1022017-reduce_ssl_curves.patch b/SOURCES/rh1022017-reduce_ssl_curves.patch deleted file mode 100644 index 6dab416..0000000 --- a/SOURCES/rh1022017-reduce_ssl_curves.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java ---- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java -+++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java -@@ -515,50 +515,19 @@ - } - } else { // default groups - NamedGroup[] groups; -- if (requireFips) { -- groups = new NamedGroup[] { -- // only NIST curves in FIPS mode -- NamedGroup.SECP256_R1, -- NamedGroup.SECP384_R1, -- NamedGroup.SECP521_R1, -- NamedGroup.SECT283_K1, -- NamedGroup.SECT283_R1, -- NamedGroup.SECT409_K1, -- NamedGroup.SECT409_R1, -- NamedGroup.SECT571_K1, -- NamedGroup.SECT571_R1, -+ groups = new NamedGroup[] { -+ // only NIST curves in FIPS mode -+ NamedGroup.SECP256_R1, -+ NamedGroup.SECP384_R1, -+ NamedGroup.SECP521_R1, - -- // FFDHE 2048 -- NamedGroup.FFDHE_2048, -- NamedGroup.FFDHE_3072, -- NamedGroup.FFDHE_4096, -- NamedGroup.FFDHE_6144, -- NamedGroup.FFDHE_8192, -- }; -- } else { -- groups = new NamedGroup[] { -- // NIST curves first -- NamedGroup.SECP256_R1, -- NamedGroup.SECP384_R1, -- NamedGroup.SECP521_R1, -- NamedGroup.SECT283_K1, -- NamedGroup.SECT283_R1, -- NamedGroup.SECT409_K1, -- NamedGroup.SECT409_R1, -- NamedGroup.SECT571_K1, -- NamedGroup.SECT571_R1, -- -- // non-NIST curves -- NamedGroup.SECP256_K1, -- -- // FFDHE 2048 -- NamedGroup.FFDHE_2048, -- NamedGroup.FFDHE_3072, -- NamedGroup.FFDHE_4096, -- NamedGroup.FFDHE_6144, -- NamedGroup.FFDHE_8192, -- }; -- } -+ // FFDHE 2048 -+ NamedGroup.FFDHE_2048, -+ NamedGroup.FFDHE_3072, -+ NamedGroup.FFDHE_4096, -+ NamedGroup.FFDHE_6144, -+ NamedGroup.FFDHE_8192, -+ }; - - groupList = new ArrayList<>(groups.length); - for (NamedGroup group : groups) { diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 9c3196c..d350e87 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -209,7 +209,7 @@ # New Version-String scheme-style defines %global majorver 11 -%global securityver 4 +%global securityver 5 # buildjdkver is usually same as %%{majorver}, # but in time of bootstrap of next jdk, it is majorver-1, # and this it is better to change it here, on single place @@ -231,7 +231,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global minorver 0 -%global buildver 11 +%global buildver 10 %global rpmrelease 0 #%%global tagsuffix "" # priority must be 8 digits in total; untill openjdk 1.8 we were using 18..... so when moving to 11 we had to add another digit @@ -1052,10 +1052,6 @@ Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes Patch2: rh1648644-java_access_bridge_privileged_security.patch -# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS -# Not currently suitable to go upstream as it disables curves -# for all providers unconditionally -Patch525: rh1022017-reduce_ssl_curves.patch Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch # PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch @@ -1358,7 +1354,6 @@ pushd %{top_level_dir_name} %patch6 -p1 %patch7 -p1 %patch8 -p1 -%patch525 -p1 popd # openjdk %patch1000 @@ -1910,6 +1905,25 @@ require "copy_jdk_configs.lua" %endif %changelog +* Wed Oct 09 2019 Andrew Hughes - 1:11.0.5.10-0 +- Update to shenandoah-jdk-11.0.5+10 (GA) +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. +- Resolves: rhbz#1753423 + +* Wed Oct 09 2019 Andrew Hughes - 1:11.0.5.9-0.0.ea +- Update to shenandoah-jdk-11.0.5+9 (EA) +- Resolves: rhbz#1753423 + +* Fri Sep 06 2019 Andrew John Hughes - 1:11.0.5.2-0.0.ea +- Update to shenandoah-jdk-11.0.5+2 (EA) +- Resolves: rhbz#1753423 + +* Tue Aug 13 2019 Andrew Hughes - 1:11.0.5.1-0.0.ea +- Update to shenandoah-jdk-11.0.5+1 (EA) +- Switch to EA mode for 11.0.5 pre-release builds. +- Resolves: rhbz#1753423 + * Tue Jul 09 2019 Andrew Hughes - 1:11.0.4.11-0 - Update to shenandoah-jdk-11.0.4+11 (GA) - Switch to GA mode for final release.