diff --git a/.gitignore b/.gitignore index 7211c7d..29dfc59 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.1+13.tar.xz +SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.2+7.tar.xz SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index 7fe2ae3..c7e0243 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -aedf1cc419fa0203658204b275e5599f7536ca9a SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.1+13.tar.xz +a01def53d91f1d55c27e8609f84891dccfae1ee1 SOURCES/shenandoah-jdk11-shenandoah-jdk-11.0.2+7.tar.xz cd8bf91753b9eb1401cfc529e78517105fc66011 SOURCES/systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz diff --git a/SOURCES/JDK-8210416-RHBZ-1632174-fdlibm-opt-fix.patch b/SOURCES/JDK-8210416-RHBZ-1632174-fdlibm-opt-fix.patch deleted file mode 100644 index 85428db..0000000 --- a/SOURCES/JDK-8210416-RHBZ-1632174-fdlibm-opt-fix.patch +++ /dev/null @@ -1,84 +0,0 @@ -# HG changeset patch -# User sgehwolf -# Date 1536142767 -7200 -# Wed Sep 05 12:19:27 2018 +0200 -# Node ID 7ea57274e55054579d1532e757edb21e67beed83 -# Parent 3ee91722550680c18b977f0e00b1013323b5c9ef -8210416: [linux] Poor StrictMath performance due to non-optimized compilation -Summary: Compile fdlibm with -O2 -ffp-contract=off on gcc/clang arches. -Reviewed-by: aph, erikj, dholmes, darcy - -diff --git a/make/autoconf/flags-cflags.m4 b/make/autoconf/flags-cflags.m4 ---- a/make/autoconf/flags-cflags.m4 -+++ b/make/autoconf/flags-cflags.m4 -@@ -373,6 +373,18 @@ - - FLAGS_SETUP_CFLAGS_CPU_DEP([BUILD], [OPENJDK_BUILD_]) - -+ COMPILER_FP_CONTRACT_OFF_FLAG="-ffp-contract=off" -+ # Check that the compiler supports -ffp-contract=off flag -+ # Set FDLIBM_CFLAGS to -ffp-contract=off if it does. Empty -+ # otherwise. -+ # These flags are required for GCC-based builds of -+ # fdlibm with optimization without losing precision. -+ # Notably, -ffp-contract=off needs to be added for GCC >= 4.6. -+ FLAGS_COMPILER_CHECK_ARGUMENTS(ARGUMENT: [${COMPILER_FP_CONTRACT_OFF_FLAG}], -+ IF_TRUE: [FDLIBM_CFLAGS=${COMPILER_FP_CONTRACT_OFF_FLAG}], -+ IF_FALSE: [FDLIBM_CFLAGS=""]) -+ AC_SUBST(FDLIBM_CFLAGS) -+ - # Tests are only ever compiled for TARGET - CFLAGS_TESTLIB="$CFLAGS_JDKLIB" - CXXFLAGS_TESTLIB="$CXXFLAGS_JDKLIB" -diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in ---- a/make/autoconf/spec.gmk.in -+++ b/make/autoconf/spec.gmk.in -@@ -450,6 +450,7 @@ - LIBJSIG_HASHSTYLE_LDFLAGS := @LIBJSIG_HASHSTYLE_LDFLAGS@ - LIBJSIG_NOEXECSTACK_LDFLAGS := @LIBJSIG_NOEXECSTACK_LDFLAGS@ - -+FDLIBM_CFLAGS := @FDLIBM_CFLAGS@ - JVM_CFLAGS := @JVM_CFLAGS@ - JVM_LDFLAGS := @JVM_LDFLAGS@ - JVM_ASFLAGS := @JVM_ASFLAGS@ -diff --git a/make/lib/CoreLibraries.gmk b/make/lib/CoreLibraries.gmk ---- a/make/lib/CoreLibraries.gmk -+++ b/make/lib/CoreLibraries.gmk -@@ -39,20 +39,15 @@ - BUILD_LIBFDLIBM_OPTIMIZATION := HIGH - endif - --ifeq ($(OPENJDK_TARGET_OS), linux) -- ifeq ($(OPENJDK_TARGET_CPU), ppc64) -- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -- else ifeq ($(OPENJDK_TARGET_CPU), ppc64le) -- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -- else ifeq ($(OPENJDK_TARGET_CPU), s390x) -- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -- else ifeq ($(OPENJDK_TARGET_CPU), aarch64) -- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH -- endif -+# If FDLIBM_CFLAGS is non-empty we know that we can optimize -+# fdlibm by adding those extra C flags. Currently GCC, -+# and clang only. -+ifneq ($(FDLIBM_CFLAGS), ) -+ BUILD_LIBFDLIBM_OPTIMIZATION := LOW - endif - - LIBFDLIBM_SRC := $(TOPDIR)/src/java.base/share/native/libfdlibm --LIBFDLIBM_CFLAGS := -I$(LIBFDLIBM_SRC) -+LIBFDLIBM_CFLAGS := -I$(LIBFDLIBM_SRC) $(FDLIBM_CFLAGS) - - ifneq ($(OPENJDK_TARGET_OS), macosx) - $(eval $(call SetupNativeCompilation, BUILD_LIBFDLIBM, \ -@@ -64,10 +59,6 @@ - CFLAGS := $(CFLAGS_JDKLIB) $(LIBFDLIBM_CFLAGS), \ - CFLAGS_windows_debug := -DLOGGING, \ - CFLAGS_aix := -qfloat=nomaf, \ -- CFLAGS_linux_ppc64 := -ffp-contract=off, \ -- CFLAGS_linux_ppc64le := -ffp-contract=off, \ -- CFLAGS_linux_s390x := -ffp-contract=off, \ -- CFLAGS_linux_aarch64 := -ffp-contract=off, \ - DISABLED_WARNINGS_gcc := sign-compare misleading-indentation, \ - DISABLED_WARNINGS_microsoft := 4146 4244 4018, \ - ARFLAGS := $(ARFLAGS), \ diff --git a/SOURCES/JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch b/SOURCES/JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch deleted file mode 100644 index 843ae3c..0000000 --- a/SOURCES/JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch +++ /dev/null @@ -1,48 +0,0 @@ -# HG changeset patch -# User sgehwolf -# Date 1536682731 -7200 -# Tue Sep 11 18:18:51 2018 +0200 -# Node ID 7157249fdd4366d95dd68f3d083ebb0ef84c753b -# Parent 8d86b149e10f0a0896e5fd4d8d407e5fda64a529 -8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization -Reviewed-by: duke - -diff --git a/make/hotspot/lib/JvmOverrideFiles.gmk b/make/hotspot/lib/JvmOverrideFiles.gmk ---- a/make/hotspot/lib/JvmOverrideFiles.gmk -+++ b/make/hotspot/lib/JvmOverrideFiles.gmk -@@ -43,20 +43,26 @@ ifeq ($(TOOLCHAIN_TYPE), gcc) - endif - endif - -+LIBJVM_FDLIBM_COPY_OPT_FLAG := $(CXX_O_FLAG_NONE) -+# If the FDLIBM_CFLAGS variable is non-empty we know -+# that the fdlibm-fork in hotspot can get optimized -+# by using -ffp-contract=off on GCC/Clang platforms. -+ifneq ($(FDLIBM_CFLAGS), ) -+ LIBJVM_FDLIBM_COPY_OPT_FLAG := $(CXX_O_FLAG_NORM) -+endif -+ - ifeq ($(OPENJDK_TARGET_OS), linux) - BUILD_LIBJVM_ostream.cpp_CXXFLAGS := -D_FILE_OFFSET_BITS=64 - BUILD_LIBJVM_logFileOutput.cpp_CXXFLAGS := -D_FILE_OFFSET_BITS=64 - -- ifeq ($(OPENJDK_TARGET_CPU_ARCH), x86) -- BUILD_LIBJVM_sharedRuntimeTrig.cpp_CXXFLAGS := -DNO_PCH $(CXX_O_FLAG_NONE) -- BUILD_LIBJVM_sharedRuntimeTrans.cpp_CXXFLAGS := -DNO_PCH $(CXX_O_FLAG_NONE) -+ BUILD_LIBJVM_sharedRuntimeTrig.cpp_CXXFLAGS := -DNO_PCH $(FDLIBM_CFLAGS) $(LIBJVM_FDLIBM_COPY_OPT_FLAG) -+ BUILD_LIBJVM_sharedRuntimeTrans.cpp_CXXFLAGS := -DNO_PCH $(FDLIBM_CFLAGS) $(LIBJVM_FDLIBM_COPY_OPT_FLAG) - -- ifeq ($(TOOLCHAIN_TYPE), clang) -- JVM_PRECOMPILED_HEADER_EXCLUDE := \ -- sharedRuntimeTrig.cpp \ -- sharedRuntimeTrans.cpp \ -- # -- endif -+ ifeq ($(TOOLCHAIN_TYPE), clang) -+ JVM_PRECOMPILED_HEADER_EXCLUDE := \ -+ sharedRuntimeTrig.cpp \ -+ sharedRuntimeTrans.cpp \ -+ # - endif - - ifeq ($(OPENJDK_TARGET_CPU), x86) diff --git a/SOURCES/JDK-8210647-RHBZ-1632174-libsaproc-opt-fix.patch b/SOURCES/JDK-8210647-RHBZ-1632174-libsaproc-opt-fix.patch deleted file mode 100644 index a279f8a..0000000 --- a/SOURCES/JDK-8210647-RHBZ-1632174-libsaproc-opt-fix.patch +++ /dev/null @@ -1,21 +0,0 @@ -# HG changeset patch -# User sgehwolf -# Date 1536751862 -7200 -# Wed Sep 12 13:31:02 2018 +0200 -# Node ID f95c6746fe256fe0456e0ea0d2930631ef840286 -# Parent 7157249fdd4366d95dd68f3d083ebb0ef84c753b -8210647: libsaproc is being compiled without optimization -Reviewed-by: duke - -diff --git a/make/lib/Lib-jdk.hotspot.agent.gmk b/make/lib/Lib-jdk.hotspot.agent.gmk ---- a/make/lib/Lib-jdk.hotspot.agent.gmk -+++ b/make/lib/Lib-jdk.hotspot.agent.gmk -@@ -52,7 +52,7 @@ - - $(eval $(call SetupJdkLibrary, BUILD_LIBSA, \ - NAME := saproc, \ -- OPTIMIZATION := NONE, \ -+ OPTIMIZATION := LOW, \ - DISABLED_WARNINGS_microsoft := 4267, \ - DISABLED_WARNINGS_gcc := sign-compare, \ - DISABLED_WARNINGS_CXX_solstudio := truncwarn unknownpragma, \ diff --git a/SOURCES/JDK-8210703-RHBZ-1632174-vmStructs-opt-fix.patch b/SOURCES/JDK-8210703-RHBZ-1632174-vmStructs-opt-fix.patch deleted file mode 100644 index 6fc6c07..0000000 --- a/SOURCES/JDK-8210703-RHBZ-1632174-vmStructs-opt-fix.patch +++ /dev/null @@ -1,21 +0,0 @@ -# HG changeset patch -# User sgehwolf -# Date 1536829660 -7200 -# Thu Sep 13 11:07:40 2018 +0200 -# Node ID 39ccca116f79139fc4b779f5df83cb32357b9ae9 -# Parent 7512bd28304cf0dc5676247990f1907162c719ca -8210703: vmStructs.cpp compiled with -O0 -Reviewed-by: duke - -diff --git a/make/hotspot/lib/JvmOverrideFiles.gmk b/make/hotspot/lib/JvmOverrideFiles.gmk ---- a/make/hotspot/lib/JvmOverrideFiles.gmk -+++ b/make/hotspot/lib/JvmOverrideFiles.gmk -@@ -30,7 +30,7 @@ - # status for individual files on specific platforms. - - ifeq ($(TOOLCHAIN_TYPE), gcc) -- BUILD_LIBJVM_vmStructs.cpp_CXXFLAGS := -fno-var-tracking-assignments -O0 -+ BUILD_LIBJVM_vmStructs.cpp_CXXFLAGS := -fno-var-tracking-assignments - BUILD_LIBJVM_jvmciCompilerToVM.cpp_CXXFLAGS := -fno-var-tracking-assignments - BUILD_LIBJVM_jvmciCompilerToVMInit.cpp_CXXFLAGS := -fno-var-tracking-assignments - BUILD_LIBJVM_assembler_x86.cpp_CXXFLAGS := -Wno-maybe-uninitialized diff --git a/SOURCES/JDK-8210761-RHBZ-1632174-libjsig-opt-fix.patch b/SOURCES/JDK-8210761-RHBZ-1632174-libjsig-opt-fix.patch deleted file mode 100644 index b5a88b0..0000000 --- a/SOURCES/JDK-8210761-RHBZ-1632174-libjsig-opt-fix.patch +++ /dev/null @@ -1,20 +0,0 @@ -# HG changeset patch -# User sgehwolf -# Date 1537541916 -7200 -# Fri Sep 21 16:58:36 2018 +0200 -# Node ID cd8483acfe56ade257685d93323f78e6e13704a0 -# Parent e40fa3a70efdbc22f85c0d30350189f632779831 -8210761: libjsig is being compiled without optimization -Reviewed-by: duke - -diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk ---- a/make/lib/Lib-java.base.gmk -+++ b/make/lib/Lib-java.base.gmk -@@ -138,6 +138,7 @@ - - $(eval $(call SetupJdkLibrary, BUILD_LIBJSIG, \ - NAME := jsig, \ -+ OPTIMIZATION := LOW, \ - CFLAGS := $(CFLAGS_JDKLIB) $(LIBJSIG_CFLAGS), \ - LDFLAGS := $(LDFLAGS_JDKLIB) \ - $(call SET_SHARED_LIBRARY_ORIGIN), \ diff --git a/SOURCES/RHBZ-1249083-system-crypto-policy-PR3183.patch b/SOURCES/RHBZ-1249083-system-crypto-policy-PR3183.patch deleted file mode 100644 index 4efbe9a..0000000 --- a/SOURCES/RHBZ-1249083-system-crypto-policy-PR3183.patch +++ /dev/null @@ -1,88 +0,0 @@ - -# HG changeset patch -# User andrew -# Date 1478057514 0 -# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c -# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a -PR3183: Support Fedora/RHEL system crypto policy -diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java ---- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100 -+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000 -@@ -43,6 +43,9 @@ - * implementation-specific location, which is typically the properties file - * {@code conf/security/java.security} in the Java installation directory. - * -+ *

Additional default values of security properties are read from a -+ * system-specific location, if available.

-+ * - * @author Benjamin Renaud - * @since 1.1 - */ -@@ -52,6 +55,10 @@ - private static final Debug sdebug = - Debug.getInstance("properties"); - -+ /* System property file*/ -+ private static final String SYSTEM_PROPERTIES = -+ "/etc/crypto-policies/back-ends/java.config"; -+ - /* The java.security properties */ - private static Properties props; - -@@ -93,6 +100,7 @@ - if (sdebug != null) { - sdebug.println("reading security properties file: " + - propFile); -+ sdebug.println(props.toString()); - } - } catch (IOException e) { - if (sdebug != null) { -@@ -114,6 +122,31 @@ - } - - if ("true".equalsIgnoreCase(props.getProperty -+ ("security.useSystemPropertiesFile"))) { -+ -+ // now load the system file, if it exists, so its values -+ // will win if they conflict with the earlier values -+ try (BufferedInputStream bis = -+ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { -+ props.load(bis); -+ loadedProps = true; -+ -+ if (sdebug != null) { -+ sdebug.println("reading system security properties file " + -+ SYSTEM_PROPERTIES); -+ sdebug.println(props.toString()); -+ } -+ } catch (IOException e) { -+ if (sdebug != null) { -+ sdebug.println -+ ("unable to load security properties from " + -+ SYSTEM_PROPERTIES); -+ e.printStackTrace(); -+ } -+ } -+ } -+ -+ if ("true".equalsIgnoreCase(props.getProperty - ("security.overridePropertiesFile"))) { - - String extraPropFile = System.getProperty -diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security ---- a/src/java.base/share/conf/security/java.security Wed Oct 26 03:51:39 2016 +0100 -+++ b/src/java.base/share/conf/security/java.security Wed Nov 02 03:31:54 2016 +0000 -@@ -276,6 +276,13 @@ - security.overridePropertiesFile=true - - # -+# Determines whether this properties file will be appended to -+# using the system properties file stored at -+# /etc/crypto-policies/back-ends/java.config -+# -+security.useSystemPropertiesFile=true -+ -+# - # Determines the default key and trust manager factory algorithms for - # the javax.net.ssl package. - # diff --git a/SOURCES/RHBZ-1565658-system-nss-SunEC.patch b/SOURCES/RHBZ-1565658-system-nss-SunEC.patch deleted file mode 100644 index 42ce7cd..0000000 --- a/SOURCES/RHBZ-1565658-system-nss-SunEC.patch +++ /dev/null @@ -1,644 +0,0 @@ -diff --git a/make/autoconf/jdk-options.m4 b/make/autoconf/jdk-options.m4 ---- a/make/autoconf/jdk-options.m4 -+++ b/make/autoconf/jdk-options.m4 -@@ -267,9 +267,10 @@ - # - AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC], - [ -+ AC_REQUIRE([LIB_SETUP_MISC_LIBS]) - AC_MSG_CHECKING([if elliptic curve crypto implementation is present]) - -- if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then -+ if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then - ENABLE_INTREE_EC=true - AC_MSG_RESULT([yes]) - else -diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4 ---- a/make/autoconf/libraries.m4 -+++ b/make/autoconf/libraries.m4 -@@ -178,6 +178,48 @@ - AC_SUBST(LIBDL) - LIBS="$save_LIBS" - -+ ############################################################################### -+ # -+ # Check for the NSS libraries -+ # -+ -+ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries]) -+ -+ # default is bundled -+ DEFAULT_SYSTEM_NSS=no -+ -+ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss], -+ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])], -+ [ -+ case "${enableval}" in -+ yes) -+ system_nss=yes -+ ;; -+ *) -+ system_nss=no -+ ;; -+ esac -+ ], -+ [ -+ system_nss=${DEFAULT_SYSTEM_NSS} -+ ]) -+ AC_MSG_RESULT([$system_nss]) -+ -+ if test "x${system_nss}" = "xyes"; then -+ PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no]) -+ PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no]) -+ if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then -+ NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl"; -+ USE_EXTERNAL_NSS=true -+ else -+ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.]) -+ fi -+ else -+ USE_EXTERNAL_NSS=false -+ fi -+ AC_SUBST(USE_EXTERNAL_NSS) -+ -+ - # Deprecated libraries, keep the flags for backwards compatibility - if test "x$OPENJDK_TARGET_OS" = "xwindows"; then - BASIC_DEPRECATED_ARG_WITH([dxsdk]) -diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in ---- a/make/autoconf/spec.gmk.in -+++ b/make/autoconf/spec.gmk.in -@@ -795,6 +795,10 @@ - # Libraries - # - -+USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@ -+NSS_LIBS:=@NSS_LIBS@ -+NSS_CFLAGS:=@NSS_CFLAGS@ -+ - USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@ - LCMS_CFLAGS:=@LCMS_CFLAGS@ - LCMS_LIBS:=@LCMS_LIBS@ -diff --git a/make/lib/Lib-jdk.crypto.ec.gmk b/make/lib/Lib-jdk.crypto.ec.gmk ---- a/make/lib/Lib-jdk.crypto.ec.gmk -+++ b/make/lib/Lib-jdk.crypto.ec.gmk -@@ -38,6 +38,11 @@ - BUILD_LIBSUNEC_CXXFLAGS_JDKLIB := $(CXXFLAGS_JDKLIB) - endif - -+ ifeq ($(USE_EXTERNAL_NSS), true) -+ BUILD_LIBSUNEC_CFLAGS_JDKLIB += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC -+ BUILD_LIBSUNEC_CXXFLAGS_JDKLIB += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC -+ endif -+ - $(eval $(call SetupJdkLibrary, BUILD_LIBSUNEC, \ - NAME := sunec, \ - TOOLCHAIN := TOOLCHAIN_LINK_CXX, \ -@@ -47,9 +52,11 @@ - CXXFLAGS := $(BUILD_LIBSUNEC_CXXFLAGS_JDKLIB), \ - DISABLED_WARNINGS_gcc := sign-compare implicit-fallthrough, \ - DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \ -- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \ -+ LDFLAGS := $(subst -Xlinker --as-needed,, \ -+ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \ - LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \ - LIBS := $(LIBCXX), \ -+ LIBS_linux := -lc $(NSS_LIBS), \ - )) - - TARGETS += $(BUILD_LIBSUNEC) -diff --git a/src/java.base/unix/native/include/jni_md.h b/src/java.base/unix/native/include/jni_md.h ---- a/src/java.base/unix/native/include/jni_md.h -+++ b/src/java.base/unix/native/include/jni_md.h -@@ -41,6 +41,11 @@ - #define JNIEXPORT - #define JNIIMPORT - #endif -+#if (defined(__GNUC__)) || __has_attribute(unused) -+ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__)) -+#else -+ #define UNUSED(x) UNUSED_ ## x -+#endif - - #define JNICALL - -diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java ---- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java -+++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java -@@ -61,6 +61,7 @@ - AccessController.doPrivileged(new PrivilegedAction() { - public Void run() { - System.loadLibrary("sunec"); // check for native library -+ initialize(); - return null; - } - }); -@@ -293,6 +294,11 @@ - "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS)); - } - -+ /** -+ * Initialize the native code. -+ */ -+ private static native void initialize(); -+ - private void putXDHEntries() { - - HashMap ATTRS = new HashMap<>(1); -diff --git a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp ---- a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp -+++ b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp -@@ -25,7 +25,11 @@ - - #include - #include "jni_util.h" -+#ifdef SYSTEM_NSS -+#include "ecc_impl.h" -+#else - #include "impl/ecc_impl.h" -+#endif - #include "sun_security_ec_ECDHKeyAgreement.h" - #include "sun_security_ec_ECKeyPairGenerator.h" - #include "sun_security_ec_ECDSASignature.h" -@@ -33,6 +37,13 @@ - #define INVALID_PARAMETER_EXCEPTION \ - "java/security/InvalidParameterException" - #define KEY_EXCEPTION "java/security/KeyException" -+#define INTERNAL_ERROR "java/lang/InternalError" -+ -+#ifdef SYSTEM_NSS -+#define SYSTEM_UNUSED(x) UNUSED(x) -+#else -+#define SYSTEM_UNUSED(x) x -+#endif - - extern "C" { - -@@ -55,8 +66,13 @@ - /* - * Deep free of the ECParams struct - */ --void FreeECParams(ECParams *ecparams, jboolean freeStruct) -+void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct)) - { -+#ifdef SYSTEM_NSS -+ // Needs to be freed using the matching method to the one -+ // that allocated it. PR_TRUE means the memory is zeroed. -+ PORT_FreeArena(ecparams->arena, PR_TRUE); -+#else - // Use B_FALSE to free the SECItem->data element, but not the SECItem itself - // Use B_TRUE to free both - -@@ -70,6 +86,7 @@ - SECITEM_FreeItem(&ecparams->curveOID, B_FALSE); - if (freeStruct) - free(ecparams); -+#endif - } - - jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem) -@@ -139,7 +156,7 @@ - */ - JNIEXPORT jobjectArray - JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair -- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed) -+ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed) - { - ECPrivateKey *privKey = NULL; // contains both public and private values - ECParams *ecparams = NULL; -@@ -171,8 +188,17 @@ - env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); - - // Generate the new keypair (using the supplied seed) -+#ifdef SYSTEM_NSS -+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) -+ != SECSuccess) { -+ ThrowException(env, KEY_EXCEPTION); -+ goto cleanup; -+ } -+ if (EC_NewKey(ecparams, &privKey) != SECSuccess) { -+#else - if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer, - jSeedLength, 0) != SECSuccess) { -+#endif - ThrowException(env, KEY_EXCEPTION); - goto cleanup; - } -@@ -219,10 +245,15 @@ - } - if (privKey) { - FreeECParams(&privKey->ecParams, false); -+#ifndef SYSTEM_NSS -+ // The entire ECPrivateKey is allocated in the arena -+ // when using system NSS, so only the in-tree version -+ // needs to clear these manually. - SECITEM_FreeItem(&privKey->version, B_FALSE); - SECITEM_FreeItem(&privKey->privateValue, B_FALSE); - SECITEM_FreeItem(&privKey->publicValue, B_FALSE); - free(privKey); -+#endif - } - - if (pSeedBuffer) { -@@ -240,7 +271,7 @@ - */ - JNIEXPORT jbyteArray - JNICALL Java_sun_security_ec_ECDSASignature_signDigest -- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing) -+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing) - { - jbyte* pDigestBuffer = NULL; - jint jDigestLength = env->GetArrayLength(digest); -@@ -299,8 +330,18 @@ - env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); - - // Sign the digest (using the supplied seed) -+#ifdef SYSTEM_NSS -+ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) -+ != SECSuccess) { -+ ThrowException(env, KEY_EXCEPTION); -+ goto cleanup; -+ } -+ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item) -+ != SECSuccess) { -+#else - if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item, - (unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) { -+#endif - ThrowException(env, KEY_EXCEPTION); - goto cleanup; - } -@@ -349,7 +390,7 @@ - */ - JNIEXPORT jboolean - JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest -- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) -+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) - { - jboolean isValid = false; - -@@ -406,9 +447,10 @@ - - cleanup: - { -- if (params_item.data) -+ if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); -+ } - - if (pubKey.publicValue.data) - env->ReleaseByteArrayElements(publicKey, -@@ -434,7 +476,7 @@ - */ - JNIEXPORT jbyteArray - JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey -- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) -+ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) - { - jbyteArray jSecret = NULL; - ECParams *ecparams = NULL; -@@ -510,9 +552,10 @@ - env->ReleaseByteArrayElements(publicKey, - (jbyte *) publicValue_item.data, JNI_ABORT); - -- if (params_item.data) -+ if (params_item.data) { - env->ReleaseByteArrayElements(encodedParams, - (jbyte *) params_item.data, JNI_ABORT); -+ } - - if (ecparams) - FreeECParams(ecparams, true); -@@ -521,4 +564,28 @@ - return jSecret; - } - -+JNIEXPORT void -+JNICALL Java_sun_security_ec_SunEC_initialize -+ (JNIEnv *env, jclass UNUSED(clazz)) -+{ -+#ifdef SYSTEM_NSS -+ if (SECOID_Init() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+ if (RNG_RNGInit() != SECSuccess) { -+ ThrowException(env, INTERNAL_ERROR); -+ } -+#endif -+} -+ -+JNIEXPORT void -+JNICALL JNI_OnUnload -+ (JavaVM *vm, void *reserved) -+{ -+#ifdef SYSTEM_NSS -+ RNG_RNGShutdown(); -+ SECOID_Shutdown(); -+#endif -+} -+ - } /* extern "C" */ -diff --git a/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h -new file mode 100644 ---- /dev/null -+++ b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h -@@ -0,0 +1,298 @@ -+/* -+ * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved. -+ * Use is subject to license terms. -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public License -+ * along with this library; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* ********************************************************************* -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * Dr Vipul Gupta and -+ * Douglas Stebila , Sun Microsystems Laboratories -+ * -+ * Last Modified Date from the Original Code: May 2017 -+ *********************************************************************** */ -+ -+#ifndef _ECC_IMPL_H -+#define _ECC_IMPL_H -+ -+#ifdef __cplusplus -+extern "C" { -+#endif -+ -+#include -+ -+#ifdef SYSTEM_NSS -+#include -+#include -+#include -+#ifdef LEGACY_NSS -+#include -+#else -+#include -+#endif -+#else -+#include "ecl-exp.h" -+#endif -+ -+/* -+ * Multi-platform definitions -+ */ -+#ifdef __linux__ -+#define B_FALSE FALSE -+#define B_TRUE TRUE -+typedef unsigned char uint8_t; -+typedef unsigned long ulong_t; -+typedef enum { B_FALSE, B_TRUE } boolean_t; -+#endif /* __linux__ */ -+ -+#ifdef _ALLBSD_SOURCE -+#include -+#define B_FALSE FALSE -+#define B_TRUE TRUE -+typedef unsigned long ulong_t; -+typedef enum boolean { B_FALSE, B_TRUE } boolean_t; -+#endif /* _ALLBSD_SOURCE */ -+ -+#ifdef AIX -+#define B_FALSE FALSE -+#define B_TRUE TRUE -+typedef unsigned char uint8_t; -+typedef unsigned long ulong_t; -+#endif /* AIX */ -+ -+#ifdef _WIN32 -+typedef unsigned char uint8_t; -+typedef unsigned long ulong_t; -+typedef enum boolean { B_FALSE, B_TRUE } boolean_t; -+#define strdup _strdup /* Replace POSIX name with ISO C++ name */ -+#endif /* _WIN32 */ -+ -+#ifndef _KERNEL -+#include -+#endif /* _KERNEL */ -+ -+#define EC_MAX_DIGEST_LEN 1024 /* max digest that can be signed */ -+#define EC_MAX_POINT_LEN 145 /* max len of DER encoded Q */ -+#define EC_MAX_VALUE_LEN 72 /* max len of ANSI X9.62 private value d */ -+#define EC_MAX_SIG_LEN 144 /* max signature len for supported curves */ -+#define EC_MIN_KEY_LEN 112 /* min key length in bits */ -+#define EC_MAX_KEY_LEN 571 /* max key length in bits */ -+#define EC_MAX_OID_LEN 10 /* max length of OID buffer */ -+ -+/* -+ * Various structures and definitions from NSS are here. -+ */ -+ -+#ifndef SYSTEM_NSS -+#ifdef _KERNEL -+#define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f)) -+#define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f)) -+#define PORT_ArenaGrow(a, b, c, d) NULL -+#define PORT_ZAlloc(n, f) kmem_zalloc((n), (f)) -+#define PORT_Alloc(n, f) kmem_alloc((n), (f)) -+#else -+#define PORT_ArenaAlloc(a, n, f) malloc((n)) -+#define PORT_ArenaZAlloc(a, n, f) calloc(1, (n)) -+#define PORT_ArenaGrow(a, b, c, d) NULL -+#define PORT_ZAlloc(n, f) calloc(1, (n)) -+#define PORT_Alloc(n, f) malloc((n)) -+#endif -+ -+#define PORT_NewArena(b) (char *)12345 -+#define PORT_ArenaMark(a) NULL -+#define PORT_ArenaUnmark(a, b) -+#define PORT_ArenaRelease(a, m) -+#define PORT_FreeArena(a, b) -+#define PORT_Strlen(s) strlen((s)) -+#define PORT_SetError(e) -+ -+#define PRBool boolean_t -+#define PR_TRUE B_TRUE -+#define PR_FALSE B_FALSE -+ -+#ifdef _KERNEL -+#define PORT_Assert ASSERT -+#define PORT_Memcpy(t, f, l) bcopy((f), (t), (l)) -+#else -+#define PORT_Assert assert -+#define PORT_Memcpy(t, f, l) memcpy((t), (f), (l)) -+#endif -+ -+#endif -+ -+#define CHECK_OK(func) if (func == NULL) goto cleanup -+#define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup -+ -+#ifndef SYSTEM_NSS -+typedef enum { -+ siBuffer = 0, -+ siClearDataBuffer = 1, -+ siCipherDataBuffer = 2, -+ siDERCertBuffer = 3, -+ siEncodedCertBuffer = 4, -+ siDERNameBuffer = 5, -+ siEncodedNameBuffer = 6, -+ siAsciiNameString = 7, -+ siAsciiString = 8, -+ siDEROID = 9, -+ siUnsignedInteger = 10, -+ siUTCTime = 11, -+ siGeneralizedTime = 12 -+} SECItemType; -+ -+typedef struct SECItemStr SECItem; -+ -+struct SECItemStr { -+ SECItemType type; -+ unsigned char *data; -+ unsigned int len; -+}; -+ -+typedef SECItem SECKEYECParams; -+ -+typedef enum { ec_params_explicit, -+ ec_params_named -+} ECParamsType; -+ -+typedef enum { ec_field_GFp = 1, -+ ec_field_GF2m -+} ECFieldType; -+ -+struct ECFieldIDStr { -+ int size; /* field size in bits */ -+ ECFieldType type; -+ union { -+ SECItem prime; /* prime p for (GFp) */ -+ SECItem poly; /* irreducible binary polynomial for (GF2m) */ -+ } u; -+ int k1; /* first coefficient of pentanomial or -+ * the only coefficient of trinomial -+ */ -+ int k2; /* two remaining coefficients of pentanomial */ -+ int k3; -+}; -+typedef struct ECFieldIDStr ECFieldID; -+ -+struct ECCurveStr { -+ SECItem a; /* contains octet stream encoding of -+ * field element (X9.62 section 4.3.3) -+ */ -+ SECItem b; -+ SECItem seed; -+}; -+typedef struct ECCurveStr ECCurve; -+ -+typedef void PRArenaPool; -+ -+struct ECParamsStr { -+ PRArenaPool * arena; -+ ECParamsType type; -+ ECFieldID fieldID; -+ ECCurve curve; -+ SECItem base; -+ SECItem order; -+ int cofactor; -+ SECItem DEREncoding; -+ ECCurveName name; -+ SECItem curveOID; -+}; -+typedef struct ECParamsStr ECParams; -+ -+struct ECPublicKeyStr { -+ ECParams ecParams; -+ SECItem publicValue; /* elliptic curve point encoded as -+ * octet stream. -+ */ -+}; -+typedef struct ECPublicKeyStr ECPublicKey; -+ -+struct ECPrivateKeyStr { -+ ECParams ecParams; -+ SECItem publicValue; /* encoded ec point */ -+ SECItem privateValue; /* private big integer */ -+ SECItem version; /* As per SEC 1, Appendix C, Section C.4 */ -+}; -+typedef struct ECPrivateKeyStr ECPrivateKey; -+ -+typedef enum _SECStatus { -+ SECBufferTooSmall = -3, -+ SECWouldBlock = -2, -+ SECFailure = -1, -+ SECSuccess = 0 -+} SECStatus; -+#endif -+ -+#ifdef _KERNEL -+#define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l)) -+#else -+/* -+ This function is no longer required because the random bytes are now -+ supplied by the caller. Force a failure. -+*/ -+#ifndef SYSTEM_NSS -+#define RNG_GenerateGlobalRandomBytes(p,l) SECFailure -+#endif -+#endif -+#define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup -+#define MP_TO_SEC_ERROR(err) -+ -+#define SECITEM_TO_MPINT(it, mp) \ -+ CHECK_MPI_OK(mp_read_unsigned_octets((mp), (it).data, (it).len)) -+ -+extern int ecc_knzero_random_generator(uint8_t *, size_t); -+extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t); -+ -+#ifdef SYSTEM_NSS -+#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) -+#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) -+#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) -+#else -+extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int); -+ -+extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int); -+extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *, -+ int); -+extern void SECITEM_FreeItem(SECItem *, boolean_t); -+ -+/* This function has been modified to accept an array of random bytes */ -+extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey, -+ const unsigned char* random, int randomlen, int); -+/* This function has been modified to accept an array of random bytes */ -+extern SECStatus ECDSA_SignDigest(ECPrivateKey *, SECItem *, const SECItem *, -+ const unsigned char* random, int randomlen, int, int timing); -+extern SECStatus ECDSA_VerifyDigest(ECPublicKey *, const SECItem *, -+ const SECItem *, int); -+extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t, -+ SECItem *, int); -+#endif -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* _ECC_IMPL_H */ diff --git a/SOURCES/RHBZ-1628612-JDK-8210461-workaround-disable-aarch64-intrinsic.patch b/SOURCES/RHBZ-1628612-JDK-8210461-workaround-disable-aarch64-intrinsic.patch deleted file mode 100644 index 7edc7a1..0000000 --- a/SOURCES/RHBZ-1628612-JDK-8210461-workaround-disable-aarch64-intrinsic.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -r 1ddf9a99e4ad src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp ---- a/src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp Wed Aug 22 21:50:12 2018 +0200 -+++ b/src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp Thu Sep 13 13:51:53 2018 +0100 -@@ -5745,11 +5745,13 @@ - } - - if (vmIntrinsics::is_intrinsic_available(vmIntrinsics::_dsin)) { -- StubRoutines::_dsin = generate_dsin_dcos(/* isCos = */ false); -+ // disabled pending fix and retest of generated code -+ // StubRoutines::_dsin = generate_dsin_dcos(/* isCos = */ false); - } - - if (vmIntrinsics::is_intrinsic_available(vmIntrinsics::_dcos)) { -- StubRoutines::_dcos = generate_dsin_dcos(/* isCos = */ true); -+ // disabled pending fix and retest of generated code -+ // StubRoutines::_dcos = generate_dsin_dcos(/* isCos = */ true); - } - } diff --git a/SOURCES/RHBZ-1630996-JDK-8210858-workaround-disable-aarch64-intrinsic-log.patch b/SOURCES/RHBZ-1630996-JDK-8210858-workaround-disable-aarch64-intrinsic-log.patch deleted file mode 100644 index 7f3c8af..0000000 --- a/SOURCES/RHBZ-1630996-JDK-8210858-workaround-disable-aarch64-intrinsic-log.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp b/src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp ---- a/src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp -+++ b/src/hotspot/cpu/aarch64/stubGenerator_aarch64.cpp -@@ -5741,7 +5741,8 @@ - } - - if (vmIntrinsics::is_intrinsic_available(vmIntrinsics::_dlog)) { -- StubRoutines::_dlog = generate_dlog(); -+ // disabled pending fix and retest of generated code -+ // StubRoutines::_dlog = generate_dlog(); - } - - if (vmIntrinsics::is_intrinsic_available(vmIntrinsics::_dsin)) { diff --git a/SOURCES/accessible-toolkit.patch b/SOURCES/accessible-toolkit.patch deleted file mode 100644 index a877506..0000000 --- a/SOURCES/accessible-toolkit.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java ---- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java -+++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java -@@ -883,9 +883,13 @@ - return null; - } - }); - if (!GraphicsEnvironment.isHeadless()) { -- loadAssistiveTechnologies(); -+ try { -+ loadAssistiveTechnologies(); -+ } catch (AWTError error) { -+ // ignore silently -+ } - } - } - return toolkit; - } diff --git a/SOURCES/enableCommentedOutSystemNss.patch b/SOURCES/enableCommentedOutSystemNss.patch deleted file mode 100644 index 1b92ddc..0000000 --- a/SOURCES/enableCommentedOutSystemNss.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -r 5b86f66575b7 src/share/lib/security/java.security-linux ---- openjdk/src/java.base/share/conf/security/java.security Tue May 16 13:29:05 2017 -0700 -+++ openjdk/src/java.base/share/conf/security/java.security Tue Jun 06 14:05:12 2017 +0200 -@@ -83,6 +83,7 @@ - #ifndef solaris - security.provider.tbd=SunPKCS11 - #endif -+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg - - # - # A list of preferred providers for specific algorithms. These providers will diff --git a/SOURCES/java-atk-wrapper-security.patch b/SOURCES/java-atk-wrapper-security.patch deleted file mode 100644 index 53026ad..0000000 --- a/SOURCES/java-atk-wrapper-security.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openjdk/src/java.base/share/conf/security/java.security -+++ openjdk/src/java.base/share/conf/security/java.security -@@ -304,6 +304,8 @@ - # - package.access=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # List of comma-separated packages that start with or equal this string -@@ -316,6 +318,8 @@ - # - package.definition=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # Determines whether this properties file can be appended to diff --git a/SOURCES/jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch b/SOURCES/jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch new file mode 100644 index 0000000..16eb4da --- /dev/null +++ b/SOURCES/jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch @@ -0,0 +1,84 @@ +# HG changeset patch +# User sgehwolf +# Date 1536142767 -7200 +# Wed Sep 05 12:19:27 2018 +0200 +# Node ID 7ea57274e55054579d1532e757edb21e67beed83 +# Parent 3ee91722550680c18b977f0e00b1013323b5c9ef +8210416: [linux] Poor StrictMath performance due to non-optimized compilation +Summary: Compile fdlibm with -O2 -ffp-contract=off on gcc/clang arches. +Reviewed-by: aph, erikj, dholmes, darcy + +diff --git a/make/autoconf/flags-cflags.m4 b/make/autoconf/flags-cflags.m4 +--- a/make/autoconf/flags-cflags.m4 ++++ b/make/autoconf/flags-cflags.m4 +@@ -366,6 +366,18 @@ + + FLAGS_SETUP_CFLAGS_CPU_DEP([BUILD], [OPENJDK_BUILD_]) + ++ COMPILER_FP_CONTRACT_OFF_FLAG="-ffp-contract=off" ++ # Check that the compiler supports -ffp-contract=off flag ++ # Set FDLIBM_CFLAGS to -ffp-contract=off if it does. Empty ++ # otherwise. ++ # These flags are required for GCC-based builds of ++ # fdlibm with optimization without losing precision. ++ # Notably, -ffp-contract=off needs to be added for GCC >= 4.6. ++ FLAGS_COMPILER_CHECK_ARGUMENTS(ARGUMENT: [${COMPILER_FP_CONTRACT_OFF_FLAG}], ++ IF_TRUE: [FDLIBM_CFLAGS=${COMPILER_FP_CONTRACT_OFF_FLAG}], ++ IF_FALSE: [FDLIBM_CFLAGS=""]) ++ AC_SUBST(FDLIBM_CFLAGS) ++ + # Tests are only ever compiled for TARGET + CFLAGS_TESTLIB="$CFLAGS_JDKLIB" + CXXFLAGS_TESTLIB="$CXXFLAGS_JDKLIB" +diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in +--- a/make/autoconf/spec.gmk.in ++++ b/make/autoconf/spec.gmk.in +@@ -444,6 +444,7 @@ + LIBJSIG_HASHSTYLE_LDFLAGS := @LIBJSIG_HASHSTYLE_LDFLAGS@ + LIBJSIG_NOEXECSTACK_LDFLAGS := @LIBJSIG_NOEXECSTACK_LDFLAGS@ + ++FDLIBM_CFLAGS := @FDLIBM_CFLAGS@ + JVM_CFLAGS := @JVM_CFLAGS@ + JVM_LDFLAGS := @JVM_LDFLAGS@ + JVM_ASFLAGS := @JVM_ASFLAGS@ +diff --git a/make/lib/CoreLibraries.gmk b/make/lib/CoreLibraries.gmk +--- a/make/lib/CoreLibraries.gmk ++++ b/make/lib/CoreLibraries.gmk +@@ -39,20 +39,15 @@ + BUILD_LIBFDLIBM_OPTIMIZATION := HIGH + endif + +-ifeq ($(OPENJDK_TARGET_OS), linux) +- ifeq ($(OPENJDK_TARGET_CPU), ppc64) +- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH +- else ifeq ($(OPENJDK_TARGET_CPU), ppc64le) +- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH +- else ifeq ($(OPENJDK_TARGET_CPU), s390x) +- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH +- else ifeq ($(OPENJDK_TARGET_CPU), aarch64) +- BUILD_LIBFDLIBM_OPTIMIZATION := HIGH +- endif ++# If FDLIBM_CFLAGS is non-empty we know that we can optimize ++# fdlibm by adding those extra C flags. Currently GCC, ++# and clang only. ++ifneq ($(FDLIBM_CFLAGS), ) ++ BUILD_LIBFDLIBM_OPTIMIZATION := LOW + endif + + LIBFDLIBM_SRC := $(TOPDIR)/src/java.base/share/native/libfdlibm +-LIBFDLIBM_CFLAGS := -I$(LIBFDLIBM_SRC) ++LIBFDLIBM_CFLAGS := -I$(LIBFDLIBM_SRC) $(FDLIBM_CFLAGS) + + ifneq ($(OPENJDK_TARGET_OS), macosx) + $(eval $(call SetupNativeCompilation, BUILD_LIBFDLIBM, \ +@@ -64,10 +59,6 @@ + CFLAGS := $(CFLAGS_JDKLIB) $(LIBFDLIBM_CFLAGS), \ + CFLAGS_windows_debug := -DLOGGING, \ + CFLAGS_aix := -qfloat=nomaf, \ +- CFLAGS_linux_ppc64 := -ffp-contract=off, \ +- CFLAGS_linux_ppc64le := -ffp-contract=off, \ +- CFLAGS_linux_s390x := -ffp-contract=off, \ +- CFLAGS_linux_aarch64 := -ffp-contract=off, \ + DISABLED_WARNINGS_gcc := sign-compare misleading-indentation array-bounds, \ + DISABLED_WARNINGS_microsoft := 4146 4244 4018, \ + ARFLAGS := $(ARFLAGS), \ diff --git a/SOURCES/jdk8210425-rh1632174-sharedRuntimeTrig_sharedRuntimeTrans_compiled_without_optimization.patch b/SOURCES/jdk8210425-rh1632174-sharedRuntimeTrig_sharedRuntimeTrans_compiled_without_optimization.patch new file mode 100644 index 0000000..843ae3c --- /dev/null +++ b/SOURCES/jdk8210425-rh1632174-sharedRuntimeTrig_sharedRuntimeTrans_compiled_without_optimization.patch @@ -0,0 +1,48 @@ +# HG changeset patch +# User sgehwolf +# Date 1536682731 -7200 +# Tue Sep 11 18:18:51 2018 +0200 +# Node ID 7157249fdd4366d95dd68f3d083ebb0ef84c753b +# Parent 8d86b149e10f0a0896e5fd4d8d407e5fda64a529 +8210425: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization +Reviewed-by: duke + +diff --git a/make/hotspot/lib/JvmOverrideFiles.gmk b/make/hotspot/lib/JvmOverrideFiles.gmk +--- a/make/hotspot/lib/JvmOverrideFiles.gmk ++++ b/make/hotspot/lib/JvmOverrideFiles.gmk +@@ -43,20 +43,26 @@ ifeq ($(TOOLCHAIN_TYPE), gcc) + endif + endif + ++LIBJVM_FDLIBM_COPY_OPT_FLAG := $(CXX_O_FLAG_NONE) ++# If the FDLIBM_CFLAGS variable is non-empty we know ++# that the fdlibm-fork in hotspot can get optimized ++# by using -ffp-contract=off on GCC/Clang platforms. ++ifneq ($(FDLIBM_CFLAGS), ) ++ LIBJVM_FDLIBM_COPY_OPT_FLAG := $(CXX_O_FLAG_NORM) ++endif ++ + ifeq ($(OPENJDK_TARGET_OS), linux) + BUILD_LIBJVM_ostream.cpp_CXXFLAGS := -D_FILE_OFFSET_BITS=64 + BUILD_LIBJVM_logFileOutput.cpp_CXXFLAGS := -D_FILE_OFFSET_BITS=64 + +- ifeq ($(OPENJDK_TARGET_CPU_ARCH), x86) +- BUILD_LIBJVM_sharedRuntimeTrig.cpp_CXXFLAGS := -DNO_PCH $(CXX_O_FLAG_NONE) +- BUILD_LIBJVM_sharedRuntimeTrans.cpp_CXXFLAGS := -DNO_PCH $(CXX_O_FLAG_NONE) ++ BUILD_LIBJVM_sharedRuntimeTrig.cpp_CXXFLAGS := -DNO_PCH $(FDLIBM_CFLAGS) $(LIBJVM_FDLIBM_COPY_OPT_FLAG) ++ BUILD_LIBJVM_sharedRuntimeTrans.cpp_CXXFLAGS := -DNO_PCH $(FDLIBM_CFLAGS) $(LIBJVM_FDLIBM_COPY_OPT_FLAG) + +- ifeq ($(TOOLCHAIN_TYPE), clang) +- JVM_PRECOMPILED_HEADER_EXCLUDE := \ +- sharedRuntimeTrig.cpp \ +- sharedRuntimeTrans.cpp \ +- # +- endif ++ ifeq ($(TOOLCHAIN_TYPE), clang) ++ JVM_PRECOMPILED_HEADER_EXCLUDE := \ ++ sharedRuntimeTrig.cpp \ ++ sharedRuntimeTrans.cpp \ ++ # + endif + + ifeq ($(OPENJDK_TARGET_CPU), x86) diff --git a/SOURCES/jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch b/SOURCES/jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch new file mode 100644 index 0000000..a279f8a --- /dev/null +++ b/SOURCES/jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch @@ -0,0 +1,21 @@ +# HG changeset patch +# User sgehwolf +# Date 1536751862 -7200 +# Wed Sep 12 13:31:02 2018 +0200 +# Node ID f95c6746fe256fe0456e0ea0d2930631ef840286 +# Parent 7157249fdd4366d95dd68f3d083ebb0ef84c753b +8210647: libsaproc is being compiled without optimization +Reviewed-by: duke + +diff --git a/make/lib/Lib-jdk.hotspot.agent.gmk b/make/lib/Lib-jdk.hotspot.agent.gmk +--- a/make/lib/Lib-jdk.hotspot.agent.gmk ++++ b/make/lib/Lib-jdk.hotspot.agent.gmk +@@ -52,7 +52,7 @@ + + $(eval $(call SetupJdkLibrary, BUILD_LIBSA, \ + NAME := saproc, \ +- OPTIMIZATION := NONE, \ ++ OPTIMIZATION := LOW, \ + DISABLED_WARNINGS_microsoft := 4267, \ + DISABLED_WARNINGS_gcc := sign-compare, \ + DISABLED_WARNINGS_CXX_solstudio := truncwarn unknownpragma, \ diff --git a/SOURCES/jdk8210703-rh1632174-vmStructs_cpp_no_longer_compiled_with_o0 b/SOURCES/jdk8210703-rh1632174-vmStructs_cpp_no_longer_compiled_with_o0 new file mode 100644 index 0000000..6fc6c07 --- /dev/null +++ b/SOURCES/jdk8210703-rh1632174-vmStructs_cpp_no_longer_compiled_with_o0 @@ -0,0 +1,21 @@ +# HG changeset patch +# User sgehwolf +# Date 1536829660 -7200 +# Thu Sep 13 11:07:40 2018 +0200 +# Node ID 39ccca116f79139fc4b779f5df83cb32357b9ae9 +# Parent 7512bd28304cf0dc5676247990f1907162c719ca +8210703: vmStructs.cpp compiled with -O0 +Reviewed-by: duke + +diff --git a/make/hotspot/lib/JvmOverrideFiles.gmk b/make/hotspot/lib/JvmOverrideFiles.gmk +--- a/make/hotspot/lib/JvmOverrideFiles.gmk ++++ b/make/hotspot/lib/JvmOverrideFiles.gmk +@@ -30,7 +30,7 @@ + # status for individual files on specific platforms. + + ifeq ($(TOOLCHAIN_TYPE), gcc) +- BUILD_LIBJVM_vmStructs.cpp_CXXFLAGS := -fno-var-tracking-assignments -O0 ++ BUILD_LIBJVM_vmStructs.cpp_CXXFLAGS := -fno-var-tracking-assignments + BUILD_LIBJVM_jvmciCompilerToVM.cpp_CXXFLAGS := -fno-var-tracking-assignments + BUILD_LIBJVM_jvmciCompilerToVMInit.cpp_CXXFLAGS := -fno-var-tracking-assignments + BUILD_LIBJVM_assembler_x86.cpp_CXXFLAGS := -Wno-maybe-uninitialized diff --git a/SOURCES/jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch b/SOURCES/jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch new file mode 100644 index 0000000..b5a88b0 --- /dev/null +++ b/SOURCES/jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch @@ -0,0 +1,20 @@ +# HG changeset patch +# User sgehwolf +# Date 1537541916 -7200 +# Fri Sep 21 16:58:36 2018 +0200 +# Node ID cd8483acfe56ade257685d93323f78e6e13704a0 +# Parent e40fa3a70efdbc22f85c0d30350189f632779831 +8210761: libjsig is being compiled without optimization +Reviewed-by: duke + +diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk +--- a/make/lib/Lib-java.base.gmk ++++ b/make/lib/Lib-java.base.gmk +@@ -138,6 +138,7 @@ + + $(eval $(call SetupJdkLibrary, BUILD_LIBJSIG, \ + NAME := jsig, \ ++ OPTIMIZATION := LOW, \ + CFLAGS := $(CFLAGS_JDKLIB) $(LIBJSIG_CFLAGS), \ + LDFLAGS := $(LDFLAGS_JDKLIB) \ + $(call SET_SHARED_LIBRARY_ORIGIN), \ diff --git a/SOURCES/libjpeg-turbo-1.4-compat.patch b/SOURCES/libjpeg-turbo-1.4-compat.patch deleted file mode 100644 index 1b706a1..0000000 --- a/SOURCES/libjpeg-turbo-1.4-compat.patch +++ /dev/null @@ -1,19 +0,0 @@ -Remove uses of FAR in jpeg code - -Upstream libjpeg-trubo removed the (empty) FAR macro: -http://sourceforge.net/p/libjpeg-turbo/code/1312/ - -Adjust our code to not use the undefined FAR macro anymore. - -diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c ---- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c -+++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c -@@ -1385,7 +1385,7 @@ - /* and fill it in */ - dst_ptr = icc_data; - for (seq_no = first; seq_no < last; seq_no++) { -- JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN; -+ JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN; - unsigned int length = - icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN; - diff --git a/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch b/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch new file mode 100644 index 0000000..999d74e --- /dev/null +++ b/SOURCES/pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch @@ -0,0 +1,434 @@ +diff --git a/make/autoconf/jdk-options.m4 b/make/autoconf/jdk-options.m4 +--- a/make/autoconf/jdk-options.m4 ++++ b/make/autoconf/jdk-options.m4 +@@ -267,9 +267,10 @@ + # + AC_DEFUN_ONCE([JDKOPT_DETECT_INTREE_EC], + [ ++ AC_REQUIRE([LIB_SETUP_MISC_LIBS]) + AC_MSG_CHECKING([if elliptic curve crypto implementation is present]) + +- if test -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then ++ if test "x${system_nss}" = "xyes" -o -d "${TOPDIR}/src/jdk.crypto.ec/share/native/libsunec/impl"; then + ENABLE_INTREE_EC=true + AC_MSG_RESULT([yes]) + else +diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4 +--- a/make/autoconf/libraries.m4 ++++ b/make/autoconf/libraries.m4 +@@ -178,6 +178,48 @@ + AC_SUBST(LIBDL) + LIBS="$save_LIBS" + ++ ############################################################################### ++ # ++ # Check for the NSS libraries ++ # ++ ++ AC_MSG_CHECKING([whether to build the Sun EC provider against the system NSS libraries]) ++ ++ # default is bundled ++ DEFAULT_SYSTEM_NSS=no ++ ++ AC_ARG_ENABLE([system-nss], [AS_HELP_STRING([--enable-system-nss], ++ [build the SunEC provider using the system NSS libraries @<:@disabled@:>@])], ++ [ ++ case "${enableval}" in ++ yes) ++ system_nss=yes ++ ;; ++ *) ++ system_nss=no ++ ;; ++ esac ++ ], ++ [ ++ system_nss=${DEFAULT_SYSTEM_NSS} ++ ]) ++ AC_MSG_RESULT([$system_nss]) ++ ++ if test "x${system_nss}" = "xyes"; then ++ PKG_CHECK_MODULES(NSS_SOFTTKN, nss-softokn >= 3.16.1, [NSS_SOFTOKN_FOUND=yes], [NSS_SOFTOKN_FOUND=no]) ++ PKG_CHECK_MODULES(NSS, nss >= 3.16.1, [NSS_FOUND=yes], [NSS_FOUND=no]) ++ if test "x${NSS_SOFTOKN_FOUND}" = "xyes" -a "x${NSS_FOUND}" = "xyes"; then ++ NSS_LIBS="$NSS_SOFTOKN_LIBS $NSS_LIBS -lfreebl"; ++ USE_EXTERNAL_NSS=true ++ else ++ AC_MSG_ERROR([--enable-system-nss specified, but NSS not found.]) ++ fi ++ else ++ USE_EXTERNAL_NSS=false ++ fi ++ AC_SUBST(USE_EXTERNAL_NSS) ++ ++ + # Deprecated libraries, keep the flags for backwards compatibility + if test "x$OPENJDK_TARGET_OS" = "xwindows"; then + BASIC_DEPRECATED_ARG_WITH([dxsdk]) +diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in +--- a/make/autoconf/spec.gmk.in ++++ b/make/autoconf/spec.gmk.in +@@ -795,6 +795,10 @@ + # Libraries + # + ++USE_EXTERNAL_NSS:=@USE_EXTERNAL_NSS@ ++NSS_LIBS:=@NSS_LIBS@ ++NSS_CFLAGS:=@NSS_CFLAGS@ ++ + USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@ + LCMS_CFLAGS:=@LCMS_CFLAGS@ + LCMS_LIBS:=@LCMS_LIBS@ +diff --git a/make/lib/Lib-jdk.crypto.ec.gmk b/make/lib/Lib-jdk.crypto.ec.gmk +--- a/make/lib/Lib-jdk.crypto.ec.gmk ++++ b/make/lib/Lib-jdk.crypto.ec.gmk +@@ -38,6 +38,11 @@ + BUILD_LIBSUNEC_CXXFLAGS_JDKLIB := $(CXXFLAGS_JDKLIB) + endif + ++ ifeq ($(USE_EXTERNAL_NSS), true) ++ BUILD_LIBSUNEC_CFLAGS_JDKLIB += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC ++ BUILD_LIBSUNEC_CXXFLAGS_JDKLIB += $(NSS_CFLAGS) -DSYSTEM_NSS -DNSS_ENABLE_ECC ++ endif ++ + $(eval $(call SetupJdkLibrary, BUILD_LIBSUNEC, \ + NAME := sunec, \ + TOOLCHAIN := TOOLCHAIN_LINK_CXX, \ +@@ -47,9 +52,11 @@ + CXXFLAGS := $(BUILD_LIBSUNEC_CXXFLAGS_JDKLIB), \ + DISABLED_WARNINGS_gcc := sign-compare implicit-fallthrough, \ + DISABLED_WARNINGS_microsoft := 4101 4244 4146 4018, \ +- LDFLAGS := $(LDFLAGS_JDKLIB) $(LDFLAGS_CXX_JDK), \ ++ LDFLAGS := $(subst -Xlinker --as-needed,, \ ++ $(subst -Wl$(COMMA)--as-needed,, $(LDFLAGS_JDKLIB))) $(LDFLAGS_CXX_JDK), \ + LDFLAGS_macosx := $(call SET_SHARED_LIBRARY_ORIGIN), \ + LIBS := $(LIBCXX), \ ++ LIBS_linux := -lc $(NSS_LIBS), \ + )) + + TARGETS += $(BUILD_LIBSUNEC) +diff --git a/src/java.base/unix/native/include/jni_md.h b/src/java.base/unix/native/include/jni_md.h +--- a/src/java.base/unix/native/include/jni_md.h ++++ b/src/java.base/unix/native/include/jni_md.h +@@ -41,6 +41,11 @@ + #define JNIEXPORT + #define JNIIMPORT + #endif ++#if (defined(__GNUC__)) || __has_attribute(unused) ++ #define UNUSED(x) UNUSED_ ## x __attribute__((__unused__)) ++#else ++ #define UNUSED(x) UNUSED_ ## x ++#endif + + #define JNICALL + +diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java +--- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java ++++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java +@@ -61,6 +61,7 @@ + AccessController.doPrivileged(new PrivilegedAction() { + public Void run() { + System.loadLibrary("sunec"); // check for native library ++ initialize(); + return null; + } + }); +@@ -293,6 +294,11 @@ + "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS)); + } + ++ /** ++ * Initialize the native code. ++ */ ++ private static native void initialize(); ++ + private void putXDHEntries() { + + HashMap ATTRS = new HashMap<>(1); +diff --git a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp +--- a/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp ++++ b/src/jdk.crypto.ec/share/native/libsunec/ECC_JNI.cpp +@@ -25,7 +25,11 @@ + + #include + #include "jni_util.h" ++#ifdef SYSTEM_NSS ++#include "ecc_impl.h" ++#else + #include "impl/ecc_impl.h" ++#endif + #include "sun_security_ec_ECDHKeyAgreement.h" + #include "sun_security_ec_ECKeyPairGenerator.h" + #include "sun_security_ec_ECDSASignature.h" +@@ -33,6 +37,13 @@ + #define INVALID_PARAMETER_EXCEPTION \ + "java/security/InvalidParameterException" + #define KEY_EXCEPTION "java/security/KeyException" ++#define INTERNAL_ERROR "java/lang/InternalError" ++ ++#ifdef SYSTEM_NSS ++#define SYSTEM_UNUSED(x) UNUSED(x) ++#else ++#define SYSTEM_UNUSED(x) x ++#endif + + extern "C" { + +@@ -55,8 +66,13 @@ + /* + * Deep free of the ECParams struct + */ +-void FreeECParams(ECParams *ecparams, jboolean freeStruct) ++void FreeECParams(ECParams *ecparams, jboolean SYSTEM_UNUSED(freeStruct)) + { ++#ifdef SYSTEM_NSS ++ // Needs to be freed using the matching method to the one ++ // that allocated it. PR_TRUE means the memory is zeroed. ++ PORT_FreeArena(ecparams->arena, PR_TRUE); ++#else + // Use B_FALSE to free the SECItem->data element, but not the SECItem itself + // Use B_TRUE to free both + +@@ -70,6 +86,7 @@ + SECITEM_FreeItem(&ecparams->curveOID, B_FALSE); + if (freeStruct) + free(ecparams); ++#endif + } + + jbyteArray getEncodedBytes(JNIEnv *env, SECItem *hSECItem) +@@ -139,7 +156,7 @@ + */ + JNIEXPORT jobjectArray + JNICALL Java_sun_security_ec_ECKeyPairGenerator_generateECKeyPair +- (JNIEnv *env, jclass clazz, jint keySize, jbyteArray encodedParams, jbyteArray seed) ++ (JNIEnv *env, jclass UNUSED(clazz), jint UNUSED(keySize), jbyteArray encodedParams, jbyteArray seed) + { + ECPrivateKey *privKey = NULL; // contains both public and private values + ECParams *ecparams = NULL; +@@ -171,8 +188,17 @@ + env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); + + // Generate the new keypair (using the supplied seed) ++#ifdef SYSTEM_NSS ++ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) ++ != SECSuccess) { ++ ThrowException(env, KEY_EXCEPTION); ++ goto cleanup; ++ } ++ if (EC_NewKey(ecparams, &privKey) != SECSuccess) { ++#else + if (EC_NewKey(ecparams, &privKey, (unsigned char *) pSeedBuffer, + jSeedLength, 0) != SECSuccess) { ++#endif + ThrowException(env, KEY_EXCEPTION); + goto cleanup; + } +@@ -219,10 +245,15 @@ + } + if (privKey) { + FreeECParams(&privKey->ecParams, false); ++#ifndef SYSTEM_NSS ++ // The entire ECPrivateKey is allocated in the arena ++ // when using system NSS, so only the in-tree version ++ // needs to clear these manually. + SECITEM_FreeItem(&privKey->version, B_FALSE); + SECITEM_FreeItem(&privKey->privateValue, B_FALSE); + SECITEM_FreeItem(&privKey->publicValue, B_FALSE); + free(privKey); ++#endif + } + + if (pSeedBuffer) { +@@ -240,7 +271,7 @@ + */ + JNIEXPORT jbyteArray + JNICALL Java_sun_security_ec_ECDSASignature_signDigest +- (JNIEnv *env, jclass clazz, jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing) ++ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray digest, jbyteArray privateKey, jbyteArray encodedParams, jbyteArray seed, jint timing) + { + jbyte* pDigestBuffer = NULL; + jint jDigestLength = env->GetArrayLength(digest); +@@ -299,8 +330,18 @@ + env->GetByteArrayRegion(seed, 0, jSeedLength, pSeedBuffer); + + // Sign the digest (using the supplied seed) ++#ifdef SYSTEM_NSS ++ if (RNG_RandomUpdate((unsigned char *) pSeedBuffer, jSeedLength) ++ != SECSuccess) { ++ ThrowException(env, KEY_EXCEPTION); ++ goto cleanup; ++ } ++ if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item) ++ != SECSuccess) { ++#else + if (ECDSA_SignDigest(&privKey, &signature_item, &digest_item, + (unsigned char *) pSeedBuffer, jSeedLength, 0, timing) != SECSuccess) { ++#endif + ThrowException(env, KEY_EXCEPTION); + goto cleanup; + } +@@ -349,7 +390,7 @@ + */ + JNIEXPORT jboolean + JNICALL Java_sun_security_ec_ECDSASignature_verifySignedDigest +- (JNIEnv *env, jclass clazz, jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) ++ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray signedDigest, jbyteArray digest, jbyteArray publicKey, jbyteArray encodedParams) + { + jboolean isValid = false; + +@@ -406,9 +447,10 @@ + + cleanup: + { +- if (params_item.data) ++ if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); ++ } + + if (pubKey.publicValue.data) + env->ReleaseByteArrayElements(publicKey, +@@ -434,7 +476,7 @@ + */ + JNIEXPORT jbyteArray + JNICALL Java_sun_security_ec_ECDHKeyAgreement_deriveKey +- (JNIEnv *env, jclass clazz, jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) ++ (JNIEnv *env, jclass UNUSED(clazz), jbyteArray privateKey, jbyteArray publicKey, jbyteArray encodedParams) + { + jbyteArray jSecret = NULL; + ECParams *ecparams = NULL; +@@ -510,9 +552,10 @@ + env->ReleaseByteArrayElements(publicKey, + (jbyte *) publicValue_item.data, JNI_ABORT); + +- if (params_item.data) ++ if (params_item.data) { + env->ReleaseByteArrayElements(encodedParams, + (jbyte *) params_item.data, JNI_ABORT); ++ } + + if (ecparams) + FreeECParams(ecparams, true); +@@ -521,4 +564,28 @@ + return jSecret; + } + ++JNIEXPORT void ++JNICALL Java_sun_security_ec_SunEC_initialize ++ (JNIEnv *env, jclass UNUSED(clazz)) ++{ ++#ifdef SYSTEM_NSS ++ if (SECOID_Init() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++ if (RNG_RNGInit() != SECSuccess) { ++ ThrowException(env, INTERNAL_ERROR); ++ } ++#endif ++} ++ ++JNIEXPORT void ++JNICALL JNI_OnUnload ++ (JavaVM *vm, void *reserved) ++{ ++#ifdef SYSTEM_NSS ++ RNG_RNGShutdown(); ++ SECOID_Shutdown(); ++#endif ++} ++ + } /* extern "C" */ +--- a/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h 2019-01-11 00:01:25.000000000 -0500 ++++ b/src/jdk.crypto.ec/share/native/libsunec/ecc_impl.h 2019-01-14 03:52:54.145695946 -0500 +@@ -45,7 +45,19 @@ + #endif + + #include ++ ++#ifdef SYSTEM_NSS ++#include ++#include ++#include ++#ifdef LEGACY_NSS ++#include ++#else ++#include ++#endif ++#else + #include "ecl-exp.h" ++#endif + + /* + * Multi-platform definitions +@@ -96,6 +108,7 @@ + * Various structures and definitions from NSS are here. + */ + ++#ifndef SYSTEM_NSS + #ifdef _KERNEL + #define PORT_ArenaAlloc(a, n, f) kmem_alloc((n), (f)) + #define PORT_ArenaZAlloc(a, n, f) kmem_zalloc((n), (f)) +@@ -130,9 +143,12 @@ + #define PORT_Memcpy(t, f, l) memcpy((t), (f), (l)) + #endif + ++#endif ++ + #define CHECK_OK(func) if (func == NULL) goto cleanup + #define CHECK_SEC_OK(func) if (SECSuccess != (rv = func)) goto cleanup + ++#ifndef SYSTEM_NSS + typedef enum { + siBuffer = 0, + siClearDataBuffer = 1, +@@ -229,6 +245,7 @@ + SECFailure = -1, + SECSuccess = 0 + } SECStatus; ++#endif + + #ifdef _KERNEL + #define RNG_GenerateGlobalRandomBytes(p,l) ecc_knzero_random_generator((p), (l)) +@@ -237,8 +254,10 @@ + This function is no longer required because the random bytes are now + supplied by the caller. Force a failure. + */ ++#ifndef SYSTEM_NSS + #define RNG_GenerateGlobalRandomBytes(p,l) SECFailure + #endif ++#endif + #define CHECK_MPI_OK(func) if (MP_OKAY > (err = func)) goto cleanup + #define MP_TO_SEC_ERROR(err) + +@@ -248,11 +267,18 @@ + extern int ecc_knzero_random_generator(uint8_t *, size_t); + extern ulong_t soft_nzero_random_generator(uint8_t *, ulong_t); + ++#ifdef SYSTEM_NSS ++#define EC_DecodeParams(a,b,c) EC_DecodeParams(a,b) ++#define ECDSA_VerifyDigest(a,b,c,d) ECDSA_VerifyDigest(a,b,c) ++#define ECDH_Derive(a,b,c,d,e,f) ECDH_Derive(a,b,c,d,e) ++#else + extern SECStatus EC_DecodeParams(const SECItem *, ECParams **, int); ++ + extern SECItem * SECITEM_AllocItem(PRArenaPool *, SECItem *, unsigned int, int); + extern SECStatus SECITEM_CopyItem(PRArenaPool *, SECItem *, const SECItem *, + int); + extern void SECITEM_FreeItem(SECItem *, boolean_t); ++ + /* This function has been modified to accept an array of random bytes */ + extern SECStatus EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey, + const unsigned char* random, int randomlen, int); +@@ -263,9 +289,10 @@ + const SECItem *, int); + extern SECStatus ECDH_Derive(SECItem *, ECParams *, SECItem *, boolean_t, + SECItem *, int); ++#endif + + #ifdef __cplusplus + } + #endif + +-#endif /* _ECC_IMPL_H */ ++#endif /* _ECC_IMPL_H */ diff --git a/SOURCES/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch b/SOURCES/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch new file mode 100644 index 0000000..4efbe9a --- /dev/null +++ b/SOURCES/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch @@ -0,0 +1,88 @@ + +# HG changeset patch +# User andrew +# Date 1478057514 0 +# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c +# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a +PR3183: Support Fedora/RHEL system crypto policy +diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java +--- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100 ++++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000 +@@ -43,6 +43,9 @@ + * implementation-specific location, which is typically the properties file + * {@code conf/security/java.security} in the Java installation directory. + * ++ *

Additional default values of security properties are read from a ++ * system-specific location, if available.

++ * + * @author Benjamin Renaud + * @since 1.1 + */ +@@ -52,6 +55,10 @@ + private static final Debug sdebug = + Debug.getInstance("properties"); + ++ /* System property file*/ ++ private static final String SYSTEM_PROPERTIES = ++ "/etc/crypto-policies/back-ends/java.config"; ++ + /* The java.security properties */ + private static Properties props; + +@@ -93,6 +100,7 @@ + if (sdebug != null) { + sdebug.println("reading security properties file: " + + propFile); ++ sdebug.println(props.toString()); + } + } catch (IOException e) { + if (sdebug != null) { +@@ -114,6 +122,31 @@ + } + + if ("true".equalsIgnoreCase(props.getProperty ++ ("security.useSystemPropertiesFile"))) { ++ ++ // now load the system file, if it exists, so its values ++ // will win if they conflict with the earlier values ++ try (BufferedInputStream bis = ++ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) { ++ props.load(bis); ++ loadedProps = true; ++ ++ if (sdebug != null) { ++ sdebug.println("reading system security properties file " + ++ SYSTEM_PROPERTIES); ++ sdebug.println(props.toString()); ++ } ++ } catch (IOException e) { ++ if (sdebug != null) { ++ sdebug.println ++ ("unable to load security properties from " + ++ SYSTEM_PROPERTIES); ++ e.printStackTrace(); ++ } ++ } ++ } ++ ++ if ("true".equalsIgnoreCase(props.getProperty + ("security.overridePropertiesFile"))) { + + String extraPropFile = System.getProperty +diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/conf/security/java.security +--- a/src/java.base/share/conf/security/java.security Wed Oct 26 03:51:39 2016 +0100 ++++ b/src/java.base/share/conf/security/java.security Wed Nov 02 03:31:54 2016 +0000 +@@ -276,6 +276,13 @@ + security.overridePropertiesFile=true + + # ++# Determines whether this properties file will be appended to ++# using the system properties file stored at ++# /etc/crypto-policies/back-ends/java.config ++# ++security.useSystemPropertiesFile=true ++ ++# + # Determines the default key and trust manager factory algorithms for + # the javax.net.ssl package. + # diff --git a/SOURCES/remove-intree-libraries.sh b/SOURCES/remove-intree-libraries.sh index 95cec20..0e87b0c 100644 --- a/SOURCES/remove-intree-libraries.sh +++ b/SOURCES/remove-intree-libraries.sh @@ -94,13 +94,13 @@ if [ ! -d ${PNG_SRC} ]; then fi rm -rvf ${PNG_SRC} -echo "Skipping removal of LCMS on rhel7. Internal will be used intentionally" -exit 0 echo "Removing lcms" if [ ! -d ${LCMS_SRC} ]; then echo "${LCMS_SRC} does not exist. Refusing to proceed." exit 1 fi +echo "Skipped on RHEL 7 as system LCMS is too old" +if [ ! true ]; then rm -vf ${LCMS_SRC}/cmscam02.c rm -vf ${LCMS_SRC}/cmscgats.c rm -vf ${LCMS_SRC}/cmscnvrt.c @@ -129,3 +129,12 @@ rm -vf ${LCMS_SRC}/cmsxform.c rm -vf ${LCMS_SRC}/lcms2.h rm -vf ${LCMS_SRC}/lcms2_internal.h rm -vf ${LCMS_SRC}/lcms2_plugin.h +fi + +# Get rid of in-tree SunEC until RH1656676 is implemented +echo "Removing SunEC native code" +mv -v src/jdk.crypto.ec/share/native/libsunec/impl/ecc_impl.h . +rm -vrf src/jdk.crypto.ec/share/native/libsunec/impl +mv -v ecc_impl.h src/jdk.crypto.ec/share/native/libsunec + + diff --git a/SOURCES/rh1022017-reduce_ssl_curves.patch b/SOURCES/rh1022017-reduce_ssl_curves.patch new file mode 100644 index 0000000..6dab416 --- /dev/null +++ b/SOURCES/rh1022017-reduce_ssl_curves.patch @@ -0,0 +1,66 @@ +diff --git openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java +--- openjdk.orig///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java ++++ openjdk///src/java.base/share/classes/sun/security/ssl/SupportedGroupsExtension.java +@@ -515,50 +515,19 @@ + } + } else { // default groups + NamedGroup[] groups; +- if (requireFips) { +- groups = new NamedGroup[] { +- // only NIST curves in FIPS mode +- NamedGroup.SECP256_R1, +- NamedGroup.SECP384_R1, +- NamedGroup.SECP521_R1, +- NamedGroup.SECT283_K1, +- NamedGroup.SECT283_R1, +- NamedGroup.SECT409_K1, +- NamedGroup.SECT409_R1, +- NamedGroup.SECT571_K1, +- NamedGroup.SECT571_R1, ++ groups = new NamedGroup[] { ++ // only NIST curves in FIPS mode ++ NamedGroup.SECP256_R1, ++ NamedGroup.SECP384_R1, ++ NamedGroup.SECP521_R1, + +- // FFDHE 2048 +- NamedGroup.FFDHE_2048, +- NamedGroup.FFDHE_3072, +- NamedGroup.FFDHE_4096, +- NamedGroup.FFDHE_6144, +- NamedGroup.FFDHE_8192, +- }; +- } else { +- groups = new NamedGroup[] { +- // NIST curves first +- NamedGroup.SECP256_R1, +- NamedGroup.SECP384_R1, +- NamedGroup.SECP521_R1, +- NamedGroup.SECT283_K1, +- NamedGroup.SECT283_R1, +- NamedGroup.SECT409_K1, +- NamedGroup.SECT409_R1, +- NamedGroup.SECT571_K1, +- NamedGroup.SECT571_R1, +- +- // non-NIST curves +- NamedGroup.SECP256_K1, +- +- // FFDHE 2048 +- NamedGroup.FFDHE_2048, +- NamedGroup.FFDHE_3072, +- NamedGroup.FFDHE_4096, +- NamedGroup.FFDHE_6144, +- NamedGroup.FFDHE_8192, +- }; +- } ++ // FFDHE 2048 ++ NamedGroup.FFDHE_2048, ++ NamedGroup.FFDHE_3072, ++ NamedGroup.FFDHE_4096, ++ NamedGroup.FFDHE_6144, ++ NamedGroup.FFDHE_8192, ++ }; + + groupList = new ArrayList<>(groups.length); + for (NamedGroup group : groups) { diff --git a/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch new file mode 100644 index 0000000..a877506 --- /dev/null +++ b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch @@ -0,0 +1,18 @@ +diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java +--- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java ++++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java +@@ -883,9 +883,13 @@ + return null; + } + }); + if (!GraphicsEnvironment.isHeadless()) { +- loadAssistiveTechnologies(); ++ try { ++ loadAssistiveTechnologies(); ++ } catch (AWTError error) { ++ // ignore silently ++ } + } + } + return toolkit; + } diff --git a/SOURCES/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/SOURCES/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch new file mode 100644 index 0000000..1b92ddc --- /dev/null +++ b/SOURCES/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch @@ -0,0 +1,11 @@ +diff -r 5b86f66575b7 src/share/lib/security/java.security-linux +--- openjdk/src/java.base/share/conf/security/java.security Tue May 16 13:29:05 2017 -0700 ++++ openjdk/src/java.base/share/conf/security/java.security Tue Jun 06 14:05:12 2017 +0200 +@@ -83,6 +83,7 @@ + #ifndef solaris + security.provider.tbd=SunPKCS11 + #endif ++#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg + + # + # A list of preferred providers for specific algorithms. These providers will diff --git a/SOURCES/rh1648644-java_access_bridge_privileged_security.patch b/SOURCES/rh1648644-java_access_bridge_privileged_security.patch new file mode 100644 index 0000000..53026ad --- /dev/null +++ b/SOURCES/rh1648644-java_access_bridge_privileged_security.patch @@ -0,0 +1,20 @@ +--- openjdk/src/java.base/share/conf/security/java.security ++++ openjdk/src/java.base/share/conf/security/java.security +@@ -304,6 +304,8 @@ + # + package.access=sun.misc.,\ + sun.reflect.,\ ++ org.GNOME.Accessibility.,\ ++ org.GNOME.Bonobo.,\ + + # + # List of comma-separated packages that start with or equal this string +@@ -316,6 +318,8 @@ + # + package.definition=sun.misc.,\ + sun.reflect.,\ ++ org.GNOME.Accessibility.,\ ++ org.GNOME.Bonobo.,\ + + # + # Determines whether this properties file can be appended to diff --git a/SOURCES/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch b/SOURCES/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch new file mode 100644 index 0000000..1b706a1 --- /dev/null +++ b/SOURCES/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch @@ -0,0 +1,19 @@ +Remove uses of FAR in jpeg code + +Upstream libjpeg-trubo removed the (empty) FAR macro: +http://sourceforge.net/p/libjpeg-turbo/code/1312/ + +Adjust our code to not use the undefined FAR macro anymore. + +diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c +--- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c ++++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c +@@ -1385,7 +1385,7 @@ + /* and fill it in */ + dst_ptr = icc_data; + for (seq_no = first; seq_no < last; seq_no++) { +- JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN; ++ JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN; + unsigned int length = + icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN; + diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 81c543c..89cad59 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -189,7 +189,7 @@ # New Version-String scheme-style defines %global majorver 11 -%global securityver 1 +%global securityver 2 # Used via new version scheme. JDK 11 was # GA'ed in September 2018 => 18.9 %global vendor_version_string 18.9 @@ -207,7 +207,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global minorver 0 -%global buildver 13 +%global buildver 7 +#%%global tagsuffix %{nil} # priority must be 7 digits in total # setting to 1, so debug ones can have 0 %global priority 00000%{minorver}1 @@ -845,7 +846,7 @@ Provides: java-%{javaver}-%{origin}-src%1 = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{newjavaver}.%{buildver} -Release: 3%{?dist} +Release: 0%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a @@ -880,7 +881,7 @@ URL: http://openjdk.java.net/ # to regenerate source0 (jdk) and source8 (jdk's taspets) run update_package.sh # update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives -Source0: shenandoah-jdk%{majorver}-shenandoah-jdk-%{newjavaver}+%{buildver}.tar.xz +Source0: shenandoah-jdk%{majorver}-shenandoah-jdk-%{newjavaver}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz Source8: systemtap_3.2_tapsets_hg-icedtea8-9d464368e06d.tar.xz # Desktop files. Adapted from IcedTea @@ -906,25 +907,27 @@ Source14: TestECDSA.java # NSS via SunPKCS11 Provider (disabled comment # due to memory leak). -Patch1000: enableCommentedOutSystemNss.patch +Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch # Ignore AWTError when assistive technologies are loaded -Patch1: accessible-toolkit.patch +Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes -Patch2: java-atk-wrapper-security.patch -Patch3: libjpeg-turbo-1.4-compat.patch +Patch2: rh1648644-java_access_bridge_privileged_security.patch +# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS +# Not currently suitable to go upstream as it disables curves +# for all providers unconditionally +Patch525: rh1022017-reduce_ssl_curves.patch +Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch # Follow system wide crypto policy RHBZ#1249083 -Patch4: RHBZ-1249083-system-crypto-policy-PR3183.patch +Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch # System NSS via SunEC Provider -Patch5: RHBZ-1565658-system-nss-SunEC.patch -# Temporarily disable dsin/dcos intrinsics on aarch64, falling -# back to C code. Re-enable once JDK-8210461 is fixed and -# available in jdk11u. -Patch6: RHBZ-1628612-JDK-8210461-workaround-disable-aarch64-intrinsic.patch -# Temporarily disable log intrinsics on aarch64, falling -# back to C code. Re-enable once JDK-8210858 is fixed and -# available in jdk11u. -Patch7: RHBZ-1630996-JDK-8210858-workaround-disable-aarch64-intrinsic-log.patch +Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch + +############################################# +# +# Shenandaoh specific patches +# +############################################# ############################################# # @@ -933,9 +936,9 @@ Patch7: RHBZ-1630996-JDK-8210858-workaround-disable-aarch64-intrinsic-log.pat ############################################# # 8210416, RHBZ#1632174: [linux] Poor StrictMath performance due to non-optimized compilation -Patch8: JDK-8210416-RHBZ-1632174-fdlibm-opt-fix.patch +Patch8: jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch # 8210425, RHBZ#1632174: [x86] sharedRuntimeTrig/sharedRuntimeTrans compiled without optimization -Patch9: JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch +Patch9: jdk8210425-rh1632174-sharedRuntimeTrig_sharedRuntimeTrans_compiled_without_optimization.patch ############################################# # @@ -944,12 +947,17 @@ Patch9: JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch ############################################# # 8210647, RHBZ#1632174: libsaproc is being compiled without optimization -Patch10: JDK-8210647-RHBZ-1632174-libsaproc-opt-fix.patch +Patch10: jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch # 8210761, RHBZ#1632174: libjsig is being compiled without optimization -Patch11: JDK-8210761-RHBZ-1632174-libjsig-opt-fix.patch +Patch11: jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch # 8210703, RHBZ#1632174: vmStructs.cpp compiled with -O0 -Patch12: JDK-8210703-RHBZ-1632174-vmStructs-opt-fix.patch +Patch12: jdk8210703-rh1632174-vmStructs_cpp_no_longer_compiled_with_o0 +############################################# +# +# Patches appearing in 11.0.2 +# +############################################# BuildRequires: autoconf BuildRequires: automake @@ -964,13 +972,6 @@ BuildRequires: freetype-devel BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: gdb -%ifarch %{arm} -BuildRequires: devtoolset-7-build -BuildRequires: devtoolset-7-binutils -BuildRequires: devtoolset-7-gcc -BuildRequires: devtoolset-7-gcc-c++ -BuildRequires: devtoolset-7-gdb -%endif BuildRequires: gtk2-devel # LCMS on rhel7 is older then LCMS in intree JDK BuildRequires: lcms2-devel @@ -1221,14 +1222,12 @@ pushd %{top_level_dir_name} %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 -%patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 - +%patch525 -p1 popd # openjdk %patch1000 @@ -1279,10 +1278,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg %build -%ifarch %{arm} -%{?enable_devtoolset7:%{enable_devtoolset7}} -%endif - # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -1770,11 +1765,33 @@ require "copy_jdk_configs.lua" %changelog -* Mon Nov 19 2018 Johnny Hughes -- Manual CentOS Debranding - -* Wed Oct 24 2018 Severin Gehwolf - 1:11.0.1.13-3 -- Bump release for rebuild. +* Tue Jan 15 2019 Andrew Hughes - 1:11.0.2.7-0 +- Update to shenandoah-jdk-11.0.2+7 (January 2019 CPU) +- Make tagsuffix optional and comment it out while unused. +- Drop JDK-8211105/RH1628612/RH1630996 applied upstream. +- Drop JDK-8209639/RH1640127 applied upstream. +- Re-generate JDK-8210416/RH1632174 following JDK-8209786 +- Resolves: rhbz#1661577 + +* Mon Jan 14 2019 Andrew Hughes - 1:11.0.1.13-4 +- Update to shenandoah-jdk-11.0.1+13-20190101 +- Update tarball generation script in preparation for PR3681/RH1656677 SunEC changes. +- Use remove-intree-libraries.sh to remove the remaining SunEC code for now. +- Fix remove-intree-libraries.sh to not exit early and skip SunEC handling. +- Fix PR1983 SunEC patch so that ecc_impl.h is patched rather than added +- Add missing RH1022017 patch to reduce curves reported by SSL to those we support. +- Resolves: rhbz#1661577 + +* Thu Nov 01 2018 Jiri Vanek - 1:11.0.1.13-3 +- added Patch584 jdk8209639-rh1640127-02-coalesce_attempted_spill_non_spillable.patch + +* Mon Oct 29 2018 Severin Gehwolf - 1:11.0.1.13-3 +- Use upstream's version of Aarch64 intrinsics disable patch: + - Removed: + RHBZ-1628612-JDK-8210461-workaround-disable-aarch64-intrinsic.patch + RHBZ-1630996-JDK-8210858-workaround-disable-aarch64-intrinsic-log.patch + - Superceded by: + jdk8211105-aarch64-disable_cos_sin_and_log_intrinsics.patch * Thu Oct 18 2018 Severin Gehwolf - 1:11.0.1.13-2 - Use LTS designator in version output for RHEL. @@ -1793,16 +1810,16 @@ require "copy_jdk_configs.lua" * Fri Sep 28 2018 Severin Gehwolf - 1:11.0.ea.28-9 - Rework changes from 1:11.0.ea.22-6. RHBZ#1632174 supercedes RHBZ-1624122. -- Add patch, JDK-8210416-RHBZ-1632174-fdlibm-opt-fix.patch, so as to +- Add patch, jdk8210416-rh1632174-compile_fdlibm_with_o2_ffp_contract_off_on_gcc_clang_arches.patch, so as to optimize compilation of fdlibm library. -- Add patch, JDK-8210425-RHBZ-1632174-sharedRuntimeTrig-opt-fix.patch, so +- Add patch, jdk8210425-rh1632174-sharedRuntimeTrig_sharedRuntimeTrans_compiled_without_optimization.patch, so as to optimize compilation of sharedRuntime{Trig,Trans}.cpp -- Add patch, JDK-8210647-RHBZ-1632174-libsaproc-opt-fix.patch, so as to +- Add patch, jdk8210647-rh1632174-libsaproc_is_being_compiled_without_optimization.patch, so as to optimize compilation of libsaproc (extra c flags won't override optimization). -- Add patch, JDK-8210761-RHBZ-1632174-libjsig-opt-fix.patch, so as to +- Add patch, jdk8210761-rh1632174-libjsig_is_being_compiled_without_optimization.patch, so as to optimize compilation of libjsig. -- Add patch, JDK-8210703-RHBZ-1632174-vmStructs-opt-fix.patch, so as to +- Add patch, jdk8210703-rh1632174-vmStructs_cpp_no_longer_compiled_with_o0, so as to optimize compilation of vmStructs.cpp (part of libjvm.so). - Reinstate filtering of opt flags coming from redhat-rpm-config. @@ -1861,7 +1878,7 @@ require "copy_jdk_configs.lua" - Resolves: rhbz#1570856 * Wed Aug 29 2018 Severin Gehwolf - 1:11.0.ea.22-8 -- Adjust system NSS patch, RHBZ-1565658-system-nss-SunEC.patch, so +- Adjust system NSS patch, pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch, so as to filter -Wl,--as-needed from linker flags. Fixes FTBFS issue. - Resolves: rhbz#1570856