diff --git a/.gitignore b/.gitignore index 013fe09..f92ec58 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz +SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 8f03300..e29a21e 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -71e5a111b66d7a8e4234d35117e0fd663d39f9ce SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz +3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 3583c26..b817d9e 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,210 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u372 (2023-04-18): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u372 + +* CVEs + - CVE-2023-21930 + - CVE-2023-21937 + - CVE-2023-21938 + - CVE-2023-21939 + - CVE-2023-21954 + - CVE-2023-21967 + - CVE-2023-21968 +* Security fixes + - JDK-8287404: Improve ping times + - JDK-8288436: Improve Xalan supports + - JDK-8294474: Better AES support + - JDK-8295304: Runtime support improvements + - JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation + - JDK-8296676, JDK-8296622: Improve String platform support + - JDK-8296684: Improve String platform support + - JDK-8296692: Improve String platform support + - JDK-8296700: Improve String platform support + - JDK-8296832: Improve Swing platform support + - JDK-8297371: Improve UTF8 representation redux + - JDK-8298191: Enhance object reclamation process + - JDK-8298310: Enhance TLS session negotiation + - JDK-8298667: Improved path handling + - JDK-8299129: Enhance NameService lookups +* New features + - JDK-8230305: Cgroups v2: Container awareness +* Other changes + - JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html + - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows + - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails + - JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be + - JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation + - JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java + - JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows + - JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled + - JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB + - JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error + - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing + - JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu + - JDK-8156579: Two JavaBeans tests failed + - JDK-8156581: Cleanup of ProblemList.txt + - JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail + - JDK-8177560: @headful key can be removed from the tests for JavaSound + - JDK-8196196: Headful tests should not be run in headless mode + - JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails + - JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp + - JDK-8203485: [freetype] text rotated on 180 degrees is too narrow + - JDK-8205959: Do not restart close if errno is EINTR + - JDK-8216366: Add rationale to PER_CPU_SHARES define + - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails + - JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes) + - JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12 + - JDK-8229202: Docker reporting causes secondary crashes in error handling + - JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy + - JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation + - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos + - JDK-8234484: Add ability to configure third port for remote JMX + - JDK-8237479: 8230305 causes slowdebug build failure + - JDK-8239559: Cgroups: Incorrect detection logic on some systems + - JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot + - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual + - JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111 + - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873 + - JDK-8242468: VS2019 build missing vcruntime140_1.dll + - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails + - JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java + - JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible) + - JDK-8245654: Add Certigna Root CA + - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows + - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked + - JDK-8252359: HotSpot Not Identifying it is Running in a Container + - JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota + - JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist + - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high + - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly + - JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems + - JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code + - JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection + - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards + - JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes + - JDK-8257620: Do not use objc_msgSend_stret to get macOS version + - JDK-8262379: Add regression test for JDK-8257746 + - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec + - JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics + - JDK-8270317: Large Allocation in CipherSuite + - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked + - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11 + - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc + - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10 + - JDK-8280048: Missing comma in copyright header + - JDK-8282398: EndingDotHostname.java test fails because SSL cert expired + - JDK-8282511: Use fixed certificate validation date in SSLExampleCert template + - JDK-8282947: JFR: Dump on shutdown live-locks in some conditions + - JDK-8283277: ISO 4217 Amendment 171 Update + - JDK-8283606: Tests may fail with zh locale on MacOS + - JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124 + - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox + - JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem + - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist + - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 + - JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller + - JDK-8287109: Distrust.java failed with CertificateExpiredException + - JDK-8287463: JFR: Disable TestDevNull.java on Windows + - JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete + - JDK-8289549: ISO 4217 Amendment 172 Update + - JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun + - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u + - JDK-8292083: Detected container memory limit may exceed physical machine memory + - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory + - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present + - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts + - JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings + - JDK-8294307: ISO 4217 Amendment 173 Update + - JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features + - JDK-8295322: Tests for JDK-8271459 were not backported to 11u + - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 + - JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process + - JDK-8296239: ISO 4217 Amendment 174 Update + - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing + - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException + - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent + - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 + - JDK-8297329: [8u] hotspot needs to recognise VS2019 + - JDK-8297739: Bump update version of OpenJDK: 8u372 + - JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's + - JDK-8298027: Remove SCCS id's from awt jtreg tests + - JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u + - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + - JDK-8299445: EndingDotHostname.java fails because of compilation errors + - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java + - JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u + - JDK-8299804: Fix non-portable code in hotspot shell tests in 8u + - JDK-8300014: Some backports placed the tests in the wrong location + - JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems + - JDK-8301122: [8u] Fix unreliable vs2010 download link + - JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper + - JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig + - JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport + - JDK-8301550: [8u] Enable additional linux build testing in GitHub + - JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors + - JDK-8301760: Fix possible leak in SpNegoContext dispose + - JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391 + - JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391 + - JDK-8304053: Revert os specific stubs for SystemMetrics + - JDK-8305113: (tz) Update Timezone Data to 2023c + +Notes on individual issues: +=========================== + +hotspot: +core-libs: + +JDK-8305562: Cgroups v2: Container awareness +============================================ +The HotSpot runtime code as well as the core libraries code in the JDK +has been updated in order to detect a cgroup v2 host system when +running OpenJDK within a Linux container. + +Since the 8u202 release of OpenJDK, the container detection code +recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later +releases, both versions of the underlying cgroups pseudo filesystem +will be detected and corresponding container limits applied to the +OpenJDK runtime. + +Without this enhancement, OpenJDK would not apply container resource +limits when running on a cgroup v2 Linux host system, but would use +the underlying hosts' resource limits instead. + +client-libs/javax.swing: + +JDK-8296832: Improve Swing platform support +=========================================== +Earlier OpenJDK releases would always render HTML object tags embedded in +Swing HTML components. With this release, rendering only occurs when the +new system property "swing.html.object" is set to true. By default, it +is set to false. + +core-svc/javax.management: + +JDK-8234484: Added Ability to Configure Third Port for Remote JMX +================================================================= +A local access port can now be configured for JMX connections by +setting the property `com.sun.management.jmxremote.local.port`. This +local port was previously selected at random, which could lead to port +collisions. The property works in the same way as the existing +properties for configuring the remote access port +(`com.sun.management.jmxremote.port`) and the RMI port +(`com.sun.management.jmxremote.rmi.port`) + +security-libs/java.security: + +JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate +========================================================== +The following root certificate has been added to the cacerts truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR + New in release OpenJDK 8u362 (2023-01-17): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch b/SOURCES/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch new file mode 100644 index 0000000..42ac516 --- /dev/null +++ b/SOURCES/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch @@ -0,0 +1,167 @@ +commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99 +Author: Alexey Bakhtin +Date: Tue Apr 4 10:29:11 2023 +0000 + + 8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key + + Reviewed-by: andrew, mbalao + Backport-of: f6232982b91cb2314e96ddbde3984836a810a556 + +diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java +index a79e97d7c74..5378446b97b 100644 +--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java ++++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java +@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi { + @Override + protected void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException { +- if (!(publicKey instanceof RSAPublicKey)) { ++ if (publicKey instanceof RSAPublicKey) { ++ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey; ++ isPublicKeyValid(rsaPubKey); ++ this.pubKey = rsaPubKey; ++ this.privKey = null; ++ resetDigest(); ++ } else { + throw new InvalidKeyException("key must be RSAPublicKey"); + } +- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey); +- this.privKey = null; +- resetDigest(); + } + + // initialize for signing. See JCA doc +@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi { + @Override + protected void engineInitSign(PrivateKey privateKey, SecureRandom random) + throws InvalidKeyException { +- if (!(privateKey instanceof RSAPrivateKey)) { ++ if (privateKey instanceof RSAPrivateKey) { ++ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey; ++ isPrivateKeyValid(rsaPrivateKey); ++ this.privKey = rsaPrivateKey; ++ this.pubKey = null; ++ this.random = ++ (random == null ? JCAUtil.getSecureRandom() : random); ++ resetDigest(); ++ } else { + throw new InvalidKeyException("key must be RSAPrivateKey"); + } +- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey); +- this.pubKey = null; +- this.random = +- (random == null? JCAUtil.getSecureRandom() : random); +- resetDigest(); + } + + /** +@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi { + } + } + ++ /** ++ * Validate the specified RSAPrivateKey ++ */ ++ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException { ++ try { ++ if (prKey instanceof RSAPrivateCrtKey) { ++ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey; ++ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) { ++ RSAKeyFactory.checkRSAProviderKeyLengths( ++ crtKey.getModulus().bitLength(), ++ crtKey.getPublicExponent()); ++ } else { ++ throw new InvalidKeyException( ++ "Some of the CRT-specific components are not available"); ++ } ++ } else { ++ RSAKeyFactory.checkRSAProviderKeyLengths( ++ prKey.getModulus().bitLength(), ++ null); ++ } ++ } catch (InvalidKeyException ikEx) { ++ throw ikEx; ++ } catch (Exception e) { ++ throw new InvalidKeyException( ++ "Can not access private key components", e); ++ } ++ isValid(prKey); ++ } ++ ++ /** ++ * Validate the specified RSAPublicKey ++ */ ++ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException { ++ try { ++ RSAKeyFactory.checkRSAProviderKeyLengths( ++ pKey.getModulus().bitLength(), ++ pKey.getPublicExponent()); ++ } catch (InvalidKeyException ikEx) { ++ throw ikEx; ++ } catch (Exception e) { ++ throw new InvalidKeyException( ++ "Can not access public key components", e); ++ } ++ isValid(pKey); ++ } ++ + /** + * Validate the specified RSAKey and its associated parameters against + * internal signature parameters. + */ +- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException { ++ private void isValid(RSAKey rsaKey) throws InvalidKeyException { + try { + AlgorithmParameterSpec keyParams = rsaKey.getParams(); + // validate key parameters +@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi { + } + checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength()); + } +- return rsaKey; + } catch (SignatureException e) { + throw new InvalidKeyException(e); + } +diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java +index 6b219937981..b3c1fae9672 100644 +--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java ++++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java +@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl + RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded); + // check all CRT-specific components are available, if any one + // missing, return a non-CRT key instead +- if ((key.getPublicExponent().signum() == 0) || +- (key.getPrimeExponentP().signum() == 0) || +- (key.getPrimeExponentQ().signum() == 0) || +- (key.getPrimeP().signum() == 0) || +- (key.getPrimeQ().signum() == 0) || +- (key.getCrtCoefficient().signum() == 0)) { ++ if (checkComponents(key)) { ++ return key; ++ } else { + return new RSAPrivateKeyImpl( + key.algid, + key.getModulus(), +- key.getPrivateExponent() +- ); +- } else { +- return key; ++ key.getPrivateExponent()); + } + } + ++ /** ++ * Validate if all CRT-specific components are available. ++ */ ++ static boolean checkComponents(RSAPrivateCrtKey key) { ++ return !((key.getPublicExponent().signum() == 0) || ++ (key.getPrimeExponentP().signum() == 0) || ++ (key.getPrimeExponentQ().signum() == 0) || ++ (key.getPrimeP().signum() == 0) || ++ (key.getPrimeQ().signum() == 0) || ++ (key.getCrtCoefficient().signum() == 0)); ++ } ++ + /** + * Generate a new key from the specified type and components. + * Returns a CRT key if possible and a non-CRT key otherwise. diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 6dc3d64..f2b0716 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -218,7 +218,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project openjdk %global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u362-b08 +%global openjdk_revision jdk8u372-b07 %global shenandoah_revision shenandoah-%{openjdk_revision} # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} @@ -1049,13 +1049,15 @@ Patch12: jdk8186464-rh1433262-zip64_failure.patch ############################################# # -# Patches appearing in 8u362 +# Patches appearing in 8u382 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be # able to be removed once that release is out # and used by this RPM. ############################################# +# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key +Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch ############################################# # @@ -1121,14 +1123,6 @@ BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel BuildRequires: zip BuildRequires: unzip -%ifarch %{arm} -BuildRequires: devtoolset-7-build -BuildRequires: devtoolset-7-binutils -BuildRequires: devtoolset-7-gcc -BuildRequires: devtoolset-7-gcc-c++ -BuildRequires: devtoolset-7-gdb -%endif - # Use OpenJDK 7 where available (on RHEL) to avoid # having to use the rhel-7.x-java-unsafe-candidate hack %if ! 0%{?fedora} && 0%{?rhel} <= 7 @@ -1141,8 +1135,8 @@ BuildRequires: java-1.8.0-openjdk-devel %ifnarch %{jit_arches} BuildRequires: libffi-devel %endif -# 2022g required as of JDK-8297804 -BuildRequires: tzdata-java >= 2022g +# 2023c required as of JDK-8305113 +BuildRequires: tzdata-java >= 2023c # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1430,6 +1424,8 @@ sh %{SOURCE12} # Upstreamed fixes pushd %{top_level_dir_name} +# 8u382 fix +%patch2001 -p1 popd # RPM-only fixes @@ -1492,10 +1488,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg %build -%ifarch %{arm} -%{?enable_devtoolset7:%{enable_devtoolset7}} -%endif - # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -1519,9 +1511,6 @@ EXTRA_CPP_FLAGS="%ourcppflags" # fix rpmlint warnings EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif -%ifarch %{arm} -EXTRA_CFLAGS="$EXTRA_CFLAGS -Wno-nonnull" -%endif EXTRA_ASFLAGS="${EXTRA_CFLAGS}" export EXTRA_CFLAGS EXTRA_ASFLAGS @@ -2196,6 +2185,18 @@ require "copy_jdk_configs.lua" %endif %changelog +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-1 +- Update to shenandoah-jdk8u372-b07 (GA) +- Update release notes for shenandoah-8u372-b07. +- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 +- Update generate_tarball.sh to add support for passing a boot JDK to the configure run +- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace +- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs +- Include JDK-8271199 backport early ahead of 8u382 (RH2175317) +- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** +- Resolves: rhbz#2185182 +- Resolves: rhbz#2159458 + * Fri Jan 13 2023 Andrew Hughes - 1:1.8.0.362.b08-1 - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08.