diff --git a/.gitignore b/.gitignore index 838bf37..955cdba 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b03.tar.xz +SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u252-b09-4curve.tar.xz SOURCES/tapsets-icedtea-3.11.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 5cbf64a..ac29869 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -236fb2e33b9b43816c135071523a940b8394acf3 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u232-b03.tar.xz +9417f1f9fa52d6882a0ffe26c00a478d8bb6465d SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u252-b09-4curve.tar.xz 50ad90759d440f24f50990b88b5814e4f61351af SOURCES/tapsets-icedtea-3.11.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS new file mode 100644 index 0000000..59f5724 --- /dev/null +++ b/SOURCES/NEWS @@ -0,0 +1,113 @@ +Key: + +JDK-X - https://bugs.openjdk.java.net/browse/JDK-X +CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY + +New in release OpenJDK 8u252 (2020-04-14): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/oj8u252 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt + +* Security fixes + - JDK-8223898, CVE-2020-2754: Forward references to Nashorn + - JDK-8223904, CVE-2020-2755: Improve Nashorn matching + - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs + - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues + - JDK-8225603: Enhancement for big integers + - JDK-8227542: Manifest improved jar headers + - JDK-8231415, CVE-2020-2773: Better signatures in XML + - JDK-8233250: Better X11 rendering + - JDK-8233410: Better Build Scripting + - JDK-8234027: Better JCEKS key support + - JDK-8234408, CVE-2020-2781: Improve TLS session handling + - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers + - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers + - JDK-8235274, CVE-2020-2805: Enhance typing of methods + - JDK-8236201, CVE-2020-2830: Better Scanner conversions + - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap +* Other changes + - JDK-8005819: Support cross-realm MSSFU + - JDK-8022263: use same Clang warnings on BSD as on Linux + - JDK-8038631: Create wrapper for awt.Robot with additional functionality + - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid + - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests + - JDK-8068184: Fix for JDK-8032832 caused a deadlock + - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature + - JDK-8132130: some docs cleanup + - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit + - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal + - JDK-8144446: Automate the Marlin crash test + - JDK-8144526: Remove Marlin logging use of deleted internal API + - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats + - JDK-8144654: Improve Marlin logging + - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins + - JDK-8166976: TestCipherPBECons has wrong @run line + - JDK-8167409: Invalid value passed to critical JNI function + - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant + - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT + - JDK-8191227: issues with unsafe handle resolution + - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider + - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object + - JDK-8215756: Memory leaks in the AWT on macOS + - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win) + - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread + - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions + - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test + - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test + - JDK-8229022: BufferedReader performance can be improved by using StringBuilder + - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC + - JDK-8229872: (fs) Increase buffer size used with getmntent + - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception + - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type + - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 + - JDK-8235904: Infinite loop when rendering huge lines + - JDK-8236179: C1 register allocation error with T_ADDRESS + - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read + - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call + - JDK-8241296: Segfault in JNIHandleBlock::oops_do() + - JDK-8241307: Marlin renderer should not be the default in 8u252 + +Notes on individual issues: +=========================== + +hotspot/svc: + +JDK-8174881: Binary format for HPROF updated +============================================ + +When dumping the heap in binary format, HPROF format 1.0.2 is always +used now. Previously, format 1.0.1 was used for heaps smaller than +2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the +serviceability agent. + +security-libs/java.security: + +JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature +==================================================================================== + +The SunRsaSign and SunJCE providers have been enhanced with support +for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS +signature and OAEP using FIPS 180-4 digest algorithms. New +constructors and methods have been added to relevant JCA/JCE classes +under the `java.security.spec` and `javax.crypto.spec` packages for +supporting additional RSASSA-PSS parameters. + +security-libs/javax.crypto: + +JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI +============================================================ + +The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider. + +security-libs/javax.security: + +JDK-8227564: Allow SASL Mechanisms to Be Restricted +=================================================== + +A security property named `jdk.sasl.disabledMechanisms` has been added +that can be used to disable SASL mechanisms. Any disabled mechanism +will be ignored if it is specified in the `mechanisms` argument of +`Sasl.createSaslClient` or the `mechanism` argument of +`Sasl.createSaslServer`. The default value for this security property +is empty, which means that no mechanisms are disabled out-of-the-box. diff --git a/SOURCES/jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch b/SOURCES/jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch deleted file mode 100644 index c9ef36b..0000000 --- a/SOURCES/jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch +++ /dev/null @@ -1,55 +0,0 @@ -# HG changeset patch -# User coleenp -# Date 1525713256 -3600 -# Mon May 07 18:14:16 2018 +0100 -# Node ID bcbc64dfb629c5f188bbf59b8f986ad95963ed60 -# Parent 07a1135a327362f157955d470fad5df07cc35164 -8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers -Summary: change to include atomic.inline.hpp and allocation.inline.hpp only in .cpp files and some build fixes from Kim to build on ubuntu without devkits -Reviewed-by: kbarrett, sgehwolf, erikj - -diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hotspot/make/linux/makefiles/zeroshark.make ---- openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make -+++ openjdk/hotspot/make/linux/makefiles/zeroshark.make -@@ -1,5 +1,5 @@ - # --# Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved. -+# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved. - # Copyright 2007, 2008 Red Hat, Inc. - # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - # -@@ -25,8 +25,15 @@ - - # Setup common to Zero (non-Shark) and Shark versions of VM - --# override this from the main file because some version of llvm do not like -Wundef --WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wunused-function -Wunused-value -+# Some versions of llvm do not like -Wundef -+ifeq ($(USE_CLANG), true) -+ WARNING_FLAGS += -Wno-undef -+endif -+# Suppress some warning flags that are normally turned on for hotspot, -+# because some of the zero code has not been updated accordingly. -+WARNING_FLAGS += -Wno-return-type \ -+ -Wno-format-nonliteral -Wno-format-security \ -+ -Wno-maybe-uninitialized - - # If FDLIBM_CFLAGS is non-empty it holds CFLAGS needed to be passed to - # the compiler so as to be able to produce optimized objects -@@ -48,5 +55,3 @@ - ifeq ($(ARCH_DATA_MODEL), 64) - CFLAGS += -D_LP64=1 - endif -- --OPT_CFLAGS/compactingPermGenGen.o = -O1 -diff --git openjdk.orig/hotspot/src/share/vm/runtime/java.cpp openjdk/hotspot/src/share/vm/runtime/java.cpp ---- openjdk.orig/hotspot/src/share/vm/runtime/java.cpp -+++ openjdk/hotspot/src/share/vm/runtime/java.cpp -@@ -45,6 +45,7 @@ - #include "runtime/arguments.hpp" - #include "runtime/biasedLocking.hpp" - #include "runtime/compilationPolicy.hpp" -+#include "runtime/deoptimization.hpp" - #include "runtime/fprofiler.hpp" - #include "runtime/init.hpp" - #include "runtime/interfaceSupport.hpp" diff --git a/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch b/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch index 792b04a..298bbd3 100644 --- a/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch +++ b/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch @@ -8,7 +8,6 @@ Reviewed-by: dholmes, coleenp diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hotspot/make/linux/makefiles/zeroshark.make -diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hotspot/make/linux/makefiles/zeroshark.make --- openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make +++ openjdk/hotspot/make/linux/makefiles/zeroshark.make @@ -1,5 +1,5 @@ @@ -18,8 +17,8 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots # Copyright 2007, 2008 Red Hat, Inc. # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. # -@@ -29,11 +29,6 @@ - ifeq ($(USE_CLANG), true) +@@ -29,12 +29,7 @@ + ifeq ($(JVM_VARIANT_ZEROSHARK), true) WARNING_FLAGS += -Wno-undef endif -# Suppress some warning flags that are normally turned on for hotspot, @@ -27,6 +26,8 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots -WARNING_FLAGS += -Wno-return-type \ - -Wno-format-nonliteral -Wno-format-security \ - -Wno-maybe-uninitialized +- ++ # If FDLIBM_CFLAGS is non-empty it holds CFLAGS needed to be passed to # the compiler so as to be able to produce optimized objects diff --git a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch index 533ea2d..ae48068 100644 --- a/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch +++ b/SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch @@ -10,7 +10,7 @@ Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4 --- openjdk.orig///common/autoconf/flags.m4 +++ openjdk///common/autoconf/flags.m4 -@@ -389,6 +389,21 @@ +@@ -402,6 +402,21 @@ AC_SUBST($2CXXSTD_CXXFLAG) fi @@ -44,11 +44,11 @@ diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/a + $(REALIGN_CFLAG) EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@ EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@ - + EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@ diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in --- openjdk.orig///common/autoconf/spec.gmk.in +++ openjdk///common/autoconf/spec.gmk.in -@@ -334,6 +334,7 @@ +@@ -366,6 +366,7 @@ NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@ NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@ diff --git a/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch b/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch deleted file mode 100644 index 8165340..0000000 --- a/SOURCES/pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff --git a/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java b/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java ---- openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java -+++ openjdk/jdk/src/share/classes/sun/security/ssl/EllipticCurvesExtension.java -@@ -168,20 +168,10 @@ - "contains no supported elliptic curves"); - } - } else { // default curves -- int[] ids; -- if (requireFips) { -- ids = new int[] { -- // only NIST curves in FIPS mode -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- }; -- } else { -- ids = new int[] { -- // NIST curves first -- 23, 24, 25, 9, 10, 11, 12, 13, 14, -- // non-NIST curves -- 22, -- }; -- } -+ int[] ids = new int[] { -+ // NSS currently only supports these three NIST curves -+ 23, 24, 25 -+ }; - - idList = new ArrayList<>(ids.length); - for (int curveId : ids) { diff --git a/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch b/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch index 4859ca6..06973aa 100644 --- a/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch +++ b/SOURCES/pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch @@ -7,18 +7,10 @@ PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings Summary: Add -systemlineendings option to keytool to allow system line endings to be used again. -diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/classes/sun/security/pkcs10/PKCS10.java ---- openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java +++ openjdk/jdk/src/share/classes/sun/security/pkcs10/PKCS10.java -@@ -30,6 +30,7 @@ - import java.io.IOException; - import java.math.BigInteger; - -+import java.security.AccessController; - import java.security.cert.CertificateException; - import java.security.NoSuchAlgorithmException; - import java.security.InvalidKeyException; -@@ -39,6 +40,7 @@ +@@ -35,6 +35,7 @@ import java.util.Base64; @@ -26,7 +18,7 @@ diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/class import sun.security.util.*; import sun.security.x509.AlgorithmId; import sun.security.x509.X509Key; -@@ -76,6 +78,14 @@ +@@ -74,6 +75,14 @@ * @author Hemma Prafullchandra */ public class PKCS10 { @@ -41,7 +33,7 @@ diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/class /** * Constructs an unsigned PKCS #10 certificate request. Before this * request may be used, it must be encoded and signed. Then it -@@ -293,13 +303,39 @@ +@@ -303,13 +312,39 @@ */ public void print(PrintStream out) throws IOException, SignatureException { @@ -83,10 +75,10 @@ diff --git a/src/share/classes/sun/security/pkcs10/PKCS10.java b/src/share/class out.println("-----END NEW CERTIFICATE REQUEST-----"); } -diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/classes/sun/security/tools/keytool/Main.java ---- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java +++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java -@@ -124,6 +124,7 @@ +@@ -126,6 +126,7 @@ private String infilename = null; private String outfilename = null; private String srcksfname = null; @@ -94,7 +86,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/ // User-specified providers are added before any command is called. // However, they are not removed before the end of the main() method. -@@ -186,7 +187,7 @@ +@@ -188,7 +189,7 @@ CERTREQ("Generates.a.certificate.request", ALIAS, SIGALG, FILEOUT, KEYPASS, KEYSTORE, DNAME, STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, @@ -103,7 +95,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/ CHANGEALIAS("Changes.an.entry.s.alias", ALIAS, DESTALIAS, KEYPASS, KEYSTORE, STOREPASS, STORETYPE, PROVIDERNAME, PROVIDERCLASS, PROVIDERARG, -@@ -319,6 +320,7 @@ +@@ -321,6 +322,7 @@ STARTDATE("startdate", "", "certificate.validity.start.date.time"), STOREPASS("storepass", "", "keystore.password"), STORETYPE("storetype", "", "keystore.type"), @@ -111,7 +103,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/ TRUSTCACERTS("trustcacerts", null, "trust.certificates.from.cacerts"), V("v", null, "verbose.output"), VALIDITY("validity", "", "validity.number.of.days"); -@@ -559,6 +561,8 @@ +@@ -561,6 +563,8 @@ protectedPath = true; } else if (collator.compare(flags, "-srcprotected") == 0) { srcprotectedPath = true; @@ -120,7 +112,7 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/ } else { System.err.println(rb.getString("Illegal.option.") + flags); tinyHelp(); -@@ -1463,7 +1467,7 @@ +@@ -1464,7 +1468,7 @@ // Sign the request and base-64 encode it request.encodeAndSign(subject, signature); @@ -129,13 +121,13 @@ diff --git a/src/share/classes/sun/security/tools/keytool/Main.java b/src/share/ checkWeak(rb.getString("the.generated.certificate.request"), request); } -@@ -4540,4 +4544,3 @@ +@@ -4544,4 +4548,3 @@ return new Pair<>(a,b); } } - -diff --git a/src/share/classes/sun/security/tools/keytool/Resources.java b/src/share/classes/sun/security/tools/keytool/Resources.java ---- openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Resources.java +++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Resources.java @@ -168,6 +168,8 @@ "keystore password"}, //-storepass diff --git a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch index b52c087..00e3a2e 100644 --- a/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch +++ b/SOURCES/pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch @@ -35,7 +35,7 @@ diff --git openjdk.orig/jdk/src/share/classes/sun/security/util/ECUtil.java open +++ openjdk/jdk/src/share/classes/sun/security/util/ECUtil.java @@ -41,6 +41,9 @@ - public class ECUtil { + public final class ECUtil { + /* Are we debugging ? */ + private static final Debug debug = Debug.getInstance("ecc"); diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index d7026c4..8f97cdd 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -180,7 +180,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u232-b03 +%global shenandoah_revision aarch64-shenandoah-jdk8u252-b09 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -188,18 +188,20 @@ # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.11.0 +# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 +%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) -%global whole_update %(VERSION=%{revision}; echo ${VERSION%%-*}) +%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 -%global buildver %(VERSION=%{revision}; echo ${VERSION##*-}) -%global rpmrelease 1 +%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) +%global rpmrelease 3 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -540,9 +542,10 @@ exit 0 %global files_jre_headless() %{expand: %defattr(-,root,root,-) -%doc %{buildoutputdir %%1}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION -%doc %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE -%doc %{buildoutputdir %%1}/images/%{jdkimage}/jre/THIRD_PARTY_README +%license %{buildoutputdir %%1}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION +%license %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE +%license %{buildoutputdir %%1}/images/%{jdkimage}/jre/THIRD_PARTY_README +%doc %{_defaultdocdir}/%{uniquejavadocdir %%1}/NEWS %dir %{_jvmdir}/%{sdkdir %%1} %{_jvmdir}/%{jrelnk %%1} %{_jvmjardir}/%{jrelnk %%1} @@ -561,6 +564,7 @@ exit 0 %config(noreplace) %{_jvmdir}/%{jredir %%1}/lib/security/java.security %config(noreplace) %{_jvmdir}/%{jredir %%1}/lib/security/blacklisted.certs %config(noreplace) %{_jvmdir}/%{jredir %%1}/lib/logging.properties +%config(noreplace) %{_jvmdir}/%{jredir %%1}/lib/net.properties %{_mandir}/man1/java-%{uniquesuffix %%1}.1* %{_mandir}/man1/jjs-%{uniquesuffix %%1}.1* %{_mandir}/man1/keytool-%{uniquesuffix %%1}.1* @@ -585,9 +589,9 @@ exit 0 %global files_devel() %{expand: %defattr(-,root,root,-) -%doc %{buildoutputdir %%1}/images/%{jdkimage}/ASSEMBLY_EXCEPTION -%doc %{buildoutputdir %%1}/images/%{jdkimage}/LICENSE -%doc %{buildoutputdir %%1}/images/%{jdkimage}/THIRD_PARTY_README +%license %{buildoutputdir %%1}/images/%{jdkimage}/ASSEMBLY_EXCEPTION +%license %{buildoutputdir %%1}/images/%{jdkimage}/LICENSE +%license %{buildoutputdir %%1}/images/%{jdkimage}/THIRD_PARTY_README %dir %{_jvmdir}/%{sdkdir %%1}/bin %dir %{_jvmdir}/%{sdkdir %%1}/include %dir %{_jvmdir}/%{sdkdir %%1}/lib @@ -636,7 +640,7 @@ exit 0 %global files_demo() %{expand: %defattr(-,root,root,-) -%doc %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE +%license %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE } %global files_src() %{expand: @@ -648,13 +652,13 @@ exit 0 %global files_javadoc() %{expand: %defattr(-,root,root,-) %doc %{_javadocdir}/%{uniquejavadocdir %%1} -%doc %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE +%license %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE } %global files_javadoc_zip() %{expand: %defattr(-,root,root,-) %doc %{_javadocdir}/%{uniquejavadocdir %%1}.zip -%doc %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE +%license %{buildoutputdir %%1}/images/%{jdkimage}/jre/LICENSE } %global files_accessibility() %{expand: @@ -868,11 +872,14 @@ URL: http://openjdk.java.net/ # FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} # REPO_ROOT= generate_source_tarball.sh # where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} -Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}.tar.xz +Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz # Custom README for -src subpackage Source2: README.md +# Release notes +Source7: NEWS + # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (3.x). @@ -915,10 +922,6 @@ Source101: config.sub Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes Patch3: rh1648644-java_access_bridge_privileged_security.patch -# PR1834, RH1022017: Reduce curves reported by SSL to those in NSS -# Not currently suitable to go upstream as it disables curves -# for all providers unconditionally -Patch525: pr1834-rh1022017-reduce_ellipticcurvesextension_to_provide_only_three_nss_supported_nist_curves_23_24_25.patch # Turn on AssumeMP by default on RHEL systems Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch @@ -986,8 +989,6 @@ Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binar Patch400: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch # PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch -# 8141570, PR3548: Fix Zero interpreter build for --disable-precompiled-headers -Patch573: jdk8141570-pr3548-fix_zero_interpreter_build_for_disable_precompiled_headers.patch # 8143245, PR3548: Zero build requires disabled warnings Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch # 8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8 @@ -1365,14 +1366,12 @@ sh %{SOURCE12} %patch531 %patch530 %patch571 -%patch573 %patch574 %patch575 %patch577 %patch541 # RPM-only fixes -%patch525 %patch539 # RHEL-only patches @@ -1454,7 +1453,8 @@ EXTRA_CPP_FLAGS="%ourcppflags" # fix rpmlint warnings EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif -export EXTRA_CFLAGS +EXTRA_ASFLAGS="${EXTRA_CFLAGS}" +export EXTRA_CFLAGS EXTRA_ASFLAGS (cd %{top_level_dir_name}/common/autoconf bash ./autogen.sh @@ -1492,6 +1492,7 @@ bash ../../configure \ --with-stdc++lib=dynamic \ --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ --with-extra-cflags="$EXTRA_CFLAGS" \ + --with-extra-asflags="$EXTRA_ASFLAGS" \ --with-extra-ldflags="%{ourldflags}" \ --with-num-cores="$NUM_PROC" @@ -1745,6 +1746,11 @@ install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} cp -a %{buildoutputdir $normal_suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir $suffix} cp -a %{buildoutputdir $normal_suffix}/bundles/jdk-%{javaver}_%{updatever}%{milestone_version}${normal_suffix}-%{buildver}-docs.zip $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir $suffix}.zip +# Install release notes +commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir $suffix} +install -d -m 755 ${commondocdir} +cp -a %{SOURCE7} ${commondocdir} + # Install icons and menu entries for s in 16 24 32 48 ; do install -D -p -m 644 \ @@ -2039,6 +2045,134 @@ require "copy_jdk_configs.lua" %endif %changelog +* Wed Apr 15 2020 Andrew Hughes - 1:1.8.0.252.b09-3 +- Add release notes. +- Mark license files with appropriate macro. +- Resolves: rhbz#1810557 + +* Wed Apr 15 2020 Andrew Hughes - 1:1.8.0.252.b09-3 +- Update to aarch64-shenandoah-jdk8u242-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1810557 + +* Sun Apr 12 2020 Andrew Hughes - 1:1.8.0.252.b08-0.2.ea +- Make use of --with-extra-asflags introduced in jdk8u252-b01. +- Resolves: rhbz#1810557 + +* Fri Mar 27 2020 Andrew Hughes - 1:1.8.0.252.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b08. +- Resolves: rhbz#1810557 + +* Tue Mar 24 2020 Andrew Hughes - 1:1.8.0.252.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b07. +- Resolves: rhbz#1810557 + +* Mon Mar 16 2020 Andrew Hughes - 1:1.8.0.252.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b06. +- Resolves: rhbz#1810557 + +* Fri Feb 28 2020 Andrew Hughes - 1:1.8.0.252.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b05. +- Resolves: rhbz#1810557 + +* Mon Feb 24 2020 Andrew Hughes - 1:1.8.0.252.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b04. +- Resolves: rhbz#1810557 + +* Wed Feb 19 2020 Andrew Hughes - 1:1.8.0.252.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b03. +- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 +- Resolves: rhbz#1810557 + +* Tue Feb 04 2020 Andrew Hughes - 1:1.8.0.252.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b02. +- Resolves: rhbz#1810557 + +* Mon Jan 27 2020 Andrew Hughes - 1:1.8.0.252.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u252-b01. +- Switch to EA mode. +- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change +- Remove local copies of JDK-8231991 & JDK-8234107 as replaced by upstream versions. +- Resolves: rhbz#1810557 + +* Wed Jan 15 2020 Andrew Hughes - 1:1.8.0.242.b08-1 +- Update to aarch64-shenandoah-jdk8u242-b08. +- Remove local copies of JDK-8031111 & JDK-8132111 as replaced by upstream versions. +- Fix paths in jdk8231991-mouse_wheel_focus.patch after git apply --stat complaints. +- Resolves: rhbz#1785753 + +* Wed Jan 15 2020 Andrew John Hughes - 1:1.8.0.242.b07-2 +- Add backports of JDK-8031111 & JDK-8132111 to fix TCK issue. +- Resolves: rhbz#1785753 + +* Mon Jan 13 2020 Andrew Hughes - 1:1.8.0.242.b07-1 +- Update to aarch64-shenandoah-jdk8u242-b07. +- Switch to GA mode for final release. +- Remove Shenandoah S390 patch which is now included upstream as JDK-8236829. +- Resolves: rhbz#1785753 + +* Sun Jan 05 2020 Andrew Hughes - 1:1.8.0.242.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u242-b05. +- Attempt to fix Shenandoah formatting failures on S390, introduced by JDK-8232102. +- Revise b05 snapshot to include JDK-8236178. +- Add additional Shenandoah formatting fixes revealed by successful -Wno-error=format run +- Resolves: rhbz#1785753 + +* Thu Dec 26 2019 Andrew Hughes - 1:1.8.0.242.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u242-b01. +- Switch to EA mode. +- Resolves: rhbz#1785753 + +* Sun Dec 22 2019 Andrew John Hughes - 1:1.8.0.232.b09-5 +- Replace JDK-8231991 backport with upstream version and include JDK-8234107 fixup. +- Resolves: rhbz#1785753 + +* Wed Nov 27 2019 Andrew Hughes - 1:1.8.0.232.b09-4 +- Update generate_source_tarball.sh script to use the PR3756 patch and retain the secp256k1 curve. +- Regenerate source tarball using the updated script and add the -'4curve' suffix. +- Resolves: rhbz#1746874 + +* Mon Nov 25 2019 Andrew Hughes - 1:1.8.0.232.b09-3 +- Mark net.properties as a config file (based on Fedora patch by James Cassell) +- Resolves: rhbz#1710928 + +* Wed Nov 06 2019 Andrew Hughes - 1:1.8.0.232.b09-2 +- Add backport of JDK-8231991 (mouse wheel focus issue) +- Resolves: rhbz#1741676 + +* Fri Oct 11 2019 Andrew Hughes - 1:1.8.0.232.b09-1 +- Update to aarch64-shenandoah-jdk8u232-b09. +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. +- Resolves: rhbz#1753423 + +* Tue Oct 01 2019 Andrew Hughes - 1:1.8.0.232.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b08. +- Resolves: rhbz#1737109 + +* Tue Sep 24 2019 Andrew Hughes - 1:1.8.0.232.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b07. +- Resolves: rhbz#1737109 + +* Wed Sep 18 2019 Andrew Hughes - 1:1.8.0.232.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b06. +- Resolves: rhbz#1737109 + +* Tue Sep 17 2019 Andrew Hughes - 1:1.8.0.232.b05-0.2.ea +- Update to aarch64-shenandoah-jdk8u232-b05-shenandoah-merge-2019-09-09. +- Update version logic to handle -shenandoah* tag suffix. +- Resolves: rhbz#1737109 + +* Thu Sep 05 2019 Andrew Hughes - 1:1.8.0.232.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b05. +- Drop upstreamed patch JDK-8141570/PR3548. +- Adjust context of JDK-8143245/PR3548 to apply against upstream JDK-8141570. +- Resolves: rhbz#1737109 + +* Tue Aug 20 2019 Andrew Hughes - 1:1.8.0.232.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u232-b04. +- Resolves: rhbz#1737109 + * Sat Aug 10 2019 Andrew Hughes - 1:1.8.0.232.b03-0.1.ea - Update to aarch64-shenandoah-jdk8u232-b03. - Resolves: rhbz#1737109