Architecture specific change in rpms/java-17-openjdk.git
by githook-noreply@fedoraproject.org
The package rpms/java-17-openjdk.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-17-openjdk.git/commit/?id=ee...
https://src.fedoraproject.org/cgit/rpms/java-17-openjdk.git/commit/?id=db....
Change:
+%ifarch noarch
+%ifarch %{zero_arches}
Thanks.
Full change:
============
commit 39fcd54de766e759b3ee516f9d9977a8b064a1b6
Author: Jiri <jvanek(a)redhat.com>
Date: Thu Apr 28 16:34:27 2022 +0200
Reverted: moved to become system jdk; not applicable to f35 and down
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index 121bd41..498970e 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -100,7 +100,7 @@
# while JDK is a techpreview(is_system_jdk=0), some provides are turned off. Once jdk stops to be an techpreview, move it to 1
# as sytem JDK, we mean any JDK which can run whole system java stack without issues (like bytecode issues, module issues, dependencies...)
-%global is_system_jdk 1
+%global is_system_jdk 0
%global aarch64 aarch64 arm64 armv8
# we need to distinguish between big and little endian PPC64
@@ -2577,9 +2577,6 @@ cjc.mainProgram(args)
- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
- Need to support noarch for creating source RPMs for non-scratch builds.
-* Fri Feb 04 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.2.0.8-4
-- moved to become system jdk
-
* Fri Feb 04 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-2
- Temporarily move x86 to use Zero in order to get a working build
- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
commit e5bfe5ebd7823f8c32f3822aeeb4a167d4266411
Merge: b44b85d 3cbe105
Author: Jiri <jvanek(a)redhat.com>
Date: Thu Apr 28 16:24:02 2022 +0200
Merge branch 'rawhide' into f35
commit 3cbe105c02a34a9a45c741b1e5ea997241cfb84b
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Sun Apr 24 22:13:48 2022 +0100
April 2022 security update to jdk 17.0.3+7
Update release notes to 17.0.3.0+7
Update README.md and generate_source_tarball.sh to match CentOS
Switch to GA mode for release
JDK-8283911 patch no longer needed now we're GA...
diff --git a/.gitignore b/.gitignore
index a07e974..9d53f89 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,5 @@
/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
/openjdk-jdk17u-jdk-17.0.3+1.tar.xz
/openjdk-jdk17u-jdk-17.0.3+5.tar.xz
+/openjdk-jdk17u-17usec.17.0.3+5-220408.tar.xz
+/openjdk-jdk17u-jdk-17.0.3+7.tar.xz
diff --git a/NEWS b/NEWS
index 7c85481..b0e58ad 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,25 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk1703
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.3.txt
+* Security fixes
+ - JDK-8269938: Enhance XML processing passes redux
+ - JDK-8270504, CVE-2022-21426: Better XPath expression handling
+ - JDK-8272255: Completely handle MIDI files
+ - JDK-8272261: Improve JFR recording file processing
+ - JDK-8272588: Enhanced recording parsing
+ - JDK-8272594: Better record of recordings
+ - JDK-8274221: More definite BER encodings
+ - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0
+ - JDK-8275151, CVE-2022-21443: Improved Object Identification
+ - JDK-8277227: Better identification of OIDs
+ - JDK-8277233, CVE-2022-21449: Improve ECDSA signature support
+ - JDK-8277672, CVE-2022-21434: Better invocation handler handling
+ - JDK-8278356: Improve file creation
+ - JDK-8278449: Improve keychain support
+ - JDK-8278798: Improve supported intrinsic
+ - JDK-8278805: Enhance BMP image loading
+ - JDK-8278972, CVE-2022-21496: Improve URL supports
+ - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
* Other changes
- JDK-8177814: jdk/editpad is not in jdk TEST.groups
- JDK-8186670: Implement _onSpinWait() intrinsic for AArch64
@@ -79,7 +98,6 @@ Live versions of these release notes can be found at:
- JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler
- JDK-8274935: dumptime_table has stale entry
- JDK-8274944: AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info
- - JDK-8275082: Update XML Security for Java to 2.3.0
- JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected
- JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions
- JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime
@@ -175,7 +193,11 @@ Live versions of these release notes can be found at:
- JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames
- JDK-8281460: Let ObjectMonitor have its own NMT category
- JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX
+ - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
+ - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
- JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
+ - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
+ - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
Notes on individual issues:
===========================
diff --git a/README.md b/README.md
index 079e78c..3bfd7d2 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,13 @@
-Package of LTS OpenJDK 17
-OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only.
+OpenJDK 17 is the latest Long-Term Support (LTS) release of the Java platform.
-JDK17 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/17/ and is landing to your Fedora. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives.
+* https://fedoraproject.org/wiki/Changes/Java17
-See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
-See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf
+For a list of major changes from OpenJDK 11 (java-11-openjdk), see the upstream
+release page for OpenJDK 17 and the preceding interim releases:
-https://fedoraproject.org/wiki/Changes/Java17
-https://fedoraproject.org/wiki/Changes/java-11-openjdk-TechPreview
+* 12: https://openjdk.java.net/projects/jdk/12/
+* 13: https://openjdk.java.net/projects/jdk/13/
+* 14: https://openjdk.java.net/projects/jdk/14/
+* 15: https://openjdk.java.net/projects/jdk/15/
+* 16: https://openjdk.java.net/projects/jdk/16/
+* 17: https://openjdk.java.net/projects/jdk/17/
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index 1a019ff..bf21bc4 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -8,8 +8,8 @@
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=openjdk
-# REPO_NAME=jdk16
-# VERSION=HEAD
+# REPO_NAME=jdk17u
+# VERSION=jdk-17.0.3+5
# or to eg prepare systemtap:
# icedtea7's jstack and other tapsets
# VERSION=6327cf1cea9e
@@ -130,7 +130,7 @@ pushd "${FILE_NAME_ROOT}"
# get PR3823.patch (from http://icedtea.classpath.org/hg/icedtea16) from most correct tag
# Do not push it or publish it (see https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3823)
echo "PR3823 not found. Downloading..."
- wget https://icedtea.classpath.org/hg/icedtea16/raw-file/tip/patches/pr3823.patch
+ wget https://icedtea.wildebeest.org/hg/icedtea16/raw-file/tip/patches/pr3823.p...
echo "Applying ${PWD}/pr3823.patch"
patch -Np1 < pr3823.patch
rm pr3823.patch
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index eefa952..121bd41 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -333,7 +333,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 5
+%global buildver 7
%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@@ -353,11 +353,14 @@
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
+# The tag used to create the OpenJDK tarball
+%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
+
# Define milestone (EA for pre-releases, GA for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global build_type GA
%global expected_ea_designator ""
@@ -1249,9 +1252,8 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv
URL: http://openjdk.java.net/
-# to regenerate source0 (jdk) run update_package.sh
-# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
-Source0: openjdk-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
+# The source tarball, generated using generate_source_tarball.sh
+Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x).
@@ -1342,8 +1344,6 @@ Patch1018: rh2052070-enable_algorithmparameters_in_fips_mode.patch
#############################################
# JDK-8282004: x86_32.ad rules that call SharedRuntime helpers should have CALL effects
Patch7: jdk8282004-x86_32-missing_call_effects.patch
-# JDK-8283911: DEFAULT_PROMOTED_VERSION_PRE not reset to 'ea' for jdk-17.0.4
-Patch2001: jdk8283911-default_promoted_version_pre.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -1769,8 +1769,6 @@ popd # openjdk
%patch1017
%patch1018
-%patch2001
-
# Extract systemtap tapsets
%if %{with_systemtap}
tar --strip-components=1 -x -I xz -f %{SOURCE8}
@@ -2541,6 +2539,13 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sun Apr 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.7-1
+- April 2022 security update to jdk 17.0.3+7
+- Update release notes to 17.0.3.0+7
+- Update README.md and generate_source_tarball.sh to match CentOS
+- Switch to GA mode for release
+- JDK-8283911 patch no longer needed now we're GA...
+
* Wed Apr 13 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.5-0.1.ea
- Update to jdk-17.0.3.0+5
- Update release notes to 17.0.3.0+5
diff --git a/jdk8283911-default_promoted_version_pre.patch b/jdk8283911-default_promoted_version_pre.patch
deleted file mode 100644
index b94cbd5..0000000
--- a/jdk8283911-default_promoted_version_pre.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-commit 37807a694f89611f60880260d2bb7162908bc0c8
-Author: Andrew Hughes <gnu.andrew(a)redhat.com>
-Date: Wed Mar 30 04:19:43 2022 +0100
-
- 8283911: DEFAULT_PROMOTED_VERSION_PRE not reset to 'ea' for jdk-17.0.4
-
-diff --git openjdk.orig/make/conf/version-numbers.conf openjdk/make/conf/version-numbers.conf
-index 71b19762f2e..7378ec67a48 100644
---- openjdk.orig/make/conf/version-numbers.conf
-+++ openjdk/make/conf/version-numbers.conf
-@@ -39,4 +39,4 @@ DEFAULT_VERSION_CLASSFILE_MINOR=0
- DEFAULT_VERSION_DOCS_API_SINCE=11
- DEFAULT_ACCEPTABLE_BOOT_VERSIONS="16 17"
- DEFAULT_JDK_SOURCE_TARGET_VERSION=17
--DEFAULT_PROMOTED_VERSION_PRE=
-+DEFAULT_PROMOTED_VERSION_PRE=ea
diff --git a/sources b/sources
index dda3fdf..e4816a7 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk17u-jdk-17.0.3+5.tar.xz) = a08bc4a014493ad75594f1370ffc03852fa0601c3c9552c23b117a6f1f7f3b6b9689b3a2f5b52707875171ca60ebe3f3b0b453b9c31d9a946a322de85e4f1160
+SHA512 (openjdk-jdk17u-jdk-17.0.3+7.tar.xz) = 9f6aa266ff26bee08a6c6e9060f616d0acd0613567526463386ee7a8b7ad367a1347b9d6db6e05d73f20bf08d02e8650e33ccd83c8e62587710d885191d1b567
commit a29fc2e2664f82174bee5f1e6956cbce2f0d2127
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Wed Apr 13 03:34:46 2022 +0100
Update to jdk-17.0.3.0+5
Update release notes to 17.0.3.0+5
diff --git a/.gitignore b/.gitignore
index fa4239b..a07e974 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,3 +22,4 @@
/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
/openjdk-jdk17u-jdk-17.0.3+1.tar.xz
+/openjdk-jdk17u-jdk-17.0.3+5.tar.xz
diff --git a/NEWS b/NEWS
index 50b37ae..7c85481 100644
--- a/NEWS
+++ b/NEWS
@@ -32,14 +32,21 @@ Live versions of these release notes can be found at:
- JDK-8269523: runtime/Safepoint/TestAbortOnVMOperationTimeout.java failed when expecting 'VM operation took too long'
- JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java fails with Address already in use error
- JDK-8269849: vmTestbase/gc/gctests/PhantomReference/phantom002/TestDescription.java failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects"
+ - JDK-8270117: Broken jtreg link in "Building the JDK" page
- JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor
- JDK-8271056: C2: "assert(no_dead_loop) failed: dead loop detected" due to cmoving identity
+ - JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
- JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty
- JDK-8271506: Add ResourceHashtable support for deleting selected entries
+ - JDK-8271721: Split gc/g1/TestMixedGCLiveThreshold into separate tests
- JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
- JDK-8272327: Shenandoah: Avoid enqueuing duplicate string candidates
- JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
+ - JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
- JDK-8272553: several hotspot runtime/CommandLine tests don't check exit code
+ - JDK-8272600: (test) Use native "sleep" in Basic.java
+ - JDK-8272866: java.util.random package summary contains incorrect mixing function in table
+ - JDK-8272996: JNDI DNS provider fails to resolve SRV entries when IPV6 stack is enabled
- JDK-8273162: AbstractSplittableWithBrineGenerator does not create a random salt
- JDK-8273277: C2: Move conditional negation into rc_predicate
- JDK-8273341: Update Siphash to version 1.0
@@ -51,6 +58,7 @@ Live versions of these release notes can be found at:
- JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests
- JDK-8273526: Extend the OSContainer API pids controller with pids.current
- JDK-8273634: [TEST_BUG] Improve javax/swing/text/ParagraphView/6364882/bug6364882.java
+ - JDK-8273655: content-types.properties files are missing some common types
- JDK-8273682: Upgrade Jline to 3.20.0
- JDK-8273704: DrawStringWithInfiniteXform.java failed : drawString with InfiniteXform transform takes long time
- JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails due to wrong data size with TieredStopAtLevel=2,3
@@ -58,8 +66,12 @@ Live versions of these release notes can be found at:
- JDK-8273967: gtest os.dll_address_to_function_and_library_name_vm fails on macOS12
- JDK-8273972: Multi-core choke point in CMM engine (LCMSTransform.doTransform)
- JDK-8274130: C2: MulNode::Ideal chained transformations may act on wrong nodes
+ - JDK-8274171: java/nio/file/Files/probeContentType/Basic.java failed on "Content type" mismatches
- JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/bug6364882.java failures
+ - JDK-8274471: Add support for RSASSA-PSS in OCSP Response
- JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
+ - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
+ - JDK-8274562: (fs) UserDefinedFileAttributeView doesn't correctly determine if supported when using OverlayFS
- JDK-8274658: ISO 4217 Amendment 170 Update
- JDK-8274714: Incorrect verifier protected access error message
- JDK-8274750: java/io/File/GetXSpace.java failed: '/dev': 191488 != 190976
@@ -69,6 +81,7 @@ Live versions of these release notes can be found at:
- JDK-8274944: AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info
- JDK-8275082: Update XML Security for Java to 2.3.0
- JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected
+ - JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions
- JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime
- JDK-8275586: Zero: Simplify interpreter initialization
- JDK-8275608: runtime/Metaspace/elastic/TestMetaspaceAllocationMT2 too slow
@@ -81,6 +94,7 @@ Live versions of these release notes can be found at:
- JDK-8275847: Scheduling fails with "too many D-U pinch points" on small method
- JDK-8275874: [JVMCI] only support aligned reads in c2v_readFieldValue
- JDK-8276057: Update JMH devkit to 1.33
+ - JDK-8276141: XPathFactory set/getProperty method
- JDK-8276177: nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here"
- JDK-8276314: [JVMCI] check alignment of call displacement during code installation
- JDK-8276623: JDK-8275650 accidentally pushed "out" file
@@ -88,32 +102,42 @@ Live versions of these release notes can be found at:
- JDK-8276662: Scalability bottleneck in SymbolTable::lookup_common()
- JDK-8276764: Enable deterministic file content ordering for Jar and Jmod
- JDK-8276766: Enable jar and jmod to produce deterministic timestamped content
+ - JDK-8276841: Add support for Visual Studio 2022
- JDK-8277069: [REDO] JDK-8276743 Make openjdk build Zip Archive generation "reproducible"
- JDK-8277137: Set OnSpinWaitInst/OnSpinWaitInstCount defaults to "isb"/1 for Arm Neoverse N1
- JDK-8277180: Intrinsify recursive ObjectMonitor locking for C2 x64 and A64
+ - JDK-8277299: STACK_OVERFLOW in Java_sun_awt_shell_Win32ShellFolder2_getIconBits
- JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows
- JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for
+ - JDK-8277383: VM.metaspace optionally show chunk freelist details
- JDK-8277385: Zero: Enable CompactStrings support
- JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last
- JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop
- JDK-8277449: compiler/vectorapi/TestLongVectorNeg.java fails with release VMs
+ - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- JDK-8277497: Last column cell in the JTable row is read as empty cell
- JDK-8277503: compiler/onSpinWait/TestOnSpinWaitAArch64DefaultFlags.java failed with "OnSpinWaitInst with the expected value 'isb' not found."
+ - JDK-8277762: Allow configuration of HOTSPOT_BUILD_USER
- JDK-8277777: [Vector API] assert(r->is_XMMRegister()) failed: must be in x86_32.ad
+ - JDK-8277795: ldap connection timeout not honoured under contention
- JDK-8277846: Implement fast-path for ASCII-compatible CharsetEncoders on ppc64
- JDK-8277919: OldObjectSample event causing bloat in the class constant pool in JFR recording
- JDK-8277992: Add fast jdk_svc subtests to jdk:tier3
- JDK-8278016: Add compiler tests to tier{2,3}
- JDK-8278020: ~13% variation in Renaissance-Scrabble
+ - JDK-8278080: Add --with-cacerts-src='user cacerts folder' to enable deterministic cacerts generation
- JDK-8278099: two sun/security/pkcs11/Signature tests failed with AssertionError
- JDK-8278104: C1 should support the compiler directive 'BreakAtExecute'
- JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx
- JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx
+ - JDK-8278163: --with-cacerts-src variable resolved after GenerateCacerts recipe setup
- JDK-8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux
+ - JDK-8278185: Custom JRE cannot find non-ASCII named module inside
- JDK-8278239: vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine failed with EXCEPTION_ACCESS_VIOLATION at 0x000000000000000d
- JDK-8278241: Implement JVM SpinPause on linux-aarch64
- JDK-8278309: [windows] use of uninitialized OSThread::_state
- JDK-8278344: sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output
+ - JDK-8278346: java/nio/file/Files/probeContentType/Basic.java fails on Linux SLES15 machine
- JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
- JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT
- JDK-8278389: SuspendibleThreadSet::_suspend_all should be volatile/atomic
@@ -124,6 +148,7 @@ Live versions of these release notes can be found at:
- JDK-8278822: Bump update version for OpenJDK: jdk-17.0.3
- JDK-8278824: Uneven work distribution when scanning heap roots in G1
- JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob
+ - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
- JDK-8278987: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in __write_sample_info__
- JDK-8279011: JFR: JfrChunkWriter incorrectly handles int64_t chunk size as size_t
- JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0
@@ -131,18 +156,35 @@ Live versions of these release notes can be found at:
- JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers
- JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest
- JDK-8279379: GHA: Print tests that are in error
+ - JDK-8279385: [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java after 8278344
- JDK-8279412: [JVMCI] failed speculations list must outlive any nmethod that refers to it
- JDK-8279445: Update JMH devkit to 1.34
- JDK-8279453: Disable tools/jar/ReproducibleJar.java on 32-bit platforms
- JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT
+ - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition
+ - JDK-8279695: [TESTBUG] modify compiler/loopopts/TestSkeletonPredicateNegation.java to run on C1 also
- JDK-8279702: [macosx] ignore xcodebuild warnings on M1
- JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16
- JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks
- JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id"
- JDK-8280002: jmap -histo may leak stream
- JDK-8280155: [PPC64, s390] frame size checks are not yet correct
+ - JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
- JDK-8280414: Memory leak in DefaultProxySelector
- JDK-8280526: x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1}
+ - JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames
+ - JDK-8281460: Let ObjectMonitor have its own NMT category
+ - JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX
+ - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8274791: Support for RSASSA-PSS in OCSP Response
+====================================================
+An OCSP response signed with the RSASSA-PSS algorithm is now supported.
New in release OpenJDK 17.0.2 (2022-01-18):
===========================================
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index 035d14c..eefa952 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -333,7 +333,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 1
+%global buildver 5
%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@@ -2541,6 +2541,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Apr 13 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.5-0.1.ea
+- Update to jdk-17.0.3.0+5
+- Update release notes to 17.0.3.0+5
+
* Fri Apr 08 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.1-0.1.ea
- Update to jdk-17.0.3.0+1
- Update release notes to 17.0.3.0+1
diff --git a/sources b/sources
index 363f8f6..dda3fdf 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk17u-jdk-17.0.3+1.tar.xz) = f6bc8ba86a3e7dcd7d5c9ac17fe0ff337b76cc654b667bd1d506778dfa76b3d140731119738fa330601f5f4751ce11c9bf9877bad403d6ed610f2c91570dd304
+SHA512 (openjdk-jdk17u-jdk-17.0.3+5.tar.xz) = a08bc4a014493ad75594f1370ffc03852fa0601c3c9552c23b117a6f1f7f3b6b9689b3a2f5b52707875171ca60ebe3f3b0b453b9c31d9a946a322de85e4f1160
commit 52e513df50dce3236b17ac5f0fbc3bb9d6dea57e
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Fri Apr 8 17:42:37 2022 +0100
Update to jdk-17.0.3.0+1
Update release notes to 17.0.3.0+1
Switch to EA mode for 17.0.3 pre-release builds.
Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
diff --git a/.gitignore b/.gitignore
index 2bc3036..fa4239b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,4 @@
/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
+/openjdk-jdk17u-jdk-17.0.3+1.tar.xz
diff --git a/NEWS b/NEWS
index 78938f4..50b37ae 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,147 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 17.0.3 (2022-04-19):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk1703
+ * https://builds.shipilev.net/backports-monitor/release-notes-17.0.3.txt
+
+* Other changes
+ - JDK-8177814: jdk/editpad is not in jdk TEST.groups
+ - JDK-8186670: Implement _onSpinWait() intrinsic for AArch64
+ - JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java and NonGregorianFormatTest fail intermittently
+ - JDK-8225559: assertion error at TransTypes.visitApply
+ - JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful
+ - JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/6318524/bug6318524.java never fails
+ - JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a test
+ - JDK-8247980: Exclusive execution of java/util/stream tests slows down tier1
+ - JDK-8251216: Implement MD5 intrinsics on AArch64
+ - JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/TestDescription.java fails with "ERROR: DebuggeeSleepingThread: ThreadDeath lost"
+ - JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt"
+ - JDK-8263567: gtests don't terminate the VM safely
+ - JDK-8265150: AsyncGetCallTrace crashes on ResourceMark
+ - JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups
+ - JDK-8269032: Stringdedup tests are failing if the ergonomically select GC does not support it
+ - JDK-8269037: jsig/Testjsig.java doesn't have to be restricted to linux only
+ - JDK-8269087: CheckSegmentedCodeCache test fails in an emulated-client VM
+ - JDK-8269175: [macosx-aarch64] wrong CPU speed in hs_err file
+ - JDK-8269206: A small typo in comment in test/lib/sun/hotspot/WhiteBox.java
+ - JDK-8269523: runtime/Safepoint/TestAbortOnVMOperationTimeout.java failed when expecting 'VM operation took too long'
+ - JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java fails with Address already in use error
+ - JDK-8269849: vmTestbase/gc/gctests/PhantomReference/phantom002/TestDescription.java failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects"
+ - JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor
+ - JDK-8271056: C2: "assert(no_dead_loop) failed: dead loop detected" due to cmoving identity
+ - JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty
+ - JDK-8271506: Add ResourceHashtable support for deleting selected entries
+ - JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
+ - JDK-8272327: Shenandoah: Avoid enqueuing duplicate string candidates
+ - JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
+ - JDK-8272553: several hotspot runtime/CommandLine tests don't check exit code
+ - JDK-8273162: AbstractSplittableWithBrineGenerator does not create a random salt
+ - JDK-8273277: C2: Move conditional negation into rc_predicate
+ - JDK-8273341: Update Siphash to version 1.0
+ - JDK-8273351: bad tag in jdk.random module-info.java
+ - JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/bug6302464.java fails on macOS12
+ - JDK-8273381: Assert in PtrQueueBufferAllocatorTest.stress_free_list_allocator_vm
+ - JDK-8273387: remove some unreferenced gtk-related functions
+ - JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict tests
+ - JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests
+ - JDK-8273526: Extend the OSContainer API pids controller with pids.current
+ - JDK-8273634: [TEST_BUG] Improve javax/swing/text/ParagraphView/6364882/bug6364882.java
+ - JDK-8273682: Upgrade Jline to 3.20.0
+ - JDK-8273704: DrawStringWithInfiniteXform.java failed : drawString with InfiniteXform transform takes long time
+ - JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails due to wrong data size with TieredStopAtLevel=2,3
+ - JDK-8273933: [TESTBUG] Test must run without preallocated exceptions
+ - JDK-8273967: gtest os.dll_address_to_function_and_library_name_vm fails on macOS12
+ - JDK-8273972: Multi-core choke point in CMM engine (LCMSTransform.doTransform)
+ - JDK-8274130: C2: MulNode::Ideal chained transformations may act on wrong nodes
+ - JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/bug6364882.java failures
+ - JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
+ - JDK-8274658: ISO 4217 Amendment 170 Update
+ - JDK-8274714: Incorrect verifier protected access error message
+ - JDK-8274750: java/io/File/GetXSpace.java failed: '/dev': 191488 != 190976
+ - JDK-8274753: ZGC: SEGV in MetaspaceShared::link_shared_classes
+ - JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler
+ - JDK-8274935: dumptime_table has stale entry
+ - JDK-8274944: AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info
+ - JDK-8275082: Update XML Security for Java to 2.3.0
+ - JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected
+ - JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime
+ - JDK-8275586: Zero: Simplify interpreter initialization
+ - JDK-8275608: runtime/Metaspace/elastic/TestMetaspaceAllocationMT2 too slow
+ - JDK-8275610: C2: Object field load floats above its null check resulting in a segfault
+ - JDK-8275643: C2's unaryOp vector intrinsic does not properly handle LongVector.neg
+ - JDK-8275645: [JVMCI] avoid unaligned volatile reads on AArch64
+ - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
+ - JDK-8275687: runtime/CommandLine/PrintTouchedMethods test shouldn't catch RuntimeException
+ - JDK-8275800: Redefinition leaks MethodData::_extra_data_lock
+ - JDK-8275847: Scheduling fails with "too many D-U pinch points" on small method
+ - JDK-8275874: [JVMCI] only support aligned reads in c2v_readFieldValue
+ - JDK-8276057: Update JMH devkit to 1.33
+ - JDK-8276177: nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here"
+ - JDK-8276314: [JVMCI] check alignment of call displacement during code installation
+ - JDK-8276623: JDK-8275650 accidentally pushed "out" file
+ - JDK-8276654: element-list order is non deterministic
+ - JDK-8276662: Scalability bottleneck in SymbolTable::lookup_common()
+ - JDK-8276764: Enable deterministic file content ordering for Jar and Jmod
+ - JDK-8276766: Enable jar and jmod to produce deterministic timestamped content
+ - JDK-8277069: [REDO] JDK-8276743 Make openjdk build Zip Archive generation "reproducible"
+ - JDK-8277137: Set OnSpinWaitInst/OnSpinWaitInstCount defaults to "isb"/1 for Arm Neoverse N1
+ - JDK-8277180: Intrinsify recursive ObjectMonitor locking for C2 x64 and A64
+ - JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows
+ - JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for
+ - JDK-8277385: Zero: Enable CompactStrings support
+ - JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last
+ - JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop
+ - JDK-8277449: compiler/vectorapi/TestLongVectorNeg.java fails with release VMs
+ - JDK-8277497: Last column cell in the JTable row is read as empty cell
+ - JDK-8277503: compiler/onSpinWait/TestOnSpinWaitAArch64DefaultFlags.java failed with "OnSpinWaitInst with the expected value 'isb' not found."
+ - JDK-8277777: [Vector API] assert(r->is_XMMRegister()) failed: must be in x86_32.ad
+ - JDK-8277846: Implement fast-path for ASCII-compatible CharsetEncoders on ppc64
+ - JDK-8277919: OldObjectSample event causing bloat in the class constant pool in JFR recording
+ - JDK-8277992: Add fast jdk_svc subtests to jdk:tier3
+ - JDK-8278016: Add compiler tests to tier{2,3}
+ - JDK-8278020: ~13% variation in Renaissance-Scrabble
+ - JDK-8278099: two sun/security/pkcs11/Signature tests failed with AssertionError
+ - JDK-8278104: C1 should support the compiler directive 'BreakAtExecute'
+ - JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx
+ - JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx
+ - JDK-8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux
+ - JDK-8278239: vmTestbase/nsk/jvmti/RedefineClasses/StressRedefine failed with EXCEPTION_ACCESS_VIOLATION at 0x000000000000000d
+ - JDK-8278241: Implement JVM SpinPause on linux-aarch64
+ - JDK-8278309: [windows] use of uninitialized OSThread::_state
+ - JDK-8278344: sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output
+ - JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
+ - JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT
+ - JDK-8278389: SuspendibleThreadSet::_suspend_all should be volatile/atomic
+ - JDK-8278526: [macos] Screen reader reads SwingSet2 JTable row selection as null, dimmed row for last column
+ - JDK-8278604: SwingSet2 table demo does not have accessible description set for images
+ - JDK-8278627: Shenandoah: TestHeapDump test failed
+ - JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134
+ - JDK-8278822: Bump update version for OpenJDK: jdk-17.0.3
+ - JDK-8278824: Uneven work distribution when scanning heap roots in G1
+ - JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob
+ - JDK-8278987: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in __write_sample_info__
+ - JDK-8279011: JFR: JfrChunkWriter incorrectly handles int64_t chunk size as size_t
+ - JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0
+ - JDK-8279124: VM does not handle SIGQUIT during initialization
+ - JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers
+ - JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest
+ - JDK-8279379: GHA: Print tests that are in error
+ - JDK-8279412: [JVMCI] failed speculations list must outlive any nmethod that refers to it
+ - JDK-8279445: Update JMH devkit to 1.34
+ - JDK-8279453: Disable tools/jar/ReproducibleJar.java on 32-bit platforms
+ - JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT
+ - JDK-8279702: [macosx] ignore xcodebuild warnings on M1
+ - JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16
+ - JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks
+ - JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id"
+ - JDK-8280002: jmap -histo may leak stream
+ - JDK-8280155: [PPC64, s390] frame size checks are not yet correct
+ - JDK-8280414: Memory leak in DefaultProxySelector
+ - JDK-8280526: x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1}
+
New in release OpenJDK 17.0.2 (2022-01-18):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index 1de2899..035d14c 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -305,7 +305,7 @@
# New Version-String scheme-style defines
%global featurever 17
%global interimver 0
-%global updatever 2
+%global updatever 3
%global patchver 0
# If you bump featurever, you must also bump vendor_version_string
# Used via new version scheme. JDK 17 was
@@ -333,8 +333,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 8
-%global rpmrelease 9
+%global buildver 1
+%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -357,7 +357,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global build_type GA
%global expected_ea_designator ""
@@ -1342,6 +1342,8 @@ Patch1018: rh2052070-enable_algorithmparameters_in_fips_mode.patch
#############################################
# JDK-8282004: x86_32.ad rules that call SharedRuntime helpers should have CALL effects
Patch7: jdk8282004-x86_32-missing_call_effects.patch
+# JDK-8283911: DEFAULT_PROMOTED_VERSION_PRE not reset to 'ea' for jdk-17.0.4
+Patch2001: jdk8283911-default_promoted_version_pre.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -1767,6 +1769,8 @@ popd # openjdk
%patch1017
%patch1018
+%patch2001
+
# Extract systemtap tapsets
%if %{with_systemtap}
tar --strip-components=1 -x -I xz -f %{SOURCE8}
@@ -2537,6 +2541,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Apr 08 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.1-0.1.ea
+- Update to jdk-17.0.3.0+1
+- Update release notes to 17.0.3.0+1
+- Switch to EA mode for 17.0.3 pre-release builds.
+- Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
+
* Wed Apr 06 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-9
- Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
diff --git a/jdk8283911-default_promoted_version_pre.patch b/jdk8283911-default_promoted_version_pre.patch
new file mode 100644
index 0000000..b94cbd5
--- /dev/null
+++ b/jdk8283911-default_promoted_version_pre.patch
@@ -0,0 +1,16 @@
+commit 37807a694f89611f60880260d2bb7162908bc0c8
+Author: Andrew Hughes <gnu.andrew(a)redhat.com>
+Date: Wed Mar 30 04:19:43 2022 +0100
+
+ 8283911: DEFAULT_PROMOTED_VERSION_PRE not reset to 'ea' for jdk-17.0.4
+
+diff --git openjdk.orig/make/conf/version-numbers.conf openjdk/make/conf/version-numbers.conf
+index 71b19762f2e..7378ec67a48 100644
+--- openjdk.orig/make/conf/version-numbers.conf
++++ openjdk/make/conf/version-numbers.conf
+@@ -39,4 +39,4 @@ DEFAULT_VERSION_CLASSFILE_MINOR=0
+ DEFAULT_VERSION_DOCS_API_SINCE=11
+ DEFAULT_ACCEPTABLE_BOOT_VERSIONS="16 17"
+ DEFAULT_JDK_SOURCE_TARGET_VERSION=17
+-DEFAULT_PROMOTED_VERSION_PRE=
++DEFAULT_PROMOTED_VERSION_PRE=ea
diff --git a/sources b/sources
index 22e666f..363f8f6 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk17u-jdk-17.0.2+8.tar.xz) = 03371771574c19c38f9091eaad7c46d1638c95e5a3ab16e5ce540bf0f9dcbf8f60fd3848f75fd6fb5eb5fa35a91ca8a6a7b582ce4cf5c7cd2efe6c0957c98719
+SHA512 (openjdk-jdk17u-jdk-17.0.3+1.tar.xz) = f6bc8ba86a3e7dcd7d5c9ac17fe0ff337b76cc654b667bd1d506778dfa76b3d140731119738fa330601f5f4751ce11c9bf9877bad403d6ed610f2c91570dd304
commit 8a08a43c551d78d40fb56eea17a9cea27d1f3711
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Wed Apr 6 17:42:56 2022 +0100
Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index 562b6c9..1de2899 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -334,7 +334,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 8
+%global rpmrelease 9
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1332,6 +1332,8 @@ Patch1015: rh2021263-fips_missing_native_returns.patch
Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
# RH2052829: Detect NSS at Runtime for FIPS detection
Patch1017: rh2052829-fips_runtime_nss_detection.patch
+# RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
+Patch1018: rh2052070-enable_algorithmparameters_in_fips_mode.patch
#############################################
#
@@ -1763,6 +1765,7 @@ popd # openjdk
%patch1015
%patch1016
%patch1017
+%patch1018
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -2534,6 +2537,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Apr 06 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-9
+- Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
+
* Wed Mar 30 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-8
- java-17-openjdk should depend on itself to build, not java-latest-openjdk which is now OpenJDK 18
diff --git a/rh2052070-enable_algorithmparameters_in_fips_mode.patch b/rh2052070-enable_algorithmparameters_in_fips_mode.patch
new file mode 100644
index 0000000..7488ea5
--- /dev/null
+++ b/rh2052070-enable_algorithmparameters_in_fips_mode.patch
@@ -0,0 +1,1182 @@
+commit 6e74f283739af0d867df01d20f82865f559a45ea
+Author: Martin Balao <mbalao(a)redhat.com>
+Date: Mon Feb 28 04:58:05 2022 +0000
+
+ RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
+
+diff --git openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+index a020e1c15d8..6d459fdec01 100644
+--- openjdk.orig/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
++++ openjdk/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+@@ -31,6 +31,7 @@ import java.security.SecureRandom;
+ import java.security.PrivilegedAction;
+ import java.util.HashMap;
+ import java.util.List;
++import jdk.internal.access.SharedSecrets;
+ import static sun.security.util.SecurityConstants.PROVIDER_VER;
+ import static sun.security.util.SecurityProviderConstants.*;
+
+@@ -78,6 +79,10 @@ import static sun.security.util.SecurityProviderConstants.*;
+
+ public final class SunJCE extends Provider {
+
++ private static final boolean systemFipsEnabled =
++ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled();
++
+ @java.io.Serial
+ private static final long serialVersionUID = 6812507587804302833L;
+
+@@ -143,285 +148,287 @@ public final class SunJCE extends Provider {
+ void putEntries() {
+ // reuse attribute map and reset before each reuse
+ HashMap<String, String> attrs = new HashMap<>(3);
+- attrs.put("SupportedModes", "ECB");
+- attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+- + "|OAEPWITHMD5ANDMGF1PADDING"
+- + "|OAEPWITHSHA1ANDMGF1PADDING"
+- + "|OAEPWITHSHA-1ANDMGF1PADDING"
+- + "|OAEPWITHSHA-224ANDMGF1PADDING"
+- + "|OAEPWITHSHA-256ANDMGF1PADDING"
+- + "|OAEPWITHSHA-384ANDMGF1PADDING"
+- + "|OAEPWITHSHA-512ANDMGF1PADDING"
+- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+- attrs.put("SupportedKeyClasses",
+- "java.security.interfaces.RSAPublicKey" +
+- "|java.security.interfaces.RSAPrivateKey");
+- ps("Cipher", "RSA",
+- "com.sun.crypto.provider.RSACipher", null, attrs);
+-
+- // common block cipher modes, pads
+- final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
+- "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
+- "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
+- final String BLOCK_MODES128 = BLOCK_MODES +
+- "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
+- "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
+- final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
+-
+- attrs.clear();
+- attrs.put("SupportedModes", BLOCK_MODES);
+- attrs.put("SupportedPaddings", BLOCK_PADS);
+- attrs.put("SupportedKeyFormats", "RAW");
+- ps("Cipher", "DES",
+- "com.sun.crypto.provider.DESCipher", null, attrs);
+- psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
+- attrs);
+- ps("Cipher", "Blowfish",
+- "com.sun.crypto.provider.BlowfishCipher", null, attrs);
+-
+- ps("Cipher", "RC2",
+- "com.sun.crypto.provider.RC2Cipher", null, attrs);
+-
+- attrs.clear();
+- attrs.put("SupportedModes", BLOCK_MODES128);
+- attrs.put("SupportedPaddings", BLOCK_PADS);
+- attrs.put("SupportedKeyFormats", "RAW");
+- psA("Cipher", "AES",
+- "com.sun.crypto.provider.AESCipher$General", attrs);
+-
+- attrs.clear();
+- attrs.put("SupportedKeyFormats", "RAW");
+- psA("Cipher", "AES/KW/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
+- attrs);
+- ps("Cipher", "AES/KW/PKCS5Padding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
+- null, attrs);
+- psA("Cipher", "AES/KWP/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
+- attrs);
+-
+- psA("Cipher", "AES_128/ECB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_128/CBC/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
+- attrs);
+- psA("Cipher", "AES_128/OFB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_128/CFB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_128/KW/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
+- attrs);
+- ps("Cipher", "AES_128/KW/PKCS5Padding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
+- null, attrs);
+- psA("Cipher", "AES_128/KWP/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
+- attrs);
+-
+- psA("Cipher", "AES_192/ECB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_192/CBC/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
+- attrs);
+- psA("Cipher", "AES_192/OFB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_192/CFB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_192/KW/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
+- attrs);
+- ps("Cipher", "AES_192/KW/PKCS5Padding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
+- null, attrs);
+- psA("Cipher", "AES_192/KWP/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
+- attrs);
+-
+- psA("Cipher", "AES_256/ECB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_256/CBC/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
+- attrs);
+- psA("Cipher", "AES_256/OFB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_256/CFB/NoPadding",
+- "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
+- attrs);
+- psA("Cipher", "AES_256/KW/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
+- attrs);
+- ps("Cipher", "AES_256/KW/PKCS5Padding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
+- null, attrs);
+- psA("Cipher", "AES_256/KWP/NoPadding",
+- "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
+- attrs);
+-
+- attrs.clear();
+- attrs.put("SupportedModes", "GCM");
+- attrs.put("SupportedKeyFormats", "RAW");
+-
+- ps("Cipher", "AES/GCM/NoPadding",
+- "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
+- attrs);
+- psA("Cipher", "AES_128/GCM/NoPadding",
+- "com.sun.crypto.provider.GaloisCounterMode$AES128",
+- attrs);
+- psA("Cipher", "AES_192/GCM/NoPadding",
+- "com.sun.crypto.provider.GaloisCounterMode$AES192",
+- attrs);
+- psA("Cipher", "AES_256/GCM/NoPadding",
+- "com.sun.crypto.provider.GaloisCounterMode$AES256",
+- attrs);
+-
+- attrs.clear();
+- attrs.put("SupportedModes", "CBC");
+- attrs.put("SupportedPaddings", "NOPADDING");
+- attrs.put("SupportedKeyFormats", "RAW");
+- ps("Cipher", "DESedeWrap",
+- "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
+-
+- attrs.clear();
+- attrs.put("SupportedModes", "ECB");
+- attrs.put("SupportedPaddings", "NOPADDING");
+- attrs.put("SupportedKeyFormats", "RAW");
+- psA("Cipher", "ARCFOUR",
+- "com.sun.crypto.provider.ARCFOURCipher", attrs);
+-
+- attrs.clear();
+- attrs.put("SupportedKeyFormats", "RAW");
+- ps("Cipher", "ChaCha20",
+- "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
+- null, attrs);
+- psA("Cipher", "ChaCha20-Poly1305",
+- "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
+- attrs);
+-
+- // PBES1
+- psA("Cipher", "PBEWithMD5AndDES",
+- "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
+- null);
+- ps("Cipher", "PBEWithMD5AndTripleDES",
+- "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
+- psA("Cipher", "PBEWithSHA1AndDESede",
+- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
+- null);
+- psA("Cipher", "PBEWithSHA1AndRC2_40",
+- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
+- null);
+- psA("Cipher", "PBEWithSHA1AndRC2_128",
+- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
+- null);
+- psA("Cipher", "PBEWithSHA1AndRC4_40",
+- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
+- null);
+-
+- psA("Cipher", "PBEWithSHA1AndRC4_128",
+- "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
+- null);
+-
+- // PBES2
+- ps("Cipher", "PBEWithHmacSHA1AndAES_128",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
+-
+- ps("Cipher", "PBEWithHmacSHA224AndAES_128",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
+-
+- ps("Cipher", "PBEWithHmacSHA256AndAES_128",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
+-
+- ps("Cipher", "PBEWithHmacSHA384AndAES_128",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
+-
+- ps("Cipher", "PBEWithHmacSHA512AndAES_128",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
+-
+- ps("Cipher", "PBEWithHmacSHA1AndAES_256",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
+-
+- ps("Cipher", "PBEWithHmacSHA224AndAES_256",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
+-
+- ps("Cipher", "PBEWithHmacSHA256AndAES_256",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
+-
+- ps("Cipher", "PBEWithHmacSHA384AndAES_256",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
+-
+- ps("Cipher", "PBEWithHmacSHA512AndAES_256",
+- "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
+-
+- /*
+- * Key(pair) Generator engines
+- */
+- ps("KeyGenerator", "DES",
+- "com.sun.crypto.provider.DESKeyGenerator");
+- psA("KeyGenerator", "DESede",
+- "com.sun.crypto.provider.DESedeKeyGenerator",
+- null);
+- ps("KeyGenerator", "Blowfish",
+- "com.sun.crypto.provider.BlowfishKeyGenerator");
+- psA("KeyGenerator", "AES",
+- "com.sun.crypto.provider.AESKeyGenerator",
+- null);
+- ps("KeyGenerator", "RC2",
+- "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
+- psA("KeyGenerator", "ARCFOUR",
+- "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
+- null);
+- ps("KeyGenerator", "ChaCha20",
+- "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
+- ps("KeyGenerator", "HmacMD5",
+- "com.sun.crypto.provider.HmacMD5KeyGenerator");
+-
+- psA("KeyGenerator", "HmacSHA1",
+- "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
+- psA("KeyGenerator", "HmacSHA224",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
+- null);
+- psA("KeyGenerator", "HmacSHA256",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
+- null);
+- psA("KeyGenerator", "HmacSHA384",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
+- null);
+- psA("KeyGenerator", "HmacSHA512",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
+- null);
+- psA("KeyGenerator", "HmacSHA512/224",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
+- null);
+- psA("KeyGenerator", "HmacSHA512/256",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
+- null);
+-
+- psA("KeyGenerator", "HmacSHA3-224",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
+- null);
+- psA("KeyGenerator", "HmacSHA3-256",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
+- null);
+- psA("KeyGenerator", "HmacSHA3-384",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
+- null);
+- psA("KeyGenerator", "HmacSHA3-512",
+- "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
+- null);
+-
+- psA("KeyPairGenerator", "DiffieHellman",
+- "com.sun.crypto.provider.DHKeyPairGenerator",
+- null);
++ if (!systemFipsEnabled) {
++ attrs.put("SupportedModes", "ECB");
++ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
++ + "|OAEPWITHMD5ANDMGF1PADDING"
++ + "|OAEPWITHSHA1ANDMGF1PADDING"
++ + "|OAEPWITHSHA-1ANDMGF1PADDING"
++ + "|OAEPWITHSHA-224ANDMGF1PADDING"
++ + "|OAEPWITHSHA-256ANDMGF1PADDING"
++ + "|OAEPWITHSHA-384ANDMGF1PADDING"
++ + "|OAEPWITHSHA-512ANDMGF1PADDING"
++ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
++ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
++ attrs.put("SupportedKeyClasses",
++ "java.security.interfaces.RSAPublicKey" +
++ "|java.security.interfaces.RSAPrivateKey");
++ ps("Cipher", "RSA",
++ "com.sun.crypto.provider.RSACipher", null, attrs);
++
++ // common block cipher modes, pads
++ final String BLOCK_MODES = "ECB|CBC|PCBC|CTR|CTS|CFB|OFB" +
++ "|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64" +
++ "|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64";
++ final String BLOCK_MODES128 = BLOCK_MODES +
++ "|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128" +
++ "|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128";
++ final String BLOCK_PADS = "NOPADDING|PKCS5PADDING|ISO10126PADDING";
++
++ attrs.clear();
++ attrs.put("SupportedModes", BLOCK_MODES);
++ attrs.put("SupportedPaddings", BLOCK_PADS);
++ attrs.put("SupportedKeyFormats", "RAW");
++ ps("Cipher", "DES",
++ "com.sun.crypto.provider.DESCipher", null, attrs);
++ psA("Cipher", "DESede", "com.sun.crypto.provider.DESedeCipher",
++ attrs);
++ ps("Cipher", "Blowfish",
++ "com.sun.crypto.provider.BlowfishCipher", null, attrs);
++
++ ps("Cipher", "RC2",
++ "com.sun.crypto.provider.RC2Cipher", null, attrs);
++
++ attrs.clear();
++ attrs.put("SupportedModes", BLOCK_MODES128);
++ attrs.put("SupportedPaddings", BLOCK_PADS);
++ attrs.put("SupportedKeyFormats", "RAW");
++ psA("Cipher", "AES",
++ "com.sun.crypto.provider.AESCipher$General", attrs);
++
++ attrs.clear();
++ attrs.put("SupportedKeyFormats", "RAW");
++ psA("Cipher", "AES/KW/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES_KW_NoPadding",
++ attrs);
++ ps("Cipher", "AES/KW/PKCS5Padding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES_KW_PKCS5Padding",
++ null, attrs);
++ psA("Cipher", "AES/KWP/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES_KWP_NoPadding",
++ attrs);
++
++ psA("Cipher", "AES_128/ECB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES128_ECB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_128/CBC/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES128_CBC_NoPadding",
++ attrs);
++ psA("Cipher", "AES_128/OFB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES128_OFB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_128/CFB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES128_CFB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_128/KW/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_NoPadding",
++ attrs);
++ ps("Cipher", "AES_128/KW/PKCS5Padding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES128_KW_PKCS5Padding",
++ null, attrs);
++ psA("Cipher", "AES_128/KWP/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES128_KWP_NoPadding",
++ attrs);
++
++ psA("Cipher", "AES_192/ECB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES192_ECB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_192/CBC/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES192_CBC_NoPadding",
++ attrs);
++ psA("Cipher", "AES_192/OFB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES192_OFB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_192/CFB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES192_CFB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_192/KW/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_NoPadding",
++ attrs);
++ ps("Cipher", "AES_192/KW/PKCS5Padding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES192_KW_PKCS5Padding",
++ null, attrs);
++ psA("Cipher", "AES_192/KWP/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES192_KWP_NoPadding",
++ attrs);
++
++ psA("Cipher", "AES_256/ECB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES256_ECB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_256/CBC/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES256_CBC_NoPadding",
++ attrs);
++ psA("Cipher", "AES_256/OFB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES256_OFB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_256/CFB/NoPadding",
++ "com.sun.crypto.provider.AESCipher$AES256_CFB_NoPadding",
++ attrs);
++ psA("Cipher", "AES_256/KW/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_NoPadding",
++ attrs);
++ ps("Cipher", "AES_256/KW/PKCS5Padding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES256_KW_PKCS5Padding",
++ null, attrs);
++ psA("Cipher", "AES_256/KWP/NoPadding",
++ "com.sun.crypto.provider.KeyWrapCipher$AES256_KWP_NoPadding",
++ attrs);
++
++ attrs.clear();
++ attrs.put("SupportedModes", "GCM");
++ attrs.put("SupportedKeyFormats", "RAW");
++
++ ps("Cipher", "AES/GCM/NoPadding",
++ "com.sun.crypto.provider.GaloisCounterMode$AESGCM", null,
++ attrs);
++ psA("Cipher", "AES_128/GCM/NoPadding",
++ "com.sun.crypto.provider.GaloisCounterMode$AES128",
++ attrs);
++ psA("Cipher", "AES_192/GCM/NoPadding",
++ "com.sun.crypto.provider.GaloisCounterMode$AES192",
++ attrs);
++ psA("Cipher", "AES_256/GCM/NoPadding",
++ "com.sun.crypto.provider.GaloisCounterMode$AES256",
++ attrs);
++
++ attrs.clear();
++ attrs.put("SupportedModes", "CBC");
++ attrs.put("SupportedPaddings", "NOPADDING");
++ attrs.put("SupportedKeyFormats", "RAW");
++ ps("Cipher", "DESedeWrap",
++ "com.sun.crypto.provider.DESedeWrapCipher", null, attrs);
++
++ attrs.clear();
++ attrs.put("SupportedModes", "ECB");
++ attrs.put("SupportedPaddings", "NOPADDING");
++ attrs.put("SupportedKeyFormats", "RAW");
++ psA("Cipher", "ARCFOUR",
++ "com.sun.crypto.provider.ARCFOURCipher", attrs);
++
++ attrs.clear();
++ attrs.put("SupportedKeyFormats", "RAW");
++ ps("Cipher", "ChaCha20",
++ "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Only",
++ null, attrs);
++ psA("Cipher", "ChaCha20-Poly1305",
++ "com.sun.crypto.provider.ChaCha20Cipher$ChaCha20Poly1305",
++ attrs);
++
++ // PBES1
++ psA("Cipher", "PBEWithMD5AndDES",
++ "com.sun.crypto.provider.PBEWithMD5AndDESCipher",
++ null);
++ ps("Cipher", "PBEWithMD5AndTripleDES",
++ "com.sun.crypto.provider.PBEWithMD5AndTripleDESCipher");
++ psA("Cipher", "PBEWithSHA1AndDESede",
++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndDESede",
++ null);
++ psA("Cipher", "PBEWithSHA1AndRC2_40",
++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40",
++ null);
++ psA("Cipher", "PBEWithSHA1AndRC2_128",
++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_128",
++ null);
++ psA("Cipher", "PBEWithSHA1AndRC4_40",
++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_40",
++ null);
++
++ psA("Cipher", "PBEWithSHA1AndRC4_128",
++ "com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC4_128",
++ null);
++
++ // PBES2
++ ps("Cipher", "PBEWithHmacSHA1AndAES_128",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_128");
++
++ ps("Cipher", "PBEWithHmacSHA224AndAES_128",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_128");
++
++ ps("Cipher", "PBEWithHmacSHA256AndAES_128",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_128");
++
++ ps("Cipher", "PBEWithHmacSHA384AndAES_128",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_128");
++
++ ps("Cipher", "PBEWithHmacSHA512AndAES_128",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
++
++ ps("Cipher", "PBEWithHmacSHA1AndAES_256",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
++
++ ps("Cipher", "PBEWithHmacSHA224AndAES_256",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA224AndAES_256");
++
++ ps("Cipher", "PBEWithHmacSHA256AndAES_256",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA256AndAES_256");
++
++ ps("Cipher", "PBEWithHmacSHA384AndAES_256",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA384AndAES_256");
++
++ ps("Cipher", "PBEWithHmacSHA512AndAES_256",
++ "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
++
++ /*
++ * Key(pair) Generator engines
++ */
++ ps("KeyGenerator", "DES",
++ "com.sun.crypto.provider.DESKeyGenerator");
++ psA("KeyGenerator", "DESede",
++ "com.sun.crypto.provider.DESedeKeyGenerator",
++ null);
++ ps("KeyGenerator", "Blowfish",
++ "com.sun.crypto.provider.BlowfishKeyGenerator");
++ psA("KeyGenerator", "AES",
++ "com.sun.crypto.provider.AESKeyGenerator",
++ null);
++ ps("KeyGenerator", "RC2",
++ "com.sun.crypto.provider.KeyGeneratorCore$RC2KeyGenerator");
++ psA("KeyGenerator", "ARCFOUR",
++ "com.sun.crypto.provider.KeyGeneratorCore$ARCFOURKeyGenerator",
++ null);
++ ps("KeyGenerator", "ChaCha20",
++ "com.sun.crypto.provider.KeyGeneratorCore$ChaCha20KeyGenerator");
++ ps("KeyGenerator", "HmacMD5",
++ "com.sun.crypto.provider.HmacMD5KeyGenerator");
++
++ psA("KeyGenerator", "HmacSHA1",
++ "com.sun.crypto.provider.HmacSHA1KeyGenerator", null);
++ psA("KeyGenerator", "HmacSHA224",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA224",
++ null);
++ psA("KeyGenerator", "HmacSHA256",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA256",
++ null);
++ psA("KeyGenerator", "HmacSHA384",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA384",
++ null);
++ psA("KeyGenerator", "HmacSHA512",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512",
++ null);
++ psA("KeyGenerator", "HmacSHA512/224",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_224",
++ null);
++ psA("KeyGenerator", "HmacSHA512/256",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA512_256",
++ null);
++
++ psA("KeyGenerator", "HmacSHA3-224",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_224",
++ null);
++ psA("KeyGenerator", "HmacSHA3-256",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_256",
++ null);
++ psA("KeyGenerator", "HmacSHA3-384",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_384",
++ null);
++ psA("KeyGenerator", "HmacSHA3-512",
++ "com.sun.crypto.provider.KeyGeneratorCore$HmacKG$SHA3_512",
++ null);
++
++ psA("KeyPairGenerator", "DiffieHellman",
++ "com.sun.crypto.provider.DHKeyPairGenerator",
++ null);
++ }
+
+ /*
+ * Algorithm parameter generation engines
+@@ -430,15 +437,17 @@ public final class SunJCE extends Provider {
+ "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
+ null);
+
+- /*
+- * Key Agreement engines
+- */
+- attrs.clear();
+- attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
+- "|javax.crypto.interfaces.DHPrivateKey");
+- psA("KeyAgreement", "DiffieHellman",
+- "com.sun.crypto.provider.DHKeyAgreement",
+- attrs);
++ if (!systemFipsEnabled) {
++ /*
++ * Key Agreement engines
++ */
++ attrs.clear();
++ attrs.put("SupportedKeyClasses", "javax.crypto.interfaces.DHPublicKey" +
++ "|javax.crypto.interfaces.DHPrivateKey");
++ psA("KeyAgreement", "DiffieHellman",
++ "com.sun.crypto.provider.DHKeyAgreement",
++ attrs);
++ }
+
+ /*
+ * Algorithm Parameter engines
+@@ -531,197 +540,199 @@ public final class SunJCE extends Provider {
+ psA("AlgorithmParameters", "ChaCha20-Poly1305",
+ "com.sun.crypto.provider.ChaCha20Poly1305Parameters", null);
+
+- /*
+- * Key factories
+- */
+- psA("KeyFactory", "DiffieHellman",
+- "com.sun.crypto.provider.DHKeyFactory",
+- null);
+-
+- /*
+- * Secret-key factories
+- */
+- ps("SecretKeyFactory", "DES",
+- "com.sun.crypto.provider.DESKeyFactory");
+-
+- psA("SecretKeyFactory", "DESede",
+- "com.sun.crypto.provider.DESedeKeyFactory", null);
+-
+- psA("SecretKeyFactory", "PBEWithMD5AndDES",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
+- null);
+-
+- /*
+- * Internal in-house crypto algorithm used for
+- * the JCEKS keystore type. Since this was developed
+- * internally, there isn't an OID corresponding to this
+- * algorithm.
+- */
+- ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
+-
+- psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
+- null);
+-
+- psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
+- null);
+-
+- psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
+- null);
+-
+- psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
+- null);
+-
+- psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
+- null);
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
+-
+- ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
+- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
+-
+- // PBKDF2
+- psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
+- "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
+- null);
+- ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
+- "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
+- ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
+- "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
+- ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
+- "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
+- ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
+- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
+-
+- /*
+- * MAC
+- */
+- attrs.clear();
+- attrs.put("SupportedKeyFormats", "RAW");
+- ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
+- psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
+- attrs);
+- psA("Mac", "HmacSHA224",
+- "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
+- psA("Mac", "HmacSHA256",
+- "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
+- psA("Mac", "HmacSHA384",
+- "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
+- psA("Mac", "HmacSHA512",
+- "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
+- psA("Mac", "HmacSHA512/224",
+- "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
+- psA("Mac", "HmacSHA512/256",
+- "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
+- psA("Mac", "HmacSHA3-224",
+- "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
+- psA("Mac", "HmacSHA3-256",
+- "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
+- psA("Mac", "HmacSHA3-384",
+- "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
+- psA("Mac", "HmacSHA3-512",
+- "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
+-
+- ps("Mac", "HmacPBESHA1",
+- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
+- null, attrs);
+- ps("Mac", "HmacPBESHA224",
+- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
+- null, attrs);
+- ps("Mac", "HmacPBESHA256",
+- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
+- null, attrs);
+- ps("Mac", "HmacPBESHA384",
+- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
+- null, attrs);
+- ps("Mac", "HmacPBESHA512",
+- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
+- null, attrs);
+- ps("Mac", "HmacPBESHA512/224",
+- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
+- null, attrs);
+- ps("Mac", "HmacPBESHA512/256",
+- "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
+- null, attrs);
+-
+-
+- // PBMAC1
+- ps("Mac", "PBEWithHmacSHA1",
+- "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
+- ps("Mac", "PBEWithHmacSHA224",
+- "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
+- ps("Mac", "PBEWithHmacSHA256",
+- "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
+- ps("Mac", "PBEWithHmacSHA384",
+- "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
+- ps("Mac", "PBEWithHmacSHA512",
+- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
+- ps("Mac", "SslMacMD5",
+- "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
+- ps("Mac", "SslMacSHA1",
+- "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
+-
+- /*
+- * KeyStore
+- */
+- ps("KeyStore", "JCEKS",
+- "com.sun.crypto.provider.JceKeyStore");
+-
+- /*
+- * SSL/TLS mechanisms
+- *
+- * These are strictly internal implementations and may
+- * be changed at any time. These names were chosen
+- * because PKCS11/SunPKCS11 does not yet have TLS1.2
+- * mechanisms, and it will cause calls to come here.
+- */
+- ps("KeyGenerator", "SunTlsPrf",
+- "com.sun.crypto.provider.TlsPrfGenerator$V10");
+- ps("KeyGenerator", "SunTls12Prf",
+- "com.sun.crypto.provider.TlsPrfGenerator$V12");
+-
+- ps("KeyGenerator", "SunTlsMasterSecret",
+- "com.sun.crypto.provider.TlsMasterSecretGenerator",
+- List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
+- null);
+-
+- ps("KeyGenerator", "SunTlsKeyMaterial",
+- "com.sun.crypto.provider.TlsKeyMaterialGenerator",
+- List.of("SunTls12KeyMaterial"), null);
+-
+- ps("KeyGenerator", "SunTlsRsaPremasterSecret",
+- "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
+- List.of("SunTls12RsaPremasterSecret"), null);
++ if (!systemFipsEnabled) {
++ /*
++ * Key factories
++ */
++ psA("KeyFactory", "DiffieHellman",
++ "com.sun.crypto.provider.DHKeyFactory",
++ null);
++
++ /*
++ * Secret-key factories
++ */
++ ps("SecretKeyFactory", "DES",
++ "com.sun.crypto.provider.DESKeyFactory");
++
++ psA("SecretKeyFactory", "DESede",
++ "com.sun.crypto.provider.DESedeKeyFactory", null);
++
++ psA("SecretKeyFactory", "PBEWithMD5AndDES",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndDES",
++ null);
++
++ /*
++ * Internal in-house crypto algorithm used for
++ * the JCEKS keystore type. Since this was developed
++ * internally, there isn't an OID corresponding to this
++ * algorithm.
++ */
++ ps("SecretKeyFactory", "PBEWithMD5AndTripleDES",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithMD5AndTripleDES");
++
++ psA("SecretKeyFactory", "PBEWithSHA1AndDESede",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndDESede",
++ null);
++
++ psA("SecretKeyFactory", "PBEWithSHA1AndRC2_40",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_40",
++ null);
++
++ psA("SecretKeyFactory", "PBEWithSHA1AndRC2_128",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC2_128",
++ null);
++
++ psA("SecretKeyFactory", "PBEWithSHA1AndRC4_40",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_40",
++ null);
++
++ psA("SecretKeyFactory", "PBEWithSHA1AndRC4_128",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithSHA1AndRC4_128",
++ null);
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_128",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_128");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_128",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_128");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_128",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_128");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_128",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_128");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA224AndAES_256",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA224AndAES_256");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA256AndAES_256",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA256AndAES_256");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA384AndAES_256",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA384AndAES_256");
++
++ ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
++
++ // PBKDF2
++ psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
++ null);
++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA224",
++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA224");
++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA256",
++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA256");
++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA384",
++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
++
++ /*
++ * MAC
++ */
++ attrs.clear();
++ attrs.put("SupportedKeyFormats", "RAW");
++ ps("Mac", "HmacMD5", "com.sun.crypto.provider.HmacMD5", null, attrs);
++ psA("Mac", "HmacSHA1", "com.sun.crypto.provider.HmacSHA1",
++ attrs);
++ psA("Mac", "HmacSHA224",
++ "com.sun.crypto.provider.HmacCore$HmacSHA224", attrs);
++ psA("Mac", "HmacSHA256",
++ "com.sun.crypto.provider.HmacCore$HmacSHA256", attrs);
++ psA("Mac", "HmacSHA384",
++ "com.sun.crypto.provider.HmacCore$HmacSHA384", attrs);
++ psA("Mac", "HmacSHA512",
++ "com.sun.crypto.provider.HmacCore$HmacSHA512", attrs);
++ psA("Mac", "HmacSHA512/224",
++ "com.sun.crypto.provider.HmacCore$HmacSHA512_224", attrs);
++ psA("Mac", "HmacSHA512/256",
++ "com.sun.crypto.provider.HmacCore$HmacSHA512_256", attrs);
++ psA("Mac", "HmacSHA3-224",
++ "com.sun.crypto.provider.HmacCore$HmacSHA3_224", attrs);
++ psA("Mac", "HmacSHA3-256",
++ "com.sun.crypto.provider.HmacCore$HmacSHA3_256", attrs);
++ psA("Mac", "HmacSHA3-384",
++ "com.sun.crypto.provider.HmacCore$HmacSHA3_384", attrs);
++ psA("Mac", "HmacSHA3-512",
++ "com.sun.crypto.provider.HmacCore$HmacSHA3_512", attrs);
++
++ ps("Mac", "HmacPBESHA1",
++ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA1",
++ null, attrs);
++ ps("Mac", "HmacPBESHA224",
++ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA224",
++ null, attrs);
++ ps("Mac", "HmacPBESHA256",
++ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA256",
++ null, attrs);
++ ps("Mac", "HmacPBESHA384",
++ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA384",
++ null, attrs);
++ ps("Mac", "HmacPBESHA512",
++ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512",
++ null, attrs);
++ ps("Mac", "HmacPBESHA512/224",
++ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_224",
++ null, attrs);
++ ps("Mac", "HmacPBESHA512/256",
++ "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256",
++ null, attrs);
++
++
++ // PBMAC1
++ ps("Mac", "PBEWithHmacSHA1",
++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs);
++ ps("Mac", "PBEWithHmacSHA224",
++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA224", null, attrs);
++ ps("Mac", "PBEWithHmacSHA256",
++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA256", null, attrs);
++ ps("Mac", "PBEWithHmacSHA384",
++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
++ ps("Mac", "PBEWithHmacSHA512",
++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
++ ps("Mac", "SslMacMD5",
++ "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
++ ps("Mac", "SslMacSHA1",
++ "com.sun.crypto.provider.SslMacCore$SslMacSHA1", null, attrs);
++
++ /*
++ * KeyStore
++ */
++ ps("KeyStore", "JCEKS",
++ "com.sun.crypto.provider.JceKeyStore");
++
++ /*
++ * SSL/TLS mechanisms
++ *
++ * These are strictly internal implementations and may
++ * be changed at any time. These names were chosen
++ * because PKCS11/SunPKCS11 does not yet have TLS1.2
++ * mechanisms, and it will cause calls to come here.
++ */
++ ps("KeyGenerator", "SunTlsPrf",
++ "com.sun.crypto.provider.TlsPrfGenerator$V10");
++ ps("KeyGenerator", "SunTls12Prf",
++ "com.sun.crypto.provider.TlsPrfGenerator$V12");
++
++ ps("KeyGenerator", "SunTlsMasterSecret",
++ "com.sun.crypto.provider.TlsMasterSecretGenerator",
++ List.of("SunTls12MasterSecret", "SunTlsExtendedMasterSecret"),
++ null);
++
++ ps("KeyGenerator", "SunTlsKeyMaterial",
++ "com.sun.crypto.provider.TlsKeyMaterialGenerator",
++ List.of("SunTls12KeyMaterial"), null);
++
++ ps("KeyGenerator", "SunTlsRsaPremasterSecret",
++ "com.sun.crypto.provider.TlsRsaPremasterSecretGenerator",
++ List.of("SunTls12RsaPremasterSecret"), null);
++ }
+ }
+
+ // Return the instance of this class or create one if needed.
+diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+index 7cb5ebcde51..709d32912ca 100644
+--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java
++++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+@@ -193,20 +193,22 @@ public final class SunEntries {
+ String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
+ dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
+ addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
++ }
+
+- /*
+- * Algorithm Parameter Generator engines
+- */
+- addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
+- "sun.security.provider.DSAParameterGenerator", attrs);
+- attrs.remove("KeySize");
++ /*
++ * Algorithm Parameter Generator engines
++ */
++ addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
++ "sun.security.provider.DSAParameterGenerator", attrs);
++ attrs.remove("KeySize");
+
+- /*
+- * Algorithm Parameter engines
+- */
+- addWithAlias(p, "AlgorithmParameters", "DSA",
+- "sun.security.provider.DSAParameters", attrs);
++ /*
++ * Algorithm Parameter engines
++ */
++ addWithAlias(p, "AlgorithmParameters", "DSA",
++ "sun.security.provider.DSAParameters", attrs);
+
++ if (!systemFipsEnabled) {
+ /*
+ * Key factories
+ */
+diff --git openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
+index ca79f25cc44..16c5ad2e227 100644
+--- openjdk.orig/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
++++ openjdk/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java
+@@ -27,6 +27,7 @@ package sun.security.rsa;
+
+ import java.util.*;
+ import java.security.Provider;
++import jdk.internal.access.SharedSecrets;
+ import static sun.security.util.SecurityProviderConstants.getAliases;
+
+ /**
+@@ -36,6 +37,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
+ */
+ public final class SunRsaSignEntries {
+
++ private static final boolean systemFipsEnabled =
++ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled();
++
+ private void add(Provider p, String type, String algo, String cn,
+ List<String> aliases, HashMap<String, String> attrs) {
+ services.add(new Provider.Service(p, type, algo, cn,
+@@ -56,49 +61,52 @@ public final class SunRsaSignEntries {
+ // start populating content using the specified provider
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
+- attrs.put("SupportedKeyClasses",
+- "java.security.interfaces.RSAPublicKey" +
+- "|java.security.interfaces.RSAPrivateKey");
++ if (!systemFipsEnabled) {
++ attrs.put("SupportedKeyClasses",
++ "java.security.interfaces.RSAPublicKey" +
++ "|java.security.interfaces.RSAPrivateKey");
++
++ add(p, "KeyFactory", "RSA",
++ "sun.security.rsa.RSAKeyFactory$Legacy",
++ getAliases("PKCS1"), null);
++ add(p, "KeyPairGenerator", "RSA",
++ "sun.security.rsa.RSAKeyPairGenerator$Legacy",
++ getAliases("PKCS1"), null);
++ addA(p, "Signature", "MD2withRSA",
++ "sun.security.rsa.RSASignature$MD2withRSA", attrs);
++ addA(p, "Signature", "MD5withRSA",
++ "sun.security.rsa.RSASignature$MD5withRSA", attrs);
++ addA(p, "Signature", "SHA1withRSA",
++ "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
++ addA(p, "Signature", "SHA224withRSA",
++ "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
++ addA(p, "Signature", "SHA256withRSA",
++ "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
++ addA(p, "Signature", "SHA384withRSA",
++ "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
++ addA(p, "Signature", "SHA512withRSA",
++ "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
++ addA(p, "Signature", "SHA512/224withRSA",
++ "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
++ addA(p, "Signature", "SHA512/256withRSA",
++ "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
++ addA(p, "Signature", "SHA3-224withRSA",
++ "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
++ addA(p, "Signature", "SHA3-256withRSA",
++ "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
++ addA(p, "Signature", "SHA3-384withRSA",
++ "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
++ addA(p, "Signature", "SHA3-512withRSA",
++ "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
+
+- add(p, "KeyFactory", "RSA",
+- "sun.security.rsa.RSAKeyFactory$Legacy",
+- getAliases("PKCS1"), null);
+- add(p, "KeyPairGenerator", "RSA",
+- "sun.security.rsa.RSAKeyPairGenerator$Legacy",
+- getAliases("PKCS1"), null);
+- addA(p, "Signature", "MD2withRSA",
+- "sun.security.rsa.RSASignature$MD2withRSA", attrs);
+- addA(p, "Signature", "MD5withRSA",
+- "sun.security.rsa.RSASignature$MD5withRSA", attrs);
+- addA(p, "Signature", "SHA1withRSA",
+- "sun.security.rsa.RSASignature$SHA1withRSA", attrs);
+- addA(p, "Signature", "SHA224withRSA",
+- "sun.security.rsa.RSASignature$SHA224withRSA", attrs);
+- addA(p, "Signature", "SHA256withRSA",
+- "sun.security.rsa.RSASignature$SHA256withRSA", attrs);
+- addA(p, "Signature", "SHA384withRSA",
+- "sun.security.rsa.RSASignature$SHA384withRSA", attrs);
+- addA(p, "Signature", "SHA512withRSA",
+- "sun.security.rsa.RSASignature$SHA512withRSA", attrs);
+- addA(p, "Signature", "SHA512/224withRSA",
+- "sun.security.rsa.RSASignature$SHA512_224withRSA", attrs);
+- addA(p, "Signature", "SHA512/256withRSA",
+- "sun.security.rsa.RSASignature$SHA512_256withRSA", attrs);
+- addA(p, "Signature", "SHA3-224withRSA",
+- "sun.security.rsa.RSASignature$SHA3_224withRSA", attrs);
+- addA(p, "Signature", "SHA3-256withRSA",
+- "sun.security.rsa.RSASignature$SHA3_256withRSA", attrs);
+- addA(p, "Signature", "SHA3-384withRSA",
+- "sun.security.rsa.RSASignature$SHA3_384withRSA", attrs);
+- addA(p, "Signature", "SHA3-512withRSA",
+- "sun.security.rsa.RSASignature$SHA3_512withRSA", attrs);
++ addA(p, "KeyFactory", "RSASSA-PSS",
++ "sun.security.rsa.RSAKeyFactory$PSS", attrs);
++ addA(p, "KeyPairGenerator", "RSASSA-PSS",
++ "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
++ addA(p, "Signature", "RSASSA-PSS",
++ "sun.security.rsa.RSAPSSSignature", attrs);
++ }
+
+- addA(p, "KeyFactory", "RSASSA-PSS",
+- "sun.security.rsa.RSAKeyFactory$PSS", attrs);
+- addA(p, "KeyPairGenerator", "RSASSA-PSS",
+- "sun.security.rsa.RSAKeyPairGenerator$PSS", attrs);
+- addA(p, "Signature", "RSASSA-PSS",
+- "sun.security.rsa.RSAPSSSignature", attrs);
+ addA(p, "AlgorithmParameters", "RSASSA-PSS",
+ "sun.security.rsa.PSSParameters", null);
+ }
+diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
+index 3a322854204..5a355e70cae 100644
+--- openjdk.orig/src/java.base/share/conf/security/java.security
++++ openjdk/src/java.base/share/conf/security/java.security
+@@ -86,6 +86,8 @@ fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
+ fips.provider.2=SUN
+ fips.provider.3=SunEC
+ fips.provider.4=SunJSSE
++fips.provider.5=SunJCE
++fips.provider.6=SunRsaSign
+
+ #
+ # A list of preferred providers for specific algorithms. These providers will
commit 8c47abf37c9994a9d8283b382cf6ad45ad9fe744
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Wed Mar 30 20:15:01 2022 +0100
java-17-openjdk should depend on itself to build, not java-latest-openjdk which is now OpenJDK 18
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index db24254..562b6c9 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -314,7 +314,7 @@
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
# and this it is better to change it here, on single place
-%global buildjdkver 17
+%global buildjdkver %{featurever}
# We don't add any LTS designator for STS packages (Fedora and EPEL).
# We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined.
%if 0%{?rhel} && !0%{?epel}
@@ -1372,7 +1372,7 @@ BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: javapackages-filesystem
-BuildRequires: java-latest-openjdk-devel
+BuildRequires: java-%{buildjdkver}-openjdk-devel
# Zero-assembler build requirement
%ifarch %{zero_arches}
BuildRequires: libffi-devel
@@ -2534,6 +2534,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Mar 30 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-8
+- java-17-openjdk should depend on itself to build, not java-latest-openjdk which is now OpenJDK 18
+
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-8
- Detect NSS at runtime for FIPS detection
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
commit 87b704d81ec002600766d11d0563307349610ae6
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Thu Feb 24 01:09:59 2022 +0000
Detect NSS at runtime for FIPS detection
Turn off build-time NSS linking and go back to an explicit Requires on NSS
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index f6aaf78..db24254 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -334,7 +334,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 7
+%global rpmrelease 8
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1104,6 +1104,8 @@ OrderWithRequires: copy-jdk-configs
%endif
# for printing support
Requires: cups-libs
+# for FIPS PKCS11 provider
+Requires: nss
# Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
@@ -1326,7 +1328,10 @@ Patch1013: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
+# RH2052819: Fix FIPS reliance on crypto policies
Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
+# RH2052829: Detect NSS at Runtime for FIPS detection
+Patch1017: rh2052829-fips_runtime_nss_detection.patch
#############################################
#
@@ -1361,8 +1366,8 @@ BuildRequires: libXrandr-devel
BuildRequires: libXrender-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
-# Requirements for setting up the nss.cfg and FIPS support
-BuildRequires: nss-devel >= 3.53
+# Requirement for setting up nss.cfg and nss.fips.cfg
+BuildRequires: nss-devel
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@@ -1757,6 +1762,7 @@ popd # openjdk
%patch1014
%patch1015
%patch1016
+%patch1017
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -1900,7 +1906,7 @@ function buildjdk() {
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
--with-native-debug-symbols="%{debug_symbols}" \
- --enable-sysconf-nss \
+ --disable-sysconf-nss \
--enable-unlimited-crypto \
--with-zlib=system \
--with-libjpeg=${link_opt} \
@@ -2528,6 +2534,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 23 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-8
+- Detect NSS at runtime for FIPS detection
+- Turn off build-time NSS linking and go back to an explicit Requires on NSS
+
* Tue Feb 08 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-7
- Reinstate JIT builds on x86_32.
- Add JDK-8282004 to fix missing CALL effects on x86_32.
diff --git a/rh2052829-fips_runtime_nss_detection.patch b/rh2052829-fips_runtime_nss_detection.patch
new file mode 100644
index 0000000..c609fce
--- /dev/null
+++ b/rh2052829-fips_runtime_nss_detection.patch
@@ -0,0 +1,213 @@
+commit 090ea0389db5c2e0c8ee13652bccd544b17872c2
+Author: Andrew Hughes <gnu.andrew(a)redhat.com>
+Date: Mon Feb 7 15:33:27 2022 +0000
+
+ RH2051605: Detect NSS at Runtime for FIPS detection
+
+diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+index caf678a7dd6..8dcb7d9073f 100644
+--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
++++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+@@ -23,26 +23,37 @@
+ * questions.
+ */
+
+-#include <dlfcn.h>
+ #include <jni.h>
+ #include <jni_util.h>
++#include "jvm_md.h"
+ #include <stdio.h>
+
+ #ifdef SYSCONF_NSS
+ #include <nss3/pk11pub.h>
++#else
++#include <dlfcn.h>
+ #endif //SYSCONF_NSS
+
+ #include "java_security_SystemConfigurator.h"
+
+-#define MSG_MAX_SIZE 96
++#define MSG_MAX_SIZE 256
++#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
++
++typedef int (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE)(void);
+
++static SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE *getSystemFIPSEnabled;
+ static jmethodID debugPrintlnMethodID = NULL;
+ static jobject debugObj = NULL;
+
+-// Only used when NSS is unavailable and FIPS_ENABLED_PATH is read
+-#ifndef SYSCONF_NSS
+-
+-#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
++static void dbgPrint(JNIEnv *env, const char* msg)
++{
++ jstring jMsg;
++ if (debugObj != NULL) {
++ jMsg = (*env)->NewStringUTF(env, msg);
++ CHECK_NULL(jMsg);
++ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
++ }
++}
+
+ static void throwIOException(JNIEnv *env, const char *msg)
+ {
+@@ -51,18 +62,61 @@ static void throwIOException(JNIEnv *env, const char *msg)
+ (*env)->ThrowNew(env, cls, msg);
+ }
+
+-#endif
++static void handle_msg(JNIEnv *env, const char* msg, int msg_bytes)
++{
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "systemconf: cannot render message");
++ }
++}
+
+-static void dbgPrint(JNIEnv *env, const char* msg)
++// Only used when NSS is not linked at build time
++#ifndef SYSCONF_NSS
++
++static void *nss_handle;
++
++static jboolean loadNSS(JNIEnv *env)
+ {
+- jstring jMsg;
+- if (debugObj != NULL) {
+- jMsg = (*env)->NewStringUTF(env, msg);
+- CHECK_NULL(jMsg);
+- (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
+- }
++ char msg[MSG_MAX_SIZE];
++ int msg_bytes;
++ const char* errmsg;
++
++ nss_handle = dlopen(JNI_LIB_NAME("nss3"), RTLD_LAZY);
++ if (nss_handle == NULL) {
++ errmsg = dlerror();
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlopen: %s\n",
++ errmsg);
++ handle_msg(env, msg, msg_bytes);
++ return JNI_FALSE;
++ }
++ dlerror(); /* Clear errors */
++ getSystemFIPSEnabled = (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE*)dlsym(nss_handle, "SECMOD_GetSystemFIPSEnabled");
++ if ((errmsg = dlerror()) != NULL) {
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlsym: %s\n",
++ errmsg);
++ handle_msg(env, msg, msg_bytes);
++ return JNI_FALSE;
++ }
++ return JNI_TRUE;
++}
++
++static void closeNSS(JNIEnv *env)
++{
++ char msg[MSG_MAX_SIZE];
++ int msg_bytes;
++ const char* errmsg;
++
++ if (dlclose(nss_handle) != 0) {
++ errmsg = dlerror();
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "closeNSS: dlclose: %s\n",
++ errmsg);
++ handle_msg(env, msg, msg_bytes);
++ }
+ }
+
++#endif
++
+ /*
+ * Class: java_security_SystemConfigurator
+ * Method: JNI_OnLoad
+@@ -104,6 +158,14 @@ JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
+ debugObj = (*env)->NewGlobalRef(env, debugObj);
+ }
+
++#ifdef SYSCONF_NSS
++ getSystemFIPSEnabled = *SECMOD_GetSystemFIPSEnabled;
++#else
++ if (loadNSS(env) == JNI_FALSE) {
++ dbgPrint(env, "libsystemconf: Failed to load NSS library.");
++ }
++#endif
++
+ return (*env)->GetVersion(env);
+ }
+
+@@ -119,6 +181,9 @@ JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
+ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
+ return; /* Should not happen */
+ }
++#ifndef SYSCONF_NSS
++ closeNSS(env);
++#endif
+ (*env)->DeleteGlobalRef(env, debugObj);
+ }
+ }
+@@ -130,44 +195,30 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+ char msg[MSG_MAX_SIZE];
+ int msg_bytes;
+
+-#ifdef SYSCONF_NSS
+-
+- dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
+- fips_enabled = SECMOD_GetSystemFIPSEnabled();
+- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+- " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
+- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
+- dbgPrint(env, msg);
++ if (getSystemFIPSEnabled != NULL) {
++ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
++ fips_enabled = (*getSystemFIPSEnabled)();
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
++ handle_msg(env, msg, msg_bytes);
++ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
+ } else {
+- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
+- " SECMOD_GetSystemFIPSEnabled return value");
+- }
+- return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
++ FILE *fe;
+
+-#else // SYSCONF_NSS
+-
+- FILE *fe;
+-
+- dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+- if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
++ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
++ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
+ return JNI_FALSE;
+- }
+- fips_enabled = fgetc(fe);
+- fclose(fe);
+- if (fips_enabled == EOF) {
++ }
++ fips_enabled = fgetc(fe);
++ fclose(fe);
++ if (fips_enabled == EOF) {
+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
+ return JNI_FALSE;
++ }
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " read character is '%c'", fips_enabled);
++ handle_msg(env, msg, msg_bytes);
++ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
+ }
+- msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+- " read character is '%c'", fips_enabled);
+- if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
+- dbgPrint(env, msg);
+- } else {
+- dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
+- " read character");
+- }
+- return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
+-
+-#endif // SYSCONF_NSS
+ }
commit 7f8f4b1f1d276578a26e5ce7c1985abdca2986bb
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Tue Feb 8 02:13:32 2022 +0000
Reinstate JIT builds on x86_32.
Add JDK-8282004 to fix missing CALL effects on x86_32.
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index a1f3aaf..f6aaf78 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -113,11 +113,11 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{arm} %{aarch64} %{power64} s390x sparcv9 sparc64 x86_64
+%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches ppc s390 %{ix86}
+%global zero_arches ppc s390
# Set of architectures which run a full bootstrap cycle
-%global bootstrap_arches %{jit_arches} %{ix86}
+%global bootstrap_arches %{jit_arches}
# Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches}
# Set of architectures with a Ahead-Of-Time (AOT) compiler
@@ -334,7 +334,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 6
+%global rpmrelease 7
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1333,6 +1333,8 @@ Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
# OpenJDK patches in need of upstreaming
#
#############################################
+# JDK-8282004: x86_32.ad rules that call SharedRuntime helpers should have CALL effects
+Patch7: jdk8282004-x86_32-missing_call_effects.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -1737,6 +1739,7 @@ pushd %{top_level_dir_name}
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
popd # openjdk
%patch1000
@@ -2525,6 +2528,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 08 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-7
+- Reinstate JIT builds on x86_32.
+- Add JDK-8282004 to fix missing CALL effects on x86_32.
+
* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:17.0.2.0.8-6
- Re-enable gdb backtrace check.
diff --git a/jdk8282004-x86_32-missing_call_effects.patch b/jdk8282004-x86_32-missing_call_effects.patch
new file mode 100644
index 0000000..3efe993
--- /dev/null
+++ b/jdk8282004-x86_32-missing_call_effects.patch
@@ -0,0 +1,28 @@
+diff --git a/src/hotspot/cpu/x86/x86_32.ad b/src/hotspot/cpu/x86/x86_32.ad
+index a31a38a384f..6138ca5281f 100644
+--- a/src/hotspot/cpu/x86/x86_32.ad
++++ b/src/hotspot/cpu/x86/x86_32.ad
+@@ -7825,9 +7825,9 @@ instruct divI_eReg(eAXRegI rax, eDXRegI rdx, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Divide Register Long
+-instruct divL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct divL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (DivL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
+@@ -7873,9 +7873,9 @@ instruct modI_eReg(eDXRegI rdx, eAXRegI rax, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Remainder Register Long
+-instruct modL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct modL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (ModL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
commit a4b6f5006617be092f4c9b67d9bdcc87e2158aad
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Tue Feb 8 15:51:33 2022 +0000
Re-enable gdb backtrace check
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index aa70294..a1f3aaf 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -136,13 +136,8 @@
%global ssbd_arches x86_64
# Set of architectures for which java has short vector math library (libsvml.so)
%global svml_arches x86_64
-# Set of architectures where we verify backtraces with gdb (ideally all)
-# Temporarily disable check on x86, x86_64, ppc64le and s390x as gdb crashes
-# ../../gdb/objfiles.h:510: internal-error: sect_index_data not initialized
-# A problem internal to GDB has been detected,
-# further debugging may prove unreliable.
-# See https://bugzilla.redhat.com/show_bug.cgi?id=2041970
-%global gdb_arches sparcv9 sparc64 %{aarch64} %{arm} %{zero_arches}
+# Set of architectures where we verify backtraces with gdb
+%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@@ -339,7 +334,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 5
+%global rpmrelease 6
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -2530,6 +2525,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:17.0.2.0.8-6
+- Re-enable gdb backtrace check.
+
* Mon Feb 07 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-5
- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
- Need to support noarch for creating source RPMs for non-scratch builds.
commit ee33a7679324c1afbeb05d0abf0978ccd3602df9
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Tue Feb 8 02:08:49 2022 +0000
Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
Need to support noarch for creating source RPMs for non-scratch builds.
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index d2f5665..aa70294 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -244,51 +244,63 @@
# In some cases, the arch used by the JDK does
# not match _arch.
# Also, in some cases, the machine name used by SystemTap
-# does not match that given by _build_cpu
+# does not match that given by _target_cpu
%ifarch x86_64
%global archinstall amd64
+%global stapinstall x86_64
%endif
%ifarch ppc
%global archinstall ppc
+%global stapinstall powerpc
%endif
%ifarch %{ppc64be}
%global archinstall ppc64
+%global stapinstall powerpc
%endif
%ifarch %{ppc64le}
%global archinstall ppc64le
+%global stapinstall powerpc
%endif
%ifarch %{ix86}
%global archinstall i686
+%global stapinstall i386
%endif
%ifarch ia64
%global archinstall ia64
+%global stapinstall ia64
%endif
%ifarch s390
%global archinstall s390
+%global stapinstall s390
%endif
%ifarch s390x
%global archinstall s390x
+%global stapinstall s390
%endif
%ifarch %{arm}
%global archinstall arm
+%global stapinstall arm
%endif
%ifarch %{aarch64}
%global archinstall aarch64
+%global stapinstall arm64
%endif
# 32 bit sparc, optimized for v9
%ifarch sparcv9
%global archinstall sparc
+%global stapinstall %{_target_cpu}
%endif
# 64 bit sparc
%ifarch sparc64
%global archinstall sparcv9
+%global stapinstall %{_target_cpu}
%endif
-%ifnarch %{jit_arches}
-%global archinstall %{_arch}
+# Need to support noarch for srpm build
+%ifarch noarch
+%global archinstall %{nil}
+%global stapinstall %{nil}
%endif
-
-
%ifarch %{systemtap_arches}
%global with_systemtap 1
%else
@@ -327,7 +339,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 4
+%global rpmrelease 5
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -448,10 +460,10 @@
# and 32 bit architectures we place the tapsets under the arch
# specific dir (note that systemtap will only pickup the tapset
# for the primary arch for now). Systemtap uses the machine name
-# aka build_cpu as architecture specific directory name.
+# aka target_cpu as architecture specific directory name.
%global tapsetroot /usr/share/systemtap
%global tapsetdirttapset %{tapsetroot}/tapset/
-%global tapsetdir %{tapsetdirttapset}/%{_build_cpu}
+%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
%endif
# not-duplicated scriptlets for normal/debug packages
@@ -1680,6 +1692,14 @@ The %{origin_nice} %{featurever} API documentation compressed in a single archiv
%endif
%prep
+
+# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
+%if 0%{?stapinstall:1}
+ echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
+%else
+ %{error:Unrecognised architecture %{_target_cpu}}
+%endif
+
if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then
echo "include_normal_build is %{include_normal_build}"
else
@@ -2510,6 +2530,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Feb 07 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-5
+- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
+- Need to support noarch for creating source RPMs for non-scratch builds.
+
* Fri Feb 04 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.2.0.8-4
- moved to become system jdk
commit fbc4f641987b9ea9cd628f4425c40544d8cdc9d5
Author: Jiri <jvanek(a)redhat.com>
Date: Fri Feb 4 20:19:20 2022 +0100
moved to become system jdk
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index 7fd089b..d2f5665 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -100,7 +100,7 @@
# while JDK is a techpreview(is_system_jdk=0), some provides are turned off. Once jdk stops to be an techpreview, move it to 1
# as sytem JDK, we mean any JDK which can run whole system java stack without issues (like bytecode issues, module issues, dependencies...)
-%global is_system_jdk 0
+%global is_system_jdk 1
%global aarch64 aarch64 arm64 armv8
# we need to distinguish between big and little endian PPC64
@@ -327,7 +327,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 2
+%global rpmrelease 4
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -2510,6 +2510,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Feb 04 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.2.0.8-4
+- moved to become system jdk
+
* Fri Feb 04 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-2
- Temporarily move x86 to use Zero in order to get a working build
- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
commit db599045110a4f123fb7f519fce8cd65f7f5e1bd
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Fri Feb 4 15:34:46 2022 +0000
Temporarily move x86 to use Zero in order to get a working build
Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index 7c1bb36..7fd089b 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -21,6 +21,8 @@
%bcond_without release
# Enable static library builds by default.
%bcond_without staticlibs
+# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
+%bcond_without fresh_libjvm
# Workaround for stripping of debug symbols from static libraries
%if %{with staticlibs}
@@ -30,6 +32,13 @@
%global include_staticlibs 0
%endif
+# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
+%if %{with fresh_libjvm}
+%global build_hotspot_first 1
+%else
+%global build_hotspot_first 0
+%endif
+
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
@@ -104,11 +113,11 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{debug_arches} %{arm}
+%global jit_arches %{arm} %{aarch64} %{power64} s390x sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches ppc s390
+%global zero_arches ppc s390 %{ix86}
# Set of architectures which run a full bootstrap cycle
-%global bootstrap_arches %{jit_arches}
+%global bootstrap_arches %{jit_arches} %{ix86}
# Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches}
# Set of architectures with a Ahead-Of-Time (AOT) compiler
@@ -176,7 +185,7 @@
%global fastdebug_build %{nil}
%endif
-# If you disable both builds, then the build fails
+# If you disable all builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
@@ -210,6 +219,11 @@
%global release_targets images docs-zip
# No docs nor bootcycle for debug builds
%global debug_targets images
+# Target to use to just build HotSpot
+%global hotspot_target hotspot
+
+# JDK to use for bootstrapping
+%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
# Filter out flags from the optflags macro that cause problems with the OpenJDK build
@@ -313,7 +327,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 1
+%global rpmrelease 2
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -595,7 +609,9 @@ alternatives \\
--slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\
--slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\
%ifarch %{sa_arches}
+%ifnarch %{zero_arches}
--slave %{_bindir}/jhsdb jhsdb %{sdkbindir -- %{?1}}/jhsdb \\
+%endif
%endif
--slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\
--slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\
@@ -808,8 +824,10 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/librmi.so
# Some architectures don't have the serviceability agent
%ifarch %{sa_arches}
+%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsaproc.so
%endif
+%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so
%ifarch %{svml_arches}
@@ -901,9 +919,11 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jimage
# Some architectures don't have the serviceability agent
%ifarch %{sa_arches}
+%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhsdb
%{_mandir}/man1/jhsdb-%{uniquesuffix -- %{?1}}.1.gz
%endif
+%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jlink
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jmap
@@ -1340,7 +1360,7 @@ BuildRequires: zip
BuildRequires: javapackages-filesystem
BuildRequires: java-latest-openjdk-devel
# Zero-assembler build requirement
-%ifnarch %{jit_arches}
+%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
BuildRequires: tzdata-java >= 2015d
@@ -1798,7 +1818,12 @@ EXTRA_CPP_FLAGS="%ourcppflags"
# fix rpmlint warnings
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
%endif
-export EXTRA_CFLAGS
+%ifarch %{ix86}
+# Align stack boundary on x86_32
+EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
+EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
+%endif
+export EXTRA_CFLAGS EXTRA_CPP_FLAGS
function buildjdk() {
local outputdir=${1}
@@ -1840,7 +1865,7 @@ function buildjdk() {
pushd ${outputdir}
bash ${top_dir_abs_src_path}/configure \
-%ifnarch %{jit_arches}
+%ifarch %{zero_arches}
--with-jvm-variants=zero \
%endif
%ifarch %{ppc64le}
@@ -1891,34 +1916,46 @@ function buildjdk() {
function installjdk() {
local imagepath=${1}
- # the build (erroneously) removes read permissions from some jars
- # this is a regression in OpenJDK 7 (our compiler):
- # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
- find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
-
- # Build screws up permissions on binaries
- # https://bugs.openjdk.java.net/browse/JDK-8173610
- find ${imagepath} -iname '*.so' -exec chmod +x {} \;
- find ${imagepath}/bin/ -exec chmod +x {} \;
-
- # Install nss.cfg right away as we will be using the JRE above
- install -m 644 nss.cfg ${imagepath}/conf/security/
-
- # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
- install -m 644 nss.fips.cfg ${imagepath}/conf/security/
-
- # Use system-wide tzdata
- rm ${imagepath}/lib/tzdb.dat
- ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
-
- # Create fake alt-java as a placeholder for future alt-java
- pushd ${imagepath}
- # add alt-java man page
- echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
- cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
- popd
+ if [ -d ${imagepath} ] ; then
+ # the build (erroneously) removes read permissions from some jars
+ # this is a regression in OpenJDK 7 (our compiler):
+ # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
+ find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
+
+ # Build screws up permissions on binaries
+ # https://bugs.openjdk.java.net/browse/JDK-8173610
+ find ${imagepath} -iname '*.so' -exec chmod +x {} \;
+ find ${imagepath}/bin/ -exec chmod +x {} \;
+
+ # Install nss.cfg right away as we will be using the JRE above
+ install -m 644 nss.cfg ${imagepath}/conf/security/
+
+ # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
+ install -m 644 nss.fips.cfg ${imagepath}/conf/security/
+
+ # Use system-wide tzdata
+ rm ${imagepath}/lib/tzdb.dat
+ ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
+
+ # Create fake alt-java as a placeholder for future alt-java
+ pushd ${imagepath}
+ # add alt-java man page
+ echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
+ cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
+ popd
+ fi
}
+%if %{build_hotspot_first}
+ # Build a fresh libjvm.so first and use it to bootstrap
+ cp -LR --preserve=mode,timestamps %{bootjdk} newboot
+ systemjdk=$(pwd)/newboot
+ buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
+ mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server
+%else
+ systemjdk=%{bootjdk}
+%endif
+
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
@@ -1928,7 +1965,6 @@ for suffix in %{build_loop} ; do
debugbuild=`echo $suffix | sed "s/-//g"`
fi
- systemjdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk
for loop in %{main_suffix} %{staticlibs_loop} ; do
@@ -2474,6 +2510,13 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Feb 04 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-2
+- Temporarily move x86 to use Zero in order to get a working build
+- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
+- Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
+- Explicitly list JIT architectures rather than relying on those with slowdebug builds
+- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
+
* Mon Jan 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-1.rolling
- January 2022 security update to jdk 17.0.2+8
- Extend LTS check to exclude EPEL.
1 year, 12 months
Architecture specific change in rpms/lammps.git
by githook-noreply@fedoraproject.org
The package rpms/lammps.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/lammps.git/commit/?id=1f8a375f3bf...
https://src.fedoraproject.org/cgit/rpms/lammps.git/commit/?id=78eb2016109....
Change:
+%ifarch ppc64le
-%ifarch aarch64
Thanks.
Full change:
============
commit e12dfa7d64dd130d5e145e380e09abc9df03e84e
Author: Christoph Junghans <junghans(a)votca.org>
Date: Wed Apr 27 22:31:58 2022 -0600
exclude MolPairStyle:lj_cut_tip4p_long_soft test on ppc64le
diff --git a/lammps.spec b/lammps.spec
index e0d341e..92764df 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -244,7 +244,7 @@ done
%global testargs --label-exclude unstable
%ifarch ppc64le
-%global testargs --label-exclude unstable --exclude-regex 'MolPairStyle:lj_cut_tip4p_cut'
+%global testargs --label-exclude unstable --exclude-regex '\(MolPairStyle:lj_cut_tip4p_cut\|MolPairStyle:lj_cut_tip4p_long_soft\)'
%endif
. /etc/profile.d/modules.sh
commit 1f8a375f3bfa4312470a6c6b264fd84485e8305e
Author: Christoph Junghans <junghans(a)votca.org>
Date: Wed Apr 27 17:15:10 2022 -0600
exclude MolPairStyle:lj_cut_tip4p_cut test on ppc64le
diff --git a/lammps.spec b/lammps.spec
index 60cbe09..e0d341e 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -243,6 +243,9 @@ done
%check
%global testargs --label-exclude unstable
+%ifarch ppc64le
+%global testargs --label-exclude unstable --exclude-regex 'MolPairStyle:lj_cut_tip4p_cut'
+%endif
. /etc/profile.d/modules.sh
for mpi in '' mpich openmpi %{?el7:openmpi3} ; do
commit 34fa75cd7c7719dc9a13ae2b43d8fa07e2a781bd
Author: Christoph Junghans <junghans(a)votca.org>
Date: Wed Apr 27 10:45:13 2022 -0600
update sources
diff --git a/.gitignore b/.gitignore
index ef38b3f..06f7b0b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
/googletest-*.tar.gz
/opencl-loader-2021.09.18.tar.gz
/yaml-0.2.5.tar.gz
+/opencl-loader-2022.01.04.tar.gz
diff --git a/sources b/sources
index 10516bd..e762a0f 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
-SHA512 (opencl-loader-2021.09.18.tar.gz) = 92e11dbca4c3bfaa27339e8864d5227c33230c0364bd00c832a7978a6121bbe136c107755a1225fa15810ea6bfb931f533f30365ff563ef52be0e08f5601ffab
+SHA512 (opencl-loader-2022.01.04.tar.gz) = cfedca22d06e547b5621eebd9a9c112ba923bd940c0e46723cf2e0a139a50bf8080c28481435b011f20e72c525e793b51d38679ebb1656375e3c14c20301d2e8
SHA512 (yaml-0.2.5.tar.gz) = dadd7d8e0d88b5ebab005e5d521d56d541580198aa497370966b98c904586e642a1cd4f3881094eb57624f218d50db77417bbfd0ffdce50340f011e35e8c4c02
-SHA512 (release-1.10.0.tar.gz) = bd52abe938c3722adc2347afad52ea3a17ecc76730d8d16b065e165bc7477d762bce0997a427131866a89f1001e3f3315198204ffa5d643a9355f1f4d0d7b1a9
-SHA512 (lammps-stable_29Sep2021_update2.tar.gz) = 8465a51689c1904b296ca939b10fcbc9e46ca9c9feb0e457b004896782cfe8ad90bb4db329bc2c5831df650add09289e4cd8b213f803ba204621be4851129953
+SHA512 (googletest-43efa0a4efd40c78b9210d15373112081899a97c.tar.gz) = 790f441ee7926410ef3d1bbe179d15184bf423478019c4b43c1e9ae63dc8081076d884498d6adf24e65c9be348f335a00627b4ce3bb5d9b9f3802e33f4dbfba2
+SHA512 (lammps-patch_17Feb2022.tar.gz) = c2b643b9fc17c9ddac102a5ef5d8630aa22755d4f2c21a7eea2fc00223263f10de098f69cd40f22669e1a135679753740704d776c71a3d7776b5f8e34b628d6c
commit 2816bc7a700c76f6acfb0ae2f813558616f58733
Author: Christoph Junghans <junghans(a)votca.org>
Date: Wed Apr 27 10:33:46 2022 -0600
Rebuild for kokkos-3.6
diff --git a/lammps.spec b/lammps.spec
index 6f8c211..60cbe09 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -26,7 +26,7 @@ Version: 20220217
m=${v:4:2};
y=${v:0:4};
echo $([[ -z $patch ]] && echo patch || echo stable)_${d#0}${months[${m#0}]}${y}$([[ -n $patch ]] && echo _update${patch}))
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Molecular Dynamics Simulator
License: GPLv2
Url: https://www.lammps.org/
@@ -323,6 +323,9 @@ done
%config %{_sysconfdir}/profile.d/lammps.*
%changelog
+* Wed Apr 27 2022 Christoph Junghans <junghans(a)votca.org> - 20220217-2
+- Rebuild for kokkos-3.6
+
* Fri Feb 18 2022 Richard Berger <richard.berger(a)outlook.com> - 20220217-1
- Version bump to 20220217
commit 78eb20161094ef3c6a02bb6e6b812226116aebdb
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Fri Feb 18 12:14:26 2022 -0500
Version bump to 20220217
diff --git a/lammps.spec b/lammps.spec
index 02b0a18..6f8c211 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -1,5 +1,5 @@
%global git 0
-%global commit 7fe194e59ed80bd4840ccbdfac79e2df31e53491
+%global commit 01bbb28418ea3f16acd8413152c3b273e3edb70c
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global gtest_commit 43efa0a4efd40c78b9210d15373112081899a97c
@@ -14,9 +14,9 @@
Name: lammps
%if %{git}
-Version: 20220107^%{shortcommit}
+Version: 20220217^%{shortcommit}
%else
-Version: 20210929.2
+Version: 20220217
%endif
%global uversion %(v=%{version}; \
patch=${v##*.}; [[ $v = $patch ]] && patch= \
@@ -26,7 +26,7 @@ Version: 20210929.2
m=${v:4:2};
y=${v:0:4};
echo $([[ -z $patch ]] && echo patch || echo stable)_${d#0}${months[${m#0}]}${y}$([[ -n $patch ]] && echo _update${patch}))
-Release: 2%{?dist}
+Release: 1%{?dist}
Summary: Molecular Dynamics Simulator
License: GPLv2
Url: https://www.lammps.org/
@@ -242,27 +242,7 @@ done
%check
-%if %{git}
%global testargs --label-exclude unstable
-%else
-# https://github.com/lammps/lammps/issues/3080
-# replace this by --label-exclude unstable in the next major release
-%ifarch ppc64le
-%global testargs --exclude-regex '\(MolPairStyle:hybrid-scaled\|AtomicPairStyle:buck_coul_cut_qeq_point\|AtomicPairStyle:buck_coul_cut_qeq_shielded\|AtomicPairStyle:edip\|AtomicPairStyle:kim_lj\|AtomicPairStyle:meam_sw_spline\|AtomicPairStyle:reaxff\|AtomicPairStyle:reaxff_lgvdw\|AtomicPairStyle:reaxff_noqeq\|AtomicPairStyle:reaxff_tabulate\|ManybodyPairStyle:bop_save\|ManybodyPairStyle:drip\|ManybodyPairStyle:drip_real\|ManybodyPairStyle:ilp-graphene-hbn\|ManybodyPairStyle:ilp-graphene-hbn_notaper\|ManybodyPairStyle:kolmogorov_crespi_full\|ManybodyPairStyle:lebedeva_z\|ManybodyPairStyle:mliap_so3\|ManybodyPairStyle:rann\|FixTimestep:momentum\|DihedralStyle:quadratic\|DihedralStyle:table_cut_linear\|DihedralStyle:table_linear\|MolPairStyle:lj_cut_tip4p_long_soft\|MolPairStyle:tip4p_table\|MolPairStyle:tip4p_cut\|MolPairStyle:tip4p_long\|MolPairStyle:lj_cut_tip4p_cut\|MolPairStyle:lj_cut_tip4p_table\)'
-%endif
-%ifarch %ix86
-%global testargs --exclude-regex MolPairStyle:lj_long_tip4p_long
-%endif
-%ifarch %arm
-%global testargs --exclude-regex '\(MolPairStyle:hybrid-scaled\|AtomicPairStyle:buck_coul_cut_qeq_point\|AtomicPairStyle:buck_coul_cut_qeq_shielded\|AtomicPairStyle:edip\|AtomicPairStyle:meam_sw_spline\|AtomicPairStyle:reaxff\|AtomicPairStyle:reaxff_lgvdw\|AtomicPairStyle:reaxff_noqeq\|AtomicPairStyle:reaxff_tabulate\)'
-%endif
-%ifarch s390x
-%global testargs --exclude-regex '\(MolPairStyle:buck_table_coul_off\|MolPairStyle:lj_table_coul_off\|MolPairStyle:soft\|AtomicPairStyle:buck_coul_cut_qeq_point\|AtomicPairStyle:buck_coul_cut_qeq_shielded\|AtomicPairStyle:edip\|AtomicPairStyle:kim_lj\|AtomicPairStyle:meam_sw_spline\|AtomicPairStyle:reaxff\|AtomicPairStyle:reaxff_lgvdw\|AtomicPairStyle:reaxff_noqeq\|AtomicPairStyle:reaxff_tabulate\|ManybodyPairStyle:bop_save\|ManybodyPairStyle:drip\|ManybodyPairStyle:drip_real\|ManybodyPairStyle:ilp-graphene-hbn\|ManybodyPairStyle:ilp-graphene-hbn_notaper\|ManybodyPairStyle:kolmogorov_crespi_full\|ManybodyPairStyle:lebedeva_z\|ManybodyPairStyle:meam\|ManybodyPairStyle:mliap_so3\|ManybodyPairStyle:rann\|FixTimestep:momentum\|DihedralStyle:quadratic\|DihedralStyle:table_cut_linear\|DihedralStyle:table_linear\)'
-%endif
-%ifarch aarch64
-%global testargs --exclude-regex '\(MolPairStyle:hybrid-scaled\|AtomicPairStyle:buck_coul_cut_qeq_point\|AtomicPairStyle:buck_coul_cut_qeq_shielded\|AtomicPairStyle:edip\|AtomicPairStyle:kim_lj\|AtomicPairStyle:meam_sw_spline\|AtomicPairStyle:reaxff\|AtomicPairStyle:reaxff_lgvdw\|AtomicPairStyle:reaxff_noqeq\|AtomicPairStyle:reaxff_tabulate\|ManybodyPairStyle:bop_save\|ManybodyPairStyle:drip\|ManybodyPairStyle:drip_real\|ManybodyPairStyle:ilp-graphene-hbn\|ManybodyPairStyle:ilp-graphene-hbn_notaper\|ManybodyPairStyle:kolmogorov_crespi_full\|ManybodyPairStyle:lebedeva_z\|ManybodyPairStyle:mliap_so3\|ManybodyPairStyle:rann\|FixTimestep:momentum\|FixTimestep:rigid_nph_small\|DihedralStyle:quadratic\|DihedralStyle:table_cut_linear\|DihedralStyle:table_linear\|MolPairStyle:lj_cut_tip4p_cut\|MolPairStyle:lj_cut_tip4p_long\)'
-%endif
-%endif
. /etc/profile.d/modules.sh
for mpi in '' mpich openmpi %{?el7:openmpi3} ; do
@@ -343,6 +323,9 @@ done
%config %{_sysconfdir}/profile.d/lammps.*
%changelog
+* Fri Feb 18 2022 Richard Berger <richard.berger(a)outlook.com> - 20220217-1
+- Version bump to 20220217
+
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 20210929.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
commit bb112b0d0150b7c6ddc6ef171b92b371ff683e5c
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Thu Feb 17 13:55:44 2022 -0500
Update testing commit
diff --git a/lammps.spec b/lammps.spec
index de4ce6b..02b0a18 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -1,5 +1,5 @@
%global git 0
-%global commit 6d2f4343d9f4f19d05661e86795e0aae19c4e054
+%global commit 7fe194e59ed80bd4840ccbdfac79e2df31e53491
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global gtest_commit 43efa0a4efd40c78b9210d15373112081899a97c
commit 6f7338321720f61986c39943cf0c796b64ca59fa
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Wed Feb 16 10:42:45 2022 -0500
Update testing commit
diff --git a/lammps.spec b/lammps.spec
index 9c59067..de4ce6b 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -1,5 +1,5 @@
%global git 0
-%global commit 618b3ec94f35cdcb1f1430074c8ac3ea1a85dcb8
+%global commit 6d2f4343d9f4f19d05661e86795e0aae19c4e054
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global gtest_commit 43efa0a4efd40c78b9210d15373112081899a97c
commit ab9000b2437e46072a138f3b72457f53972c60bf
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Mon Feb 14 19:32:12 2022 -0500
Update OpenCL loader tarball and testing commit
diff --git a/lammps.spec b/lammps.spec
index fa05db5..9c59067 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -1,5 +1,5 @@
%global git 0
-%global commit 81587527fe2c613168d2af76f21aa3c406d41c66
+%global commit 618b3ec94f35cdcb1f1430074c8ac3ea1a85dcb8
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global gtest_commit 43efa0a4efd40c78b9210d15373112081899a97c
@@ -37,7 +37,7 @@ Source0: https://github.com/lammps/lammps/archive/%{uversion}.tar.gz#/%{n
%endif
Source1: https://github.com/google/googletest/archive/%{gtest_commit}.tar.gz#/goog...
Source2: https://pyyaml.org/download/libyaml/yaml-0.2.5.tar.gz
-Source3: https://download.lammps.org/thirdparty/opencl-loader-2021.09.18.tar.gz
+Source3: https://download.lammps.org/thirdparty/opencl-loader-2022.01.04.tar.gz
BuildRequires: fftw-devel
BuildRequires: gcc-c++
BuildRequires: gcc-fortran
commit 56026d7be426990416bab669f67f3b4c91f30f50
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Mon Feb 14 13:33:26 2022 -0500
Update testing commit
diff --git a/lammps.spec b/lammps.spec
index e84184c..fa05db5 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -1,5 +1,5 @@
%global git 0
-%global commit ce83ca1efdd376f352b0ba2ed68a8a4a9f0913b3
+%global commit 81587527fe2c613168d2af76f21aa3c406d41c66
%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global gtest_commit 43efa0a4efd40c78b9210d15373112081899a97c
commit 4cc56455cd00da5cc57320b749762df3c6a808c3
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Wed Feb 9 17:30:17 2022 -0500
Filter ctests with unstable label
diff --git a/lammps.spec b/lammps.spec
index 332c767..e84184c 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -242,6 +242,9 @@ done
%check
+%if %{git}
+%global testargs --label-exclude unstable
+%else
# https://github.com/lammps/lammps/issues/3080
# replace this by --label-exclude unstable in the next major release
%ifarch ppc64le
@@ -259,6 +262,7 @@ done
%ifarch aarch64
%global testargs --exclude-regex '\(MolPairStyle:hybrid-scaled\|AtomicPairStyle:buck_coul_cut_qeq_point\|AtomicPairStyle:buck_coul_cut_qeq_shielded\|AtomicPairStyle:edip\|AtomicPairStyle:kim_lj\|AtomicPairStyle:meam_sw_spline\|AtomicPairStyle:reaxff\|AtomicPairStyle:reaxff_lgvdw\|AtomicPairStyle:reaxff_noqeq\|AtomicPairStyle:reaxff_tabulate\|ManybodyPairStyle:bop_save\|ManybodyPairStyle:drip\|ManybodyPairStyle:drip_real\|ManybodyPairStyle:ilp-graphene-hbn\|ManybodyPairStyle:ilp-graphene-hbn_notaper\|ManybodyPairStyle:kolmogorov_crespi_full\|ManybodyPairStyle:lebedeva_z\|ManybodyPairStyle:mliap_so3\|ManybodyPairStyle:rann\|FixTimestep:momentum\|FixTimestep:rigid_nph_small\|DihedralStyle:quadratic\|DihedralStyle:table_cut_linear\|DihedralStyle:table_linear\|MolPairStyle:lj_cut_tip4p_cut\|MolPairStyle:lj_cut_tip4p_long\)'
%endif
+%endif
. /etc/profile.d/modules.sh
for mpi in '' mpich openmpi %{?el7:openmpi3} ; do
commit 28035fbb353cd94d060b43c4e14a972552ca53d2
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Wed Feb 9 16:07:20 2022 -0500
Add global git to allow builds on newer commits
diff --git a/lammps.spec b/lammps.spec
index 2c3f1af..332c767 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -1,3 +1,6 @@
+%global git 0
+%global commit ce83ca1efdd376f352b0ba2ed68a8a4a9f0913b3
+%global shortcommit %(c=%{commit}; echo ${c:0:7})
%global gtest_commit 43efa0a4efd40c78b9210d15373112081899a97c
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
@@ -10,7 +13,11 @@
%endif
Name: lammps
+%if %{git}
+Version: 20220107^%{shortcommit}
+%else
Version: 20210929.2
+%endif
%global uversion %(v=%{version}; \
patch=${v##*.}; [[ $v = $patch ]] && patch= \
v=${v%%.*}; \
@@ -23,7 +30,11 @@ Release: 2%{?dist}
Summary: Molecular Dynamics Simulator
License: GPLv2
Url: https://www.lammps.org/
+%if %{git}
+Source0: https://github.com/lammps/lammps/archive/%{commit}/lammps-%{commit}.tar.g...
+%else
Source0: https://github.com/lammps/lammps/archive/%{uversion}.tar.gz#/%{name}-%{uv...
+%endif
Source1: https://github.com/google/googletest/archive/%{gtest_commit}.tar.gz#/goog...
Source2: https://pyyaml.org/download/libyaml/yaml-0.2.5.tar.gz
Source3: https://download.lammps.org/thirdparty/opencl-loader-2021.09.18.tar.gz
@@ -179,7 +190,11 @@ BuildArch: noarch
This package contains data files for LAMMPS.
%prep
+%if %{git}
+%setup -q -n %{name}-%{commit}
+%else
%setup -q -n %{name}-%{uversion}
+%endif
%build
%global _vpath_srcdir cmake
commit 7c321911248ee9a7667139da898febcb3ef8e5d3
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Wed Feb 9 16:05:59 2022 -0500
Simplify .gitignore
diff --git a/.gitignore b/.gitignore
index 63106cc..ef38b3f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,30 +1,5 @@
/lammps-*.src.rpm
-/lammps-patch_11Aug2017.tar.gz
-/lammps-patch_1Sep2017.tar.gz
-/lammps-patch_23Oct2017.tar.gz
-/lammps-patch_17Jan2018.tar.gz
-/lammps-patch_22Feb2018.tar.gz
-/lammps-patch_8Mar2018.tar.gz
-/lammps-stable_16Mar2018.tar.gz
-/lammps-stable_22Aug2018.tar.gz
-/lammps-stable_12Dec2018.tar.gz
-/lammps-testing-7869c75cac38cb8a3d2ef7747ea12ec5812f5151.tar.gz
-/lammps-stable_5Jun2019.tar.gz
-/lammps-testing-827be7af84ca100d394ea1cf6d3bc49f6a8eef92.tar.gz
-/lammps-stable_7Aug2019.tar.gz
-/lammps-testing-d0394a77fa2b4b2d545a73ea092cf6de7616aac8.tar.gz
-/lammps-stable_3Mar2020.tar.gz
-/lammps-testing-e6a3a1989c0c2629c85ebef115bf3258a6347f48.tar.gz
-/lammps-testing-stable_3Mar2020.tar.gz
-/lammps-patch_5May2020.tar.gz
-/lammps-testing-patch_5May2020.tar.gz
-/lammps-patch_30Jun2020.tar.gz
-/release-1.10.0.tar.gz
-/lammps-patch_21Aug2020.tar.gz
-/lammps-patch_18Sep2020.tar.gz
-/lammps-patch_29Oct2020.tar.gz
+/lammps-*.tar.gz
+/googletest-*.tar.gz
/opencl-loader-2021.09.18.tar.gz
/yaml-0.2.5.tar.gz
-/lammps-patch_29Sep2021.tar.gz
-/lammps-stable_29Sep2021_update1.tar.gz
-/lammps-stable_29Sep2021_update2.tar.gz
commit 3f84862aac2a4c26f33a58fb05b123e0669a9493
Author: Richard Berger <richard.berger(a)outlook.com>
Date: Wed Feb 9 16:05:19 2022 -0500
Remove gtest_gcc12.patch and use newer GTest instead
diff --git a/gtest_gcc12.patch b/gtest_gcc12.patch
deleted file mode 100644
index e2cd982..0000000
--- a/gtest_gcc12.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-diff -Naur lammps-patch_29Sep2021.orig/cmake/Modules/GTest.cmake lammps-patch_29Sep2021/cmake/Modules/GTest.cmake
---- lammps-patch_29Sep2021.orig/cmake/Modules/GTest.cmake 2022-02-01 17:24:24.648202705 -0700
-+++ lammps-patch_29Sep2021/cmake/Modules/GTest.cmake 2022-02-01 17:24:04.363665231 -0700
-@@ -26,6 +26,7 @@
- <BINARY_DIR>/lib/libgmock${GTEST_LIB_POSTFIX}${CMAKE_STATIC_LIBRARY_SUFFIX}
- <BINARY_DIR>/lib/libgtest_main${GTEST_LIB_POSTFIX}${CMAKE_STATIC_LIBRARY_SUFFIX}
- <BINARY_DIR>/lib/libgmock_main${GTEST_LIB_POSTFIX}${CMAKE_STATIC_LIBRARY_SUFFIX}
-+ PATCH_COMMAND patch -p1 <${CMAKE_SOURCE_DIR}/f7902802f1a61140e188223fb6d1c95925cbec4a.patch
- LOG_DOWNLOAD ON
- LOG_CONFIGURE ON
- LOG_BUILD ON
-diff -Naur lammps-patch_29Sep2021.orig/f7902802f1a61140e188223fb6d1c95925cbec4a.patch lammps-patch_29Sep2021/f7902802f1a61140e188223fb6d1c95925cbec4a.patch
---- lammps-patch_29Sep2021.orig/f7902802f1a61140e188223fb6d1c95925cbec4a.patch 1969-12-31 17:00:00.000000000 -0700
-+++ lammps-patch_29Sep2021/f7902802f1a61140e188223fb6d1c95925cbec4a.patch 2022-02-01 17:24:41.084827921 -0700
-@@ -0,0 +1,41 @@
-+From f7902802f1a61140e188223fb6d1c95925cbec4a Mon Sep 17 00:00:00 2001
-+From: dmauro <dmauro(a)google.com>
-+Date: Fri, 18 Jun 2021 19:32:08 +0000
-+Subject: [PATCH] Googletest export
-+
-+Remove -Werror from the CMake compiler flags
-+
-+We should not force warnings as errors on users.
-+Sometimes compilers introduce new warnings which
-+will break builds.
-+
-+Instead, we manually turn this flag on in our continuous integration
-+scripts so we can catch these errors, but not force them on our users.
-+
-+Fixes #3447
-+
-+PiperOrigin-RevId: 380241852
-+---
-+ googletest/cmake/internal_utils.cmake | 4 ++--
-+ 1 file changed, 2 insertions(+), 2 deletions(-)
-+
-+diff --git a/googletest/cmake/internal_utils.cmake b/googletest/cmake/internal_utils.cmake
-+index 8d8d60a86c..58fc9bfbee 100644
-+--- a/googletest/cmake/internal_utils.cmake
-++++ b/googletest/cmake/internal_utils.cmake
-+@@ -84,13 +84,13 @@ macro(config_compiler_and_linker)
-+ # Ensure MSVC treats source files as UTF-8 encoded.
-+ set(cxx_base_flags "${cxx_base_flags} -utf-8")
-+ elseif (CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
-+- set(cxx_base_flags "-Wall -Wshadow -Werror -Wconversion")
-++ set(cxx_base_flags "-Wall -Wshadow -Wconversion")
-+ set(cxx_exception_flags "-fexceptions")
-+ set(cxx_no_exception_flags "-fno-exceptions")
-+ set(cxx_strict_flags "-W -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wunused-parameter -Wcast-align -Wchar-subscripts -Winline -Wredundant-decls")
-+ set(cxx_no_rtti_flags "-fno-rtti")
-+ elseif (CMAKE_COMPILER_IS_GNUCXX)
-+- set(cxx_base_flags "-Wall -Wshadow -Werror")
-++ set(cxx_base_flags "-Wall -Wshadow")
-+ if(NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 7.0.0)
-+ set(cxx_base_flags "${cxx_base_flags} -Wno-error=dangling-else")
-+ endif()
diff --git a/lammps.spec b/lammps.spec
index 11d94a8..2c3f1af 100644
--- a/lammps.spec
+++ b/lammps.spec
@@ -1,3 +1,5 @@
+%global gtest_commit 43efa0a4efd40c78b9210d15373112081899a97c
+
%if 0%{?fedora} >= 33 || 0%{?rhel} >= 9
%global blaslib flexiblas
%global cmake_blas_flags -DBLA_VENDOR=FlexiBLAS
@@ -22,10 +24,9 @@ Summary: Molecular Dynamics Simulator
License: GPLv2
Url: https://www.lammps.org/
Source0: https://github.com/lammps/lammps/archive/%{uversion}.tar.gz#/%{name}-%{uv...
-Source1: https://github.com/google/googletest/archive/release-1.10.0.tar.gz
+Source1: https://github.com/google/googletest/archive/%{gtest_commit}.tar.gz#/goog...
Source2: https://pyyaml.org/download/libyaml/yaml-0.2.5.tar.gz
Source3: https://download.lammps.org/thirdparty/opencl-loader-2021.09.18.tar.gz
-Patch0: gtest_gcc12.patch
BuildRequires: fftw-devel
BuildRequires: gcc-c++
BuildRequires: gcc-fortran
@@ -179,8 +180,6 @@ This package contains data files for LAMMPS.
%prep
%setup -q -n %{name}-%{uversion}
-%patch0 -p1
-sed -i -e '/LOG_CONFIGURE/d' -e '/LOG_BUILD/d' cmake/Modules/GTest.cmake
%build
%global _vpath_srcdir cmake
@@ -202,9 +201,9 @@ for mpi in '' mpich openmpi %{?el7:openmpi3} ; do
%{?with_kokkos:-DPKG_KOKKOS=ON -DEXTERNAL_KOKKOS=ON} \
-DPKG_KIM=ON \
-DENABLE_TESTING=ON \
- -DGTEST_URL=%{S:1} \
- -DYAML_URL=%{S:2} \
- -DOPENCL_LOADER_URL=%{S:3} \
+ -DGTEST_URL=file://%{S:1} \
+ -DYAML_URL=file://%{S:2} \
+ -DOPENCL_LOADER_URL=file://%{S:3} \
-DPYTHON_INSTDIR=%{python3_sitelib} \
-DCMAKE_INSTALL_SYSCONFDIR=/etc \
-DPKG_GPU=ON -DGPU_API=OpenCL \
1 year, 12 months
Architecture specific change in rpms/java-1.8.0-openjdk.git
by githook-noreply@fedoraproject.org
The package rpms/java-1.8.0-openjdk.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id...
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id...
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id...
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id...
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id....
Change:
+%ifarch %{gdb_arches}
+%ifarch %{bootstrap_arches}
+%ifarch %{bootstrap_arches}
+%ifarch %{share_arches}
+%ifarch %{share_arches}
Thanks.
Full change:
============
commit 2aed6d3e5b2fb7531d56bf1c60e5c8cb421cdd9f
Merge: 3bcd2bd 870c9df
Author: Jiri <jvanek(a)redhat.com>
Date: Thu Apr 28 15:39:55 2022 +0200
Merge branch 'f35' into f34
commit 870c9df011084103e6d428088e7a6662d57dec32
Merge: 3c30c3c d2443b0
Author: Jiri <jvanek(a)redhat.com>
Date: Thu Apr 28 15:34:48 2022 +0200
Merge branch 'f36' into f35
commit d2443b0107fb7855cf52e3879cab1caa46ba23f8
Merge: 9b9a3bb 100440c
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Apr 28 14:25:55 2022 +0200
Merge branch 'rawhide' into f36
commit 100440c51eb31742f057c7e2b66df2a1c8d7d3fa
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Apr 20 20:38:06 2022 +0100
Update to shenandoah-jdk8u332-b09 (GA)
Update release notes for 8u332-b09.
Switch to GA mode for final release.
diff --git a/.gitignore b/.gitignore
index 42c84a9..a973960 100644
--- a/.gitignore
+++ b/.gitignore
@@ -254,3 +254,4 @@
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 6baf506..f9af271 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,22 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u332
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
+* Security fixes
+ - JDK-8269938: Enhance XML processing passes redux
+ - JDK-8270504, CVE-2022-21426: Better XPath expression handling
+ - JDK-8272255: Completely handle MIDI files
+ - JDK-8272261: Improve JFR recording file processing
+ - JDK-8272594: Better record of recordings
+ - JDK-8274221: More definite BER encodings
+ - JDK-8275151, CVE-2022-21443: Improved Object Identification
+ - JDK-8277227: Better identification of OIDs
+ - JDK-8277672, CVE-2022-21434: Better invocation handler handling
+ - JDK-8278008, CVE-2022-21476: Improve Santuario processing
+ - JDK-8278356: Improve file creation
+ - JDK-8278449: Improve keychain support
+ - JDK-8278805: Enhance BMP image loading
+ - JDK-8278972, CVE-2022-21496: Improve URL supports
+ - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
* Other changes
- JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
- JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
@@ -32,7 +48,6 @@ Live versions of these release notes can be found at:
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
- JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
- - JDK-8260632: Build failures after JDK-8253353
- JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
- JDK-8270290: NTLM authentication fails if HEAD request is used
- JDK-8273229: Update OS detection code to recognize Windows Server 2022
@@ -43,7 +58,13 @@ Live versions of these release notes can be found at:
- JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
- JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack()
+ - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
+ - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
+ - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
+ - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
+ - JDK-8284936: Fix Java 7 bootstrap breakage due to use of Arrays.stream
* Shenandoah
+ - JDK-8260632: Build failures after JDK-8253353
- JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git
New in release OpenJDK 8u322 (2022-01-18):
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index a81960a..5098c8b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision shenandoah-jdk8u332-b06
+%global shenandoah_revision shenandoah-jdk8u332-b09
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -349,7 +349,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2781,6 +2781,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b09-1
+- Update to shenandoah-jdk8u332-b09 (GA)
+- Update release notes for 8u332-b09.
+- Switch to GA mode for final release.
+
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b06-0.1.ea
- Update to shenandoah-jdk8u332-b06 (EA)
- Update release notes for shenandoah-8u332-b06.
diff --git a/sources b/sources
index 8c3d3bb..4662b4c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz) = 663e0093bf7d5698c168e1609b88179ccd8cfb8b1e8ecc937cdaae287960dedea170bce16572f79046e45fafce38dca6848e7524da06a56d4aa0ad15af271775
+SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz) = 23d906ecce6864e0bd3ae4c95ac597eb697c1e28356371aafd7aabab5c3a9a9d861c326125e7a45f15340a5a106c1915808fa93b3ff7cdc8b003647a44caf7fd
commit 019748fe88a640f21bc95a68a25c96082b5fe52b
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Apr 19 00:39:55 2022 +0100
Update to shenandoah-jdk8u332-b06 (EA)
Update release notes for shenandoah-8u332-b06.
diff --git a/.gitignore b/.gitignore
index 1a13c4c..42c84a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -253,3 +253,4 @@
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 8c34c43..6baf506 100644
--- a/NEWS
+++ b/NEWS
@@ -13,11 +13,16 @@ Live versions of these release notes can be found at:
- JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
- JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
- JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java
+ - JDK-8037259: xerces update: xpointer update
+ - JDK-8041523: Xerces Update: Serializer improvements from Xalan
+ - JDK-8141508: java.lang.invoke.LambdaConversionException: Invalid receiver type
- JDK-8162572: Update License Header for all JAXP sources
- JDK-8167014: jdeps: Missing message: warn.skipped.entry
- JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5
- JDK-8202822: Add .git to .hgignore
- JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 <cont> commands
+ - JDK-8209178: Proxied HttpsURLConnection doesn't send BODY when retrying POST request
+ - JDK-8210283: Support git as an SCM alternative in the build
- JDK-8218682: [TEST_BUG] DashOffset fails in mach5
- JDK-8225690: Multiple AttachListener threads can be created
- JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
@@ -27,10 +32,17 @@ Live versions of these release notes can be found at:
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
- JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
+ - JDK-8260632: Build failures after JDK-8253353
- JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
- JDK-8270290: NTLM authentication fails if HEAD request is used
+ - JDK-8273229: Update OS detection code to recognize Windows Server 2022
+ - JDK-8273341: Update Siphash to version 1.0
+ - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated
+ - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
- JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
+ - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
+ - JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack()
* Shenandoah
- JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index bcb79b4..a81960a 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision shenandoah-jdk8u332-b01
+%global shenandoah_revision shenandoah-jdk8u332-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2781,9 +2781,13 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b06-0.1.ea
+- Update to shenandoah-jdk8u332-b06 (EA)
+- Update release notes for shenandoah-8u332-b06.
+
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b01-0.1.ea
- Update to shenandoah-jdk8u332-b01 (EA)
-- Update release notes for 8u332-b01.
+- Update release notes for shenandoah-8u332-b01.
- Switch to EA mode.
* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
diff --git a/sources b/sources
index 71b554d..8c3d3bb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz) = 55b8968e78631acdf14a594d83f6e357e00114dac9f6330a80116a909b402a9f879abb9f1cd8b576fb627a50b01db22be19a1e24ee4078e97c8ecc84428eb184
+SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz) = 663e0093bf7d5698c168e1609b88179ccd8cfb8b1e8ecc937cdaae287960dedea170bce16572f79046e45fafce38dca6848e7524da06a56d4aa0ad15af271775
commit cb59f552f45f912f6949702632cd35daa82bfb7a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Apr 18 01:19:19 2022 +0100
Update to shenandoah-jdk8u332-b01 (EA)
Update release notes for 8u332-b01.
Switch to EA mode.
diff --git a/.gitignore b/.gitignore
index c3d10c5..1a13c4c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -252,3 +252,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index e911b13..8c34c43 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,37 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u332 (2022-04-19):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u332
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
+
+* Other changes
+ - JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
+ - JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
+ - JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java
+ - JDK-8162572: Update License Header for all JAXP sources
+ - JDK-8167014: jdeps: Missing message: warn.skipped.entry
+ - JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5
+ - JDK-8202822: Add .git to .hgignore
+ - JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 <cont> commands
+ - JDK-8218682: [TEST_BUG] DashOffset fails in mach5
+ - JDK-8225690: Multiple AttachListener threads can be created
+ - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
+ - JDK-8227815: Minimal VM: set_state is not a member of AttachListener
+ - JDK-8240633: Memory leaks in the implementations of FileChooserUI
+ - JDK-8241768: git needs .gitattributes
+ - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
+ - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
+ - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
+ - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
+ - JDK-8270290: NTLM authentication fails if HEAD request is used
+ - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
+ - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
+* Shenandoah
+ - JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git
+
New in release OpenJDK 8u322 (2022-01-18):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9177d7d..bcb79b4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
+%global shenandoah_revision shenandoah-jdk8u332-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -344,12 +344,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 7
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2781,6 +2781,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b01-0.1.ea
+- Update to shenandoah-jdk8u332-b01 (EA)
+- Update release notes for 8u332-b01.
+- Switch to EA mode.
+
* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
- Reinstate JIT builds on x86_32.
- Add JDK-8282231 to fix missing CALL effects on x86_32.
diff --git a/sources b/sources
index 35c822f..71b554d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz) = 0f2af8cacb1a4acdca7c1b2d5cc1e0d27f9abf8e05ccf7e8384074ac124132012b15e36abc31b498f746d6f5295530f535a9d9d85a3e45b387728b4ce726ccc7
+SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz) = 55b8968e78631acdf14a594d83f6e357e00114dac9f6330a80116a909b402a9f879abb9f1cd8b576fb627a50b01db22be19a1e24ee4078e97c8ecc84428eb184
commit 9b9a3bb4af6552f3a6a88c45bd8ed22498195f99
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 19:50:19 2022 +0000
Reinstate JIT builds on x86_32.
Add JDK-8282231 to fix missing CALL effects on x86_32.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c4c077f..bab7b61 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -100,9 +100,9 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{aarch64} %{power64} sparcv9 sparc64 x86_64
+%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches %{arm} %{ix86} ppc s390 s390x
+%global zero_arches %{arm} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 6
+%global rpmrelease 7
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1524,6 +1524,8 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch581: jdk8257794-remove_broken_assert.patch
+# JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
+Patch582: jdk8282231-x86_32-missing_call_effects.patch
#############################################
#
@@ -1959,6 +1961,7 @@ sh %{SOURCE12}
%patch112
%patch580
%patch581
+%patch582
# RPM-only fixes
%patch539
@@ -2778,6 +2781,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
+- Reinstate JIT builds on x86_32.
+- Add JDK-8282231 to fix missing CALL effects on x86_32.
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
- Storing and restoring alterntives during update manually
- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
diff --git a/jdk8282231-x86_32-missing_call_effects.patch b/jdk8282231-x86_32-missing_call_effects.patch
new file mode 100644
index 0000000..ab341b6
--- /dev/null
+++ b/jdk8282231-x86_32-missing_call_effects.patch
@@ -0,0 +1,35 @@
+diff --git openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+index c8f4ee1613..cc0f4eef14 100644
+--- openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad
++++ openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+@@ -1,5 +1,5 @@
+ //
+-// Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
++// Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ //
+ // This code is free software; you can redistribute it and/or modify it
+@@ -7665,9 +7665,9 @@ instruct divI_eReg(eAXRegI rax, eDXRegI rdx, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Divide Register Long
+-instruct divL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct divL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (DivL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
+@@ -7713,9 +7713,9 @@ instruct modI_eReg(eDXRegI rdx, eAXRegI rax, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Remainder Register Long
+-instruct modL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct modL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (ModL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
commit 7e5331a512b10f543bdc371bf13db8cee6ec1f77
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 19:50:19 2022 +0000
Reinstate JIT builds on x86_32.
Add JDK-8282231 to fix missing CALL effects on x86_32.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 5efbb8e..9177d7d 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -100,9 +100,9 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{aarch64} %{power64} sparcv9 sparc64 x86_64
+%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches %{arm} %{ix86} ppc s390 s390x
+%global zero_arches %{arm} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 6
+%global rpmrelease 7
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1524,6 +1524,8 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch581: jdk8257794-remove_broken_assert.patch
+# JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
+Patch582: jdk8282231-x86_32-missing_call_effects.patch
#############################################
#
@@ -1959,6 +1961,7 @@ sh %{SOURCE12}
%patch112
%patch580
%patch581
+%patch582
# RPM-only fixes
%patch539
@@ -2778,6 +2781,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
+- Reinstate JIT builds on x86_32.
+- Add JDK-8282231 to fix missing CALL effects on x86_32.
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
- Storing and restoring alterntives during update manually
- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
diff --git a/jdk8282231-x86_32-missing_call_effects.patch b/jdk8282231-x86_32-missing_call_effects.patch
new file mode 100644
index 0000000..ab341b6
--- /dev/null
+++ b/jdk8282231-x86_32-missing_call_effects.patch
@@ -0,0 +1,35 @@
+diff --git openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+index c8f4ee1613..cc0f4eef14 100644
+--- openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad
++++ openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+@@ -1,5 +1,5 @@
+ //
+-// Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
++// Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ //
+ // This code is free software; you can redistribute it and/or modify it
+@@ -7665,9 +7665,9 @@ instruct divI_eReg(eAXRegI rax, eDXRegI rdx, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Divide Register Long
+-instruct divL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct divL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (DivL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
+@@ -7713,9 +7713,9 @@ instruct modI_eReg(eDXRegI rdx, eAXRegI rax, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Remainder Register Long
+-instruct modL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct modL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (ModL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
commit 3c30c3c566312ccbaddb5671205f7e7d5bd43e9f
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Feb 28 15:43:06 2022 +0100
Added forgotten rh2021263-fips_separate_policy_and_fips_init.patch
diff --git a/rh2021263-fips_separate_policy_and_fips_init.patch b/rh2021263-fips_separate_policy_and_fips_init.patch
new file mode 100644
index 0000000..e237841
--- /dev/null
+++ b/rh2021263-fips_separate_policy_and_fips_init.patch
@@ -0,0 +1,98 @@
+commit aaf92165ad1cbb1c9818eb60178c91293e13b053
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 15:13:14 2022 +0000
+
+ RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
+
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+index fa494b680f..b5aa5c749d 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -57,10 +57,6 @@ public final class Security {
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+
+- /* System property file*/
+- private static final String SYSTEM_PROPERTIES =
+- "/etc/crypto-policies/back-ends/java.config";
+-
+ /* The java.security properties */
+ private static Properties props;
+
+@@ -202,13 +198,6 @@ public final class Security {
+ }
+ }
+
+- String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+- if (disableSystemProps == null &&
+- "true".equalsIgnoreCase(props.getProperty
+- ("security.useSystemPropertiesFile"))) {
+- loadedProps = loadedProps && SystemConfigurator.configure(props);
+- }
+-
+ if (!loadedProps) {
+ initializeStatic();
+ if (sdebug != null) {
+@@ -217,6 +206,28 @@ public final class Security {
+ }
+ }
+
++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
++ if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
++ "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
++ if (!SystemConfigurator.configureSysProps(props)) {
++ if (sdebug != null) {
++ sdebug.println("WARNING: System properties could not be loaded.");
++ }
++ }
++ }
++
++ // FIPS support depends on the contents of java.security so
++ // ensure it has loaded first
++ if (loadedProps) {
++ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
++ if (sdebug != null) {
++ if (fipsEnabled) {
++ sdebug.println("FIPS support enabled.");
++ } else {
++ sdebug.println("FIPS support disabled.");
++ }
++ }
++ }
+ }
+
+ /*
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+index d1f677597d..7da65b1d2c 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -76,7 +76,7 @@ final class SystemConfigurator {
+ * java.security.disableSystemPropertiesFile property is not set and
+ * security.useSystemPropertiesFile is true.
+ */
+- static boolean configure(Properties props) {
++ static boolean configureSysProps(Properties props) {
+ boolean loadedProps = false;
+
+ try (BufferedInputStream bis =
+@@ -96,11 +96,19 @@ final class SystemConfigurator {
+ e.printStackTrace();
+ }
+ }
++ return loadedProps;
++ }
++
++ /*
++ * Invoked at the end of java.security.Security initialisation
++ * if java.security properties have been loaded
++ */
++ static boolean configureFIPS(Properties props) {
++ boolean loadedProps = false;
+
+ try {
+ if (enableFips()) {
+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
+- loadedProps = false;
+ // Remove all security providers
+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
+ while (i.hasNext()) {
commit be56a680008ed7cdc7a7cbd5baf84506528f3f69
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Feb 28 15:36:24 2022 +0100
Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9fcf73e..0f446f6 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -321,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 5
+%global rpmrelease 6
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -423,6 +423,50 @@
# not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+%define save_alternatives() %{expand:
+ # warning! alternatives are localised!
+ # LANG=cs_CZ.UTF-8 alternatives --display java | head
+ # LANG=en_US.UTF-8 alternatives --display java | head
+ function nonLocalisedAlternativesDisplayOfMaster() {
+ LANG=en_US.UTF-8 alternatives --display "$MASTER"
+ }
+ function headOfAbove() {
+ nonLocalisedAlternativesDisplayOfMaster | head -n $1
+ }
+ MASTER="%{?1}"
+ LOCAL_LINK="%{?2}"
+ FAMILY="%{?3}"
+ rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
+ if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
+ if headOfAbove 1 | grep -q manual ; then
+ if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
+ headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
+ fi
+ fi
+ fi
+}
+
+%define save_and_remove_alternatives() %{expand:
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ upgrade1_uninstal0=%{?3}
+ if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
+ %{save_alternatives %{?1} %{?2} %{?4}}
+ fi
+ alternatives --remove "%{?1}" "%{?2}"
+}
+
+%define set_if_needed_alternatives() %{expand:
+ MASTER="%{?1}"
+ FAMILY="%{?2}"
+ ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
+ if [ -e "$ALTERNATIVES_FILE" ] ; then
+ rm "$ALTERNATIVES_FILE"
+ alternatives --set $MASTER $FAMILY
+ fi
+}
+
%define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -431,14 +475,18 @@ exit 0
}
%define alternatives_java_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=java
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
+ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -476,11 +524,17 @@ alternatives \\
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ key=jre_"$X"
+ alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+key=jre_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
@@ -513,10 +567,14 @@ exit 0
%define postun_headless() %{expand:
- alternatives --remove java %{jrebindir -- %{?1}}/java
- alternatives --remove jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
}
%define posttrans_script() %{expand:
@@ -525,14 +583,18 @@ exit 0
%define alternatives_javac_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=javac
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
+ --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -626,12 +688,17 @@ alternatives \\
--slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\
%{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ key=java_sdk_"$X"
+ alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+key=java_sdk_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
@@ -642,10 +709,14 @@ exit 0
}
%define postun_devel() %{expand:
- alternatives --remove javac %{sdkbindir -- %{?1}}/javac
- alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -662,36 +733,49 @@ exit 0
}
%define alternatives_javadoc_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-alternatives \\
- --install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{family_noarch}
+key=javadocdir
+alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc() %{expand:
- alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0
}
%define alternatives_javadoczip_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-
-alternatives \\
- --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{family_noarch}
+key=javadoczip
+alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc_zip() %{expand:
- alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0
}
@@ -2648,6 +2732,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
+- Storing and restoring alterntives during update manually
+- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
+-- The move of alternatives creation to posttrans to fix:
+-- Bug 1200302 - dnf reinstall breaks alternatives
+-- Had caused the alternatives to be removed, and then created again,
+-- instead of being added, and then removing the old, and thus persisting
+-- the selection in family
+-- Thus this fix, is storing the family of manually selected master, and if
+-- stored, then it is restoring the family of the master
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
- Family extracted to globals
commit 3555655600b083f16de84e02615b66545053a70c
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Feb 28 15:35:39 2022 +0100
family extracted to globals
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 5da992c..9fcf73e 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -321,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 4
+%global rpmrelease 5
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -403,6 +403,9 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
+%global family %{name}.%{_arch}
+%global family_noarch %{name}
+
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@@ -435,7 +438,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -474,10 +477,10 @@ alternatives \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
}
%define post_headless() %{expand:
@@ -529,7 +532,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -625,10 +628,10 @@ alternatives \\
for X in %{origin} %{javaver} ; do
alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
}
%define post_devel() %{expand:
@@ -666,7 +669,7 @@ fi
alternatives \\
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -683,7 +686,7 @@ fi
alternatives \\
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -2645,6 +2648,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
+- Family extracted to globals
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
- javadoc-zip got its own provides next to plain javadoc ones
commit f6fde10644b216dfd32de618708e91306406c2c5
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Feb 28 15:35:07 2022 +0100
Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 52a09d4..5da992c 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -321,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 4
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1190,10 +1190,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
-Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
-Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif
}
@@ -1682,7 +1682,8 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} -zip}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{majorver} API documentation.
@@ -1695,7 +1696,7 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip
The %{origin_nice} %{majorver} API documentation compressed in a single archive.
@@ -2644,6 +2645,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
+- javadoc-zip got its own provides next to plain javadoc ones
+
* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
commit 5429d12f51b10505f3b1f9133c17687a4ca485f1
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Feb 28 15:34:23 2022 +0100
Separate crypto policy initialisation from FIPS
initialisation, now they are no longer interdependent
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 416b52b..52a09d4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -321,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1330,6 +1330,7 @@ Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
+Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
#############################################
#
@@ -1862,6 +1863,7 @@ sh %{SOURCE12}
%patch1011
%patch1014
%patch1015
+%patch1016
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2642,6 +2644,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
+- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
+
* Mon Jan 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
- Fix FIPS issues in native code and with initialisation of java.security.Security
commit 92f7c940c557cc8e65671d3c99071fde209ddd8c
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 11:47:05 2022 +0100
Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index ef8d491..c4c077f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 5
+%global rpmrelease 6
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -446,6 +446,50 @@
# not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+%define save_alternatives() %{expand:
+ # warning! alternatives are localised!
+ # LANG=cs_CZ.UTF-8 alternatives --display java | head
+ # LANG=en_US.UTF-8 alternatives --display java | head
+ function nonLocalisedAlternativesDisplayOfMaster() {
+ LANG=en_US.UTF-8 alternatives --display "$MASTER"
+ }
+ function headOfAbove() {
+ nonLocalisedAlternativesDisplayOfMaster | head -n $1
+ }
+ MASTER="%{?1}"
+ LOCAL_LINK="%{?2}"
+ FAMILY="%{?3}"
+ rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
+ if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
+ if headOfAbove 1 | grep -q manual ; then
+ if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
+ headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
+ fi
+ fi
+ fi
+}
+
+%define save_and_remove_alternatives() %{expand:
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ upgrade1_uninstal0=%{?3}
+ if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
+ %{save_alternatives %{?1} %{?2} %{?4}}
+ fi
+ alternatives --remove "%{?1}" "%{?2}"
+}
+
+%define set_if_needed_alternatives() %{expand:
+ MASTER="%{?1}"
+ FAMILY="%{?2}"
+ ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
+ if [ -e "$ALTERNATIVES_FILE" ] ; then
+ rm "$ALTERNATIVES_FILE"
+ alternatives --set $MASTER $FAMILY
+ fi
+}
+
%define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -454,14 +498,18 @@ exit 0
}
%define alternatives_java_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=java
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
+ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -499,11 +547,17 @@ alternatives \\
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ key=jre_"$X"
+ alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+key=jre_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
@@ -536,10 +590,14 @@ exit 0
%define postun_headless() %{expand:
- alternatives --remove java %{jrebindir -- %{?1}}/java
- alternatives --remove jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
}
%define posttrans_script() %{expand:
@@ -548,14 +606,18 @@ exit 0
%define alternatives_javac_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=javac
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
+ --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -649,12 +711,17 @@ alternatives \\
--slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\
%{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ key=java_sdk_"$X"
+ alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+key=java_sdk_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
@@ -665,10 +732,14 @@ exit 0
}
%define postun_devel() %{expand:
- alternatives --remove javac %{sdkbindir -- %{?1}}/javac
- alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -685,36 +756,49 @@ exit 0
}
%define alternatives_javadoc_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-alternatives \\
- --install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{family_noarch}
+key=javadocdir
+alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc() %{expand:
- alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0
}
%define alternatives_javadoczip_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-
-alternatives \\
- --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{family_noarch}
+key=javadoczip
+alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc_zip() %{expand:
- alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0
}
@@ -2694,6 +2778,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
+- Storing and restoring alterntives during update manually
+- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
+-- The move of alternatives creation to posttrans to fix:
+-- Bug 1200302 - dnf reinstall breaks alternatives
+-- Had caused the alternatives to be removed, and then created again,
+-- instead of being added, and then removing the old, and thus persisting
+-- the selection in family
+-- Thus this fix, is storing the family of manually selected master, and if
+-- stored, then it is restoring the family of the master
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
- Family extracted to globals
commit 917b9b412102145fecb2e50aa9c19418ca1788c4
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Feb 26 20:50:05 2022 +0100
family extracted to globals
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index e9a7a5f..ef8d491 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 4
+%global rpmrelease 5
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -426,6 +426,9 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
+%global family %{name}.%{_arch}
+%global family_noarch %{name}
+
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@@ -458,7 +461,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -497,10 +500,10 @@ alternatives \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
}
%define post_headless() %{expand:
@@ -552,7 +555,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -648,10 +651,10 @@ alternatives \\
for X in %{origin} %{javaver} ; do
alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
}
%define post_devel() %{expand:
@@ -689,7 +692,7 @@ fi
alternatives \\
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -706,7 +709,7 @@ fi
alternatives \\
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -2691,6 +2694,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
+- Family extracted to globals
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
- javadoc-zip got its own provides next to plain javadoc ones
commit 967ddd7db2f60920f109a601a71eedabd2086426
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 12:01:51 2022 +0100
Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8b0abfa..e9a7a5f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 4
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1217,10 +1217,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
-Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
-Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif
}
@@ -1705,7 +1705,8 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} -zip}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{majorver} API documentation.
@@ -1718,7 +1719,7 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip
The %{origin_nice} %{majorver} API documentation compressed in a single archive.
@@ -2690,6 +2691,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
+- javadoc-zip got its own provides next to plain javadoc ones
+
* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
commit 355e52d362a612cced85770416edd7c6d8e2c80a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 23 17:22:05 2022 +0000
Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8ab490b..8b0abfa 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1357,6 +1357,7 @@ Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
+Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
#############################################
#
@@ -1886,6 +1887,7 @@ sh %{SOURCE12}
%patch1011
%patch1014
%patch1015
+%patch1016
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2688,6 +2690,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
+- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
- Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/rh2021263-fips_separate_policy_and_fips_init.patch b/rh2021263-fips_separate_policy_and_fips_init.patch
new file mode 100644
index 0000000..e237841
--- /dev/null
+++ b/rh2021263-fips_separate_policy_and_fips_init.patch
@@ -0,0 +1,98 @@
+commit aaf92165ad1cbb1c9818eb60178c91293e13b053
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 15:13:14 2022 +0000
+
+ RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
+
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+index fa494b680f..b5aa5c749d 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -57,10 +57,6 @@ public final class Security {
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+
+- /* System property file*/
+- private static final String SYSTEM_PROPERTIES =
+- "/etc/crypto-policies/back-ends/java.config";
+-
+ /* The java.security properties */
+ private static Properties props;
+
+@@ -202,13 +198,6 @@ public final class Security {
+ }
+ }
+
+- String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+- if (disableSystemProps == null &&
+- "true".equalsIgnoreCase(props.getProperty
+- ("security.useSystemPropertiesFile"))) {
+- loadedProps = loadedProps && SystemConfigurator.configure(props);
+- }
+-
+ if (!loadedProps) {
+ initializeStatic();
+ if (sdebug != null) {
+@@ -217,6 +206,28 @@ public final class Security {
+ }
+ }
+
++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
++ if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
++ "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
++ if (!SystemConfigurator.configureSysProps(props)) {
++ if (sdebug != null) {
++ sdebug.println("WARNING: System properties could not be loaded.");
++ }
++ }
++ }
++
++ // FIPS support depends on the contents of java.security so
++ // ensure it has loaded first
++ if (loadedProps) {
++ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
++ if (sdebug != null) {
++ if (fipsEnabled) {
++ sdebug.println("FIPS support enabled.");
++ } else {
++ sdebug.println("FIPS support disabled.");
++ }
++ }
++ }
+ }
+
+ /*
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+index d1f677597d..7da65b1d2c 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -76,7 +76,7 @@ final class SystemConfigurator {
+ * java.security.disableSystemPropertiesFile property is not set and
+ * security.useSystemPropertiesFile is true.
+ */
+- static boolean configure(Properties props) {
++ static boolean configureSysProps(Properties props) {
+ boolean loadedProps = false;
+
+ try (BufferedInputStream bis =
+@@ -96,11 +96,19 @@ final class SystemConfigurator {
+ e.printStackTrace();
+ }
+ }
++ return loadedProps;
++ }
++
++ /*
++ * Invoked at the end of java.security.Security initialisation
++ * if java.security properties have been loaded
++ */
++ static boolean configureFIPS(Properties props) {
++ boolean loadedProps = false;
+
+ try {
+ if (enableFips()) {
+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
+- loadedProps = false;
+ // Remove all security providers
+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
+ while (i.hasNext()) {
commit 0e882feab657bc9990c6dab6f9eebe406640c1b4
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 02:36:10 2022 +0000
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b9bb5c6..8ab490b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2688,6 +2688,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
- Update release notes for 8u322-b06.
commit edb63206cdde09841e8be821f7393b649aaf07eb
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 11:47:05 2022 +0100
Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 587eee8..5efbb8e 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 5
+%global rpmrelease 6
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -446,6 +446,50 @@
# not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+%define save_alternatives() %{expand:
+ # warning! alternatives are localised!
+ # LANG=cs_CZ.UTF-8 alternatives --display java | head
+ # LANG=en_US.UTF-8 alternatives --display java | head
+ function nonLocalisedAlternativesDisplayOfMaster() {
+ LANG=en_US.UTF-8 alternatives --display "$MASTER"
+ }
+ function headOfAbove() {
+ nonLocalisedAlternativesDisplayOfMaster | head -n $1
+ }
+ MASTER="%{?1}"
+ LOCAL_LINK="%{?2}"
+ FAMILY="%{?3}"
+ rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
+ if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
+ if headOfAbove 1 | grep -q manual ; then
+ if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
+ headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
+ fi
+ fi
+ fi
+}
+
+%define save_and_remove_alternatives() %{expand:
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ upgrade1_uninstal0=%{?3}
+ if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
+ %{save_alternatives %{?1} %{?2} %{?4}}
+ fi
+ alternatives --remove "%{?1}" "%{?2}"
+}
+
+%define set_if_needed_alternatives() %{expand:
+ MASTER="%{?1}"
+ FAMILY="%{?2}"
+ ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
+ if [ -e "$ALTERNATIVES_FILE" ] ; then
+ rm "$ALTERNATIVES_FILE"
+ alternatives --set $MASTER $FAMILY
+ fi
+}
+
%define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -454,14 +498,18 @@ exit 0
}
%define alternatives_java_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=java
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
+ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -499,11 +547,17 @@ alternatives \\
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ key=jre_"$X"
+ alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+key=jre_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
@@ -536,10 +590,14 @@ exit 0
%define postun_headless() %{expand:
- alternatives --remove java %{jrebindir -- %{?1}}/java
- alternatives --remove jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
}
%define posttrans_script() %{expand:
@@ -548,14 +606,18 @@ exit 0
%define alternatives_javac_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=javac
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
+ --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -649,12 +711,17 @@ alternatives \\
--slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\
%{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ key=java_sdk_"$X"
+ alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+key=java_sdk_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
@@ -665,10 +732,14 @@ exit 0
}
%define postun_devel() %{expand:
- alternatives --remove javac %{sdkbindir -- %{?1}}/javac
- alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -685,36 +756,49 @@ exit 0
}
%define alternatives_javadoc_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-alternatives \\
- --install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{family_noarch}
+key=javadocdir
+alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc() %{expand:
- alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0
}
%define alternatives_javadoczip_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-
-alternatives \\
- --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{family_noarch}
+key=javadoczip
+alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc_zip() %{expand:
- alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0
}
@@ -2694,6 +2778,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
+- Storing and restoring alterntives during update manually
+- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
+-- The move of alternatives creation to posttrans to fix:
+-- Bug 1200302 - dnf reinstall breaks alternatives
+-- Had caused the alternatives to be removed, and then created again,
+-- instead of being added, and then removing the old, and thus persisting
+-- the selection in family
+-- Thus this fix, is storing the family of manually selected master, and if
+-- stored, then it is restoring the family of the master
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
- Family extracted to globals
commit 0da973f5a714bef5d665c3cc22869dad44a3a3bc
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Feb 26 20:50:05 2022 +0100
family extracted to globals
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8bb6504..587eee8 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 4
+%global rpmrelease 5
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -426,6 +426,9 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
+%global family %{name}.%{_arch}
+%global family_noarch %{name}
+
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@@ -458,7 +461,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -497,10 +500,10 @@ alternatives \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
}
%define post_headless() %{expand:
@@ -552,7 +555,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -648,10 +651,10 @@ alternatives \\
for X in %{origin} %{javaver} ; do
alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
}
%define post_devel() %{expand:
@@ -689,7 +692,7 @@ fi
alternatives \\
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -706,7 +709,7 @@ fi
alternatives \\
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -2691,6 +2694,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
+- Family extracted to globals
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
- javadoc-zip got its own provides next to plain javadoc ones
commit e88c69368c88f3a4a595433f1b9a21d1963c2054
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 12:01:51 2022 +0100
Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9885a10..8bb6504 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 4
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1217,10 +1217,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
-Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
-Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif
}
@@ -1705,7 +1705,8 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} -zip}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{majorver} API documentation.
@@ -1718,7 +1719,7 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip
The %{origin_nice} %{majorver} API documentation compressed in a single archive.
@@ -2690,6 +2691,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
+- javadoc-zip got its own provides next to plain javadoc ones
+
* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
commit f2e995182a63de4467a5361b3516fd4e42bb74ef
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 23 17:22:05 2022 +0000
Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 7e6f114..9885a10 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1357,6 +1357,7 @@ Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
+Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
#############################################
#
@@ -1886,6 +1887,7 @@ sh %{SOURCE12}
%patch1011
%patch1014
%patch1015
+%patch1016
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2688,6 +2690,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
+- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
- Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/rh2021263-fips_separate_policy_and_fips_init.patch b/rh2021263-fips_separate_policy_and_fips_init.patch
new file mode 100644
index 0000000..e237841
--- /dev/null
+++ b/rh2021263-fips_separate_policy_and_fips_init.patch
@@ -0,0 +1,98 @@
+commit aaf92165ad1cbb1c9818eb60178c91293e13b053
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 15:13:14 2022 +0000
+
+ RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
+
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+index fa494b680f..b5aa5c749d 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -57,10 +57,6 @@ public final class Security {
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+
+- /* System property file*/
+- private static final String SYSTEM_PROPERTIES =
+- "/etc/crypto-policies/back-ends/java.config";
+-
+ /* The java.security properties */
+ private static Properties props;
+
+@@ -202,13 +198,6 @@ public final class Security {
+ }
+ }
+
+- String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+- if (disableSystemProps == null &&
+- "true".equalsIgnoreCase(props.getProperty
+- ("security.useSystemPropertiesFile"))) {
+- loadedProps = loadedProps && SystemConfigurator.configure(props);
+- }
+-
+ if (!loadedProps) {
+ initializeStatic();
+ if (sdebug != null) {
+@@ -217,6 +206,28 @@ public final class Security {
+ }
+ }
+
++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
++ if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
++ "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
++ if (!SystemConfigurator.configureSysProps(props)) {
++ if (sdebug != null) {
++ sdebug.println("WARNING: System properties could not be loaded.");
++ }
++ }
++ }
++
++ // FIPS support depends on the contents of java.security so
++ // ensure it has loaded first
++ if (loadedProps) {
++ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
++ if (sdebug != null) {
++ if (fipsEnabled) {
++ sdebug.println("FIPS support enabled.");
++ } else {
++ sdebug.println("FIPS support disabled.");
++ }
++ }
++ }
+ }
+
+ /*
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+index d1f677597d..7da65b1d2c 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -76,7 +76,7 @@ final class SystemConfigurator {
+ * java.security.disableSystemPropertiesFile property is not set and
+ * security.useSystemPropertiesFile is true.
+ */
+- static boolean configure(Properties props) {
++ static boolean configureSysProps(Properties props) {
+ boolean loadedProps = false;
+
+ try (BufferedInputStream bis =
+@@ -96,11 +96,19 @@ final class SystemConfigurator {
+ e.printStackTrace();
+ }
+ }
++ return loadedProps;
++ }
++
++ /*
++ * Invoked at the end of java.security.Security initialisation
++ * if java.security properties have been loaded
++ */
++ static boolean configureFIPS(Properties props) {
++ boolean loadedProps = false;
+
+ try {
+ if (enableFips()) {
+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
+- loadedProps = false;
+ // Remove all security providers
+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
+ while (i.hasNext()) {
commit aa4a54e45a31ba0961e19c53b427976df48cd61f
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Feb 8 15:48:38 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b06 (EA)
Update release notes for 8u322-b06.
Switch to GA mode for final release.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github
Re-enable gdb backtrace check.
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/.gitignore b/.gitignore
index f1536da..c3d10c5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -250,3 +250,5 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 9773926..e911b13 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,33 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u322
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+* Security fixes
+ - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+ - JDK-8268488: More valuable DerValues
+ - JDK-8268494: Better inlining of inlined interfaces
+ - JDK-8268512: More content for ContentInfo
+ - JDK-8268795: Enhance digests of Jar files
+ - JDK-8268801: Improve PKCS attribute handling
+ - JDK-8268813, CVE-2022-21283: Better String matching
+ - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ - JDK-8269944: Better HTTP transport redux
+ - JDK-8270392, CVE-2022-21293: Improve String constructions
+ - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+ - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+ - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+ - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+ - JDK-8271962: Better TrueType font loading
+ - JDK-8271968: Better canonical naming
+ - JDK-8271987: Manifest improved manifest entries
+ - JDK-8272014, CVE-2022-21305: Better array indexing
+ - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+ - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+ - JDK-8272272: Enhance jcmd communication
+ - JDK-8272462: Enhance image handling
+ - JDK-8273290: Enhance sound handling
+ - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
+ - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+ - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
* Other changes
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
- JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
@@ -56,13 +83,18 @@ Live versions of these release notes can be found at:
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8273308: PatternMatchTest.java fails on CI
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8273968: JCK javax_xml tests fail in CI
- JDK-8274407: (tz) Update Timezone Data to 2021c
- JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+ - JDK-8275766: (tz) Update Timezone Data to 2021e
+ - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
Notes on individual issues:
===========================
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index c6f0756..61aad1f 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -7,9 +7,9 @@
# If you want to use a local copy of patch PR3822, set the path to it in the PR3822 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=jdk8u OR aarch64-port
-# REPO_NAME=jdk8u60 OR jdk8u60
-# VERSION=jdk8u60-b27 OR aarch64-jdk8u65-b17 OR for head, keyword 'tip' should do the job there
+# PROJECT_NAME=openjdk
+# REPO_NAME=shenandoah-jdk8u
+# VERSION=HEAD
#
# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
@@ -40,7 +40,7 @@ fi
set -e
-OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
+OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# jdk is last for its size
REPOS_DEFAULT="hotspot corba jaxws jaxp langtools nashorn jdk"
@@ -99,7 +99,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "x$REPO_ROOT" = "x" ] ; then
- REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
+ REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
if [ "x$REPOS" = "x" ] ; then
@@ -123,15 +123,9 @@ mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
-hg clone ${REPO_ROOT} openjdk -r ${VERSION}
+git clone -b ${VERSION} ${REPO_ROOT} openjdk
pushd openjdk
-for subrepo in ${REPOS}
-do
- echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
- hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
-done
-
# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
if [ -d langtools ] ; then
echo "Removing langtools test case with non-Free license"
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 970234f..b9bb5c6 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -115,15 +115,10 @@
%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support JFR
%global jfr_arches %{jit_arches}
-# Set of architectures where we verify backtraces with gdb (ideally all)
-# Temporarily disable check on x86, x86_64, ppc64le and s390x as gdb crashes
-# ../../gdb/objfiles.h:510: internal-error: sect_index_data not initialized
-# A problem internal to GDB has been detected,
-# further debugging may prove unreliable.
-# See https://bugzilla.redhat.com/show_bug.cgi?id=2041970
-%global gdb_arches sparcv9 sparc64 %{aarch64} %{arm} ppc s390
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
+# Set of architectures where we verify backtraces with gdb
+%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@@ -332,9 +327,9 @@
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
-%global shenandoah_project aarch64-port
-%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b04
+%global shenandoah_project openjdk
+%global shenandoah_repo shenandoah-jdk8u
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -349,12 +344,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -1146,8 +1141,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2021c required as of JDK-8274407 in January 2022 CPU
-Requires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+Requires: tzdata-java >= 2021e
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1359,6 +1354,9 @@ Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
Patch1008: rh1996182-login_to_nss_software_token.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1011: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
#############################################
#
@@ -1519,8 +1517,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
-# 2021c required as of JDK-8274407 in January 2022 CPU
-BuildRequires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -1886,6 +1884,8 @@ sh %{SOURCE12}
%patch1007
%patch1008
%patch1011
+%patch1014
+%patch1015
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2688,6 +2688,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
+- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
+- Update release notes for 8u322-b06.
+- Switch to GA mode for final release.
+- Require tzdata 2021e as of JDK-8275766.
+- Update tarball generation script to use git following shenandoah-jdk8u's move to github
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
+* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.322.b06-1
+- Re-enable gdb backtrace check.
+
* Thu Jan 20 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.2.ea
- Temporarily move x86 to use Zero in order to get a working build
- Introduce architecture restriction logic for the gdb test. (RH2041970)
diff --git a/rh2021263-fips_ensure_security_initialised.patch b/rh2021263-fips_ensure_security_initialised.patch
new file mode 100644
index 0000000..5aa9ec7
--- /dev/null
+++ b/rh2021263-fips_ensure_security_initialised.patch
@@ -0,0 +1,28 @@
+commit 06c2decab204fcce5aca2d285953fcac1820b1ae
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 01:23:28 2022 +0000
+
+ RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+index 40ca609e02..0dafe6f59c 100644
+--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+@@ -31,6 +31,7 @@ import java.io.Console;
+ import java.io.FileDescriptor;
+ import java.io.ObjectInputStream;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+
+ import java.security.AccessController;
+@@ -255,6 +256,9 @@ public class SharedSecrets {
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ if (javaSecuritySystemConfiguratorAccess == null) {
++ unsafe.ensureClassInitialized(Security.class);
++ }
+ return javaSecuritySystemConfiguratorAccess;
+ }
+ }
diff --git a/rh2021263-fips_missing_native_returns.patch b/rh2021263-fips_missing_native_returns.patch
new file mode 100644
index 0000000..90cc44e
--- /dev/null
+++ b/rh2021263-fips_missing_native_returns.patch
@@ -0,0 +1,24 @@
+commit 7f58a05104138ebdfd3b7b968ed67ea4c8573073
+Author: Fridrich Strba <fstrba(a)suse.com>
+Date: Mon Jan 24 01:10:57 2022 +0000
+
+ RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+index 6f4656bfcb..34d0ff0ce9 100644
+--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ fips_enabled = fgetc(fe);
+ fclose(fe);
+ if (fips_enabled == EOF) {
+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " read character is '%c'", fips_enabled);
diff --git a/sources b/sources
index eb1f71f..35c822f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz) = ebc3cceb40f7ca567fd9fe751ba9762ad50ac474f63da5e2123cf268683db10132ffb09b6f6a99b3379c021b4fcc3b04a82bc81c2e63c8d4da0fdcf58d995322
+SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz) = 0f2af8cacb1a4acdca7c1b2d5cc1e0d27f9abf8e05ccf7e8384074ac124132012b15e36abc31b498f746d6f5295530f535a9d9d85a3e45b387728b4ce726ccc7
commit 6d412ee58b7019db098546df7e7b53f1f331ec93
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 02:36:10 2022 +0000
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c39eaaa..7e6f114 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1354,6 +1354,9 @@ Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
Patch1008: rh1996182-login_to_nss_software_token.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1011: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
#############################################
#
@@ -1881,6 +1884,8 @@ sh %{SOURCE12}
%patch1007
%patch1008
%patch1011
+%patch1014
+%patch1015
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2683,6 +2688,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
- Update release notes for 8u322-b06.
diff --git a/rh2021263-fips_ensure_security_initialised.patch b/rh2021263-fips_ensure_security_initialised.patch
new file mode 100644
index 0000000..5aa9ec7
--- /dev/null
+++ b/rh2021263-fips_ensure_security_initialised.patch
@@ -0,0 +1,28 @@
+commit 06c2decab204fcce5aca2d285953fcac1820b1ae
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 01:23:28 2022 +0000
+
+ RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+index 40ca609e02..0dafe6f59c 100644
+--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+@@ -31,6 +31,7 @@ import java.io.Console;
+ import java.io.FileDescriptor;
+ import java.io.ObjectInputStream;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+
+ import java.security.AccessController;
+@@ -255,6 +256,9 @@ public class SharedSecrets {
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ if (javaSecuritySystemConfiguratorAccess == null) {
++ unsafe.ensureClassInitialized(Security.class);
++ }
+ return javaSecuritySystemConfiguratorAccess;
+ }
+ }
diff --git a/rh2021263-fips_missing_native_returns.patch b/rh2021263-fips_missing_native_returns.patch
new file mode 100644
index 0000000..90cc44e
--- /dev/null
+++ b/rh2021263-fips_missing_native_returns.patch
@@ -0,0 +1,24 @@
+commit 7f58a05104138ebdfd3b7b968ed67ea4c8573073
+Author: Fridrich Strba <fstrba(a)suse.com>
+Date: Mon Jan 24 01:10:57 2022 +0000
+
+ RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+index 6f4656bfcb..34d0ff0ce9 100644
+--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ fips_enabled = fgetc(fe);
+ fclose(fe);
+ if (fips_enabled == EOF) {
+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " read character is '%c'", fips_enabled);
commit 050fecd883ec846a10507fa7b121b722f6ba0114
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 00:05:22 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b06 (EA)
Update release notes for 8u322-b06.
Switch to GA mode for final release.
diff --git a/.gitignore b/.gitignore
index a986941..c3d10c5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -251,3 +251,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index b8a1f92..e911b13 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,33 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u322
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+* Security fixes
+ - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+ - JDK-8268488: More valuable DerValues
+ - JDK-8268494: Better inlining of inlined interfaces
+ - JDK-8268512: More content for ContentInfo
+ - JDK-8268795: Enhance digests of Jar files
+ - JDK-8268801: Improve PKCS attribute handling
+ - JDK-8268813, CVE-2022-21283: Better String matching
+ - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ - JDK-8269944: Better HTTP transport redux
+ - JDK-8270392, CVE-2022-21293: Improve String constructions
+ - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+ - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+ - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+ - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+ - JDK-8271962: Better TrueType font loading
+ - JDK-8271968: Better canonical naming
+ - JDK-8271987: Manifest improved manifest entries
+ - JDK-8272014, CVE-2022-21305: Better array indexing
+ - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+ - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+ - JDK-8272272: Enhance jcmd communication
+ - JDK-8272462: Enhance image handling
+ - JDK-8273290: Enhance sound handling
+ - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
+ - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+ - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
* Other changes
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
- JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
@@ -56,8 +83,10 @@ Live versions of these release notes can be found at:
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8273308: PatternMatchTest.java fails on CI
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8273968: JCK javax_xml tests fail in CI
- JDK-8274407: (tz) Update Timezone Data to 2021c
- JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index f65ab51..c39eaaa 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b05
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -349,7 +349,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2683,6 +2683,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
+- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
+- Update release notes for 8u322-b06.
+- Switch to GA mode for final release.
+
* Tue Feb 15 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b05 (EA)
- Update release notes for 8u322-b05.
diff --git a/sources b/sources
index 12cd6db..35c822f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz) = 5026d6bd2e6d052fa88fb27d7d9fca2f50c5cc66ca3a9e52f8d3903ec4c738c0c815c20dfd5dfd44ab0ec48d264a36c67f35c302c1eee06a1b2277d842035221
+SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz) = 0f2af8cacb1a4acdca7c1b2d5cc1e0d27f9abf8e05ccf7e8384074ac124132012b15e36abc31b498f746d6f5295530f535a9d9d85a3e45b387728b4ce726ccc7
commit c867f608e3471506aea129a45d31aa10d815b389
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Feb 15 16:45:42 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b05 (EA)
Update release notes for 8u322-b05.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github
diff --git a/.gitignore b/.gitignore
index f1536da..a986941 100644
--- a/.gitignore
+++ b/.gitignore
@@ -250,3 +250,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 9773926..b8a1f92 100644
--- a/NEWS
+++ b/NEWS
@@ -63,6 +63,9 @@ Live versions of these release notes can be found at:
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+ - JDK-8275766: (tz) Update Timezone Data to 2021e
+ - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
Notes on individual issues:
===========================
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index c6f0756..61aad1f 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -7,9 +7,9 @@
# If you want to use a local copy of patch PR3822, set the path to it in the PR3822 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=jdk8u OR aarch64-port
-# REPO_NAME=jdk8u60 OR jdk8u60
-# VERSION=jdk8u60-b27 OR aarch64-jdk8u65-b17 OR for head, keyword 'tip' should do the job there
+# PROJECT_NAME=openjdk
+# REPO_NAME=shenandoah-jdk8u
+# VERSION=HEAD
#
# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
@@ -40,7 +40,7 @@ fi
set -e
-OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
+OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# jdk is last for its size
REPOS_DEFAULT="hotspot corba jaxws jaxp langtools nashorn jdk"
@@ -99,7 +99,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "x$REPO_ROOT" = "x" ] ; then
- REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
+ REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
if [ "x$REPOS" = "x" ] ; then
@@ -123,15 +123,9 @@ mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
-hg clone ${REPO_ROOT} openjdk -r ${VERSION}
+git clone -b ${VERSION} ${REPO_ROOT} openjdk
pushd openjdk
-for subrepo in ${REPOS}
-do
- echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
- hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
-done
-
# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
if [ -d langtools ] ; then
echo "Removing langtools test case with non-Free license"
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9dc6a8a..f65ab51 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -327,9 +327,9 @@
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
-%global shenandoah_project aarch64-port
-%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b04
+%global shenandoah_project openjdk
+%global shenandoah_repo shenandoah-jdk8u
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b05
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1141,8 +1141,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2021c required as of JDK-8274407 in January 2022 CPU
-Requires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+Requires: tzdata-java >= 2021e
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1514,8 +1514,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
-# 2021c required as of JDK-8274407 in January 2022 CPU
-BuildRequires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2683,6 +2683,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 15 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b05-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b05 (EA)
+- Update release notes for 8u322-b05.
+- Require tzdata 2021e as of JDK-8275766.
+- Update tarball generation script to use git following shenandoah-jdk8u's move to github
+
* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.322.b04-0.3.ea
- Re-enable gdb backtrace check.
diff --git a/sources b/sources
index eb1f71f..12cd6db 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz) = ebc3cceb40f7ca567fd9fe751ba9762ad50ac474f63da5e2123cf268683db10132ffb09b6f6a99b3379c021b4fcc3b04a82bc81c2e63c8d4da0fdcf58d995322
+SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz) = 5026d6bd2e6d052fa88fb27d7d9fca2f50c5cc66ca3a9e52f8d3903ec4c738c0c815c20dfd5dfd44ab0ec48d264a36c67f35c302c1eee06a1b2277d842035221
commit d3b17054c227146584b900828461d6c414e1aad4
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Feb 8 15:48:38 2022 +0000
Re-enable gdb backtrace check.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 970234f..9dc6a8a 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -115,15 +115,10 @@
%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support JFR
%global jfr_arches %{jit_arches}
-# Set of architectures where we verify backtraces with gdb (ideally all)
-# Temporarily disable check on x86, x86_64, ppc64le and s390x as gdb crashes
-# ../../gdb/objfiles.h:510: internal-error: sect_index_data not initialized
-# A problem internal to GDB has been detected,
-# further debugging may prove unreliable.
-# See https://bugzilla.redhat.com/show_bug.cgi?id=2041970
-%global gdb_arches sparcv9 sparc64 %{aarch64} %{arm} ppc s390
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
+# Set of architectures where we verify backtraces with gdb
+%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@@ -349,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2688,6 +2683,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.322.b04-0.3.ea
+- Re-enable gdb backtrace check.
+
* Thu Jan 20 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.2.ea
- Temporarily move x86 to use Zero in order to get a working build
- Introduce architecture restriction logic for the gdb test. (RH2041970)
commit 2988ce90ffc176c047dcb63bb70e4c8ca1ec6d88
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Jan 20 23:09:54 2022 +0000
Temporarily move x86 to use Zero in order to get a working build
Introduce architecture restriction logic for the gdb test.
Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
Replace GCC 11 patch to remove use of the register keyword with correct fix to ADLC build (JDK-8281098)
Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
Refactor build functions so we can build just HotSpot without any attempt at installation.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
Resolves: rhbz#2045726
Related: rhbz#2051302
Related: rhbz#2041970
diff --git a/java-1.8.0-openjdk-gcc11.patch b/java-1.8.0-openjdk-gcc11.patch
deleted file mode 100644
index 2d0820d..0000000
--- a/java-1.8.0-openjdk-gcc11.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-diff --git a/openjdk/hotspot/src/share/vm/adlc/adlparse.cpp b/openjdk/hotspot/src/share/vm/adlc/adlparse.cpp
-index 31955ff7..6dcd90ac 100644
---- openjdk/hotspot/src/share/vm/adlc/adlparse.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/adlparse.cpp
-@@ -4564,7 +4564,7 @@ char *ADLParser::get_paren_expr(const char *description, bool include_location)
- // string(still inside the file buffer). Returns a pointer to the string or
- // NULL if some other token is found instead.
- char *ADLParser::get_ident_common(bool do_preproc) {
-- register char c;
-+ char c;
- char *start; // Pointer to start of token
- char *end; // Pointer to end of token
-
-@@ -4762,7 +4762,7 @@ char *ADLParser::get_unique_ident(FormDict& dict, const char* nameDescription){
- // invokes a parse_err if the next token is not an integer.
- // This routine does not leave the integer null-terminated.
- int ADLParser::get_int(void) {
-- register char c;
-+ char c;
- char *start; // Pointer to start of token
- char *end; // Pointer to end of token
- int result; // Storage for integer result
-diff --git a/openjdk/hotspot/src/share/vm/adlc/arena.cpp b/openjdk/hotspot/src/share/vm/adlc/arena.cpp
-index d7e4fc6e..406187ae 100644
---- openjdk/hotspot/src/share/vm/adlc/arena.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/arena.cpp
-@@ -79,7 +79,7 @@ Arena::Arena( Arena *a )
- // Total of all Chunks in arena
- size_t Arena::used() const {
- size_t sum = _chunk->_len - (_max-_hwm); // Size leftover in this Chunk
-- register Chunk *k = _first;
-+ Chunk *k = _first;
- while( k != _chunk) { // Whilst have Chunks in a row
- sum += k->_len; // Total size of this Chunk
- k = k->_next; // Bump along to next Chunk
-@@ -93,7 +93,7 @@ void* Arena::grow( size_t x ) {
- // Get minimal required size. Either real big, or even bigger for giant objs
- size_t len = max(x, Chunk::size);
-
-- register Chunk *k = _chunk; // Get filled-up chunk address
-+ Chunk *k = _chunk; // Get filled-up chunk address
- _chunk = new (len) Chunk(len);
-
- if( k ) k->_next = _chunk; // Append new chunk to end of linked list
-diff --git a/openjdk/hotspot/src/share/vm/adlc/dict2.cpp b/openjdk/hotspot/src/share/vm/adlc/dict2.cpp
-index f341a2b6..2dc60b25 100644
---- openjdk/hotspot/src/share/vm/adlc/dict2.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/dict2.cpp
-@@ -283,9 +283,9 @@ void Dict::print(PrintKeyOrValue print_key, PrintKeyOrValue print_value) {
- // limited to MAXID characters in length. Experimental evidence on 150K of
- // C text shows excellent spreading of values for any size hash table.
- int hashstr(const void *t) {
-- register char c, k = 0;
-- register int sum = 0;
-- register const char *s = (const char *)t;
-+ char c, k = 0;
-+ int sum = 0;
-+ const char *s = (const char *)t;
-
- while (((c = s[k]) != '\0') && (k < MAXID-1)) { // Get characters till nul
- c = (char) ((c << 1) + 1); // Characters are always odd!
-diff --git a/openjdk/hotspot/src/share/vm/adlc/main.cpp b/openjdk/hotspot/src/share/vm/adlc/main.cpp
-index 52044f12..40bcda74 100644
---- openjdk/hotspot/src/share/vm/adlc/main.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/main.cpp
-@@ -58,7 +58,7 @@ int main(int argc, char *argv[])
-
- // Read command line arguments and file names
- for( int i = 1; i < argc; i++ ) { // For all arguments
-- register char *s = argv[i]; // Get option/filename
-+ char *s = argv[i]; // Get option/filename
-
- if( *s++ == '-' ) { // It's a flag? (not a filename)
- if( !*s ) { // Stand-alone `-' means stdin
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 43b33d4..970234f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -24,6 +24,15 @@
%bcond_without release
# Remove build artifacts by default
%bcond_with artifacts
+# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
+%bcond_without fresh_libjvm
+
+# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
+%if %{with fresh_libjvm}
+%global build_hotspot_first 1
+%else
+%global build_hotspot_first 0
+%endif
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
@@ -91,9 +100,9 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{debug_arches}
+%global jit_arches %{aarch64} %{power64} sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches %{arm} ppc s390 s390x
+%global zero_arches %{arm} %{ix86} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
@@ -104,8 +113,15 @@
# See https://bugzilla.redhat.com/show_bug.cgi?id=513605
# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT
%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
+# Set of architectures which support JFR
%global jfr_arches %{jit_arches}
-
+# Set of architectures where we verify backtraces with gdb (ideally all)
+# Temporarily disable check on x86, x86_64, ppc64le and s390x as gdb crashes
+# ../../gdb/objfiles.h:510: internal-error: sect_index_data not initialized
+# A problem internal to GDB has been detected,
+# further debugging may prove unreliable.
+# See https://bugzilla.redhat.com/show_bug.cgi?id=2041970
+%global gdb_arches sparcv9 sparc64 %{aarch64} %{arm} ppc s390
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
@@ -143,7 +159,7 @@
%global fastdebug_build %{nil}
%endif
-# If you disable both builds, then the build fails
+# If you disable all builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
@@ -156,6 +172,18 @@
%global bootstrap_targets images
%global release_targets images docs-zip
%global debug_targets images
+# Target to use to just build HotSpot
+%global hotspot_target hotspot
+
+# JDK to use for bootstrapping
+# Use OpenJDK 7 where available (on RHEL) to avoid
+# having to use the rhel-7.x-java-unsafe-candidate hack
+%if ! 0%{?fedora} && 0%{?rhel} <= 7
+%global buildjdkver 1.7.0
+%else
+%global buildjdkver 1.8.0
+%endif
+%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
# Disable LTO as this causes build failures at the moment.
# See RHBZ#1861401
@@ -321,7 +349,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -814,8 +842,10 @@ exit 0
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnio.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnpt.so
%ifarch %{sa_arches}
+%ifnarch %{zero_arches}
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsaproc.so
%endif
+%endif
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so
@@ -952,8 +982,10 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jconsole.jar
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/orb.idl
%ifarch %{sa_arches}
+%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/sa-jdi.jar
%endif
+%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/dt.jar
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jexec
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tools.jar
@@ -1215,7 +1247,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -1358,8 +1390,8 @@ Patch600: rh1750419-redhat_alt_java.patch
# JDK-8218811: replace open by os::open in hotspot coding
# This fixes a GCC 10 build issue
Patch111: jdk8218811-perfMemory_linux.patch
-# Similar for GCC 11
-Patch112: %{name}-gcc11.patch
+# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
+Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
#############################################
#
@@ -1404,6 +1436,8 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
+# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
+Patch581: jdk8257794-remove_broken_assert.patch
#############################################
#
@@ -1479,16 +1513,10 @@ BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: unzip
-# Use OpenJDK 7 where available (on RHEL) to avoid
-# having to use the rhel-7.x-java-unsafe-candidate hack
-%if ! 0%{?fedora} && 0%{?rhel} <= 7
# Require a boot JDK which doesn't fail due to RH1482244
-BuildRequires: java-1.7.0-openjdk-devel >= 1.7.0.151-2.6.11.3
-%else
-BuildRequires: java-1.8.0-openjdk-devel
-%endif
+BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
# Zero-assembler build requirement
-%ifnarch %{jit_arches}
+%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
# 2021c required as of JDK-8274407 in January 2022 CPU
@@ -1843,6 +1871,7 @@ sh %{SOURCE12}
%patch111
%patch112
%patch580
+%patch581
# RPM-only fixes
%patch539
@@ -1953,10 +1982,9 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
function buildjdk() {
local outputdir=${1}
- local installdir=${2}
- local buildjdk=${3}
- local maketargets=${4}
- local debuglevel=${5}
+ local buildjdk=${2}
+ local maketargets="${3}"
+ local debuglevel=${4}
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
# Variable used in hs_err hook on build failures
@@ -1966,7 +1994,7 @@ function buildjdk() {
${buildjdk}/bin/java -version
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
- mkdir -p ${outputdir} ${installdir}
+ mkdir -p ${outputdir}
pushd ${outputdir}
bash ${top_srcdir_abs_path}/configure \
@@ -1975,7 +2003,7 @@ function buildjdk() {
%else
--disable-jfr \
%endif
-%ifnarch %{jit_arches}
+%ifarch %{zero_arches}
--with-jvm-variants=zero \
%endif
--with-native-debug-symbols=internal \
@@ -2011,24 +2039,16 @@ function buildjdk() {
SCTP_WERROR= \
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
- # the build (erroneously) removes read permissions from some jars
- # this is a regression in OpenJDK 7 (our compiler):
- # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
- find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
- chmod ugo+r images/%{jdkimage}/lib/ct.sym
-
- # remove redundant *diz and *debuginfo files
- find images/%{jdkimage} -iname '*.diz' -exec rm -v {} \;
- find images/%{jdkimage} -iname '*.debuginfo' -exec rm -v {} \;
-
- # Build screws up permissions on binaries
- # https://bugs.openjdk.java.net/browse/JDK-8173610
- find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
- find images/%{jdkimage}/bin/ -exec chmod +x {} \;
+ popd
+}
- popd >& /dev/null
+function installjdk() {
+ local outputdir=${1}
+ local installdir=${2}
+ local imagepath=${installdir}/images/%{jdkimage}
echo "Installing build from ${outputdir} to ${installdir}..."
+ mkdir -p ${installdir}
echo "Installing images..."
mv ${outputdir}/images ${installdir}
if [ -d ${outputdir}/bundles ] ; then
@@ -2044,8 +2064,35 @@ function buildjdk() {
echo "Removing output directory...";
rm -rf ${outputdir}
%endif
+
+ if [ -d ${imagepath} ] ; then
+ # the build (erroneously) removes read permissions from some jars
+ # this is a regression in OpenJDK 7 (our compiler):
+ # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
+ find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
+ chmod ugo+r ${imagepath}/lib/ct.sym
+
+ # remove redundant *diz and *debuginfo files
+ find ${imagepath} -iname '*.diz' -exec rm -v {} \;
+ find ${imagepath} -iname '*.debuginfo' -exec rm -v {} \;
+
+ # Build screws up permissions on binaries
+ # https://bugs.openjdk.java.net/browse/JDK-8173610
+ find ${imagepath} -iname '*.so' -exec chmod +x {} \;
+ find ${imagepath}/bin/ -exec chmod +x {} \;
+ fi
}
+%if %{build_hotspot_first}
+ # Build a fresh libjvm.so first and use it to bootstrap
+ cp -LR --preserve=mode,timestamps %{bootjdk} newboot
+ systemjdk=$(pwd)/newboot
+ buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
+ mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server
+%else
+ systemjdk=%{bootjdk}
+%endif
+
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
debugbuild=release
@@ -2054,7 +2101,6 @@ else
debugbuild=`echo $suffix | sed "s/-//g"`
fi
-systemjdk=/usr/lib/jvm/java-openjdk
builddir=%{buildoutputdir -- $suffix}
bootbuilddir=boot${builddir}
installdir=%{installoutputdir -- $suffix}
@@ -2072,11 +2118,14 @@ else
fi
if ${run_bootstrap} ; then
- buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
- buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+ buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+ installjdk ${bootbuilddir} ${bootinstalldir}
+ buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+ installjdk ${builddir} ${installdir}
%{!?with_artifacts:rm -rf ${bootinstalldir}}
else
- buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
+ buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
+ installjdk ${builddir} ${installdir}
fi
# Install nss.cfg right away as we will be using the JRE above
@@ -2197,7 +2246,9 @@ end
run -version
EOF
+%ifarch %{gdb_arches}
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
+%endif
# Check src.zip has all sources. See RHBZ#1130490
jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
@@ -2637,6 +2688,20 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Jan 20 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.2.ea
+- Temporarily move x86 to use Zero in order to get a working build
+- Introduce architecture restriction logic for the gdb test. (RH2041970)
+- Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
+- Replace GCC 11 patch to remove use of the register keyword with correct fix to ADLC build (JDK-8281098)
+- Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
+- Refactor build functions so we can build just HotSpot without any attempt at installation.
+- Explicitly list JIT architectures rather than relying on those with slowdebug builds
+- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
+- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
+- Resolves: rhbz#2045726
+- Related: rhbz#2051302
+- Related: rhbz#2041970
+
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.322.b04-0.1.ea.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
diff --git a/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch b/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
index ae48068..0af9d51 100644
--- a/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
+++ b/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
@@ -22,7 +22,7 @@ diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/fla
+ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned.
+ # While waiting for a better solution, the current workaround is to use -mstackrealign
+ # This is also required on Linux systems which use libraries compiled with SSE instructions
-+ REALIGN_CFLAG="-mstackrealign"
++ REALIGN_CFLAG="-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4"
+ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
+ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
+ )
diff --git a/jdk8257794-remove_broken_assert.patch b/jdk8257794-remove_broken_assert.patch
new file mode 100644
index 0000000..bb88013
--- /dev/null
+++ b/jdk8257794-remove_broken_assert.patch
@@ -0,0 +1,13 @@
+diff --git openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
+--- openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
++++ openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
+@@ -493,9 +493,6 @@
+ assert(labs(istate->_stack_base - istate->_stack_limit) == (istate->_method->max_stack() + extra_stack_entries
+ + 1), "bad stack limit");
+ }
+-#ifndef SHARK
+- IA32_ONLY(assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1, "wrong"));
+-#endif // !SHARK
+ }
+ // Verify linkages.
+ interpreterState l = istate;
diff --git a/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch b/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
new file mode 100644
index 0000000..774a08e
--- /dev/null
+++ b/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
@@ -0,0 +1,67 @@
+# HG changeset patch
+# User Andrew John Hughes <gnu_andrew(a)member.fsf.org>
+# Date 1620365804 -3600
+# Fri May 07 06:36:44 2021 +0100
+# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8
+# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b
+PR3836: Extra compiler flags not passed to adlc build
+
+diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make
++++ openjdk/hotspot/make/aix/makefiles/adlc.make
+@@ -69,6 +69,11 @@
+ CFLAGS_WARN = -w
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ OBJECTNAMES = \
+ adlparse.o \
+ archDesc.o \
+diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make
++++ openjdk/hotspot/make/bsd/makefiles/adlc.make
+@@ -71,6 +71,11 @@
+ endif
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ OBJECTNAMES = \
+ adlparse.o \
+ archDesc.o \
+diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make
++++ openjdk/hotspot/make/linux/makefiles/adlc.make
+@@ -69,6 +69,11 @@
+ CFLAGS_WARN = $(WARNINGS_ARE_ERRORS)
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ OBJECTNAMES = \
+ adlparse.o \
+ archDesc.o \
+diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make
++++ openjdk/hotspot/make/solaris/makefiles/adlc.make
+@@ -85,6 +85,10 @@
+ endif
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ ifeq ("${Platform_compiler}", "sparcWorks")
+ # Enable the following CFLAGS addition if you need to compare the
+ # built ELF objects.
commit 0c44bffbcb44fd08cbe5e315cf30235d94a22ff0
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Jan 24 19:18:03 2022 +0000
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index df79314..416b52b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -321,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1327,6 +1327,9 @@ Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
Patch1008: rh1996182-login_to_nss_software_token.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1011: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
#############################################
#
@@ -1857,6 +1860,8 @@ sh %{SOURCE12}
%patch1007
%patch1008
%patch1011
+%patch1014
+%patch1015
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2637,6 +2642,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Jan 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
* Mon Jan 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
- Update to aarch64-shenandoah-jdk8u322-b06 (GA)
- Update release notes for 8u322-b06.
diff --git a/rh2021263-fips_ensure_security_initialised.patch b/rh2021263-fips_ensure_security_initialised.patch
new file mode 100644
index 0000000..5aa9ec7
--- /dev/null
+++ b/rh2021263-fips_ensure_security_initialised.patch
@@ -0,0 +1,28 @@
+commit 06c2decab204fcce5aca2d285953fcac1820b1ae
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 01:23:28 2022 +0000
+
+ RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+index 40ca609e02..0dafe6f59c 100644
+--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+@@ -31,6 +31,7 @@ import java.io.Console;
+ import java.io.FileDescriptor;
+ import java.io.ObjectInputStream;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+
+ import java.security.AccessController;
+@@ -255,6 +256,9 @@ public class SharedSecrets {
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ if (javaSecuritySystemConfiguratorAccess == null) {
++ unsafe.ensureClassInitialized(Security.class);
++ }
+ return javaSecuritySystemConfiguratorAccess;
+ }
+ }
diff --git a/rh2021263-fips_missing_native_returns.patch b/rh2021263-fips_missing_native_returns.patch
new file mode 100644
index 0000000..90cc44e
--- /dev/null
+++ b/rh2021263-fips_missing_native_returns.patch
@@ -0,0 +1,24 @@
+commit 7f58a05104138ebdfd3b7b968ed67ea4c8573073
+Author: Fridrich Strba <fstrba(a)suse.com>
+Date: Mon Jan 24 01:10:57 2022 +0000
+
+ RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+index 6f4656bfcb..34d0ff0ce9 100644
+--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ fips_enabled = fgetc(fe);
+ fclose(fe);
+ if (fips_enabled == EOF) {
+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " read character is '%c'", fips_enabled);
commit 1df9f60904f8e1ac182c80755a94cfca094e8844
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Dec 6 00:42:17 2021 +0000
Update to aarch64-shenandoah-jdk8u322-b06
Update release notes for 8u322-b06.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github
Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
diff --git a/.gitignore b/.gitignore
index d5493bd..c3d10c5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -246,3 +246,9 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index ef9db68..e911b13 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,132 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u322 (2022-01-18):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u322
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+
+* Security fixes
+ - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+ - JDK-8268488: More valuable DerValues
+ - JDK-8268494: Better inlining of inlined interfaces
+ - JDK-8268512: More content for ContentInfo
+ - JDK-8268795: Enhance digests of Jar files
+ - JDK-8268801: Improve PKCS attribute handling
+ - JDK-8268813, CVE-2022-21283: Better String matching
+ - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ - JDK-8269944: Better HTTP transport redux
+ - JDK-8270392, CVE-2022-21293: Improve String constructions
+ - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+ - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+ - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+ - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+ - JDK-8271962: Better TrueType font loading
+ - JDK-8271968: Better canonical naming
+ - JDK-8271987: Manifest improved manifest entries
+ - JDK-8272014, CVE-2022-21305: Better array indexing
+ - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+ - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+ - JDK-8272272: Enhance jcmd communication
+ - JDK-8272462: Enhance image handling
+ - JDK-8273290: Enhance sound handling
+ - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
+ - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+ - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
+* Other changes
+ - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
+ - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
+ - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
+ - JDK-8041928: MouseEvent.getModifiersEx gives wrong result
+ - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
+ - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
+ - JDK-8048021: Remove @version tag in jaxp repo
+ - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
+ - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
+ - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
+ - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
+ - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
+ - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
+ - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
+ - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
+ - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
+ - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
+ - JDK-8148915: Intermittent failures of bug6400879.java
+ - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
+ - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
+ - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
+ - JDK-8182036: Load from initializing arraycopy uses wrong memory state
+ - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
+ - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
+ - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
+ - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
+ - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
+ - JDK-8190793: Httpserver does not detect truncated request body
+ - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
+ - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
+ - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
+ - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
+ - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
+ - JDK-8225083: Remove Google certificate that is expiring in December 2021
+ - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
+ - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
+ - JDK-8231438: [macOS] Dark mode for the desktop is not supported
+ - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
+ - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
+ - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
+ - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
+ - JDK-8237499: JFR: Include stack trace in the ThreadStart event
+ - JDK-8239886: Minimal VM build fails after JDK-8237499
+ - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
+ - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
+ - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8273308: PatternMatchTest.java fails on CI
+ - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+ - JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8273968: JCK javax_xml tests fail in CI
+ - JDK-8274407: (tz) Update Timezone Data to 2021c
+ - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+ - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
+ - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
+ - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+ - JDK-8275766: (tz) Update Timezone Data to 2021e
+ - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8271434: Removed IdenTrust Root Certificate
+===============================================
+The following root certificate from IdenTrust has been removed from
+the `cacerts` keystore:
+
+Alias Name: identrustdstx3 [jdk]
+Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
+
+JDK-8272535: Removed Google's GlobalSign Root Certificate
+=========================================================
+The following root certificate from Google has been removed from the
+`cacerts` keystore:
+
+Alias Name: globalsignr2ca [jdk]
+Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+
+core-libs/java.time:
+
+JDK-8274857: Update Timezone Data to 2021c
+===========================================
+IANA Time Zone Database, on which JDK's Date/Time libraries are based,
+has been updated to version 2021c
+(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
+that with this update, some of the time zone rules prior to the year
+1970 have been modified according to the changes which were introduced
+with 2021b. For more detail, refer to the announcement of 2021b
+(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
+
New in release OpenJDK 8u312 (2021-10-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index c6f0756..61aad1f 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -7,9 +7,9 @@
# If you want to use a local copy of patch PR3822, set the path to it in the PR3822 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=jdk8u OR aarch64-port
-# REPO_NAME=jdk8u60 OR jdk8u60
-# VERSION=jdk8u60-b27 OR aarch64-jdk8u65-b17 OR for head, keyword 'tip' should do the job there
+# PROJECT_NAME=openjdk
+# REPO_NAME=shenandoah-jdk8u
+# VERSION=HEAD
#
# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
@@ -40,7 +40,7 @@ fi
set -e
-OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
+OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# jdk is last for its size
REPOS_DEFAULT="hotspot corba jaxws jaxp langtools nashorn jdk"
@@ -99,7 +99,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "x$REPO_ROOT" = "x" ] ; then
- REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
+ REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
if [ "x$REPOS" = "x" ] ; then
@@ -123,15 +123,9 @@ mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
-hg clone ${REPO_ROOT} openjdk -r ${VERSION}
+git clone -b ${VERSION} ${REPO_ROOT} openjdk
pushd openjdk
-for subrepo in ${REPOS}
-do
- echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
- hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
-done
-
# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
if [ -d langtools ] ; then
echo "Removing langtools test case with non-Free license"
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 7b01ed0..df79314 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -86,13 +86,18 @@
%global ppc64be ppc64 ppc64p7
# Set of architectures which support multiple ABIs
%global multilib_arches %{power64} sparc64 x86_64
-# Set of architectures for which we build debug builds
+# Set of architectures for which we build slowdebug builds
%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
+# Set of architectures for which we build fastdebug builds
+%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches}
+# Set of architectures which use the Zero assembler port (!jit_arches)
+%global zero_arches %{arm} ppc s390 s390x
+# Set of architectures which run a full bootstrap cycle
+%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches}
-%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures which support the serviceability agent
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support class data sharing
@@ -137,12 +142,17 @@
%else
%global fastdebug_build %{nil}
%endif
-%global bootstrap_build 1
# If you disable both builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
+%ifarch %{bootstrap_arches}
+%global bootstrap_build true
+%else
+%global bootstrap_build false
+%endif
+
%global bootstrap_targets images
%global release_targets images docs-zip
%global debug_targets images
@@ -294,9 +304,9 @@
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
-%global shenandoah_project aarch64-port
-%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07
+%global shenandoah_project openjdk
+%global shenandoah_repo shenandoah-jdk8u
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1104,8 +1114,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2021a required as of JDK-8260356 in April CPU
-Requires: tzdata-java >= 2021a
+# 2021e required as of JDK-8275766 in January 2022 CPU
+Requires: tzdata-java >= 2021e
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1481,8 +1491,8 @@ BuildRequires: java-1.8.0-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
-# 2021a required as of JDK-8260356 in April CPU
-BuildRequires: tzdata-java >= 2021a
+# 2021e required as of JDK-8275766 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2051,19 +2061,23 @@ installdir=%{installoutputdir -- $suffix}
bootinstalldir=boot${installdir}
# Debug builds don't need same targets as release for
-# build speed-up
-maketargets="%{release_targets}"
+# build speed-up. We also avoid bootstrapping these
+# slower builds.
if echo $debugbuild | grep -q "debug" ; then
maketargets="%{debug_targets}"
+ run_bootstrap=false
+else
+ maketargets="%{release_targets}"
+ run_bootstrap=%{bootstrap_build}
fi
-%if %{bootstrap_build}
-buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
-buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
-%{!?with_artifacts:rm -rf ${bootinstalldir}}
-%else
-buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
-%endif
+if ${run_bootstrap} ; then
+ buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+ buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+ %{!?with_artifacts:rm -rf ${bootinstalldir}}
+else
+ buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
+fi
# Install nss.cfg right away as we will be using the JRE above
export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
@@ -2623,6 +2637,13 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Jan 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
+- Update to aarch64-shenandoah-jdk8u322-b06 (GA)
+- Update release notes for 8u322-b06.
+- Require tzdata 2021e as of JDK-8275766.
+- Update tarball generation script to use git following shenandoah-jdk8u's move to github
+- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
+
* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.312.b07-2
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
secmod.db file as part of nss
diff --git a/sources b/sources
index 32ce1e2..35c822f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7
+SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz) = 0f2af8cacb1a4acdca7c1b2d5cc1e0d27f9abf8e05ccf7e8384074ac124132012b15e36abc31b498f746d6f5295530f535a9d9d85a3e45b387728b4ce726ccc7
commit 92c5ccf84cd523a631a4591a4caca18c28c7b722
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Thu Jan 20 13:39:33 2022 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 52325f3..43b33d4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -1215,7 +1215,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -2637,6 +2637,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.322.b04-0.1.ea.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
* Mon Jan 10 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b04 (EA)
- Update release notes for 8u322-b04.
commit e3e7a2f6b3250760d68043d5075cdb3d5806a596
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Jan 10 16:26:55 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b04 (EA)
Update release notes for 8u322-b04.
Require tzdata 2021c as of JDK-8274407.
diff --git a/.gitignore b/.gitignore
index bc46b5c..f1536da 100644
--- a/.gitignore
+++ b/.gitignore
@@ -249,3 +249,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
diff --git a/NEWS b/NEWS
index da4df72..9773926 100644
--- a/NEWS
+++ b/NEWS
@@ -58,6 +58,9 @@ Live versions of these release notes can be found at:
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8274407: (tz) Update Timezone Data to 2021c
+ - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+ - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
@@ -82,6 +85,18 @@ The following root certificate from Google has been removed from the
Alias Name: globalsignr2ca [jdk]
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+core-libs/java.time:
+
+JDK-8274857: Update Timezone Data to 2021c
+===========================================
+IANA Time Zone Database, on which JDK's Date/Time libraries are based,
+has been updated to version 2021c
+(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
+that with this update, some of the time zone rules prior to the year
+1970 have been modified according to the changes which were introduced
+with 2021b. For more detail, refer to the announcement of 2021b
+(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
+
New in release OpenJDK 8u312 (2021-10-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b17d121..52325f3 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b03
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b04
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -1114,8 +1114,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2021a required as of JDK-8260356 in April CPU
-Requires: tzdata-java >= 2021a
+# 2021c required as of JDK-8274407 in January 2022 CPU
+Requires: tzdata-java >= 2021c
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1491,8 +1491,8 @@ BuildRequires: java-1.8.0-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
-# 2021a required as of JDK-8260356 in April CPU
-BuildRequires: tzdata-java >= 2021a
+# 2021c required as of JDK-8274407 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021c
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2637,6 +2637,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Jan 10 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b04 (EA)
+- Update release notes for 8u322-b04.
+- Require tzdata 2021c as of JDK-8274407.
+
* Fri Jan 07 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b03 (EA)
- Update release notes for 8u322-b03.
diff --git a/sources b/sources
index f8bc0ea..eb1f71f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz) = 5a511b7721f5d3178c494ebf2ee51dd93b44ca4843226b3e9fc49a6350a5563651e0fe06cef68f21b229f13031661830dfab52ec2ead46d31aaa02c5720d71b0
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz) = ebc3cceb40f7ca567fd9fe751ba9762ad50ac474f63da5e2123cf268683db10132ffb09b6f6a99b3379c021b4fcc3b04a82bc81c2e63c8d4da0fdcf58d995322
commit 172b64584ad633cd9f755d573a4cebbd3c74cc23
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Jan 7 15:25:17 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b03 (EA)
Update release notes for 8u322-b03.
diff --git a/.gitignore b/.gitignore
index 9cd6ee4..bc46b5c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -248,3 +248,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 433a4f6..da4df72 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,7 @@ Live versions of these release notes can be found at:
- JDK-8041928: MouseEvent.getModifiersEx gives wrong result
- JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
- JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
+ - JDK-8048021: Remove @version tag in jaxp repo
- JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
- JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
- JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
@@ -49,6 +50,7 @@ Live versions of these release notes can be found at:
- JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
- JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
- JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
+ - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
- JDK-8237499: JFR: Include stack trace in the ThreadStart event
- JDK-8239886: Minimal VM build fails after JDK-8237499
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 682224d..b17d121 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b02
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b03
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2637,6 +2637,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Jan 07 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b03-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b03 (EA)
+- Update release notes for 8u322-b03.
+
* Fri Dec 17 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b02 (EA)
- Update release notes for 8u322-b02.
diff --git a/sources b/sources
index 1ea332b..f8bc0ea 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz) = ebf2c1495ad47345fdc9025fbb690e5fe31fdcb08f180020b061a91cd4f9d01f1617f56f1038c3acbdb1dd9e3ade2cdf7f7c3854cf229084ef5b1fc822ab5422
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz) = 5a511b7721f5d3178c494ebf2ee51dd93b44ca4843226b3e9fc49a6350a5563651e0fe06cef68f21b229f13031661830dfab52ec2ead46d31aaa02c5720d71b0
commit a0ac8516d6ebc12bab3af9fec466a19e1c478869
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Dec 17 03:06:13 2021 +0000
Update to aarch64-shenandoah-jdk8u322-b02 (EA)
Update release notes for 8u322-b02.
diff --git a/.gitignore b/.gitignore
index 891d2d8..9cd6ee4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -247,3 +247,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 2dac9d2..433a4f6 100644
--- a/NEWS
+++ b/NEWS
@@ -11,12 +11,22 @@ Live versions of these release notes can be found at:
* Other changes
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
+ - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
+ - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
+ - JDK-8041928: MouseEvent.getModifiersEx gives wrong result
+ - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
+ - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
- JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
+ - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
- JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
+ - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
- JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
- JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
- JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
+ - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
- JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
+ - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
+ - JDK-8148915: Intermittent failures of bug6400879.java
- JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
- JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
- JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
@@ -25,20 +35,29 @@ Live versions of these release notes can be found at:
- JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
- JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
- JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
+ - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
- JDK-8190793: Httpserver does not detect truncated request body
+ - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
- JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
- JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
+ - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
- JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
- JDK-8225083: Remove Google certificate that is expiring in December 2021
- JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
+ - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
- JDK-8231438: [macOS] Dark mode for the desktop is not supported
+ - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
- JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
+ - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
- JDK-8237499: JFR: Include stack trace in the ThreadStart event
- JDK-8239886: Minimal VM build fails after JDK-8237499
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+ - JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
+ - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
Notes on individual issues:
===========================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 41a4f39..682224d 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b01
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b02
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2637,6 +2637,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Dec 17 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b02-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b02 (EA)
+- Update release notes for 8u322-b02.
+
* Tue Dec 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b01 (EA)
- Update release notes for 8u322-b01.
diff --git a/sources b/sources
index fc55bb8..1ea332b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz) = 0a514ce037f3681819f931312c3de38683d3d8a12fc8b038b11466a8ccb89d1828944816a47267f140707c4149ed959a921b03356f3587487988916c658d5197
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz) = ebf2c1495ad47345fdc9025fbb690e5fe31fdcb08f180020b061a91cd4f9d01f1617f56f1038c3acbdb1dd9e3ade2cdf7f7c3854cf229084ef5b1fc822ab5422
commit be50f32572d549f56dc2b1b39434ee6ebba211ac
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Dec 14 02:19:05 2021 +0000
Update to aarch64-shenandoah-jdk8u322-b01 (EA)
Update release notes for 8u322-b01.
Switch to EA mode.
diff --git a/.gitignore b/.gitignore
index d5493bd..891d2d8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -246,3 +246,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index ef9db68..2dac9d2 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,64 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u322 (2022-01-18):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u322
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+
+* Other changes
+ - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
+ - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
+ - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
+ - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
+ - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
+ - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
+ - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
+ - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
+ - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
+ - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
+ - JDK-8182036: Load from initializing arraycopy uses wrong memory state
+ - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
+ - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
+ - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
+ - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
+ - JDK-8190793: Httpserver does not detect truncated request body
+ - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
+ - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
+ - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
+ - JDK-8225083: Remove Google certificate that is expiring in December 2021
+ - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
+ - JDK-8231438: [macOS] Dark mode for the desktop is not supported
+ - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
+ - JDK-8237499: JFR: Include stack trace in the ThreadStart event
+ - JDK-8239886: Minimal VM build fails after JDK-8237499
+ - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
+ - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
+ - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8271434: Removed IdenTrust Root Certificate
+===============================================
+The following root certificate from IdenTrust has been removed from
+the `cacerts` keystore:
+
+Alias Name: identrustdstx3 [jdk]
+Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
+
+JDK-8272535: Removed Google's GlobalSign Root Certificate
+=========================================================
+The following root certificate from Google has been removed from the
+`cacerts` keystore:
+
+Alias Name: globalsignr2ca [jdk]
+Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+
New in release OpenJDK 8u312 (2021-10-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 5275910..41a4f39 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -321,12 +321,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2637,6 +2637,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Dec 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b01-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b01 (EA)
+- Update release notes for 8u322-b01.
+- Switch to EA mode.
+
* Mon Dec 06 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-3
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
diff --git a/sources b/sources
index 32ce1e2..fc55bb8 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz) = 0a514ce037f3681819f931312c3de38683d3d8a12fc8b038b11466a8ccb89d1828944816a47267f140707c4149ed959a921b03356f3587487988916c658d5197
commit 0478a68d4063ca222c2a544192dfe376ede17488
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Dec 6 00:42:17 2021 +0000
Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 6557c22..5275910 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -86,13 +86,18 @@
%global ppc64be ppc64 ppc64p7
# Set of architectures which support multiple ABIs
%global multilib_arches %{power64} sparc64 x86_64
-# Set of architectures for which we build debug builds
+# Set of architectures for which we build slowdebug builds
%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
+# Set of architectures for which we build fastdebug builds
+%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches}
+# Set of architectures which use the Zero assembler port (!jit_arches)
+%global zero_arches %{arm} ppc s390 s390x
+# Set of architectures which run a full bootstrap cycle
+%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches}
-%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures which support the serviceability agent
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support class data sharing
@@ -137,12 +142,17 @@
%else
%global fastdebug_build %{nil}
%endif
-%global bootstrap_build 1
# If you disable both builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
+%ifarch %{bootstrap_arches}
+%global bootstrap_build true
+%else
+%global bootstrap_build false
+%endif
+
%global bootstrap_targets images
%global release_targets images docs-zip
%global debug_targets images
@@ -311,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2051,19 +2061,23 @@ installdir=%{installoutputdir -- $suffix}
bootinstalldir=boot${installdir}
# Debug builds don't need same targets as release for
-# build speed-up
-maketargets="%{release_targets}"
+# build speed-up. We also avoid bootstrapping these
+# slower builds.
if echo $debugbuild | grep -q "debug" ; then
maketargets="%{debug_targets}"
+ run_bootstrap=false
+else
+ maketargets="%{release_targets}"
+ run_bootstrap=%{bootstrap_build}
fi
-%if %{bootstrap_build}
-buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
-buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
-%{!?with_artifacts:rm -rf ${bootinstalldir}}
-%else
-buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
-%endif
+if ${run_bootstrap} ; then
+ buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+ buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+ %{!?with_artifacts:rm -rf ${bootinstalldir}}
+else
+ buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
+fi
# Install nss.cfg right away as we will be using the JRE above
export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
@@ -2623,6 +2637,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Dec 06 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-3
+- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
+
* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.312.b07-2
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
secmod.db file as part of nss
commit cd23abf967b3e97d6993cfacbadc584c3b9f9430
Author: Severin Gehwolf <sgehwolf(a)redhat.com>
Date: Wed Nov 3 11:43:58 2021 +0100
Use 'sql:' prefix in nss.fips.cfg
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8fe4eb1..7b01ed0 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1907,7 +1907,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
-sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@@ -2624,6 +2623,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.312.b07-2
+- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
+ secmod.db file as part of nss
+
* Fri Oct 15 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-1
- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
- Update release notes for 8u312-b07.
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
index ead27be..1aff153 100644
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@@ -1,6 +1,6 @@
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = @NSS_SECMOD@
+nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly
nssModule = fips
commit b1a7d3ba426353f381b04c725272bf1bb197e02a
Author: Severin Gehwolf <sgehwolf(a)redhat.com>
Date: Wed Nov 3 11:43:58 2021 +0100
Use 'sql:' prefix in nss.fips.cfg
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index afad6cd..6557c22 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1907,7 +1907,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
-sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@@ -2624,6 +2623,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.312.b07-2
+- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
+ secmod.db file as part of nss
+
* Fri Oct 15 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-1
- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
- Update release notes for 8u312-b07.
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
index ead27be..1aff153 100644
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@@ -1,6 +1,6 @@
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = @NSS_SECMOD@
+nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly
nssModule = fips
commit 41a31ef1ede25c529e956333000ff90cedba475b
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Sep 1 23:23:51 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b07 (GA)
Update release notes for 8u312-b07.
Remove "-clean" suffix as no 8u312 builds are unclean.
Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Port FIPS system detection support to OpenJDK 8u
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
Add FIPS patch to login to the NSS software token when in FIPS mode.
Add FIPS patch to allow plain key import.
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
Reduce disk footprint by removing build artifacts by default.
diff --git a/.gitignore b/.gitignore
index 67c9eb6..d5493bd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -239,3 +239,10 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 1cb973a..ef9db68 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,132 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u312 (2021-10-19):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u312
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
+
+* Security fixes
+ - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
+ - JDK-8161016: Strange behavior of URLConnection with proxy
+ - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
+ - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
+ - JDK-8263314: Enhance XML Dsig modes
+ - JDK-8265167, CVE-2021-35556: Richer Text Editors
+ - JDK-8265574: Improve handling of sheets
+ - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
+ - JDK-8265776: Improve Stream handling for SSL
+ - JDK-8266097, CVE-2021-35561: Better hashing support
+ - JDK-8266103: Better specified spec values
+ - JDK-8266109: More Resilient Classloading
+ - JDK-8266115: More Manifest Jar Loading
+ - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
+ - JDK-8266689, CVE-2021-35567: More Constrained Delegation
+ - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
+ - JDK-8267712: Better LDAP reference processing
+ - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
+ - JDK-8267735, CVE-2021-35586: Better BMP support
+ - JDK-8268193: Improve requests of certificates
+ - JDK-8268199: Correct certificate requests
+ - JDK-8268506: More Manifest Digests
+ - JDK-8269618, CVE-2021-35603: Better session identification
+ - JDK-8269624: Enhance method selection support
+ - JDK-8270398: Enhance canonicalization
+ - JDK-8270404: Better canonicalization
+* Other changes
+ - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
+ - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
+ - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline
+ - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
+ - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private
+ - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
+ - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
+ - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
+ - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed
+ - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently
+ - JDK-8065215: Print warning summary at end of configure
+ - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object
+ - JDK-8079891: Store configure log in $BUILD/configure.log
+ - JDK-8080082: configure fails if you create an empty directory and then run configure from it
+ - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
+ - JDK-8131062: aarch64: add support for GHASH acceleration
+ - JDK-8134869: AARCH64: GHASH intrinsic is not optimal
+ - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
+ - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
+ - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
+ - JDK-8166673: The new implementation of Robot.waitForIdle() may hang
+ - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
+ - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
+ - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
+ - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
+ - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
+ - JDK-8214418: half-closed SSLEngine status may cause application dead loop
+ - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
+ - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
+ - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
+ - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
+ - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
+ - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
+ - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
+ - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
+ - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+ - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
+ - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
+ - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
+ - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
+ - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
+ - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
+ - JDK-8263311: Watch registry changes for remote printers update instead of polling
+ - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
+ - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
+ - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
+ - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
+ - JDK-8265978: make test should look for more locations when searching for exit code
+ - JDK-8266206: Build failure after JDK-8264752 with older GCCs
+ - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
+ - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
+ - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
+ - JDK-8269763: The JEditorPane is blank after JDK-8265167
+ - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
+ - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
+ - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
+ - JDK-8269882: stack-use-after-scope in NewObjectA
+ - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
+ - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
+ - JDK-8271466: StackGap test fails on aarch64 due to "-m64"
+ - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
+ - JDK-8272214: [8u] Build failure after backport of JDK-8248901
+ - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
+* Shenandoah
+ - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array
+ - Re-cast JNI critical strings patch to be Shenandoah-specific
+
+Notes on individual issues:
+===========================
+
+core-libs/java.net:
+
+JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
+================================================================================
+The behavior of HttpURLConnection when using a ProxySelector has been
+modified with this JDK release. HttpURLConnection used to fall back to
+a DIRECT connection attempt if the configured proxy(s) failed to make
+a connection. This release introduces a change whereby no DIRECT
+connection will be attempted in such a scenario. Instead, the
+HttpURLConnection.connect() method will fail and throw an IOException
+which occurred from the last proxy tested.
+
+security-libs/javax.net.ssl:
+
+JDK-8219551: Updated the Default Enabled Cipher Suites Preference
+=================================================================
+The preference of the default enabled cipher suites has been
+changed. The compatibility impact should be minimal. If needed,
+applications can customize the enabled cipher suites and the
+preference. For more details, refer to the SunJSSE provider
+documentation and the JSSE Reference Guide documentation.
+
New in release OpenJDK 8u302 (2021-07-20):
===========================================
Live versions of these release notes can be found at:
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index e9eed11..c6f0756 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -177,7 +177,7 @@ if [ "X$COMPRESSION" = "Xxz" ] ; then
else
SWITCH=czf
fi
-TARBALL_NAME=${FILE_NAME_ROOT}-4curve-clean.tar.${COMPRESSION}
+TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} openjdk
mv ${TARBALL_NAME} ..
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 68867b4..8fe4eb1 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -22,6 +22,8 @@
%bcond_without slowdebug
# Enable release builds by default on relevant arches.
%bcond_without release
+# Remove build artifacts by default
+%bcond_with artifacts
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
@@ -294,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b08
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -309,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -343,6 +345,7 @@
%global jdkimage j2sdk-image
# output dir stub
%define buildoutputdir() %{expand:build/jdk8.build%{?1}}
+%define installoutputdir() %{expand:install/jdk8.install%{?1}}
# we can copy the javadoc to not arched dir, or make it not noarch
%define uniquejavadocdir() %{expand:%{fullversion}%{?1}}
# main id and dir of this jdk
@@ -352,7 +355,7 @@
# fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349
# https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14
# https://bugzilla.redhat.com/show_bug.cgi?id=1655938
-%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
+%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
%global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.*
%if %is_system_jdk
%global __provides_exclude ^(%{_privatelibs})$
@@ -805,6 +808,7 @@ exit 0
%endif
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so
+%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libunpack.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libverify.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libzip.so
@@ -1044,8 +1048,8 @@ exit 0
%define files_javadoc() %{expand:
%defattr(-,root,root,-)
%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}
-#javadoc is in jdk8 noarch, so also licnese file must be treated like it
-%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
+#javadoc is in jdk8 noarch, so also license file must be treated like it
+%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
%ghost %{_javadocdir}/java
@@ -1056,8 +1060,8 @@ exit 0
%define files_javadoc_zip() %{expand:
%defattr(-,root,root,-)
%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
-#javadoc is in jdk8 noarch, so also licnese file must be treated like it
-%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
+#javadoc is in jdk8 noarch, so also license file must be treated like it
+%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
%ghost %{_javadocdir}/java-zip
@@ -1112,8 +1116,6 @@ Requires: copy-jdk-configs >= 4.0
OrderWithRequires: copy-jdk-configs
# for printing support
Requires: cups-libs
-# for FIPS PKCS11 provider
-Requires: nss
# Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
@@ -1238,7 +1240,7 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
-Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve-clean.tar.xz
+Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
# Custom README for -src subpackage
Source2: README.md
@@ -1308,6 +1310,13 @@ Patch1002: rh1760838-fips_default_keystore_type.patch
Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
Patch1005: rh1906862-always_initialise_configurator_access.patch
+# RH1929465: Improve system FIPS detection
+Patch1006: rh1929465-improve_system_FIPS_detection-root.patch
+Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
+# RH1996182: Login to the NSS software token in FIPS mode
+Patch1008: rh1996182-login_to_nss_software_token.patch
+# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
+Patch1011: rh1991003-enable_fips_keys_import.patch
#############################################
#
@@ -1454,8 +1463,8 @@ BuildRequires: libXinerama-devel
BuildRequires: libXrender-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
-# Requirements for setting up the nss.cfg
-BuildRequires: nss-devel
+# Requirements for setting up the nss.cfg and FIPS support
+BuildRequires: nss-devel >= 3.53
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@@ -1834,6 +1843,10 @@ sh %{SOURCE12}
%patch1003
%patch1004
%patch1005
+%patch1006
+%patch1007
+%patch1008
+%patch1011
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -1931,9 +1944,10 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
function buildjdk() {
local outputdir=${1}
- local buildjdk=${2}
- local maketargets=${3}
- local debuglevel=${4}
+ local installdir=${2}
+ local buildjdk=${3}
+ local maketargets=${4}
+ local debuglevel=${5}
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
# Variable used in hs_err hook on build failures
@@ -1943,7 +1957,7 @@ function buildjdk() {
${buildjdk}/bin/java -version
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
- mkdir -p ${outputdir}
+ mkdir -p ${outputdir} ${installdir}
pushd ${outputdir}
bash ${top_srcdir_abs_path}/configure \
@@ -1965,6 +1979,7 @@ function buildjdk() {
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
+ --enable-sysconf-nss \
--enable-unlimited-crypto \
--with-zlib=system \
--with-libjpeg=system \
@@ -2003,6 +2018,23 @@ function buildjdk() {
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
popd >& /dev/null
+
+ echo "Installing build from ${outputdir} to ${installdir}..."
+ echo "Installing images..."
+ mv ${outputdir}/images ${installdir}
+ if [ -d ${outputdir}/bundles ] ; then
+ echo "Installing bundles...";
+ mv ${outputdir}/bundles ${installdir} ;
+ fi
+ if [ -d ${outputdir}/docs ] ; then
+ echo "Installing docs...";
+ mv ${outputdir}/docs ${installdir} ;
+ fi
+
+%if !%{with artifacts}
+ echo "Removing output directory...";
+ rm -rf ${outputdir}
+%endif
}
for suffix in %{build_loop} ; do
@@ -2016,6 +2048,8 @@ fi
systemjdk=/usr/lib/jvm/java-openjdk
builddir=%{buildoutputdir -- $suffix}
bootbuilddir=boot${builddir}
+installdir=%{installoutputdir -- $suffix}
+bootinstalldir=boot${installdir}
# Debug builds don't need same targets as release for
# build speed-up
@@ -2025,15 +2059,15 @@ if echo $debugbuild | grep -q "debug" ; then
fi
%if %{bootstrap_build}
-buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
-buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
-rm -rf ${bootbuilddir}
+buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+%{!?with_artifacts:rm -rf ${bootinstalldir}}
%else
-buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
+buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
%endif
# Install nss.cfg right away as we will be using the JRE above
-export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
+export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/jre/lib/security/
@@ -2059,7 +2093,7 @@ done
# We test debug first as it will give better diagnostics on a crash
for suffix in %{build_loop} ; do
-export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
+export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Check unlimited policy has been used
$JAVA_HOME/bin/javac -d . %{SOURCE13}
@@ -2174,7 +2208,7 @@ STRIP_KEEP_SYMTAB=libjvm*
for suffix in %{build_loop} ; do
# Install the jdk
-pushd %{buildoutputdir -- $suffix}/images/%{jdkimage}
+pushd %{installoutputdir -- $suffix}/images/%{jdkimage}
# Install jsa directories so we can owe them
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/
@@ -2241,9 +2275,9 @@ popd
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
- cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
+ cp -a %{installoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
- cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
+ cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
fi
# Install release notes
@@ -2590,6 +2624,21 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Oct 15 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-1
+- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
+- Update release notes for 8u312-b07.
+- Remove "-clean" suffix as no 8u312 builds are unclean.
+- Port FIPS system detection support to OpenJDK 8u
+- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
+- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
+- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
+- Reduce disk footprint by removing build artifacts by default.
+
+* Thu Oct 07 2021 Martin Balao <mbalao(a)redhat.com> - 1:1.8.0.312.b07-1
+- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
+- Add patch to login to the NSS software token when in FIPS mode.
+- Add patch to allow plain key import.
+
* Mon Aug 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.302.b08-2
- alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
@@ -2694,7 +2743,7 @@ cjc.mainProgram(args)
- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and patch3 rh1648644-java_access_bridge_privileged_security.patch
- removal of accessibility{,-slowdebug,-fastdebug} subpackages
- no longer creating symlinks of %%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %%{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
-- no longer creating %%{_jvmdir}/%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
+- no longer creating %%{_jvmdir}/%%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
* Mon Mar 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b06-0.0.ea
diff --git a/rh1929465-improve_system_FIPS_detection-jdk.patch b/rh1929465-improve_system_FIPS_detection-jdk.patch
new file mode 100644
index 0000000..1461be8
--- /dev/null
+++ b/rh1929465-improve_system_FIPS_detection-jdk.patch
@@ -0,0 +1,344 @@
+diff --git openjdk.orig/jdk/make/lib/SecurityLibraries.gmk openjdk/jdk/make/lib/SecurityLibraries.gmk
+--- openjdk.orig/jdk/make/lib/SecurityLibraries.gmk
++++ openjdk/jdk/make/lib/SecurityLibraries.gmk
+@@ -289,3 +289,34 @@
+
+ endif
+ endif
++
++################################################################################
++# Create the systemconf library
++
++LIBSYSTEMCONF_CFLAGS :=
++LIBSYSTEMCONF_CXXFLAGS :=
++
++ifeq ($(USE_SYSCONF_NSS), true)
++ LIBSYSTEMCONF_CFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++ LIBSYSTEMCONF_CXXFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++endif
++
++ifeq ($(OPENJDK_BUILD_OS), linux)
++ $(eval $(call SetupNativeCompilation,BUILD_LIBSYSTEMCONF, \
++ LIBRARY := systemconf, \
++ OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
++ SRC := $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/java/security, \
++ LANG := C, \
++ OPTIMIZATION := LOW, \
++ CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \
++ CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \
++ MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsystemconf/mapfile-vers, \
++ LDFLAGS := $(LDFLAGS_JDKLIB) \
++ $(call SET_SHARED_LIBRARY_ORIGIN), \
++ LDFLAGS_SUFFIX := $(LIBDL) $(NSS_LIBS), \
++ OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libsystemconf, \
++ DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
++
++ BUILD_LIBRARIES += $(BUILD_LIBSYSTEMCONF)
++endif
++
+diff --git openjdk.orig/jdk/make/mapfiles/libsystemconf/mapfile-vers openjdk/jdk/make/mapfiles/libsystemconf/mapfile-vers
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/make/mapfiles/libsystemconf/mapfile-vers
+@@ -0,0 +1,35 @@
++#
++# Copyright (c) 2021, Red Hat, Inc.
++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++#
++# This code is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 2 only, as
++# published by the Free Software Foundation. Oracle designates this
++# particular file as subject to the "Classpath" exception as provided
++# by Oracle in the LICENSE file that accompanied this code.
++#
++# This code is distributed in the hope that it will be useful, but WITHOUT
++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# version 2 for more details (a copy is included in the LICENSE file that
++# accompanied this code).
++#
++# You should have received a copy of the GNU General Public License version
++# 2 along with this work; if not, write to the Free Software Foundation,
++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++# or visit www.oracle.com if you need additional information or have any
++# questions.
++#
++
++# Define public interface.
++
++SUNWprivate_1.1 {
++ global:
++ DEF_JNI_OnLoad;
++ DEF_JNI_OnUnLoad;
++ Java_java_security_SystemConfigurator_getSystemFIPSEnabled;
++ local:
++ *;
++};
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019, 2020, Red Hat, Inc.
++ * Copyright (c) 2019, 2021, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+@@ -30,14 +30,9 @@
+ import java.io.FileInputStream;
+ import java.io.IOException;
+
+-import java.nio.file.Files;
+-import java.nio.file.FileSystems;
+-import java.nio.file.Path;
+-
+ import java.util.Iterator;
+ import java.util.Map.Entry;
+ import java.util.Properties;
+-import java.util.regex.Pattern;
+
+ import sun.security.util.Debug;
+
+@@ -59,10 +54,21 @@
+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+- private static final String CRYPTO_POLICIES_CONFIG =
+- CRYPTO_POLICIES_BASE_DIR + "/config";
++ private static boolean systemFipsEnabled = false;
++
++ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
++
++ private static native boolean getSystemFIPSEnabled()
++ throws IOException;
+
+- private static boolean systemFipsEnabled = false;
++ static {
++ AccessController.doPrivileged(new PrivilegedAction<Void>() {
++ public Void run() {
++ System.loadLibrary(SYSTEMCONF_NATIVE_LIB);
++ return null;
++ }
++ });
++ }
+
+ /*
+ * Invoked when java.security.Security class is initialized, if
+@@ -171,17 +177,34 @@
+ }
+
+ /*
+- * FIPS is enabled only if crypto-policies are set to "FIPS"
+- * and the com.redhat.fips property is true.
++ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
++ * system property is true (default) and the system is in FIPS mode.
++ *
++ * There are 2 possible ways in which OpenJDK detects that the system
++ * is in FIPS mode: 1) if the NSS SECMOD_GetSystemFIPSEnabled API is
++ * available at OpenJDK's built-time, it is called; 2) otherwise, the
++ * /proc/sys/crypto/fips_enabled file is read.
+ */
+- private static boolean enableFips() throws Exception {
++ private static boolean enableFips() throws IOException {
+ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (shouldEnable) {
+- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+- return pattern.matcher(cryptoPoliciesConfig).find();
++ if (sdebug != null) {
++ sdebug.println("Calling getSystemFIPSEnabled (libsystemconf)...");
++ }
++ try {
++ shouldEnable = getSystemFIPSEnabled();
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) returned: "
++ + shouldEnable);
++ }
++ return shouldEnable;
++ } catch (IOException e) {
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) failed:");
++ sdebug.println(e.getMessage());
++ }
++ throw e;
++ }
+ } else {
+ return false;
+ }
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -0,0 +1,168 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++#include <dlfcn.h>
++#include <jni.h>
++#include <jni_util.h>
++#include <stdio.h>
++
++#ifdef SYSCONF_NSS
++#include <nss3/pk11pub.h>
++#endif //SYSCONF_NSS
++
++#include "java_security_SystemConfigurator.h"
++
++#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
++#define MSG_MAX_SIZE 96
++
++static jmethodID debugPrintlnMethodID = NULL;
++static jobject debugObj = NULL;
++
++static void throwIOException(JNIEnv *env, const char *msg);
++static void dbgPrint(JNIEnv *env, const char* msg);
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnLoad
++ */
++JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++ jclass sysConfCls, debugCls;
++ jfieldID sdebugFld;
++
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return JNI_EVERSION; /* JNI version not supported */
++ }
++
++ sysConfCls = (*env)->FindClass(env,"java/security/SystemConfigurator");
++ if (sysConfCls == NULL) {
++ printf("libsystemconf: SystemConfigurator class not found\n");
++ return JNI_ERR;
++ }
++ sdebugFld = (*env)->GetStaticFieldID(env, sysConfCls,
++ "sdebug", "Lsun/security/util/Debug;");
++ if (sdebugFld == NULL) {
++ printf("libsystemconf: SystemConfigurator::sdebug field not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->GetStaticObjectField(env, sysConfCls, sdebugFld);
++ if (debugObj != NULL) {
++ debugCls = (*env)->FindClass(env,"sun/security/util/Debug");
++ if (debugCls == NULL) {
++ printf("libsystemconf: Debug class not found\n");
++ return JNI_ERR;
++ }
++ debugPrintlnMethodID = (*env)->GetMethodID(env, debugCls,
++ "println", "(Ljava/lang/String;)V");
++ if (debugPrintlnMethodID == NULL) {
++ printf("libsystemconf: Debug::println(String) method not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->NewGlobalRef(env, debugObj);
++ }
++
++ return (*env)->GetVersion(env);
++}
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnUnload
++ */
++JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++
++ if (debugObj != NULL) {
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return; /* Should not happen */
++ }
++ (*env)->DeleteGlobalRef(env, debugObj);
++ }
++}
++
++JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled
++ (JNIEnv *env, jclass cls)
++{
++ int fips_enabled;
++ char msg[MSG_MAX_SIZE];
++ int msg_bytes;
++
++#ifdef SYSCONF_NSS
++
++ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
++ fips_enabled = SECMOD_GetSystemFIPSEnabled();
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " SECMOD_GetSystemFIPSEnabled return value");
++ }
++ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
++
++#else // SYSCONF_NSS
++
++ FILE *fe;
++
++ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
++ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
++ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ }
++ fips_enabled = fgetc(fe);
++ fclose(fe);
++ if (fips_enabled == EOF) {
++ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ }
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " read character is '%c'", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " read character");
++ }
++ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
++
++#endif // SYSCONF_NSS
++}
++
++static void throwIOException(JNIEnv *env, const char *msg)
++{
++ jclass cls = (*env)->FindClass(env, "java/io/IOException");
++ if (cls != 0)
++ (*env)->ThrowNew(env, cls, msg);
++}
++
++static void dbgPrint(JNIEnv *env, const char* msg)
++{
++ jstring jMsg;
++ if (debugObj != NULL) {
++ jMsg = (*env)->NewStringUTF(env, msg);
++ CHECK_NULL(jMsg);
++ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
++ }
++}
diff --git a/rh1929465-improve_system_FIPS_detection-root.patch b/rh1929465-improve_system_FIPS_detection-root.patch
new file mode 100644
index 0000000..64d8ac0
--- /dev/null
+++ b/rh1929465-improve_system_FIPS_detection-root.patch
@@ -0,0 +1,152 @@
+diff --git openjdk.orig/common/autoconf/configure.ac openjdk/common/autoconf/configure.ac
+--- openjdk.orig/common/autoconf/configure.ac
++++ openjdk/common/autoconf/configure.ac
+@@ -212,6 +212,7 @@
+ LIB_SETUP_ALSA
+ LIB_SETUP_FONTCONFIG
+ LIB_SETUP_MISC_LIBS
++LIB_SETUP_SYSCONF_LIBS
+ LIB_SETUP_STATIC_LINK_LIBSTDCPP
+ LIB_SETUP_ON_WINDOWS
+
+diff --git openjdk.orig/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4
+--- openjdk.orig/common/autoconf/libraries.m4
++++ openjdk/common/autoconf/libraries.m4
+@@ -1067,3 +1067,63 @@
+ BASIC_DEPRECATED_ARG_WITH([dxsdk-include])
+ fi
+ ])
++
++################################################################################
++# Setup system configuration libraries
++################################################################################
++AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS],
++[
++ ###############################################################################
++ #
++ # Check for the NSS library
++ #
++
++ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
++
++ # default is not available
++ DEFAULT_SYSCONF_NSS=no
++
++ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss],
++ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])],
++ [
++ case "${enableval}" in
++ yes)
++ sysconf_nss=yes
++ ;;
++ *)
++ sysconf_nss=no
++ ;;
++ esac
++ ],
++ [
++ sysconf_nss=${DEFAULT_SYSCONF_NSS}
++ ])
++ AC_MSG_RESULT([$sysconf_nss])
++
++ USE_SYSCONF_NSS=false
++ if test "x${sysconf_nss}" = "xyes"; then
++ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no])
++ if test "x${NSS_FOUND}" = "xyes"; then
++ AC_MSG_CHECKING([for system FIPS support in NSS])
++ saved_libs="${LIBS}"
++ saved_cflags="${CFLAGS}"
++ CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
++ LIBS="${LIBS} ${NSS_LIBS}"
++ AC_LANG_PUSH([C])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <nss3/pk11pub.h>]],
++ [[SECMOD_GetSystemFIPSEnabled()]])],
++ [AC_MSG_RESULT([yes])],
++ [AC_MSG_RESULT([no])
++ AC_MSG_ERROR([System NSS FIPS detection unavailable])])
++ AC_LANG_POP([C])
++ CFLAGS="${saved_cflags}"
++ LIBS="${saved_libs}"
++ USE_SYSCONF_NSS=true
++ else
++ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API
++ dnl in nss3/pk11pub.h.
++ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.])
++ fi
++ fi
++ AC_SUBST(USE_SYSCONF_NSS)
++])
+diff --git openjdk.orig/common/autoconf/spec.gmk.in openjdk/common/autoconf/spec.gmk.in
+--- openjdk.orig/common/autoconf/spec.gmk.in
++++ openjdk/common/autoconf/spec.gmk.in
+@@ -312,6 +312,10 @@
+ ALSA_LIBS:=@ALSA_LIBS@
+ ALSA_CFLAGS:=@ALSA_CFLAGS@
+
++USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
++NSS_LIBS:=@NSS_LIBS@
++NSS_CFLAGS:=@NSS_CFLAGS@
++
+ PACKAGE_PATH=@PACKAGE_PATH@
+
+ # Source file for cacerts
+diff --git openjdk.orig/common/bin/compare_exceptions.sh.incl openjdk/common/bin/compare_exceptions.sh.incl
+--- openjdk.orig/common/bin/compare_exceptions.sh.incl
++++ openjdk/common/bin/compare_exceptions.sh.incl
+@@ -280,6 +280,7 @@
+ ./jre/lib/i386/libsplashscreen.so
+ ./jre/lib/i386/libsunec.so
+ ./jre/lib/i386/libsunwjdga.so
++./jre/lib/i386/libsystemconf.so
+ ./jre/lib/i386/libt2k.so
+ ./jre/lib/i386/libunpack.so
+ ./jre/lib/i386/libverify.so
+@@ -433,6 +434,7 @@
+ ./jre/lib/amd64/libsplashscreen.so
+ ./jre/lib/amd64/libsunec.so
+ ./jre/lib/amd64/libsunwjdga.so
++//jre/lib/amd64/libsystemconf.so
+ ./jre/lib/amd64/libt2k.so
+ ./jre/lib/amd64/libunpack.so
+ ./jre/lib/amd64/libverify.so
+@@ -587,6 +589,7 @@
+ ./jre/lib/sparc/libsplashscreen.so
+ ./jre/lib/sparc/libsunec.so
+ ./jre/lib/sparc/libsunwjdga.so
++./jre/lib/sparc/libsystemconf.so
+ ./jre/lib/sparc/libt2k.so
+ ./jre/lib/sparc/libunpack.so
+ ./jre/lib/sparc/libverify.so
+@@ -741,6 +744,7 @@
+ ./jre/lib/sparcv9/libsplashscreen.so
+ ./jre/lib/sparcv9/libsunec.so
+ ./jre/lib/sparcv9/libsunwjdga.so
++./jre/lib/sparcv9/libsystemconf.so
+ ./jre/lib/sparcv9/libt2k.so
+ ./jre/lib/sparcv9/libunpack.so
+ ./jre/lib/sparcv9/libverify.so
+diff --git openjdk.orig/common/nb_native/nbproject/configurations.xml openjdk/common/nb_native/nbproject/configurations.xml
+--- openjdk.orig/common/nb_native/nbproject/configurations.xml
++++ openjdk/common/nb_native/nbproject/configurations.xml
+@@ -53,6 +53,9 @@
+ <in>jvmtiEnterTrace.cpp</in>
+ </df>
+ </df>
++ <df name="libsystemconf">
++ <in>systemconf.c</in>
++ </df>
+ </df>
+ </df>
+ <df name="jdk">
+@@ -12772,6 +12775,11 @@
+ tool="0"
+ flavor2="0">
+ </item>
++ <item path="../../jdk/src/solaris/native/java/security/systemconf.c"
++ ex="false"
++ tool="0"
++ flavor2="0">
++ </item>
+ <item path="../../jdk/src/share/native/java/util/TimeZone.c"
+ ex="false"
+ tool="0"
diff --git a/rh1991003-enable_fips_keys_import.patch b/rh1991003-enable_fips_keys_import.patch
new file mode 100644
index 0000000..028769d
--- /dev/null
+++ b/rh1991003-enable_fips_keys_import.patch
@@ -0,0 +1,583 @@
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -78,6 +78,10 @@
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
++ @Override
++ public boolean isPlainKeySupportEnabled() {
++ return SystemConfigurator.isPlainKeySupportEnabled();
++ }
+ });
+
+ // doPrivileged here because there are multiple
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -55,6 +55,7 @@
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+ private static boolean systemFipsEnabled = false;
++ private static boolean plainKeySupportEnabled = false;
+
+ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
+
+@@ -149,6 +150,16 @@
+ }
+ loadedProps = true;
+ systemFipsEnabled = true;
++ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport",
++ "true");
++ plainKeySupportEnabled = !"false".equals(plainKeySupport);
++ if (sdebug != null) {
++ if (plainKeySupportEnabled) {
++ sdebug.println("FIPS support enabled with plain key support");
++ } else {
++ sdebug.println("FIPS support enabled without plain key support");
++ }
++ }
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+@@ -176,6 +187,19 @@
+ return systemFipsEnabled;
+ }
+
++ /**
++ * Returns {@code true} if system FIPS alignment is enabled
++ * and plain key support is allowed. Plain key support is
++ * enabled by default but can be disabled with
++ * {@code -Dcom.redhat.fips.plainKeySupport=false}.
++ *
++ * @return a boolean indicating whether plain key support
++ * should be enabled.
++ */
++ static boolean isPlainKeySupportEnabled() {
++ return plainKeySupportEnabled;
++ }
++
+ /*
+ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
+ * system property is true (default) and the system is in FIPS mode.
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+--- openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
++++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+@@ -27,4 +27,5 @@
+
+ public interface JavaSecuritySystemConfiguratorAccess {
+ boolean isSystemFipsEnabled();
++ boolean isPlainKeySupportEnabled();
+ }
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java openjdk/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+@@ -0,0 +1,290 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package sun.security.pkcs11;
++
++import java.math.BigInteger;
++import java.security.KeyFactory;
++import java.security.Provider;
++import java.security.Security;
++import java.util.HashMap;
++import java.util.Map;
++import java.util.concurrent.locks.ReentrantLock;
++
++import javax.crypto.Cipher;
++import javax.crypto.spec.DHPrivateKeySpec;
++import javax.crypto.spec.IvParameterSpec;
++
++import sun.security.jca.JCAUtil;
++import sun.security.pkcs11.TemplateManager;
++import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
++import sun.security.pkcs11.wrapper.CK_MECHANISM;
++import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
++import sun.security.pkcs11.wrapper.PKCS11Exception;
++import sun.security.rsa.RSAUtil.KeyType;
++import sun.security.util.Debug;
++import sun.security.util.ECUtil;
++
++final class FIPSKeyImporter {
++
++ private static final Debug debug =
++ Debug.getInstance("sunpkcs11");
++
++ private static P11Key importerKey = null;
++ private static final ReentrantLock importerKeyLock = new ReentrantLock();
++ private static CK_MECHANISM importerKeyMechanism = null;
++ private static Cipher importerCipher = null;
++
++ private static Provider sunECProvider = null;
++ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
++
++ private static KeyFactory DHKF = null;
++ private static final ReentrantLock DHKFLock = new ReentrantLock();
++
++ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
++ throws PKCS11Exception {
++ long keyID = -1;
++ Token token = sunPKCS11.getToken();
++ if (debug != null) {
++ debug.println("Private or Secret key will be imported in" +
++ " system FIPS mode.");
++ }
++ if (importerKey == null) {
++ importerKeyLock.lock();
++ try {
++ if (importerKey == null) {
++ if (importerKeyMechanism == null) {
++ // Importer Key creation has not been tried yet. Try it.
++ createImporterKey(token);
++ }
++ if (importerKey == null || importerCipher == null) {
++ if (debug != null) {
++ debug.println("Importer Key could not be" +
++ " generated.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ if (debug != null) {
++ debug.println("Importer Key successfully" +
++ " generated.");
++ }
++ }
++ } finally {
++ importerKeyLock.unlock();
++ }
++ }
++ long importerKeyID = importerKey.getKeyID();
++ try {
++ byte[] keyBytes = null;
++ byte[] encKeyBytes = null;
++ long keyClass = 0L;
++ long keyType = 0L;
++ Map<Long, CK_ATTRIBUTE> attrsMap = new HashMap<>();
++ for (CK_ATTRIBUTE attr : attributes) {
++ if (attr.type == CKA_CLASS) {
++ keyClass = attr.getLong();
++ } else if (attr.type == CKA_KEY_TYPE) {
++ keyType = attr.getLong();
++ }
++ attrsMap.put(attr.type, attr);
++ }
++ BigInteger v = null;
++ if (keyClass == CKO_PRIVATE_KEY) {
++ if (keyType == CKK_RSA) {
++ if (debug != null) {
++ debug.println("Importing an RSA private key...");
++ }
++ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
++ KeyType.RSA,
++ null,
++ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ } else if (keyType == CKK_DSA) {
++ if (debug != null) {
++ debug.println("Importing a DSA private key...");
++ }
++ keyBytes = new sun.security.provider.DSAPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_EC) {
++ if (debug != null) {
++ debug.println("Importing an EC private key...");
++ }
++ if (sunECProvider == null) {
++ sunECProviderLock.lock();
++ try {
++ if (sunECProvider == null) {
++ sunECProvider = Security.getProvider("SunEC");
++ }
++ } finally {
++ sunECProviderLock.unlock();
++ }
++ }
++ keyBytes = P11ECUtil.generateECPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ECUtil.getECParameterSpec(sunECProvider,
++ attrsMap.get(CKA_EC_PARAMS).getByteArray()))
++ .getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_DH) {
++ if (debug != null) {
++ debug.println("Importing a Diffie-Hellman private key...");
++ }
++ if (DHKF == null) {
++ DHKFLock.lock();
++ try {
++ if (DHKF == null) {
++ DHKF = KeyFactory.getInstance(
++ "DH", P11Util.getSunJceProvider());
++ }
++ } finally {
++ DHKFLock.unlock();
++ }
++ }
++ DHPrivateKeySpec spec = new DHPrivateKeySpec
++ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO);
++ keyBytes = DHKF.generatePrivate(spec).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else {
++ if (debug != null) {
++ debug.println("Unrecognized private key type.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ } else if (keyClass == CKO_SECRET_KEY) {
++ if (debug != null) {
++ debug.println("Importing a secret key...");
++ }
++ keyBytes = attrsMap.get(CKA_VALUE).getByteArray();
++ }
++ if (keyBytes == null || keyBytes.length == 0) {
++ if (debug != null) {
++ debug.println("Private or secret key plain bytes could" +
++ " not be obtained. Import failed.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey,
++ new IvParameterSpec((byte[])importerKeyMechanism.pParameter),
++ null);
++ attributes = new CK_ATTRIBUTE[attrsMap.size()];
++ attrsMap.values().toArray(attributes);
++ encKeyBytes = importerCipher.doFinal(keyBytes);
++ attributes = token.getAttributes(TemplateManager.O_IMPORT,
++ keyClass, keyType, attributes);
++ keyID = token.p11.C_UnwrapKey(hSession,
++ importerKeyMechanism, importerKeyID, encKeyBytes, attributes);
++ if (debug != null) {
++ debug.println("Imported key ID: " + keyID);
++ }
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ } finally {
++ importerKey.releaseKeyID();
++ }
++ return Long.valueOf(keyID);
++ }
++
++ private static void createImporterKey(Token token) {
++ if (debug != null) {
++ debug.println("Generating Importer Key...");
++ }
++ byte[] iv = new byte[16];
++ JCAUtil.getSecureRandom().nextBytes(iv);
++ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv);
++ try {
++ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE,
++ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] {
++ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
++ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)});
++ Session s = null;
++ try {
++ s = token.getObjSession();
++ long keyID = token.p11.C_GenerateKey(
++ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN),
++ attributes);
++ if (debug != null) {
++ debug.println("Importer Key ID: " + keyID);
++ }
++ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES",
++ 256 >> 3, null);
++ } catch (PKCS11Exception e) {
++ // best effort
++ } finally {
++ token.releaseSession(s);
++ }
++ if (importerKey != null) {
++ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
++ }
++ } catch (Throwable t) {
++ // best effort
++ importerKey = null;
++ importerCipher = null;
++ // importerKeyMechanism value is kept initialized to indicate that
++ // Importer Key creation has been tried and failed.
++ }
++ }
++}
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -26,6 +26,9 @@
+ package sun.security.pkcs11;
+
+ import java.io.*;
++import java.lang.invoke.MethodHandle;
++import java.lang.invoke.MethodHandles;
++import java.lang.invoke.MethodType;
+ import java.util.*;
+
+ import java.security.*;
+@@ -63,6 +66,26 @@
+ private static final boolean systemFipsEnabled = SharedSecrets
+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
+
++ private static final boolean plainKeySupportEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
++
++ private static final MethodHandle fipsImportKey;
++ static {
++ MethodHandle fipsImportKeyTmp = null;
++ if (plainKeySupportEnabled) {
++ try {
++ fipsImportKeyTmp = MethodHandles.lookup().findStatic(
++ FIPSKeyImporter.class, "importKey",
++ MethodType.methodType(Long.class, SunPKCS11.class,
++ long.class, CK_ATTRIBUTE[].class));
++ } catch (Throwable t) {
++ throw new SecurityException("FIPS key importer initialization" +
++ " failed", t);
++ }
++ }
++ fipsImportKey = fipsImportKeyTmp;
++ }
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -314,10 +337,15 @@
+ // request multithreaded access first
+ initArgs.flags = CKF_OS_LOCKING_OK;
+ PKCS11 tmpPKCS11;
++ MethodHandle fipsKeyImporter = null;
++ if (plainKeySupportEnabled) {
++ fipsKeyImporter = MethodHandles.insertArguments(
++ fipsImportKey, 0, this);
++ }
+ try {
+ tmpPKCS11 = PKCS11.getInstance(
+ library, functionList, initArgs,
+- config.getOmitInitialize());
++ config.getOmitInitialize(), fipsKeyImporter);
+ } catch (PKCS11Exception e) {
+ if (debug != null) {
+ debug.println("Multi-threaded initialization failed: " + e);
+@@ -333,7 +361,7 @@
+ initArgs.flags = 0;
+ }
+ tmpPKCS11 = PKCS11.getInstance(library,
+- functionList, initArgs, config.getOmitInitialize());
++ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter);
+ }
+ p11 = tmpPKCS11;
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+@@ -49,6 +49,7 @@
+
+ import java.io.File;
+ import java.io.IOException;
++import java.lang.invoke.MethodHandle;
+ import java.util.*;
+
+ import java.security.AccessController;
+@@ -147,16 +148,28 @@
+
+ public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
+ String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
+- boolean omitInitialize) throws IOException, PKCS11Exception {
++ boolean omitInitialize, MethodHandle fipsKeyImporter)
++ throws IOException, PKCS11Exception {
+ // we may only call C_Initialize once per native .so/.dll
+ // so keep a cache using the (non-canonicalized!) path
+ PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
+ if (pkcs11 == null) {
++ boolean nssFipsMode = fipsKeyImporter != null;
+ if ((pInitArgs != null)
+ && ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
+- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
++ fipsKeyImporter);
++ } else {
++ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ }
+ } else {
+- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
++ functionList, fipsKeyImporter);
++ } else {
++ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ }
+ }
+ if (omitInitialize == false) {
+ try {
+@@ -1905,4 +1918,69 @@
+ super.C_GenerateRandom(hSession, randomData);
+ }
+ }
++
++// PKCS11 subclass that allows using plain private or secret keys in
++// FIPS-configured NSS Software Tokens. Only used when System FIPS
++// is enabled.
++static class FIPSPKCS11 extends PKCS11 {
++ private MethodHandle fipsKeyImporter;
++ FIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // Creating sensitive key objects from plain key material in a
++ // FIPS-configured NSS Software Token is not allowed. We apply
++ // a key-unwrapping scheme to achieve so.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
+ }
++
++// FIPSPKCS11 synchronized counterpart.
++static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 {
++ private MethodHandle fipsKeyImporter;
++ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // See FIPSPKCS11::C_CreateObject.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
++}
++
++private static class FIPSPKCS11Helper {
++ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) {
++ for (CK_ATTRIBUTE attr : pTemplate) {
++ if (attr.type == CKA_CLASS &&
++ (attr.getLong() == CKO_PRIVATE_KEY ||
++ attr.getLong() == CKO_SECRET_KEY)) {
++ return true;
++ }
++ }
++ return false;
++ }
++}
++}
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
++++ openjdk/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+@@ -33,8 +33,13 @@
+
+ import javax.net.ssl.*;
+
++import sun.misc.SharedSecrets;
++
+ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
+
++ private static final boolean plainKeySupportEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
++
+ X509ExtendedKeyManager keyManager;
+ boolean isInitialized;
+
+@@ -62,7 +67,8 @@
+ KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException {
+ if ((ks != null) && SunJSSE.isFIPS()) {
+- if (ks.getProvider() != SunJSSE.cryptoProvider) {
++ if (ks.getProvider() != SunJSSE.cryptoProvider &&
++ !plainKeySupportEnabled) {
+ throw new KeyStoreException("FIPS mode: KeyStore must be "
+ + "from provider " + SunJSSE.cryptoProvider.getName());
+ }
+@@ -91,8 +97,8 @@
+ keyManager = new X509KeyManagerImpl(
+ Collections.<Builder>emptyList());
+ } else {
+- if (SunJSSE.isFIPS() &&
+- (ks.getProvider() != SunJSSE.cryptoProvider)) {
++ if (SunJSSE.isFIPS() && (ks.getProvider() != SunJSSE.cryptoProvider)
++ && !plainKeySupportEnabled) {
+ throw new KeyStoreException(
+ "FIPS mode: KeyStore must be " +
+ "from provider " + SunJSSE.cryptoProvider.getName());
diff --git a/rh1996182-login_to_nss_software_token.patch b/rh1996182-login_to_nss_software_token.patch
new file mode 100644
index 0000000..341e092
--- /dev/null
+++ b/rh1996182-login_to_nss_software_token.patch
@@ -0,0 +1,55 @@
+# HG changeset patch
+# User mbalao
+# Date 1630103180 -3600
+# Fri Aug 27 23:26:20 2021 +0100
+# Node ID b3bd3119fab9bc5adfd7073377aca12bb1af80b3
+# Parent c90394a76ee02a689f95199559d5724824b4b25e
+RH1996182: Login to the NSS Software Token in FIPS Mode
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -42,6 +42,8 @@
+ import javax.security.auth.callback.PasswordCallback;
+ import javax.security.auth.callback.TextOutputCallback;
+
++import sun.misc.SharedSecrets;
++
+ import sun.security.util.Debug;
+ import sun.security.util.ResourcesMgr;
+
+@@ -58,6 +60,9 @@
+ */
+ public final class SunPKCS11 extends AuthProvider {
+
++ private static final boolean systemFipsEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -368,6 +373,24 @@
+ if (nssModule != null) {
+ nssModule.setProvider(this);
+ }
++ if (systemFipsEnabled) {
++ // The NSS Software Token in FIPS 140-2 mode requires a user
++ // login for most operations. See sftk_fipsCheck. The NSS DB
++ // (/etc/pki/nssdb) PIN is empty.
++ Session session = null;
++ try {
++ session = token.getOpSession();
++ p11.C_Login(session.id(), CKU_USER, new char[] {});
++ } catch (PKCS11Exception p11e) {
++ if (debug != null) {
++ debug.println("Error during token login: " +
++ p11e.getMessage());
++ }
++ throw p11e;
++ } finally {
++ token.releaseSession(session);
++ }
++ }
+ } catch (Exception e) {
+ if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
+ throw new UnsupportedOperationException
diff --git a/sources b/sources
index 3236329..32ce1e2 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz) = 04ecdcde841038c0042b44fb3c5303a08616864566fb918ab261fc381fae8804a21f875b1645538e864a1c6db5985f16dfc13b91eb1caeeab54d6d07828c7657
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7
commit 06afebf8011b6c20c3771e6f98f8f76ea2c0c36c
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Oct 20 01:46:06 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b07 (GA)
Update release notes for 8u312-b07.
Switch to GA mode for final release.
diff --git a/.gitignore b/.gitignore
index f34cedd..d5493bd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -244,3 +244,5 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 05c1b39..ef9db68 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,33 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u312
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
+* Security fixes
+ - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
+ - JDK-8161016: Strange behavior of URLConnection with proxy
+ - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
+ - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
+ - JDK-8263314: Enhance XML Dsig modes
+ - JDK-8265167, CVE-2021-35556: Richer Text Editors
+ - JDK-8265574: Improve handling of sheets
+ - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
+ - JDK-8265776: Improve Stream handling for SSL
+ - JDK-8266097, CVE-2021-35561: Better hashing support
+ - JDK-8266103: Better specified spec values
+ - JDK-8266109: More Resilient Classloading
+ - JDK-8266115: More Manifest Jar Loading
+ - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
+ - JDK-8266689, CVE-2021-35567: More Constrained Delegation
+ - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
+ - JDK-8267712: Better LDAP reference processing
+ - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
+ - JDK-8267735, CVE-2021-35586: Better BMP support
+ - JDK-8268193: Improve requests of certificates
+ - JDK-8268199: Correct certificate requests
+ - JDK-8268506: More Manifest Digests
+ - JDK-8269618, CVE-2021-35603: Better session identification
+ - JDK-8269624: Enhance method selection support
+ - JDK-8270398: Enhance canonicalization
+ - JDK-8270404: Better canonicalization
* Other changes
- JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
@@ -29,10 +56,9 @@ Live versions of these release notes can be found at:
- JDK-8134869: AARCH64: GHASH intrinsic is not optimal
- JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
- JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
- - JDK-8161016: Strange behavior of URLConnection with proxy
+ - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
- JDK-8166673: The new implementation of Robot.waitForIdle() may hang
- JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
- - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
- JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
- JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
- JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
@@ -40,6 +66,7 @@ Live versions of these release notes can be found at:
- JDK-8214418: half-closed SSLEngine status may cause application dead loop
- JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
- JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
+ - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
- JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
- JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
- JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
@@ -49,7 +76,6 @@ Live versions of these release notes can be found at:
- JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- - JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
@@ -61,7 +87,9 @@ Live versions of these release notes can be found at:
- JDK-8265978: make test should look for more locations when searching for exit code
- JDK-8266206: Build failure after JDK-8264752 with older GCCs
- JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
+ - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
- JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
+ - JDK-8269763: The JEditorPane is blank after JDK-8265167
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
- JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
- JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
@@ -72,6 +100,34 @@ Live versions of these release notes can be found at:
- JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
- JDK-8272214: [8u] Build failure after backport of JDK-8248901
- JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
+* Shenandoah
+ - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array
+ - Re-cast JNI critical strings patch to be Shenandoah-specific
+
+Notes on individual issues:
+===========================
+
+core-libs/java.net:
+
+JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
+================================================================================
+The behavior of HttpURLConnection when using a ProxySelector has been
+modified with this JDK release. HttpURLConnection used to fall back to
+a DIRECT connection attempt if the configured proxy(s) failed to make
+a connection. This release introduces a change whereby no DIRECT
+connection will be attempted in such a scenario. Instead, the
+HttpURLConnection.connect() method will fail and throw an IOException
+which occurred from the last proxy tested.
+
+security-libs/javax.net.ssl:
+
+JDK-8219551: Updated the Default Enabled Cipher Suites Preference
+=================================================================
+The preference of the default enabled cipher suites has been
+changed. The compatibility impact should be minimal. If needed,
+applications can customize the enabled cipher suites and the
+preference. For more details, refer to the SunJSSE provider
+documentation and the JSSE Reference Guide documentation.
New in release OpenJDK 8u302 (2021-07-20):
===========================================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 16c2d89..afad6cd 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b05
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,12 +311,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2624,6 +2624,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Oct 15 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-1
+- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
+- Update release notes for 8u312-b07.
+- Switch to GA mode for final release.
+
* Thu Oct 07 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.2.ea
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
diff --git a/sources b/sources
index 7c2359c..32ce1e2 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz) = 41aa7cfe6946f9b88e8ae66716e8db204a401f5ded43037c54c071b7a895e08df389d6a7ae5961da00c309a6802c88197cd59ed8e5e52a466c997a680f7f425f
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7
commit 38ede77603423977c87a2c9298a9993fa00d9545
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sun Oct 10 22:01:08 2021 +0100
Add FIPS patch to allow plain key import.
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 35a55bd..16c2d89 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1315,6 +1315,8 @@ Patch1006: rh1929465-improve_system_FIPS_detection-root.patch
Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
# RH1996182: Login to the NSS software token in FIPS mode
Patch1008: rh1996182-login_to_nss_software_token.patch
+# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
+Patch1011: rh1991003-enable_fips_keys_import.patch
#############################################
#
@@ -1844,6 +1846,7 @@ sh %{SOURCE12}
%patch1006
%patch1007
%patch1008
+%patch1011
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2621,6 +2624,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Oct 07 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.2.ea
+- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
+
+* Thu Oct 07 2021 Martin Balao <mbalao(a)redhat.com> - 1:1.8.0.312.b05-0.2.ea
+- Add patch to allow plain key import.
+
* Thu Sep 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b05 (EA)
- Update release notes for 8u312-b05.
diff --git a/rh1991003-enable_fips_keys_import.patch b/rh1991003-enable_fips_keys_import.patch
new file mode 100644
index 0000000..028769d
--- /dev/null
+++ b/rh1991003-enable_fips_keys_import.patch
@@ -0,0 +1,583 @@
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -78,6 +78,10 @@
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
++ @Override
++ public boolean isPlainKeySupportEnabled() {
++ return SystemConfigurator.isPlainKeySupportEnabled();
++ }
+ });
+
+ // doPrivileged here because there are multiple
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -55,6 +55,7 @@
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+ private static boolean systemFipsEnabled = false;
++ private static boolean plainKeySupportEnabled = false;
+
+ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
+
+@@ -149,6 +150,16 @@
+ }
+ loadedProps = true;
+ systemFipsEnabled = true;
++ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport",
++ "true");
++ plainKeySupportEnabled = !"false".equals(plainKeySupport);
++ if (sdebug != null) {
++ if (plainKeySupportEnabled) {
++ sdebug.println("FIPS support enabled with plain key support");
++ } else {
++ sdebug.println("FIPS support enabled without plain key support");
++ }
++ }
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+@@ -176,6 +187,19 @@
+ return systemFipsEnabled;
+ }
+
++ /**
++ * Returns {@code true} if system FIPS alignment is enabled
++ * and plain key support is allowed. Plain key support is
++ * enabled by default but can be disabled with
++ * {@code -Dcom.redhat.fips.plainKeySupport=false}.
++ *
++ * @return a boolean indicating whether plain key support
++ * should be enabled.
++ */
++ static boolean isPlainKeySupportEnabled() {
++ return plainKeySupportEnabled;
++ }
++
+ /*
+ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
+ * system property is true (default) and the system is in FIPS mode.
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+--- openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
++++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+@@ -27,4 +27,5 @@
+
+ public interface JavaSecuritySystemConfiguratorAccess {
+ boolean isSystemFipsEnabled();
++ boolean isPlainKeySupportEnabled();
+ }
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java openjdk/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+@@ -0,0 +1,290 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package sun.security.pkcs11;
++
++import java.math.BigInteger;
++import java.security.KeyFactory;
++import java.security.Provider;
++import java.security.Security;
++import java.util.HashMap;
++import java.util.Map;
++import java.util.concurrent.locks.ReentrantLock;
++
++import javax.crypto.Cipher;
++import javax.crypto.spec.DHPrivateKeySpec;
++import javax.crypto.spec.IvParameterSpec;
++
++import sun.security.jca.JCAUtil;
++import sun.security.pkcs11.TemplateManager;
++import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
++import sun.security.pkcs11.wrapper.CK_MECHANISM;
++import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
++import sun.security.pkcs11.wrapper.PKCS11Exception;
++import sun.security.rsa.RSAUtil.KeyType;
++import sun.security.util.Debug;
++import sun.security.util.ECUtil;
++
++final class FIPSKeyImporter {
++
++ private static final Debug debug =
++ Debug.getInstance("sunpkcs11");
++
++ private static P11Key importerKey = null;
++ private static final ReentrantLock importerKeyLock = new ReentrantLock();
++ private static CK_MECHANISM importerKeyMechanism = null;
++ private static Cipher importerCipher = null;
++
++ private static Provider sunECProvider = null;
++ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
++
++ private static KeyFactory DHKF = null;
++ private static final ReentrantLock DHKFLock = new ReentrantLock();
++
++ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
++ throws PKCS11Exception {
++ long keyID = -1;
++ Token token = sunPKCS11.getToken();
++ if (debug != null) {
++ debug.println("Private or Secret key will be imported in" +
++ " system FIPS mode.");
++ }
++ if (importerKey == null) {
++ importerKeyLock.lock();
++ try {
++ if (importerKey == null) {
++ if (importerKeyMechanism == null) {
++ // Importer Key creation has not been tried yet. Try it.
++ createImporterKey(token);
++ }
++ if (importerKey == null || importerCipher == null) {
++ if (debug != null) {
++ debug.println("Importer Key could not be" +
++ " generated.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ if (debug != null) {
++ debug.println("Importer Key successfully" +
++ " generated.");
++ }
++ }
++ } finally {
++ importerKeyLock.unlock();
++ }
++ }
++ long importerKeyID = importerKey.getKeyID();
++ try {
++ byte[] keyBytes = null;
++ byte[] encKeyBytes = null;
++ long keyClass = 0L;
++ long keyType = 0L;
++ Map<Long, CK_ATTRIBUTE> attrsMap = new HashMap<>();
++ for (CK_ATTRIBUTE attr : attributes) {
++ if (attr.type == CKA_CLASS) {
++ keyClass = attr.getLong();
++ } else if (attr.type == CKA_KEY_TYPE) {
++ keyType = attr.getLong();
++ }
++ attrsMap.put(attr.type, attr);
++ }
++ BigInteger v = null;
++ if (keyClass == CKO_PRIVATE_KEY) {
++ if (keyType == CKK_RSA) {
++ if (debug != null) {
++ debug.println("Importing an RSA private key...");
++ }
++ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
++ KeyType.RSA,
++ null,
++ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ } else if (keyType == CKK_DSA) {
++ if (debug != null) {
++ debug.println("Importing a DSA private key...");
++ }
++ keyBytes = new sun.security.provider.DSAPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_EC) {
++ if (debug != null) {
++ debug.println("Importing an EC private key...");
++ }
++ if (sunECProvider == null) {
++ sunECProviderLock.lock();
++ try {
++ if (sunECProvider == null) {
++ sunECProvider = Security.getProvider("SunEC");
++ }
++ } finally {
++ sunECProviderLock.unlock();
++ }
++ }
++ keyBytes = P11ECUtil.generateECPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ECUtil.getECParameterSpec(sunECProvider,
++ attrsMap.get(CKA_EC_PARAMS).getByteArray()))
++ .getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_DH) {
++ if (debug != null) {
++ debug.println("Importing a Diffie-Hellman private key...");
++ }
++ if (DHKF == null) {
++ DHKFLock.lock();
++ try {
++ if (DHKF == null) {
++ DHKF = KeyFactory.getInstance(
++ "DH", P11Util.getSunJceProvider());
++ }
++ } finally {
++ DHKFLock.unlock();
++ }
++ }
++ DHPrivateKeySpec spec = new DHPrivateKeySpec
++ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO);
++ keyBytes = DHKF.generatePrivate(spec).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else {
++ if (debug != null) {
++ debug.println("Unrecognized private key type.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ } else if (keyClass == CKO_SECRET_KEY) {
++ if (debug != null) {
++ debug.println("Importing a secret key...");
++ }
++ keyBytes = attrsMap.get(CKA_VALUE).getByteArray();
++ }
++ if (keyBytes == null || keyBytes.length == 0) {
++ if (debug != null) {
++ debug.println("Private or secret key plain bytes could" +
++ " not be obtained. Import failed.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey,
++ new IvParameterSpec((byte[])importerKeyMechanism.pParameter),
++ null);
++ attributes = new CK_ATTRIBUTE[attrsMap.size()];
++ attrsMap.values().toArray(attributes);
++ encKeyBytes = importerCipher.doFinal(keyBytes);
++ attributes = token.getAttributes(TemplateManager.O_IMPORT,
++ keyClass, keyType, attributes);
++ keyID = token.p11.C_UnwrapKey(hSession,
++ importerKeyMechanism, importerKeyID, encKeyBytes, attributes);
++ if (debug != null) {
++ debug.println("Imported key ID: " + keyID);
++ }
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ } finally {
++ importerKey.releaseKeyID();
++ }
++ return Long.valueOf(keyID);
++ }
++
++ private static void createImporterKey(Token token) {
++ if (debug != null) {
++ debug.println("Generating Importer Key...");
++ }
++ byte[] iv = new byte[16];
++ JCAUtil.getSecureRandom().nextBytes(iv);
++ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv);
++ try {
++ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE,
++ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] {
++ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
++ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)});
++ Session s = null;
++ try {
++ s = token.getObjSession();
++ long keyID = token.p11.C_GenerateKey(
++ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN),
++ attributes);
++ if (debug != null) {
++ debug.println("Importer Key ID: " + keyID);
++ }
++ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES",
++ 256 >> 3, null);
++ } catch (PKCS11Exception e) {
++ // best effort
++ } finally {
++ token.releaseSession(s);
++ }
++ if (importerKey != null) {
++ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
++ }
++ } catch (Throwable t) {
++ // best effort
++ importerKey = null;
++ importerCipher = null;
++ // importerKeyMechanism value is kept initialized to indicate that
++ // Importer Key creation has been tried and failed.
++ }
++ }
++}
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -26,6 +26,9 @@
+ package sun.security.pkcs11;
+
+ import java.io.*;
++import java.lang.invoke.MethodHandle;
++import java.lang.invoke.MethodHandles;
++import java.lang.invoke.MethodType;
+ import java.util.*;
+
+ import java.security.*;
+@@ -63,6 +66,26 @@
+ private static final boolean systemFipsEnabled = SharedSecrets
+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
+
++ private static final boolean plainKeySupportEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
++
++ private static final MethodHandle fipsImportKey;
++ static {
++ MethodHandle fipsImportKeyTmp = null;
++ if (plainKeySupportEnabled) {
++ try {
++ fipsImportKeyTmp = MethodHandles.lookup().findStatic(
++ FIPSKeyImporter.class, "importKey",
++ MethodType.methodType(Long.class, SunPKCS11.class,
++ long.class, CK_ATTRIBUTE[].class));
++ } catch (Throwable t) {
++ throw new SecurityException("FIPS key importer initialization" +
++ " failed", t);
++ }
++ }
++ fipsImportKey = fipsImportKeyTmp;
++ }
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -314,10 +337,15 @@
+ // request multithreaded access first
+ initArgs.flags = CKF_OS_LOCKING_OK;
+ PKCS11 tmpPKCS11;
++ MethodHandle fipsKeyImporter = null;
++ if (plainKeySupportEnabled) {
++ fipsKeyImporter = MethodHandles.insertArguments(
++ fipsImportKey, 0, this);
++ }
+ try {
+ tmpPKCS11 = PKCS11.getInstance(
+ library, functionList, initArgs,
+- config.getOmitInitialize());
++ config.getOmitInitialize(), fipsKeyImporter);
+ } catch (PKCS11Exception e) {
+ if (debug != null) {
+ debug.println("Multi-threaded initialization failed: " + e);
+@@ -333,7 +361,7 @@
+ initArgs.flags = 0;
+ }
+ tmpPKCS11 = PKCS11.getInstance(library,
+- functionList, initArgs, config.getOmitInitialize());
++ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter);
+ }
+ p11 = tmpPKCS11;
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+@@ -49,6 +49,7 @@
+
+ import java.io.File;
+ import java.io.IOException;
++import java.lang.invoke.MethodHandle;
+ import java.util.*;
+
+ import java.security.AccessController;
+@@ -147,16 +148,28 @@
+
+ public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
+ String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
+- boolean omitInitialize) throws IOException, PKCS11Exception {
++ boolean omitInitialize, MethodHandle fipsKeyImporter)
++ throws IOException, PKCS11Exception {
+ // we may only call C_Initialize once per native .so/.dll
+ // so keep a cache using the (non-canonicalized!) path
+ PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
+ if (pkcs11 == null) {
++ boolean nssFipsMode = fipsKeyImporter != null;
+ if ((pInitArgs != null)
+ && ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
+- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
++ fipsKeyImporter);
++ } else {
++ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ }
+ } else {
+- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
++ functionList, fipsKeyImporter);
++ } else {
++ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ }
+ }
+ if (omitInitialize == false) {
+ try {
+@@ -1905,4 +1918,69 @@
+ super.C_GenerateRandom(hSession, randomData);
+ }
+ }
++
++// PKCS11 subclass that allows using plain private or secret keys in
++// FIPS-configured NSS Software Tokens. Only used when System FIPS
++// is enabled.
++static class FIPSPKCS11 extends PKCS11 {
++ private MethodHandle fipsKeyImporter;
++ FIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // Creating sensitive key objects from plain key material in a
++ // FIPS-configured NSS Software Token is not allowed. We apply
++ // a key-unwrapping scheme to achieve so.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
+ }
++
++// FIPSPKCS11 synchronized counterpart.
++static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 {
++ private MethodHandle fipsKeyImporter;
++ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // See FIPSPKCS11::C_CreateObject.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
++}
++
++private static class FIPSPKCS11Helper {
++ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) {
++ for (CK_ATTRIBUTE attr : pTemplate) {
++ if (attr.type == CKA_CLASS &&
++ (attr.getLong() == CKO_PRIVATE_KEY ||
++ attr.getLong() == CKO_SECRET_KEY)) {
++ return true;
++ }
++ }
++ return false;
++ }
++}
++}
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
++++ openjdk/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+@@ -33,8 +33,13 @@
+
+ import javax.net.ssl.*;
+
++import sun.misc.SharedSecrets;
++
+ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
+
++ private static final boolean plainKeySupportEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
++
+ X509ExtendedKeyManager keyManager;
+ boolean isInitialized;
+
+@@ -62,7 +67,8 @@
+ KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException {
+ if ((ks != null) && SunJSSE.isFIPS()) {
+- if (ks.getProvider() != SunJSSE.cryptoProvider) {
++ if (ks.getProvider() != SunJSSE.cryptoProvider &&
++ !plainKeySupportEnabled) {
+ throw new KeyStoreException("FIPS mode: KeyStore must be "
+ + "from provider " + SunJSSE.cryptoProvider.getName());
+ }
+@@ -91,8 +97,8 @@
+ keyManager = new X509KeyManagerImpl(
+ Collections.<Builder>emptyList());
+ } else {
+- if (SunJSSE.isFIPS() &&
+- (ks.getProvider() != SunJSSE.cryptoProvider)) {
++ if (SunJSSE.isFIPS() && (ks.getProvider() != SunJSSE.cryptoProvider)
++ && !plainKeySupportEnabled) {
+ throw new KeyStoreException(
+ "FIPS mode: KeyStore must be " +
+ "from provider " + SunJSSE.cryptoProvider.getName());
commit afeb38682d63bf513aca64685b0b6938a86918ef
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sat Oct 9 23:21:05 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b05 (EA)
Update release notes for 8u312-b05.
diff --git a/.gitignore b/.gitignore
index 402cdf4..f34cedd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -243,3 +243,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 832ad01..05c1b39 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,9 @@ Live versions of these release notes can be found at:
* Other changes
- JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
+ - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline
- JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
+ - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private
- JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
- JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
- JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
@@ -23,6 +25,8 @@ Live versions of these release notes can be found at:
- JDK-8079891: Store configure log in $BUILD/configure.log
- JDK-8080082: configure fails if you create an empty directory and then run configure from it
- JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
+ - JDK-8131062: aarch64: add support for GHASH acceleration
+ - JDK-8134869: AARCH64: GHASH intrinsic is not optimal
- JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
- JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
- JDK-8161016: Strange behavior of URLConnection with proxy
@@ -59,12 +63,15 @@ Live versions of these release notes can be found at:
- JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
- JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
+ - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
- JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
- JDK-8269882: stack-use-after-scope in NewObjectA
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
- JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- JDK-8271466: StackGap test fails on aarch64 due to "-m64"
+ - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
- JDK-8272214: [8u] Build failure after backport of JDK-8248901
+ - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
New in release OpenJDK 8u302 (2021-07-20):
===========================================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 149ca75..35a55bd 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b04
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b05
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2621,6 +2621,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Sep 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b05 (EA)
+- Update release notes for 8u312-b05.
+
* Mon Sep 27 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.2.ea
- Reduce disk footprint by removing build artifacts by default.
diff --git a/sources b/sources
index 36c8460..7c2359c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz) = 7553ff5b007150a3361be355e210ae8394926b61aeb1921c67e839710d8a57a639060725b589b7c62ef7b67936239452b438b68e08b38be4c74a3f636f7e9823
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz) = 41aa7cfe6946f9b88e8ae66716e8db204a401f5ded43037c54c071b7a895e08df389d6a7ae5961da00c309a6802c88197cd59ed8e5e52a466c997a680f7f425f
commit 92642a8a9641a89fdbf0dd620f25258bb1d32f03
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Oct 1 16:29:42 2021 +0100
Reduce disk footprint by removing build artifacts by default.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 22a6971..149ca75 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -22,6 +22,8 @@
%bcond_without slowdebug
# Enable release builds by default on relevant arches.
%bcond_without release
+# Remove build artifacts by default
+%bcond_with artifacts
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
@@ -309,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -343,6 +345,7 @@
%global jdkimage j2sdk-image
# output dir stub
%define buildoutputdir() %{expand:build/jdk8.build%{?1}}
+%define installoutputdir() %{expand:install/jdk8.install%{?1}}
# we can copy the javadoc to not arched dir, or make it not noarch
%define uniquejavadocdir() %{expand:%{fullversion}%{?1}}
# main id and dir of this jdk
@@ -1045,8 +1048,8 @@ exit 0
%define files_javadoc() %{expand:
%defattr(-,root,root,-)
%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}
-#javadoc is in jdk8 noarch, so also licnese file must be treated like it
-%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
+#javadoc is in jdk8 noarch, so also license file must be treated like it
+%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
%ghost %{_javadocdir}/java
@@ -1057,8 +1060,8 @@ exit 0
%define files_javadoc_zip() %{expand:
%defattr(-,root,root,-)
%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
-#javadoc is in jdk8 noarch, so also licnese file must be treated like it
-%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
+#javadoc is in jdk8 noarch, so also license file must be treated like it
+%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
%ghost %{_javadocdir}/java-zip
@@ -1938,9 +1941,10 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
function buildjdk() {
local outputdir=${1}
- local buildjdk=${2}
- local maketargets=${3}
- local debuglevel=${4}
+ local installdir=${2}
+ local buildjdk=${3}
+ local maketargets=${4}
+ local debuglevel=${5}
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
# Variable used in hs_err hook on build failures
@@ -1950,7 +1954,7 @@ function buildjdk() {
${buildjdk}/bin/java -version
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
- mkdir -p ${outputdir}
+ mkdir -p ${outputdir} ${installdir}
pushd ${outputdir}
bash ${top_srcdir_abs_path}/configure \
@@ -2011,6 +2015,23 @@ function buildjdk() {
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
popd >& /dev/null
+
+ echo "Installing build from ${outputdir} to ${installdir}..."
+ echo "Installing images..."
+ mv ${outputdir}/images ${installdir}
+ if [ -d ${outputdir}/bundles ] ; then
+ echo "Installing bundles...";
+ mv ${outputdir}/bundles ${installdir} ;
+ fi
+ if [ -d ${outputdir}/docs ] ; then
+ echo "Installing docs...";
+ mv ${outputdir}/docs ${installdir} ;
+ fi
+
+%if !%{with artifacts}
+ echo "Removing output directory...";
+ rm -rf ${outputdir}
+%endif
}
for suffix in %{build_loop} ; do
@@ -2024,6 +2045,8 @@ fi
systemjdk=/usr/lib/jvm/java-openjdk
builddir=%{buildoutputdir -- $suffix}
bootbuilddir=boot${builddir}
+installdir=%{installoutputdir -- $suffix}
+bootinstalldir=boot${installdir}
# Debug builds don't need same targets as release for
# build speed-up
@@ -2033,15 +2056,15 @@ if echo $debugbuild | grep -q "debug" ; then
fi
%if %{bootstrap_build}
-buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
-buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
-rm -rf ${bootbuilddir}
+buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+%{!?with_artifacts:rm -rf ${bootinstalldir}}
%else
-buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
+buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
%endif
# Install nss.cfg right away as we will be using the JRE above
-export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
+export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/jre/lib/security/
@@ -2067,7 +2090,7 @@ done
# We test debug first as it will give better diagnostics on a crash
for suffix in %{build_loop} ; do
-export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
+export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Check unlimited policy has been used
$JAVA_HOME/bin/javac -d . %{SOURCE13}
@@ -2182,7 +2205,7 @@ STRIP_KEEP_SYMTAB=libjvm*
for suffix in %{build_loop} ; do
# Install the jdk
-pushd %{buildoutputdir -- $suffix}/images/%{jdkimage}
+pushd %{installoutputdir -- $suffix}/images/%{jdkimage}
# Install jsa directories so we can owe them
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/
@@ -2249,9 +2272,9 @@ popd
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
- cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
+ cp -a %{installoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
- cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
+ cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
fi
# Install release notes
@@ -2598,6 +2621,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Sep 27 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.2.ea
+- Reduce disk footprint by removing build artifacts by default.
+
* Sun Sep 26 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b04 (EA)
- Update release notes for 8u312-b04.
commit 5e8cea34ec67303a43c0d0bd3a57e05a93705b0a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sun Sep 26 20:02:53 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b04 (EA)
Update release notes for 8u312-b04.
diff --git a/.gitignore b/.gitignore
index 5ddd4a9..402cdf4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -242,3 +242,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 9052cf4..832ad01 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ Live versions of these release notes can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
* Other changes
+ - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
- JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
- JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
@@ -24,8 +25,11 @@ Live versions of these release notes can be found at:
- JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
- JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
- JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
+ - JDK-8161016: Strange behavior of URLConnection with proxy
- JDK-8166673: The new implementation of Robot.waitForIdle() may hang
- JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
+ - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
+ - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
- JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
- JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
- JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
@@ -38,6 +42,7 @@ Live versions of these release notes can be found at:
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+ - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
@@ -45,12 +50,17 @@ Live versions of these release notes can be found at:
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- JDK-8263311: Watch registry changes for remote printers update instead of polling
+ - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
- JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
- JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
- JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- JDK-8265978: make test should look for more locations when searching for exit code
- JDK-8266206: Build failure after JDK-8264752 with older GCCs
+ - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
+ - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
+ - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
+ - JDK-8269882: stack-use-after-scope in NewObjectA
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
- JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- JDK-8271466: StackGap test fails on aarch64 due to "-m64"
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index dfda03b..22a6971 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b03
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b04
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2598,7 +2598,11 @@ cjc.mainProgram(args)
%endif
%changelog
-* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.2.ea
+* Sun Sep 26 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b04 (EA)
+- Update release notes for 8u312-b04.
+
+* Tue Sep 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.2.ea
- Add patch to login to the NSS software token when in FIPS mode.
* Mon Sep 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.1.ea
@@ -2727,7 +2731,7 @@ cjc.mainProgram(args)
- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and patch3 rh1648644-java_access_bridge_privileged_security.patch
- removal of accessibility{,-slowdebug,-fastdebug} subpackages
- no longer creating symlinks of %%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %%{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
-- no longer creating %%{_jvmdir}/%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
+- no longer creating %%{_jvmdir}/%%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
* Mon Mar 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b06-0.0.ea
diff --git a/sources b/sources
index fc6c611..36c8460 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz) = e6a9dd82d3c76920b03124f9cf261f68f520bea9368427b850adfb36385cd717cfe6a5f684b6f1653d4d79c9863e45e4b62907567446e8a5c68587a3a8bdef10
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz) = 7553ff5b007150a3361be355e210ae8394926b61aeb1921c67e839710d8a57a639060725b589b7c62ef7b67936239452b438b68e08b38be4c74a3f636f7e9823
commit aa2c8f31b92b74e2eca59bdcf1acb5b92792764b
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Sep 14 02:59:18 2021 +0100
Add patch to login to the NSS software token when in FIPS mode.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 3d857b9..dfda03b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1310,6 +1310,8 @@ Patch1005: rh1906862-always_initialise_configurator_access.patch
# RH1929465: Improve system FIPS detection
Patch1006: rh1929465-improve_system_FIPS_detection-root.patch
Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
+# RH1996182: Login to the NSS software token in FIPS mode
+Patch1008: rh1996182-login_to_nss_software_token.patch
#############################################
#
@@ -1838,6 +1840,7 @@ sh %{SOURCE12}
%patch1005
%patch1006
%patch1007
+%patch1008
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2595,6 +2598,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.2.ea
+- Add patch to login to the NSS software token when in FIPS mode.
+
* Mon Sep 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b03 (EA)
- Update release notes for 8u312-b03.
diff --git a/rh1996182-login_to_nss_software_token.patch b/rh1996182-login_to_nss_software_token.patch
new file mode 100644
index 0000000..341e092
--- /dev/null
+++ b/rh1996182-login_to_nss_software_token.patch
@@ -0,0 +1,55 @@
+# HG changeset patch
+# User mbalao
+# Date 1630103180 -3600
+# Fri Aug 27 23:26:20 2021 +0100
+# Node ID b3bd3119fab9bc5adfd7073377aca12bb1af80b3
+# Parent c90394a76ee02a689f95199559d5724824b4b25e
+RH1996182: Login to the NSS Software Token in FIPS Mode
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -42,6 +42,8 @@
+ import javax.security.auth.callback.PasswordCallback;
+ import javax.security.auth.callback.TextOutputCallback;
+
++import sun.misc.SharedSecrets;
++
+ import sun.security.util.Debug;
+ import sun.security.util.ResourcesMgr;
+
+@@ -58,6 +60,9 @@
+ */
+ public final class SunPKCS11 extends AuthProvider {
+
++ private static final boolean systemFipsEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -368,6 +373,24 @@
+ if (nssModule != null) {
+ nssModule.setProvider(this);
+ }
++ if (systemFipsEnabled) {
++ // The NSS Software Token in FIPS 140-2 mode requires a user
++ // login for most operations. See sftk_fipsCheck. The NSS DB
++ // (/etc/pki/nssdb) PIN is empty.
++ Session session = null;
++ try {
++ session = token.getOpSession();
++ p11.C_Login(session.id(), CKU_USER, new char[] {});
++ } catch (PKCS11Exception p11e) {
++ if (debug != null) {
++ debug.println("Error during token login: " +
++ p11e.getMessage());
++ }
++ throw p11e;
++ } finally {
++ token.releaseSession(session);
++ }
++ }
+ } catch (Exception e) {
+ if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
+ throw new UnsupportedOperationException
commit 0cb1fbdb0bdab3fca4fd43433c0d0c677ceab770
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Sep 13 12:28:45 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b03 (EA)
Update release notes for 8u312-b03.
diff --git a/.gitignore b/.gitignore
index 5d0524d..5ddd4a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -241,3 +241,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 3cf6136..9052cf4 100644
--- a/NEWS
+++ b/NEWS
@@ -34,21 +34,27 @@ Live versions of these release notes can be found at:
- JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
- JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
- JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
+ - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
+ - JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- JDK-8263311: Watch registry changes for remote printers update instead of polling
+ - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
- JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
- JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- JDK-8265978: make test should look for more locations when searching for exit code
+ - JDK-8266206: Build failure after JDK-8264752 with older GCCs
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
+ - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- JDK-8271466: StackGap test fails on aarch64 due to "-m64"
+ - JDK-8272214: [8u] Build failure after backport of JDK-8248901
New in release OpenJDK 8u302 (2021-07-20):
===========================================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c545df3..3d857b9 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b02
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b03
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2595,6 +2595,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Sep 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b03 (EA)
+- Update release notes for 8u312-b03.
+
* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b02 (EA)
- Update release notes for 8u312-b02.
diff --git a/sources b/sources
index c2c873f..fc6c611 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz) = fcff36d3c837de6770eb32ac1ff514278ec92feb6311aa0b8150d9da4b917494899993b498ffd3ac55c7ddbd22860105af0ffcb30b3c43ec702847650098c349
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz) = e6a9dd82d3c76920b03124f9cf261f68f520bea9368427b850adfb36385cd717cfe6a5f684b6f1653d4d79c9863e45e4b62907567446e8a5c68587a3a8bdef10
commit 12c54a64a11f9620ab5d31b3773f15156f442dba
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Sep 10 05:30:49 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b02 (EA)
Update release notes for 8u312-b02.
diff --git a/.gitignore b/.gitignore
index 4252ee4..5d0524d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -240,3 +240,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 947e72a..3cf6136 100644
--- a/NEWS
+++ b/NEWS
@@ -37,12 +37,14 @@ Live versions of these release notes can be found at:
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+ - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- JDK-8263311: Watch registry changes for remote printers update instead of polling
- JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
+ - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- JDK-8265978: make test should look for more locations when searching for exit code
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 294ed12..c545df3 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b01
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b02
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2595,6 +2595,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b02-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b02 (EA)
+- Update release notes for 8u312-b02.
+
* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.3.ea
- Port FIPS system detection support to OpenJDK 8u
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
diff --git a/sources b/sources
index 743cecf..c2c873f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz) = ddce8d47e12e4de078004d981d4c89538738a7cb201b7e7f820f51a39aac2c00040e3ba9c6ee92ec10d10e5607f420a4c3e4d059e05a8d9930e3f71e0917c84f
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz) = fcff36d3c837de6770eb32ac1ff514278ec92feb6311aa0b8150d9da4b917494899993b498ffd3ac55c7ddbd22860105af0ffcb30b3c43ec702847650098c349
commit d57e76505362030867d295ab1f4c36a2664de233
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sat Sep 4 02:14:31 2021 +0100
Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Port FIPS system detection support to OpenJDK 8u
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index a31c545..294ed12 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -352,7 +352,7 @@
# fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349
# https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14
# https://bugzilla.redhat.com/show_bug.cgi?id=1655938
-%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
+%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
%global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.*
%if %is_system_jdk
%global __provides_exclude ^(%{_privatelibs})$
@@ -805,6 +805,7 @@ exit 0
%endif
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so
+%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libunpack.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libverify.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libzip.so
@@ -1112,8 +1113,6 @@ Requires: copy-jdk-configs >= 4.0
OrderWithRequires: copy-jdk-configs
# for printing support
Requires: cups-libs
-# for FIPS PKCS11 provider
-Requires: nss
# Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
@@ -1308,6 +1307,9 @@ Patch1002: rh1760838-fips_default_keystore_type.patch
Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
Patch1005: rh1906862-always_initialise_configurator_access.patch
+# RH1929465: Improve system FIPS detection
+Patch1006: rh1929465-improve_system_FIPS_detection-root.patch
+Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
#############################################
#
@@ -1454,8 +1456,8 @@ BuildRequires: libXinerama-devel
BuildRequires: libXrender-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
-# Requirements for setting up the nss.cfg
-BuildRequires: nss-devel
+# Requirements for setting up the nss.cfg and FIPS support
+BuildRequires: nss-devel >= 3.53
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@@ -1834,6 +1836,8 @@ sh %{SOURCE12}
%patch1003
%patch1004
%patch1005
+%patch1006
+%patch1007
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -1965,6 +1969,7 @@ function buildjdk() {
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
+ --enable-sysconf-nss \
--enable-unlimited-crypto \
--with-zlib=system \
--with-libjpeg=system \
@@ -2590,7 +2595,15 @@ cjc.mainProgram(args)
%endif
%changelog
-* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.1.ea
+* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.3.ea
+- Port FIPS system detection support to OpenJDK 8u
+- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
+- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
+
+* Wed Sep 01 2021 Martin Balao <mbalao(a)redhat.com> - 1:1.8.0.312.b01-0.3.ea
+- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
+
+* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.2.ea
- Update to aarch64-shenandoah-jdk8u312-b01 (EA)
- Update release notes for 8u312-b01.
- Switch to EA mode.
diff --git a/rh1929465-improve_system_FIPS_detection-jdk.patch b/rh1929465-improve_system_FIPS_detection-jdk.patch
new file mode 100644
index 0000000..1461be8
--- /dev/null
+++ b/rh1929465-improve_system_FIPS_detection-jdk.patch
@@ -0,0 +1,344 @@
+diff --git openjdk.orig/jdk/make/lib/SecurityLibraries.gmk openjdk/jdk/make/lib/SecurityLibraries.gmk
+--- openjdk.orig/jdk/make/lib/SecurityLibraries.gmk
++++ openjdk/jdk/make/lib/SecurityLibraries.gmk
+@@ -289,3 +289,34 @@
+
+ endif
+ endif
++
++################################################################################
++# Create the systemconf library
++
++LIBSYSTEMCONF_CFLAGS :=
++LIBSYSTEMCONF_CXXFLAGS :=
++
++ifeq ($(USE_SYSCONF_NSS), true)
++ LIBSYSTEMCONF_CFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++ LIBSYSTEMCONF_CXXFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++endif
++
++ifeq ($(OPENJDK_BUILD_OS), linux)
++ $(eval $(call SetupNativeCompilation,BUILD_LIBSYSTEMCONF, \
++ LIBRARY := systemconf, \
++ OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
++ SRC := $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/java/security, \
++ LANG := C, \
++ OPTIMIZATION := LOW, \
++ CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \
++ CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \
++ MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsystemconf/mapfile-vers, \
++ LDFLAGS := $(LDFLAGS_JDKLIB) \
++ $(call SET_SHARED_LIBRARY_ORIGIN), \
++ LDFLAGS_SUFFIX := $(LIBDL) $(NSS_LIBS), \
++ OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libsystemconf, \
++ DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
++
++ BUILD_LIBRARIES += $(BUILD_LIBSYSTEMCONF)
++endif
++
+diff --git openjdk.orig/jdk/make/mapfiles/libsystemconf/mapfile-vers openjdk/jdk/make/mapfiles/libsystemconf/mapfile-vers
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/make/mapfiles/libsystemconf/mapfile-vers
+@@ -0,0 +1,35 @@
++#
++# Copyright (c) 2021, Red Hat, Inc.
++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++#
++# This code is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 2 only, as
++# published by the Free Software Foundation. Oracle designates this
++# particular file as subject to the "Classpath" exception as provided
++# by Oracle in the LICENSE file that accompanied this code.
++#
++# This code is distributed in the hope that it will be useful, but WITHOUT
++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# version 2 for more details (a copy is included in the LICENSE file that
++# accompanied this code).
++#
++# You should have received a copy of the GNU General Public License version
++# 2 along with this work; if not, write to the Free Software Foundation,
++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++# or visit www.oracle.com if you need additional information or have any
++# questions.
++#
++
++# Define public interface.
++
++SUNWprivate_1.1 {
++ global:
++ DEF_JNI_OnLoad;
++ DEF_JNI_OnUnLoad;
++ Java_java_security_SystemConfigurator_getSystemFIPSEnabled;
++ local:
++ *;
++};
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019, 2020, Red Hat, Inc.
++ * Copyright (c) 2019, 2021, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+@@ -30,14 +30,9 @@
+ import java.io.FileInputStream;
+ import java.io.IOException;
+
+-import java.nio.file.Files;
+-import java.nio.file.FileSystems;
+-import java.nio.file.Path;
+-
+ import java.util.Iterator;
+ import java.util.Map.Entry;
+ import java.util.Properties;
+-import java.util.regex.Pattern;
+
+ import sun.security.util.Debug;
+
+@@ -59,10 +54,21 @@
+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+- private static final String CRYPTO_POLICIES_CONFIG =
+- CRYPTO_POLICIES_BASE_DIR + "/config";
++ private static boolean systemFipsEnabled = false;
++
++ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
++
++ private static native boolean getSystemFIPSEnabled()
++ throws IOException;
+
+- private static boolean systemFipsEnabled = false;
++ static {
++ AccessController.doPrivileged(new PrivilegedAction<Void>() {
++ public Void run() {
++ System.loadLibrary(SYSTEMCONF_NATIVE_LIB);
++ return null;
++ }
++ });
++ }
+
+ /*
+ * Invoked when java.security.Security class is initialized, if
+@@ -171,17 +177,34 @@
+ }
+
+ /*
+- * FIPS is enabled only if crypto-policies are set to "FIPS"
+- * and the com.redhat.fips property is true.
++ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
++ * system property is true (default) and the system is in FIPS mode.
++ *
++ * There are 2 possible ways in which OpenJDK detects that the system
++ * is in FIPS mode: 1) if the NSS SECMOD_GetSystemFIPSEnabled API is
++ * available at OpenJDK's built-time, it is called; 2) otherwise, the
++ * /proc/sys/crypto/fips_enabled file is read.
+ */
+- private static boolean enableFips() throws Exception {
++ private static boolean enableFips() throws IOException {
+ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (shouldEnable) {
+- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+- return pattern.matcher(cryptoPoliciesConfig).find();
++ if (sdebug != null) {
++ sdebug.println("Calling getSystemFIPSEnabled (libsystemconf)...");
++ }
++ try {
++ shouldEnable = getSystemFIPSEnabled();
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) returned: "
++ + shouldEnable);
++ }
++ return shouldEnable;
++ } catch (IOException e) {
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) failed:");
++ sdebug.println(e.getMessage());
++ }
++ throw e;
++ }
+ } else {
+ return false;
+ }
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -0,0 +1,168 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++#include <dlfcn.h>
++#include <jni.h>
++#include <jni_util.h>
++#include <stdio.h>
++
++#ifdef SYSCONF_NSS
++#include <nss3/pk11pub.h>
++#endif //SYSCONF_NSS
++
++#include "java_security_SystemConfigurator.h"
++
++#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
++#define MSG_MAX_SIZE 96
++
++static jmethodID debugPrintlnMethodID = NULL;
++static jobject debugObj = NULL;
++
++static void throwIOException(JNIEnv *env, const char *msg);
++static void dbgPrint(JNIEnv *env, const char* msg);
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnLoad
++ */
++JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++ jclass sysConfCls, debugCls;
++ jfieldID sdebugFld;
++
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return JNI_EVERSION; /* JNI version not supported */
++ }
++
++ sysConfCls = (*env)->FindClass(env,"java/security/SystemConfigurator");
++ if (sysConfCls == NULL) {
++ printf("libsystemconf: SystemConfigurator class not found\n");
++ return JNI_ERR;
++ }
++ sdebugFld = (*env)->GetStaticFieldID(env, sysConfCls,
++ "sdebug", "Lsun/security/util/Debug;");
++ if (sdebugFld == NULL) {
++ printf("libsystemconf: SystemConfigurator::sdebug field not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->GetStaticObjectField(env, sysConfCls, sdebugFld);
++ if (debugObj != NULL) {
++ debugCls = (*env)->FindClass(env,"sun/security/util/Debug");
++ if (debugCls == NULL) {
++ printf("libsystemconf: Debug class not found\n");
++ return JNI_ERR;
++ }
++ debugPrintlnMethodID = (*env)->GetMethodID(env, debugCls,
++ "println", "(Ljava/lang/String;)V");
++ if (debugPrintlnMethodID == NULL) {
++ printf("libsystemconf: Debug::println(String) method not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->NewGlobalRef(env, debugObj);
++ }
++
++ return (*env)->GetVersion(env);
++}
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnUnload
++ */
++JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++
++ if (debugObj != NULL) {
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return; /* Should not happen */
++ }
++ (*env)->DeleteGlobalRef(env, debugObj);
++ }
++}
++
++JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled
++ (JNIEnv *env, jclass cls)
++{
++ int fips_enabled;
++ char msg[MSG_MAX_SIZE];
++ int msg_bytes;
++
++#ifdef SYSCONF_NSS
++
++ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
++ fips_enabled = SECMOD_GetSystemFIPSEnabled();
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " SECMOD_GetSystemFIPSEnabled return value");
++ }
++ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
++
++#else // SYSCONF_NSS
++
++ FILE *fe;
++
++ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
++ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
++ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ }
++ fips_enabled = fgetc(fe);
++ fclose(fe);
++ if (fips_enabled == EOF) {
++ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ }
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " read character is '%c'", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " read character");
++ }
++ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
++
++#endif // SYSCONF_NSS
++}
++
++static void throwIOException(JNIEnv *env, const char *msg)
++{
++ jclass cls = (*env)->FindClass(env, "java/io/IOException");
++ if (cls != 0)
++ (*env)->ThrowNew(env, cls, msg);
++}
++
++static void dbgPrint(JNIEnv *env, const char* msg)
++{
++ jstring jMsg;
++ if (debugObj != NULL) {
++ jMsg = (*env)->NewStringUTF(env, msg);
++ CHECK_NULL(jMsg);
++ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
++ }
++}
diff --git a/rh1929465-improve_system_FIPS_detection-root.patch b/rh1929465-improve_system_FIPS_detection-root.patch
new file mode 100644
index 0000000..64d8ac0
--- /dev/null
+++ b/rh1929465-improve_system_FIPS_detection-root.patch
@@ -0,0 +1,152 @@
+diff --git openjdk.orig/common/autoconf/configure.ac openjdk/common/autoconf/configure.ac
+--- openjdk.orig/common/autoconf/configure.ac
++++ openjdk/common/autoconf/configure.ac
+@@ -212,6 +212,7 @@
+ LIB_SETUP_ALSA
+ LIB_SETUP_FONTCONFIG
+ LIB_SETUP_MISC_LIBS
++LIB_SETUP_SYSCONF_LIBS
+ LIB_SETUP_STATIC_LINK_LIBSTDCPP
+ LIB_SETUP_ON_WINDOWS
+
+diff --git openjdk.orig/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4
+--- openjdk.orig/common/autoconf/libraries.m4
++++ openjdk/common/autoconf/libraries.m4
+@@ -1067,3 +1067,63 @@
+ BASIC_DEPRECATED_ARG_WITH([dxsdk-include])
+ fi
+ ])
++
++################################################################################
++# Setup system configuration libraries
++################################################################################
++AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS],
++[
++ ###############################################################################
++ #
++ # Check for the NSS library
++ #
++
++ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
++
++ # default is not available
++ DEFAULT_SYSCONF_NSS=no
++
++ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss],
++ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])],
++ [
++ case "${enableval}" in
++ yes)
++ sysconf_nss=yes
++ ;;
++ *)
++ sysconf_nss=no
++ ;;
++ esac
++ ],
++ [
++ sysconf_nss=${DEFAULT_SYSCONF_NSS}
++ ])
++ AC_MSG_RESULT([$sysconf_nss])
++
++ USE_SYSCONF_NSS=false
++ if test "x${sysconf_nss}" = "xyes"; then
++ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no])
++ if test "x${NSS_FOUND}" = "xyes"; then
++ AC_MSG_CHECKING([for system FIPS support in NSS])
++ saved_libs="${LIBS}"
++ saved_cflags="${CFLAGS}"
++ CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
++ LIBS="${LIBS} ${NSS_LIBS}"
++ AC_LANG_PUSH([C])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <nss3/pk11pub.h>]],
++ [[SECMOD_GetSystemFIPSEnabled()]])],
++ [AC_MSG_RESULT([yes])],
++ [AC_MSG_RESULT([no])
++ AC_MSG_ERROR([System NSS FIPS detection unavailable])])
++ AC_LANG_POP([C])
++ CFLAGS="${saved_cflags}"
++ LIBS="${saved_libs}"
++ USE_SYSCONF_NSS=true
++ else
++ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API
++ dnl in nss3/pk11pub.h.
++ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.])
++ fi
++ fi
++ AC_SUBST(USE_SYSCONF_NSS)
++])
+diff --git openjdk.orig/common/autoconf/spec.gmk.in openjdk/common/autoconf/spec.gmk.in
+--- openjdk.orig/common/autoconf/spec.gmk.in
++++ openjdk/common/autoconf/spec.gmk.in
+@@ -312,6 +312,10 @@
+ ALSA_LIBS:=@ALSA_LIBS@
+ ALSA_CFLAGS:=@ALSA_CFLAGS@
+
++USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
++NSS_LIBS:=@NSS_LIBS@
++NSS_CFLAGS:=@NSS_CFLAGS@
++
+ PACKAGE_PATH=@PACKAGE_PATH@
+
+ # Source file for cacerts
+diff --git openjdk.orig/common/bin/compare_exceptions.sh.incl openjdk/common/bin/compare_exceptions.sh.incl
+--- openjdk.orig/common/bin/compare_exceptions.sh.incl
++++ openjdk/common/bin/compare_exceptions.sh.incl
+@@ -280,6 +280,7 @@
+ ./jre/lib/i386/libsplashscreen.so
+ ./jre/lib/i386/libsunec.so
+ ./jre/lib/i386/libsunwjdga.so
++./jre/lib/i386/libsystemconf.so
+ ./jre/lib/i386/libt2k.so
+ ./jre/lib/i386/libunpack.so
+ ./jre/lib/i386/libverify.so
+@@ -433,6 +434,7 @@
+ ./jre/lib/amd64/libsplashscreen.so
+ ./jre/lib/amd64/libsunec.so
+ ./jre/lib/amd64/libsunwjdga.so
++//jre/lib/amd64/libsystemconf.so
+ ./jre/lib/amd64/libt2k.so
+ ./jre/lib/amd64/libunpack.so
+ ./jre/lib/amd64/libverify.so
+@@ -587,6 +589,7 @@
+ ./jre/lib/sparc/libsplashscreen.so
+ ./jre/lib/sparc/libsunec.so
+ ./jre/lib/sparc/libsunwjdga.so
++./jre/lib/sparc/libsystemconf.so
+ ./jre/lib/sparc/libt2k.so
+ ./jre/lib/sparc/libunpack.so
+ ./jre/lib/sparc/libverify.so
+@@ -741,6 +744,7 @@
+ ./jre/lib/sparcv9/libsplashscreen.so
+ ./jre/lib/sparcv9/libsunec.so
+ ./jre/lib/sparcv9/libsunwjdga.so
++./jre/lib/sparcv9/libsystemconf.so
+ ./jre/lib/sparcv9/libt2k.so
+ ./jre/lib/sparcv9/libunpack.so
+ ./jre/lib/sparcv9/libverify.so
+diff --git openjdk.orig/common/nb_native/nbproject/configurations.xml openjdk/common/nb_native/nbproject/configurations.xml
+--- openjdk.orig/common/nb_native/nbproject/configurations.xml
++++ openjdk/common/nb_native/nbproject/configurations.xml
+@@ -53,6 +53,9 @@
+ <in>jvmtiEnterTrace.cpp</in>
+ </df>
+ </df>
++ <df name="libsystemconf">
++ <in>systemconf.c</in>
++ </df>
+ </df>
+ </df>
+ <df name="jdk">
+@@ -12772,6 +12775,11 @@
+ tool="0"
+ flavor2="0">
+ </item>
++ <item path="../../jdk/src/solaris/native/java/security/systemconf.c"
++ ex="false"
++ tool="0"
++ flavor2="0">
++ </item>
+ <item path="../../jdk/src/share/native/java/util/TimeZone.c"
+ ex="false"
+ tool="0"
commit 8803d9fc833ed25000379a1da5383f2cf1c4435f
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Wed Sep 1 16:48:03 2021 +0200
alternatives creation moved to posttrans
Thus fixing the old reisntall issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1200302
https://bugzilla.redhat.com/show_bug.cgi?id=1976053
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 53718f7..68867b4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -63,7 +63,7 @@
# in alternatives those are slaves and master, very often triplicated by man pages
# in files all masters and slaves are ghosted
# the ghosts are here to allow installation via query like `dnf install /usr/bin/java`
-# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_
+# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ -e alternatives
# TODO - fix those hardcoded lists via single list
# Those files must *NOT* be ghosted for *slowdebug* packages
# FIXME - if you are moving jshell or jlink or similar, always modify all three sections
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -414,12 +414,7 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
exit 0
}
-
-%define post_headless() %{expand:
-%ifarch %{share_arches}
-%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
-%endif
-
+%define alternatives_java_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -469,8 +464,13 @@ for X in %{origin} %{javaver} ; do
alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
done
-update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+}
+%define post_headless() %{expand:
+%ifarch %{share_arches}
+%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
+%endif
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@@ -507,8 +507,8 @@ exit 0
%{update_desktop_icons}
}
-%define post_devel() %{expand:
+%define alternatives_javac_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -616,7 +616,9 @@ for X in %{origin} %{javaver} ; do
done
update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+}
+%define post_devel() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@@ -639,11 +641,11 @@ exit 0
}
%define posttrans_devel() %{expand:
+%{alternatives_javac_install -- %{?1}}
%{update_desktop_icons}
}
-%define post_javadoc() %{expand:
-
+%define alternatives_javadoc_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -660,8 +662,7 @@ exit 0
exit 0
}
-%define post_javadoc_zip() %{expand:
-
+%define alternatives_javadoczip_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -2419,6 +2420,9 @@ cjc.mainProgram(args)
%posttrans
%{posttrans_script %{nil}}
+%posttrans headless
+%{alternatives_java_install %{nil}}
+
%post devel
%{post_devel %{nil}}
@@ -2428,14 +2432,14 @@ cjc.mainProgram(args)
%posttrans devel
%{posttrans_devel %{nil}}
-%post javadoc
-%{post_javadoc %{nil}}
+%posttrans javadoc
+%{alternatives_javadoc_install %{nil}}
%postun javadoc
%{postun_javadoc %{nil}}
-%post javadoc-zip
-%{post_javadoc_zip %{nil}}
+%posttrans javadoc-zip
+%{alternatives_javadoczip_install %{nil}}
%postun javadoc-zip
%{postun_javadoc_zip %{nil}}
@@ -2448,6 +2452,9 @@ cjc.mainProgram(args)
%post headless-slowdebug
%{post_headless -- %{debug_suffix_unquoted}}
+%posttrans headless-slowdebug
+%{alternatives_java_install -- %{debug_suffix_unquoted}}
+
%postun slowdebug
%{postun_script -- %{debug_suffix_unquoted}}
@@ -2483,6 +2490,9 @@ cjc.mainProgram(args)
%posttrans fastdebug
%{posttrans_script -- %{fastdebug_suffix_unquoted}}
+%posttrans headless-fastdebug
+%{alternatives_java_install -- %{fastdebug_suffix_unquoted}}
+
%post devel-fastdebug
%{post_devel -- %{fastdebug_suffix_unquoted}}
@@ -2580,6 +2590,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Aug 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.302.b08-2
+- alternatives creation moved to posttrans
+- Thus fixing the old reisntall issue:
+- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
+- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
+
* Sun Aug 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-1
- Remove non-Free test and demo files from source tarball.
commit 661c37e98f47d3009ad494331f36cd2006dffe18
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sun Aug 8 05:21:18 2021 +0100
Remove non-Free test and demo files from source tarball.
diff --git a/.gitignore b/.gitignore
index a4aa037..67c9eb6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -238,3 +238,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index 94b75e7..e9eed11 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -19,12 +19,25 @@
# level folder, name is created, based on parameter
#
+SCRIPT_DIR=$(dirname $0)
+JCONSOLE_JS_PATCH_DEFAULT=${SCRIPT_DIR}/jconsole-plugin.patch
+
if [ ! "x$PR3822" = "x" ] ; then
if [ ! -f "$PR3822" ] ; then
- echo "You have specified PR3822 as $PR3822 but it does not exists. exiting"
+ echo "You have specified PR3822 as $PR3822 but it does not exist. Exiting"
exit 1
fi
fi
+
+if [ "x${JCONSOLE_JS_PATCH}" != "x" ] ; then
+ if [ ! -f "${JCONSOLE_JS_PATCH}" ] ; then
+ echo "You have specified the jconsole.js patch as ${JCONSOLE_JS_PATCH} but it does not exist. Exiting.";
+ exit 2;
+ fi
+else
+ JCONSOLE_JS_PATCH=${JCONSOLE_JS_PATCH_DEFAULT}
+fi
+
set -e
OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
@@ -42,6 +55,7 @@ if [ "x$1" = "xhelp" ] ; then
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)"
+ echo "JCONSOLE_JS_PATCH - the path to a patch to fix non-availiability of jconsole.js (optional; defaults to ${JCONSOLE_JS_PATCH_DEFAULT})"
echo "REPOS - specify the repositories to use (optional; defaults to ${REPOS_DEFAULT})"
exit 1;
fi
@@ -88,6 +102,22 @@ if [ "x$REPO_ROOT" = "x" ] ; then
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
+if [ "x$REPOS" = "x" ] ; then
+ REPOS=${REPOS_DEFAULT}
+ echo "No repositories specified; defaulting to ${REPOS}"
+fi;
+
+echo -e "Settings:"
+echo -e "\tVERSION: ${VERSION}"
+echo -e "\tPROJECT_NAME: ${PROJECT_NAME}"
+echo -e "\tREPO_NAME: ${REPO_NAME}"
+echo -e "\tOPENJDK_URL: ${OPENJDK_URL}"
+echo -e "\tCOMPRESSION: ${COMPRESSION}"
+echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
+echo -e "\tREPO_ROOT: ${REPO_ROOT}"
+echo -e "\tPR3822: ${PR3822}"
+echo -e "\tJCONSOLE_JS_PATCH: ${JCONSOLE_JS_PATCH}"
+echo -e "\tREPOS: ${REPOS}"
mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
@@ -96,22 +126,22 @@ echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT} openjdk -r ${VERSION}
pushd openjdk
-
-if [ "x$REPOS" = "x" ] ; then
- repos=${REPOS_DEFAULT}
- echo "No repositories specified; defaulting to ${repos}"
-else
- repos=$REPOS
- echo "Repositories: ${repos}"
-fi;
-
-for subrepo in $repos
+for subrepo in ${REPOS}
do
echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
done
-if [ -d jdk ]; then
+# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
+if [ -d langtools ] ; then
+ echo "Removing langtools test case with non-Free license"
+ rm -vf langtools/test/tools/javadoc/api/basic/TagletPathTest.java
+ rm -vf langtools/test/tools/javadoc/api/basic/taglets/UnderlineTaglet.java
+fi
+if [ -d jdk ]; then
+# jconsole.js has a BSD license with a field-of-use restriction, making it non-Free
+echo "Removing jconsole-plugin file with non-Free license"
+rm -vf jdk/src/share/demo/scripting/jconsole-plugin/src/resources/jconsole.js
echo "Removing EC source code we don't build"
rm -vf jdk/src/share/native/sun/security/ec/impl/ec2.h
rm -vf jdk/src/share/native/sun/security/ec/impl/ec2_163.c
@@ -123,7 +153,6 @@ rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_192.c
rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_224.c
echo "Syncing EC list with NSS"
-
if [ "x$PR3822" = "x" ] ; then
# get pr3822.patch (from http://icedtea.classpath.org/hg/icedtea8) from most correct tag
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3822)
@@ -135,6 +164,10 @@ else
patch -Np1 < $PR3822
fi;
fi
+
+echo "Patching out use of jconsole.js"
+patch -Np1 < ${JCONSOLE_JS_PATCH}
+
find . -name '*.orig' -exec rm -vf '{}' ';'
popd
@@ -144,7 +177,7 @@ if [ "X$COMPRESSION" = "Xxz" ] ; then
else
SWITCH=czf
fi
-TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
+TARBALL_NAME=${FILE_NAME_ROOT}-4curve-clean.tar.${COMPRESSION}
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} openjdk
mv ${TARBALL_NAME} ..
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b5067ff..53718f7 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1202,7 +1202,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -1237,7 +1237,7 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
-Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
+Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve-clean.tar.xz
# Custom README for -src subpackage
Source2: README.md
@@ -2580,6 +2580,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sun Aug 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-1
+- Remove non-Free test and demo files from source tarball.
+
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.302.b08-0.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
diff --git a/jconsole-plugin.patch b/jconsole-plugin.patch
new file mode 100644
index 0000000..b015a78
--- /dev/null
+++ b/jconsole-plugin.patch
@@ -0,0 +1,31 @@
+diff --git openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/README.txt openjdk/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
+--- openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
++++ openjdk/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
+@@ -18,11 +18,9 @@
+ engine javax.script.ScriptEngine
+ plugin com.sun.tools.jconsole.JConsolePlugin
+
+-If you use JavaScript, there are many useful global functions defined in
+-./src/resources/jconsole.js. This is built into the script plugin jar file.
+-In addition, you can add other global functions and global variables by
+-defining those in ~/jconsole.js (or jconsole.<ext> where <ext> is the file
+-extension for your scripting language of choice under your home directory).
++You can add global functions and global variables by defining those in
++~/jconsole.js (or jconsole.<ext> where <ext> is the file extension for
++your scripting language of choice under your home directory).
+
+ How do I compile script console plugin?
+
+diff --git openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/build.xml openjdk/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
+--- openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
++++ openjdk/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
+@@ -73,9 +73,6 @@
+ <copy todir="${classes.dir}/META-INF/services">
+ <fileset dir="${src.dir}/META-INF/services"/>
+ </copy>
+- <copy todir="${resources.dir}">
+- <fileset dir="${src.dir}/resources"/>
+- </copy>
+ </target>
+
+ <target name="all" depends="compile" description="buile deployment bundle">
diff --git a/sources b/sources
index 0357887..3236329 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz) = 938b3308357c5be40fd474e861f5a612e758520988588b633791ada742fdaef522ecc05f4b2a0c40799a01e1b5d33960c1b76deb2089e36b6d92b0788a74bf74
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz) = 04ecdcde841038c0042b44fb3c5303a08616864566fb918ab261fc381fae8804a21f875b1645538e864a1c6db5985f16dfc13b91eb1caeeab54d6d07828c7657
commit 37a363e30cf6934369ea54430e41bd92cd21d940
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Sep 1 23:23:51 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b01 (EA)
Update release notes for 8u312-b01.
Switch to EA mode.
Remove "-clean" suffix as no 8u312 builds are unclean.
diff --git a/.gitignore b/.gitignore
index 67c9eb6..4252ee4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -239,3 +239,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 1cb973a..947e72a 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,51 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u312 (2021-10-19):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u312
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
+
+* Other changes
+ - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
+ - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
+ - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
+ - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
+ - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
+ - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed
+ - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently
+ - JDK-8065215: Print warning summary at end of configure
+ - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object
+ - JDK-8079891: Store configure log in $BUILD/configure.log
+ - JDK-8080082: configure fails if you create an empty directory and then run configure from it
+ - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
+ - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
+ - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
+ - JDK-8166673: The new implementation of Robot.waitForIdle() may hang
+ - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
+ - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
+ - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
+ - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
+ - JDK-8214418: half-closed SSLEngine status may cause application dead loop
+ - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
+ - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
+ - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
+ - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
+ - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
+ - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
+ - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+ - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
+ - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
+ - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
+ - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
+ - JDK-8263311: Watch registry changes for remote printers update instead of polling
+ - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
+ - JDK-8265978: make test should look for more locations when searching for exit code
+ - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
+ - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
+ - JDK-8271466: StackGap test fails on aarch64 due to "-m64"
+
New in release OpenJDK 8u302 (2021-07-20):
===========================================
Live versions of these release notes can be found at:
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index e9eed11..c6f0756 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -177,7 +177,7 @@ if [ "X$COMPRESSION" = "Xxz" ] ; then
else
SWITCH=czf
fi
-TARBALL_NAME=${FILE_NAME_ROOT}-4curve-clean.tar.${COMPRESSION}
+TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} openjdk
mv ${TARBALL_NAME} ..
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 68867b4..a31c545 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b08
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -314,7 +314,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -1238,7 +1238,7 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
-Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve-clean.tar.xz
+Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
# Custom README for -src subpackage
Source2: README.md
@@ -2590,6 +2590,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b01 (EA)
+- Update release notes for 8u312-b01.
+- Switch to EA mode.
+- Remove "-clean" suffix as no 8u312 builds are unclean.
+
* Mon Aug 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.302.b08-2
- alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
diff --git a/sources b/sources
index 3236329..743cecf 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz) = 04ecdcde841038c0042b44fb3c5303a08616864566fb918ab261fc381fae8804a21f875b1645538e864a1c6db5985f16dfc13b91eb1caeeab54d6d07828c7657
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz) = ddce8d47e12e4de078004d981d4c89538738a7cb201b7e7f820f51a39aac2c00040e3ba9c6ee92ec10d10e5607f420a4c3e4d059e05a8d9930e3f71e0917c84f
commit ae9982ef76614e5357e5d4409d330f9e738b3277
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Wed Sep 1 16:48:03 2021 +0200
alternatives creation moved to posttrans
Thus fixing the old reisntall issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1200302
https://bugzilla.redhat.com/show_bug.cgi?id=1976053
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 53718f7..68867b4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -63,7 +63,7 @@
# in alternatives those are slaves and master, very often triplicated by man pages
# in files all masters and slaves are ghosted
# the ghosts are here to allow installation via query like `dnf install /usr/bin/java`
-# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_
+# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ -e alternatives
# TODO - fix those hardcoded lists via single list
# Those files must *NOT* be ghosted for *slowdebug* packages
# FIXME - if you are moving jshell or jlink or similar, always modify all three sections
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -414,12 +414,7 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
exit 0
}
-
-%define post_headless() %{expand:
-%ifarch %{share_arches}
-%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
-%endif
-
+%define alternatives_java_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -469,8 +464,13 @@ for X in %{origin} %{javaver} ; do
alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
done
-update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+}
+%define post_headless() %{expand:
+%ifarch %{share_arches}
+%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
+%endif
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@@ -507,8 +507,8 @@ exit 0
%{update_desktop_icons}
}
-%define post_devel() %{expand:
+%define alternatives_javac_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -616,7 +616,9 @@ for X in %{origin} %{javaver} ; do
done
update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+}
+%define post_devel() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@@ -639,11 +641,11 @@ exit 0
}
%define posttrans_devel() %{expand:
+%{alternatives_javac_install -- %{?1}}
%{update_desktop_icons}
}
-%define post_javadoc() %{expand:
-
+%define alternatives_javadoc_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -660,8 +662,7 @@ exit 0
exit 0
}
-%define post_javadoc_zip() %{expand:
-
+%define alternatives_javadoczip_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -2419,6 +2420,9 @@ cjc.mainProgram(args)
%posttrans
%{posttrans_script %{nil}}
+%posttrans headless
+%{alternatives_java_install %{nil}}
+
%post devel
%{post_devel %{nil}}
@@ -2428,14 +2432,14 @@ cjc.mainProgram(args)
%posttrans devel
%{posttrans_devel %{nil}}
-%post javadoc
-%{post_javadoc %{nil}}
+%posttrans javadoc
+%{alternatives_javadoc_install %{nil}}
%postun javadoc
%{postun_javadoc %{nil}}
-%post javadoc-zip
-%{post_javadoc_zip %{nil}}
+%posttrans javadoc-zip
+%{alternatives_javadoczip_install %{nil}}
%postun javadoc-zip
%{postun_javadoc_zip %{nil}}
@@ -2448,6 +2452,9 @@ cjc.mainProgram(args)
%post headless-slowdebug
%{post_headless -- %{debug_suffix_unquoted}}
+%posttrans headless-slowdebug
+%{alternatives_java_install -- %{debug_suffix_unquoted}}
+
%postun slowdebug
%{postun_script -- %{debug_suffix_unquoted}}
@@ -2483,6 +2490,9 @@ cjc.mainProgram(args)
%posttrans fastdebug
%{posttrans_script -- %{fastdebug_suffix_unquoted}}
+%posttrans headless-fastdebug
+%{alternatives_java_install -- %{fastdebug_suffix_unquoted}}
+
%post devel-fastdebug
%{post_devel -- %{fastdebug_suffix_unquoted}}
@@ -2580,6 +2590,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Aug 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.302.b08-2
+- alternatives creation moved to posttrans
+- Thus fixing the old reisntall issue:
+- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
+- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
+
* Sun Aug 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-1
- Remove non-Free test and demo files from source tarball.
commit 1b05b0ca2a1c58fa9eeee68440d19506bb238846
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sun Aug 8 05:21:18 2021 +0100
Remove non-Free test and demo files from source tarball.
diff --git a/.gitignore b/.gitignore
index a4aa037..67c9eb6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -238,3 +238,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index 94b75e7..e9eed11 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -19,12 +19,25 @@
# level folder, name is created, based on parameter
#
+SCRIPT_DIR=$(dirname $0)
+JCONSOLE_JS_PATCH_DEFAULT=${SCRIPT_DIR}/jconsole-plugin.patch
+
if [ ! "x$PR3822" = "x" ] ; then
if [ ! -f "$PR3822" ] ; then
- echo "You have specified PR3822 as $PR3822 but it does not exists. exiting"
+ echo "You have specified PR3822 as $PR3822 but it does not exist. Exiting"
exit 1
fi
fi
+
+if [ "x${JCONSOLE_JS_PATCH}" != "x" ] ; then
+ if [ ! -f "${JCONSOLE_JS_PATCH}" ] ; then
+ echo "You have specified the jconsole.js patch as ${JCONSOLE_JS_PATCH} but it does not exist. Exiting.";
+ exit 2;
+ fi
+else
+ JCONSOLE_JS_PATCH=${JCONSOLE_JS_PATCH_DEFAULT}
+fi
+
set -e
OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
@@ -42,6 +55,7 @@ if [ "x$1" = "xhelp" ] ; then
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)"
+ echo "JCONSOLE_JS_PATCH - the path to a patch to fix non-availiability of jconsole.js (optional; defaults to ${JCONSOLE_JS_PATCH_DEFAULT})"
echo "REPOS - specify the repositories to use (optional; defaults to ${REPOS_DEFAULT})"
exit 1;
fi
@@ -88,6 +102,22 @@ if [ "x$REPO_ROOT" = "x" ] ; then
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
+if [ "x$REPOS" = "x" ] ; then
+ REPOS=${REPOS_DEFAULT}
+ echo "No repositories specified; defaulting to ${REPOS}"
+fi;
+
+echo -e "Settings:"
+echo -e "\tVERSION: ${VERSION}"
+echo -e "\tPROJECT_NAME: ${PROJECT_NAME}"
+echo -e "\tREPO_NAME: ${REPO_NAME}"
+echo -e "\tOPENJDK_URL: ${OPENJDK_URL}"
+echo -e "\tCOMPRESSION: ${COMPRESSION}"
+echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
+echo -e "\tREPO_ROOT: ${REPO_ROOT}"
+echo -e "\tPR3822: ${PR3822}"
+echo -e "\tJCONSOLE_JS_PATCH: ${JCONSOLE_JS_PATCH}"
+echo -e "\tREPOS: ${REPOS}"
mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
@@ -96,22 +126,22 @@ echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT} openjdk -r ${VERSION}
pushd openjdk
-
-if [ "x$REPOS" = "x" ] ; then
- repos=${REPOS_DEFAULT}
- echo "No repositories specified; defaulting to ${repos}"
-else
- repos=$REPOS
- echo "Repositories: ${repos}"
-fi;
-
-for subrepo in $repos
+for subrepo in ${REPOS}
do
echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
done
-if [ -d jdk ]; then
+# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
+if [ -d langtools ] ; then
+ echo "Removing langtools test case with non-Free license"
+ rm -vf langtools/test/tools/javadoc/api/basic/TagletPathTest.java
+ rm -vf langtools/test/tools/javadoc/api/basic/taglets/UnderlineTaglet.java
+fi
+if [ -d jdk ]; then
+# jconsole.js has a BSD license with a field-of-use restriction, making it non-Free
+echo "Removing jconsole-plugin file with non-Free license"
+rm -vf jdk/src/share/demo/scripting/jconsole-plugin/src/resources/jconsole.js
echo "Removing EC source code we don't build"
rm -vf jdk/src/share/native/sun/security/ec/impl/ec2.h
rm -vf jdk/src/share/native/sun/security/ec/impl/ec2_163.c
@@ -123,7 +153,6 @@ rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_192.c
rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_224.c
echo "Syncing EC list with NSS"
-
if [ "x$PR3822" = "x" ] ; then
# get pr3822.patch (from http://icedtea.classpath.org/hg/icedtea8) from most correct tag
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3822)
@@ -135,6 +164,10 @@ else
patch -Np1 < $PR3822
fi;
fi
+
+echo "Patching out use of jconsole.js"
+patch -Np1 < ${JCONSOLE_JS_PATCH}
+
find . -name '*.orig' -exec rm -vf '{}' ';'
popd
@@ -144,7 +177,7 @@ if [ "X$COMPRESSION" = "Xxz" ] ; then
else
SWITCH=czf
fi
-TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
+TARBALL_NAME=${FILE_NAME_ROOT}-4curve-clean.tar.${COMPRESSION}
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} openjdk
mv ${TARBALL_NAME} ..
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b5067ff..53718f7 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1202,7 +1202,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -1237,7 +1237,7 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
-Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
+Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve-clean.tar.xz
# Custom README for -src subpackage
Source2: README.md
@@ -2580,6 +2580,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sun Aug 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-1
+- Remove non-Free test and demo files from source tarball.
+
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.302.b08-0.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
diff --git a/jconsole-plugin.patch b/jconsole-plugin.patch
new file mode 100644
index 0000000..b015a78
--- /dev/null
+++ b/jconsole-plugin.patch
@@ -0,0 +1,31 @@
+diff --git openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/README.txt openjdk/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
+--- openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
++++ openjdk/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
+@@ -18,11 +18,9 @@
+ engine javax.script.ScriptEngine
+ plugin com.sun.tools.jconsole.JConsolePlugin
+
+-If you use JavaScript, there are many useful global functions defined in
+-./src/resources/jconsole.js. This is built into the script plugin jar file.
+-In addition, you can add other global functions and global variables by
+-defining those in ~/jconsole.js (or jconsole.<ext> where <ext> is the file
+-extension for your scripting language of choice under your home directory).
++You can add global functions and global variables by defining those in
++~/jconsole.js (or jconsole.<ext> where <ext> is the file extension for
++your scripting language of choice under your home directory).
+
+ How do I compile script console plugin?
+
+diff --git openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/build.xml openjdk/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
+--- openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
++++ openjdk/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
+@@ -73,9 +73,6 @@
+ <copy todir="${classes.dir}/META-INF/services">
+ <fileset dir="${src.dir}/META-INF/services"/>
+ </copy>
+- <copy todir="${resources.dir}">
+- <fileset dir="${src.dir}/resources"/>
+- </copy>
+ </target>
+
+ <target name="all" depends="compile" description="buile deployment bundle">
diff --git a/sources b/sources
index 0357887..3236329 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz) = 938b3308357c5be40fd474e861f5a612e758520988588b633791ada742fdaef522ecc05f4b2a0c40799a01e1b5d33960c1b76deb2089e36b6d92b0788a74bf74
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz) = 04ecdcde841038c0042b44fb3c5303a08616864566fb918ab261fc381fae8804a21f875b1645538e864a1c6db5985f16dfc13b91eb1caeeab54d6d07828c7657
commit dc1cbfccd17474ddb687e2c0166e3d607048c2d0
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Thu Jul 22 08:56:33 2021 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 6b3d66a..b5067ff 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -1202,7 +1202,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -2580,6 +2580,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.302.b08-0.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
* Fri Jul 16 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-0
- Update to aarch64-shenandoah-jdk8u302-b08 (EA)
- Update release notes for 8u302-b08.
commit 3c6c1a2a272320b06c338486ede63b378a403ef4
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Jul 21 01:28:21 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b08 (EA)
Update release notes for 8u302-b08.
Switch to GA mode for final release.
diff --git a/.gitignore b/.gitignore
index d479a9c..a4aa037 100644
--- a/.gitignore
+++ b/.gitignore
@@ -237,3 +237,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b05-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 0c08ae6..1cb973a 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,20 @@ Live versions of these release notes can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
* Security fixes
+ - JDK-8256157: Improve bytecode assembly
+ - JDK-8256491: Better HTTP transport
+ - JDK-8258432, CVE-2021-2341: Improve file transfers
+ - JDK-8260453: Improve Font Bounding
+ - JDK-8260960: Signs of jarsigner signing
+ - JDK-8260967, CVE-2021-2369: Better jar file validation
+ - JDK-8262380: Enhance XML processing passes
+ - JDK-8262403: Enhanced data transfer
+ - JDK-8262410: Enhanced rules for zones
+ - JDK-8262477: Enhance String Conclusions
+ - JDK-8262967: Improve Zip file support
+ - JDK-8264066, CVE-2021-2388: Enhance compiler validation
+ - JDK-8264079: Improve abstractions
+ - JDK-8264460: Improve NTLM support
* Other changes
- JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
- JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
@@ -144,6 +158,7 @@ Live versions of these release notes can be found at:
- JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
- JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow
- JDK-8269468: JDK-8269388 breaks the build on older GCCs
+ - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
* Shenandoah
- [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 4e3f4ae..6b3d66a 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b07
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b08
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -314,7 +314,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2580,6 +2580,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Jul 16 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-0
+- Update to aarch64-shenandoah-jdk8u302-b08 (EA)
+- Update release notes for 8u302-b08.
+- Switch to GA mode for final release.
+
* Thu Jul 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b07-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b07 (EA)
- Update release notes for 8u302-b07.
diff --git a/sources b/sources
index 0760ba5..0357887 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz) = a228681a8b5fa437b9b0e2da5ce4ef1fa27b7cfcc639a375f499339479e10f68e422b69eda4a7db661769c8ef1290586c200c2d0197ec72cb56d99b4765f2c08
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz) = 938b3308357c5be40fd474e861f5a612e758520988588b633791ada742fdaef522ecc05f4b2a0c40799a01e1b5d33960c1b76deb2089e36b6d92b0788a74bf74
commit bc8a2c217a304e6ac5cdf6fb1eec21b72dad4f78
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Jul 8 02:37:19 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b07 (EA)
Update release notes for 8u302-b07.
diff --git a/.gitignore b/.gitignore
index cce8a4d..d479a9c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -236,3 +236,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b04-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b05-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 541c395..0c08ae6 100644
--- a/NEWS
+++ b/NEWS
@@ -142,6 +142,8 @@ Live versions of these release notes can be found at:
- JDK-8267545: [8u] Enable Xcode 12 builds on macOS
- JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
- JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
+ - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow
+ - JDK-8269468: JDK-8269388 breaks the build on older GCCs
* Shenandoah
- [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
@@ -173,7 +175,7 @@ Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
Alias Name: verisignclass3ca [jdk]
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
-Alias Name: verisignclass3g2caÂ[jdk]
+Alias Name: verisignclass3g2ca [jdk]
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Alias Name: verisigntsaca [jdk]
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 93ed221..4e3f4ae 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b06
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b07
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2580,6 +2580,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Jul 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b07-0.0.ea
+- Update to aarch64-shenandoah-jdk8u302-b07 (EA)
+- Update release notes for 8u302-b07.
+
* Tue Jul 06 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b06-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b06 (EA)
- Update release notes for 8u302-b06.
diff --git a/sources b/sources
index 84c12ad..0760ba5 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz) = d6dfc358151a11c1ce81aabae82aba2b57f020be21100eb4b29fc4cc16bd13865450a36642cef8755fddbfde5a355c9001fbb6338ccab370b2ab9f38125ecdc8
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz) = a228681a8b5fa437b9b0e2da5ce4ef1fa27b7cfcc639a375f499339479e10f68e422b69eda4a7db661769c8ef1290586c200c2d0197ec72cb56d99b4765f2c08
commit 35d7fdc77fc07278dc058a3977e50eb5ce318246
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Jul 6 17:31:13 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b06 (EA)
Update release notes for 8u302-b06.
diff --git a/.gitignore b/.gitignore
index c99d462..cce8a4d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -235,3 +235,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b04-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b05-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 734417e..541c395 100644
--- a/NEWS
+++ b/NEWS
@@ -139,7 +139,9 @@ Live versions of these release notes can be found at:
- JDK-8266929: Unable to use algorithms from 3p providers
- JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
- JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM
+ - JDK-8267545: [8u] Enable Xcode 12 builds on macOS
- JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
+ - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
* Shenandoah
- [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
@@ -204,6 +206,10 @@ U+000007F that were previously encoded using UTF-8 may need to either
be modified to perform the UTF-8 conversion, or set the Java security
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
+See the updated guide at
+https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
+for more information.
+
JDK-8244460: Support for certificate_authorities Extension
==========================================================
The "certificate_authorities" extension is an optional extension
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 93ed25b..93ed221 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b05
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 0
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2580,6 +2580,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Jul 06 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b06-0.0.ea
+- Update to aarch64-shenandoah-jdk8u302-b06 (EA)
+- Update release notes for 8u302-b06.
+
* Mon Jul 05 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b05-0.1.ea
- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
diff --git a/sources b/sources
index 33af4d9..84c12ad 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b05-4curve.tar.xz) = 4034420e63d98b2268ee6c762a2c79528271d42e7c423a1fd27147e5e8479b2af94345bccae6a09789397627ff5c34ae77e010a30ae042c62df3d7e79a24fe8c
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz) = d6dfc358151a11c1ce81aabae82aba2b57f020be21100eb4b29fc4cc16bd13865450a36642cef8755fddbfde5a355c9001fbb6338ccab370b2ab9f38125ecdc8
commit 6d4aec5be31a2ee84462910806f8a3daffa8e188
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Jul 5 23:09:44 2021 +0100
Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index d14175c..93ed25b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -138,10 +138,8 @@
%global bootstrap_build 1
# If you disable both builds, then the build fails
-# Note that the debug build requires the normal build for docs
-%global build_loop %{normal_build} %{fastdebug_build} %{slowdebug_build}
-# Test slowdebug first as it provides the best diagnostics
-%global rev_build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
+# Build and test slowdebug first as it provides the best diagnostics
+%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
%global bootstrap_targets images
%global release_targets images docs-zip
@@ -311,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2058,7 +2056,7 @@ done
%check
# We test debug first as it will give better diagnostics on a crash
-for suffix in %{rev_build_loop} ; do
+for suffix in %{build_loop} ; do
export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
@@ -2582,6 +2580,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Jul 05 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b05-0.1.ea
+- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
+
* Fri Jul 02 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b05-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b05 (EA)
- Update release notes for 8u302-b05.
commit 148101f0bc5a9edf7b8a05cc5c855ceabc643c13
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Jul 2 17:28:26 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b05 (EA)
Update release notes for 8u302-b05.
diff --git a/.gitignore b/.gitignore
index f3bf720..c99d462 100644
--- a/.gitignore
+++ b/.gitignore
@@ -234,3 +234,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b04-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b05-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 5bcec36..734417e 100644
--- a/NEWS
+++ b/NEWS
@@ -12,25 +12,37 @@ Live versions of these release notes can be found at:
* Security fixes
* Other changes
- JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
+ - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
- JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
+ - JDK-7106851: Test should not use System.exit
- JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
+ - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
- JDK-8030123: java/beans/Introspector/Test8027648.java fails
- JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
- JDK-8033289: clang: clean up unused function warning
- JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
- JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
+ - JDK-8035000: clean up ActivationLibrary.DestroyThread
- JDK-8035054: JarFacade.c should not include ctype.h
+ - JDK-8035287: gcc warnings compiling various libraries files
- JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
+ - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries
- JDK-8042891: Format issues embedded in macros for two g1 source files
- JDK-8043264: hsdis library not picked up correctly on expected paths
+ - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang
+ - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh
- JDK-8055754: filemap.cpp does not compile with clang
- JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
- JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
- JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
- JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
- JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
+ - JDK-8074835: Resolve disabled warnings for libj2gss
+ - JDK-8074836: Resolve disabled warnings for libosxkrb5
- JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
- JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
+ - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
+ - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
- JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
- JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
- JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
@@ -44,6 +56,7 @@ Live versions of these release notes can be found at:
- JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
- JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
- JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
+ - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file
- JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
- JDK-8178403: DirectAudio in JavaSound may hang and leak
- JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
@@ -51,8 +64,10 @@ Live versions of these release notes can be found at:
- JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
- JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
- JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
+ - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
- JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
- JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
+ - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
- JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
- JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
- JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max
@@ -69,14 +84,19 @@ Live versions of these release notes can be found at:
- JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
- JDK-8231949: [PPC64, s390]: Make async profiling more reliable
- JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
+ - JDK-8239053: [8u] clean up undefined-var-template warnings
+ - JDK-8239400: [8u] clean up undefined-var-template warnings
- JDK-8241649: Optimize Character.toString
- JDK-8241829: Cleanup the code for PrinterJob on windows
- JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
- JDK-8243559: Remove root certificates with 1024-bit keys
- JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
+ - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
- JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
+ - JDK-8250876: Fix issues with cross-compile on macos
- JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
- JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
+ - JDK-8254631: Better support ALPN byte wire values in SunJSSE
- JDK-8255086: Update the root locale display names
- JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
- JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
@@ -110,10 +130,16 @@ Live versions of these release notes can be found at:
- JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
- JDK-8264640: CMS ParScanClosure misses a barrier
- JDK-8264816: Weak handles leak causes GC to take longer
+ - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
- JDK-8265666: Enable AIX build platform to make external debug symbols
- JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
- JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
- JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
+ - JDK-8266723: JFR periodic events are causing extra allocations
+ - JDK-8266929: Unable to use algorithms from 3p providers
+ - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
+ - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM
+ - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
* Shenandoah
- [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
@@ -161,6 +187,23 @@ Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
security-libs/javax.net.ssl:
+JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
+=========================================================================================
+Certain TLS ALPN values couldn't be properly read or written by the
+SunJSSE provider. This is due to the choice of Strings as the API
+interface and the undocumented internal use of the UTF-8 Character Set
+which converts characters larger than U+00007F (7-bit ASCII) into
+multi-byte arrays that may not be expected by a peer.
+
+ALPN values are now represented using the network byte representation
+expected by the peer, which should require no modification for
+standard 7-bit ASCII-based character Strings. However, SunJSSE now
+encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
+characters. This means applications that used characters above
+U+000007F that were previously encoded using UTF-8 may need to either
+be modified to perform the UTF-8 conversion, or set the Java security
+property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
+
JDK-8244460: Support for certificate_authorities Extension
==========================================================
The "certificate_authorities" extension is an optional extension
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c710d66..d14175c 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b04
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b05
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2582,6 +2582,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Jul 02 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b05-0.0.ea
+- Update to aarch64-shenandoah-jdk8u302-b05 (EA)
+- Update release notes for 8u302-b05.
+
* Wed Jun 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b04-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b04 (EA)
- Update release notes for 8u302-b04.
diff --git a/sources b/sources
index 07a777b..33af4d9 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b04-4curve.tar.xz) = 4b49ae51eb4366e7b812ea9cd852af2ed0aa6b7b5a720598ecd3a7734968fa135e3d68b2ec9439b169e6197205b715763adf247831455163d63955d418a14c83
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b05-4curve.tar.xz) = 4034420e63d98b2268ee6c762a2c79528271d42e7c423a1fd27147e5e8479b2af94345bccae6a09789397627ff5c34ae77e010a30ae042c62df3d7e79a24fe8c
commit cf02803a5d818c01958016936b768dbb9aca777b
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Jul 1 05:31:56 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b04 (EA)
Update release notes for 8u302-b04.
diff --git a/.gitignore b/.gitignore
index 6957bb8..f3bf720 100644
--- a/.gitignore
+++ b/.gitignore
@@ -233,3 +233,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b04-4curve.tar.xz
diff --git a/NEWS b/NEWS
index d4bc4d7..5bcec36 100644
--- a/NEWS
+++ b/NEWS
@@ -15,12 +15,14 @@ Live versions of these release notes can be found at:
- JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
- JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
- JDK-8030123: java/beans/Introspector/Test8027648.java fails
+ - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
- JDK-8033289: clang: clean up unused function warning
- JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
- JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
- JDK-8035054: JarFacade.c should not include ctype.h
- JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
- JDK-8042891: Format issues embedded in macros for two g1 source files
+ - JDK-8043264: hsdis library not picked up correctly on expected paths
- JDK-8055754: filemap.cpp does not compile with clang
- JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
- JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
@@ -31,6 +33,7 @@ Live versions of these release notes can be found at:
- JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
- JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
- JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
+ - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
- JDK-8132148: G1 hs_err region dump legend out of sync with region values
- JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
- JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
@@ -52,12 +55,15 @@ Live versions of these release notes can be found at:
- JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
- JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
- JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
+ - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max
+ - JDK-8206925: Support the certificate_authorities extension
- JDK-8209996: [PPC64] Fix JFR profiling
- JDK-8214345: infinite recursion while checking super class
- JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
- JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
- JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
- JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
+ - JDK-8228757: Fail fast if the handshake type is unknown
- JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
- JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
- JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
@@ -65,13 +71,16 @@ Live versions of these release notes can be found at:
- JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
- JDK-8241649: Optimize Character.toString
- JDK-8241829: Cleanup the code for PrinterJob on windows
+ - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
- JDK-8243559: Remove root certificates with 1024-bit keys
- JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
- JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
- JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
+ - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
- JDK-8255086: Update the root locale display names
- JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
- JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
+ - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect
- JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
- JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
- JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
@@ -90,6 +99,7 @@ Live versions of these release notes can be found at:
- JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
- JDK-8261867: Backport relevant test changes & additions from JDK-8130125
- JDK-8262110: DST starts from incorrect time in 2038
+ - JDK-8262446: DragAndDrop hangs on Windows
- JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
- JDK-8262730: Enable jdk8u MacOS external debug symbols
- JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
@@ -100,6 +110,7 @@ Live versions of these release notes can be found at:
- JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
- JDK-8264640: CMS ParScanClosure misses a barrier
- JDK-8264816: Weak handles leak causes GC to take longer
+ - JDK-8265666: Enable AIX build platform to make external debug symbols
- JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
- JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
- JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
@@ -148,6 +159,31 @@ The following root certificate have been removed from the cacerts truststore:
Alias Name: soneraclass2ca
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
+security-libs/javax.net.ssl:
+
+JDK-8244460: Support for certificate_authorities Extension
+==========================================================
+The "certificate_authorities" extension is an optional extension
+introduced in TLS 1.3. It is used to indicate the certificate
+authorities (CAs) that an endpoint supports and should be used by the
+receiving endpoint to guide certificate selection.
+
+With this JDK release, the "certificate_authorities" extension is
+supported for TLS 1.3 in both the client and the server sides. This
+extension is always present for client certificate selection, while it
+is optional for server certificate selection.
+
+Applications can enable this extension for server certificate
+selection by setting the `jdk.tls.client.enableCAExtension` system
+property to `true`. The default value of the property is `false`.
+
+Note that if the client trusts more CAs than the size limit of the
+extension (less than 2^16 bytes), the extension is not enabled. Also,
+some server implementations do not allow handshake messages to exceed
+2^14 bytes. Consequently, there may be interoperability issues when
+`jdk.tls.client.enableCAExtension` is set to `true` and the client
+trusts more CAs than the server implementation limit.
+
New in release OpenJDK 8u292 (2021-04-20):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index e891b3f..c710d66 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b04
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 0
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2582,6 +2582,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Jun 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b04-0.0.ea
+- Update to aarch64-shenandoah-jdk8u302-b04 (EA)
+- Update release notes for 8u302-b04.
+
* Fri Jun 25 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b03-0.2.ea
- Update to aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23 (EA)
- Update release notes for 8u302-b03-shenandoah-merge-2021-06-23.
diff --git a/sources b/sources
index 971a667..07a777b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23-4curve.tar.xz) = 41f2c7e2549ad569491d406b16f18a0f9840e804696238ef6ad3e2c49ed0b88f50afda152b6880758b0b34ae14e1b6fc548a9770fe32f8131ec96187d69afcb3
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b04-4curve.tar.xz) = 4b49ae51eb4366e7b812ea9cd852af2ed0aa6b7b5a720598ecd3a7734968fa135e3d68b2ec9439b169e6197205b715763adf247831455163d63955d418a14c83
commit 585f29fea66b0f7a5625e9c890bfd8a4e86ffb50
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sat Jun 26 23:51:48 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23 (EA)
Update release notes for 8u302-b03-shenandoah-merge-2021-06-23.
diff --git a/.gitignore b/.gitignore
index 248a89d..6957bb8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -232,3 +232,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 2f78280..d4bc4d7 100644
--- a/NEWS
+++ b/NEWS
@@ -103,6 +103,17 @@ Live versions of these release notes can be found at:
- JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
- JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
- JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
+* Shenandoah
+ - [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
+ - [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
+ - [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous
+ - [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
+ - [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
+ - [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally
+ - [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
+ - [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
+ - [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127
+ - Shenandoah: Process weak roots during class unloading cycle
Notes on individual issues:
===========================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index a68ee78..e891b3f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b03
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2582,6 +2582,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Jun 25 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b03-0.2.ea
+- Update to aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23 (EA)
+- Update release notes for 8u302-b03-shenandoah-merge-2021-06-23.
+
* Mon Jun 07 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b03-0.1.ea
- Backport FIPS mode patch (RH1655466) to java-1.8.0-openjdk, simplifying provider removal.
- nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
diff --git a/sources b/sources
index 7507617..971a667 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-4curve.tar.xz) = 2da04211fadddf96a7acf18cc5e9a790f403eb31f3b9f960db93d1c2afd5a0d193b7ae70589e4382434816d5849b34be17ae0772cda2e4d7b4338b55cd6cd1f9
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-shenandoah-merge-2021-06-23-4curve.tar.xz) = 41f2c7e2549ad569491d406b16f18a0f9840e804696238ef6ad3e2c49ed0b88f50afda152b6880758b0b34ae14e1b6fc548a9770fe32f8131ec96187d69afcb3
commit 0e6069cde381d80f94998a05af512f714da95707
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Jun 8 04:50:48 2021 +0100
Support the FIPS mode crypto policy.
Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Add JDK-8195607/PR3776 to support NSS SQLite databases.
Use appropriate keystore types when in FIPS mode (RH1760838)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8097ba5..a68ee78 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -756,7 +756,9 @@ exit 0
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/policytool-%{uniquesuffix -- %{?1}}.1*
%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.cfg
+%{_jvmdir}/%{jredir -- %{?1}}/lib/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.cfg
+%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/nss.fips.cfg
%ifarch %{share_arches}
%attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/server/classes.jsa
%attr(444, root, root) %ghost %{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/client/classes.jsa
@@ -1111,6 +1113,8 @@ Requires: copy-jdk-configs >= 4.0
OrderWithRequires: copy-jdk-configs
# for printing support
Requires: cups-libs
+# for FIPS PKCS11 provider
+Requires: nss
# Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
@@ -1267,14 +1271,18 @@ Source14: TestECDSA.java
# Verify system crypto (policy) can be disabled via a property
Source15: TestSecurityProperties.java
+# Ensure vendor settings are correct
+Source16: CheckVendor.java
+
+# nss fips configuration file
+Source17: nss.fips.cfg.in
+
Source20: repackReproduciblePolycies.sh
# New versions of config files with aarch64 support. This is not upstream yet.
Source100: config.guess
Source101: config.sub
-# Ensure vendor settings are correct
-Source16: CheckVendor.java
############################################
#
@@ -1290,6 +1298,18 @@ Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_availab
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
Patch1003: rh1582504-rsa_default_for_keytool.patch
+# FIPS support patches
+# RH1648249: Add PKCS11 provider to java.security
+Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
+Patch1001: rh1655466-global_crypto_and_fips.patch
+# RH1760838: No ciphersuites available for SSLSocket in FIPS mode
+Patch1002: rh1760838-fips_default_keystore_type.patch
+# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
+Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
+# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
+Patch1005: rh1906862-always_initialise_configurator_access.patch
+
#############################################
#
# Upstreamable patches
@@ -1364,6 +1384,8 @@ Patch202: jdk8035341-allow_using_system_installed_libpng.patch
# 8042159: Allow using a system-installed lcms2
Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
+# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
+Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
#############################################
#
@@ -1402,7 +1424,6 @@ Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch
# This section includes patches to code other
# that from OpenJDK.
#############################################
-Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
#############################################
#
@@ -1803,12 +1824,17 @@ sh %{SOURCE12}
%patch574
%patch111
%patch112
+%patch580
# RPM-only fixes
%patch539
%patch600
%patch1000
+%patch1001
+%patch1002
%patch1003
+%patch1004
+%patch1005
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -1867,6 +1893,9 @@ done
# Setup nss.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
+# Setup nss.fips.cfg
+sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
+sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@@ -2010,6 +2039,9 @@ export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/jre/lib/security/
+# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
+install -m 644 nss.fips.cfg $JAVA_HOME/jre/lib/security/
+
# Use system-wide tzdata
rm $JAVA_HOME/jre/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat
@@ -2309,7 +2341,7 @@ touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/securi
# moving config files to /etc
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/unlimited/
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib/security/policy/limited/
-for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy.jar lib/security/policy/unlimited/local_policy.jar lib/security/policy/limited/US_export_policy.jar lib/security/policy/limited/local_policy.jar lib/security/java.policy lib/security/java.security lib/security/blacklisted.certs lib/logging.properties lib/calendars.properties lib/security/nss.cfg lib/net.properties ; do
+for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy.jar lib/security/policy/unlimited/local_policy.jar lib/security/policy/limited/US_export_policy.jar lib/security/policy/limited/local_policy.jar lib/security/java.policy lib/security/java.security lib/security/blacklisted.certs lib/logging.properties lib/calendars.properties lib/security/nss.cfg lib/security/nss.fips.cfg lib/net.properties ; do
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/$file
ln -sf %{etcjavadir -- $suffix}/$file $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/$file
done
@@ -2550,6 +2582,22 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Jun 07 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b03-0.1.ea
+- Backport FIPS mode patch (RH1655466) to java-1.8.0-openjdk, simplifying provider removal.
+- nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
+- SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
+- Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
+- Disable FIPS mode support unless com.redhat.fips is set to "true".
+- Add JDK-8195607/PR3776 to support NSS SQLite databases.
+- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
+- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
+- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
+
+* Mon Jun 07 2021 Martin Balao <mbalao(a)redhat.com> - 1:1.8.0.302.b03-0.1.ea
+- Support the FIPS mode crypto policy on RHEL 8 (RH1655466)
+- Use appropriate keystore types when in FIPS mode (RH1760838)
+- Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
+
* Wed Jun 02 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b03-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b03 (EA)
- Update release notes for 8u302-b03.
@@ -2571,7 +2619,7 @@ cjc.mainProgram(args)
main package now have to obsolete java-1.8.0-openjdk-accessibility-{release, slowdebug, fastdebug} < 1:1.8.0.292.b06
otherwise update fails
-* Fri Apr 29 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b10-1
+* Thu Apr 29 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b10-1
- adapted to newst cjc to fix issue with rpm 4.17
* Tue Apr 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b10-0
diff --git a/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch b/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
new file mode 100644
index 0000000..ddab642
--- /dev/null
+++ b/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
@@ -0,0 +1,125 @@
+# HG changeset patch
+# User mbalao
+# Date 1529971845 -28800
+# Tue Jun 26 08:10:45 2018 +0800
+# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc
+# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff
+8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
+Reviewed-by: valeriep, weijun
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+@@ -197,7 +197,7 @@
+
+ if (configDir != null) {
+ String configDirPath = null;
+- String sqlPrefix = "sql:/";
++ String sqlPrefix = "sql:";
+ if (!configDir.startsWith(sqlPrefix)) {
+ configDirPath = configDir;
+ } else {
+diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
+--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
++++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
+@@ -69,9 +69,14 @@
+ int res = 0;
+ FPTR_Initialize initialize =
+ (FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize");
++ #ifdef SECMOD_DEBUG
++ FPTR_GetError getError =
++ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError");
++ #endif // SECMOD_DEBUG
+ unsigned int flags = 0x00;
+ const char *configDir = NULL;
+ const char *functionName = NULL;
++ const char *configFile = NULL;
+
+ /* If we cannot initialize, exit now */
+ if (initialize == NULL) {
+@@ -97,13 +102,18 @@
+ flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag
+ }
+
++ configFile = "secmod.db";
++ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) {
++ configFile = "pkcs11.txt";
++ }
++
+ /*
+ * If the NSS_Init function is requested then call NSS_Initialize to
+ * open the Cert, Key and Security Module databases, read only.
+ */
+ if (strcmp("NSS_Init", functionName) == 0) {
+ flags = flags | 0x01; // NSS_INIT_READONLY flag
+- res = initialize(configDir, "", "", "secmod.db", flags);
++ res = initialize(configDir, "", "", configFile, flags);
+
+ /*
+ * If the NSS_InitReadWrite function is requested then call
+@@ -111,7 +121,7 @@
+ * read/write.
+ */
+ } else if (strcmp("NSS_InitReadWrite", functionName) == 0) {
+- res = initialize(configDir, "", "", "secmod.db", flags);
++ res = initialize(configDir, "", "", configFile, flags);
+
+ /*
+ * If the NSS_NoDB_Init function is requested then call
+@@ -137,6 +147,13 @@
+ (*env)->ReleaseStringUTFChars(env, jConfigDir, configDir);
+ }
+ dprintf1("-res: %d\n", res);
++ #ifdef SECMOD_DEBUG
++ if (res == -1) {
++ if (getError != NULL) {
++ dprintf1("-NSS error: %d\n", getError());
++ }
++ }
++ #endif // SECMOD_DEBUG
+
+ return (res == 0) ? JNI_TRUE : JNI_FALSE;
+ }
+diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
+--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
++++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
+@@ -34,6 +34,10 @@
+ const char *certPrefix, const char *keyPrefix,
+ const char *secmodName, unsigned int flags);
+
++#ifdef SECMOD_DEBUG
++typedef int (*FPTR_GetError)(void);
++#endif //SECMOD_DEBUG
++
+ // in secmod.h
+ //extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
+ // PRBool recurse);
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
+@@ -0,0 +1,4 @@
++library=
++name=NSS Internal PKCS #11 Module
++parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
++NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
+--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
++++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
+@@ -55,7 +55,7 @@
+
+ DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
+ if (useSqlite) {
+- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
++ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR);
+ } else {
+ System.setProperty("pkcs11test.nss.db", DBDIR);
+ }
+@@ -67,6 +67,7 @@
+ if (useSqlite) {
+ copyFile("key4.db", BASE, DBDIR);
+ copyFile("cert9.db", BASE, DBDIR);
++ copyFile("pkcs11.txt", BASE, DBDIR);
+ } else {
+ copyFile("secmod.db", BASE, DBDIR);
+ copyFile("key3.db", BASE, DBDIR);
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
new file mode 100644
index 0000000..ead27be
--- /dev/null
+++ b/nss.fips.cfg.in
@@ -0,0 +1,6 @@
+name = NSS-FIPS
+nssLibraryDirectory = @NSS_LIBDIR@
+nssSecmodDirectory = @NSS_SECMOD@
+nssDbMode = readOnly
+nssModule = fips
+
diff --git a/rh1655466-global_crypto_and_fips.patch b/rh1655466-global_crypto_and_fips.patch
new file mode 100644
index 0000000..58d77b3
--- /dev/null
+++ b/rh1655466-global_crypto_and_fips.patch
@@ -0,0 +1,208 @@
+diff --git a/src/share/classes/javopenjdk.orig/jdk/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -191,27 +191,7 @@
+ if (disableSystemProps == null &&
+ "true".equalsIgnoreCase(props.getProperty
+ ("security.useSystemPropertiesFile"))) {
+-
+- // now load the system file, if it exists, so its values
+- // will win if they conflict with the earlier values
+- try (BufferedInputStream bis =
+- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+- props.load(bis);
+- loadedProps = true;
+-
+- if (sdebug != null) {
+- sdebug.println("reading system security properties file " +
+- SYSTEM_PROPERTIES);
+- sdebug.println(props.toString());
+- }
+- } catch (IOException e) {
+- if (sdebug != null) {
+- sdebug.println
+- ("unable to load security properties from " +
+- SYSTEM_PROPERTIES);
+- e.printStackTrace();
+- }
+- }
++ loadedProps = loadedProps && SystemConfigurator.configure(props);
+ }
+
+ if (!loadedProps) {
+diff --git a/src/share/classes/javopenjdk.orig/jdk/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -0,0 +1,153 @@
++/*
++ * Copyright (c) 2019, Red Hat, Inc.
++ *
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package java.security;
++
++import java.io.BufferedInputStream;
++import java.io.FileInputStream;
++import java.io.IOException;
++
++import java.nio.file.Files;
++import java.nio.file.FileSystems;
++import java.nio.file.Path;
++
++import java.util.Iterator;
++import java.util.Map.Entry;
++import java.util.Properties;
++import java.util.function.Consumer;
++import java.util.regex.Matcher;
++import java.util.regex.Pattern;
++
++import sun.security.util.Debug;
++
++/**
++ * Internal class to align OpenJDK with global crypto-policies.
++ * Called from java.security.Security class initialization,
++ * during startup.
++ *
++ */
++
++class SystemConfigurator {
++
++ private static final Debug sdebug =
++ Debug.getInstance("properties");
++
++ private static final String CRYPTO_POLICIES_BASE_DIR =
++ "/etc/crypto-policies";
++
++ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
++ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
++
++ private static final String CRYPTO_POLICIES_CONFIG =
++ CRYPTO_POLICIES_BASE_DIR + "/config";
++
++ private static final class SecurityProviderInfo {
++ int number;
++ String key;
++ String value;
++ SecurityProviderInfo(int number, String key, String value) {
++ this.number = number;
++ this.key = key;
++ this.value = value;
++ }
++ }
++
++ /*
++ * Invoked when java.security.Security class is initialized, if
++ * java.security.disableSystemPropertiesFile property is not set and
++ * security.useSystemPropertiesFile is true.
++ */
++ static boolean configure(Properties props) {
++ boolean loadedProps = false;
++
++ try (BufferedInputStream bis =
++ new BufferedInputStream(
++ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
++ props.load(bis);
++ loadedProps = true;
++ if (sdebug != null) {
++ sdebug.println("reading system security properties file " +
++ CRYPTO_POLICIES_JAVA_CONFIG);
++ sdebug.println(props.toString());
++ }
++ } catch (IOException e) {
++ if (sdebug != null) {
++ sdebug.println("unable to load security properties from " +
++ CRYPTO_POLICIES_JAVA_CONFIG);
++ e.printStackTrace();
++ }
++ }
++
++ try {
++ if (enableFips()) {
++ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
++ loadedProps = false;
++ // Remove all security providers
++ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
++ while (i.hasNext()) {
++ Entry<Object, Object> e = i.next();
++ if (((String) e.getKey()).startsWith("security.provider")) {
++ if (sdebug != null) { sdebug.println("Removing provider: " + e); }
++ i.remove();
++ }
++ }
++ // Add FIPS security providers
++ String fipsProviderValue = null;
++ for (int n = 1;
++ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) {
++ String fipsProviderKey = "security.provider." + n;
++ if (sdebug != null) {
++ sdebug.println("Adding provider " + n + ": " +
++ fipsProviderKey + "=" + fipsProviderValue);
++ }
++ props.put(fipsProviderKey, fipsProviderValue);
++ }
++ loadedProps = true;
++ }
++ } catch (Exception e) {
++ if (sdebug != null) {
++ sdebug.println("unable to load FIPS configuration");
++ e.printStackTrace();
++ }
++ }
++ return loadedProps;
++ }
++
++ /*
++ * FIPS is enabled only if crypto-policies are set to "FIPS"
++ * and the com.redhat.fips property is true.
++ */
++ private static boolean enableFips() throws Exception {
++ boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
++ if (fipsEnabled) {
++ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
++ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
++ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
++ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
++ return pattern.matcher(cryptoPoliciesConfig).find();
++ } else {
++ return false;
++ }
++ }
++}
+diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
+--- openjdk.orig/jdk/src/share/lib/security/java.security-linux
++++ openjdk/jdk/src/share/lib/security/java.security-linux
+@@ -77,6 +77,14 @@
+ #security.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
+
+ #
++# Security providers used when global crypto-policies are set to FIPS.
++#
++fips.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.fips.cfg
++fips.provider.2=sun.security.provider.Sun
++fips.provider.3=sun.security.ec.SunEC
++fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
++
++#
+ # Sun Provider SecureRandom seed source.
+ #
+ # Select the primary source of seed data for the "SHA1PRNG" and
diff --git a/rh1760838-fips_default_keystore_type.patch b/rh1760838-fips_default_keystore_type.patch
new file mode 100644
index 0000000..bedc8ea
--- /dev/null
+++ b/rh1760838-fips_default_keystore_type.patch
@@ -0,0 +1,52 @@
+diff -r 6efbd7b35a10 src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Mon Mar 02 19:20:17 2020 -0300
+@@ -123,6 +123,33 @@
+ }
+ props.put(fipsProviderKey, fipsProviderValue);
+ }
++ // Add other security properties
++ String keystoreTypeValue = (String) props.get("fips.keystore.type");
++ if (keystoreTypeValue != null) {
++ String nonFipsKeystoreType = props.getProperty("keystore.type");
++ props.put("keystore.type", keystoreTypeValue);
++ if (keystoreTypeValue.equals("PKCS11")) {
++ // If keystore.type is PKCS11, javax.net.ssl.keyStore
++ // must be "NONE". See JDK-8238264.
++ System.setProperty("javax.net.ssl.keyStore", "NONE");
++ }
++ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
++ // If no trustStoreType has been set, use the
++ // previous keystore.type under FIPS mode. In
++ // a default configuration, the Trust Store will
++ // be 'cacerts' (JKS type).
++ System.setProperty("javax.net.ssl.trustStoreType",
++ nonFipsKeystoreType);
++ }
++ if (sdebug != null) {
++ sdebug.println("FIPS mode default keystore.type = " +
++ keystoreTypeValue);
++ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
++ System.getProperty("javax.net.ssl.keyStore", ""));
++ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
++ System.getProperty("javax.net.ssl.trustStoreType", ""));
++ }
++ }
+ loadedProps = true;
+ }
+ } catch (Exception e) {
+diff -r 6efbd7b35a10 src/share/lib/security/java.security-linux
+--- openjdk.orig/jdk/src/share/lib/security/java.security-linux Thu Jan 23 18:22:31 2020 -0300
++++ openjdk/jdk/src/share/lib/security/java.security-linux Mon Mar 02 19:20:17 2020 -0300
+@@ -179,6 +179,11 @@
+ keystore.type=jks
+
+ #
++# Default keystore type used when global crypto-policies are set to FIPS.
++#
++fips.keystore.type=PKCS11
++
++#
+ # Controls compatibility mode for the JKS keystore type.
+ #
+ # When set to 'true', the JKS keystore type supports loading
diff --git a/rh1860986-disable_tlsv1.3_in_fips_mode.patch b/rh1860986-disable_tlsv1.3_in_fips_mode.patch
new file mode 100644
index 0000000..91e3705
--- /dev/null
+++ b/rh1860986-disable_tlsv1.3_in_fips_mode.patch
@@ -0,0 +1,327 @@
+diff -r bbc65dfa59d1 src/share/classes/java/security/SystemConfigurator.java
+--- openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Sat Aug 01 23:16:51 2020 -0300
+@@ -1,11 +1,13 @@
+ /*
+- * Copyright (c) 2019, Red Hat, Inc.
++ * Copyright (c) 2019, 2020, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation.
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+@@ -34,10 +36,10 @@
+ import java.util.Iterator;
+ import java.util.Map.Entry;
+ import java.util.Properties;
+-import java.util.function.Consumer;
+-import java.util.regex.Matcher;
+ import java.util.regex.Pattern;
+
++import sun.misc.SharedSecrets;
++import sun.misc.JavaSecuritySystemConfiguratorAccess;
+ import sun.security.util.Debug;
+
+ /**
+@@ -47,7 +49,7 @@
+ *
+ */
+
+-class SystemConfigurator {
++final class SystemConfigurator {
+
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+@@ -61,15 +63,16 @@
+ private static final String CRYPTO_POLICIES_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/config";
+
+- private static final class SecurityProviderInfo {
+- int number;
+- String key;
+- String value;
+- SecurityProviderInfo(int number, String key, String value) {
+- this.number = number;
+- this.key = key;
+- this.value = value;
+- }
++ private static boolean systemFipsEnabled = false;
++
++ static {
++ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
++ new JavaSecuritySystemConfiguratorAccess() {
++ @Override
++ public boolean isSystemFipsEnabled() {
++ return SystemConfigurator.isSystemFipsEnabled();
++ }
++ });
+ }
+
+ /*
+@@ -128,9 +131,9 @@
+ String nonFipsKeystoreType = props.getProperty("keystore.type");
+ props.put("keystore.type", keystoreTypeValue);
+ if (keystoreTypeValue.equals("PKCS11")) {
+- // If keystore.type is PKCS11, javax.net.ssl.keyStore
+- // must be "NONE". See JDK-8238264.
+- System.setProperty("javax.net.ssl.keyStore", "NONE");
++ // If keystore.type is PKCS11, javax.net.ssl.keyStore
++ // must be "NONE". See JDK-8238264.
++ System.setProperty("javax.net.ssl.keyStore", "NONE");
+ }
+ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
+ // If no trustStoreType has been set, use the
+@@ -144,12 +147,13 @@
+ sdebug.println("FIPS mode default keystore.type = " +
+ keystoreTypeValue);
+ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
+- System.getProperty("javax.net.ssl.keyStore", ""));
++ System.getProperty("javax.net.ssl.keyStore", ""));
+ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
+ System.getProperty("javax.net.ssl.trustStoreType", ""));
+ }
+ }
+ loadedProps = true;
++ systemFipsEnabled = true;
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+@@ -165,20 +165,37 @@
+ return loadedProps;
+ }
+
++ /**
++ * Returns whether or not global system FIPS alignment is enabled.
++ *
++ * Value is always 'false' before java.security.Security class is
++ * initialized.
++ *
++ * Call from out of this package through SharedSecrets:
++ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ * .isSystemFipsEnabled();
++ *
++ * @return a boolean value indicating whether or not global
++ * system FIPS alignment is enabled.
++ */
++ static boolean isSystemFipsEnabled() {
++ return systemFipsEnabled;
++ }
++
+ /*
+ * FIPS is enabled only if crypto-policies are set to "FIPS"
+ * and the com.redhat.fips property is true.
+ */
+ private static boolean enableFips() throws Exception {
+- boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+- if (fipsEnabled) {
+- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+- return pattern.matcher(cryptoPoliciesConfig).find();
+- } else {
+- return false;
+- }
++ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
++ if (shouldEnable) {
++ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
++ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
++ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
++ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
++ return pattern.matcher(cryptoPoliciesConfig).find();
++ } else {
++ return false;
++ }
+ }
+ }
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+@@ -0,0 +1,30 @@
++/*
++ * Copyright (c) 2020, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package sun.misc;
++
++public interface JavaSecuritySystemConfiguratorAccess {
++ boolean isSystemFipsEnabled();
++}
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+@@ -63,6 +63,7 @@
+ private static JavaObjectInputStreamReadString javaObjectInputStreamReadString;
+ private static JavaObjectInputStreamAccess javaObjectInputStreamAccess;
+ private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
++ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
+
+ public static JavaUtilJarAccess javaUtilJarAccess() {
+ if (javaUtilJarAccess == null) {
+@@ -248,4 +249,12 @@
+ }
+ return javaxCryptoSealedObjectAccess;
+ }
++
++ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
++ javaSecuritySystemConfiguratorAccess = jssca;
++ }
++
++ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ return javaSecuritySystemConfiguratorAccess;
++ }
+ }
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
++++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
+@@ -31,6 +31,7 @@
+ import java.security.cert.*;
+ import java.util.*;
+ import javax.net.ssl.*;
++import sun.misc.SharedSecrets;
+ import sun.security.action.GetPropertyAction;
+ import sun.security.provider.certpath.AlgorithmChecker;
+ import sun.security.validator.Validator;
+@@ -539,20 +540,38 @@
+
+ static {
+ if (SunJSSE.isFIPS()) {
+- supportedProtocols = Arrays.asList(
+- ProtocolVersion.TLS13,
+- ProtocolVersion.TLS12,
+- ProtocolVersion.TLS11,
+- ProtocolVersion.TLS10
+- );
++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled()) {
++ // RH1860986: TLSv1.3 key derivation not supported with
++ // the Security Providers available in system FIPS mode.
++ supportedProtocols = Arrays.asList(
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ );
+
+- serverDefaultProtocols = getAvailableProtocols(
+- new ProtocolVersion[] {
+- ProtocolVersion.TLS13,
+- ProtocolVersion.TLS12,
+- ProtocolVersion.TLS11,
+- ProtocolVersion.TLS10
+- });
++ serverDefaultProtocols = getAvailableProtocols(
++ new ProtocolVersion[] {
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ });
++ } else {
++ supportedProtocols = Arrays.asList(
++ ProtocolVersion.TLS13,
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ );
++
++ serverDefaultProtocols = getAvailableProtocols(
++ new ProtocolVersion[] {
++ ProtocolVersion.TLS13,
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ });
++ }
+ } else {
+ supportedProtocols = Arrays.asList(
+ ProtocolVersion.TLS13,
+@@ -612,6 +631,16 @@
+
+ static ProtocolVersion[] getSupportedProtocols() {
+ if (SunJSSE.isFIPS()) {
++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled()) {
++ // RH1860986: TLSv1.3 key derivation not supported with
++ // the Security Providers available in system FIPS mode.
++ return new ProtocolVersion[] {
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ };
++ }
+ return new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+@@ -939,6 +968,16 @@
+
+ static ProtocolVersion[] getProtocols() {
+ if (SunJSSE.isFIPS()) {
++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled()) {
++ // RH1860986: TLSv1.3 key derivation not supported with
++ // the Security Providers available in system FIPS mode.
++ return new ProtocolVersion[] {
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ };
++ }
+ return new ProtocolVersion[]{
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
++++ openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
+@@ -30,6 +30,8 @@
+
+ import java.security.*;
+
++import sun.misc.SharedSecrets;
++
+ /**
+ * The JSSE provider.
+ *
+@@ -215,8 +217,13 @@
+ "sun.security.ssl.SSLContextImpl$TLS11Context");
+ put("SSLContext.TLSv1.2",
+ "sun.security.ssl.SSLContextImpl$TLS12Context");
+- put("SSLContext.TLSv1.3",
+- "sun.security.ssl.SSLContextImpl$TLS13Context");
++ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled()) {
++ // RH1860986: TLSv1.3 key derivation not supported with
++ // the Security Providers available in system FIPS mode.
++ put("SSLContext.TLSv1.3",
++ "sun.security.ssl.SSLContextImpl$TLS13Context");
++ }
+ put("SSLContext.TLS",
+ "sun.security.ssl.SSLContextImpl$TLSContext");
+ if (isfips == false) {
diff --git a/rh1906862-always_initialise_configurator_access.patch b/rh1906862-always_initialise_configurator_access.patch
new file mode 100644
index 0000000..82116ad
--- /dev/null
+++ b/rh1906862-always_initialise_configurator_access.patch
@@ -0,0 +1,65 @@
+# HG changeset patch
+# User andrew
+# Date 1608219816 0
+# Thu Dec 17 15:43:36 2020 +0000
+# Node ID db5d1b28bfce04352b3a48960bf836f6eb20804b
+# Parent a2cfa397150e99b813354226d536eb8509b5850b
+RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
+
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -30,6 +30,8 @@
+ import java.util.concurrent.ConcurrentHashMap;
+ import java.io.*;
+ import java.net.URL;
++import sun.misc.SharedSecrets;
++import sun.misc.JavaSecuritySystemConfiguratorAccess;
+ import sun.security.util.Debug;
+ import sun.security.util.PropertyExpander;
+
+@@ -69,6 +71,15 @@
+ }
+
+ static {
++ // Initialise here as used by code with system properties disabled
++ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
++ new JavaSecuritySystemConfiguratorAccess() {
++ @Override
++ public boolean isSystemFipsEnabled() {
++ return SystemConfigurator.isSystemFipsEnabled();
++ }
++ });
++
+ // doPrivileged here because there are multiple
+ // things in initialize that might require privs.
+ // (the FileInputStream call and the File.exists call,
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -39,8 +39,6 @@
+ import java.util.Properties;
+ import java.util.regex.Pattern;
+
+-import sun.misc.SharedSecrets;
+-import sun.misc.JavaSecuritySystemConfiguratorAccess;
+ import sun.security.util.Debug;
+
+ /**
+@@ -66,16 +64,6 @@
+
+ private static boolean systemFipsEnabled = false;
+
+- static {
+- SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
+- new JavaSecuritySystemConfiguratorAccess() {
+- @Override
+- public boolean isSystemFipsEnabled() {
+- return SystemConfigurator.isSystemFipsEnabled();
+- }
+- });
+- }
+-
+ /*
+ * Invoked when java.security.Security class is initialized, if
+ * java.security.disableSystemPropertiesFile property is not set and
commit 9bb503395a4ebac7476bfe86633dc6ea16f8b19f
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Jun 7 13:35:52 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b03 (EA)
Update release notes for 8u302-b03.
diff --git a/.gitignore b/.gitignore
index fa44d8a..248a89d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -231,3 +231,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 95a3b38..2f78280 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,7 @@ Live versions of these release notes can be found at:
* Other changes
- JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
- JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
+ - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
- JDK-8030123: java/beans/Introspector/Test8027648.java fails
- JDK-8033289: clang: clean up unused function warning
- JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
@@ -35,6 +36,7 @@ Live versions of these release notes can be found at:
- JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
- JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
- JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
+ - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1
- JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
- JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
- JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
@@ -62,11 +64,17 @@ Live versions of these release notes can be found at:
- JDK-8231949: [PPC64, s390]: Make async profiling more reliable
- JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
- JDK-8241649: Optimize Character.toString
+ - JDK-8241829: Cleanup the code for PrinterJob on windows
- JDK-8243559: Remove root certificates with 1024-bit keys
- JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
- JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
+ - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
- JDK-8255086: Update the root locale display names
- JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
+ - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
+ - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
+ - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
+ - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
- JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
- JDK-8258419: RSA cipher buffer cleanup
- JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
@@ -90,6 +98,7 @@ Live versions of these release notes can be found at:
- JDK-8263600: change rmidRunning to a simple lookup
- JDK-8264509: jdk8u MacOS zipped debug symbols won't build
- JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
+ - JDK-8264640: CMS ParScanClosure misses a barrier
- JDK-8264816: Weak handles leak causes GC to take longer
- JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
- JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 315ab69..8097ba5 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b02
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b03
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2550,6 +2550,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Jun 02 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b03-0.0.ea
+- Update to aarch64-shenandoah-jdk8u302-b03 (EA)
+- Update release notes for 8u302-b03.
+
* Tue May 25 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b02-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b02 (EA)
- Update release notes for 8u302-b02.
diff --git a/sources b/sources
index ff68f68..7507617 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b02-4curve.tar.xz) = 1c3328c79551d76f0c3730d50e66d2abd251bb8614f947446d76d3543a39b41f8c32e4391b62aa2f4330da2df36686b6825e54d9079ce84b9625da7fa65f21fd
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b03-4curve.tar.xz) = 2da04211fadddf96a7acf18cc5e9a790f403eb31f3b9f960db93d1c2afd5a0d193b7ae70589e4382434816d5849b34be17ae0772cda2e4d7b4338b55cd6cd1f9
commit 6d48cf0847e9f45a424d69763643a7f5bf30d6c6
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Jun 4 06:51:37 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b02 (EA)
Update release notes for 8u302-b02.
diff --git a/.gitignore b/.gitignore
index a29eb85..fa44d8a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -230,3 +230,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b09-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b02-4curve.tar.xz
diff --git a/NEWS b/NEWS
index b78d9ce..95a3b38 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,9 @@ Live versions of these release notes can be found at:
- JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
- JDK-8030123: java/beans/Introspector/Test8027648.java fails
- JDK-8033289: clang: clean up unused function warning
+ - JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
+ - JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
+ - JDK-8035054: JarFacade.c should not include ctype.h
- JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
- JDK-8042891: Format issues embedded in macros for two g1 source files
- JDK-8055754: filemap.cpp does not compile with clang
@@ -25,6 +28,7 @@ Live versions of these release notes can be found at:
- JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
- JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
- JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
+ - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
- JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
- JDK-8132148: G1 hs_err region dump legend out of sync with region values
- JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 1aac854..315ab69 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b01
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b02
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2550,6 +2550,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue May 25 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b02-0.0.ea
+- Update to aarch64-shenandoah-jdk8u302-b02 (EA)
+- Update release notes for 8u302-b02.
+
* Sat May 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b01-0.0.ea
- Update to aarch64-shenandoah-jdk8u302-b01 (EA)
- Update release notes for 8u302-b01.
diff --git a/sources b/sources
index 6774c52..ff68f68 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b01-4curve.tar.xz) = 7a73f7ffcbe368edfd17b1c13509939bc57e7e14e18fa010d1c4341846c5306820111b789e529e37b5c31fb8fb67dfb3daeb12d6814e62cdff57503884dfbc1d
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b02-4curve.tar.xz) = 1c3328c79551d76f0c3730d50e66d2abd251bb8614f947446d76d3543a39b41f8c32e4391b62aa2f4330da2df36686b6825e54d9079ce84b9625da7fa65f21fd
commit 4c961126942d7b2d53fcaef5f7127e47cc61a213
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Jun 2 06:03:04 2021 +0100
Update to aarch64-shenandoah-jdk8u302-b01 (EA)
Update release notes for 8u302-b01.
Switch to EA mode.
diff --git a/.gitignore b/.gitignore
index c959a85..a29eb85 100644
--- a/.gitignore
+++ b/.gitignore
@@ -229,3 +229,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b09-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index e5dea8d..b78d9ce 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,127 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u302 (2021-07-20):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u302
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
+
+* Security fixes
+* Other changes
+ - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
+ - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
+ - JDK-8030123: java/beans/Introspector/Test8027648.java fails
+ - JDK-8033289: clang: clean up unused function warning
+ - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
+ - JDK-8042891: Format issues embedded in macros for two g1 source files
+ - JDK-8055754: filemap.cpp does not compile with clang
+ - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
+ - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
+ - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
+ - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
+ - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
+ - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
+ - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
+ - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
+ - JDK-8132148: G1 hs_err region dump legend out of sync with region values
+ - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
+ - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
+ - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
+ - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
+ - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
+ - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
+ - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
+ - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
+ - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
+ - JDK-8178403: DirectAudio in JavaSound may hang and leak
+ - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
+ - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently
+ - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
+ - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
+ - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
+ - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
+ - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
+ - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
+ - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
+ - JDK-8209996: [PPC64] Fix JFR profiling
+ - JDK-8214345: infinite recursion while checking super class
+ - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
+ - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
+ - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
+ - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
+ - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
+ - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
+ - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
+ - JDK-8231949: [PPC64, s390]: Make async profiling more reliable
+ - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
+ - JDK-8241649: Optimize Character.toString
+ - JDK-8243559: Remove root certificates with 1024-bit keys
+ - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
+ - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
+ - JDK-8255086: Update the root locale display names
+ - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
+ - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
+ - JDK-8258419: RSA cipher buffer cleanup
+ - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
+ - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
+ - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
+ - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
+ - JDK-8259886: Improve SSL session cache performance and scalability
+ - JDK-8260029: aarch64: fix typo in verify_oop_array
+ - JDK-8260236: better init AnnotationCollector _contended_group
+ - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
+ - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
+ - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
+ - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
+ - JDK-8261867: Backport relevant test changes & additions from JDK-8130125
+ - JDK-8262110: DST starts from incorrect time in 2038
+ - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
+ - JDK-8262730: Enable jdk8u MacOS external debug symbols
+ - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
+ - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395
+ - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
+ - JDK-8263600: change rmidRunning to a simple lookup
+ - JDK-8264509: jdk8u MacOS zipped debug symbols won't build
+ - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
+ - JDK-8264816: Weak handles leak causes GC to take longer
+ - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
+ - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
+ - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8256902: Removed Root Certificates with 1024-bit Keys
+=========================================================
+The following root certificates with weak 1024-bit RSA public keys
+have been removed from the `cacerts` keystore:
+
+Alias Name: thawtepremiumserverca [jdk]
+Distinguished Name: EMAILADDRESS=premium-server(a)thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
+
+Alias Name: verisignclass2g2ca [jdk]
+Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
+
+Alias Name: verisignclass3ca [jdk]
+Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
+
+Alias Name: verisignclass3g2caÂ[jdk]
+Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
+
+Alias Name: verisigntsaca [jdk]
+Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
+
+JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
+=================================================================
+
+The following root certificate have been removed from the cacerts truststore:
+
+Alias Name: soneraclass2ca
+Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
+
New in release OpenJDK 8u292 (2021-04-20):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 5e15372..1aac854 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b10
+%global shenandoah_revision aarch64-shenandoah-jdk8u302-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,12 +311,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 0
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2550,6 +2550,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat May 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b01-0.0.ea
+- Update to aarch64-shenandoah-jdk8u302-b01 (EA)
+- Update release notes for 8u302-b01.
+- Switch to EA mode.
+
* Mon May 10 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b10-3
- removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction
diff --git a/sources b/sources
index dc8efbe..6774c52 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz) = 3cde5e7eb2c6e72ad20fc3370d0a2d04d122152243196a4edc617495b428ddc16f7f902b7259999936a44232424032848447c87f3d7e296d0d2a902b61e72173
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b01-4curve.tar.xz) = 7a73f7ffcbe368edfd17b1c13509939bc57e7e14e18fa010d1c4341846c5306820111b789e529e37b5c31fb8fb67dfb3daeb12d6814e62cdff57503884dfbc1d
commit f2efa3b9304d84d0547770a7581c52b81ba60cbb
Author: Jiri <jvanek(a)redhat.com>
Date: Mon May 10 20:34:52 2021 +0200
removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 416f16e..5e15372 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1107,7 +1107,7 @@ Requires: lksctp-tools%{?_isa}
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
# considered as regression
-Requires: copy-jdk-configs >= 3.9
+Requires: copy-jdk-configs >= 4.0
OrderWithRequires: copy-jdk-configs
# for printing support
Requires: cups-libs
@@ -2369,10 +2369,10 @@ else
return
end
end
--- run content of included file with fake args
+arg = nil ; -- it is better to null the arg up, no meter if they exists or not, and use cjc as module in unified way, instead of relaying on "main" method during require "copy_jdk_configs.lua"
cjc = require "copy_jdk_configs.lua"
-arg = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
-cjc.mainProgram(arg)
+args = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
+cjc.mainProgram(args)
%post
%{post_script %{nil}}
@@ -2550,6 +2550,9 @@ cjc.mainProgram(arg)
%endif
%changelog
+* Mon May 10 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b10-3
+- removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction
+
* Mon May 03 2021 Sérgio Basto <sergio(a)serjux.com> - 1:1.8.0.292.b10-2
- Fix upgrade path after removal of accessibility subpackage. As main accessibility was requiring main package,
main package now have to obsolete java-1.8.0-openjdk-accessibility-{release, slowdebug, fastdebug} < 1:1.8.0.292.b06
commit 808d7a0c2c021dbe2bf9273d444bccf8eb132bc9
Author: Sérgio M. Basto <sergio(a)serjux.com>
Date: Tue May 4 11:22:44 2021 +0100
Fix upgrade path after removal of accessibility subpackage. As main accessibility was requiring main package,
main package now have to obsolete java-1.8.0-openjdk-accessibility-{release, slowdebug, fastdebug} < 1:1.8.0.292.b06
otherwise update fails
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 38d4d99..416f16e 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1465,6 +1465,15 @@ BuildRequires: systemtap-sdt-devel
# when it is built in debug-only this package is just placeholder
%{java_rpo %{nil}}
+# Fix upgrade path after removal of accessibility subpackage
+# on commit 0c79c1451ef42c540682fb75329a92bb110609e7
+# As main accessibility was requiring main package, main package now have to
+# obsolete java-1.8.0-openjdk-accessibility-{release, slowdebug, fastdebug} < 1:1.8.0.292.b06
+# otherwise update fails
+Obsoletes: java-1.8.0-openjdk-accessibility < 1:1.8.0.292.b06
+Obsoletes: java-1.8.0-openjdk-accessibility-slowdebug < 1:1.8.0.292.b06
+Obsoletes: java-1.8.0-openjdk-accessibility-fastdebug < 1:1.8.0.292.b06
+
%description
The %{origin_nice} %{majorver} runtime environment.
@@ -2541,6 +2550,11 @@ cjc.mainProgram(arg)
%endif
%changelog
+* Mon May 03 2021 Sérgio Basto <sergio(a)serjux.com> - 1:1.8.0.292.b10-2
+- Fix upgrade path after removal of accessibility subpackage. As main accessibility was requiring main package,
+ main package now have to obsolete java-1.8.0-openjdk-accessibility-{release, slowdebug, fastdebug} < 1:1.8.0.292.b06
+ otherwise update fails
+
* Fri Apr 29 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b10-1
- adapted to newst cjc to fix issue with rpm 4.17
commit 7c44d4d12d148d87c4e471ffb06a93f99d08b0b3
Author: Jiri <jvanek(a)redhat.com>
Date: Thu Apr 29 17:35:13 2021 +0200
Adapted to rpm 4.17 and cjc 4.0
As rpm 4.17 dropped arg from varaibale table, cjc now have to be sued as
module. cjc 4.0 was converted to module
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b8bf093..38d4d99 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1107,7 +1107,7 @@ Requires: lksctp-tools%{?_isa}
# tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
# not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
# considered as regression
-Requires: copy-jdk-configs >= 3.3
+Requires: copy-jdk-configs >= 3.9
OrderWithRequires: copy-jdk-configs
# for printing support
Requires: cups-libs
@@ -2326,7 +2326,13 @@ done
-- whether copy-jdk-configs is installed or not. If so, then configs are copied
-- (copy_jdk_configs from %%{_libexecdir} used) or not copied at all
local posix = require "posix"
-local debug = false
+
+if (os.getenv("debug") == "true") then
+ debug = true;
+ print("cjc: in spec debug is on")
+else
+ debug = false;
+end
SOURCE1 = "%{rpm_state_dir}/copy_jdk_configs.lua"
SOURCE2 = "%{_libexecdir}/copy_jdk_configs.lua"
@@ -2355,8 +2361,9 @@ else
end
end
-- run content of included file with fake args
+cjc = require "copy_jdk_configs.lua"
arg = {"--currentjvm", "%{uniquesuffix %{nil}}", "--jvmdir", "%{_jvmdir %{nil}}", "--origname", "%{name}", "--origjavaver", "%{javaver}", "--arch", "%{_arch}", "--temp", "%{rpm_state_dir}/%{name}.%{_arch}"}
-require "copy_jdk_configs.lua"
+cjc.mainProgram(arg)
%post
%{post_script %{nil}}
@@ -2534,6 +2541,9 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Fri Apr 29 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b10-1
+- adapted to newst cjc to fix issue with rpm 4.17
+
* Tue Apr 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b10-0
- Update to aarch64-shenandoah-jdk8u292-b10 (GA)
- Update release notes for 8u292-b10.
commit 2e183d309d75fc1876656bc6d8af8aa45095a48c
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Apr 22 01:15:41 2021 +0100
Update to aarch64-shenandoah-jdk8u292-b10 (GA)
Update release notes for 8u292-b10.
diff --git a/.gitignore b/.gitignore
index 0855951..c959a85 100644
--- a/.gitignore
+++ b/.gitignore
@@ -228,3 +228,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b09-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz
diff --git a/NEWS b/NEWS
index fa9e29f..e5dea8d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,13 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u292
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
+* Security fixes
+ - JDK-8227467: Better class method invocations
+ - JDK-8244473: Contextualize registration for JNDI
+ - JDK-8244543: Enhanced handling of abstract classes
+ - JDK-8249906, CVE-2021-2163: Enhance opening JARs
+ - JDK-8250568, CVE-2021-2161: Less ambiguous processing
+ - JDK-8253799: Make lists of normal filenames
* Other changes
- JDK-6345095: regression test EmptyClipRenderingTest fails
- JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
@@ -92,6 +99,7 @@ Live versions of these release notes can be found at:
- JDK-8256682: JDK-8202343 is incomplete
- JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
- JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
+ - JDK-8258247: Couple of issues in fix for JDK-8249906
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
- JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
- JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
@@ -99,10 +107,12 @@ Live versions of these release notes can be found at:
- JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
+ - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
- JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
- JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
- JDK-8260930: AARCH64: Invalid value passed to critical JNI function
+ - JDK-8261183: Follow on to Make lists of normal filenames
- JDK-8261231: Windows IME was disabled after DnD operation
- JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
- JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 36e87cb..b8bf093 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b09
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b10
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -316,7 +316,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2534,6 +2534,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Tue Apr 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b10-0
+- Update to aarch64-shenandoah-jdk8u292-b10 (GA)
+- Update release notes for 8u292-b10.
+
* Tue Mar 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b09-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b09 (EA)
- Update release notes for 8u292-b09.
diff --git a/sources b/sources
index 62b0bbb..dc8efbe 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b09-4curve.tar.xz) = a3c69aba94c5e7ddd391296462bc6fb54c49e76d28d8df230144ccdb5dd584666cc895aeb42a2094d3073d11b64b3b3756b5e499484e7a3510283294df27a8e2
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b10-4curve.tar.xz) = 3cde5e7eb2c6e72ad20fc3370d0a2d04d122152243196a4edc617495b428ddc16f7f902b7259999936a44232424032848447c87f3d7e296d0d2a902b61e72173
commit 2d9c5160dda5d9d785eced1bb70927549b6bf7e7
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Apr 9 04:20:07 2021 +0100
Update to aarch64-shenandoah-jdk8u292-b09 (EA)
Update release notes for 8u292-b09.
diff --git a/.gitignore b/.gitignore
index 662ab2f..0855951 100644
--- a/.gitignore
+++ b/.gitignore
@@ -227,3 +227,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b06-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b08-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b09-4curve.tar.xz
diff --git a/NEWS b/NEWS
index cc24bef..fa9e29f 100644
--- a/NEWS
+++ b/NEWS
@@ -13,7 +13,7 @@ Live versions of these release notes can be found at:
- JDK-6345095: regression test EmptyClipRenderingTest fails
- JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
- JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
- - JDK-7107012: sun.jvm.hostspot.code.CompressedReadStream readDouble() conversion to long mishandled
+ - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
- JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
- JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
- JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
@@ -108,6 +108,7 @@ Live versions of these release notes can be found at:
- JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
- JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
- JDK-8263008: AARCH64: Add debug info for libsaproc.so
+ - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)
* Shenandoah
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
- Revert differences against upstream 8u
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b464e49..36e87cb 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b08
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b09
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2534,6 +2534,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Tue Mar 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b09-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b09 (EA)
+- Update release notes for 8u292-b09.
+
* Sat Mar 27 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b08-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b08 (EA)
- Update release notes for 8u292-b08.
diff --git a/sources b/sources
index c1b4274..62b0bbb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b08-4curve.tar.xz) = 03df325f6d34de3483609d1aa6de4f1998c6cf8b0502c7d1ee328dae89b5c7a03c3278dde3843e7b7de68291509eea0cda162a620e69fd053a85d3e01170c6ee
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b09-4curve.tar.xz) = a3c69aba94c5e7ddd391296462bc6fb54c49e76d28d8df230144ccdb5dd584666cc895aeb42a2094d3073d11b64b3b3756b5e499484e7a3510283294df27a8e2
commit 34aae23aafe52e81301ea486aa819c3164dba39b
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Apr 8 07:18:29 2021 +0100
Fix bad date in Changelog.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 6edd97c..b464e49 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -2543,7 +2543,7 @@ require "copy_jdk_configs.lua"
- Update to aarch64-shenandoah-jdk8u292-b07 (EA)
- Update release notes for 8u292-b07.
-* Mon Mar 24 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b06-0.1.ea
+* Wed Mar 24 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b06-0.1.ea
- removal of atk accessibility bridge bindings:
- removed libatk-wrapper[.]so.* from global _privatelibs
- removed files_accessibility and java_accessibility_rpo macros
commit 5df61f34ef80f723e545bb531f7a4b00a3a6ccb0
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Apr 8 07:13:15 2021 +0100
Update to aarch64-shenandoah-jdk8u292-b08 (EA)
Update release notes for 8u292-b08.
Require tzdata 2021a due to JDK-8260356
diff --git a/.gitignore b/.gitignore
index 0a52cb3..662ab2f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -226,3 +226,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b06-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b08-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 6a07c87..cc24bef 100644
--- a/NEWS
+++ b/NEWS
@@ -40,6 +40,7 @@ Live versions of these release notes can be found at:
- JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
- JDK-8172404: Tools should warn if weak algorithms are used before restricting them
- JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
+ - JDK-8191915: JCK tests produce incorrect results with C2
- JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
- JDK-8202343: Disable TLS 1.0 and 1.1
- JDK-8209333: Socket reset issue for TLS 1.3 socket close
@@ -85,6 +86,7 @@ Live versions of these release notes can be found at:
- JDK-8255880: UI of Swing components is not redrawn after their internal state changed
- JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
- JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
+ - JDK-8256421: Add 2 HARICA roots to cacerts truststore
- JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
- JDK-8258079: Eliminate ParNew's use of klass_or_null()
- JDK-8256682: JDK-8202343 is incomplete
@@ -99,6 +101,7 @@ Live versions of these release notes can be found at:
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
- JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
+ - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
- JDK-8260930: AARCH64: Invalid value passed to critical JNI function
- JDK-8261231: Windows IME was disabled after DnD operation
- JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
@@ -146,6 +149,17 @@ Notes on individual issues:
security-libs/java.security:
+JDK-8260597: Added 2 HARICA Root CA Certificates
+================================================
+
+The following root certificates have been added to the cacerts truststore:
+
+Alias Name: haricarootca2015
+Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+
+Alias Name: haricaeccrootca2015
+Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
===================================================================================
Weak named curves are disabled by default by adding them to the
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 4d80d62..6edd97c 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b07
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b08
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -1099,8 +1099,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2020f required as of JDK-8259048 in April CPU
-Requires: tzdata-java >= 2020f
+# 2021a required as of JDK-8260356 in April CPU
+Requires: tzdata-java >= 2021a
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1452,8 +1452,8 @@ BuildRequires: java-1.8.0-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
-# 2020f required as of JDK-8259048 in April CPU
-BuildRequires: tzdata-java >= 2020f
+# 2021a required as of JDK-8260356 in April CPU
+BuildRequires: tzdata-java >= 2021a
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2534,6 +2534,11 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Sat Mar 27 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b08-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b08 (EA)
+- Update release notes for 8u292-b08.
+- Require tzdata 2021a due to JDK-8260356
+
* Thu Mar 25 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b07-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b07 (EA)
- Update release notes for 8u292-b07.
diff --git a/sources b/sources
index 8d2689b..c1b4274 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b07-4curve.tar.xz) = d12cba379f610b426ce95b67763e60e6eaf6821f08c69516dac49932c72f116f0e5934ca946877f1caa97efa6259097e5669fed0af9b2bc3bc575c88ef158f44
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b08-4curve.tar.xz) = 03df325f6d34de3483609d1aa6de4f1998c6cf8b0502c7d1ee328dae89b5c7a03c3278dde3843e7b7de68291509eea0cda162a620e69fd053a85d3e01170c6ee
commit b11200180bdbe8b2d780158fd80d7ac4eba50340
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Mar 30 04:17:23 2021 +0100
Update to aarch64-shenandoah-jdk8u292-b07 (EA)
Update release notes for 8u292-b07.
diff --git a/.gitignore b/.gitignore
index cd6ab2b..0a52cb3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -225,3 +225,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b06-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b07-4curve.tar.xz
diff --git a/NEWS b/NEWS
index f9484d0..6a07c87 100644
--- a/NEWS
+++ b/NEWS
@@ -104,6 +104,7 @@ Live versions of these release notes can be found at:
- JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
- JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
- JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
+ - JDK-8263008: AARCH64: Add debug info for libsaproc.so
* Shenandoah
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
- Revert differences against upstream 8u
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index cdec57f..4d80d62 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b06
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b07
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 0
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2534,6 +2534,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Thu Mar 25 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b07-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b07 (EA)
+- Update release notes for 8u292-b07.
+
* Mon Mar 24 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b06-0.1.ea
- removal of atk accessibility bridge bindings:
- removed libatk-wrapper[.]so.* from global _privatelibs
diff --git a/sources b/sources
index c1c7289..8d2689b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b06-4curve.tar.xz) = f69272380ff719727e4213e17503a76505eb8103b73d582ba5ec862fb002e8becd106aa426d86326401c394362b11eb7b5891fc260f9d06662bce406c5c1a803
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b07-4curve.tar.xz) = d12cba379f610b426ce95b67763e60e6eaf6821f08c69516dac49932c72f116f0e5934ca946877f1caa97efa6259097e5669fed0af9b2bc3bc575c88ef158f44
commit 0c79c1451ef42c540682fb75329a92bb110609e7
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Wed Mar 24 11:18:46 2021 +0100
removal of atk accessibility bridge bindings:
- removed libatk-wrapper[.]so.* from global _privatelibs
- removed files_accessibility and java_accessibility_rpo macros
- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and patch3 rh1648644-java_access_bridge_privileged_security.patch
- removal of accessibility{,-slowdebug,-fastdebug} subpackages
- no longer creating symlinks of %%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %%{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
- no longer creating %%{_jvmdir}/%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c3c803c..cdec57f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -354,7 +354,7 @@
# fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349
# https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14
# https://bugzilla.redhat.com/show_bug.cgi?id=1655938
-%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
+%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
%global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.*
%if %is_system_jdk
%global __provides_exclude ^(%{_privatelibs})$
@@ -1064,12 +1064,6 @@ exit 0
%endif
}
-%define files_accessibility() %{expand:
-%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libatk-wrapper.so
-%{_jvmdir}/%{jredir -- %{?1}}/lib/ext/java-atk-wrapper.jar
-%{_jvmdir}/%{jredir -- %{?1}}/lib/accessibility.properties
-}
-
# not-duplicated requires/provides/obsoletes for normal/debug packages
%define java_rpo() %{expand:
Requires: fontconfig%{?_isa}
@@ -1200,17 +1194,6 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
%endif
}
-%define java_accessibility_rpo() %{expand:
-Requires: java-atk-wrapper%{?_isa}
-Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
-OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
-
-Provides: java-accessibility%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-accessibility%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{release}
-
-}
# Prevent brp-java-repack-jars from being run
%global __jar_repack 0
@@ -1302,11 +1285,6 @@ Source16: CheckVendor.java
# either in their current form or at all.
############################################
-# Accessibility patches
-# Ignore AWTError when assistive technologies are loaded
-Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
-# Restrict access to java-atk-wrapper classes
-Patch3: rh1648644-java_access_bridge_privileged_security.patch
# Turn on AssumeMP by default on RHEL systems
Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
@@ -1671,44 +1649,6 @@ BuildArch: noarch
The %{origin_nice} %{majorver} API documentation compressed in a single archive.
%endif
-%if %{include_normal_build}
-%package accessibility
-Summary: %{origin_nice} %{majorver} accessibility connector
-
-%{java_accessibility_rpo %{nil}}
-
-%description accessibility
-Enables accessibility support in %{origin_nice} %{majorver} by using java-atk-wrapper. This allows
-compatible at-spi2 based accessibility programs to work for AWT and Swing-based
-programs.
-
-Please note, the java-atk-wrapper is still in beta, and %{origin_nice} %{majorver} itself is still
-being tuned to be working with accessibility features. There are known issues
-with accessibility on, so please do not install this package unless you really
-need to.
-%endif
-
-%if %{include_debug_build}
-%package accessibility-slowdebug
-Summary: %{origin_nice} %{majorver} accessibility connector %{for_debug}
-
-%{java_accessibility_rpo -- %{debug_suffix_unquoted}}
-
-%description accessibility-slowdebug
-See normal java-%{version}-openjdk-accessibility description.
-%endif
-
-%if %{include_fastdebug_build}
-%package accessibility-fastdebug
-Summary: %{origin_nice} %{majorver} accessibility connector %{for_fastdebug}
-
-%{java_accessibility_rpo -- %{fastdebug_suffix_unquoted}}
-
-%description accessibility-fastdebug
-See normal java-%{version}-openjdk-accessibility description.
-%endif
-
-
%if %{with_openjfx_binding}
%package openjfx
Summary: OpenJDK x OpenJFX connector. This package adds symliks finishing Java FX integration to %{name}
@@ -1832,8 +1772,6 @@ sh %{SOURCE12}
%patch400
%patch401
-%patch1
-%patch3
%patch5
# s390 build fixes
@@ -2317,21 +2255,6 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \
| sed 's|^|%dir |' \
>> %{name}-demo.files"$suffix"
-# Create links which leads to separately installed java-atk-bridge and allow configuration
-# links points to java-atk-wrapper - an dependence
- pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}
- ln -s %{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so
- popd
- pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/ext
- ln -s %{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
- popd
- pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/
- echo "#Config file to enable java-atk-wrapper" > accessibility.properties
- echo "" >> accessibility.properties
- echo "assistive_technologies=org.GNOME.Accessibility.AtkWrapper" >> accessibility.properties
- echo "" >> accessibility.properties
- popd
-
# intentionally after all else, fx links with redirections on its own
%if %{with_openjfx_binding}
FXSDK_FILES=%{name}-openjfx-devel.files"$suffix"
@@ -2534,7 +2457,6 @@ require "copy_jdk_configs.lua"
# placeholder
%endif
-
%if %{include_normal_build}
%files headless
# important note, see https://bugzilla.redhat.com/show_bug.cgi?id=1038092 for whole issue
@@ -2558,9 +2480,6 @@ require "copy_jdk_configs.lua"
%files javadoc-zip
%{files_javadoc_zip %{nil}}
-%files accessibility
-%{files_accessibility %{nil}}
-
%if %{with_openjfx_binding}
%files openjfx -f %{name}-openjfx.files
@@ -2584,9 +2503,6 @@ require "copy_jdk_configs.lua"
%files src-slowdebug
%{files_src -- %{debug_suffix_unquoted}}
-%files accessibility-slowdebug
-%{files_accessibility -- %{debug_suffix_unquoted}}
-
%if %{with_openjfx_binding}
%files openjfx-slowdebug -f %{name}-openjfx.files-slowdebug
@@ -2604,16 +2520,12 @@ require "copy_jdk_configs.lua"
%files devel-fastdebug
%{files_devel -- %{fastdebug_suffix_unquoted}}
-
%files demo-fastdebug -f %{name}-demo.files-fastdebug
%{files_demo -- %{fastdebug_suffix_unquoted}}
%files src-fastdebug
%{files_src -- %{fastdebug_suffix_unquoted}}
-%files accessibility-fastdebug
-%{files_accessibility -- %{fastdebug_suffix_unquoted}}
-
%if %{with_openjfx_binding}
%files openjfx-fastdebug -f %{name}-openjfx.files-fastdebug
@@ -2622,6 +2534,16 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Mon Mar 24 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.292.b06-0.1.ea
+- removal of atk accessibility bridge bindings:
+- removed libatk-wrapper[.]so.* from global _privatelibs
+- removed files_accessibility and java_accessibility_rpo macros
+- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and patch3 rh1648644-java_access_bridge_privileged_security.patch
+- removal of accessibility{,-slowdebug,-fastdebug} subpackages
+- no longer creating symlinks of %%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %%{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
+- no longer creating %%{_jvmdir}/%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
+- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
+
* Mon Mar 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b06-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b06 (EA)
- Update release notes for 8u292-b06.
diff --git a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
deleted file mode 100644
index bddd702..0000000
--- a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java
---- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500
-+++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500
-@@ -883,7 +883,11 @@
- return null;
- }
- });
-- loadAssistiveTechnologies();
-+ try {
-+ loadAssistiveTechnologies();
-+ } catch ( AWTError error) {
-+ // ignore silently
-+ }
- }
- return toolkit;
- }
diff --git a/rh1648644-java_access_bridge_privileged_security.patch b/rh1648644-java_access_bridge_privileged_security.patch
deleted file mode 100644
index 28060ed..0000000
--- a/rh1648644-java_access_bridge_privileged_security.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git openjdk.orig/jdk/src/share/lib/security/java.security-linux openjdk/jdk/src/share/lib/security/java.security-linux
---- openjdk.orig/jdk/src/share/lib/security/java.security-linux
-+++ openjdk/jdk/src/share/lib/security/java.security-linux
-@@ -226,7 +226,9 @@
- com.sun.activation.registries.,\
- jdk.jfr.events.,\
- jdk.jfr.internal.,\
-- jdk.management.jfr.internal.
-+ jdk.management.jfr.internal.,\
-+ org.GNOME.Accessibility.,\
-+ org.GNOME.Bonobo.
-
- #
- # List of comma-separated packages that start with or equal this string
-@@ -279,7 +281,9 @@
- com.sun.activation.registries.,\
- jdk.jfr.events.,\
- jdk.jfr.internal.,\
-- jdk.management.jfr.internal.
-+ jdk.management.jfr.internal.,\
-+ org.GNOME.Accessibility.,\
-+ org.GNOME.Bonobo.
-
- #
- # Determines whether this properties file can be appended to
commit 4efcbc5b8772b8cf79002ef115cec77f28d2da8a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Mar 22 03:49:43 2021 +0000
Update to aarch64-shenandoah-jdk8u292-b06 (EA)
Update release notes for 8u292-b06.
Require tzdata 2020f due to JDK-8259048
diff --git a/.gitignore b/.gitignore
index 6baa99c..cd6ab2b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -224,3 +224,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index e3183b6..f9484d0 100644
--- a/NEWS
+++ b/NEWS
@@ -94,6 +94,7 @@ Live versions of these release notes can be found at:
- JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
- JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
- JDK-8258933: G1 needs klass_or_null_acquire
+ - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b468e71..c3c803c 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 0
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1105,8 +1105,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2020b required as of JDK-8254177 in October CPU
-Requires: tzdata-java >= 2020b
+# 2020f required as of JDK-8259048 in April CPU
+Requires: tzdata-java >= 2020f
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1474,8 +1474,8 @@ BuildRequires: java-1.8.0-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
-# 2020b required as of JDK-8254177 in October CPU
-BuildRequires: tzdata-java >= 2020b
+# 2020f required as of JDK-8259048 in April CPU
+BuildRequires: tzdata-java >= 2020f
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2622,6 +2622,11 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Mon Mar 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b06-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b06 (EA)
+- Update release notes for 8u292-b06.
+- Require tzdata 2020f due to JDK-8259048
+
* Thu Mar 18 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b05-0.2.ea
- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA)
- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11.
diff --git a/sources b/sources
index 9c386e5..c1c7289 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11-4curve.tar.xz) = fc31d0933b5bf73b91b0e54e7683310b15debcbfe10e41f632a65b9fa4bc5345241107d4b4b99a18bd3e41b0843fbfa06348e267cb19a7e0739b8a2b291b2953
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b06-4curve.tar.xz) = f69272380ff719727e4213e17503a76505eb8103b73d582ba5ec862fb002e8becd106aa426d86326401c394362b11eb7b5891fc260f9d06662bce406c5c1a803
commit a63448df0f164c612af39e9fbc2e5a174e441cd1
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Mar 19 02:46:15 2021 +0000
Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA)
Update release notes for 8u292-b05-shenandoah-merge-2021-03-11.
Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.
Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.
diff --git a/.gitignore b/.gitignore
index 956b2b5..6baa99c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -223,3 +223,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 835e478..e3183b6 100644
--- a/NEWS
+++ b/NEWS
@@ -103,8 +103,41 @@ Live versions of these release notes can be found at:
- JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
- JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
- JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
+* Shenandoah
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
- Revert differences against upstream 8u
+ - [backport] 8202976: Add C1 lea patching support for x86
+ - [backport] 8221507: Implement JFR Events for Shenandoah
+ - [backport] 8224573: Fix windows build after JDK-8221507
+ - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs
+ - [backport] 8229474: Shenandoah: Cleanup CM::update_roots()
+ - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs)
+ - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2
+ - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots
+ - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB
+ - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes
+ - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64
+ - [backport] 8233574: Shenandoah: build is broken without jfr
+ - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint
+ - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx"
+ - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type
+ - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength()
+ - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition
+ - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier
+ - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition
+ - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks
+ - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape"
+ - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
+ - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option
+ - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
+ - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
+ - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask
+ - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
+ - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
+ - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
+ - Fix register allocation for thread register is 32bit LRB
+ - Fix Shenandoah bindings in ADLC formssel
+ - Shenandoah: Backed out weak roots cleaning during full gc
Notes on individual issues:
===========================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 491bcba..b468e71 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b05
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2622,6 +2622,12 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Thu Mar 18 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b05-0.2.ea
+- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA)
+- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11.
+- Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.
+- Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.
+
* Thu Mar 18 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b05-0.1.ea
- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
diff --git a/s390-8214206_fix.patch b/s390-8214206_fix.patch
index fd5b7c5..1b78a9b 100644
--- a/s390-8214206_fix.patch
+++ b/s390-8214206_fix.patch
@@ -20,3 +20,27 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenan
// Defensively saturate for product bits:
if (mag < 0) {
+diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp
++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.cpp
+@@ -659,7 +659,7 @@
+ }
+
+ size_t ShenandoahHeap::soft_max_capacity() const {
+- size_t v = OrderAccess::load_acquire((volatile size_t*)&_soft_max_size);
++ size_t v = OrderAccess::load_acquire((volatile jlong*)&_soft_max_size);
+ assert(min_capacity() <= v && v <= max_capacity(),
+ err_msg("Should be in bounds: " SIZE_FORMAT " <= " SIZE_FORMAT " <= " SIZE_FORMAT,
+ min_capacity(), v, max_capacity()));
+diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp
++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahHeap.hpp
+@@ -155,7 +155,7 @@
+ private:
+ size_t _initial_size;
+ size_t _minimum_size;
+- volatile size_t _soft_max_size;
++ volatile jlong _soft_max_size;
+ shenandoah_padding(0);
+ volatile jlong _used;
+ volatile size_t _committed;
diff --git a/sources b/sources
index b0c0d1b..9c386e5 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-4curve.tar.xz) = 6267e958e05c36d010578ea1b773b5575f11c085c4c1036a96f984c44df17d70cb46a5d6db75fb509a900f6918da7bfbbe5e24530691f393069471c7f2b51993
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11-4curve.tar.xz) = fc31d0933b5bf73b91b0e54e7683310b15debcbfe10e41f632a65b9fa4bc5345241107d4b4b99a18bd3e41b0843fbfa06348e267cb19a7e0739b8a2b291b2953
commit c98058256bd97721ffdfb0dbf8a9fe8e7a9f5d47
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Mar 18 18:55:49 2021 +0000
Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index aeec4dd..491bcba 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2622,6 +2622,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Thu Mar 18 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b05-0.1.ea
+- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
+- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
+
* Mon Mar 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b05-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b05 (EA)
- Update release notes for 8u292-b05.
diff --git a/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch b/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
index 53bceec..4098bdc 100644
--- a/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
+++ b/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch
@@ -1,7 +1,7 @@
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp
-@@ -2659,7 +2659,7 @@
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/compactibleFreeListSpace.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -2689,7 +2689,7 @@
if (ResizeOldPLAB && CMSOldPLABResizeQuicker) {
size_t multiple = _num_blocks[word_sz]/(CMSOldPLABToleranceFactor*CMSOldPLABNumRefills*n_blks);
n_blks += CMSOldPLABReactivityFactor*multiple*n_blks;
@@ -10,10 +10,10 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSwe
}
assert(n_blks > 0, "Error");
_cfls->par_get_chunk_of_blocks(word_sz, n_blks, fl);
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
-@@ -957,7 +957,7 @@
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/concurrentMarkSweep/concurrentMarkSweepGeneration.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -961,7 +961,7 @@
if (free_percentage < desired_free_percentage) {
size_t desired_capacity = (size_t)(used() / ((double) 1 - desired_free_percentage));
assert(desired_capacity >= capacity(), "invalid expansion size");
@@ -22,7 +22,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSwe
if (PrintGCDetails && Verbose) {
size_t desired_capacity = (size_t)(used() / ((double) 1 - desired_free_percentage));
gclog_or_tty->print_cr("\nFrom compute_new_size: ");
-@@ -6577,7 +6577,7 @@
+@@ -6591,7 +6591,7 @@
HeapWord* curAddr = _markBitMap.startWord();
while (curAddr < _markBitMap.endWord()) {
size_t remaining = pointer_delta(_markBitMap.endWord(), curAddr);
@@ -31,7 +31,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSwe
_markBitMap.clear_large_range(chunk);
if (ConcurrentMarkSweepThread::should_yield() &&
!foregroundGCIsActive() &&
-@@ -6875,7 +6875,7 @@
+@@ -6889,7 +6889,7 @@
return;
}
// Double capacity if possible
@@ -40,30 +40,34 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/concurrentMarkSwe
// Do not give up existing stack until we have managed to
// get the double capacity that we desired.
ReservedSpace rs(ReservedSpace::allocation_align_size_up(
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp
-@@ -3902,7 +3902,7 @@
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/concurrentMark.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/concurrentMark.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -3916,7 +3916,7 @@
// of things to do) or totally (at the very end).
size_t target_size;
if (partially) {
- target_size = MIN2((size_t)_task_queue->max_elems()/3, GCDrainStackTargetSize);
-+ target_size = MIN2((size_t)(_task_queue->max_elems()/3), (size_t) GCDrainStackTargetSize);
++ target_size = MIN2((size_t)_task_queue->max_elems()/3, (size_t)GCDrainStackTargetSize);
} else {
target_size = 0;
}
-@@ -4706,7 +4706,7 @@
- // The > 0 check is to deal with the prev and next live bytes which
- // could be 0.
- if (*hum_bytes > 0) {
-- bytes = MIN2(HeapRegion::GrainBytes, *hum_bytes);
-+ bytes = MIN2(HeapRegion::GrainBytes, (size_t)*hum_bytes);
- *hum_bytes -= bytes;
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1BiasedArray.hpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp Tue Sep 08 22:20:44 2020 -0400
+@@ -78,7 +78,8 @@
+ size_t num_target_elems = pointer_delta(end, bottom, mapping_granularity_in_bytes);
+ idx_t bias = (uintptr_t)bottom / mapping_granularity_in_bytes;
+ address base = create_new_base_array(num_target_elems, target_elem_size_in_bytes);
+- initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, log2_intptr(mapping_granularity_in_bytes));
++ initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes,
++ log2_intptr((uintptr_t)mapping_granularity_in_bytes));
}
- return bytes;
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
+
+ size_t bias() const { return _bias; }
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHeap.cpp Tue Sep 08 22:20:44 2020 -0400
@@ -1729,7 +1729,7 @@
verify_region_sets_optional();
@@ -73,21 +77,33 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1CollectedHea
ergo_verbose1(ErgoHeapSizing,
"attempt heap expansion",
ergo_format_reason("allocation request failed")
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.cpp
-@@ -117,7 +117,7 @@
- return reserved_size() - committed_size();
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -41,7 +41,7 @@
}
--size_t G1PageBasedVirtualSpace::addr_to_page_index(char* addr) const {
-+uintptr_t G1PageBasedVirtualSpace::addr_to_page_index(char* addr) const {
- return (addr - _low_boundary) / _page_size;
- }
+ size_t G1CMObjArrayProcessor::process_array_slice(objArrayOop obj, HeapWord* start_from, size_t remaining) {
+- size_t words_to_scan = MIN2(remaining, ObjArrayMarkingStride);
++ size_t words_to_scan = MIN2(remaining, (size_t)ObjArrayMarkingStride);
+
+ if (remaining > ObjArrayMarkingStride) {
+ push_array_slice(start_from + ObjArrayMarkingStride);
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.hpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.hpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1PageBasedVirtualSpace.hpp Tue Sep 08 22:20:44 2020 -0400
+@@ -89,7 +89,7 @@
+ void pretouch_internal(size_t start_page, size_t end_page);
+
+ // Returns the index of the page which contains the given address.
+- uintptr_t addr_to_page_index(char* addr) const;
++ size_t addr_to_page_index(char* addr) const;
+ // Returns the address of the given page index.
+ char* page_start(size_t index) const;
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQueue.cpp Tue Sep 08 22:20:44 2020 -0400
@@ -38,7 +38,7 @@
_cancel(false),
_empty(true),
@@ -97,9 +113,9 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupQ
_queues = NEW_C_HEAP_ARRAY(G1StringDedupWorkerQueue, _nqueues, mtGC);
for (size_t i = 0; i < _nqueues; i++) {
new (_queues + i) G1StringDedupWorkerQueue(G1StringDedupWorkerQueue::default_segment_size(), _max_cache_size, _max_size);
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupTable.cpp Tue Sep 08 22:20:44 2020 -0400
@@ -120,7 +120,7 @@
};
@@ -109,10 +125,10 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupT
_max_list_length(0),
_cached(PaddedArray<G1StringDedupEntryList, mtGC>::create_unfreeable((uint)_nlists)),
_overflowed(PaddedArray<G1StringDedupEntryList, mtGC>::create_unfreeable((uint)_nlists)) {
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
-@@ -109,7 +109,7 @@
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/g1/heapRegion.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -110,7 +110,7 @@
if (FLAG_IS_DEFAULT(G1HeapRegionSize)) {
size_t average_heap_size = (initial_heap_size + max_heap_size) / 2;
region_size = MAX2(average_heap_size / HeapRegionBounds::target_number(),
@@ -121,9 +137,9 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/heapRegion.cpp
}
int region_size_log = log2_long((jlong) region_size);
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp Tue Sep 08 22:20:44 2020 -0400
@@ -194,7 +194,7 @@
const size_t num_overflow_elems = of_stack->size();
const size_t space_available = queue->max_elems() - queue->size();
@@ -133,29 +149,27 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/parNew/parNewGene
num_overflow_elems);
// Transfer the most recent num_take_elems from the overflow
// stack to our work queue.
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
-@@ -910,8 +910,8 @@
+diff -r 4689eaf1a5c9 src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/gc_implementation/parallelScavenge/psParallelCompact.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -912,7 +912,7 @@
+
void PSParallelCompact::initialize_dead_wood_limiter()
{
- const size_t max = 100;
-- _dwl_mean = double(MIN2(ParallelOldDeadWoodLimiterMean, max)) / 100.0;
-- _dwl_std_dev = double(MIN2(ParallelOldDeadWoodLimiterStdDev, max)) / 100.0;
-+ _dwl_mean = double(MIN2((size_t)ParallelOldDeadWoodLimiterMean, max)) / 100.0;
-+ _dwl_std_dev = double(MIN2((size_t)ParallelOldDeadWoodLimiterStdDev, max)) / 100.0;
+- const size_t max = 100;
++ const uintx max = 100;
+ _dwl_mean = double(MIN2(ParallelOldDeadWoodLimiterMean, max)) / 100.0;
+ _dwl_std_dev = double(MIN2(ParallelOldDeadWoodLimiterStdDev, max)) / 100.0;
_dwl_first_term = 1.0 / (sqrt(2.0 * M_PI) * _dwl_std_dev);
- DEBUG_ONLY(_dwl_initialized = true;)
- _dwl_adjustment = normal_distribution(1.0);
-diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp
---- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp
-+++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp
+diff -r 4689eaf1a5c9 src/share/vm/memory/collectorPolicy.cpp
+--- openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/memory/collectorPolicy.cpp Tue Sep 08 22:20:44 2020 -0400
@@ -385,7 +385,7 @@
uintx calculated_size = NewSize + OldSize;
double shrink_factor = (double) MaxHeapSize / calculated_size;
uintx smaller_new_size = align_size_down((uintx)(NewSize * shrink_factor), _gen_alignment);
- FLAG_SET_ERGO(uintx, NewSize, MAX2(young_gen_size_lower_bound(), smaller_new_size));
-+ FLAG_SET_ERGO(uintx, NewSize, MAX2(young_gen_size_lower_bound(), (size_t)smaller_new_size));
++ FLAG_SET_ERGO(uintx, NewSize, MAX2((uintx)young_gen_size_lower_bound(), smaller_new_size));
_initial_gen0_size = NewSize;
// OldSize is already aligned because above we aligned MaxHeapSize to
@@ -168,7 +182,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/
}
assert(max_new_size > 0, "All paths should set max_new_size");
-@@ -455,24 +455,23 @@
+@@ -455,23 +455,25 @@
// lower limit.
_min_gen0_size = NewSize;
desired_new_size = NewSize;
@@ -190,15 +204,16 @@ diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/
// NewRatio is overly large, the resulting sizes can be too
// small.
- _min_gen0_size = MAX2(scale_by_NewRatio_aligned(_min_heap_byte_size), NewSize);
-+ _min_gen0_size = MAX2(scale_by_NewRatio_aligned(_min_heap_byte_size), (size_t)NewSize);
++ _min_gen0_size = MAX2(scale_by_NewRatio_aligned(_min_heap_byte_size),
++ (size_t)NewSize);
desired_new_size =
- MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), NewSize);
-- }
-+ MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size), (size_t)NewSize); }
++ MAX2(scale_by_NewRatio_aligned(_initial_heap_byte_size),
++ (size_t)NewSize);
+ }
assert(_min_gen0_size > 0, "Sanity check");
- _initial_gen0_size = desired_new_size;
-@@ -573,7 +572,7 @@
+@@ -573,7 +575,7 @@
} else {
// It's been explicitly set on the command line. Use the
// OldSize and then determine the consequences.
@@ -207,9 +222,9 @@ diff --git openjdk.orig/hotspot/src/share/vm/memory/collectorPolicy.cpp openjdk/
_initial_gen1_size = OldSize;
// If the user has explicitly set an OldSize that is inconsistent
-diff --git openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp openjdk/hotspot/src/share/vm/memory/metaspace.cpp
---- openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp
-+++ openjdk/hotspot/src/share/vm/memory/metaspace.cpp
+diff -r 4689eaf1a5c9 src/share/vm/memory/metaspace.cpp
+--- openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/memory/metaspace.cpp Tue Sep 08 22:20:44 2020 -0400
@@ -1482,7 +1482,7 @@
void MetaspaceGC::post_initialize() {
@@ -237,38 +252,18 @@ diff --git openjdk.orig/hotspot/src/share/vm/memory/metaspace.cpp openjdk/hotspo
if (PrintGCDetails && Verbose) {
gclog_or_tty->print_cr(" "
" maximum_free_percentage: %6.2f"
-@@ -3361,7 +3361,7 @@
+@@ -3320,7 +3320,7 @@
+ // Make the first class chunk bigger than a medium chunk so it's not put
// on the medium chunk list. The next chunk will be small and progress
// from there. This size calculated by -version.
- _first_class_chunk_word_size = MIN2((size_t)MediumChunk*6,
-- (CompressedClassSpaceSize/BytesPerWord)*2);
-+ (size_t)(CompressedClassSpaceSize/BytesPerWord)*2);
+- _first_class_chunk_word_size = MIN2((size_t)MediumChunk*6,
++ _first_class_chunk_word_size = MIN2((uintx)MediumChunk*6,
+ (CompressedClassSpaceSize/BytesPerWord)*2);
_first_class_chunk_word_size = align_word_size_up(_first_class_chunk_word_size);
// Arbitrarily set the initial virtual space to a multiple
- // of the boot class loader size.
-diff --git openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp
---- openjdk.orig/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp
-+++ openjdk/hotspot/src/share/vm/memory/threadLocalAllocBuffer.cpp
-@@ -250,13 +250,13 @@
- size_t init_sz = 0;
-
- if (TLABSize > 0) {
-- init_sz = TLABSize / HeapWordSize;
-+ init_sz = (size_t)(TLABSize / HeapWordSize);
- } else if (global_stats() != NULL) {
- // Initial size is a function of the average number of allocating threads.
- unsigned nof_threads = global_stats()->allocating_threads_avg();
-
-- init_sz = (Universe::heap()->tlab_capacity(myThread()) / HeapWordSize) /
-- (nof_threads * target_refills());
-+ init_sz = (size_t)((Universe::heap()->tlab_capacity(myThread()) / HeapWordSize) /
-+ (nof_threads * target_refills()));
- init_sz = align_object_size(init_sz);
- }
- init_sz = MIN2(MAX2(init_sz, min_size()), max_size());
-diff --git openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp
---- openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp
-+++ openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp
+diff -r 4689eaf1a5c9 src/share/vm/oops/objArrayKlass.inline.hpp
+--- openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp Tue Sep 08 22:20:44 2020 -0400
@@ -48,7 +48,7 @@
const size_t beg_index = size_t(index);
assert(beg_index < len || len == 0, "index too large");
@@ -287,10 +282,10 @@ diff --git openjdk.orig/hotspot/src/share/vm/oops/objArrayKlass.inline.hpp openj
const size_t end_index = beg_index + stride;
T* const base = (T*)a->base();
T* const beg = base + beg_index;
-diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotspot/src/share/vm/runtime/arguments.cpp
---- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp
-+++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp
-@@ -1289,7 +1289,7 @@
+diff -r 4689eaf1a5c9 src/share/vm/runtime/arguments.cpp
+--- openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/runtime/arguments.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -1301,7 +1301,7 @@
// NewSize was set on the command line and it is larger than
// preferred_max_new_size.
if (!FLAG_IS_DEFAULT(NewSize)) { // NewSize explicitly set at command-line
@@ -299,7 +294,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotsp
} else {
FLAG_SET_ERGO(uintx, MaxNewSize, preferred_max_new_size);
}
-@@ -1314,8 +1314,8 @@
+@@ -1326,8 +1326,8 @@
// Unless explicitly requested otherwise, make young gen
// at least min_new, and at most preferred_max_new_size.
if (FLAG_IS_DEFAULT(NewSize)) {
@@ -310,7 +305,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotsp
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
tty->print_cr("CMS ergo set NewSize: " SIZE_FORMAT, NewSize);
-@@ -1325,7 +1325,7 @@
+@@ -1337,7 +1337,7 @@
// so it's NewRatio x of NewSize.
if (FLAG_IS_DEFAULT(OldSize)) {
if (max_heap > NewSize) {
@@ -319,25 +314,15 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotsp
if (PrintGCDetails && Verbose) {
// Too early to use gclog_or_tty
tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize);
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp
-@@ -41,7 +41,7 @@
+diff -r 4689eaf1a5c9 src/share/vm/runtime/os.cpp
+--- openjdk.orig/hotspot/src/share/vm/runtime/os.cpp Mon Aug 31 07:09:56 2020 +0100
++++ openjdk/hotspot/src/share/vm/runtime/os.cpp Tue Sep 08 22:20:44 2020 -0400
+@@ -1272,7 +1272,7 @@
}
- size_t G1CMObjArrayProcessor::process_array_slice(objArrayOop obj, HeapWord* start_from, size_t remaining) {
-- size_t words_to_scan = MIN2(remaining, ObjArrayMarkingStride);
-+ size_t words_to_scan = MIN2(remaining, (size_t) ObjArrayMarkingStride);
-
- if (remaining > ObjArrayMarkingStride) {
- push_array_slice(start_from + ObjArrayMarkingStride);
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
-@@ -150,5 +150,5 @@
- return value;
- }
-
-- return (size_t)1 << (log2_intptr(value) + 1);
-+ return (size_t)1 << (log2_intptr((uintptr_t) value) + 1);
- }
+ void os::set_memory_serialize_page(address page) {
+- int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64);
++ int count = log2_intptr((uintptr_t)sizeof(class JavaThread)) - log2_int(64);
+ _mem_serialize_page = (volatile int32_t *)page;
+ // We initialize the serialization page shift count here
+ // We assume a cache line size of 64 bytes
diff --git a/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch b/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch
index e1e7214..a980895 100644
--- a/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch
+++ b/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch
@@ -141,3 +141,26 @@ diff --git openjdk.orig/hotspot/src/share/vm/utilities/globalDefinitions.hpp ope
#define INTX_FORMAT "%" PRIdPTR
#define UINTX_FORMAT "%" PRIuPTR
+diff --git openjdk.orig/hotspot/src/share/vm/runtime/memprofiler.cpp openjdk/hotspot/src/share/vm/runtime/memprofiler.cpp
+--- openjdk.orig/hotspot/src/share/vm/runtime/memprofiler.cpp
++++ openjdk/hotspot/src/share/vm/runtime/memprofiler.cpp
+@@ -117,16 +117,16 @@
+ }
+
+ // Print trace line in log
+- fprintf(_log_fp, "%6.1f,%5d,%5d," UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) ",",
++ fprintf(_log_fp, "%6.1f,%5d,%5d," SIZE_FORMAT_W(6) "," SIZE_FORMAT_W(6) ",",
+ os::elapsedTime(),
+ Threads::number_of_threads(),
+ SystemDictionary::number_of_classes(),
+ Universe::heap()->used() / K,
+ Universe::heap()->capacity() / K);
+
+- fprintf(_log_fp, UINTX_FORMAT_W(6) ",", CodeCache::capacity() / K);
++ fprintf(_log_fp, SIZE_FORMAT_W(6) ",", CodeCache::capacity() / K);
+
+- fprintf(_log_fp, UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) "," UINTX_FORMAT_W(6) "\n",
++ fprintf(_log_fp, SIZE_FORMAT_W(6) "," SIZE_FORMAT_W(6) "," SIZE_FORMAT_W(6) "\n",
+ handles_memory_usage / K,
+ resource_memory_usage / K,
+ OopMapCache::memory_usage() / K);
diff --git a/s390-8214206_fix.patch b/s390-8214206_fix.patch
index 42902cf..fd5b7c5 100644
--- a/s390-8214206_fix.patch
+++ b/s390-8214206_fix.patch
@@ -1,16 +1,13 @@
-diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp
---- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp
-+++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1BiasedArray.hpp
-@@ -78,7 +78,8 @@
- size_t num_target_elems = pointer_delta(end, bottom, mapping_granularity_in_bytes);
- idx_t bias = (uintptr_t)bottom / mapping_granularity_in_bytes;
- address base = create_new_base_array(num_target_elems, target_elem_size_in_bytes);
-- initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes, log2_intptr(mapping_granularity_in_bytes));
-+ initialize_base(base, num_target_elems, bias, target_elem_size_in_bytes,
-+ log2_long(mapping_granularity_in_bytes));
+diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
+--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp
+@@ -150,5 +150,5 @@
+ return value;
}
- size_t bias() const { return _bias; }
+- return (size_t)1 << (log2_intptr(value) + 1);
++ return (size_t)1 << (log2_intptr((uintptr_t) value) + 1);
+ }
diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
+++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahNumberSeq.cpp
@@ -19,19 +16,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenan
Atomic::add(val, &_sum);
- int mag = log2_intptr(val) + 1;
-+ int mag = log2_long(val) + 1;
++ int mag = log2_intptr((uintptr_t)val) + 1;
// Defensively saturate for product bits:
if (mag < 0) {
-diff --git openjdk.orig/hotspot/src/share/vm/runtime/os.cpp openjdk/hotspot/src/share/vm/runtime/os.cpp
---- openjdk.orig/hotspot/src/share/vm/runtime/os.cpp
-+++ openjdk/hotspot/src/share/vm/runtime/os.cpp
-@@ -1284,7 +1284,7 @@
- }
-
- void os::set_memory_serialize_page(address page) {
-- int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64);
-+ int count = log2_long(sizeof(class JavaThread)) - log2_int(64);
- _mem_serialize_page = (volatile int32_t *)page;
- // We initialize the serialization page shift count here
- // We assume a cache line size of 64 bytes
commit 13bfe740ca068594961a45c85db435f8a471688f
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Mar 9 17:18:55 2021 +0000
Update to aarch64-shenandoah-jdk8u292-b05 (EA)
Update release notes for 8u292-b05.
diff --git a/.gitignore b/.gitignore
index 543be9e..956b2b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -222,3 +222,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-4curve.tar.xz
diff --git a/NEWS b/NEWS
index a34e64e..835e478 100644
--- a/NEWS
+++ b/NEWS
@@ -10,17 +10,26 @@ Live versions of these release notes can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
* Other changes
+ - JDK-6345095: regression test EmptyClipRenderingTest fails
+ - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
- JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
+ - JDK-7107012: sun.jvm.hostspot.code.CompressedReadStream readDouble() conversion to long mishandled
+ - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
+ - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
+ - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
- JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
- JDK-8035166: Remove dependency on EC classes from pkcs11 provider
- JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
- JDK-8038723: Openup some PrinterJob tests
+ - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X
- JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
- JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
+ - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported
- JDK-8078450: Implement consistent process for quarantine of tests
- JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
- JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
- JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
+ - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms
- JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
- JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
- JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
@@ -34,6 +43,7 @@ Live versions of these release notes can be found at:
- JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
- JDK-8202343: Disable TLS 1.0 and 1.1
- JDK-8209333: Socket reset issue for TLS 1.3 socket close
+ - JDK-8211301: [macos] support full window content options
- JDK-8211339: NPE during SSL handshake caused by HostnameChecker
- JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
- JDK-8217338: [Containers] Improve systemd slice memory limit support
@@ -56,9 +66,11 @@ Live versions of these release notes can be found at:
- JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
- JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
- JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
+ - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
- JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
- JDK-8242141: New System Properties to configure the TLS signature schemes
- JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
+ - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
- JDK-8249183: JVM crash in "AwtFrame::WmSize" method
- JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
- JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
@@ -76,6 +88,7 @@ Live versions of these release notes can be found at:
- JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
- JDK-8258079: Eliminate ParNew's use of klass_or_null()
- JDK-8256682: JDK-8202343 is incomplete
+ - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
- JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
- JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
@@ -86,7 +99,9 @@ Live versions of these release notes can be found at:
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
- JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
- JDK-8260930: AARCH64: Invalid value passed to critical JNI function
+ - JDK-8261231: Windows IME was disabled after DnD operation
- JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
+ - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
- JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
- Revert differences against upstream 8u
@@ -171,6 +186,53 @@ used for the TLS connections.
The names are described in the "Signature Schemes" section of the
*Java Security Standard Algorithm Names Specification*.
+tools/javac:
+
+JDK-8177368: Several incorporation steps are silently failing when an error should be reported
+==============================================================================================
+Reporting previously silent errors found during incorporation, JLS
+8§18.3, was supposed to be a clean-up with performance only
+implications. But consider the test case:
+
+import java.util.Arrays;
+import java.util.List;
+
+class Klass {
+ public static <A> List<List<A>> foo(List<? extends A>... lists) {
+ return foo(Arrays.asList(lists));
+ }
+
+ public static <B> List<List<B>> foo(List<? extends List<? extends B>> lists) {
+ return null;
+ }
+}
+
+This code was not accepted before the patch for [1], but after this
+patch the compiler is accepting it. Accepting this code is the right
+behavior as not reporting incorporation errors was a bug in the
+compiler. While determining the applicability of method: <B>
+List<List<B>> foo(List<? extends List<? extends B>> lists) for which
+we have the constraints: b <: Object t <: List<? extends B> t<:Object
+List<? extends A> <: t first, inference variable b is selected for
+instantiation: b = CAP1 of ? extends A so this implies that: t <:
+List<? extends CAP1 of ? extends A> t<: Object List<? extends A> <: t
+
+Now all the bounds are checked for consistency. While checking if
+List<? extends A> is a subtype of List<? extends CAP1 of ? extends A>
+a bound error is reported. Before the compiler was just swallowing
+it. As now the error is reported while inference variable b is being
+instantiated, the bound set is rolled back to it's initial state, 'b'
+is instantiated to Object, and with this instantiation the constraint
+set is solvable, the method is applicable, it's the only applicable
+one and the code is accepted as correct. The compiler behavior in this
+case is defined at JLS 8 §18.4
+
+This fix has source compatibility impact, right now code that wasn't
+being accepted is now being accepted by the javac compiler. Currently
+there are no reports of any other kind of incompatibility.
+
+[1] https://bugs.openjdk.java.net/browse/JDK-8078024
+
New in release OpenJDK 8u282 (2021-01-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 0249414..aeec4dd 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b04
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b05
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2622,6 +2622,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Mon Mar 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b05-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b05 (EA)
+- Update release notes for 8u292-b05.
+
* Fri Mar 05 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b04-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b04 (EA)
- Update release notes for 8u292-b04.
diff --git a/sources b/sources
index fb2e5a7..b0c0d1b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz) = db7a66478b34da1edc52488ee1ec3d8ce4bd3795df58ad9b34bdb8bc0cb863b6b29aa14c696fb5f48ac474def3b840bc2b279ffe16fffded838e2aec54f1fe1e
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b05-4curve.tar.xz) = 6267e958e05c36d010578ea1b773b5575f11c085c4c1036a96f984c44df17d70cb46a5d6db75fb509a900f6918da7bfbbe5e24530691f393069471c7f2b51993
commit 1b76c65723c98decdad20cc4dd1aab7cb40de68e
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Mar 5 06:01:54 2021 +0000
Update to aarch64-shenandoah-jdk8u292-b04 (EA)
Update release notes for 8u292-b04.
diff --git a/.gitignore b/.gitignore
index 1e967ba..543be9e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -221,3 +221,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz
diff --git a/NEWS b/NEWS
index edf401b..a34e64e 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,7 @@ Live versions of these release notes can be found at:
- JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
- JDK-8038723: Openup some PrinterJob tests
- JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
+ - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
- JDK-8078450: Implement consistent process for quarantine of tests
- JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
- JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
@@ -23,9 +24,11 @@ Live versions of these release notes can be found at:
- JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
- JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
- JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
+ - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address
- JDK-8160217: JavaSound should clean up resources better
- JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
- JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
+ - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
- JDK-8172404: Tools should warn if weak algorithms are used before restricting them
- JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
- JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
@@ -37,6 +40,7 @@ Live versions of these release notes can be found at:
- JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
- JDK-8221408: Windows 32bit build build errors/warnings in hotspot
- JDK-8223186: HotSpot compile warnings from GCC 9
+ - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
- JDK-8225805: Java Access Bridge does not close the logger
- JDK-8226899: Problemlist compiler/rtm tests
- JDK-8227642: [TESTBUG] Make docker tests podman compatible
@@ -46,7 +50,10 @@ Live versions of these release notes can be found at:
- JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
- JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
- JDK-8234728: Some security tests should support TLSv1.3
+ - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
+ - JDK-8235311: Tag mismatch may alert bad_record_mac
- JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
+ - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
- JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
- JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
- JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
@@ -77,7 +84,10 @@ Live versions of these release notes can be found at:
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
+ - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
- JDK-8260930: AARCH64: Invalid value passed to critical JNI function
+ - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
+ - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
- Revert differences against upstream 8u
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 58c87bd..0249414 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b03
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b04
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2622,6 +2622,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Fri Mar 05 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b04-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b04 (EA)
+- Update release notes for 8u292-b04.
+
* Thu Mar 04 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b03-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b03 (EA)
- Update release notes for 8u292-b03.
diff --git a/sources b/sources
index b463d0a..fb2e5a7 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz) = 9dabe45a32d25fd4332006e2b5b17a6bf43693cee3cb82a371c91857d647f86c5c50453b4a95a1c65121ca21fb4a74f9779925a07707f2b3d2e06b946b84b9ea
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz) = db7a66478b34da1edc52488ee1ec3d8ce4bd3795df58ad9b34bdb8bc0cb863b6b29aa14c696fb5f48ac474def3b840bc2b279ffe16fffded838e2aec54f1fe1e
commit 36a26ce298d7cf8ee36ea8d4c2ec3bc0dc9e446a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Mar 4 18:37:48 2021 +0000
Update to aarch64-shenandoah-jdk8u292-b03 (EA)
Update release notes for 8u292-b03.
diff --git a/.gitignore b/.gitignore
index b701844..1e967ba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -220,3 +220,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 2645cdb..edf401b 100644
--- a/NEWS
+++ b/NEWS
@@ -21,16 +21,20 @@ Live versions of these release notes can be found at:
- JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
- JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
- JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
+ - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
- JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
- JDK-8160217: JavaSound should clean up resources better
- JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
- JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
+ - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
- JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
- JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
- JDK-8202343: Disable TLS 1.0 and 1.1
+ - JDK-8209333: Socket reset issue for TLS 1.3 socket close
- JDK-8211339: NPE during SSL handshake caused by HostnameChecker
- JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
- JDK-8217338: [Containers] Improve systemd slice memory limit support
+ - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
- JDK-8221408: Windows 32bit build build errors/warnings in hotspot
- JDK-8223186: HotSpot compile warnings from GCC 9
- JDK-8225805: Java Access Bridge does not close the logger
@@ -44,6 +48,8 @@ Live versions of these release notes can be found at:
- JDK-8234728: Some security tests should support TLSv1.3
- JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
- JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
+ - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
+ - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
- JDK-8242141: New System Properties to configure the TLS signature schemes
- JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
- JDK-8249183: JVM crash in "AwtFrame::WmSize" method
@@ -57,10 +63,12 @@ Live versions of these release notes can be found at:
- JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
- JDK-8253932: SSL debug log prints incorrect caller info
- JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
+ - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
- JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
- JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
- JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
- JDK-8258079: Eliminate ParNew's use of klass_or_null()
+ - JDK-8256682: JDK-8202343 is incomplete
- JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
- JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
@@ -69,6 +77,7 @@ Live versions of these release notes can be found at:
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
+ - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
- Revert differences against upstream 8u
@@ -116,6 +125,15 @@ jdk.disabled.namedCurves` either from specific or from all
curves, remove the specific named curve(s) from the
`jdk.disabled.namedCurves` property.
+JDK-8244286: Tools Warn If Weak Algorithms Are Used
+===================================================
+The `keytool` and `jarsigner` tools have been updated to warn users
+when weak cryptographic algorithms are used in keys, certificates, and
+signed JARs before they are disabled. The weak algorithms are set in
+the `jdk.security.legacyAlgorithms` security property in the
+`java.security` configuration file. In this release, the tools issue
+warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
+
security-libs/javax.net.ssl:
JDK-8256490: Disable TLS 1.0 and 1.1
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index d60b160..58c87bd 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b02
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b03
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2622,6 +2622,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Thu Mar 04 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b03-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b03 (EA)
+- Update release notes for 8u292-b03.
+
* Tue Mar 02 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b02-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b02 (EA)
- Update release notes for 8u292-b02.
diff --git a/sources b/sources
index 14dc49a..b463d0a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz) = 8b08ade80d5ee2fc9c175242b0f3ecddb342791bfab56779ca2f8b30de48c4f5e116dd23a8c5ad495c38a84d96738e7ba2011b6a96752cf71105d19a53cfe821
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b03-4curve.tar.xz) = 9dabe45a32d25fd4332006e2b5b17a6bf43693cee3cb82a371c91857d647f86c5c50453b4a95a1c65121ca21fb4a74f9779925a07707f2b3d2e06b946b84b9ea
commit af1441c7511f2cf209e73b9de33aa391e5098486
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Mar 3 02:14:53 2021 +0000
Update to aarch64-shenandoah-jdk8u292-b02 (EA)
Update release notes for 8u292-b02.
diff --git a/.gitignore b/.gitignore
index 20468b5..b701844 100644
--- a/.gitignore
+++ b/.gitignore
@@ -219,3 +219,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz
diff --git a/NEWS b/NEWS
index bc656ee..2645cdb 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,7 @@ Live versions of these release notes can be found at:
- JDK-8038723: Openup some PrinterJob tests
- JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
- JDK-8078450: Implement consistent process for quarantine of tests
+ - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
- JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
- JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
- JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
@@ -25,6 +26,7 @@ Live versions of these release notes can be found at:
- JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
- JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
- JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
+ - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
- JDK-8202343: Disable TLS 1.0 and 1.1
- JDK-8211339: NPE during SSL handshake caused by HostnameChecker
- JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
@@ -45,7 +47,9 @@ Live versions of these release notes can be found at:
- JDK-8242141: New System Properties to configure the TLS signature schemes
- JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
- JDK-8249183: JVM crash in "AwtFrame::WmSize" method
+ - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
- JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
+ - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
- JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
- JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
- JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
@@ -60,11 +64,13 @@ Live versions of these release notes can be found at:
- JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
- JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
+ - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
- JDK-8258933: G1 needs klass_or_null_acquire
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
- JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
- JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
- Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
+ - Revert differences against upstream 8u
Notes on individual issues:
===========================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 99525d3..d60b160 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u292-b01
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b02
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2622,6 +2622,10 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Tue Mar 02 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b02-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b02 (EA)
+- Update release notes for 8u292-b02.
+
* Fri Feb 19 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b01-0.0.ea
- Update to aarch64-shenandoah-jdk8u292-b01 (EA)
- Update release notes for 8u292-b01.
diff --git a/sources b/sources
index 49a40a0..14dc49a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz) = 35e527c387f55af66132cdae8c8ea198700d731ce2a69136cf7e02a8f837a6f2d9c96303c84468305cc7762d65c3f95ef8264218a82652a00063179d2557a648
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b02-4curve.tar.xz) = 8b08ade80d5ee2fc9c175242b0f3ecddb342791bfab56779ca2f8b30de48c4f5e116dd23a8c5ad495c38a84d96738e7ba2011b6a96752cf71105d19a53cfe821
commit 572aa88c5790feba3ff49c2a7b716dd592c275a1
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sat Feb 20 03:23:35 2021 +0000
Update to aarch64-shenandoah-jdk8u292-b01 (EA)
Update release notes for 8u292-b01.
Switch to EA mode.
Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes
diff --git a/.gitignore b/.gitignore
index a9304d6..20468b5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -218,3 +218,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b06-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index ee1e724..bc656ee 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,140 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u292 (2021-04-20):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u292
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
+
+* Other changes
+ - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
+ - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
+ - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
+ - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
+ - JDK-8038723: Openup some PrinterJob tests
+ - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
+ - JDK-8078450: Implement consistent process for quarantine of tests
+ - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
+ - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
+ - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
+ - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
+ - JDK-8160217: JavaSound should clean up resources better
+ - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
+ - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
+ - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
+ - JDK-8202343: Disable TLS 1.0 and 1.1
+ - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
+ - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
+ - JDK-8217338: [Containers] Improve systemd slice memory limit support
+ - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
+ - JDK-8223186: HotSpot compile warnings from GCC 9
+ - JDK-8225805: Java Access Bridge does not close the logger
+ - JDK-8226899: Problemlist compiler/rtm tests
+ - JDK-8227642: [TESTBUG] Make docker tests podman compatible
+ - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
+ - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
+ - JDK-8230388: Problemlist additional compiler/rtm tests
+ - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
+ - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
+ - JDK-8234728: Some security tests should support TLSv1.3
+ - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
+ - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
+ - JDK-8242141: New System Properties to configure the TLS signature schemes
+ - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
+ - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
+ - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
+ - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
+ - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
+ - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
+ - JDK-8253368: TLS connection always receives close_notify exception
+ - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
+ - JDK-8253932: SSL debug log prints incorrect caller info
+ - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
+ - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
+ - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
+ - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
+ - JDK-8258079: Eliminate ParNew's use of klass_or_null()
+ - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
+ - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
+ - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
+ - JDK-8258933: G1 needs klass_or_null_acquire
+ - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
+ - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
+ - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
+ - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
+===================================================================================
+Weak named curves are disabled by default by adding them to the
+following `disabledAlgorithms` security properties:
+
+* jdk.tls.disabledAlgorithms
+* jdk.certpath.disabledAlgorithms
+* jdk.jar.disabledAlgorithms
+
+Red Hat has always disabled many of the curves provided by upstream,
+so the only addition in this release is:
+
+* secp256k1
+
+The curves that remain enabled are:
+
+* secp256r1
+* secp384r1
+* secp521r1
+* X25519
+* X448
+
+When large numbers of weak named curves need to be disabled, adding
+individual named curves to each `disabledAlgorithms` property would be
+overwhelming. To relieve this, a new security property,
+`jdk.disabled.namedCurves`, is implemented that can list the named
+curves common to all of the `disabledAlgorithms` properties. To use
+the new property in the `disabledAlgorithms` properties, precede the
+full property name with the keyword `include`. Users can still add
+individual named curves to `disabledAlgorithms` properties separate
+from this new property. No other properties can be included in the
+`disabledAlgorithms` properties.
+
+To restore the named curves, remove the `include
+jdk.disabled.namedCurves` either from specific or from all
+`disabledAlgorithms` security properties. To restore one or more
+curves, remove the specific named curve(s) from the
+`jdk.disabled.namedCurves` property.
+
+security-libs/javax.net.ssl:
+
+JDK-8256490: Disable TLS 1.0 and 1.1
+====================================
+TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
+considered secure and have been superseded by more secure and modern
+versions (TLS 1.2 and 1.3).
+
+These versions have now been disabled by default. If you encounter
+issues, you can, at your own risk, re-enable the versions by removing
+"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
+security property in the `java.security` configuration file.
+
+JDK-8242147: New System Properties to Configure the TLS Signature Schemes
+=========================================================================
+Two new system properties have been added to customize the TLS
+signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
+added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
+has been added for the server side.
+
+Each system property contains a comma-separated list of supported
+signature scheme names specifying the signature schemes that could be
+used for the TLS connections.
+
+The names are described in the "Signature Schemes" section of the
+*Java Security Standard Algorithm Names Specification*.
+
New in release OpenJDK 8u282 (2021-01-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index 5f3c6f0..94b75e7 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -4,7 +4,7 @@
# Example:
# When used from local repo set REPO_ROOT pointing to file:// with your repo
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
-# If you want to use a local copy of patch PR3799, set the path to it in the PR3799 variable
+# If you want to use a local copy of patch PR3822, set the path to it in the PR3822 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=jdk8u OR aarch64-port
@@ -19,9 +19,9 @@
# level folder, name is created, based on parameter
#
-if [ ! "x$PR3799" = "x" ] ; then
- if [ ! -f "$PR3799" ] ; then
- echo "You have specified PR3799 as $PR3799 but it does not exists. exiting"
+if [ ! "x$PR3822" = "x" ] ; then
+ if [ ! -f "$PR3822" ] ; then
+ echo "You have specified PR3822 as $PR3822 but it does not exists. exiting"
exit 1
fi
fi
@@ -41,7 +41,7 @@ if [ "x$1" = "xhelp" ] ; then
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
- echo "PR3799 - the path to the PR3799 patch to apply (optional; downloaded if unavailable)"
+ echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)"
echo "REPOS - specify the repositories to use (optional; defaults to ${REPOS_DEFAULT})"
exit 1;
fi
@@ -124,15 +124,15 @@ rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_224.c
echo "Syncing EC list with NSS"
-if [ "x$PR3799" = "x" ] ; then
-# get pr3799.patch (from http://icedtea.classpath.org/hg/icedtea8) from most correct tag
-# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3799)
- wget -O pr3799.patch http://icedtea.classpath.org/hg/icedtea8/raw-file/tip/patches/pr3799-4cur...
- patch -Np1 < pr3799.patch
- rm pr3799.patch
+if [ "x$PR3822" = "x" ] ; then
+# get pr3822.patch (from http://icedtea.classpath.org/hg/icedtea8) from most correct tag
+# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3822)
+ wget -O pr3822.patch http://icedtea.classpath.org/hg/icedtea8/raw-file/tip/patches/pr3822-4cur...
+ patch -Np1 < pr3822.patch
+ rm pr3822.patch
else
- echo "Applying ${PR3799}"
- patch -Np1 < $PR3799
+ echo "Applying ${PR3822}"
+ patch -Np1 < $PR3822
fi;
fi
find . -name '*.orig' -exec rm -vf '{}' ';'
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index fc5df6f..99525d3 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u282-b08
+%global shenandoah_revision aarch64-shenandoah-jdk8u292-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,12 +311,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 5
+%global rpmrelease 0
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2622,6 +2622,13 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Fri Feb 19 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b01-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b01 (EA)
+- Update release notes for 8u292-b01.
+- Switch to EA mode.
+- Update tarball generation script to use PR3822 which handles
+ JDK-8233228 & JDK-8035166 changes
+
* Thu Feb 18 2021 Stephan Bergmann <sbergman(a)redhat.com> - 1:1.8.0.282.b08-5
- Hardcode /usr/sbin/alternatives for Flatpak builds
diff --git a/sources b/sources
index a2b2f6a..49a40a0 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz) = 166549a3cebab7a27811b9a486930d4cdce688af9a8e0ab6d6718550694cff42718cc6a9cee7703e409d82a967eacc6b009e9389ca85cfa0748d93bda3517c66
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz) = 35e527c387f55af66132cdae8c8ea198700d731ce2a69136cf7e02a8f837a6f2d9c96303c84468305cc7762d65c3f95ef8264218a82652a00063179d2557a648
commit 4916ef5be4fb433ded6d9e2c74a10929c8fff9c1
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Feb 18 19:01:12 2021 +0000
Hardcode /usr/sbin/alternatives for Flatpak builds
/usr/sbin/alternatives is not under the Flatpak build's %{_prefix},
which is set to /app.
(See <https://pagure.io/packaging-committee/issue/848> "Clarify the
use of path macros with respect to build dependencies").
Found when trying to do a LibreOffice Flatpak build from RHEL RPM
specs, which includes java-1.8.0-openjdk among its components.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 6b4227f..fc5df6f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 4
+%global rpmrelease 5
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -384,6 +384,14 @@
%global rpm_state_dir %{_localstatedir}/lib/rpm-state/
+# For flatpack builds hard-code /usr/sbin/alternatives,
+# otherwise use %%{_sbindir} relative path.
+%if 0%{?flatpak}
+%global alternatives_requires /usr/sbin/alternatives
+%else
+%global alternatives_requires %{_sbindir}/alternatives
+%endif
+
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@@ -1110,9 +1118,9 @@ OrderWithRequires: copy-jdk-configs
# for printing support
Requires: cups-libs
# Post requires alternatives to install tool alternatives
-Requires(post): %{_sbindir}/alternatives
+Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
-Requires(postun): %{_sbindir}/alternatives
+Requires(postun): %{alternatives_requires}
# for optional support of kernel stream control, card reader and printing bindings
%if 0%{?fedora} || 0%{?rhel} >= 8
Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa}
@@ -1136,9 +1144,9 @@ Provides: java-headless%{?1} = %{epoch}:%{version}-%{release}
Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# Post requires alternatives to install tool alternatives
-Requires(post): %{_sbindir}/alternatives
+Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
-Requires(postun): %{_sbindir}/alternatives
+Requires(postun): %{alternatives_requires}
# Standard JPackage devel provides
Provides: java-sdk-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release}
@@ -1168,9 +1176,9 @@ Provides: java-%{origin}-demo%{?1} = %{epoch}:%{version}-%{release}
%define java_javadoc_rpo() %{expand:
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# Post requires alternatives to install javadoc alternative
-Requires(post): %{_sbindir}/alternatives
+Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall javadoc alternative
-Requires(postun): %{_sbindir}/alternatives
+Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
@@ -2614,6 +2622,9 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Thu Feb 18 2021 Stephan Bergmann <sbergman(a)redhat.com> - 1:1.8.0.282.b08-5
+- Hardcode /usr/sbin/alternatives for Flatpak builds
+
* Sat Jan 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.282.b08-4
- Cleanup package descriptions and version number placement.
1 year, 12 months
Architecture specific change in rpms/java-1.8.0-openjdk.git
by githook-noreply@fedoraproject.org
The package rpms/java-1.8.0-openjdk.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id...
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id...
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id....
Change:
+%ifarch %{gdb_arches}
+%ifarch %{bootstrap_arches}
+%ifarch %{share_arches}
Thanks.
Full change:
============
commit 870c9df011084103e6d428088e7a6662d57dec32
Merge: 3c30c3c d2443b0
Author: Jiri <jvanek(a)redhat.com>
Date: Thu Apr 28 15:34:48 2022 +0200
Merge branch 'f36' into f35
commit d2443b0107fb7855cf52e3879cab1caa46ba23f8
Merge: 9b9a3bb 100440c
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Apr 28 14:25:55 2022 +0200
Merge branch 'rawhide' into f36
commit 100440c51eb31742f057c7e2b66df2a1c8d7d3fa
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Apr 20 20:38:06 2022 +0100
Update to shenandoah-jdk8u332-b09 (GA)
Update release notes for 8u332-b09.
Switch to GA mode for final release.
diff --git a/.gitignore b/.gitignore
index 42c84a9..a973960 100644
--- a/.gitignore
+++ b/.gitignore
@@ -254,3 +254,4 @@
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 6baf506..f9af271 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,22 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u332
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
+* Security fixes
+ - JDK-8269938: Enhance XML processing passes redux
+ - JDK-8270504, CVE-2022-21426: Better XPath expression handling
+ - JDK-8272255: Completely handle MIDI files
+ - JDK-8272261: Improve JFR recording file processing
+ - JDK-8272594: Better record of recordings
+ - JDK-8274221: More definite BER encodings
+ - JDK-8275151, CVE-2022-21443: Improved Object Identification
+ - JDK-8277227: Better identification of OIDs
+ - JDK-8277672, CVE-2022-21434: Better invocation handler handling
+ - JDK-8278008, CVE-2022-21476: Improve Santuario processing
+ - JDK-8278356: Improve file creation
+ - JDK-8278449: Improve keychain support
+ - JDK-8278805: Enhance BMP image loading
+ - JDK-8278972, CVE-2022-21496: Improve URL supports
+ - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
* Other changes
- JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
- JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
@@ -32,7 +48,6 @@ Live versions of these release notes can be found at:
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
- JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
- - JDK-8260632: Build failures after JDK-8253353
- JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
- JDK-8270290: NTLM authentication fails if HEAD request is used
- JDK-8273229: Update OS detection code to recognize Windows Server 2022
@@ -43,7 +58,13 @@ Live versions of these release notes can be found at:
- JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
- JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack()
+ - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
+ - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
+ - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
+ - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
+ - JDK-8284936: Fix Java 7 bootstrap breakage due to use of Arrays.stream
* Shenandoah
+ - JDK-8260632: Build failures after JDK-8253353
- JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git
New in release OpenJDK 8u322 (2022-01-18):
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index a81960a..5098c8b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision shenandoah-jdk8u332-b06
+%global shenandoah_revision shenandoah-jdk8u332-b09
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -349,7 +349,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2781,6 +2781,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b09-1
+- Update to shenandoah-jdk8u332-b09 (GA)
+- Update release notes for 8u332-b09.
+- Switch to GA mode for final release.
+
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b06-0.1.ea
- Update to shenandoah-jdk8u332-b06 (EA)
- Update release notes for shenandoah-8u332-b06.
diff --git a/sources b/sources
index 8c3d3bb..4662b4c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz) = 663e0093bf7d5698c168e1609b88179ccd8cfb8b1e8ecc937cdaae287960dedea170bce16572f79046e45fafce38dca6848e7524da06a56d4aa0ad15af271775
+SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz) = 23d906ecce6864e0bd3ae4c95ac597eb697c1e28356371aafd7aabab5c3a9a9d861c326125e7a45f15340a5a106c1915808fa93b3ff7cdc8b003647a44caf7fd
commit 019748fe88a640f21bc95a68a25c96082b5fe52b
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Apr 19 00:39:55 2022 +0100
Update to shenandoah-jdk8u332-b06 (EA)
Update release notes for shenandoah-8u332-b06.
diff --git a/.gitignore b/.gitignore
index 1a13c4c..42c84a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -253,3 +253,4 @@
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 8c34c43..6baf506 100644
--- a/NEWS
+++ b/NEWS
@@ -13,11 +13,16 @@ Live versions of these release notes can be found at:
- JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
- JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
- JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java
+ - JDK-8037259: xerces update: xpointer update
+ - JDK-8041523: Xerces Update: Serializer improvements from Xalan
+ - JDK-8141508: java.lang.invoke.LambdaConversionException: Invalid receiver type
- JDK-8162572: Update License Header for all JAXP sources
- JDK-8167014: jdeps: Missing message: warn.skipped.entry
- JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5
- JDK-8202822: Add .git to .hgignore
- JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 <cont> commands
+ - JDK-8209178: Proxied HttpsURLConnection doesn't send BODY when retrying POST request
+ - JDK-8210283: Support git as an SCM alternative in the build
- JDK-8218682: [TEST_BUG] DashOffset fails in mach5
- JDK-8225690: Multiple AttachListener threads can be created
- JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
@@ -27,10 +32,17 @@ Live versions of these release notes can be found at:
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
- JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
+ - JDK-8260632: Build failures after JDK-8253353
- JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
- JDK-8270290: NTLM authentication fails if HEAD request is used
+ - JDK-8273229: Update OS detection code to recognize Windows Server 2022
+ - JDK-8273341: Update Siphash to version 1.0
+ - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated
+ - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
- JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
+ - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
+ - JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack()
* Shenandoah
- JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index bcb79b4..a81960a 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision shenandoah-jdk8u332-b01
+%global shenandoah_revision shenandoah-jdk8u332-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2781,9 +2781,13 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b06-0.1.ea
+- Update to shenandoah-jdk8u332-b06 (EA)
+- Update release notes for shenandoah-8u332-b06.
+
* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b01-0.1.ea
- Update to shenandoah-jdk8u332-b01 (EA)
-- Update release notes for 8u332-b01.
+- Update release notes for shenandoah-8u332-b01.
- Switch to EA mode.
* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
diff --git a/sources b/sources
index 71b554d..8c3d3bb 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz) = 55b8968e78631acdf14a594d83f6e357e00114dac9f6330a80116a909b402a9f879abb9f1cd8b576fb627a50b01db22be19a1e24ee4078e97c8ecc84428eb184
+SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b06-4curve.tar.xz) = 663e0093bf7d5698c168e1609b88179ccd8cfb8b1e8ecc937cdaae287960dedea170bce16572f79046e45fafce38dca6848e7524da06a56d4aa0ad15af271775
commit cb59f552f45f912f6949702632cd35daa82bfb7a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Apr 18 01:19:19 2022 +0100
Update to shenandoah-jdk8u332-b01 (EA)
Update release notes for 8u332-b01.
Switch to EA mode.
diff --git a/.gitignore b/.gitignore
index c3d10c5..1a13c4c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -252,3 +252,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index e911b13..8c34c43 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,37 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u332 (2022-04-19):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u332
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
+
+* Other changes
+ - JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl
+ - JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl
+ - JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java
+ - JDK-8162572: Update License Header for all JAXP sources
+ - JDK-8167014: jdeps: Missing message: warn.skipped.entry
+ - JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5
+ - JDK-8202822: Add .git to .hgignore
+ - JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 <cont> commands
+ - JDK-8218682: [TEST_BUG] DashOffset fails in mach5
+ - JDK-8225690: Multiple AttachListener threads can be created
+ - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
+ - JDK-8227815: Minimal VM: set_state is not a member of AttachListener
+ - JDK-8240633: Memory leaks in the implementations of FileChooserUI
+ - JDK-8241768: git needs .gitattributes
+ - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn
+ - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
+ - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
+ - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
+ - JDK-8270290: NTLM authentication fails if HEAD request is used
+ - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
+ - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
+* Shenandoah
+ - JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git
+
New in release OpenJDK 8u322 (2022-01-18):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9177d7d..bcb79b4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
+%global shenandoah_revision shenandoah-jdk8u332-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -344,12 +344,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 7
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2781,6 +2781,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Apr 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b01-0.1.ea
+- Update to shenandoah-jdk8u332-b01 (EA)
+- Update release notes for 8u332-b01.
+- Switch to EA mode.
+
* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
- Reinstate JIT builds on x86_32.
- Add JDK-8282231 to fix missing CALL effects on x86_32.
diff --git a/sources b/sources
index 35c822f..71b554d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz) = 0f2af8cacb1a4acdca7c1b2d5cc1e0d27f9abf8e05ccf7e8384074ac124132012b15e36abc31b498f746d6f5295530f535a9d9d85a3e45b387728b4ce726ccc7
+SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b01-4curve.tar.xz) = 55b8968e78631acdf14a594d83f6e357e00114dac9f6330a80116a909b402a9f879abb9f1cd8b576fb627a50b01db22be19a1e24ee4078e97c8ecc84428eb184
commit 9b9a3bb4af6552f3a6a88c45bd8ed22498195f99
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 19:50:19 2022 +0000
Reinstate JIT builds on x86_32.
Add JDK-8282231 to fix missing CALL effects on x86_32.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c4c077f..bab7b61 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -100,9 +100,9 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{aarch64} %{power64} sparcv9 sparc64 x86_64
+%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches %{arm} %{ix86} ppc s390 s390x
+%global zero_arches %{arm} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 6
+%global rpmrelease 7
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1524,6 +1524,8 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch581: jdk8257794-remove_broken_assert.patch
+# JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
+Patch582: jdk8282231-x86_32-missing_call_effects.patch
#############################################
#
@@ -1959,6 +1961,7 @@ sh %{SOURCE12}
%patch112
%patch580
%patch581
+%patch582
# RPM-only fixes
%patch539
@@ -2778,6 +2781,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
+- Reinstate JIT builds on x86_32.
+- Add JDK-8282231 to fix missing CALL effects on x86_32.
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
- Storing and restoring alterntives during update manually
- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
diff --git a/jdk8282231-x86_32-missing_call_effects.patch b/jdk8282231-x86_32-missing_call_effects.patch
new file mode 100644
index 0000000..ab341b6
--- /dev/null
+++ b/jdk8282231-x86_32-missing_call_effects.patch
@@ -0,0 +1,35 @@
+diff --git openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+index c8f4ee1613..cc0f4eef14 100644
+--- openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad
++++ openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+@@ -1,5 +1,5 @@
+ //
+-// Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
++// Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ //
+ // This code is free software; you can redistribute it and/or modify it
+@@ -7665,9 +7665,9 @@ instruct divI_eReg(eAXRegI rax, eDXRegI rdx, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Divide Register Long
+-instruct divL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct divL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (DivL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
+@@ -7713,9 +7713,9 @@ instruct modI_eReg(eDXRegI rdx, eAXRegI rax, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Remainder Register Long
+-instruct modL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct modL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (ModL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
commit 7e5331a512b10f543bdc371bf13db8cee6ec1f77
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 19:50:19 2022 +0000
Reinstate JIT builds on x86_32.
Add JDK-8282231 to fix missing CALL effects on x86_32.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 5efbb8e..9177d7d 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -100,9 +100,9 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{aarch64} %{power64} sparcv9 sparc64 x86_64
+%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches %{arm} %{ix86} ppc s390 s390x
+%global zero_arches %{arm} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 6
+%global rpmrelease 7
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1524,6 +1524,8 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch581: jdk8257794-remove_broken_assert.patch
+# JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
+Patch582: jdk8282231-x86_32-missing_call_effects.patch
#############################################
#
@@ -1959,6 +1961,7 @@ sh %{SOURCE12}
%patch112
%patch580
%patch581
+%patch582
# RPM-only fixes
%patch539
@@ -2778,6 +2781,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Mar 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-7
+- Reinstate JIT builds on x86_32.
+- Add JDK-8282231 to fix missing CALL effects on x86_32.
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
- Storing and restoring alterntives during update manually
- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
diff --git a/jdk8282231-x86_32-missing_call_effects.patch b/jdk8282231-x86_32-missing_call_effects.patch
new file mode 100644
index 0000000..ab341b6
--- /dev/null
+++ b/jdk8282231-x86_32-missing_call_effects.patch
@@ -0,0 +1,35 @@
+diff --git openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+index c8f4ee1613..cc0f4eef14 100644
+--- openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad
++++ openjdk/hotspot/src/cpu/x86/vm/x86_32.ad
+@@ -1,5 +1,5 @@
+ //
+-// Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
++// Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
+ // DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ //
+ // This code is free software; you can redistribute it and/or modify it
+@@ -7665,9 +7665,9 @@ instruct divI_eReg(eAXRegI rax, eDXRegI rdx, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Divide Register Long
+-instruct divL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct divL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (DivL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
+@@ -7713,9 +7713,9 @@ instruct modI_eReg(eDXRegI rdx, eAXRegI rax, eCXRegI div, eFlagsReg cr) %{
+ %}
+
+ // Remainder Register Long
+-instruct modL_eReg( eADXRegL dst, eRegL src1, eRegL src2, eFlagsReg cr, eCXRegI cx, eBXRegI bx ) %{
++instruct modL_eReg(eADXRegL dst, eRegL src1, eRegL src2) %{
+ match(Set dst (ModL src1 src2));
+- effect( KILL cr, KILL cx, KILL bx );
++ effect(CALL);
+ ins_cost(10000);
+ format %{ "PUSH $src1.hi\n\t"
+ "PUSH $src1.lo\n\t"
commit 92f7c940c557cc8e65671d3c99071fde209ddd8c
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 11:47:05 2022 +0100
Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index ef8d491..c4c077f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 5
+%global rpmrelease 6
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -446,6 +446,50 @@
# not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+%define save_alternatives() %{expand:
+ # warning! alternatives are localised!
+ # LANG=cs_CZ.UTF-8 alternatives --display java | head
+ # LANG=en_US.UTF-8 alternatives --display java | head
+ function nonLocalisedAlternativesDisplayOfMaster() {
+ LANG=en_US.UTF-8 alternatives --display "$MASTER"
+ }
+ function headOfAbove() {
+ nonLocalisedAlternativesDisplayOfMaster | head -n $1
+ }
+ MASTER="%{?1}"
+ LOCAL_LINK="%{?2}"
+ FAMILY="%{?3}"
+ rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
+ if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
+ if headOfAbove 1 | grep -q manual ; then
+ if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
+ headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
+ fi
+ fi
+ fi
+}
+
+%define save_and_remove_alternatives() %{expand:
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ upgrade1_uninstal0=%{?3}
+ if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
+ %{save_alternatives %{?1} %{?2} %{?4}}
+ fi
+ alternatives --remove "%{?1}" "%{?2}"
+}
+
+%define set_if_needed_alternatives() %{expand:
+ MASTER="%{?1}"
+ FAMILY="%{?2}"
+ ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
+ if [ -e "$ALTERNATIVES_FILE" ] ; then
+ rm "$ALTERNATIVES_FILE"
+ alternatives --set $MASTER $FAMILY
+ fi
+}
+
%define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -454,14 +498,18 @@ exit 0
}
%define alternatives_java_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=java
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
+ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -499,11 +547,17 @@ alternatives \\
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ key=jre_"$X"
+ alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+key=jre_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
@@ -536,10 +590,14 @@ exit 0
%define postun_headless() %{expand:
- alternatives --remove java %{jrebindir -- %{?1}}/java
- alternatives --remove jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
}
%define posttrans_script() %{expand:
@@ -548,14 +606,18 @@ exit 0
%define alternatives_javac_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=javac
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
+ --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -649,12 +711,17 @@ alternatives \\
--slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\
%{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ key=java_sdk_"$X"
+ alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+key=java_sdk_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
@@ -665,10 +732,14 @@ exit 0
}
%define postun_devel() %{expand:
- alternatives --remove javac %{sdkbindir -- %{?1}}/javac
- alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -685,36 +756,49 @@ exit 0
}
%define alternatives_javadoc_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-alternatives \\
- --install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{family_noarch}
+key=javadocdir
+alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc() %{expand:
- alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0
}
%define alternatives_javadoczip_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-
-alternatives \\
- --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{family_noarch}
+key=javadoczip
+alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc_zip() %{expand:
- alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0
}
@@ -2694,6 +2778,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
+- Storing and restoring alterntives during update manually
+- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
+-- The move of alternatives creation to posttrans to fix:
+-- Bug 1200302 - dnf reinstall breaks alternatives
+-- Had caused the alternatives to be removed, and then created again,
+-- instead of being added, and then removing the old, and thus persisting
+-- the selection in family
+-- Thus this fix, is storing the family of manually selected master, and if
+-- stored, then it is restoring the family of the master
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
- Family extracted to globals
commit 917b9b412102145fecb2e50aa9c19418ca1788c4
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Feb 26 20:50:05 2022 +0100
family extracted to globals
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index e9a7a5f..ef8d491 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 4
+%global rpmrelease 5
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -426,6 +426,9 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
+%global family %{name}.%{_arch}
+%global family_noarch %{name}
+
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@@ -458,7 +461,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -497,10 +500,10 @@ alternatives \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
}
%define post_headless() %{expand:
@@ -552,7 +555,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -648,10 +651,10 @@ alternatives \\
for X in %{origin} %{javaver} ; do
alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
}
%define post_devel() %{expand:
@@ -689,7 +692,7 @@ fi
alternatives \\
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -706,7 +709,7 @@ fi
alternatives \\
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -2691,6 +2694,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
+- Family extracted to globals
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
- javadoc-zip got its own provides next to plain javadoc ones
commit 967ddd7db2f60920f109a601a71eedabd2086426
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 12:01:51 2022 +0100
Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8b0abfa..e9a7a5f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 4
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1217,10 +1217,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
-Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
-Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif
}
@@ -1705,7 +1705,8 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} -zip}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{majorver} API documentation.
@@ -1718,7 +1719,7 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip
The %{origin_nice} %{majorver} API documentation compressed in a single archive.
@@ -2690,6 +2691,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
+- javadoc-zip got its own provides next to plain javadoc ones
+
* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
commit 355e52d362a612cced85770416edd7c6d8e2c80a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 23 17:22:05 2022 +0000
Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8ab490b..8b0abfa 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1357,6 +1357,7 @@ Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
+Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
#############################################
#
@@ -1886,6 +1887,7 @@ sh %{SOURCE12}
%patch1011
%patch1014
%patch1015
+%patch1016
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2688,6 +2690,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
+- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
- Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/rh2021263-fips_separate_policy_and_fips_init.patch b/rh2021263-fips_separate_policy_and_fips_init.patch
new file mode 100644
index 0000000..e237841
--- /dev/null
+++ b/rh2021263-fips_separate_policy_and_fips_init.patch
@@ -0,0 +1,98 @@
+commit aaf92165ad1cbb1c9818eb60178c91293e13b053
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 15:13:14 2022 +0000
+
+ RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
+
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+index fa494b680f..b5aa5c749d 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -57,10 +57,6 @@ public final class Security {
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+
+- /* System property file*/
+- private static final String SYSTEM_PROPERTIES =
+- "/etc/crypto-policies/back-ends/java.config";
+-
+ /* The java.security properties */
+ private static Properties props;
+
+@@ -202,13 +198,6 @@ public final class Security {
+ }
+ }
+
+- String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+- if (disableSystemProps == null &&
+- "true".equalsIgnoreCase(props.getProperty
+- ("security.useSystemPropertiesFile"))) {
+- loadedProps = loadedProps && SystemConfigurator.configure(props);
+- }
+-
+ if (!loadedProps) {
+ initializeStatic();
+ if (sdebug != null) {
+@@ -217,6 +206,28 @@ public final class Security {
+ }
+ }
+
++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
++ if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
++ "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
++ if (!SystemConfigurator.configureSysProps(props)) {
++ if (sdebug != null) {
++ sdebug.println("WARNING: System properties could not be loaded.");
++ }
++ }
++ }
++
++ // FIPS support depends on the contents of java.security so
++ // ensure it has loaded first
++ if (loadedProps) {
++ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
++ if (sdebug != null) {
++ if (fipsEnabled) {
++ sdebug.println("FIPS support enabled.");
++ } else {
++ sdebug.println("FIPS support disabled.");
++ }
++ }
++ }
+ }
+
+ /*
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+index d1f677597d..7da65b1d2c 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -76,7 +76,7 @@ final class SystemConfigurator {
+ * java.security.disableSystemPropertiesFile property is not set and
+ * security.useSystemPropertiesFile is true.
+ */
+- static boolean configure(Properties props) {
++ static boolean configureSysProps(Properties props) {
+ boolean loadedProps = false;
+
+ try (BufferedInputStream bis =
+@@ -96,11 +96,19 @@ final class SystemConfigurator {
+ e.printStackTrace();
+ }
+ }
++ return loadedProps;
++ }
++
++ /*
++ * Invoked at the end of java.security.Security initialisation
++ * if java.security properties have been loaded
++ */
++ static boolean configureFIPS(Properties props) {
++ boolean loadedProps = false;
+
+ try {
+ if (enableFips()) {
+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
+- loadedProps = false;
+ // Remove all security providers
+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
+ while (i.hasNext()) {
commit 0e882feab657bc9990c6dab6f9eebe406640c1b4
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 02:36:10 2022 +0000
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b9bb5c6..8ab490b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2688,6 +2688,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
- Update release notes for 8u322-b06.
commit edb63206cdde09841e8be821f7393b649aaf07eb
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 11:47:05 2022 +0100
Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 587eee8..5efbb8e 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 5
+%global rpmrelease 6
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -446,6 +446,50 @@
# not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+%define save_alternatives() %{expand:
+ # warning! alternatives are localised!
+ # LANG=cs_CZ.UTF-8 alternatives --display java | head
+ # LANG=en_US.UTF-8 alternatives --display java | head
+ function nonLocalisedAlternativesDisplayOfMaster() {
+ LANG=en_US.UTF-8 alternatives --display "$MASTER"
+ }
+ function headOfAbove() {
+ nonLocalisedAlternativesDisplayOfMaster | head -n $1
+ }
+ MASTER="%{?1}"
+ LOCAL_LINK="%{?2}"
+ FAMILY="%{?3}"
+ rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
+ if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
+ if headOfAbove 1 | grep -q manual ; then
+ if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
+ headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
+ fi
+ fi
+ fi
+}
+
+%define save_and_remove_alternatives() %{expand:
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ upgrade1_uninstal0=%{?3}
+ if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
+ %{save_alternatives %{?1} %{?2} %{?4}}
+ fi
+ alternatives --remove "%{?1}" "%{?2}"
+}
+
+%define set_if_needed_alternatives() %{expand:
+ MASTER="%{?1}"
+ FAMILY="%{?2}"
+ ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
+ if [ -e "$ALTERNATIVES_FILE" ] ; then
+ rm "$ALTERNATIVES_FILE"
+ alternatives --set $MASTER $FAMILY
+ fi
+}
+
%define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -454,14 +498,18 @@ exit 0
}
%define alternatives_java_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=java
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
+ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -499,11 +547,17 @@ alternatives \\
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ key=jre_"$X"
+ alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+key=jre_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
@@ -536,10 +590,14 @@ exit 0
%define postun_headless() %{expand:
- alternatives --remove java %{jrebindir -- %{?1}}/java
- alternatives --remove jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}}
- alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{jredir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
}
%define posttrans_script() %{expand:
@@ -548,14 +606,18 @@ exit 0
%define alternatives_javac_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=javac
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
+ --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -649,12 +711,17 @@ alternatives \\
--slave %{_mandir}/man1/xjc.1$ext xjc.1$ext \\
%{_mandir}/man1/xjc-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ key=java_sdk_"$X"
+ alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+key=java_sdk_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
@@ -665,10 +732,14 @@ exit 0
}
%define postun_devel() %{expand:
- alternatives --remove javac %{sdkbindir -- %{?1}}/javac
- alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -685,36 +756,49 @@ exit 0
}
%define alternatives_javadoc_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-alternatives \\
- --install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{family_noarch}
+key=javadocdir
+alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc() %{expand:
- alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0
}
%define alternatives_javadoczip_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-
-alternatives \\
- --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{family_noarch}
+key=javadoczip
+alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc_zip() %{expand:
- alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0
}
@@ -2694,6 +2778,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-6
+- Storing and restoring alterntives during update manually
+- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
+-- The move of alternatives creation to posttrans to fix:
+-- Bug 1200302 - dnf reinstall breaks alternatives
+-- Had caused the alternatives to be removed, and then created again,
+-- instead of being added, and then removing the old, and thus persisting
+-- the selection in family
+-- Thus this fix, is storing the family of manually selected master, and if
+-- stored, then it is restoring the family of the master
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
- Family extracted to globals
commit 0da973f5a714bef5d665c3cc22869dad44a3a3bc
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Feb 26 20:50:05 2022 +0100
family extracted to globals
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 8bb6504..587eee8 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 4
+%global rpmrelease 5
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -426,6 +426,9 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
+%global family %{name}.%{_arch}
+%global family_noarch %{name}
+
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@@ -458,7 +461,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@@ -497,10 +500,10 @@ alternatives \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{family}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
}
%define post_headless() %{expand:
@@ -552,7 +555,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/appletviewer appletviewer %{sdkbindir -- %{?1}}/appletviewer \\
--slave %{_bindir}/clhsdb clhsdb %{sdkbindir -- %{?1}}/clhsdb \\
@@ -648,10 +651,10 @@ alternatives \\
for X in %{origin} %{javaver} ; do
alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
}
%define post_devel() %{expand:
@@ -689,7 +692,7 @@ fi
alternatives \\
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -706,7 +709,7 @@ fi
alternatives \\
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -2691,6 +2694,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-5
+- Family extracted to globals
+
* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
- javadoc-zip got its own provides next to plain javadoc ones
commit e88c69368c88f3a4a595433f1b9a21d1963c2054
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Feb 27 12:01:51 2022 +0100
Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9885a10..8bb6504 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 4
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1217,10 +1217,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
-Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
-Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif
}
@@ -1705,7 +1705,8 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} -zip}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{majorver} API documentation.
@@ -1718,7 +1719,7 @@ Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:1.8.0.222.b10-1
BuildArch: noarch
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip
The %{origin_nice} %{majorver} API documentation compressed in a single archive.
@@ -2690,6 +2691,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Feb 26 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.322.b06-4
+- javadoc-zip got its own provides next to plain javadoc ones
+
* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
commit f2e995182a63de4467a5361b3516fd4e42bb74ef
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 23 17:22:05 2022 +0000
Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 7e6f114..9885a10 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1357,6 +1357,7 @@ Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
+Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
#############################################
#
@@ -1886,6 +1887,7 @@ sh %{SOURCE12}
%patch1011
%patch1014
%patch1015
+%patch1016
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2688,6 +2690,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-3
+- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
- Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/rh2021263-fips_separate_policy_and_fips_init.patch b/rh2021263-fips_separate_policy_and_fips_init.patch
new file mode 100644
index 0000000..e237841
--- /dev/null
+++ b/rh2021263-fips_separate_policy_and_fips_init.patch
@@ -0,0 +1,98 @@
+commit aaf92165ad1cbb1c9818eb60178c91293e13b053
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 15:13:14 2022 +0000
+
+ RH2021263: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
+
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+index fa494b680f..b5aa5c749d 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -57,10 +57,6 @@ public final class Security {
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+
+- /* System property file*/
+- private static final String SYSTEM_PROPERTIES =
+- "/etc/crypto-policies/back-ends/java.config";
+-
+ /* The java.security properties */
+ private static Properties props;
+
+@@ -202,13 +198,6 @@ public final class Security {
+ }
+ }
+
+- String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+- if (disableSystemProps == null &&
+- "true".equalsIgnoreCase(props.getProperty
+- ("security.useSystemPropertiesFile"))) {
+- loadedProps = loadedProps && SystemConfigurator.configure(props);
+- }
+-
+ if (!loadedProps) {
+ initializeStatic();
+ if (sdebug != null) {
+@@ -217,6 +206,28 @@ public final class Security {
+ }
+ }
+
++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
++ if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
++ "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
++ if (!SystemConfigurator.configureSysProps(props)) {
++ if (sdebug != null) {
++ sdebug.println("WARNING: System properties could not be loaded.");
++ }
++ }
++ }
++
++ // FIPS support depends on the contents of java.security so
++ // ensure it has loaded first
++ if (loadedProps) {
++ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
++ if (sdebug != null) {
++ if (fipsEnabled) {
++ sdebug.println("FIPS support enabled.");
++ } else {
++ sdebug.println("FIPS support disabled.");
++ }
++ }
++ }
+ }
+
+ /*
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+index d1f677597d..7da65b1d2c 100644
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -76,7 +76,7 @@ final class SystemConfigurator {
+ * java.security.disableSystemPropertiesFile property is not set and
+ * security.useSystemPropertiesFile is true.
+ */
+- static boolean configure(Properties props) {
++ static boolean configureSysProps(Properties props) {
+ boolean loadedProps = false;
+
+ try (BufferedInputStream bis =
+@@ -96,11 +96,19 @@ final class SystemConfigurator {
+ e.printStackTrace();
+ }
+ }
++ return loadedProps;
++ }
++
++ /*
++ * Invoked at the end of java.security.Security initialisation
++ * if java.security properties have been loaded
++ */
++ static boolean configureFIPS(Properties props) {
++ boolean loadedProps = false;
+
+ try {
+ if (enableFips()) {
+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
+- loadedProps = false;
+ // Remove all security providers
+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
+ while (i.hasNext()) {
commit aa4a54e45a31ba0961e19c53b427976df48cd61f
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Feb 8 15:48:38 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b06 (EA)
Update release notes for 8u322-b06.
Switch to GA mode for final release.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github
Re-enable gdb backtrace check.
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/.gitignore b/.gitignore
index f1536da..c3d10c5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -250,3 +250,5 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 9773926..e911b13 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,33 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u322
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+* Security fixes
+ - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+ - JDK-8268488: More valuable DerValues
+ - JDK-8268494: Better inlining of inlined interfaces
+ - JDK-8268512: More content for ContentInfo
+ - JDK-8268795: Enhance digests of Jar files
+ - JDK-8268801: Improve PKCS attribute handling
+ - JDK-8268813, CVE-2022-21283: Better String matching
+ - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ - JDK-8269944: Better HTTP transport redux
+ - JDK-8270392, CVE-2022-21293: Improve String constructions
+ - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+ - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+ - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+ - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+ - JDK-8271962: Better TrueType font loading
+ - JDK-8271968: Better canonical naming
+ - JDK-8271987: Manifest improved manifest entries
+ - JDK-8272014, CVE-2022-21305: Better array indexing
+ - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+ - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+ - JDK-8272272: Enhance jcmd communication
+ - JDK-8272462: Enhance image handling
+ - JDK-8273290: Enhance sound handling
+ - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
+ - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+ - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
* Other changes
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
- JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
@@ -56,13 +83,18 @@ Live versions of these release notes can be found at:
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8273308: PatternMatchTest.java fails on CI
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8273968: JCK javax_xml tests fail in CI
- JDK-8274407: (tz) Update Timezone Data to 2021c
- JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+ - JDK-8275766: (tz) Update Timezone Data to 2021e
+ - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
Notes on individual issues:
===========================
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index c6f0756..61aad1f 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -7,9 +7,9 @@
# If you want to use a local copy of patch PR3822, set the path to it in the PR3822 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=jdk8u OR aarch64-port
-# REPO_NAME=jdk8u60 OR jdk8u60
-# VERSION=jdk8u60-b27 OR aarch64-jdk8u65-b17 OR for head, keyword 'tip' should do the job there
+# PROJECT_NAME=openjdk
+# REPO_NAME=shenandoah-jdk8u
+# VERSION=HEAD
#
# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
@@ -40,7 +40,7 @@ fi
set -e
-OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
+OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# jdk is last for its size
REPOS_DEFAULT="hotspot corba jaxws jaxp langtools nashorn jdk"
@@ -99,7 +99,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "x$REPO_ROOT" = "x" ] ; then
- REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
+ REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
if [ "x$REPOS" = "x" ] ; then
@@ -123,15 +123,9 @@ mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
-hg clone ${REPO_ROOT} openjdk -r ${VERSION}
+git clone -b ${VERSION} ${REPO_ROOT} openjdk
pushd openjdk
-for subrepo in ${REPOS}
-do
- echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
- hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
-done
-
# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
if [ -d langtools ] ; then
echo "Removing langtools test case with non-Free license"
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 970234f..b9bb5c6 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -115,15 +115,10 @@
%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support JFR
%global jfr_arches %{jit_arches}
-# Set of architectures where we verify backtraces with gdb (ideally all)
-# Temporarily disable check on x86, x86_64, ppc64le and s390x as gdb crashes
-# ../../gdb/objfiles.h:510: internal-error: sect_index_data not initialized
-# A problem internal to GDB has been detected,
-# further debugging may prove unreliable.
-# See https://bugzilla.redhat.com/show_bug.cgi?id=2041970
-%global gdb_arches sparcv9 sparc64 %{aarch64} %{arm} ppc s390
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
+# Set of architectures where we verify backtraces with gdb
+%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@@ -332,9 +327,9 @@
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
-%global shenandoah_project aarch64-port
-%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b04
+%global shenandoah_project openjdk
+%global shenandoah_repo shenandoah-jdk8u
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -349,12 +344,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -1146,8 +1141,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2021c required as of JDK-8274407 in January 2022 CPU
-Requires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+Requires: tzdata-java >= 2021e
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1359,6 +1354,9 @@ Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
Patch1008: rh1996182-login_to_nss_software_token.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1011: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
#############################################
#
@@ -1519,8 +1517,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
-# 2021c required as of JDK-8274407 in January 2022 CPU
-BuildRequires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -1886,6 +1884,8 @@ sh %{SOURCE12}
%patch1007
%patch1008
%patch1011
+%patch1014
+%patch1015
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2688,6 +2688,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
+- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
+- Update release notes for 8u322-b06.
+- Switch to GA mode for final release.
+- Require tzdata 2021e as of JDK-8275766.
+- Update tarball generation script to use git following shenandoah-jdk8u's move to github
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
+* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.322.b06-1
+- Re-enable gdb backtrace check.
+
* Thu Jan 20 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.2.ea
- Temporarily move x86 to use Zero in order to get a working build
- Introduce architecture restriction logic for the gdb test. (RH2041970)
diff --git a/rh2021263-fips_ensure_security_initialised.patch b/rh2021263-fips_ensure_security_initialised.patch
new file mode 100644
index 0000000..5aa9ec7
--- /dev/null
+++ b/rh2021263-fips_ensure_security_initialised.patch
@@ -0,0 +1,28 @@
+commit 06c2decab204fcce5aca2d285953fcac1820b1ae
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 01:23:28 2022 +0000
+
+ RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+index 40ca609e02..0dafe6f59c 100644
+--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+@@ -31,6 +31,7 @@ import java.io.Console;
+ import java.io.FileDescriptor;
+ import java.io.ObjectInputStream;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+
+ import java.security.AccessController;
+@@ -255,6 +256,9 @@ public class SharedSecrets {
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ if (javaSecuritySystemConfiguratorAccess == null) {
++ unsafe.ensureClassInitialized(Security.class);
++ }
+ return javaSecuritySystemConfiguratorAccess;
+ }
+ }
diff --git a/rh2021263-fips_missing_native_returns.patch b/rh2021263-fips_missing_native_returns.patch
new file mode 100644
index 0000000..90cc44e
--- /dev/null
+++ b/rh2021263-fips_missing_native_returns.patch
@@ -0,0 +1,24 @@
+commit 7f58a05104138ebdfd3b7b968ed67ea4c8573073
+Author: Fridrich Strba <fstrba(a)suse.com>
+Date: Mon Jan 24 01:10:57 2022 +0000
+
+ RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+index 6f4656bfcb..34d0ff0ce9 100644
+--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ fips_enabled = fgetc(fe);
+ fclose(fe);
+ if (fips_enabled == EOF) {
+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " read character is '%c'", fips_enabled);
diff --git a/sources b/sources
index eb1f71f..35c822f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz) = ebc3cceb40f7ca567fd9fe751ba9762ad50ac474f63da5e2123cf268683db10132ffb09b6f6a99b3379c021b4fcc3b04a82bc81c2e63c8d4da0fdcf58d995322
+SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz) = 0f2af8cacb1a4acdca7c1b2d5cc1e0d27f9abf8e05ccf7e8384074ac124132012b15e36abc31b498f746d6f5295530f535a9d9d85a3e45b387728b4ce726ccc7
commit 6d412ee58b7019db098546df7e7b53f1f331ec93
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 02:36:10 2022 +0000
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c39eaaa..7e6f114 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1354,6 +1354,9 @@ Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
Patch1008: rh1996182-login_to_nss_software_token.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1011: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
#############################################
#
@@ -1881,6 +1884,8 @@ sh %{SOURCE12}
%patch1007
%patch1008
%patch1011
+%patch1014
+%patch1015
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2683,6 +2688,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-2
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
- Update release notes for 8u322-b06.
diff --git a/rh2021263-fips_ensure_security_initialised.patch b/rh2021263-fips_ensure_security_initialised.patch
new file mode 100644
index 0000000..5aa9ec7
--- /dev/null
+++ b/rh2021263-fips_ensure_security_initialised.patch
@@ -0,0 +1,28 @@
+commit 06c2decab204fcce5aca2d285953fcac1820b1ae
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Mon Jan 24 01:23:28 2022 +0000
+
+ RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+index 40ca609e02..0dafe6f59c 100644
+--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+@@ -31,6 +31,7 @@ import java.io.Console;
+ import java.io.FileDescriptor;
+ import java.io.ObjectInputStream;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+
+ import java.security.AccessController;
+@@ -255,6 +256,9 @@ public class SharedSecrets {
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ if (javaSecuritySystemConfiguratorAccess == null) {
++ unsafe.ensureClassInitialized(Security.class);
++ }
+ return javaSecuritySystemConfiguratorAccess;
+ }
+ }
diff --git a/rh2021263-fips_missing_native_returns.patch b/rh2021263-fips_missing_native_returns.patch
new file mode 100644
index 0000000..90cc44e
--- /dev/null
+++ b/rh2021263-fips_missing_native_returns.patch
@@ -0,0 +1,24 @@
+commit 7f58a05104138ebdfd3b7b968ed67ea4c8573073
+Author: Fridrich Strba <fstrba(a)suse.com>
+Date: Mon Jan 24 01:10:57 2022 +0000
+
+ RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+index 6f4656bfcb..34d0ff0ce9 100644
+--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ fips_enabled = fgetc(fe);
+ fclose(fe);
+ if (fips_enabled == EOF) {
+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " read character is '%c'", fips_enabled);
commit 050fecd883ec846a10507fa7b121b722f6ba0114
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Feb 16 00:05:22 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b06 (EA)
Update release notes for 8u322-b06.
Switch to GA mode for final release.
diff --git a/.gitignore b/.gitignore
index a986941..c3d10c5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -251,3 +251,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
diff --git a/NEWS b/NEWS
index b8a1f92..e911b13 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,33 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u322
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+* Security fixes
+ - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+ - JDK-8268488: More valuable DerValues
+ - JDK-8268494: Better inlining of inlined interfaces
+ - JDK-8268512: More content for ContentInfo
+ - JDK-8268795: Enhance digests of Jar files
+ - JDK-8268801: Improve PKCS attribute handling
+ - JDK-8268813, CVE-2022-21283: Better String matching
+ - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ - JDK-8269944: Better HTTP transport redux
+ - JDK-8270392, CVE-2022-21293: Improve String constructions
+ - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+ - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+ - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+ - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+ - JDK-8271962: Better TrueType font loading
+ - JDK-8271968: Better canonical naming
+ - JDK-8271987: Manifest improved manifest entries
+ - JDK-8272014, CVE-2022-21305: Better array indexing
+ - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+ - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+ - JDK-8272272: Enhance jcmd communication
+ - JDK-8272462: Enhance image handling
+ - JDK-8273290: Enhance sound handling
+ - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
+ - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+ - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
* Other changes
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
- JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
@@ -56,8 +83,10 @@ Live versions of these release notes can be found at:
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8273308: PatternMatchTest.java fails on CI
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8273968: JCK javax_xml tests fail in CI
- JDK-8274407: (tz) Update Timezone Data to 2021c
- JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index f65ab51..c39eaaa 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -329,7 +329,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b05
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -349,7 +349,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2683,6 +2683,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Feb 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b06-1
+- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
+- Update release notes for 8u322-b06.
+- Switch to GA mode for final release.
+
* Tue Feb 15 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b05 (EA)
- Update release notes for 8u322-b05.
diff --git a/sources b/sources
index 12cd6db..35c822f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz) = 5026d6bd2e6d052fa88fb27d7d9fca2f50c5cc66ca3a9e52f8d3903ec4c738c0c815c20dfd5dfd44ab0ec48d264a36c67f35c302c1eee06a1b2277d842035221
+SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz) = 0f2af8cacb1a4acdca7c1b2d5cc1e0d27f9abf8e05ccf7e8384074ac124132012b15e36abc31b498f746d6f5295530f535a9d9d85a3e45b387728b4ce726ccc7
commit c867f608e3471506aea129a45d31aa10d815b389
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Feb 15 16:45:42 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b05 (EA)
Update release notes for 8u322-b05.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github
diff --git a/.gitignore b/.gitignore
index f1536da..a986941 100644
--- a/.gitignore
+++ b/.gitignore
@@ -250,3 +250,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
+/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 9773926..b8a1f92 100644
--- a/NEWS
+++ b/NEWS
@@ -63,6 +63,9 @@ Live versions of these release notes can be found at:
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+ - JDK-8275766: (tz) Update Timezone Data to 2021e
+ - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
Notes on individual issues:
===========================
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index c6f0756..61aad1f 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -7,9 +7,9 @@
# If you want to use a local copy of patch PR3822, set the path to it in the PR3822 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=jdk8u OR aarch64-port
-# REPO_NAME=jdk8u60 OR jdk8u60
-# VERSION=jdk8u60-b27 OR aarch64-jdk8u65-b17 OR for head, keyword 'tip' should do the job there
+# PROJECT_NAME=openjdk
+# REPO_NAME=shenandoah-jdk8u
+# VERSION=HEAD
#
# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
@@ -40,7 +40,7 @@ fi
set -e
-OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
+OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# jdk is last for its size
REPOS_DEFAULT="hotspot corba jaxws jaxp langtools nashorn jdk"
@@ -99,7 +99,7 @@ if [ "x$FILE_NAME_ROOT" = "x" ] ; then
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "x$REPO_ROOT" = "x" ] ; then
- REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
+ REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
if [ "x$REPOS" = "x" ] ; then
@@ -123,15 +123,9 @@ mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
-hg clone ${REPO_ROOT} openjdk -r ${VERSION}
+git clone -b ${VERSION} ${REPO_ROOT} openjdk
pushd openjdk
-for subrepo in ${REPOS}
-do
- echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
- hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
-done
-
# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
if [ -d langtools ] ; then
echo "Removing langtools test case with non-Free license"
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 9dc6a8a..f65ab51 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -327,9 +327,9 @@
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
-%global shenandoah_project aarch64-port
-%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b04
+%global shenandoah_project openjdk
+%global shenandoah_repo shenandoah-jdk8u
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b05
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -344,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1141,8 +1141,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2021c required as of JDK-8274407 in January 2022 CPU
-Requires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+Requires: tzdata-java >= 2021e
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1514,8 +1514,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
-# 2021c required as of JDK-8274407 in January 2022 CPU
-BuildRequires: tzdata-java >= 2021c
+# 2021e required as of JDK-8275766 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2683,6 +2683,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Feb 15 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b05-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b05 (EA)
+- Update release notes for 8u322-b05.
+- Require tzdata 2021e as of JDK-8275766.
+- Update tarball generation script to use git following shenandoah-jdk8u's move to github
+
* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.322.b04-0.3.ea
- Re-enable gdb backtrace check.
diff --git a/sources b/sources
index eb1f71f..12cd6db 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz) = ebc3cceb40f7ca567fd9fe751ba9762ad50ac474f63da5e2123cf268683db10132ffb09b6f6a99b3379c021b4fcc3b04a82bc81c2e63c8d4da0fdcf58d995322
+SHA512 (openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b05-4curve.tar.xz) = 5026d6bd2e6d052fa88fb27d7d9fca2f50c5cc66ca3a9e52f8d3903ec4c738c0c815c20dfd5dfd44ab0ec48d264a36c67f35c302c1eee06a1b2277d842035221
commit d3b17054c227146584b900828461d6c414e1aad4
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Feb 8 15:48:38 2022 +0000
Re-enable gdb backtrace check.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 970234f..9dc6a8a 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -115,15 +115,10 @@
%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support JFR
%global jfr_arches %{jit_arches}
-# Set of architectures where we verify backtraces with gdb (ideally all)
-# Temporarily disable check on x86, x86_64, ppc64le and s390x as gdb crashes
-# ../../gdb/objfiles.h:510: internal-error: sect_index_data not initialized
-# A problem internal to GDB has been detected,
-# further debugging may prove unreliable.
-# See https://bugzilla.redhat.com/show_bug.cgi?id=2041970
-%global gdb_arches sparcv9 sparc64 %{aarch64} %{arm} ppc s390
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
+# Set of architectures where we verify backtraces with gdb
+%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@@ -349,7 +344,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2688,6 +2683,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Feb 07 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.322.b04-0.3.ea
+- Re-enable gdb backtrace check.
+
* Thu Jan 20 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.2.ea
- Temporarily move x86 to use Zero in order to get a working build
- Introduce architecture restriction logic for the gdb test. (RH2041970)
commit 2988ce90ffc176c047dcb63bb70e4c8ca1ec6d88
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Thu Jan 20 23:09:54 2022 +0000
Temporarily move x86 to use Zero in order to get a working build
Introduce architecture restriction logic for the gdb test.
Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
Replace GCC 11 patch to remove use of the register keyword with correct fix to ADLC build (JDK-8281098)
Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
Refactor build functions so we can build just HotSpot without any attempt at installation.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
Resolves: rhbz#2045726
Related: rhbz#2051302
Related: rhbz#2041970
diff --git a/java-1.8.0-openjdk-gcc11.patch b/java-1.8.0-openjdk-gcc11.patch
deleted file mode 100644
index 2d0820d..0000000
--- a/java-1.8.0-openjdk-gcc11.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-diff --git a/openjdk/hotspot/src/share/vm/adlc/adlparse.cpp b/openjdk/hotspot/src/share/vm/adlc/adlparse.cpp
-index 31955ff7..6dcd90ac 100644
---- openjdk/hotspot/src/share/vm/adlc/adlparse.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/adlparse.cpp
-@@ -4564,7 +4564,7 @@ char *ADLParser::get_paren_expr(const char *description, bool include_location)
- // string(still inside the file buffer). Returns a pointer to the string or
- // NULL if some other token is found instead.
- char *ADLParser::get_ident_common(bool do_preproc) {
-- register char c;
-+ char c;
- char *start; // Pointer to start of token
- char *end; // Pointer to end of token
-
-@@ -4762,7 +4762,7 @@ char *ADLParser::get_unique_ident(FormDict& dict, const char* nameDescription){
- // invokes a parse_err if the next token is not an integer.
- // This routine does not leave the integer null-terminated.
- int ADLParser::get_int(void) {
-- register char c;
-+ char c;
- char *start; // Pointer to start of token
- char *end; // Pointer to end of token
- int result; // Storage for integer result
-diff --git a/openjdk/hotspot/src/share/vm/adlc/arena.cpp b/openjdk/hotspot/src/share/vm/adlc/arena.cpp
-index d7e4fc6e..406187ae 100644
---- openjdk/hotspot/src/share/vm/adlc/arena.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/arena.cpp
-@@ -79,7 +79,7 @@ Arena::Arena( Arena *a )
- // Total of all Chunks in arena
- size_t Arena::used() const {
- size_t sum = _chunk->_len - (_max-_hwm); // Size leftover in this Chunk
-- register Chunk *k = _first;
-+ Chunk *k = _first;
- while( k != _chunk) { // Whilst have Chunks in a row
- sum += k->_len; // Total size of this Chunk
- k = k->_next; // Bump along to next Chunk
-@@ -93,7 +93,7 @@ void* Arena::grow( size_t x ) {
- // Get minimal required size. Either real big, or even bigger for giant objs
- size_t len = max(x, Chunk::size);
-
-- register Chunk *k = _chunk; // Get filled-up chunk address
-+ Chunk *k = _chunk; // Get filled-up chunk address
- _chunk = new (len) Chunk(len);
-
- if( k ) k->_next = _chunk; // Append new chunk to end of linked list
-diff --git a/openjdk/hotspot/src/share/vm/adlc/dict2.cpp b/openjdk/hotspot/src/share/vm/adlc/dict2.cpp
-index f341a2b6..2dc60b25 100644
---- openjdk/hotspot/src/share/vm/adlc/dict2.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/dict2.cpp
-@@ -283,9 +283,9 @@ void Dict::print(PrintKeyOrValue print_key, PrintKeyOrValue print_value) {
- // limited to MAXID characters in length. Experimental evidence on 150K of
- // C text shows excellent spreading of values for any size hash table.
- int hashstr(const void *t) {
-- register char c, k = 0;
-- register int sum = 0;
-- register const char *s = (const char *)t;
-+ char c, k = 0;
-+ int sum = 0;
-+ const char *s = (const char *)t;
-
- while (((c = s[k]) != '\0') && (k < MAXID-1)) { // Get characters till nul
- c = (char) ((c << 1) + 1); // Characters are always odd!
-diff --git a/openjdk/hotspot/src/share/vm/adlc/main.cpp b/openjdk/hotspot/src/share/vm/adlc/main.cpp
-index 52044f12..40bcda74 100644
---- openjdk/hotspot/src/share/vm/adlc/main.cpp
-+++ openjdk/hotspot/src/share/vm/adlc/main.cpp
-@@ -58,7 +58,7 @@ int main(int argc, char *argv[])
-
- // Read command line arguments and file names
- for( int i = 1; i < argc; i++ ) { // For all arguments
-- register char *s = argv[i]; // Get option/filename
-+ char *s = argv[i]; // Get option/filename
-
- if( *s++ == '-' ) { // It's a flag? (not a filename)
- if( !*s ) { // Stand-alone `-' means stdin
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 43b33d4..970234f 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -24,6 +24,15 @@
%bcond_without release
# Remove build artifacts by default
%bcond_with artifacts
+# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
+%bcond_without fresh_libjvm
+
+# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
+%if %{with fresh_libjvm}
+%global build_hotspot_first 1
+%else
+%global build_hotspot_first 0
+%endif
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
@@ -91,9 +100,9 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
-%global jit_arches %{debug_arches}
+%global jit_arches %{aarch64} %{power64} sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
-%global zero_arches %{arm} ppc s390 s390x
+%global zero_arches %{arm} %{ix86} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
@@ -104,8 +113,15 @@
# See https://bugzilla.redhat.com/show_bug.cgi?id=513605
# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT
%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
+# Set of architectures which support JFR
%global jfr_arches %{jit_arches}
-
+# Set of architectures where we verify backtraces with gdb (ideally all)
+# Temporarily disable check on x86, x86_64, ppc64le and s390x as gdb crashes
+# ../../gdb/objfiles.h:510: internal-error: sect_index_data not initialized
+# A problem internal to GDB has been detected,
+# further debugging may prove unreliable.
+# See https://bugzilla.redhat.com/show_bug.cgi?id=2041970
+%global gdb_arches sparcv9 sparc64 %{aarch64} %{arm} ppc s390
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
@@ -143,7 +159,7 @@
%global fastdebug_build %{nil}
%endif
-# If you disable both builds, then the build fails
+# If you disable all builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
@@ -156,6 +172,18 @@
%global bootstrap_targets images
%global release_targets images docs-zip
%global debug_targets images
+# Target to use to just build HotSpot
+%global hotspot_target hotspot
+
+# JDK to use for bootstrapping
+# Use OpenJDK 7 where available (on RHEL) to avoid
+# having to use the rhel-7.x-java-unsafe-candidate hack
+%if ! 0%{?fedora} && 0%{?rhel} <= 7
+%global buildjdkver 1.7.0
+%else
+%global buildjdkver 1.8.0
+%endif
+%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
# Disable LTO as this causes build failures at the moment.
# See RHBZ#1861401
@@ -321,7 +349,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -814,8 +842,10 @@ exit 0
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnio.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libnpt.so
%ifarch %{sa_arches}
+%ifnarch %{zero_arches}
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsaproc.so
%endif
+%endif
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so
@@ -952,8 +982,10 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jconsole.jar
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/orb.idl
%ifarch %{sa_arches}
+%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/sa-jdi.jar
%endif
+%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/dt.jar
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jexec
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tools.jar
@@ -1215,7 +1247,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -1358,8 +1390,8 @@ Patch600: rh1750419-redhat_alt_java.patch
# JDK-8218811: replace open by os::open in hotspot coding
# This fixes a GCC 10 build issue
Patch111: jdk8218811-perfMemory_linux.patch
-# Similar for GCC 11
-Patch112: %{name}-gcc11.patch
+# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
+Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
#############################################
#
@@ -1404,6 +1436,8 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
+# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
+Patch581: jdk8257794-remove_broken_assert.patch
#############################################
#
@@ -1479,16 +1513,10 @@ BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: unzip
-# Use OpenJDK 7 where available (on RHEL) to avoid
-# having to use the rhel-7.x-java-unsafe-candidate hack
-%if ! 0%{?fedora} && 0%{?rhel} <= 7
# Require a boot JDK which doesn't fail due to RH1482244
-BuildRequires: java-1.7.0-openjdk-devel >= 1.7.0.151-2.6.11.3
-%else
-BuildRequires: java-1.8.0-openjdk-devel
-%endif
+BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
# Zero-assembler build requirement
-%ifnarch %{jit_arches}
+%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
# 2021c required as of JDK-8274407 in January 2022 CPU
@@ -1843,6 +1871,7 @@ sh %{SOURCE12}
%patch111
%patch112
%patch580
+%patch581
# RPM-only fixes
%patch539
@@ -1953,10 +1982,9 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
function buildjdk() {
local outputdir=${1}
- local installdir=${2}
- local buildjdk=${3}
- local maketargets=${4}
- local debuglevel=${5}
+ local buildjdk=${2}
+ local maketargets="${3}"
+ local debuglevel=${4}
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
# Variable used in hs_err hook on build failures
@@ -1966,7 +1994,7 @@ function buildjdk() {
${buildjdk}/bin/java -version
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
- mkdir -p ${outputdir} ${installdir}
+ mkdir -p ${outputdir}
pushd ${outputdir}
bash ${top_srcdir_abs_path}/configure \
@@ -1975,7 +2003,7 @@ function buildjdk() {
%else
--disable-jfr \
%endif
-%ifnarch %{jit_arches}
+%ifarch %{zero_arches}
--with-jvm-variants=zero \
%endif
--with-native-debug-symbols=internal \
@@ -2011,24 +2039,16 @@ function buildjdk() {
SCTP_WERROR= \
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
- # the build (erroneously) removes read permissions from some jars
- # this is a regression in OpenJDK 7 (our compiler):
- # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
- find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
- chmod ugo+r images/%{jdkimage}/lib/ct.sym
-
- # remove redundant *diz and *debuginfo files
- find images/%{jdkimage} -iname '*.diz' -exec rm -v {} \;
- find images/%{jdkimage} -iname '*.debuginfo' -exec rm -v {} \;
-
- # Build screws up permissions on binaries
- # https://bugs.openjdk.java.net/browse/JDK-8173610
- find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
- find images/%{jdkimage}/bin/ -exec chmod +x {} \;
+ popd
+}
- popd >& /dev/null
+function installjdk() {
+ local outputdir=${1}
+ local installdir=${2}
+ local imagepath=${installdir}/images/%{jdkimage}
echo "Installing build from ${outputdir} to ${installdir}..."
+ mkdir -p ${installdir}
echo "Installing images..."
mv ${outputdir}/images ${installdir}
if [ -d ${outputdir}/bundles ] ; then
@@ -2044,8 +2064,35 @@ function buildjdk() {
echo "Removing output directory...";
rm -rf ${outputdir}
%endif
+
+ if [ -d ${imagepath} ] ; then
+ # the build (erroneously) removes read permissions from some jars
+ # this is a regression in OpenJDK 7 (our compiler):
+ # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
+ find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
+ chmod ugo+r ${imagepath}/lib/ct.sym
+
+ # remove redundant *diz and *debuginfo files
+ find ${imagepath} -iname '*.diz' -exec rm -v {} \;
+ find ${imagepath} -iname '*.debuginfo' -exec rm -v {} \;
+
+ # Build screws up permissions on binaries
+ # https://bugs.openjdk.java.net/browse/JDK-8173610
+ find ${imagepath} -iname '*.so' -exec chmod +x {} \;
+ find ${imagepath}/bin/ -exec chmod +x {} \;
+ fi
}
+%if %{build_hotspot_first}
+ # Build a fresh libjvm.so first and use it to bootstrap
+ cp -LR --preserve=mode,timestamps %{bootjdk} newboot
+ systemjdk=$(pwd)/newboot
+ buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
+ mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server
+%else
+ systemjdk=%{bootjdk}
+%endif
+
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
debugbuild=release
@@ -2054,7 +2101,6 @@ else
debugbuild=`echo $suffix | sed "s/-//g"`
fi
-systemjdk=/usr/lib/jvm/java-openjdk
builddir=%{buildoutputdir -- $suffix}
bootbuilddir=boot${builddir}
installdir=%{installoutputdir -- $suffix}
@@ -2072,11 +2118,14 @@ else
fi
if ${run_bootstrap} ; then
- buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
- buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+ buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+ installjdk ${bootbuilddir} ${bootinstalldir}
+ buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+ installjdk ${builddir} ${installdir}
%{!?with_artifacts:rm -rf ${bootinstalldir}}
else
- buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
+ buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
+ installjdk ${builddir} ${installdir}
fi
# Install nss.cfg right away as we will be using the JRE above
@@ -2197,7 +2246,9 @@ end
run -version
EOF
+%ifarch %{gdb_arches}
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
+%endif
# Check src.zip has all sources. See RHBZ#1130490
jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
@@ -2637,6 +2688,20 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Jan 20 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.2.ea
+- Temporarily move x86 to use Zero in order to get a working build
+- Introduce architecture restriction logic for the gdb test. (RH2041970)
+- Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
+- Replace GCC 11 patch to remove use of the register keyword with correct fix to ADLC build (JDK-8281098)
+- Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
+- Refactor build functions so we can build just HotSpot without any attempt at installation.
+- Explicitly list JIT architectures rather than relying on those with slowdebug builds
+- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
+- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
+- Resolves: rhbz#2045726
+- Related: rhbz#2051302
+- Related: rhbz#2041970
+
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.322.b04-0.1.ea.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
diff --git a/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch b/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
index ae48068..0af9d51 100644
--- a/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
+++ b/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
@@ -22,7 +22,7 @@ diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/fla
+ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned.
+ # While waiting for a better solution, the current workaround is to use -mstackrealign
+ # This is also required on Linux systems which use libraries compiled with SSE instructions
-+ REALIGN_CFLAG="-mstackrealign"
++ REALIGN_CFLAG="-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4"
+ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
+ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
+ )
diff --git a/jdk8257794-remove_broken_assert.patch b/jdk8257794-remove_broken_assert.patch
new file mode 100644
index 0000000..bb88013
--- /dev/null
+++ b/jdk8257794-remove_broken_assert.patch
@@ -0,0 +1,13 @@
+diff --git openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
+--- openjdk.orig/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
++++ openjdk/hotspot/src/share/vm/interpreter/bytecodeInterpreter.cpp
+@@ -493,9 +493,6 @@
+ assert(labs(istate->_stack_base - istate->_stack_limit) == (istate->_method->max_stack() + extra_stack_entries
+ + 1), "bad stack limit");
+ }
+-#ifndef SHARK
+- IA32_ONLY(assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1, "wrong"));
+-#endif // !SHARK
+ }
+ // Verify linkages.
+ interpreterState l = istate;
diff --git a/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch b/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
new file mode 100644
index 0000000..774a08e
--- /dev/null
+++ b/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
@@ -0,0 +1,67 @@
+# HG changeset patch
+# User Andrew John Hughes <gnu_andrew(a)member.fsf.org>
+# Date 1620365804 -3600
+# Fri May 07 06:36:44 2021 +0100
+# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8
+# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b
+PR3836: Extra compiler flags not passed to adlc build
+
+diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make
++++ openjdk/hotspot/make/aix/makefiles/adlc.make
+@@ -69,6 +69,11 @@
+ CFLAGS_WARN = -w
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ OBJECTNAMES = \
+ adlparse.o \
+ archDesc.o \
+diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make
++++ openjdk/hotspot/make/bsd/makefiles/adlc.make
+@@ -71,6 +71,11 @@
+ endif
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ OBJECTNAMES = \
+ adlparse.o \
+ archDesc.o \
+diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make
++++ openjdk/hotspot/make/linux/makefiles/adlc.make
+@@ -69,6 +69,11 @@
+ CFLAGS_WARN = $(WARNINGS_ARE_ERRORS)
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ OBJECTNAMES = \
+ adlparse.o \
+ archDesc.o \
+diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make
+--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make
++++ openjdk/hotspot/make/solaris/makefiles/adlc.make
+@@ -85,6 +85,10 @@
+ endif
+ CFLAGS += $(CFLAGS_WARN)
+
++# Extra flags from gnumake's invocation or environment
++CFLAGS += $(EXTRA_CFLAGS)
++ASFLAGS += $(EXTRA_ASFLAGS)
++
+ ifeq ("${Platform_compiler}", "sparcWorks")
+ # Enable the following CFLAGS addition if you need to compare the
+ # built ELF objects.
commit 92c5ccf84cd523a631a4591a4caca18c28c7b722
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Thu Jan 20 13:39:33 2022 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 52325f3..43b33d4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -1215,7 +1215,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -2637,6 +2637,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.322.b04-0.1.ea.1
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
* Mon Jan 10 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b04 (EA)
- Update release notes for 8u322-b04.
commit e3e7a2f6b3250760d68043d5075cdb3d5806a596
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Jan 10 16:26:55 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b04 (EA)
Update release notes for 8u322-b04.
Require tzdata 2021c as of JDK-8274407.
diff --git a/.gitignore b/.gitignore
index bc46b5c..f1536da 100644
--- a/.gitignore
+++ b/.gitignore
@@ -249,3 +249,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz
diff --git a/NEWS b/NEWS
index da4df72..9773926 100644
--- a/NEWS
+++ b/NEWS
@@ -58,6 +58,9 @@ Live versions of these release notes can be found at:
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8274407: (tz) Update Timezone Data to 2021c
+ - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+ - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
@@ -82,6 +85,18 @@ The following root certificate from Google has been removed from the
Alias Name: globalsignr2ca [jdk]
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+core-libs/java.time:
+
+JDK-8274857: Update Timezone Data to 2021c
+===========================================
+IANA Time Zone Database, on which JDK's Date/Time libraries are based,
+has been updated to version 2021c
+(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
+that with this update, some of the time zone rules prior to the year
+1970 have been modified according to the changes which were introduced
+with 2021b. For more detail, refer to the announcement of 2021b
+(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
+
New in release OpenJDK 8u312 (2021-10-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b17d121..52325f3 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b03
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b04
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -1114,8 +1114,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
-# 2021a required as of JDK-8260356 in April CPU
-Requires: tzdata-java >= 2021a
+# 2021c required as of JDK-8274407 in January 2022 CPU
+Requires: tzdata-java >= 2021c
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1491,8 +1491,8 @@ BuildRequires: java-1.8.0-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
-# 2021a required as of JDK-8260356 in April CPU
-BuildRequires: tzdata-java >= 2021a
+# 2021c required as of JDK-8274407 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021c
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2637,6 +2637,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Jan 10 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b04-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b04 (EA)
+- Update release notes for 8u322-b04.
+- Require tzdata 2021c as of JDK-8274407.
+
* Fri Jan 07 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b03 (EA)
- Update release notes for 8u322-b03.
diff --git a/sources b/sources
index f8bc0ea..eb1f71f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz) = 5a511b7721f5d3178c494ebf2ee51dd93b44ca4843226b3e9fc49a6350a5563651e0fe06cef68f21b229f13031661830dfab52ec2ead46d31aaa02c5720d71b0
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b04-4curve.tar.xz) = ebc3cceb40f7ca567fd9fe751ba9762ad50ac474f63da5e2123cf268683db10132ffb09b6f6a99b3379c021b4fcc3b04a82bc81c2e63c8d4da0fdcf58d995322
commit 172b64584ad633cd9f755d573a4cebbd3c74cc23
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Jan 7 15:25:17 2022 +0000
Update to aarch64-shenandoah-jdk8u322-b03 (EA)
Update release notes for 8u322-b03.
diff --git a/.gitignore b/.gitignore
index 9cd6ee4..bc46b5c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -248,3 +248,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 433a4f6..da4df72 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,7 @@ Live versions of these release notes can be found at:
- JDK-8041928: MouseEvent.getModifiersEx gives wrong result
- JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
- JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
+ - JDK-8048021: Remove @version tag in jaxp repo
- JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
- JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
- JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
@@ -49,6 +50,7 @@ Live versions of these release notes can be found at:
- JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
- JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
- JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
+ - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
- JDK-8237499: JFR: Include stack trace in the ThreadStart event
- JDK-8239886: Minimal VM build fails after JDK-8237499
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 682224d..b17d121 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b02
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b03
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2637,6 +2637,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Jan 07 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b03-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b03 (EA)
+- Update release notes for 8u322-b03.
+
* Fri Dec 17 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b02 (EA)
- Update release notes for 8u322-b02.
diff --git a/sources b/sources
index 1ea332b..f8bc0ea 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz) = ebf2c1495ad47345fdc9025fbb690e5fe31fdcb08f180020b061a91cd4f9d01f1617f56f1038c3acbdb1dd9e3ade2cdf7f7c3854cf229084ef5b1fc822ab5422
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b03-4curve.tar.xz) = 5a511b7721f5d3178c494ebf2ee51dd93b44ca4843226b3e9fc49a6350a5563651e0fe06cef68f21b229f13031661830dfab52ec2ead46d31aaa02c5720d71b0
commit a0ac8516d6ebc12bab3af9fec466a19e1c478869
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Dec 17 03:06:13 2021 +0000
Update to aarch64-shenandoah-jdk8u322-b02 (EA)
Update release notes for 8u322-b02.
diff --git a/.gitignore b/.gitignore
index 891d2d8..9cd6ee4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -247,3 +247,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 2dac9d2..433a4f6 100644
--- a/NEWS
+++ b/NEWS
@@ -11,12 +11,22 @@ Live versions of these release notes can be found at:
* Other changes
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
+ - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
+ - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
+ - JDK-8041928: MouseEvent.getModifiersEx gives wrong result
+ - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
+ - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
- JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
+ - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
- JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
+ - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
- JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
- JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
- JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
+ - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
- JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
+ - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
+ - JDK-8148915: Intermittent failures of bug6400879.java
- JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
- JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
- JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
@@ -25,20 +35,29 @@ Live versions of these release notes can be found at:
- JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
- JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
- JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
+ - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
- JDK-8190793: Httpserver does not detect truncated request body
+ - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
- JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
- JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
+ - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
- JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
- JDK-8225083: Remove Google certificate that is expiring in December 2021
- JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
+ - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
- JDK-8231438: [macOS] Dark mode for the desktop is not supported
+ - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
- JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
+ - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
- JDK-8237499: JFR: Include stack trace in the ThreadStart event
- JDK-8239886: Minimal VM build fails after JDK-8237499
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+ - JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
+ - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
Notes on individual issues:
===========================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 41a4f39..682224d 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u322-b01
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b02
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2637,6 +2637,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Dec 17 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b02-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b02 (EA)
+- Update release notes for 8u322-b02.
+
* Tue Dec 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b01-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b01 (EA)
- Update release notes for 8u322-b01.
diff --git a/sources b/sources
index fc55bb8..1ea332b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz) = 0a514ce037f3681819f931312c3de38683d3d8a12fc8b038b11466a8ccb89d1828944816a47267f140707c4149ed959a921b03356f3587487988916c658d5197
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b02-4curve.tar.xz) = ebf2c1495ad47345fdc9025fbb690e5fe31fdcb08f180020b061a91cd4f9d01f1617f56f1038c3acbdb1dd9e3ade2cdf7f7c3854cf229084ef5b1fc822ab5422
commit be50f32572d549f56dc2b1b39434ee6ebba211ac
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Dec 14 02:19:05 2021 +0000
Update to aarch64-shenandoah-jdk8u322-b01 (EA)
Update release notes for 8u322-b01.
Switch to EA mode.
diff --git a/.gitignore b/.gitignore
index d5493bd..891d2d8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -246,3 +246,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index ef9db68..2dac9d2 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,64 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u322 (2022-01-18):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u322
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+
+* Other changes
+ - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
+ - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
+ - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
+ - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
+ - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
+ - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
+ - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
+ - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
+ - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
+ - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
+ - JDK-8182036: Load from initializing arraycopy uses wrong memory state
+ - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
+ - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
+ - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
+ - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
+ - JDK-8190793: Httpserver does not detect truncated request body
+ - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
+ - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
+ - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
+ - JDK-8225083: Remove Google certificate that is expiring in December 2021
+ - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
+ - JDK-8231438: [macOS] Dark mode for the desktop is not supported
+ - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
+ - JDK-8237499: JFR: Include stack trace in the ThreadStart event
+ - JDK-8239886: Minimal VM build fails after JDK-8237499
+ - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
+ - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
+ - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8271434: Removed IdenTrust Root Certificate
+===============================================
+The following root certificate from IdenTrust has been removed from
+the `cacerts` keystore:
+
+Alias Name: identrustdstx3 [jdk]
+Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
+
+JDK-8272535: Removed Google's GlobalSign Root Certificate
+=========================================================
+The following root certificate from Google has been removed from the
+`cacerts` keystore:
+
+Alias Name: globalsignr2ca [jdk]
+Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+
New in release OpenJDK 8u312 (2021-10-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 5275910..41a4f39 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -306,7 +306,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07
+%global shenandoah_revision aarch64-shenandoah-jdk8u322-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -321,12 +321,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2637,6 +2637,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Dec 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.322.b01-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b01 (EA)
+- Update release notes for 8u322-b01.
+- Switch to EA mode.
+
* Mon Dec 06 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-3
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
diff --git a/sources b/sources
index 32ce1e2..fc55bb8 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u322-b01-4curve.tar.xz) = 0a514ce037f3681819f931312c3de38683d3d8a12fc8b038b11466a8ccb89d1828944816a47267f140707c4149ed959a921b03356f3587487988916c658d5197
commit 0478a68d4063ca222c2a544192dfe376ede17488
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Dec 6 00:42:17 2021 +0000
Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 6557c22..5275910 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -86,13 +86,18 @@
%global ppc64be ppc64 ppc64p7
# Set of architectures which support multiple ABIs
%global multilib_arches %{power64} sparc64 x86_64
-# Set of architectures for which we build debug builds
+# Set of architectures for which we build slowdebug builds
%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
+# Set of architectures for which we build fastdebug builds
+%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches}
+# Set of architectures which use the Zero assembler port (!jit_arches)
+%global zero_arches %{arm} ppc s390 s390x
+# Set of architectures which run a full bootstrap cycle
+%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches}
-%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures which support the serviceability agent
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
# Set of architectures which support class data sharing
@@ -137,12 +142,17 @@
%else
%global fastdebug_build %{nil}
%endif
-%global bootstrap_build 1
# If you disable both builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
+%ifarch %{bootstrap_arches}
+%global bootstrap_build true
+%else
+%global bootstrap_build false
+%endif
+
%global bootstrap_targets images
%global release_targets images docs-zip
%global debug_targets images
@@ -311,7 +321,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2051,19 +2061,23 @@ installdir=%{installoutputdir -- $suffix}
bootinstalldir=boot${installdir}
# Debug builds don't need same targets as release for
-# build speed-up
-maketargets="%{release_targets}"
+# build speed-up. We also avoid bootstrapping these
+# slower builds.
if echo $debugbuild | grep -q "debug" ; then
maketargets="%{debug_targets}"
+ run_bootstrap=false
+else
+ maketargets="%{release_targets}"
+ run_bootstrap=%{bootstrap_build}
fi
-%if %{bootstrap_build}
-buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
-buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
-%{!?with_artifacts:rm -rf ${bootinstalldir}}
-%else
-buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
-%endif
+if ${run_bootstrap} ; then
+ buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+ buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+ %{!?with_artifacts:rm -rf ${bootinstalldir}}
+else
+ buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
+fi
# Install nss.cfg right away as we will be using the JRE above
export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
@@ -2623,6 +2637,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Dec 06 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-3
+- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
+
* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.312.b07-2
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
secmod.db file as part of nss
commit b1a7d3ba426353f381b04c725272bf1bb197e02a
Author: Severin Gehwolf <sgehwolf(a)redhat.com>
Date: Wed Nov 3 11:43:58 2021 +0100
Use 'sql:' prefix in nss.fips.cfg
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index afad6cd..6557c22 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1907,7 +1907,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
-sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@@ -2624,6 +2623,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:1.8.0.312.b07-2
+- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
+ secmod.db file as part of nss
+
* Fri Oct 15 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-1
- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
- Update release notes for 8u312-b07.
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
index ead27be..1aff153 100644
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@@ -1,6 +1,6 @@
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = @NSS_SECMOD@
+nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly
nssModule = fips
commit 06afebf8011b6c20c3771e6f98f8f76ea2c0c36c
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Oct 20 01:46:06 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b07 (GA)
Update release notes for 8u312-b07.
Switch to GA mode for final release.
diff --git a/.gitignore b/.gitignore
index f34cedd..d5493bd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -244,3 +244,5 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 05c1b39..ef9db68 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,33 @@ Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u312
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
+* Security fixes
+ - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
+ - JDK-8161016: Strange behavior of URLConnection with proxy
+ - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
+ - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
+ - JDK-8263314: Enhance XML Dsig modes
+ - JDK-8265167, CVE-2021-35556: Richer Text Editors
+ - JDK-8265574: Improve handling of sheets
+ - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
+ - JDK-8265776: Improve Stream handling for SSL
+ - JDK-8266097, CVE-2021-35561: Better hashing support
+ - JDK-8266103: Better specified spec values
+ - JDK-8266109: More Resilient Classloading
+ - JDK-8266115: More Manifest Jar Loading
+ - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
+ - JDK-8266689, CVE-2021-35567: More Constrained Delegation
+ - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
+ - JDK-8267712: Better LDAP reference processing
+ - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
+ - JDK-8267735, CVE-2021-35586: Better BMP support
+ - JDK-8268193: Improve requests of certificates
+ - JDK-8268199: Correct certificate requests
+ - JDK-8268506: More Manifest Digests
+ - JDK-8269618, CVE-2021-35603: Better session identification
+ - JDK-8269624: Enhance method selection support
+ - JDK-8270398: Enhance canonicalization
+ - JDK-8270404: Better canonicalization
* Other changes
- JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
@@ -29,10 +56,9 @@ Live versions of these release notes can be found at:
- JDK-8134869: AARCH64: GHASH intrinsic is not optimal
- JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
- JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
- - JDK-8161016: Strange behavior of URLConnection with proxy
+ - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
- JDK-8166673: The new implementation of Robot.waitForIdle() may hang
- JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
- - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
- JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
- JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
- JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
@@ -40,6 +66,7 @@ Live versions of these release notes can be found at:
- JDK-8214418: half-closed SSLEngine status may cause application dead loop
- JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
- JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
+ - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
- JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
- JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
- JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
@@ -49,7 +76,6 @@ Live versions of these release notes can be found at:
- JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- - JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
@@ -61,7 +87,9 @@ Live versions of these release notes can be found at:
- JDK-8265978: make test should look for more locations when searching for exit code
- JDK-8266206: Build failure after JDK-8264752 with older GCCs
- JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
+ - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
- JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
+ - JDK-8269763: The JEditorPane is blank after JDK-8265167
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
- JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
- JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
@@ -72,6 +100,34 @@ Live versions of these release notes can be found at:
- JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
- JDK-8272214: [8u] Build failure after backport of JDK-8248901
- JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
+* Shenandoah
+ - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array
+ - Re-cast JNI critical strings patch to be Shenandoah-specific
+
+Notes on individual issues:
+===========================
+
+core-libs/java.net:
+
+JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
+================================================================================
+The behavior of HttpURLConnection when using a ProxySelector has been
+modified with this JDK release. HttpURLConnection used to fall back to
+a DIRECT connection attempt if the configured proxy(s) failed to make
+a connection. This release introduces a change whereby no DIRECT
+connection will be attempted in such a scenario. Instead, the
+HttpURLConnection.connect() method will fail and throw an IOException
+which occurred from the last proxy tested.
+
+security-libs/javax.net.ssl:
+
+JDK-8219551: Updated the Default Enabled Cipher Suites Preference
+=================================================================
+The preference of the default enabled cipher suites has been
+changed. The compatibility impact should be minimal. If needed,
+applications can customize the enabled cipher suites and the
+preference. For more details, refer to the SunJSSE provider
+documentation and the JSSE Reference Guide documentation.
New in release OpenJDK 8u302 (2021-07-20):
===========================================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 16c2d89..afad6cd 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b05
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,12 +311,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -2624,6 +2624,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Oct 15 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b07-1
+- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
+- Update release notes for 8u312-b07.
+- Switch to GA mode for final release.
+
* Thu Oct 07 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.2.ea
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
diff --git a/sources b/sources
index 7c2359c..32ce1e2 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz) = 41aa7cfe6946f9b88e8ae66716e8db204a401f5ded43037c54c071b7a895e08df389d6a7ae5961da00c309a6802c88197cd59ed8e5e52a466c997a680f7f425f
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7
commit 38ede77603423977c87a2c9298a9993fa00d9545
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sun Oct 10 22:01:08 2021 +0100
Add FIPS patch to allow plain key import.
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 35a55bd..16c2d89 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1315,6 +1315,8 @@ Patch1006: rh1929465-improve_system_FIPS_detection-root.patch
Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
# RH1996182: Login to the NSS software token in FIPS mode
Patch1008: rh1996182-login_to_nss_software_token.patch
+# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
+Patch1011: rh1991003-enable_fips_keys_import.patch
#############################################
#
@@ -1844,6 +1846,7 @@ sh %{SOURCE12}
%patch1006
%patch1007
%patch1008
+%patch1011
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2621,6 +2624,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Oct 07 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.2.ea
+- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
+
+* Thu Oct 07 2021 Martin Balao <mbalao(a)redhat.com> - 1:1.8.0.312.b05-0.2.ea
+- Add patch to allow plain key import.
+
* Thu Sep 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b05 (EA)
- Update release notes for 8u312-b05.
diff --git a/rh1991003-enable_fips_keys_import.patch b/rh1991003-enable_fips_keys_import.patch
new file mode 100644
index 0000000..028769d
--- /dev/null
+++ b/rh1991003-enable_fips_keys_import.patch
@@ -0,0 +1,583 @@
+diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java
+--- openjdk.orig/jdk/src/share/classes/java/security/Security.java
++++ openjdk/jdk/src/share/classes/java/security/Security.java
+@@ -78,6 +78,10 @@
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
++ @Override
++ public boolean isPlainKeySupportEnabled() {
++ return SystemConfigurator.isPlainKeySupportEnabled();
++ }
+ });
+
+ // doPrivileged here because there are multiple
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -55,6 +55,7 @@
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+ private static boolean systemFipsEnabled = false;
++ private static boolean plainKeySupportEnabled = false;
+
+ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
+
+@@ -149,6 +150,16 @@
+ }
+ loadedProps = true;
+ systemFipsEnabled = true;
++ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport",
++ "true");
++ plainKeySupportEnabled = !"false".equals(plainKeySupport);
++ if (sdebug != null) {
++ if (plainKeySupportEnabled) {
++ sdebug.println("FIPS support enabled with plain key support");
++ } else {
++ sdebug.println("FIPS support enabled without plain key support");
++ }
++ }
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+@@ -176,6 +187,19 @@
+ return systemFipsEnabled;
+ }
+
++ /**
++ * Returns {@code true} if system FIPS alignment is enabled
++ * and plain key support is allowed. Plain key support is
++ * enabled by default but can be disabled with
++ * {@code -Dcom.redhat.fips.plainKeySupport=false}.
++ *
++ * @return a boolean indicating whether plain key support
++ * should be enabled.
++ */
++ static boolean isPlainKeySupportEnabled() {
++ return plainKeySupportEnabled;
++ }
++
+ /*
+ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
+ * system property is true (default) and the system is in FIPS mode.
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+--- openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
++++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
+@@ -27,4 +27,5 @@
+
+ public interface JavaSecuritySystemConfiguratorAccess {
+ boolean isSystemFipsEnabled();
++ boolean isPlainKeySupportEnabled();
+ }
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java openjdk/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+@@ -0,0 +1,290 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package sun.security.pkcs11;
++
++import java.math.BigInteger;
++import java.security.KeyFactory;
++import java.security.Provider;
++import java.security.Security;
++import java.util.HashMap;
++import java.util.Map;
++import java.util.concurrent.locks.ReentrantLock;
++
++import javax.crypto.Cipher;
++import javax.crypto.spec.DHPrivateKeySpec;
++import javax.crypto.spec.IvParameterSpec;
++
++import sun.security.jca.JCAUtil;
++import sun.security.pkcs11.TemplateManager;
++import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
++import sun.security.pkcs11.wrapper.CK_MECHANISM;
++import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
++import sun.security.pkcs11.wrapper.PKCS11Exception;
++import sun.security.rsa.RSAUtil.KeyType;
++import sun.security.util.Debug;
++import sun.security.util.ECUtil;
++
++final class FIPSKeyImporter {
++
++ private static final Debug debug =
++ Debug.getInstance("sunpkcs11");
++
++ private static P11Key importerKey = null;
++ private static final ReentrantLock importerKeyLock = new ReentrantLock();
++ private static CK_MECHANISM importerKeyMechanism = null;
++ private static Cipher importerCipher = null;
++
++ private static Provider sunECProvider = null;
++ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
++
++ private static KeyFactory DHKF = null;
++ private static final ReentrantLock DHKFLock = new ReentrantLock();
++
++ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
++ throws PKCS11Exception {
++ long keyID = -1;
++ Token token = sunPKCS11.getToken();
++ if (debug != null) {
++ debug.println("Private or Secret key will be imported in" +
++ " system FIPS mode.");
++ }
++ if (importerKey == null) {
++ importerKeyLock.lock();
++ try {
++ if (importerKey == null) {
++ if (importerKeyMechanism == null) {
++ // Importer Key creation has not been tried yet. Try it.
++ createImporterKey(token);
++ }
++ if (importerKey == null || importerCipher == null) {
++ if (debug != null) {
++ debug.println("Importer Key could not be" +
++ " generated.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ if (debug != null) {
++ debug.println("Importer Key successfully" +
++ " generated.");
++ }
++ }
++ } finally {
++ importerKeyLock.unlock();
++ }
++ }
++ long importerKeyID = importerKey.getKeyID();
++ try {
++ byte[] keyBytes = null;
++ byte[] encKeyBytes = null;
++ long keyClass = 0L;
++ long keyType = 0L;
++ Map<Long, CK_ATTRIBUTE> attrsMap = new HashMap<>();
++ for (CK_ATTRIBUTE attr : attributes) {
++ if (attr.type == CKA_CLASS) {
++ keyClass = attr.getLong();
++ } else if (attr.type == CKA_KEY_TYPE) {
++ keyType = attr.getLong();
++ }
++ attrsMap.put(attr.type, attr);
++ }
++ BigInteger v = null;
++ if (keyClass == CKO_PRIVATE_KEY) {
++ if (keyType == CKK_RSA) {
++ if (debug != null) {
++ debug.println("Importing an RSA private key...");
++ }
++ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
++ KeyType.RSA,
++ null,
++ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ } else if (keyType == CKK_DSA) {
++ if (debug != null) {
++ debug.println("Importing a DSA private key...");
++ }
++ keyBytes = new sun.security.provider.DSAPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_EC) {
++ if (debug != null) {
++ debug.println("Importing an EC private key...");
++ }
++ if (sunECProvider == null) {
++ sunECProviderLock.lock();
++ try {
++ if (sunECProvider == null) {
++ sunECProvider = Security.getProvider("SunEC");
++ }
++ } finally {
++ sunECProviderLock.unlock();
++ }
++ }
++ keyBytes = P11ECUtil.generateECPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ECUtil.getECParameterSpec(sunECProvider,
++ attrsMap.get(CKA_EC_PARAMS).getByteArray()))
++ .getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_DH) {
++ if (debug != null) {
++ debug.println("Importing a Diffie-Hellman private key...");
++ }
++ if (DHKF == null) {
++ DHKFLock.lock();
++ try {
++ if (DHKF == null) {
++ DHKF = KeyFactory.getInstance(
++ "DH", P11Util.getSunJceProvider());
++ }
++ } finally {
++ DHKFLock.unlock();
++ }
++ }
++ DHPrivateKeySpec spec = new DHPrivateKeySpec
++ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO);
++ keyBytes = DHKF.generatePrivate(spec).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else {
++ if (debug != null) {
++ debug.println("Unrecognized private key type.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ } else if (keyClass == CKO_SECRET_KEY) {
++ if (debug != null) {
++ debug.println("Importing a secret key...");
++ }
++ keyBytes = attrsMap.get(CKA_VALUE).getByteArray();
++ }
++ if (keyBytes == null || keyBytes.length == 0) {
++ if (debug != null) {
++ debug.println("Private or secret key plain bytes could" +
++ " not be obtained. Import failed.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey,
++ new IvParameterSpec((byte[])importerKeyMechanism.pParameter),
++ null);
++ attributes = new CK_ATTRIBUTE[attrsMap.size()];
++ attrsMap.values().toArray(attributes);
++ encKeyBytes = importerCipher.doFinal(keyBytes);
++ attributes = token.getAttributes(TemplateManager.O_IMPORT,
++ keyClass, keyType, attributes);
++ keyID = token.p11.C_UnwrapKey(hSession,
++ importerKeyMechanism, importerKeyID, encKeyBytes, attributes);
++ if (debug != null) {
++ debug.println("Imported key ID: " + keyID);
++ }
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ } finally {
++ importerKey.releaseKeyID();
++ }
++ return Long.valueOf(keyID);
++ }
++
++ private static void createImporterKey(Token token) {
++ if (debug != null) {
++ debug.println("Generating Importer Key...");
++ }
++ byte[] iv = new byte[16];
++ JCAUtil.getSecureRandom().nextBytes(iv);
++ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv);
++ try {
++ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE,
++ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] {
++ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
++ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)});
++ Session s = null;
++ try {
++ s = token.getObjSession();
++ long keyID = token.p11.C_GenerateKey(
++ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN),
++ attributes);
++ if (debug != null) {
++ debug.println("Importer Key ID: " + keyID);
++ }
++ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES",
++ 256 >> 3, null);
++ } catch (PKCS11Exception e) {
++ // best effort
++ } finally {
++ token.releaseSession(s);
++ }
++ if (importerKey != null) {
++ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
++ }
++ } catch (Throwable t) {
++ // best effort
++ importerKey = null;
++ importerCipher = null;
++ // importerKeyMechanism value is kept initialized to indicate that
++ // Importer Key creation has been tried and failed.
++ }
++ }
++}
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -26,6 +26,9 @@
+ package sun.security.pkcs11;
+
+ import java.io.*;
++import java.lang.invoke.MethodHandle;
++import java.lang.invoke.MethodHandles;
++import java.lang.invoke.MethodType;
+ import java.util.*;
+
+ import java.security.*;
+@@ -63,6 +66,26 @@
+ private static final boolean systemFipsEnabled = SharedSecrets
+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
+
++ private static final boolean plainKeySupportEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
++
++ private static final MethodHandle fipsImportKey;
++ static {
++ MethodHandle fipsImportKeyTmp = null;
++ if (plainKeySupportEnabled) {
++ try {
++ fipsImportKeyTmp = MethodHandles.lookup().findStatic(
++ FIPSKeyImporter.class, "importKey",
++ MethodType.methodType(Long.class, SunPKCS11.class,
++ long.class, CK_ATTRIBUTE[].class));
++ } catch (Throwable t) {
++ throw new SecurityException("FIPS key importer initialization" +
++ " failed", t);
++ }
++ }
++ fipsImportKey = fipsImportKeyTmp;
++ }
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -314,10 +337,15 @@
+ // request multithreaded access first
+ initArgs.flags = CKF_OS_LOCKING_OK;
+ PKCS11 tmpPKCS11;
++ MethodHandle fipsKeyImporter = null;
++ if (plainKeySupportEnabled) {
++ fipsKeyImporter = MethodHandles.insertArguments(
++ fipsImportKey, 0, this);
++ }
+ try {
+ tmpPKCS11 = PKCS11.getInstance(
+ library, functionList, initArgs,
+- config.getOmitInitialize());
++ config.getOmitInitialize(), fipsKeyImporter);
+ } catch (PKCS11Exception e) {
+ if (debug != null) {
+ debug.println("Multi-threaded initialization failed: " + e);
+@@ -333,7 +361,7 @@
+ initArgs.flags = 0;
+ }
+ tmpPKCS11 = PKCS11.getInstance(library,
+- functionList, initArgs, config.getOmitInitialize());
++ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter);
+ }
+ p11 = tmpPKCS11;
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+@@ -49,6 +49,7 @@
+
+ import java.io.File;
+ import java.io.IOException;
++import java.lang.invoke.MethodHandle;
+ import java.util.*;
+
+ import java.security.AccessController;
+@@ -147,16 +148,28 @@
+
+ public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
+ String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
+- boolean omitInitialize) throws IOException, PKCS11Exception {
++ boolean omitInitialize, MethodHandle fipsKeyImporter)
++ throws IOException, PKCS11Exception {
+ // we may only call C_Initialize once per native .so/.dll
+ // so keep a cache using the (non-canonicalized!) path
+ PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
+ if (pkcs11 == null) {
++ boolean nssFipsMode = fipsKeyImporter != null;
+ if ((pInitArgs != null)
+ && ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
+- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
++ fipsKeyImporter);
++ } else {
++ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ }
+ } else {
+- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
++ functionList, fipsKeyImporter);
++ } else {
++ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ }
+ }
+ if (omitInitialize == false) {
+ try {
+@@ -1905,4 +1918,69 @@
+ super.C_GenerateRandom(hSession, randomData);
+ }
+ }
++
++// PKCS11 subclass that allows using plain private or secret keys in
++// FIPS-configured NSS Software Tokens. Only used when System FIPS
++// is enabled.
++static class FIPSPKCS11 extends PKCS11 {
++ private MethodHandle fipsKeyImporter;
++ FIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // Creating sensitive key objects from plain key material in a
++ // FIPS-configured NSS Software Token is not allowed. We apply
++ // a key-unwrapping scheme to achieve so.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
+ }
++
++// FIPSPKCS11 synchronized counterpart.
++static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 {
++ private MethodHandle fipsKeyImporter;
++ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // See FIPSPKCS11::C_CreateObject.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
++}
++
++private static class FIPSPKCS11Helper {
++ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) {
++ for (CK_ATTRIBUTE attr : pTemplate) {
++ if (attr.type == CKA_CLASS &&
++ (attr.getLong() == CKO_PRIVATE_KEY ||
++ attr.getLong() == CKO_SECRET_KEY)) {
++ return true;
++ }
++ }
++ return false;
++ }
++}
++}
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
++++ openjdk/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+@@ -33,8 +33,13 @@
+
+ import javax.net.ssl.*;
+
++import sun.misc.SharedSecrets;
++
+ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
+
++ private static final boolean plainKeySupportEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
++
+ X509ExtendedKeyManager keyManager;
+ boolean isInitialized;
+
+@@ -62,7 +67,8 @@
+ KeyStoreException, NoSuchAlgorithmException,
+ UnrecoverableKeyException {
+ if ((ks != null) && SunJSSE.isFIPS()) {
+- if (ks.getProvider() != SunJSSE.cryptoProvider) {
++ if (ks.getProvider() != SunJSSE.cryptoProvider &&
++ !plainKeySupportEnabled) {
+ throw new KeyStoreException("FIPS mode: KeyStore must be "
+ + "from provider " + SunJSSE.cryptoProvider.getName());
+ }
+@@ -91,8 +97,8 @@
+ keyManager = new X509KeyManagerImpl(
+ Collections.<Builder>emptyList());
+ } else {
+- if (SunJSSE.isFIPS() &&
+- (ks.getProvider() != SunJSSE.cryptoProvider)) {
++ if (SunJSSE.isFIPS() && (ks.getProvider() != SunJSSE.cryptoProvider)
++ && !plainKeySupportEnabled) {
+ throw new KeyStoreException(
+ "FIPS mode: KeyStore must be " +
+ "from provider " + SunJSSE.cryptoProvider.getName());
commit afeb38682d63bf513aca64685b0b6938a86918ef
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sat Oct 9 23:21:05 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b05 (EA)
Update release notes for 8u312-b05.
diff --git a/.gitignore b/.gitignore
index 402cdf4..f34cedd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -243,3 +243,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 832ad01..05c1b39 100644
--- a/NEWS
+++ b/NEWS
@@ -12,7 +12,9 @@ Live versions of these release notes can be found at:
* Other changes
- JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
+ - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline
- JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
+ - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private
- JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
- JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
- JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
@@ -23,6 +25,8 @@ Live versions of these release notes can be found at:
- JDK-8079891: Store configure log in $BUILD/configure.log
- JDK-8080082: configure fails if you create an empty directory and then run configure from it
- JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
+ - JDK-8131062: aarch64: add support for GHASH acceleration
+ - JDK-8134869: AARCH64: GHASH intrinsic is not optimal
- JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
- JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
- JDK-8161016: Strange behavior of URLConnection with proxy
@@ -59,12 +63,15 @@ Live versions of these release notes can be found at:
- JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
- JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
+ - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
- JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
- JDK-8269882: stack-use-after-scope in NewObjectA
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
- JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- JDK-8271466: StackGap test fails on aarch64 due to "-m64"
+ - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
- JDK-8272214: [8u] Build failure after backport of JDK-8248901
+ - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
New in release OpenJDK 8u302 (2021-07-20):
===========================================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 149ca75..35a55bd 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -296,7 +296,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b04
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b05
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -311,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2621,6 +2621,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Sep 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b05-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b05 (EA)
+- Update release notes for 8u312-b05.
+
* Mon Sep 27 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.2.ea
- Reduce disk footprint by removing build artifacts by default.
diff --git a/sources b/sources
index 36c8460..7c2359c 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz) = 7553ff5b007150a3361be355e210ae8394926b61aeb1921c67e839710d8a57a639060725b589b7c62ef7b67936239452b438b68e08b38be4c74a3f636f7e9823
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz) = 41aa7cfe6946f9b88e8ae66716e8db204a401f5ded43037c54c071b7a895e08df389d6a7ae5961da00c309a6802c88197cd59ed8e5e52a466c997a680f7f425f
commit 92642a8a9641a89fdbf0dd620f25258bb1d32f03
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Oct 1 16:29:42 2021 +0100
Reduce disk footprint by removing build artifacts by default.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 22a6971..149ca75 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -22,6 +22,8 @@
%bcond_without slowdebug
# Enable release builds by default on relevant arches.
%bcond_without release
+# Remove build artifacts by default
+%bcond_with artifacts
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
@@ -309,7 +311,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -343,6 +345,7 @@
%global jdkimage j2sdk-image
# output dir stub
%define buildoutputdir() %{expand:build/jdk8.build%{?1}}
+%define installoutputdir() %{expand:install/jdk8.install%{?1}}
# we can copy the javadoc to not arched dir, or make it not noarch
%define uniquejavadocdir() %{expand:%{fullversion}%{?1}}
# main id and dir of this jdk
@@ -1045,8 +1048,8 @@ exit 0
%define files_javadoc() %{expand:
%defattr(-,root,root,-)
%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}
-#javadoc is in jdk8 noarch, so also licnese file must be treated like it
-%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
+#javadoc is in jdk8 noarch, so also license file must be treated like it
+%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
%ghost %{_javadocdir}/java
@@ -1057,8 +1060,8 @@ exit 0
%define files_javadoc_zip() %{expand:
%defattr(-,root,root,-)
%doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
-#javadoc is in jdk8 noarch, so also licnese file must be treated like it
-%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
+#javadoc is in jdk8 noarch, so also license file must be treated like it
+%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE
%if %is_system_jdk
%if %{is_release_build -- %{?1}}
%ghost %{_javadocdir}/java-zip
@@ -1938,9 +1941,10 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS
function buildjdk() {
local outputdir=${1}
- local buildjdk=${2}
- local maketargets=${3}
- local debuglevel=${4}
+ local installdir=${2}
+ local buildjdk=${3}
+ local maketargets=${4}
+ local debuglevel=${5}
local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name}
# Variable used in hs_err hook on build failures
@@ -1950,7 +1954,7 @@ function buildjdk() {
${buildjdk}/bin/java -version
echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}"
- mkdir -p ${outputdir}
+ mkdir -p ${outputdir} ${installdir}
pushd ${outputdir}
bash ${top_srcdir_abs_path}/configure \
@@ -2011,6 +2015,23 @@ function buildjdk() {
find images/%{jdkimage}/bin/ -exec chmod +x {} \;
popd >& /dev/null
+
+ echo "Installing build from ${outputdir} to ${installdir}..."
+ echo "Installing images..."
+ mv ${outputdir}/images ${installdir}
+ if [ -d ${outputdir}/bundles ] ; then
+ echo "Installing bundles...";
+ mv ${outputdir}/bundles ${installdir} ;
+ fi
+ if [ -d ${outputdir}/docs ] ; then
+ echo "Installing docs...";
+ mv ${outputdir}/docs ${installdir} ;
+ fi
+
+%if !%{with artifacts}
+ echo "Removing output directory...";
+ rm -rf ${outputdir}
+%endif
}
for suffix in %{build_loop} ; do
@@ -2024,6 +2045,8 @@ fi
systemjdk=/usr/lib/jvm/java-openjdk
builddir=%{buildoutputdir -- $suffix}
bootbuilddir=boot${builddir}
+installdir=%{installoutputdir -- $suffix}
+bootinstalldir=boot${installdir}
# Debug builds don't need same targets as release for
# build speed-up
@@ -2033,15 +2056,15 @@ if echo $debugbuild | grep -q "debug" ; then
fi
%if %{bootstrap_build}
-buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
-buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
-rm -rf ${bootbuilddir}
+buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+%{!?with_artifacts:rm -rf ${bootinstalldir}}
%else
-buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild}
+buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
%endif
# Install nss.cfg right away as we will be using the JRE above
-export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
+export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/jre/lib/security/
@@ -2067,7 +2090,7 @@ done
# We test debug first as it will give better diagnostics on a crash
for suffix in %{build_loop} ; do
-export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
+export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Check unlimited policy has been used
$JAVA_HOME/bin/javac -d . %{SOURCE13}
@@ -2182,7 +2205,7 @@ STRIP_KEEP_SYMTAB=libjvm*
for suffix in %{build_loop} ; do
# Install the jdk
-pushd %{buildoutputdir -- $suffix}/images/%{jdkimage}
+pushd %{installoutputdir -- $suffix}/images/%{jdkimage}
# Install jsa directories so we can owe them
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/
@@ -2249,9 +2272,9 @@ popd
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
- cp -a %{buildoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
+ cp -a %{installoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=`echo "jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip" | sed s/slowdebug/debug/`
- cp -a %{buildoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
+ cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
fi
# Install release notes
@@ -2598,6 +2621,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Sep 27 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.2.ea
+- Reduce disk footprint by removing build artifacts by default.
+
* Sun Sep 26 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b04 (EA)
- Update release notes for 8u312-b04.
commit 5e8cea34ec67303a43c0d0bd3a57e05a93705b0a
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sun Sep 26 20:02:53 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b04 (EA)
Update release notes for 8u312-b04.
diff --git a/.gitignore b/.gitignore
index 5ddd4a9..402cdf4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -242,3 +242,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 9052cf4..832ad01 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ Live versions of these release notes can be found at:
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
* Other changes
+ - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
- JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
- JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
@@ -24,8 +25,11 @@ Live versions of these release notes can be found at:
- JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
- JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
- JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
+ - JDK-8161016: Strange behavior of URLConnection with proxy
- JDK-8166673: The new implementation of Robot.waitForIdle() may hang
- JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
+ - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
+ - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
- JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
- JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
- JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
@@ -38,6 +42,7 @@ Live versions of these release notes can be found at:
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+ - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
@@ -45,12 +50,17 @@ Live versions of these release notes can be found at:
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- JDK-8263311: Watch registry changes for remote printers update instead of polling
+ - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
- JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
- JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
- JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- JDK-8265978: make test should look for more locations when searching for exit code
- JDK-8266206: Build failure after JDK-8264752 with older GCCs
+ - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
+ - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
+ - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
+ - JDK-8269882: stack-use-after-scope in NewObjectA
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
- JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- JDK-8271466: StackGap test fails on aarch64 due to "-m64"
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index dfda03b..22a6971 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b03
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b04
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2598,7 +2598,11 @@ cjc.mainProgram(args)
%endif
%changelog
-* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.2.ea
+* Sun Sep 26 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b04-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b04 (EA)
+- Update release notes for 8u312-b04.
+
+* Tue Sep 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.2.ea
- Add patch to login to the NSS software token when in FIPS mode.
* Mon Sep 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.1.ea
@@ -2727,7 +2731,7 @@ cjc.mainProgram(args)
- removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and patch3 rh1648644-java_access_bridge_privileged_security.patch
- removal of accessibility{,-slowdebug,-fastdebug} subpackages
- no longer creating symlinks of %%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 libatk-wrapper.so and %%{_libdir}/java-atk-wrapper/java-atk-wrapper.jar java-atk-wrapper.jar
-- no longer creating %%{_jvmdir}/%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
+- no longer creating %%{_jvmdir}/%%{jredir -- $suffix}/lib/accessibility.properties with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
- removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
* Mon Mar 22 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.292.b06-0.0.ea
diff --git a/sources b/sources
index fc6c611..36c8460 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz) = e6a9dd82d3c76920b03124f9cf261f68f520bea9368427b850adfb36385cd717cfe6a5f684b6f1653d4d79c9863e45e4b62907567446e8a5c68587a3a8bdef10
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz) = 7553ff5b007150a3361be355e210ae8394926b61aeb1921c67e839710d8a57a639060725b589b7c62ef7b67936239452b438b68e08b38be4c74a3f636f7e9823
commit aa2c8f31b92b74e2eca59bdcf1acb5b92792764b
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Tue Sep 14 02:59:18 2021 +0100
Add patch to login to the NSS software token when in FIPS mode.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 3d857b9..dfda03b 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1310,6 +1310,8 @@ Patch1005: rh1906862-always_initialise_configurator_access.patch
# RH1929465: Improve system FIPS detection
Patch1006: rh1929465-improve_system_FIPS_detection-root.patch
Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
+# RH1996182: Login to the NSS software token in FIPS mode
+Patch1008: rh1996182-login_to_nss_software_token.patch
#############################################
#
@@ -1838,6 +1840,7 @@ sh %{SOURCE12}
%patch1005
%patch1006
%patch1007
+%patch1008
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -2595,6 +2598,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.2.ea
+- Add patch to login to the NSS software token when in FIPS mode.
+
* Mon Sep 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b03 (EA)
- Update release notes for 8u312-b03.
diff --git a/rh1996182-login_to_nss_software_token.patch b/rh1996182-login_to_nss_software_token.patch
new file mode 100644
index 0000000..341e092
--- /dev/null
+++ b/rh1996182-login_to_nss_software_token.patch
@@ -0,0 +1,55 @@
+# HG changeset patch
+# User mbalao
+# Date 1630103180 -3600
+# Fri Aug 27 23:26:20 2021 +0100
+# Node ID b3bd3119fab9bc5adfd7073377aca12bb1af80b3
+# Parent c90394a76ee02a689f95199559d5724824b4b25e
+RH1996182: Login to the NSS Software Token in FIPS Mode
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -42,6 +42,8 @@
+ import javax.security.auth.callback.PasswordCallback;
+ import javax.security.auth.callback.TextOutputCallback;
+
++import sun.misc.SharedSecrets;
++
+ import sun.security.util.Debug;
+ import sun.security.util.ResourcesMgr;
+
+@@ -58,6 +60,9 @@
+ */
+ public final class SunPKCS11 extends AuthProvider {
+
++ private static final boolean systemFipsEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -368,6 +373,24 @@
+ if (nssModule != null) {
+ nssModule.setProvider(this);
+ }
++ if (systemFipsEnabled) {
++ // The NSS Software Token in FIPS 140-2 mode requires a user
++ // login for most operations. See sftk_fipsCheck. The NSS DB
++ // (/etc/pki/nssdb) PIN is empty.
++ Session session = null;
++ try {
++ session = token.getOpSession();
++ p11.C_Login(session.id(), CKU_USER, new char[] {});
++ } catch (PKCS11Exception p11e) {
++ if (debug != null) {
++ debug.println("Error during token login: " +
++ p11e.getMessage());
++ }
++ throw p11e;
++ } finally {
++ token.releaseSession(session);
++ }
++ }
+ } catch (Exception e) {
+ if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
+ throw new UnsupportedOperationException
commit 0cb1fbdb0bdab3fca4fd43433c0d0c677ceab770
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Mon Sep 13 12:28:45 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b03 (EA)
Update release notes for 8u312-b03.
diff --git a/.gitignore b/.gitignore
index 5d0524d..5ddd4a9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -241,3 +241,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 3cf6136..9052cf4 100644
--- a/NEWS
+++ b/NEWS
@@ -34,21 +34,27 @@ Live versions of these release notes can be found at:
- JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
- JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
- JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
+ - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
+ - JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- JDK-8263311: Watch registry changes for remote printers update instead of polling
+ - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
- JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
- JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- JDK-8265978: make test should look for more locations when searching for exit code
+ - JDK-8266206: Build failure after JDK-8264752 with older GCCs
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
+ - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- JDK-8271466: StackGap test fails on aarch64 due to "-m64"
+ - JDK-8272214: [8u] Build failure after backport of JDK-8248901
New in release OpenJDK 8u302 (2021-07-20):
===========================================
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index c545df3..3d857b9 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b02
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b03
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -2595,6 +2595,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Sep 13 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b03-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b03 (EA)
+- Update release notes for 8u312-b03.
+
* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b02-0.1.ea
- Update to aarch64-shenandoah-jdk8u312-b02 (EA)
- Update release notes for 8u312-b02.
diff --git a/sources b/sources
index c2c873f..fc6c611 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz) = fcff36d3c837de6770eb32ac1ff514278ec92feb6311aa0b8150d9da4b917494899993b498ffd3ac55c7ddbd22860105af0ffcb30b3c43ec702847650098c349
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz) = e6a9dd82d3c76920b03124f9cf261f68f520bea9368427b850adfb36385cd717cfe6a5f684b6f1653d4d79c9863e45e4b62907567446e8a5c68587a3a8bdef10
commit 12c54a64a11f9620ab5d31b3773f15156f442dba
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Fri Sep 10 05:30:49 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b02 (EA)
Update release notes for 8u312-b02.
diff --git a/.gitignore b/.gitignore
index 4252ee4..5d0524d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -240,3 +240,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 947e72a..3cf6136 100644
--- a/NEWS
+++ b/NEWS
@@ -37,12 +37,14 @@ Live versions of these release notes can be found at:
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+ - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- JDK-8263311: Watch registry changes for remote printers update instead of polling
- JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
+ - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- JDK-8265978: make test should look for more locations when searching for exit code
- JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
- JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 294ed12..c545df3 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u312-b01
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b02
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 3
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -2595,6 +2595,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Fri Sep 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b02-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b02 (EA)
+- Update release notes for 8u312-b02.
+
* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.3.ea
- Port FIPS system detection support to OpenJDK 8u
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
diff --git a/sources b/sources
index 743cecf..c2c873f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz) = ddce8d47e12e4de078004d981d4c89538738a7cb201b7e7f820f51a39aac2c00040e3ba9c6ee92ec10d10e5607f420a4c3e4d059e05a8d9930e3f71e0917c84f
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b02-4curve.tar.xz) = fcff36d3c837de6770eb32ac1ff514278ec92feb6311aa0b8150d9da4b917494899993b498ffd3ac55c7ddbd22860105af0ffcb30b3c43ec702847650098c349
commit d57e76505362030867d295ab1f4c36a2664de233
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sat Sep 4 02:14:31 2021 +0100
Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Port FIPS system detection support to OpenJDK 8u
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index a31c545..294ed12 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -352,7 +352,7 @@
# fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349
# https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14
# https://bugzilla.redhat.com/show_bug.cgi?id=1655938
-%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
+%global _privatelibs libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.*
%global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.*
%if %is_system_jdk
%global __provides_exclude ^(%{_privatelibs})$
@@ -805,6 +805,7 @@ exit 0
%endif
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsctp.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsunec.so
+%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libsystemconf.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libunpack.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libverify.so
%{_jvmdir}/%{jredir -- %{?1}}/lib/%{archinstall}/libzip.so
@@ -1112,8 +1113,6 @@ Requires: copy-jdk-configs >= 4.0
OrderWithRequires: copy-jdk-configs
# for printing support
Requires: cups-libs
-# for FIPS PKCS11 provider
-Requires: nss
# Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
@@ -1308,6 +1307,9 @@ Patch1002: rh1760838-fips_default_keystore_type.patch
Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess
Patch1005: rh1906862-always_initialise_configurator_access.patch
+# RH1929465: Improve system FIPS detection
+Patch1006: rh1929465-improve_system_FIPS_detection-root.patch
+Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
#############################################
#
@@ -1454,8 +1456,8 @@ BuildRequires: libXinerama-devel
BuildRequires: libXrender-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
-# Requirements for setting up the nss.cfg
-BuildRequires: nss-devel
+# Requirements for setting up the nss.cfg and FIPS support
+BuildRequires: nss-devel >= 3.53
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@@ -1834,6 +1836,8 @@ sh %{SOURCE12}
%patch1003
%patch1004
%patch1005
+%patch1006
+%patch1007
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -1965,6 +1969,7 @@ function buildjdk() {
--with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
+ --enable-sysconf-nss \
--enable-unlimited-crypto \
--with-zlib=system \
--with-libjpeg=system \
@@ -2590,7 +2595,15 @@ cjc.mainProgram(args)
%endif
%changelog
-* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.1.ea
+* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.3.ea
+- Port FIPS system detection support to OpenJDK 8u
+- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
+- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
+
+* Wed Sep 01 2021 Martin Balao <mbalao(a)redhat.com> - 1:1.8.0.312.b01-0.3.ea
+- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
+
+* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.2.ea
- Update to aarch64-shenandoah-jdk8u312-b01 (EA)
- Update release notes for 8u312-b01.
- Switch to EA mode.
diff --git a/rh1929465-improve_system_FIPS_detection-jdk.patch b/rh1929465-improve_system_FIPS_detection-jdk.patch
new file mode 100644
index 0000000..1461be8
--- /dev/null
+++ b/rh1929465-improve_system_FIPS_detection-jdk.patch
@@ -0,0 +1,344 @@
+diff --git openjdk.orig/jdk/make/lib/SecurityLibraries.gmk openjdk/jdk/make/lib/SecurityLibraries.gmk
+--- openjdk.orig/jdk/make/lib/SecurityLibraries.gmk
++++ openjdk/jdk/make/lib/SecurityLibraries.gmk
+@@ -289,3 +289,34 @@
+
+ endif
+ endif
++
++################################################################################
++# Create the systemconf library
++
++LIBSYSTEMCONF_CFLAGS :=
++LIBSYSTEMCONF_CXXFLAGS :=
++
++ifeq ($(USE_SYSCONF_NSS), true)
++ LIBSYSTEMCONF_CFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++ LIBSYSTEMCONF_CXXFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++endif
++
++ifeq ($(OPENJDK_BUILD_OS), linux)
++ $(eval $(call SetupNativeCompilation,BUILD_LIBSYSTEMCONF, \
++ LIBRARY := systemconf, \
++ OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
++ SRC := $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/native/java/security, \
++ LANG := C, \
++ OPTIMIZATION := LOW, \
++ CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \
++ CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \
++ MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libsystemconf/mapfile-vers, \
++ LDFLAGS := $(LDFLAGS_JDKLIB) \
++ $(call SET_SHARED_LIBRARY_ORIGIN), \
++ LDFLAGS_SUFFIX := $(LIBDL) $(NSS_LIBS), \
++ OBJECT_DIR := $(JDK_OUTPUTDIR)/objs/libsystemconf, \
++ DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
++
++ BUILD_LIBRARIES += $(BUILD_LIBSYSTEMCONF)
++endif
++
+diff --git openjdk.orig/jdk/make/mapfiles/libsystemconf/mapfile-vers openjdk/jdk/make/mapfiles/libsystemconf/mapfile-vers
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/make/mapfiles/libsystemconf/mapfile-vers
+@@ -0,0 +1,35 @@
++#
++# Copyright (c) 2021, Red Hat, Inc.
++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++#
++# This code is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 2 only, as
++# published by the Free Software Foundation. Oracle designates this
++# particular file as subject to the "Classpath" exception as provided
++# by Oracle in the LICENSE file that accompanied this code.
++#
++# This code is distributed in the hope that it will be useful, but WITHOUT
++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# version 2 for more details (a copy is included in the LICENSE file that
++# accompanied this code).
++#
++# You should have received a copy of the GNU General Public License version
++# 2 along with this work; if not, write to the Free Software Foundation,
++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++# or visit www.oracle.com if you need additional information or have any
++# questions.
++#
++
++# Define public interface.
++
++SUNWprivate_1.1 {
++ global:
++ DEF_JNI_OnLoad;
++ DEF_JNI_OnUnLoad;
++ Java_java_security_SystemConfigurator_getSystemFIPSEnabled;
++ local:
++ *;
++};
+diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java
++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019, 2020, Red Hat, Inc.
++ * Copyright (c) 2019, 2021, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+@@ -30,14 +30,9 @@
+ import java.io.FileInputStream;
+ import java.io.IOException;
+
+-import java.nio.file.Files;
+-import java.nio.file.FileSystems;
+-import java.nio.file.Path;
+-
+ import java.util.Iterator;
+ import java.util.Map.Entry;
+ import java.util.Properties;
+-import java.util.regex.Pattern;
+
+ import sun.security.util.Debug;
+
+@@ -59,10 +54,21 @@
+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+- private static final String CRYPTO_POLICIES_CONFIG =
+- CRYPTO_POLICIES_BASE_DIR + "/config";
++ private static boolean systemFipsEnabled = false;
++
++ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
++
++ private static native boolean getSystemFIPSEnabled()
++ throws IOException;
+
+- private static boolean systemFipsEnabled = false;
++ static {
++ AccessController.doPrivileged(new PrivilegedAction<Void>() {
++ public Void run() {
++ System.loadLibrary(SYSTEMCONF_NATIVE_LIB);
++ return null;
++ }
++ });
++ }
+
+ /*
+ * Invoked when java.security.Security class is initialized, if
+@@ -171,17 +177,34 @@
+ }
+
+ /*
+- * FIPS is enabled only if crypto-policies are set to "FIPS"
+- * and the com.redhat.fips property is true.
++ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
++ * system property is true (default) and the system is in FIPS mode.
++ *
++ * There are 2 possible ways in which OpenJDK detects that the system
++ * is in FIPS mode: 1) if the NSS SECMOD_GetSystemFIPSEnabled API is
++ * available at OpenJDK's built-time, it is called; 2) otherwise, the
++ * /proc/sys/crypto/fips_enabled file is read.
+ */
+- private static boolean enableFips() throws Exception {
++ private static boolean enableFips() throws IOException {
+ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (shouldEnable) {
+- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG);
+- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath));
+- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+- return pattern.matcher(cryptoPoliciesConfig).find();
++ if (sdebug != null) {
++ sdebug.println("Calling getSystemFIPSEnabled (libsystemconf)...");
++ }
++ try {
++ shouldEnable = getSystemFIPSEnabled();
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) returned: "
++ + shouldEnable);
++ }
++ return shouldEnable;
++ } catch (IOException e) {
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) failed:");
++ sdebug.println(e.getMessage());
++ }
++ throw e;
++ }
+ } else {
+ return false;
+ }
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+new file mode 100644
+--- /dev/null
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -0,0 +1,168 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++#include <dlfcn.h>
++#include <jni.h>
++#include <jni_util.h>
++#include <stdio.h>
++
++#ifdef SYSCONF_NSS
++#include <nss3/pk11pub.h>
++#endif //SYSCONF_NSS
++
++#include "java_security_SystemConfigurator.h"
++
++#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
++#define MSG_MAX_SIZE 96
++
++static jmethodID debugPrintlnMethodID = NULL;
++static jobject debugObj = NULL;
++
++static void throwIOException(JNIEnv *env, const char *msg);
++static void dbgPrint(JNIEnv *env, const char* msg);
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnLoad
++ */
++JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++ jclass sysConfCls, debugCls;
++ jfieldID sdebugFld;
++
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return JNI_EVERSION; /* JNI version not supported */
++ }
++
++ sysConfCls = (*env)->FindClass(env,"java/security/SystemConfigurator");
++ if (sysConfCls == NULL) {
++ printf("libsystemconf: SystemConfigurator class not found\n");
++ return JNI_ERR;
++ }
++ sdebugFld = (*env)->GetStaticFieldID(env, sysConfCls,
++ "sdebug", "Lsun/security/util/Debug;");
++ if (sdebugFld == NULL) {
++ printf("libsystemconf: SystemConfigurator::sdebug field not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->GetStaticObjectField(env, sysConfCls, sdebugFld);
++ if (debugObj != NULL) {
++ debugCls = (*env)->FindClass(env,"sun/security/util/Debug");
++ if (debugCls == NULL) {
++ printf("libsystemconf: Debug class not found\n");
++ return JNI_ERR;
++ }
++ debugPrintlnMethodID = (*env)->GetMethodID(env, debugCls,
++ "println", "(Ljava/lang/String;)V");
++ if (debugPrintlnMethodID == NULL) {
++ printf("libsystemconf: Debug::println(String) method not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->NewGlobalRef(env, debugObj);
++ }
++
++ return (*env)->GetVersion(env);
++}
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnUnload
++ */
++JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++
++ if (debugObj != NULL) {
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return; /* Should not happen */
++ }
++ (*env)->DeleteGlobalRef(env, debugObj);
++ }
++}
++
++JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled
++ (JNIEnv *env, jclass cls)
++{
++ int fips_enabled;
++ char msg[MSG_MAX_SIZE];
++ int msg_bytes;
++
++#ifdef SYSCONF_NSS
++
++ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
++ fips_enabled = SECMOD_GetSystemFIPSEnabled();
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " SECMOD_GetSystemFIPSEnabled return value");
++ }
++ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
++
++#else // SYSCONF_NSS
++
++ FILE *fe;
++
++ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
++ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
++ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ }
++ fips_enabled = fgetc(fe);
++ fclose(fe);
++ if (fips_enabled == EOF) {
++ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ }
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " read character is '%c'", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " read character");
++ }
++ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
++
++#endif // SYSCONF_NSS
++}
++
++static void throwIOException(JNIEnv *env, const char *msg)
++{
++ jclass cls = (*env)->FindClass(env, "java/io/IOException");
++ if (cls != 0)
++ (*env)->ThrowNew(env, cls, msg);
++}
++
++static void dbgPrint(JNIEnv *env, const char* msg)
++{
++ jstring jMsg;
++ if (debugObj != NULL) {
++ jMsg = (*env)->NewStringUTF(env, msg);
++ CHECK_NULL(jMsg);
++ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
++ }
++}
diff --git a/rh1929465-improve_system_FIPS_detection-root.patch b/rh1929465-improve_system_FIPS_detection-root.patch
new file mode 100644
index 0000000..64d8ac0
--- /dev/null
+++ b/rh1929465-improve_system_FIPS_detection-root.patch
@@ -0,0 +1,152 @@
+diff --git openjdk.orig/common/autoconf/configure.ac openjdk/common/autoconf/configure.ac
+--- openjdk.orig/common/autoconf/configure.ac
++++ openjdk/common/autoconf/configure.ac
+@@ -212,6 +212,7 @@
+ LIB_SETUP_ALSA
+ LIB_SETUP_FONTCONFIG
+ LIB_SETUP_MISC_LIBS
++LIB_SETUP_SYSCONF_LIBS
+ LIB_SETUP_STATIC_LINK_LIBSTDCPP
+ LIB_SETUP_ON_WINDOWS
+
+diff --git openjdk.orig/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4
+--- openjdk.orig/common/autoconf/libraries.m4
++++ openjdk/common/autoconf/libraries.m4
+@@ -1067,3 +1067,63 @@
+ BASIC_DEPRECATED_ARG_WITH([dxsdk-include])
+ fi
+ ])
++
++################################################################################
++# Setup system configuration libraries
++################################################################################
++AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS],
++[
++ ###############################################################################
++ #
++ # Check for the NSS library
++ #
++
++ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
++
++ # default is not available
++ DEFAULT_SYSCONF_NSS=no
++
++ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss],
++ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])],
++ [
++ case "${enableval}" in
++ yes)
++ sysconf_nss=yes
++ ;;
++ *)
++ sysconf_nss=no
++ ;;
++ esac
++ ],
++ [
++ sysconf_nss=${DEFAULT_SYSCONF_NSS}
++ ])
++ AC_MSG_RESULT([$sysconf_nss])
++
++ USE_SYSCONF_NSS=false
++ if test "x${sysconf_nss}" = "xyes"; then
++ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no])
++ if test "x${NSS_FOUND}" = "xyes"; then
++ AC_MSG_CHECKING([for system FIPS support in NSS])
++ saved_libs="${LIBS}"
++ saved_cflags="${CFLAGS}"
++ CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
++ LIBS="${LIBS} ${NSS_LIBS}"
++ AC_LANG_PUSH([C])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <nss3/pk11pub.h>]],
++ [[SECMOD_GetSystemFIPSEnabled()]])],
++ [AC_MSG_RESULT([yes])],
++ [AC_MSG_RESULT([no])
++ AC_MSG_ERROR([System NSS FIPS detection unavailable])])
++ AC_LANG_POP([C])
++ CFLAGS="${saved_cflags}"
++ LIBS="${saved_libs}"
++ USE_SYSCONF_NSS=true
++ else
++ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API
++ dnl in nss3/pk11pub.h.
++ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.])
++ fi
++ fi
++ AC_SUBST(USE_SYSCONF_NSS)
++])
+diff --git openjdk.orig/common/autoconf/spec.gmk.in openjdk/common/autoconf/spec.gmk.in
+--- openjdk.orig/common/autoconf/spec.gmk.in
++++ openjdk/common/autoconf/spec.gmk.in
+@@ -312,6 +312,10 @@
+ ALSA_LIBS:=@ALSA_LIBS@
+ ALSA_CFLAGS:=@ALSA_CFLAGS@
+
++USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
++NSS_LIBS:=@NSS_LIBS@
++NSS_CFLAGS:=@NSS_CFLAGS@
++
+ PACKAGE_PATH=@PACKAGE_PATH@
+
+ # Source file for cacerts
+diff --git openjdk.orig/common/bin/compare_exceptions.sh.incl openjdk/common/bin/compare_exceptions.sh.incl
+--- openjdk.orig/common/bin/compare_exceptions.sh.incl
++++ openjdk/common/bin/compare_exceptions.sh.incl
+@@ -280,6 +280,7 @@
+ ./jre/lib/i386/libsplashscreen.so
+ ./jre/lib/i386/libsunec.so
+ ./jre/lib/i386/libsunwjdga.so
++./jre/lib/i386/libsystemconf.so
+ ./jre/lib/i386/libt2k.so
+ ./jre/lib/i386/libunpack.so
+ ./jre/lib/i386/libverify.so
+@@ -433,6 +434,7 @@
+ ./jre/lib/amd64/libsplashscreen.so
+ ./jre/lib/amd64/libsunec.so
+ ./jre/lib/amd64/libsunwjdga.so
++//jre/lib/amd64/libsystemconf.so
+ ./jre/lib/amd64/libt2k.so
+ ./jre/lib/amd64/libunpack.so
+ ./jre/lib/amd64/libverify.so
+@@ -587,6 +589,7 @@
+ ./jre/lib/sparc/libsplashscreen.so
+ ./jre/lib/sparc/libsunec.so
+ ./jre/lib/sparc/libsunwjdga.so
++./jre/lib/sparc/libsystemconf.so
+ ./jre/lib/sparc/libt2k.so
+ ./jre/lib/sparc/libunpack.so
+ ./jre/lib/sparc/libverify.so
+@@ -741,6 +744,7 @@
+ ./jre/lib/sparcv9/libsplashscreen.so
+ ./jre/lib/sparcv9/libsunec.so
+ ./jre/lib/sparcv9/libsunwjdga.so
++./jre/lib/sparcv9/libsystemconf.so
+ ./jre/lib/sparcv9/libt2k.so
+ ./jre/lib/sparcv9/libunpack.so
+ ./jre/lib/sparcv9/libverify.so
+diff --git openjdk.orig/common/nb_native/nbproject/configurations.xml openjdk/common/nb_native/nbproject/configurations.xml
+--- openjdk.orig/common/nb_native/nbproject/configurations.xml
++++ openjdk/common/nb_native/nbproject/configurations.xml
+@@ -53,6 +53,9 @@
+ <in>jvmtiEnterTrace.cpp</in>
+ </df>
+ </df>
++ <df name="libsystemconf">
++ <in>systemconf.c</in>
++ </df>
+ </df>
+ </df>
+ <df name="jdk">
+@@ -12772,6 +12775,11 @@
+ tool="0"
+ flavor2="0">
+ </item>
++ <item path="../../jdk/src/solaris/native/java/security/systemconf.c"
++ ex="false"
++ tool="0"
++ flavor2="0">
++ </item>
+ <item path="../../jdk/src/share/native/java/util/TimeZone.c"
+ ex="false"
+ tool="0"
commit 37a363e30cf6934369ea54430e41bd92cd21d940
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Wed Sep 1 23:23:51 2021 +0100
Update to aarch64-shenandoah-jdk8u312-b01 (EA)
Update release notes for 8u312-b01.
Switch to EA mode.
Remove "-clean" suffix as no 8u312 builds are unclean.
diff --git a/.gitignore b/.gitignore
index 67c9eb6..4252ee4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -239,3 +239,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 1cb973a..947e72a 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,51 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 8u312 (2021-10-19):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk8u312
+ * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
+
+* Other changes
+ - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
+ - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
+ - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
+ - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
+ - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
+ - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed
+ - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently
+ - JDK-8065215: Print warning summary at end of configure
+ - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object
+ - JDK-8079891: Store configure log in $BUILD/configure.log
+ - JDK-8080082: configure fails if you create an empty directory and then run configure from it
+ - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
+ - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
+ - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
+ - JDK-8166673: The new implementation of Robot.waitForIdle() may hang
+ - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
+ - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
+ - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
+ - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
+ - JDK-8214418: half-closed SSLEngine status may cause application dead loop
+ - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
+ - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
+ - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
+ - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
+ - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
+ - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
+ - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+ - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
+ - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
+ - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
+ - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
+ - JDK-8263311: Watch registry changes for remote printers update instead of polling
+ - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
+ - JDK-8265978: make test should look for more locations when searching for exit code
+ - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
+ - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
+ - JDK-8271466: StackGap test fails on aarch64 due to "-m64"
+
New in release OpenJDK 8u302 (2021-07-20):
===========================================
Live versions of these release notes can be found at:
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index e9eed11..c6f0756 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -177,7 +177,7 @@ if [ "X$COMPRESSION" = "Xxz" ] ; then
else
SWITCH=czf
fi
-TARBALL_NAME=${FILE_NAME_ROOT}-4curve-clean.tar.${COMPRESSION}
+TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} openjdk
mv ${TARBALL_NAME} ..
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 68867b4..a31c545 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -294,7 +294,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
-%global shenandoah_revision aarch64-shenandoah-jdk8u302-b08
+%global shenandoah_revision aarch64-shenandoah-jdk8u312-b01
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@@ -314,7 +314,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@@ -1238,7 +1238,7 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
-Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve-clean.tar.xz
+Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
# Custom README for -src subpackage
Source2: README.md
@@ -2590,6 +2590,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Sep 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.312.b01-0.1.ea
+- Update to aarch64-shenandoah-jdk8u312-b01 (EA)
+- Update release notes for 8u312-b01.
+- Switch to EA mode.
+- Remove "-clean" suffix as no 8u312 builds are unclean.
+
* Mon Aug 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.302.b08-2
- alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
diff --git a/sources b/sources
index 3236329..743cecf 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz) = 04ecdcde841038c0042b44fb3c5303a08616864566fb918ab261fc381fae8804a21f875b1645538e864a1c6db5985f16dfc13b91eb1caeeab54d6d07828c7657
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b01-4curve.tar.xz) = ddce8d47e12e4de078004d981d4c89538738a7cb201b7e7f820f51a39aac2c00040e3ba9c6ee92ec10d10e5607f420a4c3e4d059e05a8d9930e3f71e0917c84f
commit ae9982ef76614e5357e5d4409d330f9e738b3277
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Wed Sep 1 16:48:03 2021 +0200
alternatives creation moved to posttrans
Thus fixing the old reisntall issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1200302
https://bugzilla.redhat.com/show_bug.cgi?id=1976053
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index 53718f7..68867b4 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -63,7 +63,7 @@
# in alternatives those are slaves and master, very often triplicated by man pages
# in files all masters and slaves are ghosted
# the ghosts are here to allow installation via query like `dnf install /usr/bin/java`
-# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_
+# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ -e alternatives
# TODO - fix those hardcoded lists via single list
# Those files must *NOT* be ghosted for *slowdebug* packages
# FIXME - if you are moving jshell or jlink or similar, always modify all three sections
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 1
+%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -414,12 +414,7 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
exit 0
}
-
-%define post_headless() %{expand:
-%ifarch %{share_arches}
-%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
-%endif
-
+%define alternatives_java_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -469,8 +464,13 @@ for X in %{origin} %{javaver} ; do
alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{jredir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
done
-update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+}
+%define post_headless() %{expand:
+%ifarch %{share_arches}
+%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
+%endif
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@@ -507,8 +507,8 @@ exit 0
%{update_desktop_icons}
}
-%define post_devel() %{expand:
+%define alternatives_javac_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -616,7 +616,9 @@ for X in %{origin} %{javaver} ; do
done
update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+}
+%define post_devel() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@@ -639,11 +641,11 @@ exit 0
}
%define posttrans_devel() %{expand:
+%{alternatives_javac_install -- %{?1}}
%{update_desktop_icons}
}
-%define post_javadoc() %{expand:
-
+%define alternatives_javadoc_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -660,8 +662,7 @@ exit 0
exit 0
}
-%define post_javadoc_zip() %{expand:
-
+%define alternatives_javadoczip_install() %{expand:
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
@@ -2419,6 +2420,9 @@ cjc.mainProgram(args)
%posttrans
%{posttrans_script %{nil}}
+%posttrans headless
+%{alternatives_java_install %{nil}}
+
%post devel
%{post_devel %{nil}}
@@ -2428,14 +2432,14 @@ cjc.mainProgram(args)
%posttrans devel
%{posttrans_devel %{nil}}
-%post javadoc
-%{post_javadoc %{nil}}
+%posttrans javadoc
+%{alternatives_javadoc_install %{nil}}
%postun javadoc
%{postun_javadoc %{nil}}
-%post javadoc-zip
-%{post_javadoc_zip %{nil}}
+%posttrans javadoc-zip
+%{alternatives_javadoczip_install %{nil}}
%postun javadoc-zip
%{postun_javadoc_zip %{nil}}
@@ -2448,6 +2452,9 @@ cjc.mainProgram(args)
%post headless-slowdebug
%{post_headless -- %{debug_suffix_unquoted}}
+%posttrans headless-slowdebug
+%{alternatives_java_install -- %{debug_suffix_unquoted}}
+
%postun slowdebug
%{postun_script -- %{debug_suffix_unquoted}}
@@ -2483,6 +2490,9 @@ cjc.mainProgram(args)
%posttrans fastdebug
%{posttrans_script -- %{fastdebug_suffix_unquoted}}
+%posttrans headless-fastdebug
+%{alternatives_java_install -- %{fastdebug_suffix_unquoted}}
+
%post devel-fastdebug
%{post_devel -- %{fastdebug_suffix_unquoted}}
@@ -2580,6 +2590,12 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Aug 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.302.b08-2
+- alternatives creation moved to posttrans
+- Thus fixing the old reisntall issue:
+- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
+- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
+
* Sun Aug 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-1
- Remove non-Free test and demo files from source tarball.
commit 1b05b0ca2a1c58fa9eeee68440d19506bb238846
Author: Andrew Hughes <gnu.andrew(a)redhat.com>
Date: Sun Aug 8 05:21:18 2021 +0100
Remove non-Free test and demo files from source tarball.
diff --git a/.gitignore b/.gitignore
index a4aa037..67c9eb6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -238,3 +238,4 @@
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b06-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b07-4curve.tar.xz
/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index 94b75e7..e9eed11 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -19,12 +19,25 @@
# level folder, name is created, based on parameter
#
+SCRIPT_DIR=$(dirname $0)
+JCONSOLE_JS_PATCH_DEFAULT=${SCRIPT_DIR}/jconsole-plugin.patch
+
if [ ! "x$PR3822" = "x" ] ; then
if [ ! -f "$PR3822" ] ; then
- echo "You have specified PR3822 as $PR3822 but it does not exists. exiting"
+ echo "You have specified PR3822 as $PR3822 but it does not exist. Exiting"
exit 1
fi
fi
+
+if [ "x${JCONSOLE_JS_PATCH}" != "x" ] ; then
+ if [ ! -f "${JCONSOLE_JS_PATCH}" ] ; then
+ echo "You have specified the jconsole.js patch as ${JCONSOLE_JS_PATCH} but it does not exist. Exiting.";
+ exit 2;
+ fi
+else
+ JCONSOLE_JS_PATCH=${JCONSOLE_JS_PATCH_DEFAULT}
+fi
+
set -e
OPENJDK_URL_DEFAULT=http://hg.openjdk.java.net
@@ -42,6 +55,7 @@ if [ "x$1" = "xhelp" ] ; then
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)"
+ echo "JCONSOLE_JS_PATCH - the path to a patch to fix non-availiability of jconsole.js (optional; defaults to ${JCONSOLE_JS_PATCH_DEFAULT})"
echo "REPOS - specify the repositories to use (optional; defaults to ${REPOS_DEFAULT})"
exit 1;
fi
@@ -88,6 +102,22 @@ if [ "x$REPO_ROOT" = "x" ] ; then
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
+if [ "x$REPOS" = "x" ] ; then
+ REPOS=${REPOS_DEFAULT}
+ echo "No repositories specified; defaulting to ${REPOS}"
+fi;
+
+echo -e "Settings:"
+echo -e "\tVERSION: ${VERSION}"
+echo -e "\tPROJECT_NAME: ${PROJECT_NAME}"
+echo -e "\tREPO_NAME: ${REPO_NAME}"
+echo -e "\tOPENJDK_URL: ${OPENJDK_URL}"
+echo -e "\tCOMPRESSION: ${COMPRESSION}"
+echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
+echo -e "\tREPO_ROOT: ${REPO_ROOT}"
+echo -e "\tPR3822: ${PR3822}"
+echo -e "\tJCONSOLE_JS_PATCH: ${JCONSOLE_JS_PATCH}"
+echo -e "\tREPOS: ${REPOS}"
mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
@@ -96,22 +126,22 @@ echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT} openjdk -r ${VERSION}
pushd openjdk
-
-if [ "x$REPOS" = "x" ] ; then
- repos=${REPOS_DEFAULT}
- echo "No repositories specified; defaulting to ${repos}"
-else
- repos=$REPOS
- echo "Repositories: ${repos}"
-fi;
-
-for subrepo in $repos
+for subrepo in ${REPOS}
do
echo "Cloning ${VERSION} ${subrepo} repository from ${REPO_ROOT}"
hg clone ${REPO_ROOT}/${subrepo} -r ${VERSION}
done
-if [ -d jdk ]; then
+# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
+if [ -d langtools ] ; then
+ echo "Removing langtools test case with non-Free license"
+ rm -vf langtools/test/tools/javadoc/api/basic/TagletPathTest.java
+ rm -vf langtools/test/tools/javadoc/api/basic/taglets/UnderlineTaglet.java
+fi
+if [ -d jdk ]; then
+# jconsole.js has a BSD license with a field-of-use restriction, making it non-Free
+echo "Removing jconsole-plugin file with non-Free license"
+rm -vf jdk/src/share/demo/scripting/jconsole-plugin/src/resources/jconsole.js
echo "Removing EC source code we don't build"
rm -vf jdk/src/share/native/sun/security/ec/impl/ec2.h
rm -vf jdk/src/share/native/sun/security/ec/impl/ec2_163.c
@@ -123,7 +153,6 @@ rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_192.c
rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_224.c
echo "Syncing EC list with NSS"
-
if [ "x$PR3822" = "x" ] ; then
# get pr3822.patch (from http://icedtea.classpath.org/hg/icedtea8) from most correct tag
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3822)
@@ -135,6 +164,10 @@ else
patch -Np1 < $PR3822
fi;
fi
+
+echo "Patching out use of jconsole.js"
+patch -Np1 < ${JCONSOLE_JS_PATCH}
+
find . -name '*.orig' -exec rm -vf '{}' ';'
popd
@@ -144,7 +177,7 @@ if [ "X$COMPRESSION" = "Xxz" ] ; then
else
SWITCH=czf
fi
-TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
+TARBALL_NAME=${FILE_NAME_ROOT}-4curve-clean.tar.${COMPRESSION}
tar --exclude-vcs -$SWITCH ${TARBALL_NAME} openjdk
mv ${TARBALL_NAME} ..
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index b5067ff..53718f7 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -309,7 +309,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 0
+%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1202,7 +1202,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -1237,7 +1237,7 @@ URL: http://openjdk.java.net/
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
-Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
+Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve-clean.tar.xz
# Custom README for -src subpackage
Source2: README.md
@@ -2580,6 +2580,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sun Aug 08 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.302.b08-1
+- Remove non-Free test and demo files from source tarball.
+
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.8.0.302.b08-0.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
diff --git a/jconsole-plugin.patch b/jconsole-plugin.patch
new file mode 100644
index 0000000..b015a78
--- /dev/null
+++ b/jconsole-plugin.patch
@@ -0,0 +1,31 @@
+diff --git openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/README.txt openjdk/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
+--- openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
++++ openjdk/jdk/src/share/demo/scripting/jconsole-plugin/README.txt
+@@ -18,11 +18,9 @@
+ engine javax.script.ScriptEngine
+ plugin com.sun.tools.jconsole.JConsolePlugin
+
+-If you use JavaScript, there are many useful global functions defined in
+-./src/resources/jconsole.js. This is built into the script plugin jar file.
+-In addition, you can add other global functions and global variables by
+-defining those in ~/jconsole.js (or jconsole.<ext> where <ext> is the file
+-extension for your scripting language of choice under your home directory).
++You can add global functions and global variables by defining those in
++~/jconsole.js (or jconsole.<ext> where <ext> is the file extension for
++your scripting language of choice under your home directory).
+
+ How do I compile script console plugin?
+
+diff --git openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/build.xml openjdk/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
+--- openjdk.orig/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
++++ openjdk/jdk/src/share/demo/scripting/jconsole-plugin/build.xml
+@@ -73,9 +73,6 @@
+ <copy todir="${classes.dir}/META-INF/services">
+ <fileset dir="${src.dir}/META-INF/services"/>
+ </copy>
+- <copy todir="${resources.dir}">
+- <fileset dir="${src.dir}/resources"/>
+- </copy>
+ </target>
+
+ <target name="all" depends="compile" description="buile deployment bundle">
diff --git a/sources b/sources
index 0357887..3236329 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve.tar.xz) = 938b3308357c5be40fd474e861f5a612e758520988588b633791ada742fdaef522ecc05f4b2a0c40799a01e1b5d33960c1b76deb2089e36b6d92b0788a74bf74
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u302-b08-4curve-clean.tar.xz) = 04ecdcde841038c0042b44fb3c5303a08616864566fb918ab261fc381fae8804a21f875b1645538e864a1c6db5985f16dfc13b91eb1caeeab54d6d07828c7657
1 year, 12 months
Architecture specific change in rpms/java-latest-openjdk.git
by githook-noreply@fedoraproject.org
The package rpms/java-latest-openjdk.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-latest-openjdk.git/commit/?i....
Change:
+%ifarch %{arm}
Thanks.
Full change:
============
commit 073bce767980460f6a6674dd981eff5751424784
Merge: 077f4e4 62b9fab
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Apr 28 12:09:07 2022 +0200
Merge branch 'f35' into f34
commit 62b9fab265198d1c305536498caadb6ccf5956f5
Merge: 6c41bcd fcc7371
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Apr 28 12:08:12 2022 +0200
Merge branch 'f36' into f35
commit fcc7371149f44ae03372ff795d7d9167e3fa4b9c
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Apr 28 11:59:03 2022 +0200
updated to CPU jdk-18.0.1+10 sources
diff --git a/.gitignore b/.gitignore
index 6aa39e8..5e412df 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,4 @@
/openjdk-jdk18-jdk-18+27.tar.xz
/openjdk-jdk18-jdk-18+37.tar.xz
/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
+/openjdk-jdk18u-jdk-18.0.1+10.tar.xz
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index fadbf69..515d472 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -9,7 +9,7 @@
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=openjdk
# REPO_NAME=jdk18u
-# VERSION=jdk-18.0.1-ga
+# VERSION=jdk-18.0.1+10
# or to eg prepare systemtap:
# icedtea7's jstack and other tapsets
# VERSION=6327cf1cea9e
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 3c7f6f4..a97cf96 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -341,7 +341,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 0
+%global buildver 10
%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@@ -2533,8 +2533,8 @@ cjc.mainProgram(args)
%endif
%changelog
-* Wed Apr 27 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.1.0.0-1.rolling.
-- updated to CPU jdk-18.0.1 sources
+* Wed Apr 27 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.1.0.10-1.rolling.
+- updated to CPU jdk-18.0.1+10 sources
* Wed Apr 06 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.0.0.37-4.rolling
- Remove hardcoded /usr/lib/jvm by %{_jvmdir} to make rpmlint happy
diff --git a/sources b/sources
index d8dd163..94b9ab3 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk18u-jdk-18.0.1+0.tar.xz) = 633ad239bbefff4365a05cd6f12387759cbb51f2e0441a88e1d57d79f78d4874d51574e5225ad2fa21894356b1fc02c703f4272d6861d20d2adc81421c9d605b
+SHA512 (openjdk-jdk18u-jdk-18.0.1+10.tar.xz) = 9d4cc24675019f0078540874f0feb884c1f6513886272f2c1f86384c4a882f1b8d7fa6c653ae5f493757203c91b445e0da6559082ba5ef2f53eab27b43e6bea1
commit 40e63ef0cc2f5b06482f9cc9af226f3a71aad019
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Wed Apr 27 18:36:10 2022 +0200
updated to CPU jdk-18.0.1 sources
diff --git a/.gitignore b/.gitignore
index 1d080d8..6aa39e8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,3 +24,4 @@
/openjdk-jdk-jdk-18+27.tar.xz
/openjdk-jdk18-jdk-18+27.tar.xz
/openjdk-jdk18-jdk-18+37.tar.xz
+/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index 94d2fa9..fadbf69 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -8,8 +8,8 @@
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=openjdk
-# REPO_NAME=jdk18
-# VERSION=jdk-18+37
+# REPO_NAME=jdk18u
+# VERSION=jdk-18.0.1-ga
# or to eg prepare systemtap:
# icedtea7's jstack and other tapsets
# VERSION=6327cf1cea9e
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index a61d929..3c7f6f4 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -301,7 +301,7 @@
# New Version-String scheme-style defines
%global featurever 18
%global interimver 0
-%global updatever 0
+%global updatever 1
%global patchver 0
# If you bump featurever, you must also bump vendor_version_string
# Used via new version scheme. JDK 17 was
@@ -341,8 +341,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 37
-%global rpmrelease 4
+%global buildver 0
+%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1268,7 +1268,7 @@ URL: http://openjdk.java.net/
# to regenerate source0 (jdk) run update_package.sh
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
-Source0: openjdk-jdk%{featurever}-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
+Source0: openjdk-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x).
@@ -2533,6 +2533,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Apr 27 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.1.0.0-1.rolling.
+- updated to CPU jdk-18.0.1 sources
+
* Wed Apr 06 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.0.0.37-4.rolling
- Remove hardcoded /usr/lib/jvm by %{_jvmdir} to make rpmlint happy
diff --git a/sources b/sources
index 5c094ae..d8dd163 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk18-jdk-18+37.tar.xz) = bd029f42e1a46a3a885622f4b92b739ae5b90566baaa7b1e57d0eb01473b6be1ec03eb72e02c1e4bdeb780b8ab3fd342b764cb93e93ce4e5f879209490d45645
+SHA512 (openjdk-jdk18u-jdk-18.0.1+0.tar.xz) = 633ad239bbefff4365a05cd6f12387759cbb51f2e0441a88e1d57d79f78d4874d51574e5225ad2fa21894356b1fc02c703f4272d6861d20d2adc81421c9d605b
commit 4c04ead0c38449b1fbdbaf7b8d78d52ebe297344
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Sun Apr 10 22:23:34 2022 +0100
Add missing ChangeLog entry for previous commit
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 4b15001..a61d929 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -2533,6 +2533,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Apr 06 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.0.0.37-4.rolling
+- Remove hardcoded /usr/lib/jvm by %{_jvmdir} to make rpmlint happy
+
* Wed Mar 23 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:18.0.0.0.37-3.rolling
- Automatically turn off building a fresh HotSpot first, if the bootstrap JDK is not the same major version as that being built
commit fb85c81739d0211104fca77b3322bbc7f3e7ef47
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Tue Apr 5 16:04:27 2022 +0200
removed hardcoded /usr/lib/jvm by %{_jvmdir} to make rpmlint happy
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 8532907..4b15001 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -321,7 +321,7 @@
%global lts_designator_zip ""
%endif
# JDK to use for bootstrapping
-%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
+%global bootjdk %{_jvmdir}/java-%{buildjdkver}-openjdk
# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
# This will only work where the bootstrap JDK is the same major version
# as the JDK being built
@@ -342,7 +342,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 37
-%global rpmrelease 3
+%global rpmrelease 4
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
commit f4cdbe867358da94248fcce2fbe3fb3605d2eb43
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Wed Mar 23 18:24:26 2022 +0000
Automatically turn off building a fresh HotSpot first, if the bootstrap JDK is not the same major version as that being built
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 942ba6f..8532907 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -22,7 +22,7 @@
# Enable static library builds by default.
%bcond_without staticlibs
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
-%bcond_with fresh_libjvm
+%bcond_without fresh_libjvm
# Workaround for stripping of debug symbols from static libraries
%if %{with staticlibs}
@@ -32,13 +32,6 @@
%global include_staticlibs 0
%endif
-# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
-%if %{with fresh_libjvm}
-%global build_hotspot_first 1
-%else
-%global build_hotspot_first 0
-%endif
-
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
@@ -217,9 +210,6 @@
# Target to use to just build HotSpot
%global hotspot_target hotspot
-# JDK to use for bootstrapping
-%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
-
# VM variant being built
%ifarch %{zero_arches}
%global vm_variant zero
@@ -330,6 +320,16 @@
%global lts_designator ""
%global lts_designator_zip ""
%endif
+# JDK to use for bootstrapping
+%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
+# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
+# This will only work where the bootstrap JDK is the same major version
+# as the JDK being built
+%if %{with fresh_libjvm} && %{buildjdkver} == %{featurever}
+%global build_hotspot_first 1
+%else
+%global build_hotspot_first 0
+%endif
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
@@ -342,7 +342,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 37
-%global rpmrelease 2
+%global rpmrelease 3
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1730,6 +1730,12 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{includ
echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go."
exit 14
fi
+
+%if %{with fresh_libjvm} && ! %{build_hotspot_first}
+echo "WARNING: The build of a fresh libjvm has been disabled due to a JDK version mismatch"
+echo "Build JDK version is %{buildjdkver}, feature JDK version is %{featurever}"
+%endif
+
%setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}`
@@ -2527,6 +2533,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Mar 23 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:18.0.0.0.37-3.rolling
+- Automatically turn off building a fresh HotSpot first, if the bootstrap JDK is not the same major version as that being built
+
* Mon Mar 21 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.0.0.37-2.rolling
- replaced tabs by sets of spaces to make rpmlint happy
- set build jdk to 18
commit 6c41bcd1ec55f9ea6df7aab944b1a20a11ef63de
Merge: 9a4366c b4e869d
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Mar 24 13:45:23 2022 +0100
Merge branch 'f36' into f35
commit 9a4366c464144aa179fbdd04bed61d979dc26e51
Merge: d6afd02 48dbe4b
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Mar 21 17:26:26 2022 +0100
Merge remote-tracking branch 'rpms/f36' into f36tof35merge
commit d6afd0227f8822236cdb5d087d4f1681db827518
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Mon Jan 24 19:45:38 2022 +0000
Require tzdata 2021e as of JDK-8275766.
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 141e91a..168d67f 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -303,7 +303,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
-%global rpmrelease 1
+%global rpmrelease 2
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1054,7 +1054,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
-Requires: tzdata-java >= 2015d
+# 2021e required as of JDK-8275766 in January 2022 CPU
+Requires: tzdata-java >= 2021e
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1336,7 +1337,8 @@ BuildRequires: java-latest-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
-BuildRequires: tzdata-java >= 2015d
+# 2021e required as of JDK-8275766 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -2474,7 +2476,10 @@ cjc.mainProgram(args)
%endif
%changelog
-* Wed Jan 12 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-1
+* Mon Jan 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-2.rolling
+- Require tzdata 2021e as of JDK-8275766.
+
+* Wed Jan 12 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-1.rolling
- January 2022 security update to jdk 17.0.2+8
- Extend LTS check to exclude EPEL.
- Rename libsvml.so to libjsvml.so following JDK-8276025
@@ -2482,7 +2487,7 @@ cjc.mainProgram(args)
- Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
- Fix FIPS issues in native code and with initialisation of java.security.Security
-* Wed Jan 12 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:17.0.2.0.8-1
+* Wed Jan 12 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:17.0.2.0.8-1.rolling
- Set LTS designator.
* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-13.rolling
commit cbdb33c93ef67e4ca1b3277b6eaa628fef4216d9
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Thu Jan 13 01:12:07 2022 +0000
January 2022 security update to jdk 17.0.2+8
Set LTS designator on RHEL, excluding EPEL.
Rename libsvml.so to libjsvml.so following JDK-8276025
Remove JDK-8276572 patch which is now upstream.
Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
Fix FIPS issues in native code and with initialisation of java.security.Security
diff --git a/.gitignore b/.gitignore
index 1cf80ea..2bc3036 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@
/openjdk-jdk17-jdk-17+35.tar.xz
/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+/openjdk-jdk17u-jdk-17.0.2+8.tar.xz
diff --git a/NEWS b/NEWS
index 9d37ff9..78938f4 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,383 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 17.0.2 (2022-01-18):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk1702
+ * https://builds.shipilev.net/backports-monitor/release-notes-17.0.2.txt
+
+* Security fixes
+ - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
+ - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+ - JDK-8268488: More valuable DerValues
+ - JDK-8268494: Better inlining of inlined interfaces
+ - JDK-8268512: More content for ContentInfo
+ - JDK-8268813, CVE-2022-21283: Better String matching
+ - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+ - JDK-8269944: Better HTTP transport redux
+ - JDK-8270386, CVE-2022-21291: Better verification of scan methods
+ - JDK-8270392, CVE-2022-21293: Improve String constructions
+ - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+ - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+ - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+ - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+ - JDK-8270952, CVE-2022-21277: Improve TIFF file handling
+ - JDK-8271962: Better TrueType font loading
+ - JDK-8271968: Better canonical naming
+ - JDK-8271987: Manifest improved manifest entries
+ - JDK-8272014, CVE-2022-21305: Better array indexing
+ - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+ - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+ - JDK-8272272: Enhance jcmd communication
+ - JDK-8272462: Enhance image handling
+ - JDK-8273290: Enhance sound handling
+ - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+ - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
+ - JDK-8274096, CVE-2022-21366: Improve decoding of image files
+* Other changes
+ - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException
+ - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
+ - JDK-8140241: (fc) Data transfer from FileChannel to itself causes hang in case of overlap
+ - JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java fails intermittently
+ - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream
+ - JDK-8214761: Bug in parallel Kahan summation implementation
+ - JDK-8223923: C2: Missing interference with mismatched unsafe accesses
+ - JDK-8233020: (fs) UnixFileSystemProvider should use StaticProperty.userDir().
+ - JDK-8238649: Call new Win32 API SetThreadDescription in os::set_native_thread_name
+ - JDK-8244675: assert(IncrementalInline || (_late_inlines.length() == 0 && !has_mh_late_inlines()))
+ - JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled
+ - JDK-8261579: AArch64: Support for weaker memory ordering in Atomic
+ - JDK-8262031: Create implementation for NSAccessibilityNavigableStaticText protocol
+ - JDK-8262095: NPE in Flow$FlowAnalyzer.visitApply: Cannot invoke getThrownTypes because tree.meth.type is null
+ - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
+ - JDK-8263364: sun/net/www/http/KeepAliveStream/KeepAliveStreamCloseWithWrongContentLength.java wedged in getInputStream
+ - JDK-8263375: Support stack watermarks in Zero VM
+ - JDK-8263773: Reenable German localization for builds at Oracle
+ - JDK-8264286: Create implementation for NSAccessibilityColumn protocol peer
+ - JDK-8264287: Create implementation for NSAccessibilityComboBox protocol peer
+ - JDK-8264291: Create implementation for NSAccessibilityCell protocol peer
+ - JDK-8264292: Create implementation for NSAccessibilityList protocol peer
+ - JDK-8264293: Create implementation for NSAccessibilityMenu protocol peer
+ - JDK-8264294: Create implementation for NSAccessibilityMenuBar protocol peer
+ - JDK-8264295: Create implementation for NSAccessibilityMenuItem protocol peer
+ - JDK-8264296: Create implementation for NSAccessibilityPopUpButton protocol peer
+ - JDK-8264297: Create implementation for NSAccessibilityProgressIndicator protocol peer
+ - JDK-8264298: Create implementation for NSAccessibilityRow protocol peer
+ - JDK-8264303: Create implementation for NSAccessibilityTabGroup protocol peer
+ - JDK-8266239: Some duplicated javac command-line options have repeated effect
+ - JDK-8266510: Nimbus JTree default tree cell renderer does not use selected text color
+ - JDK-8266988: compiler/jvmci/compilerToVM/IsMatureTest.java fails with Unexpected isMature state for multiple times invoked method: expected false to equal true
+ - JDK-8267256: Extend minimal retry for loopback connections on Windows to PlainSocketImpl
+ - JDK-8267385: Create NSAccessibilityElement implementation for JavaComponentAccessibility
+ - JDK-8267387: Create implementation for NSAccessibilityOutline protocol
+ - JDK-8267388: Create implementation for NSAccessibilityTable protocol
+ - JDK-8268284: javax/swing/JComponent/7154030/bug7154030.java fails with "Exception: Failed to hide opaque button"
+ - JDK-8268294: Reusing HttpClient in a WebSocket.Listener hangs.
+ - JDK-8268361: Fix the infinite loop in next_line
+ - JDK-8268457: XML Transformer outputs Unicode supplementary character incorrectly to HTML
+ - JDK-8268464: Remove dependancy of TestHttpsServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/https/ tests
+ - JDK-8268626: Remove native pre-jdk9 support for jtreg failure handler
+ - JDK-8268860: Windows-Aarch64 build is failing in GitHub actions
+ - JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc
+ - JDK-8268885: duplicate checkcast when destination type is not first type of intersection type
+ - JDK-8268893: jcmd to trim the glibc heap
+ - JDK-8268894: forged ASTs can provoke an AIOOBE at com.sun.tools.javac.jvm.ClassWriter::writePosition
+ - JDK-8268927: Windows: link error: unresolved external symbol "int __cdecl convert_to_unicode(char const *,wchar_t * *)"
+ - JDK-8269031: linux x86_64 check for binutils 2.25 or higher after 8265783
+ - JDK-8269113: Javac throws when compiling switch (null)
+ - JDK-8269216: Useless initialization in com/sun/crypto/provider/PBES2Parameters.java
+ - JDK-8269269: [macos11] SystemIconTest fails with ClassCastException
+ - JDK-8269280: (bf) Replace StringBuffer in *Buffer.toString()
+ - JDK-8269481: SctpMultiChannel never releases own file descriptor
+ - JDK-8269637: javax/swing/JFileChooser/FileSystemView/SystemIconTest.java fails on windows
+ - JDK-8269656: The test test/langtools/tools/javac/versions/Versions.java has duplicate test cycles
+ - JDK-8269687: pauth_aarch64.hpp include name is incorrect
+ - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0
+ - JDK-8269924: Shenandoah: Introduce weak/strong marking asserts
+ - JDK-8269951: [macos] Focus not painted in JButton when setBorderPainted(false) is invoked
+ - JDK-8270110: Shenandoah: Add test for JDK-8269661
+ - JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to run in all LaFs, including Aqua on macOS
+ - JDK-8270171: Shenandoah: Cleanup TestStringDedup and TestStringDedupStress tests
+ - JDK-8270290: NTLM authentication fails if HEAD request is used
+ - JDK-8270317: Large Allocation in CipherSuite
+ - JDK-8270320: JDK-8270110 committed invalid copyright headers
+ - JDK-8270517: Add Zero support for LoongArch
+ - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
+ - JDK-8270886: Crash in PhaseIdealLoop::verify_strip_mined_scheduling
+ - JDK-8270893: IndexOutOfBoundsException while reading large TIFF file
+ - JDK-8270901: Typo PHASE_CPP in CompilerPhaseType
+ - JDK-8270946: X509CertImpl.getFingerprint should not return the empty String
+ - JDK-8271071: accessibility of a table on macOS lacks cell navigation
+ - JDK-8271121: ZGC: stack overflow (segv) when -Xlog:gc+start=debug
+ - JDK-8271142: package help is not displayed for missing X11/extensions/Xrandr.h
+ - JDK-8271170: Add unit test for what jpackage app launcher puts in the environment
+ - JDK-8271215: Fix data races in G1PeriodicGCTask
+ - JDK-8271254: javac generates unreachable code when using empty semicolon statement
+ - JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with "lists don't have the same size expected"
+ - JDK-8271308: (fc) FileChannel.transferTo() transfers no more than Integer.MAX_VALUE bytes in one call
+ - JDK-8271315: Redo: Nimbus JTree renderer properties persist across L&F changes
+ - JDK-8271323: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -XX:TieredStopAtLevel=1
+ - JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
+ - JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java
+ - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
+ - JDK-8271463: Updating RE Configs for Upcoming CPU Release 17.0.2 on master branch for jdk17u-cpu and jdk17u-cpu-open repos.
+ - JDK-8271490: [ppc] [s390]: Crash in JavaThread::pd_get_top_frame_for_profiling
+ - JDK-8271560: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java still fails due to "An established connection was aborted by the software in your host machine"
+ - JDK-8271567: AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions
+ - JDK-8271600: C2: CheckCastPP which should closely follow Allocate is sunk of a loop
+ - JDK-8271605: Update JMH devkit to 1.32
+ - JDK-8271718: Crash when during color transformation the color profile is replaced
+ - JDK-8271722: [TESTBUG] gc/g1/TestMixedGCLiveThreshold.java can fail if G1 Full GC uses >1 workers
+ - JDK-8271855: [TESTBUG] Wrong weakCompareAndSet assumption in UnsafeIntrinsicsTest
+ - JDK-8271862: C2 intrinsic for Reference.refersTo() is often not used
+ - JDK-8271868: Warn user when using mac-sign option with unsigned app-image.
+ - JDK-8271895: UnProblemList javax/swing/JComponent/7154030/bug7154030.java in JDK18
+ - JDK-8271954: C2: assert(false) failed: Bad graph detected in build_loop_late
+ - JDK-8272047: java/nio/channels/FileChannel/Transfer2GPlus.java failed with Unexpected transfer size: 2147418112
+ - JDK-8272095: ProblemList java/nio/channels/FileChannel/Transfer2GPlus.java on linux-aarch64
+ - JDK-8272114: Unused _last_state in osThread_windows
+ - JDK-8272170: Missing memory barrier when checking active state for regions
+ - JDK-8272305: several hotspot runtime/modules don't check exit codes
+ - JDK-8272318: Improve performance of HeapDumpAllTest
+ - JDK-8272328: java.library.path is not set properly by Windows jpackage app launcher
+ - JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes
+ - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+ - JDK-8272345: macos doesn't check `os::set_boot_path()` result
+ - JDK-8272369: java/io/File/GetXSpace.java failed with "RuntimeException: java.nio.file.NoSuchFileException: /run/user/0"
+ - JDK-8272391: Undeleted debug information
+ - JDK-8272413: Incorrect num of element count calculation for vector cast
+ - JDK-8272473: Parsing epoch seconds at a DST transition with a non-UTC parser is wrong
+ - JDK-8272562: C2: assert(false) failed: Bad graph detected in build_loop_late
+ - JDK-8272570: C2: crash in PhaseCFG::global_code_motion
+ - JDK-8272574: C2: assert(false) failed: Bad graph detected in build_loop_late
+ - JDK-8272639: jpackaged applications using microphone on mac
+ - JDK-8272703: StressSeed should be set via FLAG_SET_ERGO
+ - JDK-8272720: Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit
+ - JDK-8272783: Epsilon: Refactor tests to improve performance
+ - JDK-8272836: Limit run time for java/lang/invoke/LFCaching tests
+ - JDK-8272838: Move CriticalJNI tests out of tier1
+ - JDK-8272846: Move some runtime/Metaspace/elastic/ tests out of tier1
+ - JDK-8272850: Drop zapping values in the Zap* option descriptions
+ - JDK-8272854: split runtime/CommandLine/PrintTouchedMethods.java test
+ - JDK-8272856: DoubleFlagWithIntegerValue uses G1GC-only flag
+ - JDK-8272859: Javadoc external links should only have feature version number in URL
+ - JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test groups
+ - JDK-8272970: Parallelize runtime/InvocationTests/
+ - JDK-8272973: Incorrect compile command used by TestIllegalArrayCopyBeforeInfiniteLoop
+ - JDK-8273021: C2: Improve Add and Xor ideal optimizations
+ - JDK-8273026: Slow LoginContext.login() on multi threading application
+ - JDK-8273135: java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java crashes in liblcms.dylib with NULLSeek+0x7
+ - JDK-8273165: GraphKit::combine_exception_states fails with "matching stack sizes" assert
+ - JDK-8273176: handle latest VS2019 in abstract_vm_version
+ - JDK-8273229: Update OS detection code to recognize Windows Server 2022
+ - JDK-8273234: extended 'for' with expression of type tvar causes the compiler to crash
+ - JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on Windows 32bit
+ - JDK-8273278: Support XSLT on GraalVM Native Image--deterministic bytecode generation in XSLT
+ - JDK-8273308: PatternMatchTest.java fails on CI
+ - JDK-8273314: Add tier4 test groups
+ - JDK-8273315: Parallelize and increase timeouts for java/foreign/TestMatrix.java test
+ - JDK-8273318: Some containers/docker/TestJFREvents.java configs are running out of memory
+ - JDK-8273333: Zero should warn about unimplemented -XX:+LogTouchedMethods
+ - JDK-8273335: compiler/blackhole tests should not run with interpreter-only VMs
+ - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+ - JDK-8273359: CI: ciInstanceKlass::get_canonical_holder() doesn't respect instance size
+ - JDK-8273361: InfoOptsTest is failing in tier1
+ - JDK-8273373: Zero: Cannot invoke JVM in primordial threads on Zero
+ - JDK-8273375: Remove redundant 'new String' calls after concatenation in java.desktop
+ - JDK-8273376: Zero: Disable vtable/itableStub gtests
+ - JDK-8273378: Shenandoah: Remove the remaining uses of os::is_MP
+ - JDK-8273408: java.lang.AssertionError: typeSig ERROR on generated class property of record
+ - JDK-8273416: C2: assert(false) failed: bad AD file after JDK-8252372 with UseSSE={0,1}
+ - JDK-8273440: Zero: Disable runtime/Unsafe/InternalErrorTest.java
+ - JDK-8273450: Fix the copyright header of SVML files
+ - JDK-8273451: Remove unreachable return in mutexLocker::wait
+ - JDK-8273483: Zero: Clear pending JNI exception check in native method handler
+ - JDK-8273486: Zero: Handle DiagnoseSyncOnValueBasedClasses VM option
+ - JDK-8273487: Zero: Handle "zero" variant in runtime tests
+ - JDK-8273489: Zero: Handle UseHeavyMonitors on all monitorenter paths
+ - JDK-8273498: compiler/c2/Test7179138_1.java timed out
+ - JDK-8273505: runtime/cds/appcds/loaderConstraints/DynamicLoaderConstraintsTest.java#default-cl crashed with SIGSEGV in MetaspaceShared::link_shared_classes
+ - JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java failure
+ - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated
+ - JDK-8273592: Backout JDK-8271868
+ - JDK-8273593: [REDO] Warn user when using mac-sign option with unsigned app-image.
+ - JDK-8273595: tools/jpackage tests do not work on apt-based Linux distros like Debian
+ - JDK-8273606: Zero: SPARC64 build fails with si_band type mismatch
+ - JDK-8273614: Shenandoah: intermittent timeout with ConcurrentGCBreakpoint tests
+ - JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F
+ - JDK-8273646: Add openssl from path variable also in to Default System Openssl Path in OpensslArtifactFetcher
+ - JDK-8273678: TableAccessibility and TableRowAccessibility miss autorelease
+ - JDK-8273695: Safepoint deadlock on VMOperation_lock
+ - JDK-8273790: Potential cyclic dependencies between Gregorian and CalendarSystem
+ - JDK-8273806: compiler/cpuflags/TestSSE4Disabled.java should test for CPU feature explicitly
+ - JDK-8273807: Zero: Drop incorrect test block from compiler/startup/NumCompilerThreadsCheck.java
+ - JDK-8273808: Cleanup AddFontsToX11FontPath
+ - JDK-8273826: Correct Manifest file name and NPE checks
+ - JDK-8273887: [macos] java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java timed out
+ - JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral
+ - JDK-8273902: Memory leak in OopStorage due to bug in OopHandle::release()
+ - JDK-8273924: ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add()
+ - JDK-8273935: (zipfs) Files.getFileAttributeView() throws UOE instead of returning null when view not supported
+ - JDK-8273958: gtest/MetaspaceGtests executes unnecessary tests in debug builds
+ - JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file path contains '+' character
+ - JDK-8273965: some testlibrary_tests/ir_framework tests fail when c1 disabled
+ - JDK-8273968: JCK javax_xml tests fail in CI
+ - JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
+ - JDK-8274074: SIGFPE with C2 compiled code with -XX:+StressGCM
+ - JDK-8274083: Update testing docs to mention tiered testing
+ - JDK-8274087: Windows DLL path not set correctly.
+ - JDK-8274145: C2: condition incorrectly made redundant with dominating main loop exit condition
+ - JDK-8274205: Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
+ - JDK-8274215: Remove globalsignr2ca root from 17.0.2
+ - JDK-8274242: Implement fast-path for ASCII-compatible CharsetEncoders on x86
+ - JDK-8274265: Suspicious string concatenation in logTestUtils.inline.hpp
+ - JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork is deprecated
+ - JDK-8274325: C4819 warning at vm_version_x86.cpp on Windows after JDK-8234160
+ - JDK-8274326: [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m
+ - JDK-8274329: Fix non-portable HotSpot code in MethodMatcher::parse_method_pattern
+ - JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed "assert(m != __null) failed: NULL mirror"
+ - JDK-8274347: Passing a *nested* switch expression as a parameter causes an NPE during compile
+ - JDK-8274349: ForkJoinPool.commonPool() does not work with 1 CPU
+ - JDK-8274381: missing CAccessibility definitions in JNI code
+ - JDK-8274383: JNI call of getAccessibleSelection on a wrong thread
+ - JDK-8274401: C2: GraphKit::load_array_element bypasses Access API
+ - JDK-8274406: RunThese30M.java failed "assert(!LCA_orig->dominates(pred_block) || early->dominates(pred_block)) failed: early is high enough"
+ - JDK-8274407: (tz) Update Timezone Data to 2021c
+ - JDK-8274435: EXCEPTION_ACCESS_VIOLATION in BFSClosure::closure_impl
+ - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+ - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
+ - JDK-8274501: c2i entry barriers read int as long on AArch64
+ - JDK-8274521: jdk/jfr/event/gc/detailed/TestGCLockerEvent.java fails when other GC is selected
+ - JDK-8274522: java/lang/management/ManagementFactory/MXBeanException.java test fails with Shenandoah
+ - JDK-8274523: java/lang/management/MemoryMXBean/MemoryTest.java test should handle Shenandoah
+ - JDK-8274550: c2i entry barriers read int as long on PPC
+ - JDK-8274560: JFR: Add test for OldObjectSample event when using Shenandoah
+ - JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test
+ - JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with NoSuchElementException after JDK-8271287
+ - JDK-8274716: JDWP Spec: the description for the Dispose command confuses suspend with resume.
+ - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
+ - JDK-8274770: [PPC64] resolve_jobject needs a generic implementation to support load barriers
+ - JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently fails on weak memory model platform
+ - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+ - JDK-8274840: Update OS detection code to recognize Windows 11
+ - JDK-8274848: LambdaMetaFactory::metafactory on REF_invokeSpecial impl method has incorrect behavior
+ - JDK-8274851: [ppc64] Port zgc to linux on ppc64le
+ - JDK-8274942: AssertionError at jdk.compiler/com.sun.tools.javac.util.Assert.error(Assert.java:155)
+ - JDK-8275008: gtest build failure due to stringop-overflow warning with gcc11
+ - JDK-8275049: [ZGC] missing null check in ZNMethod::log_register
+ - JDK-8275051: Shenandoah: Correct ordering of requested gc cause and gc request flag
+ - JDK-8275071: [macos] A11y cursor gets stuck when combobox is closed
+ - JDK-8275104: IR framework does not handle client VM builds correctly
+ - JDK-8275110: Correct RE Configs for CPU Release 17.0.2 on master branch for jdk17u-cpu and jdk17u-cpu-open repos.
+ - JDK-8275131: Exceptions after a touchpad gesture on macOS
+ - JDK-8275141: recover corrupted line endings for the version-numbers.conf
+ - JDK-8275145: file.encoding system property has an incorrect value on Windows
+ - JDK-8275226: Shenandoah: Relax memory constraint for worker claiming tasks/ranges
+ - JDK-8275302: unexpected compiler error: cast, intersection types and sealed
+ - JDK-8275426: PretouchTask num_chunks calculation can overflow
+ - JDK-8275604: Zero: Reformat opclabels_data
+ - JDK-8275666: serviceability/jvmti/GetObjectSizeClass.java shouldn't have vm.flagless
+ - JDK-8275703: System.loadLibrary fails on Big Sur for libraries hidden from filesystem
+ - JDK-8275720: CommonComponentAccessibility.createWithParent isWrapped causes mem leak
+ - JDK-8275766: (tz) Update Timezone Data to 2021e
+ - JDK-8275809: crash in [CommonComponentAccessibility getCAccessible:withEnv:]
+ - JDK-8275811: Incorrect instance to dispose
+ - JDK-8275819: [TableRowAccessibility accessibilityChildren] method is ineffective
+ - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+ - JDK-8275863: Use encodeASCII for ASCII-compatible DoubleByte encodings
+ - JDK-8275872: Sync J2DBench run and analyze Makefile targets with build.xml
+ - JDK-8276025: Hotspot's libsvml.so may conflict with user dependency
+ - JDK-8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance
+ - JDK-8276076: Updating RE Configs for BUILD REQUEST 17.0.2+3
+ - JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle rounding correctly
+ - JDK-8276112: Inconsistent scalar replacement debug info at safepoints
+ - JDK-8276122: Change openjdk project in jcheck to jdk-updates
+ - JDK-8276130: Fix Github Actions of JDK17u to account for update version scheme
+ - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
+ - JDK-8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32
+ - JDK-8276201: Shenandoah: Race results degenerated GC to enter wrong entry point
+ - JDK-8276205: Shenandoah: CodeCache_lock should always be held for initializing code cache iteration
+ - JDK-8276306: jdk/jshell/CustomInputToolBuilder.java fails intermittently on storage acquisition
+ - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
+ - JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
+ - JDK-8276572: Fake libsyslookup.so library causes tooling issues
+ - JDK-8276774: Cookie stored in CookieHandler not sent if user headers contain cookie
+ - JDK-8276801: gc/stress/CriticalNativeStress.java fails intermittently with Shenandoah
+ - JDK-8276805: java/awt/print/PrinterJob/CheckPrivilege.java fails due to disabled SecurityManager
+ - JDK-8276845: (fs) java/nio/file/spi/SetDefaultProvider.java fails on x86_32
+ - JDK-8276846: JDK-8273416 is incomplete for UseSSE=1
+ - JDK-8276854: Windows GHA builds fail due to broken Cygwin
+ - JDK-8276864: Update boot JDKs to 17.0.1 in GHA
+ - JDK-8276905: Use appropriate macosx_version_minimum value while compiling metal shaders
+ - JDK-8276927: [ppc64] Port shenandoahgc to linux on ppc64le
+ - JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify output array sizes
+ - JDK-8277093: Vector should throw ClassNotFoundException for a missing class of an element
+ - JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points
+ - JDK-8277195: missing CAccessibility definition in [CommonComponentAccessibility accessibilityHitTest]
+ - JDK-8277212: GC accidentally cleans valid megamorphic vtable inline caches
+ - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
+ - JDK-8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint
+ - JDK-8277981: String Deduplication table is never cleaned up due to bad dead_factor_for_cleanup
+
+Notes on individual issues:
+===========================
+
+core-libs/java.io:serialization:
+
+JDK-8277157: Vector should throw ClassNotFoundException for a missing class of an element
+=========================================================================================
+`java.util.Vector` is updated to correctly report
+`ClassNotFoundException that occurs during deserialization using
+`java.io.ObjectInputStream.GetField.get(name, object)` when the class
+of an element of the Vector is not found. Without this fix, a
+`StreamCorruptedException` is thrown that does not provide information
+about the missing class.
+
+security-libs/java.security:
+
+JDK-8272535: Removed Google's GlobalSign Root Certificate
+=========================================================
+The following root certificate from Google has been removed from the
+`cacerts` keystore:
+
+Alias Name: globalsignr2ca [jdk]
+Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+
+core-libs/java.io:
+
+JDK-8275343: file.encoding System Property Has an Incorrect Value on Windows
+============================================================================
+The initialization of the `file.encoding` system property on non macOS
+platforms has been reverted to align with the behavior on or before
+JDK 11. This has been an issue especially on Windows where the system
+and user's locales are not the same.
+
+hotspot/gc:
+
+JDK-8277533: ZGC: Fixed long Process Non-Strong References times
+================================================================
+A bug has been fixed that could cause long "Concurrent Process
+Non-Strong References" times with ZGC. The bug blocked the GC from
+making significant progress, and caused both latency and throughput
+issues for the Java application.
+
+The long times could be seen in the GC logs when running with `-Xlog:gc*` e.g.
+
+[17606.140s][info][gc,phases ] GC(719) Concurrent Process Non-Strong References 25781.928ms
+
+core-libs/java.time:
+
+JDK-8274857: Update Timezone Data to 2021c
+===========================================
+IANA Time Zone Database, on which JDK's Date/Time libraries are based,
+has been updated to version 2021c
+(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
+that with this update, some of the time zone rules prior to the year
+1970 have been modified according to the changes which were introduced
+with 2021b. For more detail, refer to the announcement of 2021b
+(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
+
New in release OpenJDK 17.0.1 (2021-10-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 87d2406..141e91a 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -274,7 +274,7 @@
# New Version-String scheme-style defines
%global featurever 17
%global interimver 0
-%global updatever 1
+%global updatever 2
%global patchver 0
# If you bump featurever, you must also bump vendor_version_string
# Used via new version scheme. JDK 17 was
@@ -284,10 +284,15 @@
# but in time of bootstrap of next jdk, it is featurever-1,
# and this it is better to change it here, on single place
%global buildjdkver 17
-# We don't add any LTS designator for STS packages (this package).
-# Neither for Fedora nor EPEL which would have %%{rhel} macro defined.
+# We don't add any LTS designator for STS packages (Fedora and EPEL).
+# We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined.
+%if 0%{?rhel} && !0%{?epel}
+ %global lts_designator "LTS"
+ %global lts_designator_zip -%{lts_designator}
+%else
%global lts_designator ""
%global lts_designator_zip ""
+%endif
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
@@ -297,8 +302,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 12
-%global rpmrelease 13
+%global buildver 8
+%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -798,7 +803,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so
%ifarch %{svml_arches}
-%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsvml.so
+%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libjsvml.so
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsyslookup.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libverify.so
@@ -1284,14 +1289,15 @@ Patch1010: rh1996182-login_to_nss_software_token.patch
Patch1012: rh1996182-extend_security_policy.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1013: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
#############################################
#
# OpenJDK patches in need of upstreaming
#
#############################################
-# JDK-8276572: Fake libsyslookup.so library causes tooling issues
-Patch2000: jdk8276572-fake_libsyslookup_causes_tooling_issues.patch
BuildRequires: autoconf
@@ -1703,7 +1709,8 @@ popd # openjdk
%patch1011
%patch1012
%patch1013
-%patch2000
+%patch1014
+%patch1015
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -2467,7 +2474,18 @@ cjc.mainProgram(args)
%endif
%changelog
-* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-12.rolling
+* Wed Jan 12 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.2.0.8-1
+- January 2022 security update to jdk 17.0.2+8
+- Extend LTS check to exclude EPEL.
+- Rename libsvml.so to libjsvml.so following JDK-8276025
+- Remove JDK-8276572 patch which is now upstream.
+- Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+
+* Wed Jan 12 2022 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:17.0.2.0.8-1
+- Set LTS designator.
+
+* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-13.rolling
- Storing and restoring alterntives during update manually
- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
-- The move of alternatives creation to posttrans to fix:
diff --git a/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch b/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch
deleted file mode 100644
index dee144b..0000000
--- a/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-commit a4724332098cd8bff44ee27e9190fd28fa5c1865
-Author: Andrew John Hughes <andrew(a)openjdk.org>
-Date: Fri Nov 5 21:05:42 2021 +0000
-
- 8276572: Fake libsyslookup.so library causes tooling issues
-
- Reviewed-by: shade, mcimadamore
-
-diff --git openjdk.orig/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c openjdk/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c
-index fdf99866786..b1f543bfdb7 100644
---- openjdk.orig/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c
-+++ openjdk/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c
-@@ -26,3 +26,8 @@
- // Note: the include below is not strictly required, as dependencies will be pulled using linker flags.
- // Adding at least one #include removes unwanted warnings on some platforms.
- #include <stdlib.h>
-+
-+// Simple dummy function so this library appears as a normal library to tooling.
-+char* syslookup() {
-+ return "syslookup";
-+}
diff --git a/rh1995150-disable_non-fips_crypto.patch b/rh1995150-disable_non-fips_crypto.patch
index b3d0ae7..de06552 100644
--- a/rh1995150-disable_non-fips_crypto.patch
+++ b/rh1995150-disable_non-fips_crypto.patch
@@ -1,18 +1,18 @@
-diff --git openjdk/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
-index 9d4a794de1a..39e69362458 100644
---- openjdk/src/java.base/share/classes/module-info.java
+diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
+index 63bb580eb3a..238735c0c8c 100644
+--- openjdk.orig/src/java.base/share/classes/module-info.java
+++ openjdk/src/java.base/share/classes/module-info.java
-@@ -151,6 +151,7 @@ module java.base {
- java.management,
+@@ -152,6 +152,7 @@ module java.base {
java.naming,
java.rmi,
+ jdk.charsets,
+ jdk.crypto.ec,
jdk.jartool,
jdk.jlink,
jdk.net,
-diff --git openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
-index 912cad59714..c5e13c98bd9 100644
---- openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+diff --git openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+index 912cad59714..7cb5ebcde51 100644
+--- openjdk.orig/src/java.base/share/classes/sun/security/provider/SunEntries.java
+++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
@@ -30,6 +30,7 @@ import java.net.*;
import java.util.*;
@@ -52,6 +52,80 @@ index 912cad59714..c5e13c98bd9 100644
- if (NativePRNG.NonBlocking.isAvailable()) {
- add(p, "SecureRandom", "NativePRNGNonBlocking",
- "sun.security.provider.NativePRNG$NonBlocking", attrs);
+- }
+- attrs.put("ImplementedIn", "Software");
+- add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
+- add(p, "SecureRandom", "SHA1PRNG",
+- "sun.security.provider.SecureRandom", attrs);
+-
+- /*
+- * Signature engines
+- */
+- attrs.clear();
+- String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
+- "|java.security.interfaces.DSAPrivateKey";
+- attrs.put("SupportedKeyClasses", dsaKeyClasses);
+- attrs.put("ImplementedIn", "Software");
+-
+- attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
+-
+- addWithAlias(p, "Signature", "SHA1withDSA",
+- "sun.security.provider.DSA$SHA1withDSA", attrs);
+- addWithAlias(p, "Signature", "NONEwithDSA",
+- "sun.security.provider.DSA$RawDSA", attrs);
+-
+- // for DSA signatures with 224/256-bit digests
+- attrs.put("KeySize", "2048");
+-
+- addWithAlias(p, "Signature", "SHA224withDSA",
+- "sun.security.provider.DSA$SHA224withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA256withDSA",
+- "sun.security.provider.DSA$SHA256withDSA", attrs);
+-
+- addWithAlias(p, "Signature", "SHA3-224withDSA",
+- "sun.security.provider.DSA$SHA3_224withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA3-256withDSA",
+- "sun.security.provider.DSA$SHA3_256withDSA", attrs);
+-
+- attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
+-
+- addWithAlias(p, "Signature", "SHA384withDSA",
+- "sun.security.provider.DSA$SHA384withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA512withDSA",
+- "sun.security.provider.DSA$SHA512withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA3-384withDSA",
+- "sun.security.provider.DSA$SHA3_384withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA3-512withDSA",
+- "sun.security.provider.DSA$SHA3_512withDSA", attrs);
+-
+- attrs.remove("KeySize");
+-
+- add(p, "Signature", "SHA1withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA1withDSAinP1363Format");
+- add(p, "Signature", "NONEwithDSAinP1363Format",
+- "sun.security.provider.DSA$RawDSAinP1363Format");
+- add(p, "Signature", "SHA224withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA224withDSAinP1363Format");
+- add(p, "Signature", "SHA256withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA256withDSAinP1363Format");
+- add(p, "Signature", "SHA384withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA384withDSAinP1363Format");
+- add(p, "Signature", "SHA512withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA512withDSAinP1363Format");
+- add(p, "Signature", "SHA3-224withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
+- add(p, "Signature", "SHA3-256withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
+- add(p, "Signature", "SHA3-384withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
+- add(p, "Signature", "SHA3-512withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
+- /*
+- * Key Pair Generator engines
+- */
+- attrs.clear();
+- attrs.put("ImplementedIn", "Software");
+- attrs.put("KeySize", "2048"); // for DSA KPG and APG only
+ if (!systemFipsEnabled) {
+ /*
+ * SecureRandom engines
@@ -73,7 +147,10 @@ index 912cad59714..c5e13c98bd9 100644
+ add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
+ add(p, "SecureRandom", "SHA1PRNG",
+ "sun.security.provider.SecureRandom", attrs);
-+
+
+- String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
+- dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
+- addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
+ /*
+ * Signature engines
+ */
@@ -142,30 +219,73 @@ index 912cad59714..c5e13c98bd9 100644
+ attrs.clear();
+ attrs.put("ImplementedIn", "Software");
+ attrs.put("KeySize", "2048"); // for DSA KPG and APG only
-+
+
+- /*
+- * Algorithm Parameter Generator engines
+- */
+- addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
+- "sun.security.provider.DSAParameterGenerator", attrs);
+- attrs.remove("KeySize");
+ String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
+ dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
+ addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
-+
+
+- /*
+- * Algorithm Parameter engines
+- */
+- addWithAlias(p, "AlgorithmParameters", "DSA",
+- "sun.security.provider.DSAParameters", attrs);
+ /*
+ * Algorithm Parameter Generator engines
+ */
+ addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
+ "sun.security.provider.DSAParameterGenerator", attrs);
+ attrs.remove("KeySize");
-+
+
+- /*
+- * Key factories
+- */
+- addWithAlias(p, "KeyFactory", "DSA",
+- "sun.security.provider.DSAKeyFactory", attrs);
+ /*
+ * Algorithm Parameter engines
+ */
+ addWithAlias(p, "AlgorithmParameters", "DSA",
+ "sun.security.provider.DSAParameters", attrs);
-+
+
+- /*
+- * Digest engines
+- */
+- add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
+- add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
+- attrs);
+ /*
+ * Key factories
+ */
+ addWithAlias(p, "KeyFactory", "DSA",
+ "sun.security.provider.DSAKeyFactory", attrs);
-+
+
+- addWithAlias(p, "MessageDigest", "SHA-224",
+- "sun.security.provider.SHA2$SHA224", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-256",
+- "sun.security.provider.SHA2$SHA256", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-384",
+- "sun.security.provider.SHA5$SHA384", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-512",
+- "sun.security.provider.SHA5$SHA512", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-512/224",
+- "sun.security.provider.SHA5$SHA512_224", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-512/256",
+- "sun.security.provider.SHA5$SHA512_256", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-224",
+- "sun.security.provider.SHA3$SHA224", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-256",
+- "sun.security.provider.SHA3$SHA256", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-384",
+- "sun.security.provider.SHA3$SHA384", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-512",
+- "sun.security.provider.SHA3$SHA512", attrs);
+ /*
+ * Digest engines
+ */
@@ -194,138 +314,13 @@ index 912cad59714..c5e13c98bd9 100644
+ "sun.security.provider.SHA3$SHA384", attrs);
+ addWithAlias(p, "MessageDigest", "SHA3-512",
+ "sun.security.provider.SHA3$SHA512", attrs);
- }
-- attrs.put("ImplementedIn", "Software");
-- add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
-- add(p, "SecureRandom", "SHA1PRNG",
-- "sun.security.provider.SecureRandom", attrs);
--
-- /*
-- * Signature engines
-- */
-- attrs.clear();
-- String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
-- "|java.security.interfaces.DSAPrivateKey";
-- attrs.put("SupportedKeyClasses", dsaKeyClasses);
-- attrs.put("ImplementedIn", "Software");
--
-- attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
--
-- addWithAlias(p, "Signature", "SHA1withDSA",
-- "sun.security.provider.DSA$SHA1withDSA", attrs);
-- addWithAlias(p, "Signature", "NONEwithDSA",
-- "sun.security.provider.DSA$RawDSA", attrs);
--
-- // for DSA signatures with 224/256-bit digests
-- attrs.put("KeySize", "2048");
--
-- addWithAlias(p, "Signature", "SHA224withDSA",
-- "sun.security.provider.DSA$SHA224withDSA", attrs);
-- addWithAlias(p, "Signature", "SHA256withDSA",
-- "sun.security.provider.DSA$SHA256withDSA", attrs);
--
-- addWithAlias(p, "Signature", "SHA3-224withDSA",
-- "sun.security.provider.DSA$SHA3_224withDSA", attrs);
-- addWithAlias(p, "Signature", "SHA3-256withDSA",
-- "sun.security.provider.DSA$SHA3_256withDSA", attrs);
--
-- attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
--
-- addWithAlias(p, "Signature", "SHA384withDSA",
-- "sun.security.provider.DSA$SHA384withDSA", attrs);
-- addWithAlias(p, "Signature", "SHA512withDSA",
-- "sun.security.provider.DSA$SHA512withDSA", attrs);
-- addWithAlias(p, "Signature", "SHA3-384withDSA",
-- "sun.security.provider.DSA$SHA3_384withDSA", attrs);
-- addWithAlias(p, "Signature", "SHA3-512withDSA",
-- "sun.security.provider.DSA$SHA3_512withDSA", attrs);
--
-- attrs.remove("KeySize");
--
-- add(p, "Signature", "SHA1withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA1withDSAinP1363Format");
-- add(p, "Signature", "NONEwithDSAinP1363Format",
-- "sun.security.provider.DSA$RawDSAinP1363Format");
-- add(p, "Signature", "SHA224withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA224withDSAinP1363Format");
-- add(p, "Signature", "SHA256withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA256withDSAinP1363Format");
-- add(p, "Signature", "SHA384withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA384withDSAinP1363Format");
-- add(p, "Signature", "SHA512withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA512withDSAinP1363Format");
-- add(p, "Signature", "SHA3-224withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
-- add(p, "Signature", "SHA3-256withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
-- add(p, "Signature", "SHA3-384withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
-- add(p, "Signature", "SHA3-512withDSAinP1363Format",
-- "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
-- /*
-- * Key Pair Generator engines
-- */
-- attrs.clear();
-- attrs.put("ImplementedIn", "Software");
-- attrs.put("KeySize", "2048"); // for DSA KPG and APG only
--
-- String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
-- dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
-- addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
--
-- /*
-- * Algorithm Parameter Generator engines
-- */
-- addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
-- "sun.security.provider.DSAParameterGenerator", attrs);
-- attrs.remove("KeySize");
--
-- /*
-- * Algorithm Parameter engines
-- */
-- addWithAlias(p, "AlgorithmParameters", "DSA",
-- "sun.security.provider.DSAParameters", attrs);
--
-- /*
-- * Key factories
-- */
-- addWithAlias(p, "KeyFactory", "DSA",
-- "sun.security.provider.DSAKeyFactory", attrs);
--
-- /*
-- * Digest engines
-- */
-- add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
-- add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
-- addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
-- attrs);
--
-- addWithAlias(p, "MessageDigest", "SHA-224",
-- "sun.security.provider.SHA2$SHA224", attrs);
-- addWithAlias(p, "MessageDigest", "SHA-256",
-- "sun.security.provider.SHA2$SHA256", attrs);
-- addWithAlias(p, "MessageDigest", "SHA-384",
-- "sun.security.provider.SHA5$SHA384", attrs);
-- addWithAlias(p, "MessageDigest", "SHA-512",
-- "sun.security.provider.SHA5$SHA512", attrs);
-- addWithAlias(p, "MessageDigest", "SHA-512/224",
-- "sun.security.provider.SHA5$SHA512_224", attrs);
-- addWithAlias(p, "MessageDigest", "SHA-512/256",
-- "sun.security.provider.SHA5$SHA512_256", attrs);
-- addWithAlias(p, "MessageDigest", "SHA3-224",
-- "sun.security.provider.SHA3$SHA224", attrs);
-- addWithAlias(p, "MessageDigest", "SHA3-256",
-- "sun.security.provider.SHA3$SHA256", attrs);
-- addWithAlias(p, "MessageDigest", "SHA3-384",
-- "sun.security.provider.SHA3$SHA384", attrs);
-- addWithAlias(p, "MessageDigest", "SHA3-512",
-- "sun.security.provider.SHA3$SHA512", attrs);
++ }
/*
* Certificates
-diff --git openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
-index 8c9e4f9dbe6..9eeb3013e0d 100644
---- openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+diff --git openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+index 8c9e4f9dbe6..883dc04758e 100644
+--- openjdk.orig/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
@@ -38,6 +38,7 @@ import java.util.HashMap;
import java.util.Iterator;
diff --git a/rh1996182-login_to_nss_software_token.patch b/rh1996182-login_to_nss_software_token.patch
index 475c521..96a8204 100644
--- a/rh1996182-login_to_nss_software_token.patch
+++ b/rh1996182-login_to_nss_software_token.patch
@@ -5,13 +5,13 @@ Date: Sat Aug 28 00:35:44 2021 +0100
RH1996182: Login to the NSS Software Token in FIPS Mode
diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
-index 39e69362458..aeb5fc2eb46 100644
+index 238735c0c8c..dbbf11bbb22 100644
--- openjdk.orig/src/java.base/share/classes/module-info.java
+++ openjdk/src/java.base/share/classes/module-info.java
-@@ -151,6 +151,7 @@ module java.base {
- java.management,
+@@ -152,6 +152,7 @@ module java.base {
java.naming,
java.rmi,
+ jdk.charsets,
+ jdk.crypto.cryptoki,
jdk.crypto.ec,
jdk.jartool,
diff --git a/rh2021263-fips_ensure_security_initialised.patch b/rh2021263-fips_ensure_security_initialised.patch
new file mode 100644
index 0000000..8dc0122
--- /dev/null
+++ b/rh2021263-fips_ensure_security_initialised.patch
@@ -0,0 +1,28 @@
+commit 4ac1a03b3ec73358988553fe9e200130847ea3b4
+Author: Andrew Hughes <gnu.andrew(a)redhat.com>
+Date: Mon Jan 10 20:19:40 2022 +0000
+
+ RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
+index 5a2c9eb0c46..a1ee182d913 100644
+--- openjdk.orig/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
++++ openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
+@@ -39,6 +39,7 @@ import java.io.FilePermission;
+ import java.io.ObjectInputStream;
+ import java.io.RandomAccessFile;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+
+ /** A repository of "shared secrets", which are a mechanism for
+@@ -449,6 +450,9 @@ public class SharedSecrets {
+ }
+
+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ if (javaSecuritySystemConfiguratorAccess == null) {
++ ensureClassInitialized(Security.class);
++ }
+ return javaSecuritySystemConfiguratorAccess;
+ }
+ }
diff --git a/rh2021263-fips_missing_native_returns.patch b/rh2021263-fips_missing_native_returns.patch
new file mode 100644
index 0000000..5a056ce
--- /dev/null
+++ b/rh2021263-fips_missing_native_returns.patch
@@ -0,0 +1,24 @@
+commit 8f6e35dc9e9289aed290b36e260beeda76986bb5
+Author: Fridrich Strba <fstrba(a)suse.com>
+Date: Mon Jan 10 19:32:01 2022 +0000
+
+ RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+index 38919d6bb0f..caf678a7dd6 100644
+--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
++++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+@@ -151,11 +151,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ fips_enabled = fgetc(fe);
+ fclose(fe);
+ if (fips_enabled == EOF) {
+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ return JNI_FALSE;
+ }
+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+ " read character is '%c'", fips_enabled);
diff --git a/sources b/sources
index 1824428..22e666f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk17u-jdk-17.0.1+12.tar.xz) = d9503de1001e42657ddb2600e1141d4169e333f0592ce3ad3c4ce14f817ca73a6bf6fb867e15930150c7b55e8fd4c4cd73d43984979e721df481a9ac7919580c
+SHA512 (openjdk-jdk17u-jdk-17.0.2+8.tar.xz) = 03371771574c19c38f9091eaad7c46d1638c95e5a3ab16e5ce540bf0f9dcbf8f60fd3848f75fd6fb5eb5fa35a91ca8a6a7b582ce4cf5c7cd2efe6c0957c98719
commit 56861ee649ae22b0a3cf1296fe664e6bb8738fd4
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Dec 13 18:17:21 2021 +0100
Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 391c5ea..87d2406 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 12
+%global rpmrelease 13
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -428,6 +428,50 @@
# not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
+%define save_alternatives() %{expand:
+ # warning! alternatives are localised!
+ # LANG=cs_CZ.UTF-8 alternatives --display java | head
+ # LANG=en_US.UTF-8 alternatives --display java | head
+ function nonLocalisedAlternativesDisplayOfMaster() {
+ LANG=en_US.UTF-8 alternatives --display "$MASTER"
+ }
+ function headOfAbove() {
+ nonLocalisedAlternativesDisplayOfMaster | head -n $1
+ }
+ MASTER="%{?1}"
+ LOCAL_LINK="%{?2}"
+ FAMILY="%{?3}"
+ rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
+ if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
+ if headOfAbove 1 | grep -q manual ; then
+ if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
+ headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
+ fi
+ fi
+ fi
+}
+
+%define save_and_remove_alternatives() %{expand:
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ upgrade1_uninstal0=%{?3}
+ if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
+ %{save_alternatives %{?1} %{?2} %{?4}}
+ fi
+ alternatives --remove "%{?1}" "%{?2}"
+}
+
+%define set_if_needed_alternatives() %{expand:
+ MASTER="%{?1}"
+ FAMILY="%{?2}"
+ ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
+ if [ -e "$ALTERNATIVES_FILE" ] ; then
+ rm "$ALTERNATIVES_FILE"
+ alternatives --set $MASTER $FAMILY
+ fi
+}
+
%define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -436,14 +480,18 @@ exit 0
}
%define alternatives_java_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=java
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
+ --install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\
@@ -457,11 +505,17 @@ alternatives \\
--slave %{_mandir}/man1/rmiregistry.1$ext rmiregistry.1$ext \\
%{_mandir}/man1/rmiregistry-%{uniquesuffix -- %{?1}}.1$ext
+%{set_if_needed_alternatives $key %{family}}
+
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ key=jre_"$X"
+ alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+key=jre_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
@@ -494,10 +548,14 @@ exit 0
%define postun_headless() %{expand:
- alternatives --remove java %{jrebindir -- %{?1}}/java
- alternatives --remove jre_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove jre_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
}
%define posttrans_script() %{expand:
@@ -506,14 +564,18 @@ exit 0
%define alternatives_javac_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
+key=javac
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
+ --install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\
--slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\
@@ -576,14 +638,19 @@ alternatives \\
--slave %{_mandir}/man1/jstatd.1$ext jstatd.1$ext \\
%{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/serialver.1$ext serialver.1$ext \\
- %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext \\
+ %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext
+
+%{set_if_needed_alternatives $key %{family}}
for X in %{origin} %{javaver} ; do
- alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ key=java_sdk_"$X"
+ alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+ %{set_if_needed_alternatives $key %{family}}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+key=java_sdk_%{javaver}_%{origin}
+alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
+%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
@@ -594,10 +661,14 @@ exit 0
}
%define postun_devel() %{expand:
- alternatives --remove javac %{sdkbindir -- %{?1}}/javac
- alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
- alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
+ %{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || :
@@ -614,36 +685,49 @@ exit 0
}
%define alternatives_javadoc_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-alternatives \\
- --install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{family_noarch}
+key=javadocdir
+alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc() %{expand:
- alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0
}
%define alternatives_javadoczip_install() %{expand:
+if [ "x$debug" == "xtrue" ] ; then
+ set -x
+fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
-
-alternatives \\
- --install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{family_noarch}
+key=javadoczip
+alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
+%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc_zip() %{expand:
- alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
+ if [ "x$debug" == "xtrue" ] ; then
+ set -x
+ fi
+ post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_sy...
+ %{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0
}
@@ -2383,6 +2467,17 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-12.rolling
+- Storing and restoring alterntives during update manually
+- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
+-- The move of alternatives creation to posttrans to fix:
+-- Bug 1200302 - dnf reinstall breaks alternatives
+-- Had caused the alternatives to be removed, and then created again,
+-- instead of being added, and then removing the old, and thus persisting
+-- the selection in family
+-- Thus this fix, is storing the family of manually selected master, and if
+-- stored, then it is restoring the family of the master
+
* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-12.rolling
- Family extracted to globals
commit 82960579224f5d61b1c9b2968c5c21a0ffd6c23b
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Dec 2 13:15:46 2021 +0100
family extracted to globals
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 83a28c4..391c5ea 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 11
+%global rpmrelease 12
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -408,6 +408,9 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
+%global family %{name}.%{_arch}
+%global family_noarch %{name}
+
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@@ -440,7 +443,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{family} \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\
@@ -455,10 +458,10 @@ alternatives \\
%{_mandir}/man1/rmiregistry-%{uniquesuffix -- %{?1}}.1$ext
for X in %{origin} %{javaver} ; do
- alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
done
-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
}
%define post_headless() %{expand:
@@ -510,7 +513,7 @@ fi
ext=.gz
alternatives \\
- --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch} \\
+ --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family} \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\
--slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\
@@ -577,10 +580,10 @@ alternatives \\
for X in %{origin} %{javaver} ; do
alternatives \\
- --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+ --install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
done
-update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
+update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
}
%define post_devel() %{expand:
@@ -618,7 +621,7 @@ fi
alternatives \\
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -635,7 +638,7 @@ fi
alternatives \\
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
- $PRIORITY --family %{name}
+ $PRIORITY --family %{family_noarch}
exit 0
}
@@ -2380,6 +2383,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-12.rolling
+- Family extracted to globals
+
* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-11.rolling
- javadoc-zip got its own provides next to plain javadoc ones
commit ed9a58ca1c03e551f98036cff72e228b6b8d8fb0
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Tue Dec 7 14:08:08 2021 +0100
Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index fc649ec..83a28c4 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 10
+%global rpmrelease 11
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1058,10 +1058,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
-Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
+Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
-Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
+Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif
}
@@ -1537,7 +1537,7 @@ Group: Documentation
Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:13.0.0.33-1.rolling
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{featurever} API documentation.
@@ -1552,7 +1552,8 @@ Group: Documentation
Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:13.0.0.33-1.rolling
-%{java_javadoc_rpo %{nil}}
+%{java_javadoc_rpo -- %{nil} -zip}
+%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip
The %{origin_nice} %{featurever} API documentation compressed in a single archive.
@@ -2379,6 +2380,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-11.rolling
+- javadoc-zip got its own provides next to plain javadoc ones
+
* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-10.rolling
- replaced tabs by sets of spaces to make rpmlint happy
commit 44e64a6b92d31ee6e639610bc9f542ed2c2c6a1e
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Tue Dec 21 15:04:42 2021 +0100
Removing tabs in whitespaced specfile for rpmlint
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 4cc59a1..fc649ec 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 6
+%global rpmrelease 10
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1719,14 +1719,14 @@ function buildjdk() {
# to configure
VERSION_FILE=${top_dir_abs_src_path}/make/conf/version-numbers.conf
if [ -f ${VERSION_FILE} ] ; then
- EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
+ EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
else
- echo "Could not find OpenJDK version file.";
- exit 16
+ echo "Could not find OpenJDK version file.";
+ exit 16
fi
if [ "x${EA_DESIGNATOR}" != "x%{expected_ea_designator}" ] ; then
- echo "Spec file is configured for a %{build_type} build, but upstream version-pre setting is ${EA_DESIGNATOR}";
- exit 17
+ echo "Spec file is configured for a %{build_type} build, but upstream version-pre setting is ${EA_DESIGNATOR}";
+ exit 17
fi
echo "Using output directory: ${outputdir}";
@@ -2379,6 +2379,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Thu Dec 09 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-10.rolling
+- replaced tabs by sets of spaces to make rpmlint happy
+
* Wed Dec 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-6.rolling
- Handle Fedora in distro conditionals that currently only pertain to RHEL.
commit 060135c15b2bb99963b3cf2b571344e59872a86a
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Fri Nov 5 22:46:45 2021 +0000
Handle Fedora in distro conditionals that currently only pertain to RHEL.
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 81bb435..4cc59a1 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 5
+%global rpmrelease 6
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -937,7 +937,8 @@ Requires: libXcomposite%{?_isa}
Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# for java-X-openjdk package's desktop binding
-%if 0%{?rhel} >= 8
+# Where recommendations are available, recommend Gtk+ for the Swing look and feel
+%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Recommends: gtk3%{?_isa}
%endif
@@ -978,8 +979,11 @@ Requires: cups-libs
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
Requires(postun): %{alternatives_requires}
-# for optional support of kernel stream control, card reader and printing bindings
+# Where suggestions are available, recommend the sctp and pcsc libraries
+# for optional support of kernel stream control and card reader
+%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Suggests: lksctp-tools%{?_isa}, pcsc-lite-libs%{?_isa}
+%endif
# Standard JPackage base provides
Provides: jre-%{javaver}-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
@@ -1094,7 +1098,8 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}.rolling%{?dist}
Epoch: 1
Summary: %{origin_nice} %{featurever} Runtime Environment
-%if 0%{?rhel} <= 8
+# Groups are only used up to RHEL 8 and on Fedora versions prior to F30
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1257,7 +1262,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_debug_build}
%package slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1270,7 +1275,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_fastdebug_build}
%package fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1283,7 +1288,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_normal_build}
%package headless
Summary: %{origin_nice} %{featurever} Headless Runtime Environment
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1296,7 +1301,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_debug_build}
%package headless-slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_headless_rpo -- %{debug_suffix_unquoted}}
@@ -1308,7 +1315,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_fastdebug_build}
%package headless-fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_headless_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1320,7 +1329,7 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_normal_build}
%package devel
Summary: %{origin_nice} %{featurever} Development Environment
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1333,7 +1342,7 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_debug_build}
%package devel-slowdebug
Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1347,7 +1356,9 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_fastdebug_build}
%package devel-fastdebug
Summary: %{origin_nice} %{featurever} Development Environment %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools
+%endif
%{java_devel_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1396,7 +1407,7 @@ The %{origin_nice} %{featurever} libraries for static linking.
%if %{include_normal_build}
%package jmods
Summary: JMods for %{origin_nice} %{featurever}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1409,7 +1420,7 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_debug_build}
%package jmods-slowdebug
Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1423,7 +1434,9 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_fastdebug_build}
%package jmods-fastdebug
Summary: JMods for %{origin_nice} %{featurever} %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools
+%endif
%{java_jmods_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1435,7 +1448,7 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_normal_build}
%package demo
Summary: %{origin_nice} %{featurever} Demos
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1448,7 +1461,7 @@ The %{origin_nice} %{featurever} demos.
%if %{include_debug_build}
%package demo-slowdebug
Summary: %{origin_nice} %{featurever} Demos %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1462,7 +1475,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_fastdebug_build}
%package demo-fastdebug
Summary: %{origin_nice} %{featurever} Demos %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_demo_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1474,7 +1489,7 @@ The %{origin_nice} %{featurever} demos.
%if %{include_normal_build}
%package src
Summary: %{origin_nice} %{featurever} Source Bundle
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1488,7 +1503,7 @@ class library source code for use by IDE indexers and debuggers.
%if %{include_debug_build}
%package src-slowdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1502,7 +1517,9 @@ The %{compatiblename}-src-slowdebug sub-package contains the complete %{origin_n
%if %{include_fastdebug_build}
%package src-fastdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_fastdebug}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_src_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1514,7 +1531,7 @@ The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_n
%if %{include_normal_build}
%package javadoc
Summary: %{origin_nice} %{featurever} API documentation
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem
@@ -1529,7 +1546,7 @@ The %{origin_nice} %{featurever} API documentation.
%if %{include_normal_build}
%package javadoc-zip
Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem
@@ -2362,6 +2379,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Dec 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-6.rolling
+- Handle Fedora in distro conditionals that currently only pertain to RHEL.
+
* Wed Dec 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-5.rolling
- Patch syslookup.c so it actually has some code to be compiled into libsyslookup
commit 4289c678a9915797062a8f26d4cf1f8309e6f77b
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Mon Nov 8 14:48:30 2021 +0100
Patch syslookup.c so it actually has some code to be compiled into libsyslookup
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 59605ba..81bb435 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 4
+%global rpmrelease 5
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1198,6 +1198,8 @@ Patch1013: rh1991003-enable_fips_keys_import.patch
# OpenJDK patches in need of upstreaming
#
#############################################
+# JDK-8276572: Fake libsyslookup.so library causes tooling issues
+Patch2000: jdk8276572-fake_libsyslookup_causes_tooling_issues.patch
BuildRequires: autoconf
@@ -1596,6 +1598,7 @@ popd # openjdk
%patch1011
%patch1012
%patch1013
+%patch2000
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -1916,14 +1919,6 @@ do
# All these tests rely on RPM failing the build if the exit code of any set
# of piped commands is non-zero.
- # If this is the empty library, libsyslookup.so, of the foreign function and memory
- # API incubation module (JEP 412), skip the debuginfo check as this seems unreliable
- # on s390x. It's not very useful for other arches either, so skip unconditionally.
- if [ "`basename $lib`" = "libsyslookup.so" ]; then
- echo "Skipping debuginfo check for empty library 'libsyslookup.so'"
- continue
- fi
-
# Test for .debug_* sections in the shared object. This is the main test
# Stripped objects will not contain these
eu-readelf -S "$lib" | grep "] .debug_"
@@ -2367,6 +2362,9 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Dec 01 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-5.rolling
+- Patch syslookup.c so it actually has some code to be compiled into libsyslookup
+
* Tue Nov 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-4.rolling
- Restructure the build so a minimal initial build is then used for the final build (with docs)
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
diff --git a/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch b/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch
new file mode 100644
index 0000000..dee144b
--- /dev/null
+++ b/jdk8276572-fake_libsyslookup_causes_tooling_issues.patch
@@ -0,0 +1,21 @@
+commit a4724332098cd8bff44ee27e9190fd28fa5c1865
+Author: Andrew John Hughes <andrew(a)openjdk.org>
+Date: Fri Nov 5 21:05:42 2021 +0000
+
+ 8276572: Fake libsyslookup.so library causes tooling issues
+
+ Reviewed-by: shade, mcimadamore
+
+diff --git openjdk.orig/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c openjdk/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c
+index fdf99866786..b1f543bfdb7 100644
+--- openjdk.orig/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c
++++ openjdk/src/jdk.incubator.foreign/share/native/libsyslookup/syslookup.c
+@@ -26,3 +26,8 @@
+ // Note: the include below is not strictly required, as dependencies will be pulled using linker flags.
+ // Adding at least one #include removes unwanted warnings on some platforms.
+ #include <stdlib.h>
++
++// Simple dummy function so this library appears as a normal library to tooling.
++char* syslookup() {
++ return "syslookup";
++}
commit 1cc9d59897c0de8144ec7c04a74ac3d2e4e0f3b6
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Tue Nov 30 18:23:14 2021 +0000
Restructure the build so a minimal initial build is then used for the final build (with docs)
This reduces pressure on the system JDK and ensures the JDK being built can do a full build
Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
Minor cosmetic improvements to make spec more comparable between variants
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index e868780..59605ba 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -12,10 +12,7 @@
#
# Only produce a release build on x86_64:
# $ fedpkg mockbuild --without slowdebug --without fastdebug
-#
-# Only produce a debug build on x86_64:
-# $ fedpkg local --without release
-#
+
# Enable fastdebug builds by default on relevant arches.
%bcond_without fastdebug
# Enable slowdebug builds by default on relevant arches.
@@ -59,11 +56,11 @@
%global staticlibs_suffix "%{staticlibs_suffix_unquoted}"
%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP.
-%global debug_on with full debugging on
-%global fastdebug_on with minimal debugging on
%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP.
-%global for_fastdebug_on for packages with minimal debugging on
-%global for_debug for packages with debugging on
+%global debug_on unoptimised with full debugging on
+%global fastdebug_on optimised with full debugging on
+%global for_fastdebug for packages with debugging on and optimisation
+%global for_debug for packages with debugging on and no optimisation
%if %{with release}
%global include_normal_build 1
@@ -171,7 +168,7 @@
# If you disable both builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
-%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
+%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
%if %{include_staticlibs}
%global staticlibs_loop %{staticlibs_suffix}
@@ -180,27 +177,30 @@
%endif
%ifarch %{bootstrap_arches}
-%global bootstrap_build 1
+%global bootstrap_build true
%else
-%global bootstrap_build 1
+%global bootstrap_build false
%endif
-%if %{bootstrap_build}
-%global release_targets bootcycle-images docs-zip
-%else
-%global release_targets images docs-zip
-%endif
-# No docs nor bootcycle for debug builds
-%global debug_targets images
-
%if %{include_staticlibs}
# Extra target for producing the static-libraries. Separate from
# other targets since this target is configured to use in-tree
# AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib
# and possibly others
%global static_libs_target static-libs-image
+%else
+%global static_libs_target %{nil}
%endif
+# RPM JDK builds keep the debug symbols internal, to be later stripped by RPM
+%global debug_symbols internal
+
+# unlike portables,the rpms have to use static_libs_target very dynamically
+%global bootstrap_targets images
+%global release_targets images docs-zip
+# No docs nor bootcycle for debug builds
+%global debug_targets images
+
# Filter out flags from the optflags macro that cause problems with the OpenJDK build
# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 3
+%global rpmrelease 4
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -311,7 +311,7 @@
# for techpreview, using 1, so slowdebugs can have 0
%global priority %( printf '%08d' 1 )
%endif
-%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
+%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
@@ -573,7 +573,7 @@ alternatives \\
--slave %{_mandir}/man1/jstatd.1$ext jstatd.1$ext \\
%{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/serialver.1$ext serialver.1$ext \\
- %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext
+ %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext \\
for X in %{origin} %{javaver} ; do
alternatives \\
@@ -754,7 +754,7 @@ exit 0
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access
-# these are config templates, thus not config-noreplace
+# This is a config template, thus not config-noreplace
%config %{etcjavadir -- %{?1}}/conf/management/jmxremote.password.template
%config %{etcjavadir -- %{?1}}/conf/sdp/sdp.conf.template
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/management.properties
@@ -777,6 +777,10 @@ exit 0
%ghost %{_jvmdir}/jre-%{javaver}-%{origin}
%endif
%endif
+# https://bugzilla.redhat.com/show_bug.cgi?id=1820172
+# https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Repla...
+%ghost %{_jvmdir}/%{sdkdir -- %{?1}}/conf.rpmmoved
+%ghost %{_jvmdir}/%{sdkdir -- %{?1}}/lib/security.rpmmoved
}
%define files_devel() %{expand:
@@ -933,7 +937,9 @@ Requires: libXcomposite%{?_isa}
Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# for java-X-openjdk package's desktop binding
+%if 0%{?rhel} >= 8
Recommends: gtk3%{?_isa}
+%endif
Provides: java-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release}
@@ -1003,9 +1009,9 @@ Provides: java-sdk-%{javaver}%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-devel%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-devel%{?1} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
+Provides: java-devel-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: java-sdk-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: java-devel%{?1} = %{epoch}:%{version}-%{release}
-Provides: java-%{origin}-devel%{?1} = %{epoch}:%{version}-%{release}
Provides: java-sdk%{?1} = %{epoch}:%{version}-%{release}
%endif
}
@@ -1088,6 +1094,9 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}.rolling%{?dist}
Epoch: 1
Summary: %{origin_nice} %{featurever} Runtime Environment
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
# HotSpot code is licensed under GPLv2
# JDK library code is licensed under GPLv2 with the Classpath exception
@@ -1149,7 +1158,7 @@ Source17: nss.fips.cfg.in
# NSS via SunPKCS11 Provider (disabled comment
# due to memory leak).
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
-# enable build of speculative store bypass hardened alt-java
+# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
Patch600: rh1750419-redhat_alt_java.patch
# Ignore AWTError when assistive technologies are loaded
@@ -1246,6 +1255,9 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_debug_build}
%package slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_rpo -- %{debug_suffix_unquoted}}
%description slowdebug
@@ -1256,7 +1268,9 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_fastdebug_build}
%package fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
+%if 0%{?rhel} <= 8
Group: Development/Languages
+%endif
%{java_rpo -- %{fastdebug_suffix_unquoted}}
%description fastdebug
@@ -1267,6 +1281,9 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_normal_build}
%package headless
Summary: %{origin_nice} %{featurever} Headless Runtime Environment
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_headless_rpo %{nil}}
@@ -1277,6 +1294,7 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_debug_build}
%package headless-slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
+Group: Development/Languages
%{java_headless_rpo -- %{debug_suffix_unquoted}}
@@ -1300,6 +1318,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_normal_build}
%package devel
Summary: %{origin_nice} %{featurever} Development Environment
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_devel_rpo %{nil}}
@@ -1310,6 +1331,9 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_debug_build}
%package devel-slowdebug
Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_devel_rpo -- %{debug_suffix_unquoted}}
@@ -1370,6 +1394,9 @@ The %{origin_nice} %{featurever} libraries for static linking.
%if %{include_normal_build}
%package jmods
Summary: JMods for %{origin_nice} %{featurever}
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_jmods_rpo %{nil}}
@@ -1380,6 +1407,9 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_debug_build}
%package jmods-slowdebug
Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_jmods_rpo -- %{debug_suffix_unquoted}}
@@ -1400,10 +1430,12 @@ The JMods for %{origin_nice} %{featurever}.
%{fastdebug_warning}
%endif
-
%if %{include_normal_build}
%package demo
Summary: %{origin_nice} %{featurever} Demos
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_demo_rpo %{nil}}
@@ -1414,6 +1446,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_debug_build}
%package demo-slowdebug
Summary: %{origin_nice} %{featurever} Demos %{debug_on}
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_demo_rpo -- %{debug_suffix_unquoted}}
@@ -1437,6 +1472,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_normal_build}
%package src
Summary: %{origin_nice} %{featurever} Source Bundle
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_src_rpo %{nil}}
@@ -1448,6 +1486,9 @@ class library source code for use by IDE indexers and debuggers.
%if %{include_debug_build}
%package src-slowdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
+%if 0%{?rhel} <= 8
+Group: Development/Languages
+%endif
%{java_src_rpo -- %{debug_suffix_unquoted}}
@@ -1468,10 +1509,12 @@ The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_n
class library source code for use by IDE indexers and debuggers, %{for_fastdebug}.
%endif
-
%if %{include_normal_build}
%package javadoc
Summary: %{origin_nice} %{featurever} API documentation
+%if 0%{?rhel} <= 8
+Group: Documentation
+%endif
Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:13.0.0.33-1.rolling
@@ -1484,6 +1527,9 @@ The %{origin_nice} %{featurever} API documentation.
%if %{include_normal_build}
%package javadoc-zip
Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
+%if 0%{?rhel} <= 8
+Group: Documentation
+%endif
Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:13.0.0.33-1.rolling
@@ -1561,7 +1607,6 @@ cp -r tapset tapset%{debug_suffix}
cp -r tapset tapset%{fastdebug_suffix}
%endif
-
for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
@@ -1636,60 +1681,46 @@ EXTRA_CPP_FLAGS="$EXTRA_CPP_FLAGS -DSTAP_SDT_ARG_CONSTRAINT=g"
%endif
export EXTRA_CFLAGS EXTRA_CPP_FLAGS
-for suffix in %{build_loop} ; do
-if [ "x$suffix" = "x" ] ; then
- debugbuild=release
-else
- # change --something to something
- debugbuild=`echo $suffix | sed "s/-//g"`
-fi
-
-for loop in %{main_suffix} %{staticlibs_loop} ; do
-
-if test "x${loop}" = "x%{main_suffix}" ; then
- # Copy the source tree so we can remove all in-tree libraries
- cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
- # Remove all libraries that are linked
- sh %{SOURCE12} %{top_level_dir_name} full
- # Variable used by configure and hs_err hook on build failures
- link_opt="system"
- # Debug builds don't need same targets as release for
- # build speed-up
- maketargets="%{release_targets}"
- if echo $debugbuild | grep -q "debug" ; then
- maketargets="%{debug_targets}"
+function buildjdk() {
+ local outputdir=${1}
+ local buildjdk=${2}
+ local maketargets="${3}"
+ local debuglevel=${4}
+ local link_opt=${5}
+
+ local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
+ local top_dir_abs_build_path=$(pwd)/${outputdir}
+
+ # The OpenJDK version file includes the current
+ # upstream version information. For some reason,
+ # configure does not automatically use the
+ # default pre-version supplied there (despite
+ # what the file claims), so we pass it manually
+ # to configure
+ VERSION_FILE=${top_dir_abs_src_path}/make/conf/version-numbers.conf
+ if [ -f ${VERSION_FILE} ] ; then
+ EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
+ else
+ echo "Could not find OpenJDK version file.";
+ exit 16
+ fi
+ if [ "x${EA_DESIGNATOR}" != "x%{expected_ea_designator}" ] ; then
+ echo "Spec file is configured for a %{build_type} build, but upstream version-pre setting is ${EA_DESIGNATOR}";
+ exit 17
fi
-else
- # Variable used by configure and hs_err hook on build failures
- link_opt="bundled"
- # Static library cycle only builds the static libraries
- maketargets="%{static_libs_target}"
-fi
-top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
-top_dir_abs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}${loop}}
-# The OpenJDK version file includes the current
-# upstream version information. For some reason,
-# configure does not automatically use the
-# default pre-version supplied there (despite
-# what the file claims), so we pass it manually
-# to configure
-VERSION_FILE=${top_dir_abs_src_path}/make/conf/version-numbers.conf
-if [ -f ${VERSION_FILE} ] ; then
- EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
-else
- echo "Could not find OpenJDK version file.";
- exit 16
-fi
-if [ "x${EA_DESIGNATOR}" != "x%{expected_ea_designator}" ] ; then
- echo "Spec file is configured for a %{build_type} build, but upstream version-pre setting is ${EA_DESIGNATOR}";
- exit 17
-fi
+ echo "Using output directory: ${outputdir}";
+ echo "Checking build JDK ${buildjdk} is operational..."
+ ${buildjdk}/bin/java -version
+ echo "Using make targets: ${maketargets}"
+ echo "Using debuglevel: ${debuglevel}"
+ echo "Using link_opt: ${link_opt}"
+ echo "Building %{newjavaver}-%{buildver}, pre=${EA_DESIGNATOR}, opt=%{lts_designator}"
-mkdir -p ${top_dir_abs_build_path}
-pushd ${top_dir_abs_build_path}
+ mkdir -p ${outputdir}
+ pushd ${outputdir}
-bash ${top_dir_abs_src_path}/configure \
+ bash ${top_dir_abs_src_path}/configure \
%ifnarch %{jit_arches}
--with-jvm-variants=zero \
%endif
@@ -1704,9 +1735,9 @@ bash ${top_dir_abs_src_path}/configure \
--with-vendor-url="https://www.redhat.com/" \
--with-vendor-bug-url="%{bugs}" \
--with-vendor-vm-bug-url="%{bugs}" \
- --with-boot-jdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk \
- --with-debug-level=$debugbuild \
- --with-native-debug-symbols=internal \
+ --with-boot-jdk=${buildjdk} \
+ --with-debug-level=${debuglevel} \
+ --with-native-debug-symbols="%{debug_symbols}" \
--enable-sysconf-nss \
--enable-unlimited-crypto \
--with-zlib=system \
@@ -1727,53 +1758,105 @@ bash ${top_dir_abs_src_path}/configure \
%endif
--disable-warnings-as-errors
-make \
- LOG=trace \
- WARNINGS_ARE_ERRORS="-Wno-error" \
- CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
- $maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
+ cat spec.gmk
-popd >& /dev/null
+ make \
+ LOG=trace \
+ WARNINGS_ARE_ERRORS="-Wno-error" \
+ CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
+ $maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
-# Restore original source tree if we modified it by removing full in-tree sources
-if [ -d %{top_level_dir_name_backup} ] ; then
- rm -rf %{top_level_dir_name}
- mv %{top_level_dir_name_backup} %{top_level_dir_name}
-fi
+ popd
+}
-done # end of main / staticlibs loop
+function installjdk() {
+ local imagepath=${1}
-top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
+ # the build (erroneously) removes read permissions from some jars
+ # this is a regression in OpenJDK 7 (our compiler):
+ # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
+ find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
-# the build (erroneously) removes read permissions from some jars
-# this is a regression in OpenJDK 7 (our compiler):
-# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
-find ${top_dir_abs_main_build_path}/images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
+ # Build screws up permissions on binaries
+ # https://bugs.openjdk.java.net/browse/JDK-8173610
+ find ${imagepath} -iname '*.so' -exec chmod +x {} \;
+ find ${imagepath}/bin/ -exec chmod +x {} \;
-# Build screws up permissions on binaries
-# https://bugs.openjdk.java.net/browse/JDK-8173610
-find ${top_dir_abs_main_build_path}/images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
-find ${top_dir_abs_main_build_path}/images/%{jdkimage}/bin/ -exec chmod +x {} \;
+ # Install nss.cfg right away as we will be using the JRE above
+ install -m 644 nss.cfg ${imagepath}/conf/security/
-# Install nss.cfg right away as we will be using the JRE above
-export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
+ # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
+ install -m 644 nss.fips.cfg ${imagepath}/conf/security/
-# Install nss.cfg right away as we will be using the JRE above
-install -m 644 nss.cfg $JAVA_HOME/conf/security/
+ # Use system-wide tzdata
+ rm ${imagepath}/lib/tzdb.dat
+ ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
-# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
-install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
+ # Create fake alt-java as a placeholder for future alt-java
+ pushd ${imagepath}
+ # add alt-java man page
+ echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
+ cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
+ popd
+}
-# Use system-wide tzdata
-rm $JAVA_HOME/lib/tzdb.dat
-ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/lib/tzdb.dat
+for suffix in %{build_loop} ; do
-# Create fake alt-java as a placeholder for future alt-java
-pushd ${JAVA_HOME}
-# add alt-java man page
-echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
-cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
-popd
+ if [ "x$suffix" = "x" ] ; then
+ debugbuild=release
+ else
+ # change --something to something
+ debugbuild=`echo $suffix | sed "s/-//g"`
+ fi
+
+ systemjdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk
+
+ for loop in %{main_suffix} %{staticlibs_loop} ; do
+
+ builddir=%{buildoutputdir -- ${suffix}${loop}}
+ bootbuilddir=boot${builddir}
+
+ if test "x${loop}" = "x%{main_suffix}" ; then
+ # Copy the source tree so we can remove all in-tree libraries
+ cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
+ # Remove all libraries that are linked
+ sh %{SOURCE12} %{top_level_dir_name} full
+ # Use system libraries
+ link_opt="system"
+ # Debug builds don't need same targets as release for
+ # build speed-up. We also avoid bootstrapping these
+ # slower builds.
+ if echo $debugbuild | grep -q "debug" ; then
+ maketargets="%{debug_targets}"
+ run_bootstrap=false
+ else
+ maketargets="%{release_targets}"
+ run_bootstrap=%{bootstrap_build}
+ fi
+ if ${run_bootstrap} ; then
+ buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
+ buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
+ rm -rf ${bootbuilddir}
+ else
+ buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
+ fi
+ # Restore original source tree we modified by removing full in-tree sources
+ rm -rf %{top_level_dir_name}
+ mv %{top_level_dir_name_backup} %{top_level_dir_name}
+ else
+ # Use bundled libraries for building statically
+ link_opt="bundled"
+ # Static library cycle only builds the static libraries
+ maketargets="%{static_libs_target}"
+ # Always just do the one build for the static libraries
+ buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
+ fi
+
+ done # end of main / staticlibs loop
+
+ # Final setup on the main image
+ top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
+ installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
# build cycles
done # end of release / debug cycle loop
@@ -1824,8 +1907,9 @@ readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
%endif
+so_suffix="so"
# Check debug symbols are present and can identify code
-find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
+find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
do
if [ -f "$lib" ] ; then
echo "Testing $lib for debug symbols"
@@ -1893,15 +1977,16 @@ quit
end
run -version
EOF
-
+%if 0%{?fedora} > 0
# This fails on s390x for some reason. Disable for now. See:
# https://koji.fedoraproject.org/koji/taskinfo?taskID=41499227
%ifnarch s390x
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif
+%endif
# Check src.zip has all sources. See RHBZ#1130490
-jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
+$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
# Check class files include useful debugging information
$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
@@ -2282,6 +2367,14 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Nov 30 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-4.rolling
+- Restructure the build so a minimal initial build is then used for the final build (with docs)
+- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
+- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
+
+* Tue Nov 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.1.0.12-4.rolling
+- Minor cosmetic improvements to make spec more comparable between variants
+
* Mon Nov 29 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-3.rolling
- Add -DSTAP_SDT_ARG_CONSTRAINT=g workaround on aarch32 to fix build
- See https://bugzilla.redhat.com/show_bug.cgi?id=2026858
commit 95f56114d80ee0e3dc66a1f69792680b66cac9b4
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Mon Nov 29 18:25:01 2021 +0000
Add -DSTAP_SDT_ARG_CONSTRAINT=g workaround on aarch32 to fix build
See https://bugzilla.redhat.com/show_bug.cgi?id=2026858
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 760655c..e868780 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -1616,9 +1616,6 @@ export NUM_PROC=${NUM_PROC:-1}
%ifarch s390x sparc64 alpha %{power64} %{aarch64}
export ARCH_DATA_MODEL=64
%endif
-%ifarch alpha
-export CFLAGS="$CFLAGS -mieee"
-%endif
# We use ourcppflags because the OpenJDK build seems to
# pass EXTRA_CFLAGS to the HotSpot C++ compiler...
@@ -1626,11 +1623,18 @@ export CFLAGS="$CFLAGS -mieee"
EXTRA_CFLAGS="%ourcppflags"
EXTRA_CPP_FLAGS="%ourcppflags"
+%ifarch alpha
+EXTRA_CFLAGS="$EXTRA_CFLAGS -mieee"
+%endif
%ifarch %{power64} ppc
# fix rpmlint warnings
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
%endif
-export EXTRA_CFLAGS
+# workaround stap bug https://bugzilla.redhat.com/show_bug.cgi?id=2026858
+%ifarch %{arm}
+EXTRA_CPP_FLAGS="$EXTRA_CPP_FLAGS -DSTAP_SDT_ARG_CONSTRAINT=g"
+%endif
+export EXTRA_CFLAGS EXTRA_CPP_FLAGS
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
@@ -2278,6 +2282,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Nov 29 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-3.rolling
+- Add -DSTAP_SDT_ARG_CONSTRAINT=g workaround on aarch32 to fix build
+- See https://bugzilla.redhat.com/show_bug.cgi?id=2026858
+
* Mon Nov 29 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-3.rolling
- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
commit 5ae0961cbf51fc2287b71aa725cdda31762b6def
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Thu Oct 21 16:14:35 2021 +0100
Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
Sync desktop files with upstream IcedTea release 3.15.0 using new script
diff --git a/.gitignore b/.gitignore
index c09271c..1cf80ea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,3 +19,4 @@
/openjdk-jdk17-jdk-17+33.tar.xz
/openjdk-jdk17-jdk-17+35.tar.xz
/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
+/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
diff --git a/icedtea_sync.sh b/icedtea_sync.sh
index c3fd5e6..e5c54f3 100755
--- a/icedtea_sync.sh
+++ b/icedtea_sync.sh
@@ -16,12 +16,31 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+ICEDTEA_USE_VCS=true
+
ICEDTEA_VERSION=3.15.0
ICEDTEA_URL=https://icedtea.classpath.org/download/source
ICEDTEA_SIGNING_KEY=CFDA0F9B35964222
+ICEDTEA_HG_URL=https://icedtea.classpath.org/hg/icedtea11
+
set -e
+RPM_DIR=${PWD}
+if [ ! -f ${RPM_DIR}/jconsole.desktop.in ] ; then
+ echo "Not in RPM source tree.";
+ exit 1;
+fi
+
+if test "x${TMPDIR}" = "x"; then
+ TMPDIR=/tmp;
+fi
+WORKDIR=${TMPDIR}/it.sync
+
+echo "Using working directory ${WORKDIR}"
+mkdir ${WORKDIR}
+pushd ${WORKDIR}
+
if test "x${WGET}" = "x"; then
WGET=$(which wget);
if test "x${WGET}" = "x"; then
@@ -30,68 +49,144 @@ if test "x${WGET}" = "x"; then
fi
fi
-if test "x${CHECKSUM}" = "x"; then
- CHECKSUM=$(which sha256sum)
- if test "x${CHECKSUM}" = "x"; then
- echo "sha256sum not found";
- exit 2;
- fi
-fi
-
-if test "x${PGP}" = "x"; then
- PGP=$(which gpg)
- if test "x${PGP}" = "x"; then
- echo "gpg not found";
- exit 3;
- fi
-fi
-
if test "x${TAR}" = "x"; then
TAR=$(which tar)
if test "x${TAR}" = "x"; then
echo "tar not found";
- exit 4;
+ exit 2;
fi
fi
echo "Dependencies:";
echo -e "\tWGET: ${WGET}";
-echo -e "\tCHECKSUM: ${CHECKSUM}";
-echo -e "\tPGP: ${PGP}\n";
echo -e "\tTAR: ${TAR}\n";
-echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
-if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
- echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
- exit 5;
-fi
+if test "x${ICEDTEA_USE_VCS}" = "xtrue"; then
+ echo "Mode: Using VCS";
+
+ if test "x${GREP}" = "x"; then
+ GREP=$(which grep);
+ if test "x${GREP}" = "x"; then
+ echo "grep not found";
+ exit 3;
+ fi
+ fi
-echo "Downloading IcedTea release tarball...";
-${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
-echo "Downloading IcedTea tarball signature...";
-${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
-echo "Downloading IcedTea tarball checksums...";
-${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
+ if test "x${CUT}" = "x"; then
+ CUT=$(which cut);
+ if test "x${CUT}" = "x"; then
+ echo "cut not found";
+ exit 4;
+ fi
+ fi
+
+ if test "x${TR}" = "x"; then
+ TR=$(which tr);
+ if test "x${TR}" = "x"; then
+ echo "tr not found";
+ exit 5;
+ fi
+ fi
-echo "Verifying checksums...";
-${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
+ if test "x${HG}" = "x"; then
+ HG=$(which hg);
+ if test "x${HG}" = "x"; then
+ echo "hg not found";
+ exit 6;
+ fi
+ fi
-echo "Checking signature...";
-${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+ echo "Dependencies:";
+ echo -e "\tGREP: ${GREP}";
+ echo -e "\tCUT: ${CUT}";
+ echo -e "\tTR: ${TR}";
+ echo -e "\tHG: ${HG}";
+
+ echo "Checking out repository from VCS...";
+ ${HG} clone ${ICEDTEA_HG_URL} icedtea
+
+ echo "Obtaining version from configure.ac...";
+ ROOT_VER=$(${GREP} '^AC_INIT' icedtea/configure.ac|${CUT} -d ',' -f 2|${TR} -d '[][:space:]')
+ echo "Root version from configure: ${ROOT_VER}";
+
+ VCS_REV=$(${HG} log -R icedtea --template '{node|short}' -r tip)
+ echo "VCS revision: ${VCS_REV}";
+
+ ICEDTEA_VERSION="${ROOT_VER}-${VCS_REV}"
+ echo "Creating icedtea-${ICEDTEA_VERSION}";
+ mkdir icedtea-${ICEDTEA_VERSION}
+ echo "Copying required files from checkout to icedtea-${ICEDTEA_VERSION}";
+ # Commented out for now as IcedTea 6's jconsole.desktop.in is outdated
+ #cp -a icedtea/jconsole.desktop.in ../icedtea-${ICEDTEA_VERSION}
+ cp -a ${RPM_DIR}/jconsole.desktop.in icedtea-${ICEDTEA_VERSION}
+ cp -a icedtea/tapset icedtea-${ICEDTEA_VERSION}
+
+ rm -rf icedtea
+else
+ echo "Mode: Using tarball";
+
+ if test "x${ICEDTEA_VERSION}" = "x"; then
+ echo "No IcedTea version specified for tarball download.";
+ exit 3;
+ fi
-echo "Extracting files...";
-${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
+ if test "x${CHECKSUM}" = "x"; then
+ CHECKSUM=$(which sha256sum)
+ if test "x${CHECKSUM}" = "x"; then
+ echo "sha256sum not found";
+ exit 4;
+ fi
+ fi
+
+ if test "x${PGP}" = "x"; then
+ PGP=$(which gpg)
+ if test "x${PGP}" = "x"; then
+ echo "gpg not found";
+ exit 5;
+ fi
+ fi
+
+ echo "Dependencies:";
+ echo -e "\tCHECKSUM: ${CHECKSUM}";
+ echo -e "\tPGP: ${PGP}\n";
+
+ echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
+ if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
+ echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
+ exit 6;
+ fi
+
+ echo "Downloading IcedTea release tarball...";
+ ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
+ echo "Downloading IcedTea tarball signature...";
+ ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+ echo "Downloading IcedTea tarball checksums...";
+ ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
+
+ echo "Verifying checksums...";
+ ${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
+
+ echo "Checking signature...";
+ ${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+
+ echo "Extracting files...";
+ ${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
icedtea-${ICEDTEA_VERSION}/tapset \
icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in
+ rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
+ rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
+ rm -vf icedtea-${ICEDTEA_VERSION}.sha256
+fi
+
echo "Replacing desktop files...";
-mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in .
+mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in ${RPM_DIR}
echo "Creating new tapset tarball...";
mv -v icedtea-${ICEDTEA_VERSION} openjdk
-${TAR} cJf tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
+${TAR} cJf ${RPM_DIR}/tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk
rm -rvf openjdk
-rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
-rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
-rm -vf icedtea-${ICEDTEA_VERSION}.sha256
+
+popd
+rm -rf ${WORKDIR}
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index eedecef..760655c 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -290,7 +290,7 @@
%global lts_designator_zip ""
# Define IcedTea version used for SystemTap tapsets and desktop file
-%global icedteaver 3.15.0
+%global icedteaver 6.0.0pre00-c848b93a8598
# Standard JPackage naming and versioning defines
%global origin openjdk
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 2
+%global rpmrelease 3
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1112,7 +1112,7 @@ URL: http://openjdk.java.net/
Source0: openjdk-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
# Use 'icedtea_sync.sh' to update the following
-# They are based on code contained in the IcedTea project (3.x).
+# They are based on code contained in the IcedTea project (6.x).
# Systemtap tapsets. Zipped up to keep it small.
Source8: tapsets-icedtea-%{icedteaver}.tar.xz
@@ -1564,13 +1564,14 @@ cp -r tapset tapset%{fastdebug_suffix}
for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do
- OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:%{version}-%{release}.%{_arch}.stp:g"`
+ OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1
+ sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2
# TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86}
- sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
+ sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE
%else
- sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
+ sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE
%endif
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
@@ -1581,16 +1582,18 @@ done
%endif
# Prepare desktop files
+# The _X_ syntax indicates variables that are replaced by make upstream
+# The @X@ syntax indicates variables that are replaced by configure upstream
for suffix in %{build_loop} ; do
for file in %{SOURCE9}; do
FILE=`basename $file | sed -e s:\.in$::g`
EXT="${FILE##*.}"
NAME="${FILE%.*}"
OUTPUT_FILE=$NAME$suffix.$EXT
- sed -e "s:@JAVA_HOME@:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE
- sed -i -e "s:@JRE_HOME@:%{jrebindir -- $suffix}:g" $OUTPUT_FILE
- sed -i -e "s:@ARCH@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE
- sed -i -e "s:@JAVA_MAJOR_VERSION@:%{featurever}:g" $OUTPUT_FILE
+ sed -e "s:_SDKBINDIR_:%{sdkbindir -- $suffix}:g" $file > $OUTPUT_FILE
+ sed -i -e "s:@target_cpu@:%{_arch}:g" $OUTPUT_FILE
+ sed -i -e "s:@OPENJDK_VER@:%{version}-%{release}.%{_arch}$suffix:g" $OUTPUT_FILE
+ sed -i -e "s:@JAVA_VER@:%{javaver}:g" $OUTPUT_FILE
sed -i -e "s:@JAVA_VENDOR@:%{origin}:g" $OUTPUT_FILE
done
done
@@ -2275,6 +2278,11 @@ cjc.mainProgram(args)
%endif
%changelog
+* Mon Nov 29 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.1.0.12-3.rolling
+- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
+- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
+- Sync desktop files with upstream IcedTea release 3.15.0 using new script
+
* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:17.0.1.0.12-2.rolling
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
secmod.db file as part of nss
diff --git a/jconsole.desktop.in b/jconsole.desktop.in
index a8917c1..8a3b04d 100644
--- a/jconsole.desktop.in
+++ b/jconsole.desktop.in
@@ -1,8 +1,8 @@
[Desktop Entry]
-Name=OpenJDK @JAVA_MAJOR_VERSION@ Monitoring & Management Console @ARCH@
-Comment=Monitor and manage OpenJDK @JAVA_MAJOR_VERSION@ applications for @ARCH@
-Exec=@JAVA_HOME@/jconsole
-Icon=java-@JAVA_MAJOR_VERSION@-@JAVA_VENDOR@
+Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
+Comment=Monitor and manage OpenJDK applications
+Exec=_SDKBINDIR_/jconsole
+Icon=java-@JAVA_VER@-@JAVA_VENDOR@
Terminal=false
Type=Application
StartupWMClass=sun-tools-jconsole-JConsole
diff --git a/sources b/sources
index 558762f..1824428 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
+SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-jdk17u-jdk-17.0.1+12.tar.xz) = d9503de1001e42657ddb2600e1141d4169e333f0592ce3ad3c4ce14f817ca73a6bf6fb867e15930150c7b55e8fd4c4cd73d43984979e721df481a9ac7919580c
commit a762184537b109379aea48f38ec862619968e7fc
Author: Severin Gehwolf <sgehwolf(a)redhat.com>
Date: Wed Nov 3 11:50:39 2021 +0100
Use 'sql:' prefix in nss.fips.cfg
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index 3f0eec1..eedecef 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12
-%global rpmrelease 1
+%global rpmrelease 2
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1600,7 +1600,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
-sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@@ -2276,6 +2275,10 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Nov 03 2021 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:17.0.1.0.12-2.rolling
+- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
+ secmod.db file as part of nss
+
* Wed Oct 20 2021 Petra Alice Mikova <pmikova(a)redhat.com> - 1:17.0.1.0.12-1.rolling
- October CPU update to jdk 17.0.1+12
- dropped commented-out source line
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
index ead27be..1aff153 100644
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@@ -1,6 +1,6 @@
name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = @NSS_SECMOD@
+nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly
nssModule = fips
commit 5260220ba1b30dfe4fb20ab0bd0006e7fafcff71
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Mon Sep 27 02:42:03 2021 +0100
Update release notes to document the major changes between OpenJDK 11 & 17.
October CPU 2021 update
diff --git a/.gitignore b/.gitignore
index c591b54..c09271c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,4 @@
/openjdk-jdk17-jdk-17+26.tar.xz
/openjdk-jdk17-jdk-17+33.tar.xz
/openjdk-jdk17-jdk-17+35.tar.xz
+/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
diff --git a/NEWS b/NEWS
index c88d968..9d37ff9 100644
--- a/NEWS
+++ b/NEWS
@@ -3,152 +3,617 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-New in release OpenJDK 15.0.2 (2021-01-19):
+New in release OpenJDK 17.0.1 (2021-10-19):
===========================================
Live versions of these release notes can be found at:
- * https://builds.shipilev.net/backports-monitor/release-notes-15.0.2.txt
+ * https://builds.shipilev.net/backports-monitor/release-notes-17.0.1.txt
* Security fixes
- - JDK-8247619: Improve Direct Buffering of Characters
+ - JDK-8263314: Enhance XML Dsig modes
+ - JDK-8265167, CVE-2021-35556: Richer Text Editors
+ - JDK-8265574: Improve handling of sheets
+ - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
+ - JDK-8265776: Improve Stream handling for SSL
+ - JDK-8266097, CVE-2021-35561: Better hashing support
+ - JDK-8266103: Better specified spec values
+ - JDK-8266109: More Resilient Classloading
+ - JDK-8266115: More Manifest Jar Loading
+ - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
+ - JDK-8266689, CVE-2021-35567: More Constrained Delegation
+ - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
+ - JDK-8267712: Better LDAP reference processing
+ - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
+ - JDK-8267735, CVE-2021-35586: Better BMP support
+ - JDK-8268193: Improve requests of certificates
+ - JDK-8268199: Correct certificate requests
+ - JDK-8268205: Enhance DTLS client handshake
+ - JDK-8268500: Better specified ParameterSpecs
+ - JDK-8268506: More Manifest Digests
+ - JDK-8269618, CVE-2021-35603: Better session identification
+ - JDK-8269624: Enhance method selection support
+ - JDK-8270398: Enhance canonicalization
+ - JDK-8270404: Better canonicalization
* Other changes
- - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
- - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
- - JDK-8247741: Test test/hotspot/jtreg/runtime/7162488/TestUnrecognizedVmOption.java fails when -XX:+IgnoreUnrecognizedVMOptions is set
- - JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
- - JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled
- - JDK-8248667: Need support for building native libraries located in the test/lib directory
- - JDK-8249176: Update GlobalSignR6CA test certificates
- - JDK-8249192: MonitorInfo stores raw oops across safepoints
- - JDK-8249217: Unexpected StackOverflowError in "process reaper" thread still happens
- - JDK-8249781: AArch64: AOT compiled code crashes if C2 allocates r27
- - JDK-8250257: Bump release strings for JDK 15.0.2
- - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
- - JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
- - JDK-8253191: C2: Masked byte comparisons with large masks produce wrong result on x86
- - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
- - JDK-8253566: clazz.isAssignableFrom will return false for interface implementors
- - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
- - JDK-8253791: Issue with useAppleColor check in CSystemColors.m
- - JDK-8253960: Memory leak in Java_java_lang_ClassLoader_defineClass0()
- - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
- - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
- - JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
- - JDK-8254319: Shenandoah: Interpreter native-LRB needs to activate during HAS_FORWARDED
- - JDK-8254320: Shenandoah: C2 native LRB should activate for non-cset objects
- - JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics
- - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
- - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
- - JDK-8255065: Zero: accessor_entry misses the IRIW case
- - JDK-8255067: Restore Copyright line in file modified by 8253191
- - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
- - JDK-8255599: Change jdk 15.0.2 milestone to fcs for build b04
- - JDK-8255603: Memory/Performance regression after JDK-8210985
- - JDK-8256051: nmethod_entry_barrier stub miscalculates xmm spill size on x86_32
- - JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX
- - JDK-8256618: Zero: Linux x86_32 build still fails
- - JDK-8257181: s390x builds are very noisy with gc-sections messages
- - JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
- - JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays
+ - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
+ - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
+ - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
+ - JDK-8261088: Repeatable annotations without @Target cannot have containers that target module declarations
+ - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
+ - JDK-8263531: Remove unused buffer int
+ - JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java
+ - JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
+ - JDK-8267666: Add option to jcmd GC.heap_dump to use existing file
+ - JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected
+ - JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info.
+ - JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance
+ - JDK-8268963: [IR Framework] Some default regexes matching on PrintOptoAssembly in IRNode.java do not work on all platforms
+ - JDK-8269297: Bump version numbers for JDK 17.0.1
+ - JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient
+ - JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
+ - JDK-8269763: The JEditorPane is blank after JDK-8265167
+ - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
+ - JDK-8269882: stack-use-after-scope in NewObjectA
+ - JDK-8269897: Shenandoah: Resolve UNKNOWN access strength, where possible
+ - JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
+ - JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags
+ - JDK-8270094: Shenandoah: Provide human-readable labels for test configurations
+ - JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode
+ - JDK-8270098: ZGC: ZBarrierSetC2::clone_at_expansion fails with "Guard against surprises" assert
+ - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
+ - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
+ - JDK-8270344: Session resumption errors
+ - JDK-8271203: C2: assert(iff->Opcode() == Op_If || iff->Opcode() == Op_CountedLoopEnd || iff->Opcode() == Op_RangeCheck) failed: Check this code when new subtype is added
+ - JDK-8271276: C2: Wrong JVM state used for receiver null check
+ - JDK-8271335: Updating RE Configs for BUILD REQUEST 17.0.1+4
+ - JDK-8271589: fatal error with variable shift count integer rotate operation.
+ - JDK-8271723: Unproblemlist runtime/InvocationTests/invokevirtualTests.java
+ - JDK-8271730: Client authentication using RSASSA-PSS fails after correct certificate requests
+ - JDK-8271925: ZGC: Arraycopy stub passes invalid oop to load barrier
+ - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
+ - JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
+ - JDK-8272326: java/util/Random/RandomTestMoments.java had two Gaussian fails
+ - JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790
+ - JDK-8272472: StackGuardPages test doesn't build with glibc 2.34
+ - JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182
+ - JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used
+ - JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848
+ - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
+ - JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed
+ - JDK-8273358: macOS Monterey does not have the font Times needed by Serif
Notes on individual issues:
===========================
-core-libs/java.time:
+security-libs/java.security:
-JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
-====================================================================
-Following JDK's update to tzdata2020b, the long-obsolete files
-pacificnew and systemv have been removed. As a result, the
-"US/Pacific-New" zone name declared in the pacificnew data file is no
-longer available for use.
+JDK-8271434: Removed IdenTrust Root Certificate
+===============================================
+The following root certificate from IdenTrust has been removed from
+the `cacerts` keystore:
-Information regarding the update can be viewed at
-https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
+Alias Name: identrustdstx3 [jdk]
+Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
-New in release OpenJDK 15.0.1 (2020-10-20):
+New in release OpenJDK 17.0.0 (2021-09-14):
===========================================
-Live versions of these release notes can be found at:
- * https://builds.shipilev.net/backports-monitor/release-notes-15.0.1.txt
+The full list of changes in the interim releases from 11u to 17u can be found at:
+ * https://builds.shipilev.net/backports-monitor/release-notes-12.txt
+ * https://builds.shipilev.net/backports-monitor/release-notes-13.txt
+ * https://builds.shipilev.net/backports-monitor/release-notes-14.txt
+ * https://builds.shipilev.net/backports-monitor/release-notes-15.txt
+ * https://builds.shipilev.net/backports-monitor/release-notes-16.txt
+ * https://builds.shipilev.net/backports-monitor/release-notes-17.txt
-* Security fixes
- - JDK-8233624: Enhance JNI linkage
- - JDK-8236196: Improve string pooling
- - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
- - JDK-8237995, CVE-2020-14782: Enhance certificate processing
- - JDK-8240124: Better VM Interning
- - JDK-8241114, CVE-2020-14792: Better range handling
- - JDK-8242680, CVE-2020-14796: Improved URI Support
- - JDK-8242685, CVE-2020-14797: Better Path Validation
- - JDK-8242695, CVE-2020-14798: Enhanced buffer support
- - JDK-8243302: Advanced class supports
- - JDK-8244136, CVE-2020-14803: Improved Buffer supports
- - JDK-8244479: Further constrain certificates
- - JDK-8244955: Additional Fix for JDK-8240124
- - JDK-8245407: Enhance zoning of times
- - JDK-8245412: Better class definitions
- - JDK-8245417: Improve certificate chain handling
- - JDK-8248574: Improve jpeg processing
- - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
- - JDK-8253019: Enhanced JPEG decoding
-* Other changes
- - JDK-8232114: JVM crashed at imjpapi.dll in native code
- - JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp
- - JDK-8247251: Assert '(_pcs_length == 0 || last_pc()->pc_offset() < pc_offset) failed: must specify a new, larger pc offset' failure
- - JDK-8248495: [macos] zerovm is broken due to libffi headers location
- - JDK-8248745: Add jarsigner and keytool tests for restricted algorithms
- - JDK-8249165: Remove unneeded nops introduced by 8234160 changes
- - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
- - JDK-8249266: Bump release strings for JDK 15.0.1
- - JDK-8249266: Change jdk 15.0.1 milestone to fcs for build b02
- - JDK-8250612: jvmciCompilerToVM.cpp declares jio_printf with "void" return type, should be "int"
- - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
- - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
- - JDK-8250876: Fix issues with cross-compile on macos
- - JDK-8250928: JFR: Improve hash algorithm for stack traces
- - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
- - JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed"
- - JDK-8251859: sun/security/validator/PKIXValAndRevCheckTests.java fails
- - JDK-8251910: Shenandoah: Handshake threads between weak-roots and reset phases
- - JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured"
- - JDK-8252292: 8240795 may cause anti-dependence to be missed
- - JDK-8252359: HotSpot Not Identifying it is Running in a Container
- - JDK-8252367: Undo JDK-8245000: Windows GDI functions don't support large pages
- - JDK-8252368: Undo JDK-8245002: Windows GDI functions don't support NUMA interleaving
- - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
- - JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option
- - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
- - JDK-8253222: Shenandoah: unused AlwaysTrueClosure after JDK-8246591
- - JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
- - JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify
- - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
- - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
- - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
- - JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
- - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
- - JDK-8254560: Shenandoah: Concurrent Strong Roots logging is incorrect
+Major changes are listed below. Some changes may have been backported
+to earlier releases following their first appearance in OpenJDK 12
+through to 17.
-Notes on individual issues:
+NEW FEATURES
+============
+
+Language Features
+=================
+
+Switch Expressions
+==================
+https://openjdk.java.net/jeps/325
+https://openjdk.java.net/jeps/354
+https://openjdk.java.net/jeps/361
+
+Extend the `switch` statement so that it can be used as either a
+statement or an expression, and that both forms can use either a
+"traditional" or "simplified" scoping and control flow behavior. Both
+forms can use either traditional `case ... :` labels (with fall
+through) or new `case ... ->` labels (with no fall through), with a
+further new statement for yielding a value from a `switch`
+expression. These changes will simplify everyday coding, and also
+prepare the way for the use of pattern matching in `switch`.
+
+This was a preview feature (http://openjdk.java.net/jeps/12) in
+OpenJDK 12 & 13 and became final in OpenJDK 14.
+
+Text Blocks
+===========
+https://openjdk.java.net/jeps/355
+https://openjdk.java.net/jeps/368
+https://openjdk.java.net/jeps/378
+
+Add text blocks to the Java language. A text block is a multi-line
+string literal that avoids the need for most escape sequences,
+automatically formats the string in a predictable way, and gives the
+developer control over format when desired.
+
+This was a preview feature (http://openjdk.java.net/jeps/12) in
+OpenJDK 13 & 14 and became final in OpenJDK 15.
+
+Pattern Matching for instanceof
+===============================
+https://openjdk.java.net/jeps/305
+https://openjdk.java.net/jeps/375
+https://openjdk.java.net/jeps/394
+http://cr.openjdk.java.net/~briangoetz/amber/pattern-match.html
+
+Enhance the Java programming language with pattern matching for the
+`instanceof` operator. Pattern matching allows common logic in a
+program, namely the conditional extraction of components from objects,
+to be expressed more concisely and safely.
+
+This was a preview feature (http://openjdk.java.net/jeps/12) in
+OpenJDK 14 & 15 and became final in OpenJDK 16.
+
+Records
+=======
+https://openjdk.java.net/jeps/359
+https://openjdk.java.net/jeps/384
+https://openjdk.java.net/jeps/395
+
+Enhance the Java programming language with records. Records provide a
+compact syntax for declaring classes which are transparent holders for
+shallowly immutable data.
+
+This was a preview feature (http://openjdk.java.net/jeps/12) in
+OpenJDK 14 & 15 and became final in OpenJDK 16.
+
+Sealed Classes
+==============
+https://openjdk.java.net/jeps/360
+https://openjdk.java.net/jeps/397
+https://openjdk.java.net/jeps/409
+https://cr.openjdk.java.net/~briangoetz/amber/datum.html
+
+Enhance the Java programming language with sealed classes and
+interfaces. Sealed classes and interfaces restrict which other classes
+or interfaces may extend or implement them.
+
+This was a preview feature (http://openjdk.java.net/jeps/12) in
+OpenJDK 15 & 16 and became final in OpenJDK 17.
+
+Restore Always-Strict Floating-Point Semantics
+==============================================
+https://openjdk.java.net/jeps/306
+
+Make floating-point operations consistently strict, rather than have
+both strict floating-point semantics (`strictfp`) and subtly different
+default floating-point semantics. This will restore the original
+floating-point semantics to the language and VM, matching the
+semantics before the introduction of strict and default floating-point
+modes in Java SE 1.2.
+
+Pattern Matching for switch
===========================
+https://openjdk.java.net/jeps/406
-security-libs/java.security:
+Enhance the Java programming language with pattern matching for
+`switch` expressions and statements, along with extensions to the
+language of patterns. Extending pattern matching to `switch` allows an
+expression to be tested against a number of patterns, each with a
+specific action, so that complex data-oriented queries can be
+expressed concisely and safely.
+
+This is a preview feature (http://openjdk.java.net/jeps/12) in OpenJDK
+17.
+
+Library Features
+================
+
+JVM Constants API
+=================
+https://openjdk.java.net/jeps/334
+
+Introduce an API to model nominal descriptions of key class-file and
+run-time artifacts, in particular constants that are loadable from the
+constant pool.
+
+Reimplement the Legacy Socket API
+=================================
+https://openjdk.java.net/jeps/353
+
+Replace the underlying implementation used by the `java.net.Socket`
+and `java.net.ServerSocket` APIs with a simpler and more modern
+implementation that is easy to maintain and debug. The new
+implementation will be easy to adapt to work with user-mode threads,
+a.k.a. fibers, currently being explored in Project Loom
+(https://openjdk.java.net/projects/loom).
+
+JFR Event Streaming
+===================
+https://openjdk.java.net/jeps/349
+
+Expose JDK Flight Recorder data for continuous monitoring.
+
+Non-Volatile Mapped Byte Buffers
+================================
+https://openjdk.java.net/jeps/352
+
+Add new JDK-specific file mapping modes so that the `FileChannel` API
+can be used to create `MappedByteBuffer` instances that refer to
+non-volatile memory.
+
+Helpful NullPointerExceptions
+=============================
+https://openjdk.java.net/jeps/358
+
+Improve the usability of `NullPointerException`s generated by the JVM
+by describing precisely which variable was `null`.
+
+Foreign-Memory Access API
+=========================
+https://openjdk.java.net/jeps/370
+https://openjdk.java.net/jeps/383
+https://openjdk.java.net/jeps/393
+
+Introduce an API to allow Java programs to safely and efficiently
+access foreign memory outside of the Java heap.
+
+This was a incubation feature (https://openjdk.java.net/jeps/11) in
+OpenJDK 14, 15 & 16, now superseded by the Foreign Function & Memory
+API in OpenJDK 17 (see below).
+
+Edwards-Curve Digital Signature Algorithm (EdDSA)
+=================================================
+https://openjdk.java.net/jeps/339
+
+Implement cryptographic signatures using the Edwards-Curve Digital
+Signature Algorithm (EdDSA) as described by RFC 8032
+(https://tools.ietf.org/html/rfc8032).
+
+Hidden Classes
+==============
+https://openjdk.java.net/jeps/371
+
+Introduce hidden classes, which are classes that cannot be used
+directly by the bytecode of other classes. Hidden classes are intended
+for use by frameworks that generate classes at run time and use them
+indirectly, via reflection. A hidden class may be defined as a member
+of an access control nest (https://openjdk.java.net/jeps/181), and may
+be unloaded independently of other classes.
+
+Reimplement the Legacy DatagramSocket API
+=========================================
+https://openjdk.java.net/jeps/373
+
+Replace the underlying implementations of the
+`java.net.DatagramSocket` and `java.net.MulticastSocket` APIs with
+simpler and more modern implementations that are easy to maintain and
+debug. The new implementations will be easy to adapt to work with
+virtual threads, currently being explored in Project Loom
+(https://openjdk.java.net/projects/loom). This is a follow-on to JEP
+353 (see above), which already reimplemented the legacy Socket API.
+
+Vector API
+==========
+https://openjdk.java.net/jeps/338
+https://openjdk.java.net/jeps/414
+
+Provide an initial iteration of an incubator module,
+`jdk.incubator.vector`, to express vector computations that reliably
+compile at runtime to optimal vector hardware instructions on
+supported CPU architectures and thus achieve superior performance to
+equivalent scalar computations.
+
+This is an incubation feature (https://openjdk.java.net/jeps/11)
+introduced in OpenJDK 16.
+
+Unix-Domain Socket Channels
+===========================
+https://openjdk.java.net/jeps/380
+
+Add Unix-domain (`AF_UNIX`) socket support to the socket channel and
+server-socket channel APIs in the `java.nio.channels` package. Extend
+the inherited channel mechanism to support Unix-domain socket channels
+and server socket channels.
+
+Foreign Linker API (Incubator)
+==============================
+https://openjdk.java.net/jeps/389
+
+Introduce an API that offers statically-typed, pure-Java access to
+native code. This API, together with the Foreign-Memory API (see
+above), will considerably simplify the otherwise error-prone process
+of binding to a native library.
+
+This was an incubation feature (https://openjdk.java.net/jeps/11)
+introduced in OpenJDK 16, now superseded by the Foreign Function &
+Memory API in OpenJDK 17 (see below).
+
+Strongly Encapsulate JDK Internals by Default
+=============================================
+https://openjdk.java.net/jeps/396
+https://openjdk.java.net/jeps/403
+
+Strongly encapsulate all internal elements of the JDK by default,
+except for critical internal APIs such as `sun.misc.Unsafe`. It will
+no longer be possible to relax the strong encapsulation of internal
+elements via a single command-line option, as was possible in OpenJDK
+9 through 16.
+
+Enhanced Pseudo-Random Number Generators
+========================================
+https://openjdk.java.net/jeps/356
+
+Provide new interface types and implementations for pseudo-random
+number generators (PRNGs), including jumpable PRNGs and an additional
+class of splittable PRNG algorithms (LXM).
+
+Foreign Function & Memory API
+=============================
+https://openjdk.java.net/jeps/412
-JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
-========================================================================
-The Entrust root certificate has been added to the cacerts truststore:
+Introduce an API by which Java programs can interoperate with code and
+data outside of the Java runtime. By efficiently invoking foreign
+functions (i.e., code outside the JVM), and by safely accessing
+foreign memory (i.e., memory not managed by the JVM), the API enables
+Java programs to call native libraries and process native data without
+the brittleness and danger of JNI.
-Alias Name: entrustrootcag4
-Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
+This API is an incubation feature (https://openjdk.java.net/jeps/11)
+introduced in OpenJDK 17, and is an evolution of the Foreign Memory
+Access API (OpenJDK 14 through 16) and Foreign Linker API (OpenJDK
+16) (see above).
-JDK-8250860: Added 3 SSL Corporation Root CA Certificates
+Context-Specific Deserialization Filters
+========================================
+https://openjdk.java.net/jeps/415
+
+Allow applications to configure context-specific and
+dynamically-selected deserialization filters via a JVM-wide filter
+factory that is invoked to select a filter for each individual
+deserialization operation.
+
+Tools
+=====
+
+Packaging Tool
+==============
+https://openjdk.java.net/jeps/343
+https://openjdk.java.net/jeps/392
+
+Provide the `jpackage` tool, for packaging self-contained Java
+applications.
+
+JVM Features
+============
+
+Shenandoah: A Low-Pause-Time Garbage Collector
+==============================================
+https://openjdk.java.net/jeps/189
+https://openjdk.java.net/jeps/379
+
+Add a new garbage collection (GC) algorithm named Shenandoah which
+reduces GC pause times by doing evacuation work concurrently with the
+running Java threads. Pause times with Shenandoah are independent of
+heap size, meaning you will have the same consistent pause times
+whether your heap is 200 MB or 200 GB.
+
+Shenandoah has been provided in Red Hat builds of OpenJDK 8 since
+8u131 in April 2017 and in all 11u builds.
+
+Upstream, it was introduced in OpenJDK 12 as an experimental feature
+and became a production feature in OpenJDK 15. It was backported to
+OpenJDK 11 with the 11.0.9 release in October 2020.
+
+Abortable Mixed Collections for G1
+==================================
+https://openjdk.java.net/jeps/344
+
+Make G1 mixed collections abortable if they might exceed the pause
+target.
+
+Promptly Return Unused Committed Memory from G1
+===============================================
+https://openjdk.java.net/jeps/346
+
+Enhance the G1 garbage collector to automatically return Java heap
+memory to the operating system when idle.
+
+Dynamic CDS Archives
+====================
+https://openjdk.java.net/jeps/310
+https://openjdk.java.net/jeps/350
+
+Extend application class-data sharing to allow the dynamic archiving
+of classes at the end of Java application execution. The archived
+classes will include all loaded application classes and library
+classes that are not present in the default, base-layer CDS archive.
+
+ZGC: Uncommit Unused Memory (Experimental)
+==========================================
+https://openjdk.java.net/jeps/351
+
+Enhance ZGC to return unused heap memory to the operating system.
+
+NUMA-Aware Memory Allocation for G1
+===================================
+https://openjdk.java.net/jeps/345
+
+Improve G1 performance on large machines by implementing NUMA-aware
+memory allocation.
+
+ZGC on macOS (Experimental)
+===========================
+https://openjdk.java.net/jeps/364
+
+Port the ZGC garbage collector to macOS.
+
+ZGC on Windows (Experimental)
+=============================
+https://openjdk.java.net/jeps/365
+
+Port the ZGC garbage collector to Windows.
+
+ZGC: A Scalable Low-Latency Garbage Collector (Production)
+==========================================================
+https://openjdk.java.net/jeps/377
+
+Change the Z Garbage Collector from an experimental feature into a
+product feature.
+
+ZGC: Concurrent Thread-Stack Processing
+=======================================
+https://openjdk.java.net/jeps/376
+
+Move ZGC thread-stack processing from safepoints to a concurrent
+phase.
+
+Elastic Metaspace
+=================
+https://openjdk.java.net/jeps/387
+
+Return unused HotSpot class-metadata (i.e., metaspace) memory to the
+operating system more promptly, reduce metaspace footprint, and
+simplify the metaspace code in order to reduce maintenance costs.
+
+Ports
+=====
+
+Alpine Linux Port
+=================
+https://openjdk.java.net/jeps/386
+
+Port the JDK to Alpine Linux, and to other Linux distributions that
+use musl as their primary C library, on both the x64 and AArch64
+architectures,
+
+Windows/AArch64 Port
+====================
+https://openjdk.java.net/jeps/388
+
+Port the JDK to Windows/AArch64.
+
+New macOS Rendering Pipeline
+============================
+https://openjdk.java.net/jeps/382
+
+Implement a Java 2D internal rendering pipeline for macOS using the
+Apple Metal API as alternative to the existing pipeline, which uses
+the deprecated Apple OpenGL API.
+
+macOS/AArch64 Port
+==================
+https://openjdk.java.net/jeps/391
+
+Port the JDK to macOS/AArch64.
+
+DEPRECATIONS
+============
+
+Deprecate the ParallelScavenge + SerialOld GC Combination
=========================================================
-The following root certificates have been added to the cacerts truststore for the SSL Corporation:
+https://openjdk.java.net/jeps/366
+
+Deprecate the combination of the Parallel Scavenge and Serial Old
+garbage collection algorithms.
+
+Deprecate and Disable Biased Locking
+====================================
+https://openjdk.java.net/jeps/374
+
+Disable biased locking by default, and deprecate all related
+command-line options.
+
+Warnings for Value-Based Classes
+================================
+https://openjdk.java.net/jeps/390
+
+Designate the primitive wrapper classes as value-based and deprecate
+their constructors for removal, prompting new deprecation
+warnings. Provide warnings about improper attempts to synchronize on
+instances of any value-based classes in the Java Platform.
+
+Deprecate the Applet API for Removal
+====================================
+https://openjdk.java.net/jeps/398
+
+Deprecate the Applet API for removal. It is essentially irrelevant
+since all web-browser vendors have either removed support for Java
+browser plug-ins or announced plans to do so.
+
+Deprecate the Security Manager for Removal
+==========================================
+https://openjdk.java.net/jeps/411
+
+Deprecate the Security Manager for removal in a future release. The
+Security Manager dates from Java 1.0. It has not been the primary
+means of securing client-side Java code for many years, and it has
+rarely been used to secure server-side code. To move Java forward, we
+intend to deprecate the Security Manager for removal in concert with
+the legacy Applet API (see above). .
+
+REMOVALS
+========
+
+Remove the Concurrent Mark Sweep (CMS) Garbage Collector
+========================================================
+https://openjdk.java.net/jeps/363
+
+Remove the Concurrent Mark Sweep (CMS) garbage collector.
+
+Remove the Pack200 Tools and API
+================================
+https://openjdk.java.net/jeps/336
+https://openjdk.java.net/jeps/367
+
+Remove the `pack200` and `unpack200` tools, and the `Pack200` API in
+the `java.util.jar` package. These tools and API were deprecated for
+removal in OpenJDK 11 with the express intent to remove them in a
+future release.
+
+Remove the Nashorn JavaScript Engine
+====================================
+https://openjdk.java.net/jeps/372
+
+Remove the Nashorn JavaScript script engine and APIs, and the `jjs`
+tool. The engine, the APIs, and the tool were deprecated for removal
+in OpenJDK 11 with the express intent to remove them in a future
+release.
+
+Remove the Solaris and SPARC Ports
+==================================
+https://openjdk.java.net/jeps/362
+https://openjdk.java.net/jeps/381
+
+Remove the source code and build support for the Solaris/SPARC,
+Solaris/x64, and Linux/SPARC ports. These ports were deprecated for
+removal in OpenJDK 14 (JEP 362) and removed in OpenJDK 15 (JEP 381).
+
+Remove RMI Activation
+=====================
+https://openjdk.java.net/jeps/385
+https://openjdk.java.net/jeps/407
+https://docs.oracle.com/en/java/javase/14/docs/specs/rmi/activation.html
-Alias Name: sslrootrsaca
-Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
+Remove the Remote Method Invocation (RMI) Activation mechanism, while
+preserving the rest of RMI. RMI Activation is an obsolete part of RMI
+that has been optional since OpenJDK 8 and was deprecated in OpenJDK
+15.
-Alias Name: sslrootevrsaca
-Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
+Remove the Experimental AOT and JIT Compiler
+============================================
+https://openjdk.java.net/jeps/410
-Alias Name: sslrooteccca
-Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
+Remove the experimental Java-based ahead-of-time (AOT) and
+just-in-time (JIT) compiler. This compiler has seen little use since
+its introduction and the effort required to maintain it is
+significant. Retain the experimental Java-level JVM compiler
+interface (JVMCI) so that developers can continue to use
+externally-built versions of the compiler for JIT compilation.
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index fe8e04d..3f0eec1 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -274,7 +274,7 @@
# New Version-String scheme-style defines
%global featurever 17
%global interimver 0
-%global updatever 0
+%global updatever 1
%global patchver 0
# If you bump featurever, you must also bump vendor_version_string
# Used via new version scheme. JDK 17 was
@@ -297,8 +297,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 35
-%global rpmrelease 2
+%global buildver 12
+%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1109,8 +1109,7 @@ URL: http://openjdk.java.net/
# to regenerate source0 (jdk) run update_package.sh
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
-Source0: openjdk-jdk%{featurever}-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
-#Source0: openjdk-jdk%{featurever}-jdk-%{filever}+%{buildver}.tar.xz
+Source0: openjdk-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (3.x).
@@ -2277,6 +2276,13 @@ cjc.mainProgram(args)
%endif
%changelog
+* Wed Oct 20 2021 Petra Alice Mikova <pmikova(a)redhat.com> - 1:17.0.1.0.12-1.rolling
+- October CPU update to jdk 17.0.1+12
+- dropped commented-out source line
+
+* Mon Oct 11 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.0.0.35-3.rolling
+- Update release notes to document the major changes between OpenJDK 11 & 17.
+
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.0.0.35-2.rolling
- Fix unused function compiler warning found in systemconf.c
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
diff --git a/sources b/sources
index f4030b5..558762f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-jdk17-jdk-17+35.tar.xz) = 51f533812219e732f74fd77a19df0e82ecf11a3341d958cf9cb0438350805118a4852ddbbeccce374f96c7b12c80c410435cdcd9e3f576497a7deb6f72e17c69
+SHA512 (openjdk-jdk17u-jdk-17.0.1+12.tar.xz) = d9503de1001e42657ddb2600e1141d4169e333f0592ce3ad3c4ce14f817ca73a6bf6fb867e15930150c7b55e8fd4c4cd73d43984979e721df481a9ac7919580c
commit 37b3ba68794f42df8dcd755f3464590d7ead8ece
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Thu Sep 16 02:11:23 2021 +0100
Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
Add patch to login to the NSS software token when in FIPS mode.
Add FIPS patch to allow plain key import.
Fix unused function compiler warning found in systemconf.c
Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index d6e3930..fe8e04d 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -298,7 +298,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 35
-%global rpmrelease 1
+%global rpmrelease 2
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -1176,6 +1176,14 @@ Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
Patch1007: rh1915071-always_initialise_configurator_access.patch
# RH1929465: Improve system FIPS detection
Patch1008: rh1929465-improve_system_FIPS_detection.patch
+Patch1011: rh1929465-dont_define_unused_throwioexception.patch
+# RH1995150: Disable non-FIPS crypto in SUN and SunEC security providers
+Patch1009: rh1995150-disable_non-fips_crypto.patch
+# RH1996182: Login to the NSS software token in FIPS mode
+Patch1010: rh1996182-login_to_nss_software_token.patch
+Patch1012: rh1996182-extend_security_policy.patch
+# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
+Patch1013: rh1991003-enable_fips_keys_import.patch
#############################################
#
@@ -1538,6 +1546,11 @@ popd # openjdk
%patch1004
%patch1007
%patch1008
+%patch1009
+%patch1010
+%patch1011
+%patch1012
+%patch1013
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -2264,6 +2277,16 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sun Oct 10 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.0.0.35-2.rolling
+- Fix unused function compiler warning found in systemconf.c
+- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
+- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
+
+* Sun Oct 10 2021 Martin Balao <mbalao(a)redhat.com> - 1:17.0.0.0.35-2.rolling
+- Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
+- Add patch to login to the NSS software token when in FIPS mode.
+- Add patch to allow plain key import.
+
* Tue Sep 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.0.0.35-1.rolling
- Update to jdk-17+35, also known as jdk-17-ga.
- Switch to GA mode.
diff --git a/rh1929465-dont_define_unused_throwioexception.patch b/rh1929465-dont_define_unused_throwioexception.patch
new file mode 100644
index 0000000..eba090f
--- /dev/null
+++ b/rh1929465-dont_define_unused_throwioexception.patch
@@ -0,0 +1,69 @@
+commit 90e344e7d4987af610fa0054c92d18fe1c2edd41
+Author: Andrew Hughes <gnu.andrew(a)redhat.com>
+Date: Sat Aug 28 01:15:28 2021 +0100
+
+ RH1929465: Don't define unused throwIOException function when using NSS detection
+
+diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+index 6f4656bfcb6..38919d6bb0f 100644
+--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
++++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+@@ -34,14 +34,34 @@
+
+ #include "java_security_SystemConfigurator.h"
+
+-#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
+ #define MSG_MAX_SIZE 96
+
+ static jmethodID debugPrintlnMethodID = NULL;
+ static jobject debugObj = NULL;
+
+-static void throwIOException(JNIEnv *env, const char *msg);
+-static void dbgPrint(JNIEnv *env, const char* msg);
++// Only used when NSS is unavailable and FIPS_ENABLED_PATH is read
++#ifndef SYSCONF_NSS
++
++#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
++
++static void throwIOException(JNIEnv *env, const char *msg)
++{
++ jclass cls = (*env)->FindClass(env, "java/io/IOException");
++ if (cls != 0)
++ (*env)->ThrowNew(env, cls, msg);
++}
++
++#endif
++
++static void dbgPrint(JNIEnv *env, const char* msg)
++{
++ jstring jMsg;
++ if (debugObj != NULL) {
++ jMsg = (*env)->NewStringUTF(env, msg);
++ CHECK_NULL(jMsg);
++ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
++ }
++}
+
+ /*
+ * Class: java_security_SystemConfigurator
+@@ -149,20 +169,3 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+
+ #endif // SYSCONF_NSS
+ }
+-
+-static void throwIOException(JNIEnv *env, const char *msg)
+-{
+- jclass cls = (*env)->FindClass(env, "java/io/IOException");
+- if (cls != 0)
+- (*env)->ThrowNew(env, cls, msg);
+-}
+-
+-static void dbgPrint(JNIEnv *env, const char* msg)
+-{
+- jstring jMsg;
+- if (debugObj != NULL) {
+- jMsg = (*env)->NewStringUTF(env, msg);
+- CHECK_NULL(jMsg);
+- (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
+- }
+-}
diff --git a/rh1991003-enable_fips_keys_import.patch b/rh1991003-enable_fips_keys_import.patch
new file mode 100644
index 0000000..79d2743
--- /dev/null
+++ b/rh1991003-enable_fips_keys_import.patch
@@ -0,0 +1,579 @@
+commit abcd0954643eddbf826d96291d44a143038ab750
+Author: Martin Balao <mbalao(a)redhat.com>
+Date: Sun Oct 10 18:14:01 2021 +0100
+
+ RH1991003: Enable the import of plain keys into the NSS software token.
+
+ This can be individually disabled using -Dcom.redhat.fips.plainKeySupport=false
+
+diff --git openjdk.orig/src/java.base/share/classes/java/security/Security.java openjdk/src/java.base/share/classes/java/security/Security.java
+index ce32c939253..dc7020ce668 100644
+--- openjdk.orig/src/java.base/share/classes/java/security/Security.java
++++ openjdk/src/java.base/share/classes/java/security/Security.java
+@@ -82,6 +82,10 @@ public final class Security {
+ public boolean isSystemFipsEnabled() {
+ return SystemConfigurator.isSystemFipsEnabled();
+ }
++ @Override
++ public boolean isPlainKeySupportEnabled() {
++ return SystemConfigurator.isPlainKeySupportEnabled();
++ }
+ });
+
+ // doPrivileged here because there are multiple
+diff --git openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+index 6aa1419dfd0..ecab722848e 100644
+--- openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java
++++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+@@ -55,6 +55,7 @@ final class SystemConfigurator {
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+ private static boolean systemFipsEnabled = false;
++ private static boolean plainKeySupportEnabled = false;
+
+ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
+
+@@ -150,6 +151,16 @@ final class SystemConfigurator {
+ }
+ loadedProps = true;
+ systemFipsEnabled = true;
++ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport",
++ "true");
++ plainKeySupportEnabled = !"false".equals(plainKeySupport);
++ if (sdebug != null) {
++ if (plainKeySupportEnabled) {
++ sdebug.println("FIPS support enabled with plain key support");
++ } else {
++ sdebug.println("FIPS support enabled without plain key support");
++ }
++ }
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+@@ -177,6 +188,19 @@ final class SystemConfigurator {
+ return systemFipsEnabled;
+ }
+
++ /**
++ * Returns {@code true} if system FIPS alignment is enabled
++ * and plain key support is allowed. Plain key support is
++ * enabled by default but can be disabled with
++ * {@code -Dcom.redhat.fips.plainKeySupport=false}.
++ *
++ * @return a boolean indicating whether plain key support
++ * should be enabled.
++ */
++ static boolean isPlainKeySupportEnabled() {
++ return plainKeySupportEnabled;
++ }
++
+ /*
+ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
+ * system property is true (default) and the system is in FIPS mode.
+diff --git openjdk.orig/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java openjdk/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java
+index a31e93ec02e..3f3caac64dc 100644
+--- openjdk.orig/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java
++++ openjdk/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java
+@@ -27,4 +27,5 @@ package jdk.internal.access;
+
+ public interface JavaSecuritySystemConfiguratorAccess {
+ boolean isSystemFipsEnabled();
++ boolean isPlainKeySupportEnabled();
+ }
+diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+new file mode 100644
+index 00000000000..bee3a1e1537
+--- /dev/null
++++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
+@@ -0,0 +1,291 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package sun.security.pkcs11;
++
++import java.math.BigInteger;
++import java.security.KeyFactory;
++import java.security.Provider;
++import java.security.Security;
++import java.util.HashMap;
++import java.util.Map;
++import java.util.concurrent.locks.ReentrantLock;
++
++import javax.crypto.Cipher;
++import javax.crypto.spec.DHPrivateKeySpec;
++import javax.crypto.spec.IvParameterSpec;
++
++import sun.security.jca.JCAUtil;
++import sun.security.pkcs11.TemplateManager;
++import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
++import sun.security.pkcs11.wrapper.CK_MECHANISM;
++import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
++import static sun.security.pkcs11.wrapper.PKCS11Exception.*;
++import sun.security.pkcs11.wrapper.PKCS11Exception;
++import sun.security.rsa.RSAUtil.KeyType;
++import sun.security.util.Debug;
++import sun.security.util.ECUtil;
++
++final class FIPSKeyImporter {
++
++ private static final Debug debug =
++ Debug.getInstance("sunpkcs11");
++
++ private static P11Key importerKey = null;
++ private static final ReentrantLock importerKeyLock = new ReentrantLock();
++ private static CK_MECHANISM importerKeyMechanism = null;
++ private static Cipher importerCipher = null;
++
++ private static Provider sunECProvider = null;
++ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
++
++ private static KeyFactory DHKF = null;
++ private static final ReentrantLock DHKFLock = new ReentrantLock();
++
++ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
++ throws PKCS11Exception {
++ long keyID = -1;
++ Token token = sunPKCS11.getToken();
++ if (debug != null) {
++ debug.println("Private or Secret key will be imported in" +
++ " system FIPS mode.");
++ }
++ if (importerKey == null) {
++ importerKeyLock.lock();
++ try {
++ if (importerKey == null) {
++ if (importerKeyMechanism == null) {
++ // Importer Key creation has not been tried yet. Try it.
++ createImporterKey(token);
++ }
++ if (importerKey == null || importerCipher == null) {
++ if (debug != null) {
++ debug.println("Importer Key could not be" +
++ " generated.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ if (debug != null) {
++ debug.println("Importer Key successfully" +
++ " generated.");
++ }
++ }
++ } finally {
++ importerKeyLock.unlock();
++ }
++ }
++ long importerKeyID = importerKey.getKeyID();
++ try {
++ byte[] keyBytes = null;
++ byte[] encKeyBytes = null;
++ long keyClass = 0L;
++ long keyType = 0L;
++ Map<Long, CK_ATTRIBUTE> attrsMap = new HashMap<>();
++ for (CK_ATTRIBUTE attr : attributes) {
++ if (attr.type == CKA_CLASS) {
++ keyClass = attr.getLong();
++ } else if (attr.type == CKA_KEY_TYPE) {
++ keyType = attr.getLong();
++ }
++ attrsMap.put(attr.type, attr);
++ }
++ BigInteger v = null;
++ if (keyClass == CKO_PRIVATE_KEY) {
++ if (keyType == CKK_RSA) {
++ if (debug != null) {
++ debug.println("Importing an RSA private key...");
++ }
++ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
++ KeyType.RSA,
++ null,
++ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ } else if (keyType == CKK_DSA) {
++ if (debug != null) {
++ debug.println("Importing a DSA private key...");
++ }
++ keyBytes = new sun.security.provider.DSAPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO
++ ).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_EC) {
++ if (debug != null) {
++ debug.println("Importing an EC private key...");
++ }
++ if (sunECProvider == null) {
++ sunECProviderLock.lock();
++ try {
++ if (sunECProvider == null) {
++ sunECProvider = Security.getProvider("SunEC");
++ }
++ } finally {
++ sunECProviderLock.unlock();
++ }
++ }
++ keyBytes = ECUtil.generateECPrivateKey(
++ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ECUtil.getECParameterSpec(sunECProvider,
++ attrsMap.get(CKA_EC_PARAMS).getByteArray()))
++ .getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else if (keyType == CKK_DH) {
++ if (debug != null) {
++ debug.println("Importing a Diffie-Hellman private key...");
++ }
++ if (DHKF == null) {
++ DHKFLock.lock();
++ try {
++ if (DHKF == null) {
++ DHKF = KeyFactory.getInstance(
++ "DH", P11Util.getSunJceProvider());
++ }
++ } finally {
++ DHKFLock.unlock();
++ }
++ }
++ DHPrivateKeySpec spec = new DHPrivateKeySpec
++ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
++ ? v : BigInteger.ZERO,
++ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
++ ? v : BigInteger.ZERO);
++ keyBytes = DHKF.generatePrivate(spec).getEncoded();
++ if (token.config.getNssNetscapeDbWorkaround() &&
++ attrsMap.get(CKA_NETSCAPE_DB) == null) {
++ attrsMap.put(CKA_NETSCAPE_DB,
++ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
++ }
++ } else {
++ if (debug != null) {
++ debug.println("Unrecognized private key type.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ } else if (keyClass == CKO_SECRET_KEY) {
++ if (debug != null) {
++ debug.println("Importing a secret key...");
++ }
++ keyBytes = attrsMap.get(CKA_VALUE).getByteArray();
++ }
++ if (keyBytes == null || keyBytes.length == 0) {
++ if (debug != null) {
++ debug.println("Private or secret key plain bytes could" +
++ " not be obtained. Import failed.");
++ }
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey,
++ new IvParameterSpec((byte[])importerKeyMechanism.pParameter),
++ null);
++ attributes = new CK_ATTRIBUTE[attrsMap.size()];
++ attrsMap.values().toArray(attributes);
++ encKeyBytes = importerCipher.doFinal(keyBytes);
++ attributes = token.getAttributes(TemplateManager.O_IMPORT,
++ keyClass, keyType, attributes);
++ keyID = token.p11.C_UnwrapKey(hSession,
++ importerKeyMechanism, importerKeyID, encKeyBytes, attributes);
++ if (debug != null) {
++ debug.println("Imported key ID: " + keyID);
++ }
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ } finally {
++ importerKey.releaseKeyID();
++ }
++ return Long.valueOf(keyID);
++ }
++
++ private static void createImporterKey(Token token) {
++ if (debug != null) {
++ debug.println("Generating Importer Key...");
++ }
++ byte[] iv = new byte[16];
++ JCAUtil.getSecureRandom().nextBytes(iv);
++ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv);
++ try {
++ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE,
++ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] {
++ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
++ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)});
++ Session s = null;
++ try {
++ s = token.getObjSession();
++ long keyID = token.p11.C_GenerateKey(
++ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN),
++ attributes);
++ if (debug != null) {
++ debug.println("Importer Key ID: " + keyID);
++ }
++ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES",
++ 256 >> 3, null);
++ } catch (PKCS11Exception e) {
++ // best effort
++ } finally {
++ token.releaseSession(s);
++ }
++ if (importerKey != null) {
++ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
++ }
++ } catch (Throwable t) {
++ // best effort
++ importerKey = null;
++ importerCipher = null;
++ // importerKeyMechanism value is kept initialized to indicate that
++ // Importer Key creation has been tried and failed.
++ }
++ }
++}
+diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+index 5d3963ea893..42c72b393fd 100644
+--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -26,6 +26,9 @@
+ package sun.security.pkcs11;
+
+ import java.io.*;
++import java.lang.invoke.MethodHandle;
++import java.lang.invoke.MethodHandles;
++import java.lang.invoke.MethodType;
+ import java.util.*;
+
+ import java.security.*;
+@@ -66,6 +69,26 @@ public final class SunPKCS11 extends AuthProvider {
+ private static final boolean systemFipsEnabled = SharedSecrets
+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
+
++ private static final boolean plainKeySupportEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
++
++ private static final MethodHandle fipsImportKey;
++ static {
++ MethodHandle fipsImportKeyTmp = null;
++ if (plainKeySupportEnabled) {
++ try {
++ fipsImportKeyTmp = MethodHandles.lookup().findStatic(
++ FIPSKeyImporter.class, "importKey",
++ MethodType.methodType(Long.class, SunPKCS11.class,
++ long.class, CK_ATTRIBUTE[].class));
++ } catch (Throwable t) {
++ throw new SecurityException("FIPS key importer initialization" +
++ " failed", t);
++ }
++ }
++ fipsImportKey = fipsImportKeyTmp;
++ }
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -324,10 +347,15 @@ public final class SunPKCS11 extends AuthProvider {
+ // request multithreaded access first
+ initArgs.flags = CKF_OS_LOCKING_OK;
+ PKCS11 tmpPKCS11;
++ MethodHandle fipsKeyImporter = null;
++ if (plainKeySupportEnabled) {
++ fipsKeyImporter = MethodHandles.insertArguments(
++ fipsImportKey, 0, this);
++ }
+ try {
+ tmpPKCS11 = PKCS11.getInstance(
+ library, functionList, initArgs,
+- config.getOmitInitialize());
++ config.getOmitInitialize(), fipsKeyImporter);
+ } catch (PKCS11Exception e) {
+ if (debug != null) {
+ debug.println("Multi-threaded initialization failed: " + e);
+@@ -343,7 +371,7 @@ public final class SunPKCS11 extends AuthProvider {
+ initArgs.flags = 0;
+ }
+ tmpPKCS11 = PKCS11.getInstance(library,
+- functionList, initArgs, config.getOmitInitialize());
++ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter);
+ }
+ p11 = tmpPKCS11;
+
+diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+index 5c0aacd1a67..4d80145cb91 100644
+--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
++++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
+
+ import java.io.File;
+ import java.io.IOException;
++import java.lang.invoke.MethodHandle;
+ import java.util.*;
+
+ import java.security.AccessController;
+@@ -152,16 +153,28 @@ public class PKCS11 {
+
+ public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
+ String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
+- boolean omitInitialize) throws IOException, PKCS11Exception {
++ boolean omitInitialize, MethodHandle fipsKeyImporter)
++ throws IOException, PKCS11Exception {
+ // we may only call C_Initialize once per native .so/.dll
+ // so keep a cache using the (non-canonicalized!) path
+ PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
+ if (pkcs11 == null) {
++ boolean nssFipsMode = fipsKeyImporter != null;
+ if ((pInitArgs != null)
+ && ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
+- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
++ fipsKeyImporter);
++ } else {
++ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
++ }
+ } else {
+- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ if (nssFipsMode) {
++ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
++ functionList, fipsKeyImporter);
++ } else {
++ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
++ }
+ }
+ if (omitInitialize == false) {
+ try {
+@@ -1911,4 +1924,69 @@ static class SynchronizedPKCS11 extends PKCS11 {
+ super.C_GenerateRandom(hSession, randomData);
+ }
+ }
++
++// PKCS11 subclass that allows using plain private or secret keys in
++// FIPS-configured NSS Software Tokens. Only used when System FIPS
++// is enabled.
++static class FIPSPKCS11 extends PKCS11 {
++ private MethodHandle fipsKeyImporter;
++ FIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // Creating sensitive key objects from plain key material in a
++ // FIPS-configured NSS Software Token is not allowed. We apply
++ // a key-unwrapping scheme to achieve so.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
++}
++
++// FIPSPKCS11 synchronized counterpart.
++static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 {
++ private MethodHandle fipsKeyImporter;
++ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName,
++ MethodHandle fipsKeyImporter) throws IOException {
++ super(pkcs11ModulePath, functionListName);
++ this.fipsKeyImporter = fipsKeyImporter;
++ }
++
++ public synchronized long C_CreateObject(long hSession,
++ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
++ // See FIPSPKCS11::C_CreateObject.
++ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
++ try {
++ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
++ .longValue();
++ } catch (Throwable t) {
++ throw new PKCS11Exception(CKR_GENERAL_ERROR);
++ }
++ }
++ return super.C_CreateObject(hSession, pTemplate);
++ }
++}
++
++private static class FIPSPKCS11Helper {
++ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) {
++ for (CK_ATTRIBUTE attr : pTemplate) {
++ if (attr.type == CKA_CLASS &&
++ (attr.getLong() == CKO_PRIVATE_KEY ||
++ attr.getLong() == CKO_SECRET_KEY)) {
++ return true;
++ }
++ }
++ return false;
++ }
++}
+ }
+diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java
+index e2d6d371bec..dc5e7eefdd3 100644
+--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java
++++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Exception.java
+@@ -219,6 +219,14 @@ public class PKCS11Exception extends Exception {
+ return "0x" + Functions.toFullHexString((int)errorCode);
+ }
+
++ /**
++ * Constructor taking the error code (the CKR_* constants in PKCS#11) with
++ * no extra info for the error message.
++ */
++ public PKCS11Exception(long errorCode) {
++ this(errorCode, null);
++ }
++
+ /**
+ * Constructor taking the error code (the CKR_* constants in PKCS#11) and
+ * extra info for error message.
diff --git a/rh1995150-disable_non-fips_crypto.patch b/rh1995150-disable_non-fips_crypto.patch
new file mode 100644
index 0000000..b3d0ae7
--- /dev/null
+++ b/rh1995150-disable_non-fips_crypto.patch
@@ -0,0 +1,596 @@
+diff --git openjdk/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
+index 9d4a794de1a..39e69362458 100644
+--- openjdk/src/java.base/share/classes/module-info.java
++++ openjdk/src/java.base/share/classes/module-info.java
+@@ -151,6 +151,7 @@ module java.base {
+ java.management,
+ java.naming,
+ java.rmi,
++ jdk.crypto.ec,
+ jdk.jartool,
+ jdk.jlink,
+ jdk.net,
+diff --git openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+index 912cad59714..c5e13c98bd9 100644
+--- openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
++++ openjdk/src/java.base/share/classes/sun/security/provider/SunEntries.java
+@@ -30,6 +30,7 @@ import java.net.*;
+ import java.util.*;
+ import java.security.*;
+
++import jdk.internal.access.SharedSecrets;
+ import jdk.internal.util.StaticProperty;
+ import sun.security.action.GetPropertyAction;
+ import sun.security.util.SecurityProviderConstants;
+@@ -83,6 +84,10 @@ import static sun.security.util.SecurityProviderConstants.getAliases;
+
+ public final class SunEntries {
+
++ private static final boolean systemFipsEnabled =
++ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled();
++
+ // the default algo used by SecureRandom class for new SecureRandom() calls
+ public static final String DEF_SECURE_RANDOM_ALGO;
+
+@@ -94,147 +99,149 @@ public final class SunEntries {
+ // common attribute map
+ HashMap<String, String> attrs = new HashMap<>(3);
+
+- /*
+- * SecureRandom engines
+- */
+- attrs.put("ThreadSafe", "true");
+- if (NativePRNG.isAvailable()) {
+- add(p, "SecureRandom", "NativePRNG",
+- "sun.security.provider.NativePRNG", attrs);
+- }
+- if (NativePRNG.Blocking.isAvailable()) {
+- add(p, "SecureRandom", "NativePRNGBlocking",
+- "sun.security.provider.NativePRNG$Blocking", attrs);
+- }
+- if (NativePRNG.NonBlocking.isAvailable()) {
+- add(p, "SecureRandom", "NativePRNGNonBlocking",
+- "sun.security.provider.NativePRNG$NonBlocking", attrs);
++ if (!systemFipsEnabled) {
++ /*
++ * SecureRandom engines
++ */
++ attrs.put("ThreadSafe", "true");
++ if (NativePRNG.isAvailable()) {
++ add(p, "SecureRandom", "NativePRNG",
++ "sun.security.provider.NativePRNG", attrs);
++ }
++ if (NativePRNG.Blocking.isAvailable()) {
++ add(p, "SecureRandom", "NativePRNGBlocking",
++ "sun.security.provider.NativePRNG$Blocking", attrs);
++ }
++ if (NativePRNG.NonBlocking.isAvailable()) {
++ add(p, "SecureRandom", "NativePRNGNonBlocking",
++ "sun.security.provider.NativePRNG$NonBlocking", attrs);
++ }
++ attrs.put("ImplementedIn", "Software");
++ add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
++ add(p, "SecureRandom", "SHA1PRNG",
++ "sun.security.provider.SecureRandom", attrs);
++
++ /*
++ * Signature engines
++ */
++ attrs.clear();
++ String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
++ "|java.security.interfaces.DSAPrivateKey";
++ attrs.put("SupportedKeyClasses", dsaKeyClasses);
++ attrs.put("ImplementedIn", "Software");
++
++ attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
++
++ addWithAlias(p, "Signature", "SHA1withDSA",
++ "sun.security.provider.DSA$SHA1withDSA", attrs);
++ addWithAlias(p, "Signature", "NONEwithDSA",
++ "sun.security.provider.DSA$RawDSA", attrs);
++
++ // for DSA signatures with 224/256-bit digests
++ attrs.put("KeySize", "2048");
++
++ addWithAlias(p, "Signature", "SHA224withDSA",
++ "sun.security.provider.DSA$SHA224withDSA", attrs);
++ addWithAlias(p, "Signature", "SHA256withDSA",
++ "sun.security.provider.DSA$SHA256withDSA", attrs);
++
++ addWithAlias(p, "Signature", "SHA3-224withDSA",
++ "sun.security.provider.DSA$SHA3_224withDSA", attrs);
++ addWithAlias(p, "Signature", "SHA3-256withDSA",
++ "sun.security.provider.DSA$SHA3_256withDSA", attrs);
++
++ attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
++
++ addWithAlias(p, "Signature", "SHA384withDSA",
++ "sun.security.provider.DSA$SHA384withDSA", attrs);
++ addWithAlias(p, "Signature", "SHA512withDSA",
++ "sun.security.provider.DSA$SHA512withDSA", attrs);
++ addWithAlias(p, "Signature", "SHA3-384withDSA",
++ "sun.security.provider.DSA$SHA3_384withDSA", attrs);
++ addWithAlias(p, "Signature", "SHA3-512withDSA",
++ "sun.security.provider.DSA$SHA3_512withDSA", attrs);
++
++ attrs.remove("KeySize");
++
++ add(p, "Signature", "SHA1withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA1withDSAinP1363Format");
++ add(p, "Signature", "NONEwithDSAinP1363Format",
++ "sun.security.provider.DSA$RawDSAinP1363Format");
++ add(p, "Signature", "SHA224withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA224withDSAinP1363Format");
++ add(p, "Signature", "SHA256withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA256withDSAinP1363Format");
++ add(p, "Signature", "SHA384withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA384withDSAinP1363Format");
++ add(p, "Signature", "SHA512withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA512withDSAinP1363Format");
++ add(p, "Signature", "SHA3-224withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
++ add(p, "Signature", "SHA3-256withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
++ add(p, "Signature", "SHA3-384withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
++ add(p, "Signature", "SHA3-512withDSAinP1363Format",
++ "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
++ /*
++ * Key Pair Generator engines
++ */
++ attrs.clear();
++ attrs.put("ImplementedIn", "Software");
++ attrs.put("KeySize", "2048"); // for DSA KPG and APG only
++
++ String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
++ dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
++ addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
++
++ /*
++ * Algorithm Parameter Generator engines
++ */
++ addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
++ "sun.security.provider.DSAParameterGenerator", attrs);
++ attrs.remove("KeySize");
++
++ /*
++ * Algorithm Parameter engines
++ */
++ addWithAlias(p, "AlgorithmParameters", "DSA",
++ "sun.security.provider.DSAParameters", attrs);
++
++ /*
++ * Key factories
++ */
++ addWithAlias(p, "KeyFactory", "DSA",
++ "sun.security.provider.DSAKeyFactory", attrs);
++
++ /*
++ * Digest engines
++ */
++ add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
++ add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
++ addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
++ attrs);
++
++ addWithAlias(p, "MessageDigest", "SHA-224",
++ "sun.security.provider.SHA2$SHA224", attrs);
++ addWithAlias(p, "MessageDigest", "SHA-256",
++ "sun.security.provider.SHA2$SHA256", attrs);
++ addWithAlias(p, "MessageDigest", "SHA-384",
++ "sun.security.provider.SHA5$SHA384", attrs);
++ addWithAlias(p, "MessageDigest", "SHA-512",
++ "sun.security.provider.SHA5$SHA512", attrs);
++ addWithAlias(p, "MessageDigest", "SHA-512/224",
++ "sun.security.provider.SHA5$SHA512_224", attrs);
++ addWithAlias(p, "MessageDigest", "SHA-512/256",
++ "sun.security.provider.SHA5$SHA512_256", attrs);
++ addWithAlias(p, "MessageDigest", "SHA3-224",
++ "sun.security.provider.SHA3$SHA224", attrs);
++ addWithAlias(p, "MessageDigest", "SHA3-256",
++ "sun.security.provider.SHA3$SHA256", attrs);
++ addWithAlias(p, "MessageDigest", "SHA3-384",
++ "sun.security.provider.SHA3$SHA384", attrs);
++ addWithAlias(p, "MessageDigest", "SHA3-512",
++ "sun.security.provider.SHA3$SHA512", attrs);
+ }
+- attrs.put("ImplementedIn", "Software");
+- add(p, "SecureRandom", "DRBG", "sun.security.provider.DRBG", attrs);
+- add(p, "SecureRandom", "SHA1PRNG",
+- "sun.security.provider.SecureRandom", attrs);
+-
+- /*
+- * Signature engines
+- */
+- attrs.clear();
+- String dsaKeyClasses = "java.security.interfaces.DSAPublicKey" +
+- "|java.security.interfaces.DSAPrivateKey";
+- attrs.put("SupportedKeyClasses", dsaKeyClasses);
+- attrs.put("ImplementedIn", "Software");
+-
+- attrs.put("KeySize", "1024"); // for NONE and SHA1 DSA signatures
+-
+- addWithAlias(p, "Signature", "SHA1withDSA",
+- "sun.security.provider.DSA$SHA1withDSA", attrs);
+- addWithAlias(p, "Signature", "NONEwithDSA",
+- "sun.security.provider.DSA$RawDSA", attrs);
+-
+- // for DSA signatures with 224/256-bit digests
+- attrs.put("KeySize", "2048");
+-
+- addWithAlias(p, "Signature", "SHA224withDSA",
+- "sun.security.provider.DSA$SHA224withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA256withDSA",
+- "sun.security.provider.DSA$SHA256withDSA", attrs);
+-
+- addWithAlias(p, "Signature", "SHA3-224withDSA",
+- "sun.security.provider.DSA$SHA3_224withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA3-256withDSA",
+- "sun.security.provider.DSA$SHA3_256withDSA", attrs);
+-
+- attrs.put("KeySize", "3072"); // for DSA sig using 384/512-bit digests
+-
+- addWithAlias(p, "Signature", "SHA384withDSA",
+- "sun.security.provider.DSA$SHA384withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA512withDSA",
+- "sun.security.provider.DSA$SHA512withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA3-384withDSA",
+- "sun.security.provider.DSA$SHA3_384withDSA", attrs);
+- addWithAlias(p, "Signature", "SHA3-512withDSA",
+- "sun.security.provider.DSA$SHA3_512withDSA", attrs);
+-
+- attrs.remove("KeySize");
+-
+- add(p, "Signature", "SHA1withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA1withDSAinP1363Format");
+- add(p, "Signature", "NONEwithDSAinP1363Format",
+- "sun.security.provider.DSA$RawDSAinP1363Format");
+- add(p, "Signature", "SHA224withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA224withDSAinP1363Format");
+- add(p, "Signature", "SHA256withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA256withDSAinP1363Format");
+- add(p, "Signature", "SHA384withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA384withDSAinP1363Format");
+- add(p, "Signature", "SHA512withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA512withDSAinP1363Format");
+- add(p, "Signature", "SHA3-224withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_224withDSAinP1363Format");
+- add(p, "Signature", "SHA3-256withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_256withDSAinP1363Format");
+- add(p, "Signature", "SHA3-384withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_384withDSAinP1363Format");
+- add(p, "Signature", "SHA3-512withDSAinP1363Format",
+- "sun.security.provider.DSA$SHA3_512withDSAinP1363Format");
+- /*
+- * Key Pair Generator engines
+- */
+- attrs.clear();
+- attrs.put("ImplementedIn", "Software");
+- attrs.put("KeySize", "2048"); // for DSA KPG and APG only
+-
+- String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$";
+- dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current");
+- addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs);
+-
+- /*
+- * Algorithm Parameter Generator engines
+- */
+- addWithAlias(p, "AlgorithmParameterGenerator", "DSA",
+- "sun.security.provider.DSAParameterGenerator", attrs);
+- attrs.remove("KeySize");
+-
+- /*
+- * Algorithm Parameter engines
+- */
+- addWithAlias(p, "AlgorithmParameters", "DSA",
+- "sun.security.provider.DSAParameters", attrs);
+-
+- /*
+- * Key factories
+- */
+- addWithAlias(p, "KeyFactory", "DSA",
+- "sun.security.provider.DSAKeyFactory", attrs);
+-
+- /*
+- * Digest engines
+- */
+- add(p, "MessageDigest", "MD2", "sun.security.provider.MD2", attrs);
+- add(p, "MessageDigest", "MD5", "sun.security.provider.MD5", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-1", "sun.security.provider.SHA",
+- attrs);
+-
+- addWithAlias(p, "MessageDigest", "SHA-224",
+- "sun.security.provider.SHA2$SHA224", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-256",
+- "sun.security.provider.SHA2$SHA256", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-384",
+- "sun.security.provider.SHA5$SHA384", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-512",
+- "sun.security.provider.SHA5$SHA512", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-512/224",
+- "sun.security.provider.SHA5$SHA512_224", attrs);
+- addWithAlias(p, "MessageDigest", "SHA-512/256",
+- "sun.security.provider.SHA5$SHA512_256", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-224",
+- "sun.security.provider.SHA3$SHA224", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-256",
+- "sun.security.provider.SHA3$SHA256", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-384",
+- "sun.security.provider.SHA3$SHA384", attrs);
+- addWithAlias(p, "MessageDigest", "SHA3-512",
+- "sun.security.provider.SHA3$SHA512", attrs);
+
+ /*
+ * Certificates
+diff --git openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+index 8c9e4f9dbe6..9eeb3013e0d 100644
+--- openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
++++ openjdk/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java
+@@ -38,6 +38,7 @@ import java.util.HashMap;
+ import java.util.Iterator;
+ import java.util.List;
+
++import jdk.internal.access.SharedSecrets;
+ import sun.security.ec.ed.EdDSAAlgorithmParameters;
+ import sun.security.ec.ed.EdDSAKeyFactory;
+ import sun.security.ec.ed.EdDSAKeyPairGenerator;
+@@ -56,6 +57,10 @@ public final class SunEC extends Provider {
+
+ private static final long serialVersionUID = -2279741672933606418L;
+
++ private static final boolean systemFipsEnabled =
++ SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled();
++
+ private static class ProviderServiceA extends ProviderService {
+ ProviderServiceA(Provider p, String type, String algo, String cn,
+ HashMap<String, String> attrs) {
+@@ -249,85 +254,86 @@ public final class SunEC extends Provider {
+
+ putXDHEntries();
+ putEdDSAEntries();
+-
+- /*
+- * Signature engines
+- */
+- putService(new ProviderService(this, "Signature",
+- "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
+- null, ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384",
+- ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512",
+- ATTRS));
+-
+- putService(new ProviderService(this, "Signature",
+- "NONEwithECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$RawinP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA1withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA1inP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA224withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA224inP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA256withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA256inP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA384withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA384inP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA512withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA512inP1363Format"));
+-
+- putService(new ProviderService(this, "Signature",
+- "SHA3-224withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA3_224inP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA3-256withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA3_256inP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA3-384withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA3_384inP1363Format"));
+- putService(new ProviderService(this, "Signature",
+- "SHA3-512withECDSAinP1363Format",
+- "sun.security.ec.ECDSASignature$SHA3_512inP1363Format"));
+-
+- /*
+- * Key Pair Generator engine
+- */
+- putService(new ProviderService(this, "KeyPairGenerator",
+- "EC", "sun.security.ec.ECKeyPairGenerator",
+- List.of("EllipticCurve"), ATTRS));
+-
+- /*
+- * Key Agreement engine
+- */
+- putService(new ProviderService(this, "KeyAgreement",
+- "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
++ if (!systemFipsEnabled) {
++ /*
++ * Signature engines
++ */
++ putService(new ProviderService(this, "Signature",
++ "NONEwithECDSA", "sun.security.ec.ECDSASignature$Raw",
++ null, ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA1withECDSA", "sun.security.ec.ECDSASignature$SHA1",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA224withECDSA", "sun.security.ec.ECDSASignature$SHA224",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA256withECDSA", "sun.security.ec.ECDSASignature$SHA256",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA384withECDSA", "sun.security.ec.ECDSASignature$SHA384",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA512withECDSA", "sun.security.ec.ECDSASignature$SHA512",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA3-224withECDSA", "sun.security.ec.ECDSASignature$SHA3_224",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA3-256withECDSA", "sun.security.ec.ECDSASignature$SHA3_256",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA3-384withECDSA", "sun.security.ec.ECDSASignature$SHA3_384",
++ ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "SHA3-512withECDSA", "sun.security.ec.ECDSASignature$SHA3_512",
++ ATTRS));
++
++ putService(new ProviderService(this, "Signature",
++ "NONEwithECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$RawinP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA1withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA1inP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA224withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA224inP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA256withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA256inP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA384withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA384inP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA512withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA512inP1363Format"));
++
++ putService(new ProviderService(this, "Signature",
++ "SHA3-224withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA3_224inP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA3-256withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA3_256inP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA3-384withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA3_384inP1363Format"));
++ putService(new ProviderService(this, "Signature",
++ "SHA3-512withECDSAinP1363Format",
++ "sun.security.ec.ECDSASignature$SHA3_512inP1363Format"));
++
++ /*
++ * Key Pair Generator engine
++ */
++ putService(new ProviderService(this, "KeyPairGenerator",
++ "EC", "sun.security.ec.ECKeyPairGenerator",
++ List.of("EllipticCurve"), ATTRS));
++
++ /*
++ * Key Agreement engine
++ */
++ putService(new ProviderService(this, "KeyAgreement",
++ "ECDH", "sun.security.ec.ECDHKeyAgreement", null, ATTRS));
++ }
+ }
+
+ private void putXDHEntries() {
+@@ -344,23 +350,25 @@ public final class SunEC extends Provider {
+ "X448", "sun.security.ec.XDHKeyFactory.X448",
+ ATTRS));
+
+- putService(new ProviderService(this, "KeyPairGenerator",
+- "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
+- putService(new ProviderServiceA(this, "KeyPairGenerator",
+- "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
+- ATTRS));
+- putService(new ProviderServiceA(this, "KeyPairGenerator",
+- "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
+- ATTRS));
+-
+- putService(new ProviderService(this, "KeyAgreement",
+- "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
+- putService(new ProviderServiceA(this, "KeyAgreement",
+- "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
+- ATTRS));
+- putService(new ProviderServiceA(this, "KeyAgreement",
+- "X448", "sun.security.ec.XDHKeyAgreement.X448",
+- ATTRS));
++ if (!systemFipsEnabled) {
++ putService(new ProviderService(this, "KeyPairGenerator",
++ "XDH", "sun.security.ec.XDHKeyPairGenerator", null, ATTRS));
++ putService(new ProviderServiceA(this, "KeyPairGenerator",
++ "X25519", "sun.security.ec.XDHKeyPairGenerator.X25519",
++ ATTRS));
++ putService(new ProviderServiceA(this, "KeyPairGenerator",
++ "X448", "sun.security.ec.XDHKeyPairGenerator.X448",
++ ATTRS));
++
++ putService(new ProviderService(this, "KeyAgreement",
++ "XDH", "sun.security.ec.XDHKeyAgreement", null, ATTRS));
++ putService(new ProviderServiceA(this, "KeyAgreement",
++ "X25519", "sun.security.ec.XDHKeyAgreement.X25519",
++ ATTRS));
++ putService(new ProviderServiceA(this, "KeyAgreement",
++ "X448", "sun.security.ec.XDHKeyAgreement.X448",
++ ATTRS));
++ }
+ }
+
+ private void putEdDSAEntries() {
+@@ -375,21 +383,23 @@ public final class SunEC extends Provider {
+ putService(new ProviderServiceA(this, "KeyFactory",
+ "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS));
+
+- putService(new ProviderService(this, "KeyPairGenerator",
+- "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
+- putService(new ProviderServiceA(this, "KeyPairGenerator",
+- "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
+- ATTRS));
+- putService(new ProviderServiceA(this, "KeyPairGenerator",
+- "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
+- ATTRS));
+-
+- putService(new ProviderService(this, "Signature",
+- "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
+- putService(new ProviderServiceA(this, "Signature",
+- "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
++ if (!systemFipsEnabled) {
++ putService(new ProviderService(this, "KeyPairGenerator",
++ "EdDSA", "sun.security.ec.ed.EdDSAKeyPairGenerator", null, ATTRS));
++ putService(new ProviderServiceA(this, "KeyPairGenerator",
++ "Ed25519", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed25519",
++ ATTRS));
++ putService(new ProviderServiceA(this, "KeyPairGenerator",
++ "Ed448", "sun.security.ec.ed.EdDSAKeyPairGenerator.Ed448",
++ ATTRS));
++
++ putService(new ProviderService(this, "Signature",
++ "EdDSA", "sun.security.ec.ed.EdDSASignature", null, ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "Ed25519", "sun.security.ec.ed.EdDSASignature.Ed25519", ATTRS));
++ putService(new ProviderServiceA(this, "Signature",
++ "Ed448", "sun.security.ec.ed.EdDSASignature.Ed448", ATTRS));
++ }
+
+ }
+ }
diff --git a/rh1996182-extend_security_policy.patch b/rh1996182-extend_security_policy.patch
new file mode 100644
index 0000000..7622622
--- /dev/null
+++ b/rh1996182-extend_security_policy.patch
@@ -0,0 +1,18 @@
+commit bfd7c5dae9c15266799cb885b8c60199217b65b9
+Author: Andrew Hughes <gnu.andrew(a)redhat.com>
+Date: Mon Aug 30 16:14:14 2021 +0100
+
+ RH1996182: Extend default security policy to allow SunPKCS11 access to jdk.internal.access
+
+diff --git openjdk.orig/src/java.base/share/lib/security/default.policy openjdk/src/java.base/share/lib/security/default.policy
+index 8356e56367b..23925f048be 100644
+--- openjdk.orig/src/java.base/share/lib/security/default.policy
++++ openjdk/src/java.base/share/lib/security/default.policy
+@@ -128,6 +128,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
+ grant codeBase "jrt:/jdk.crypto.cryptoki" {
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.crypto.provider";
++ permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.access";
+ permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.sun.security.*";
diff --git a/rh1996182-login_to_nss_software_token.patch b/rh1996182-login_to_nss_software_token.patch
new file mode 100644
index 0000000..475c521
--- /dev/null
+++ b/rh1996182-login_to_nss_software_token.patch
@@ -0,0 +1,65 @@
+commit 93c9f6330bf2b4405c789bf893a5256c3f4a4923
+Author: Martin Balao <mbalao(a)redhat.com>
+Date: Sat Aug 28 00:35:44 2021 +0100
+
+ RH1996182: Login to the NSS Software Token in FIPS Mode
+
+diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
+index 39e69362458..aeb5fc2eb46 100644
+--- openjdk.orig/src/java.base/share/classes/module-info.java
++++ openjdk/src/java.base/share/classes/module-info.java
+@@ -151,6 +151,7 @@ module java.base {
+ java.management,
+ java.naming,
+ java.rmi,
++ jdk.crypto.cryptoki,
+ jdk.crypto.ec,
+ jdk.jartool,
+ jdk.jlink,
+diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+index 112b639aa96..5d3963ea893 100644
+--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
++++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+@@ -42,6 +42,7 @@ import javax.security.auth.callback.PasswordCallback;
+
+ import com.sun.crypto.provider.ChaCha20Poly1305Parameters;
+
++import jdk.internal.access.SharedSecrets;
+ import jdk.internal.misc.InnocuousThread;
+ import sun.security.util.Debug;
+ import sun.security.util.ResourcesMgr;
+@@ -62,6 +63,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.*;
+ */
+ public final class SunPKCS11 extends AuthProvider {
+
++ private static final boolean systemFipsEnabled = SharedSecrets
++ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
++
+ private static final long serialVersionUID = -1354835039035306505L;
+
+ static final Debug debug = Debug.getInstance("sunpkcs11");
+@@ -379,6 +383,24 @@ public final class SunPKCS11 extends AuthProvider {
+ if (nssModule != null) {
+ nssModule.setProvider(this);
+ }
++ if (systemFipsEnabled) {
++ // The NSS Software Token in FIPS 140-2 mode requires a user
++ // login for most operations. See sftk_fipsCheck. The NSS DB
++ // (/etc/pki/nssdb) PIN is empty.
++ Session session = null;
++ try {
++ session = token.getOpSession();
++ p11.C_Login(session.id(), CKU_USER, new char[] {});
++ } catch (PKCS11Exception p11e) {
++ if (debug != null) {
++ debug.println("Error during token login: " +
++ p11e.getMessage());
++ }
++ throw p11e;
++ } finally {
++ token.releaseSession(session);
++ }
++ }
+ } catch (Exception e) {
+ if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
+ throw new UnsupportedOperationException
commit 05cc2f08b3a63a7332d455ae398591c8bc544b0e
Author: Andrew John Hughes <gnu_andrew(a)member.fsf.org>
Date: Mon Sep 6 01:15:24 2021 +0100
Update to jdk-17+35, also known as jdk-17-ga.
Switch to GA mode.
Support the FIPS mode crypto policy (RH1655466)
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
diff --git a/.gitignore b/.gitignore
index 77dfe61..c591b54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@
/openjdk-jdk16u-jdk-16.0.1+9.tar.xz
/openjdk-jdk17-jdk-17+26.tar.xz
/openjdk-jdk17-jdk-17+33.tar.xz
+/openjdk-jdk17-jdk-17+35.tar.xz
diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec
index acbf07b..d6e3930 100644
--- a/java-latest-openjdk.spec
+++ b/java-latest-openjdk.spec
@@ -276,7 +276,7 @@
%global interimver 0
%global updatever 0
%global patchver 0
-# If you bump featurever, you must bump also vendor_version_string
+# If you bump featurever, you must also bump vendor_version_string
# Used via new version scheme. JDK 17 was
# GA'ed in September 2021 => 21.9
%global vendor_version_string 21.9
@@ -297,7 +297,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 33
+%global buildver 35
%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@@ -321,7 +321,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 0
+%global is_ga 1
%if %{is_ga}
%global build_type GA
%global expected_ea_designator ""
@@ -370,7 +370,7 @@
# fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349
# https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14
# https://bugzilla.redhat.com/show_bug.cgi?id=1655938
-%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libzip[.]so.*
+%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsystemconf[.]so.*|libzip[.]so.*
%global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.*
%if %is_system_jdk
%global __provides_exclude ^(%{_privatelibs})$
@@ -709,6 +709,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsaproc.so
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so
+%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so
%ifarch %{svml_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsvml.so
%endif
@@ -751,6 +752,7 @@ exit 0
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/java.security
%config(noreplace) %{etcjavadir -- %{?1}}/conf/logging.properties
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.cfg
+%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access
# these are config templates, thus not config-noreplace
%config %{etcjavadir -- %{?1}}/conf/management/jmxremote.password.template
@@ -1136,6 +1138,9 @@ Source14: TestECDSA.java
# Verify system crypto (policy) can be disabled via a property
Source15: TestSecurityProperties.java
+# nss fips configuration file
+Source17: nss.fips.cfg.in
+
############################################
#
# RPM/distribution specific patches
@@ -1160,6 +1165,18 @@ Patch5: pr3695-toggle_system_crypto_policy.patch
# Depend on pcs-lite-libs instead of pcs-lite-devel as this is only in optional repo
Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
+# FIPS support patches
+# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
+Patch1001: rh1655466-global_crypto_and_fips.patch
+# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode
+Patch1002: rh1818909-fips_default_keystore_type.patch
+# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
+Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
+# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
+Patch1007: rh1915071-always_initialise_configurator_access.patch
+# RH1929465: Improve system FIPS detection
+Patch1008: rh1929465-improve_system_FIPS_detection.patch
+
#############################################
#
# OpenJDK patches in need of upstreaming
@@ -1192,8 +1209,8 @@ BuildRequires: libXrandr-devel
BuildRequires: libXrender-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
-# Requirements for setting up the nss.cfg
-BuildRequires: nss-devel
+# Requirements for setting up the nss.cfg and FIPS support
+BuildRequires: nss-devel >= 3.53
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@@ -1516,6 +1533,11 @@ popd # openjdk
%patch1000
%patch600
+%patch1001
+%patch1002
+%patch1004
+%patch1007
+%patch1008
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -1564,6 +1586,9 @@ done
# Setup nss.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
+# Setup nss.fips.cfg
+sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
+sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@@ -1664,6 +1689,7 @@ bash ${top_dir_abs_src_path}/configure \
--with-boot-jdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk \
--with-debug-level=$debugbuild \
--with-native-debug-symbols=internal \
+ --enable-sysconf-nss \
--enable-unlimited-crypto \
--with-zlib=system \
--with-libjpeg=${link_opt} \
@@ -1717,6 +1743,9 @@ export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg $JAVA_HOME/conf/security/
+# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
+install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/
+
# Use system-wide tzdata
rm $JAVA_HOME/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/lib/tzdb.dat
@@ -2235,6 +2264,26 @@ cjc.mainProgram(args)
%endif
%changelog
+* Tue Sep 14 2021 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.0.0.35-1.rolling
+- Update to jdk-17+35, also known as jdk-17-ga.
+- Switch to GA mode.
+- Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
+- SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
+- Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
+- No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
+- Disable FIPS mode support unless com.redhat.fips is set to "true".
+- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
+- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
+- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
+- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
+- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
+
+* Tue Sep 14 2021 Martin Balao <mbalao(a)redhat.com> - 1:17.0.0.0.35-1.rolling
+- Support the FIPS mode crypto policy (RH1655466)
+- Use appropriate keystore types when in FIPS mode (RH1818909)
+- Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
+- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
+
* Mon Aug 30 2021 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.0.0.33-0.1.ea.rolling
- alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
new file mode 100644
index 0000000..ead27be
--- /dev/null
+++ b/nss.fips.cfg.in
@@ -0,0 +1,6 @@
+name = NSS-FIPS
+nssLibraryDirectory = @NSS_LIBDIR@
+nssSecmodDirectory = @NSS_SECMOD@
+nssDbMode = readOnly
+nssModule = fips
+
diff --git a/rh1655466-global_crypto_and_fips.patch b/rh1655466-global_crypto_and_fips.patch
new file mode 100644
index 0000000..80cd91c
--- /dev/null
+++ b/rh1655466-global_crypto_and_fips.patch
@@ -0,0 +1,205 @@
+diff --git a/src/java.base/share/classes/javopenjdk.orig///security/Security.java openjdk///src/java.base/share/classes/java/security/Security.java
+--- openjdk.orig/src/java.base/share/classes/java/security/Security.java
++++ openjdk/src/java.base/share/classes/java/security/Security.java
+@@ -196,26 +196,8 @@
+ if (disableSystemProps == null &&
+ "true".equalsIgnoreCase(props.getProperty
+ ("security.useSystemPropertiesFile"))) {
+-
+- // now load the system file, if it exists, so its values
+- // will win if they conflict with the earlier values
+- try (BufferedInputStream bis =
+- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+- props.load(bis);
++ if (SystemConfigurator.configure(props)) {
+ loadedProps = true;
+-
+- if (sdebug != null) {
+- sdebug.println("reading system security properties file " +
+- SYSTEM_PROPERTIES);
+- sdebug.println(props.toString());
+- }
+- } catch (IOException e) {
+- if (sdebug != null) {
+- sdebug.println
+- ("unable to load security properties from " +
+- SYSTEM_PROPERTIES);
+- e.printStackTrace();
+- }
+ }
+ }
+
+diff --git a/src/java.base/share/classes/javopenjdk.orig///security/SystemConfigurator.java openjdk///src/java.base/share/classes/java/security/SystemConfigurator.java
+new file mode 100644
+--- /dev/null
++++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+@@ -0,0 +1,151 @@
++/*
++ * Copyright (c) 2019, Red Hat, Inc.
++ *
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package java.security;
++
++import java.io.BufferedInputStream;
++import java.io.FileInputStream;
++import java.io.IOException;
++
++import java.nio.file.Files;
++import java.nio.file.Path;
++
++import java.util.Iterator;
++import java.util.Map.Entry;
++import java.util.Properties;
++import java.util.function.Consumer;
++import java.util.regex.Matcher;
++import java.util.regex.Pattern;
++
++import sun.security.util.Debug;
++
++/**
++ * Internal class to align OpenJDK with global crypto-policies.
++ * Called from java.security.Security class initialization,
++ * during startup.
++ *
++ */
++
++class SystemConfigurator {
++
++ private static final Debug sdebug =
++ Debug.getInstance("properties");
++
++ private static final String CRYPTO_POLICIES_BASE_DIR =
++ "/etc/crypto-policies";
++
++ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
++ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
++
++ private static final String CRYPTO_POLICIES_CONFIG =
++ CRYPTO_POLICIES_BASE_DIR + "/config";
++
++ private static final class SecurityProviderInfo {
++ int number;
++ String key;
++ String value;
++ SecurityProviderInfo(int number, String key, String value) {
++ this.number = number;
++ this.key = key;
++ this.value = value;
++ }
++ }
++
++ /*
++ * Invoked when java.security.Security class is initialized, if
++ * java.security.disableSystemPropertiesFile property is not set and
++ * security.useSystemPropertiesFile is true.
++ */
++ static boolean configure(Properties props) {
++ boolean loadedProps = false;
++
++ try (BufferedInputStream bis =
++ new BufferedInputStream(
++ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
++ props.load(bis);
++ loadedProps = true;
++ if (sdebug != null) {
++ sdebug.println("reading system security properties file " +
++ CRYPTO_POLICIES_JAVA_CONFIG);
++ sdebug.println(props.toString());
++ }
++ } catch (IOException e) {
++ if (sdebug != null) {
++ sdebug.println("unable to load security properties from " +
++ CRYPTO_POLICIES_JAVA_CONFIG);
++ e.printStackTrace();
++ }
++ }
++
++ try {
++ if (enableFips()) {
++ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
++ loadedProps = false;
++ // Remove all security providers
++ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
++ while (i.hasNext()) {
++ Entry<Object, Object> e = i.next();
++ if (((String) e.getKey()).startsWith("security.provider")) {
++ if (sdebug != null) { sdebug.println("Removing provider: " + e); }
++ i.remove();
++ }
++ }
++ // Add FIPS security providers
++ String fipsProviderValue = null;
++ for (int n = 1;
++ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) {
++ String fipsProviderKey = "security.provider." + n;
++ if (sdebug != null) {
++ sdebug.println("Adding provider " + n + ": " +
++ fipsProviderKey + "=" + fipsProviderValue);
++ }
++ props.put(fipsProviderKey, fipsProviderValue);
++ }
++ loadedProps = true;
++ }
++ } catch (Exception e) {
++ if (sdebug != null) {
++ sdebug.println("unable to load FIPS configuration");
++ e.printStackTrace();
++ }
++ }
++ return loadedProps;
++ }
++
++ /*
++ * FIPS is enabled only if crypto-policies are set to "FIPS"
++ * and the com.redhat.fips property is true.
++ */
++ private static boolean enableFips() throws Exception {
++ boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
++ if (fipsEnabled) {
++ String cryptoPoliciesConfig = new String(Files.readAllBytes(Path.of(CRYPTO_POLICIES_CONFIG)));
++ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
++ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
++ return pattern.matcher(cryptoPoliciesConfig).find();
++ } else {
++ return false;
++ }
++ }
++}
+diff --git openjdk.orig///src/java.base/share/conf/security/java.security openjdk///src/java.base/share/conf/security/java.security
+--- openjdk.orig/src/java.base/share/conf/security/java.security
++++ openjdk/src/java.base/share/conf/security/java.security
+@@ -87,6 +87,14 @@
+ #security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
+
+ #
++# Security providers used when global crypto-policies are set to FIPS.
++#
++fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
++fips.provider.2=SUN
++fips.provider.3=SunEC
++fips.provider.4=SunJSSE
++
++#
+ # A list of preferred providers for specific algorithms. These providers will
+ # be searched for matching algorithms before the list of registered providers.
+ # Entries containing errors (parsing, etc) will be ignored. Use the
diff --git a/rh1818909-fips_default_keystore_type.patch b/rh1818909-fips_default_keystore_type.patch
new file mode 100644
index 0000000..ff34f3e
--- /dev/null
+++ b/rh1818909-fips_default_keystore_type.patch
@@ -0,0 +1,52 @@
+diff -r 6efbd7b35a10 src/share/classes/java/security/SystemConfigurator.java
+--- openjdk.orig/src/java.base/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300
++++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java Mon Mar 02 19:20:17 2020 -0300
+@@ -123,6 +123,33 @@
+ }
+ props.put(fipsProviderKey, fipsProviderValue);
+ }
++ // Add other security properties
++ String keystoreTypeValue = (String) props.get("fips.keystore.type");
++ if (keystoreTypeValue != null) {
++ String nonFipsKeystoreType = props.getProperty("keystore.type");
++ props.put("keystore.type", keystoreTypeValue);
++ if (keystoreTypeValue.equals("PKCS11")) {
++ // If keystore.type is PKCS11, javax.net.ssl.keyStore
++ // must be "NONE". See JDK-8238264.
++ System.setProperty("javax.net.ssl.keyStore", "NONE");
++ }
++ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
++ // If no trustStoreType has been set, use the
++ // previous keystore.type under FIPS mode. In
++ // a default configuration, the Trust Store will
++ // be 'cacerts' (JKS type).
++ System.setProperty("javax.net.ssl.trustStoreType",
++ nonFipsKeystoreType);
++ }
++ if (sdebug != null) {
++ sdebug.println("FIPS mode default keystore.type = " +
++ keystoreTypeValue);
++ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
++ System.getProperty("javax.net.ssl.keyStore", ""));
++ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
++ System.getProperty("javax.net.ssl.trustStoreType", ""));
++ }
++ }
+ loadedProps = true;
+ }
+ } catch (Exception e) {
+diff -r 6efbd7b35a10 src/share/lib/security/java.security-linux
+--- openjdk.orig/src/java.base/share/conf/security/java.security Thu Jan 23 18:22:31 2020 -0300
++++ openjdk/src/java.base/share/conf/security/java.security Mon Mar 02 19:20:17 2020 -0300
+@@ -299,6 +299,11 @@
+ keystore.type=pkcs12
+
+ #
++# Default keystore type used when global crypto-policies are set to FIPS.
++#
++fips.keystore.type=PKCS11
++
++#
+ # Controls compatibility mode for JKS and PKCS12 keystore types.
+ #
+ # When set to 'true', both JKS and PKCS12 keystore types support loading
diff --git a/rh1860986-disable_tlsv1.3_in_fips_mode.patch b/rh1860986-disable_tlsv1.3_in_fips_mode.patch
new file mode 100644
index 0000000..8dcd9a8
--- /dev/null
+++ b/rh1860986-disable_tlsv1.3_in_fips_mode.patch
@@ -0,0 +1,318 @@
+diff --git openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+index f9baf8c9742..60fa75cab45 100644
+--- openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
++++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+@@ -1,11 +1,13 @@
+ /*
+- * Copyright (c) 2019, Red Hat, Inc.
++ * Copyright (c) 2019, 2020, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+- * published by the Free Software Foundation.
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+@@ -34,10 +36,10 @@ import java.nio.file.Path;
+ import java.util.Iterator;
+ import java.util.Map.Entry;
+ import java.util.Properties;
+-import java.util.function.Consumer;
+-import java.util.regex.Matcher;
+ import java.util.regex.Pattern;
+
++import jdk.internal.access.JavaSecuritySystemConfiguratorAccess;
++import jdk.internal.access.SharedSecrets;
+ import sun.security.util.Debug;
+
+ /**
+@@ -47,7 +49,7 @@ import sun.security.util.Debug;
+ *
+ */
+
+-class SystemConfigurator {
++final class SystemConfigurator {
+
+ private static final Debug sdebug =
+ Debug.getInstance("properties");
+@@ -61,15 +63,16 @@ class SystemConfigurator {
+ private static final String CRYPTO_POLICIES_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/config";
+
+- private static final class SecurityProviderInfo {
+- int number;
+- String key;
+- String value;
+- SecurityProviderInfo(int number, String key, String value) {
+- this.number = number;
+- this.key = key;
+- this.value = value;
+- }
++ private static boolean systemFipsEnabled = false;
++
++ static {
++ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
++ new JavaSecuritySystemConfiguratorAccess() {
++ @Override
++ public boolean isSystemFipsEnabled() {
++ return SystemConfigurator.isSystemFipsEnabled();
++ }
++ });
+ }
+
+ /*
+@@ -128,9 +131,9 @@ class SystemConfigurator {
+ String nonFipsKeystoreType = props.getProperty("keystore.type");
+ props.put("keystore.type", keystoreTypeValue);
+ if (keystoreTypeValue.equals("PKCS11")) {
+- // If keystore.type is PKCS11, javax.net.ssl.keyStore
+- // must be "NONE". See JDK-8238264.
+- System.setProperty("javax.net.ssl.keyStore", "NONE");
++ // If keystore.type is PKCS11, javax.net.ssl.keyStore
++ // must be "NONE". See JDK-8238264.
++ System.setProperty("javax.net.ssl.keyStore", "NONE");
+ }
+ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
+ // If no trustStoreType has been set, use the
+@@ -144,12 +147,13 @@ class SystemConfigurator {
+ sdebug.println("FIPS mode default keystore.type = " +
+ keystoreTypeValue);
+ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
+- System.getProperty("javax.net.ssl.keyStore", ""));
++ System.getProperty("javax.net.ssl.keyStore", ""));
+ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
+ System.getProperty("javax.net.ssl.trustStoreType", ""));
+ }
+ }
+ loadedProps = true;
++ systemFipsEnabled = true;
+ }
+ } catch (Exception e) {
+ if (sdebug != null) {
+@@ -160,13 +164,30 @@ class SystemConfigurator {
+ return loadedProps;
+ }
+
++ /**
++ * Returns whether or not global system FIPS alignment is enabled.
++ *
++ * Value is always 'false' before java.security.Security class is
++ * initialized.
++ *
++ * Call from out of this package through SharedSecrets:
++ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ * .isSystemFipsEnabled();
++ *
++ * @return a boolean value indicating whether or not global
++ * system FIPS alignment is enabled.
++ */
++ static boolean isSystemFipsEnabled() {
++ return systemFipsEnabled;
++ }
++
+ /*
+ * FIPS is enabled only if crypto-policies are set to "FIPS"
+ * and the com.redhat.fips property is true.
+ */
+ private static boolean enableFips() throws Exception {
+- boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+- if (fipsEnabled) {
++ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
++ if (shouldEnable) {
+ String cryptoPoliciesConfig = new String(Files.readAllBytes(Path.of(CRYPTO_POLICIES_CONFIG)));
+ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+diff --git openjdk/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java openjdk/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java
+new file mode 100644
+index 00000000000..a31e93ec02e
+--- /dev/null
++++ openjdk/src/java.base/share/classes/jdk/internal/access/JavaSecuritySystemConfiguratorAccess.java
+@@ -0,0 +1,30 @@
++/*
++ * Copyright (c) 2020, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++package jdk.internal.access;
++
++public interface JavaSecuritySystemConfiguratorAccess {
++ boolean isSystemFipsEnabled();
++}
+diff --git openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
+index f6d3638c3dd..5a2c9eb0c46 100644
+--- openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
++++ openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
+@@ -81,6 +81,7 @@ public class SharedSecrets {
+ private static JavaSecuritySpecAccess javaSecuritySpecAccess;
+ private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess;
+ private static JavaxCryptoSpecAccess javaxCryptoSpecAccess;
++ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
+
+ public static void setJavaUtilCollectionAccess(JavaUtilCollectionAccess juca) {
+ javaUtilCollectionAccess = juca;
+@@ -442,4 +443,12 @@ public class SharedSecrets {
+ MethodHandles.lookup().ensureInitialized(c);
+ } catch (IllegalAccessException e) {}
+ }
++
++ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
++ javaSecuritySystemConfiguratorAccess = jssca;
++ }
++
++ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++ return javaSecuritySystemConfiguratorAccess;
++ }
+ }
+diff --git openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+index 6ffdfeda18d..775b185fb06 100644
+--- openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
++++ openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+@@ -32,6 +32,7 @@ import java.security.cert.*;
+ import java.util.*;
+ import java.util.concurrent.locks.ReentrantLock;
+ import javax.net.ssl.*;
++import jdk.internal.access.SharedSecrets;
+ import sun.security.action.GetPropertyAction;
+ import sun.security.provider.certpath.AlgorithmChecker;
+ import sun.security.validator.Validator;
+@@ -536,22 +537,40 @@ public abstract class SSLContextImpl extends SSLContextSpi {
+ private static final List<CipherSuite> serverDefaultCipherSuites;
+
+ static {
+- supportedProtocols = Arrays.asList(
+- ProtocolVersion.TLS13,
+- ProtocolVersion.TLS12,
+- ProtocolVersion.TLS11,
+- ProtocolVersion.TLS10,
+- ProtocolVersion.SSL30,
+- ProtocolVersion.SSL20Hello
+- );
+-
+- serverDefaultProtocols = getAvailableProtocols(
+- new ProtocolVersion[] {
+- ProtocolVersion.TLS13,
+- ProtocolVersion.TLS12,
+- ProtocolVersion.TLS11,
+- ProtocolVersion.TLS10
+- });
++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled()) {
++ // RH1860986: TLSv1.3 key derivation not supported with
++ // the Security Providers available in system FIPS mode.
++ supportedProtocols = Arrays.asList(
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ );
++
++ serverDefaultProtocols = getAvailableProtocols(
++ new ProtocolVersion[] {
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ });
++ } else {
++ supportedProtocols = Arrays.asList(
++ ProtocolVersion.TLS13,
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10,
++ ProtocolVersion.SSL30,
++ ProtocolVersion.SSL20Hello
++ );
++
++ serverDefaultProtocols = getAvailableProtocols(
++ new ProtocolVersion[] {
++ ProtocolVersion.TLS13,
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ });
++ }
+
+ supportedCipherSuites = getApplicableSupportedCipherSuites(
+ supportedProtocols);
+@@ -842,12 +861,23 @@ public abstract class SSLContextImpl extends SSLContextSpi {
+ ProtocolVersion[] candidates;
+ if (refactored.isEmpty()) {
+ // Client and server use the same default protocols.
+- candidates = new ProtocolVersion[] {
+- ProtocolVersion.TLS13,
+- ProtocolVersion.TLS12,
+- ProtocolVersion.TLS11,
+- ProtocolVersion.TLS10
+- };
++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled()) {
++ // RH1860986: TLSv1.3 key derivation not supported with
++ // the Security Providers available in system FIPS mode.
++ candidates = new ProtocolVersion[] {
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ };
++ } else {
++ candidates = new ProtocolVersion[] {
++ ProtocolVersion.TLS13,
++ ProtocolVersion.TLS12,
++ ProtocolVersion.TLS11,
++ ProtocolVersion.TLS10
++ };
++ }
+ } else {
+ // Use the customized TLS protocols.
+ candidates =
+diff --git openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+index 894e26dfad8..8b16378b96b 100644
+--- openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
++++ openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+@@ -27,6 +27,8 @@ package sun.security.ssl;
+
+ import java.security.*;
+ import java.util.*;
++
++import jdk.internal.access.SharedSecrets;
+ import static sun.security.util.SecurityConstants.PROVIDER_VER;
+
+ /**
+@@ -102,8 +104,13 @@ public class SunJSSE extends java.security.Provider {
+ "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
+ ps("SSLContext", "TLSv1.2",
+ "sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
+- ps("SSLContext", "TLSv1.3",
+- "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
++ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
++ .isSystemFipsEnabled()) {
++ // RH1860986: TLSv1.3 key derivation not supported with
++ // the Security Providers available in system FIPS mode.
++ ps("SSLContext", "TLSv1.3",
++ "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
++ }
+ ps("SSLContext", "TLS",
+ "sun.security.ssl.SSLContextImpl$TLSContext",
+ List.of("SSL"), null);
diff --git a/rh1915071-always_initialise_configurator_access.patch b/rh1915071-always_initialise_configurator_access.patch
new file mode 100644
index 0000000..513fbbf
--- /dev/null
+++ b/rh1915071-always_initialise_configurator_access.patch
@@ -0,0 +1,70 @@
+diff --git openjdk/src/java.base/share/classes/java/security/Security.java openjdk/src/java.base/share/classes/java/security/Security.java
+index f1633afb627..ce32c939253 100644
+--- openjdk/src/java.base/share/classes/java/security/Security.java
++++ openjdk/src/java.base/share/classes/java/security/Security.java
+@@ -32,6 +32,7 @@ import java.net.URL;
+
+ import jdk.internal.event.EventHelper;
+ import jdk.internal.event.SecurityPropertyModificationEvent;
++import jdk.internal.access.JavaSecuritySystemConfiguratorAccess;
+ import jdk.internal.access.SharedSecrets;
+ import jdk.internal.util.StaticProperty;
+ import sun.security.util.Debug;
+@@ -74,6 +75,15 @@ public final class Security {
+ }
+
+ static {
++ // Initialise here as used by code with system properties disabled
++ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
++ new JavaSecuritySystemConfiguratorAccess() {
++ @Override
++ public boolean isSystemFipsEnabled() {
++ return SystemConfigurator.isSystemFipsEnabled();
++ }
++ });
++
+ // doPrivileged here because there are multiple
+ // things in initialize that might require privs.
+ // (the FileInputStream call and the File.exists call,
+@@ -194,9 +204,8 @@ public final class Security {
+ }
+
+ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
+- if (disableSystemProps == null &&
+- "true".equalsIgnoreCase(props.getProperty
+- ("security.useSystemPropertiesFile"))) {
++ if ((disableSystemProps == null || "false".equalsIgnoreCase(disableSystemProps)) &&
++ "true".equalsIgnoreCase(props.getProperty("security.useSystemPropertiesFile"))) {
+ if (SystemConfigurator.configure(props)) {
+ loadedProps = true;
+ }
+diff --git openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+index 60fa75cab45..10b54aa4ce4 100644
+--- openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
++++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+@@ -38,8 +38,6 @@ import java.util.Map.Entry;
+ import java.util.Properties;
+ import java.util.regex.Pattern;
+
+-import jdk.internal.access.JavaSecuritySystemConfiguratorAccess;
+-import jdk.internal.access.SharedSecrets;
+ import sun.security.util.Debug;
+
+ /**
+@@ -65,16 +63,6 @@ final class SystemConfigurator {
+
+ private static boolean systemFipsEnabled = false;
+
+- static {
+- SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
+- new JavaSecuritySystemConfiguratorAccess() {
+- @Override
+- public boolean isSystemFipsEnabled() {
+- return SystemConfigurator.isSystemFipsEnabled();
+- }
+- });
+- }
+-
+ /*
+ * Invoked when java.security.Security class is initialized, if
+ * java.security.disableSystemPropertiesFile property is not set and
diff --git a/rh1929465-improve_system_FIPS_detection.patch b/rh1929465-improve_system_FIPS_detection.patch
new file mode 100644
index 0000000..4dfd1d4
--- /dev/null
+++ b/rh1929465-improve_system_FIPS_detection.patch
@@ -0,0 +1,428 @@
+diff --git openjdk/make/autoconf/lib-sysconf.m4 openjdk/make/autoconf/lib-sysconf.m4
+new file mode 100644
+index 00000000000..b2b1c1787da
+--- /dev/null
++++ openjdk/make/autoconf/lib-sysconf.m4
+@@ -0,0 +1,84 @@
++#
++# Copyright (c) 2021, Red Hat, Inc.
++# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++#
++# This code is free software; you can redistribute it and/or modify it
++# under the terms of the GNU General Public License version 2 only, as
++# published by the Free Software Foundation. Oracle designates this
++# particular file as subject to the "Classpath" exception as provided
++# by Oracle in the LICENSE file that accompanied this code.
++#
++# This code is distributed in the hope that it will be useful, but WITHOUT
++# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++# version 2 for more details (a copy is included in the LICENSE file that
++# accompanied this code).
++#
++# You should have received a copy of the GNU General Public License version
++# 2 along with this work; if not, write to the Free Software Foundation,
++# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++# or visit www.oracle.com if you need additional information or have any
++# questions.
++#
++
++################################################################################
++# Setup system configuration libraries
++################################################################################
++AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS],
++[
++ ###############################################################################
++ #
++ # Check for the NSS library
++ #
++
++ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
++
++ # default is not available
++ DEFAULT_SYSCONF_NSS=no
++
++ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss],
++ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])],
++ [
++ case "${enableval}" in
++ yes)
++ sysconf_nss=yes
++ ;;
++ *)
++ sysconf_nss=no
++ ;;
++ esac
++ ],
++ [
++ sysconf_nss=${DEFAULT_SYSCONF_NSS}
++ ])
++ AC_MSG_RESULT([$sysconf_nss])
++
++ USE_SYSCONF_NSS=false
++ if test "x${sysconf_nss}" = "xyes"; then
++ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no])
++ if test "x${NSS_FOUND}" = "xyes"; then
++ AC_MSG_CHECKING([for system FIPS support in NSS])
++ saved_libs="${LIBS}"
++ saved_cflags="${CFLAGS}"
++ CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
++ LIBS="${LIBS} ${NSS_LIBS}"
++ AC_LANG_PUSH([C])
++ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <nss3/pk11pub.h>]],
++ [[SECMOD_GetSystemFIPSEnabled()]])],
++ [AC_MSG_RESULT([yes])],
++ [AC_MSG_RESULT([no])
++ AC_MSG_ERROR([System NSS FIPS detection unavailable])])
++ AC_LANG_POP([C])
++ CFLAGS="${saved_cflags}"
++ LIBS="${saved_libs}"
++ USE_SYSCONF_NSS=true
++ else
++ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API
++ dnl in nss3/pk11pub.h.
++ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.])
++ fi
++ fi
++ AC_SUBST(USE_SYSCONF_NSS)
++])
+diff --git openjdk/make/autoconf/libraries.m4 openjdk/make/autoconf/libraries.m4
+index a65d91ee974..a8f054c1397 100644
+--- openjdk/make/autoconf/libraries.m4
++++ openjdk/make/autoconf/libraries.m4
+@@ -33,6 +33,7 @@ m4_include([lib-std.m4])
+ m4_include([lib-x11.m4])
+ m4_include([lib-fontconfig.m4])
+ m4_include([lib-tests.m4])
++m4_include([lib-sysconf.m4])
+
+ ################################################################################
+ # Determine which libraries are needed for this configuration
+@@ -104,6 +105,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
+ LIB_SETUP_BUNDLED_LIBS
+ LIB_SETUP_MISC_LIBS
+ LIB_TESTS_SETUP_GTEST
++ LIB_SETUP_SYSCONF_LIBS
+
+ BASIC_JDKLIB_LIBS=""
+ if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then
+diff --git openjdk/make/autoconf/spec.gmk.in openjdk/make/autoconf/spec.gmk.in
+index 29445c8c24f..9b1b512a34a 100644
+--- openjdk/make/autoconf/spec.gmk.in
++++ openjdk/make/autoconf/spec.gmk.in
+@@ -834,6 +834,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
+ # Libraries
+ #
+
++USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
++NSS_LIBS:=@NSS_LIBS@
++NSS_CFLAGS:=@NSS_CFLAGS@
++
+ USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
+ LCMS_CFLAGS:=@LCMS_CFLAGS@
+ LCMS_LIBS:=@LCMS_LIBS@
+diff --git openjdk/make/modules/java.base/Lib.gmk openjdk/make/modules/java.base/Lib.gmk
+index 5658ff342e5..cb7a56852f7 100644
+--- openjdk/make/modules/java.base/Lib.gmk
++++ openjdk/make/modules/java.base/Lib.gmk
+@@ -167,6 +167,31 @@ ifeq ($(call isTargetOsType, unix), true)
+ endif
+ endif
+
++################################################################################
++# Create the systemconf library
++
++LIBSYSTEMCONF_CFLAGS :=
++LIBSYSTEMCONF_CXXFLAGS :=
++
++ifeq ($(USE_SYSCONF_NSS), true)
++ LIBSYSTEMCONF_CFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++ LIBSYSTEMCONF_CXXFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
++endif
++
++ifeq ($(OPENJDK_BUILD_OS), linux)
++ $(eval $(call SetupJdkLibrary, BUILD_LIBSYSTEMCONF, \
++ NAME := systemconf, \
++ OPTIMIZATION := LOW, \
++ CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \
++ CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \
++ LDFLAGS := $(LDFLAGS_JDKLIB) \
++ $(call SET_SHARED_LIBRARY_ORIGIN), \
++ LIBS_unix := $(LIBDL) $(NSS_LIBS), \
++ ))
++
++ TARGETS += $(BUILD_LIBSYSTEMCONF)
++endif
++
+ ################################################################################
+ # Create the symbols file for static builds.
+
+diff --git openjdk/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+new file mode 100644
+index 00000000000..6f4656bfcb6
+--- /dev/null
++++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+@@ -0,0 +1,168 @@
++/*
++ * Copyright (c) 2021, Red Hat, Inc.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation. Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++#include <dlfcn.h>
++#include <jni.h>
++#include <jni_util.h>
++#include <stdio.h>
++
++#ifdef SYSCONF_NSS
++#include <nss3/pk11pub.h>
++#endif //SYSCONF_NSS
++
++#include "java_security_SystemConfigurator.h"
++
++#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
++#define MSG_MAX_SIZE 96
++
++static jmethodID debugPrintlnMethodID = NULL;
++static jobject debugObj = NULL;
++
++static void throwIOException(JNIEnv *env, const char *msg);
++static void dbgPrint(JNIEnv *env, const char* msg);
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnLoad
++ */
++JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++ jclass sysConfCls, debugCls;
++ jfieldID sdebugFld;
++
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return JNI_EVERSION; /* JNI version not supported */
++ }
++
++ sysConfCls = (*env)->FindClass(env,"java/security/SystemConfigurator");
++ if (sysConfCls == NULL) {
++ printf("libsystemconf: SystemConfigurator class not found\n");
++ return JNI_ERR;
++ }
++ sdebugFld = (*env)->GetStaticFieldID(env, sysConfCls,
++ "sdebug", "Lsun/security/util/Debug;");
++ if (sdebugFld == NULL) {
++ printf("libsystemconf: SystemConfigurator::sdebug field not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->GetStaticObjectField(env, sysConfCls, sdebugFld);
++ if (debugObj != NULL) {
++ debugCls = (*env)->FindClass(env,"sun/security/util/Debug");
++ if (debugCls == NULL) {
++ printf("libsystemconf: Debug class not found\n");
++ return JNI_ERR;
++ }
++ debugPrintlnMethodID = (*env)->GetMethodID(env, debugCls,
++ "println", "(Ljava/lang/String;)V");
++ if (debugPrintlnMethodID == NULL) {
++ printf("libsystemconf: Debug::println(String) method not found\n");
++ return JNI_ERR;
++ }
++ debugObj = (*env)->NewGlobalRef(env, debugObj);
++ }
++
++ return (*env)->GetVersion(env);
++}
++
++/*
++ * Class: java_security_SystemConfigurator
++ * Method: JNI_OnUnload
++ */
++JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
++{
++ JNIEnv *env;
++
++ if (debugObj != NULL) {
++ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
++ return; /* Should not happen */
++ }
++ (*env)->DeleteGlobalRef(env, debugObj);
++ }
++}
++
++JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled
++ (JNIEnv *env, jclass cls)
++{
++ int fips_enabled;
++ char msg[MSG_MAX_SIZE];
++ int msg_bytes;
++
++#ifdef SYSCONF_NSS
++
++ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
++ fips_enabled = SECMOD_GetSystemFIPSEnabled();
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " SECMOD_GetSystemFIPSEnabled return value");
++ }
++ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
++
++#else // SYSCONF_NSS
++
++ FILE *fe;
++
++ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
++ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
++ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++ }
++ fips_enabled = fgetc(fe);
++ fclose(fe);
++ if (fips_enabled == EOF) {
++ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++ }
++ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
++ " read character is '%c'", fips_enabled);
++ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
++ dbgPrint(env, msg);
++ } else {
++ dbgPrint(env, "getSystemFIPSEnabled: cannot render" \
++ " read character");
++ }
++ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
++
++#endif // SYSCONF_NSS
++}
++
++static void throwIOException(JNIEnv *env, const char *msg)
++{
++ jclass cls = (*env)->FindClass(env, "java/io/IOException");
++ if (cls != 0)
++ (*env)->ThrowNew(env, cls, msg);
++}
++
++static void dbgPrint(JNIEnv *env, const char* msg)
++{
++ jstring jMsg;
++ if (debugObj != NULL) {
++ jMsg = (*env)->NewStringUTF(env, msg);
++ CHECK_NULL(jMsg);
++ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
++ }
++}
+diff --git openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+index 10b54aa4ce4..6aa1419dfd0 100644
+--- openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
++++ openjdk/src/java.base/share/classes/java/security/SystemConfigurator.java
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2019, 2020, Red Hat, Inc.
++ * Copyright (c) 2019, 2021, Red Hat, Inc.
+ *
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+@@ -30,13 +30,9 @@ import java.io.BufferedInputStream;
+ import java.io.FileInputStream;
+ import java.io.IOException;
+
+-import java.nio.file.Files;
+-import java.nio.file.Path;
+-
+ import java.util.Iterator;
+ import java.util.Map.Entry;
+ import java.util.Properties;
+-import java.util.regex.Pattern;
+
+ import sun.security.util.Debug;
+
+@@ -58,11 +54,23 @@ final class SystemConfigurator {
+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
+
+- private static final String CRYPTO_POLICIES_CONFIG =
+- CRYPTO_POLICIES_BASE_DIR + "/config";
+-
+ private static boolean systemFipsEnabled = false;
+
++ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
++
++ private static native boolean getSystemFIPSEnabled()
++ throws IOException;
++
++ static {
++ @SuppressWarnings("removal")
++ var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
++ public Void run() {
++ System.loadLibrary(SYSTEMCONF_NATIVE_LIB);
++ return null;
++ }
++ });
++ }
++
+ /*
+ * Invoked when java.security.Security class is initialized, if
+ * java.security.disableSystemPropertiesFile property is not set and
+@@ -170,16 +178,34 @@ final class SystemConfigurator {
+ }
+
+ /*
+- * FIPS is enabled only if crypto-policies are set to "FIPS"
+- * and the com.redhat.fips property is true.
++ * OpenJDK FIPS mode will be enabled only if the com.redhat.fips
++ * system property is true (default) and the system is in FIPS mode.
++ *
++ * There are 2 possible ways in which OpenJDK detects that the system
++ * is in FIPS mode: 1) if the NSS SECMOD_GetSystemFIPSEnabled API is
++ * available at OpenJDK's built-time, it is called; 2) otherwise, the
++ * /proc/sys/crypto/fips_enabled file is read.
+ */
+ private static boolean enableFips() throws Exception {
+ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true"));
+ if (shouldEnable) {
+- String cryptoPoliciesConfig = new String(Files.readAllBytes(Path.of(CRYPTO_POLICIES_CONFIG)));
+- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); }
+- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE);
+- return pattern.matcher(cryptoPoliciesConfig).find();
++ if (sdebug != null) {
++ sdebug.println("Calling getSystemFIPSEnabled (libsystemconf)...");
++ }
++ try {
++ shouldEnable = getSystemFIPSEnabled();
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) returned: "
++ + shouldEnable);
++ }
++ return shouldEnable;
++ } catch (IOException e) {
++ if (sdebug != null) {
++ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) failed:");
++ sdebug.println(e.getMessage());
++ }
++ throw e;
++ }
+ } else {
+ return false;
+ }
diff --git a/sources b/sources
index 312b5ef..f4030b5 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (openjdk-jdk17-jdk-17+33.tar.xz) = fa7e852a774d74dbd945a168f8e8f673601fbdf6ff3ce91a4c38a911b1ba66524fa30a8d4cdd60c7bb2c7f7d6d8ab353502c647a5e888a94c18958c7a8348b9c
+SHA512 (openjdk-jdk17-jdk-17+35.tar.xz) = 51f533812219e732f74fd77a19df0e82ecf11a3341d958cf9cb0438350805118a4852ddbbeccce374f96c7b12c80c410435cdcd9e3f576497a7deb6f72e17c69
1 year, 12 months
[Report] Packages Restricting Arches
by root
Package no longer excluding arches (18)
==================================
- rust-ab_glyph_rasterizer
- rust-alsa-sys
- rust-article_scraper
- rust-build-env
- rust-chlorine
- rust-diesel_migrations
- rust-escaper
- rust-feed-rs
- rust-feedbin_api
- rust-feedly_api
- rust-fever_api
- rust-magic-crypt
- rust-miniflux_api
- rust-obfstr
- rust-opml
- rust-owned_ttf_parser
- rust-owned_ttf_parser0.12
- rust-piston-float
List of packages currently excluding arches (2383)
===========================================
- 0ad
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- 90-Second-Portraits
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- GoldenCheetah
ExclusiveArch: %{qt5_qtwebengine_arches}
- GtkAda
ExclusiveArch: %{GPRbuild_arches}
- GtkAda3
ExclusiveArch: %{GPRbuild_arches}
- OpenColorIO
ExclusiveArch: x86_64 ppc64le
- OpenImageIO
ExclusiveArch: x86_64 ppc64le
- OpenMolcas
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- PragmARC
ExclusiveArch: %{GPRbuild_arches}
- R-V8
ExclusiveArch: %{nodejs_arches}
- RdRand
ExclusiveArch: %{ix86} x86_64
- RediSearch
ExclusiveArch: x86_64
- SLOF
ExclusiveArch: ppc64le
- YafaRay
ExclusiveArch: %{ix86} x86_64
- aardvark-dns
ExclusiveArch: %{rust_arches}
- aboot
ExclusiveArch: alpha
- accel-config
ExclusiveArch: %{ix86} x86_64
- acpid
ExclusiveArch: ia64 x86_64 %{ix86} %{arm} aarch64
- ahven
ExclusiveArch: %{GPRbuild_arches}
- algobox
ExclusiveArch: %{qt5_qtwebengine_arches}
- alleyoop
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x %{arm} aarch64
- american-fuzzy-lop
ExclusiveArch: %{ix86} x86_64 s390x
- anet
ExclusiveArch: %{GPRbuild_arches}
- anki
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- apmd
ExclusiveArch: %{ix86}
- appstream-generator
ExclusiveArch: %{ldc_arches}
- arm-trusted-firmware
ExclusiveArch: aarch64
- aunit
ExclusiveArch: %GPRbuild_arches
- avgtime
ExclusiveArch: %{ldc_arches}
- aws
ExclusiveArch: %GPRbuild_arches
- bcal
ExclusiveArch: x86_64 aarch64 ia64 ppc64 ppc64le s390x
- bcc
ExclusiveArch: x86_64 %{power64} aarch64 s390x armv7hl
- bcm283x-firmware
ExclusiveArch: %{arm} aarch64
- berusky2
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 %{mips}
- biosdevname
ExclusiveArch: %{ix86} x86_64
- blender
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- bless
ExclusiveArch: %mono_arches
- bpftrace
ExclusiveArch: x86_64 %{power64} aarch64 s390x
- calamares
ExclusiveArch: %{ix86} x86_64 aarch64
- calibre
ExclusiveArch: %{qt5_qtwebengine_arches}
- ccdciel
ExclusiveArch: %{fpc_arches}
- cdcollect
ExclusiveArch: %{mono_arches}
- ceph
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- chromium
ExclusiveArch: x86_64 i686
ExclusiveArch: x86_64 aarch64
ExclusiveArch: x86_64 i686 aarch64
- cjdns
ExclusiveArch: %{nodejs_arches}
- clevis-pin-tpm2
ExclusiveArch: %{rust_arches}
- cmospwd
ExclusiveArch: %{ix86} x86_64
- cmrt
ExclusiveArch: %{ix86} x86_64 ia64
- coffee-script
ExclusiveArch: %{nodejs_arches} noarch
- colorful
ExclusiveArch: %{fpc_arches}
- cpu-x
ExclusiveArch: i686 x86_64
- cpufetch
ExclusiveArch: %{arm} aarch64 x86_64 ppc ppc64 ppc64le
- cpuid
ExclusiveArch: %{ix86} x86_64
- cqrlog
ExclusiveArch: %{fpc_arches}
- crash
ExclusiveArch: %{ix86} ia64 x86_64 ppc ppc64 s390 s390x %{arm} aarch64 ppc64le
- crash-gcore-command
ExclusiveArch: aarch64 ppc64le x86_64
- crash-trace-command
ExclusiveArch: aarch64 ppc64le s390x x86_64
- cri-o
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- cri-tools
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- criu
ExclusiveArch: x86_64 %{arm} ppc64le aarch64 s390x
- cryptlib
ExclusiveArch: x86_64 aarch64 ppc64le
- cryptobone
ExclusiveArch: x86_64 ppc64le aarch64
- csslint
ExclusiveArch: %{nodejs_arches} noarch
- daq
ExclusiveArch: x86_64 aarch64
- dbus-parsec
ExclusiveArch: %{rust_arches}
- dbus-sharp
ExclusiveArch: %mono_arches
- dbus-sharp-glib
ExclusiveArch: %mono_arches
- dbxtool
ExclusiveArch: i386 x86_64 aarch64
- deepin-daemon
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- deepin-desktop-schemas
ExclusiveArch: %{go_arches}
- dlm
ExclusiveArch: i686 x86_64
- dmidecode
ExclusiveArch: %{ix86} x86_64 ia64 aarch64
- dmtcp
ExclusiveArch: x86_64
- docker-distribution
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- dolphin-emu
ExclusiveArch: x86_64 aarch64
- dotnet-build-reference-packages
ExclusiveArch: aarch64 x86_64
ExclusiveArch: x86_64
- dotnet3.1
ExclusiveArch: aarch64 x86_64
ExclusiveArch: x86_64
- dotnet6.0
ExclusiveArch: aarch64 x86_64 s390x
ExclusiveArch: x86_64
- doublecmd
ExclusiveArch: %{ix86} x86_64
- dpdk
ExclusiveArch: x86_64 i686 aarch64 ppc64le
- dub
ExclusiveArch: %{ldc_arches}
- dxvk-native
ExclusiveArch: %{ix86} x86_64
- dyninst
ExclusiveArch: %{ix86} x86_64 ppc64le aarch64
- e3
ExclusiveArch: %{ix86} x86_64
- eclipse-swt
ExclusiveArch: s390x x86_64 aarch64 ppc64le
- edk2
ExclusiveArch: x86_64 %{arm} aarch64
ExclusiveArch: x86_64 aarch64
- efibootmgr
ExclusiveArch: %{efi}
- efifs
ExclusiveArch: %{efi}
- efitools
ExclusiveArch: %{efi}
- efivar
ExclusiveArch: %{efi}
- elk
ExclusiveArch: x86_64 %{ix86}
ExclusiveArch: x86_64 %{ix86} aarch64 %{arm} %{power64}
- emacs-slime
ExclusiveArch: %{arm} %{ix86} x86_64 ppc sparcv9 aarch64
- enki
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- envytools
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- eric
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- eth-tools
ExclusiveArch: x86_64
- fcitx-libpinyin
ExclusiveArch: %{qt5_qtwebengine_arches}
- fedora-dockerfiles
ExclusiveArch: %{go_arches}
- fes
ExclusiveArch: %{ix86} x86_64
- florist
ExclusiveArch: %{GPRbuild_arches}
- fluent-bit
ExclusiveArch: x86_64 aarch64
- fpc
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64 ppc64le
- frescobaldi
ExclusiveArch: %{qt5_qtwebengine_arches}
- frysk
ExclusiveArch: %{ix86} x86_64 ppc64
- fwts
ExclusiveArch: x86_64 %{arm} aarch64 s390x riscv64 %{power64}
- fwupd-efi
ExclusiveArch: x86_64 aarch64
- ga
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- gbrainy
ExclusiveArch: %mono_arches
- gdb-exploitable
ExclusiveArch: x86_64 i386
ExclusiveArch: x86_64 noarch
- gearhead1
ExclusiveArch: %{fpc_arches}
- ghdl
ExclusiveArch: %{GNAT_arches}
- ghostwriter
ExclusiveArch: %{qt5_qtwebengine_arches}
- gio-sharp
ExclusiveArch: %mono_arches
- gir-to-d
ExclusiveArch: %{ldc_arches}
- git-octopus
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- gitqlient
ExclusiveArch: %{qt5_qtwebengine_arches}
- giver
ExclusiveArch: %{mono_arches}
- gkeyfile-sharp
ExclusiveArch: %mono_arches
- glibc32
ExclusiveArch: x86_64
- glibd
ExclusiveArch: %{ldc_arches}
- gmqcc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- gnatcoll
ExclusiveArch: %{GPRbuild_arches}
- gnatcoll-bindings
ExclusiveArch: %{GPRbuild_arches}
- gnatcoll-db
ExclusiveArch: %{GPRbuild_arches}
- gnome-boxes
ExclusiveArch: x86_64
- gnome-desktop-sharp
ExclusiveArch: %mono_arches
- gnome-do
ExclusiveArch: %mono_arches
- gnome-keyring-sharp
ExclusiveArch: %mono_arches
- gnome-rdp
ExclusiveArch: %{mono_arches}
- gnome-sharp
ExclusiveArch: %mono_arches
- gnome-subtitles
ExclusiveArch: %mono_arches
- gnu-efi
ExclusiveArch: %{efi}
- go-bindata
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- go-compilers
ExclusiveArch: %{go_arches}
- go-rpm-macros
ExclusiveArch: %{golang_arches} %{gccgo_arches}
- godep
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- golang
ExclusiveArch: %{golang_arches}
- gomtree
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- gotun
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
ExclusiveArch: x86_64
- goverlay
ExclusiveArch: %{fpc_arches}
- gprbuild
ExclusiveArch: %{GPRbuild_arches} %{bootstrap_arch}
- gprolog
ExclusiveArch: x86_64 %{ix86} ppc alpha aarch64
- grafana
ExclusiveArch: %{grafana_arches}
- grafana-pcp
ExclusiveArch: %{grafanapcp_arches}
- gtk-sharp-beans
ExclusiveArch: %mono_arches
- gtk-sharp2
ExclusiveArch: %mono_arches
- gtk-sharp3
ExclusiveArch: %{mono_arches}
- gtkd
ExclusiveArch: %{ldc_arches}
- gudev-sharp
ExclusiveArch: %mono_arches
- guestfs-tools
ExclusiveArch: %{kernel_arches}
- hedgewars
ExclusiveArch: %{fpc_arches}
- hsakmt
ExclusiveArch: x86_64 aarch64 ppc64le
- hyena
ExclusiveArch: %{mono_arches}
- hyperscan
ExclusiveArch: x86_64
- hyperv-daemons
ExclusiveArch: i686 x86_64
- i3status-rs
ExclusiveArch: %{rust_arches}
- icaro
ExclusiveArch: %{ix86} x86_64 noarch
- imvirt
ExclusiveArch: %{ix86} x86_64 ia64
- indistarter
ExclusiveArch: %{fpc_arches}
- infinipath-psm
ExclusiveArch: x86_64
- intel-cm-compiler
ExclusiveArch: i686 x86_64
- intel-cmt-cat
ExclusiveArch: x86_64 i686 i586
ExclusiveArch: x86_64 i686 i586
- intel-compute-runtime
ExclusiveArch: x86_64
- intel-gmmlib
ExclusiveArch: x86_64 i686
- intel-igc
ExclusiveArch: x86_64 i686
- intel-ipp-crypto-mb
ExclusiveArch: x86_64
ExclusiveArch: x86_64
- intel-ipsec-mb
ExclusiveArch: x86_64
ExclusiveArch: x86_64
- intel-mediasdk
ExclusiveArch: x86_64
- intel-undervolt
ExclusiveArch: i386 x86_64
- ioport
ExclusiveArch: %{ix86} x86_64
- ipmctl
ExclusiveArch: x86_64
- ispc
ExclusiveArch: x86_64 aarch64
- iucode-tool
ExclusiveArch: %{ix86} x86_64
- iyfct
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- java-1.8.0-openjdk-aarch32
ExclusiveArch: %{arm}
- jigawatts
ExclusiveArch: x86_64 %{arm} ppc64le aarch64 s390x
- kchmviewer
ExclusiveArch: %{qt5_qtwebengine_arches}
- kernel
ExclusiveArch: noarch x86_64 s390x %{arm} aarch64 ppc64le
ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le
- keylime-agent-rust
ExclusiveArch: %{rust_arches}
- keyring-ima-signer
ExclusiveArch: %{rust_arches}
- kf5-akonadi-search
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-audiocd-kio
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kalarmcal
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kblog
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kcalendarcore
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kcalendarutils
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kitinerary
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-ktnef
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-libkdcraw
ExclusiveArch: x86_64 ppc64le %{arm}
- kicad
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- kiwix-desktop
ExclusiveArch: %{qt5_qtwebengine_arches}
- klee
ExclusiveArch: x86_64
- knot-resolver
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- knotes
ExclusiveArch: x86_64 %{arm}
- kompose
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 s390x
- kubernetes
ExclusiveArch: x86_64 aarch64 ppc64le s390x %{arm}
- lazarus
ExclusiveArch: %{fpc_arches}
- lazpaint
ExclusiveArch: %{fpc_arches}
- ldc
ExclusiveArch: %{ldc_arches}
- libbsr
ExclusiveArch: %{power64}
- libclc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 %{power64} s390x
- libcxl
ExclusiveArch: %{power64}
- libdfp
ExclusiveArch: ppc ppc64 ppc64le s390 s390x x86_64
- libdispatch
ExclusiveArch: x86_64 aarch64
- libguestfs
ExclusiveArch: %{kernel_arches}
- libica
ExclusiveArch: s390 s390x
- libipt
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{ix86} x86_64
- libkgapi
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- libnxz
ExclusiveArch: ppc64le
- libocxl
ExclusiveArch: ppc64le
- libpmemobj-cpp
ExclusiveArch: x86_64 ppc64le
- libpsm2
ExclusiveArch: x86_64
- libquentier
ExclusiveArch: %{qt5_qtwebengine_arches}
- libretro-desmume2015
ExclusiveArch: i686 x86_64
- librtas
ExclusiveArch: %{power64}
- libservicelog
ExclusiveArch: ppc %{power64}
- libsmbios
ExclusiveArch: x86_64 %{ix86}
- libunwind
ExclusiveArch: %{arm} aarch64 hppa ia64 mips ppc %{power64} s390x %{ix86} x86_64
- libva-intel-hybrid-driver
ExclusiveArch: %{ix86} x86_64 ia64
- libvma
ExclusiveArch: x86_64 ppc64le ppc64 aarch64
- libvmi
ExclusiveArch: x86_64
- libvpd
ExclusiveArch: %{power64}
- libxsmm
ExclusiveArch: x86_64
- libzdnn
ExclusiveArch: s390x
- libzfcphbaapi
ExclusiveArch: s390 s390x
- lightdm
ExclusiveArch: x86_64 ppc64le
- llhttp
ExclusiveArch: %{nodejs_arches}
- log4net
ExclusiveArch: %mono_arches
- lrmi
ExclusiveArch: %{ix86}
- lsvpd
ExclusiveArch: %{power64}
- luajit
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- luxcorerender
ExclusiveArch: x86_64
- mactel-boot
ExclusiveArch: x86_64
- manifest-tool
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- marked
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- matreshka
ExclusiveArch: %GPRbuild_arches
- maui-mauikit
ExclusiveArch: %{ix86} s390x aarch64 x86_64
- maxima
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc sparcv9
ExclusiveArch: %{ix86} x86_64 ppc sparcv9
- mbpfan
ExclusiveArch: x86_64
- mcelog
ExclusiveArch: i686 x86_64
- mdevctl
ExclusiveArch: %{rust_arches}
- mediaconch
ExclusiveArch: %{qt5_qtwebengine_arches}
- mellowplayer
ExclusiveArch: %{qt5_qtwebengine_arches}
- memkind
ExclusiveArch: x86_64 ppc64 ppc64le s390x aarch64
- memtest86+
ExclusiveArch: %{ix86} x86_64
- mesos
ExclusiveArch: x86_64
- microcode_ctl
ExclusiveArch: %{ix86} x86_64
- micropython
ExclusiveArch: %{arm} %{ix86} x86_64
- mine_detector
ExclusiveArch: %{GPRbuild_arches}
- minetest
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- mingw-libidn2
ExclusiveArch: %{ix86} x86_64 %{arm}
- mingw-wine-gecko
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- mirrorlist-server
ExclusiveArch: %{rust_arches}
- mkbootdisk
ExclusiveArch: %{ix86} sparc sparc64 x86_64
- mod_mono
ExclusiveArch: %mono_arches
- module-build-service
ExclusiveArch: %{ix86} x86_64 noarch
- mokutil
ExclusiveArch: %{ix86} x86_64 aarch64 %{arm}
- mold
ExclusiveArch: x86_64 aarch64 riscv64
- mono
ExclusiveArch: %mono_arches
- mono-addins
ExclusiveArch: %mono_arches
- mono-basic
ExclusiveArch: %{mono_arches}
- mono-bouncycastle
ExclusiveArch: %mono_arches
- mono-cecil
ExclusiveArch: %mono_arches
- mono-cecil-flowanalysis
ExclusiveArch: %mono_arches
- mono-reflection
ExclusiveArch: %mono_arches
- mono-tools
ExclusiveArch: %mono_arches
- mono-zeroconf
ExclusiveArch: %mono_arches
- monobristol
ExclusiveArch: %{mono_arches}
- monodevelop
ExclusiveArch: %mono_arches
- monodevelop-debugger-gdb
ExclusiveArch: %{mono_arches}
- monosim
ExclusiveArch: %mono_arches
- mrrescue
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- msr-tools
ExclusiveArch: %{ix86} x86_64
- mustache-d
ExclusiveArch: %{ldc_arches}
- mysql-connector-net
ExclusiveArch: %{mono_arches}
- naev
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- nant
ExclusiveArch: %mono_arches
- nativejit
ExclusiveArch: x86_64
- nbc
ExclusiveArch: %{fpc_arches}
- nbdkit
ExclusiveArch: x86_64
- ndesk-dbus
ExclusiveArch: %{mono_arches}
- ndesk-dbus-glib
ExclusiveArch: %{mono_arches}
- netavark
ExclusiveArch: %{rust_arches}
- newtonsoft-json
ExclusiveArch: %{mono_arches}
- nispor
ExclusiveArch: %{rust_arches}
- nodejs
ExclusiveArch: %{nodejs_arches}
- nodejs-acorn-object-spread
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-backbone
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bash-language-server
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-buble
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-colors
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-generic-pool
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-less
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-linefix
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-nodemon
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-packaging
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-replace-require-self
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-supervisor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tape
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-typescript
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-underscore
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- notify-sharp
ExclusiveArch: %{mono_arches}
- notify-sharp3
ExclusiveArch: %{mono_arches}
- nuget
ExclusiveArch: %{mono_arches}
- numatop
ExclusiveArch: x86_64 ppc64le
- nunit
ExclusiveArch: %{mono_arches}
- nunit2
ExclusiveArch: %{mono_arches}
- nvml
ExclusiveArch: x86_64 ppc64le
- nwchem
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- obs-service-rust2rpm
ExclusiveArch: %{rust_arches} noarch
- oci-seccomp-bpf-hook
ExclusiveArch: x86_64 %%{power64} aarch64 s390x armv7hl
- oci-umount
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x %{mips}
- oidn
ExclusiveArch: x86_64
- olpc-kbdshim
ExclusiveArch: %{ix86} %{arm}
- olpc-utils
ExclusiveArch: %{ix86} %{arm}
- oneVPL
ExclusiveArch: x86_64
- oneVPL-intel-gpu
ExclusiveArch: x86_64
- onednn
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- onedrive
ExclusiveArch: %{ldc_arches}
- opae
ExclusiveArch: x86_64
- opal-prd
ExclusiveArch: ppc64le
- open-vm-tools
ExclusiveArch: x86_64
ExclusiveArch: %{ix86} x86_64 aarch64
- openblas
ExclusiveArch: %{openblas_arches}
- openjfx
ExclusiveArch: x86_64
- openjfx8
ExclusiveArch: x86_64
- openlibm
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 %{power64}
- openms
ExclusiveArch: %{qt5_qtwebengine_arches}
- openni
ExclusiveArch: %{ix86} x86_64 %{arm}
- openni-primesense
ExclusiveArch: %{ix86} x86_64 %{arm}
- openshadinglanguage
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- openssl-ibmca
ExclusiveArch: s390 s390x
- origin
ExclusiveArch: %{go_arches}
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- orion
ExclusiveArch: %{qt5_qtwebengine_arches}
- orthorobot
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- pacemaker
ExclusiveArch: aarch64 i686 ppc64le s390x x86_64 %{arm}
ExclusiveArch: aarch64 i686 ppc64le s390x x86_64
- paflib
ExclusiveArch: ppc %{power64}
- parsec
ExclusiveArch: %{rust_arches}
- parsec-tool
ExclusiveArch: %{rust_arches}
- pasdoc
ExclusiveArch: %{fpc_arches}
- pcc
ExclusiveArch: %{ix86} x86_64
- pcm
ExclusiveArch: %{ix86} x86_64
- pcmciautils
ExclusiveArch: %{ix86} x86_64 ia64 ppc ppc64 %{arm}
- pdbg
ExclusiveArch: ppc64le
- pdfmod
ExclusiveArch: %mono_arches
- perl-Dumbbench
ExclusiveArch: %{ix86} x86_64 noarch
- perl-Parse-DMIDecode
ExclusiveArch: %{ix86} x86_64 ia64 aarch64
- pesign
ExclusiveArch: %{ix86} x86_64 ia64 aarch64 %{arm}
- pesign-test-app
ExclusiveArch: x86_64
- pinta
ExclusiveArch: %mono_arches
- pioneer
ExclusiveArch: %{ix86} x86_64
- playonlinux
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- pmdk-convert
ExclusiveArch: x86_64
- pmemkv
ExclusiveArch: x86_64
- podman
ExclusiveArch: %{golang_arches}
- poppler-sharp
ExclusiveArch: %mono_arches
- popub
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- powerpc-utils
ExclusiveArch: ppc %{power64}
- ppc64-diag
ExclusiveArch: ppc %{power64}
- pveclib
ExclusiveArch: ppc %{power64}
- pvs-sbcl
ExclusiveArch: %{ix86} x86_64 ppc sparcv9
- pyqtwebengine
ExclusiveArch: %{qt5_qtwebengine_arches}
- python-cryptography
ExclusiveArch: %{rust_arches}
- python-etcd
ExclusiveArch: noarch %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
- python-healpy
ExclusiveArch: aarch64 ppc64 ppc64le x86_64 s390x
- python-javabridge
ExclusiveArch: i686 x86_64
- python-openoffice
ExclusiveArch: noarch x86_64
- python-pymoc
ExclusiveArch: aarch64 ppc64 ppc64le x86_64 s390x
- python-setuptools-rust
ExclusiveArch: %{rust_arches}
- q4wine
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- qatzip
ExclusiveArch: x86_64
- qcint
ExclusiveArch: x86_64
- qclib
ExclusiveArch: s390 s390x
- qemu-sanity-check
ExclusiveArch: %{kernel_arches}
- qevercloud
ExclusiveArch: %{qt5_qtwebengine_arches}
- qmapshack
ExclusiveArch: %{qt5_qtwebengine_arches}
- qt4pas
ExclusiveArch: %{fpc_arches}
- qt5-qtwebengine
ExclusiveArch: %{qt5_qtwebengine_arches}
- quantum-espresso
ExclusiveArch: x86_64 %{ix86} aarch64 %{power64}
- quentier
ExclusiveArch: %{qt5_qtwebengine_arches}
- rear
ExclusiveArch: %ix86 x86_64 ppc ppc64 ppc64le ia64
- reg
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- renderdoc
ExclusiveArch: x86_64
- reptyr
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- rescene
ExclusiveArch: %{mono_arches}
- restool
ExclusiveArch: aarch64
- restsharp
ExclusiveArch: %{mono_arches}
- rhythmbox-alternative-toolbar
ExclusiveArch: %{ix86} %{arm} x86_64 ppc64 ppc64le
- rocm-compilersupport
ExclusiveArch: x86_64 aarch64 ppc64le
- rocm-device-libs
ExclusiveArch: x86_64 aarch64 ppc64le
- rocm-runtime
ExclusiveArch: x86_64 aarch64 ppc64le
- rocminfo
ExclusiveArch: x86_64 aarch64 ppc64le
- rpm-ostree
ExclusiveArch: %{rust_arches}
- rr
ExclusiveArch: %{ix86} x86_64 aarch64
- rssguard
ExclusiveArch: %{qt5_qtwebengine_arches}
- rubygem-childprocess
ExclusiveArch: %{ix86} x86_64 noarch
- runc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le %{mips} s390x
- rust
ExclusiveArch: %{rust_arches}
- rust-Inflector
ExclusiveArch: %{rust_arches}
- rust-abomonation
ExclusiveArch: %{rust_arches}
- rust-actix
ExclusiveArch: %{rust_arches}
- rust-actix-codec
ExclusiveArch: %{rust_arches}
- rust-actix-connect
ExclusiveArch: %{rust_arches}
- rust-actix-http
ExclusiveArch: %{rust_arches}
- rust-actix-macros
ExclusiveArch: %{rust_arches}
- rust-actix-macros0.1
ExclusiveArch: %{rust_arches}
- rust-actix-router
ExclusiveArch: %{rust_arches}
- rust-actix-rt
ExclusiveArch: %{rust_arches}
- rust-actix-rt1
ExclusiveArch: %{rust_arches}
- rust-actix-server
ExclusiveArch: %{rust_arches}
- rust-actix-service
ExclusiveArch: %{rust_arches}
- rust-actix-testing
ExclusiveArch: %{rust_arches}
- rust-actix-threadpool
ExclusiveArch: %{rust_arches}
- rust-actix-tls
ExclusiveArch: %{rust_arches}
- rust-actix-utils
ExclusiveArch: %{rust_arches}
- rust-actix-web
ExclusiveArch: %{rust_arches}
- rust-actix-web-codegen
ExclusiveArch: %{rust_arches}
- rust-actix0.10
ExclusiveArch: %{rust_arches}
- rust-actix_derive
ExclusiveArch: %{rust_arches}
- rust-actix_derive0.5
ExclusiveArch: %{rust_arches}
- rust-addr2line
ExclusiveArch: %{rust_arches}
- rust-adler
ExclusiveArch: %{rust_arches}
- rust-adler32
ExclusiveArch: %{rust_arches}
- rust-aead
ExclusiveArch: %{rust_arches}
- rust-aes
ExclusiveArch: %{rust_arches}
- rust-aes-gcm
ExclusiveArch: %{rust_arches}
- rust-aes0.7
ExclusiveArch: %{rust_arches}
- rust-afterburn
ExclusiveArch: %{rust_arches}
- rust-ahash
ExclusiveArch: %{rust_arches}
- rust-ahash0.4
ExclusiveArch: %{rust_arches}
- rust-aho-corasick
ExclusiveArch: %{rust_arches}
- rust-alacritty
ExclusiveArch: %{rust_arches}
- rust-alacritty_config_derive
ExclusiveArch: %{rust_arches}
- rust-alacritty_terminal
ExclusiveArch: %{rust_arches}
- rust-alga
ExclusiveArch: %{rust_arches}
- rust-alga_derive
ExclusiveArch: %{rust_arches}
- rust-aliasable
ExclusiveArch: %{rust_arches}
- rust-alloc-no-stdlib
ExclusiveArch: %{rust_arches}
- rust-alloc-stdlib
ExclusiveArch: %{rust_arches}
- rust-ambient-authority
ExclusiveArch: %{rust_arches}
- rust-ammonia
ExclusiveArch: %{rust_arches}
- rust-ansi_colours
ExclusiveArch: %{rust_arches}
- rust-ansi_term
ExclusiveArch: %{rust_arches}
- rust-ansi_term0.11
ExclusiveArch: %{rust_arches}
- rust-antidote
ExclusiveArch: %{rust_arches}
- rust-anyhow
ExclusiveArch: %{rust_arches}
- rust-aom-sys
ExclusiveArch: %{rust_arches}
- rust-app_dirs
ExclusiveArch: %{rust_arches}
- rust-approx
ExclusiveArch: %{rust_arches}
- rust-ar
ExclusiveArch: %{rust_arches}
- rust-arbitrary
ExclusiveArch: %{rust_arches}
- rust-arbitrary0.4
ExclusiveArch: %{rust_arches}
- rust-arc-swap
ExclusiveArch: %{rust_arches}
- rust-arf-strings
ExclusiveArch: %{rust_arches}
- rust-arg_enum_proc_macro
ExclusiveArch: %{rust_arches}
- rust-argh
ExclusiveArch: %{rust_arches}
- rust-argh_derive
ExclusiveArch: %{rust_arches}
- rust-argh_shared
ExclusiveArch: %{rust_arches}
- rust-argparse
ExclusiveArch: %{rust_arches}
- rust-array-init
ExclusiveArch: %{rust_arches}
- rust-arrayref
ExclusiveArch: %{rust_arches}
- rust-arrayvec
ExclusiveArch: %{rust_arches}
- rust-arrayvec0.5
ExclusiveArch: %{rust_arches}
- rust-ascii
ExclusiveArch: %{rust_arches}
- rust-ascii-canvas
ExclusiveArch: %{rust_arches}
- rust-askalono
ExclusiveArch: %{rust_arches}
- rust-askalono-cli
ExclusiveArch: %{rust_arches}
- rust-askama
ExclusiveArch: %{rust_arches}
- rust-askama_derive
ExclusiveArch: %{rust_arches}
- rust-askama_escape
ExclusiveArch: %{rust_arches}
- rust-askama_shared
ExclusiveArch: %{rust_arches}
- rust-asn1
ExclusiveArch: %{rust_arches}
- rust-asn1_derive
ExclusiveArch: %{rust_arches}
- rust-assert-impl
ExclusiveArch: %{rust_arches}
- rust-assert-json-diff
ExclusiveArch: %{rust_arches}
- rust-assert_approx_eq
ExclusiveArch: %{rust_arches}
- rust-assert_cli
ExclusiveArch: %{rust_arches}
- rust-assert_cmd
ExclusiveArch: %{rust_arches}
- rust-assert_fs
ExclusiveArch: %{rust_arches}
- rust-assert_matches
ExclusiveArch: %{rust_arches}
- rust-assign
ExclusiveArch: %{rust_arches}
- rust-async-attributes
ExclusiveArch: %{rust_arches}
- rust-async-channel
ExclusiveArch: %{rust_arches}
- rust-async-compression
ExclusiveArch: %{rust_arches}
- rust-async-executor
ExclusiveArch: %{rust_arches}
- rust-async-global-executor
ExclusiveArch: %{rust_arches}
- rust-async-io
ExclusiveArch: %{rust_arches}
- rust-async-lock
ExclusiveArch: %{rust_arches}
- rust-async-mutex
ExclusiveArch: %{rust_arches}
- rust-async-process
ExclusiveArch: %{rust_arches}
- rust-async-std
ExclusiveArch: %{rust_arches}
- rust-async-stream
ExclusiveArch: %{rust_arches}
- rust-async-stream-impl
ExclusiveArch: %{rust_arches}
- rust-async-task
ExclusiveArch: %{rust_arches}
- rust-async-trait
ExclusiveArch: %{rust_arches}
- rust-asyncgit
ExclusiveArch: %{rust_arches}
- rust-atk
ExclusiveArch: %{rust_arches}
- rust-atk-sys
ExclusiveArch: %{rust_arches}
- rust-atom
ExclusiveArch: %{rust_arches}
- rust-atomic
ExclusiveArch: %{rust_arches}
- rust-atomic-traits
ExclusiveArch: %{rust_arches}
- rust-atomic-waker
ExclusiveArch: %{rust_arches}
- rust-attohttpc
ExclusiveArch: %{rust_arches}
- rust-atty
ExclusiveArch: %{rust_arches}
- rust-autocfg
ExclusiveArch: %{rust_arches}
- rust-automod
ExclusiveArch: %{rust_arches}
- rust-av-metrics
ExclusiveArch: %{rust_arches}
- rust-average
ExclusiveArch: %{rust_arches}
- rust-awc
ExclusiveArch: %{rust_arches}
- rust-aws-nitro-enclaves-cose
ExclusiveArch: %{rust_arches}
- rust-az
ExclusiveArch: %{rust_arches}
- rust-backtrace
ExclusiveArch: %{rust_arches}
- rust-base100
ExclusiveArch: %{rust_arches}
- rust-base64
ExclusiveArch: %{rust_arches}
- rust-base64-0.10
ExclusiveArch: %{rust_arches}
- rust-base64-0.11
ExclusiveArch: %{rust_arches}
- rust-base64_0.12
ExclusiveArch: %{rust_arches}
- rust-base64ct
ExclusiveArch: %{rust_arches}
- rust-bat
ExclusiveArch: %{rust_arches}
- rust-battery
ExclusiveArch: %{rust_arches}
- rust-beef
ExclusiveArch: %{rust_arches}
- rust-below
ExclusiveArch: %{rust_arches}
- rust-below-common
ExclusiveArch: %{rust_arches}
- rust-below-config
ExclusiveArch: %{rust_arches}
- rust-below-dump
ExclusiveArch: %{rust_arches}
- rust-below-model
ExclusiveArch: %{rust_arches}
- rust-below-render
ExclusiveArch: %{rust_arches}
- rust-below-store
ExclusiveArch: %{rust_arches}
- rust-below-view
ExclusiveArch: %{rust_arches}
- rust-below_derive
ExclusiveArch: %{rust_arches}
- rust-bencher
ExclusiveArch: %{rust_arches}
- rust-benfred-read-process-memory
ExclusiveArch: %{rust_arches}
- rust-bigdecimal
ExclusiveArch: %{rust_arches}
- rust-bincode
ExclusiveArch: %{rust_arches}
- rust-bincode0.8
ExclusiveArch: %{rust_arches}
- rust-bindgen
ExclusiveArch: %{rust_arches}
- rust-binfarce
ExclusiveArch: %{rust_arches}
- rust-bit-set
ExclusiveArch: %{rust_arches}
- rust-bit-vec
ExclusiveArch: %{rust_arches}
- rust-bitfield
ExclusiveArch: %{rust_arches}
- rust-bitflags
ExclusiveArch: %{rust_arches}
- rust-bitmaps
ExclusiveArch: %{rust_arches}
- rust-bitstream-io
ExclusiveArch: %{rust_arches}
- rust-bitvec
ExclusiveArch: %{rust_arches}
- rust-blake2
ExclusiveArch: %{rust_arches}
- rust-blobby
ExclusiveArch: %{rust_arches}
- rust-blobby0.1
ExclusiveArch: %{rust_arches}
- rust-block-buffer
ExclusiveArch: %{rust_arches}
- rust-block-buffer0.9
ExclusiveArch: %{rust_arches}
- rust-block-modes
ExclusiveArch: %{rust_arches}
- rust-block-padding
ExclusiveArch: %{rust_arches}
- rust-block-padding0.2
ExclusiveArch: %{rust_arches}
- rust-blocking
ExclusiveArch: %{rust_arches}
- rust-blsctl
ExclusiveArch: %{rust_arches}
- rust-bodhi
ExclusiveArch: %{rust_arches}
- rust-bodhi-cli
ExclusiveArch: %{rust_arches}
- rust-bootupd
ExclusiveArch: x86_64 aarch64
- rust-box_drawing
ExclusiveArch: %{rust_arches}
- rust-boxfnonce
ExclusiveArch: %{rust_arches}
- rust-brotli
ExclusiveArch: %{rust_arches}
- rust-brotli-decompressor
ExclusiveArch: %{rust_arches}
- rust-brotli-sys
ExclusiveArch: %{rust_arches}
- rust-brotli2
ExclusiveArch: %{rust_arches}
- rust-bstr
ExclusiveArch: %{rust_arches}
- rust-btrd
ExclusiveArch: %{rust_arches}
- rust-buf_redux
ExclusiveArch: %{rust_arches}
- rust-buffered-reader
ExclusiveArch: %{rust_arches}
- rust-bufsize
ExclusiveArch: %{rust_arches}
- rust-bufstream
ExclusiveArch: %{rust_arches}
- rust-bugreport
ExclusiveArch: %{rust_arches}
- rust-build_const
ExclusiveArch: %{rust_arches}
- rust-bumpalo
ExclusiveArch: %{rust_arches}
- rust-byte-unit
ExclusiveArch: %{rust_arches}
- rust-byte-unit3
ExclusiveArch: %{rust_arches}
- rust-bytecheck
ExclusiveArch: %{rust_arches}
- rust-bytecheck_derive
ExclusiveArch: %{rust_arches}
- rust-bytecount
ExclusiveArch: %{rust_arches}
- rust-bytelines
ExclusiveArch: %{rust_arches}
- rust-bytemuck
ExclusiveArch: %{rust_arches}
- rust-bytemuck_derive
ExclusiveArch: %{rust_arches}
- rust-byteorder
ExclusiveArch: %{rust_arches}
- rust-bytes
ExclusiveArch: %{rust_arches}
- rust-bytes-cast
ExclusiveArch: %{rust_arches}
- rust-bytes-cast-derive
ExclusiveArch: %{rust_arches}
- rust-bytes0.4
ExclusiveArch: %{rust_arches}
- rust-bytes0.5
ExclusiveArch: %{rust_arches}
- rust-bytesize
ExclusiveArch: %{rust_arches}
- rust-bytestring
ExclusiveArch: %{rust_arches}
- rust-bzip2
ExclusiveArch: %{rust_arches}
- rust-bzip2-sys
ExclusiveArch: %{rust_arches}
- rust-cache-padded
ExclusiveArch: %{rust_arches}
- rust-cairo-rs
ExclusiveArch: %{rust_arches}
- rust-cairo-sys-rs
ExclusiveArch: %{rust_arches}
- rust-calloop
ExclusiveArch: %{rust_arches}
- rust-camino
ExclusiveArch: %{rust_arches}
- rust-cap-async-std
ExclusiveArch: %{rust_arches}
- rust-cap-fs-ext
ExclusiveArch: %{rust_arches}
- rust-cap-primitives
ExclusiveArch: %{rust_arches}
- rust-cap-rand
ExclusiveArch: %{rust_arches}
- rust-cap-std
ExclusiveArch: %{rust_arches}
- rust-cap-tempfile
ExclusiveArch: %{rust_arches}
- rust-cap-time-ext
ExclusiveArch: %{rust_arches}
- rust-capng
ExclusiveArch: %{rust_arches}
- rust-capnp
ExclusiveArch: %{rust_arches}
- rust-capnp-futures
ExclusiveArch: %{rust_arches}
- rust-capnp-rpc
ExclusiveArch: %{rust_arches}
- rust-caps
ExclusiveArch: %{rust_arches}
- rust-cargo
ExclusiveArch: %{rust_arches}
- rust-cargo-bloat
ExclusiveArch: %{rust_arches}
- rust-cargo-c
ExclusiveArch: %{rust_arches}
- rust-cargo-edit
ExclusiveArch: %{rust_arches}
- rust-cargo-husky
ExclusiveArch: %{rust_arches}
- rust-cargo-insta
ExclusiveArch: %{rust_arches}
- rust-cargo-platform
ExclusiveArch: %{rust_arches}
- rust-cargo-readme
ExclusiveArch: %{rust_arches}
- rust-cargo-util
ExclusiveArch: %{rust_arches}
- rust-cargo_metadata
ExclusiveArch: %{rust_arches}
- rust-cascade
ExclusiveArch: %{rust_arches}
- rust-case
ExclusiveArch: %{rust_arches}
- rust-cassowary
ExclusiveArch: %{rust_arches}
- rust-cast
ExclusiveArch: %{rust_arches}
- rust-cbindgen
ExclusiveArch: %{rust_arches}
- rust-cc
ExclusiveArch: %{rust_arches}
- rust-cedarwood
ExclusiveArch: %{rust_arches}
- rust-cexpr
ExclusiveArch: %{rust_arches}
- rust-cfb
ExclusiveArch: %{rust_arches}
- rust-cfg-expr
ExclusiveArch: %{rust_arches}
- rust-cfg-if
ExclusiveArch: %{rust_arches}
- rust-cfg-if0.1
ExclusiveArch: %{rust_arches}
- rust-cgroupfs
ExclusiveArch: %{rust_arches}
- rust-chainerror
ExclusiveArch: %{rust_arches}
- rust-charset
ExclusiveArch: %{rust_arches}
- rust-chbs
ExclusiveArch: %{rust_arches}
- rust-checked_int_cast
ExclusiveArch: %{rust_arches}
- rust-choosier
ExclusiveArch: %{rust_arches}
- rust-chrono
ExclusiveArch: %{rust_arches}
- rust-chrono-humanize
ExclusiveArch: %{rust_arches}
- rust-chrono-tz
ExclusiveArch: %{rust_arches}
- rust-chunked_transfer
ExclusiveArch: %{rust_arches}
- rust-cipher
ExclusiveArch: %{rust_arches}
- rust-cipher0.3
ExclusiveArch: %{rust_arches}
- rust-clang-ast
ExclusiveArch: %{rust_arches}
- rust-clang-sys
ExclusiveArch: %{rust_arches}
- rust-clap
ExclusiveArch: %{rust_arches}
- rust-clap-verbosity-flag
ExclusiveArch: %{rust_arches}
- rust-clap2
ExclusiveArch: %{rust_arches}
- rust-clap_complete
ExclusiveArch: %{rust_arches}
- rust-clap_complete_fig
ExclusiveArch: %{rust_arches}
- rust-clap_derive
ExclusiveArch: %{rust_arches}
- rust-clap_generate
ExclusiveArch: %{rust_arches}
- rust-clap_generate_fig
ExclusiveArch: %{rust_arches}
- rust-clicolors-control
ExclusiveArch: %{rust_arches}
- rust-clircle
ExclusiveArch: %{rust_arches}
- rust-cmake
ExclusiveArch: %{rust_arches}
- rust-codespan-reporting
ExclusiveArch: %{rust_arches}
- rust-codicon
ExclusiveArch: %{rust_arches}
- rust-color-backtrace
ExclusiveArch: %{rust_arches}
- rust-color_quant
ExclusiveArch: %{rust_arches}
- rust-colored
ExclusiveArch: %{rust_arches}
- rust-colored1
ExclusiveArch: %{rust_arches}
- rust-colored_json
ExclusiveArch: %{rust_arches}
- rust-colorful
ExclusiveArch: %{rust_arches}
- rust-combine
ExclusiveArch: %{rust_arches}
- rust-comfy-table
ExclusiveArch: %{rust_arches}
- rust-common-path
ExclusiveArch: %{rust_arches}
- rust-compiletest_rs
ExclusiveArch: %{rust_arches}
- rust-compress-tools
ExclusiveArch: %{rust_arches}
- rust-comrak
ExclusiveArch: %{rust_arches}
- rust-concurrent-queue
ExclusiveArch: %{rust_arches}
- rust-configparser
ExclusiveArch: %{rust_arches}
- rust-confy
ExclusiveArch: %{rust_arches}
- rust-conhash
ExclusiveArch: %{rust_arches}
- rust-console
ExclusiveArch: %{rust_arches}
- rust-console0.11
ExclusiveArch: %{rust_arches}
- rust-console0.12
ExclusiveArch: %{rust_arches}
- rust-console0.13
ExclusiveArch: %{rust_arches}
- rust-console0.14
ExclusiveArch: %{rust_arches}
- rust-console0.9
ExclusiveArch: %{rust_arches}
- rust-console_error_panic_hook
ExclusiveArch: %{rust_arches}
- rust-const-cstr
ExclusiveArch: %{rust_arches}
- rust-const-oid
ExclusiveArch: %{rust_arches}
- rust-const-random
ExclusiveArch: %{rust_arches}
- rust-const-random-macro
ExclusiveArch: %{rust_arches}
- rust-const_fn
ExclusiveArch: %{rust_arches}
- rust-constant_time_eq
ExclusiveArch: %{rust_arches}
- rust-content_inspector
ExclusiveArch: %{rust_arches}
- rust-conv
ExclusiveArch: %{rust_arches}
- rust-convert_case
ExclusiveArch: %{rust_arches}
- rust-cookie
ExclusiveArch: %{rust_arches}
- rust-cookie-factory
ExclusiveArch: %{rust_arches}
- rust-cookie0.14
ExclusiveArch: %{rust_arches}
- rust-cookie_store
ExclusiveArch: %{rust_arches}
- rust-cookie_store0.12
ExclusiveArch: %{rust_arches}
- rust-coolor
ExclusiveArch: %{rust_arches}
- rust-copydeps
ExclusiveArch: %{rust_arches}
- rust-copyless
ExclusiveArch: %{rust_arches}
- rust-copypasta
ExclusiveArch: %{rust_arches}
- rust-cordic
ExclusiveArch: %{rust_arches}
- rust-coreos-installer
ExclusiveArch: %{rust_arches}
- rust-count-zeroes
ExclusiveArch: %{rust_arches}
- rust-counted-array
ExclusiveArch: %{rust_arches}
- rust-cpio
ExclusiveArch: %{rust_arches}
- rust-cpp_demangle
ExclusiveArch: %{rust_arches}
- rust-cpufeatures
ExclusiveArch: %{rust_arches}
- rust-cpython
ExclusiveArch: %{rust_arches}
- rust-cranelift-bforest
ExclusiveArch: %{rust_arches}
- rust-cranelift-codegen
ExclusiveArch: x86_64 aarch64 s390x
- rust-cranelift-codegen-meta
ExclusiveArch: %{rust_arches}
- rust-cranelift-codegen-shared
ExclusiveArch: %{rust_arches}
- rust-cranelift-entity
ExclusiveArch: %{rust_arches}
- rust-cranelift-frontend
ExclusiveArch: x86_64 aarch64 s390x
- rust-cranelift-native
ExclusiveArch: x86_64 aarch64 s390x
- rust-cranelift-wasm
ExclusiveArch: x86_64 aarch64 s390x
- rust-crates-io
ExclusiveArch: %{rust_arches}
- rust-crc
ExclusiveArch: %{rust_arches}
- rust-crc-any
ExclusiveArch: %{rust_arches}
- rust-crc-catalog
ExclusiveArch: %{rust_arches}
- rust-crc-core
ExclusiveArch: %{rust_arches}
- rust-crc32fast
ExclusiveArch: %{rust_arches}
- rust-criterion
ExclusiveArch: %{rust_arches}
- rust-criterion-plot
ExclusiveArch: %{rust_arches}
- rust-crossbeam
ExclusiveArch: %{rust_arches}
- rust-crossbeam-channel
ExclusiveArch: %{rust_arches}
- rust-crossbeam-channel0.4
ExclusiveArch: %{rust_arches}
- rust-crossbeam-deque
ExclusiveArch: %{rust_arches}
- rust-crossbeam-deque0.7
ExclusiveArch: %{rust_arches}
- rust-crossbeam-epoch
ExclusiveArch: %{rust_arches}
- rust-crossbeam-epoch0.8
ExclusiveArch: %{rust_arches}
- rust-crossbeam-queue
ExclusiveArch: %{rust_arches}
- rust-crossbeam-queue0.2
ExclusiveArch: %{rust_arches}
- rust-crossbeam-utils
ExclusiveArch: %{rust_arches}
- rust-crossbeam-utils0.7
ExclusiveArch: %{rust_arches}
- rust-crossbeam0.7
ExclusiveArch: %{rust_arches}
- rust-crossfont
ExclusiveArch: %{rust_arches}
- rust-crossterm
ExclusiveArch: %{rust_arches}
- rust-crossterm0.17
ExclusiveArch: %{rust_arches}
- rust-crossterm0.19
ExclusiveArch: %{rust_arches}
- rust-crosstermion
ExclusiveArch: %{rust_arches}
- rust-crunchy
ExclusiveArch: %{rust_arches}
- rust-crypto-bigint
ExclusiveArch: %{rust_arches}
- rust-crypto-common
ExclusiveArch: %{rust_arches}
- rust-crypto-hash
ExclusiveArch: %{rust_arches}
- rust-crypto-mac
ExclusiveArch: %{rust_arches}
- rust-cryptoki
ExclusiveArch: %{rust_arches}
- rust-cryptoki-sys
ExclusiveArch: %{rust_arches}
- rust-cryptovec
ExclusiveArch: %{rust_arches}
- rust-cssparser
ExclusiveArch: %{rust_arches}
- rust-cssparser-macros
ExclusiveArch: %{rust_arches}
- rust-cstr_core
ExclusiveArch: %{rust_arches}
- rust-csv
ExclusiveArch: %{rust_arches}
- rust-csv-core
ExclusiveArch: %{rust_arches}
- rust-ct-logs
ExclusiveArch: %{rust_arches}
- rust-ctor
ExclusiveArch: %{rust_arches}
- rust-ctr
ExclusiveArch: %{rust_arches}
- rust-ctr0.8
ExclusiveArch: %{rust_arches}
- rust-ctrlc
ExclusiveArch: %{rust_arches}
- rust-cty
ExclusiveArch: %{rust_arches}
- rust-curl
ExclusiveArch: %{rust_arches}
- rust-curl-sys
ExclusiveArch: %{rust_arches}
- rust-cursive
ExclusiveArch: %{rust_arches}
- rust-cursive-tabs
ExclusiveArch: %{rust_arches}
- rust-cursive_buffered_backend
ExclusiveArch: %{rust_arches}
- rust-cursive_core
ExclusiveArch: %{rust_arches}
- rust-curve25519-dalek
ExclusiveArch: %{rust_arches}
- rust-custom_derive
ExclusiveArch: %{rust_arches}
- rust-custom_error
ExclusiveArch: %{rust_arches}
- rust-cxx
ExclusiveArch: %{rust_arches}
- rust-cxx-build
ExclusiveArch: %{rust_arches}
- rust-cxx-gen
ExclusiveArch: %{rust_arches}
- rust-cxxbridge-flags
ExclusiveArch: %{rust_arches}
- rust-cxxbridge-macro
ExclusiveArch: %{rust_arches}
- rust-darling
ExclusiveArch: %{rust_arches}
- rust-darling0.12
ExclusiveArch: %{rust_arches}
- rust-darling_core
ExclusiveArch: %{rust_arches}
- rust-darling_core0.12
ExclusiveArch: %{rust_arches}
- rust-darling_macro
ExclusiveArch: %{rust_arches}
- rust-darling_macro0.12
ExclusiveArch: %{rust_arches}
- rust-dashmap
ExclusiveArch: %{rust_arches}
- rust-data-encoding
ExclusiveArch: %{rust_arches}
- rust-data-url
ExclusiveArch: %{rust_arches}
- rust-datetime
ExclusiveArch: %{rust_arches}
- rust-dav1d-sys
ExclusiveArch: %{rust_arches}
- rust-dbus
ExclusiveArch: %{rust_arches}
- rust-dbus-codegen
ExclusiveArch: %{rust_arches}
- rust-dbus-crossroads
ExclusiveArch: %{rust_arches}
- rust-dbus-tokio
ExclusiveArch: %{rust_arches}
- rust-dbus-tree
ExclusiveArch: %{rust_arches}
- rust-dbus0.8
ExclusiveArch: %{rust_arches}
- rust-debug-helper
ExclusiveArch: %{rust_arches}
- rust-decimal
ExclusiveArch: %{rust_arches}
- rust-defer-drop
ExclusiveArch: %{rust_arches}
- rust-deflate
ExclusiveArch: %{rust_arches}
- rust-deflate0.8
ExclusiveArch: %{rust_arches}
- rust-defmac
ExclusiveArch: %{rust_arches}
- rust-delta_e
ExclusiveArch: %{rust_arches}
- rust-der
ExclusiveArch: %{rust_arches}
- rust-der_derive
ExclusiveArch: %{rust_arches}
- rust-derivative
ExclusiveArch: %{rust_arches}
- rust-derive-new
ExclusiveArch: %{rust_arches}
- rust-derive_arbitrary
ExclusiveArch: %{rust_arches}
- rust-derive_arbitrary0.4
ExclusiveArch: %{rust_arches}
- rust-derive_builder
ExclusiveArch: %{rust_arches}
- rust-derive_builder0.9
ExclusiveArch: %{rust_arches}
- rust-derive_builder_core
ExclusiveArch: %{rust_arches}
- rust-derive_builder_core0.9
ExclusiveArch: %{rust_arches}
- rust-derive_builder_macro
ExclusiveArch: %{rust_arches}
- rust-derive_more
ExclusiveArch: %{rust_arches}
- rust-des
ExclusiveArch: %{rust_arches}
- rust-des0.7
ExclusiveArch: %{rust_arches}
- rust-desed
ExclusiveArch: %{rust_arches}
- rust-deunicode
ExclusiveArch: %{rust_arches}
- rust-devicemapper
ExclusiveArch: %{rust_arches}
- rust-devicemapper-sys
ExclusiveArch: %{rust_arches}
- rust-dialoguer
ExclusiveArch: %{rust_arches}
- rust-diesel
ExclusiveArch: %{rust_arches}
- rust-diesel_derives
ExclusiveArch: %{rust_arches}
- rust-diff
ExclusiveArch: %{rust_arches}
- rust-difference
ExclusiveArch: %{rust_arches}
- rust-difflib
ExclusiveArch: %{rust_arches}
- rust-digest
ExclusiveArch: %{rust_arches}
- rust-digest0.9
ExclusiveArch: %{rust_arches}
- rust-directories
ExclusiveArch: %{rust_arches}
- rust-directories-next
ExclusiveArch: %{rust_arches}
- rust-dirs
ExclusiveArch: %{rust_arches}
- rust-dirs-next
ExclusiveArch: %{rust_arches}
- rust-dirs-sys
ExclusiveArch: %{rust_arches}
- rust-dirs-sys-next
ExclusiveArch: %{rust_arches}
- rust-dirs2
ExclusiveArch: %{rust_arches}
- rust-dirs3
ExclusiveArch: %{rust_arches}
- rust-diskonaut
ExclusiveArch: %{rust_arches}
- rust-displaydoc
ExclusiveArch: %{rust_arches}
- rust-dissimilar
ExclusiveArch: %{rust_arches}
- rust-dlib
ExclusiveArch: %{rust_arches}
- rust-dlv-list
ExclusiveArch: %{rust_arches}
- rust-dns-lookup
ExclusiveArch: %{rust_arches}
- rust-dns-parser
ExclusiveArch: %{rust_arches}
- rust-doc-comment
ExclusiveArch: %{rust_arches}
- rust-docmatic
ExclusiveArch: %{rust_arches}
- rust-docopt
ExclusiveArch: %{rust_arches}
- rust-dotenv
ExclusiveArch: %{rust_arches}
- rust-downcast
ExclusiveArch: %{rust_arches}
- rust-downcast-rs
ExclusiveArch: %{rust_arches}
- rust-drg
ExclusiveArch: %{rust_arches}
- rust-dtoa
ExclusiveArch: %{rust_arches}
- rust-dtoa-short
ExclusiveArch: %{rust_arches}
- rust-dua-cli
ExclusiveArch: %{rust_arches}
- rust-duct
ExclusiveArch: %{rust_arches}
- rust-dummy
ExclusiveArch: %{rust_arches}
- rust-dunce
ExclusiveArch: %{rust_arches}
- rust-dutree
ExclusiveArch: %{rust_arches}
- rust-dyn-clone
ExclusiveArch: %{rust_arches}
- rust-easy-cast
ExclusiveArch: %{rust_arches}
- rust-easy-parallel
ExclusiveArch: %{rust_arches}
- rust-edit
ExclusiveArch: %{rust_arches}
- rust-edit-distance
ExclusiveArch: %{rust_arches}
- rust-either
ExclusiveArch: %{rust_arches}
- rust-elasticlunr-rs
ExclusiveArch: %{rust_arches}
- rust-elf
ExclusiveArch: %{rust_arches}
- rust-elfcat
ExclusiveArch: %{rust_arches}
- rust-ena
ExclusiveArch: %{rust_arches}
- rust-encode_unicode
ExclusiveArch: %{rust_arches}
- rust-encoding
ExclusiveArch: %{rust_arches}
- rust-encoding-index-japanese
ExclusiveArch: %{rust_arches}
- rust-encoding-index-korean
ExclusiveArch: %{rust_arches}
- rust-encoding-index-simpchinese
ExclusiveArch: %{rust_arches}
- rust-encoding-index-singlebyte
ExclusiveArch: %{rust_arches}
- rust-encoding-index-tradchinese
ExclusiveArch: %{rust_arches}
- rust-encoding_index_tests
ExclusiveArch: %{rust_arches}
- rust-encoding_rs
ExclusiveArch: %{rust_arches}
- rust-encoding_rs_io
ExclusiveArch: %{rust_arches}
- rust-endian-type
ExclusiveArch: %{rust_arches}
- rust-enquote
ExclusiveArch: %{rust_arches}
- rust-entities
ExclusiveArch: %{rust_arches}
- rust-enum-as-inner
ExclusiveArch: %{rust_arches}
- rust-enum-iterator
ExclusiveArch: %{rust_arches}
- rust-enum-iterator-derive
ExclusiveArch: %{rust_arches}
- rust-enum-map
ExclusiveArch: %{rust_arches}
- rust-enum-map-derive
ExclusiveArch: %{rust_arches}
- rust-enum_primitive
ExclusiveArch: %{rust_arches}
- rust-enumflags2
ExclusiveArch: %{rust_arches}
- rust-enumflags2_0.6
ExclusiveArch: %{rust_arches}
- rust-enumflags2_derive
ExclusiveArch: %{rust_arches}
- rust-enumflags2_derive0.6
ExclusiveArch: %{rust_arches}
- rust-enumset
ExclusiveArch: %{rust_arches}
- rust-enumset_derive
ExclusiveArch: %{rust_arches}
- rust-env_logger
ExclusiveArch: %{rust_arches}
- rust-env_logger0.4
ExclusiveArch: %{rust_arches}
- rust-env_logger0.5
ExclusiveArch: %{rust_arches}
- rust-env_logger0.6
ExclusiveArch: %{rust_arches}
- rust-env_logger0.7
ExclusiveArch: %{rust_arches}
- rust-env_logger0.8
ExclusiveArch: %{rust_arches}
- rust-env_proxy
ExclusiveArch: %{rust_arches}
- rust-environment
ExclusiveArch: %{rust_arches}
- rust-envsubst
ExclusiveArch: %{rust_arches}
- rust-epoll
ExclusiveArch: %{rust_arches}
- rust-erased-serde
ExclusiveArch: %{rust_arches}
- rust-err-derive
ExclusiveArch: %{rust_arches}
- rust-errln
ExclusiveArch: %{rust_arches}
- rust-errno
ExclusiveArch: %{rust_arches}
- rust-error-chain
ExclusiveArch: %{rust_arches}
- rust-escargot
ExclusiveArch: %{rust_arches}
- rust-ethtool
ExclusiveArch: %{rust_arches}
- rust-euclid
ExclusiveArch: %{rust_arches}
- rust-event-listener
ExclusiveArch: %{rust_arches}
- rust-exa
ExclusiveArch: %{rust_arches}
- rust-executable-path
ExclusiveArch: %{rust_arches}
- rust-exitcode
ExclusiveArch: %{rust_arches}
- rust-exitfailure
ExclusiveArch: %{rust_arches}
- rust-expat-sys
ExclusiveArch: %{rust_arches}
- rust-extend
ExclusiveArch: %{rust_arches}
- rust-extprim
ExclusiveArch: %{rust_arches}
- rust-extprim_literals_macros
ExclusiveArch: %{rust_arches}
- rust-eyre
ExclusiveArch: %{rust_arches}
- rust-faccess
ExclusiveArch: %{rust_arches}
- rust-fail
ExclusiveArch: %{rust_arches}
- rust-failure
ExclusiveArch: %{rust_arches}
- rust-failure-tools
ExclusiveArch: %{rust_arches}
- rust-failure_derive
ExclusiveArch: %{rust_arches}
- rust-fake
ExclusiveArch: %{rust_arches}
- rust-fake-simd
ExclusiveArch: %{rust_arches}
- rust-fallible-iterator
ExclusiveArch: %{rust_arches}
- rust-fallible-streaming-iterator
ExclusiveArch: %{rust_arches}
- rust-fancy-regex
ExclusiveArch: %{rust_arches}
- rust-fastrand
ExclusiveArch: %{rust_arches}
- rust-fatfs
ExclusiveArch: %{rust_arches}
- rust-fb_procfs
ExclusiveArch: %{rust_arches}
- rust-fbthrift_codegen_includer_proc_macro
ExclusiveArch: %{rust_arches}
- rust-fd-find
ExclusiveArch: %{rust_arches}
- rust-fd-lock
ExclusiveArch: %{rust_arches}
- rust-fdlimit
ExclusiveArch: %{rust_arches}
- rust-fedora
ExclusiveArch: %{rust_arches}
- rust-fedora-coreos-pinger
ExclusiveArch: %{rust_arches}
- rust-fedora-update-feedback
ExclusiveArch: %{rust_arches}
- rust-femme
ExclusiveArch: %{rust_arches}
- rust-fern
ExclusiveArch: %{rust_arches}
- rust-ffsend
ExclusiveArch: %{rust_arches}
- rust-ffsend-api
ExclusiveArch: %{rust_arches}
- rust-field-offset
ExclusiveArch: %{rust_arches}
- rust-file-per-thread-logger
ExclusiveArch: %{rust_arches}
- rust-filedescriptor
ExclusiveArch: %{rust_arches}
- rust-filesize
ExclusiveArch: %{rust_arches}
- rust-filetime
ExclusiveArch: %{rust_arches}
- rust-filetreelist
ExclusiveArch: %{rust_arches}
- rust-find-crate
ExclusiveArch: %{rust_arches}
- rust-findshlibs
ExclusiveArch: %{rust_arches}
- rust-fixed
ExclusiveArch: %{rust_arches}
- rust-fixedbitset
ExclusiveArch: %{rust_arches}
- rust-flate2
ExclusiveArch: %{rust_arches}
- rust-float-cmp
ExclusiveArch: %{rust_arches}
- rust-float-ord
ExclusiveArch: %{rust_arches}
- rust-fluent
ExclusiveArch: %{rust_arches}
- rust-fluent-bundle
ExclusiveArch: %{rust_arches}
- rust-fluent-langneg
ExclusiveArch: %{rust_arches}
- rust-fluent-syntax
ExclusiveArch: %{rust_arches}
- rust-fn-error-context
ExclusiveArch: %{rust_arches}
- rust-fnv
ExclusiveArch: %{rust_arches}
- rust-font-kit
ExclusiveArch: %{rust_arches}
- rust-foreign-types
ExclusiveArch: %{rust_arches}
- rust-foreign-types-macros
ExclusiveArch: %{rust_arches}
- rust-foreign-types-shared
ExclusiveArch: %{rust_arches}
- rust-foreign-types-shared0.1
ExclusiveArch: %{rust_arches}
- rust-foreign-types0.3
ExclusiveArch: %{rust_arches}
- rust-form_urlencoded
ExclusiveArch: %{rust_arches}
- rust-format-bytes
ExclusiveArch: %{rust_arches}
- rust-format-bytes-macros
ExclusiveArch: %{rust_arches}
- rust-fragile
ExclusiveArch: %{rust_arches}
- rust-freetype
ExclusiveArch: %{rust_arches}
- rust-freetype-rs
ExclusiveArch: %{rust_arches}
- rust-freetype-sys
ExclusiveArch: %{rust_arches}
- rust-fs-err
ExclusiveArch: %{rust_arches}
- rust-fs-set-times
ExclusiveArch: %{rust_arches}
- rust-fs2
ExclusiveArch: %{rust_arches}
- rust-fs_extra
ExclusiveArch: %{rust_arches}
- rust-fscommon
ExclusiveArch: %{rust_arches}
- rust-fslock
ExclusiveArch: %{rust_arches}
- rust-funty
ExclusiveArch: %{rust_arches}
- rust-futf
ExclusiveArch: %{rust_arches}
- rust-futures
ExclusiveArch: %{rust_arches}
- rust-futures-channel
ExclusiveArch: %{rust_arches}
- rust-futures-core
ExclusiveArch: %{rust_arches}
- rust-futures-cpupool
ExclusiveArch: %{rust_arches}
- rust-futures-executor
ExclusiveArch: %{rust_arches}
- rust-futures-io
ExclusiveArch: %{rust_arches}
- rust-futures-lite
ExclusiveArch: %{rust_arches}
- rust-futures-macro
ExclusiveArch: %{rust_arches}
- rust-futures-sink
ExclusiveArch: %{rust_arches}
- rust-futures-task
ExclusiveArch: %{rust_arches}
- rust-futures-test
ExclusiveArch: %{rust_arches}
- rust-futures-timer
ExclusiveArch: %{rust_arches}
- rust-futures-util
ExclusiveArch: %{rust_arches}
- rust-futures0.1
ExclusiveArch: %{rust_arches}
- rust-fuzzy-matcher
ExclusiveArch: %{rust_arches}
- rust-fxhash
ExclusiveArch: %{rust_arches}
- rust-gdk
ExclusiveArch: %{rust_arches}
- rust-gdk-pixbuf
ExclusiveArch: %{rust_arches}
- rust-gdk-pixbuf-sys
ExclusiveArch: %{rust_arches}
- rust-gdk-sys
ExclusiveArch: %{rust_arches}
- rust-gdk4
ExclusiveArch: %{rust_arches}
- rust-gdk4-sys
ExclusiveArch: %{rust_arches}
- rust-generic-array
ExclusiveArch: %{rust_arches}
- rust-generic-array0.12
ExclusiveArch: %{rust_arches}
- rust-genetlink
ExclusiveArch: %{rust_arches}
- rust-getch
ExclusiveArch: %{rust_arches}
- rust-gethostname
ExclusiveArch: %{rust_arches}
- rust-getopts
ExclusiveArch: %{rust_arches}
- rust-getrandom
ExclusiveArch: %{rust_arches}
- rust-getrandom0.1
ExclusiveArch: %{rust_arches}
- rust-getset
ExclusiveArch: %{rust_arches}
- rust-gettext-rs
ExclusiveArch: %{rust_arches}
- rust-gettext-sys
ExclusiveArch: %{rust_arches}
- rust-gh-emoji
ExclusiveArch: %{rust_arches}
- rust-ghash
ExclusiveArch: %{rust_arches}
- rust-ghost
ExclusiveArch: %{rust_arches}
- rust-gif
ExclusiveArch: %{rust_arches}
- rust-gimli
ExclusiveArch: %{rust_arches}
- rust-gio
ExclusiveArch: %{rust_arches}
- rust-gio-sys
ExclusiveArch: %{rust_arches}
- rust-gir-format-check
ExclusiveArch: %{rust_arches}
- rust-git-delta
ExclusiveArch: %{rust_arches}
- rust-git-version
ExclusiveArch: %{rust_arches}
- rust-git-version-macro
ExclusiveArch: %{rust_arches}
- rust-git2
ExclusiveArch: %{rust_arches}
- rust-git2-curl
ExclusiveArch: %{rust_arches}
- rust-gitui
ExclusiveArch: %{rust_arches}
- rust-gl_generator
ExclusiveArch: %{rust_arches}
- rust-glam
ExclusiveArch: %{rust_arches}
- rust-glib
ExclusiveArch: %{rust_arches}
- rust-glib-macros
ExclusiveArch: %{rust_arches}
- rust-glib-sys
ExclusiveArch: %{rust_arches}
- rust-glob
ExclusiveArch: %{rust_arches}
- rust-globset
ExclusiveArch: %{rust_arches}
- rust-globwalk
ExclusiveArch: %{rust_arches}
- rust-glutin
ExclusiveArch: %{rust_arches}
- rust-glutin_egl_sys
ExclusiveArch: %{rust_arches}
- rust-glutin_glx_sys
ExclusiveArch: %{rust_arches}
- rust-gobject-sys
ExclusiveArch: %{rust_arches}
- rust-goblin
ExclusiveArch: %{rust_arches}
- rust-gptman
ExclusiveArch: %{rust_arches}
- rust-graphene-rs
ExclusiveArch: %{rust_arches}
- rust-graphene-sys
ExclusiveArch: %{rust_arches}
- rust-greetd_ipc
ExclusiveArch: %{rust_arches}
- rust-grep
ExclusiveArch: %{rust_arches}
- rust-grep-cli
ExclusiveArch: %{rust_arches}
- rust-grep-matcher
ExclusiveArch: %{rust_arches}
- rust-grep-pcre2
ExclusiveArch: %{rust_arches}
- rust-grep-printer
ExclusiveArch: %{rust_arches}
- rust-grep-regex
ExclusiveArch: %{rust_arches}
- rust-grep-searcher
ExclusiveArch: %{rust_arches}
- rust-groupable
ExclusiveArch: %{rust_arches}
- rust-gsk4
ExclusiveArch: %{rust_arches}
- rust-gsk4-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer
ExclusiveArch: %{rust_arches}
- rust-gstreamer-audio
ExclusiveArch: %{rust_arches}
- rust-gstreamer-audio-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-base
ExclusiveArch: %{rust_arches}
- rust-gstreamer-base-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-editing-services
ExclusiveArch: %{rust_arches}
- rust-gstreamer-editing-services-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-pbutils
ExclusiveArch: %{rust_arches}
- rust-gstreamer-pbutils-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-player
ExclusiveArch: %{rust_arches}
- rust-gstreamer-player-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-video
ExclusiveArch: %{rust_arches}
- rust-gstreamer-video-sys
ExclusiveArch: %{rust_arches}
- rust-gtk
ExclusiveArch: %{rust_arches}
- rust-gtk-sys
ExclusiveArch: %{rust_arches}
- rust-gtk3-macros
ExclusiveArch: %{rust_arches}
- rust-gtk4
ExclusiveArch: %{rust_arches}
- rust-gtk4-macros
ExclusiveArch: %{rust_arches}
- rust-gtk4-sys
ExclusiveArch: %{rust_arches}
- rust-gzip-header
ExclusiveArch: %{rust_arches}
- rust-h2
ExclusiveArch: %{rust_arches}
- rust-h2_0.2
ExclusiveArch: %{rust_arches}
- rust-half
ExclusiveArch: %{rust_arches}
- rust-hamcrest2
ExclusiveArch: %{rust_arches}
- rust-handlebars
ExclusiveArch: %{rust_arches}
- rust-hashbrown
ExclusiveArch: %{rust_arches}
- rust-hashbrown0.9
ExclusiveArch: %{rust_arches}
- rust-hashlink
ExclusiveArch: %{rust_arches}
- rust-headers
ExclusiveArch: %{rust_arches}
- rust-headers-core
ExclusiveArch: %{rust_arches}
- rust-headers-derive
ExclusiveArch: %{rust_arches}
- rust-heapsize
ExclusiveArch: %{rust_arches}
- rust-heatseeker
ExclusiveArch: %{rust_arches}
- rust-heck
ExclusiveArch: %{rust_arches}
- rust-heck0.3
ExclusiveArch: %{rust_arches}
- rust-helvum
ExclusiveArch: %{rust_arches}
- rust-hex
ExclusiveArch: %{rust_arches}
- rust-hex-literal
ExclusiveArch: %{rust_arches}
- rust-hex-literal-impl
ExclusiveArch: %{rust_arches}
- rust-hex-literal0.2
ExclusiveArch: %{rust_arches}
- rust-hexyl
ExclusiveArch: %{rust_arches}
- rust-hidapi
ExclusiveArch: %{rust_arches}
- rust-hkdf
ExclusiveArch: %{rust_arches}
- rust-hkdf0.11
ExclusiveArch: %{rust_arches}
- rust-hmac
ExclusiveArch: %{rust_arches}
- rust-hmac0.11
ExclusiveArch: %{rust_arches}
- rust-home
ExclusiveArch: %{rust_arches}
- rust-horrorshow
ExclusiveArch: %{rust_arches}
- rust-hostname
ExclusiveArch: %{rust_arches}
- rust-hostname-validator
ExclusiveArch: %{rust_arches}
- rust-html-escape
ExclusiveArch: %{rust_arches}
- rust-html2pango
ExclusiveArch: %{rust_arches}
- rust-html5ever
ExclusiveArch: %{rust_arches}
- rust-http
ExclusiveArch: %{rust_arches}
- rust-http-body
ExclusiveArch: %{rust_arches}
- rust-http-body0.3
ExclusiveArch: %{rust_arches}
- rust-http0.1
ExclusiveArch: %{rust_arches}
- rust-httparse
ExclusiveArch: %{rust_arches}
- rust-httpdate
ExclusiveArch: %{rust_arches}
- rust-human-panic
ExclusiveArch: %{rust_arches}
- rust-human-sort
ExclusiveArch: %{rust_arches}
- rust-humansize
ExclusiveArch: %{rust_arches}
- rust-humantime
ExclusiveArch: %{rust_arches}
- rust-humantime-serde
ExclusiveArch: %{rust_arches}
- rust-humantime1
ExclusiveArch: %{rust_arches}
- rust-hyper
ExclusiveArch: %{rust_arches}
- rust-hyper-native-tls
ExclusiveArch: %{rust_arches}
- rust-hyper-rustls
ExclusiveArch: %{rust_arches}
- rust-hyper-staticfile
ExclusiveArch: %{rust_arches}
- rust-hyper-tls
ExclusiveArch: %{rust_arches}
- rust-hyper-tls0.4
ExclusiveArch: %{rust_arches}
- rust-hyper0.10
ExclusiveArch: %{rust_arches}
- rust-hyper0.13
ExclusiveArch: %{rust_arches}
- rust-hyperfine
ExclusiveArch: %{rust_arches}
- rust-i18n-config
ExclusiveArch: %{rust_arches}
- rust-i18n-embed
ExclusiveArch: %{rust_arches}
- rust-i18n-embed-fl
ExclusiveArch: %{rust_arches}
- rust-i18n-embed-impl
ExclusiveArch: %{rust_arches}
- rust-i3ipc
ExclusiveArch: %{rust_arches}
- rust-iai
ExclusiveArch: %{rust_arches}
- rust-id-arena
ExclusiveArch: %{rust_arches}
- rust-ident_case
ExclusiveArch: %{rust_arches}
- rust-idna
ExclusiveArch: %{rust_arches}
- rust-idna0.1
ExclusiveArch: %{rust_arches}
- rust-ifcfg-devname
ExclusiveArch: %{rust_arches}
- rust-ignition-config
ExclusiveArch: %{rust_arches}
- rust-ignore
ExclusiveArch: %{rust_arches}
- rust-im-rc
ExclusiveArch: %{rust_arches}
- rust-image
ExclusiveArch: %{rust_arches}
- rust-image-roll
ExclusiveArch: %{rust_arches}
- rust-imgref
ExclusiveArch: %{rust_arches}
- rust-indenter
ExclusiveArch: %{rust_arches}
- rust-indexmap
ExclusiveArch: %{rust_arches}
- rust-indicatif
ExclusiveArch: %{rust_arches}
- rust-indicatif0.15
ExclusiveArch: %{rust_arches}
- rust-indoc
ExclusiveArch: %{rust_arches}
- rust-infer
ExclusiveArch: %{rust_arches}
- rust-inferno
ExclusiveArch: %{rust_arches}
- rust-inflate
ExclusiveArch: %{rust_arches}
- rust-inotify
ExclusiveArch: %{rust_arches}
- rust-inotify-sys
ExclusiveArch: %{rust_arches}
- rust-inout
ExclusiveArch: %{rust_arches}
- rust-input_buffer
ExclusiveArch: %{rust_arches}
- rust-insta
ExclusiveArch: %{rust_arches}
- rust-instant
ExclusiveArch: %{rust_arches}
- rust-interpolate_name
ExclusiveArch: %{rust_arches}
- rust-intervaltree
ExclusiveArch: %{rust_arches}
- rust-intl-memoizer
ExclusiveArch: %{rust_arches}
- rust-intl_pluralrules
ExclusiveArch: %{rust_arches}
- rust-invalidstring
ExclusiveArch: %{rust_arches}
- rust-inventory
ExclusiveArch: %{rust_arches}
- rust-inventory-impl
ExclusiveArch: %{rust_arches}
- rust-inventory0.1
ExclusiveArch: %{rust_arches}
- rust-io-extras
ExclusiveArch: %{rust_arches}
- rust-io-lifetimes
ExclusiveArch: %{rust_arches}
- rust-ioctl-rs
ExclusiveArch: %{rust_arches}
- rust-iocuddle
ExclusiveArch: %{rust_arches}
- rust-iovec
ExclusiveArch: %{rust_arches}
- rust-ipnet
ExclusiveArch: %{rust_arches}
- rust-ipnetwork
ExclusiveArch: %{rust_arches}
- rust-ipnetwork0.17
ExclusiveArch: %{rust_arches}
- rust-iptables
ExclusiveArch: %{rust_arches}
- rust-iron
ExclusiveArch: %{rust_arches}
- rust-is_ci
ExclusiveArch: %{rust_arches}
- rust-is_debug
ExclusiveArch: %{rust_arches}
- rust-iso8601
ExclusiveArch: %{rust_arches}
- rust-iter-read
ExclusiveArch: %{rust_arches}
- rust-itertools
ExclusiveArch: %{rust_arches}
- rust-itertools-num
ExclusiveArch: %{rust_arches}
- rust-itertools0.8
ExclusiveArch: %{rust_arches}
- rust-itertools0.9
ExclusiveArch: %{rust_arches}
- rust-itoa
ExclusiveArch: %{rust_arches}
- rust-itoa0.4
ExclusiveArch: %{rust_arches}
- rust-ivf
ExclusiveArch: %{rust_arches}
- rust-jetscii
ExclusiveArch: %{rust_arches}
- rust-jieba-rs
ExclusiveArch: %{rust_arches}
- rust-jobserver
ExclusiveArch: %{rust_arches}
- rust-josekit
ExclusiveArch: %{rust_arches}
- rust-jpeg-decoder
ExclusiveArch: %{rust_arches}
- rust-jql
ExclusiveArch: %{rust_arches}
- rust-js-sys
ExclusiveArch: %{rust_arches}
- rust-js_int
ExclusiveArch: %{rust_arches}
- rust-json
ExclusiveArch: %{rust_arches}
- rust-json_value_merge
ExclusiveArch: %{rust_arches}
- rust-just
ExclusiveArch: %{rust_arches}
- rust-jwalk
ExclusiveArch: %{rust_arches}
- rust-k9
ExclusiveArch: %{rust_arches}
- rust-keccak
ExclusiveArch: %{rust_arches}
- rust-khronos_api
ExclusiveArch: %{rust_arches}
- rust-kstring
ExclusiveArch: %{rust_arches}
- rust-kv-log-macro
ExclusiveArch: %{rust_arches}
- rust-lab
ExclusiveArch: %{rust_arches}
- rust-lalrpop
ExclusiveArch: %{rust_arches}
- rust-lalrpop-util
ExclusiveArch: %{rust_arches}
- rust-language-tags
ExclusiveArch: %{rust_arches}
- rust-lazy-init
ExclusiveArch: %{rust_arches}
- rust-lazy_static
ExclusiveArch: %{rust_arches}
- rust-lazycell
ExclusiveArch: %{rust_arches}
- rust-leb128
ExclusiveArch: %{rust_arches}
- rust-lexical-core
ExclusiveArch: %{rust_arches}
- rust-lexiclean
ExclusiveArch: %{rust_arches}
- rust-libblkid-rs
ExclusiveArch: %{rust_arches}
- rust-libblkid-rs-sys
ExclusiveArch: %{rust_arches}
- rust-libbpf-cargo
ExclusiveArch: %{rust_arches}
- rust-libbpf-rs
ExclusiveArch: %{rust_arches}
- rust-libbpf-sys
ExclusiveArch: %{rust_arches}
- rust-libc
ExclusiveArch: %{rust_arches}
- rust-libcryptsetup-rs
ExclusiveArch: %{rust_arches}
- rust-libcryptsetup-rs-sys
ExclusiveArch: %{rust_arches}
- rust-libdbus-sys
ExclusiveArch: %{rust_arches}
- rust-libflate
ExclusiveArch: %{rust_arches}
- rust-libflate_lz77
ExclusiveArch: %{rust_arches}
- rust-libgit2-sys
ExclusiveArch: %{rust_arches}
- rust-libhandy
ExclusiveArch: %{rust_arches}
- rust-libhandy-sys
ExclusiveArch: %{rust_arches}
- rust-libloading
ExclusiveArch: %{rust_arches}
- rust-libloading0.6
ExclusiveArch: %{rust_arches}
- rust-libm
ExclusiveArch: %{rust_arches}
- rust-libmount
ExclusiveArch: %{rust_arches}
- rust-libnotcurses-sys
ExclusiveArch: %{rust_arches}
- rust-liboverdrop
ExclusiveArch: %{rust_arches}
- rust-libpulse-binding
ExclusiveArch: %{rust_arches}
- rust-libpulse-sys
ExclusiveArch: %{rust_arches}
- rust-libseccomp-sys
ExclusiveArch: %{rust_arches}
- rust-libslirp
ExclusiveArch: %{rust_arches}
- rust-libslirp-sys
ExclusiveArch: %{rust_arches}
- rust-libspa
ExclusiveArch: %{rust_arches}
- rust-libspa-sys
ExclusiveArch: %{rust_arches}
- rust-libsqlite3-sys
ExclusiveArch: %{rust_arches}
- rust-libssh2-sys
ExclusiveArch: %{rust_arches}
- rust-libsystemd
ExclusiveArch: %{rust_arches}
- rust-libudev
ExclusiveArch: %{rust_arches}
- rust-libudev-sys
ExclusiveArch: %{rust_arches}
- rust-libxml
ExclusiveArch: %{rust_arches}
- rust-libxml0.2
ExclusiveArch: %{rust_arches}
- rust-libz-sys
ExclusiveArch: %{rust_arches}
- rust-line-wrap
ExclusiveArch: %{rust_arches}
- rust-link-cplusplus
ExclusiveArch: %{rust_arches}
- rust-linked-hash-map
ExclusiveArch: %{rust_arches}
- rust-linkify
ExclusiveArch: %{rust_arches}
- rust-linreg
ExclusiveArch: %{rust_arches}
- rust-linux-raw-sys
ExclusiveArch: %{rust_arches}
- rust-linux_proc
ExclusiveArch: %{rust_arches}
- rust-lipsum
ExclusiveArch: %{rust_arches}
- rust-listenfd
ExclusiveArch: %{rust_arches}
- rust-lmdb
ExclusiveArch: %{rust_arches}
- rust-lmdb-sys
ExclusiveArch: %{rust_arches}
- rust-locale
ExclusiveArch: %{rust_arches}
- rust-locale_config
ExclusiveArch: %{rust_arches}
- rust-lock_api
ExclusiveArch: %{rust_arches}
- rust-lockfree
ExclusiveArch: %{rust_arches}
- rust-log
ExclusiveArch: %{rust_arches}
- rust-log-mdc
ExclusiveArch: %{rust_arches}
- rust-log-panics
ExclusiveArch: %{rust_arches}
- rust-log0.3
ExclusiveArch: %{rust_arches}
- rust-log4rs
ExclusiveArch: %{rust_arches}
- rust-loggerv
ExclusiveArch: %{rust_arches}
- rust-loopdev
ExclusiveArch: %{rust_arches}
- rust-lru-cache
ExclusiveArch: %{rust_arches}
- rust-lscolors
ExclusiveArch: %{rust_arches}
- rust-lsd
ExclusiveArch: %{rust_arches}
- rust-lzma-sys
ExclusiveArch: %{rust_arches}
- rust-lzw
ExclusiveArch: %{rust_arches}
- rust-mac
ExclusiveArch: %{rust_arches}
- rust-mac_address
ExclusiveArch: %{rust_arches}
- rust-macro-attr
ExclusiveArch: %{rust_arches}
- rust-madvr_parse
ExclusiveArch: %{rust_arches}
- rust-maildir
ExclusiveArch: %{rust_arches}
- rust-mailparse
ExclusiveArch: %{rust_arches}
- rust-man
ExclusiveArch: %{rust_arches}
- rust-maplit
ExclusiveArch: %{rust_arches}
- rust-markup5ever
ExclusiveArch: %{rust_arches}
- rust-markup5ever_rcdom
ExclusiveArch: %{rust_arches}
- rust-match_cfg
ExclusiveArch: %{rust_arches}
- rust-matches
ExclusiveArch: %{rust_arches}
- rust-matrixcompare
ExclusiveArch: %{rust_arches}
- rust-matrixcompare-core
ExclusiveArch: %{rust_arches}
- rust-matrixcompare-mock
ExclusiveArch: %{rust_arches}
- rust-matrixmultiply
ExclusiveArch: %{rust_arches}
- rust-maxminddb
ExclusiveArch: %{rust_arches}
- rust-maybe-owned
ExclusiveArch: %{rust_arches}
- rust-maybe-uninit
ExclusiveArch: %{rust_arches}
- rust-mbox
ExclusiveArch: %{rust_arches}
- rust-mbrman
ExclusiveArch: %{rust_arches}
- rust-md-5
ExclusiveArch: %{rust_arches}
- rust-md-5_0.9
ExclusiveArch: %{rust_arches}
- rust-md5
ExclusiveArch: %{rust_arches}
- rust-mdl
ExclusiveArch: %{rust_arches}
- rust-memchr
ExclusiveArch: %{rust_arches}
- rust-memfd
ExclusiveArch: %{rust_arches}
- rust-memmap
ExclusiveArch: %{rust_arches}
- rust-memmap2
ExclusiveArch: %{rust_arches}
- rust-memmap2_0.3
ExclusiveArch: %{rust_arches}
- rust-memmem
ExclusiveArch: %{rust_arches}
- rust-memoffset
ExclusiveArch: %{rust_arches}
- rust-memoffset0.5
ExclusiveArch: %{rust_arches}
- rust-memsec
ExclusiveArch: %{rust_arches}
- rust-micro-timer
ExclusiveArch: %{rust_arches}
- rust-micro-timer-macros
ExclusiveArch: %{rust_arches}
- rust-miette
ExclusiveArch: %{rust_arches}
- rust-miette-derive
ExclusiveArch: %{rust_arches}
- rust-migrations_internals
ExclusiveArch: %{rust_arches}
- rust-migrations_macros
ExclusiveArch: %{rust_arches}
- rust-mime
ExclusiveArch: %{rust_arches}
- rust-mime0.2
ExclusiveArch: %{rust_arches}
- rust-mime_guess
ExclusiveArch: %{rust_arches}
- rust-mime_guess1
ExclusiveArch: %{rust_arches}
- rust-minify-html
ExclusiveArch: %{rust_arches}
- rust-minimad
ExclusiveArch: %{rust_arches}
- rust-minimal-lexical
ExclusiveArch: %{rust_arches}
- rust-miniz-sys
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide0.3
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide_c_api
ExclusiveArch: %{rust_arches}
- rust-mint
ExclusiveArch: %{rust_arches}
- rust-mio
ExclusiveArch: %{rust_arches}
- rust-mio-extras
ExclusiveArch: %{rust_arches}
- rust-mio-uds
ExclusiveArch: %{rust_arches}
- rust-mio0.6
ExclusiveArch: %{rust_arches}
- rust-mio0.7
ExclusiveArch: %{rust_arches}
- rust-mktemp
ExclusiveArch: %{rust_arches}
- rust-mnt
ExclusiveArch: %{rust_arches}
- rust-mockall
ExclusiveArch: %{rust_arches}
- rust-mockall_derive
ExclusiveArch: %{rust_arches}
- rust-mockall_double
ExclusiveArch: %{rust_arches}
- rust-mockito
ExclusiveArch: %{rust_arches}
- rust-modifier
ExclusiveArch: %{rust_arches}
- rust-more-asserts
ExclusiveArch: %{rust_arches}
- rust-muldiv
ExclusiveArch: %{rust_arches}
- rust-multimap
ExclusiveArch: %{rust_arches}
- rust-multipart
ExclusiveArch: %{rust_arches}
- rust-mustache
ExclusiveArch: %{rust_arches}
- rust-nalgebra
ExclusiveArch: %{rust_arches}
- rust-nalgebra-macros
ExclusiveArch: %{rust_arches}
- rust-nasm-rs
ExclusiveArch: %{rust_arches}
- rust-native-tls
ExclusiveArch: %{rust_arches}
- rust-natord
ExclusiveArch: %{rust_arches}
- rust-navi
ExclusiveArch: %{rust_arches}
- rust-nb-connect
ExclusiveArch: %{rust_arches}
- rust-ncurses
ExclusiveArch: %{rust_arches}
- rust-net2
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-core
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-generic
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-route
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-utils
ExclusiveArch: %{rust_arches}
- rust-netlink-proto
ExclusiveArch: %{rust_arches}
- rust-netlink-sys
ExclusiveArch: %{rust_arches}
- rust-netmap_sys
ExclusiveArch: %{rust_arches}
- rust-nettle
ExclusiveArch: %{rust_arches}
- rust-nettle-sys
ExclusiveArch: %{rust_arches}
- rust-new_debug_unreachable
ExclusiveArch: %{rust_arches}
- rust-newtype_derive
ExclusiveArch: %{rust_arches}
- rust-nibble_vec
ExclusiveArch: %{rust_arches}
- rust-nix
ExclusiveArch: %{rust_arches}
- rust-nix0.14
ExclusiveArch: %{rust_arches}
- rust-nix0.17
ExclusiveArch: %{rust_arches}
- rust-nix0.18
ExclusiveArch: %{rust_arches}
- rust-nix0.20
ExclusiveArch: %{rust_arches}
- rust-nix0.22
ExclusiveArch: %{rust_arches}
- rust-no-panic
ExclusiveArch: %{rust_arches}
- rust-nodrop
ExclusiveArch: %{rust_arches}
- rust-nohash-hasher
ExclusiveArch: %{rust_arches}
- rust-nom
ExclusiveArch: %{rust_arches}
- rust-nom4
ExclusiveArch: %{rust_arches}
- rust-nom5
ExclusiveArch: %{rust_arches}
- rust-noop_proc_macro
ExclusiveArch: %{rust_arches}
- rust-normalize-line-endings
ExclusiveArch: %{rust_arches}
- rust-notify
ExclusiveArch: %{rust_arches}
- rust-notify-rust
ExclusiveArch: %{rust_arches}
- rust-nu-ansi-term
ExclusiveArch: %{rust_arches}
- rust-nu-engine
ExclusiveArch: %{rust_arches}
- rust-nu-glob
ExclusiveArch: %{rust_arches}
- rust-nu-json
ExclusiveArch: %{rust_arches}
- rust-nu-parser
ExclusiveArch: %{rust_arches}
- rust-nu-path
ExclusiveArch: %{rust_arches}
- rust-nu-protocol
ExclusiveArch: %{rust_arches}
- rust-nu-utils
ExclusiveArch: %{rust_arches}
- rust-num
ExclusiveArch: %{rust_arches}
- rust-num-bigint
ExclusiveArch: %{rust_arches}
- rust-num-bigint-dig
ExclusiveArch: %{rust_arches}
- rust-num-bigint0.3
ExclusiveArch: %{rust_arches}
- rust-num-complex
ExclusiveArch: %{rust_arches}
- rust-num-complex0.3
ExclusiveArch: %{rust_arches}
- rust-num-derive
ExclusiveArch: %{rust_arches}
- rust-num-format
ExclusiveArch: %{rust_arches}
- rust-num-integer
ExclusiveArch: %{rust_arches}
- rust-num-iter
ExclusiveArch: %{rust_arches}
- rust-num-rational
ExclusiveArch: %{rust_arches}
- rust-num-rational0.3
ExclusiveArch: %{rust_arches}
- rust-num-traits
ExclusiveArch: %{rust_arches}
- rust-num-traits0.1
ExclusiveArch: %{rust_arches}
- rust-num0.3
ExclusiveArch: %{rust_arches}
- rust-num_cpus
ExclusiveArch: %{rust_arches}
- rust-num_enum
ExclusiveArch: %{rust_arches}
- rust-num_enum_derive
ExclusiveArch: %{rust_arches}
- rust-number_prefix
ExclusiveArch: %{rust_arches}
- rust-numtoa
ExclusiveArch: %{rust_arches}
- rust-oauth2
ExclusiveArch: %{rust_arches}
- rust-object
ExclusiveArch: %{rust_arches}
- rust-odds
ExclusiveArch: %{rust_arches}
- rust-oid
ExclusiveArch: %{rust_arches}
- rust-once_cell
ExclusiveArch: %{rust_arches}
- rust-onig
ExclusiveArch: %{rust_arches}
- rust-onig_sys
ExclusiveArch: %{rust_arches}
- rust-oorandom
ExclusiveArch: %{rust_arches}
- rust-opaque-debug
ExclusiveArch: %{rust_arches}
- rust-open
ExclusiveArch: %{rust_arches}
- rust-open1
ExclusiveArch: %{rust_arches}
- rust-openat
ExclusiveArch: %{rust_arches}
- rust-openat-ext
ExclusiveArch: %{rust_arches}
- rust-opener
ExclusiveArch: %{rust_arches}
- rust-openssh-keys
ExclusiveArch: %{rust_arches}
- rust-openssl
ExclusiveArch: %{rust_arches}
- rust-openssl-probe
ExclusiveArch: %{rust_arches}
- rust-openssl-sys
ExclusiveArch: %{rust_arches}
- rust-option-operations
ExclusiveArch: %{rust_arches}
- rust-ord_subset
ExclusiveArch: %{rust_arches}
- rust-ordered-float
ExclusiveArch: %{rust_arches}
- rust-ordered-multimap
ExclusiveArch: %{rust_arches}
- rust-os-release
ExclusiveArch: %{rust_arches}
- rust-os_info
ExclusiveArch: %{rust_arches}
- rust-os_pipe
ExclusiveArch: %{rust_arches}
- rust-os_pipe0.9
ExclusiveArch: %{rust_arches}
- rust-os_str_bytes
ExclusiveArch: %{rust_arches}
- rust-os_type
ExclusiveArch: %{rust_arches}
- rust-osmesa-sys
ExclusiveArch: %{rust_arches}
- rust-osstrtools
ExclusiveArch: %{rust_arches}
- rust-ouroboros
ExclusiveArch: %{rust_arches}
- rust-ouroboros_macro
ExclusiveArch: %{rust_arches}
- rust-overload
ExclusiveArch: %{rust_arches}
- rust-owned-alloc
ExclusiveArch: %{rust_arches}
- rust-owning_ref
ExclusiveArch: %{rust_arches}
- rust-owo-colors
ExclusiveArch: %{rust_arches}
- rust-packaging
ExclusiveArch: %{rust_arches}
- rust-pad
ExclusiveArch: %{rust_arches}
- rust-page_size
ExclusiveArch: %{rust_arches}
- rust-pager
ExclusiveArch: %{rust_arches}
- rust-palette
ExclusiveArch: %{rust_arches}
- rust-palette_derive
ExclusiveArch: %{rust_arches}
- rust-pam
ExclusiveArch: %{rust_arches}
- rust-pam-sys
ExclusiveArch: %{rust_arches}
- rust-pancurses
ExclusiveArch: %{rust_arches}
- rust-pango
ExclusiveArch: %{rust_arches}
- rust-pango-sys
ExclusiveArch: %{rust_arches}
- rust-pangocairo
ExclusiveArch: %{rust_arches}
- rust-pangocairo-sys
ExclusiveArch: %{rust_arches}
- rust-paris
ExclusiveArch: %{rust_arches}
- rust-parity-wasm
ExclusiveArch: %{rust_arches}
- rust-parking
ExclusiveArch: %{rust_arches}
- rust-parking_lot
ExclusiveArch: %{rust_arches}
- rust-parking_lot0.11
ExclusiveArch: %{rust_arches}
- rust-parking_lot_core
ExclusiveArch: %{rust_arches}
- rust-parking_lot_core0.8
ExclusiveArch: %{rust_arches}
- rust-parse-zoneinfo
ExclusiveArch: %{rust_arches}
- rust-parse_cfg
ExclusiveArch: %{rust_arches}
- rust-parsec-client
ExclusiveArch: %{rust_arches}
- rust-parsec-interface
ExclusiveArch: %{rust_arches}
- rust-partial-io
ExclusiveArch: %{rust_arches}
- rust-partition-identity
ExclusiveArch: %{rust_arches}
- rust-password-hash
ExclusiveArch: %{rust_arches}
- rust-paste
ExclusiveArch: %{rust_arches}
- rust-path-absolutize
ExclusiveArch: %{rust_arches}
- rust-path-dedot
ExclusiveArch: %{rust_arches}
- rust-path-slash
ExclusiveArch: %{rust_arches}
- rust-pathdiff
ExclusiveArch: %{rust_arches}
- rust-pathfinder_geometry
ExclusiveArch: %{rust_arches}
- rust-pathfinder_simd
ExclusiveArch: %{rust_arches}
- rust-pbkdf2
ExclusiveArch: %{rust_arches}
- rust-pbr
ExclusiveArch: %{rust_arches}
- rust-pcap
ExclusiveArch: %{rust_arches}
- rust-pcre2
ExclusiveArch: %{rust_arches}
- rust-pcre2-sys
ExclusiveArch: %{rust_arches}
- rust-peeking_take_while
ExclusiveArch: %{rust_arches}
- rust-peg
ExclusiveArch: %{rust_arches}
- rust-peg-macros
ExclusiveArch: %{rust_arches}
- rust-peg-runtime
ExclusiveArch: %{rust_arches}
- rust-peg0.5
ExclusiveArch: %{rust_arches}
- rust-pem
ExclusiveArch: %{rust_arches}
- rust-pem-rfc7468
ExclusiveArch: %{rust_arches}
- rust-pem0.8
ExclusiveArch: %{rust_arches}
- rust-percent-encoding
ExclusiveArch: %{rust_arches}
- rust-percent-encoding1
ExclusiveArch: %{rust_arches}
- rust-peresil
ExclusiveArch: %{rust_arches}
- rust-permutate
ExclusiveArch: %{rust_arches}
- rust-permutohedron
ExclusiveArch: %{rust_arches}
- rust-pest
ExclusiveArch: %{rust_arches}
- rust-pest_derive
ExclusiveArch: %{rust_arches}
- rust-pest_generator
ExclusiveArch: %{rust_arches}
- rust-pest_meta
ExclusiveArch: %{rust_arches}
- rust-petgraph
ExclusiveArch: %{rust_arches}
- rust-phf
ExclusiveArch: %{rust_arches}
- rust-phf0.7
ExclusiveArch: %{rust_arches}
- rust-phf0.8
ExclusiveArch: %{rust_arches}
- rust-phf_codegen
ExclusiveArch: %{rust_arches}
- rust-phf_codegen0.7
ExclusiveArch: %{rust_arches}
- rust-phf_generator
ExclusiveArch: %{rust_arches}
- rust-phf_generator0.7
ExclusiveArch: %{rust_arches}
- rust-phf_generator0.8
ExclusiveArch: %{rust_arches}
- rust-phf_macros
ExclusiveArch: %{rust_arches}
- rust-phf_macros0.7
ExclusiveArch: %{rust_arches}
- rust-phf_macros0.8
ExclusiveArch: %{rust_arches}
- rust-phf_shared
ExclusiveArch: %{rust_arches}
- rust-phf_shared0.7
ExclusiveArch: %{rust_arches}
- rust-phf_shared0.8
ExclusiveArch: %{rust_arches}
- rust-picky-asn1
ExclusiveArch: %{rust_arches}
- rust-picky-asn1-der
ExclusiveArch: %{rust_arches}
- rust-picky-asn1-x509
ExclusiveArch: %{rust_arches}
- rust-pico-args
ExclusiveArch: %{rust_arches}
- rust-pid
ExclusiveArch: %{rust_arches}
- rust-pin-project
ExclusiveArch: %{rust_arches}
- rust-pin-project-internal
ExclusiveArch: %{rust_arches}
- rust-pin-project-internal0.4
ExclusiveArch: %{rust_arches}
- rust-pin-project-lite
ExclusiveArch: %{rust_arches}
- rust-pin-project-lite0.1
ExclusiveArch: %{rust_arches}
- rust-pin-project0.4
ExclusiveArch: %{rust_arches}
- rust-pin-utils
ExclusiveArch: %{rust_arches}
- rust-pipe
ExclusiveArch: %{rust_arches}
- rust-piper
ExclusiveArch: %{rust_arches}
- rust-pipewire
ExclusiveArch: %{rust_arches}
- rust-pipewire-sys
ExclusiveArch: %{rust_arches}
- rust-pkcs1
ExclusiveArch: %{rust_arches}
- rust-pkcs11
ExclusiveArch: %{rust_arches}
- rust-pkcs5
ExclusiveArch: %{rust_arches}
- rust-pkcs8
ExclusiveArch: %{rust_arches}
- rust-pkg-config
ExclusiveArch: %{rust_arches}
- rust-plain
ExclusiveArch: %{rust_arches}
- rust-pleaser
ExclusiveArch: %{rust_arches}
- rust-plist
ExclusiveArch: %{rust_arches}
- rust-plotlib
ExclusiveArch: %{rust_arches}
- rust-plotters
ExclusiveArch: %{rust_arches}
- rust-plotters-backend
ExclusiveArch: %{rust_arches}
- rust-plotters-bitmap
ExclusiveArch: %{rust_arches}
- rust-plotters-svg
ExclusiveArch: %{rust_arches}
- rust-plugin
ExclusiveArch: %{rust_arches}
- rust-pnet_base
ExclusiveArch: %{rust_arches}
- rust-pnet_datalink
ExclusiveArch: %{rust_arches}
- rust-pnet_sys
ExclusiveArch: %{rust_arches}
- rust-png
ExclusiveArch: %{rust_arches}
- rust-png0.16
ExclusiveArch: %{rust_arches}
- rust-podio
ExclusiveArch: %{rust_arches}
- rust-polling
ExclusiveArch: %{rust_arches}
- rust-polyval
ExclusiveArch: %{rust_arches}
- rust-pom
ExclusiveArch: %{rust_arches}
- rust-pommes
ExclusiveArch: %{rust_arches}
- rust-ppv-lite86
ExclusiveArch: %{rust_arches}
- rust-pq-sys
ExclusiveArch: %{rust_arches}
- rust-precomputed-hash
ExclusiveArch: %{rust_arches}
- rust-predicates
ExclusiveArch: %{rust_arches}
- rust-predicates-core
ExclusiveArch: %{rust_arches}
- rust-predicates-tree
ExclusiveArch: %{rust_arches}
- rust-predicates1
ExclusiveArch: %{rust_arches}
- rust-pretty
ExclusiveArch: %{rust_arches}
- rust-pretty-git-prompt
ExclusiveArch: %{rust_arches}
- rust-pretty-hex
ExclusiveArch: %{rust_arches}
- rust-pretty_assertions
ExclusiveArch: %{rust_arches}
- rust-pretty_assertions0.6
ExclusiveArch: %{rust_arches}
- rust-pretty_assertions0.7
ExclusiveArch: %{rust_arches}
- rust-pretty_env_logger
ExclusiveArch: %{rust_arches}
- rust-prettytable-rs
ExclusiveArch: %{rust_arches}
- rust-proc-macro-crate
ExclusiveArch: %{rust_arches}
- rust-proc-macro-crate0.1
ExclusiveArch: %{rust_arches}
- rust-proc-macro-error
ExclusiveArch: %{rust_arches}
- rust-proc-macro-error-attr
ExclusiveArch: %{rust_arches}
- rust-proc-macro-hack
ExclusiveArch: %{rust_arches}
- rust-proc-macro2
ExclusiveArch: %{rust_arches}
- rust-proc-macro2-0.4
ExclusiveArch: %{rust_arches}
- rust-proc-maps
ExclusiveArch: %{rust_arches}
- rust-proc-mounts
ExclusiveArch: %{rust_arches}
- rust-proc-quote-impl
ExclusiveArch: %{rust_arches}
- rust-procedural-masquerade
ExclusiveArch: %{rust_arches}
- rust-process_control
ExclusiveArch: %{rust_arches}
- rust-process_path
ExclusiveArch: %{rust_arches}
- rust-procfs
ExclusiveArch: %{rust_arches}
- rust-procs
ExclusiveArch: %{rust_arches}
- rust-progress-streams
ExclusiveArch: %{rust_arches}
- rust-prometheus
ExclusiveArch: %{rust_arches}
- rust-proptest
ExclusiveArch: %{rust_arches}
- rust-proptest-derive
ExclusiveArch: %{rust_arches}
- rust-proptest0.10
ExclusiveArch: %{rust_arches}
- rust-prost
ExclusiveArch: %{rust_arches}
- rust-prost-build
ExclusiveArch: %{rust_arches}
- rust-prost-derive
ExclusiveArch: %{rust_arches}
- rust-prost-types
ExclusiveArch: %{rust_arches}
- rust-protobuf
ExclusiveArch: %{rust_arches}
- rust-protobuf-codegen
ExclusiveArch: %{rust_arches}
- rust-protobuf-codegen-pure
ExclusiveArch: %{rust_arches}
- rust-protoc
ExclusiveArch: %{rust_arches}
- rust-protoc-rust
ExclusiveArch: %{rust_arches}
- rust-psa-crypto
ExclusiveArch: %{rust_arches}
- rust-psa-crypto-sys
ExclusiveArch: %{rust_arches}
- rust-psl-types
ExclusiveArch: %{rust_arches}
- rust-psm
ExclusiveArch: %{rust_arches}
- rust-ptr_meta
ExclusiveArch: %{rust_arches}
- rust-ptr_meta_derive
ExclusiveArch: %{rust_arches}
- rust-publicsuffix
ExclusiveArch: %{rust_arches}
- rust-publicsuffix1
ExclusiveArch: %{rust_arches}
- rust-pulldown-cmark
ExclusiveArch: %{rust_arches}
- rust-pulse
ExclusiveArch: %{rust_arches}
- rust-pure-rust-locales
ExclusiveArch: %{rust_arches}
- rust-pyo3
ExclusiveArch: %{rust_arches}
- rust-pyo3-build-config
ExclusiveArch: %{rust_arches}
- rust-pyo3-macros
ExclusiveArch: %{rust_arches}
- rust-pyo3-macros-backend
ExclusiveArch: %{rust_arches}
- rust-python-launcher
ExclusiveArch: %{rust_arches}
- rust-python3-sys
ExclusiveArch: %{rust_arches}
- rust-qr2term
ExclusiveArch: %{rust_arches}
- rust-qrcode
ExclusiveArch: %{rust_arches}
- rust-qstring
ExclusiveArch: %{rust_arches}
- rust-quantiles
ExclusiveArch: %{rust_arches}
- rust-quick-error
ExclusiveArch: %{rust_arches}
- rust-quick-error1
ExclusiveArch: %{rust_arches}
- rust-quick-xml
ExclusiveArch: %{rust_arches}
- rust-quick-xml0.20
ExclusiveArch: %{rust_arches}
- rust-quickcheck
ExclusiveArch: %{rust_arches}
- rust-quickcheck0.6
ExclusiveArch: %{rust_arches}
- rust-quickcheck0.9
ExclusiveArch: %{rust_arches}
- rust-quickcheck_macros
ExclusiveArch: %{rust_arches}
- rust-quickersort
ExclusiveArch: %{rust_arches}
- rust-quicli
ExclusiveArch: %{rust_arches}
- rust-quote
ExclusiveArch: %{rust_arches}
- rust-quote0.3
ExclusiveArch: %{rust_arches}
- rust-quote0.6
ExclusiveArch: %{rust_arches}
- rust-quoted_printable
ExclusiveArch: %{rust_arches}
- rust-r2d2
ExclusiveArch: %{rust_arches}
- rust-radium
ExclusiveArch: %{rust_arches}
- rust-radix_trie
ExclusiveArch: %{rust_arches}
- rust-rand
ExclusiveArch: %{rust_arches}
- rust-rand0.4
ExclusiveArch: %{rust_arches}
- rust-rand0.5
ExclusiveArch: %{rust_arches}
- rust-rand0.6
ExclusiveArch: %{rust_arches}
- rust-rand0.7
ExclusiveArch: %{rust_arches}
- rust-rand_chacha
ExclusiveArch: %{rust_arches}
- rust-rand_chacha0.1
ExclusiveArch: %{rust_arches}
- rust-rand_chacha0.2
ExclusiveArch: %{rust_arches}
- rust-rand_core
ExclusiveArch: %{rust_arches}
- rust-rand_core0.3
ExclusiveArch: %{rust_arches}
- rust-rand_core0.4
ExclusiveArch: %{rust_arches}
- rust-rand_core0.5
ExclusiveArch: %{rust_arches}
- rust-rand_distr
ExclusiveArch: %{rust_arches}
- rust-rand_hc
ExclusiveArch: %{rust_arches}
- rust-rand_hc0.1
ExclusiveArch: %{rust_arches}
- rust-rand_isaac
ExclusiveArch: %{rust_arches}
- rust-rand_isaac0.1
ExclusiveArch: %{rust_arches}
- rust-rand_jitter
ExclusiveArch: %{rust_arches}
- rust-rand_jitter0.1
ExclusiveArch: %{rust_arches}
- rust-rand_os
ExclusiveArch: %{rust_arches}
- rust-rand_os0.1
ExclusiveArch: %{rust_arches}
- rust-rand_pcg
ExclusiveArch: %{rust_arches}
- rust-rand_pcg0.1
ExclusiveArch: %{rust_arches}
- rust-rand_pcg0.2
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift0.1
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift0.2
ExclusiveArch: %{rust_arches}
- rust-rand_xoshiro
ExclusiveArch: %{rust_arches}
- rust-random
ExclusiveArch: %{rust_arches}
- rust-random-fast-rng
ExclusiveArch: %{rust_arches}
- rust-random-trait
ExclusiveArch: %{rust_arches}
- rust-randomize
ExclusiveArch: %{rust_arches}
- rust-rav1e
ExclusiveArch: %{rust_arches}
- rust-raw-window-handle
ExclusiveArch: %{rust_arches}
- rust-rawpointer
ExclusiveArch: %{rust_arches}
- rust-rawslice
ExclusiveArch: %{rust_arches}
- rust-rayon
ExclusiveArch: %{rust_arches}
- rust-rayon-core
ExclusiveArch: %{rust_arches}
- rust-rbspy
ExclusiveArch: %{rust_arches}
- rust-rbspy-ruby-structs
ExclusiveArch: %{rust_arches}
- rust-rbspy-testdata
ExclusiveArch: %{rust_arches}
- rust-rd-agent
ExclusiveArch: %{rust_arches}
- rust-rd-agent-intf
ExclusiveArch: %{rust_arches}
- rust-rd-hashd
ExclusiveArch: %{rust_arches}
- rust-rd-hashd-intf
ExclusiveArch: %{rust_arches}
- rust-rd-util
ExclusiveArch: %{rust_arches}
- rust-read-process-memory
ExclusiveArch: %{rust_arches}
- rust-read_input
ExclusiveArch: %{rust_arches}
- rust-readability-fork
ExclusiveArch: %{rust_arches}
- rust-readwrite
ExclusiveArch: %{rust_arches}
- rust-recycler
ExclusiveArch: %{rust_arches}
- rust-ref-cast
ExclusiveArch: %{rust_arches}
- rust-ref-cast-impl
ExclusiveArch: %{rust_arches}
- rust-regalloc
ExclusiveArch: %{rust_arches}
- rust-regex
ExclusiveArch: %{rust_arches}
- rust-regex-automata
ExclusiveArch: %{rust_arches}
- rust-regex-syntax
ExclusiveArch: %{rust_arches}
- rust-region
ExclusiveArch: %{rust_arches}
- rust-relative-path
ExclusiveArch: %{rust_arches}
- rust-relay
ExclusiveArch: %{rust_arches}
- rust-remoteprocess
ExclusiveArch: %{rust_arches}
- rust-remove_dir_all
ExclusiveArch: %{rust_arches}
- rust-rend
ExclusiveArch: %{rust_arches}
- rust-reqwest
ExclusiveArch: %{rust_arches}
- rust-reqwest0.10
ExclusiveArch: %{rust_arches}
- rust-resctl-bench
ExclusiveArch: %{rust_arches}
- rust-resctl-bench-intf
ExclusiveArch: %{rust_arches}
- rust-resctl-demo
ExclusiveArch: %{rust_arches}
- rust-resize
ExclusiveArch: %{rust_arches}
- rust-resolv-conf
ExclusiveArch: %{rust_arches}
- rust-restson
ExclusiveArch: %{rust_arches}
- rust-retry
ExclusiveArch: %{rust_arches}
- rust-rgb
ExclusiveArch: %{rust_arches}
- rust-ring
ExclusiveArch: %{rust_arches}
- rust-ripgrep
ExclusiveArch: %{rust_arches}
- rust-rkyv
ExclusiveArch: %{rust_arches}
- rust-rkyv_derive
ExclusiveArch: %{rust_arches}
- rust-rle-decode-fast
ExclusiveArch: %{rust_arches}
- rust-rmp
ExclusiveArch: %{rust_arches}
- rust-rmp-serde
ExclusiveArch: %{rust_arches}
- rust-roff
ExclusiveArch: %{rust_arches}
- rust-ron
ExclusiveArch: %{rust_arches}
- rust-roxmltree
ExclusiveArch: %{rust_arches}
- rust-rpassword
ExclusiveArch: %{rust_arches}
- rust-rpick
ExclusiveArch: %{rust_arches}
- rust-rsa
ExclusiveArch: %{rust_arches}
- rust-rspec
ExclusiveArch: %{rust_arches}
- rust-rtnetlink
ExclusiveArch: %{rust_arches}
- rust-rusqlite
ExclusiveArch: %{rust_arches}
- rust-rust-embed
ExclusiveArch: %{rust_arches}
- rust-rust-embed-impl
ExclusiveArch: %{rust_arches}
- rust-rust-embed-utils
ExclusiveArch: %{rust_arches}
- rust-rust-ini
ExclusiveArch: %{rust_arches}
- rust-rust-stemmers
ExclusiveArch: %{rust_arches}
- rust-rust_decimal
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_normal_macro
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_proc_macro
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_sys
ExclusiveArch: %{rust_arches}
- rust-rustbus
ExclusiveArch: %{rust_arches}
- rust-rustbus_derive
ExclusiveArch: %{rust_arches}
- rust-rustc-demangle
ExclusiveArch: %{rust_arches}
- rust-rustc-hash
ExclusiveArch: %{rust_arches}
- rust-rustc-serialize
ExclusiveArch: %{rust_arches}
- rust-rustc-test
ExclusiveArch: %{rust_arches}
- rust-rustc_tools_util
ExclusiveArch: %{rust_arches}
- rust-rustc_version
ExclusiveArch: %{rust_arches}
- rust-rustc_version0.3
ExclusiveArch: %{rust_arches}
- rust-rustcat
ExclusiveArch: %{rust_arches}
- rust-rustdoc-stripper
ExclusiveArch: %{rust_arches}
- rust-rustfilt
ExclusiveArch: %{rust_arches}
- rust-rustfix
ExclusiveArch: %{rust_arches}
- rust-rustio
ExclusiveArch: %{rust_arches}
- rust-rustix
ExclusiveArch: %{rust_arches}
- rust-rustls
ExclusiveArch: %{rust_arches}
- rust-rustls-native-certs
ExclusiveArch: %{rust_arches}
- rust-rustls-pemfile
ExclusiveArch: %{rust_arches}
- rust-rustversion
ExclusiveArch: %{rust_arches}
- rust-rusty-fork
ExclusiveArch: %{rust_arches}
- rust-rustyline
ExclusiveArch: %{rust_arches}
- rust-rustyline-derive
ExclusiveArch: %{rust_arches}
- rust-ryu
ExclusiveArch: %{rust_arches}
- rust-safe-transmute
ExclusiveArch: %{rust_arches}
- rust-safe_arch
ExclusiveArch: %{rust_arches}
- rust-safemem
ExclusiveArch: %{rust_arches}
- rust-salsa20
ExclusiveArch: %{rust_arches}
- rust-same-file
ExclusiveArch: %{rust_arches}
- rust-sass-rs
ExclusiveArch: %{rust_arches}
- rust-sass-sys
ExclusiveArch: %{rust_arches}
- rust-scan_fmt
ExclusiveArch: %{rust_arches}
- rust-scheduled-thread-pool
ExclusiveArch: %{rust_arches}
- rust-scoped-tls
ExclusiveArch: %{rust_arches}
- rust-scoped-tls-hkt
ExclusiveArch: %{rust_arches}
- rust-scoped_threadpool
ExclusiveArch: %{rust_arches}
- rust-scopeguard
ExclusiveArch: %{rust_arches}
- rust-scopetime
ExclusiveArch: %{rust_arches}
- rust-scratch
ExclusiveArch: %{rust_arches}
- rust-scroll
ExclusiveArch: %{rust_arches}
- rust-scroll_derive
ExclusiveArch: %{rust_arches}
- rust-scrypt
ExclusiveArch: %{rust_arches}
- rust-sct
ExclusiveArch: %{rust_arches}
- rust-sd
ExclusiveArch: %{rust_arches}
- rust-sd-notify
ExclusiveArch: %{rust_arches}
- rust-seahash
ExclusiveArch: %{rust_arches}
- rust-seahash3
ExclusiveArch: %{rust_arches}
- rust-secrecy
ExclusiveArch: %{rust_arches}
- rust-secret-service
ExclusiveArch: %{rust_arches}
- rust-self_cell
ExclusiveArch: %{rust_arches}
- rust-semver
ExclusiveArch: %{rust_arches}
- rust-semver-parser
ExclusiveArch: %{rust_arches}
- rust-semver-parser0.9
ExclusiveArch: %{rust_arches}
- rust-semver0.11
ExclusiveArch: %{rust_arches}
- rust-sequoia-autocrypt
ExclusiveArch: %{rust_arches}
- rust-sequoia-ipc
ExclusiveArch: %{rust_arches}
- rust-sequoia-keyring-linter
ExclusiveArch: %{rust_arches}
- rust-sequoia-net
ExclusiveArch: %{rust_arches}
- rust-sequoia-octopus-librnp
ExclusiveArch: %{rust_arches}
- rust-sequoia-openpgp
ExclusiveArch: %{rust_arches}
- rust-sequoia-openpgp-mt
ExclusiveArch: %{rust_arches}
- rust-sequoia-sop
ExclusiveArch: %{rust_arches}
- rust-sequoia-sq
ExclusiveArch: %{rust_arches}
- rust-sequoia-sqv
ExclusiveArch: %{rust_arches}
- rust-serde
ExclusiveArch: %{rust_arches}
- rust-serde-big-array
ExclusiveArch: %{rust_arches}
- rust-serde-pickle
ExclusiveArch: %{rust_arches}
- rust-serde-value
ExclusiveArch: %{rust_arches}
- rust-serde-xml-rs
ExclusiveArch: %{rust_arches}
- rust-serde_bser
ExclusiveArch: %{rust_arches}
- rust-serde_bytes
ExclusiveArch: %{rust_arches}
- rust-serde_cbor
ExclusiveArch: %{rust_arches}
- rust-serde_derive
ExclusiveArch: %{rust_arches}
- rust-serde_fmt
ExclusiveArch: %{rust_arches}
- rust-serde_ignored
ExclusiveArch: %{rust_arches}
- rust-serde_json
ExclusiveArch: %{rust_arches}
- rust-serde_repr
ExclusiveArch: %{rust_arches}
- rust-serde_stacker
ExclusiveArch: %{rust_arches}
- rust-serde_test
ExclusiveArch: %{rust_arches}
- rust-serde_url_params
ExclusiveArch: %{rust_arches}
- rust-serde_urlencoded
ExclusiveArch: %{rust_arches}
- rust-serde_urlencoded0.6
ExclusiveArch: %{rust_arches}
- rust-serde_with
ExclusiveArch: %{rust_arches}
- rust-serde_with_macros
ExclusiveArch: %{rust_arches}
- rust-serde_yaml
ExclusiveArch: %{rust_arches}
- rust-serial-core
ExclusiveArch: %{rust_arches}
- rust-serial_test
ExclusiveArch: %{rust_arches}
- rust-serial_test0.5
ExclusiveArch: %{rust_arches}
- rust-serial_test_derive
ExclusiveArch: %{rust_arches}
- rust-serial_test_derive0.5
ExclusiveArch: %{rust_arches}
- rust-servo-fontconfig
ExclusiveArch: %{rust_arches}
- rust-servo-fontconfig-sys
ExclusiveArch: %{rust_arches}
- rust-sev
ExclusiveArch: %{rust_arches}
- rust-sevctl
ExclusiveArch: x86_64
- rust-sha-1
ExclusiveArch: %{rust_arches}
- rust-sha-1_0.9
ExclusiveArch: %{rust_arches}
- rust-sha1
ExclusiveArch: %{rust_arches}
- rust-sha1_0.6
ExclusiveArch: %{rust_arches}
- rust-sha1_smol
ExclusiveArch: %{rust_arches}
- rust-sha1collisiondetection
ExclusiveArch: %{rust_arches}
- rust-sha2
ExclusiveArch: %{rust_arches}
- rust-sha2_0.9
ExclusiveArch: %{rust_arches}
- rust-sha3
ExclusiveArch: %{rust_arches}
- rust-sha3_0.9
ExclusiveArch: %{rust_arches}
- rust-shadow-rs
ExclusiveArch: %{rust_arches}
- rust-shared_child
ExclusiveArch: %{rust_arches}
- rust-shared_library
ExclusiveArch: %{rust_arches}
- rust-shell-escape
ExclusiveArch: %{rust_arches}
- rust-shell-words
ExclusiveArch: %{rust_arches}
- rust-shellexpand
ExclusiveArch: %{rust_arches}
- rust-shellwords
ExclusiveArch: %{rust_arches}
- rust-shlex
ExclusiveArch: %{rust_arches}
- rust-signal
ExclusiveArch: %{rust_arches}
- rust-signal-hook
ExclusiveArch: %{rust_arches}
- rust-signal-hook-mio
ExclusiveArch: %{rust_arches}
- rust-signal-hook-registry
ExclusiveArch: %{rust_arches}
- rust-signal-hook0.1
ExclusiveArch: %{rust_arches}
- rust-silver
ExclusiveArch: %{rust_arches}
- rust-simba
ExclusiveArch: %{rust_arches}
- rust-simd_helpers
ExclusiveArch: %{rust_arches}
- rust-simdutf8
ExclusiveArch: %{rust_arches}
- rust-similar
ExclusiveArch: %{rust_arches}
- rust-similar-asserts
ExclusiveArch: %{rust_arches}
- rust-simple-error
ExclusiveArch: %{rust_arches}
- rust-simple_asn1
ExclusiveArch: %{rust_arches}
- rust-simple_logger
ExclusiveArch: %{rust_arches}
- rust-simplelog
ExclusiveArch: %{rust_arches}
- rust-siphasher
ExclusiveArch: %{rust_arches}
- rust-size
ExclusiveArch: %{rust_arches}
- rust-sized-chunks
ExclusiveArch: %{rust_arches}
- rust-skeptic
ExclusiveArch: %{rust_arches}
- rust-skim
ExclusiveArch: %{rust_arches}
- rust-slab
ExclusiveArch: %{rust_arches}
- rust-slice-deque
ExclusiveArch: %{rust_arches}
- rust-slog
ExclusiveArch: %{rust_arches}
- rust-slog-async
ExclusiveArch: %{rust_arches}
- rust-slog-scope
ExclusiveArch: %{rust_arches}
- rust-slog-term
ExclusiveArch: %{rust_arches}
- rust-slotmap
ExclusiveArch: %{rust_arches}
- rust-slug
ExclusiveArch: %{rust_arches}
- rust-sluice
ExclusiveArch: %{rust_arches}
- rust-smallbitvec
ExclusiveArch: %{rust_arches}
- rust-smallstr
ExclusiveArch: %{rust_arches}
- rust-smallvec
ExclusiveArch: %{rust_arches}
- rust-smart-default
ExclusiveArch: %{rust_arches}
- rust-smawk
ExclusiveArch: %{rust_arches}
- rust-smithay-client-toolkit
ExclusiveArch: %{rust_arches}
- rust-smithay-clipboard
ExclusiveArch: %{rust_arches}
- rust-smol_str
ExclusiveArch: %{rust_arches}
- rust-snafu
ExclusiveArch: %{rust_arches}
- rust-snafu-derive
ExclusiveArch: %{rust_arches}
- rust-snake_case
ExclusiveArch: %{rust_arches}
- rust-socket2
ExclusiveArch: %{rust_arches}
- rust-socket2_0.3
ExclusiveArch: %{rust_arches}
- rust-sop
ExclusiveArch: %{rust_arches}
- rust-spin
ExclusiveArch: %{rust_arches}
- rust-spin0.5
ExclusiveArch: %{rust_arches}
- rust-spin_on
ExclusiveArch: %{rust_arches}
- rust-spinning_top
ExclusiveArch: %{rust_arches}
- rust-spki
ExclusiveArch: %{rust_arches}
- rust-spmc
ExclusiveArch: %{rust_arches}
- rust-ssh-key-dir
ExclusiveArch: %{rust_arches}
- rust-stable_deref_trait
ExclusiveArch: %{rust_arches}
- rust-stacker
ExclusiveArch: %{rust_arches}
- rust-standback
ExclusiveArch: %{rust_arches}
- rust-starship
ExclusiveArch: %{rust_arches}
- rust-starship-battery
ExclusiveArch: %{rust_arches}
- rust-starship_module_config_derive
ExclusiveArch: %{rust_arches}
- rust-static_assertions
ExclusiveArch: %{rust_arches}
- rust-statistical
ExclusiveArch: %{rust_arches}
- rust-statrs
ExclusiveArch: %{rust_arches}
- rust-stb_truetype
ExclusiveArch: %{rust_arches}
- rust-stderrlog
ExclusiveArch: %{rust_arches}
- rust-str_stack
ExclusiveArch: %{rust_arches}
- rust-stratisd_proc_macros
ExclusiveArch: %{rust_arches}
- rust-streaming-stats
ExclusiveArch: %{rust_arches}
- rust-streebog
ExclusiveArch: %{rust_arches}
- rust-streebog0.9
ExclusiveArch: %{rust_arches}
- rust-strict
ExclusiveArch: %{rust_arches}
- rust-string
ExclusiveArch: %{rust_arches}
- rust-string_cache
ExclusiveArch: %{rust_arches}
- rust-string_cache_codegen
ExclusiveArch: %{rust_arches}
- rust-string_cache_shared
ExclusiveArch: %{rust_arches}
- rust-strings
ExclusiveArch: %{rust_arches}
- rust-strip-ansi-escapes
ExclusiveArch: %{rust_arches}
- rust-strong-xml
ExclusiveArch: %{rust_arches}
- rust-strong-xml-derive
ExclusiveArch: %{rust_arches}
- rust-strsim
ExclusiveArch: %{rust_arches}
- rust-structopt
ExclusiveArch: %{rust_arches}
- rust-structopt-derive
ExclusiveArch: %{rust_arches}
- rust-structopt-derive0.2
ExclusiveArch: %{rust_arches}
- rust-structopt0.2
ExclusiveArch: %{rust_arches}
- rust-strum
ExclusiveArch: %{rust_arches}
- rust-strum_macros
ExclusiveArch: %{rust_arches}
- rust-subprocess
ExclusiveArch: %{rust_arches}
- rust-subtle
ExclusiveArch: %{rust_arches}
- rust-sudo_plugin
ExclusiveArch: %{rust_arches}
- rust-sudo_plugin-sys
ExclusiveArch: %{rust_arches}
- rust-supports-color
ExclusiveArch: %{rust_arches}
- rust-supports-hyperlinks
ExclusiveArch: %{rust_arches}
- rust-supports-unicode
ExclusiveArch: %{rust_arches}
- rust-sval
ExclusiveArch: %{rust_arches}
- rust-sval_derive
ExclusiveArch: %{rust_arches}
- rust-sval_json
ExclusiveArch: %{rust_arches}
- rust-svg
ExclusiveArch: %{rust_arches}
- rust-svg_metadata
ExclusiveArch: %{rust_arches}
- rust-svgtypes
ExclusiveArch: %{rust_arches}
- rust-sxd-document
ExclusiveArch: %{rust_arches}
- rust-syn
ExclusiveArch: %{rust_arches}
- rust-syn0.15
ExclusiveArch: %{rust_arches}
- rust-synom
ExclusiveArch: %{rust_arches}
- rust-synstructure
ExclusiveArch: %{rust_arches}
- rust-syntect
ExclusiveArch: %{rust_arches}
- rust-sys-info
ExclusiveArch: %{rust_arches}
- rust-sys-locale
ExclusiveArch: %{rust_arches}
- rust-sysctl
ExclusiveArch: %{rust_arches}
- rust-sysinfo
ExclusiveArch: %{rust_arches}
- rust-syslog
ExclusiveArch: %{rust_arches}
- rust-system-deps
ExclusiveArch: %{rust_arches}
- rust-system-interface
ExclusiveArch: %{rust_arches}
- rust-system76_ectool
ExclusiveArch: %{rust_arches}
- rust-tabular
ExclusiveArch: %{rust_arches}
- rust-tabwriter
ExclusiveArch: %{rust_arches}
- rust-take
ExclusiveArch: %{rust_arches}
- rust-take_mut
ExclusiveArch: %{rust_arches}
- rust-tap
ExclusiveArch: %{rust_arches}
- rust-tar
ExclusiveArch: %{rust_arches}
- rust-target
ExclusiveArch: %{rust_arches}
- rust-target-lexicon
ExclusiveArch: %{rust_arches}
- rust-tealdeer
ExclusiveArch: %{rust_arches}
- rust-teloxide
ExclusiveArch: %{rust_arches}
- rust-teloxide-macros
ExclusiveArch: %{rust_arches}
- rust-tempdir
ExclusiveArch: %{rust_arches}
- rust-tempfile
ExclusiveArch: %{rust_arches}
- rust-temporary
ExclusiveArch: %{rust_arches}
- rust-temptree
ExclusiveArch: %{rust_arches}
- rust-tendril
ExclusiveArch: %{rust_arches}
- rust-tera
ExclusiveArch: %{rust_arches}
- rust-term
ExclusiveArch: %{rust_arches}
- rust-term0.6
ExclusiveArch: %{rust_arches}
- rust-term_grid
ExclusiveArch: %{rust_arches}
- rust-term_size
ExclusiveArch: %{rust_arches}
- rust-termbg
ExclusiveArch: %{rust_arches}
- rust-termcolor
ExclusiveArch: %{rust_arches}
- rust-terminal_size
ExclusiveArch: %{rust_arches}
- rust-terminfo
ExclusiveArch: %{rust_arches}
- rust-termion
ExclusiveArch: %{rust_arches}
- rust-termios
ExclusiveArch: %{rust_arches}
- rust-termwiz
ExclusiveArch: %{rust_arches}
- rust-test-assembler
ExclusiveArch: %{rust_arches}
- rust-test-case
ExclusiveArch: %{rust_arches}
- rust-tester
ExclusiveArch: %{rust_arches}
- rust-testing_logger
ExclusiveArch: %{rust_arches}
- rust-textwrap
ExclusiveArch: %{rust_arches}
- rust-textwrap0.11
ExclusiveArch: %{rust_arches}
- rust-textwrap0.14
ExclusiveArch: %{rust_arches}
- rust-thiserror
ExclusiveArch: %{rust_arches}
- rust-thiserror-impl
ExclusiveArch: %{rust_arches}
- rust-thread-id
ExclusiveArch: %{rust_arches}
- rust-thread-tree
ExclusiveArch: %{rust_arches}
- rust-thread_local
ExclusiveArch: %{rust_arches}
- rust-threadpool
ExclusiveArch: %{rust_arches}
- rust-tiff
ExclusiveArch: %{rust_arches}
- rust-tiger
ExclusiveArch: %{rust_arches}
- rust-tiger0.1
ExclusiveArch: %{rust_arches}
- rust-time
ExclusiveArch: %{rust_arches}
- rust-time-macros
ExclusiveArch: %{rust_arches}
- rust-time-macros-impl
ExclusiveArch: %{rust_arches}
- rust-time-macros0.1
ExclusiveArch: %{rust_arches}
- rust-time0.1
ExclusiveArch: %{rust_arches}
- rust-time0.2
ExclusiveArch: %{rust_arches}
- rust-timebomb
ExclusiveArch: %{rust_arches}
- rust-timer
ExclusiveArch: %{rust_arches}
- rust-timerfd
ExclusiveArch: %{rust_arches}
- rust-tiny-keccak
ExclusiveArch: %{rust_arches}
- rust-tiny_http
ExclusiveArch: %{rust_arches}
- rust-tiny_http0.6
ExclusiveArch: %{rust_arches}
- rust-tinystr
ExclusiveArch: %{rust_arches}
- rust-tinytemplate
ExclusiveArch: %{rust_arches}
- rust-tinyvec
ExclusiveArch: %{rust_arches}
- rust-tinyvec_macros
ExclusiveArch: %{rust_arches}
- rust-tokei
ExclusiveArch: %{rust_arches}
- rust-tokio
ExclusiveArch: %{rust_arches}
- rust-tokio-codec
ExclusiveArch: %{rust_arches}
- rust-tokio-core
ExclusiveArch: %{rust_arches}
- rust-tokio-current-thread
ExclusiveArch: %{rust_arches}
- rust-tokio-executor
ExclusiveArch: %{rust_arches}
- rust-tokio-fs
ExclusiveArch: %{rust_arches}
- rust-tokio-io
ExclusiveArch: %{rust_arches}
- rust-tokio-macros
ExclusiveArch: %{rust_arches}
- rust-tokio-macros0.2
ExclusiveArch: %{rust_arches}
- rust-tokio-mock-task
ExclusiveArch: %{rust_arches}
- rust-tokio-native-tls
ExclusiveArch: %{rust_arches}
- rust-tokio-openssl
ExclusiveArch: %{rust_arches}
- rust-tokio-openssl0.4
ExclusiveArch: %{rust_arches}
- rust-tokio-reactor
ExclusiveArch: %{rust_arches}
- rust-tokio-rustls
ExclusiveArch: %{rust_arches}
- rust-tokio-socks
ExclusiveArch: %{rust_arches}
- rust-tokio-socks0.3
ExclusiveArch: %{rust_arches}
- rust-tokio-stream
ExclusiveArch: %{rust_arches}
- rust-tokio-sync
ExclusiveArch: %{rust_arches}
- rust-tokio-tcp
ExclusiveArch: %{rust_arches}
- rust-tokio-test
ExclusiveArch: %{rust_arches}
- rust-tokio-threadpool
ExclusiveArch: %{rust_arches}
- rust-tokio-timer
ExclusiveArch: %{rust_arches}
- rust-tokio-tls
ExclusiveArch: %{rust_arches}
- rust-tokio-tls0.2
ExclusiveArch: %{rust_arches}
- rust-tokio-tungstenite
ExclusiveArch: %{rust_arches}
- rust-tokio-udp
ExclusiveArch: %{rust_arches}
- rust-tokio-uds
ExclusiveArch: %{rust_arches}
- rust-tokio-util
ExclusiveArch: %{rust_arches}
- rust-tokio-util0.3
ExclusiveArch: %{rust_arches}
- rust-tokio0.1
ExclusiveArch: %{rust_arches}
- rust-tokio0.2
ExclusiveArch: %{rust_arches}
- rust-toml
ExclusiveArch: %{rust_arches}
- rust-toml0.4
ExclusiveArch: %{rust_arches}
- rust-toml_edit
ExclusiveArch: %{rust_arches}
- rust-tower-layer
ExclusiveArch: %{rust_arches}
- rust-tower-service
ExclusiveArch: %{rust_arches}
- rust-tower-test
ExclusiveArch: %{rust_arches}
- rust-tower-util
ExclusiveArch: %{rust_arches}
- rust-tpm2-policy
ExclusiveArch: %{rust_arches}
- rust-tracing
ExclusiveArch: %{rust_arches}
- rust-tracing-attributes
ExclusiveArch: %{rust_arches}
- rust-tracing-core
ExclusiveArch: %{rust_arches}
- rust-tracing-futures
ExclusiveArch: %{rust_arches}
- rust-traitobject
ExclusiveArch: %{rust_arches}
- rust-trash
ExclusiveArch: %{rust_arches}
- rust-tree-sitter
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-cli
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-config
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-highlight
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-loader
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-tags
ExclusiveArch: %{rust_arches}
- rust-treebitmap
ExclusiveArch: %{rust_arches}
- rust-treeline
ExclusiveArch: %{rust_arches}
- rust-trust-dns-https
ExclusiveArch: %{rust_arches}
- rust-trust-dns-native-tls
ExclusiveArch: %{rust_arches}
- rust-trust-dns-native-tls0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-openssl
ExclusiveArch: %{rust_arches}
- rust-trust-dns-openssl0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-proto
ExclusiveArch: %{rust_arches}
- rust-trust-dns-proto0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-resolver
ExclusiveArch: %{rust_arches}
- rust-trust-dns-resolver0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-rustls
ExclusiveArch: %{rust_arches}
- rust-try-lock
ExclusiveArch: %{rust_arches}
- rust-trybuild
ExclusiveArch: %{rust_arches}
- rust-tss-esapi
ExclusiveArch: %{rust_arches}
- rust-tss-esapi-sys
ExclusiveArch: %{rust_arches}
- rust-ttf-parser
ExclusiveArch: %{rust_arches}
- rust-ttf-parser0.12
ExclusiveArch: %{rust_arches}
- rust-tui
ExclusiveArch: %{rust_arches}
- rust-tui-react
ExclusiveArch: %{rust_arches}
- rust-tui0.11
ExclusiveArch: %{rust_arches}
- rust-tui0.9
ExclusiveArch: %{rust_arches}
- rust-tuikit
ExclusiveArch: %{rust_arches}
- rust-tungstenite
ExclusiveArch: %{rust_arches}
- rust-twoway
ExclusiveArch: %{rust_arches}
- rust-twox-hash
ExclusiveArch: %{rust_arches}
- rust-type-map
ExclusiveArch: %{rust_arches}
- rust-typeable
ExclusiveArch: %{rust_arches}
- rust-typed-arena
ExclusiveArch: %{rust_arches}
- rust-typed-arena1
ExclusiveArch: %{rust_arches}
- rust-typemap
ExclusiveArch: %{rust_arches}
- rust-typenum
ExclusiveArch: %{rust_arches}
- rust-typetag
ExclusiveArch: %{rust_arches}
- rust-typetag-impl
ExclusiveArch: %{rust_arches}
- rust-tzfile
ExclusiveArch: %{rust_arches}
- rust-ucd-parse
ExclusiveArch: %{rust_arches}
- rust-ucd-trie
ExclusiveArch: %{rust_arches}
- rust-ucd-util
ExclusiveArch: %{rust_arches}
- rust-umask
ExclusiveArch: %{rust_arches}
- rust-uncased
ExclusiveArch: %{rust_arches}
- rust-unchecked-index
ExclusiveArch: %{rust_arches}
- rust-unescape
ExclusiveArch: %{rust_arches}
- rust-unic-char-property
ExclusiveArch: %{rust_arches}
- rust-unic-char-range
ExclusiveArch: %{rust_arches}
- rust-unic-common
ExclusiveArch: %{rust_arches}
- rust-unic-langid
ExclusiveArch: %{rust_arches}
- rust-unic-langid-impl
ExclusiveArch: %{rust_arches}
- rust-unic-langid-macros
ExclusiveArch: %{rust_arches}
- rust-unic-langid-macros-impl
ExclusiveArch: %{rust_arches}
- rust-unic-locale
ExclusiveArch: %{rust_arches}
- rust-unic-locale-impl
ExclusiveArch: %{rust_arches}
- rust-unic-locale-macros
ExclusiveArch: %{rust_arches}
- rust-unic-locale-macros-impl
ExclusiveArch: %{rust_arches}
- rust-unic-segment
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-category
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-common
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-segment
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-version
ExclusiveArch: %{rust_arches}
- rust-unicase
ExclusiveArch: %{rust_arches}
- rust-unicase1
ExclusiveArch: %{rust_arches}
- rust-unicode-bidi
ExclusiveArch: %{rust_arches}
- rust-unicode-linebreak
ExclusiveArch: %{rust_arches}
- rust-unicode-normalization
ExclusiveArch: %{rust_arches}
- rust-unicode-segmentation
ExclusiveArch: %{rust_arches}
- rust-unicode-truncate
ExclusiveArch: %{rust_arches}
- rust-unicode-width
ExclusiveArch: %{rust_arches}
- rust-unicode-xid
ExclusiveArch: %{rust_arches}
- rust-unicode-xid0.1
ExclusiveArch: %{rust_arches}
- rust-unicode_categories
ExclusiveArch: %{rust_arches}
- rust-unindent
ExclusiveArch: %{rust_arches}
- rust-universal-hash
ExclusiveArch: %{rust_arches}
- rust-unix_socket
ExclusiveArch: %{rust_arches}
- rust-unreachable
ExclusiveArch: %{rust_arches}
- rust-unsafe-any
ExclusiveArch: %{rust_arches}
- rust-untrusted
ExclusiveArch: %{rust_arches}
- rust-uom
ExclusiveArch: %{rust_arches}
- rust-url
ExclusiveArch: %{rust_arches}
- rust-url1
ExclusiveArch: %{rust_arches}
- rust-url_serde
ExclusiveArch: %{rust_arches}
- rust-urlencoding
ExclusiveArch: %{rust_arches}
- rust-urlocator
ExclusiveArch: %{rust_arches}
- rust-urlshortener
ExclusiveArch: %{rust_arches}
- rust-userfaultfd
ExclusiveArch: %{rust_arches}
- rust-userfaultfd-sys
ExclusiveArch: %{rust_arches}
- rust-users
ExclusiveArch: %{rust_arches}
- rust-users0.10
ExclusiveArch: %{rust_arches}
- rust-utf-8
ExclusiveArch: %{rust_arches}
- rust-utf8-ranges
ExclusiveArch: %{rust_arches}
- rust-utf8-width
ExclusiveArch: %{rust_arches}
- rust-utf8parse
ExclusiveArch: %{rust_arches}
- rust-uuid
ExclusiveArch: %{rust_arches}
- rust-uuid0.7
ExclusiveArch: %{rust_arches}
- rust-v_frame
ExclusiveArch: %{rust_arches}
- rust-value-bag
ExclusiveArch: %{rust_arches}
- rust-varbincode
ExclusiveArch: %{rust_arches}
- rust-varlink
ExclusiveArch: %{rust_arches}
- rust-varlink-cli
ExclusiveArch: %{rust_arches}
- rust-varlink_generator
ExclusiveArch: %{rust_arches}
- rust-varlink_parser
ExclusiveArch: %{rust_arches}
- rust-varlink_stdinterfaces
ExclusiveArch: %{rust_arches}
- rust-vcpkg
ExclusiveArch: %{rust_arches}
- rust-vcsgraph
ExclusiveArch: %{rust_arches}
- rust-vec_map
ExclusiveArch: %{rust_arches}
- rust-vergen
ExclusiveArch: %{rust_arches}
- rust-vergen3
ExclusiveArch: %{rust_arches}
- rust-version
ExclusiveArch: %{rust_arches}
- rust-version-compare
ExclusiveArch: %{rust_arches}
- rust-version-sync
ExclusiveArch: %{rust_arches}
- rust-version-sync0.8
ExclusiveArch: %{rust_arches}
- rust-version_check
ExclusiveArch: %{rust_arches}
- rust-versions
ExclusiveArch: %{rust_arches}
- rust-vhost
ExclusiveArch: %{rust_arches}
- rust-virtio-bindings
ExclusiveArch: x86_64 aarch64 ppc64le
- rust-virtio-queue
ExclusiveArch: x86_64 aarch64 s390x
- rust-vm-memory
ExclusiveArch: x86_64 aarch64 ppc64le
- rust-vmm-sys-util
ExclusiveArch: x86_64 aarch64 ppc64le
- rust-vmw_backdoor
ExclusiveArch: %{rust_arches}
- rust-void
ExclusiveArch: %{rust_arches}
- rust-vsprintf
ExclusiveArch: %{rust_arches}
- rust-vte
ExclusiveArch: %{rust_arches}
- rust-vte_generate_state_changes
ExclusiveArch: %{rust_arches}
- rust-vtparse
ExclusiveArch: %{rust_arches}
- rust-wait-timeout
ExclusiveArch: %{rust_arches}
- rust-waker-fn
ExclusiveArch: %{rust_arches}
- rust-walkdir
ExclusiveArch: %{rust_arches}
- rust-want
ExclusiveArch: %{rust_arches}
- rust-warp
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-backend
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-futures
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-macro
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-macro-support
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-shared
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-test
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-test-macro
ExclusiveArch: %{rust_arches}
- rust-wasmer_enumset
ExclusiveArch: %{rust_arches}
- rust-wasmer_enumset_derive
ExclusiveArch: %{rust_arches}
- rust-wasmparser
ExclusiveArch: %{rust_arches}
- rust-wasmtime
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-cache
ExclusiveArch: %{rust_arches}
- rust-wasmtime-cranelift
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-environ
ExclusiveArch: %{rust_arches}
- rust-wasmtime-fiber
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-jit
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-jit-debug
ExclusiveArch: %{rust_arches}
- rust-wasmtime-runtime
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-types
ExclusiveArch: %{rust_arches}
- rust-wasmtime-wast
ExclusiveArch: x86_64 aarch64 s390x
- rust-wast
ExclusiveArch: %{rust_arches}
- rust-wat
ExclusiveArch: %{rust_arches}
- rust-watchman_client
ExclusiveArch: %{rust_arches}
- rust-wayland-client
ExclusiveArch: %{rust_arches}
- rust-wayland-commons
ExclusiveArch: %{rust_arches}
- rust-wayland-cursor
ExclusiveArch: %{rust_arches}
- rust-wayland-egl
ExclusiveArch: %{rust_arches}
- rust-wayland-protocols
ExclusiveArch: %{rust_arches}
- rust-wayland-scanner
ExclusiveArch: %{rust_arches}
- rust-wayland-server
ExclusiveArch: %{rust_arches}
- rust-wayland-sys
ExclusiveArch: %{rust_arches}
- rust-web-sys
ExclusiveArch: %{rust_arches}
- rust-webbrowser
ExclusiveArch: %{rust_arches}
- rust-webpki
ExclusiveArch: %{rust_arches}
- rust-webpki-roots
ExclusiveArch: %{rust_arches}
- rust-websocket
ExclusiveArch: %{rust_arches}
- rust-websocket-base
ExclusiveArch: %{rust_arches}
- rust-weezl
ExclusiveArch: %{rust_arches}
- rust-which
ExclusiveArch: %{rust_arches}
- rust-wide
ExclusiveArch: %{rust_arches}
- rust-wiggle
ExclusiveArch: x86_64 aarch64 s390x
- rust-wiggle-generate
ExclusiveArch: %{rust_arches}
- rust-wiggle-macro
ExclusiveArch: %{rust_arches}
- rust-wild
ExclusiveArch: %{rust_arches}
- rust-wildmatch
ExclusiveArch: %{rust_arches}
- rust-winit
ExclusiveArch: %{rust_arches}
- rust-witx
ExclusiveArch: %{rust_arches}
- rust-ws
ExclusiveArch: %{rust_arches}
- rust-wyz
ExclusiveArch: %{rust_arches}
- rust-x11
ExclusiveArch: %{rust_arches}
- rust-x11-clipboard
ExclusiveArch: %{rust_arches}
- rust-x11-dl
ExclusiveArch: %{rust_arches}
- rust-xattr
ExclusiveArch: %{rust_arches}
- rust-xcb
ExclusiveArch: %{rust_arches}
- rust-xcursor
ExclusiveArch: %{rust_arches}
- rust-xdg
ExclusiveArch: %{rust_arches}
- rust-xi-unicode
ExclusiveArch: %{rust_arches}
- rust-xkbcommon
ExclusiveArch: %{rust_arches}
- rust-xml-rs
ExclusiveArch: %{rust_arches}
- rust-xml5ever
ExclusiveArch: %{rust_arches}
- rust-xmlparser
ExclusiveArch: %{rust_arches}
- rust-xmlwriter
ExclusiveArch: %{rust_arches}
- rust-xz2
ExclusiveArch: %{rust_arches}
- rust-y4m
ExclusiveArch: %{rust_arches}
- rust-yaml-rust
ExclusiveArch: %{rust_arches}
- rust-yaml-rust0.3
ExclusiveArch: %{rust_arches}
- rust-ybaas
ExclusiveArch: %{rust_arches}
- rust-yubibomb
ExclusiveArch: %{rust_arches}
- rust-zbase32
ExclusiveArch: %{rust_arches}
- rust-zbus
ExclusiveArch: %{rust_arches}
- rust-zbus_macros
ExclusiveArch: %{rust_arches}
- rust-zeroize
ExclusiveArch: %{rust_arches}
- rust-zeroize_derive
ExclusiveArch: %{rust_arches}
- rust-zincati
ExclusiveArch: %{rust_arches}
- rust-zip
ExclusiveArch: %{rust_arches}
- rust-zmq
ExclusiveArch: %{rust_arches}
- rust-zmq-sys
ExclusiveArch: %{rust_arches}
- rust-zoneinfo_compiled
ExclusiveArch: %{rust_arches}
- rust-zoxide
ExclusiveArch: %{rust_arches}
- rust-zram-generator
ExclusiveArch: %{rust_arches}
- rust-zstd
ExclusiveArch: %{rust_arches}
- rust-zstd-safe
ExclusiveArch: %{rust_arches}
- rust-zstd-sys
ExclusiveArch: %{rust_arches}
- rust-zvariant
ExclusiveArch: %{rust_arches}
- rust-zvariant_derive
ExclusiveArch: %{rust_arches}
- s390utils
ExclusiveArch: s390 s390x
- safetyblanket
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- sagemath
ExclusiveArch: aarch64 x86_64
- sbcl
ExclusiveArch: %{arm} %{ix86} x86_64 ppc sparcv9 aarch64
- sbd
ExclusiveArch: i686 x86_64 s390x aarch64 ppc64le
- sbsigntools
ExclusiveArch: x86_64 aarch64 %{arm} %{ix86}
- sdsl-lite
ExclusiveArch: %{power64} x86_64 aarch64
- seabios
ExclusiveArch: x86_64
- seadrive-gui
ExclusiveArch: %{qt5_qtwebengine_arches}
- seafile-client
ExclusiveArch: %{qt5_qtwebengine_arches}
- seamonkey
ExclusiveArch: x86_64
- seqan3
ExclusiveArch: %{power64} x86_64 aarch64
- servicelog
ExclusiveArch: ppc %{power64}
- sgabios
ExclusiveArch: %{ix86} x86_64
- sharpfont
ExclusiveArch: %mono_arches
- sharpziplib
ExclusiveArch: %{mono_arches}
- shim
ExclusiveArch: %{efi}
- shim-unsigned-aarch64
ExclusiveArch: aarch64
- shim-unsigned-x64
ExclusiveArch: x86_64
- sigul
ExclusiveArch: x86_64
- skopeo
ExclusiveArch: %{go_arches}
- skychart
ExclusiveArch: %{fpc_arches}
- snapd
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
- soup-sharp
ExclusiveArch: %{mono_arches}
- sparkleshare
ExclusiveArch: %{mono_arches}
- spicctrl
ExclusiveArch: %{ix86} x86_64
- spice
ExclusiveArch: x86_64
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- springlobby
ExclusiveArch: %{ix86} x86_64
- squeekboard
ExclusiveArch: %{rust_arches}
- startdde
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- statsd
ExclusiveArch: %{nodejs_arches} noarch
- stratis-cli
ExclusiveArch: %{rust_arches} noarch
- stratisd
ExclusiveArch: %{rust_arches}
ExclusiveArch: %{rust_arches}
- stripesnoop
ExclusiveArch: %{ix86} x86_64
- supercollider
ExclusiveArch: %{qt5_qtwebengine_arches}
- supermin
ExclusiveArch: %{kernel_arches}
- svt-av1
ExclusiveArch: x86_64
- svt-vp9
ExclusiveArch: x86_64
- swift-lang
ExclusiveArch: x86_64 aarch64
- sysbench
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips}
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64 ppc64le s390x
- syslinux
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{ix86} x86_64
- system76-keyboard-configurator
ExclusiveArch: %{rust_arches}
- taglib-sharp
ExclusiveArch: %{mono_arches}
- tarantool
ExclusiveArch: %{ix86} x86_64
- tboot
ExclusiveArch: %{ix86} x86_64
- tdlib
ExclusiveArch: x86_64 aarch64
- templates_parser
ExclusiveArch: %GPRbuild_arches
- ternimal
ExclusiveArch: %{rust_arches}
- testcloud
ExclusiveArch: %{kernel_arches} noarch
- themonospot-base
ExclusiveArch: %mono_arches
- themonospot-console
ExclusiveArch: %mono_arches
- themonospot-gui-gtk
ExclusiveArch: %mono_arches
- themonospot-plugin-avi
ExclusiveArch: %mono_arches
- themonospot-plugin-mkv
ExclusiveArch: %mono_arches
- thermald
ExclusiveArch: %{ix86} x86_64
- tilix
ExclusiveArch: %{ldc_arches}
- tomboy
ExclusiveArch: %{mono_arches}
- torbrowser-launcher
ExclusiveArch: %{ix86} x86_64
- tuned-profiles-nfv-host-bin
ExclusiveArch: %{ix86} x86_64
- uClibc
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips}
- ucx
ExclusiveArch: aarch64 ppc64le x86_64
- uglify-js
ExclusiveArch: %{nodejs_arches} noarch
- unetbootin
ExclusiveArch: %{ix86} x86_64
- ursa-major
ExclusiveArch: noarch aarch64 ppc64le s390x x86_64
- usd
ExclusiveArch: aarch64 x86_64
- v8-314
ExclusiveArch: %{ix86} x86_64 %{arm} mips mipsel ppc ppc64
- valgrind
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
- vboot-utils
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- vim-go
ExclusiveArch: %{?golang_arches}%{!?golang_arches:%{ix86} x86_64 %{arm}}
- virt-p2v
ExclusiveArch: x86_64
- virt-v2v
ExclusiveArch: x86_64
- virtualbox-guest-additions
ExclusiveArch: i686 x86_64
- vkd3d
ExclusiveArch: %{ix86} x86_64 %{arm}
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- vmaf
ExclusiveArch: x86_64
- vmemcache
ExclusiveArch: x86_64 ppc64 ppc64le s390x aarch64
- vrq
ExclusiveArch: %{ix86} x86_64
- warsow
ExclusiveArch: %{ix86} x86_64 %{arm}
- warsow-data
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
ExclusiveArch: %{ix86} x86_64 %{arm}
- webkit2-sharp
ExclusiveArch: %mono_arches
- wine
ExclusiveArch: %{ix86} x86_64 aarch64
ExclusiveArch: %{ix86}
- wine-dxvk
ExclusiveArch: %{ix86} x86_64
- winetricks
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- wxMaxima
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc sparcv9
- x2goclient
ExclusiveArch: x86_64
- xe-guest-utilities-latest
ExclusiveArch: %{ix86} x86_64
- xen
ExclusiveArch: %{ix86} x86_64 armv7hl aarch64
- xmlada
ExclusiveArch: %{GPRbuild_arches}
- xorg-x11-drv-armsoc
ExclusiveArch: %{arm} aarch64
- xorg-x11-drv-intel
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-openchrome
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-vesa
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-vmware
ExclusiveArch: %{ix86} x86_64 ia64
- xsp
ExclusiveArch: %mono_arches
- yarnpkg
ExclusiveArch: %{nodejs_arches} noarch
- zcfan
ExclusiveArch: x86_64
- zeal
ExclusiveArch: %{qt5_qtwebengine_arches}
- zeromq-ada
ExclusiveArch: %{GPRbuild_arches}
- zig
ExclusiveArch: %{zig_arches}
- zlib-ada
ExclusiveArch: %{GPRbuild_arches}
- zlib-ng
ExclusiveArch: aarch64 i686 ppc64le s390x x86_64
- zola
ExclusiveArch: %{rust_arches}
1 year, 12 months
Architecture specific change in rpms/python-mrcfile.git
by githook-noreply@fedoraproject.org
The package rpms/python-mrcfile.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/python-mrcfile.git/commit/?id=6b4...
https://src.fedoraproject.org/cgit/rpms/python-mrcfile.git/commit/?id=ef9....
Change:
-%ifarch s390x
+%ifarch s390x
Thanks.
Full change:
============
commit 6b478d1c17fc82ca5f24623555374b54a267ccb9
Author: Dominik 'Rathann' Mierzejewski <dominik(a)greysector.net>
Date: Wed Apr 27 09:58:26 2022 +0200
backport upstream endiannes fixes
backport upstream numpy deprecation warning fix
diff --git a/0001-Switch-to-built-in-bool-type-to-avoid-numpy-deprecat.patch b/0001-Switch-to-built-in-bool-type-to-avoid-numpy-deprecat.patch
new file mode 100644
index 0000000..e7b43bc
--- /dev/null
+++ b/0001-Switch-to-built-in-bool-type-to-avoid-numpy-deprecat.patch
@@ -0,0 +1,26 @@
+From 085794f7ae78b5722d847baa5d76e4d4692e9ca2 Mon Sep 17 00:00:00 2001
+From: Colin Palmer <colin.palmer(a)stfc.ac.uk>
+Date: Fri, 19 Feb 2021 11:07:12 +0000
+Subject: [PATCH] Switch to built-in bool type to avoid numpy deprecation
+ warning
+
+---
+ tests/test_utils.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/test_utils.py b/tests/test_utils.py
+index bbc4eb0..bab0c9e 100644
+--- a/tests/test_utils.py
++++ b/tests/test_utils.py
+@@ -136,7 +136,7 @@ class UtilsTest(AssertRaisesRegexMixin, unittest.TestCase):
+
+ def test_bool_dtype_raises_exception(self):
+ with self.assertRaises(ValueError):
+- utils.mode_from_dtype(np.dtype(np.bool))
++ utils.mode_from_dtype(np.dtype(bool))
+
+ def test_object_dtype_raises_exception(self):
+ with self.assertRaises(ValueError):
+--
+2.36.0
+
diff --git a/0001-Use-explicit-endianness-for-FEI-extended-header-dtyp.patch b/0001-Use-explicit-endianness-for-FEI-extended-header-dtyp.patch
new file mode 100644
index 0000000..ba05ee9
--- /dev/null
+++ b/0001-Use-explicit-endianness-for-FEI-extended-header-dtyp.patch
@@ -0,0 +1,436 @@
+From b0d806dc163607508f71da69f1c34b98a07d7c6c Mon Sep 17 00:00:00 2001
+From: Colin Palmer <colin.palmer(a)stfc.ac.uk>
+Date: Tue, 26 Apr 2022 16:35:02 +0100
+Subject: [PATCH 1/3] Use explicit endianness for FEI extended header dtypes
+
+This fixes https://github.com/ccpem/mrcfile/issues/35
+
+The FEI documentation is unclear about endianness. It's quite likely
+that no MRC files will ever exist that have big-endian data in the FEI
+extended header so perhaps we could have just assumed little-endianness
+in all cases, but nonetheless it felt safer to make the extended
+header's endianness match the standard header (except for the bitmask
+fields that are specified as little-endian and required a bit of
+complexity to get right).
+---
+ mrcfile/dtypes.py | 224 +++++++++++++++++++++-----------------
+ mrcfile/mrcinterpreter.py | 19 ++--
+ tests/test_dtypes.py | 100 +++++++++++++++++
+ 3 files changed, 236 insertions(+), 107 deletions(-)
+ create mode 100644 tests/test_dtypes.py
+
+diff --git a/mrcfile/dtypes.py b/mrcfile/dtypes.py
+index 5197a6c..8db93aa 100644
+--- a/mrcfile/dtypes.py
++++ b/mrcfile/dtypes.py
+@@ -19,6 +19,8 @@ from __future__ import absolute_import, division, print_function
+
+ import numpy as np
+
++from .utils import normalise_byte_order
++
+
+ HEADER_DTYPE = np.dtype([
+ ('nx', 'i4'), # Number of columns
+@@ -95,130 +97,158 @@ NSTART_DTYPE = np.dtype([
+
+ # FEI extended header dtype for metadata version 0, as described in the EPU
+ # manual. Note that the FEI documentation is unclear about the endianness of
+-# the data in the extended header. Probably, it is always little-endian, and
+-# therefore the data might be misinterpreted on a big-endian machine, but this
+-# has not been tested.
++# the data in the extended header, except for the bitmask fields which are
++# specified as little-endian. To construct mixed-endian dtypes, we initially
++# construct a big-endian type, with only the bitmasks little-endian, then we
++# swap all fields to little-endian if we need a fully little-endian type.
+ fei_dtype_dict = [
+- ('Metadata size', 'i4'),
+- ('Metadata version', 'i4'),
+- ('Bitmask 1', 'u4'),
+- ('Timestamp', 'f8'), # Not specified, but suspect this is in days after 1/1/1900
++ ('Metadata size', '>i4'),
++ ('Metadata version', '>i4'),
++ ('Bitmask 1', '<u4'),
++ ('Timestamp', '>f8'), # Not specified, but suspect this is in days after 1/1/1900
+ ('Microscope type', 'S16'),
+ ('D-Number', 'S16'),
+ ('Application', 'S16'),
+ ('Application version', 'S16'),
+- ('HT', 'f8'),
+- ('Dose', 'f8'),
+- ('Alpha tilt', 'f8'),
+- ('Beta tilt', 'f8'),
+- ('X-Stage', 'f8'),
+- ('Y-Stage', 'f8'),
+- ('Z-Stage', 'f8'),
+- ('Tilt axis angle', 'f8'),
+- ('Dual axis rotation', 'f8'),
+- ('Pixel size X', 'f8'),
+- ('Pixel size Y', 'f8'),
++ ('HT', '>f8'),
++ ('Dose', '>f8'),
++ ('Alpha tilt', '>f8'),
++ ('Beta tilt', '>f8'),
++ ('X-Stage', '>f8'),
++ ('Y-Stage', '>f8'),
++ ('Z-Stage', '>f8'),
++ ('Tilt axis angle', '>f8'),
++ ('Dual axis rotation', '>f8'),
++ ('Pixel size X', '>f8'),
++ ('Pixel size Y', '>f8'),
+ ('Unused range', 'S48'),
+- ('Defocus', 'f8'),
+- ('STEM Defocus', 'f8'),
+- ('Applied defocus', 'f8'),
+- ('Instrument mode', 'i4'),
+- ('Projection mode', 'i4'),
++ ('Defocus', '>f8'),
++ ('STEM Defocus', '>f8'),
++ ('Applied defocus', '>f8'),
++ ('Instrument mode', '>i4'),
++ ('Projection mode', '>i4'),
+ ('Objective lens mode', 'S16'),
+ ('High magnification mode', 'S16'),
+- ('Probe mode', 'i4'),
++ ('Probe mode', '>i4'),
+ ('EFTEM On', '?'),
+- ('Magnification', 'f8'),
+- ('Bitmask 2', 'u4'),
+- ('Camera length', 'f8'),
+- ('Spot index', 'i4'),
+- ('Illuminated area', 'f8'),
+- ('Intensity', 'f8'),
+- ('Convergence angle', 'f8'),
++ ('Magnification', '>f8'),
++ ('Bitmask 2', '<u4'),
++ ('Camera length', '>f8'),
++ ('Spot index', '>i4'),
++ ('Illuminated area', '>f8'),
++ ('Intensity', '>f8'),
++ ('Convergence angle', '>f8'),
+ ('Illumination mode', 'S16'),
+ ('Wide convergence angle range', '?'),
+ ('Slit inserted', '?'),
+- ('Slit width', 'f8'),
+- ('Acceleration voltage offset', 'f8'),
+- ('Drift tube voltage', 'f8'),
+- ('Energy shift', 'f8'),
+- ('Shift offset X', 'f8'),
+- ('Shift offset Y', 'f8'),
+- ('Shift X', 'f8'),
+- ('Shift Y', 'f8'),
+- ('Integration time', 'f8'),
+- ('Binning Width', 'i4'),
+- ('Binning Height', 'i4'),
++ ('Slit width', '>f8'),
++ ('Acceleration voltage offset', '>f8'),
++ ('Drift tube voltage', '>f8'),
++ ('Energy shift', '>f8'),
++ ('Shift offset X', '>f8'),
++ ('Shift offset Y', '>f8'),
++ ('Shift X', '>f8'),
++ ('Shift Y', '>f8'),
++ ('Integration time', '>f8'),
++ ('Binning Width', '>i4'),
++ ('Binning Height', '>i4'),
+ ('Camera name', 'S16'),
+- ('Readout area left', 'i4'),
+- ('Readout area top', 'i4'),
+- ('Readout area right', 'i4'),
+- ('Readout area bottom', 'i4'),
++ ('Readout area left', '>i4'),
++ ('Readout area top', '>i4'),
++ ('Readout area right', '>i4'),
++ ('Readout area bottom', '>i4'),
+ ('Ceta noise reduction', '?'),
+- ('Ceta frames summed', 'i4'),
++ ('Ceta frames summed', '>i4'),
+ ('Direct detector electron counting', '?'),
+ ('Direct detector align frames', '?'),
+- ('Camera param reserved 0', 'i4'),
+- ('Camera param reserved 1', 'i4'),
+- ('Camera param reserved 2', 'i4'),
+- ('Camera param reserved 3', 'i4'),
+- ('Bitmask 3', 'u4'),
+- ('Camera param reserved 4', 'i4'),
+- ('Camera param reserved 5', 'i4'),
+- ('Camera param reserved 6', 'i4'),
+- ('Camera param reserved 7', 'i4'),
+- ('Camera param reserved 8', 'i4'),
+- ('Camera param reserved 9', 'i4'),
++ ('Camera param reserved 0', '>i4'),
++ ('Camera param reserved 1', '>i4'),
++ ('Camera param reserved 2', '>i4'),
++ ('Camera param reserved 3', '>i4'),
++ ('Bitmask 3', '<u4'),
++ ('Camera param reserved 4', '>i4'),
++ ('Camera param reserved 5', '>i4'),
++ ('Camera param reserved 6', '>i4'),
++ ('Camera param reserved 7', '>i4'),
++ ('Camera param reserved 8', '>i4'),
++ ('Camera param reserved 9', '>i4'),
+ ('Phase Plate', '?'),
+ ('STEM Detector name', 'S16'),
+- ('Gain', 'f8'),
+- ('Offset', 'f8'),
+- ('STEM param reserved 0', 'i4'),
+- ('STEM param reserved 1', 'i4'),
+- ('STEM param reserved 2', 'i4'),
+- ('STEM param reserved 3', 'i4'),
+- ('STEM param reserved 4', 'i4'),
+- ('Dwell time', 'f8'),
+- ('Frame time', 'f8'),
+- ('Scan size left', 'i4'),
+- ('Scan size top', 'i4'),
+- ('Scan size right', 'i4'),
+- ('Scan size bottom', 'i4'),
+- ('Full scan FOV X', 'f8'),
+- ('Full scan FOV Y', 'f8'),
++ ('Gain', '>f8'),
++ ('Offset', '>f8'),
++ ('STEM param reserved 0', '>i4'),
++ ('STEM param reserved 1', '>i4'),
++ ('STEM param reserved 2', '>i4'),
++ ('STEM param reserved 3', '>i4'),
++ ('STEM param reserved 4', '>i4'),
++ ('Dwell time', '>f8'),
++ ('Frame time', '>f8'),
++ ('Scan size left', '>i4'),
++ ('Scan size top', '>i4'),
++ ('Scan size right', '>i4'),
++ ('Scan size bottom', '>i4'),
++ ('Full scan FOV X', '>f8'),
++ ('Full scan FOV Y', '>f8'),
+ ('Element', 'S16'),
+- ('Energy interval lower', 'f8'),
+- ('Energy interval higher', 'f8'),
+- ('Method', 'i4'),
++ ('Energy interval lower', '>f8'),
++ ('Energy interval higher', '>f8'),
++ ('Method', '>i4'),
+ ('Is dose fraction', '?'),
+- ('Fraction number', 'i4'),
+- ('Start frame', 'i4'),
+- ('End frame', 'i4'),
++ ('Fraction number', '>i4'),
++ ('Start frame', '>i4'),
++ ('End frame', '>i4'),
+ ('Input stack filename', 'S80'),
+- ('Bitmask 4', 'u4'),
+- ('Alpha tilt min', 'f8'),
+- ('Alpha tilt max', 'f8')
++ ('Bitmask 4', '<u4'),
++ ('Alpha tilt min', '>f8'),
++ ('Alpha tilt max', '>f8')
+ ]
+-FEI1_EXTENDED_HEADER_DTYPE = np.dtype(fei_dtype_dict)
++fei1_dtype_big_endian = np.dtype(fei_dtype_dict)
+
+
+ # Additional metadata entries for FEI extended header dtype for metadata version 2,
+ # as described in https://www.fei-software-center.com/tem-apps/MRC-2014-Specifications/
+ fei_dtype_dict.extend([
+- ('Scan rotation', 'f8'),
+- ('Diffraction pattern rotation', 'f8'),
+- ('Image rotation', 'f8'),
+- ('Scan mode enumeration', 'i4'),
+- ('Acquisition time stamp', 'i8'),
++ ('Scan rotation', '>f8'),
++ ('Diffraction pattern rotation', '>f8'),
++ ('Image rotation', '>f8'),
++ ('Scan mode enumeration', '>i4'),
++ ('Acquisition time stamp', '>i8'),
+ ('Detector commercial name', 'S16'),
+- ('Start tilt angle', 'f8'),
+- ('End tilt angle', 'f8'),
+- ('Tilt per image', 'f8'),
+- ('Tilt speed', 'f8'),
+- ('Beam center X pixel', 'i4'),
+- ('Beam center Y pixel', 'i4'),
+- ('CFEG flash timestamp', 'i8'),
+- ('Phase plate position index', 'i4'),
++ ('Start tilt angle', '>f8'),
++ ('End tilt angle', '>f8'),
++ ('Tilt per image', '>f8'),
++ ('Tilt speed', '>f8'),
++ ('Beam center X pixel', '>i4'),
++ ('Beam center Y pixel', '>i4'),
++ ('CFEG flash timestamp', '>i8'),
++ ('Phase plate position index', '>i4'),
+ ('Objective aperture name', 'S16')
+ ])
+-FEI2_EXTENDED_HEADER_DTYPE = np.dtype(fei_dtype_dict)
++fei2_dtype_big_endian = np.dtype(fei_dtype_dict)
++
++
++def get_ext_header_dtype(exttyp, byte_order='='):
++ """Get a dtype for an extended header.
++
++ Args:
++ exttyp: One of ``b'FEI1'`` or ``b'FEI2'``, which are currently the only
++ supported extended header types.
++ byte_order: One of ``=``, ``<`` or ``>``.
++
++ Returns:
++ A :class:`numpy dtype <numpy.dtype>` object for the extended header, or
++ :data:`None`
++
++ Raises:
++ :exc:`ValueError`: If ``byte_order`` is not one of ``=``, ``<`` or ``>``.
++ """
++ normalised_byte_order = normalise_byte_order(byte_order)
++ dtype = None
++ if exttyp == b'FEI1':
++ dtype = fei1_dtype_big_endian
++ elif exttyp == b'FEI2':
++ dtype = fei2_dtype_big_endian
++ # If returning a little-endian FEI1 or FEI2 dtype, need to swap the byte order
++ if dtype is not None and normalised_byte_order == '<':
++ dtype = dtype.newbyteorder('<')
++ return dtype
+diff --git a/mrcfile/mrcinterpreter.py b/mrcfile/mrcinterpreter.py
+index 0dab80d..8388da1 100644
+--- a/mrcfile/mrcinterpreter.py
++++ b/mrcfile/mrcinterpreter.py
+@@ -21,7 +21,7 @@ import warnings
+ import numpy as np
+
+ from . import utils
+-from .dtypes import HEADER_DTYPE, FEI1_EXTENDED_HEADER_DTYPE, FEI2_EXTENDED_HEADER_DTYPE
++from .dtypes import HEADER_DTYPE, get_ext_header_dtype
+ from .mrcobject import MrcObject
+ from .constants import MAP_ID
+
+@@ -284,15 +284,14 @@ class MrcInterpreter(MrcObject):
+
+ self._extended_header = np.frombuffer(ext_header_arr, dtype='V1')
+
+- try:
+- if self.header.exttyp == b'FEI1':
+- self._extended_header.dtype = FEI1_EXTENDED_HEADER_DTYPE
+- elif self.header.exttyp == b'FEI2':
+- self._extended_header.dtype = FEI2_EXTENDED_HEADER_DTYPE
+- except ValueError:
+- warnings.warn("File has exttyp '{}' but the extended header "
+- "cannot be interpreted as that type"
+- .format(self.header.exttyp), RuntimeWarning)
++ dtype = get_ext_header_dtype(self.header.exttyp)
++ if dtype is not None:
++ try:
++ self._extended_header.dtype = dtype
++ except ValueError:
++ warnings.warn("File has exttyp '{}' but the extended header "
++ "cannot be interpreted as that type"
++ .format(self.header.exttyp), RuntimeWarning)
+
+ self._extended_header.flags.writeable = not self._read_only
+
+diff --git a/tests/test_dtypes.py b/tests/test_dtypes.py
+new file mode 100644
+index 0000000..7b7988f
+--- /dev/null
++++ b/tests/test_dtypes.py
+@@ -0,0 +1,100 @@
++# Copyright (c) 2022, Science and Technology Facilities Council
++# This software is distributed under a BSD licence. See LICENSE.txt.
++
++"""
++Tests for dtypes.py
++"""
++
++# Import Python 3 features for future-proofing
++# Deliberately do NOT import unicode_literals due to a bug in numpy dtypes:
++# https://github.com/numpy/numpy/issues/2407
++from __future__ import absolute_import, division, print_function
++
++import unittest
++
++import mrcfile.dtypes as dtypes
++import mrcfile.utils as utils
++from .helpers import AssertRaisesRegexMixin
++
++
++class DtypesTest(AssertRaisesRegexMixin, unittest.TestCase):
++
++ """Unit tests for mrcfile.dtypes"""
++
++ def test_invalid_byte_order_raises_exception(self):
++ with self.assertRaisesRegex(ValueError, "Unrecognised byte order indicator"):
++ _ = dtypes.get_ext_header_dtype('', 'a')
++
++ def test_fei1_ext_header_with_native_byte_order(self):
++ dtype = dtypes.get_ext_header_dtype(b'FEI1')
++ assert dtype.itemsize == 768
++ assert utils.byte_orders_equal(dtype['Metadata size'].byteorder, '=')
++ with self.assertRaises(KeyError):
++ _ = dtype['Scan rotation']
++ # Bitmasks should always be little-endian
++ assert utils.byte_orders_equal(dtype['Bitmask 1'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 2'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 3'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 4'].byteorder, '<')
++
++ def test_fei2_ext_header_with_native_byte_order(self):
++ dtype = dtypes.get_ext_header_dtype(b'FEI2')
++ assert dtype.itemsize == 888
++ assert utils.byte_orders_equal(dtype['Metadata size'].byteorder, '=')
++ assert dtype['Scan rotation'] is not None
++ assert utils.byte_orders_equal(dtype['Scan rotation'].byteorder, '=')
++ # Bitmasks should always be little-endian
++ assert utils.byte_orders_equal(dtype['Bitmask 1'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 2'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 3'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 4'].byteorder, '<')
++
++ def test_fei1_ext_header_with_little_endian_byte_order(self):
++ dtype = dtypes.get_ext_header_dtype(b'FEI1', '<')
++ # Normal fields should match the requested byte order
++ assert utils.byte_orders_equal(dtype['Metadata size'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Alpha tilt'].byteorder, '<')
++ # Bitmasks should always be little-endian
++ assert utils.byte_orders_equal(dtype['Bitmask 1'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 2'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 3'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 4'].byteorder, '<')
++
++ def test_fei2_ext_header_with_little_endian_byte_order(self):
++ dtype = dtypes.get_ext_header_dtype(b'FEI2', '<')
++ # Normal fields should match the requested byte order
++ assert utils.byte_orders_equal(dtype['Metadata size'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Alpha tilt'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Scan rotation'].byteorder, '<')
++ # Bitmasks should always be little-endian
++ assert utils.byte_orders_equal(dtype['Bitmask 1'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 2'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 3'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 4'].byteorder, '<')
++
++ def test_fei1_ext_header_with_big_endian_byte_order(self):
++ dtype = dtypes.get_ext_header_dtype(b'FEI1', '>')
++ # Normal fields should match the requested byte order
++ assert utils.byte_orders_equal(dtype['Metadata size'].byteorder, '>')
++ assert utils.byte_orders_equal(dtype['Alpha tilt'].byteorder, '>')
++ # Bitmasks should always be little-endian
++ assert utils.byte_orders_equal(dtype['Bitmask 1'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 2'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 3'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 4'].byteorder, '<')
++
++ def test_fei2_ext_header_with_big_endian_byte_order(self):
++ dtype = dtypes.get_ext_header_dtype(b'FEI2', '>')
++ # Normal fields should match the requested byte order
++ assert utils.byte_orders_equal(dtype['Metadata size'].byteorder, '>')
++ assert utils.byte_orders_equal(dtype['Alpha tilt'].byteorder, '>')
++ assert utils.byte_orders_equal(dtype['Scan rotation'].byteorder, '>')
++ # Bitmasks should always be little-endian
++ assert utils.byte_orders_equal(dtype['Bitmask 1'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 2'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 3'].byteorder, '<')
++ assert utils.byte_orders_equal(dtype['Bitmask 4'].byteorder, '<')
++
++
++if __name__ == '__main__':
++ unittest.main()
+--
+2.36.0
+
diff --git a/0002-Finish-applying-extended-header-byte-order-fix.patch b/0002-Finish-applying-extended-header-byte-order-fix.patch
new file mode 100644
index 0000000..7e6d87b
--- /dev/null
+++ b/0002-Finish-applying-extended-header-byte-order-fix.patch
@@ -0,0 +1,28 @@
+From f6a1f460558822b0029f1e74d94755d7816ff243 Mon Sep 17 00:00:00 2001
+From: Colin Palmer <colin.palmer(a)stfc.ac.uk>
+Date: Tue, 26 Apr 2022 16:58:55 +0100
+Subject: [PATCH 2/3] Finish applying extended header byte order fix
+
+https://github.com/ccpem/mrcfile/issues/35
+---
+ mrcfile/mrcinterpreter.py | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/mrcfile/mrcinterpreter.py b/mrcfile/mrcinterpreter.py
+index 8388da1..ad3132f 100644
+--- a/mrcfile/mrcinterpreter.py
++++ b/mrcfile/mrcinterpreter.py
+@@ -284,7 +284,9 @@ class MrcInterpreter(MrcObject):
+
+ self._extended_header = np.frombuffer(ext_header_arr, dtype='V1')
+
+- dtype = get_ext_header_dtype(self.header.exttyp)
++ # Use the header's byte order for the extended header
++ dtype = get_ext_header_dtype(self.header.exttyp,
++ self.header.mode.dtype.byteorder)
+ if dtype is not None:
+ try:
+ self._extended_header.dtype = dtype
+--
+2.36.0
+
diff --git a/0003-Check-that-test-file-extended-header-is-always-littl.patch b/0003-Check-that-test-file-extended-header-is-always-littl.patch
new file mode 100644
index 0000000..9adbe98
--- /dev/null
+++ b/0003-Check-that-test-file-extended-header-is-always-littl.patch
@@ -0,0 +1,45 @@
+From 6f697a2cbd3d4d07c4f5a90029c6a994d07dc6b9 Mon Sep 17 00:00:00 2001
+From: Colin Palmer <colin.palmer(a)stfc.ac.uk>
+Date: Tue, 26 Apr 2022 17:08:59 +0100
+Subject: [PATCH 3/3] Check that test file extended header is always
+ little-endian
+
+Previously, these tests passed on little-endian hardware but failed
+on big-endian hardware.
+
+https://github.com/ccpem/mrcfile/issues/35
+---
+ tests/test_mrcfile.py | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_mrcfile.py b/tests/test_mrcfile.py
+index 9f6eab7..2b7e7b7 100644
+--- a/tests/test_mrcfile.py
++++ b/tests/test_mrcfile.py
+@@ -172,7 +172,10 @@ class MrcFileTest(MrcObjectTest):
+ ext = mrc.extended_header
+ assert ext.nbytes == 786432
+ assert ext.dtype.kind == 'V'
+- assert ext.dtype['Metadata size'] == np.dtype('|i')
++ # Most fields (e.g. Metadata size) are little-endian in this file
++ assert ext.dtype['Metadata size'] == np.dtype('<i4')
++ # Bitmasks should always be little-endian
++ assert ext.dtype['Bitmask 1'] == np.dtype('<u4')
+ assert ext.dtype['Microscope type'] == np.dtype('|S16')
+ assert ext[0]['Metadata size'] == 768
+ assert ext[0]['Metadata version'] == 0
+@@ -188,7 +191,10 @@ class MrcFileTest(MrcObjectTest):
+ ext = mrc.extended_header
+ assert ext.nbytes == 909312
+ assert ext.dtype.kind == 'V'
+- assert ext.dtype['Metadata size'] == np.dtype('|i')
++ # Most fields (e.g. Metadata size) are little-endian in this file
++ assert ext.dtype['Metadata size'] == np.dtype('<i4')
++ # Bitmasks should always be little-endian
++ assert ext.dtype['Bitmask 1'] == np.dtype('<u4')
+ assert ext.dtype['Microscope type'] == np.dtype('|S16')
+ assert ext[0]['Metadata size'] == 888
+ assert ext[0]['Metadata version'] == 2
+--
+2.36.0
+
diff --git a/python-mrcfile.spec b/python-mrcfile.spec
index db43612..b6eed77 100644
--- a/python-mrcfile.spec
+++ b/python-mrcfile.spec
@@ -19,11 +19,15 @@ larger software packages to provide basic MRC file I/O functions.
Name: python-%{pname}
Version: 1.3.0
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: MRC2014 file format used in structural biology to store image and volume data
License: BSD
URL: https://github.com/ccpem/mrcfile
Source0: https://github.com/ccpem/mrcfile/archive/v%{version}/%{pname}-%{version}....
+Patch0: 0001-Use-explicit-endianness-for-FEI-extended-header-dtyp.patch
+Patch1: 0002-Finish-applying-extended-header-byte-order-fix.patch
+Patch2: 0003-Check-that-test-file-extended-header-is-always-littl.patch
+Patch3: 0001-Switch-to-built-in-bool-type-to-avoid-numpy-deprecat.patch
%description
%{desc}
@@ -56,12 +60,7 @@ BuildArch: noarch
PYTHONDONTWRITEBYTECODE=1 \
PATH=%{buildroot}/usr/bin:${PATH} \
PYTHONPATH=%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib} \
-python3 -m unittest tests \
-%ifarch s390x
- -k 'not test_extended_header_from_FEI1_file \
- and not test_extended_header_from_FEI2_file'
-%endif
-
+python3 -m unittest tests
%endif
%files -n python3-%{pname}
@@ -73,5 +72,9 @@ python3 -m unittest tests \
%{python3_sitelib}/%{pname}
%changelog
+* Wed Apr 27 2022 Dominik Mierzejewski <dominik(a)greysector.net> - 1.3.0-2
+- backport upstream endiannes fixes
+- backport upstream numpy deprecation warning fix
+
* Fri Mar 11 2022 Dominik Mierzejewski <dominik(a)greysector.net> 1.3.0-1
- initial build
commit ef9da3825d41d23f179d2803f69cccca6e49d328
Author: Dominik 'Rathann' Mierzejewski <dominik(a)greysector.net>
Date: Tue Apr 26 09:53:13 2022 +0200
initial import (#2063369)
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9dff4b6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/mrcfile-1.3.0.tar.gz
diff --git a/python-mrcfile.spec b/python-mrcfile.spec
new file mode 100644
index 0000000..db43612
--- /dev/null
+++ b/python-mrcfile.spec
@@ -0,0 +1,77 @@
+# main package is archful to run tests everywhere but produces noarch packages
+%global debug_package %{nil}
+%bcond_without check
+%global pname mrcfile
+
+%global desc \
+mrcfile is a Python implementation of the MRC2014 file format, which is used in\
+structural biology to store image and volume data.\
+\
+It allows MRC files to be created and opened easily using a very simple API,\
+which exposes the file's header and data as numpy arrays. The code runs in\
+Python 2 and 3 and is fully unit-tested.\
+\
+This library aims to allow users and developers to read and write\
+standard-compliant MRC files in Python as easily as possible, and with no\
+dependencies on any compiled libraries except numpy. You can use it\
+interactively to inspect files, correct headers and so on, or in scripts and\
+larger software packages to provide basic MRC file I/O functions.
+
+Name: python-%{pname}
+Version: 1.3.0
+Release: 1%{?dist}
+Summary: MRC2014 file format used in structural biology to store image and volume data
+License: BSD
+URL: https://github.com/ccpem/mrcfile
+Source0: https://github.com/ccpem/mrcfile/archive/v%{version}/%{pname}-%{version}....
+
+%description
+%{desc}
+
+%package -n python3-%{pname}
+Summary: %{summary}
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+%if %{with check}
+BuildRequires: python3-numpy
+%endif
+%{?python_provide:%python_provide python3-%{pname}}
+BuildArch: noarch
+
+%description -n python3-%{pname}
+%{desc}
+
+%prep
+%autosetup -p1 -n %{pname}-%{version}
+
+%build
+%py3_build
+
+%install
+%py3_install
+
+%if %{with check}
+%check
+# 8 tests are failing on s390x: https://github.com/ccpem/mrcfile/issues/35
+PYTHONDONTWRITEBYTECODE=1 \
+PATH=%{buildroot}/usr/bin:${PATH} \
+PYTHONPATH=%{buildroot}%{python3_sitearch}:%{buildroot}%{python3_sitelib} \
+python3 -m unittest tests \
+%ifarch s390x
+ -k 'not test_extended_header_from_FEI1_file \
+ and not test_extended_header_from_FEI2_file'
+%endif
+
+%endif
+
+%files -n python3-%{pname}
+%license LICENSE.txt
+%doc CHANGELOG.txt README.rst
+%{_bindir}/mrcfile-header
+%{_bindir}/mrcfile-validate
+%{python3_sitelib}/%{pname}-%{version}-py%{python3_version}.egg-info
+%{python3_sitelib}/%{pname}
+
+%changelog
+* Fri Mar 11 2022 Dominik Mierzejewski <dominik(a)greysector.net> 1.3.0-1
+- initial build
diff --git a/sources b/sources
new file mode 100644
index 0000000..11f88fb
--- /dev/null
+++ b/sources
@@ -0,0 +1 @@
+SHA512 (mrcfile-1.3.0.tar.gz) = 57fff6e7c71b41681c94c60fbb69d0712ec7e342329624d8c20e212560eaa0f2b573d02ec5fcce39b9b7077e66d9bab463afc227d6b1f24134eddb17e56fdff1
1 year, 12 months
[Report] Packages Restricting Arches
by root
Package no longer excluding arches (17)
==================================
- rust-ab_glyph
- rust-alsa
- rust-cgmath
- rust-cloudflare-zlib-sys
- rust-cstr-argument
- rust-hound
- rust-imgui-sys
- rust-libdeflate-sys
- rust-libsystemd-sys
- rust-minimp3-sys
- rust-news-flash
- rust-newsblur_api
- rust-ogg
- rust-piston-viewport
- rust-ringbuf
- rust-rusttype
- rust-utf8-cstr
List of packages currently excluding arches (2401)
===========================================
- 0ad
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- 90-Second-Portraits
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- GoldenCheetah
ExclusiveArch: %{qt5_qtwebengine_arches}
- GtkAda
ExclusiveArch: %{GPRbuild_arches}
- GtkAda3
ExclusiveArch: %{GPRbuild_arches}
- OpenColorIO
ExclusiveArch: x86_64 ppc64le
- OpenImageIO
ExclusiveArch: x86_64 ppc64le
- OpenMolcas
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- PragmARC
ExclusiveArch: %{GPRbuild_arches}
- R-V8
ExclusiveArch: %{nodejs_arches}
- RdRand
ExclusiveArch: %{ix86} x86_64
- RediSearch
ExclusiveArch: x86_64
- SLOF
ExclusiveArch: ppc64le
- YafaRay
ExclusiveArch: %{ix86} x86_64
- aardvark-dns
ExclusiveArch: %{rust_arches}
- aboot
ExclusiveArch: alpha
- accel-config
ExclusiveArch: %{ix86} x86_64
- acpid
ExclusiveArch: ia64 x86_64 %{ix86} %{arm} aarch64
- ahven
ExclusiveArch: %{GPRbuild_arches}
- algobox
ExclusiveArch: %{qt5_qtwebengine_arches}
- alleyoop
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x %{arm} aarch64
- american-fuzzy-lop
ExclusiveArch: %{ix86} x86_64 s390x
- anet
ExclusiveArch: %{GPRbuild_arches}
- anki
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- apmd
ExclusiveArch: %{ix86}
- appstream-generator
ExclusiveArch: %{ldc_arches}
- arm-trusted-firmware
ExclusiveArch: aarch64
- aunit
ExclusiveArch: %GPRbuild_arches
- avgtime
ExclusiveArch: %{ldc_arches}
- aws
ExclusiveArch: %GPRbuild_arches
- bcal
ExclusiveArch: x86_64 aarch64 ia64 ppc64 ppc64le s390x
- bcc
ExclusiveArch: x86_64 %{power64} aarch64 s390x armv7hl
- bcm283x-firmware
ExclusiveArch: %{arm} aarch64
- berusky2
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 %{mips}
- biosdevname
ExclusiveArch: %{ix86} x86_64
- blender
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- bless
ExclusiveArch: %mono_arches
- bpftrace
ExclusiveArch: x86_64 %{power64} aarch64 s390x
- calamares
ExclusiveArch: %{ix86} x86_64 aarch64
- calibre
ExclusiveArch: %{qt5_qtwebengine_arches}
- ccdciel
ExclusiveArch: %{fpc_arches}
- cdcollect
ExclusiveArch: %{mono_arches}
- ceph
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- chromium
ExclusiveArch: x86_64 i686
ExclusiveArch: x86_64 aarch64
ExclusiveArch: x86_64 i686 aarch64
- cjdns
ExclusiveArch: %{nodejs_arches}
- clevis-pin-tpm2
ExclusiveArch: %{rust_arches}
- cmospwd
ExclusiveArch: %{ix86} x86_64
- cmrt
ExclusiveArch: %{ix86} x86_64 ia64
- coffee-script
ExclusiveArch: %{nodejs_arches} noarch
- colorful
ExclusiveArch: %{fpc_arches}
- cpu-x
ExclusiveArch: i686 x86_64
- cpufetch
ExclusiveArch: %{arm} aarch64 x86_64 ppc ppc64 ppc64le
- cpuid
ExclusiveArch: %{ix86} x86_64
- cqrlog
ExclusiveArch: %{fpc_arches}
- crash
ExclusiveArch: %{ix86} ia64 x86_64 ppc ppc64 s390 s390x %{arm} aarch64 ppc64le
- crash-gcore-command
ExclusiveArch: aarch64 ppc64le x86_64
- crash-trace-command
ExclusiveArch: aarch64 ppc64le s390x x86_64
- cri-o
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- cri-tools
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- criu
ExclusiveArch: x86_64 %{arm} ppc64le aarch64 s390x
- cryptlib
ExclusiveArch: x86_64 aarch64 ppc64le
- cryptobone
ExclusiveArch: x86_64 ppc64le aarch64
- csslint
ExclusiveArch: %{nodejs_arches} noarch
- daq
ExclusiveArch: x86_64 aarch64
- dbus-parsec
ExclusiveArch: %{rust_arches}
- dbus-sharp
ExclusiveArch: %mono_arches
- dbus-sharp-glib
ExclusiveArch: %mono_arches
- dbxtool
ExclusiveArch: i386 x86_64 aarch64
- deepin-daemon
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- deepin-desktop-schemas
ExclusiveArch: %{go_arches}
- dlm
ExclusiveArch: i686 x86_64
- dmidecode
ExclusiveArch: %{ix86} x86_64 ia64 aarch64
- dmtcp
ExclusiveArch: x86_64
- docker-distribution
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- dolphin-emu
ExclusiveArch: x86_64 aarch64
- dotnet-build-reference-packages
ExclusiveArch: aarch64 x86_64
ExclusiveArch: x86_64
- dotnet3.1
ExclusiveArch: aarch64 x86_64
ExclusiveArch: x86_64
- dotnet6.0
ExclusiveArch: aarch64 x86_64 s390x
ExclusiveArch: x86_64
- doublecmd
ExclusiveArch: %{ix86} x86_64
- dpdk
ExclusiveArch: x86_64 i686 aarch64 ppc64le
- dub
ExclusiveArch: %{ldc_arches}
- dxvk-native
ExclusiveArch: %{ix86} x86_64
- dyninst
ExclusiveArch: %{ix86} x86_64 ppc64le aarch64
- e3
ExclusiveArch: %{ix86} x86_64
- eclipse-swt
ExclusiveArch: s390x x86_64 aarch64 ppc64le
- edk2
ExclusiveArch: x86_64 %{arm} aarch64
ExclusiveArch: x86_64 aarch64
- efibootmgr
ExclusiveArch: %{efi}
- efifs
ExclusiveArch: %{efi}
- efitools
ExclusiveArch: %{efi}
- efivar
ExclusiveArch: %{efi}
- elk
ExclusiveArch: x86_64 %{ix86}
ExclusiveArch: x86_64 %{ix86} aarch64 %{arm} %{power64}
- emacs-slime
ExclusiveArch: %{arm} %{ix86} x86_64 ppc sparcv9 aarch64
- enki
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- envytools
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- eric
ExclusiveArch: %{qt5_qtwebengine_arches} noarch
- eth-tools
ExclusiveArch: x86_64
- fcitx-libpinyin
ExclusiveArch: %{qt5_qtwebengine_arches}
- fedora-dockerfiles
ExclusiveArch: %{go_arches}
- fes
ExclusiveArch: %{ix86} x86_64
- florist
ExclusiveArch: %{GPRbuild_arches}
- fluent-bit
ExclusiveArch: x86_64 aarch64
- fpc
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64 ppc64le
- frescobaldi
ExclusiveArch: %{qt5_qtwebengine_arches}
- frysk
ExclusiveArch: %{ix86} x86_64 ppc64
- fwts
ExclusiveArch: x86_64 %{arm} aarch64 s390x riscv64 %{power64}
- fwupd-efi
ExclusiveArch: x86_64 aarch64
- ga
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- gbrainy
ExclusiveArch: %mono_arches
- gdb-exploitable
ExclusiveArch: x86_64 i386
ExclusiveArch: x86_64 noarch
- gearhead1
ExclusiveArch: %{fpc_arches}
- ghdl
ExclusiveArch: %{GNAT_arches}
- ghostwriter
ExclusiveArch: %{qt5_qtwebengine_arches}
- gio-sharp
ExclusiveArch: %mono_arches
- gir-to-d
ExclusiveArch: %{ldc_arches}
- git-octopus
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- gitqlient
ExclusiveArch: %{qt5_qtwebengine_arches}
- giver
ExclusiveArch: %{mono_arches}
- gkeyfile-sharp
ExclusiveArch: %mono_arches
- glibc32
ExclusiveArch: x86_64
- glibd
ExclusiveArch: %{ldc_arches}
- gmqcc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- gnatcoll
ExclusiveArch: %{GPRbuild_arches}
- gnatcoll-bindings
ExclusiveArch: %{GPRbuild_arches}
- gnatcoll-db
ExclusiveArch: %{GPRbuild_arches}
- gnome-boxes
ExclusiveArch: x86_64
- gnome-desktop-sharp
ExclusiveArch: %mono_arches
- gnome-do
ExclusiveArch: %mono_arches
- gnome-keyring-sharp
ExclusiveArch: %mono_arches
- gnome-rdp
ExclusiveArch: %{mono_arches}
- gnome-sharp
ExclusiveArch: %mono_arches
- gnome-subtitles
ExclusiveArch: %mono_arches
- gnu-efi
ExclusiveArch: %{efi}
- go-bindata
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- go-compilers
ExclusiveArch: %{go_arches}
- go-rpm-macros
ExclusiveArch: %{golang_arches} %{gccgo_arches}
- godep
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- golang
ExclusiveArch: %{golang_arches}
- gomtree
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- gotun
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
ExclusiveArch: x86_64
- goverlay
ExclusiveArch: %{fpc_arches}
- gprbuild
ExclusiveArch: %{GPRbuild_arches} %{bootstrap_arch}
- gprolog
ExclusiveArch: x86_64 %{ix86} ppc alpha aarch64
- grafana
ExclusiveArch: %{grafana_arches}
- grafana-pcp
ExclusiveArch: %{grafanapcp_arches}
- gtk-sharp-beans
ExclusiveArch: %mono_arches
- gtk-sharp2
ExclusiveArch: %mono_arches
- gtk-sharp3
ExclusiveArch: %{mono_arches}
- gtkd
ExclusiveArch: %{ldc_arches}
- gudev-sharp
ExclusiveArch: %mono_arches
- guestfs-tools
ExclusiveArch: %{kernel_arches}
- hedgewars
ExclusiveArch: %{fpc_arches}
- hsakmt
ExclusiveArch: x86_64 aarch64 ppc64le
- hyena
ExclusiveArch: %{mono_arches}
- hyperscan
ExclusiveArch: x86_64
- hyperv-daemons
ExclusiveArch: i686 x86_64
- i3status-rs
ExclusiveArch: %{rust_arches}
- icaro
ExclusiveArch: %{ix86} x86_64 noarch
- imvirt
ExclusiveArch: %{ix86} x86_64 ia64
- indistarter
ExclusiveArch: %{fpc_arches}
- infinipath-psm
ExclusiveArch: x86_64
- intel-cm-compiler
ExclusiveArch: i686 x86_64
- intel-cmt-cat
ExclusiveArch: x86_64 i686 i586
ExclusiveArch: x86_64 i686 i586
- intel-compute-runtime
ExclusiveArch: x86_64
- intel-gmmlib
ExclusiveArch: x86_64 i686
- intel-igc
ExclusiveArch: x86_64 i686
- intel-ipp-crypto-mb
ExclusiveArch: x86_64
ExclusiveArch: x86_64
- intel-ipsec-mb
ExclusiveArch: x86_64
ExclusiveArch: x86_64
- intel-mediasdk
ExclusiveArch: x86_64
- intel-undervolt
ExclusiveArch: i386 x86_64
- ioport
ExclusiveArch: %{ix86} x86_64
- ipmctl
ExclusiveArch: x86_64
- ispc
ExclusiveArch: x86_64 aarch64
- iucode-tool
ExclusiveArch: %{ix86} x86_64
- iyfct
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- java-1.8.0-openjdk-aarch32
ExclusiveArch: %{arm}
- jigawatts
ExclusiveArch: x86_64 %{arm} ppc64le aarch64 s390x
- kchmviewer
ExclusiveArch: %{qt5_qtwebengine_arches}
- kernel
ExclusiveArch: noarch x86_64 s390x %{arm} aarch64 ppc64le
ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le
- keylime-agent-rust
ExclusiveArch: %{rust_arches}
- keyring-ima-signer
ExclusiveArch: %{rust_arches}
- kf5-akonadi-search
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-audiocd-kio
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kalarmcal
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kblog
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kcalendarcore
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kcalendarutils
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-kitinerary
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-ktnef
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- kf5-libkdcraw
ExclusiveArch: x86_64 ppc64le %{arm}
- kicad
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- kiwix-desktop
ExclusiveArch: %{qt5_qtwebengine_arches}
- klee
ExclusiveArch: x86_64
- knot-resolver
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- knotes
ExclusiveArch: x86_64 %{arm}
- kompose
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 s390x
- kubernetes
ExclusiveArch: x86_64 aarch64 ppc64le s390x %{arm}
- lazarus
ExclusiveArch: %{fpc_arches}
- lazpaint
ExclusiveArch: %{fpc_arches}
- ldc
ExclusiveArch: %{ldc_arches}
- libbsr
ExclusiveArch: %{power64}
- libclc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 %{power64} s390x
- libcxl
ExclusiveArch: %{power64}
- libdfp
ExclusiveArch: ppc ppc64 ppc64le s390 s390x x86_64
- libdispatch
ExclusiveArch: x86_64 aarch64
- libguestfs
ExclusiveArch: %{kernel_arches}
- libica
ExclusiveArch: s390 s390x
- libipt
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{ix86} x86_64
- libkgapi
ExclusiveArch: x86_64 ppc64le aarch64 %{arm}
- libnxz
ExclusiveArch: ppc64le
- libocxl
ExclusiveArch: ppc64le
- libpmemobj-cpp
ExclusiveArch: x86_64 ppc64le
- libpsm2
ExclusiveArch: x86_64
- libquentier
ExclusiveArch: %{qt5_qtwebengine_arches}
- libretro-desmume2015
ExclusiveArch: i686 x86_64
- librtas
ExclusiveArch: %{power64}
- libservicelog
ExclusiveArch: ppc %{power64}
- libsmbios
ExclusiveArch: x86_64 %{ix86}
- libunwind
ExclusiveArch: %{arm} aarch64 hppa ia64 mips ppc %{power64} s390x %{ix86} x86_64
- libva-intel-hybrid-driver
ExclusiveArch: %{ix86} x86_64 ia64
- libvma
ExclusiveArch: x86_64 ppc64le ppc64 aarch64
- libvmi
ExclusiveArch: x86_64
- libvpd
ExclusiveArch: %{power64}
- libxsmm
ExclusiveArch: x86_64
- libzdnn
ExclusiveArch: s390x
- libzfcphbaapi
ExclusiveArch: s390 s390x
- lightdm
ExclusiveArch: x86_64 ppc64le
- llhttp
ExclusiveArch: %{nodejs_arches}
- log4net
ExclusiveArch: %mono_arches
- lrmi
ExclusiveArch: %{ix86}
- lsvpd
ExclusiveArch: %{power64}
- luajit
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- luxcorerender
ExclusiveArch: x86_64
- mactel-boot
ExclusiveArch: x86_64
- manifest-tool
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- marked
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- matreshka
ExclusiveArch: %GPRbuild_arches
- maui-mauikit
ExclusiveArch: %{ix86} s390x aarch64 x86_64
- maxima
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc sparcv9
ExclusiveArch: %{ix86} x86_64 ppc sparcv9
- mbpfan
ExclusiveArch: x86_64
- mcelog
ExclusiveArch: i686 x86_64
- mdevctl
ExclusiveArch: %{rust_arches}
- mediaconch
ExclusiveArch: %{qt5_qtwebengine_arches}
- mellowplayer
ExclusiveArch: %{qt5_qtwebengine_arches}
- memkind
ExclusiveArch: x86_64 ppc64 ppc64le s390x aarch64
- memtest86+
ExclusiveArch: %{ix86} x86_64
- mesos
ExclusiveArch: x86_64
- microcode_ctl
ExclusiveArch: %{ix86} x86_64
- micropython
ExclusiveArch: %{arm} %{ix86} x86_64
- mine_detector
ExclusiveArch: %{GPRbuild_arches}
- minetest
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- mingw-libidn2
ExclusiveArch: %{ix86} x86_64 %{arm}
- mingw-wine-gecko
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- mirrorlist-server
ExclusiveArch: %{rust_arches}
- mkbootdisk
ExclusiveArch: %{ix86} sparc sparc64 x86_64
- mod_mono
ExclusiveArch: %mono_arches
- module-build-service
ExclusiveArch: %{ix86} x86_64 noarch
- mokutil
ExclusiveArch: %{ix86} x86_64 aarch64 %{arm}
- mold
ExclusiveArch: x86_64 aarch64 riscv64
- mono
ExclusiveArch: %mono_arches
- mono-addins
ExclusiveArch: %mono_arches
- mono-basic
ExclusiveArch: %{mono_arches}
- mono-bouncycastle
ExclusiveArch: %mono_arches
- mono-cecil
ExclusiveArch: %mono_arches
- mono-cecil-flowanalysis
ExclusiveArch: %mono_arches
- mono-reflection
ExclusiveArch: %mono_arches
- mono-tools
ExclusiveArch: %mono_arches
- mono-zeroconf
ExclusiveArch: %mono_arches
- monobristol
ExclusiveArch: %{mono_arches}
- monodevelop
ExclusiveArch: %mono_arches
- monodevelop-debugger-gdb
ExclusiveArch: %{mono_arches}
- monosim
ExclusiveArch: %mono_arches
- mrrescue
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- msr-tools
ExclusiveArch: %{ix86} x86_64
- mustache-d
ExclusiveArch: %{ldc_arches}
- mysql-connector-net
ExclusiveArch: %{mono_arches}
- naev
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
- nant
ExclusiveArch: %mono_arches
- nativejit
ExclusiveArch: x86_64
- nbc
ExclusiveArch: %{fpc_arches}
- nbdkit
ExclusiveArch: x86_64
- ndesk-dbus
ExclusiveArch: %{mono_arches}
- ndesk-dbus-glib
ExclusiveArch: %{mono_arches}
- netavark
ExclusiveArch: %{rust_arches}
- newtonsoft-json
ExclusiveArch: %{mono_arches}
- nispor
ExclusiveArch: %{rust_arches}
- nodejs
ExclusiveArch: %{nodejs_arches}
- nodejs-acorn-object-spread
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-backbone
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-bash-language-server
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-buble
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-colors
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-generic-pool
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-less
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-linefix
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- nodejs-nodemon
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-packaging
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-replace-require-self
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-supervisor
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-tape
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-typescript
ExclusiveArch: %{nodejs_arches} noarch
- nodejs-underscore
ExclusiveArch: %{nodejs_arches} noarch
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
- notify-sharp
ExclusiveArch: %{mono_arches}
- notify-sharp3
ExclusiveArch: %{mono_arches}
- nuget
ExclusiveArch: %{mono_arches}
- numatop
ExclusiveArch: x86_64 ppc64le
- nunit
ExclusiveArch: %{mono_arches}
- nunit2
ExclusiveArch: %{mono_arches}
- nvml
ExclusiveArch: x86_64 ppc64le
- nwchem
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le
- obs-service-rust2rpm
ExclusiveArch: %{rust_arches} noarch
- oci-seccomp-bpf-hook
ExclusiveArch: x86_64 %%{power64} aarch64 s390x armv7hl
- oci-umount
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x %{mips}
- oidn
ExclusiveArch: x86_64
- olpc-kbdshim
ExclusiveArch: %{ix86} %{arm}
- olpc-utils
ExclusiveArch: %{ix86} %{arm}
- oneVPL
ExclusiveArch: x86_64
- oneVPL-intel-gpu
ExclusiveArch: x86_64
- onednn
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- onedrive
ExclusiveArch: %{ldc_arches}
- opae
ExclusiveArch: x86_64
- opal-prd
ExclusiveArch: ppc64le
- open-vm-tools
ExclusiveArch: x86_64
ExclusiveArch: %{ix86} x86_64 aarch64
- openblas
ExclusiveArch: %{openblas_arches}
- openjfx
ExclusiveArch: x86_64
- openjfx8
ExclusiveArch: x86_64
- openlibm
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 %{power64}
- openms
ExclusiveArch: %{qt5_qtwebengine_arches}
- openni
ExclusiveArch: %{ix86} x86_64 %{arm}
- openni-primesense
ExclusiveArch: %{ix86} x86_64 %{arm}
- openshadinglanguage
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- openssl-ibmca
ExclusiveArch: s390 s390x
- origin
ExclusiveArch: %{go_arches}
ExclusiveArch: x86_64 aarch64 ppc64le s390x
- orion
ExclusiveArch: %{qt5_qtwebengine_arches}
- orthorobot
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- pacemaker
ExclusiveArch: aarch64 i686 ppc64le s390x x86_64 %{arm}
ExclusiveArch: aarch64 i686 ppc64le s390x x86_64
- paflib
ExclusiveArch: ppc %{power64}
- parsec
ExclusiveArch: %{rust_arches}
- parsec-tool
ExclusiveArch: %{rust_arches}
- pasdoc
ExclusiveArch: %{fpc_arches}
- pcc
ExclusiveArch: %{ix86} x86_64
- pcm
ExclusiveArch: %{ix86} x86_64
- pcmciautils
ExclusiveArch: %{ix86} x86_64 ia64 ppc ppc64 %{arm}
- pdbg
ExclusiveArch: ppc64le
- pdfmod
ExclusiveArch: %mono_arches
- perl-Dumbbench
ExclusiveArch: %{ix86} x86_64 noarch
- perl-Parse-DMIDecode
ExclusiveArch: %{ix86} x86_64 ia64 aarch64
- pesign
ExclusiveArch: %{ix86} x86_64 ia64 aarch64 %{arm}
- pesign-test-app
ExclusiveArch: x86_64
- pinta
ExclusiveArch: %mono_arches
- pioneer
ExclusiveArch: %{ix86} x86_64
- playonlinux
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- pmdk-convert
ExclusiveArch: x86_64
- pmemkv
ExclusiveArch: x86_64
- podman
ExclusiveArch: %{golang_arches}
- poppler-sharp
ExclusiveArch: %mono_arches
- popub
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- powerpc-utils
ExclusiveArch: ppc %{power64}
- ppc64-diag
ExclusiveArch: ppc %{power64}
- pveclib
ExclusiveArch: ppc %{power64}
- pvs-sbcl
ExclusiveArch: %{ix86} x86_64 ppc sparcv9
- pyqtwebengine
ExclusiveArch: %{qt5_qtwebengine_arches}
- python-cryptography
ExclusiveArch: %{rust_arches}
- python-etcd
ExclusiveArch: noarch %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
- python-healpy
ExclusiveArch: aarch64 ppc64 ppc64le x86_64 s390x
- python-javabridge
ExclusiveArch: i686 x86_64
- python-openoffice
ExclusiveArch: noarch x86_64
- python-pymoc
ExclusiveArch: aarch64 ppc64 ppc64le x86_64 s390x
- python-setuptools-rust
ExclusiveArch: %{rust_arches}
- q4wine
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- qatzip
ExclusiveArch: x86_64
- qcint
ExclusiveArch: x86_64
- qclib
ExclusiveArch: s390 s390x
- qemu-sanity-check
ExclusiveArch: %{kernel_arches}
- qevercloud
ExclusiveArch: %{qt5_qtwebengine_arches}
- qmapshack
ExclusiveArch: %{qt5_qtwebengine_arches}
- qt4pas
ExclusiveArch: %{fpc_arches}
- qt5-qtwebengine
ExclusiveArch: %{qt5_qtwebengine_arches}
- quantum-espresso
ExclusiveArch: x86_64 %{ix86} aarch64 %{power64}
- quentier
ExclusiveArch: %{qt5_qtwebengine_arches}
- rear
ExclusiveArch: %ix86 x86_64 ppc ppc64 ppc64le ia64
- reg
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 aarch64 %{arm}}
- renderdoc
ExclusiveArch: x86_64
- reptyr
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- rescene
ExclusiveArch: %{mono_arches}
- restool
ExclusiveArch: aarch64
- restsharp
ExclusiveArch: %{mono_arches}
- rhythmbox-alternative-toolbar
ExclusiveArch: %{ix86} %{arm} x86_64 ppc64 ppc64le
- rocm-compilersupport
ExclusiveArch: x86_64 aarch64 ppc64le
- rocm-device-libs
ExclusiveArch: x86_64 aarch64 ppc64le
- rocm-runtime
ExclusiveArch: x86_64 aarch64 ppc64le
- rocminfo
ExclusiveArch: x86_64 aarch64 ppc64le
- rpm-ostree
ExclusiveArch: %{rust_arches}
- rr
ExclusiveArch: %{ix86} x86_64 aarch64
- rssguard
ExclusiveArch: %{qt5_qtwebengine_arches}
- rubygem-childprocess
ExclusiveArch: %{ix86} x86_64 noarch
- runc
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le %{mips} s390x
- rust
ExclusiveArch: %{rust_arches}
- rust-Inflector
ExclusiveArch: %{rust_arches}
- rust-ab_glyph_rasterizer
ExclusiveArch: %{rust_arches}
- rust-abomonation
ExclusiveArch: %{rust_arches}
- rust-actix
ExclusiveArch: %{rust_arches}
- rust-actix-codec
ExclusiveArch: %{rust_arches}
- rust-actix-connect
ExclusiveArch: %{rust_arches}
- rust-actix-http
ExclusiveArch: %{rust_arches}
- rust-actix-macros
ExclusiveArch: %{rust_arches}
- rust-actix-macros0.1
ExclusiveArch: %{rust_arches}
- rust-actix-router
ExclusiveArch: %{rust_arches}
- rust-actix-rt
ExclusiveArch: %{rust_arches}
- rust-actix-rt1
ExclusiveArch: %{rust_arches}
- rust-actix-server
ExclusiveArch: %{rust_arches}
- rust-actix-service
ExclusiveArch: %{rust_arches}
- rust-actix-testing
ExclusiveArch: %{rust_arches}
- rust-actix-threadpool
ExclusiveArch: %{rust_arches}
- rust-actix-tls
ExclusiveArch: %{rust_arches}
- rust-actix-utils
ExclusiveArch: %{rust_arches}
- rust-actix-web
ExclusiveArch: %{rust_arches}
- rust-actix-web-codegen
ExclusiveArch: %{rust_arches}
- rust-actix0.10
ExclusiveArch: %{rust_arches}
- rust-actix_derive
ExclusiveArch: %{rust_arches}
- rust-actix_derive0.5
ExclusiveArch: %{rust_arches}
- rust-addr2line
ExclusiveArch: %{rust_arches}
- rust-adler
ExclusiveArch: %{rust_arches}
- rust-adler32
ExclusiveArch: %{rust_arches}
- rust-aead
ExclusiveArch: %{rust_arches}
- rust-aes
ExclusiveArch: %{rust_arches}
- rust-aes-gcm
ExclusiveArch: %{rust_arches}
- rust-aes0.7
ExclusiveArch: %{rust_arches}
- rust-afterburn
ExclusiveArch: %{rust_arches}
- rust-ahash
ExclusiveArch: %{rust_arches}
- rust-ahash0.4
ExclusiveArch: %{rust_arches}
- rust-aho-corasick
ExclusiveArch: %{rust_arches}
- rust-alacritty
ExclusiveArch: %{rust_arches}
- rust-alacritty_config_derive
ExclusiveArch: %{rust_arches}
- rust-alacritty_terminal
ExclusiveArch: %{rust_arches}
- rust-alga
ExclusiveArch: %{rust_arches}
- rust-alga_derive
ExclusiveArch: %{rust_arches}
- rust-aliasable
ExclusiveArch: %{rust_arches}
- rust-alloc-no-stdlib
ExclusiveArch: %{rust_arches}
- rust-alloc-stdlib
ExclusiveArch: %{rust_arches}
- rust-alsa-sys
ExclusiveArch: %{rust_arches}
- rust-ambient-authority
ExclusiveArch: %{rust_arches}
- rust-ammonia
ExclusiveArch: %{rust_arches}
- rust-ansi_colours
ExclusiveArch: %{rust_arches}
- rust-ansi_term
ExclusiveArch: %{rust_arches}
- rust-ansi_term0.11
ExclusiveArch: %{rust_arches}
- rust-antidote
ExclusiveArch: %{rust_arches}
- rust-anyhow
ExclusiveArch: %{rust_arches}
- rust-aom-sys
ExclusiveArch: %{rust_arches}
- rust-app_dirs
ExclusiveArch: %{rust_arches}
- rust-approx
ExclusiveArch: %{rust_arches}
- rust-ar
ExclusiveArch: %{rust_arches}
- rust-arbitrary
ExclusiveArch: %{rust_arches}
- rust-arbitrary0.4
ExclusiveArch: %{rust_arches}
- rust-arc-swap
ExclusiveArch: %{rust_arches}
- rust-arf-strings
ExclusiveArch: %{rust_arches}
- rust-arg_enum_proc_macro
ExclusiveArch: %{rust_arches}
- rust-argh
ExclusiveArch: %{rust_arches}
- rust-argh_derive
ExclusiveArch: %{rust_arches}
- rust-argh_shared
ExclusiveArch: %{rust_arches}
- rust-argparse
ExclusiveArch: %{rust_arches}
- rust-array-init
ExclusiveArch: %{rust_arches}
- rust-arrayref
ExclusiveArch: %{rust_arches}
- rust-arrayvec
ExclusiveArch: %{rust_arches}
- rust-arrayvec0.5
ExclusiveArch: %{rust_arches}
- rust-article_scraper
ExclusiveArch: %{rust_arches}
- rust-ascii
ExclusiveArch: %{rust_arches}
- rust-ascii-canvas
ExclusiveArch: %{rust_arches}
- rust-askalono
ExclusiveArch: %{rust_arches}
- rust-askalono-cli
ExclusiveArch: %{rust_arches}
- rust-askama
ExclusiveArch: %{rust_arches}
- rust-askama_derive
ExclusiveArch: %{rust_arches}
- rust-askama_escape
ExclusiveArch: %{rust_arches}
- rust-askama_shared
ExclusiveArch: %{rust_arches}
- rust-asn1
ExclusiveArch: %{rust_arches}
- rust-asn1_derive
ExclusiveArch: %{rust_arches}
- rust-assert-impl
ExclusiveArch: %{rust_arches}
- rust-assert-json-diff
ExclusiveArch: %{rust_arches}
- rust-assert_approx_eq
ExclusiveArch: %{rust_arches}
- rust-assert_cli
ExclusiveArch: %{rust_arches}
- rust-assert_cmd
ExclusiveArch: %{rust_arches}
- rust-assert_fs
ExclusiveArch: %{rust_arches}
- rust-assert_matches
ExclusiveArch: %{rust_arches}
- rust-assign
ExclusiveArch: %{rust_arches}
- rust-async-attributes
ExclusiveArch: %{rust_arches}
- rust-async-channel
ExclusiveArch: %{rust_arches}
- rust-async-compression
ExclusiveArch: %{rust_arches}
- rust-async-executor
ExclusiveArch: %{rust_arches}
- rust-async-global-executor
ExclusiveArch: %{rust_arches}
- rust-async-io
ExclusiveArch: %{rust_arches}
- rust-async-lock
ExclusiveArch: %{rust_arches}
- rust-async-mutex
ExclusiveArch: %{rust_arches}
- rust-async-process
ExclusiveArch: %{rust_arches}
- rust-async-std
ExclusiveArch: %{rust_arches}
- rust-async-stream
ExclusiveArch: %{rust_arches}
- rust-async-stream-impl
ExclusiveArch: %{rust_arches}
- rust-async-task
ExclusiveArch: %{rust_arches}
- rust-async-trait
ExclusiveArch: %{rust_arches}
- rust-asyncgit
ExclusiveArch: %{rust_arches}
- rust-atk
ExclusiveArch: %{rust_arches}
- rust-atk-sys
ExclusiveArch: %{rust_arches}
- rust-atom
ExclusiveArch: %{rust_arches}
- rust-atomic
ExclusiveArch: %{rust_arches}
- rust-atomic-traits
ExclusiveArch: %{rust_arches}
- rust-atomic-waker
ExclusiveArch: %{rust_arches}
- rust-attohttpc
ExclusiveArch: %{rust_arches}
- rust-atty
ExclusiveArch: %{rust_arches}
- rust-autocfg
ExclusiveArch: %{rust_arches}
- rust-automod
ExclusiveArch: %{rust_arches}
- rust-av-metrics
ExclusiveArch: %{rust_arches}
- rust-average
ExclusiveArch: %{rust_arches}
- rust-awc
ExclusiveArch: %{rust_arches}
- rust-aws-nitro-enclaves-cose
ExclusiveArch: %{rust_arches}
- rust-az
ExclusiveArch: %{rust_arches}
- rust-backtrace
ExclusiveArch: %{rust_arches}
- rust-base100
ExclusiveArch: %{rust_arches}
- rust-base64
ExclusiveArch: %{rust_arches}
- rust-base64-0.10
ExclusiveArch: %{rust_arches}
- rust-base64-0.11
ExclusiveArch: %{rust_arches}
- rust-base64_0.12
ExclusiveArch: %{rust_arches}
- rust-base64ct
ExclusiveArch: %{rust_arches}
- rust-bat
ExclusiveArch: %{rust_arches}
- rust-battery
ExclusiveArch: %{rust_arches}
- rust-beef
ExclusiveArch: %{rust_arches}
- rust-below
ExclusiveArch: %{rust_arches}
- rust-below-common
ExclusiveArch: %{rust_arches}
- rust-below-config
ExclusiveArch: %{rust_arches}
- rust-below-dump
ExclusiveArch: %{rust_arches}
- rust-below-model
ExclusiveArch: %{rust_arches}
- rust-below-render
ExclusiveArch: %{rust_arches}
- rust-below-store
ExclusiveArch: %{rust_arches}
- rust-below-view
ExclusiveArch: %{rust_arches}
- rust-below_derive
ExclusiveArch: %{rust_arches}
- rust-bencher
ExclusiveArch: %{rust_arches}
- rust-benfred-read-process-memory
ExclusiveArch: %{rust_arches}
- rust-bigdecimal
ExclusiveArch: %{rust_arches}
- rust-bincode
ExclusiveArch: %{rust_arches}
- rust-bincode0.8
ExclusiveArch: %{rust_arches}
- rust-bindgen
ExclusiveArch: %{rust_arches}
- rust-binfarce
ExclusiveArch: %{rust_arches}
- rust-bit-set
ExclusiveArch: %{rust_arches}
- rust-bit-vec
ExclusiveArch: %{rust_arches}
- rust-bitfield
ExclusiveArch: %{rust_arches}
- rust-bitflags
ExclusiveArch: %{rust_arches}
- rust-bitmaps
ExclusiveArch: %{rust_arches}
- rust-bitstream-io
ExclusiveArch: %{rust_arches}
- rust-bitvec
ExclusiveArch: %{rust_arches}
- rust-blake2
ExclusiveArch: %{rust_arches}
- rust-blobby
ExclusiveArch: %{rust_arches}
- rust-blobby0.1
ExclusiveArch: %{rust_arches}
- rust-block-buffer
ExclusiveArch: %{rust_arches}
- rust-block-buffer0.9
ExclusiveArch: %{rust_arches}
- rust-block-modes
ExclusiveArch: %{rust_arches}
- rust-block-padding
ExclusiveArch: %{rust_arches}
- rust-block-padding0.2
ExclusiveArch: %{rust_arches}
- rust-blocking
ExclusiveArch: %{rust_arches}
- rust-blsctl
ExclusiveArch: %{rust_arches}
- rust-bodhi
ExclusiveArch: %{rust_arches}
- rust-bodhi-cli
ExclusiveArch: %{rust_arches}
- rust-bootupd
ExclusiveArch: x86_64 aarch64
- rust-box_drawing
ExclusiveArch: %{rust_arches}
- rust-boxfnonce
ExclusiveArch: %{rust_arches}
- rust-brotli
ExclusiveArch: %{rust_arches}
- rust-brotli-decompressor
ExclusiveArch: %{rust_arches}
- rust-brotli-sys
ExclusiveArch: %{rust_arches}
- rust-brotli2
ExclusiveArch: %{rust_arches}
- rust-bstr
ExclusiveArch: %{rust_arches}
- rust-btrd
ExclusiveArch: %{rust_arches}
- rust-buf_redux
ExclusiveArch: %{rust_arches}
- rust-buffered-reader
ExclusiveArch: %{rust_arches}
- rust-bufsize
ExclusiveArch: %{rust_arches}
- rust-bufstream
ExclusiveArch: %{rust_arches}
- rust-bugreport
ExclusiveArch: %{rust_arches}
- rust-build-env
ExclusiveArch: %{rust_arches}
- rust-build_const
ExclusiveArch: %{rust_arches}
- rust-bumpalo
ExclusiveArch: %{rust_arches}
- rust-byte-unit
ExclusiveArch: %{rust_arches}
- rust-byte-unit3
ExclusiveArch: %{rust_arches}
- rust-bytecheck
ExclusiveArch: %{rust_arches}
- rust-bytecheck_derive
ExclusiveArch: %{rust_arches}
- rust-bytecount
ExclusiveArch: %{rust_arches}
- rust-bytelines
ExclusiveArch: %{rust_arches}
- rust-bytemuck
ExclusiveArch: %{rust_arches}
- rust-bytemuck_derive
ExclusiveArch: %{rust_arches}
- rust-byteorder
ExclusiveArch: %{rust_arches}
- rust-bytes
ExclusiveArch: %{rust_arches}
- rust-bytes-cast
ExclusiveArch: %{rust_arches}
- rust-bytes-cast-derive
ExclusiveArch: %{rust_arches}
- rust-bytes0.4
ExclusiveArch: %{rust_arches}
- rust-bytes0.5
ExclusiveArch: %{rust_arches}
- rust-bytesize
ExclusiveArch: %{rust_arches}
- rust-bytestring
ExclusiveArch: %{rust_arches}
- rust-bzip2
ExclusiveArch: %{rust_arches}
- rust-bzip2-sys
ExclusiveArch: %{rust_arches}
- rust-cache-padded
ExclusiveArch: %{rust_arches}
- rust-cairo-rs
ExclusiveArch: %{rust_arches}
- rust-cairo-sys-rs
ExclusiveArch: %{rust_arches}
- rust-calloop
ExclusiveArch: %{rust_arches}
- rust-camino
ExclusiveArch: %{rust_arches}
- rust-cap-async-std
ExclusiveArch: %{rust_arches}
- rust-cap-fs-ext
ExclusiveArch: %{rust_arches}
- rust-cap-primitives
ExclusiveArch: %{rust_arches}
- rust-cap-rand
ExclusiveArch: %{rust_arches}
- rust-cap-std
ExclusiveArch: %{rust_arches}
- rust-cap-tempfile
ExclusiveArch: %{rust_arches}
- rust-cap-time-ext
ExclusiveArch: %{rust_arches}
- rust-capng
ExclusiveArch: %{rust_arches}
- rust-capnp
ExclusiveArch: %{rust_arches}
- rust-capnp-futures
ExclusiveArch: %{rust_arches}
- rust-capnp-rpc
ExclusiveArch: %{rust_arches}
- rust-caps
ExclusiveArch: %{rust_arches}
- rust-cargo
ExclusiveArch: %{rust_arches}
- rust-cargo-bloat
ExclusiveArch: %{rust_arches}
- rust-cargo-c
ExclusiveArch: %{rust_arches}
- rust-cargo-edit
ExclusiveArch: %{rust_arches}
- rust-cargo-husky
ExclusiveArch: %{rust_arches}
- rust-cargo-insta
ExclusiveArch: %{rust_arches}
- rust-cargo-platform
ExclusiveArch: %{rust_arches}
- rust-cargo-readme
ExclusiveArch: %{rust_arches}
- rust-cargo-util
ExclusiveArch: %{rust_arches}
- rust-cargo_metadata
ExclusiveArch: %{rust_arches}
- rust-cascade
ExclusiveArch: %{rust_arches}
- rust-case
ExclusiveArch: %{rust_arches}
- rust-cassowary
ExclusiveArch: %{rust_arches}
- rust-cast
ExclusiveArch: %{rust_arches}
- rust-cbindgen
ExclusiveArch: %{rust_arches}
- rust-cc
ExclusiveArch: %{rust_arches}
- rust-cedarwood
ExclusiveArch: %{rust_arches}
- rust-cexpr
ExclusiveArch: %{rust_arches}
- rust-cfb
ExclusiveArch: %{rust_arches}
- rust-cfg-expr
ExclusiveArch: %{rust_arches}
- rust-cfg-if
ExclusiveArch: %{rust_arches}
- rust-cfg-if0.1
ExclusiveArch: %{rust_arches}
- rust-cgroupfs
ExclusiveArch: %{rust_arches}
- rust-chainerror
ExclusiveArch: %{rust_arches}
- rust-charset
ExclusiveArch: %{rust_arches}
- rust-chbs
ExclusiveArch: %{rust_arches}
- rust-checked_int_cast
ExclusiveArch: %{rust_arches}
- rust-chlorine
ExclusiveArch: %{rust_arches}
- rust-choosier
ExclusiveArch: %{rust_arches}
- rust-chrono
ExclusiveArch: %{rust_arches}
- rust-chrono-humanize
ExclusiveArch: %{rust_arches}
- rust-chrono-tz
ExclusiveArch: %{rust_arches}
- rust-chunked_transfer
ExclusiveArch: %{rust_arches}
- rust-cipher
ExclusiveArch: %{rust_arches}
- rust-cipher0.3
ExclusiveArch: %{rust_arches}
- rust-clang-ast
ExclusiveArch: %{rust_arches}
- rust-clang-sys
ExclusiveArch: %{rust_arches}
- rust-clap
ExclusiveArch: %{rust_arches}
- rust-clap-verbosity-flag
ExclusiveArch: %{rust_arches}
- rust-clap2
ExclusiveArch: %{rust_arches}
- rust-clap_complete
ExclusiveArch: %{rust_arches}
- rust-clap_complete_fig
ExclusiveArch: %{rust_arches}
- rust-clap_derive
ExclusiveArch: %{rust_arches}
- rust-clap_generate
ExclusiveArch: %{rust_arches}
- rust-clap_generate_fig
ExclusiveArch: %{rust_arches}
- rust-clicolors-control
ExclusiveArch: %{rust_arches}
- rust-clircle
ExclusiveArch: %{rust_arches}
- rust-cmake
ExclusiveArch: %{rust_arches}
- rust-codespan-reporting
ExclusiveArch: %{rust_arches}
- rust-codicon
ExclusiveArch: %{rust_arches}
- rust-color-backtrace
ExclusiveArch: %{rust_arches}
- rust-color_quant
ExclusiveArch: %{rust_arches}
- rust-colored
ExclusiveArch: %{rust_arches}
- rust-colored1
ExclusiveArch: %{rust_arches}
- rust-colored_json
ExclusiveArch: %{rust_arches}
- rust-colorful
ExclusiveArch: %{rust_arches}
- rust-combine
ExclusiveArch: %{rust_arches}
- rust-comfy-table
ExclusiveArch: %{rust_arches}
- rust-common-path
ExclusiveArch: %{rust_arches}
- rust-compiletest_rs
ExclusiveArch: %{rust_arches}
- rust-compress-tools
ExclusiveArch: %{rust_arches}
- rust-comrak
ExclusiveArch: %{rust_arches}
- rust-concurrent-queue
ExclusiveArch: %{rust_arches}
- rust-configparser
ExclusiveArch: %{rust_arches}
- rust-confy
ExclusiveArch: %{rust_arches}
- rust-conhash
ExclusiveArch: %{rust_arches}
- rust-console
ExclusiveArch: %{rust_arches}
- rust-console0.11
ExclusiveArch: %{rust_arches}
- rust-console0.12
ExclusiveArch: %{rust_arches}
- rust-console0.13
ExclusiveArch: %{rust_arches}
- rust-console0.14
ExclusiveArch: %{rust_arches}
- rust-console0.9
ExclusiveArch: %{rust_arches}
- rust-console_error_panic_hook
ExclusiveArch: %{rust_arches}
- rust-const-cstr
ExclusiveArch: %{rust_arches}
- rust-const-oid
ExclusiveArch: %{rust_arches}
- rust-const-random
ExclusiveArch: %{rust_arches}
- rust-const-random-macro
ExclusiveArch: %{rust_arches}
- rust-const_fn
ExclusiveArch: %{rust_arches}
- rust-constant_time_eq
ExclusiveArch: %{rust_arches}
- rust-content_inspector
ExclusiveArch: %{rust_arches}
- rust-conv
ExclusiveArch: %{rust_arches}
- rust-convert_case
ExclusiveArch: %{rust_arches}
- rust-cookie
ExclusiveArch: %{rust_arches}
- rust-cookie-factory
ExclusiveArch: %{rust_arches}
- rust-cookie0.14
ExclusiveArch: %{rust_arches}
- rust-cookie_store
ExclusiveArch: %{rust_arches}
- rust-cookie_store0.12
ExclusiveArch: %{rust_arches}
- rust-coolor
ExclusiveArch: %{rust_arches}
- rust-copydeps
ExclusiveArch: %{rust_arches}
- rust-copyless
ExclusiveArch: %{rust_arches}
- rust-copypasta
ExclusiveArch: %{rust_arches}
- rust-cordic
ExclusiveArch: %{rust_arches}
- rust-coreos-installer
ExclusiveArch: %{rust_arches}
- rust-count-zeroes
ExclusiveArch: %{rust_arches}
- rust-counted-array
ExclusiveArch: %{rust_arches}
- rust-cpio
ExclusiveArch: %{rust_arches}
- rust-cpp_demangle
ExclusiveArch: %{rust_arches}
- rust-cpufeatures
ExclusiveArch: %{rust_arches}
- rust-cpython
ExclusiveArch: %{rust_arches}
- rust-cranelift-bforest
ExclusiveArch: %{rust_arches}
- rust-cranelift-codegen
ExclusiveArch: x86_64 aarch64 s390x
- rust-cranelift-codegen-meta
ExclusiveArch: %{rust_arches}
- rust-cranelift-codegen-shared
ExclusiveArch: %{rust_arches}
- rust-cranelift-entity
ExclusiveArch: %{rust_arches}
- rust-cranelift-frontend
ExclusiveArch: x86_64 aarch64 s390x
- rust-cranelift-native
ExclusiveArch: x86_64 aarch64 s390x
- rust-cranelift-wasm
ExclusiveArch: x86_64 aarch64 s390x
- rust-crates-io
ExclusiveArch: %{rust_arches}
- rust-crc
ExclusiveArch: %{rust_arches}
- rust-crc-any
ExclusiveArch: %{rust_arches}
- rust-crc-catalog
ExclusiveArch: %{rust_arches}
- rust-crc-core
ExclusiveArch: %{rust_arches}
- rust-crc32fast
ExclusiveArch: %{rust_arches}
- rust-criterion
ExclusiveArch: %{rust_arches}
- rust-criterion-plot
ExclusiveArch: %{rust_arches}
- rust-crossbeam
ExclusiveArch: %{rust_arches}
- rust-crossbeam-channel
ExclusiveArch: %{rust_arches}
- rust-crossbeam-channel0.4
ExclusiveArch: %{rust_arches}
- rust-crossbeam-deque
ExclusiveArch: %{rust_arches}
- rust-crossbeam-deque0.7
ExclusiveArch: %{rust_arches}
- rust-crossbeam-epoch
ExclusiveArch: %{rust_arches}
- rust-crossbeam-epoch0.8
ExclusiveArch: %{rust_arches}
- rust-crossbeam-queue
ExclusiveArch: %{rust_arches}
- rust-crossbeam-queue0.2
ExclusiveArch: %{rust_arches}
- rust-crossbeam-utils
ExclusiveArch: %{rust_arches}
- rust-crossbeam-utils0.7
ExclusiveArch: %{rust_arches}
- rust-crossbeam0.7
ExclusiveArch: %{rust_arches}
- rust-crossfont
ExclusiveArch: %{rust_arches}
- rust-crossterm
ExclusiveArch: %{rust_arches}
- rust-crossterm0.17
ExclusiveArch: %{rust_arches}
- rust-crossterm0.19
ExclusiveArch: %{rust_arches}
- rust-crosstermion
ExclusiveArch: %{rust_arches}
- rust-crunchy
ExclusiveArch: %{rust_arches}
- rust-crypto-bigint
ExclusiveArch: %{rust_arches}
- rust-crypto-common
ExclusiveArch: %{rust_arches}
- rust-crypto-hash
ExclusiveArch: %{rust_arches}
- rust-crypto-mac
ExclusiveArch: %{rust_arches}
- rust-cryptoki
ExclusiveArch: %{rust_arches}
- rust-cryptoki-sys
ExclusiveArch: %{rust_arches}
- rust-cryptovec
ExclusiveArch: %{rust_arches}
- rust-cssparser
ExclusiveArch: %{rust_arches}
- rust-cssparser-macros
ExclusiveArch: %{rust_arches}
- rust-cstr_core
ExclusiveArch: %{rust_arches}
- rust-csv
ExclusiveArch: %{rust_arches}
- rust-csv-core
ExclusiveArch: %{rust_arches}
- rust-ct-logs
ExclusiveArch: %{rust_arches}
- rust-ctor
ExclusiveArch: %{rust_arches}
- rust-ctr
ExclusiveArch: %{rust_arches}
- rust-ctr0.8
ExclusiveArch: %{rust_arches}
- rust-ctrlc
ExclusiveArch: %{rust_arches}
- rust-cty
ExclusiveArch: %{rust_arches}
- rust-curl
ExclusiveArch: %{rust_arches}
- rust-curl-sys
ExclusiveArch: %{rust_arches}
- rust-cursive
ExclusiveArch: %{rust_arches}
- rust-cursive-tabs
ExclusiveArch: %{rust_arches}
- rust-cursive_buffered_backend
ExclusiveArch: %{rust_arches}
- rust-cursive_core
ExclusiveArch: %{rust_arches}
- rust-curve25519-dalek
ExclusiveArch: %{rust_arches}
- rust-custom_derive
ExclusiveArch: %{rust_arches}
- rust-custom_error
ExclusiveArch: %{rust_arches}
- rust-cxx
ExclusiveArch: %{rust_arches}
- rust-cxx-build
ExclusiveArch: %{rust_arches}
- rust-cxx-gen
ExclusiveArch: %{rust_arches}
- rust-cxxbridge-flags
ExclusiveArch: %{rust_arches}
- rust-cxxbridge-macro
ExclusiveArch: %{rust_arches}
- rust-darling
ExclusiveArch: %{rust_arches}
- rust-darling0.12
ExclusiveArch: %{rust_arches}
- rust-darling_core
ExclusiveArch: %{rust_arches}
- rust-darling_core0.12
ExclusiveArch: %{rust_arches}
- rust-darling_macro
ExclusiveArch: %{rust_arches}
- rust-darling_macro0.12
ExclusiveArch: %{rust_arches}
- rust-dashmap
ExclusiveArch: %{rust_arches}
- rust-data-encoding
ExclusiveArch: %{rust_arches}
- rust-data-url
ExclusiveArch: %{rust_arches}
- rust-datetime
ExclusiveArch: %{rust_arches}
- rust-dav1d-sys
ExclusiveArch: %{rust_arches}
- rust-dbus
ExclusiveArch: %{rust_arches}
- rust-dbus-codegen
ExclusiveArch: %{rust_arches}
- rust-dbus-crossroads
ExclusiveArch: %{rust_arches}
- rust-dbus-tokio
ExclusiveArch: %{rust_arches}
- rust-dbus-tree
ExclusiveArch: %{rust_arches}
- rust-dbus0.8
ExclusiveArch: %{rust_arches}
- rust-debug-helper
ExclusiveArch: %{rust_arches}
- rust-decimal
ExclusiveArch: %{rust_arches}
- rust-defer-drop
ExclusiveArch: %{rust_arches}
- rust-deflate
ExclusiveArch: %{rust_arches}
- rust-deflate0.8
ExclusiveArch: %{rust_arches}
- rust-defmac
ExclusiveArch: %{rust_arches}
- rust-delta_e
ExclusiveArch: %{rust_arches}
- rust-der
ExclusiveArch: %{rust_arches}
- rust-der_derive
ExclusiveArch: %{rust_arches}
- rust-derivative
ExclusiveArch: %{rust_arches}
- rust-derive-new
ExclusiveArch: %{rust_arches}
- rust-derive_arbitrary
ExclusiveArch: %{rust_arches}
- rust-derive_arbitrary0.4
ExclusiveArch: %{rust_arches}
- rust-derive_builder
ExclusiveArch: %{rust_arches}
- rust-derive_builder0.9
ExclusiveArch: %{rust_arches}
- rust-derive_builder_core
ExclusiveArch: %{rust_arches}
- rust-derive_builder_core0.9
ExclusiveArch: %{rust_arches}
- rust-derive_builder_macro
ExclusiveArch: %{rust_arches}
- rust-derive_more
ExclusiveArch: %{rust_arches}
- rust-des
ExclusiveArch: %{rust_arches}
- rust-des0.7
ExclusiveArch: %{rust_arches}
- rust-desed
ExclusiveArch: %{rust_arches}
- rust-deunicode
ExclusiveArch: %{rust_arches}
- rust-devicemapper
ExclusiveArch: %{rust_arches}
- rust-devicemapper-sys
ExclusiveArch: %{rust_arches}
- rust-dialoguer
ExclusiveArch: %{rust_arches}
- rust-diesel
ExclusiveArch: %{rust_arches}
- rust-diesel_derives
ExclusiveArch: %{rust_arches}
- rust-diesel_migrations
ExclusiveArch: %{rust_arches}
- rust-diff
ExclusiveArch: %{rust_arches}
- rust-difference
ExclusiveArch: %{rust_arches}
- rust-difflib
ExclusiveArch: %{rust_arches}
- rust-digest
ExclusiveArch: %{rust_arches}
- rust-digest0.9
ExclusiveArch: %{rust_arches}
- rust-directories
ExclusiveArch: %{rust_arches}
- rust-directories-next
ExclusiveArch: %{rust_arches}
- rust-dirs
ExclusiveArch: %{rust_arches}
- rust-dirs-next
ExclusiveArch: %{rust_arches}
- rust-dirs-sys
ExclusiveArch: %{rust_arches}
- rust-dirs-sys-next
ExclusiveArch: %{rust_arches}
- rust-dirs2
ExclusiveArch: %{rust_arches}
- rust-dirs3
ExclusiveArch: %{rust_arches}
- rust-diskonaut
ExclusiveArch: %{rust_arches}
- rust-displaydoc
ExclusiveArch: %{rust_arches}
- rust-dissimilar
ExclusiveArch: %{rust_arches}
- rust-dlib
ExclusiveArch: %{rust_arches}
- rust-dlv-list
ExclusiveArch: %{rust_arches}
- rust-dns-lookup
ExclusiveArch: %{rust_arches}
- rust-dns-parser
ExclusiveArch: %{rust_arches}
- rust-doc-comment
ExclusiveArch: %{rust_arches}
- rust-docmatic
ExclusiveArch: %{rust_arches}
- rust-docopt
ExclusiveArch: %{rust_arches}
- rust-dotenv
ExclusiveArch: %{rust_arches}
- rust-downcast
ExclusiveArch: %{rust_arches}
- rust-downcast-rs
ExclusiveArch: %{rust_arches}
- rust-drg
ExclusiveArch: %{rust_arches}
- rust-dtoa
ExclusiveArch: %{rust_arches}
- rust-dtoa-short
ExclusiveArch: %{rust_arches}
- rust-dua-cli
ExclusiveArch: %{rust_arches}
- rust-duct
ExclusiveArch: %{rust_arches}
- rust-dummy
ExclusiveArch: %{rust_arches}
- rust-dunce
ExclusiveArch: %{rust_arches}
- rust-dutree
ExclusiveArch: %{rust_arches}
- rust-dyn-clone
ExclusiveArch: %{rust_arches}
- rust-easy-cast
ExclusiveArch: %{rust_arches}
- rust-easy-parallel
ExclusiveArch: %{rust_arches}
- rust-edit
ExclusiveArch: %{rust_arches}
- rust-edit-distance
ExclusiveArch: %{rust_arches}
- rust-either
ExclusiveArch: %{rust_arches}
- rust-elasticlunr-rs
ExclusiveArch: %{rust_arches}
- rust-elf
ExclusiveArch: %{rust_arches}
- rust-elfcat
ExclusiveArch: %{rust_arches}
- rust-ena
ExclusiveArch: %{rust_arches}
- rust-encode_unicode
ExclusiveArch: %{rust_arches}
- rust-encoding
ExclusiveArch: %{rust_arches}
- rust-encoding-index-japanese
ExclusiveArch: %{rust_arches}
- rust-encoding-index-korean
ExclusiveArch: %{rust_arches}
- rust-encoding-index-simpchinese
ExclusiveArch: %{rust_arches}
- rust-encoding-index-singlebyte
ExclusiveArch: %{rust_arches}
- rust-encoding-index-tradchinese
ExclusiveArch: %{rust_arches}
- rust-encoding_index_tests
ExclusiveArch: %{rust_arches}
- rust-encoding_rs
ExclusiveArch: %{rust_arches}
- rust-encoding_rs_io
ExclusiveArch: %{rust_arches}
- rust-endian-type
ExclusiveArch: %{rust_arches}
- rust-enquote
ExclusiveArch: %{rust_arches}
- rust-entities
ExclusiveArch: %{rust_arches}
- rust-enum-as-inner
ExclusiveArch: %{rust_arches}
- rust-enum-iterator
ExclusiveArch: %{rust_arches}
- rust-enum-iterator-derive
ExclusiveArch: %{rust_arches}
- rust-enum-map
ExclusiveArch: %{rust_arches}
- rust-enum-map-derive
ExclusiveArch: %{rust_arches}
- rust-enum_primitive
ExclusiveArch: %{rust_arches}
- rust-enumflags2
ExclusiveArch: %{rust_arches}
- rust-enumflags2_0.6
ExclusiveArch: %{rust_arches}
- rust-enumflags2_derive
ExclusiveArch: %{rust_arches}
- rust-enumflags2_derive0.6
ExclusiveArch: %{rust_arches}
- rust-enumset
ExclusiveArch: %{rust_arches}
- rust-enumset_derive
ExclusiveArch: %{rust_arches}
- rust-env_logger
ExclusiveArch: %{rust_arches}
- rust-env_logger0.4
ExclusiveArch: %{rust_arches}
- rust-env_logger0.5
ExclusiveArch: %{rust_arches}
- rust-env_logger0.6
ExclusiveArch: %{rust_arches}
- rust-env_logger0.7
ExclusiveArch: %{rust_arches}
- rust-env_logger0.8
ExclusiveArch: %{rust_arches}
- rust-env_proxy
ExclusiveArch: %{rust_arches}
- rust-environment
ExclusiveArch: %{rust_arches}
- rust-envsubst
ExclusiveArch: %{rust_arches}
- rust-epoll
ExclusiveArch: %{rust_arches}
- rust-erased-serde
ExclusiveArch: %{rust_arches}
- rust-err-derive
ExclusiveArch: %{rust_arches}
- rust-errln
ExclusiveArch: %{rust_arches}
- rust-errno
ExclusiveArch: %{rust_arches}
- rust-error-chain
ExclusiveArch: %{rust_arches}
- rust-escaper
ExclusiveArch: %{rust_arches}
- rust-escargot
ExclusiveArch: %{rust_arches}
- rust-ethtool
ExclusiveArch: %{rust_arches}
- rust-euclid
ExclusiveArch: %{rust_arches}
- rust-event-listener
ExclusiveArch: %{rust_arches}
- rust-exa
ExclusiveArch: %{rust_arches}
- rust-executable-path
ExclusiveArch: %{rust_arches}
- rust-exitcode
ExclusiveArch: %{rust_arches}
- rust-exitfailure
ExclusiveArch: %{rust_arches}
- rust-expat-sys
ExclusiveArch: %{rust_arches}
- rust-extend
ExclusiveArch: %{rust_arches}
- rust-extprim
ExclusiveArch: %{rust_arches}
- rust-extprim_literals_macros
ExclusiveArch: %{rust_arches}
- rust-eyre
ExclusiveArch: %{rust_arches}
- rust-faccess
ExclusiveArch: %{rust_arches}
- rust-fail
ExclusiveArch: %{rust_arches}
- rust-failure
ExclusiveArch: %{rust_arches}
- rust-failure-tools
ExclusiveArch: %{rust_arches}
- rust-failure_derive
ExclusiveArch: %{rust_arches}
- rust-fake
ExclusiveArch: %{rust_arches}
- rust-fake-simd
ExclusiveArch: %{rust_arches}
- rust-fallible-iterator
ExclusiveArch: %{rust_arches}
- rust-fallible-streaming-iterator
ExclusiveArch: %{rust_arches}
- rust-fancy-regex
ExclusiveArch: %{rust_arches}
- rust-fastrand
ExclusiveArch: %{rust_arches}
- rust-fatfs
ExclusiveArch: %{rust_arches}
- rust-fb_procfs
ExclusiveArch: %{rust_arches}
- rust-fbthrift_codegen_includer_proc_macro
ExclusiveArch: %{rust_arches}
- rust-fd-find
ExclusiveArch: %{rust_arches}
- rust-fd-lock
ExclusiveArch: %{rust_arches}
- rust-fdlimit
ExclusiveArch: %{rust_arches}
- rust-fedora
ExclusiveArch: %{rust_arches}
- rust-fedora-coreos-pinger
ExclusiveArch: %{rust_arches}
- rust-fedora-update-feedback
ExclusiveArch: %{rust_arches}
- rust-feed-rs
ExclusiveArch: %{rust_arches}
- rust-feedbin_api
ExclusiveArch: %{rust_arches}
- rust-feedly_api
ExclusiveArch: %{rust_arches}
- rust-femme
ExclusiveArch: %{rust_arches}
- rust-fern
ExclusiveArch: %{rust_arches}
- rust-fever_api
ExclusiveArch: %{rust_arches}
- rust-ffsend
ExclusiveArch: %{rust_arches}
- rust-ffsend-api
ExclusiveArch: %{rust_arches}
- rust-field-offset
ExclusiveArch: %{rust_arches}
- rust-file-per-thread-logger
ExclusiveArch: %{rust_arches}
- rust-filedescriptor
ExclusiveArch: %{rust_arches}
- rust-filesize
ExclusiveArch: %{rust_arches}
- rust-filetime
ExclusiveArch: %{rust_arches}
- rust-filetreelist
ExclusiveArch: %{rust_arches}
- rust-find-crate
ExclusiveArch: %{rust_arches}
- rust-findshlibs
ExclusiveArch: %{rust_arches}
- rust-fixed
ExclusiveArch: %{rust_arches}
- rust-fixedbitset
ExclusiveArch: %{rust_arches}
- rust-flate2
ExclusiveArch: %{rust_arches}
- rust-float-cmp
ExclusiveArch: %{rust_arches}
- rust-float-ord
ExclusiveArch: %{rust_arches}
- rust-fluent
ExclusiveArch: %{rust_arches}
- rust-fluent-bundle
ExclusiveArch: %{rust_arches}
- rust-fluent-langneg
ExclusiveArch: %{rust_arches}
- rust-fluent-syntax
ExclusiveArch: %{rust_arches}
- rust-fn-error-context
ExclusiveArch: %{rust_arches}
- rust-fnv
ExclusiveArch: %{rust_arches}
- rust-font-kit
ExclusiveArch: %{rust_arches}
- rust-foreign-types
ExclusiveArch: %{rust_arches}
- rust-foreign-types-macros
ExclusiveArch: %{rust_arches}
- rust-foreign-types-shared
ExclusiveArch: %{rust_arches}
- rust-foreign-types-shared0.1
ExclusiveArch: %{rust_arches}
- rust-foreign-types0.3
ExclusiveArch: %{rust_arches}
- rust-form_urlencoded
ExclusiveArch: %{rust_arches}
- rust-format-bytes
ExclusiveArch: %{rust_arches}
- rust-format-bytes-macros
ExclusiveArch: %{rust_arches}
- rust-fragile
ExclusiveArch: %{rust_arches}
- rust-freetype
ExclusiveArch: %{rust_arches}
- rust-freetype-rs
ExclusiveArch: %{rust_arches}
- rust-freetype-sys
ExclusiveArch: %{rust_arches}
- rust-fs-err
ExclusiveArch: %{rust_arches}
- rust-fs-set-times
ExclusiveArch: %{rust_arches}
- rust-fs2
ExclusiveArch: %{rust_arches}
- rust-fs_extra
ExclusiveArch: %{rust_arches}
- rust-fscommon
ExclusiveArch: %{rust_arches}
- rust-fslock
ExclusiveArch: %{rust_arches}
- rust-funty
ExclusiveArch: %{rust_arches}
- rust-futf
ExclusiveArch: %{rust_arches}
- rust-futures
ExclusiveArch: %{rust_arches}
- rust-futures-channel
ExclusiveArch: %{rust_arches}
- rust-futures-core
ExclusiveArch: %{rust_arches}
- rust-futures-cpupool
ExclusiveArch: %{rust_arches}
- rust-futures-executor
ExclusiveArch: %{rust_arches}
- rust-futures-io
ExclusiveArch: %{rust_arches}
- rust-futures-lite
ExclusiveArch: %{rust_arches}
- rust-futures-macro
ExclusiveArch: %{rust_arches}
- rust-futures-sink
ExclusiveArch: %{rust_arches}
- rust-futures-task
ExclusiveArch: %{rust_arches}
- rust-futures-test
ExclusiveArch: %{rust_arches}
- rust-futures-timer
ExclusiveArch: %{rust_arches}
- rust-futures-util
ExclusiveArch: %{rust_arches}
- rust-futures0.1
ExclusiveArch: %{rust_arches}
- rust-fuzzy-matcher
ExclusiveArch: %{rust_arches}
- rust-fxhash
ExclusiveArch: %{rust_arches}
- rust-gdk
ExclusiveArch: %{rust_arches}
- rust-gdk-pixbuf
ExclusiveArch: %{rust_arches}
- rust-gdk-pixbuf-sys
ExclusiveArch: %{rust_arches}
- rust-gdk-sys
ExclusiveArch: %{rust_arches}
- rust-gdk4
ExclusiveArch: %{rust_arches}
- rust-gdk4-sys
ExclusiveArch: %{rust_arches}
- rust-generic-array
ExclusiveArch: %{rust_arches}
- rust-generic-array0.12
ExclusiveArch: %{rust_arches}
- rust-genetlink
ExclusiveArch: %{rust_arches}
- rust-getch
ExclusiveArch: %{rust_arches}
- rust-gethostname
ExclusiveArch: %{rust_arches}
- rust-getopts
ExclusiveArch: %{rust_arches}
- rust-getrandom
ExclusiveArch: %{rust_arches}
- rust-getrandom0.1
ExclusiveArch: %{rust_arches}
- rust-getset
ExclusiveArch: %{rust_arches}
- rust-gettext-rs
ExclusiveArch: %{rust_arches}
- rust-gettext-sys
ExclusiveArch: %{rust_arches}
- rust-gh-emoji
ExclusiveArch: %{rust_arches}
- rust-ghash
ExclusiveArch: %{rust_arches}
- rust-ghost
ExclusiveArch: %{rust_arches}
- rust-gif
ExclusiveArch: %{rust_arches}
- rust-gimli
ExclusiveArch: %{rust_arches}
- rust-gio
ExclusiveArch: %{rust_arches}
- rust-gio-sys
ExclusiveArch: %{rust_arches}
- rust-gir-format-check
ExclusiveArch: %{rust_arches}
- rust-git-delta
ExclusiveArch: %{rust_arches}
- rust-git-version
ExclusiveArch: %{rust_arches}
- rust-git-version-macro
ExclusiveArch: %{rust_arches}
- rust-git2
ExclusiveArch: %{rust_arches}
- rust-git2-curl
ExclusiveArch: %{rust_arches}
- rust-gitui
ExclusiveArch: %{rust_arches}
- rust-gl_generator
ExclusiveArch: %{rust_arches}
- rust-glam
ExclusiveArch: %{rust_arches}
- rust-glib
ExclusiveArch: %{rust_arches}
- rust-glib-macros
ExclusiveArch: %{rust_arches}
- rust-glib-sys
ExclusiveArch: %{rust_arches}
- rust-glob
ExclusiveArch: %{rust_arches}
- rust-globset
ExclusiveArch: %{rust_arches}
- rust-globwalk
ExclusiveArch: %{rust_arches}
- rust-glutin
ExclusiveArch: %{rust_arches}
- rust-glutin_egl_sys
ExclusiveArch: %{rust_arches}
- rust-glutin_glx_sys
ExclusiveArch: %{rust_arches}
- rust-gobject-sys
ExclusiveArch: %{rust_arches}
- rust-goblin
ExclusiveArch: %{rust_arches}
- rust-gptman
ExclusiveArch: %{rust_arches}
- rust-graphene-rs
ExclusiveArch: %{rust_arches}
- rust-graphene-sys
ExclusiveArch: %{rust_arches}
- rust-greetd_ipc
ExclusiveArch: %{rust_arches}
- rust-grep
ExclusiveArch: %{rust_arches}
- rust-grep-cli
ExclusiveArch: %{rust_arches}
- rust-grep-matcher
ExclusiveArch: %{rust_arches}
- rust-grep-pcre2
ExclusiveArch: %{rust_arches}
- rust-grep-printer
ExclusiveArch: %{rust_arches}
- rust-grep-regex
ExclusiveArch: %{rust_arches}
- rust-grep-searcher
ExclusiveArch: %{rust_arches}
- rust-groupable
ExclusiveArch: %{rust_arches}
- rust-gsk4
ExclusiveArch: %{rust_arches}
- rust-gsk4-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer
ExclusiveArch: %{rust_arches}
- rust-gstreamer-audio
ExclusiveArch: %{rust_arches}
- rust-gstreamer-audio-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-base
ExclusiveArch: %{rust_arches}
- rust-gstreamer-base-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-editing-services
ExclusiveArch: %{rust_arches}
- rust-gstreamer-editing-services-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-pbutils
ExclusiveArch: %{rust_arches}
- rust-gstreamer-pbutils-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-player
ExclusiveArch: %{rust_arches}
- rust-gstreamer-player-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-sys
ExclusiveArch: %{rust_arches}
- rust-gstreamer-video
ExclusiveArch: %{rust_arches}
- rust-gstreamer-video-sys
ExclusiveArch: %{rust_arches}
- rust-gtk
ExclusiveArch: %{rust_arches}
- rust-gtk-sys
ExclusiveArch: %{rust_arches}
- rust-gtk3-macros
ExclusiveArch: %{rust_arches}
- rust-gtk4
ExclusiveArch: %{rust_arches}
- rust-gtk4-macros
ExclusiveArch: %{rust_arches}
- rust-gtk4-sys
ExclusiveArch: %{rust_arches}
- rust-gzip-header
ExclusiveArch: %{rust_arches}
- rust-h2
ExclusiveArch: %{rust_arches}
- rust-h2_0.2
ExclusiveArch: %{rust_arches}
- rust-half
ExclusiveArch: %{rust_arches}
- rust-hamcrest2
ExclusiveArch: %{rust_arches}
- rust-handlebars
ExclusiveArch: %{rust_arches}
- rust-hashbrown
ExclusiveArch: %{rust_arches}
- rust-hashbrown0.9
ExclusiveArch: %{rust_arches}
- rust-hashlink
ExclusiveArch: %{rust_arches}
- rust-headers
ExclusiveArch: %{rust_arches}
- rust-headers-core
ExclusiveArch: %{rust_arches}
- rust-headers-derive
ExclusiveArch: %{rust_arches}
- rust-heapsize
ExclusiveArch: %{rust_arches}
- rust-heatseeker
ExclusiveArch: %{rust_arches}
- rust-heck
ExclusiveArch: %{rust_arches}
- rust-heck0.3
ExclusiveArch: %{rust_arches}
- rust-helvum
ExclusiveArch: %{rust_arches}
- rust-hex
ExclusiveArch: %{rust_arches}
- rust-hex-literal
ExclusiveArch: %{rust_arches}
- rust-hex-literal-impl
ExclusiveArch: %{rust_arches}
- rust-hex-literal0.2
ExclusiveArch: %{rust_arches}
- rust-hexyl
ExclusiveArch: %{rust_arches}
- rust-hidapi
ExclusiveArch: %{rust_arches}
- rust-hkdf
ExclusiveArch: %{rust_arches}
- rust-hkdf0.11
ExclusiveArch: %{rust_arches}
- rust-hmac
ExclusiveArch: %{rust_arches}
- rust-hmac0.11
ExclusiveArch: %{rust_arches}
- rust-home
ExclusiveArch: %{rust_arches}
- rust-horrorshow
ExclusiveArch: %{rust_arches}
- rust-hostname
ExclusiveArch: %{rust_arches}
- rust-hostname-validator
ExclusiveArch: %{rust_arches}
- rust-html-escape
ExclusiveArch: %{rust_arches}
- rust-html2pango
ExclusiveArch: %{rust_arches}
- rust-html5ever
ExclusiveArch: %{rust_arches}
- rust-http
ExclusiveArch: %{rust_arches}
- rust-http-body
ExclusiveArch: %{rust_arches}
- rust-http-body0.3
ExclusiveArch: %{rust_arches}
- rust-http0.1
ExclusiveArch: %{rust_arches}
- rust-httparse
ExclusiveArch: %{rust_arches}
- rust-httpdate
ExclusiveArch: %{rust_arches}
- rust-human-panic
ExclusiveArch: %{rust_arches}
- rust-human-sort
ExclusiveArch: %{rust_arches}
- rust-humansize
ExclusiveArch: %{rust_arches}
- rust-humantime
ExclusiveArch: %{rust_arches}
- rust-humantime-serde
ExclusiveArch: %{rust_arches}
- rust-humantime1
ExclusiveArch: %{rust_arches}
- rust-hyper
ExclusiveArch: %{rust_arches}
- rust-hyper-native-tls
ExclusiveArch: %{rust_arches}
- rust-hyper-rustls
ExclusiveArch: %{rust_arches}
- rust-hyper-staticfile
ExclusiveArch: %{rust_arches}
- rust-hyper-tls
ExclusiveArch: %{rust_arches}
- rust-hyper-tls0.4
ExclusiveArch: %{rust_arches}
- rust-hyper0.10
ExclusiveArch: %{rust_arches}
- rust-hyper0.13
ExclusiveArch: %{rust_arches}
- rust-hyperfine
ExclusiveArch: %{rust_arches}
- rust-i18n-config
ExclusiveArch: %{rust_arches}
- rust-i18n-embed
ExclusiveArch: %{rust_arches}
- rust-i18n-embed-fl
ExclusiveArch: %{rust_arches}
- rust-i18n-embed-impl
ExclusiveArch: %{rust_arches}
- rust-i3ipc
ExclusiveArch: %{rust_arches}
- rust-iai
ExclusiveArch: %{rust_arches}
- rust-id-arena
ExclusiveArch: %{rust_arches}
- rust-ident_case
ExclusiveArch: %{rust_arches}
- rust-idna
ExclusiveArch: %{rust_arches}
- rust-idna0.1
ExclusiveArch: %{rust_arches}
- rust-ifcfg-devname
ExclusiveArch: %{rust_arches}
- rust-ignition-config
ExclusiveArch: %{rust_arches}
- rust-ignore
ExclusiveArch: %{rust_arches}
- rust-im-rc
ExclusiveArch: %{rust_arches}
- rust-image
ExclusiveArch: %{rust_arches}
- rust-image-roll
ExclusiveArch: %{rust_arches}
- rust-imgref
ExclusiveArch: %{rust_arches}
- rust-indenter
ExclusiveArch: %{rust_arches}
- rust-indexmap
ExclusiveArch: %{rust_arches}
- rust-indicatif
ExclusiveArch: %{rust_arches}
- rust-indicatif0.15
ExclusiveArch: %{rust_arches}
- rust-indoc
ExclusiveArch: %{rust_arches}
- rust-infer
ExclusiveArch: %{rust_arches}
- rust-inferno
ExclusiveArch: %{rust_arches}
- rust-inflate
ExclusiveArch: %{rust_arches}
- rust-inotify
ExclusiveArch: %{rust_arches}
- rust-inotify-sys
ExclusiveArch: %{rust_arches}
- rust-inout
ExclusiveArch: %{rust_arches}
- rust-input_buffer
ExclusiveArch: %{rust_arches}
- rust-insta
ExclusiveArch: %{rust_arches}
- rust-instant
ExclusiveArch: %{rust_arches}
- rust-interpolate_name
ExclusiveArch: %{rust_arches}
- rust-intervaltree
ExclusiveArch: %{rust_arches}
- rust-intl-memoizer
ExclusiveArch: %{rust_arches}
- rust-intl_pluralrules
ExclusiveArch: %{rust_arches}
- rust-invalidstring
ExclusiveArch: %{rust_arches}
- rust-inventory
ExclusiveArch: %{rust_arches}
- rust-inventory-impl
ExclusiveArch: %{rust_arches}
- rust-inventory0.1
ExclusiveArch: %{rust_arches}
- rust-io-extras
ExclusiveArch: %{rust_arches}
- rust-io-lifetimes
ExclusiveArch: %{rust_arches}
- rust-ioctl-rs
ExclusiveArch: %{rust_arches}
- rust-iocuddle
ExclusiveArch: %{rust_arches}
- rust-iovec
ExclusiveArch: %{rust_arches}
- rust-ipnet
ExclusiveArch: %{rust_arches}
- rust-ipnetwork
ExclusiveArch: %{rust_arches}
- rust-ipnetwork0.17
ExclusiveArch: %{rust_arches}
- rust-iptables
ExclusiveArch: %{rust_arches}
- rust-iron
ExclusiveArch: %{rust_arches}
- rust-is_ci
ExclusiveArch: %{rust_arches}
- rust-is_debug
ExclusiveArch: %{rust_arches}
- rust-iso8601
ExclusiveArch: %{rust_arches}
- rust-iter-read
ExclusiveArch: %{rust_arches}
- rust-itertools
ExclusiveArch: %{rust_arches}
- rust-itertools-num
ExclusiveArch: %{rust_arches}
- rust-itertools0.8
ExclusiveArch: %{rust_arches}
- rust-itertools0.9
ExclusiveArch: %{rust_arches}
- rust-itoa
ExclusiveArch: %{rust_arches}
- rust-itoa0.4
ExclusiveArch: %{rust_arches}
- rust-ivf
ExclusiveArch: %{rust_arches}
- rust-jetscii
ExclusiveArch: %{rust_arches}
- rust-jieba-rs
ExclusiveArch: %{rust_arches}
- rust-jobserver
ExclusiveArch: %{rust_arches}
- rust-josekit
ExclusiveArch: %{rust_arches}
- rust-jpeg-decoder
ExclusiveArch: %{rust_arches}
- rust-jql
ExclusiveArch: %{rust_arches}
- rust-js-sys
ExclusiveArch: %{rust_arches}
- rust-js_int
ExclusiveArch: %{rust_arches}
- rust-json
ExclusiveArch: %{rust_arches}
- rust-json_value_merge
ExclusiveArch: %{rust_arches}
- rust-just
ExclusiveArch: %{rust_arches}
- rust-jwalk
ExclusiveArch: %{rust_arches}
- rust-k9
ExclusiveArch: %{rust_arches}
- rust-keccak
ExclusiveArch: %{rust_arches}
- rust-khronos_api
ExclusiveArch: %{rust_arches}
- rust-kstring
ExclusiveArch: %{rust_arches}
- rust-kv-log-macro
ExclusiveArch: %{rust_arches}
- rust-lab
ExclusiveArch: %{rust_arches}
- rust-lalrpop
ExclusiveArch: %{rust_arches}
- rust-lalrpop-util
ExclusiveArch: %{rust_arches}
- rust-language-tags
ExclusiveArch: %{rust_arches}
- rust-lazy-init
ExclusiveArch: %{rust_arches}
- rust-lazy_static
ExclusiveArch: %{rust_arches}
- rust-lazycell
ExclusiveArch: %{rust_arches}
- rust-leb128
ExclusiveArch: %{rust_arches}
- rust-lexical-core
ExclusiveArch: %{rust_arches}
- rust-lexiclean
ExclusiveArch: %{rust_arches}
- rust-libblkid-rs
ExclusiveArch: %{rust_arches}
- rust-libblkid-rs-sys
ExclusiveArch: %{rust_arches}
- rust-libbpf-cargo
ExclusiveArch: %{rust_arches}
- rust-libbpf-rs
ExclusiveArch: %{rust_arches}
- rust-libbpf-sys
ExclusiveArch: %{rust_arches}
- rust-libc
ExclusiveArch: %{rust_arches}
- rust-libcryptsetup-rs
ExclusiveArch: %{rust_arches}
- rust-libcryptsetup-rs-sys
ExclusiveArch: %{rust_arches}
- rust-libdbus-sys
ExclusiveArch: %{rust_arches}
- rust-libflate
ExclusiveArch: %{rust_arches}
- rust-libflate_lz77
ExclusiveArch: %{rust_arches}
- rust-libgit2-sys
ExclusiveArch: %{rust_arches}
- rust-libhandy
ExclusiveArch: %{rust_arches}
- rust-libhandy-sys
ExclusiveArch: %{rust_arches}
- rust-libloading
ExclusiveArch: %{rust_arches}
- rust-libloading0.6
ExclusiveArch: %{rust_arches}
- rust-libm
ExclusiveArch: %{rust_arches}
- rust-libmount
ExclusiveArch: %{rust_arches}
- rust-libnotcurses-sys
ExclusiveArch: %{rust_arches}
- rust-liboverdrop
ExclusiveArch: %{rust_arches}
- rust-libpulse-binding
ExclusiveArch: %{rust_arches}
- rust-libpulse-sys
ExclusiveArch: %{rust_arches}
- rust-libseccomp-sys
ExclusiveArch: %{rust_arches}
- rust-libslirp
ExclusiveArch: %{rust_arches}
- rust-libslirp-sys
ExclusiveArch: %{rust_arches}
- rust-libspa
ExclusiveArch: %{rust_arches}
- rust-libspa-sys
ExclusiveArch: %{rust_arches}
- rust-libsqlite3-sys
ExclusiveArch: %{rust_arches}
- rust-libssh2-sys
ExclusiveArch: %{rust_arches}
- rust-libsystemd
ExclusiveArch: %{rust_arches}
- rust-libudev
ExclusiveArch: %{rust_arches}
- rust-libudev-sys
ExclusiveArch: %{rust_arches}
- rust-libxml
ExclusiveArch: %{rust_arches}
- rust-libxml0.2
ExclusiveArch: %{rust_arches}
- rust-libz-sys
ExclusiveArch: %{rust_arches}
- rust-line-wrap
ExclusiveArch: %{rust_arches}
- rust-link-cplusplus
ExclusiveArch: %{rust_arches}
- rust-linked-hash-map
ExclusiveArch: %{rust_arches}
- rust-linkify
ExclusiveArch: %{rust_arches}
- rust-linreg
ExclusiveArch: %{rust_arches}
- rust-linux-raw-sys
ExclusiveArch: %{rust_arches}
- rust-linux_proc
ExclusiveArch: %{rust_arches}
- rust-lipsum
ExclusiveArch: %{rust_arches}
- rust-listenfd
ExclusiveArch: %{rust_arches}
- rust-lmdb
ExclusiveArch: %{rust_arches}
- rust-lmdb-sys
ExclusiveArch: %{rust_arches}
- rust-locale
ExclusiveArch: %{rust_arches}
- rust-locale_config
ExclusiveArch: %{rust_arches}
- rust-lock_api
ExclusiveArch: %{rust_arches}
- rust-lockfree
ExclusiveArch: %{rust_arches}
- rust-log
ExclusiveArch: %{rust_arches}
- rust-log-mdc
ExclusiveArch: %{rust_arches}
- rust-log-panics
ExclusiveArch: %{rust_arches}
- rust-log0.3
ExclusiveArch: %{rust_arches}
- rust-log4rs
ExclusiveArch: %{rust_arches}
- rust-loggerv
ExclusiveArch: %{rust_arches}
- rust-loopdev
ExclusiveArch: %{rust_arches}
- rust-lru-cache
ExclusiveArch: %{rust_arches}
- rust-lscolors
ExclusiveArch: %{rust_arches}
- rust-lsd
ExclusiveArch: %{rust_arches}
- rust-lzma-sys
ExclusiveArch: %{rust_arches}
- rust-lzw
ExclusiveArch: %{rust_arches}
- rust-mac
ExclusiveArch: %{rust_arches}
- rust-mac_address
ExclusiveArch: %{rust_arches}
- rust-macro-attr
ExclusiveArch: %{rust_arches}
- rust-madvr_parse
ExclusiveArch: %{rust_arches}
- rust-magic-crypt
ExclusiveArch: %{rust_arches}
- rust-maildir
ExclusiveArch: %{rust_arches}
- rust-mailparse
ExclusiveArch: %{rust_arches}
- rust-man
ExclusiveArch: %{rust_arches}
- rust-maplit
ExclusiveArch: %{rust_arches}
- rust-markup5ever
ExclusiveArch: %{rust_arches}
- rust-markup5ever_rcdom
ExclusiveArch: %{rust_arches}
- rust-match_cfg
ExclusiveArch: %{rust_arches}
- rust-matches
ExclusiveArch: %{rust_arches}
- rust-matrixcompare
ExclusiveArch: %{rust_arches}
- rust-matrixcompare-core
ExclusiveArch: %{rust_arches}
- rust-matrixcompare-mock
ExclusiveArch: %{rust_arches}
- rust-matrixmultiply
ExclusiveArch: %{rust_arches}
- rust-maxminddb
ExclusiveArch: %{rust_arches}
- rust-maybe-owned
ExclusiveArch: %{rust_arches}
- rust-maybe-uninit
ExclusiveArch: %{rust_arches}
- rust-mbox
ExclusiveArch: %{rust_arches}
- rust-mbrman
ExclusiveArch: %{rust_arches}
- rust-md-5
ExclusiveArch: %{rust_arches}
- rust-md-5_0.9
ExclusiveArch: %{rust_arches}
- rust-md5
ExclusiveArch: %{rust_arches}
- rust-mdl
ExclusiveArch: %{rust_arches}
- rust-memchr
ExclusiveArch: %{rust_arches}
- rust-memfd
ExclusiveArch: %{rust_arches}
- rust-memmap
ExclusiveArch: %{rust_arches}
- rust-memmap2
ExclusiveArch: %{rust_arches}
- rust-memmap2_0.3
ExclusiveArch: %{rust_arches}
- rust-memmem
ExclusiveArch: %{rust_arches}
- rust-memoffset
ExclusiveArch: %{rust_arches}
- rust-memoffset0.5
ExclusiveArch: %{rust_arches}
- rust-memsec
ExclusiveArch: %{rust_arches}
- rust-micro-timer
ExclusiveArch: %{rust_arches}
- rust-micro-timer-macros
ExclusiveArch: %{rust_arches}
- rust-miette
ExclusiveArch: %{rust_arches}
- rust-miette-derive
ExclusiveArch: %{rust_arches}
- rust-migrations_internals
ExclusiveArch: %{rust_arches}
- rust-migrations_macros
ExclusiveArch: %{rust_arches}
- rust-mime
ExclusiveArch: %{rust_arches}
- rust-mime0.2
ExclusiveArch: %{rust_arches}
- rust-mime_guess
ExclusiveArch: %{rust_arches}
- rust-mime_guess1
ExclusiveArch: %{rust_arches}
- rust-miniflux_api
ExclusiveArch: %{rust_arches}
- rust-minify-html
ExclusiveArch: %{rust_arches}
- rust-minimad
ExclusiveArch: %{rust_arches}
- rust-minimal-lexical
ExclusiveArch: %{rust_arches}
- rust-miniz-sys
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide0.3
ExclusiveArch: %{rust_arches}
- rust-miniz_oxide_c_api
ExclusiveArch: %{rust_arches}
- rust-mint
ExclusiveArch: %{rust_arches}
- rust-mio
ExclusiveArch: %{rust_arches}
- rust-mio-extras
ExclusiveArch: %{rust_arches}
- rust-mio-uds
ExclusiveArch: %{rust_arches}
- rust-mio0.6
ExclusiveArch: %{rust_arches}
- rust-mio0.7
ExclusiveArch: %{rust_arches}
- rust-mktemp
ExclusiveArch: %{rust_arches}
- rust-mnt
ExclusiveArch: %{rust_arches}
- rust-mockall
ExclusiveArch: %{rust_arches}
- rust-mockall_derive
ExclusiveArch: %{rust_arches}
- rust-mockall_double
ExclusiveArch: %{rust_arches}
- rust-mockito
ExclusiveArch: %{rust_arches}
- rust-modifier
ExclusiveArch: %{rust_arches}
- rust-more-asserts
ExclusiveArch: %{rust_arches}
- rust-muldiv
ExclusiveArch: %{rust_arches}
- rust-multimap
ExclusiveArch: %{rust_arches}
- rust-multipart
ExclusiveArch: %{rust_arches}
- rust-mustache
ExclusiveArch: %{rust_arches}
- rust-nalgebra
ExclusiveArch: %{rust_arches}
- rust-nalgebra-macros
ExclusiveArch: %{rust_arches}
- rust-nasm-rs
ExclusiveArch: %{rust_arches}
- rust-native-tls
ExclusiveArch: %{rust_arches}
- rust-natord
ExclusiveArch: %{rust_arches}
- rust-navi
ExclusiveArch: %{rust_arches}
- rust-nb-connect
ExclusiveArch: %{rust_arches}
- rust-ncurses
ExclusiveArch: %{rust_arches}
- rust-net2
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-core
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-generic
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-route
ExclusiveArch: %{rust_arches}
- rust-netlink-packet-utils
ExclusiveArch: %{rust_arches}
- rust-netlink-proto
ExclusiveArch: %{rust_arches}
- rust-netlink-sys
ExclusiveArch: %{rust_arches}
- rust-netmap_sys
ExclusiveArch: %{rust_arches}
- rust-nettle
ExclusiveArch: %{rust_arches}
- rust-nettle-sys
ExclusiveArch: %{rust_arches}
- rust-new_debug_unreachable
ExclusiveArch: %{rust_arches}
- rust-newtype_derive
ExclusiveArch: %{rust_arches}
- rust-nibble_vec
ExclusiveArch: %{rust_arches}
- rust-nix
ExclusiveArch: %{rust_arches}
- rust-nix0.14
ExclusiveArch: %{rust_arches}
- rust-nix0.17
ExclusiveArch: %{rust_arches}
- rust-nix0.18
ExclusiveArch: %{rust_arches}
- rust-nix0.20
ExclusiveArch: %{rust_arches}
- rust-nix0.22
ExclusiveArch: %{rust_arches}
- rust-no-panic
ExclusiveArch: %{rust_arches}
- rust-nodrop
ExclusiveArch: %{rust_arches}
- rust-nohash-hasher
ExclusiveArch: %{rust_arches}
- rust-nom
ExclusiveArch: %{rust_arches}
- rust-nom4
ExclusiveArch: %{rust_arches}
- rust-nom5
ExclusiveArch: %{rust_arches}
- rust-noop_proc_macro
ExclusiveArch: %{rust_arches}
- rust-normalize-line-endings
ExclusiveArch: %{rust_arches}
- rust-notify
ExclusiveArch: %{rust_arches}
- rust-notify-rust
ExclusiveArch: %{rust_arches}
- rust-nu-ansi-term
ExclusiveArch: %{rust_arches}
- rust-nu-engine
ExclusiveArch: %{rust_arches}
- rust-nu-glob
ExclusiveArch: %{rust_arches}
- rust-nu-json
ExclusiveArch: %{rust_arches}
- rust-nu-parser
ExclusiveArch: %{rust_arches}
- rust-nu-path
ExclusiveArch: %{rust_arches}
- rust-nu-protocol
ExclusiveArch: %{rust_arches}
- rust-nu-utils
ExclusiveArch: %{rust_arches}
- rust-num
ExclusiveArch: %{rust_arches}
- rust-num-bigint
ExclusiveArch: %{rust_arches}
- rust-num-bigint-dig
ExclusiveArch: %{rust_arches}
- rust-num-bigint0.3
ExclusiveArch: %{rust_arches}
- rust-num-complex
ExclusiveArch: %{rust_arches}
- rust-num-complex0.3
ExclusiveArch: %{rust_arches}
- rust-num-derive
ExclusiveArch: %{rust_arches}
- rust-num-format
ExclusiveArch: %{rust_arches}
- rust-num-integer
ExclusiveArch: %{rust_arches}
- rust-num-iter
ExclusiveArch: %{rust_arches}
- rust-num-rational
ExclusiveArch: %{rust_arches}
- rust-num-rational0.3
ExclusiveArch: %{rust_arches}
- rust-num-traits
ExclusiveArch: %{rust_arches}
- rust-num-traits0.1
ExclusiveArch: %{rust_arches}
- rust-num0.3
ExclusiveArch: %{rust_arches}
- rust-num_cpus
ExclusiveArch: %{rust_arches}
- rust-num_enum
ExclusiveArch: %{rust_arches}
- rust-num_enum_derive
ExclusiveArch: %{rust_arches}
- rust-number_prefix
ExclusiveArch: %{rust_arches}
- rust-numtoa
ExclusiveArch: %{rust_arches}
- rust-oauth2
ExclusiveArch: %{rust_arches}
- rust-obfstr
ExclusiveArch: %{rust_arches}
- rust-object
ExclusiveArch: %{rust_arches}
- rust-odds
ExclusiveArch: %{rust_arches}
- rust-oid
ExclusiveArch: %{rust_arches}
- rust-once_cell
ExclusiveArch: %{rust_arches}
- rust-onig
ExclusiveArch: %{rust_arches}
- rust-onig_sys
ExclusiveArch: %{rust_arches}
- rust-oorandom
ExclusiveArch: %{rust_arches}
- rust-opaque-debug
ExclusiveArch: %{rust_arches}
- rust-open
ExclusiveArch: %{rust_arches}
- rust-open1
ExclusiveArch: %{rust_arches}
- rust-openat
ExclusiveArch: %{rust_arches}
- rust-openat-ext
ExclusiveArch: %{rust_arches}
- rust-opener
ExclusiveArch: %{rust_arches}
- rust-openssh-keys
ExclusiveArch: %{rust_arches}
- rust-openssl
ExclusiveArch: %{rust_arches}
- rust-openssl-probe
ExclusiveArch: %{rust_arches}
- rust-openssl-sys
ExclusiveArch: %{rust_arches}
- rust-opml
ExclusiveArch: %{rust_arches}
- rust-option-operations
ExclusiveArch: %{rust_arches}
- rust-ord_subset
ExclusiveArch: %{rust_arches}
- rust-ordered-float
ExclusiveArch: %{rust_arches}
- rust-ordered-multimap
ExclusiveArch: %{rust_arches}
- rust-os-release
ExclusiveArch: %{rust_arches}
- rust-os_info
ExclusiveArch: %{rust_arches}
- rust-os_pipe
ExclusiveArch: %{rust_arches}
- rust-os_pipe0.9
ExclusiveArch: %{rust_arches}
- rust-os_str_bytes
ExclusiveArch: %{rust_arches}
- rust-os_type
ExclusiveArch: %{rust_arches}
- rust-osmesa-sys
ExclusiveArch: %{rust_arches}
- rust-osstrtools
ExclusiveArch: %{rust_arches}
- rust-ouroboros
ExclusiveArch: %{rust_arches}
- rust-ouroboros_macro
ExclusiveArch: %{rust_arches}
- rust-overload
ExclusiveArch: %{rust_arches}
- rust-owned-alloc
ExclusiveArch: %{rust_arches}
- rust-owned_ttf_parser
ExclusiveArch: %{rust_arches}
- rust-owned_ttf_parser0.12
ExclusiveArch: %{rust_arches}
- rust-owning_ref
ExclusiveArch: %{rust_arches}
- rust-owo-colors
ExclusiveArch: %{rust_arches}
- rust-packaging
ExclusiveArch: %{rust_arches}
- rust-pad
ExclusiveArch: %{rust_arches}
- rust-page_size
ExclusiveArch: %{rust_arches}
- rust-pager
ExclusiveArch: %{rust_arches}
- rust-palette
ExclusiveArch: %{rust_arches}
- rust-palette_derive
ExclusiveArch: %{rust_arches}
- rust-pam
ExclusiveArch: %{rust_arches}
- rust-pam-sys
ExclusiveArch: %{rust_arches}
- rust-pancurses
ExclusiveArch: %{rust_arches}
- rust-pango
ExclusiveArch: %{rust_arches}
- rust-pango-sys
ExclusiveArch: %{rust_arches}
- rust-pangocairo
ExclusiveArch: %{rust_arches}
- rust-pangocairo-sys
ExclusiveArch: %{rust_arches}
- rust-paris
ExclusiveArch: %{rust_arches}
- rust-parity-wasm
ExclusiveArch: %{rust_arches}
- rust-parking
ExclusiveArch: %{rust_arches}
- rust-parking_lot
ExclusiveArch: %{rust_arches}
- rust-parking_lot0.11
ExclusiveArch: %{rust_arches}
- rust-parking_lot_core
ExclusiveArch: %{rust_arches}
- rust-parking_lot_core0.8
ExclusiveArch: %{rust_arches}
- rust-parse-zoneinfo
ExclusiveArch: %{rust_arches}
- rust-parse_cfg
ExclusiveArch: %{rust_arches}
- rust-parsec-client
ExclusiveArch: %{rust_arches}
- rust-parsec-interface
ExclusiveArch: %{rust_arches}
- rust-partial-io
ExclusiveArch: %{rust_arches}
- rust-partition-identity
ExclusiveArch: %{rust_arches}
- rust-password-hash
ExclusiveArch: %{rust_arches}
- rust-paste
ExclusiveArch: %{rust_arches}
- rust-path-absolutize
ExclusiveArch: %{rust_arches}
- rust-path-dedot
ExclusiveArch: %{rust_arches}
- rust-path-slash
ExclusiveArch: %{rust_arches}
- rust-pathdiff
ExclusiveArch: %{rust_arches}
- rust-pathfinder_geometry
ExclusiveArch: %{rust_arches}
- rust-pathfinder_simd
ExclusiveArch: %{rust_arches}
- rust-pbkdf2
ExclusiveArch: %{rust_arches}
- rust-pbr
ExclusiveArch: %{rust_arches}
- rust-pcap
ExclusiveArch: %{rust_arches}
- rust-pcre2
ExclusiveArch: %{rust_arches}
- rust-pcre2-sys
ExclusiveArch: %{rust_arches}
- rust-peeking_take_while
ExclusiveArch: %{rust_arches}
- rust-peg
ExclusiveArch: %{rust_arches}
- rust-peg-macros
ExclusiveArch: %{rust_arches}
- rust-peg-runtime
ExclusiveArch: %{rust_arches}
- rust-peg0.5
ExclusiveArch: %{rust_arches}
- rust-pem
ExclusiveArch: %{rust_arches}
- rust-pem-rfc7468
ExclusiveArch: %{rust_arches}
- rust-pem0.8
ExclusiveArch: %{rust_arches}
- rust-percent-encoding
ExclusiveArch: %{rust_arches}
- rust-percent-encoding1
ExclusiveArch: %{rust_arches}
- rust-peresil
ExclusiveArch: %{rust_arches}
- rust-permutate
ExclusiveArch: %{rust_arches}
- rust-permutohedron
ExclusiveArch: %{rust_arches}
- rust-pest
ExclusiveArch: %{rust_arches}
- rust-pest_derive
ExclusiveArch: %{rust_arches}
- rust-pest_generator
ExclusiveArch: %{rust_arches}
- rust-pest_meta
ExclusiveArch: %{rust_arches}
- rust-petgraph
ExclusiveArch: %{rust_arches}
- rust-phf
ExclusiveArch: %{rust_arches}
- rust-phf0.7
ExclusiveArch: %{rust_arches}
- rust-phf0.8
ExclusiveArch: %{rust_arches}
- rust-phf_codegen
ExclusiveArch: %{rust_arches}
- rust-phf_codegen0.7
ExclusiveArch: %{rust_arches}
- rust-phf_generator
ExclusiveArch: %{rust_arches}
- rust-phf_generator0.7
ExclusiveArch: %{rust_arches}
- rust-phf_generator0.8
ExclusiveArch: %{rust_arches}
- rust-phf_macros
ExclusiveArch: %{rust_arches}
- rust-phf_macros0.7
ExclusiveArch: %{rust_arches}
- rust-phf_macros0.8
ExclusiveArch: %{rust_arches}
- rust-phf_shared
ExclusiveArch: %{rust_arches}
- rust-phf_shared0.7
ExclusiveArch: %{rust_arches}
- rust-phf_shared0.8
ExclusiveArch: %{rust_arches}
- rust-picky-asn1
ExclusiveArch: %{rust_arches}
- rust-picky-asn1-der
ExclusiveArch: %{rust_arches}
- rust-picky-asn1-x509
ExclusiveArch: %{rust_arches}
- rust-pico-args
ExclusiveArch: %{rust_arches}
- rust-pid
ExclusiveArch: %{rust_arches}
- rust-pin-project
ExclusiveArch: %{rust_arches}
- rust-pin-project-internal
ExclusiveArch: %{rust_arches}
- rust-pin-project-internal0.4
ExclusiveArch: %{rust_arches}
- rust-pin-project-lite
ExclusiveArch: %{rust_arches}
- rust-pin-project-lite0.1
ExclusiveArch: %{rust_arches}
- rust-pin-project0.4
ExclusiveArch: %{rust_arches}
- rust-pin-utils
ExclusiveArch: %{rust_arches}
- rust-pipe
ExclusiveArch: %{rust_arches}
- rust-piper
ExclusiveArch: %{rust_arches}
- rust-pipewire
ExclusiveArch: %{rust_arches}
- rust-pipewire-sys
ExclusiveArch: %{rust_arches}
- rust-piston-float
ExclusiveArch: %{rust_arches}
- rust-pkcs1
ExclusiveArch: %{rust_arches}
- rust-pkcs11
ExclusiveArch: %{rust_arches}
- rust-pkcs5
ExclusiveArch: %{rust_arches}
- rust-pkcs8
ExclusiveArch: %{rust_arches}
- rust-pkg-config
ExclusiveArch: %{rust_arches}
- rust-plain
ExclusiveArch: %{rust_arches}
- rust-pleaser
ExclusiveArch: %{rust_arches}
- rust-plist
ExclusiveArch: %{rust_arches}
- rust-plotlib
ExclusiveArch: %{rust_arches}
- rust-plotters
ExclusiveArch: %{rust_arches}
- rust-plotters-backend
ExclusiveArch: %{rust_arches}
- rust-plotters-bitmap
ExclusiveArch: %{rust_arches}
- rust-plotters-svg
ExclusiveArch: %{rust_arches}
- rust-plugin
ExclusiveArch: %{rust_arches}
- rust-pnet_base
ExclusiveArch: %{rust_arches}
- rust-pnet_datalink
ExclusiveArch: %{rust_arches}
- rust-pnet_sys
ExclusiveArch: %{rust_arches}
- rust-png
ExclusiveArch: %{rust_arches}
- rust-png0.16
ExclusiveArch: %{rust_arches}
- rust-podio
ExclusiveArch: %{rust_arches}
- rust-polling
ExclusiveArch: %{rust_arches}
- rust-polyval
ExclusiveArch: %{rust_arches}
- rust-pom
ExclusiveArch: %{rust_arches}
- rust-pommes
ExclusiveArch: %{rust_arches}
- rust-ppv-lite86
ExclusiveArch: %{rust_arches}
- rust-pq-sys
ExclusiveArch: %{rust_arches}
- rust-precomputed-hash
ExclusiveArch: %{rust_arches}
- rust-predicates
ExclusiveArch: %{rust_arches}
- rust-predicates-core
ExclusiveArch: %{rust_arches}
- rust-predicates-tree
ExclusiveArch: %{rust_arches}
- rust-predicates1
ExclusiveArch: %{rust_arches}
- rust-pretty
ExclusiveArch: %{rust_arches}
- rust-pretty-git-prompt
ExclusiveArch: %{rust_arches}
- rust-pretty-hex
ExclusiveArch: %{rust_arches}
- rust-pretty_assertions
ExclusiveArch: %{rust_arches}
- rust-pretty_assertions0.6
ExclusiveArch: %{rust_arches}
- rust-pretty_assertions0.7
ExclusiveArch: %{rust_arches}
- rust-pretty_env_logger
ExclusiveArch: %{rust_arches}
- rust-prettytable-rs
ExclusiveArch: %{rust_arches}
- rust-proc-macro-crate
ExclusiveArch: %{rust_arches}
- rust-proc-macro-crate0.1
ExclusiveArch: %{rust_arches}
- rust-proc-macro-error
ExclusiveArch: %{rust_arches}
- rust-proc-macro-error-attr
ExclusiveArch: %{rust_arches}
- rust-proc-macro-hack
ExclusiveArch: %{rust_arches}
- rust-proc-macro2
ExclusiveArch: %{rust_arches}
- rust-proc-macro2-0.4
ExclusiveArch: %{rust_arches}
- rust-proc-maps
ExclusiveArch: %{rust_arches}
- rust-proc-mounts
ExclusiveArch: %{rust_arches}
- rust-proc-quote-impl
ExclusiveArch: %{rust_arches}
- rust-procedural-masquerade
ExclusiveArch: %{rust_arches}
- rust-process_control
ExclusiveArch: %{rust_arches}
- rust-process_path
ExclusiveArch: %{rust_arches}
- rust-procfs
ExclusiveArch: %{rust_arches}
- rust-procs
ExclusiveArch: %{rust_arches}
- rust-progress-streams
ExclusiveArch: %{rust_arches}
- rust-prometheus
ExclusiveArch: %{rust_arches}
- rust-proptest
ExclusiveArch: %{rust_arches}
- rust-proptest-derive
ExclusiveArch: %{rust_arches}
- rust-proptest0.10
ExclusiveArch: %{rust_arches}
- rust-prost
ExclusiveArch: %{rust_arches}
- rust-prost-build
ExclusiveArch: %{rust_arches}
- rust-prost-derive
ExclusiveArch: %{rust_arches}
- rust-prost-types
ExclusiveArch: %{rust_arches}
- rust-protobuf
ExclusiveArch: %{rust_arches}
- rust-protobuf-codegen
ExclusiveArch: %{rust_arches}
- rust-protobuf-codegen-pure
ExclusiveArch: %{rust_arches}
- rust-protoc
ExclusiveArch: %{rust_arches}
- rust-protoc-rust
ExclusiveArch: %{rust_arches}
- rust-psa-crypto
ExclusiveArch: %{rust_arches}
- rust-psa-crypto-sys
ExclusiveArch: %{rust_arches}
- rust-psl-types
ExclusiveArch: %{rust_arches}
- rust-psm
ExclusiveArch: %{rust_arches}
- rust-ptr_meta
ExclusiveArch: %{rust_arches}
- rust-ptr_meta_derive
ExclusiveArch: %{rust_arches}
- rust-publicsuffix
ExclusiveArch: %{rust_arches}
- rust-publicsuffix1
ExclusiveArch: %{rust_arches}
- rust-pulldown-cmark
ExclusiveArch: %{rust_arches}
- rust-pulse
ExclusiveArch: %{rust_arches}
- rust-pure-rust-locales
ExclusiveArch: %{rust_arches}
- rust-pyo3
ExclusiveArch: %{rust_arches}
- rust-pyo3-build-config
ExclusiveArch: %{rust_arches}
- rust-pyo3-macros
ExclusiveArch: %{rust_arches}
- rust-pyo3-macros-backend
ExclusiveArch: %{rust_arches}
- rust-python-launcher
ExclusiveArch: %{rust_arches}
- rust-python3-sys
ExclusiveArch: %{rust_arches}
- rust-qr2term
ExclusiveArch: %{rust_arches}
- rust-qrcode
ExclusiveArch: %{rust_arches}
- rust-qstring
ExclusiveArch: %{rust_arches}
- rust-quantiles
ExclusiveArch: %{rust_arches}
- rust-quick-error
ExclusiveArch: %{rust_arches}
- rust-quick-error1
ExclusiveArch: %{rust_arches}
- rust-quick-xml
ExclusiveArch: %{rust_arches}
- rust-quick-xml0.20
ExclusiveArch: %{rust_arches}
- rust-quickcheck
ExclusiveArch: %{rust_arches}
- rust-quickcheck0.6
ExclusiveArch: %{rust_arches}
- rust-quickcheck0.9
ExclusiveArch: %{rust_arches}
- rust-quickcheck_macros
ExclusiveArch: %{rust_arches}
- rust-quickersort
ExclusiveArch: %{rust_arches}
- rust-quicli
ExclusiveArch: %{rust_arches}
- rust-quote
ExclusiveArch: %{rust_arches}
- rust-quote0.3
ExclusiveArch: %{rust_arches}
- rust-quote0.6
ExclusiveArch: %{rust_arches}
- rust-quoted_printable
ExclusiveArch: %{rust_arches}
- rust-r2d2
ExclusiveArch: %{rust_arches}
- rust-radium
ExclusiveArch: %{rust_arches}
- rust-radix_trie
ExclusiveArch: %{rust_arches}
- rust-rand
ExclusiveArch: %{rust_arches}
- rust-rand0.4
ExclusiveArch: %{rust_arches}
- rust-rand0.5
ExclusiveArch: %{rust_arches}
- rust-rand0.6
ExclusiveArch: %{rust_arches}
- rust-rand0.7
ExclusiveArch: %{rust_arches}
- rust-rand_chacha
ExclusiveArch: %{rust_arches}
- rust-rand_chacha0.1
ExclusiveArch: %{rust_arches}
- rust-rand_chacha0.2
ExclusiveArch: %{rust_arches}
- rust-rand_core
ExclusiveArch: %{rust_arches}
- rust-rand_core0.3
ExclusiveArch: %{rust_arches}
- rust-rand_core0.4
ExclusiveArch: %{rust_arches}
- rust-rand_core0.5
ExclusiveArch: %{rust_arches}
- rust-rand_distr
ExclusiveArch: %{rust_arches}
- rust-rand_hc
ExclusiveArch: %{rust_arches}
- rust-rand_hc0.1
ExclusiveArch: %{rust_arches}
- rust-rand_isaac
ExclusiveArch: %{rust_arches}
- rust-rand_isaac0.1
ExclusiveArch: %{rust_arches}
- rust-rand_jitter
ExclusiveArch: %{rust_arches}
- rust-rand_jitter0.1
ExclusiveArch: %{rust_arches}
- rust-rand_os
ExclusiveArch: %{rust_arches}
- rust-rand_os0.1
ExclusiveArch: %{rust_arches}
- rust-rand_pcg
ExclusiveArch: %{rust_arches}
- rust-rand_pcg0.1
ExclusiveArch: %{rust_arches}
- rust-rand_pcg0.2
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift0.1
ExclusiveArch: %{rust_arches}
- rust-rand_xorshift0.2
ExclusiveArch: %{rust_arches}
- rust-rand_xoshiro
ExclusiveArch: %{rust_arches}
- rust-random
ExclusiveArch: %{rust_arches}
- rust-random-fast-rng
ExclusiveArch: %{rust_arches}
- rust-random-trait
ExclusiveArch: %{rust_arches}
- rust-randomize
ExclusiveArch: %{rust_arches}
- rust-rav1e
ExclusiveArch: %{rust_arches}
- rust-raw-window-handle
ExclusiveArch: %{rust_arches}
- rust-rawpointer
ExclusiveArch: %{rust_arches}
- rust-rawslice
ExclusiveArch: %{rust_arches}
- rust-rayon
ExclusiveArch: %{rust_arches}
- rust-rayon-core
ExclusiveArch: %{rust_arches}
- rust-rbspy
ExclusiveArch: %{rust_arches}
- rust-rbspy-ruby-structs
ExclusiveArch: %{rust_arches}
- rust-rbspy-testdata
ExclusiveArch: %{rust_arches}
- rust-rd-agent
ExclusiveArch: %{rust_arches}
- rust-rd-agent-intf
ExclusiveArch: %{rust_arches}
- rust-rd-hashd
ExclusiveArch: %{rust_arches}
- rust-rd-hashd-intf
ExclusiveArch: %{rust_arches}
- rust-rd-util
ExclusiveArch: %{rust_arches}
- rust-read-process-memory
ExclusiveArch: %{rust_arches}
- rust-read_input
ExclusiveArch: %{rust_arches}
- rust-readability-fork
ExclusiveArch: %{rust_arches}
- rust-readwrite
ExclusiveArch: %{rust_arches}
- rust-recycler
ExclusiveArch: %{rust_arches}
- rust-ref-cast
ExclusiveArch: %{rust_arches}
- rust-ref-cast-impl
ExclusiveArch: %{rust_arches}
- rust-regalloc
ExclusiveArch: %{rust_arches}
- rust-regex
ExclusiveArch: %{rust_arches}
- rust-regex-automata
ExclusiveArch: %{rust_arches}
- rust-regex-syntax
ExclusiveArch: %{rust_arches}
- rust-region
ExclusiveArch: %{rust_arches}
- rust-relative-path
ExclusiveArch: %{rust_arches}
- rust-relay
ExclusiveArch: %{rust_arches}
- rust-remoteprocess
ExclusiveArch: %{rust_arches}
- rust-remove_dir_all
ExclusiveArch: %{rust_arches}
- rust-rend
ExclusiveArch: %{rust_arches}
- rust-reqwest
ExclusiveArch: %{rust_arches}
- rust-reqwest0.10
ExclusiveArch: %{rust_arches}
- rust-resctl-bench
ExclusiveArch: %{rust_arches}
- rust-resctl-bench-intf
ExclusiveArch: %{rust_arches}
- rust-resctl-demo
ExclusiveArch: %{rust_arches}
- rust-resize
ExclusiveArch: %{rust_arches}
- rust-resolv-conf
ExclusiveArch: %{rust_arches}
- rust-restson
ExclusiveArch: %{rust_arches}
- rust-retry
ExclusiveArch: %{rust_arches}
- rust-rgb
ExclusiveArch: %{rust_arches}
- rust-ring
ExclusiveArch: %{rust_arches}
- rust-ripgrep
ExclusiveArch: %{rust_arches}
- rust-rkyv
ExclusiveArch: %{rust_arches}
- rust-rkyv_derive
ExclusiveArch: %{rust_arches}
- rust-rle-decode-fast
ExclusiveArch: %{rust_arches}
- rust-rmp
ExclusiveArch: %{rust_arches}
- rust-rmp-serde
ExclusiveArch: %{rust_arches}
- rust-roff
ExclusiveArch: %{rust_arches}
- rust-ron
ExclusiveArch: %{rust_arches}
- rust-roxmltree
ExclusiveArch: %{rust_arches}
- rust-rpassword
ExclusiveArch: %{rust_arches}
- rust-rpick
ExclusiveArch: %{rust_arches}
- rust-rsa
ExclusiveArch: %{rust_arches}
- rust-rspec
ExclusiveArch: %{rust_arches}
- rust-rtnetlink
ExclusiveArch: %{rust_arches}
- rust-rusqlite
ExclusiveArch: %{rust_arches}
- rust-rust-embed
ExclusiveArch: %{rust_arches}
- rust-rust-embed-impl
ExclusiveArch: %{rust_arches}
- rust-rust-embed-utils
ExclusiveArch: %{rust_arches}
- rust-rust-ini
ExclusiveArch: %{rust_arches}
- rust-rust-stemmers
ExclusiveArch: %{rust_arches}
- rust-rust_decimal
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_normal_macro
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_proc_macro
ExclusiveArch: %{rust_arches}
- rust-rust_hawktracer_sys
ExclusiveArch: %{rust_arches}
- rust-rustbus
ExclusiveArch: %{rust_arches}
- rust-rustbus_derive
ExclusiveArch: %{rust_arches}
- rust-rustc-demangle
ExclusiveArch: %{rust_arches}
- rust-rustc-hash
ExclusiveArch: %{rust_arches}
- rust-rustc-serialize
ExclusiveArch: %{rust_arches}
- rust-rustc-test
ExclusiveArch: %{rust_arches}
- rust-rustc_tools_util
ExclusiveArch: %{rust_arches}
- rust-rustc_version
ExclusiveArch: %{rust_arches}
- rust-rustc_version0.3
ExclusiveArch: %{rust_arches}
- rust-rustcat
ExclusiveArch: %{rust_arches}
- rust-rustdoc-stripper
ExclusiveArch: %{rust_arches}
- rust-rustfilt
ExclusiveArch: %{rust_arches}
- rust-rustfix
ExclusiveArch: %{rust_arches}
- rust-rustio
ExclusiveArch: %{rust_arches}
- rust-rustix
ExclusiveArch: %{rust_arches}
- rust-rustls
ExclusiveArch: %{rust_arches}
- rust-rustls-native-certs
ExclusiveArch: %{rust_arches}
- rust-rustls-pemfile
ExclusiveArch: %{rust_arches}
- rust-rustversion
ExclusiveArch: %{rust_arches}
- rust-rusty-fork
ExclusiveArch: %{rust_arches}
- rust-rustyline
ExclusiveArch: %{rust_arches}
- rust-rustyline-derive
ExclusiveArch: %{rust_arches}
- rust-ryu
ExclusiveArch: %{rust_arches}
- rust-safe-transmute
ExclusiveArch: %{rust_arches}
- rust-safe_arch
ExclusiveArch: %{rust_arches}
- rust-safemem
ExclusiveArch: %{rust_arches}
- rust-salsa20
ExclusiveArch: %{rust_arches}
- rust-same-file
ExclusiveArch: %{rust_arches}
- rust-sass-rs
ExclusiveArch: %{rust_arches}
- rust-sass-sys
ExclusiveArch: %{rust_arches}
- rust-scan_fmt
ExclusiveArch: %{rust_arches}
- rust-scheduled-thread-pool
ExclusiveArch: %{rust_arches}
- rust-scoped-tls
ExclusiveArch: %{rust_arches}
- rust-scoped-tls-hkt
ExclusiveArch: %{rust_arches}
- rust-scoped_threadpool
ExclusiveArch: %{rust_arches}
- rust-scopeguard
ExclusiveArch: %{rust_arches}
- rust-scopetime
ExclusiveArch: %{rust_arches}
- rust-scratch
ExclusiveArch: %{rust_arches}
- rust-scroll
ExclusiveArch: %{rust_arches}
- rust-scroll_derive
ExclusiveArch: %{rust_arches}
- rust-scrypt
ExclusiveArch: %{rust_arches}
- rust-sct
ExclusiveArch: %{rust_arches}
- rust-sd
ExclusiveArch: %{rust_arches}
- rust-sd-notify
ExclusiveArch: %{rust_arches}
- rust-seahash
ExclusiveArch: %{rust_arches}
- rust-seahash3
ExclusiveArch: %{rust_arches}
- rust-secrecy
ExclusiveArch: %{rust_arches}
- rust-secret-service
ExclusiveArch: %{rust_arches}
- rust-self_cell
ExclusiveArch: %{rust_arches}
- rust-semver
ExclusiveArch: %{rust_arches}
- rust-semver-parser
ExclusiveArch: %{rust_arches}
- rust-semver-parser0.9
ExclusiveArch: %{rust_arches}
- rust-semver0.11
ExclusiveArch: %{rust_arches}
- rust-sequoia-autocrypt
ExclusiveArch: %{rust_arches}
- rust-sequoia-ipc
ExclusiveArch: %{rust_arches}
- rust-sequoia-keyring-linter
ExclusiveArch: %{rust_arches}
- rust-sequoia-net
ExclusiveArch: %{rust_arches}
- rust-sequoia-octopus-librnp
ExclusiveArch: %{rust_arches}
- rust-sequoia-openpgp
ExclusiveArch: %{rust_arches}
- rust-sequoia-openpgp-mt
ExclusiveArch: %{rust_arches}
- rust-sequoia-sop
ExclusiveArch: %{rust_arches}
- rust-sequoia-sq
ExclusiveArch: %{rust_arches}
- rust-sequoia-sqv
ExclusiveArch: %{rust_arches}
- rust-serde
ExclusiveArch: %{rust_arches}
- rust-serde-big-array
ExclusiveArch: %{rust_arches}
- rust-serde-pickle
ExclusiveArch: %{rust_arches}
- rust-serde-value
ExclusiveArch: %{rust_arches}
- rust-serde-xml-rs
ExclusiveArch: %{rust_arches}
- rust-serde_bser
ExclusiveArch: %{rust_arches}
- rust-serde_bytes
ExclusiveArch: %{rust_arches}
- rust-serde_cbor
ExclusiveArch: %{rust_arches}
- rust-serde_derive
ExclusiveArch: %{rust_arches}
- rust-serde_fmt
ExclusiveArch: %{rust_arches}
- rust-serde_ignored
ExclusiveArch: %{rust_arches}
- rust-serde_json
ExclusiveArch: %{rust_arches}
- rust-serde_repr
ExclusiveArch: %{rust_arches}
- rust-serde_stacker
ExclusiveArch: %{rust_arches}
- rust-serde_test
ExclusiveArch: %{rust_arches}
- rust-serde_url_params
ExclusiveArch: %{rust_arches}
- rust-serde_urlencoded
ExclusiveArch: %{rust_arches}
- rust-serde_urlencoded0.6
ExclusiveArch: %{rust_arches}
- rust-serde_with
ExclusiveArch: %{rust_arches}
- rust-serde_with_macros
ExclusiveArch: %{rust_arches}
- rust-serde_yaml
ExclusiveArch: %{rust_arches}
- rust-serial-core
ExclusiveArch: %{rust_arches}
- rust-serial_test
ExclusiveArch: %{rust_arches}
- rust-serial_test0.5
ExclusiveArch: %{rust_arches}
- rust-serial_test_derive
ExclusiveArch: %{rust_arches}
- rust-serial_test_derive0.5
ExclusiveArch: %{rust_arches}
- rust-servo-fontconfig
ExclusiveArch: %{rust_arches}
- rust-servo-fontconfig-sys
ExclusiveArch: %{rust_arches}
- rust-sev
ExclusiveArch: %{rust_arches}
- rust-sevctl
ExclusiveArch: x86_64
- rust-sha-1
ExclusiveArch: %{rust_arches}
- rust-sha-1_0.9
ExclusiveArch: %{rust_arches}
- rust-sha1
ExclusiveArch: %{rust_arches}
- rust-sha1_0.6
ExclusiveArch: %{rust_arches}
- rust-sha1_smol
ExclusiveArch: %{rust_arches}
- rust-sha1collisiondetection
ExclusiveArch: %{rust_arches}
- rust-sha2
ExclusiveArch: %{rust_arches}
- rust-sha2_0.9
ExclusiveArch: %{rust_arches}
- rust-sha3
ExclusiveArch: %{rust_arches}
- rust-sha3_0.9
ExclusiveArch: %{rust_arches}
- rust-shadow-rs
ExclusiveArch: %{rust_arches}
- rust-shared_child
ExclusiveArch: %{rust_arches}
- rust-shared_library
ExclusiveArch: %{rust_arches}
- rust-shell-escape
ExclusiveArch: %{rust_arches}
- rust-shell-words
ExclusiveArch: %{rust_arches}
- rust-shellexpand
ExclusiveArch: %{rust_arches}
- rust-shellwords
ExclusiveArch: %{rust_arches}
- rust-shlex
ExclusiveArch: %{rust_arches}
- rust-signal
ExclusiveArch: %{rust_arches}
- rust-signal-hook
ExclusiveArch: %{rust_arches}
- rust-signal-hook-mio
ExclusiveArch: %{rust_arches}
- rust-signal-hook-registry
ExclusiveArch: %{rust_arches}
- rust-signal-hook0.1
ExclusiveArch: %{rust_arches}
- rust-silver
ExclusiveArch: %{rust_arches}
- rust-simba
ExclusiveArch: %{rust_arches}
- rust-simd_helpers
ExclusiveArch: %{rust_arches}
- rust-simdutf8
ExclusiveArch: %{rust_arches}
- rust-similar
ExclusiveArch: %{rust_arches}
- rust-similar-asserts
ExclusiveArch: %{rust_arches}
- rust-simple-error
ExclusiveArch: %{rust_arches}
- rust-simple_asn1
ExclusiveArch: %{rust_arches}
- rust-simple_logger
ExclusiveArch: %{rust_arches}
- rust-simplelog
ExclusiveArch: %{rust_arches}
- rust-siphasher
ExclusiveArch: %{rust_arches}
- rust-size
ExclusiveArch: %{rust_arches}
- rust-sized-chunks
ExclusiveArch: %{rust_arches}
- rust-skeptic
ExclusiveArch: %{rust_arches}
- rust-skim
ExclusiveArch: %{rust_arches}
- rust-slab
ExclusiveArch: %{rust_arches}
- rust-slice-deque
ExclusiveArch: %{rust_arches}
- rust-slog
ExclusiveArch: %{rust_arches}
- rust-slog-async
ExclusiveArch: %{rust_arches}
- rust-slog-scope
ExclusiveArch: %{rust_arches}
- rust-slog-term
ExclusiveArch: %{rust_arches}
- rust-slotmap
ExclusiveArch: %{rust_arches}
- rust-slug
ExclusiveArch: %{rust_arches}
- rust-sluice
ExclusiveArch: %{rust_arches}
- rust-smallbitvec
ExclusiveArch: %{rust_arches}
- rust-smallstr
ExclusiveArch: %{rust_arches}
- rust-smallvec
ExclusiveArch: %{rust_arches}
- rust-smart-default
ExclusiveArch: %{rust_arches}
- rust-smawk
ExclusiveArch: %{rust_arches}
- rust-smithay-client-toolkit
ExclusiveArch: %{rust_arches}
- rust-smithay-clipboard
ExclusiveArch: %{rust_arches}
- rust-smol_str
ExclusiveArch: %{rust_arches}
- rust-snafu
ExclusiveArch: %{rust_arches}
- rust-snafu-derive
ExclusiveArch: %{rust_arches}
- rust-snake_case
ExclusiveArch: %{rust_arches}
- rust-socket2
ExclusiveArch: %{rust_arches}
- rust-socket2_0.3
ExclusiveArch: %{rust_arches}
- rust-sop
ExclusiveArch: %{rust_arches}
- rust-spin
ExclusiveArch: %{rust_arches}
- rust-spin0.5
ExclusiveArch: %{rust_arches}
- rust-spin_on
ExclusiveArch: %{rust_arches}
- rust-spinning_top
ExclusiveArch: %{rust_arches}
- rust-spki
ExclusiveArch: %{rust_arches}
- rust-spmc
ExclusiveArch: %{rust_arches}
- rust-ssh-key-dir
ExclusiveArch: %{rust_arches}
- rust-stable_deref_trait
ExclusiveArch: %{rust_arches}
- rust-stacker
ExclusiveArch: %{rust_arches}
- rust-standback
ExclusiveArch: %{rust_arches}
- rust-starship
ExclusiveArch: %{rust_arches}
- rust-starship-battery
ExclusiveArch: %{rust_arches}
- rust-starship_module_config_derive
ExclusiveArch: %{rust_arches}
- rust-static_assertions
ExclusiveArch: %{rust_arches}
- rust-statistical
ExclusiveArch: %{rust_arches}
- rust-statrs
ExclusiveArch: %{rust_arches}
- rust-stb_truetype
ExclusiveArch: %{rust_arches}
- rust-stderrlog
ExclusiveArch: %{rust_arches}
- rust-str_stack
ExclusiveArch: %{rust_arches}
- rust-stratisd_proc_macros
ExclusiveArch: %{rust_arches}
- rust-streaming-stats
ExclusiveArch: %{rust_arches}
- rust-streebog
ExclusiveArch: %{rust_arches}
- rust-streebog0.9
ExclusiveArch: %{rust_arches}
- rust-strict
ExclusiveArch: %{rust_arches}
- rust-string
ExclusiveArch: %{rust_arches}
- rust-string_cache
ExclusiveArch: %{rust_arches}
- rust-string_cache_codegen
ExclusiveArch: %{rust_arches}
- rust-string_cache_shared
ExclusiveArch: %{rust_arches}
- rust-strings
ExclusiveArch: %{rust_arches}
- rust-strip-ansi-escapes
ExclusiveArch: %{rust_arches}
- rust-strong-xml
ExclusiveArch: %{rust_arches}
- rust-strong-xml-derive
ExclusiveArch: %{rust_arches}
- rust-strsim
ExclusiveArch: %{rust_arches}
- rust-structopt
ExclusiveArch: %{rust_arches}
- rust-structopt-derive
ExclusiveArch: %{rust_arches}
- rust-structopt-derive0.2
ExclusiveArch: %{rust_arches}
- rust-structopt0.2
ExclusiveArch: %{rust_arches}
- rust-strum
ExclusiveArch: %{rust_arches}
- rust-strum_macros
ExclusiveArch: %{rust_arches}
- rust-subprocess
ExclusiveArch: %{rust_arches}
- rust-subtle
ExclusiveArch: %{rust_arches}
- rust-sudo_plugin
ExclusiveArch: %{rust_arches}
- rust-sudo_plugin-sys
ExclusiveArch: %{rust_arches}
- rust-supports-color
ExclusiveArch: %{rust_arches}
- rust-supports-hyperlinks
ExclusiveArch: %{rust_arches}
- rust-supports-unicode
ExclusiveArch: %{rust_arches}
- rust-sval
ExclusiveArch: %{rust_arches}
- rust-sval_derive
ExclusiveArch: %{rust_arches}
- rust-sval_json
ExclusiveArch: %{rust_arches}
- rust-svg
ExclusiveArch: %{rust_arches}
- rust-svg_metadata
ExclusiveArch: %{rust_arches}
- rust-svgtypes
ExclusiveArch: %{rust_arches}
- rust-sxd-document
ExclusiveArch: %{rust_arches}
- rust-syn
ExclusiveArch: %{rust_arches}
- rust-syn0.15
ExclusiveArch: %{rust_arches}
- rust-synom
ExclusiveArch: %{rust_arches}
- rust-synstructure
ExclusiveArch: %{rust_arches}
- rust-syntect
ExclusiveArch: %{rust_arches}
- rust-sys-info
ExclusiveArch: %{rust_arches}
- rust-sys-locale
ExclusiveArch: %{rust_arches}
- rust-sysctl
ExclusiveArch: %{rust_arches}
- rust-sysinfo
ExclusiveArch: %{rust_arches}
- rust-syslog
ExclusiveArch: %{rust_arches}
- rust-system-deps
ExclusiveArch: %{rust_arches}
- rust-system-interface
ExclusiveArch: %{rust_arches}
- rust-system76_ectool
ExclusiveArch: %{rust_arches}
- rust-tabular
ExclusiveArch: %{rust_arches}
- rust-tabwriter
ExclusiveArch: %{rust_arches}
- rust-take
ExclusiveArch: %{rust_arches}
- rust-take_mut
ExclusiveArch: %{rust_arches}
- rust-tap
ExclusiveArch: %{rust_arches}
- rust-tar
ExclusiveArch: %{rust_arches}
- rust-target
ExclusiveArch: %{rust_arches}
- rust-target-lexicon
ExclusiveArch: %{rust_arches}
- rust-tealdeer
ExclusiveArch: %{rust_arches}
- rust-teloxide
ExclusiveArch: %{rust_arches}
- rust-teloxide-macros
ExclusiveArch: %{rust_arches}
- rust-tempdir
ExclusiveArch: %{rust_arches}
- rust-tempfile
ExclusiveArch: %{rust_arches}
- rust-temporary
ExclusiveArch: %{rust_arches}
- rust-temptree
ExclusiveArch: %{rust_arches}
- rust-tendril
ExclusiveArch: %{rust_arches}
- rust-tera
ExclusiveArch: %{rust_arches}
- rust-term
ExclusiveArch: %{rust_arches}
- rust-term0.6
ExclusiveArch: %{rust_arches}
- rust-term_grid
ExclusiveArch: %{rust_arches}
- rust-term_size
ExclusiveArch: %{rust_arches}
- rust-termbg
ExclusiveArch: %{rust_arches}
- rust-termcolor
ExclusiveArch: %{rust_arches}
- rust-terminal_size
ExclusiveArch: %{rust_arches}
- rust-terminfo
ExclusiveArch: %{rust_arches}
- rust-termion
ExclusiveArch: %{rust_arches}
- rust-termios
ExclusiveArch: %{rust_arches}
- rust-termwiz
ExclusiveArch: %{rust_arches}
- rust-test-assembler
ExclusiveArch: %{rust_arches}
- rust-test-case
ExclusiveArch: %{rust_arches}
- rust-tester
ExclusiveArch: %{rust_arches}
- rust-testing_logger
ExclusiveArch: %{rust_arches}
- rust-textwrap
ExclusiveArch: %{rust_arches}
- rust-textwrap0.11
ExclusiveArch: %{rust_arches}
- rust-textwrap0.14
ExclusiveArch: %{rust_arches}
- rust-thiserror
ExclusiveArch: %{rust_arches}
- rust-thiserror-impl
ExclusiveArch: %{rust_arches}
- rust-thread-id
ExclusiveArch: %{rust_arches}
- rust-thread-tree
ExclusiveArch: %{rust_arches}
- rust-thread_local
ExclusiveArch: %{rust_arches}
- rust-threadpool
ExclusiveArch: %{rust_arches}
- rust-tiff
ExclusiveArch: %{rust_arches}
- rust-tiger
ExclusiveArch: %{rust_arches}
- rust-tiger0.1
ExclusiveArch: %{rust_arches}
- rust-time
ExclusiveArch: %{rust_arches}
- rust-time-macros
ExclusiveArch: %{rust_arches}
- rust-time-macros-impl
ExclusiveArch: %{rust_arches}
- rust-time-macros0.1
ExclusiveArch: %{rust_arches}
- rust-time0.1
ExclusiveArch: %{rust_arches}
- rust-time0.2
ExclusiveArch: %{rust_arches}
- rust-timebomb
ExclusiveArch: %{rust_arches}
- rust-timer
ExclusiveArch: %{rust_arches}
- rust-timerfd
ExclusiveArch: %{rust_arches}
- rust-tiny-keccak
ExclusiveArch: %{rust_arches}
- rust-tiny_http
ExclusiveArch: %{rust_arches}
- rust-tiny_http0.6
ExclusiveArch: %{rust_arches}
- rust-tinystr
ExclusiveArch: %{rust_arches}
- rust-tinytemplate
ExclusiveArch: %{rust_arches}
- rust-tinyvec
ExclusiveArch: %{rust_arches}
- rust-tinyvec_macros
ExclusiveArch: %{rust_arches}
- rust-tokei
ExclusiveArch: %{rust_arches}
- rust-tokio
ExclusiveArch: %{rust_arches}
- rust-tokio-codec
ExclusiveArch: %{rust_arches}
- rust-tokio-core
ExclusiveArch: %{rust_arches}
- rust-tokio-current-thread
ExclusiveArch: %{rust_arches}
- rust-tokio-executor
ExclusiveArch: %{rust_arches}
- rust-tokio-fs
ExclusiveArch: %{rust_arches}
- rust-tokio-io
ExclusiveArch: %{rust_arches}
- rust-tokio-macros
ExclusiveArch: %{rust_arches}
- rust-tokio-macros0.2
ExclusiveArch: %{rust_arches}
- rust-tokio-mock-task
ExclusiveArch: %{rust_arches}
- rust-tokio-native-tls
ExclusiveArch: %{rust_arches}
- rust-tokio-openssl
ExclusiveArch: %{rust_arches}
- rust-tokio-openssl0.4
ExclusiveArch: %{rust_arches}
- rust-tokio-reactor
ExclusiveArch: %{rust_arches}
- rust-tokio-rustls
ExclusiveArch: %{rust_arches}
- rust-tokio-socks
ExclusiveArch: %{rust_arches}
- rust-tokio-socks0.3
ExclusiveArch: %{rust_arches}
- rust-tokio-stream
ExclusiveArch: %{rust_arches}
- rust-tokio-sync
ExclusiveArch: %{rust_arches}
- rust-tokio-tcp
ExclusiveArch: %{rust_arches}
- rust-tokio-test
ExclusiveArch: %{rust_arches}
- rust-tokio-threadpool
ExclusiveArch: %{rust_arches}
- rust-tokio-timer
ExclusiveArch: %{rust_arches}
- rust-tokio-tls
ExclusiveArch: %{rust_arches}
- rust-tokio-tls0.2
ExclusiveArch: %{rust_arches}
- rust-tokio-tungstenite
ExclusiveArch: %{rust_arches}
- rust-tokio-udp
ExclusiveArch: %{rust_arches}
- rust-tokio-uds
ExclusiveArch: %{rust_arches}
- rust-tokio-util
ExclusiveArch: %{rust_arches}
- rust-tokio-util0.3
ExclusiveArch: %{rust_arches}
- rust-tokio0.1
ExclusiveArch: %{rust_arches}
- rust-tokio0.2
ExclusiveArch: %{rust_arches}
- rust-toml
ExclusiveArch: %{rust_arches}
- rust-toml0.4
ExclusiveArch: %{rust_arches}
- rust-toml_edit
ExclusiveArch: %{rust_arches}
- rust-tower-layer
ExclusiveArch: %{rust_arches}
- rust-tower-service
ExclusiveArch: %{rust_arches}
- rust-tower-test
ExclusiveArch: %{rust_arches}
- rust-tower-util
ExclusiveArch: %{rust_arches}
- rust-tpm2-policy
ExclusiveArch: %{rust_arches}
- rust-tracing
ExclusiveArch: %{rust_arches}
- rust-tracing-attributes
ExclusiveArch: %{rust_arches}
- rust-tracing-core
ExclusiveArch: %{rust_arches}
- rust-tracing-futures
ExclusiveArch: %{rust_arches}
- rust-traitobject
ExclusiveArch: %{rust_arches}
- rust-trash
ExclusiveArch: %{rust_arches}
- rust-tree-sitter
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-cli
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-config
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-highlight
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-loader
ExclusiveArch: %{rust_arches}
- rust-tree-sitter-tags
ExclusiveArch: %{rust_arches}
- rust-treebitmap
ExclusiveArch: %{rust_arches}
- rust-treeline
ExclusiveArch: %{rust_arches}
- rust-trust-dns-https
ExclusiveArch: %{rust_arches}
- rust-trust-dns-native-tls
ExclusiveArch: %{rust_arches}
- rust-trust-dns-native-tls0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-openssl
ExclusiveArch: %{rust_arches}
- rust-trust-dns-openssl0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-proto
ExclusiveArch: %{rust_arches}
- rust-trust-dns-proto0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-resolver
ExclusiveArch: %{rust_arches}
- rust-trust-dns-resolver0.19
ExclusiveArch: %{rust_arches}
- rust-trust-dns-rustls
ExclusiveArch: %{rust_arches}
- rust-try-lock
ExclusiveArch: %{rust_arches}
- rust-trybuild
ExclusiveArch: %{rust_arches}
- rust-tss-esapi
ExclusiveArch: %{rust_arches}
- rust-tss-esapi-sys
ExclusiveArch: %{rust_arches}
- rust-ttf-parser
ExclusiveArch: %{rust_arches}
- rust-ttf-parser0.12
ExclusiveArch: %{rust_arches}
- rust-tui
ExclusiveArch: %{rust_arches}
- rust-tui-react
ExclusiveArch: %{rust_arches}
- rust-tui0.11
ExclusiveArch: %{rust_arches}
- rust-tui0.9
ExclusiveArch: %{rust_arches}
- rust-tuikit
ExclusiveArch: %{rust_arches}
- rust-tungstenite
ExclusiveArch: %{rust_arches}
- rust-twoway
ExclusiveArch: %{rust_arches}
- rust-twox-hash
ExclusiveArch: %{rust_arches}
- rust-type-map
ExclusiveArch: %{rust_arches}
- rust-typeable
ExclusiveArch: %{rust_arches}
- rust-typed-arena
ExclusiveArch: %{rust_arches}
- rust-typed-arena1
ExclusiveArch: %{rust_arches}
- rust-typemap
ExclusiveArch: %{rust_arches}
- rust-typenum
ExclusiveArch: %{rust_arches}
- rust-typetag
ExclusiveArch: %{rust_arches}
- rust-typetag-impl
ExclusiveArch: %{rust_arches}
- rust-tzfile
ExclusiveArch: %{rust_arches}
- rust-ucd-parse
ExclusiveArch: %{rust_arches}
- rust-ucd-trie
ExclusiveArch: %{rust_arches}
- rust-ucd-util
ExclusiveArch: %{rust_arches}
- rust-umask
ExclusiveArch: %{rust_arches}
- rust-uncased
ExclusiveArch: %{rust_arches}
- rust-unchecked-index
ExclusiveArch: %{rust_arches}
- rust-unescape
ExclusiveArch: %{rust_arches}
- rust-unic-char-property
ExclusiveArch: %{rust_arches}
- rust-unic-char-range
ExclusiveArch: %{rust_arches}
- rust-unic-common
ExclusiveArch: %{rust_arches}
- rust-unic-langid
ExclusiveArch: %{rust_arches}
- rust-unic-langid-impl
ExclusiveArch: %{rust_arches}
- rust-unic-langid-macros
ExclusiveArch: %{rust_arches}
- rust-unic-langid-macros-impl
ExclusiveArch: %{rust_arches}
- rust-unic-locale
ExclusiveArch: %{rust_arches}
- rust-unic-locale-impl
ExclusiveArch: %{rust_arches}
- rust-unic-locale-macros
ExclusiveArch: %{rust_arches}
- rust-unic-locale-macros-impl
ExclusiveArch: %{rust_arches}
- rust-unic-segment
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-category
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-common
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-segment
ExclusiveArch: %{rust_arches}
- rust-unic-ucd-version
ExclusiveArch: %{rust_arches}
- rust-unicase
ExclusiveArch: %{rust_arches}
- rust-unicase1
ExclusiveArch: %{rust_arches}
- rust-unicode-bidi
ExclusiveArch: %{rust_arches}
- rust-unicode-linebreak
ExclusiveArch: %{rust_arches}
- rust-unicode-normalization
ExclusiveArch: %{rust_arches}
- rust-unicode-segmentation
ExclusiveArch: %{rust_arches}
- rust-unicode-truncate
ExclusiveArch: %{rust_arches}
- rust-unicode-width
ExclusiveArch: %{rust_arches}
- rust-unicode-xid
ExclusiveArch: %{rust_arches}
- rust-unicode-xid0.1
ExclusiveArch: %{rust_arches}
- rust-unicode_categories
ExclusiveArch: %{rust_arches}
- rust-unindent
ExclusiveArch: %{rust_arches}
- rust-universal-hash
ExclusiveArch: %{rust_arches}
- rust-unix_socket
ExclusiveArch: %{rust_arches}
- rust-unreachable
ExclusiveArch: %{rust_arches}
- rust-unsafe-any
ExclusiveArch: %{rust_arches}
- rust-untrusted
ExclusiveArch: %{rust_arches}
- rust-uom
ExclusiveArch: %{rust_arches}
- rust-url
ExclusiveArch: %{rust_arches}
- rust-url1
ExclusiveArch: %{rust_arches}
- rust-url_serde
ExclusiveArch: %{rust_arches}
- rust-urlencoding
ExclusiveArch: %{rust_arches}
- rust-urlocator
ExclusiveArch: %{rust_arches}
- rust-urlshortener
ExclusiveArch: %{rust_arches}
- rust-userfaultfd
ExclusiveArch: %{rust_arches}
- rust-userfaultfd-sys
ExclusiveArch: %{rust_arches}
- rust-users
ExclusiveArch: %{rust_arches}
- rust-users0.10
ExclusiveArch: %{rust_arches}
- rust-utf-8
ExclusiveArch: %{rust_arches}
- rust-utf8-ranges
ExclusiveArch: %{rust_arches}
- rust-utf8-width
ExclusiveArch: %{rust_arches}
- rust-utf8parse
ExclusiveArch: %{rust_arches}
- rust-uuid
ExclusiveArch: %{rust_arches}
- rust-uuid0.7
ExclusiveArch: %{rust_arches}
- rust-v_frame
ExclusiveArch: %{rust_arches}
- rust-value-bag
ExclusiveArch: %{rust_arches}
- rust-varbincode
ExclusiveArch: %{rust_arches}
- rust-varlink
ExclusiveArch: %{rust_arches}
- rust-varlink-cli
ExclusiveArch: %{rust_arches}
- rust-varlink_generator
ExclusiveArch: %{rust_arches}
- rust-varlink_parser
ExclusiveArch: %{rust_arches}
- rust-varlink_stdinterfaces
ExclusiveArch: %{rust_arches}
- rust-vcpkg
ExclusiveArch: %{rust_arches}
- rust-vcsgraph
ExclusiveArch: %{rust_arches}
- rust-vec_map
ExclusiveArch: %{rust_arches}
- rust-vergen
ExclusiveArch: %{rust_arches}
- rust-vergen3
ExclusiveArch: %{rust_arches}
- rust-version
ExclusiveArch: %{rust_arches}
- rust-version-compare
ExclusiveArch: %{rust_arches}
- rust-version-sync
ExclusiveArch: %{rust_arches}
- rust-version-sync0.8
ExclusiveArch: %{rust_arches}
- rust-version_check
ExclusiveArch: %{rust_arches}
- rust-versions
ExclusiveArch: %{rust_arches}
- rust-vhost
ExclusiveArch: %{rust_arches}
- rust-virtio-bindings
ExclusiveArch: x86_64 aarch64 ppc64le
- rust-virtio-queue
ExclusiveArch: x86_64 aarch64 s390x
- rust-vm-memory
ExclusiveArch: x86_64 aarch64 ppc64le
- rust-vmm-sys-util
ExclusiveArch: x86_64 aarch64 ppc64le
- rust-vmw_backdoor
ExclusiveArch: %{rust_arches}
- rust-void
ExclusiveArch: %{rust_arches}
- rust-vsprintf
ExclusiveArch: %{rust_arches}
- rust-vte
ExclusiveArch: %{rust_arches}
- rust-vte_generate_state_changes
ExclusiveArch: %{rust_arches}
- rust-vtparse
ExclusiveArch: %{rust_arches}
- rust-wait-timeout
ExclusiveArch: %{rust_arches}
- rust-waker-fn
ExclusiveArch: %{rust_arches}
- rust-walkdir
ExclusiveArch: %{rust_arches}
- rust-want
ExclusiveArch: %{rust_arches}
- rust-warp
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-backend
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-futures
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-macro
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-macro-support
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-shared
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-test
ExclusiveArch: %{rust_arches}
- rust-wasm-bindgen-test-macro
ExclusiveArch: %{rust_arches}
- rust-wasmer_enumset
ExclusiveArch: %{rust_arches}
- rust-wasmer_enumset_derive
ExclusiveArch: %{rust_arches}
- rust-wasmparser
ExclusiveArch: %{rust_arches}
- rust-wasmtime
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-cache
ExclusiveArch: %{rust_arches}
- rust-wasmtime-cranelift
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-environ
ExclusiveArch: %{rust_arches}
- rust-wasmtime-fiber
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-jit
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-jit-debug
ExclusiveArch: %{rust_arches}
- rust-wasmtime-runtime
ExclusiveArch: x86_64 aarch64 s390x
- rust-wasmtime-types
ExclusiveArch: %{rust_arches}
- rust-wasmtime-wast
ExclusiveArch: x86_64 aarch64 s390x
- rust-wast
ExclusiveArch: %{rust_arches}
- rust-wat
ExclusiveArch: %{rust_arches}
- rust-watchman_client
ExclusiveArch: %{rust_arches}
- rust-wayland-client
ExclusiveArch: %{rust_arches}
- rust-wayland-commons
ExclusiveArch: %{rust_arches}
- rust-wayland-cursor
ExclusiveArch: %{rust_arches}
- rust-wayland-egl
ExclusiveArch: %{rust_arches}
- rust-wayland-protocols
ExclusiveArch: %{rust_arches}
- rust-wayland-scanner
ExclusiveArch: %{rust_arches}
- rust-wayland-server
ExclusiveArch: %{rust_arches}
- rust-wayland-sys
ExclusiveArch: %{rust_arches}
- rust-web-sys
ExclusiveArch: %{rust_arches}
- rust-webbrowser
ExclusiveArch: %{rust_arches}
- rust-webpki
ExclusiveArch: %{rust_arches}
- rust-webpki-roots
ExclusiveArch: %{rust_arches}
- rust-websocket
ExclusiveArch: %{rust_arches}
- rust-websocket-base
ExclusiveArch: %{rust_arches}
- rust-weezl
ExclusiveArch: %{rust_arches}
- rust-which
ExclusiveArch: %{rust_arches}
- rust-wide
ExclusiveArch: %{rust_arches}
- rust-wiggle
ExclusiveArch: x86_64 aarch64 s390x
- rust-wiggle-generate
ExclusiveArch: %{rust_arches}
- rust-wiggle-macro
ExclusiveArch: %{rust_arches}
- rust-wild
ExclusiveArch: %{rust_arches}
- rust-wildmatch
ExclusiveArch: %{rust_arches}
- rust-winit
ExclusiveArch: %{rust_arches}
- rust-witx
ExclusiveArch: %{rust_arches}
- rust-ws
ExclusiveArch: %{rust_arches}
- rust-wyz
ExclusiveArch: %{rust_arches}
- rust-x11
ExclusiveArch: %{rust_arches}
- rust-x11-clipboard
ExclusiveArch: %{rust_arches}
- rust-x11-dl
ExclusiveArch: %{rust_arches}
- rust-xattr
ExclusiveArch: %{rust_arches}
- rust-xcb
ExclusiveArch: %{rust_arches}
- rust-xcursor
ExclusiveArch: %{rust_arches}
- rust-xdg
ExclusiveArch: %{rust_arches}
- rust-xi-unicode
ExclusiveArch: %{rust_arches}
- rust-xkbcommon
ExclusiveArch: %{rust_arches}
- rust-xml-rs
ExclusiveArch: %{rust_arches}
- rust-xml5ever
ExclusiveArch: %{rust_arches}
- rust-xmlparser
ExclusiveArch: %{rust_arches}
- rust-xmlwriter
ExclusiveArch: %{rust_arches}
- rust-xz2
ExclusiveArch: %{rust_arches}
- rust-y4m
ExclusiveArch: %{rust_arches}
- rust-yaml-rust
ExclusiveArch: %{rust_arches}
- rust-yaml-rust0.3
ExclusiveArch: %{rust_arches}
- rust-ybaas
ExclusiveArch: %{rust_arches}
- rust-yubibomb
ExclusiveArch: %{rust_arches}
- rust-zbase32
ExclusiveArch: %{rust_arches}
- rust-zbus
ExclusiveArch: %{rust_arches}
- rust-zbus_macros
ExclusiveArch: %{rust_arches}
- rust-zeroize
ExclusiveArch: %{rust_arches}
- rust-zeroize_derive
ExclusiveArch: %{rust_arches}
- rust-zincati
ExclusiveArch: %{rust_arches}
- rust-zip
ExclusiveArch: %{rust_arches}
- rust-zmq
ExclusiveArch: %{rust_arches}
- rust-zmq-sys
ExclusiveArch: %{rust_arches}
- rust-zoneinfo_compiled
ExclusiveArch: %{rust_arches}
- rust-zoxide
ExclusiveArch: %{rust_arches}
- rust-zram-generator
ExclusiveArch: %{rust_arches}
- rust-zstd
ExclusiveArch: %{rust_arches}
- rust-zstd-safe
ExclusiveArch: %{rust_arches}
- rust-zstd-sys
ExclusiveArch: %{rust_arches}
- rust-zvariant
ExclusiveArch: %{rust_arches}
- rust-zvariant_derive
ExclusiveArch: %{rust_arches}
- s390utils
ExclusiveArch: s390 s390x
- safetyblanket
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc64le
- sagemath
ExclusiveArch: aarch64 x86_64
- sbcl
ExclusiveArch: %{arm} %{ix86} x86_64 ppc sparcv9 aarch64
- sbd
ExclusiveArch: i686 x86_64 s390x aarch64 ppc64le
- sbsigntools
ExclusiveArch: x86_64 aarch64 %{arm} %{ix86}
- sdsl-lite
ExclusiveArch: %{power64} x86_64 aarch64
- seabios
ExclusiveArch: x86_64
- seadrive-gui
ExclusiveArch: %{qt5_qtwebengine_arches}
- seafile-client
ExclusiveArch: %{qt5_qtwebengine_arches}
- seamonkey
ExclusiveArch: x86_64
- seqan3
ExclusiveArch: %{power64} x86_64 aarch64
- servicelog
ExclusiveArch: ppc %{power64}
- sgabios
ExclusiveArch: %{ix86} x86_64
- sharpfont
ExclusiveArch: %mono_arches
- sharpziplib
ExclusiveArch: %{mono_arches}
- shim
ExclusiveArch: %{efi}
- shim-unsigned-aarch64
ExclusiveArch: aarch64
- shim-unsigned-x64
ExclusiveArch: x86_64
- sigul
ExclusiveArch: x86_64
- skopeo
ExclusiveArch: %{go_arches}
- skychart
ExclusiveArch: %{fpc_arches}
- snapd
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64 ppc64le s390x
- soup-sharp
ExclusiveArch: %{mono_arches}
- sparkleshare
ExclusiveArch: %{mono_arches}
- spicctrl
ExclusiveArch: %{ix86} x86_64
- spice
ExclusiveArch: x86_64
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- springlobby
ExclusiveArch: %{ix86} x86_64
- squeekboard
ExclusiveArch: %{rust_arches}
- startdde
ExclusiveArch: %{?go_arches:%{go_arches}}%{!?go_arches:%{ix86} x86_64 %{arm}}
- statsd
ExclusiveArch: %{nodejs_arches} noarch
- stratis-cli
ExclusiveArch: %{rust_arches} noarch
- stratisd
ExclusiveArch: %{rust_arches}
ExclusiveArch: %{rust_arches}
- stripesnoop
ExclusiveArch: %{ix86} x86_64
- supercollider
ExclusiveArch: %{qt5_qtwebengine_arches}
- supermin
ExclusiveArch: %{kernel_arches}
- svt-av1
ExclusiveArch: x86_64
- svt-vp9
ExclusiveArch: x86_64
- swift-lang
ExclusiveArch: x86_64 aarch64
- sysbench
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips}
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips} aarch64 ppc64le s390x
- syslinux
ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{ix86} x86_64
- system76-keyboard-configurator
ExclusiveArch: %{rust_arches}
- taglib-sharp
ExclusiveArch: %{mono_arches}
- tarantool
ExclusiveArch: %{ix86} x86_64
- tboot
ExclusiveArch: %{ix86} x86_64
- tdlib
ExclusiveArch: x86_64 aarch64
- templates_parser
ExclusiveArch: %GPRbuild_arches
- ternimal
ExclusiveArch: %{rust_arches}
- testcloud
ExclusiveArch: %{kernel_arches} noarch
- themonospot-base
ExclusiveArch: %mono_arches
- themonospot-console
ExclusiveArch: %mono_arches
- themonospot-gui-gtk
ExclusiveArch: %mono_arches
- themonospot-plugin-avi
ExclusiveArch: %mono_arches
- themonospot-plugin-mkv
ExclusiveArch: %mono_arches
- thermald
ExclusiveArch: %{ix86} x86_64
- tilix
ExclusiveArch: %{ldc_arches}
- tomboy
ExclusiveArch: %{mono_arches}
- torbrowser-launcher
ExclusiveArch: %{ix86} x86_64
- tuned-profiles-nfv-host-bin
ExclusiveArch: %{ix86} x86_64
- uClibc
ExclusiveArch: %{arm} %{ix86} x86_64 %{mips}
- ucx
ExclusiveArch: aarch64 ppc64le x86_64
- uglify-js
ExclusiveArch: %{nodejs_arches} noarch
- unetbootin
ExclusiveArch: %{ix86} x86_64
- ursa-major
ExclusiveArch: noarch aarch64 ppc64le s390x x86_64
- usd
ExclusiveArch: aarch64 x86_64
- v8-314
ExclusiveArch: %{ix86} x86_64 %{arm} mips mipsel ppc ppc64
- valgrind
ExclusiveArch: %{ix86} x86_64 ppc ppc64 ppc64le s390x armv7hl aarch64
- vboot-utils
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64
- vim-go
ExclusiveArch: %{?golang_arches}%{!?golang_arches:%{ix86} x86_64 %{arm}}
- virt-p2v
ExclusiveArch: x86_64
- virt-v2v
ExclusiveArch: x86_64
- virtualbox-guest-additions
ExclusiveArch: i686 x86_64
- vkd3d
ExclusiveArch: %{ix86} x86_64 %{arm}
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- vmaf
ExclusiveArch: x86_64
- vmemcache
ExclusiveArch: x86_64 ppc64 ppc64le s390x aarch64
- vrq
ExclusiveArch: %{ix86} x86_64
- warsow
ExclusiveArch: %{ix86} x86_64 %{arm}
- warsow-data
ExclusiveArch: %{ix86} x86_64 %{arm} noarch
ExclusiveArch: %{ix86} x86_64 %{arm}
- webkit2-sharp
ExclusiveArch: %mono_arches
- wine
ExclusiveArch: %{ix86} x86_64 aarch64
ExclusiveArch: %{ix86}
- wine-dxvk
ExclusiveArch: %{ix86} x86_64
- winetricks
ExclusiveArch: %{ix86} x86_64 %{arm} aarch64
- wxMaxima
ExclusiveArch: %{arm} %{ix86} x86_64 aarch64 ppc sparcv9
- x2goclient
ExclusiveArch: x86_64
- xe-guest-utilities-latest
ExclusiveArch: %{ix86} x86_64
- xen
ExclusiveArch: %{ix86} x86_64 armv7hl aarch64
- xmlada
ExclusiveArch: %{GPRbuild_arches}
- xorg-x11-drv-armsoc
ExclusiveArch: %{arm} aarch64
- xorg-x11-drv-intel
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-openchrome
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-vesa
ExclusiveArch: %{ix86} x86_64
- xorg-x11-drv-vmware
ExclusiveArch: %{ix86} x86_64 ia64
- xsp
ExclusiveArch: %mono_arches
- yarnpkg
ExclusiveArch: %{nodejs_arches} noarch
- zcfan
ExclusiveArch: x86_64
- zeal
ExclusiveArch: %{qt5_qtwebengine_arches}
- zeromq-ada
ExclusiveArch: %{GPRbuild_arches}
- zig
ExclusiveArch: %{zig_arches}
- zlib-ada
ExclusiveArch: %{GPRbuild_arches}
- zlib-ng
ExclusiveArch: aarch64 i686 ppc64le s390x x86_64
- zola
ExclusiveArch: %{rust_arches}
1 year, 12 months
Architecture specific change in rpms/suricata.git
by githook-noreply@fedoraproject.org
The package rpms/suricata.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/suricata.git/commit/?id=cd044a8f0....
Change:
+ExcludeArch: ppc64le i686
Thanks.
Full change:
============
commit 06916429968f2be693915ac21f4c6a1fb8a5becf
Merge: d338bb9 1db9700
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Tue Apr 26 16:10:54 2022 -0400
New security and bugfix release
commit 1db970056348711e4b1c6b2eb8c3744709beb607
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Tue Apr 26 15:38:20 2022 -0400
New security and bugfix release
diff --git a/.gitignore b/.gitignore
index 3414b29..32e17ab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -74,3 +74,4 @@ suricata-1.0.0.tar.gz.sig
/suricata-6.0.2.tar.gz
/suricata-6.0.3.tar.gz
/suricata-6.0.4.tar.gz
+/suricata-6.0.5.tar.gz
diff --git a/sources b/sources
index e0a7776..cdf3daa 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (suricata-6.0.4.tar.gz) = 8dccea669e50758def06fe3f3e8d5048d76b27a80b5f96a7b56d2ab6e4da358d8b17ec2d764e1b53cc6a1334ee0b14191cc80f5dcf18cc4d804d5c530290adf0
+SHA512 (suricata-6.0.5.tar.gz) = 8b15a8756846faed4120eef75641a6595d06ec9282a934f4d740bba6d01f08b4e876bf6c53559ab571aba5fab70dcc70d891c82978d6b60ab86ab0ae9660368e
diff --git a/suricata.spec b/suricata.spec
index dc26844..dfdaa61 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
-Version: 6.0.4
-Release: 5%{?dist}
+Version: 6.0.5
+Release: 1%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -188,6 +188,9 @@ fi
%{_datadir}/%{name}/rules
%changelog
+* Tue Apr 26 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.5-1
+- New security and bugfix release
+
* Thu Mar 17 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-5
- ExcludeArch i686
commit cd044a8f05308e4fbc6956536bc68349337cd17a
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Thu Mar 17 16:52:48 2022 -0400
ExcludeArch i686
diff --git a/suricata.spec b/suricata.spec
index d7883ac..dc26844 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -58,7 +58,8 @@ Requires(preun): systemd
Requires(postun): systemd
# Rust is not working on ppc64le systems (bz 1757548)
-ExcludeArch: ppc64le
+# Or i686 (bz 2047425)
+ExcludeArch: ppc64le i686
%description
@@ -187,6 +188,9 @@ fi
%{_datadir}/%{name}/rules
%changelog
+* Thu Mar 17 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-5
+- ExcludeArch i686
+
* Thu Jan 27 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
- Updated post install script to chown only if files exist
commit 15e39f5414ef6e3b6516a68cb426afe32ff93c52
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Sun Feb 6 16:42:53 2022 -0500
fix date typo
diff --git a/suricata.spec b/suricata.spec
index 0121cab..d7883ac 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -187,7 +187,7 @@ fi
%{_datadir}/%{name}/rules
%changelog
-* Thu Jan 27 2021 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
+* Thu Jan 27 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
- Updated post install script to chown only if files exist
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.4-3
commit 7a17d4f775b4ab42b65570750124728921b1ab26
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Thu Jan 27 13:17:22 2022 -0500
Updated post install script to chown only if files exist
diff --git a/suricata.spec b/suricata.spec
index eebb5b4..0121cab 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -41,6 +41,7 @@ BuildRequires: autoconf automake libtool
BuildRequires: systemd
BuildRequires: hiredis-devel
BuildRequires: libevent-devel
+# Prelude is disabled pending resolution of bz 1908783
#BuildRequires: libprelude-devel
BuildRequires: pkgconfig(gnutls)
@@ -144,7 +145,12 @@ getent passwd suricata >/dev/null || useradd -r -M -s /sbin/nologin suricata
%post
%systemd_post suricata.service
-chown suricata %{_var}/log/%{name}/*
+if [ -d %{_var}/log/%{name} ] ; then
+ file=$(ls %{_var}/log/%{name}/* 2> /dev/null | wc -l)
+ if [ -n "$files" ] && [ "$files" != "0" ] ; then
+ chown suricata %{_var}/log/%{name}/* 2> /dev/null
+ fi
+fi
%preun
%systemd_preun suricata.service
@@ -181,6 +187,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Thu Jan 27 2021 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
+- Updated post install script to chown only if files exist
+
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
commit ca0a5c277de9fbff6429ae6b1d4aa697aebd14dd
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Jan 22 01:59:22 2022 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/suricata.spec b/suricata.spec
index c841ab9..eebb5b4 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -181,6 +181,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
* Tue Jan 18 2022 Kevin Fenzi <kevin(a)scrye.com> - 6.0.4-2
- Rebuild for hiredis 1.0.2
commit c56212ae44609930a2986067d101aa8a00a678ac
Author: Kevin Fenzi <kevin(a)scrye.com>
Date: Mon Jan 17 16:24:11 2022 -0800
Rebuild for hiredis 1.0.2
diff --git a/suricata.spec b/suricata.spec
index 9f23fe6..c841ab9 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -181,6 +181,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Tue Jan 18 2022 Kevin Fenzi <kevin(a)scrye.com> - 6.0.4-2
+- Rebuild for hiredis 1.0.2
+
* Thu Nov 18 2021 Jason Taylor <jtfas90(a)gmail.com> 6.0.4-1
- New security and bugfix release
commit 9afa2ee2c852fe31580fa786c86a0cf285cd5d4f
Author: jason taylor <jtfas90(a)gmail.com>
Date: Thu Nov 18 17:49:43 2021 -0500
latest upstream security release
diff --git a/.gitignore b/.gitignore
index abb92e2..3414b29 100644
--- a/.gitignore
+++ b/.gitignore
@@ -73,3 +73,4 @@ suricata-1.0.0.tar.gz.sig
/suricata-6.0.1.tar.gz
/suricata-6.0.2.tar.gz
/suricata-6.0.3.tar.gz
+/suricata-6.0.4.tar.gz
diff --git a/sources b/sources
index d1aa47d..e0a7776 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (suricata-6.0.3.tar.gz) = 186b871959988ca7cbd0d69e725aed18af915f93363c7ecc0ffa20d8ad8f50a326be08452d085772b1df84ef25258ef0dd6b35d41b0988cb1c653e60aeb103a2
+SHA512 (suricata-6.0.4.tar.gz) = 8dccea669e50758def06fe3f3e8d5048d76b27a80b5f96a7b56d2ab6e4da358d8b17ec2d764e1b53cc6a1334ee0b14191cc80f5dcf18cc4d804d5c530290adf0
diff --git a/suricata.spec b/suricata.spec
index d92c86b..9f23fe6 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
-Version: 6.0.3
-Release: 2%{?dist}
+Version: 6.0.4
+Release: 1%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -181,6 +181,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Thu Nov 18 2021 Jason Taylor <jtfas90(a)gmail.com> 6.0.4-1
+- New security and bugfix release
+
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
commit 0ab4b68b527b3993a0a8097d09e14312bd758a34
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Fri Jul 23 18:35:59 2021 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/suricata.spec b/suricata.spec
index 5042252..d92c86b 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.3
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -181,6 +181,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
* Thu Jul 01 2021 Steve Grubb <sgrubb(a)redhat.com> 6.0.3-1
- New security and bugfix release
- Fix logrotation location (#1966955)
1 year, 12 months
Architecture specific change in rpms/suricata.git
by githook-noreply@fedoraproject.org
The package rpms/suricata.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/suricata.git/commit/?id=cd044a8f0....
Change:
+ExcludeArch: ppc64le i686
Thanks.
Full change:
============
commit 1db970056348711e4b1c6b2eb8c3744709beb607
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Tue Apr 26 15:38:20 2022 -0400
New security and bugfix release
diff --git a/.gitignore b/.gitignore
index 3414b29..32e17ab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -74,3 +74,4 @@ suricata-1.0.0.tar.gz.sig
/suricata-6.0.2.tar.gz
/suricata-6.0.3.tar.gz
/suricata-6.0.4.tar.gz
+/suricata-6.0.5.tar.gz
diff --git a/sources b/sources
index e0a7776..cdf3daa 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (suricata-6.0.4.tar.gz) = 8dccea669e50758def06fe3f3e8d5048d76b27a80b5f96a7b56d2ab6e4da358d8b17ec2d764e1b53cc6a1334ee0b14191cc80f5dcf18cc4d804d5c530290adf0
+SHA512 (suricata-6.0.5.tar.gz) = 8b15a8756846faed4120eef75641a6595d06ec9282a934f4d740bba6d01f08b4e876bf6c53559ab571aba5fab70dcc70d891c82978d6b60ab86ab0ae9660368e
diff --git a/suricata.spec b/suricata.spec
index dc26844..dfdaa61 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
-Version: 6.0.4
-Release: 5%{?dist}
+Version: 6.0.5
+Release: 1%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -188,6 +188,9 @@ fi
%{_datadir}/%{name}/rules
%changelog
+* Tue Apr 26 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.5-1
+- New security and bugfix release
+
* Thu Mar 17 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-5
- ExcludeArch i686
commit cd044a8f05308e4fbc6956536bc68349337cd17a
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Thu Mar 17 16:52:48 2022 -0400
ExcludeArch i686
diff --git a/suricata.spec b/suricata.spec
index d7883ac..dc26844 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 4%{?dist}
+Release: 5%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -58,7 +58,8 @@ Requires(preun): systemd
Requires(postun): systemd
# Rust is not working on ppc64le systems (bz 1757548)
-ExcludeArch: ppc64le
+# Or i686 (bz 2047425)
+ExcludeArch: ppc64le i686
%description
@@ -187,6 +188,9 @@ fi
%{_datadir}/%{name}/rules
%changelog
+* Thu Mar 17 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-5
+- ExcludeArch i686
+
* Thu Jan 27 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
- Updated post install script to chown only if files exist
commit 15e39f5414ef6e3b6516a68cb426afe32ff93c52
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Sun Feb 6 16:42:53 2022 -0500
fix date typo
diff --git a/suricata.spec b/suricata.spec
index 0121cab..d7883ac 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -187,7 +187,7 @@ fi
%{_datadir}/%{name}/rules
%changelog
-* Thu Jan 27 2021 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
+* Thu Jan 27 2022 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
- Updated post install script to chown only if files exist
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.4-3
commit 7a17d4f775b4ab42b65570750124728921b1ab26
Author: Steve Grubb <sgrubb(a)redhat.com>
Date: Thu Jan 27 13:17:22 2022 -0500
Updated post install script to chown only if files exist
diff --git a/suricata.spec b/suricata.spec
index eebb5b4..0121cab 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -41,6 +41,7 @@ BuildRequires: autoconf automake libtool
BuildRequires: systemd
BuildRequires: hiredis-devel
BuildRequires: libevent-devel
+# Prelude is disabled pending resolution of bz 1908783
#BuildRequires: libprelude-devel
BuildRequires: pkgconfig(gnutls)
@@ -144,7 +145,12 @@ getent passwd suricata >/dev/null || useradd -r -M -s /sbin/nologin suricata
%post
%systemd_post suricata.service
-chown suricata %{_var}/log/%{name}/*
+if [ -d %{_var}/log/%{name} ] ; then
+ file=$(ls %{_var}/log/%{name}/* 2> /dev/null | wc -l)
+ if [ -n "$files" ] && [ "$files" != "0" ] ; then
+ chown suricata %{_var}/log/%{name}/* 2> /dev/null
+ fi
+fi
%preun
%systemd_preun suricata.service
@@ -181,6 +187,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Thu Jan 27 2021 Steve Grubb <sgrubb(a)redhat.com> 6.0.4-4
+- Updated post install script to chown only if files exist
+
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
commit ca0a5c277de9fbff6429ae6b1d4aa697aebd14dd
Author: Fedora Release Engineering <releng(a)fedoraproject.org>
Date: Sat Jan 22 01:59:22 2022 +0000
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng(a)fedoraproject.org>
diff --git a/suricata.spec b/suricata.spec
index c841ab9..eebb5b4 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -181,6 +181,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.0.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
* Tue Jan 18 2022 Kevin Fenzi <kevin(a)scrye.com> - 6.0.4-2
- Rebuild for hiredis 1.0.2
commit c56212ae44609930a2986067d101aa8a00a678ac
Author: Kevin Fenzi <kevin(a)scrye.com>
Date: Mon Jan 17 16:24:11 2022 -0800
Rebuild for hiredis 1.0.2
diff --git a/suricata.spec b/suricata.spec
index 9f23fe6..c841ab9 100644
--- a/suricata.spec
+++ b/suricata.spec
@@ -1,7 +1,7 @@
Summary: Intrusion Detection System
Name: suricata
Version: 6.0.4
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
URL: https://suricata-ids.org/
Source0: https://www.openinfosecfoundation.org/download/%{name}-%{version}.tar.gz
@@ -181,6 +181,9 @@ chown suricata %{_var}/log/%{name}/*
%{_datadir}/%{name}/rules
%changelog
+* Tue Jan 18 2022 Kevin Fenzi <kevin(a)scrye.com> - 6.0.4-2
+- Rebuild for hiredis 1.0.2
+
* Thu Nov 18 2021 Jason Taylor <jtfas90(a)gmail.com> 6.0.4-1
- New security and bugfix release
1 year, 12 months