rpms
/
java-21-openjdk-portable
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync with upcoming java-21-openjdk package in RHEL 

- Update documentation (README.md, add missing JEP to release notes)
- Replace alt-java patch with a binary separate from the JDK
- Drop stale patches that are of little use any more:
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
- * No accessibility subpackage to warrant RH1648242 patch any more
- * No use of system libjpeg turbo to warrant RH649512 patch any more
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
- Update generate_tarball.sh to sync with upstream vanilla script
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Use upstream release URL for OpenJDK source
- Port misc tarball from RHEL to house alt-java outside the JDK tree
- Port improved tarball creation and checking from RHEL so tarballs are verified
This commit is contained in:
Andrew John Hughes 2023-09-15 18:23:53 +01:00
parent fff7874101
commit 4ec83bb3a6
14 changed files with 383 additions and 289 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -36,3 +36,4 @@
/openjdk-jdk20u-jdk-20.0.2+9.tar.xz /openjdk-jdk20u-jdk-20.0.2+9.tar.xz
/openjdk-jdk21u-jdk-21+34.tar.xz /openjdk-jdk21u-jdk-21+34.tar.xz
/openjdk-jdk21u-jdk-21+35.tar.xz /openjdk-jdk21u-jdk-21+35.tar.xz
/openjdk-21+35.tar.xz

21
NEWS
View File

@ -76,6 +76,20 @@ an underscore character, _.
This is a preview feature (http://openjdk.java.net/jeps/12) introduced This is a preview feature (http://openjdk.java.net/jeps/12) introduced
in OpenJDK 21 (JEP 443). in OpenJDK 21 (JEP 443).
Unnamed Classes and Instance Main Methods
=========================================
https://openjdk.org/jeps/445
Evolve the Java language so that students can write their first
programs without needing to understand language features designed for
large programs. Far from using a separate dialect of Java, students
can write streamlined declarations for single-class programs and then
seamlessly expand their programs to use more advanced features as
their skills grow.
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
in OpenJDK 21 (JEP 445).
Library Features Library Features
================ ================
@ -128,14 +142,15 @@ Virtual Threads
=============== ===============
https://openjdk.org/jeps/425 https://openjdk.org/jeps/425
https://openjdk.org/jeps/436 https://openjdk.org/jeps/436
https://openjdk.org/jeps/444
Introduce virtual threads to the Java Platform. Virtual threads are Introduce virtual threads to the Java Platform. Virtual threads are
lightweight threads that dramatically reduce the effort of writing, lightweight threads that dramatically reduce the effort of writing,
maintaining, and observing high-throughput concurrent applications. maintaining, and observing high-throughput concurrent applications.
This is a preview feature (http://openjdk.java.net/jeps/12) introduced This was a preview feature (http://openjdk.java.net/jeps/12)
in OpenJDK 19 (JEP 425) and reaching its second preview in OpenJDK 20 introduced in OpenJDK 19 (JEP 425) and reaching its second preview in
(JEP 436). OpenJDK 20 (JEP 436). It became final with OpenJDK 21 (JEP 444).
Structured Concurrency Structured Concurrency
====================== ======================

24
README.md
View File

@ -1,16 +1,14 @@
# java-latest-openjdk-portable This package contains the latest rolling release of OpenJDK. OpenJDK
has a release cadence of six months, with a new release in March and
September each year.
The java-latest-openjdk-portable package The current release is OpenJDK 21. For a list of major changes from
======= OpenJDK 20, see the NEWS file included in this package and the
Rolling release of (usually) STSs OpenJDK upstream release page:
OpenJDK has release cadence of 6 months, but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbor them. Currently it is build of OpenJDK 12. LTSs will go also as separate packages.
JDK21 is current release of Java platform. It is bringing many cool improvements - https://openjdk.org/projects/jdk/21/ and is landing to your Fedora. Where it will be maintained for f28 and newer. Unluckily, this package is STS (short term support) version. Between individual LTS there will be always several STS. Again, please see announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html and See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf . So this is rolling release of all STSs to come. Its fate during the release of fresh LTS is yet to be decided. You will always be allowed to install LTS in fedora build root, alongside with latest STS via alternatives. https://openjdk.java.net/projects/jdk/21/
This package is intended for those who want to follow the latest
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html OpenJDK releases. Long term support versions of OpenJDK are available
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf in the java-1.8.0-openjdk, java-11-openjdk and java-17-openjdk
packages.
https://bugzilla.redhat.com/show_bug.cgi?id=1557371#c0
https://fedoraproject.org/wiki/Changes/java-openjdk-10
https://fedoraproject.org/wiki/Changes/java-11-openjdk-TechPreview

100
alt-java.c Normal file
View File

@ -0,0 +1,100 @@
/*
* Copyright (C) 2023 Red Hat, Inc.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Red Hat designates this
* particular file as subject to the "Classpath" exception as provided
* by Red Hat in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
*/
#include <errno.h>
#include <libgen.h>
#include <linux/limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
#include <unistd.h>
/* Per task speculation control */
#ifndef PR_GET_SPECULATION_CTRL
# define PR_GET_SPECULATION_CTRL 52
#endif
#ifndef PR_SET_SPECULATION_CTRL
# define PR_SET_SPECULATION_CTRL 53
#endif
/* Speculation control variants */
#ifndef PR_SPEC_STORE_BYPASS
# define PR_SPEC_STORE_BYPASS 0
#endif
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
#ifndef PR_SPEC_NOT_AFFECTED
# define PR_SPEC_NOT_AFFECTED 0
#endif
#ifndef PR_SPEC_PRCTL
# define PR_SPEC_PRCTL (1UL << 0)
#endif
#ifndef PR_SPEC_ENABLE
# define PR_SPEC_ENABLE (1UL << 1)
#endif
#ifndef PR_SPEC_DISABLE
# define PR_SPEC_DISABLE (1UL << 2)
#endif
#ifndef PR_SPEC_FORCE_DISABLE
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
#endif
#ifndef PR_SPEC_DISABLE_NOEXEC
# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
#endif
static void set_speculation() {
#if defined(__linux__) && defined(__x86_64__)
// PR_SPEC_DISABLE_NOEXEC doesn't survive execve, so we can't use it
// if ( prctl(PR_SET_SPECULATION_CTRL,
// PR_SPEC_STORE_BYPASS,
// PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
// return;
// }
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
#else
#warning alt-java requested but SSB mitigation not available on this platform.
#endif
}
int main(int argc, char **argv) {
set_speculation();
char our_name[PATH_MAX], java_name[PATH_MAX];
ssize_t len = readlink("/proc/self/exe", our_name, PATH_MAX - 1);
if (len < 0) {
perror("I can't find myself");
exit(2);
}
our_name[len] = '\0'; // readlink(2) doesn't append a null byte
char *path = dirname(our_name);
strncpy(java_name, path, PATH_MAX - 1);
size_t remaining_bytes = PATH_MAX - strlen(path) - 1;
strncat(java_name, "/java", remaining_bytes);
execv(java_name, argv);
fprintf(stderr, "%s failed to launch: %s\n", java_name, strerror(errno));
exit(1);
}

48
generate_source_tarball.sh
View File

@ -30,19 +30,20 @@ set -e
OPENJDK_URL_DEFAULT=https://github.com OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz COMPRESSION_DEFAULT=xz
# Corresponding IcedTea version
ICEDTEA_VERSION=15.0
if [ "x$1" = "xhelp" ] ; then if [ "x$1" = "xhelp" ] ; then
if [ "x$VERSION" = "x" ] ; then
VERSION="<unspecified>";
fi
echo -e "Behaviour may be specified by setting the following variables:\n" echo -e "Behaviour may be specified by setting the following variables:\n"
echo "VERSION - the version of the specified OpenJDK project" echo "VERSION - the version of the specified OpenJDK project (current value: ${VERSION})"
echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)" echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)"
echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)" echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)"
echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})" echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})" echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)" echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to open${VERSION})"
echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)" echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)" echo "TO_COMPRESS - what part of clone to pack (default is ${VERSION})"
echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run" echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run"
exit 1; exit 1;
fi fi
@ -53,6 +54,7 @@ if [ "x$VERSION" = "x" ] ; then
exit 2 exit 2
fi fi
echo "Version: ${VERSION}" echo "Version: ${VERSION}"
NUM_VER=${VERSION##jdk-} NUM_VER=${VERSION##jdk-}
RELEASE_VER=${NUM_VER%%+*} RELEASE_VER=${NUM_VER%%+*}
BUILD_VER=${NUM_VER##*+} BUILD_VER=${NUM_VER##*+}
@ -109,7 +111,7 @@ fi
echo "Creating a tar.${COMPRESSION} archive" echo "Creating a tar.${COMPRESSION} archive"
if [ "x$FILE_NAME_ROOT" = "x" ] ; then if [ "x$FILE_NAME_ROOT" = "x" ] ; then
FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION} FILE_NAME_ROOT=open${VERSION}
echo "No file name root specified; default to ${FILE_NAME_ROOT}" echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi fi
if [ "x$REPO_ROOT" = "x" ] ; then if [ "x$REPO_ROOT" = "x" ] ; then
@ -118,7 +120,7 @@ if [ "x$REPO_ROOT" = "x" ] ; then
fi; fi;
if [ "x$TO_COMPRESS" = "x" ] ; then if [ "x$TO_COMPRESS" = "x" ] ; then
TO_COMPRESS="openjdk" TO_COMPRESS="${VERSION}"
echo "No targets to be compressed specified, ; default to ${TO_COMPRESS}" echo "No targets to be compressed specified, ; default to ${TO_COMPRESS}"
fi; fi;
@ -141,35 +143,35 @@ else
mkdir "${FILE_NAME_ROOT}" mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}" pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}" echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
git clone -b ${VERSION} ${REPO_ROOT} openjdk git clone -b ${VERSION} ${REPO_ROOT} ${VERSION}
popd popd
fi fi
pushd "${FILE_NAME_ROOT}" pushd "${FILE_NAME_ROOT}"
# Generate .src-rev so build has knowledge of the revision the tarball was created from # Generate .src-rev so build has knowledge of the revision the tarball was created from
mkdir build mkdir build
pushd build pushd build
sh ${PWD}/../openjdk/configure --with-boot-jdk=${BOOT_JDK} sh ${PWD}/../${VERSION}/configure --with-boot-jdk=${BOOT_JDK}
make store-source-revision make store-source-revision
popd popd
rm -rf build rm -rf build
# Remove commit checks # Remove commit checks
echo "Removing $(find openjdk -name '.jcheck' -print)" echo "Removing $(find ${VERSION} -name '.jcheck' -print)"
find openjdk -name '.jcheck' -print0 | xargs -0 rm -rf find ${VERSION} -name '.jcheck' -print0 | xargs -0 rm -r
# Remove history and GHA # Remove history and GHA
echo "find openjdk -name '.hgtags'" echo "find ${VERSION} -name '.hgtags'"
find openjdk -name '.hgtags' -exec rm -fv '{}' '+' find ${VERSION} -name '.hgtags' -exec rm -v '{}' '+'
echo "find openjdk -name '.hgignore'" echo "find ${VERSION} -name '.hgignore'"
find openjdk -name '.hgignore' -exec rm -fv '{}' '+' find ${VERSION} -name '.hgignore' -exec rm -v '{}' '+'
echo "find openjdk -name '.gitattributes'" echo "find ${VERSION} -name '.gitattributes'"
find openjdk -name '.gitattributes' -exec rm -fv '{}' '+' find ${VERSION} -name '.gitattributes' -exec rm -v '{}' '+'
echo "find openjdk -name '.gitignore'" echo "find ${VERSION} -name '.gitignore'"
find openjdk -name '.gitignore' -exec rm -fv '{}' '+' find ${VERSION} -name '.gitignore' -exec rm -v '{}' '+'
echo "find openjdk -name '.git'" echo "find ${VERSION} -name '.git'"
find openjdk -name '.git' -exec rm -rfv '{}' '+' find ${VERSION} -name '.git' -exec rm -rv '{}' '+'
echo "find openjdk -name '.github'" echo "find ${VERSION} -name '.github'"
find openjdk -name '.github' -exec rm -rfv '{}' '+' find ${VERSION} -name '.github' -exec rm -rv '{}' '+'
echo "Compressing remaining forest" echo "Compressing remaining forest"
if [ "X$COMPRESSION" = "Xxz" ] ; then if [ "X$COMPRESSION" = "Xxz" ] ; then

166
java-latest-openjdk-portable.spec
View File

@ -257,12 +257,6 @@
%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||') %global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||')
%global ourldflags %{__global_ldflags} %global ourldflags %{__global_ldflags}
# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path
# the initialization must be here. Later the pkg-config have buggy behavior
# looks like openjdk RPM specific bug
# Always set this so the nss.cfg file is not broken
%global NSS_LIBDIR %(pkg-config --variable=libdir nss)
# In some cases, the arch used by the JDK does # In some cases, the arch used by the JDK does
# not match _arch. # not match _arch.
# Also, in some cases, the machine name used by SystemTap # Also, in some cases, the machine name used by SystemTap
@ -388,10 +382,10 @@
# Standard JPackage naming and versioning defines # Standard JPackage naming and versioning defines
%global origin openjdk %global origin openjdk
%global origin_nice OpenJDK %global origin_nice OpenJDK
%global top_level_dir_name %{origin} %global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup %global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 35 %global buildver 35
%global rpmrelease 2 %global rpmrelease 3
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk %if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -444,6 +438,7 @@
%global static_libs_install_dir %{static_libs_arch_dir}/glibc %global static_libs_install_dir %{static_libs_arch_dir}/glibc
# output dir stub # output dir stub
%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}} %define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
%global altjavaoutputdir install/altjava.install
# we can copy the javadoc to not arched dir, or make it not noarch # we can copy the javadoc to not arched dir, or make it not noarch
%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}} %define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}}
# main id and dir of this jdk # main id and dir of this jdk
@ -464,6 +459,8 @@
# Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on # Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on
# top of the JDK archive # top of the JDK archive
%define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} %define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}}
%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;%{version}-%{release};\\0.portable%{1}.misc;g" | sed "s;openjdkportable;el;g")
%define miscportablearchive() %{miscportablename}.tar.xz
# RPM 4.19 no longer accept our double percentaged %%{nil} passed to %%{1} # RPM 4.19 no longer accept our double percentaged %%{nil} passed to %%{1}
# so we have to pass in "" but evaluate it, otherwise files record will include it # so we have to pass in "" but evaluate it, otherwise files record will include it
@ -548,6 +545,8 @@ ExcludeArch: %{ix86}
%define java_static_libs_rpo() %{expand: %define java_static_libs_rpo() %{expand:
} }
%define java_misc_rpo() %{expand:
}
# Prevent brp-java-repack-jars from being run # Prevent brp-java-repack-jars from being run
%global __jar_repack 0 %global __jar_repack 0
@ -598,7 +597,7 @@ URL: http://openjdk.java.net/
# The source tarball, generated using generate_source_tarball.sh # The source tarball, generated using generate_source_tarball.sh
Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz Source0: https://openjdk-sources.osci.io/openjdk%{featurever}/open%{vcstag}.tar.xz
# Use 'icedtea_sync.sh' to update the following # Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x). # They are based on code contained in the IcedTea project (6.x).
@ -613,8 +612,8 @@ Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
# Release notes # Release notes
Source10: NEWS Source10: NEWS
# nss configuration file # Source code for alt-java
Source11: nss.cfg.in Source11: alt-java.c
# Removed libraries that we link instead # Removed libraries that we link instead
# Disabled in portables # Disabled in portables
@ -649,20 +648,6 @@ Source1004: ojdk17-s390x-17.35.tar.gz
# #
############################################ ############################################
# NSS via SunPKCS11 Provider (disabled comment
# due to memory leak).
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
Patch600: rh1750419-redhat_alt_java.patch
# Ignore AWTError when assistive technologies are loaded
Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
# Restrict access to java-atk-wrapper classes
Patch2: rh1648644-java_access_bridge_privileged_security.patch
Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
# Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
# Crypto policy and FIPS support patches # Crypto policy and FIPS support patches
# Patch is generated from the fips-21u tree at https://github.com/rh-openjdk/jdk/tree/fips-21u # Patch is generated from the fips-21u tree at https://github.com/rh-openjdk/jdk/tree/fips-21u
# as follows: git diff %%{vcstag} src make test > fips-21u-$(git show -s --format=%h HEAD).patch # as follows: git diff %%{vcstag} src make test > fips-21u-$(git show -s --format=%h HEAD).patch
@ -688,7 +673,8 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
# RH2090378: Revert to disabling system security properties and FIPS mode support together # RH2090378: Revert to disabling system security properties and FIPS mode support together
# RH2104724: Avoid import/export of DH private keys # RH2104724: Avoid import/export of DH private keys
# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode # RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
# RH2048582: Support PKCS#12 keystores # Build the systemconf library on all platforms
# RH2048582: Support PKCS#12 keystores [now part of JDK-8301553 upstream]
# RH2020290: Support TLS 1.3 in FIPS mode # RH2020290: Support TLS 1.3 in FIPS mode
# Add nss.fips.cfg support to OpenJDK tree # Add nss.fips.cfg support to OpenJDK tree
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode # RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
@ -697,15 +683,17 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
# RH2134669: Add missing attributes when registering services in FIPS mode. # RH2134669: Add missing attributes when registering services in FIPS mode.
# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class # test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
# RH1940064: Enable XML Signature provider in FIPS mode # RH1940064: Enable XML Signature provider in FIPS mode
# Build the systemconf library on all platforms # RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
# Remove GCC minor versioning (JDK-8284772) to unbreak testing Patch1001: fips-%{featurever}u-%{fipsver}.patch
Patch1001: fips-21u-%{fipsver}.patch
############################################# #############################################
# #
# OpenJDK patches in need of upstreaming # OpenJDK patches in need of upstreaming
# #
############################################# #############################################
# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
# PR: https://github.com/openjdk/jdk/pull/15409
Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch
############################################# #############################################
# #
@ -746,7 +734,7 @@ BuildRequires: libXrandr-devel
BuildRequires: libXrender-devel BuildRequires: libXrender-devel
BuildRequires: libXt-devel BuildRequires: libXt-devel
BuildRequires: libXtst-devel BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg # Requirement for setting up nss.fips.cfg
BuildRequires: nss-devel BuildRequires: nss-devel
# Requirement for system security property test # Requirement for system security property test
%if (0%{?rhel} > 0 && 0%{?rhel} < 8) %if (0%{?rhel} > 0 && 0%{?rhel} < 8)
@ -916,6 +904,14 @@ The %{origin_nice} %{featurever} libraries for static linking - portable edition
# staticlibs # staticlibs
%endif %endif
%package misc
Summary: %{origin_nice} %{featurever} miscellany
%{java_misc_rpo %{nil}}
%description misc
The %{origin_nice} %{featurever} miscellany.
%package sources %package sources
Summary: %{origin_nice} %{featurever} full patched sources of portable JDK Summary: %{origin_nice} %{featurever} full patched sources of portable JDK
@ -979,18 +975,12 @@ sh %{SOURCE12} %{top_level_dir_name}
# Patch the JDK # Patch the JDK
pushd %{top_level_dir_name} pushd %{top_level_dir_name}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch6 -p1
# Add crypto policy and FIPS support # Add crypto policy and FIPS support
%patch1001 -p1 %patch1001 -p1
# nss.cfg PKCS11 support; must come last as it also alters java.security # Patches in need of upstreaming
%patch1000 -p1 %patch6 -p1
popd # openjdk popd # openjdk
%patch600
# The OpenJDK version file includes the current # The OpenJDK version file includes the current
# upstream version information. For some reason, # upstream version information. For some reason,
# configure does not automatically use the # configure does not automatically use the
@ -1043,9 +1033,6 @@ done
# Prepare desktop files # Prepare desktop files
# Portables do not have desktop integration # Portables do not have desktop integration
# Setup nss.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
%build %build
%if (0%{?rhel} > 0 && 0%{?rhel} < 8) %if (0%{?rhel} > 0 && 0%{?rhel} < 8)
mkdir bootjdk mkdir bootjdk
@ -1100,6 +1087,10 @@ EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming
%endif %endif
export EXTRA_CFLAGS EXTRA_CPP_FLAGS export EXTRA_CFLAGS EXTRA_CPP_FLAGS
echo "Building %{SOURCE11}"
mkdir -p %{altjavaoutputdir}
gcc ${EXTRA_CFLAGS} -o %{altjavaoutputdir}/%{alt_java_name} %{SOURCE11}
function buildjdk() { function buildjdk() {
local outputdir=${1} local outputdir=${1}
local buildjdk=${2} local buildjdk=${2}
@ -1204,9 +1195,6 @@ function installjdk() {
find ${imagepath} -iname '*.so' -exec chmod +x {} \; find ${imagepath} -iname '*.so' -exec chmod +x {} \;
find ${imagepath}/bin/ -exec chmod +x {} \; find ${imagepath}/bin/ -exec chmod +x {} \;
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg ${imagepath}/conf/security/
# Create fake alt-java as a placeholder for future alt-java # Create fake alt-java as a placeholder for future alt-java
if [ -d man/man1 ] ; then if [ -d man/man1 ] ; then
pushd ${imagepath} pushd ${imagepath}
@ -1294,10 +1282,25 @@ EOF
fi fi
} }
function genchecksum() {
local checkedfile=${1}
checkdir=$(dirname ${1})
checkfile=$(basename ${1})
echo "Generating checksum for ${checkfile} in ${checkdir}..."
pushd ${checkdir}
sha256sum ${checkfile} > ${checkfile}.sha256sum
sha256sum --check ${checkfile}.sha256sum
popd
}
packagesdir=$(pwd)/..
pwd pwd
ls -l ls -l
tar -cJf ../%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" openjdk nss* tar -cJf ${packagesdir}/%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" %{top_level_dir_name}
sha256sum ../%{jdkportablesourcesarchive -- ""} > ../%{jdkportablesourcesarchive -- ""}.sha256sum genchecksum ${packagesdir}/%{jdkportablesourcesarchive -- ""}
%if %{build_hotspot_first} %if %{build_hotspot_first}
# Build a fresh libjvm.so first and use it to bootstrap # Build a fresh libjvm.so first and use it to bootstrap
@ -1410,12 +1413,12 @@ for suffix in %{build_loop} ; do
mv %{jdkimage} %{jdkportablename -- "$nameSuffix"} mv %{jdkimage} %{jdkportablename -- "$nameSuffix"}
mv %{jreimage} %{jreportablename -- "$nameSuffix"} mv %{jreimage} %{jreportablename -- "$nameSuffix"}
tar -cJf ../../../../%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"} tar -cJf ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"}
sha256sum ../../../../%{jdkportablearchive -- "$nameSuffix"} > ../../../../%{jdkportablearchive -- "$nameSuffix"}.sha256sum genchecksum ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}
tar -cJf ../../../../%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"} tar -cJf ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"}
sha256sum ../../../../%{jreportablearchive -- "$nameSuffix"} > ../../../../%{jreportablearchive -- "$nameSuffix"}.sha256sum genchecksum ${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
# copy licenses so they are avialable out of tarball # copy licenses so they are avialable out of tarball
cp -rf %{jdkportablename -- "$nameSuffix"}/legal ../../../../%{jdkportablearchive -- "%{normal_suffix}"}-legal cp -rf %{jdkportablename -- "$nameSuffix"}/legal ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal
mv %{jdkportablename -- "$nameSuffix"} %{jdkimage} mv %{jdkportablename -- "$nameSuffix"} %{jdkimage}
mv %{jreportablename -- "$nameSuffix"} %{jreimage} mv %{jreportablename -- "$nameSuffix"} %{jreimage}
popd #images popd #images
@ -1426,8 +1429,8 @@ for suffix in %{build_loop} ; do
# Tar as overlay. Transform to the JDK name, since we just want to "add" # Tar as overlay. Transform to the JDK name, since we just want to "add"
# static libraries to that folder # static libraries to that folder
portableJDKname=%{staticlibsportablename -- "$nameSuffix"} portableJDKname=%{staticlibsportablename -- "$nameSuffix"}
tar -cJf ../../../../%{staticlibsportablearchive -- "$nameSuffix"} --transform "s|^%{static_libs_image}/lib/*|$portableJDKname/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib" tar -cJf ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} --transform "s|^%{static_libs_image}/lib/*|$portableJDKname/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib"
sha256sum ../../../../%{staticlibsportablearchive -- "$nameSuffix"} > ../../../../%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum genchecksum ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}
popd #staticlibs-images popd #staticlibs-images
%endif %endif
################################################################################ ################################################################################
@ -1437,10 +1440,26 @@ for suffix in %{build_loop} ; do
# build cycles # build cycles
done # end of release / debug cycle loop done # end of release / debug cycle loop
# These are from the source tree so no debug variants
miscname=%{miscportablename}
miscarchive=${packagesdir}/%{miscportablearchive}
mkdir ${miscname}
cp -av %{altjavaoutputdir}/%{alt_java_name} ${miscname}
tar -cJf ${miscarchive} ${miscname}
genchecksum ${miscarchive}
%install %install
packagesdir=$(pwd)/..
mkdir -p $RPM_BUILD_ROOT%{_jvmdir} mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
mv ../%{jdkportablesourcesarchive -- ""} $RPM_BUILD_ROOT%{_jvmdir}/ # Install outside the loop as there are no debug variants
mv ../%{jdkportablesourcesarchive -- ""}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ miscarchive=${packagesdir}/%{miscportablearchive}
mv ${packagesdir}/%{jdkportablesourcesarchive -- ""} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${packagesdir}/%{jdkportablesourcesarchive -- ""}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
for suffix in %{build_loop} ; do for suffix in %{build_loop} ; do
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}} top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
@ -1451,13 +1470,13 @@ top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
else else
nameSuffix=`echo "$suffix"| sed s/-/./` nameSuffix=`echo "$suffix"| sed s/-/./`
fi fi
mv ../%{jdkportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
mv ../%{jdkportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ../%{jreportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
mv ../%{jreportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
%if %{include_staticlibs} %if %{include_staticlibs}
mv ../%{staticlibsportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
mv ../%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
%endif %endif
if [ "x$suffix" == "x" ] ; then if [ "x$suffix" == "x" ] ; then
dnameSuffix="$nameSuffix".debuginfo dnameSuffix="$nameSuffix".debuginfo
@ -1471,7 +1490,7 @@ done
################################################################################ ################################################################################
# the licenses are packed onloy once and shared # the licenses are packed onloy once and shared
mkdir -p $RPM_BUILD_ROOT%{unpacked_licenses} mkdir -p $RPM_BUILD_ROOT%{unpacked_licenses}
mv ../%{jdkportablearchive -- "%{normal_suffix}"}-legal $RPM_BUILD_ROOT%{unpacked_licenses}/%{jdkportablesourcesarchive -- "%{normal_suffix}"} mv ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal $RPM_BUILD_ROOT%{unpacked_licenses}/%{jdkportablesourcesarchive -- "%{normal_suffix}"}
# To show sha in the build log # To show sha in the build log
for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do ls -l $file ; cat $file ; done for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do ls -l $file ; cat $file ; done
################################################################################ ################################################################################
@ -1513,10 +1532,11 @@ $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=fal
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
# Check alt-java launcher has SSB mitigation on supported architectures # Check alt-java launcher has SSB mitigation on supported architectures
# set_speculation function exists in both cases, so check for prctl call
%ifarch %{ssbd_arches} %ifarch %{ssbd_arches}
nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl
%else %else
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi if ! nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl ; then true ; else false; fi
%endif %endif
# Check correct vendor values have been set # Check correct vendor values have been set
@ -1627,7 +1647,25 @@ done
%{_jvmdir}/%{jdkportablesourcesarchiveForFiles}.sha256sum %{_jvmdir}/%{jdkportablesourcesarchiveForFiles}.sha256sum
%license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles} %license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles}
%files misc
%{_jvmdir}/%{miscportablearchive}
%{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog %changelog
* Fri Sep 15 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.0.0.35-3.rolling
- Update documentation (README.md, add missing JEP to release notes)
- Replace alt-java patch with a binary separate from the JDK
- Drop stale patches that are of little use any more:
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
- * No accessibility subpackage to warrant RH1648242 patch any more
- * No use of system libjpeg turbo to warrant RH649512 patch any more
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
- Update generate_tarball.sh to sync with upstream vanilla script
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
- Use upstream release URL for OpenJDK source
- Port misc tarball from RHEL to house alt-java outside the JDK tree
- Port improved tarball creation and checking from RHEL so tarballs are verified
* Thu Sep 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.0.0.35-2.rolling * Thu Sep 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.0.0.35-2.rolling
- Bump buildjdkver now that java-21-openjdk is available in the buildroot - Bump buildjdkver now that java-21-openjdk is available in the buildroot

125
jdk8009550-rh910107-fail_to_load_pcsc_library.patch Normal file
View File

@ -0,0 +1,125 @@
commit d0523302416bc6507696f20d1068f16427bcf6b8
Author: Andrew Hughes <gnu.andrew@redhat.com>
Date: Thu Aug 24 01:23:49 2023 +0100
8009550: PlatformPCSC should load versioned so
diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java
index bff273c6548..e5a6b288ff8 100644
--- a/src/java.base/share/classes/sun/security/util/Debug.java
+++ b/src/java.base/share/classes/sun/security/util/Debug.java
@@ -81,6 +81,7 @@ public static void Help()
System.err.println("logincontext login context results");
System.err.println("jca JCA engine class debugging");
System.err.println("keystore KeyStore debugging");
+ System.err.println("pcsc Smartcard library debugging");
System.err.println("policy loading and granting");
System.err.println("provider security provider debugging");
System.err.println("pkcs11 PKCS11 session manager debugging");
diff --git a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
index bacff32efbc..d9f605ada1e 100644
--- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
+++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
@@ -1,5 +1,6 @@
/*
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2023, Red Hat Inc. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -46,8 +47,13 @@ class PlatformPCSC {
private static final String PROP_NAME = "sun.security.smartcardio.library";
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+ private static final String[] LIB_TEMPLATES = { "/usr/$LIBISA/libpcsclite.so",
+ "/usr/local/$LIBISA/libpcsclite.so",
+ "/usr/lib/$ARCH-linux-gnu/libpcsclite.so",
+ "/usr/lib/arm-linux-gnueabi/libpcsclite.so",
+ "/usr/lib/arm-linux-gnueabihf/libpcsclite.so",
+ "/usr/lib/$ARCH-kfreebsd-gnu/libpcsclite.so" };
+ private static final String[] LIB_SUFFIXES = { ".1", ".0", "" };
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
PlatformPCSC() {
@@ -73,23 +79,38 @@ public Throwable run() {
});
// expand $LIBISA to the system specific directory name for libraries
+ // expand $ARCH to the Debian system architecture in use
private static String expand(String lib) {
int k = lib.indexOf("$LIBISA");
- if (k == -1) {
- return lib;
+ if (k != -1) {
+ String libDir;
+ if ("64".equals(System.getProperty("sun.arch.data.model"))) {
+ // assume Linux convention
+ libDir = "lib64";
+ } else {
+ // must be 32-bit
+ libDir = "lib";
+ }
+ lib = lib.replace("$LIBISA", libDir);
}
- String s1 = lib.substring(0, k);
- String s2 = lib.substring(k + 7);
- String libDir;
- if ("64".equals(System.getProperty("sun.arch.data.model"))) {
- // assume Linux convention
- libDir = "lib64";
- } else {
- // must be 32-bit
- libDir = "lib";
+
+ k = lib.indexOf("$ARCH");
+ if (k != -1) {
+ String arch = System.getProperty("os.arch");
+ lib = lib.replace("$ARCH", getDebianArchitecture(arch));
}
- String s = s1 + libDir + s2;
- return s;
+
+ return lib;
+ }
+
+ private static String getDebianArchitecture(String jdkArch) {
+ return switch (jdkArch) {
+ case "amd64" -> "x86_64";
+ case "ppc" -> "powerpc";
+ case "ppc64" -> "powerpc64";
+ case "ppc64le" -> "powerpc64le";
+ default -> jdkArch;
+ };
}
private static String getLibraryName() throws IOException {
@@ -98,15 +119,18 @@ private static String getLibraryName() throws IOException {
if (lib.length() != 0) {
return lib;
}
- lib = expand(LIB1);
- if (new File(lib).isFile()) {
- // if LIB1 exists, use that
- return lib;
- }
- lib = expand(LIB2);
- if (new File(lib).isFile()) {
- // if LIB2 exists, use that
- return lib;
+
+ for (String template : LIB_TEMPLATES) {
+ for (String suffix : LIB_SUFFIXES) {
+ lib = expand(template) + suffix;
+ if (debug != null) {
+ debug.println("Looking for " + lib);
+ }
+ if (new File(lib).isFile()) {
+ // if library exists, use that
+ return lib;
+ }
+ }
}
// As of macos 11, framework libraries have been removed from the file

5
nss.cfg.in
View File

@ -1,5 +0,0 @@
name = NSS
nssLibraryDirectory = @NSS_LIBDIR@
nssDbMode = noDb
attributes = compatibility
handleStartupErrors = ignoreMultipleInitialisation

16
rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
View File

@ -1,16 +0,0 @@
diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jun 13 19:37:49 2019 +0200
+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jul 04 10:35:42 2019 +0200
@@ -595,7 +595,11 @@
toolkit = new HeadlessToolkit(toolkit);
}
if (!GraphicsEnvironment.isHeadless()) {
- loadAssistiveTechnologies();
+ try {
+ loadAssistiveTechnologies();
+ } catch (AWTError error) {
+ // ignore silently
+ }
}
}
return toolkit;

13
rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
View File

@ -1,13 +0,0 @@
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
index 68a9c1a2d08..7aa25eb2cb7 100644
--- openjdk.orig/src/java.base/share/conf/security/java.security
+++ openjdk/src/java.base/share/conf/security/java.security
@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
security.provider.tbd=Apple
#endif
security.provider.tbd=SunPKCS11
+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
#
# Security providers used when FIPS mode support is active

15
rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
View File

@ -1,15 +0,0 @@
diff --git a/openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
index bacff32efbc..ff7b3dcc81c 100644
--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
@@ -46,8 +46,8 @@ class PlatformPCSC {
private static final String PROP_NAME = "sun.security.smartcardio.library";
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+ private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
+ private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
PlatformPCSC() {

117
rh1750419-redhat_alt_java.patch
View File

@ -1,117 +0,0 @@
diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk
index 700ddefda49..2882de68eb2 100644
--- openjdk.orig/make/modules/java.base/Launcher.gmk
+++ openjdk/make/modules/java.base/Launcher.gmk
@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \
OPTIMIZATION := HIGH, \
))
+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
+$(eval $(call SetupBuildLauncher, alt-java, \
+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
+ EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \
+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
+ OPTIMIZATION := HIGH, \
+))
+
ifeq ($(call isTargetOs, windows), true)
$(eval $(call SetupBuildLauncher, javaw, \
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
new file mode 100644
index 00000000000..697df2898ac
--- /dev/null
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#ifdef REDHAT_ALT_JAVA
+
+#include <sys/prctl.h>
+
+
+/* Per task speculation control */
+#ifndef PR_GET_SPECULATION_CTRL
+# define PR_GET_SPECULATION_CTRL 52
+#endif
+#ifndef PR_SET_SPECULATION_CTRL
+# define PR_SET_SPECULATION_CTRL 53
+#endif
+/* Speculation control variants */
+#ifndef PR_SPEC_STORE_BYPASS
+# define PR_SPEC_STORE_BYPASS 0
+#endif
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
+
+#ifndef PR_SPEC_NOT_AFFECTED
+# define PR_SPEC_NOT_AFFECTED 0
+#endif
+#ifndef PR_SPEC_PRCTL
+# define PR_SPEC_PRCTL (1UL << 0)
+#endif
+#ifndef PR_SPEC_ENABLE
+# define PR_SPEC_ENABLE (1UL << 1)
+#endif
+#ifndef PR_SPEC_DISABLE
+# define PR_SPEC_DISABLE (1UL << 2)
+#endif
+#ifndef PR_SPEC_FORCE_DISABLE
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
+#endif
+#ifndef PR_SPEC_DISABLE_NOEXEC
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
+#endif
+
+static void set_speculation() __attribute__((constructor));
+static void set_speculation() {
+ if ( prctl(PR_SET_SPECULATION_CTRL,
+ PR_SPEC_STORE_BYPASS,
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
+ return;
+ }
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
+}
+
+#endif // REDHAT_ALT_JAVA
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
index b734fe2ba78..79dc8307650 100644
--- openjdk.orig/src/java.base/share/native/launcher/main.c
+++ openjdk/src/java.base/share/native/launcher/main.c
@@ -34,6 +34,14 @@
#include "jli_util.h"
#include "jni.h"
+#ifdef REDHAT_ALT_JAVA
+#if defined(__linux__) && defined(__x86_64__)
+#include "alt_main.h"
+#else
+#warning alt-java requested but SSB mitigation not available on this platform.
+#endif
+#endif
+
/*
* Entry point.
*/

19
rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
View File

@ -1,19 +0,0 @@
Remove uses of FAR in jpeg code
Upstream libjpeg-trubo removed the (empty) FAR macro:
http://sourceforge.net/p/libjpeg-turbo/code/1312/
Adjust our code to not use the undefined FAR macro anymore.
diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
--- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
+++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
@@ -1385,7 +1385,7 @@
/* and fill it in */
dst_ptr = icc_data;
for (seq_no = first; seq_no < last; seq_no++) {
- JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
+ JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
unsigned int length =
icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN;

2
sources
View File

@ -1 +1 @@
SHA512 (openjdk-jdk21u-jdk-21+35.tar.xz) = 5961f12ff9828856e5ce7847a06177a6761088dbefbcac05512a7c3433d45154f6d59872cd00268fecd987128e623bb343d9879b26f6c6c811e6d6713d1b17a2 SHA512 (openjdk-21+35.tar.xz) = 311e954cc8d28a336b85efc05baade8945fe5292ae2d91cc7ff71c6b3a1830b1a4b9fc641f87e68a4b3db175eb5c21a18664457715da9b37720c5d4b3eb67195