Sync with upcoming java-21-openjdk package in RHEL
- Update documentation (README.md, add missing JEP to release notes) - Replace alt-java patch with a binary separate from the JDK - Drop stale patches that are of little use any more: - * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work - * No accessibility subpackage to warrant RH1648242 patch any more - * No use of system libjpeg turbo to warrant RH649512 patch any more - Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed - Update generate_tarball.sh to sync with upstream vanilla script - Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball - Use upstream release URL for OpenJDK source - Port misc tarball from RHEL to house alt-java outside the JDK tree - Port improved tarball creation and checking from RHEL so tarballs are verified
This commit is contained in:
parent
fff7874101
commit
4ec83bb3a6
1
.gitignore
vendored
1
.gitignore
vendored
@ -36,3 +36,4 @@
|
||||
/openjdk-jdk20u-jdk-20.0.2+9.tar.xz
|
||||
/openjdk-jdk21u-jdk-21+34.tar.xz
|
||||
/openjdk-jdk21u-jdk-21+35.tar.xz
|
||||
/openjdk-21+35.tar.xz
|
||||
|
21
NEWS
21
NEWS
@ -76,6 +76,20 @@ an underscore character, _.
|
||||
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
|
||||
in OpenJDK 21 (JEP 443).
|
||||
|
||||
Unnamed Classes and Instance Main Methods
|
||||
=========================================
|
||||
https://openjdk.org/jeps/445
|
||||
|
||||
Evolve the Java language so that students can write their first
|
||||
programs without needing to understand language features designed for
|
||||
large programs. Far from using a separate dialect of Java, students
|
||||
can write streamlined declarations for single-class programs and then
|
||||
seamlessly expand their programs to use more advanced features as
|
||||
their skills grow.
|
||||
|
||||
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
|
||||
in OpenJDK 21 (JEP 445).
|
||||
|
||||
Library Features
|
||||
================
|
||||
|
||||
@ -128,14 +142,15 @@ Virtual Threads
|
||||
===============
|
||||
https://openjdk.org/jeps/425
|
||||
https://openjdk.org/jeps/436
|
||||
https://openjdk.org/jeps/444
|
||||
|
||||
Introduce virtual threads to the Java Platform. Virtual threads are
|
||||
lightweight threads that dramatically reduce the effort of writing,
|
||||
maintaining, and observing high-throughput concurrent applications.
|
||||
|
||||
This is a preview feature (http://openjdk.java.net/jeps/12) introduced
|
||||
in OpenJDK 19 (JEP 425) and reaching its second preview in OpenJDK 20
|
||||
(JEP 436).
|
||||
This was a preview feature (http://openjdk.java.net/jeps/12)
|
||||
introduced in OpenJDK 19 (JEP 425) and reaching its second preview in
|
||||
OpenJDK 20 (JEP 436). It became final with OpenJDK 21 (JEP 444).
|
||||
|
||||
Structured Concurrency
|
||||
======================
|
||||
|
24
README.md
24
README.md
@ -1,16 +1,14 @@
|
||||
# java-latest-openjdk-portable
|
||||
This package contains the latest rolling release of OpenJDK. OpenJDK
|
||||
has a release cadence of six months, with a new release in March and
|
||||
September each year.
|
||||
|
||||
The java-latest-openjdk-portable package
|
||||
=======
|
||||
Rolling release of (usually) STSs OpenJDK
|
||||
OpenJDK has release cadence of 6 months, but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbor them. Currently it is build of OpenJDK 12. LTSs will go also as separate packages.
|
||||
The current release is OpenJDK 21. For a list of major changes from
|
||||
OpenJDK 20, see the NEWS file included in this package and the
|
||||
upstream release page:
|
||||
|
||||
JDK21 is current release of Java platform. It is bringing many cool improvements - https://openjdk.org/projects/jdk/21/ and is landing to your Fedora. Where it will be maintained for f28 and newer. Unluckily, this package is STS (short term support) version. Between individual LTS there will be always several STS. Again, please see announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html and See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf . So this is rolling release of all STSs to come. Its fate during the release of fresh LTS is yet to be decided. You will always be allowed to install LTS in fedora build root, alongside with latest STS via alternatives.
|
||||
https://openjdk.java.net/projects/jdk/21/
|
||||
|
||||
|
||||
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
|
||||
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1557371#c0
|
||||
https://fedoraproject.org/wiki/Changes/java-openjdk-10
|
||||
https://fedoraproject.org/wiki/Changes/java-11-openjdk-TechPreview
|
||||
This package is intended for those who want to follow the latest
|
||||
OpenJDK releases. Long term support versions of OpenJDK are available
|
||||
in the java-1.8.0-openjdk, java-11-openjdk and java-17-openjdk
|
||||
packages.
|
||||
|
100
alt-java.c
Normal file
100
alt-java.c
Normal file
@ -0,0 +1,100 @@
|
||||
/*
|
||||
* Copyright (C) 2023 Red Hat, Inc.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License version 2 only, as
|
||||
* published by the Free Software Foundation. Red Hat designates this
|
||||
* particular file as subject to the "Classpath" exception as provided
|
||||
* by Red Hat in the LICENSE file that accompanied this code.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
* version 2 for more details (a copy is included in the LICENSE file that
|
||||
* accompanied this code).
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License version
|
||||
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <libgen.h>
|
||||
#include <linux/limits.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <sys/prctl.h>
|
||||
#include <unistd.h>
|
||||
|
||||
/* Per task speculation control */
|
||||
#ifndef PR_GET_SPECULATION_CTRL
|
||||
# define PR_GET_SPECULATION_CTRL 52
|
||||
#endif
|
||||
#ifndef PR_SET_SPECULATION_CTRL
|
||||
# define PR_SET_SPECULATION_CTRL 53
|
||||
#endif
|
||||
/* Speculation control variants */
|
||||
#ifndef PR_SPEC_STORE_BYPASS
|
||||
# define PR_SPEC_STORE_BYPASS 0
|
||||
#endif
|
||||
/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
|
||||
|
||||
#ifndef PR_SPEC_NOT_AFFECTED
|
||||
# define PR_SPEC_NOT_AFFECTED 0
|
||||
#endif
|
||||
#ifndef PR_SPEC_PRCTL
|
||||
# define PR_SPEC_PRCTL (1UL << 0)
|
||||
#endif
|
||||
#ifndef PR_SPEC_ENABLE
|
||||
# define PR_SPEC_ENABLE (1UL << 1)
|
||||
#endif
|
||||
#ifndef PR_SPEC_DISABLE
|
||||
# define PR_SPEC_DISABLE (1UL << 2)
|
||||
#endif
|
||||
#ifndef PR_SPEC_FORCE_DISABLE
|
||||
# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||
#endif
|
||||
#ifndef PR_SPEC_DISABLE_NOEXEC
|
||||
# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||
#endif
|
||||
|
||||
static void set_speculation() {
|
||||
#if defined(__linux__) && defined(__x86_64__)
|
||||
// PR_SPEC_DISABLE_NOEXEC doesn't survive execve, so we can't use it
|
||||
// if ( prctl(PR_SET_SPECULATION_CTRL,
|
||||
// PR_SPEC_STORE_BYPASS,
|
||||
// PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
|
||||
// return;
|
||||
// }
|
||||
prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||
#else
|
||||
#warning alt-java requested but SSB mitigation not available on this platform.
|
||||
#endif
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
set_speculation();
|
||||
|
||||
char our_name[PATH_MAX], java_name[PATH_MAX];
|
||||
ssize_t len = readlink("/proc/self/exe", our_name, PATH_MAX - 1);
|
||||
if (len < 0) {
|
||||
perror("I can't find myself");
|
||||
exit(2);
|
||||
}
|
||||
|
||||
our_name[len] = '\0'; // readlink(2) doesn't append a null byte
|
||||
char *path = dirname(our_name);
|
||||
strncpy(java_name, path, PATH_MAX - 1);
|
||||
|
||||
size_t remaining_bytes = PATH_MAX - strlen(path) - 1;
|
||||
strncat(java_name, "/java", remaining_bytes);
|
||||
|
||||
execv(java_name, argv);
|
||||
fprintf(stderr, "%s failed to launch: %s\n", java_name, strerror(errno));
|
||||
|
||||
exit(1);
|
||||
}
|
||||
|
@ -30,19 +30,20 @@ set -e
|
||||
|
||||
OPENJDK_URL_DEFAULT=https://github.com
|
||||
COMPRESSION_DEFAULT=xz
|
||||
# Corresponding IcedTea version
|
||||
ICEDTEA_VERSION=15.0
|
||||
|
||||
if [ "x$1" = "xhelp" ] ; then
|
||||
if [ "x$VERSION" = "x" ] ; then
|
||||
VERSION="<unspecified>";
|
||||
fi
|
||||
echo -e "Behaviour may be specified by setting the following variables:\n"
|
||||
echo "VERSION - the version of the specified OpenJDK project"
|
||||
echo "VERSION - the version of the specified OpenJDK project (current value: ${VERSION})"
|
||||
echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)"
|
||||
echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)"
|
||||
echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
|
||||
echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
|
||||
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
|
||||
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to open${VERSION})"
|
||||
echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
|
||||
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
|
||||
echo "TO_COMPRESS - what part of clone to pack (default is ${VERSION})"
|
||||
echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run"
|
||||
exit 1;
|
||||
fi
|
||||
@ -53,6 +54,7 @@ if [ "x$VERSION" = "x" ] ; then
|
||||
exit 2
|
||||
fi
|
||||
echo "Version: ${VERSION}"
|
||||
|
||||
NUM_VER=${VERSION##jdk-}
|
||||
RELEASE_VER=${NUM_VER%%+*}
|
||||
BUILD_VER=${NUM_VER##*+}
|
||||
@ -109,7 +111,7 @@ fi
|
||||
echo "Creating a tar.${COMPRESSION} archive"
|
||||
|
||||
if [ "x$FILE_NAME_ROOT" = "x" ] ; then
|
||||
FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
|
||||
FILE_NAME_ROOT=open${VERSION}
|
||||
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
|
||||
fi
|
||||
if [ "x$REPO_ROOT" = "x" ] ; then
|
||||
@ -118,7 +120,7 @@ if [ "x$REPO_ROOT" = "x" ] ; then
|
||||
fi;
|
||||
|
||||
if [ "x$TO_COMPRESS" = "x" ] ; then
|
||||
TO_COMPRESS="openjdk"
|
||||
TO_COMPRESS="${VERSION}"
|
||||
echo "No targets to be compressed specified, ; default to ${TO_COMPRESS}"
|
||||
fi;
|
||||
|
||||
@ -141,35 +143,35 @@ else
|
||||
mkdir "${FILE_NAME_ROOT}"
|
||||
pushd "${FILE_NAME_ROOT}"
|
||||
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
|
||||
git clone -b ${VERSION} ${REPO_ROOT} openjdk
|
||||
git clone -b ${VERSION} ${REPO_ROOT} ${VERSION}
|
||||
popd
|
||||
fi
|
||||
pushd "${FILE_NAME_ROOT}"
|
||||
# Generate .src-rev so build has knowledge of the revision the tarball was created from
|
||||
mkdir build
|
||||
pushd build
|
||||
sh ${PWD}/../openjdk/configure --with-boot-jdk=${BOOT_JDK}
|
||||
sh ${PWD}/../${VERSION}/configure --with-boot-jdk=${BOOT_JDK}
|
||||
make store-source-revision
|
||||
popd
|
||||
rm -rf build
|
||||
|
||||
# Remove commit checks
|
||||
echo "Removing $(find openjdk -name '.jcheck' -print)"
|
||||
find openjdk -name '.jcheck' -print0 | xargs -0 rm -rf
|
||||
echo "Removing $(find ${VERSION} -name '.jcheck' -print)"
|
||||
find ${VERSION} -name '.jcheck' -print0 | xargs -0 rm -r
|
||||
|
||||
# Remove history and GHA
|
||||
echo "find openjdk -name '.hgtags'"
|
||||
find openjdk -name '.hgtags' -exec rm -fv '{}' '+'
|
||||
echo "find openjdk -name '.hgignore'"
|
||||
find openjdk -name '.hgignore' -exec rm -fv '{}' '+'
|
||||
echo "find openjdk -name '.gitattributes'"
|
||||
find openjdk -name '.gitattributes' -exec rm -fv '{}' '+'
|
||||
echo "find openjdk -name '.gitignore'"
|
||||
find openjdk -name '.gitignore' -exec rm -fv '{}' '+'
|
||||
echo "find openjdk -name '.git'"
|
||||
find openjdk -name '.git' -exec rm -rfv '{}' '+'
|
||||
echo "find openjdk -name '.github'"
|
||||
find openjdk -name '.github' -exec rm -rfv '{}' '+'
|
||||
echo "find ${VERSION} -name '.hgtags'"
|
||||
find ${VERSION} -name '.hgtags' -exec rm -v '{}' '+'
|
||||
echo "find ${VERSION} -name '.hgignore'"
|
||||
find ${VERSION} -name '.hgignore' -exec rm -v '{}' '+'
|
||||
echo "find ${VERSION} -name '.gitattributes'"
|
||||
find ${VERSION} -name '.gitattributes' -exec rm -v '{}' '+'
|
||||
echo "find ${VERSION} -name '.gitignore'"
|
||||
find ${VERSION} -name '.gitignore' -exec rm -v '{}' '+'
|
||||
echo "find ${VERSION} -name '.git'"
|
||||
find ${VERSION} -name '.git' -exec rm -rv '{}' '+'
|
||||
echo "find ${VERSION} -name '.github'"
|
||||
find ${VERSION} -name '.github' -exec rm -rv '{}' '+'
|
||||
|
||||
echo "Compressing remaining forest"
|
||||
if [ "X$COMPRESSION" = "Xxz" ] ; then
|
||||
|
@ -257,12 +257,6 @@
|
||||
%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||')
|
||||
%global ourldflags %{__global_ldflags}
|
||||
|
||||
# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path
|
||||
# the initialization must be here. Later the pkg-config have buggy behavior
|
||||
# looks like openjdk RPM specific bug
|
||||
# Always set this so the nss.cfg file is not broken
|
||||
%global NSS_LIBDIR %(pkg-config --variable=libdir nss)
|
||||
|
||||
# In some cases, the arch used by the JDK does
|
||||
# not match _arch.
|
||||
# Also, in some cases, the machine name used by SystemTap
|
||||
@ -388,10 +382,10 @@
|
||||
# Standard JPackage naming and versioning defines
|
||||
%global origin openjdk
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name %{vcstag}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 35
|
||||
%global rpmrelease 2
|
||||
%global rpmrelease 3
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
||||
@ -444,6 +438,7 @@
|
||||
%global static_libs_install_dir %{static_libs_arch_dir}/glibc
|
||||
# output dir stub
|
||||
%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
|
||||
%global altjavaoutputdir install/altjava.install
|
||||
# we can copy the javadoc to not arched dir, or make it not noarch
|
||||
%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}}
|
||||
# main id and dir of this jdk
|
||||
@ -464,6 +459,8 @@
|
||||
# Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on
|
||||
# top of the JDK archive
|
||||
%define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}}
|
||||
%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;%{version}-%{release};\\0.portable%{1}.misc;g" | sed "s;openjdkportable;el;g")
|
||||
%define miscportablearchive() %{miscportablename}.tar.xz
|
||||
|
||||
# RPM 4.19 no longer accept our double percentaged %%{nil} passed to %%{1}
|
||||
# so we have to pass in "" but evaluate it, otherwise files record will include it
|
||||
@ -548,6 +545,8 @@ ExcludeArch: %{ix86}
|
||||
%define java_static_libs_rpo() %{expand:
|
||||
}
|
||||
|
||||
%define java_misc_rpo() %{expand:
|
||||
}
|
||||
|
||||
# Prevent brp-java-repack-jars from being run
|
||||
%global __jar_repack 0
|
||||
@ -598,7 +597,7 @@ URL: http://openjdk.java.net/
|
||||
|
||||
|
||||
# The source tarball, generated using generate_source_tarball.sh
|
||||
Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
|
||||
Source0: https://openjdk-sources.osci.io/openjdk%{featurever}/open%{vcstag}.tar.xz
|
||||
|
||||
# Use 'icedtea_sync.sh' to update the following
|
||||
# They are based on code contained in the IcedTea project (6.x).
|
||||
@ -613,8 +612,8 @@ Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz
|
||||
# Release notes
|
||||
Source10: NEWS
|
||||
|
||||
# nss configuration file
|
||||
Source11: nss.cfg.in
|
||||
# Source code for alt-java
|
||||
Source11: alt-java.c
|
||||
|
||||
# Removed libraries that we link instead
|
||||
# Disabled in portables
|
||||
@ -649,20 +648,6 @@ Source1004: ojdk17-s390x-17.35.tar.gz
|
||||
#
|
||||
############################################
|
||||
|
||||
# NSS via SunPKCS11 Provider (disabled comment
|
||||
# due to memory leak).
|
||||
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
|
||||
# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
|
||||
Patch600: rh1750419-redhat_alt_java.patch
|
||||
|
||||
# Ignore AWTError when assistive technologies are loaded
|
||||
Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
|
||||
# Restrict access to java-atk-wrapper classes
|
||||
Patch2: rh1648644-java_access_bridge_privileged_security.patch
|
||||
Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
|
||||
# Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
|
||||
Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
|
||||
|
||||
# Crypto policy and FIPS support patches
|
||||
# Patch is generated from the fips-21u tree at https://github.com/rh-openjdk/jdk/tree/fips-21u
|
||||
# as follows: git diff %%{vcstag} src make test > fips-21u-$(git show -s --format=%h HEAD).patch
|
||||
@ -688,7 +673,8 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
|
||||
# RH2090378: Revert to disabling system security properties and FIPS mode support together
|
||||
# RH2104724: Avoid import/export of DH private keys
|
||||
# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
|
||||
# RH2048582: Support PKCS#12 keystores
|
||||
# Build the systemconf library on all platforms
|
||||
# RH2048582: Support PKCS#12 keystores [now part of JDK-8301553 upstream]
|
||||
# RH2020290: Support TLS 1.3 in FIPS mode
|
||||
# Add nss.fips.cfg support to OpenJDK tree
|
||||
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
|
||||
@ -697,15 +683,17 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d
|
||||
# RH2134669: Add missing attributes when registering services in FIPS mode.
|
||||
# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
|
||||
# RH1940064: Enable XML Signature provider in FIPS mode
|
||||
# Build the systemconf library on all platforms
|
||||
# Remove GCC minor versioning (JDK-8284772) to unbreak testing
|
||||
Patch1001: fips-21u-%{fipsver}.patch
|
||||
# RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
|
||||
Patch1001: fips-%{featurever}u-%{fipsver}.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
# OpenJDK patches in need of upstreaming
|
||||
#
|
||||
#############################################
|
||||
# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
|
||||
# PR: https://github.com/openjdk/jdk/pull/15409
|
||||
Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -746,7 +734,7 @@ BuildRequires: libXrandr-devel
|
||||
BuildRequires: libXrender-devel
|
||||
BuildRequires: libXt-devel
|
||||
BuildRequires: libXtst-devel
|
||||
# Requirement for setting up nss.cfg and nss.fips.cfg
|
||||
# Requirement for setting up nss.fips.cfg
|
||||
BuildRequires: nss-devel
|
||||
# Requirement for system security property test
|
||||
%if (0%{?rhel} > 0 && 0%{?rhel} < 8)
|
||||
@ -916,6 +904,14 @@ The %{origin_nice} %{featurever} libraries for static linking - portable edition
|
||||
# staticlibs
|
||||
%endif
|
||||
|
||||
%package misc
|
||||
Summary: %{origin_nice} %{featurever} miscellany
|
||||
|
||||
%{java_misc_rpo %{nil}}
|
||||
|
||||
%description misc
|
||||
The %{origin_nice} %{featurever} miscellany.
|
||||
|
||||
%package sources
|
||||
Summary: %{origin_nice} %{featurever} full patched sources of portable JDK
|
||||
|
||||
@ -979,18 +975,12 @@ sh %{SOURCE12} %{top_level_dir_name}
|
||||
|
||||
# Patch the JDK
|
||||
pushd %{top_level_dir_name}
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch6 -p1
|
||||
# Add crypto policy and FIPS support
|
||||
%patch1001 -p1
|
||||
# nss.cfg PKCS11 support; must come last as it also alters java.security
|
||||
%patch1000 -p1
|
||||
# Patches in need of upstreaming
|
||||
%patch6 -p1
|
||||
popd # openjdk
|
||||
|
||||
%patch600
|
||||
|
||||
# The OpenJDK version file includes the current
|
||||
# upstream version information. For some reason,
|
||||
# configure does not automatically use the
|
||||
@ -1043,9 +1033,6 @@ done
|
||||
# Prepare desktop files
|
||||
# Portables do not have desktop integration
|
||||
|
||||
# Setup nss.cfg
|
||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
|
||||
|
||||
%build
|
||||
%if (0%{?rhel} > 0 && 0%{?rhel} < 8)
|
||||
mkdir bootjdk
|
||||
@ -1100,6 +1087,10 @@ EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming
|
||||
%endif
|
||||
export EXTRA_CFLAGS EXTRA_CPP_FLAGS
|
||||
|
||||
echo "Building %{SOURCE11}"
|
||||
mkdir -p %{altjavaoutputdir}
|
||||
gcc ${EXTRA_CFLAGS} -o %{altjavaoutputdir}/%{alt_java_name} %{SOURCE11}
|
||||
|
||||
function buildjdk() {
|
||||
local outputdir=${1}
|
||||
local buildjdk=${2}
|
||||
@ -1204,9 +1195,6 @@ function installjdk() {
|
||||
find ${imagepath} -iname '*.so' -exec chmod +x {} \;
|
||||
find ${imagepath}/bin/ -exec chmod +x {} \;
|
||||
|
||||
# Install nss.cfg right away as we will be using the JRE above
|
||||
install -m 644 nss.cfg ${imagepath}/conf/security/
|
||||
|
||||
# Create fake alt-java as a placeholder for future alt-java
|
||||
if [ -d man/man1 ] ; then
|
||||
pushd ${imagepath}
|
||||
@ -1294,10 +1282,25 @@ EOF
|
||||
fi
|
||||
}
|
||||
|
||||
function genchecksum() {
|
||||
local checkedfile=${1}
|
||||
|
||||
checkdir=$(dirname ${1})
|
||||
checkfile=$(basename ${1})
|
||||
|
||||
echo "Generating checksum for ${checkfile} in ${checkdir}..."
|
||||
pushd ${checkdir}
|
||||
sha256sum ${checkfile} > ${checkfile}.sha256sum
|
||||
sha256sum --check ${checkfile}.sha256sum
|
||||
popd
|
||||
}
|
||||
|
||||
packagesdir=$(pwd)/..
|
||||
|
||||
pwd
|
||||
ls -l
|
||||
tar -cJf ../%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" openjdk nss*
|
||||
sha256sum ../%{jdkportablesourcesarchive -- ""} > ../%{jdkportablesourcesarchive -- ""}.sha256sum
|
||||
tar -cJf ${packagesdir}/%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" %{top_level_dir_name}
|
||||
genchecksum ${packagesdir}/%{jdkportablesourcesarchive -- ""}
|
||||
|
||||
%if %{build_hotspot_first}
|
||||
# Build a fresh libjvm.so first and use it to bootstrap
|
||||
@ -1410,12 +1413,12 @@ for suffix in %{build_loop} ; do
|
||||
|
||||
mv %{jdkimage} %{jdkportablename -- "$nameSuffix"}
|
||||
mv %{jreimage} %{jreportablename -- "$nameSuffix"}
|
||||
tar -cJf ../../../../%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"}
|
||||
sha256sum ../../../../%{jdkportablearchive -- "$nameSuffix"} > ../../../../%{jdkportablearchive -- "$nameSuffix"}.sha256sum
|
||||
tar -cJf ../../../../%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"}
|
||||
sha256sum ../../../../%{jreportablearchive -- "$nameSuffix"} > ../../../../%{jreportablearchive -- "$nameSuffix"}.sha256sum
|
||||
tar -cJf ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"}
|
||||
genchecksum ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}
|
||||
tar -cJf ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"}
|
||||
genchecksum ${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
|
||||
# copy licenses so they are avialable out of tarball
|
||||
cp -rf %{jdkportablename -- "$nameSuffix"}/legal ../../../../%{jdkportablearchive -- "%{normal_suffix}"}-legal
|
||||
cp -rf %{jdkportablename -- "$nameSuffix"}/legal ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal
|
||||
mv %{jdkportablename -- "$nameSuffix"} %{jdkimage}
|
||||
mv %{jreportablename -- "$nameSuffix"} %{jreimage}
|
||||
popd #images
|
||||
@ -1426,8 +1429,8 @@ for suffix in %{build_loop} ; do
|
||||
# Tar as overlay. Transform to the JDK name, since we just want to "add"
|
||||
# static libraries to that folder
|
||||
portableJDKname=%{staticlibsportablename -- "$nameSuffix"}
|
||||
tar -cJf ../../../../%{staticlibsportablearchive -- "$nameSuffix"} --transform "s|^%{static_libs_image}/lib/*|$portableJDKname/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib"
|
||||
sha256sum ../../../../%{staticlibsportablearchive -- "$nameSuffix"} > ../../../../%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum
|
||||
tar -cJf ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} --transform "s|^%{static_libs_image}/lib/*|$portableJDKname/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib"
|
||||
genchecksum ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}
|
||||
popd #staticlibs-images
|
||||
%endif
|
||||
################################################################################
|
||||
@ -1437,10 +1440,26 @@ for suffix in %{build_loop} ; do
|
||||
# build cycles
|
||||
done # end of release / debug cycle loop
|
||||
|
||||
# These are from the source tree so no debug variants
|
||||
miscname=%{miscportablename}
|
||||
miscarchive=${packagesdir}/%{miscportablearchive}
|
||||
|
||||
mkdir ${miscname}
|
||||
cp -av %{altjavaoutputdir}/%{alt_java_name} ${miscname}
|
||||
tar -cJf ${miscarchive} ${miscname}
|
||||
genchecksum ${miscarchive}
|
||||
|
||||
%install
|
||||
|
||||
packagesdir=$(pwd)/..
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
|
||||
mv ../%{jdkportablesourcesarchive -- ""} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ../%{jdkportablesourcesarchive -- ""}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
# Install outside the loop as there are no debug variants
|
||||
miscarchive=${packagesdir}/%{miscportablearchive}
|
||||
mv ${packagesdir}/%{jdkportablesourcesarchive -- ""} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${packagesdir}/%{jdkportablesourcesarchive -- ""}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
|
||||
for suffix in %{build_loop} ; do
|
||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
||||
@ -1451,13 +1470,13 @@ top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
||||
else
|
||||
nameSuffix=`echo "$suffix"| sed s/-/./`
|
||||
fi
|
||||
mv ../%{jdkportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ../%{jdkportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ../%{jreportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ../%{jreportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
%if %{include_staticlibs}
|
||||
mv ../%{staticlibsportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ../%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
|
||||
%endif
|
||||
if [ "x$suffix" == "x" ] ; then
|
||||
dnameSuffix="$nameSuffix".debuginfo
|
||||
@ -1471,7 +1490,7 @@ done
|
||||
################################################################################
|
||||
# the licenses are packed onloy once and shared
|
||||
mkdir -p $RPM_BUILD_ROOT%{unpacked_licenses}
|
||||
mv ../%{jdkportablearchive -- "%{normal_suffix}"}-legal $RPM_BUILD_ROOT%{unpacked_licenses}/%{jdkportablesourcesarchive -- "%{normal_suffix}"}
|
||||
mv ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal $RPM_BUILD_ROOT%{unpacked_licenses}/%{jdkportablesourcesarchive -- "%{normal_suffix}"}
|
||||
# To show sha in the build log
|
||||
for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do ls -l $file ; cat $file ; done
|
||||
################################################################################
|
||||
@ -1513,10 +1532,11 @@ $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=fal
|
||||
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
|
||||
|
||||
# Check alt-java launcher has SSB mitigation on supported architectures
|
||||
# set_speculation function exists in both cases, so check for prctl call
|
||||
%ifarch %{ssbd_arches}
|
||||
nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
|
||||
nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl
|
||||
%else
|
||||
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
||||
if ! nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl ; then true ; else false; fi
|
||||
%endif
|
||||
|
||||
# Check correct vendor values have been set
|
||||
@ -1627,7 +1647,25 @@ done
|
||||
%{_jvmdir}/%{jdkportablesourcesarchiveForFiles}.sha256sum
|
||||
%license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles}
|
||||
|
||||
%files misc
|
||||
%{_jvmdir}/%{miscportablearchive}
|
||||
%{_jvmdir}/%{miscportablearchive}.sha256sum
|
||||
|
||||
%changelog
|
||||
* Fri Sep 15 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.0.0.35-3.rolling
|
||||
- Update documentation (README.md, add missing JEP to release notes)
|
||||
- Replace alt-java patch with a binary separate from the JDK
|
||||
- Drop stale patches that are of little use any more:
|
||||
- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work
|
||||
- * No accessibility subpackage to warrant RH1648242 patch any more
|
||||
- * No use of system libjpeg turbo to warrant RH649512 patch any more
|
||||
- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed
|
||||
- Update generate_tarball.sh to sync with upstream vanilla script
|
||||
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
|
||||
- Use upstream release URL for OpenJDK source
|
||||
- Port misc tarball from RHEL to house alt-java outside the JDK tree
|
||||
- Port improved tarball creation and checking from RHEL so tarballs are verified
|
||||
|
||||
* Thu Sep 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.0.0.35-2.rolling
|
||||
- Bump buildjdkver now that java-21-openjdk is available in the buildroot
|
||||
|
||||
|
125
jdk8009550-rh910107-fail_to_load_pcsc_library.patch
Normal file
125
jdk8009550-rh910107-fail_to_load_pcsc_library.patch
Normal file
@ -0,0 +1,125 @@
|
||||
commit d0523302416bc6507696f20d1068f16427bcf6b8
|
||||
Author: Andrew Hughes <gnu.andrew@redhat.com>
|
||||
Date: Thu Aug 24 01:23:49 2023 +0100
|
||||
|
||||
8009550: PlatformPCSC should load versioned so
|
||||
|
||||
diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java
|
||||
index bff273c6548..e5a6b288ff8 100644
|
||||
--- a/src/java.base/share/classes/sun/security/util/Debug.java
|
||||
+++ b/src/java.base/share/classes/sun/security/util/Debug.java
|
||||
@@ -81,6 +81,7 @@ public static void Help()
|
||||
System.err.println("logincontext login context results");
|
||||
System.err.println("jca JCA engine class debugging");
|
||||
System.err.println("keystore KeyStore debugging");
|
||||
+ System.err.println("pcsc Smartcard library debugging");
|
||||
System.err.println("policy loading and granting");
|
||||
System.err.println("provider security provider debugging");
|
||||
System.err.println("pkcs11 PKCS11 session manager debugging");
|
||||
diff --git a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
index bacff32efbc..d9f605ada1e 100644
|
||||
--- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
+++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
@@ -1,5 +1,6 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
+ * Copyright (c) 2023, Red Hat Inc. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@@ -46,8 +47,13 @@ class PlatformPCSC {
|
||||
|
||||
private static final String PROP_NAME = "sun.security.smartcardio.library";
|
||||
|
||||
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
|
||||
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
|
||||
+ private static final String[] LIB_TEMPLATES = { "/usr/$LIBISA/libpcsclite.so",
|
||||
+ "/usr/local/$LIBISA/libpcsclite.so",
|
||||
+ "/usr/lib/$ARCH-linux-gnu/libpcsclite.so",
|
||||
+ "/usr/lib/arm-linux-gnueabi/libpcsclite.so",
|
||||
+ "/usr/lib/arm-linux-gnueabihf/libpcsclite.so",
|
||||
+ "/usr/lib/$ARCH-kfreebsd-gnu/libpcsclite.so" };
|
||||
+ private static final String[] LIB_SUFFIXES = { ".1", ".0", "" };
|
||||
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
|
||||
|
||||
PlatformPCSC() {
|
||||
@@ -73,23 +79,38 @@ public Throwable run() {
|
||||
});
|
||||
|
||||
// expand $LIBISA to the system specific directory name for libraries
|
||||
+ // expand $ARCH to the Debian system architecture in use
|
||||
private static String expand(String lib) {
|
||||
int k = lib.indexOf("$LIBISA");
|
||||
- if (k == -1) {
|
||||
- return lib;
|
||||
+ if (k != -1) {
|
||||
+ String libDir;
|
||||
+ if ("64".equals(System.getProperty("sun.arch.data.model"))) {
|
||||
+ // assume Linux convention
|
||||
+ libDir = "lib64";
|
||||
+ } else {
|
||||
+ // must be 32-bit
|
||||
+ libDir = "lib";
|
||||
+ }
|
||||
+ lib = lib.replace("$LIBISA", libDir);
|
||||
}
|
||||
- String s1 = lib.substring(0, k);
|
||||
- String s2 = lib.substring(k + 7);
|
||||
- String libDir;
|
||||
- if ("64".equals(System.getProperty("sun.arch.data.model"))) {
|
||||
- // assume Linux convention
|
||||
- libDir = "lib64";
|
||||
- } else {
|
||||
- // must be 32-bit
|
||||
- libDir = "lib";
|
||||
+
|
||||
+ k = lib.indexOf("$ARCH");
|
||||
+ if (k != -1) {
|
||||
+ String arch = System.getProperty("os.arch");
|
||||
+ lib = lib.replace("$ARCH", getDebianArchitecture(arch));
|
||||
}
|
||||
- String s = s1 + libDir + s2;
|
||||
- return s;
|
||||
+
|
||||
+ return lib;
|
||||
+ }
|
||||
+
|
||||
+ private static String getDebianArchitecture(String jdkArch) {
|
||||
+ return switch (jdkArch) {
|
||||
+ case "amd64" -> "x86_64";
|
||||
+ case "ppc" -> "powerpc";
|
||||
+ case "ppc64" -> "powerpc64";
|
||||
+ case "ppc64le" -> "powerpc64le";
|
||||
+ default -> jdkArch;
|
||||
+ };
|
||||
}
|
||||
|
||||
private static String getLibraryName() throws IOException {
|
||||
@@ -98,15 +119,18 @@ private static String getLibraryName() throws IOException {
|
||||
if (lib.length() != 0) {
|
||||
return lib;
|
||||
}
|
||||
- lib = expand(LIB1);
|
||||
- if (new File(lib).isFile()) {
|
||||
- // if LIB1 exists, use that
|
||||
- return lib;
|
||||
- }
|
||||
- lib = expand(LIB2);
|
||||
- if (new File(lib).isFile()) {
|
||||
- // if LIB2 exists, use that
|
||||
- return lib;
|
||||
+
|
||||
+ for (String template : LIB_TEMPLATES) {
|
||||
+ for (String suffix : LIB_SUFFIXES) {
|
||||
+ lib = expand(template) + suffix;
|
||||
+ if (debug != null) {
|
||||
+ debug.println("Looking for " + lib);
|
||||
+ }
|
||||
+ if (new File(lib).isFile()) {
|
||||
+ // if library exists, use that
|
||||
+ return lib;
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
|
||||
// As of macos 11, framework libraries have been removed from the file
|
@ -1,5 +0,0 @@
|
||||
name = NSS
|
||||
nssLibraryDirectory = @NSS_LIBDIR@
|
||||
nssDbMode = noDb
|
||||
attributes = compatibility
|
||||
handleStartupErrors = ignoreMultipleInitialisation
|
@ -1,16 +0,0 @@
|
||||
diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java
|
||||
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jun 13 19:37:49 2019 +0200
|
||||
+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jul 04 10:35:42 2019 +0200
|
||||
@@ -595,7 +595,11 @@
|
||||
toolkit = new HeadlessToolkit(toolkit);
|
||||
}
|
||||
if (!GraphicsEnvironment.isHeadless()) {
|
||||
- loadAssistiveTechnologies();
|
||||
+ try {
|
||||
+ loadAssistiveTechnologies();
|
||||
+ } catch (AWTError error) {
|
||||
+ // ignore silently
|
||||
+ }
|
||||
}
|
||||
}
|
||||
return toolkit;
|
@ -1,13 +0,0 @@
|
||||
diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security
|
||||
index 68a9c1a2d08..7aa25eb2cb7 100644
|
||||
--- openjdk.orig/src/java.base/share/conf/security/java.security
|
||||
+++ openjdk/src/java.base/share/conf/security/java.security
|
||||
@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI
|
||||
security.provider.tbd=Apple
|
||||
#endif
|
||||
security.provider.tbd=SunPKCS11
|
||||
+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
|
||||
|
||||
#
|
||||
# Security providers used when FIPS mode support is active
|
||||
|
@ -1,15 +0,0 @@
|
||||
diff --git a/openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
index bacff32efbc..ff7b3dcc81c 100644
|
||||
--- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
|
||||
@@ -46,8 +46,8 @@ class PlatformPCSC {
|
||||
|
||||
private static final String PROP_NAME = "sun.security.smartcardio.library";
|
||||
|
||||
- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
|
||||
- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
|
||||
+ private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
|
||||
+ private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
|
||||
private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
|
||||
|
||||
PlatformPCSC() {
|
@ -1,117 +0,0 @@
|
||||
diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk
|
||||
index 700ddefda49..2882de68eb2 100644
|
||||
--- openjdk.orig/make/modules/java.base/Launcher.gmk
|
||||
+++ openjdk/make/modules/java.base/Launcher.gmk
|
||||
@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \
|
||||
OPTIMIZATION := HIGH, \
|
||||
))
|
||||
|
||||
+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
|
||||
+$(eval $(call SetupBuildLauncher, alt-java, \
|
||||
+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
|
||||
+ EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \
|
||||
+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
|
||||
+ OPTIMIZATION := HIGH, \
|
||||
+))
|
||||
+
|
||||
ifeq ($(call isTargetOs, windows), true)
|
||||
$(eval $(call SetupBuildLauncher, javaw, \
|
||||
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
|
||||
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
|
||||
new file mode 100644
|
||||
index 00000000000..697df2898ac
|
||||
--- /dev/null
|
||||
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
|
||||
@@ -0,0 +1,73 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
|
||||
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
+ *
|
||||
+ * This code is free software; you can redistribute it and/or modify it
|
||||
+ * under the terms of the GNU General Public License version 2 only, as
|
||||
+ * published by the Free Software Foundation. Oracle designates this
|
||||
+ * particular file as subject to the "Classpath" exception as provided
|
||||
+ * by Oracle in the LICENSE file that accompanied this code.
|
||||
+ *
|
||||
+ * This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
+ * version 2 for more details (a copy is included in the LICENSE file that
|
||||
+ * accompanied this code).
|
||||
+ *
|
||||
+ * You should have received a copy of the GNU General Public License version
|
||||
+ * 2 along with this work; if not, write to the Free Software Foundation,
|
||||
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+ *
|
||||
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
+ * or visit www.oracle.com if you need additional information or have any
|
||||
+ * questions.
|
||||
+ */
|
||||
+
|
||||
+#ifdef REDHAT_ALT_JAVA
|
||||
+
|
||||
+#include <sys/prctl.h>
|
||||
+
|
||||
+
|
||||
+/* Per task speculation control */
|
||||
+#ifndef PR_GET_SPECULATION_CTRL
|
||||
+# define PR_GET_SPECULATION_CTRL 52
|
||||
+#endif
|
||||
+#ifndef PR_SET_SPECULATION_CTRL
|
||||
+# define PR_SET_SPECULATION_CTRL 53
|
||||
+#endif
|
||||
+/* Speculation control variants */
|
||||
+#ifndef PR_SPEC_STORE_BYPASS
|
||||
+# define PR_SPEC_STORE_BYPASS 0
|
||||
+#endif
|
||||
+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
|
||||
+
|
||||
+#ifndef PR_SPEC_NOT_AFFECTED
|
||||
+# define PR_SPEC_NOT_AFFECTED 0
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_PRCTL
|
||||
+# define PR_SPEC_PRCTL (1UL << 0)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_ENABLE
|
||||
+# define PR_SPEC_ENABLE (1UL << 1)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE
|
||||
+# define PR_SPEC_DISABLE (1UL << 2)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_FORCE_DISABLE
|
||||
+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
|
||||
+#endif
|
||||
+#ifndef PR_SPEC_DISABLE_NOEXEC
|
||||
+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
|
||||
+#endif
|
||||
+
|
||||
+static void set_speculation() __attribute__((constructor));
|
||||
+static void set_speculation() {
|
||||
+ if ( prctl(PR_SET_SPECULATION_CTRL,
|
||||
+ PR_SPEC_STORE_BYPASS,
|
||||
+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
|
||||
+ return;
|
||||
+ }
|
||||
+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
|
||||
+}
|
||||
+
|
||||
+#endif // REDHAT_ALT_JAVA
|
||||
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
|
||||
index b734fe2ba78..79dc8307650 100644
|
||||
--- openjdk.orig/src/java.base/share/native/launcher/main.c
|
||||
+++ openjdk/src/java.base/share/native/launcher/main.c
|
||||
@@ -34,6 +34,14 @@
|
||||
#include "jli_util.h"
|
||||
#include "jni.h"
|
||||
|
||||
+#ifdef REDHAT_ALT_JAVA
|
||||
+#if defined(__linux__) && defined(__x86_64__)
|
||||
+#include "alt_main.h"
|
||||
+#else
|
||||
+#warning alt-java requested but SSB mitigation not available on this platform.
|
||||
+#endif
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* Entry point.
|
||||
*/
|
@ -1,19 +0,0 @@
|
||||
Remove uses of FAR in jpeg code
|
||||
|
||||
Upstream libjpeg-trubo removed the (empty) FAR macro:
|
||||
http://sourceforge.net/p/libjpeg-turbo/code/1312/
|
||||
|
||||
Adjust our code to not use the undefined FAR macro anymore.
|
||||
|
||||
diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
|
||||
--- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
|
||||
+++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
|
||||
@@ -1385,7 +1385,7 @@
|
||||
/* and fill it in */
|
||||
dst_ptr = icc_data;
|
||||
for (seq_no = first; seq_no < last; seq_no++) {
|
||||
- JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
|
||||
+ JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
|
||||
unsigned int length =
|
||||
icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN;
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (openjdk-jdk21u-jdk-21+35.tar.xz) = 5961f12ff9828856e5ce7847a06177a6761088dbefbcac05512a7c3433d45154f6d59872cd00268fecd987128e623bb343d9879b26f6c6c811e6d6713d1b17a2
|
||||
SHA512 (openjdk-21+35.tar.xz) = 311e954cc8d28a336b85efc05baade8945fe5292ae2d91cc7ff71c6b3a1830b1a4b9fc641f87e68a4b3db175eb5c21a18664457715da9b37720c5d4b3eb67195
|
||||
|
Loading…
Reference in New Issue
Block a user