diff --git a/.gitignore b/.gitignore index 8540e85..f411948 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ /openjdk-jdk20u-jdk-20+36.tar.xz /openjdk-jdk20u-jdk-20.0.1+9.tar.xz /openjdk-jdk20u-jdk-20.0.2+9.tar.xz +/openjdk-jdk21u-jdk-21+34.tar.xz diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 6d96bdf..0d8400d 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -331,14 +331,14 @@ %endif # New Version-String scheme-style defines -%global featurever 20 +%global featurever 21 %global interimver 0 -%global updatever 2 +%global updatever 0 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, # and this it is better to change it here, on single place -%global buildjdkver %{featurever} +%global buildjdkver 20 # We don't add any LTS designator for STS packages (Fedora and EPEL). # We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined. %if 0%{?rhel} && !0%{?epel} @@ -390,7 +390,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 9 +%global buildver 34 %global rpmrelease 1 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -417,7 +417,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 1 +%global is_ga 0 %if %{is_ga} %global build_type GA %global ea_designator "" @@ -692,7 +692,7 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d # RH2104724: Avoid import/export of DH private keys # RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode # Build the systemconf library on all platforms -Patch1001: fips-20u-%{fipsver}.patch +# Patch1001: fips-20u-%{fipsver}.patch ############################################# # @@ -977,7 +977,7 @@ pushd %{top_level_dir_name} %patch3 -p1 %patch6 -p1 # Add crypto policy and FIPS support -%patch1001 -p1 +# %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 popd # openjdk @@ -1151,7 +1151,6 @@ function buildjdk() { --with-boot-jdk=${buildjdk} \ --with-debug-level=${debuglevel} \ --with-native-debug-symbols="%{debug_symbols}" \ - --disable-sysconf-nss \ --enable-unlimited-crypto \ --with-zlib=%{link_type} \ --with-freetype=%{link_type} \ @@ -1534,8 +1533,8 @@ $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})| %if %{include_staticlibs} # Check debug symbols in static libraries (smoke test) export STATIC_LIBS_HOME=${top_dir_abs_main_build_path}/../../%{buildoutputdir -- ${suffix}%{staticlibs_suffix}}/images/static-libs/lib/ -readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep w_remainder.c -readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep e_remainder.c +readelf --debug-dump $STATIC_LIBS_HOME/libnet.a | grep Inet4AddressImpl.c +readelf --debug-dump $STATIC_LIBS_HOME/libnet.a | grep Inet6AddressImpl.c %endif # Check src.zip has all sources. See RHBZ#1130490 @@ -1627,6 +1626,13 @@ done %license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles} %changelog +* Tue Aug 08 2023 Petra Alice Mikova 1:21.0.0.0.34-0.1.ea.rolling +- initial update to jdk21 +- commented out fips patches +- updated to jdk21 ea +- updated patch 1001 - rh1648249-add_commented_out_nss_cfg_provider_to_java_security +- replace smoketests in staticlibs test, as the previous files used were removed by a patch in JDK + * Thu Aug 03 2023 Jiri Vanek - 1:20.0.2.0.9-1.rolling - Update to jdk-20.0.2+9 - Update release notes to 20.0.2+9 diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch index c178077..ff3a79b 100644 --- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch @@ -1,12 +1,13 @@ -diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security -index 68a9c1a2d08..7aa25eb2cb7 100644 ---- openjdk.orig/src/java.base/share/conf/security/java.security -+++ openjdk/src/java.base/share/conf/security/java.security -@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI +diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security +index 5149edba0e5..7676c695b36 100644 +--- a/src/java.base/share/conf/security/java.security ++++ b/src/java.base/share/conf/security/java.security +@@ -84,6 +84,8 @@ security.provider.tbd=SunMSCAPI security.provider.tbd=Apple #endif security.provider.tbd=SunPKCS11 +#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg ++ # - # Security providers used when FIPS mode support is active + # A list of preferred providers for specific algorithms. These providers will diff --git a/sources b/sources index c44230f..c74d310 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openjdk-jdk20u-jdk-20.0.2+9.tar.xz) = ce5383228c42f612e79e65300c048e91ec3ae5941b6769c67c05aa4e98299f8044b2945e64cd38b2e60f3c7558e608a3baa20cf7af2b0108d48c865a71ee1979 +SHA512 (openjdk-jdk21u-jdk-21+34.tar.xz) = 18254fa72851666d9e80a56dc85052d8711794b9c7f81c3f7a80e3c585b13eab783060b04fc3b3bbddbebbb8c4148109a9e822aba2f54aa3b614fd16149017b2