Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
Add patch to login to the NSS software token when in FIPS mode.
Add FIPS patch to allow plain key import.
Fix unused function compiler warning found in systemconf.c
Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
Switch to GA mode.
Support the FIPS mode crypto policy (RH1655466)
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
- Adds patch from java-11-openjdk so as to be able to properly
toggle the system crypto policy
- Fixes test TestSecurityProperties.java which was failing
Change path to version-number.conf
Bump sources to 17.0.0+26
Change vendor_version_string
Set is_ga to 0, as this is early access build
removed rmid binary from files and from slaves
removed JAVAC_FLAGS=-g from make command, as it breaks the build since JDK-8258407
add lib/libsyslookup.so to files
renamed lib/security/blacklisted.certs to lib/security/blocked.certs
add lib/libsvml.so for intel
skip debuginfo check for libsyslookup.so on s390x
Update tarball generation script to use git following OpenJDK's move to github
Update tarball generation script to use PR3823 which handles JDK-8235710 changes
Use upstream default for version-pre rather than setting it to "ea" or ""
Drop libsunec.so which is no longer generated, thanks to JDK-8235710
Drop unnecessary compiler flags, dating back to work on GCC 6 & 10
Adapt RH1750419 alt-java patch to still apply after some variable re-naming in the makefiles
Update filever to remove any trailing zeros, as in the OpenJDK build, and use for source filename
Use system harfbuzz now this is supported.
Pass SOURCE_DATE_EPOCH to build for reproducible builds
/usr/sbin/alternatives is not under the Flatpak build's %{_prefix},
which is set to /app.
(See <https://pagure.io/packaging-committee/issue/848> "Clarify the
use of path macros with respect to build dependencies").
Found when trying to do a LibreOffice Flatpak build from RHEL RPM
specs, which includes java-1.8.0-openjdk among its components.
Severin Gehwolf
Petra Mikova
Andrew John Hughes
Jiri Vanek
Fedora Release Engineering