From 71febf8ae9ca4e774bc16d095d4d8ee50a8d8a10 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 19 Apr 2024 03:32:46 +0300 Subject: [PATCH] import java-1.8.0-openjdk-1.8.0.412.b08-2.el9 --- .gitignore | 2 +- .java-1.8.0-openjdk.metadata | 2 +- SOURCES/NEWS | 117 + SOURCES/java-1.8.0-openjdk-portable.specfile | 2431 ----------------- .../jdk8186464-rh1433262-zip64_failure.patch | 286 ++ SOURCES/jdk8218811-perfMemory_linux.patch | 12 - ...sible_toolkit_crash_do_not_break_jvm.patch | 16 + ...lite-libs_instead_of_pcsc-lite-devel.patch | 13 + SPECS/java-1.8.0-openjdk.spec | 189 +- 9 files changed, 582 insertions(+), 2486 deletions(-) delete mode 100644 SOURCES/java-1.8.0-openjdk-portable.specfile create mode 100644 SOURCES/jdk8186464-rh1433262-zip64_failure.patch delete mode 100644 SOURCES/jdk8218811-perfMemory_linux.patch create mode 100644 SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch create mode 100644 SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch diff --git a/.gitignore b/.gitignore index c5c84f7..5dc44f4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06.tar.xz +SOURCES/shenandoah8u412-b08.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 7711961..c3fed7a 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -0ca0a2433bfd7aa62a21fc37c8079f540e672a9c SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06.tar.xz +9cb6b4c557e9a433fe4c16b3996f998335cec8a5 SOURCES/shenandoah8u412-b08.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index d984469..cfad64d 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,123 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u412 (2024-04-16): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u412 + +* CVEs + - CVE-2024-21011 + - CVE-2024-21085 + - CVE-2024-21068 + - CVE-2024-21094 +* Security fixes + - JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array" + - JDK-8318340: Improve RSA key implementations + - JDK-8319851: Improve exception logging + - JDK-8322114: Improve Pack 200 handling + - JDK-8322122: Enhance generation of addresses +* Other changes + - JDK-8011180: Delete obsolete scripts + - JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build + - JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios + - JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X + - JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows + - JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388) + - JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache + - JDK-8168518: rcache interop with krb5-1.15 + - JDK-8183503: Update hotspot tests to allow for unique test classes directory + - JDK-8186095: upgrade to jtreg 4.2 b08 + - JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH + - JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails + - JDK-8208655: use JTreg skipped status in hotspot tests + - JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1 + - JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile + - JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system + - JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + - JDK-8224768: Test ActalisCA.java fails + - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits + - JDK-8251551: Use .md filename extension for README + - JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired + - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error + - JDK-8270517: Add Zero support for LoongArch + - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled + - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test + - JDK-8288132: Update test artifacts in QuoVadis CA interop tests + - JDK-8297955: LDAP CertStore should use LdapName and not String for DNs + - JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + - JDK-8308592: Framework for CA interoperability testing + - JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955 + - JDK-8315042: NPE in PKCS7.parseOldSignedData + - JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set + - JDK-8320713: Bump update version of OpenJDK: 8u412 + - JDK-8321060: [8u] hotspot needs to recognise VS2022 + - JDK-8321408: Add Certainly roots R1 and E1 + - JDK-8322725: (tz) Update Timezone Data to 2023d + - JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + - JDK-8323202: [8u] Remove get_source.sh and hgforest.sh + - JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + - JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" + - JDK-8324530: Build error with gcc 10 + - JDK-8325150: (tz) Update Timezone Data to 2024a + +Notes on individual issues: +=========================== + +security-libs/org.ietf.jgss:krb5: + +JDK-8168518: rcache interop with krb5-1.15 +========================================== +The hash algorithm used in the Kerberos 5 replay cache file (rcache) +has been changed from MD5 to SHA256. This is the same algorithm used +by MIT krb5-1.15 and is interoperable with earlier releases of MIT +krb5. + +The MD5 algorithm can still be used by setting the new +jdk.krb5.rcache.useMD5 property to 'true': + +java -Djdk.krb5.rcache.useMD5=true ... + +This is useful where either the system has a coarse clock and has to +depend on hash values in replay attack detection, or interoperability +with the rcache files in older versions of OpenJDK is required. + +client-libs/java.awt: + +JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops +======================================================================= +The java.awt.SystemTray API is used to interact with the system's +desktop taskbar to provide notifications and may include an icon +representing an application. The GNOME desktop's support for taskbar +icons has not worked properly for several years, due to a platform +bug. This bug, in turn, affects the JDK's SystemTray support on GNOME +desktops. + +Therefore, in accordance with the SystemTray API specification, +java.awt.SystemTray.isSupported() will now return false on systems +that exhibit this bug, which is assumed to be those running a version +of GNOME Shell below 45. + +The impact of this change is likely to be minimal, as users of the +SystemTray API should already be able to handle isSupported() +returning false and the system tray on such platforms has already been +unsupported for a number of years for all applications. + +security-libs/java.security: + +JDK-8321408: Added Certainly R1 and E1 Root Certificates +======================================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Certainly +Alias Name: certainlyrootr1 +Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US + +Name: Certainly +Alias Name: certainlyroote1 +Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US + New in release OpenJDK 8u402 (2024-01-16): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/java-1.8.0-openjdk-portable.specfile b/SOURCES/java-1.8.0-openjdk-portable.specfile deleted file mode 100644 index b35f8dc..0000000 --- a/SOURCES/java-1.8.0-openjdk-portable.specfile +++ /dev/null @@ -1,2431 +0,0 @@ -# RPM conditionals so as to be able to dynamically produce -# slowdebug/release builds. See: -# http://rpm.org/user_doc/conditional_builds.html -# -# Examples: -# -# Produce release, fastdebug *and* slowdebug builds on x86_64 (default): -# $ rpmbuild -ba java-1.8.0-openjdk.spec -# -# Produce only release builds (no debug builds) on x86_64: -# $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug --without fastdebug -# -# Only produce a release build on x86_64: -# $ rhpkg mockbuild --without slowdebug --without fastdebug -# -# Enable fastdebug builds by default on relevant arches. -%bcond_without fastdebug -# Enable slowdebug builds by default on relevant arches. -%bcond_without slowdebug -# Enable release builds by default on relevant arches. -%bcond_without release -# Remove build artifacts by default -%bcond_with artifacts -# Build a fresh libjvm.so for use in a copy of the bootstrap JDK -%bcond_without fresh_libjvm -# Build with system libraries -%bcond_with system_libs - -# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so -%if %{with fresh_libjvm} -%global build_hotspot_first 1 -%else -%global build_hotspot_first 0 -%endif - -%if %{with system_libs} -%global system_libs 1 -%global link_type system -%global jpeg_lib |libjavajpeg[.]so.* -%else -%global system_libs 0 -%global link_type bundled -%global jpeg_lib |libjpeg[.]so.* -%endif - -# Turn off the debug package as we just produce a bunch of tarballs -%define debug_package %{nil} - -# note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros -# also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch -# see the difference between global and define: -# See https://github.com/rpm-software-management/rpm/issues/127 to comments at "pmatilai commented on Aug 18, 2017" -# (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192) -%global debug_suffix_unquoted -slowdebug -%global fastdebug_suffix_unquoted -fastdebug -# quoted one for shell operations -%global debug_suffix "%{debug_suffix_unquoted}" -%global fastdebug_suffix "%{fastdebug_suffix_unquoted}" -%global normal_suffix "" - -%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. -%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. -%global debug_on unoptimised with full debugging on -%global fastdebug_on optimised with full debugging on -%global for_fastdebug for packages with debugging on and optimisation -%global for_debug for packages with debugging on and no optimisation - -%if %{with release} -%global include_normal_build 1 -%else -%global include_normal_build 0 -%endif - -%if %{include_normal_build} -%global normal_build %{normal_suffix} -%else -%global normal_build %{nil} -%endif - -%global aarch64 aarch64 arm64 armv8 -# we need to distinguish between big and little endian PPC64 -%global ppc64le ppc64le -%global ppc64be ppc64 ppc64p7 -# Set of architectures which support multiple ABIs -%global multilib_arches %{power64} sparc64 x86_64 -# Set of architectures for which we build slowdebug builds -%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} -# Set of architectures for which we build fastdebug builds -%global fastdebug_arches x86_64 ppc64le aarch64 -# Set of architectures with a Just-In-Time (JIT) compiler -%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64 -# Set of architectures which use the Zero assembler port (!jit_arches) -%global zero_arches %{arm} ppc s390 s390x -# Set of architectures which run a full bootstrap cycle -%global bootstrap_arches %{jit_arches} %{zero_arches} -# Set of architectures which support SystemTap tapsets -%global systemtap_arches %{jit_arches} -# Set of architectures which support the serviceability agent -%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} -# Set of architectures which support class data sharing -# See https://bugzilla.redhat.com/show_bug.cgi?id=513605 -# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT -%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} -# Set of architectures which support Java Flight Recorder (JFR) -%global jfr_arches %{jit_arches} -# Set of architectures for which alt-java has SSB mitigation -%global ssbd_arches x86_64 -# Set of architectures where we verify backtraces with gdb -%global gdb_arches %{jit_arches} %{zero_arches} - -# By default, we build a debug build during main build on JIT architectures -%if %{with slowdebug} -%ifarch %{debug_arches} -%global include_debug_build 1 -%else -%global include_debug_build 0 -%endif -%else -%global include_debug_build 0 -%endif - -# By default, we build a fastdebug build during main build only on fastdebug architectures -%if %{with fastdebug} -%ifarch %{fastdebug_arches} -%global include_fastdebug_build 1 -%else -%global include_fastdebug_build 0 -%endif -%else -%global include_fastdebug_build 0 -%endif - -%if %{include_debug_build} -%global slowdebug_build %{debug_suffix} -%else -%global slowdebug_build %{nil} -%endif - -%if %{include_fastdebug_build} -%global fastdebug_build %{fastdebug_suffix} -%else -%global fastdebug_build %{nil} -%endif - -# If you disable all builds, then the build fails -# Build and test slowdebug first as it provides the best diagnostics -%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} - -%if 0%{?flatpak} -%global bootstrap_build false -%else -%ifarch %{bootstrap_arches} -%global bootstrap_build true -%else -%global bootstrap_build false -%endif -%endif - -%global bootstrap_targets images -%global release_targets images docs-zip -# No docs nor bootcycle for debug builds -%global debug_targets images -# Target to use to just build HotSpot -%global hotspot_target hotspot - -# JDK to use for bootstrapping -# Use OpenJDK 7 where available (on RHEL) to avoid -# having to use the rhel-7.x-java-unsafe-candidate hack -%if ! 0%{?fedora} && 0%{?rhel} <= 7 -%global buildjdkver 1.7.0 -%else -%global buildjdkver 1.8.0 -%endif -%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk - -# Filter out flags from the optflags macro that cause problems with the OpenJDK build -# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 -# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) -# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings -# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++ -%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||') -%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||') -%global ourldflags %{__global_ldflags} - -# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path -# the initialization must be here. Later the pkg-config have buggy behavior -# looks like openjdk RPM specific bug -# Always set this so the nss.cfg file is not broken -%global NSS_LIBDIR %(pkg-config --variable=libdir nss) -%global NSS_LIBS %(pkg-config --libs nss) -%global NSS_CFLAGS %(pkg-config --cflags nss-softokn) -# see https://bugzilla.redhat.com/show_bug.cgi?id=1332456 -%global NSSSOFTOKN_BUILDTIME_NUMBER %(pkg-config --modversion nss-softokn || : ) -%global NSS_BUILDTIME_NUMBER %(pkg-config --modversion nss || : ) -# this is workaround for processing of requires during srpm creation -%global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi) -%global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi) - -# In some cases, the arch used by the JDK does -# not match _arch. -# Also, in some cases, the machine name used by SystemTap -# does not match that given by _target_cpu -%ifarch x86_64 -%global archinstall amd64 -%global stapinstall x86_64 -%endif -%ifarch ppc -%global archinstall ppc -%global stapinstall powerpc -%endif -%ifarch %{ppc64be} -%global archinstall ppc64 -%global stapinstall powerpc -%endif -%ifarch %{ppc64le} -%global archinstall ppc64le -%global stapinstall powerpc -%endif -%ifarch %{ix86} -%global archinstall i386 -%global stapinstall i386 -%endif -%ifarch ia64 -%global archinstall ia64 -%global stapinstall ia64 -%endif -%ifarch s390 -%global archinstall s390 -%global stapinstall s390 -%endif -%ifarch s390x -%global archinstall s390x -%global stapinstall s390 -%endif -%ifarch %{arm} -%global archinstall arm -%global stapinstall arm -%endif -%ifarch %{aarch64} -%global archinstall aarch64 -%global stapinstall arm64 -%endif -# 32 bit sparc, optimized for v9 -%ifarch sparcv9 -%global archinstall sparc -%global stapinstall %{_target_cpu} -%endif -# 64 bit sparc -%ifarch sparc64 -%global archinstall sparcv9 -%global stapinstall %{_target_cpu} -%endif -# Need to support noarch for srpm build -%ifarch noarch -%global archinstall %{nil} -%global stapinstall %{nil} -%endif - -# Always off in portables -%ifarch %{systemtap_arches} -%global with_systemtap 0 -%else -%global with_systemtap 0 -%endif - -# New Version-String scheme-style defines -%global majorver 8 -# Define version of OpenJDK 8 used -%global project openjdk -%global repo shenandoah-jdk8u -%global openjdk_revision jdk8u402-b06 -%global shenandoah_revision shenandoah-%{openjdk_revision} -# Define IcedTea version used for SystemTap tapsets and desktop file -%global icedteaver 3.15.0 -# Define current Git revision for the FIPS support patches -%global fipsver 6d1aade0648 -# Define current Git revision for the cacerts patch -%global cacertsver 8139f2361c2 - -# Standard JPackage naming and versioning defines -%global origin openjdk -%global origin_nice OpenJDK -%global top_level_dir_name %{shenandoah_revision} - -# Settings for local security configuration -%global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} -%global cacerts_file /etc/pki/java/cacerts - -# Define vendor information used by OpenJDK -%global oj_vendor Red Hat, Inc. -%global oj_vendor_url "https://www.redhat.com/" -# Define what url should JVM offer in case of a crash report -# order may be important, epel may have rhel declared -%if 0%{?epel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{component}&version=epel%{epel} -%else -%if 0%{?fedora} -# Does not work for rawhide, keeps the version field empty -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} -%else -%if 0%{?rhel} -%global oj_vendor_bug_url https://access.redhat.com/support/cases/ -%else -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi -%endif -%endif -%endif - -# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 -%global version_tag %(VERSION=%{shenandoah_revision}; echo ${VERSION%%-shenandoah-merge*}) -# eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) -%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) -# eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 -%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) -# eg jdk8u60-b27 -> b27 -%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 1 -# Define milestone (EA for pre-releases, GA ("fcs") for releases) -# Release will be (where N is usually a number starting at 1): -# - 0.N%%{?extraver}%%{?dist} for EA releases, -# - N%%{?extraver}{?dist} for GA releases -%global is_ga 1 -%if %{is_ga} -%global milestone fcs -%global milestone_version %{nil} -%global extraver %{nil} -%global eaprefix %{nil} -%else -%global milestone ea -%global milestone_version "-ea" -%global extraver .%{milestone} -%global eaprefix 0. -%endif -# priority must be 7 digits in total. The expression is workarounding tip -%global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999}) - -%global javaver 1.%{majorver}.0 - -# parametrized macros are order-sensitive -%global compatiblename %{name} -%global fullversion %{compatiblename}-%{version}-%{release} -# images stub -%global jdkimage j2sdk-image -%global jreimage j2re-image -# output dir stub -%define buildoutputdir() %{expand:build/jdk8.build%{?1}} -%define installoutputdir() %{expand:install/jdk8.install%{?1}} -%define packageoutputdir() %{expand:packages/jdk8.packages%{?1}} -# we can copy the javadoc to not arched dir, or make it not noarch -%define uniquejavadocdir() %{expand:%{fullversion}%{?1}} -# main id and dir of this jdk -%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} -%define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jre;g") -%define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jdk;g") -%define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz} -%define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz} -%define jreportablename() %{expand:%{jreportablenameimpl -- %%{1}}} -%define jdkportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} -%define docportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.docs;g") -%define docportablearchive() %{docportablename}.tar.xz -%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.misc;g") -%define miscportablearchive() %{miscportablename}.tar.xz - -# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349. -# See also https://bugzilla.redhat.com/show_bug.cgi?id=1590796 -# as to why some libraries *cannot* be excluded. In particular, -# these are: -# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so -%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*%{jpeg_lib}|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.* -%global __provides_exclude ^(%{_privatelibs})$ -%global __requires_exclude ^(%{_privatelibs})$ - -# Standard JPackage directories and symbolic links. -%global sdkdir() %{expand:%{uniquesuffix %%1}} -%global jrelnk() %{expand:jre-%{javaver}-%{origin}-%{version}-%{release}.%{_arch}%1} - -%global jredir() %{expand:%{sdkdir %%1}/jre} -%global sdkbindir() %{expand:%{_jvmdir}/%{sdkdir %%1}/bin} -%global jrebindir() %{expand:%{_jvmdir}/%{jredir %%1}/bin} -%global alt_java_name alt-java -%global jvmjardir() %{expand:%{_jvmjardir}/%{uniquesuffix %%1}} - -%global rpm_state_dir %{_localstatedir}/lib/rpm-state/ - -# For flatpack builds hard-code /usr/sbin/alternatives, -# otherwise use %%{_sbindir} relative path. -%if 0%{?flatpak} -%global alternatives_requires /usr/sbin/alternatives -%else -%global alternatives_requires %{_sbindir}/alternatives -%endif - -%if %{with_systemtap} -# Where to install systemtap tapset (links) -# We would like these to be in a package specific sub-dir, -# but currently systemtap doesn't support that, so we have to -# use the root tapset dir for now. To distinguish between 64 -# and 32 bit architectures we place the tapsets under the arch -# specific dir (note that systemtap will only pickup the tapset -# for the primary arch for now). Systemtap uses the machine name -# aka target_cpu as architecture specific directory name. -%global tapsetroot /usr/share/systemtap -%global tapsetdirttapset %{tapsetroot}/tapset/ -%global tapsetdir %{tapsetdirttapset}/%{stapinstall} -%endif - -# Prevent brp-java-repack-jars from being run. -%global __jar_repack 0 - -# portables have grown out of its component, moving back to java-x-vendor -# this expression, when declared as global, filled component with java-x-vendor portable -%define component %(echo %{name} | sed "s;-portable;;g") - -Name: java-%{javaver}-%{origin}-portable -Version: %{javaver}.%{updatever}.%{buildver} -Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} -# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons -# and this change was brought into RHEL-4. java-1.5.0-ibm packages -# also included the epoch in their virtual provides. This created a -# situation where in-the-wild java-1.5.0-ibm packages provided "java = -# 1:1.5.0". In RPM terms, "1.6.0 < 1:1.5.0" since 1.6.0 is -# interpreted as 0:1.6.0. So the "java >= 1.6.0" requirement would be -# satisfied by the 1:1.5.0 packages. Thus we need to set the epoch in -# JDK package >= 1.6.0 to 1, and packages referring to JDK virtual -# provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". - -Epoch: 1 -Summary: %{origin_nice} %{majorver} Runtime Environment portable edition -Group: Development/Languages - -# HotSpot code is licensed under GPLv2 -# JDK library code is licensed under GPLv2 with the Classpath exception -# The Apache license is used in code taken from Apache projects (primarily JAXP & JAXWS) -# DOM levels 2 & 3 and the XML digital signature schemas are licensed under the W3C Software License -# The JSR166 concurrency code is in the public domain -# The BSD and MIT licenses are used for a number of third-party libraries (see THIRD_PARTY_README) -# The OpenJDK source tree includes the JPEG library (IJG), zlib & libpng (zlib), giflib and LCMS (MIT) -# The test code includes copies of NSS under the Mozilla Public License v2.0 -# The PCSClite headers are under a BSD with advertising license -# The elliptic curve cryptography (ECC) source code is licensed under the LGPLv2.1 or any later version -License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib -URL: http://openjdk.java.net/ - -# Shenandoah HotSpot -# aarch64-port/jdk8u-shenandoah contains an integration forest of -# OpenJDK 8u, the aarch64 port and Shenandoah -# To regenerate, use: -# VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION} -# REPO_ROOT= generate_source_tarball.sh -# where the source is obtained from http://github.com/%%{project}/%%{repo} -Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz - -# Custom README for -src subpackage -Source2: README.md - -# Release notes -Source7: NEWS - -# Use 'icedtea_sync.sh' to update the following -# They are based on code contained in the IcedTea project (3.x). -# Systemtap tapsets. Zipped up to keep it small. -# Disabled in portables -#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz - -# Desktop files. Adapted from IcedTea -# Disabled in portables -#Source9: jconsole.desktop.in -#Source10: policytool.desktop.in - -# nss configuration file -Source11: nss.cfg.in - -# Removed libraries that we link instead -Source12: remove-intree-libraries.sh - -# Ensure we aren't using the limited crypto policy -Source13: TestCryptoLevel.java - -# Ensure ECDSA is working -Source14: TestECDSA.java - -# Verify system crypto (policy) can be disabled via a property -Source15: TestSecurityProperties.java - -# Ensure vendor settings are correct -Source16: CheckVendor.java - -# nss fips configuration file -Source17: nss.fips.cfg.in - -# Ensure translations are available for new timezones -Source18: TestTranslations.java - -# Disabled in portables -#Source20: repackReproduciblePolycies.sh - -# New versions of config files with aarch64 support. This is not upstream yet. -Source100: config.guess -Source101: config.sub - -############################################ -# -# RPM/distribution specific patches -# -# This section includes patches specific to -# Fedora/RHEL which can not be upstreamed -# either in their current form or at all. -############################################ - -# Accessibility patches -# Ignore AWTError when assistive technologies are loaded -Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch -# Turn on AssumeMP by default on RHEL systems -Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch -# RH1648249: Add PKCS11 provider to java.security -Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch -# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY -Patch1003: rh1582504-rsa_default_for_keytool.patch - -# Crypto policy and FIPS support patches -# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips -# as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch -# Diff is limited to src and make subdirectories to exclude .github changes -# Fixes currently included: -# PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy -# PR3655: Allow use of system crypto policy to be disabled by the user -# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider -# RH1760838: No ciphersuites available for SSLSocket in FIPS mode -# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available -# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess -# RH1929465: Improve system FIPS detection -# RH1996182: Login to the NSS software token in FIPS mode -# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false -# RH2021263: Resolve outstanding FIPS issues -# RH2052819: Fix FIPS reliance on crypto policies -# RH2052829: Detect NSS at Runtime for FIPS detection -# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage -# RH2090378: Revert to disabling system security properties and FIPS mode support together -Patch1001: fips-8u-%{fipsver}.patch - -############################################# -# -# Upstreamable patches -# -# This section includes patches which need to -# be reviewed & pushed to the current development -# tree of OpenJDK. -############################################# -# PR2737: Allow multiple initialization of PKCS11 libraries -Patch5: pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch -# Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions -Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch -# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings -Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch -# PR3083, RH1346460: Regression in SSL debug output without an ECC provider -Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch -# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) -# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts -# RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds -# Must be applied after the FIPS patch as it also changes java.security -# Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts -# as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch -Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch -Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch -# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) -Patch600: rh1750419-redhat_alt_java.patch -# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build -Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch - -############################################# -# -# Arch-specific upstreamable patches -# -# This section includes patches which need to -# be reviewed & pushed upstream and are specific -# to certain architectures. This usually means the -# current OpenJDK development branch, but may also -# include other trees e.g. for the AArch64 port for -# OpenJDK 8u. -############################################# -# s390: PR3593: Use "%z" for size_t on s390 as size_t != intptr_t -Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch -# x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) -Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch -# S390 ambiguous log2_intptr calls -Patch107: s390-8214206_fix.patch - -############################################# -# -# Patches which need backporting to 8u -# -# This section includes patches which have -# been pushed upstream to the latest OpenJDK -# development tree, but need to be backported -# to OpenJDK 8u. -############################################# -# S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary -# This fixes printf warnings that lead to build failure with -Werror=format-security from optflags -Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch -# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code -Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch -# 8143245, PR3548: Zero build requires disabled warnings -Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch -# s390: JDK-8203030, Type fixing for s390 -Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch -# 8035341: Allow using a system installed libpng -Patch202: jdk8035341-allow_using_system_installed_libpng.patch -# 8042159: Allow using a system-installed lcms2 -Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch -Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch -# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 -Patch581: jdk8257794-remove_broken_assert.patch -# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files -Patch12: jdk8186464-rh1433262-zip64_failure.patch - -############################################# -# -# Patches appearing in 8u382 -# -# This section includes patches which are present -# in the listed OpenJDK 8u release and should be -# able to be removed once that release is out -# and used by this RPM. -############################################# -# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key -Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch - -############################################# -# -# Patches ineligible for 8u -# -# This section includes patches which are present -# upstream, but ineligible for upstream 8u backport. -############################################# -# 8043805: Allow using a system-installed libjpeg -Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch - -############################################# -# -# Shenandoah fixes -# -# This section includes patches which are -# specific to the Shenandoah garbage collector -# and should be upstreamed to the appropriate -# trees. -############################################# - -############################################# -# -# Non-OpenJDK fixes -# -# This section includes patches to code other -# that from OpenJDK. -############################################# - -############################################# -# -# Dependencies -# -############################################# -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: alsa-lib-devel -BuildRequires: binutils -BuildRequires: cups-devel -BuildRequires: desktop-file-utils -# elfutils only are OK for build without AOT -BuildRequires: elfutils-devel -BuildRequires: file -BuildRequires: fontconfig-devel -BuildRequires: freetype-devel -BuildRequires: gcc-c++ -BuildRequires: gdb -BuildRequires: libxslt -BuildRequires: libX11-devel -BuildRequires: libXext-devel -BuildRequires: libXi-devel -BuildRequires: libXinerama-devel -BuildRequires: libXrender-devel -BuildRequires: libXt-devel -BuildRequires: libXtst-devel -# Requirement for setting up nss.cfg and nss.fips.cfg -BuildRequires: nss-devel -# Commented out for portable RHEL7 doesn't have this -# Requirement for system security property test -#BuildRequires: crypto-policies -BuildRequires: pkgconfig -BuildRequires: xorg-x11-proto-devel -BuildRequires: zip -BuildRequires: tar -BuildRequires: unzip -# Require a boot JDK which doesn't fail due to RH1482244 -BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 -# Zero-assembler build requirement -%ifarch %{zero_arches} -BuildRequires: libffi-devel -%endif -# 2023c required as of JDK-8305113 -BuildRequires: tzdata-java >= 2023c -# Earlier versions have a bug in tree vectorization on PPC -BuildRequires: gcc >= 4.8.3-8 - -# cacerts build requirement. -BuildRequires: ca-certificates -%if %{with_systemtap} -BuildRequires: systemtap-sdt-devel -%endif - -%if %{system_libs} -BuildRequires: giflib-devel -BuildRequires: lcms2-devel -BuildRequires: libjpeg-devel -BuildRequires: libpng-devel -%else -# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h -Provides: bundled(giflib) = 5.2.1 -# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h -Provides: bundled(lcms2) = 2.10.0 -# Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h -Provides: bundled(libjpeg) = 6b -# Version in jdk/src/share/native/sun/awt/libpng/png.h -Provides: bundled(libpng) = 1.6.39 -# We link statically against libstdc++ to increase portability -BuildRequires: libstdc++-static -%endif - -%description -The %{origin_nice} %{majorver} runtime environment - portable edition - -%if %{include_normal_build} -%package devel -Summary: %{origin_nice} %{majorver} Development Environment portable edition -Group: Development/Tools -%description devel -The %{origin_nice} %{majorver} development tools - portable edition -%endif - -%if %{include_debug_build} -%package slowdebug -Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{debug_on} -Group: Development/Languages -%description slowdebug -The %{origin_nice} %{majorver} runtime environment - portable edition -%{debug_warning} - -%package devel-slowdebug -Summary: %{origin_nice} %{majorver} Development Environment portable edition %{debug_on} -Group: Development/Tools -%description devel-slowdebug -The %{origin_nice} %{majorver} development tools - portable edition -%{debug_warning} -%endif - -%if %{include_fastdebug_build} -%package fastdebug -Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{fastdebug_on} -Group: Development/Languages -%description fastdebug -The %{origin_nice} %{majorver} runtime environment - portable edition -%{fastdebug_warning} - -%package devel-fastdebug -Summary: %{origin_nice} %{majorver} Development Environment portable edition %{fastdebug_on} -Group: Development/Tools -%description devel-fastdebug -The %{origin_nice} %{majorver} development tools - portable edition -%{fastdebug_warning} -%endif - -%if %{include_normal_build} -%package unstripped -Summary: The %{origin_nice} %{majorver} runtime environment, unstripped. -Group: Development/Languages -%description unstripped -The %{origin_nice} %{majorver} runtime environment, unstripped. -%endif - -%package docs -Summary: %{origin_nice} %{majorver} API documentation -Group: Development/Languages -%description docs -The %{origin_nice} %{majorver} API documentation. - -%package misc -Summary: %{origin_nice} %{majorver} miscellany -Group: Development/Languages -%description misc -The %{origin_nice} %{majorver} miscellany. - -%prep -if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then - echo "include_normal_build is %{include_normal_build}" -else - echo "include_normal_build is %{include_normal_build}, that is invalid. Use 1 for yes or 0 for no" - exit 11 -fi -if [ %{include_debug_build} -eq 0 -o %{include_debug_build} -eq 1 ] ; then - echo "include_debug_build is %{include_debug_build}" -else - echo "include_debug_build is %{include_debug_build}, that is invalid. Use 1 for yes or 0 for no" - exit 12 -fi -if [ %{include_fastdebug_build} -eq 0 -o %{include_fastdebug_build} -eq 1 ] ; then - echo "include_fastdebug_build is %{include_fastdebug_build}" -else - echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no" - exit 13 -fi -if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then - echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go." - exit 14 -fi - -echo "Update version: %{updatever}" -echo "Build number: %{buildver}" -echo "Milestone: %{milestone}" -%setup -q -c -n %{uniquesuffix ""} -T -a 0 -# https://bugzilla.redhat.com/show_bug.cgi?id=1189084 -prioritylength=`expr length %{priority}` -if [ $prioritylength -ne 7 ] ; then - echo "priority must be 7 digits in total, violated" - exit 14 -fi -# For old patches -ln -s %{top_level_dir_name} jdk8 -ln -s %{top_level_dir_name} openjdk - -cp %{SOURCE2} . - -# replace outdated configure guess script -# -# the configure macro will do this too, but it also passes a few flags not -# supported by openjdk configure script -cp %{SOURCE100} %{top_level_dir_name}/common/autoconf/build-aux/ -cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ - -# OpenJDK patches - -%if %{system_libs} -# Remove libraries that are linked -sh %{SOURCE12} -%endif - -# Do not enable them with system_libs, they do not work properly with bundled option -# System library fixes -%if %{system_libs} -%patch201 -%patch202 -%patch203 -%patch204 -%endif - -%patch1 -%patch5 - -# s390 build fixes -%patch102 -%patch103 -%patch107 - -# AArch64 fixes - -# x86 fixes -%patch105 - -# Upstreamable fixes -%patch502 -%patch512 -%patch523 -%patch528 -%patch571 -%patch574 -%patch112 -%patch581 -%patch541 -%patch12 - -pushd %{top_level_dir_name} -# Add crypto policy and FIPS support -%patch1001 -p1 -# nss.cfg PKCS11 support; must come last as it also alters java.security -%patch1000 -p1 -# system cacerts support -%patch539 -p1 -popd - -# RPM-only fixes -%patch600 -%patch1003 - -# RHEL-only patches -%if ! 0%{?fedora} && 0%{?rhel} <= 7 -%patch534 -%endif - -# Shenandoah patches - -# Extract systemtap tapsets -%if %{with_systemtap} -tar --strip-components=1 -x -I xz -f %{SOURCE8} -%if %{include_debug_build} -cp -r tapset tapset%{debug_suffix} -%endif -%if %{include_fastdebug_build} -cp -r tapset tapset%{fastdebug_suffix} -%endif - - -for suffix in %{build_loop} ; do - for file in "tapset"$suffix/*.in; do - OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` - sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1 -# TODO find out which architectures other than i686 have a client vm -%ifarch %{ix86} - sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE -%else - sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE -%endif - sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE - sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE - sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE - done -done -# systemtap tapsets ends -%endif - -# Prepare desktop files -# Portables do not have desktop integration - -# Setup nss.cfg -sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg - -# Setup nss.fips.cfg -sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg - -# Setup security policy -#Commented because NA to portable -#sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %{security_file} - -%build - -# How many CPU's do we have? -export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) -export NUM_PROC=${NUM_PROC:-1} -%if 0%{?_smp_ncpus_max} -# Honor %%_smp_ncpus_max -[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} -%endif - -%ifarch s390x sparc64 alpha %{power64} %{aarch64} -export ARCH_DATA_MODEL=64 -%endif -%ifarch alpha -export CFLAGS="$CFLAGS -mieee" -%endif - -# We use ourcppflags because the OpenJDK build seems to -# pass EXTRA_CFLAGS to the HotSpot C++ compiler... -EXTRA_CFLAGS="%ourcppflags -Wno-error" -EXTRA_CPP_FLAGS="%ourcppflags" -%ifarch %{power64} ppc -EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-tree-vectorize" -# fix rpmlint warnings -EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" -%endif -EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" -export EXTRA_CFLAGS EXTRA_ASFLAGS - -(cd %{top_level_dir_name}/common/autoconf - bash ./autogen.sh -) - -function buildjdk() { - local outputdir=${1} - local buildjdk=${2} - local maketargets="${3}" - local debuglevel=${4} - local link_opt=${5} - local debug_symbols=${6} - - local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} - # Variable used in hs_err hook on build failures - local top_builddir_abs_path=$(pwd)/${outputdir} - - echo "Using output directory: ${outputdir}"; - - if [ "x${link_opt}" = "xbundled" ] ; then - libc_link_opt="static"; - else - libc_link_opt="dynamic"; - fi - - echo "Checking build JDK ${buildjdk} is operational..." - ${buildjdk}/bin/java -version - echo "Using make targets: ${maketargets}" - echo "Using debuglevel: ${debuglevel}" - echo "Using link_opt: ${link_opt}" - echo "Using debug_symbols: ${debug_symbols}" - echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" - - mkdir -p ${outputdir} - pushd ${outputdir} - - bash ${top_srcdir_abs_path}/configure \ -%ifarch %{jfr_arches} - --enable-jfr \ -%else - --disable-jfr \ -%endif -%ifarch %{zero_arches} - --with-jvm-variants=zero \ -%endif - --with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \ - --with-native-debug-symbols=${debug_symbols} \ - --with-milestone=%{milestone} \ - --with-update-version=%{updatever} \ - --with-build-number=%{buildver} \ - --with-vendor-name="%{oj_vendor}" \ - --with-vendor-url="%{oj_vendor_url}" \ - --with-vendor-bug-url="%{oj_vendor_bug_url}" \ - --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ - --with-boot-jdk=${buildjdk} \ - --with-debug-level=${debuglevel} \ - --disable-sysconf-nss \ - --enable-unlimited-crypto \ - --with-zlib=${link_opt} \ - --with-giflib=${link_opt} \ -%if %{with system_libs} - --with-libjpeg=${link_opt} \ - --with-libpng=${link_opt} \ - --with-lcms=${link_opt} \ -%endif - --with-stdc++lib=${libc_link_opt} \ - --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ - --with-extra-cflags="$EXTRA_CFLAGS" \ - --with-extra-asflags="$EXTRA_ASFLAGS" \ - --with-extra-ldflags="%{ourldflags}" \ - --with-num-cores="$NUM_PROC" - - cat spec.gmk - cat hotspot-spec.gmk - - make \ - JAVAC_FLAGS=-g \ - LOG=trace \ - SCTP_WERROR= \ - ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) - - popd -} - -function installjdk() { - local outputdir=${1} - local installdir=${2} - local jdkimagepath=${installdir}/images/%{jdkimage} - local jreimagepath=${installdir}/images/%{jreimage} - - echo "Installing build from ${outputdir} to ${installdir}..." - mkdir -p ${installdir} - echo "Installing images..." - mv ${outputdir}/images ${installdir} - if [ -d ${outputdir}/bundles ] ; then - echo "Installing bundles..."; - mv ${outputdir}/bundles ${installdir} ; - fi - # On 8u, docs ends up at the top-level, not in images - if [ -d ${outputdir}/docs ] ; then - echo "Installing docs..."; - mv ${outputdir}/docs ${installdir} ; - fi - -%if !%{with artifacts} - echo "Removing output directory..."; - rm -rf ${outputdir} -%endif - - for imagepath in ${jdkimagepath} ${jreimagepath} ; do - - if [ -d ${imagepath} ] ; then - # the build (erroneously) removes read permissions from some jars - # this is a regression in OpenJDK 7 (our compiler): - # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 - find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; - - # Build screws up permissions on binaries - # https://bugs.openjdk.java.net/browse/JDK-8173610 - find ${imagepath} -iname '*.so' -exec chmod +x {} \; - find ${imagepath}/bin/ -exec chmod +x {} \; - - # Install local files which are distributed with the JDK - install -m 644 %{SOURCE7} ${imagepath} - - # Create fake alt-java as a placeholder for future alt-java - pushd ${imagepath} - # add alt-java man page - echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 - cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 - popd - - # Print release information - cat ${imagepath}/release - fi - done - - # Handle these outside the loop as install path differs between JDK and JRE image - install -m 644 nss.cfg ${jdkimagepath}/jre/lib/security/ - install -m 644 nss.cfg ${jreimagepath}/lib/security/ - # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) - install -m 644 nss.fips.cfg ${jdkimagepath}/jre/lib/security/ - install -m 644 nss.fips.cfg ${jreimagepath}/lib/security/ -} - -function genchecksum() { - local checkedfile=${1} - - checkdir=$(dirname ${1}) - checkfile=$(basename ${1}) - - echo "Generating checksum for ${checkfile} in ${checkdir}..." - pushd ${checkdir} - sha256sum ${checkfile} > ${checkfile}.sha256sum - sha256sum --check ${checkfile}.sha256sum - popd -} - -function packagejdk() { - local imagesdir=$(pwd)/${1}/images - local docdir=$(pwd)/${1}/docs - local bundledir=$(pwd)/${1}/bundles - local packagesdir=$(pwd)/${2} - local srcdir=$(pwd)/%{top_level_dir_name} - - echo "Packaging build from ${imagesdir} to ${packagesdir}..." - mkdir -p ${packagesdir} - pushd ${imagesdir} - - if [ "x$suffix" = "x" ] ; then - nameSuffix="" - else - nameSuffix=`echo "$suffix"| sed s/-/./` - fi - - jdkname=%{jdkportablename -- "$nameSuffix"} - jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} - jrename=%{jreportablename -- "$nameSuffix"} - jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} - debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"} - debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"} - unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"} - # We only use docs for the release build - docname=%{docportablename} - docarchive=${packagesdir}/%{docportablearchive} - built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip - # These are from the source tree so no debug variants - miscname=%{miscportablename} - miscarchive=${packagesdir}/%{miscportablearchive} - - # Rename directories for packaging - mv %{jdkimage} ${jdkname} - mv %{jreimage} ${jrename} - - # Release images have external debug symbols - if [ "x$suffix" = "x" ] ; then - # Keep the unstripped version for consumption by RHEL RPMs - tar -cJf ${unstrippedarchive} ${jdkname} - genchecksum ${unstrippedarchive} - - # Strip the files - for file in $(find ${jdkname} ${jrename} -type f) ; do - if file ${file} | grep -q 'ELF'; then - noextfile=${file/.so/}; - objcopy --only-keep-debug ${file} ${noextfile}.debuginfo; - objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file}; - strip -g ${file}; - fi - done - - tar -cJf ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo) - genchecksum ${debugjdkarchive} - tar -cJf ${debugjrearchive} $(find ${jrename} -name \*.debuginfo) - genchecksum ${debugjrearchive} - - mkdir ${docname} - mv ${docdir} ${docname} - mv ${bundledir}/${built_doc_archive} ${docname} - tar -cJf ${docarchive} ${docname} - genchecksum ${docarchive} - - mkdir ${miscname} - for s in 16 24 32 48 ; do - cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname} - done - tar -cJf ${miscarchive} ${miscname} - genchecksum ${miscarchive} - fi - - tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname} - genchecksum ${jdkarchive} - - tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename} - genchecksum ${jrearchive} - - # Revert directory renaming so testing will run - # TODO: testing should run on the packaged JDK - mv ${jdkname} %{jdkimage} - mv ${jrename} %{jreimage} - - popd #images -} - -%if %{build_hotspot_first} - # Build a fresh libjvm.so first and use it to bootstrap - cp -LR --preserve=mode,timestamps %{bootjdk} newboot - systemjdk=$(pwd)/newboot - buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" "internal" - mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server -%else - systemjdk=%{bootjdk} -%endif - -for suffix in %{build_loop} ; do - - if [ "x$suffix" = "x" ] ; then - debugbuild=release - else - # change --something to something - debugbuild=`echo $suffix | sed "s/-//g"` - fi - # We build with internal debug symbols and do - # our own stripping for one version of the - # release build - debug_symbols=internal - - builddir=%{buildoutputdir -- ${suffix}} - bootbuilddir=boot${builddir} - installdir=%{installoutputdir -- ${suffix}} - bootinstalldir=boot${installdir} - packagesdir=%{packageoutputdir -- ${suffix}} - - link_opt="%{link_type}" -%if %{system_libs} - # Copy the source tree so we can remove all in-tree libraries - cp -a %{top_level_dir_name} %{top_level_dir_name_backup} - # Remove all libraries that are linked - sh %{SOURCE12} %{top_level_dir_name} full -%endif - # Debug builds don't need same targets as release for - # build speed-up. We also avoid bootstrapping these - # slower builds. - if echo $debugbuild | grep -q "debug" ; then - maketargets="%{debug_targets}" - run_bootstrap=false - else - maketargets="%{release_targets}" - run_bootstrap=%{bootstrap_build} - fi - if ${run_bootstrap} ; then - buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols} - installjdk ${bootbuilddir} ${bootinstalldir} - buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} - installjdk ${builddir} ${installdir} - %{!?with_artifacts:rm -rf ${bootinstalldir}} - else - buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} - installjdk ${builddir} ${installdir} - fi - packagejdk ${installdir} ${packagesdir} - -%if %{system_libs} - # Restore original source tree we modified by removing full in-tree sources - rm -rf %{top_level_dir_name} - mv %{top_level_dir_name_backup} %{top_level_dir_name} -%endif - -# build cycles -done - -%check - -# We test debug first as it will give better diagnostics on a crash -for suffix in %{build_loop} ; do - -export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} - -# Check unlimited policy has been used -$JAVA_HOME/bin/javac -d . %{SOURCE13} -$JAVA_HOME/bin/java TestCryptoLevel - -# Check ECC is working -$JAVA_HOME/bin/javac -d . %{SOURCE14} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") - -# Check system crypto (policy) is active and can be disabled -# Test takes a single argument - true or false - to state whether system -# security properties are enabled or not. -$JAVA_HOME/bin/javac -d . %{SOURCE15} -export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") -export SEC_DEBUG="-Djava.security.debug=properties" -# Portable specific: set false whereas its true for upstream -$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false -$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false - -# Check correct vendor values have been set -$JAVA_HOME/bin/javac -d . %{SOURCE16} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} - -# Check java launcher has no SSB mitigation -if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi - -# Check alt-java launcher has SSB mitigation on supported architectures -%ifarch %{ssbd_arches} -nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation -%else -if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi -%endif - -# Check translations are available for new timezones -$JAVA_HOME/bin/javac -d . %{SOURCE18} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE - -# Release builds strip the debug symbols into external .debuginfo files -if [ "x$suffix" = "x" ] ; then - so_suffix="debuginfo" -else - so_suffix="so" -fi - -# Check debug symbols are present and can identify code -find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib -do - if [ -f "$lib" ] ; then - echo "Testing $lib for debug symbols" - # All these tests rely on RPM failing the build if the exit code of any set - # of piped commands is non-zero. - - # Test for .debug_* sections in the shared object. This is the main test - # Stripped objects will not contain these - eu-readelf -S "$lib" | grep "] .debug_" - test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 - - # Test FILE symbols. These will most likely be removed by anything that - # manipulates symbol tables because it's generally useless. So a nice test - # that nothing has messed with symbols - old_IFS="$IFS" - IFS=$'\n' - for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") - do - # We expect to see .cpp files, except for architectures like aarch64 and - # s390 where we expect .o and .oS files - echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$" - done - IFS="$old_IFS" - - # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking - if [ "`basename $lib`" = "libjvm.so" ]; then - eu-readelf -s "$lib" | \ - grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" - fi - - # Test that there are no .gnu_debuglink sections pointing to another - # debuginfo file. There shouldn't be any debuginfo files, so the link makes - # no sense either - eu-readelf -S "$lib" | grep 'gnu' - if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then - echo "bad .gnu_debuglink section." - eu-readelf -x .gnu_debuglink "$lib" - false - fi - fi -done - -# Make sure gdb can do a backtrace based on line numbers on libjvm.so -# javaCalls.cpp:58 should map to: -# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 -# Using line number 1 might cause build problems. See: -# https://bugzilla.redhat.com/show_bug.cgi?id=1539664 -# https://bugzilla.redhat.com/show_bug.cgi?id=1538767 -gdb -q "$JAVA_HOME/bin/java" < - 1:1.8.0.402.b06-0.1.ea -- Update to shenandoah-jdk8u402-b06 (GA) -- Update release notes for shenandoah-8u402-b06. -- Drop local copy of JDK-8312489 which is now included upstream -- Switch to GA mode. -- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. ** - -* Tue Dec 05 2023 Andrew Hughes - 1:1.8.0.402.b01-0.1.ea -- Update to shenandoah-jdk8u402-b01 (EA) -- Update release notes for shenandoah-8u402-b01. -- Switch to EA mode. -- Sync NEWS with vanilla branch version. - -* Wed Oct 11 2023 Andrew Hughes - 1:1.8.0.392.b08-1 -- Update to shenandoah-jdk8u392-b08 (GA) -- Update release notes for shenandoah-8u392-b08. -- Regenerate PR2462 patch following JDK-8315135 -- Bump version of bundled libpng to 1.6.39 -- Add backport of JDK-8312489 heading upstream for 8u402 (see OPENJDK-2095) -- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. ** - -* Fri Sep 29 2023 Andrew Hughes - 1:1.8.0.392.b01-1 -- Update to shenandoah-jdk8u392-b01 (GA) -- Update release notes for shenandoah-8u392-b01. -- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal -- Update bug URL for RHEL to point to the Red Hat customer portal -- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball - -* Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-2 -- Re-enable SystemTap support and perform only substitutions possible without final NVR available -- Include tapsets in the miscellaneous tarball -- Drop unused globals for tapset installation - -* Fri Jul 14 2023 Andrew Hughes - 1:1.8.0.382.b05-1 -- Update to shenandoah-jdk8u382-b05 (GA) -- Update release notes for shenandoah-8u382-b05. -- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. ** - -* Fri Jul 07 2023 Andrew Hughes - 1:1.8.0.382.b04-0.1.ea -- Update to shenandoah-jdk8u382-b04 (EA) -- Update release notes for shenandoah-8u382-b04. - -* Wed Jun 28 2023 Andrew Hughes - 1:1.8.0.382.b01-0.1.ea -- Update to shenandoah-jdk8u382-b01 (EA) -- Update release notes for shenandoah-8u382-b01. -- Switch to EA mode. -- Remove JDK-8271199 patch which is now upstream. -- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update) - -* Thu Apr 27 2023 Andrew Hughes - 1:1.8.0.372.b07-2 -- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8 -- Fix debug symbols flag to newboot and package naming -- Disable debug_package as we only produce tarballs -- Drop redundant removal of empty RPM_BUILD_ROOT - -* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-1 -- Update to shenandoah-jdk8u372-b07 (GA) -- Update release notes for shenandoah-8u372-b07. -- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 -- Reintroduce jconsole-plugin.patch from RHEL 9 -- Update generate_tarball.sh to add support for passing a boot JDK to the configure run -- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace -- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs -- Drop JDK-8275535/RH2053256 patch which is now upstream -- Include JDK-8271199 backport early ahead of 8u382 (RH2175317) -- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** -- Resolves: rhbz#2185182 -- Resolves: rhbz#2175317 - -* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.362.b09-2 -- Reintroduce generate_source_tarball.sh from RHEL 9 - -* Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-1 -- Update to shenandoah-jdk8u352-b09 (GA) -- Update release notes for shenandoah-8u352-b09. -- Sync system cacerts support with RHEL 9, disabling using -Dsecurity.systemCACerts= -- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - -* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-4 -- Build with internal debuginfo as in RHEL and then create a stripped variant ourselves for the portable release build -- Restore compiler flags to those used in RHEL -- Remove 8u portable only debug check using nm -aCl which takes a very long time and seems to be duplicated by other checks -- Add docs & icons to the portable output -- Make sure generated checksums work and don't include full path -- The docs directory is a top-level directory on OpenJDK 8, so needs to be moved to the install directory separately - -* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-3 -- Separate JDK packaging into a separate function -- Use variables to make it clearer what is going on -- Use a package output directory as we do for building and installing - -* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-2 -- Adapt the portable build to use the same system library handling as RHEL builds - -* Fri Jan 13 2023 Andrew Hughes - 1:1.8.0.362.b08-1 -- Update to shenandoah-jdk8u352-b08 (GA) -- Update release notes for shenandoah-8u352-b08. -- Fix broken links and missing release notes in older releases. -- Drop JDK-8195607/PR3776/RH1760437 now this is upstream -- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 -- Drop tzdata patches for 2022d & 2022e (JDK-8294357 & JDK-8295173) which are now upstream -- Update TestTranslations.java to test the new America/Ciudad_Juarez zone -- Drop RH1163501 patch which is not upstream or in 11, 17 & 19 packages and seems obsolete - - Patch was broken by inclusion of "JDK-8293554: Enhanced DH Key Exchanges" - - Patch was added for a specific corner case of a 4096-bit DH key on a Fedora host that no longer exists - - Fedora now appears to be using RSA and the JDK now supports ECC in preference to large DH keys -- Resolves: rhbz#2160111 - -* Fri Oct 14 2022 Andrew Hughes - 1:1.8.0.352.b08-1 -- Update to shenandoah-jdk8u352-b08 (GA) -- Update release notes for shenandoah-8u352-b08. -- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 -- Add test to ensure timezones can be translated -- Rebase FIPS patch against 8u352-b07 -- * This tarball is embargoed until 2022-10-18 @ 1pm PT. * -- Resolves: rhbz#2133695 - -* Mon Aug 29 2022 Jayashree Huttanagoudar - 1:1.8.0.345.b01-2 -- Added some previously missing piece related to flatpack builds in portable spec -- The change went into upstream branch in 8u292-b10(GA) itself - -* Mon Aug 29 2022 Stephan Bergmann - 1:1.8.0.345.b01-2 -- Disable copy-jdk-configs for Flatpak builds -- Fix flatpak builds by exempting them from bootstrap -- Resolves: rhbz#2102727 - -* Wed Aug 03 2022 Andrew Hughes - 1:1.8.0.345.b01-1 -- Update to shenandoah-jdk8u345-b01 (GA) -- Update release notes for 8u345-b01. -- Resolves: rhbz#2112405 - -* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b07-1 -- Update to shenandoah-jdk8u342-b07 (GA) -- Update release notes for shenandoah-8u342-b07. -- Print release file during build, which should now include a correct SOURCE value from .src-rev -- Include script to generate bug list for release notes -- Update tzdata requirement to 2022a to match JDK-8283350 -- Rebase JDK-8186464 patch so it applies after JDK-8190753 -- Switch to GA mode for final release. -- This tarball is embargoed until 2022-07-19 @ 1pm PT. -- Resolves: rhbz#2106502 - -* Sun Jul 17 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-5 -- System security properties are disabled by default on portable. -- Commented out lines which are not applicable for portable. -- Commented out BR for crypto-policies for portable - -* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-5 -- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository -- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage -- * RH2090378: Revert to disabling system security properties and FIPS mode support together -- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch -- Rebase PR2888/RH2055274 cacerts patch so it applies after the current FIPS patch -- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk -- Enable system security properties in the RPM (now disabled by default in the FIPS repo) -- Improve security properties test to check both enabled and disabled behaviour -- Run security properties test with property debugging on -- Explicitly require crypto-policies during build and runtime for system security properties -- Resolves: rhbz#2097152 -- Resolves: rhbz#2100675 - -* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-4 -- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode -- Resolves: rhbz#2102435 - -* Thu May 19 2022 Jiri Vanek - 1:1.8.0.332.b09-3 -- to pass aqa: -- removed copy system tzdb in favour of in-tree -- removed Patch3: rh1648644-java_access_bridge_privileged_security.patch -- This is not intended to release untill we decide proper steps - -* Wed May 11 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-2 -- Add some missing chunk in %check from upstream spec. - -* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b09-1 -- Update to shenandoah-jdk8u332-b09 (GA) -- Update release notes for 8u332-b09. -- Switch to GA mode for final release. -- This tarball is embargoed until 2022-04-19 @ 1pm PT. -- Resolves: rhbz#2073422 - -* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.2.ea -- Allow the default keystore to be configured using security.systemCACerts -- Use of the property can now be disabled using -Djava.security.disableSystemCACerts=true -- Commented out the configuration line for RHEL which is NA for portable. -- Resolves: rhbz#2055274 - -* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.1.ea -- Update to shenandoah-jdk8u332-b06 (EA) -- Update release notes for shenandoah-8u332-b06. -- Minor corrections to previous changelog entry. -- Resolves: rhbz#2047536 - -* Sun Apr 17 2022 Andrew Hughes - 1:1.8.0.332.b01-0.1.ea -- Update to shenandoah-jdk8u332-b01 (EA) -- Update release notes for shenandoah-8u332-b01. -- Switch to EA mode. -- Remove JDK-8279077 patch now upstream. -- Related: rhbz#2047536 - -* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-10 -- Add JDK-8275535 patch to fix LDAP authentication issue. -- Resolves: rhbz#2053285 - -* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-9 -- Detect NSS at runtime for FIPS detection -- Resolves: rhbz#2052828 - -* Mon Feb 21 2022 Andrew Hughes - 1:1.8.0.322.b06-8 -- Refactor build functions so we can build just HotSpot without any attempt at installation. -- Introduce architecture restriction logic for the gdb test. (RH2041970) -- Pass compiler flags to the ADLC build (JDK-8281098) -- Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 -- Explicitly list JIT architectures rather than relying on those with slowdebug builds -- Disable the serviceability agent on Zero architectures even when the architecture itself is supported -- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds -- Sync minor placement differences with Fedora & RHEL 9 -- Resolves: rhbz#2022815 - -* Mon Jan 31 2022 Andrew Hughes - 1:1.8.0.322.b06-7 -- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. -- Related: rhbz#2022815 - -* Fri Jan 28 2022 Andrew Hughes - 1:1.8.0.322.b06-6 -- Reduce disk footprint by removing build artifacts by default. -- Related: rhbz#1999937 - -* Thu Jan 27 2022 Jayashree Huttanagoudar - 1:1.8.0.322.b06-5 -- Add some diagnostic messages to buildjdk() -- Add missing chmod instructions to buildjdk() - -* Thu Jan 27 2022 Andrew Hughes - 1:1.8.0.322.b06-5 -- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. -- Resolves: rhbz#1966233 - -* Tue Jan 25 2022 Andrew Hughes - 1:1.8.0.322.b06-4 -- Install nss.cfg and nss.fips.cfg into portable images. -- Consistently make use of jdkimage and jreimage variables. - -* Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-3 -- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent - -* Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-2 -- Fix FIPS issues in native code and with initialisation of java.security.Security -- Related: rhbz#2039366 - -* Fri Jan 21 2022 Andrew Hughes - 1:1.8.0.322.b06-1 -- Update to aarch64-shenandoah-jdk8u322-b06 (EA) -- Update release notes for 8u322-b06. -- Switch to GA mode for final release. -- Resolves: rhbz#2039366 - -* Thu Jan 20 2022 Andrew Hughes - 1:1.8.0.322.b05-0.1.ea -- Update to aarch64-shenandoah-jdk8u322-b05 (EA) -- Update release notes for 8u322-b05. -- Require tzdata 2021e as of JDK-8275766. -- Update tarball generation script to use git following shenandoah-jdk8u's move to github -- Resolves: rhbz#2022815 - -* Tue Jan 18 2022 Andrew Hughes - 1:1.8.0.322.b04-0.2.ea -- Add backport of JDK-8279077 to fix crash on ppc64 -- Resolves: rhbz#2030399 - -* Mon Jan 10 2022 Andrew Hughes - 1:1.8.0.322.b04-0.1.ea -- Update to aarch64-shenandoah-jdk8u322-b04 (EA) -- Update release notes for 8u322-b04. -- Require tzdata 2021c as of JDK-8274407. -- Related: rhbz#2022815 - -* Fri Jan 07 2022 Andrew Hughes - 1:1.8.0.322.b03-0.1.ea -- Update to aarch64-shenandoah-jdk8u322-b03 (EA) -- Update release notes for 8u322-b03. -- Related: rhbz#2022815 - -* Fri Dec 17 2021 Andrew Hughes - 1:1.8.0.322.b02-0.1.ea -- Update to aarch64-shenandoah-jdk8u322-b02 (EA) -- Update release notes for 8u322-b02. -- Related: rhbz#2022815 - -* Tue Dec 14 2021 Andrew Hughes - 1:1.8.0.322.b01-0.1.ea -- Update to aarch64-shenandoah-jdk8u322-b01 (EA) -- Update release notes for 8u322-b01. -- Switch to EA mode. -- Related: rhbz#2022815 - -* Tue Dec 14 2021 Jayashree Huttanagoudar - 1:1.8.0.322.b01-0.1.ea -- Typo correction to the previous commit for restructuring the build. - -* Mon Dec 06 2021 Severin Gehwolf - 1:1.8.0.312.b07-5 -- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy - secmod.db file as part of nss -- Resolves: rhbz#2023532 - -* Mon Nov 22 2021 Jayashree Huttanagoudar - 1:1.8.0.312.b07-4 -- Fixed warnings for bogus date and macro expansion in comment line. - -* Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-3 -- added and enabled nss.cfg (source11: nss.cfg.in + patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch) -- added and enabled fips patches and nss.fips.cfg -- added and enabled source15: TestSecurityProperties.java test -- enabled patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch -- enabled patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch -- source17: nss.fips.cfg.in,patch1001: rh1655466-global_crypto_and_fips.patch - patch1001: rh1655466-global_crypto_and_fips.patch - patch1002: rh1818909-fips_default_keystore_type.patch patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch - patch1005: rh1915071-always_initialise_configurator_access.patch patch1006: rh1929465-improve_system_FIPS_detection-root.patch - patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch - patch1008: rh1996182-login_to_nss_software_token.patch patch1011: rh1991003-enable_fips_keys_import.patch - patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch -- Disable FIPS mode detection using NSS in favour of using /proc/sys/crypto/fips_enabled for now, so we don't link against NSS --- effectively disabled Patch1008: rh1929465-improve_system_FIPS_detection.patch by settng --enable-sysconf-nss to --disable-sysconf-nss --- the enable-sysconf-nss was bringing in hard depndence on nss. Without nss, even in non fips, jvm had not even started -- introduced ssbd_arches to have properly tested alt-java --- added forgotten test for alt-java -- removed bad redeclaration of fastdebug_arches -- made TestECDSA non fatal, started to fail. Locally passed. TODO, fix - -* Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-2 -- cacerts symlink is resolved before passed to configure -- https://issues.redhat.com/browse/OPENJDK-487 - -* Fri Oct 15 2021 Andrew Hughes - 1:1.8.0.312.b07-1 -- Update to aarch64-shenandoah-jdk8u312-b07 (EA) -- Update release notes for 8u312-b07. -- Switch to GA mode for final release. -- This tarball is embargoed until 2021-10-19 @ 1pm PT. -- Resolves: rhbz#2011826 - -* Mon Oct 04 2021 Jiri Vanek - 1:1.8.0.302.b08-2 -- fixed bugzilla component. It was pointing to java-x-vendor-portable due to recent rename - -* Mon Aug 16 2021 Jiri Vanek - 1:1.8.0.302.b08-1 -- renamed to java-1.8.0-openjdk-portable -- adapted pacakges to not contain double portbale in name - -* Fri Jul 16 2021 Andrew Hughes - 1:1.8.0.302.b08-0 -- Update to aarch64-shenandoah-jdk8u302-b08 (EA) -- Update release notes for 8u302-b08. -- Switch to GA mode for final release. -- This tarball is embargoed until 2021-07-20 @ 1pm PT. -- added forgotten patch107 s390-8214206_fix.patch - -* Thu Jul 01 2021 Jiri Vanek - 1:1.8.0.302.b03-0.1.ea -- returned two wrongly removed patches -- returned and applied patch541 rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch -- returned and applied patch12 jdk8186464-rh1433262-zip64_failure.patch - -* Sun Jun 27 2021 Andrew Hughes - 1:1.8.0.302.b03-0.0.ea -- Update to aarch64-shenandoah-jdk8u302-b03 (EA) -- Update release notes for 8u302-b03. -- Resolves: rhbz#1967812 - -* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b10-1 -- Add CVE numbers. -- Require tzdata 2021a due to JDK-8260356 -- Resolves: rhbz#1938201 - -* Thu Apr 08 2021 Andrew Hughes - 1:1.8.0.292.b10-0 -- Update to aarch64-shenandoah-jdk8u292-b10 (GA) -- Update release notes for 8u292-b10. -- This tarball is embargoed until 2021-04-20 @ 1pm PT. -- Resolves: rhbz#1938201 - -* Thu Apr 08 2021 Stephan Bergmann - 1:1.8.0.292.b10-0 -- Hardcode /usr/sbin/alternatives for Flatpak builds -- Resolves: rhbz#1967813 - -* Tue Mar 30 2021 Andrew Hughes - 1:1.8.0.292.b09-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b09 (EA) -- Update release notes for 8u292-b09. -- Resolves: rhbz#1938081 - -* Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b08-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b08 (EA) -- Update release notes for 8u292-b08. -- Resolves: rhbz#1938081 - -* Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b07-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b07 (EA) -- Update release notes for 8u292-b07. -- Resolves: rhbz#1938081 - -* Mon Mar 22 2021 Andrew Hughes - 1:1.8.0.292.b06-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b06 (EA) -- Update release notes for 8u292-b06. -- Require tzdata 2020f due to JDK-8259048 -- Resolves: rhbz#1938081 - -* Mon Mar 15 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b05-0.1.ea -- Remove patch s390-8214206_fix.patch as portable is not built for s390. - -* Mon Mar 15 2021 Andrew Hughes - 1:1.8.0.292.b05-0.1.ea -- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA). -- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11. - -* Mon Mar 08 2021 Andrew Hughes - 1:1.8.0.292.b05-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b05 (EA) -- Update release notes for 8u292-b05. - -* Fri Mar 05 2021 Andrew Hughes - 1:1.8.0.292.b04-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b04 (EA) -- Update release notes for 8u292-b04. - -* Thu Mar 04 2021 Andrew Hughes - 1:1.8.0.292.b03-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b03 (EA) -- Update release notes for 8u292-b03. - -* Tue Mar 02 2021 Andrew Hughes - 1:1.8.0.292.b02-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b02 (EA) -- Update release notes for 8u292-b02. - -* Fri Feb 12 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b01-0.0.ea -- Update tzdata-java from 2020b to 2021a - -* Fri Feb 12 2021 Andrew Hughes - 1:1.8.0.292.b01-0.0.ea -- Update to aarch64-shenandoah-jdk8u292-b01 (EA) -- Update release notes for 8u292-b01. -- Switch to EA mode. - -* Thu Feb 4 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-4 -- Changes to generate sha256sum for each linux-portable build artifacts inside RPM - -* Mon Jan 25 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-3 -- Cleanup package summary for fastdebug and slowdebug. -- Resolves: rhbz#1908963 - -* Mon Jan 25 2021 Andrew Hughes - 1:1.8.0.282.b08-2 -- Cleanup package descriptions and version number placement. -- Resolves: rhbz#1908963 - -* Mon Jan 18 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-1 -- Fix to address the extra src.zip bundled inside jdk tarball. - -* Sat Jan 16 2021 Andrew Hughes - 1:1.8.0.282.b08-0 -- Update to aarch64-shenandoah-jdk8u282-b08 (GA) -- Update release notes for 8u282-b08. -- This tarball is embargoed until 2021-01-19 @ 1pm PT. -- Resolves: rhbz#1908963 - -* Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b07-0.0.ea -- Update to aarch64-shenandoah-jdk8u282-b07 (EA) -- Update release notes for 8u282-b07. -- Fix placement issue in release notes, caught by comparing with vanilla version. -- Resolves: rhbz#1903904 - -* Wed Jan 13 2021 Andrew Hughes - 1:1.8.0.282.b06-0.0.ea -- Update to aarch64-shenandoah-jdk8u282-b06 (EA) -- Update release notes for 8u282-b06. -- Resolves: rhbz#1903903 - -* Mon Jan 11 2021 Andrew Hughes - 1:1.8.0.282.b05-0.0.ea -- Update to aarch64-shenandoah-jdk8u282-b05 (EA) -- Update release notes for 8u282-b05 and make some minor corrections. -- Resolves: rhbz#1903903 - -* Fri Jan 08 2021 Jiri Vanek - 1:1.8.0.282.b04-0.1.ea -- added patch600, rh1750419-redhat_alt_java.patch -- Replaced alt-java palceholder by real pathced alt-java -- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch -- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch -- both suprassed by new patch -- Resolves: rhbz#1750419 - -* Wed Jan 06 2021 Andrew Hughes - 1:1.8.0.282.b04-0.0.ea -- Update to aarch64-shenandoah-jdk8u282-b04 (EA) -- Update release notes for 8u282-b04. -- Remove upstreamed patch PR3519 -- Resolves: rhbz#1903903 - -* Sat Jan 02 2021 Andrew Hughes - 1:1.8.0.282.b03-0.0.ea -- Update to aarch64-shenandoah-jdk8u282-b03 (EA) -- Update release notes for 8u282-b03. -- Resolves: rhbz#1903903 - -* Wed Dec 23 2020 Andrew Hughes - 1:1.8.0.282.b02-0.0.ea -- Update to aarch64-shenandoah-jdk8u282-b02 (EA) -- Resolves: rhbz#1903903 - -* Tue Dec 22 2020 Jayashree Huttanagoudar - 1:1.8.0.282.b01-0.0.ea -- Remove upstreamed JDK-8252395 & JDK-8252975. - -* Tue Dec 22 2020 Andrew Hughes - 1:1.8.0.282.b01-0.0.ea -- Update to aarch64-shenandoah-jdk8u282-b01 (EA) -- Update release notes for 8u282-b01. -- Switch to EA mode. -- Require tzdata 2020b due to resource changes in JDK-8254177 -- Remove PR3601, covered upstream by JDK-8062808. -- Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727. -- Resolves: rhbz#1903903 - -* Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-3 -- Included patch to handle '--without fastdebug' option to mockbuild - -* Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-2 -- Align fastdebug/slowdebug changes with upstream rhel-8.4.0 spec - -* Tue Dec 01 2020 Jiri Vanek - 1:1.8.0.275.b01-1 -- added br of listdc++-static -- removed patch998 rh1649731-allow_to_build_on_rhel6_with_stdcpplib_autotools_2_63.patch -- removed patch999 gcc-4.4.7-x86-32-siphash64.patch -- initial on-el7 build (more tuning expected) - -* Fri Nov 06 2020 Andrew Hughes - 1:1.8.0.275.b01-0 -- Update to aarch64-shenandoah-jdk8u275-b01 (GA) -- Update release notes for 8u275. -- Resolves: rhbz#1895062 - -* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-3 -- Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour" -- Resolves: rhbz#1876665 - -* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-2 -- Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 -- Resolves: rhbz#1876665 - -* Tue Oct 20 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b10-1 -- Added patch to apply tzdata 2020b - -* Sat Oct 17 2020 Andrew Hughes - 1:1.8.0.272.b10-0 -- Update to aarch64-shenandoah-jdk8u272-b10. -- Switch to GA mode for final release. -- Update release notes for 8u272 release. -- Add backport of JDK-8254177 to update to tzdata 2020b -- Require tzdata 2020b due to resource changes in JDK-8254177 -- Delay tzdata 2020b dependency until tzdata update has shipped. -- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 -- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 -- This tarball is embargoed until 2020-10-20 @ 1pm PT. -- Resolves: rhbz#1876665 - -* Thu Oct 15 2020 Andrew Hughes - 1:1.8.0.272.b09-0.1.ea -- Include a test in the RPM to check the build has the correct vendor information. -- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. -- Improve quoting of vendor name -- Resolves: rhbz#1876665 - -* Thu Oct 15 2020 Jiri Vanek - 1:1.8.0.272.b09-0.1.ea -- Set vendor property and vendor URLs -- Made URLs to be preconfigured by OS -- Resolves: rhbz#1876665 - -* Wed Oct 14 2020 Andrew Hughes - 1:1.8.0.272.b09-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b09 (EA). -- Resolves: rhbz#1876665 - -* Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b08-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b08 (EA). -- Resolves: rhbz#1876665 - -* Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b07-0.5.ea -- Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR -- Resolves: rhbz#1876665 - -* Wed Sep 23 2020 Andrew Hughes - 1:1.8.0.272.b07-0.4.ea -- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes. -- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch. - -* Wed Sep 23 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.3.ea -- Placed upstream patches JDK-8252395 and JDK-8252975 under separate section -- So that these patches can be dropped easily once they are available in 8u282 GA release - -* Thu Sep 17 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.2.ea -- Added upstream patches for JDK-8252395 and JDK-8252975 -- JDK-8252395: To ensure debuginfo files get properly copied to the images directory -- JDK-8252975: Is to fix the build failure due to JDK-8252395 - -* Tue Sep 08 2020 Andrew Hughes - 1:1.8.0.272.b07-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b07. - -* Thu Sep 03 2020 Andrew Hughes - 1:1.8.0.272.b06-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b06. - -* Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea -- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 - -* Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea -- Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. - -* Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea -- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 - -* Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b05. -- Fix context in JDK-8186464/RH1433262 patch, following JDK-8078334 @randomness tag addition. - -* Wed Aug 19 2020 Andrew Hughes - 1:1.8.0.272.b04-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b04. - -* Mon Aug 17 2020 Andrew Hughes - 1:1.8.0.272.b03-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b03. - -* Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea -- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. - -* Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b02. -- Remove JDK-8154313 backport now applied upstream. - -* Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea -- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. - -* Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea -- Update to aarch64-shenandoah-jdk8u272-b01. -- Switch to EA mode. -- Remove ZipConstants change from JDK-8186464 backport, now provided upstream by JDK-8075774 - -* Mon Jul 27 2020 Andrew Hughes - 1:1.8.0.265.b01-0 -- Update to aarch64-shenandoah-jdk8u265-b01. -- Update release notes for 8u265 release. -- Resolves: rhbz#1860453 - -* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 -- Introduce jfr_arches for architectures which support JFR. -- Resolves: rhbz#1838811 - -* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 -- Update to aarch64-shenandoah-jdk8u262-b10. -- Switch to GA mode for final release. -- Update release notes for 8u262 release. -- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. -- Split JDK-8042159 patch into per-repo patches as upstream. -- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk -- Resolves: rhbz#1838811 - -* Sat Jul 11 2020 Andrew Hughes - 1:1.8.0.262.b09-0.3.ea -- Restructure the build so a minimal initial build is then used for the final build (with docs) -- This reduces pressure on the system JDK and ensures the JDK being built can do a full build -- Resolves: rhbz#1838811 - -* Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea -- Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 -- Resolves: rhbz#1838811 - -* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea -- Sync alt-java support with java-11-openjdk version. -- Resolves: rhbz#1838811 - -* Wed Jul 08 2020 Jiri Vanek - 1:1.8.0.262.b09-0.2.ea -- Created copy of java as alt-java and adapted alternatives and man pages -- Resolves: rhbz#1838811 - -* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b09. -- Resolves: rhbz#1838811 - -* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b08-0.3.ea -- Update to aarch64-shenandoah-jdk8u262-b08. -- Resolves: rhbz#1838811 - -* Tue Jul 07 2020 Andrew Hughes - 1:1.8.0.262.b07-0.2.ea -- Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. -- Resolves: rhbz#1838811 - -* Fri Jul 03 2020 Andrew Hughes - 1:1.8.0.262.b07-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b07. -- Require tzdata 2020a so system tzdata matches resource updates in b07 -- Resolves: rhbz#1838811 - -* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b06-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b06. -- Resolves: rhbz#1838811 - -* Mon Jun 08 2020 Jayashree Huttanagoudar - 1:1.8.0.262.b05-0.4.ea -- Removed patch jdk8243541-rh1838229-tzdata2020a.patch -- Portabel builds use upstream tzddb.dat, and we expect it to be synced with jdk code - -* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.4.ea -- Backport JDK-8186464 so ZIP64 archives < 4GB can be read. -- Resolves: rhbz#1433262 - -* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.3.ea -- Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. -- Resolves: rhbz#1838811 - -* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.2.ea -- Backport JDK-8243541 & require tzdata 2020a as latest tzdata package needs resource updates -- Resolves: rhbz#1838229 - -* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b05-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b05. -- Remove backports of JDK-8227269 & JDK-8241750 included upstream in 8u262-b05. -- Resolves: rhbz#1838811 - -* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b04-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b04. -- Resolves: rhbz#1838811 - -* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b03-0.2.ea -- Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. -- Resolves: rhbz#1838811 - -* Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b03-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b03. -- Resolves: rhbz#1838811 - -* Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b02-0.2.ea -- Enable JFR in our builds, ahead of upstream default. -- Only enable JFR for JIT builds, as it is not supported with Zero. -- Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. -- Resolves: rhbz#1838811 - -* Wed Jun 03 2020 Andrew Hughes - 1:1.8.0.262.b02-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b02. -- Resolves: rhbz#1838811 - -* Sun May 24 2020 Andrew Hughes - 1:1.8.0.262.b01-0.1.ea -- Update to aarch64-shenandoah-jdk8u262-b01. -- Switch to EA mode. -- Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR - -* Sat May 23 2020 Andrew John Hughes - 1:1.8.0.252.b09-4 -- Add backports of JDK-8227269 & JDK-8241750 to resolve slow class loading with JDWP enabled. -- Resolves: rhbz#1751985 - -* Tue Apr 14 2020 Andrew Hughes - 1:1.8.0.252.b09-2 -- Add release notes. -- Resolves: rhbz#1810557 - -* Sun Apr 12 2020 Andrew Hughes - 1:1.8.0.252.b09-1 -- Make use of --with-extra-asflags introduced in jdk8u252-b01. -- Resolves: rhbz#1810557 - -* Mon Apr 06 2020 Andrew Hughes - 1:1.8.0.252.b09-0 -- Update to aarch64-shenandoah-jdk8u252-b09. -- Switch to GA mode for final release. -- Resolves: rhbz#1810557 - -* Fri Mar 27 2020 Andrew Hughes - 1:1.8.0.252.b08-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b08. -- Resolves: rhbz#1810557 - -* Tue Mar 24 2020 Andrew Hughes - 1:1.8.0.252.b07-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b07. -- Resolves: rhbz#1810557 - -* Mon Mar 16 2020 Andrew Hughes - 1:1.8.0.252.b06-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b06. -- Resolves: rhbz#1810557 - -* Fri Feb 28 2020 Andrew Hughes - 1:1.8.0.252.b05-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b05. -- Resolves: rhbz#1810557 - -* Mon Feb 24 2020 Andrew Hughes - 1:1.8.0.252.b04-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b04. -- Resolves: rhbz#1810557 - -* Wed Feb 19 2020 Andrew Hughes - 1:1.8.0.252.b03-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b03. -- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 -- Resolves: rhbz#1810557 - -* Tue Feb 04 2020 Andrew Hughes - 1:1.8.0.252.b02-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b02. -- Resolves: rhbz#1810557 - -* Mon Jan 27 2020 Andrew Hughes - 1:1.8.0.252.b01-0.0.ea -- Update to aarch64-shenandoah-jdk8u252-b01. -- Switch to EA mode. -- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change -- Resolves: rhbz#1810557 - -* Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-3 -- get rid of openjdkportable in favour of el - -* Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-2 -- renamed static to more accurate portable - -* Wed Jan 15 2020 Jiri Vanek - 1:1.8.0.242.b08-1 -- sync with rhel 8.1 - -* Tue Oct 15 2019 Jiri Vanek - 1:1.8.0.232.b09-0 -- Update to aarch64-shenandoah-jdk8u232-b09. -- Switch to GA mode for final release. -- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. - -* Mon Oct 07 2019 Jiri Vanek - 1:1.8.0.232.b01-0.0.ea -- Update to aarch64-shenandoah-jdk8u232-b01. -- Switch to EA mode. -- Drop JDK-8210761/RH1632174 as now upstream. -- Drop JDK-8223219 as now upstream. - -* Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-4 -- for release, build debugsymbols to special archive - -* Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-3 -- filtered out -g from extra flags - -* Thu Jul 11 2019 Andrew Hughes - 1:1.8.0.222.b10-1 -- Update to aarch64-shenandoah-jdk8u222-b10. -- Resolves: rhbz#1724452 - -* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 -- Use normal_suffix for Javadoc zip filename to copy, as there is is no debug version. -- Resolves: rhbz#1724452 - -* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 -- Provide Javadoc debug subpackages for now, but populate them from the normal build. -- Resolves: rhbz#1724452 - -* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-1 -- Update to aarch64-shenandoah-jdk8u222-b09. -- Switch to GA mode for final release. -- Resolves: rhbz#1724452 - -* Tue Jul 02 2019 Andrew Hughes - 1:1.8.0.222.b08-0.1.ea -- Update to aarch64-shenandoah-jdk8u222-b08. -- Adjust PR3083/RH134640 to apply after JDK-8182999 -- Resolves: rhbz#1724452 - -* Tue Jul 02 2019 Severin Gehwolf - 1:1.8.0.222.b07-0.3.ea -- Include 'ea' designator in Release when appropriate. -- Resolves: rhbz#1724452 - -* Wed Jun 26 2019 Severin Gehwolf - 1:1.8.0.222.b07-2 -- Don't produce javadoc/javadoc-zip sub packages for the debug variant build. -- Don't perform a bootcycle build for the debug variant build. -- Resolves: rhbz#1724452 - -* Tue Jun 25 2019 Andrew Hughes - 1:1.8.0.222.b07-1 -- Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13. -- Resolves: rhbz#1724452 - -* Fri Jun 14 2019 Andrew Hughes - 1:1.8.0.222.b06-1 -- Update to aarch64-shenandoah-jdk8u222-b06. -- Resolves: rhbz#1724452 - -* Thu Jun 06 2019 Andrew Hughes - 1:1.8.0.222.b05-1 -- Update to aarch64-shenandoah-jdk8u222-b05. -- Resolves: rhbz#1724452 - -* Sat May 25 2019 Andrew Hughes - 1:1.8.0.222.b04-1 -- Update to aarch64-shenandoah-jdk8u222-b04. -- Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream. -- Resolves: rhbz#1705328 - -* Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 -- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. -- Drop unused use_shenandoah_hotspot variable. -- Resolves: rhbz#1705328 - -* Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 -- Update to aarch64-shenandoah-jdk8u222-b03. -- Set milestone to "ea" as this is not the final release. -- Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u. -- Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes. -- Resolves: rhbz#1705328 - -* Mon May 13 2019 Andrew Hughes - 1:1.8.0.222.b02-1 -- Update to aarch64-shenandoah-jdk8u222-b02. -- Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100). -- Resolves: rhbz#1705328 - -* Thu May 02 2019 Andrew Hughes - 1:1.8.0.222.b01-1 -- Update to aarch64-shenandoah-jdk8u222-b01. -- Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575. -- Drop 8171000, 8197546 & PR3634 as applied upstream. -- Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp -- Resolves: rhbz#1705328 - -* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-1 -- Update to aarch64-shenandoah-jdk8u212-b04. -- Resolves: rhbz#1693468 - -* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b03-0 -- Update to aarch64-shenandoah-jdk8u212-b03. -- Resolves: rhbz#1693468 - -* Tue Apr 09 2019 Andrew Hughes - 1:1.8.0.212.b02-0 -- Update to aarch64-shenandoah-jdk8u212-b02. -- Remove patches included upstream - - JDK-8197429/PR3546/RH153662{2,3} - - JDK-8184309/PR3596 -- Re-generate patches - - JDK-8203030 -- Add casts to resolve s390 ambiguity in calls to log2_intptr -- Resolves: rhbz#1693468 - -* Sun Apr 07 2019 Andrew Hughes - 1:1.8.0.202.b08-0 -- Update to aarch64-shenandoah-jdk8u202-b08. -- Remove patches included upstream - - JDK-8211387/PR3559 - - JDK-8073139/PR1758/RH1191652 - - JDK-8044235 - - JDK-8131048/PR3574/RH1498936 - - JDK-8164920/PR3574/RH1498936 -- Resolves: rhbz#1693468 - -* Thu Apr 04 2019 Andrew Hughes - 1:1.8.0.201.b13-0 -- Update to aarch64-shenandoah-jdk8u201-b13. -- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream. -- Resolves: rhbz#1693468 - -* Tue Apr 02 2019 Severin Gehwolf - 1:1.8.0.201.b09-3 -- Update patch for RH1566890. - - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to - rh1566890-CVE_2018_3639-speculative_store_bypass.patch - - Added dependent patch, - rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch -- Resolves: rhbz#1693468 - -* Tue Mar 12 2019 Jiri Vanek - 1:1.8.0.201.b09-2 -- name adapted to current tag - -* Thu Feb 28 2019 Jiri Vanek jvanek@redhat.com - 1:1.8.0.201.b09-2 -- Replaced pcsc-lite-devel (which is in optional channel) with pcsc-lite-libs. -- added rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch to make jdk work with pcsc - -* Tue Feb 26 2019 Jiri Vanek - 1:1.8.0.201.b09-0 -- cripled rpms original specto roduce only portable build -- Resolves: rhbz#1661577 diff --git a/SOURCES/jdk8186464-rh1433262-zip64_failure.patch b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch new file mode 100644 index 0000000..572a36e --- /dev/null +++ b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch @@ -0,0 +1,286 @@ +# HG changeset patch +# User sherman +# Date 1505950914 25200 +# Wed Sep 20 16:41:54 2017 -0700 +# Node ID 723486922bfe4c17e3f5c067ce5e97229842fbcd +# Parent c8ac05bbe47771b3dafa2e7fc9a95d86d68d7c07 +8186464: ZipFile cannot read some InfoZip ZIP64 zip files +Reviewed-by: martin + +diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +index 26e2a5bf9e9..2630c118817 100644 +--- openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java ++++ openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +@@ -92,6 +92,7 @@ public class ZipFileSystem extends FileSystem { + private final boolean createNew; // create a new zip if not exists + private static final boolean isWindows = + System.getProperty("os.name").startsWith("Windows"); ++ private final boolean forceEnd64; + + // a threshold, in bytes, to decide whether to create a temp file + // for outputstream of a zip entry +@@ -112,12 +113,13 @@ public class ZipFileSystem extends FileSystem { + if (this.defaultDir.charAt(0) != '/') + throw new IllegalArgumentException("default dir should be absolute"); + ++ this.forceEnd64 = "true".equals(env.get("forceZIP64End")); + this.provider = provider; + this.zfpath = zfpath; + if (Files.notExists(zfpath)) { + if (createNew) { + try (OutputStream os = Files.newOutputStream(zfpath, CREATE_NEW, WRITE)) { +- new END().write(os, 0); ++ new END().write(os, 0, forceEnd64); + } + } else { + throw new FileSystemNotFoundException(zfpath.toString()); +@@ -1014,28 +1016,36 @@ public class ZipFileSystem extends FileSystem { + end.cenoff = ENDOFF(buf); + end.comlen = ENDCOM(buf); + end.endpos = pos + i; +- if (end.cenlen == ZIP64_MINVAL || +- end.cenoff == ZIP64_MINVAL || +- end.centot == ZIP64_MINVAL32) +- { +- // need to find the zip64 end; +- byte[] loc64 = new byte[ZIP64_LOCHDR]; +- if (readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR) +- != loc64.length) { +- return end; +- } +- long end64pos = ZIP64_LOCOFF(loc64); +- byte[] end64buf = new byte[ZIP64_ENDHDR]; +- if (readFullyAt(end64buf, 0, end64buf.length, end64pos) +- != end64buf.length) { +- return end; +- } +- // end64 found, re-calcualte everything. +- end.cenlen = ZIP64_ENDSIZ(end64buf); +- end.cenoff = ZIP64_ENDOFF(end64buf); +- end.centot = (int)ZIP64_ENDTOT(end64buf); // assume total < 2g +- end.endpos = end64pos; ++ // try if there is zip64 end; ++ byte[] loc64 = new byte[ZIP64_LOCHDR]; ++ if (end.endpos < ZIP64_LOCHDR || ++ readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR) ++ != loc64.length || ++ !locator64SigAt(loc64, 0)) { ++ return end; ++ } ++ long end64pos = ZIP64_LOCOFF(loc64); ++ byte[] end64buf = new byte[ZIP64_ENDHDR]; ++ if (readFullyAt(end64buf, 0, end64buf.length, end64pos) ++ != end64buf.length || ++ !end64SigAt(end64buf, 0)) { ++ return end; ++ } ++ // end64 found, ++ long cenlen64 = ZIP64_ENDSIZ(end64buf); ++ long cenoff64 = ZIP64_ENDOFF(end64buf); ++ long centot64 = ZIP64_ENDTOT(end64buf); ++ // double-check ++ if (cenlen64 != end.cenlen && end.cenlen != ZIP64_MINVAL || ++ cenoff64 != end.cenoff && end.cenoff != ZIP64_MINVAL || ++ centot64 != end.centot && end.centot != ZIP64_MINVAL32) { ++ return end; + } ++ // to use the end64 values ++ end.cenlen = cenlen64; ++ end.cenoff = cenoff64; ++ end.centot = (int)centot64; // assume total < 2g ++ end.endpos = end64pos; + return end; + } + } +@@ -1201,7 +1211,7 @@ public class ZipFileSystem extends FileSystem { + + // sync the zip file system, if there is any udpate + private void sync() throws IOException { +- //System.out.printf("->sync(%s) starting....!%n", toString()); ++ // System.out.printf("->sync(%s) starting....!%n", toString()); + // check ex-closer + if (!exChClosers.isEmpty()) { + for (ExChannelCloser ecc : exChClosers) { +@@ -1292,7 +1302,7 @@ public class ZipFileSystem extends FileSystem { + } + end.centot = elist.size(); + end.cenlen = written - end.cenoff; +- end.write(os, written); ++ end.write(os, written, forceEnd64); + } + if (!streams.isEmpty()) { + // +@@ -1849,8 +1859,8 @@ public class ZipFileSystem extends FileSystem { + long endpos; + int disktot; + +- void write(OutputStream os, long offset) throws IOException { +- boolean hasZip64 = false; ++ void write(OutputStream os, long offset, boolean forceEnd64) throws IOException { ++ boolean hasZip64 = forceEnd64; // false; + long xlen = cenlen; + long xoff = cenoff; + if (xlen >= ZIP64_MINVAL) { +@@ -1875,8 +1885,8 @@ public class ZipFileSystem extends FileSystem { + writeShort(os, 45); // version needed to extract + writeInt(os, 0); // number of this disk + writeInt(os, 0); // central directory start disk +- writeLong(os, centot); // number of directory entires on disk +- writeLong(os, centot); // number of directory entires ++ writeLong(os, centot); // number of directory entries on disk ++ writeLong(os, centot); // number of directory entries + writeLong(os, cenlen); // length of central directory + writeLong(os, cenoff); // offset of central directory + +diff --git openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c +index 5fd6fea049d..858e5814e92 100644 +--- openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c ++++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c +@@ -385,6 +385,9 @@ findEND64(jzfile *zip, void *end64buf, jlong endpos) + { + char loc64[ZIP64_LOCHDR]; + jlong end64pos; ++ if (endpos < ZIP64_LOCHDR) { ++ return -1; ++ } + if (readFullyAt(zip->zfd, loc64, ZIP64_LOCHDR, endpos - ZIP64_LOCHDR) == -1) { + return -1; // end64 locator not found + } +@@ -567,6 +570,7 @@ readCEN(jzfile *zip, jint knownTotal) + { + /* Following are unsigned 32-bit */ + jlong endpos, end64pos, cenpos, cenlen, cenoff; ++ jlong cenlen64, cenoff64, centot64; + /* Following are unsigned 16-bit */ + jint total, tablelen, i, j; + unsigned char *cenbuf = NULL; +@@ -594,13 +598,20 @@ readCEN(jzfile *zip, jint knownTotal) + cenlen = ENDSIZ(endbuf); + cenoff = ENDOFF(endbuf); + total = ENDTOT(endbuf); +- if (cenlen == ZIP64_MAGICVAL || cenoff == ZIP64_MAGICVAL || +- total == ZIP64_MAGICCOUNT) { +- unsigned char end64buf[ZIP64_ENDHDR]; +- if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) { +- cenlen = ZIP64_ENDSIZ(end64buf); +- cenoff = ZIP64_ENDOFF(end64buf); +- total = (jint)ZIP64_ENDTOT(end64buf); ++ unsigned char end64buf[ZIP64_ENDHDR]; ++ if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) { ++ // end64 candidate found, ++ cenlen64 = ZIP64_ENDSIZ(end64buf); ++ cenoff64 = ZIP64_ENDOFF(end64buf); ++ centot64 = ZIP64_ENDTOT(end64buf); ++ // double-check ++ if ((cenlen64 == cenlen || cenlen == ZIP64_MAGICVAL) && ++ (cenoff64 == cenoff || cenoff == ZIP64_MAGICVAL) && ++ (centot64 == total || total == ZIP64_MAGICCOUNT)) { ++ // to use the end64 values ++ cenlen = cenlen64; ++ cenoff = cenoff64; ++ total = (jint)centot64; + endpos = end64pos; + endhdrlen = ZIP64_ENDHDR; + } +diff --git openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +index ffe8a8ed712..9b380003893 100644 +--- openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java ++++ openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +@@ -22,7 +22,7 @@ + */ + + /* @test +- * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 ++ * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 8186464 + * @summary Make sure we can read a zip file. + @key randomness + * @run main/othervm ReadZip +@@ -31,12 +31,24 @@ + */ + + import java.io.*; ++import java.net.URI; + import java.nio.file.Files; ++import java.nio.file.FileSystem; ++import java.nio.file.FileSystems; ++import java.nio.file.Path; + import java.nio.file.Paths; + import java.nio.file.StandardCopyOption; + import java.nio.file.StandardOpenOption; ++import java.util.Collections; ++import java.util.HashMap; ++import java.util.List; ++import java.util.Map; + import java.util.zip.*; + ++import sun.misc.IOUtils; ++ ++import static java.nio.charset.StandardCharsets.US_ASCII; ++ + public class ReadZip { + private static void unreached (Object o) + throws Exception +@@ -144,8 +156,6 @@ public class ReadZip { + newZip.delete(); + } + +- +- + // Throw a FNF exception when read a non-existing zip file + try { unreached (new ZipFile( + new File(System.getProperty("test.src", "."), +@@ -153,5 +163,54 @@ public class ReadZip { + + String.valueOf(new java.util.Random().nextInt()) + + ".zip"))); + } catch (FileNotFoundException fnfe) {} ++ ++ // read a zip file with ZIP64 end ++ Path path = Paths.get(System.getProperty("test.dir", ""), "end64.zip"); ++ try { ++ URI uri = URI.create("jar:" + path.toUri()); ++ Map env = new HashMap<>(); ++ env.put("create", "true"); ++ env.put("forceZIP64End", "true"); ++ try (FileSystem fs = FileSystems.newFileSystem(uri, env)) { ++ Files.write(fs.getPath("hello"), "hello".getBytes()); ++ } ++ try (ZipFile zf = new ZipFile(path.toFile())) { ++ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("hello"))), ++ US_ASCII))) ++ throw new RuntimeException("zipfile: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ try (FileSystem fs = FileSystems.newFileSystem(uri, Collections.emptyMap())) { ++ if (!"hello".equals(new String(Files.readAllBytes(fs.getPath("hello"))))) ++ throw new RuntimeException("zipfs: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ } finally { ++ Files.deleteIfExists(path); ++ } ++ ++ // read a zip file created via "echo hello | zip dst.zip -", which uses ++ // ZIP64 end record ++ if (Files.notExists(Paths.get("/usr/bin/zip"))) ++ return; ++ try { ++ Process zip = new ProcessBuilder("zip", path.toString().toString(), "-").start(); ++ OutputStream os = zip.getOutputStream(); ++ os.write("hello".getBytes(US_ASCII)); ++ os.close(); ++ zip.waitFor(); ++ if (zip.exitValue() == 0 && Files.exists(path)) { ++ try (ZipFile zf = new ZipFile(path.toFile())) { ++ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("-")))))) ++ throw new RuntimeException("zipfile: read entry failed"); ++ } catch (IOException x) { ++ throw new RuntimeException("zipfile: zip64 end failed"); ++ } ++ } ++ } finally { ++ Files.deleteIfExists(path); ++ } + } + } diff --git a/SOURCES/jdk8218811-perfMemory_linux.patch b/SOURCES/jdk8218811-perfMemory_linux.patch deleted file mode 100644 index 7b3d2f7..0000000 --- a/SOURCES/jdk8218811-perfMemory_linux.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp ---- openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp -+++ openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp -@@ -878,7 +878,7 @@ - - // open the file - int result; -- RESTARTABLE(::open(filename, oflags), result); -+ RESTARTABLE(::open(filename, oflags, 0), result); - if (result == OS_ERR) { - if (errno == ENOENT) { - THROW_MSG_(vmSymbols::java_lang_IllegalArgumentException(), diff --git a/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch new file mode 100644 index 0000000..bddd702 --- /dev/null +++ b/SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch @@ -0,0 +1,16 @@ +diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java +--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500 ++++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500 +@@ -883,7 +883,11 @@ + return null; + } + }); +- loadAssistiveTechnologies(); ++ try { ++ loadAssistiveTechnologies(); ++ } catch ( AWTError error) { ++ // ignore silently ++ } + } + return toolkit; + } diff --git a/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch b/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch new file mode 100644 index 0000000..e909809 --- /dev/null +++ b/SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch @@ -0,0 +1,13 @@ +--- openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100 ++++ openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100 +@@ -48,8 +48,8 @@ + + private final static String PROP_NAME = "sun.security.smartcardio.library"; + +- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so"; +- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so"; ++ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1"; ++ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1"; + private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC"; + + PlatformPCSC() { diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 6918994..8c8ef77 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -300,8 +300,8 @@ # Define version of OpenJDK 8 used %global project openjdk %global repo shenandoah-jdk8u -%global openjdk_revision jdk8u402-b06 -%global shenandoah_revision shenandoah-%{openjdk_revision} +%global openjdk_revision 8u412-b08 +%global shenandoah_revision shenandoah%{openjdk_revision} # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 # Define current Git revision for the FIPS support patches @@ -348,7 +348,7 @@ %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global rpmrelease 2 # Settings used by the portable build -%global portablerelease 1 +%global portablerelease 2 %global portablesuffix el9 %global portablebuilddir /builddir/build/BUILD @@ -1247,8 +1247,9 @@ Provides: jre%{?1} = %{epoch}:%{version}-%{release} Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros Requires: javapackages-filesystem -# 2022g required as of JDK-8297804 -Requires: tzdata-java >= 2022g +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +Requires: tzdata-java >= 2023d # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1382,14 +1383,14 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv URL: http://openjdk.java.net/ # Shenandoah HotSpot -# aarch64-port/jdk8u-shenandoah contains an integration forest of -# OpenJDK 8u, the aarch64 port and Shenandoah +# openjdk/shenandoah-jdk8u contains an integration forest of +# OpenJDK 8u and the Shenandoah garbage collector # To regenerate, use: # VERSION=%%{shenandoah_revision} -# FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION} +# FILE_NAME_ROOT=${VERSION} # REPO_ROOT= generate_source_tarball.sh # where the source is obtained from http://github.com/%%{project}/%%{repo} -Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz +Source0: %{shenandoah_revision}.tar.xz # Release notes Source7: NEWS @@ -1453,12 +1454,15 @@ Source20: java-1.%{majorver}.0-openjdk-portable.specfile # either in their current form or at all. ############################################ +# Accessibility patches +# Ignore AWTError when assistive technologies are loaded +Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Turn on AssumeMP by default on RHEL systems Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch -# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY -Patch1003: rh1582504-rsa_default_for_keytool.patch # RH1648249: Add PKCS11 provider to java.security Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1582504-rsa_default_for_keytool.patch # Crypto policy and FIPS support patches # Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips @@ -1504,11 +1508,10 @@ Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_t # Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts # as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch -# enable build of speculative store bypass hardened alt-java +# RH1684077, JDK-8009550: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo +Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) Patch600: rh1750419-redhat_alt_java.patch -# JDK-8218811: replace open by os::open in hotspot coding -# This fixes a GCC 10 build issue -Patch111: jdk8218811-perfMemory_linux.patch # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch @@ -1555,6 +1558,8 @@ Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch # JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 Patch581: jdk8257794-remove_broken_assert.patch +# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files +Patch12: jdk8186464-rh1433262-zip64_failure.patch ############################################# # @@ -1653,8 +1658,9 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 BuildRequires: libffi BuildRequires: libffi-devel %endif -# 2023c required as of JDK-8305113 -BuildRequires: tzdata-java >= 2023c +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +BuildRequires: tzdata-java >= 2023d # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1913,6 +1919,9 @@ fi echo "Update version: %{updatever}" echo "Build number: %{buildver}" echo "Milestone: %{milestone}" +%ifnarch %{ix86} +export XZ_OPT="-T0" +%endif %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` @@ -1933,6 +1942,20 @@ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ # OpenJDK patches +# This syntax is deprecated: +# %patchN [...] +# and should be replaced with: +# %patch -PN [...] +# For example: +# %patch1001 -p1 +# becomes: +# %patch -P1001 -p1 +# The replacement format suggested by recent (circa Fedora 38) RPM +# deprecation messages: +# %patch N [...] +# is not backward-compatible with prior (circa RHEL-8) versions of +# rpmbuild. + %if %{system_libs} # Remove libraries that are linked sh %{SOURCE12} @@ -1940,51 +1963,53 @@ sh %{SOURCE12} # System library fixes %if %{system_libs} -%patch201 -%patch202 -%patch203 -%patch204 +%patch -P201 +%patch -P202 +%patch -P203 +%patch -P204 %endif -%patch5 +%patch -P1 +%patch -P5 # s390 build fixes -%patch102 -%patch103 -%patch107 +%patch -P102 +%patch -P103 +%patch -P107 # AArch64 fixes # x86 fixes -%patch105 +%patch -P105 # Upstreamable fixes -%patch502 -%patch512 -%patch523 -%patch528 -%patch571 -%patch574 -%patch111 -%patch112 -%patch581 +%patch -P502 +%patch -P512 +%patch -P523 +%patch -P528 +%patch -P571 +%patch -P574 +%patch -P112 +%patch -P581 +%patch -P541 +%patch -P12 pushd %{top_level_dir_name} # Add crypto policy and FIPS support -%patch1001 -p1 +%patch -P1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security -%patch1000 -p1 +%patch -P1000 -p1 # cacerts patch; must follow FIPS patch as it also alters java.security -%patch539 -p1 +%patch -P539 -p1 popd # RPM-only fixes -%patch600 -%patch1003 +%patch -P600 +%patch -P1003 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 -%patch534 +%patch -P534 %endif # Shenandoah patches @@ -2839,6 +2864,88 @@ cjc.mainProgram(args) %endif %changelog +* Mon Apr 08 2024 Andrew Hughes - 1:1.8.0.412.b08-2 +- Update to shenandoah-jdk8u412-b08 (GA) +- Update release notes for shenandoah-8u412-b08. +- Complete release note for Certainly roots +- Switch to GA mode. +- Sync the copy of the portable specfile with the latest update +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** +- Resolves: RHEL-32409 + +* Fri Apr 05 2024 Andrew Hughes - 1:1.8.0.412.b07-0.2.ea +- Update to shenandoah-jdk8u412-b07 (EA) +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 +- Only require tzdata 2023d for now as 2024a is unavailable in buildroot +- Sync the copy of the portable specfile with the latest update +- Related: RHEL-30934 + +* Fri Mar 22 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Turn off xz multi-threading on i686 as it fails with an out of memory error +- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources +- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity +- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork +- generate_source_tarball.sh: Adapt version logic to work with 8u +- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086) +- generate_source_tarball.sh: Update examples in header for clarity +- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP +- generate_source_tarball.sh: Only add --depth=1 on non-local repositories +- Move maintenance scripts to a scripts subdirectory +- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository +- discover_trees.sh: Set compile-command and indentation instructions for Emacs +- discover_trees.sh: shellcheck: Do not use -o (SC2166) +- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- discover_trees.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: Add authorship +- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs +- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) +- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: Set compile-command and indentation instructions for Emacs +- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) +- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) +- Remove obsolete file generate_singlerepo_source_tarball.sh +- Remove obsolete file get_sources.sh +- Remove obsolete file update_main_sources.sh +- generate_source_tarball.sh: Handle an existing checkout +- generate_source_tarball.sh: Sync indentation with java-21-openjdk version +- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS +- Sync patch set with portable build +- Related: RHEL-30934 + +* Fri Mar 22 2024 Thomas Fitzsimmons - 1:1.8.0.412.b01-0.2.ea +- Invoke xz in multi-threaded mode +- generate_source_tarball.sh: Add WITH_TEMP environment variable +- generate_source_tarball.sh: Multithread xz on all available cores +- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable +- generate_source_tarball.sh: Update comment about tarball naming +- generate_source_tarball.sh: Reformat comment header +- generate_source_tarball.sh: Reformat and update help output +- generate_source_tarball.sh: Do a shallow clone, for speed +- generate_source_tarball.sh: Eliminate some removal prompting +- generate_source_tarball.sh: Make tarball reproducible +- generate_source_tarball.sh: Prefix temporary directory with temp- +- generate_source_tarball.sh: Remove temporary directory exit conditions +- generate_source_tarball.sh: Set compile-command in Emacs +- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT +- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks +- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) +- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) +- Use backward-compatible patch syntax +- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST +- generate_source_tarball.sh: Remove trailing period in echo +- generate_source_tarball.sh: Use long-style argument to grep +- generate_source_tarball.sh: Add license +- generate_source_tarball.sh: Add indentation instructions for Emacs +- Related: RHEL-30934 + +* Thu Mar 21 2024 Andrew Hughes - 1:1.8.0.412.b01-0.2.ea +- Update to shenandoah-jdk8u412-b01 (EA) +- Switch to EA mode. +- Related: RHEL-30934 + * Thu Jan 11 2024 Andrew Hughes - 1:1.8.0.402.b06-0.2.ea - Update to shenandoah-jdk8u402-b06 (GA) - Update release notes for shenandoah-8u402-b06.