import java-1.8.0-openjdk-1.8.0.382.b05-2.el8

1 year ago · f18c911cea
parent 1995f8a5ad
commit f18c911cea
5 changed files with 123 additions and 270 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,2 @@
-SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
+SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz
 SOURCES/tapsets-icedtea-3.15.0.tar.xz
--- a/.java-1.8.0-openjdk.metadata
+++ b/.java-1.8.0-openjdk.metadata
@ -1,2 +1,2 @@
-3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
+5da51f425a78dbdcb00909544cac3385db461e54 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz
 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
--- a/SOURCES/java-1.8.0-openjdk-portable.specfile
+++ b/SOURCES/java-1.8.0-openjdk-portable.specfile
@ -256,9 +256,8 @@
 %global stapinstall %{nil}
 %endif
 # Always off in portables
 %ifarch %{systemtap_arches}
-%global with_systemtap 0
+%global with_systemtap 1
 %else
 %global with_systemtap 0
 %endif
@ -298,7 +297,7 @@
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
 %global shenandoah_project      openjdk
 %global shenandoah_repo         shenandoah-jdk8u
-%global openjdk_revision        jdk8u372-b07
+%global openjdk_revision        jdk8u382-b05
 %global shenandoah_revision     shenandoah-%{openjdk_revision}
 # Define old aarch64/jdk8u tree variables for compatibility
 %global project         %{shenandoah_project}
@ -395,20 +394,6 @@
 %global alternatives_requires %{_sbindir}/alternatives
 %endif
 %if %{with_systemtap}
 # Where to install systemtap tapset (links)
 # We would like these to be in a package specific sub-dir,
 # but currently systemtap doesn't support that, so we have to
 # use the root tapset dir for now. To distinguish between 64
 # and 32 bit architectures we place the tapsets under the arch
 # specific dir (note that systemtap will only pickup the tapset
 # for the primary arch for now). Systemtap uses the machine name
 # aka target_cpu as architecture specific directory name.
 %global tapsetroot /usr/share/systemtap
 %global tapsetdirttapset %{tapsetroot}/tapset/
 %global tapsetdir %{tapsetdirttapset}/%{stapinstall}
 %endif
 # Prevent brp-java-repack-jars from being run.
 %global __jar_repack 0
@ -465,8 +450,7 @@ Source7: NEWS
 # Use 'icedtea_sync.sh' to update the following
 # They are based on code contained in the IcedTea project (3.x).
 # Systemtap tapsets. Zipped up to keep it small.
-# Disabled in portables
+Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
 #Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
 # Desktop files. Adapted from IcedTea
 # Disabled in portables
@ -628,8 +612,6 @@ Patch12: jdk8186464-rh1433262-zip64_failure.patch
 # able to be removed once that release is out
 # and used by this RPM.
 #############################################
 # JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
 Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
 #############################################
 #
@ -718,6 +700,8 @@ BuildRequires: lcms2-devel
 BuildRequires: libjpeg-devel
 BuildRequires: libpng-devel
 %else
 # Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
 Provides: bundled(zlib) = 1.2.13
 # Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
 Provides: bundled(giflib) = 5.2.1
 # Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
@ -887,8 +871,6 @@ pushd %{top_level_dir_name}
 %patch1000 -p1
 # system cacerts support
 %patch539 -p1
 # 8u382 fix
 %patch2001 -p1
 popd
 # RPM-only fixes
@ -915,17 +897,7 @@ cp -r tapset tapset%{fastdebug_suffix}
 for suffix in %{build_loop} ; do
  for file in "tapset"$suffix/*.in; do
-    OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
+    sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $file
    sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1
 # TODO find out which architectures other than i686 have a client vm
 %ifarch %{ix86}
    sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
 %else
    sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
 %endif
    sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
    sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
    sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
  done
 done
 # systemtap tapsets ends
@ -1136,6 +1108,7 @@ function packagejdk() {
    local bundledir=$(pwd)/${1}/bundles
    local packagesdir=$(pwd)/${2}
    local srcdir=$(pwd)/%{top_level_dir_name}
    local tapsetdir=$(pwd)/tapset
    echo "Packaging build from ${imagesdir} to ${packagesdir}..."
    mkdir -p ${packagesdir}
@ -1197,6 +1170,9 @@ function packagejdk() {
 	for s in 16 24 32 48 ; do
 	    cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname}
 	done
 %if %{with_systemtap}
        cp -a ${tapsetdir}* ${miscname}
 %endif
 	tar -cJf ${miscarchive} ${miscname}
 	genchecksum ${miscarchive}
    fi
@ -1524,6 +1500,27 @@ done
 %{_jvmdir}/%{miscportablearchive}.sha256sum
 %changelog
 * Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-2
 - Re-enable SystemTap support and perform only substitutions possible without final NVR available
 - Include tapsets in the miscellaneous tarball
 - Drop unused globals for tapset installation
 * Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
 - Update to shenandoah-jdk8u372-b05 (GA)
 - Update release notes for shenandoah-8u372-b05.
 - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
 * Fri Jul 07 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b04-0.1.ea
 - Update to shenandoah-jdk8u382-b04 (EA)
 - Update release notes for shenandoah-8u382-b04.
 * Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
 - Update to shenandoah-jdk8u382-b01 (EA)
 - Update release notes for shenandoah-8u382-b01.
 - Switch to EA mode.
 - Remove JDK-8271199 patch which is now upstream.
 - Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
 * Thu Apr 27 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
 - Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
 - Fix debug symbols flag to newboot and package naming
--- a/SOURCES/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
+++ b/SOURCES/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
@ -1,167 +0,0 @@
 commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
 Author: Alexey Bakhtin <abakhtin@openjdk.org>
 Date:   Tue Apr 4 10:29:11 2023 +0000
    8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
    Reviewed-by: andrew, mbalao
    Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
 diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
 index a79e97d7c74..5378446b97b 100644
 --- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
 +++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
     @Override
     protected void engineInitVerify(PublicKey publicKey)
             throws InvalidKeyException {
 -        if (!(publicKey instanceof RSAPublicKey)) {
 +        if (publicKey instanceof RSAPublicKey) {
 +            RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
 +            isPublicKeyValid(rsaPubKey);
 +            this.pubKey = rsaPubKey;
 +            this.privKey = null;
 +            resetDigest();
 +        } else {
             throw new InvalidKeyException("key must be RSAPublicKey");
         }
 -        this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
 -        this.privKey = null;
 -        resetDigest();
     }
     // initialize for signing. See JCA doc
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
     @Override
     protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
             throws InvalidKeyException {
 -        if (!(privateKey instanceof RSAPrivateKey)) {
 +        if (privateKey instanceof RSAPrivateKey) {
 +            RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
 +            isPrivateKeyValid(rsaPrivateKey);
 +            this.privKey = rsaPrivateKey;
 +            this.pubKey = null;
 +            this.random =
 +                    (random == null ? JCAUtil.getSecureRandom() : random);
 +            resetDigest();
 +        } else {
             throw new InvalidKeyException("key must be RSAPrivateKey");
         }
 -        this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
 -        this.pubKey = null;
 -        this.random =
 -            (random == null? JCAUtil.getSecureRandom() : random);
 -        resetDigest();
     }
     /**
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
         }
     }
 +    /**
 +     * Validate the specified RSAPrivateKey
 +     */
 +    private void isPrivateKeyValid(RSAPrivateKey prKey)  throws InvalidKeyException {
 +        try {
 +            if (prKey instanceof RSAPrivateCrtKey) {
 +                RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
 +                if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
 +                    RSAKeyFactory.checkRSAProviderKeyLengths(
 +                            crtKey.getModulus().bitLength(),
 +                            crtKey.getPublicExponent());
 +                } else {
 +                    throw new InvalidKeyException(
 +                            "Some of the CRT-specific components are not available");
 +                }
 +            } else {
 +                RSAKeyFactory.checkRSAProviderKeyLengths(
 +                        prKey.getModulus().bitLength(),
 +                        null);
 +            }
 +        } catch (InvalidKeyException ikEx) {
 +            throw ikEx;
 +        } catch (Exception e) {
 +            throw new InvalidKeyException(
 +                    "Can not access private key components", e);
 +        }
 +        isValid(prKey);
 +    }
 +
 +    /**
 +     * Validate the specified RSAPublicKey
 +     */
 +    private void isPublicKeyValid(RSAPublicKey pKey)  throws InvalidKeyException {
 +        try {
 +            RSAKeyFactory.checkRSAProviderKeyLengths(
 +                    pKey.getModulus().bitLength(),
 +                    pKey.getPublicExponent());
 +        } catch (InvalidKeyException ikEx) {
 +            throw ikEx;
 +        } catch (Exception e) {
 +            throw new InvalidKeyException(
 +                    "Can not access public key components", e);
 +        }
 +        isValid(pKey);
 +    }
 +
     /**
      * Validate the specified RSAKey and its associated parameters against
      * internal signature parameters.
      */
 -    private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
 +    private void isValid(RSAKey rsaKey) throws InvalidKeyException {
         try {
             AlgorithmParameterSpec keyParams = rsaKey.getParams();
             // validate key parameters
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
                 }
                 checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
             }
 -            return rsaKey;
         } catch (SignatureException e) {
             throw new InvalidKeyException(e);
         }
 diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
 index 6b219937981..b3c1fae9672 100644
 --- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
 +++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
         RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
         // check all CRT-specific components are available, if any one
         // missing, return a non-CRT key instead
 -        if ((key.getPublicExponent().signum() == 0) ||
 -            (key.getPrimeExponentP().signum() == 0) ||
 -            (key.getPrimeExponentQ().signum() == 0) ||
 -            (key.getPrimeP().signum() == 0) ||
 -            (key.getPrimeQ().signum() == 0) ||
 -            (key.getCrtCoefficient().signum() == 0)) {
 +        if (checkComponents(key)) {
 +            return key;
 +        } else {
             return new RSAPrivateKeyImpl(
                 key.algid,
                 key.getModulus(),
 -                key.getPrivateExponent()
 -            );
 -        } else {
 -            return key;
 +                key.getPrivateExponent());
         }
     }
 +    /**
 +     * Validate if all CRT-specific components are available.
 +     */
 +    static boolean checkComponents(RSAPrivateCrtKey key) {
 +        return !((key.getPublicExponent().signum() == 0) ||
 +            (key.getPrimeExponentP().signum() == 0) ||
 +            (key.getPrimeExponentQ().signum() == 0) ||
 +            (key.getPrimeP().signum() == 0) ||
 +            (key.getPrimeQ().signum() == 0) ||
 +            (key.getCrtCoefficient().signum() == 0));
 +    }
 +
     /**
      * Generate a new key from the specified type and components.
      * Returns a CRT key if possible and a non-CRT key otherwise.
--- a/SPECS/java-1.8.0-openjdk.spec
+++ b/SPECS/java-1.8.0-openjdk.spec
@ -1,3 +1,8 @@
 # To rebuild this RPM, you must first rebuild the portable
 # RPM using the java-1.8.0-openjdk-portable.specfile, install
 # it and then adjust portablerelease and portablesuffix
 # to match the new portable.
 # RPM conditionals so as to be able to dynamically produce
 # slowdebug/release builds. See:
 # http://rpm.org/user_doc/conditional_builds.html
@ -318,7 +323,7 @@
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
 %global shenandoah_project      openjdk
 %global shenandoah_repo         shenandoah-jdk8u
-%global openjdk_revision        jdk8u372-b07
+%global openjdk_revision        jdk8u382-b05
 %global shenandoah_revision     shenandoah-%{openjdk_revision}
 # Define old aarch64/jdk8u tree variables for compatibility
 %global project         %{shenandoah_project}
@ -339,7 +344,7 @@
 %global updatever       %(VERSION=%{whole_update}; echo ${VERSION##*u})
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease      4
+%global rpmrelease      2
 # Settings used by the portable build
 %global portablerelease 2
 %global portablesuffix el8
@ -1260,6 +1265,8 @@ Provides: java-%{javaver}-%{origin}-accessibility = %{epoch}:%{version}-%{releas
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
 Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
 # Equivalent for the portable build
 %global prelease %{?eaprefix}%{portablerelease}%{?extraver}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -1341,11 +1348,11 @@ Source19: README.md
 Source20: java-1.%{majorver}.0-openjdk-portable.specfile
 # Setup variables to reference correct sources
-%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz
+%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.unstripped.jdk.%{_arch}.tar.xz
-%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz
+%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.docs.%{_arch}.tar.xz
-%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz
+%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.misc.%{_arch}.tar.xz
-%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
+%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.slowdebug.jdk.%{_arch}.tar.xz
-%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
+%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{prelease}.portable.fastdebug.jdk.%{_arch}.tar.xz
 ############################################
 #
@ -1470,8 +1477,7 @@ Patch581: jdk8257794-remove_broken_assert.patch
 # able to be removed once that release is out
 # and used by this RPM.
 #############################################
-# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
+
 Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
 #############################################
 #
@ -1537,16 +1543,16 @@ BuildRequires: unzip
 # For definitions and macros like jvmdir
 BuildRequires: javapackages-filesystem
 %if %{include_normal_build}
-BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
+BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
 %endif
 %if %{include_fastdebug_build}
-BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
+BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
 %endif
 %if %{include_debug_build}
-BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
+BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
 %endif
-BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
+BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
-BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix}
+BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{prelease}.%{portablesuffix}
 # Zero-assembler build requirement
 %ifarch %{zero_arches}
 BuildRequires: libffi-devel
@ -1566,6 +1572,8 @@ BuildRequires: lcms2-devel
 BuildRequires: libjpeg-devel
 BuildRequires: libpng-devel
 %else
 # Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
 Provides: bundled(zlib) = 1.2.13
 # Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
 Provides: bundled(giflib) = 5.2.1
 # Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
@ -1906,8 +1914,6 @@ pushd %{top_level_dir_name}
 %patch1000 -p1
 # system cacerts support
 %patch539 -p1
 # 8u382 fix
 %patch2001 -p1
 popd
 # RPM-only fixes
@ -1921,35 +1927,6 @@ popd
 # Shenandoah patches
 # Extract systemtap tapsets
 %if %{with_systemtap}
 tar --strip-components=1 -x -I xz -f %{SOURCE8}
 %if %{include_debug_build}
 cp -r tapset tapset%{debug_suffix}
 %endif
 %if %{include_fastdebug_build}
 cp -r tapset tapset%{fastdebug_suffix}
 %endif
 for suffix in %{build_loop} ; do
  for file in "tapset"$suffix/*.in; do
    OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
    sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1
 # TODO find out which architectures other than i686 have a client vm
 %ifarch %{ix86}
    sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
 %else
    sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
 %endif
    sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
    sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
    sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
  done
 done
 # systemtap tapsets ends
 %endif
 # Prepare desktop files
 # The _X_ syntax indicates variables that are replaced by make upstream
 # The @X@ syntax indicates variables that are replaced by configure upstream
@ -1998,6 +1975,16 @@ function customisejdk() {
    fi
 }
 mkdir -p $(dirname %{installoutputdir})
 docdir=%{installoutputdir -- "-docs"}
 tar -xJf %{docszip}
 mv %{name}*.docs.* ${docdir}
 miscdir=%{installoutputdir -- "-misc"}
 tar -xJf %{misczip}
 mv %{name}*.misc.* ${miscdir}
 for suffix in %{build_loop} ; do
    if [ "x$suffix" = "x" ] ; then
@ -2013,16 +2000,31 @@ for suffix in %{build_loop} ; do
    # TODO: should verify checksums when using packages from buildroot
    tar -xJf ${jdkzip}
    mkdir -p $(dirname ${installdir})
    mv %{name}* ${installdir}
    # Fix build paths in ELF files so it looks like we built them
-    portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}"
+    portablenvr="%{name}-portable-%{version}-%{prelease}.%{portablesuffix}.%{_arch}"
    for file in $(find ${installdir} -type f) ; do
        if file ${file} | grep -q 'ELF'; then
            %{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file}
        fi
    done
  # Set tapset variables to match this build
 %if %{with_systemtap}
  for file in ${miscdir}/tapset${suffix}/*.in; do
    OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
    sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > ${OUTPUT_FILE}
 # TODO find out which architectures other than i686 have a client vm
 %ifarch %{ix86}
    sed -i -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" ${OUTPUT_FILE}
 %else
    sed -i -e "/@ABS_CLIENT_LIBJVM_SO@/d" ${OUTPUT_FILE}
 %endif
    sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
    sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
  done
 %endif
    # Final setup on the main image
    customisejdk ${installdir}
@ -2032,14 +2034,6 @@ for suffix in %{build_loop} ; do
 # build cycles
 done
 docdir=%{installoutputdir -- "-docs"}
 tar -xJf %{docszip}
 mv %{name}*.docs.* ${docdir}
 miscdir=%{installoutputdir -- "-misc"}
 tar -xJf %{misczip}
 mv %{name}*.misc.* ${miscdir}
 %check
 # We test debug first as it will give better diagnostics on a crash
@ -2172,7 +2166,7 @@ for suffix in %{build_loop} ; do
  # Should match same definitions in build section
  jdk_image=%{installoutputdir -- $suffix}
  docdir=$(pwd)/%{installoutputdir -- "-docs"}
-  miscdir=%{installoutputdir -- "-misc"}
+  miscdir=$(pwd)/%{installoutputdir -- "-misc"}
  # Install release notes and rebuild instructions
  commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
@ -2181,23 +2175,15 @@ for suffix in %{build_loop} ; do
  cp -a %{SOURCE19} %{SOURCE20} ${commondocdir}
  # Install the jdk
  pushd ${jdk_image}
-  # Install jsa directories so we can owe them
+  # Install jsa directories so we can own them
  mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/
  mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/client/
  # Install main files.
  install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
  cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
  install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
  cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
 %if %{with_systemtap}
  # Install systemtap support files
  install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
-  # note, that uniquesuffix  is in BUILD dir in this case
+  cp -a ${miscdir}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
  cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
  pushd  $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
   tapsetFiles=`ls *.stp`
  popd
@ -2213,6 +2199,14 @@ for suffix in %{build_loop} ; do
    ln -sf %{jredir -- $suffix} %{jrelnk -- $suffix}
  popd
  pushd ${jdk_image}
  # Install main files.
  install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
  cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
  install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
  cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}
  # Remove javaws man page
  rm -f man/man1/javaws*
@ -2557,6 +2551,35 @@ cjc.mainProgram(args)
 %endif
 %changelog
 * Wed Jul 19 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-2
 - Bump release number so we are newer than 8.6
 - Related: rhbz#2221106
 * Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
 - Update to shenandoah-jdk8u372-b05 (GA)
 - Sync the copy of the portable specfile with the latest update
 - Add note at top of spec file about rebuilding
 - Use tapsets from the misc tarball
 - Make sure root installation directory is created first
 - Use in-place substitution for all but the first of the tapset changes
 - The 'prelease' variable should refer to 'portablerelease', not 'rpmrelease'
 - ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
 - Resolves: rhbz#2221106
 * Fri Jul 07 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b04-0.1.ea
 - Update to shenandoah-jdk8u382-b04 (EA)
 - Sync the copy of the portable specfile with the latest update
 - Resolves: rhbz#2217710
 * Wed Jul 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
 - Update to shenandoah-jdk8u382-b01 (EA)
 - Switch to EA mode.
 - Remove JDK-8271199 patch which is now upstream.
 - Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
 - Introduce 'prelease' for the portable release versioning, to handle EA builds
 - Sync the copy of the portable specfile with the latest update
 - Related: rhbz#2217710
 * Thu Apr 27 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-4
 - Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild.
 - Remove duplicate use of README.md inside the *-src package (it is no longer about sources)
`@ -1,2 +1,2 @@`
	`SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz`	`SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz`
	`SOURCES/tapsets-icedtea-3.15.0.tar.xz`	`SOURCES/tapsets-icedtea-3.15.0.tar.xz`
`@ -1,2 +1,2 @@`
	`3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz`	`5da51f425a78dbdcb00909544cac3385db461e54 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u382-b05-4curve.tar.xz`
	`7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz`	`7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz`