rpms
/
java-1.8.0-openjdk
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i9
rpms:i9c
rpms:c9
rpms:i8c
rpms:c8
rpms:i9-portable
rpms:i9c-devel
rpms:i9c-beta
rpms:c9-beta
...
pull from: rpms:i9c-devel
Branches Tags
rpms:i9
rpms:i9c
rpms:c9
rpms:i8c
rpms:c8
rpms:i9-portable
rpms:i9c-devel
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c9' and 'i9c-devel' have entirely different histories.
c9 ... i9c-devel

19 changed files with 803 additions and 5700 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1,2 +1,2 @@
SOURCES/shenandoah8u442-b06.tar.xz
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

2
.java-1.8.0-openjdk.metadata
Unescape View File

@ -1,2 +1,2 @@
f5c84eb1dd6c8dba50a2ae89e01ec1d1b4f26fde SOURCES/shenandoah8u442-b06.tar.xz
3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

947
SOURCES/NEWS
Unescape View File

@ -3,938 +3,6 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u442 (2025-01-21):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u442
* Changes
- JDK-8048003: test/compiler/8009761/Test8009761.java failed with: java.lang.RuntimeException: static java.lang.Object Test8009761.m3(boolean,boolean) not compiled
- JDK-8058322: Zero name_index item of MethodParameters attribute cause MalformedParameterException.
- JDK-8066708: JMXStartStopTest fails to connect to port 38112
- JDK-8133287: (fs) java/nio/file/Files/probeContentType/ParallelProbes.java should use othervm mode
- JDK-8189687: Swing: Invalid position of candidate pop-up of InputMethod in Hi-DPI on Windows
- JDK-8209023: fix 2 compiler tests to avoid JDK-8208690
- JDK-8239312: [macOS] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java
- JDK-8260380: Upgrade to LittleCMS 2.12
- JDK-8315731: Open source several Swing Text related tests
- JDK-8335428: Enhanced Building of Processes
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8339133: [8u] Profiler crashes at guarantee(is_result_safe || is_in_asgct()): unsafe access to zombie method
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339394: Bump update version of OpenJDK: 8u442
- JDK-8339882: Replace ThreadLocalStorage::thread with Thread::current_or_null in jdk8 backport of JDK-8183925
- JDK-8340815: Add SECURITY.md file
- JDK-8342822: jdk8u432-b06 does not compile on AIX
- JDK-8342841: [8u] Separate jdk_security_infra tests from jdk_tier1
Notes on individual issues:
===========================
core-libs/java.util.jar:
JDK-8335912/JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
===================================================================================================================
In previous OpenJDK releases, when the jar tool extracted files from
an archive, it would overwrite any existing files with the same name
in the target directory. With this release, a new option ('-k' or
'--keep-old-files') may be specified so that existing files are not
overwritten.
The option may be specified in short or long option form, as in the
following examples:
* jar xkf foo.jar
* jar --extract --keep-old-files --file foo.jar
By default, the old behaviour remains in place and files will be
overwritten.
New in release OpenJDK 8u432 (2024-10-15):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u432
* CVEs
- CVE-2024-21208
- CVE-2024-21210
- CVE-2024-21217
- CVE-2024-21235
* Security fixes
- JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
- JDK-8313626, JDK-8307769: C2 crash due to unexpected exception control flow
- JDK-8328286: Enhance HTTP client
- JDK-8328544: Improve handling of vectorization
- JDK-8328726: Better Kerberos support
- JDK-8331446: Improve deserialization support
- JDK-8332644: Improve graph optimizations
- JDK-8335713: Enhance vectorization analysis
* Other changes
- JDK-4660158: TTY: NumberFormatException while trying to set values by 'set' command
- JDK-6544871: java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows.
- JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails
- JDK-8021775: compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50"
- JDK-8030204: com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found
- JDK-8030795: java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option
- JDK-8035395: sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use
- JDK-8075511: Enable -Woverloaded-virtual C++ warning for HotSpot build
- JDK-8137329: [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging"
- JDK-8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials
- JDK-8152207: Perform array bound checks while getting a length of bytecode instructions
- JDK-8193682: Infinite loop in ZipOutputStream.close()
- JDK-8196770: Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java
- JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
- JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp
- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
- JDK-8251188: Update LDAP tests not to use wildcard addresses
- JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
- JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
- JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
- JDK-8279164: Disable TLS_ECDH_* cipher suites
- JDK-8281096: Flags introduced by configure script are not passed to ADLC build
- JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
- JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors
- JDK-8299677: Formatter.format might take a long time to format an integer or floating-point
- JDK-8305400: ISO 4217 Amendment 175 Update
- JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none"
- JDK-8307779: Relax the java.awt.Robot specification
- JDK-8309138: Fix container tests for jdks with symlinked conf dir
- JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
- JDK-8315117: Update Zlib Data Compression Library to Version 1.3
- JDK-8315863: [GHA] Update checkout action to use v4
- JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes
- JDK-8318039: GHA: Bump macOS and Xcode versions
- JDK-8318951: Additional negative value check in JPEG decoding
- JDK-8320964: sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese
- JDK-8321480: ISO 4217 Amendment 176 Update
- JDK-8324632: Update Zlib Data Compression Library to Version 1.3.1
- JDK-8324723: GHA: Upgrade some actions to avoid deprecated Node 16
- JDK-8326351: Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1
- JDK-8326521: JFR: CompilerPhase event test fails on windows 32 bit
- JDK-8326529: JFR: Test for CompilerCompile events fails due to time out
- JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
- JDK-8330415: Update system property for Java SE specification maintenance version
- JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye
- JDK-8333126: Bump update version of OpenJDK: 8u432
- JDK-8333669: [8u] GHA: Dead VS2010 download link
- JDK-8333724: Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1
- JDK-8334653: ISO 4217 Amendment 177 Update
- JDK-8334905: [8u] The test java/awt/Mixing/AWT_Mixing/JButtonOverlapping.java started to fail after 8159690
- JDK-8335851: [8u] Test JMXStartStopTest.java fails after JDK-8334415
- JDK-8335894: [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir
- JDK-8336928: GHA: Bundle artifacts removal broken
- JDK-8337110: [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory
- JDK-8337312: [8u] Windows x86 VS2010 build broken by JDK-8320097
- JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
- JDK-8338144: [8u] Remove duplicate license files
- JDK-8341057: Add 2 SSL.com TLS roots
- JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
Notes on individual issues:
===========================
security-libs/javax.net.ssl:
JDK-8279164: Disable TLS_ECDH_* cipher suites
=============================================
The TLS_ECDH cipher suites do not preserve forward secrecy and are
rarely used in practice. With this release, they are disabled by
adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in
the `java.security` configuration file. Attempts to use these suites
with this release will result in a `SSLHandshakeException` being
thrown. Note that ECDH cipher suites which use RC4 were already
disabled prior to this change.
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so "ECDH" is no longer
listed in the `jdk.tls.disabledAlgorithms` security property.
This change has no effect on TLS_ECDHE cipher suites, which remain
enabled by default.
JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
====================================================================================================
In accordance with similar plans recently announced by Google and
Mozilla, the JDK will not trust Transport Layer Security (TLS)
certificates issued after the 11th of November 2024 which are anchored
by Entrust root certificates. This includes certificates branded as
AffirmTrust, which are managed by Entrust.
Certificates issued on or before November 11th, 2024 will continue to
be trusted until they expire.
If a server's certificate chain is anchored by an affected
certificate, attempts to negotiate a TLS session will fail with an
Exception that indicates the trust anchor is not trusted. For example,
"TLS server certificate issued after 2024-11-11 and anchored by a
distrusted legacy Entrust root CA: CN=Entrust.net Certification
Authority (2048), OU=(c) 1999 Entrust.net Limited,
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
O=Entrust.net"
To check whether a certificate in a JDK keystore is affected by this
change, you can the `keytool` utility:
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
If any of the certificates in the chain are affected by this change,
then you will need to update the certificate or contact the
organisation responsible for managing the certificate.
These restrictions apply to the following Entrust root certificates
included in the JDK:
Alias name: entrustevca [jdk]
CN=Entrust Root Certification Authority
OU=(c) 2006 Entrust, Inc.
OU=www.entrust.net/CPS is incorporated by reference
O=Entrust, Inc.
C=US
SHA256: 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C
Alias name: entrustrootcaec1 [jdk]
CN=Entrust Root Certification Authority - EC1
OU=(c) 2012 Entrust, Inc. - for authorized use only
OU=See www.entrust.net/legal-terms
O=Entrust, Inc.
C=US
SHA256: 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
Alias name: entrustrootcag2 [jdk]
CN=Entrust Root Certification Authority - G2
OU=(c) 2009 Entrust, Inc. - for authorized use only
OU=See www.entrust.net/legal-terms
O=Entrust, Inc.
C=US
SHA256: 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
Alias name: entrustrootcag4 [jdk]
CN=Entrust Root Certification Authority - G4
OU=(c) 2015 Entrust, Inc. - for authorized use only
OU=See www.entrust.net/legal-terms
O=Entrust, Inc.
C=US
SHA256: DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
Alias name: entrust2048ca [jdk]
CN=Entrust.net Certification Authority (2048)
OU=(c) 1999 Entrust.net Limited
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
O=Entrust.net
SHA256: 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77
Alias name: affirmtrustcommercialca [jdk]
CN=AffirmTrust Commercial
O=AffirmTrust
C=US
SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7
Alias name: affirmtrustnetworkingca [jdk]
CN=AffirmTrust Networking
O=AffirmTrust
C=US
SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B
Alias name: affirmtrustpremiumca [jdk]
CN=AffirmTrust Premium
O=AffirmTrust
C=US
SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A
Alias name: affirmtrustpremiumeccca [jdk]
CN=AffirmTrust Premium ECC
O=AffirmTrust
C=US
SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so "ENTRUST_TLS" is no
longer listed in the `jdk.security.caDistrustPolicies` security
property.
security-libs/java.security:
JDK-8341057: Add 2 SSL.com TLS roots
====================================
The following root certificates have been added to the cacerts
truststore:
Name: SSL.com
Alias Name: ssltlsrootecc2022
Distinguished Name: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
Name: SSL.com
Alias Name: ssltlsrootrsa2022
Distinguished Name: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
client-libs:
JDK-8307779: Relax the java.awt.Robot specification
===================================================
This release of OpenJDK 8 updates to the latest maintenance release of
the Java 8 specification. This relaxes the specification of three
methods in the `java.awt.Robot` class - `mouseMove(int,int)`,
`getPixelColor(int,int)` and `createScreenCapture(Rectangle)` - to
allow these methods to fail when the desktop environment does not
permit moving the mouse pointer or capturing screen content.
core-libs/javax.naming:
JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
===============================================================================================================================
With this OpenJDK release, the JDK implementation of the LDAP provider
no longer supports the deserialisation of Java objects by
default. This is achieved by the system property
`com.sun.jndi.ldap.object.trustSerialData` being set to `false` by
default.
Note that this release also increases the scope of the
`com.sun.jndi.ldap.object.trustSerialData` to cover the reconstruction
of RMI remote objects from the `javaRemoteLocation` LDAP attribute.
The result of this change is that transparent deserialisation of Java
objects will require an explicit opt-in. Applications that wish to
reconstruct Java objects and RMI stubs from LDAP attributes will need
to set the `com.sun.jndi.ldap.object.trustSerialData` to `true`.
core-libs/java.net:
JDK-8328286: Enhance HTTP client
================================
This OpenJDK release limits the maximum header field size accepted by
the HTTP client within the JDK for all supported versions of the HTTP
protocol. The header field size is computed as the sum of the size of
the uncompressed header name, the size of the uncompressed header
value and a overhead of 32 bytes for each field section line. If a
peer sends a field section that exceeds this limit, a
`java.net.ProtocolException` will be raised.
This release also introduces a new system property,
`jdk.http.maxHeaderSize`. This property can be used to alter the
maximum header field size (in bytes) or disable it by setting the
value to zero or a negative value. The default value is 393,216 bytes
or 384kB.
core-libs/java.util.jar:
JDK-8193682: Infinite loop in ZipOutputStream.close()
=====================================================
In previous releases, the `DeflaterOutputStream.close()`,
`GZIPOutputStream.finish()` and `ZipOutputStream.closeEntry()` methods
did not close the associated default JDK compressor when an exception
was thrown during closure. With this release, the default compressor
is closed before propogating the Throwable up the stack. In the case
of `ZipOutputStream`, this only happens when the exception is not a
`ZipException`.
New in release OpenJDK 8u422 (2024-07-16):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u422
* CVEs
- CVE-2024-21131
- CVE-2024-21138
- CVE-2024-21140
- CVE-2024-21144
- CVE-2024-21145
- CVE-2024-21147
* Security fixes
- JDK-8314794: Improve UTF8 String supports
- JDK-8319859: Better symbol storage
- JDK-8320097: Improve Image transformations
- JDK-8320548: Improved loop handling
- JDK-8322106: Enhance Pack 200 loading
- JDK-8323231: Improve array management
- JDK-8323390: Enhance mask blit functionality
- JDK-8324559: Improve 2D image handling
- JDK-8325600: Better symbol storage
* Other changes
- JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105
- JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings
- JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/bug7123767.java: number of checked graphics configurations should be limited
- JDK-8159690: [TESTBUG] Mark headful tests with @key headful.
- JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
- JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails
- JDK-8205407: [windows, vs<2017] C4800 after 8203197
- JDK-8235834: IBM-943 charset encoder needs updating
- JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly"
- JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
- JDK-8256152: tests fail because of ambiguous method resolution
- JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
- JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
- JDK-8268916: Tests for AffirmTrust roots
- JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
- JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
- JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
- JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
- JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
- JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL
- JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM
- JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074
- JDK-8315020: The macro definition for LoongArch64 zero build is not accurate.
- JDK-8316138: Add GlobalSign 2 TLS root certificates
- JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows
- JDK-8320005: Allow loading of shared objects with .a extension on AIX
- JDK-8324185: [8u] Accept Xcode 12+ builds on macOS
- JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
- JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test
- JDK-8326686: Bump update version of OpenJDK: 8u422
- JDK-8327440: Fix "bad source file" error during beaninfo generation
- JDK-8328809: [8u] Problem list some CA tests
- JDK-8328825: Google CAInterop test failures
- JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary
- JDK-8331791: [8u] AIX build break from JDK-8320005 backport
- JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test
- JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes
Notes on individual issues:
===========================
core-libs/java.net:
JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
===========================================================================
Two system properties have been added which control the keep alive
behavior of HttpURLConnection in the case where the server does not
specify a keep alive time. These are:
* `http.keepAlive.time.server`
* `http.keepAlive.time.proxy`
which control the number of seconds before an idle connection to a
server or proxy will be closed, respectively. If the server or proxy
specifies a keep alive time in a "Keep-Alive" response header, this
will take precedence over the values of these properties.
security-libs/java.security:
JDK-8316138: Add GlobalSign 2 TLS root certificates
===================================================
The following root certificates have been added to the cacerts
truststore:
Name: GlobalSign
Alias Name: globalsignr46
Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
Name: GlobalSign
Alias Name: globalsigne46
Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
New in release OpenJDK 8u412 (2024-04-16):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u412
* CVEs
- CVE-2024-21011
- CVE-2024-21085
- CVE-2024-21068
- CVE-2024-21094
* Security fixes
- JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
- JDK-8318340: Improve RSA key implementations
- JDK-8319851: Improve exception logging
- JDK-8322114: Improve Pack 200 handling
- JDK-8322122: Enhance generation of addresses
* Other changes
- JDK-8011180: Delete obsolete scripts
- JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build
- JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios
- JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X
- JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows
- JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388)
- JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache
- JDK-8168518: rcache interop with krb5-1.15
- JDK-8183503: Update hotspot tests to allow for unique test classes directory
- JDK-8186095: upgrade to jtreg 4.2 b08
- JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH
- JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
- JDK-8208655: use JTreg skipped status in hotspot tests
- JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1
- JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile
- JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system
- JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
- JDK-8224768: Test ActalisCA.java fails
- JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
- JDK-8251551: Use .md filename extension for README
- JDK-8268678: LetsEncryptCA.java test fails as Lets Encrypt Authority X3 is retired
- JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
- JDK-8270517: Add Zero support for LoongArch
- JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
- JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
- JDK-8288132: Update test artifacts in QuoVadis CA interop tests
- JDK-8297955: LDAP CertStore should use LdapName and not String for DNs
- JDK-8301310: The SendRawSysexMessage test may cause a JVM crash
- JDK-8308592: Framework for CA interoperability testing
- JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955
- JDK-8315042: NPE in PKCS7.parseOldSignedData
- JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set
- JDK-8320713: Bump update version of OpenJDK: 8u412
- JDK-8321060: [8u] hotspot needs to recognise VS2022
- JDK-8321408: Add Certainly roots R1 and E1
- JDK-8322725: (tz) Update Timezone Data to 2023d
- JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray
- JDK-8323202: [8u] Remove get_source.sh and hgforest.sh
- JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed
- JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'"
- JDK-8324530: Build error with gcc 10
- JDK-8325150: (tz) Update Timezone Data to 2024a
Notes on individual issues:
===========================
security-libs/org.ietf.jgss:krb5:
JDK-8168518: rcache interop with krb5-1.15
==========================================
The hash algorithm used in the Kerberos 5 replay cache file (rcache)
has been changed from MD5 to SHA256. This is the same algorithm used
by MIT krb5-1.15 and is interoperable with earlier releases of MIT
krb5.
The MD5 algorithm can still be used by setting the new
jdk.krb5.rcache.useMD5 property to 'true':
java -Djdk.krb5.rcache.useMD5=true ...
This is useful where either the system has a coarse clock and has to
depend on hash values in replay attack detection, or interoperability
with the rcache files in older versions of OpenJDK is required.
client-libs/java.awt:
JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops
=======================================================================
The java.awt.SystemTray API is used to interact with the system's
desktop taskbar to provide notifications and may include an icon
representing an application. The GNOME desktop's support for taskbar
icons has not worked properly for several years, due to a platform
bug. This bug, in turn, affects the JDK's SystemTray support on GNOME
desktops.
Therefore, in accordance with the SystemTray API specification,
java.awt.SystemTray.isSupported() will now return false on systems
that exhibit this bug, which is assumed to be those running a version
of GNOME Shell below 45.
The impact of this change is likely to be minimal, as users of the
SystemTray API should already be able to handle isSupported()
returning false and the system tray on such platforms has already been
unsupported for a number of years for all applications.
security-libs/java.security:
JDK-8321408: Added Certainly R1 and E1 Root Certificates
========================================================
The following root certificate has been added to the cacerts
truststore:
Name: Certainly
Alias Name: certainlyrootr1
Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US
Name: Certainly
Alias Name: certainlyroote1
Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US
New in release OpenJDK 8u402 (2024-01-16):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u402
* CVEs
- CVE-2024-20918
- CVE-2024-20919
- CVE-2024-20921
- CVE-2024-20926
- CVE-2024-20945
- CVE-2024-20952
* Security fixes
- JDK-8308204: Enhanced certificate processing
- JDK-8314284: Enhance Nashorn performance
- JDK-8314295: Enhance verification of verifier
- JDK-8314307: Improve loop handling
- JDK-8314468: Improve Compiler loops
- JDK-8316976: Improve signature handling
- JDK-8317547: Enhance TLS connection support
* Other changes
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
- JDK-8029995: accept yes/no for boolean krb5.conf settings
- JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix.
- JDK-8176509: Use pandoc for converting build readme to html
- JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
- JDK-8207404: MulticastSocket tests failing on AIX
- JDK-8212677: X11 default visual support for IM status window on VNC
- JDK-8239365: ProcessBuilder test modifications for AIX execution
- JDK-8271838: AmazonCA.java interop test fails
- JDK-8285398: Cache the results of constraint checks
- JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
- JDK-8302017: Allocate BadPaddingException only if it will be thrown
- JDK-8305329: [8u] Unify test libraries into single test library - step 1
- JDK-8307837: [8u] Check step in GHA should also print errors
- JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
- JDK-8311813: C1: Uninitialized PhiResolver::_loop field
- JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
- JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException
- JDK-8315280: Bump update version of OpenJDK: 8u402
- JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher
- JDK-8317291: Missing null check for nmethod::is_native_method()
- JDK-8317373: Add Telia Root CA v2
- JDK-8317374: Add Let's Encrypt ISRG Root X2
- JDK-8318759: Add four DigiCert root certificates
- JDK-8319187: Add three eMudhra emSign roots
- JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero
- JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly
Notes on individual issues:
===========================
security-libs/org.ietf.jgss:krb5:
JDK-8029995: accept yes/no for boolean krb5.conf settings
=========================================================
The krb5.conf configuration file now also accepts "yes" and "no", as
alternatives to the existing "true" and "false" support, when using
settings that take boolean values.
security-libs/java.security:
JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
===============================================================================================================================
A maximum signature file size property, jdk.jar.maxSignatureFileSize,
was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a
default of 8MB. This default proved to be too small for some JAR
files. This release, 8u402, increases it to 16MB.
JDK-8317374: Added ISRG Root X2 CA Certificate from Let's Encrypt
=================================================================
The following root certificate has been added to the cacerts
truststore:
Name: Let's Encrypt
Alias Name: letsencryptisrgx2
Distinguished Name: CN=ISRG Root X2, O=Internet Security Research Group, C=US
JDK-8318759: Added Four Root Certificates from DigiCert, Inc.
=============================================================
The following root certificates have been added to the cacerts
truststore:
Name: DigiCert, Inc.
Alias Name: digicertcseccrootg5
Distinguished Name: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicertcsrsarootg5
Distinguished Name: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicerttlseccrootg5
Distinguished Name: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicerttlsrsarootg5
Distinguished Name: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
JDK-8319187: Added Three Root Certificates from eMudhra Technologies Limited
============================================================================
The following root certificates have been added to the cacerts
truststore:
Name: eMudhra Technologies Limited
Alias Name: emsignrootcag1
Distinguished Name: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
Name: eMudhra Technologies Limited
Alias Name: emsigneccrootcag3
Distinguished Name: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
Name: eMudhra Technologies Limited
Alias Name: emsignrootcag2
Distinguished Name: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
JDK-8317373: Added Telia Root CA v2 Certificate
===============================================
The following root certificate has been added to the cacerts
truststore:
Name: Telia Root CA v2
Alias Name: teliarootcav2
Distinguished Name: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI ```
New in release OpenJDK 8u392 (2023-10-17):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u392
* CVEs
- CVE-2023-22067
- CVE-2023-22081
* Security fixes
- JDK-8286503, JDK-8312367: Enhance security classes
- JDK-8297856: Improve handling of Bidi characters
- JDK-8303384: Improved communication in CORBA
- JDK-8305815, JDK-8307278: Update Libpng to 1.6.39
- JDK-8309966: Enhanced TLS connections
* Other changes
- JDK-6722928: Provide a default native GSS-API library on Windows
- JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java
- JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal
- JDK-8139348: Deprecate 3DES and RC4 in Kerberos
- JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
- JDK-8200468: Port the native GSS-API bridge to Windows
- JDK-8202952: C2: Unexpected dead nodes after matching
- JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
- JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update
- JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to
- JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
- JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
- JDK-8232225: Rework the fix for JDK-8071483
- JDK-8242330: Arrays should be cloned in several JAAS Callback classes
- JDK-8253269: The CheckCommonColors test should provide more info on failure
- JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
- JDK-8284910: Buffer clean in PasswordCallback
- JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
- JDK-8287663: Add a regression test for JDK-8287073
- JDK-8295685: Update Libpng to 1.6.38
- JDK-8295894: Remove SECOM certificate that is expiring in September 2023
- JDK-8308788: [8u] Remove duplicate HaricaCA.java test
- JDK-8309122: Bump update version of OpenJDK: 8u392
- JDK-8309143: [8u] fix archiving inconsistencies in GHA
- JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms
- JDK-8314960: Add Certigna Root CA - 2
- JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack()
- JDK-8317040: Exclude cleaner test failing on older releases
Notes on individual issues:
===========================
other-libs/corba:idl:
JDK-8303384: Improved communication in CORBA
============================================
The JDK's CORBA implementation now provides the option to limit
serialisation in stub objects to those with the "IOR:" prefix. For
ORB constrained stub classes:
* _DynArrayStub
* _DynEnumStub
* _DynFixedStub
* _DynSequenceStub
* _DynStructStub
* _DynUnionStub
* _DynValueStub
* _DynAnyStub
* _DynAnyFactoryStub
this is enabled by default and may be disabled by setting the system
property org.omg.DynamicAny.disableIORCheck to 'true'.
For remote service stub classes:
* _NamingContextStub
* _BindingIteratorStub
* _NamingContextExtStub
* _ServantActivatorStub
* _ServantLocatorStub
* _ServerManagerStub
* _ActivatorStub
* _RepositoryStub
* _InitialNameServiceStub
* _LocatorStub
* _ServerStub
it is disabled by default and may be enabled by setting the system
property org.omg.CORBA.IDL.Stubs.enableIORCheck to 'true'.
security-libs/org.ietf.jgss:
JDK-6722928: Added a Default Native GSS-API Library on Windows
==============================================================
A native GSS-API library named `sspi_bridge.dll` has been added to the
JDK on the Windows platform. As with native GSS-API library provision
on other operating systems, it will only be loaded when the
`sun.security.jgss.native` system property is set to "true". A user
can still load a third-party native GSS-API library instead by setting
the `sun.security.jgss.lib` system property to the appropriate path.
The library is client-side only and uses the default credentials.
Native GSS support automatically uses cached credentials from the
underlying operating system, so the
`javax.security.auth.useSubjectCredsOnly` system property should be
set to false.
The `com.sun.security.auth.module.Krb5LoginModule` does not call
native JGSS and so its use in your JAAS config should be avoided.
security-libs/org.ietf.jgss:krb5:
JDK-8139348: Deprecate 3DES and RC4 in Kerberos
===============================================
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
are now deprecated and disabled by default. To re-enable them, you
can either enable all weak crypto (which also includes `des-cbc-crc`
and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the
`krb5.conf` configuration file or explicitly list all the preferred
encryption types using the `default_tkt_enctypes`,
`default_tgs_enctypes`, or `permitted_enctypes` settings.
security-libs/java.security:
JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate
==================================================================
The following root certificate from SECOM Trust System has been
removed from the `cacerts` keystore:
Alias Name: secomscrootca1 [jdk]
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
JDK-8314960: Added Certigna Root CA Certificate
===============================================
The following root certificate has been added to the cacerts
truststore:
Name: Certigna (Dhimyotis)
Alias Name: certignarootca
Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
security-libs/javax.security:
JDK-8242330: Arrays should be cloned in several JAAS Callback classes
=====================================================================
In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays
were not cloned when passed into a constructor or returned. This
allowed an external program to get access to the internal fields of
these classes. The classes have been updated to return cloned arrays.
New in release OpenJDK 8u382 (2023-07-18):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u382
* CVEs
- CVE-2023-22045
- CVE-2023-22049
* Security fixes
- JDK-8298676: Enhanced Look and Feel
- JDK-8300596: Enhance Jar Signature validation
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
* Other changes
- JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace
- JDK-8151460: Metaspace counters can have inconsistent values
- JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
- JDK-8185736: missing default exception handler in calls to rethrow_Stub
- JDK-8186801: Add regression test to test mapping based charsets (generated at build time)
- JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
- JDK-8241311: Move some charset mapping tests from closed to open
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
- JDK-8276841: Add support for Visual Studio 2022
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
- JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
- JDK-8282345: handle latest VS2022 in abstract_vm_version
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
- JDK-8293232: Fix race condition in pkcs11 SessionManager
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
- JDK-8298108: Add a regression test for JDK-8297684
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
- JDK-8301119: Support for GB18030-2022
- JDK-8301400: Allow additional characters for GB18030-2022 support
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
- JDK-8303028: Update system property for Java SE specification maintenance version
- JDK-8303462: Bump update version of OpenJDK: 8u382
- JDK-8304760: Add 2 Microsoft TLS roots
- JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
- JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
- JDK-8305975: Add TWCA Global Root CA
- JDK-8307134: Add GTS root CAs
- JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8
- JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow
- JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119
Notes on individual issues:
===========================
core-libs/java.lang:
JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
===========================================================================
In order to support "Implementation Level 2" of the GB18030-2022
standard, the JDK must be able to use characters from the CJK Unified
Ideographs Extension E block of Unicode 8.0. The addition of these
characters forms Maintenance Release 5 of the Java SE 8 specification,
which is implemented in this release of OpenJDK via the addition of a
new UnicodeBlock instance,
Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E.
core-libs/java.util.jar:
8300596: Enhance Jar Signature validation
=========================================
A System property "jdk.jar.maxSignatureFileSize" is introduced to
configure the maximum number of bytes allowed for the
signature-related files in a JAR file during verification. The default
value is 8000000 bytes (8 MB).
security-libs/java.security:
JDK-8307134: Added 4 GTS Root CA Certificates
=============================================
The following root certificates have been added to the cacerts
truststore:
Name: Google Trust Services LLC
Alias Name: gtsrootcar1
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar2
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar3
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US
Name: Google Trust Services LLC
Alias Name: gtsrootcar4
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US
JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
=====================================================================
The following root certificates has been added to the cacerts
truststore:
Name: Microsoft Corporation
Alias Name: microsoftecc2017
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
Name: Microsoft Corporation
Alias Name: microsoftrsa2017
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
JDK-8305975: Added TWCA Root CA Certificate
===========================================
The following root certificate has been added to the cacerts
truststore:
Name: TWCA
Alias Name: twcaglobalrootca
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
New in release OpenJDK 8u372 (2023-04-18):
===========================================
Live versions of these release notes can be found at:
@ -1429,6 +497,19 @@ the current count of established connections and, if the configured
limit has been reached, then the newly accepted connection will be
closed immediately.
core-libs/java.net:
JDK-8286918: Better HttpServer service
======================================
The HttpServer can be optionally configured with a maximum connection
limit by setting the jdk.httpserver.maxConnections system property. A
value of 0 or a negative integer is ignored and considered to
represent no connection limit. In the case of a positive integer
value, any newly accepted connections will be first checked against
the current count of established connections and, if the configured
limit has been reached, then the newly accepted connection will be
closed immediately.
security-libs/javax.net.ssl:
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
@ -1626,7 +707,7 @@ device paths such as `NUL:` are *not* used.
New in release OpenJDK 8u332 (2022-04-22):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u332
* https://bit.ly/openjdk8u332
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
* Security fixes

137
SOURCES/fips-8u-6d1aade0648.patch
Unescape View File

@ -1,5 +1,5 @@
diff --git a/common/autoconf/configure.ac b/common/autoconf/configure.ac
index 151e5a109f..a8761b500e 100644
index 151e5a109f8..a8761b500e0 100644
--- a/common/autoconf/configure.ac
+++ b/common/autoconf/configure.ac
@@ -212,6 +212,7 @@ LIB_SETUP_FREETYPE
@ -11,10 +11,10 @@ index 151e5a109f..a8761b500e 100644
LIB_SETUP_ON_WINDOWS
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
index c6144b1968..9ac55d20d3 100644
index 71fabf4dbb3..17f4f50673d 100644
--- a/common/autoconf/generated-configure.sh
+++ b/common/autoconf/generated-configure.sh
@@ -655,6 +655,9 @@ ENABLE_LIBFFI_BUNDLING
@@ -651,6 +651,9 @@ LLVM_CONFIG
LIBFFI_LIBS
LIBFFI_CFLAGS
STATIC_CXX_SETTING
@ -24,15 +24,15 @@ index c6144b1968..9ac55d20d3 100644
LIBDL
LIBM
LIBZIP_CAN_USE_MMAP
@@ -1119,6 +1122,7 @@ with_fontconfig
@@ -1111,6 +1114,7 @@ with_fontconfig
with_fontconfig_include
with_giflib
with_zlib
+enable_sysconf_nss
with_stdc__lib
with_libffi
with_libffi_include
@@ -1232,6 +1236,8 @@ FREETYPE_CFLAGS
with_msvcr_dll
with_msvcp_dll
@@ -1218,6 +1222,8 @@ FREETYPE_CFLAGS
FREETYPE_LIBS
ALSA_CFLAGS
ALSA_LIBS
@ -41,16 +41,16 @@ index c6144b1968..9ac55d20d3 100644
LIBFFI_CFLAGS
LIBFFI_LIBS
CCACHE'
@@ -1874,6 +1880,8 @@ Optional Features:
@@ -1871,6 +1877,8 @@ Optional Features:
disable bundling of the freetype library with the
build result [enabled on Windows or when using
--with-freetype, disabled otherwise]
+ --enable-sysconf-nss build the System Configurator (libsysconf) using the
+ system NSS library if available [disabled]
--enable-libffi-bundling
enable bundling of libffi.so to make the built JDK
runnable on more systems
@@ -2129,6 +2137,8 @@ Some influential environment variables:
--enable-sjavac use sjavac to do fast incremental compiles
[disabled]
--disable-precompiled-headers
@@ -2115,6 +2123,8 @@ Some influential environment variables:
linker flags for FREETYPE, overriding pkg-config
ALSA_CFLAGS C compiler flags for ALSA, overriding pkg-config
ALSA_LIBS linker flags for ALSA, overriding pkg-config
@ -59,7 +59,60 @@ index c6144b1968..9ac55d20d3 100644
LIBFFI_CFLAGS
C compiler flags for LIBFFI, overriding pkg-config
LIBFFI_LIBS linker flags for LIBFFI, overriding pkg-config
@@ -4109,6 +4119,11 @@ fi
@@ -2879,6 +2889,52 @@ $as_echo "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ test -x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
@@ -4049,6 +4105,11 @@ fi
@ -71,7 +124,7 @@ index c6144b1968..9ac55d20d3 100644
#
# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
@@ -50141,6 +50156,157 @@ fi
@@ -49304,6 +49365,157 @@ fi
LIBS="$save_LIBS"
@ -193,7 +246,7 @@ index c6144b1968..9ac55d20d3 100644
+/* end confdefs.h. */
+#include <nss3/pk11pub.h>
+int
+main (void)
+main ()
+{
+SECMOD_GetSystemFIPSEnabled()
+ ;
@ -230,10 +283,10 @@ index c6144b1968..9ac55d20d3 100644
#
# statically link libstdc++ before C++ ABI is stablized on Linux unless
diff --git a/common/autoconf/libraries.m4 b/common/autoconf/libraries.m4
index 4ed8b4fdd6..caf293be72 100644
index 6efae578ea9..0080846255b 100644
--- a/common/autoconf/libraries.m4
+++ b/common/autoconf/libraries.m4
@@ -1216,3 +1216,63 @@ AC_DEFUN_ONCE([LIB_SETUP_ON_WINDOWS],
@@ -1067,3 +1067,63 @@ AC_DEFUN_ONCE([LIB_SETUP_ON_WINDOWS],
BASIC_DEPRECATED_ARG_WITH([dxsdk-include])
fi
])
@ -298,12 +351,12 @@ index 4ed8b4fdd6..caf293be72 100644
+ AC_SUBST(USE_SYSCONF_NSS)
+])
diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in
index 8da3ac32a0..4d081d1b84 100644
index 506cf617087..7241593b1a4 100644
--- a/common/autoconf/spec.gmk.in
+++ b/common/autoconf/spec.gmk.in
@@ -317,6 +317,10 @@ ENABLE_LIBFFI_BUNDLING:=@ENABLE_LIBFFI_BUNDLING@
LIBFFI_LIB_DIR:=@LIBFFI_LIB_DIR@
LIBFFI_LIB_FILE:=@LIBFFI_LIB_FILE@
@@ -312,6 +312,10 @@ CUPS_CFLAGS:=@CUPS_CFLAGS@
ALSA_LIBS:=@ALSA_LIBS@
ALSA_CFLAGS:=@ALSA_CFLAGS@
+USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
+NSS_LIBS:=@NSS_LIBS@
@ -313,7 +366,7 @@ index 8da3ac32a0..4d081d1b84 100644
# Source file for cacerts
diff --git a/common/bin/compare_exceptions.sh.incl b/common/bin/compare_exceptions.sh.incl
index 3b79a526f5..d2a0e39b20 100644
index 3b79a526f56..d2a0e39b206 100644
--- a/common/bin/compare_exceptions.sh.incl
+++ b/common/bin/compare_exceptions.sh.incl
@@ -280,6 +280,7 @@ ACCEPTED_SMALL_SIZE_DIFF="
@ -349,7 +402,7 @@ index 3b79a526f5..d2a0e39b20 100644
./jre/lib/sparcv9/libunpack.so
./jre/lib/sparcv9/libverify.so
diff --git a/common/nb_native/nbproject/configurations.xml b/common/nb_native/nbproject/configurations.xml
index d2beed0b93..3b6aef98d9 100644
index d2beed0b93a..3b6aef98d9a 100644
--- a/common/nb_native/nbproject/configurations.xml
+++ b/common/nb_native/nbproject/configurations.xml
@@ -53,6 +53,9 @@
@ -375,10 +428,10 @@ index d2beed0b93..3b6aef98d9 100644
ex="false"
tool="0"
diff --git a/jdk/make/lib/SecurityLibraries.gmk b/jdk/make/lib/SecurityLibraries.gmk
index 84abb7e76b..cb4531b880 100644
index b0b85d80448..47a41d7518d 100644
--- a/jdk/make/lib/SecurityLibraries.gmk
+++ b/jdk/make/lib/SecurityLibraries.gmk
@@ -303,3 +303,34 @@ ifeq ($(OPENJDK_TARGET_OS), solaris)
@@ -289,3 +289,34 @@ ifeq ($(OPENJDK_TARGET_OS), solaris)
endif
endif
@ -415,7 +468,7 @@ index 84abb7e76b..cb4531b880 100644
+
diff --git a/jdk/make/mapfiles/libsystemconf/mapfile-vers b/jdk/make/mapfiles/libsystemconf/mapfile-vers
new file mode 100644
index 0000000000..a65ceb3b78
index 00000000000..a65ceb3b78c
--- /dev/null
+++ b/jdk/make/mapfiles/libsystemconf/mapfile-vers
@@ -0,0 +1,35 @@
@ -455,7 +508,7 @@ index 0000000000..a65ceb3b78
+ *;
+};
diff --git a/jdk/src/share/classes/java/security/Security.java b/jdk/src/share/classes/java/security/Security.java
index 0db09da706..813b907db3 100644
index 0db09da7061..813b907db3e 100644
--- a/jdk/src/share/classes/java/security/Security.java
+++ b/jdk/src/share/classes/java/security/Security.java
@@ -30,6 +30,8 @@ import java.util.*;
@ -587,7 +640,7 @@ index 0db09da706..813b907db3 100644
/*
diff --git a/jdk/src/share/classes/java/security/SystemConfigurator.java b/jdk/src/share/classes/java/security/SystemConfigurator.java
new file mode 100644
index 0000000000..a24a0445db
index 00000000000..a24a0445db2
--- /dev/null
+++ b/jdk/src/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,248 @@
@ -841,7 +894,7 @@ index 0000000000..a24a0445db
+}
diff --git a/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java b/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
new file mode 100644
index 0000000000..5c30a8b29c
index 00000000000..5c30a8b29c7
--- /dev/null
+++ b/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,31 @@
@ -877,7 +930,7 @@ index 0000000000..5c30a8b29c
+ boolean isPlainKeySupportEnabled();
+}
diff --git a/jdk/src/share/classes/sun/misc/SharedSecrets.java b/jdk/src/share/classes/sun/misc/SharedSecrets.java
index f065a2c685..0dafe6f59c 100644
index f065a2c685d..0dafe6f59cf 100644
--- a/jdk/src/share/classes/sun/misc/SharedSecrets.java
+++ b/jdk/src/share/classes/sun/misc/SharedSecrets.java
@@ -31,6 +31,7 @@ import java.io.Console;
@ -914,7 +967,7 @@ index f065a2c685..0dafe6f59c 100644
}
diff --git a/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
new file mode 100644
index 0000000000..14d1945039
index 00000000000..14d19450390
--- /dev/null
+++ b/jdk/src/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
@@ -0,0 +1,290 @@
@ -1209,7 +1262,7 @@ index 0000000000..14d1945039
+ }
+}
diff --git a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
index fedcd7743e..f9d70863bd 100644
index fedcd7743ef..f9d70863bd1 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
@ -1313,7 +1366,7 @@ index fedcd7743e..f9d70863bd 100644
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
throw new UnsupportedOperationException
diff --git a/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
index 2e42d1d9fb..1b7eed1c65 100644
index 2e42d1d9fb0..1b7eed1c656 100644
--- a/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+++ b/jdk/src/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
@ -1440,7 +1493,7 @@ index 2e42d1d9fb..1b7eed1c65 100644
+}
}
diff --git a/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
index ffee2c1603..9811947982 100644
index ffee2c1603b..98119479823 100644
--- a/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+++ b/jdk/src/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
@ -1479,7 +1532,7 @@ index ffee2c1603..9811947982 100644
"FIPS mode: KeyStore must be " +
"from provider " + SunJSSE.cryptoProvider.getName());
diff --git a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
index 820e10164f..6fe2c29389 100644
index 820e10164fc..6fe2c29389f 100644
--- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -31,6 +31,7 @@ import java.security.*;
@ -1577,7 +1630,7 @@ index 820e10164f..6fe2c29389 100644
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
index 2845dc3793..52337a7b6c 100644
index 2845dc37938..52337a7b6cf 100644
--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
+++ b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
@@ -30,6 +30,8 @@ import static sun.security.util.SecurityConstants.PROVIDER_VER;
@ -1606,7 +1659,7 @@ index 2845dc3793..52337a7b6c 100644
"sun.security.ssl.SSLContextImpl$TLSContext");
if (isfips == false) {
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
index 37bca2df46..730212b601 100644
index 7a93d4e6b59..681a24b905d 100644
--- a/jdk/src/share/lib/security/java.security-aix
+++ b/jdk/src/share/lib/security/java.security-aix
@@ -287,6 +287,13 @@ package.definition=sun.,\
@ -1624,7 +1677,7 @@ index 37bca2df46..730212b601 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
index 9bb8e992fb..a1b3943b11 100644
index 145a84f94cf..789c19a8cba 100644
--- a/jdk/src/share/lib/security/java.security-linux
+++ b/jdk/src/share/lib/security/java.security-linux
@@ -75,6 +75,14 @@ security.provider.7=com.sun.security.sasl.Provider
@ -1669,7 +1722,7 @@ index 9bb8e992fb..a1b3943b11 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index 7a765742e6..5abd95fff8 100644
index 35fa140d7a5..d4da666af3b 100644
--- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx
@@ -290,6 +290,13 @@ package.definition=sun.,\
@ -1687,7 +1740,7 @@ index 7a765742e6..5abd95fff8 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index f0100336f5..2f4c6c2fd6 100644
index f79ba37ddb9..300132384a1 100644
--- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris
@@ -288,6 +288,13 @@ package.definition=sun.,\
@ -1705,7 +1758,7 @@ index f0100336f5..2f4c6c2fd6 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index e51bdece13..b4a509753b 100644
index d70503ce95f..64db5a5cd1e 100644
--- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows
@@ -290,6 +290,13 @@ package.definition=sun.,\
@ -1724,7 +1777,7 @@ index e51bdece13..b4a509753b 100644
# the javax.net.ssl package.
diff --git a/jdk/src/solaris/native/java/security/systemconf.c b/jdk/src/solaris/native/java/security/systemconf.c
new file mode 100644
index 0000000000..8dcb7d9073
index 00000000000..8dcb7d9073f
--- /dev/null
+++ b/jdk/src/solaris/native/java/security/systemconf.c
@@ -0,0 +1,224 @@

621
SOURCES/java-1.8.0-openjdk-portable.specfile
Unescape View File

@ -107,8 +107,6 @@
%global ssbd_arches x86_64
# Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches}
# Architecture on which we run Java only tests
%global jdk_test_arch x86_64
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@ -258,30 +256,20 @@
%global stapinstall %{nil}
%endif
# Always off in portables
%ifarch %{systemtap_arches}
%global with_systemtap 1
%global with_systemtap 0
%else
%global with_systemtap 0
%endif
# New Version-String scheme-style defines
%global majorver 8
# Define version of OpenJDK 8 used
%global project openjdk
%global repo shenandoah-jdk8u
%global openjdk_revision 8u442-b06
%global shenandoah_revision shenandoah%{openjdk_revision}
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 3.15.0
# Define current Git revision for the FIPS support patches
%global fipsver 6d1aade0648
# Define current Git revision for the cacerts patch
%global cacertsver 8139f2361c2
# Standard JPackage naming and versioning defines
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{shenandoah_revision}
%global top_level_dir_name %{origin}
# Settings for local security configuration
%global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os}
@ -300,22 +288,38 @@
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora}
%else
%if 0%{?rhel}
%global oj_vendor_bug_url https://access.redhat.com/support/cases/
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component}
%else
%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
%endif
%endif
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u372-b07
%global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
%global revision %{shenandoah_revision}
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 3.15.0
# Define current Git revision for the FIPS support patches
%global fipsver 6d1aade0648
# Define current Git revision for the cacerts patch
%global cacertsver 8139f2361c2
# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04
%global version_tag %(VERSION=%{shenandoah_revision}; echo ${VERSION%%-shenandoah-merge*})
%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*})
# eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%)
%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*})
# eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 1
%global rpmrelease 2
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -391,6 +395,20 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
# but currently systemtap doesn't support that, so we have to
# use the root tapset dir for now. To distinguish between 64
# and 32 bit architectures we place the tapsets under the arch
# specific dir (note that systemtap will only pickup the tapset
# for the primary arch for now). Systemtap uses the machine name
# aka target_cpu as architecture specific directory name.
%global tapsetroot /usr/share/systemtap
%global tapsetdirttapset %{tapsetroot}/tapset/
%global tapsetdir %{tapsetdirttapset}/%{stapinstall}
%endif
# Prevent brp-java-repack-jars from being run.
%global __jar_repack 0
@ -429,14 +447,14 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv
URL: http://openjdk.java.net/
# Shenandoah HotSpot
# openjdk/shenandoah-jdk8u contains an integration forest of
# OpenJDK 8u and the Shenandoah garbage collector
# aarch64-port/jdk8u-shenandoah contains an integration forest of
# OpenJDK 8u, the aarch64 port and Shenandoah
# To regenerate, use:
# VERSION=%%{shenandoah_revision}
# FILE_NAME_ROOT=${VERSION}
# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://github.com/%%{project}/%%{repo}
Source0: %{shenandoah_revision}.tar.xz
# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo}
Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz
# Custom README for -src subpackage
Source2: README.md
@ -447,11 +465,13 @@ Source7: NEWS
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (3.x).
# Systemtap tapsets. Zipped up to keep it small.
Source8: tapsets-icedtea-%{icedteaver}.tar.xz
# Disabled in portables
#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea
Source9: jconsole.desktop.in
Source10: policytool.desktop.in
# Disabled in portables
#Source9: jconsole.desktop.in
#Source10: policytool.desktop.in
# nss configuration file
Source11: nss.cfg.in
@ -477,6 +497,9 @@ Source17: nss.fips.cfg.in
# Ensure translations are available for new timezones
Source18: TestTranslations.java
# Disabled in portables
#Source20: repackReproduciblePolycies.sh
# New versions of config files with aarch64 support. This is not upstream yet.
Source100: config.guess
Source101: config.sub
@ -547,6 +570,8 @@ Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch
Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
Patch600: rh1750419-redhat_alt_java.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
#############################################
#
@ -593,11 +618,6 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
Patch581: jdk8257794-remove_broken_assert.patch
# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files
Patch12: jdk8186464-rh1433262-zip64_failure.patch
# JDK-8328999, RH2251025 - Update GIFlib to 5.2.2 (PR#571)
Patch13: jdk8328999-update_giflib_5.2.2.patch
# JDK-8141590 - Cannot build Zero with devkit
Patch14: jdk8141590-bundle_libffi.patch
Patch15: jdk8141590-bundle_libffi-followup.patch
#############################################
#
@ -608,6 +628,8 @@ Patch15: jdk8141590-bundle_libffi-followup.patch
# able to be removed once that release is out
# and used by this RPM.
#############################################
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
#############################################
#
@ -646,8 +668,6 @@ BuildRequires: autoconf
BuildRequires: automake
BuildRequires: alsa-lib-devel
BuildRequires: binutils
# cacerts build requirement.
BuildRequires: ca-certificates
BuildRequires: cups-devel
BuildRequires: desktop-file-utils
# elfutils only are OK for build without AOT
@ -655,13 +675,8 @@ BuildRequires: elfutils-devel
BuildRequires: file
BuildRequires: fontconfig-devel
BuildRequires: freetype-devel
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
BuildRequires: gcc-c++
BuildRequires: gdb
BuildRequires: make
# Require a boot JDK which doesn't fail due to RH1482244
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
BuildRequires: libxslt
BuildRequires: libX11-devel
BuildRequires: libXext-devel
@ -672,17 +687,27 @@ BuildRequires: libXt-devel
BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel
# Commented out for portable RHEL7 doesn't have this
# Requirement for system security property test
#BuildRequires: crypto-policies
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: tar
BuildRequires: unzip
BuildRequires: zip
# Require a boot JDK which doesn't fail due to RH1482244
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
# Zero-assembler build requirement
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
# 2023c required as of JDK-8305113
BuildRequires: tzdata-java >= 2023c
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
# cacerts build requirement.
BuildRequires: ca-certificates
%if %{with_systemtap}
BuildRequires: systemtap-sdt-devel
%endif
@ -692,18 +717,15 @@ BuildRequires: giflib-devel
BuildRequires: lcms2-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
BuildRequires: zlib-devel
%else
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2
Provides: bundled(giflib) = 5.2.1
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
Provides: bundled(lcms2) = 2.11.0
Provides: bundled(lcms2) = 2.10.0
# Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in jdk/src/share/native/sun/awt/libpng/png.h
Provides: bundled(libpng) = 1.6.39
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
Provides: bundled(libpng) = 1.6.37
# We link statically against libstdc++ to increase portability
BuildRequires: libstdc++-static
%endif
@ -798,9 +820,6 @@ fi
echo "Update version: %{updatever}"
echo "Build number: %{buildver}"
echo "Milestone: %{milestone}"
%ifnarch %{ix86}
export XZ_OPT="-T0"
%endif
%setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}`
@ -810,7 +829,6 @@ if [ $prioritylength -ne 7 ] ; then
fi
# For old patches
ln -s %{top_level_dir_name} jdk8
ln -s %{top_level_dir_name} openjdk
cp %{SOURCE2} .
@ -823,20 +841,6 @@ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/
# OpenJDK patches
# This syntax is deprecated:
# %patchN [...]
# and should be replaced with:
# %patch -PN [...]
# For example:
# %patch1001 -p1
# becomes:
# %patch -P1001 -p1
# The replacement format suggested by recent (circa Fedora 38) RPM
# deprecation messages:
# %patch N [...]
# is not backward-compatible with prior (circa RHEL-8) versions of
# rpmbuild.
%if %{system_libs}
# Remove libraries that are linked
sh %{SOURCE12}
@ -845,66 +849,62 @@ sh %{SOURCE12}
# Do not enable them with system_libs, they do not work properly with bundled option
# System library fixes
%if %{system_libs}
%patch -P201
%patch -P202
%patch -P203
%patch -P204
%patch201
%patch202
%patch203
%patch204
%endif
%patch -P1
%patch -P5
%patch1
%patch5
# s390 build fixes
%patch -P102
%patch -P103
%patch -P107
%patch102
%patch103
%patch107
# AArch64 fixes
# x86 fixes
pushd %{top_level_dir_name}
%patch -P105 -p1
popd
%patch105
# Upstreamable fixes
%patch -P512
%patch -P523
%patch -P528
%patch -P571
%patch -P574
%patch -P581
%patch -P541
%patch -P12
pushd %{top_level_dir_name}
%patch -P502 -p1
%patch -P13 -p1
%patch -P14 -p1
%patch -P15 -p1
popd
%patch502
%patch512
%patch523
%patch528
%patch571
%patch574
%patch112
%patch581
%patch541
%patch12
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
%patch -P1001 -p1
%patch1001 -p1
# nss.cfg PKCS11 support; must come last as it also alters java.security
%patch -P1000 -p1
%patch1000 -p1
# system cacerts support
%patch -P539 -p1
%patch539 -p1
# 8u382 fix
%patch2001 -p1
popd
# RPM-only fixes
%patch -P600
%patch -P1003
%patch600
%patch1003
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
%patch -P534
%patch534
%endif
# Shenandoah patches
# Extract systemtap tapsets
%if %{with_systemtap}
tar --strip-components=1 -x -I 'xz -T0' -f %{SOURCE8}
tar --strip-components=1 -x -I xz -f %{SOURCE8}
%if %{include_debug_build}
cp -r tapset tapset%{debug_suffix}
%endif
@ -915,7 +915,17 @@ cp -r tapset tapset%{fastdebug_suffix}
for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $file
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1
# TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86}
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
%else
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
%endif
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE
done
done
# systemtap tapsets ends
@ -943,9 +953,6 @@ export NUM_PROC=${NUM_PROC:-1}
# Honor %%_smp_ncpus_max
[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max}
%endif
%ifnarch %{ix86}
export XZ_OPT="-T0"
%endif
%ifarch s390x sparc64 alpha %{power64} %{aarch64}
export ARCH_DATA_MODEL=64
@ -1009,7 +1016,6 @@ function buildjdk() {
%endif
%ifarch %{zero_arches}
--with-jvm-variants=zero \
--enable-libffi-bundling \
%endif
--with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \
--with-native-debug-symbols=${debug_symbols} \
@ -1042,10 +1048,10 @@ function buildjdk() {
cat hotspot-spec.gmk
make \
JAVAC_FLAGS=-g \
LOG=trace \
SCTP_WERROR= \
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
JAVAC_FLAGS=-g \
LOG=trace \
SCTP_WERROR= \
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
popd
}
@ -1125,20 +1131,11 @@ function genchecksum() {
}
function packagejdk() {
# Reusing OPENJDK_UPSTREAM_TAG_EPOCH for the modification times of all
# files in the portable tarballs eliminates one source of variability
# across RPM rebuilds.
VERSION_FILE="$(pwd)"/"%{top_level_dir_name}"/common/autoconf/version-numbers
OPENJDK_UPSTREAM_TAG_EPOCH="$(stat --format=%Y "${VERSION_FILE}")"
local imagesdir=$(pwd)/${1}/images
local docdir=$(pwd)/${1}/docs
local bundledir=$(pwd)/${1}/bundles
local packagesdir=$(pwd)/${2}
local srcdir=$(pwd)/%{top_level_dir_name}
local tapsetdir=$(pwd)/tapset
local tar_time="$(date --utc --iso-8601=seconds --date=@"${OPENJDK_UPSTREAM_TAG_EPOCH}")"
local tar_opts="--mtime=${tar_time} --sort=name -cJf"
echo "Packaging build from ${imagesdir} to ${packagesdir}..."
mkdir -p ${packagesdir}
@ -1154,6 +1151,16 @@ function packagejdk() {
jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}
jrename=%{jreportablename -- "$nameSuffix"}
jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
# We only use docs for the release build
docname=%{docportablename}
docarchive=${packagesdir}/%{docportablearchive}
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip
# These are from the source tree so no debug variants
miscname=%{miscportablename}
miscarchive=${packagesdir}/%{miscportablearchive}
# Rename directories for packaging
mv %{jdkimage} ${jdkname}
@ -1161,59 +1168,43 @@ function packagejdk() {
# Release images have external debug symbols
if [ "x$suffix" = "x" ] ; then
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
# We only use docs for the release build
docname=%{docportablename}
docarchive=${packagesdir}/%{docportablearchive}
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip
# These are from the source tree so no debug variants
miscname=%{miscportablename}
miscarchive=${packagesdir}/%{miscportablearchive}
# Keep the unstripped version for consumption by RHEL RPMs
tar ${tar_opts} ${unstrippedarchive} ${jdkname}
tar -cJf ${unstrippedarchive} ${jdkname}
genchecksum ${unstrippedarchive}
# Strip the files
for file in $(find ${jdkname} ${jrename} -type f) ; do
if file ${file} | grep -q 'ELF'; then
if ! echo ${file} | grep -q 'libffi' ; then
noextfile=${file/.so/};
objcopy --only-keep-debug ${file} ${noextfile}.debuginfo;
objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file};
strip -g ${file};
fi
noextfile=${file/.so/};
objcopy --only-keep-debug ${file} ${noextfile}.debuginfo;
objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file};
strip -g ${file};
fi
done
tar ${tar_opts} ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo)
tar -cJf ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo)
genchecksum ${debugjdkarchive}
tar ${tar_opts} ${debugjrearchive} $(find ${jdkname} -name \*.debuginfo)
tar -cJf ${debugjrearchive} $(find ${jrename} -name \*.debuginfo)
genchecksum ${debugjrearchive}
mkdir ${docname}
mv ${docdir} ${docname}
mv ${bundledir}/${built_doc_archive} ${docname}
tar ${tar_opts} ${docarchive} ${docname}
genchecksum ${docarchive}
mkdir ${miscname}
for s in 16 24 32 48 ; do
cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname}
done
%if %{with_systemtap}
cp -a ${tapsetdir}* ${miscname}
%endif
tar ${tar_opts} ${miscarchive} ${miscname}
genchecksum ${miscarchive}
mkdir ${docname}
mv ${docdir} ${docname}
mv ${bundledir}/${built_doc_archive} ${docname}
tar -cJf ${docarchive} ${docname}
genchecksum ${docarchive}
mkdir ${miscname}
for s in 16 24 32 48 ; do
cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname}
done
tar -cJf ${miscarchive} ${miscname}
genchecksum ${miscarchive}
fi
tar ${tar_opts} ${jdkarchive} --exclude='**.debuginfo' ${jdkname}
tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname}
genchecksum ${jdkarchive}
tar ${tar_opts} ${jrearchive} --exclude='**.debuginfo' ${jrename}
tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename}
genchecksum ${jrearchive}
# Revert directory renaming so testing will run
@ -1298,54 +1289,27 @@ for suffix in %{build_loop} ; do
export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Only test on one architecture (the fastest) for Java only tests
%ifarch %{jdk_test_arch}
# Check unlimited policy has been used
$JAVA_HOME/bin/javac -d . %{SOURCE13}
$JAVA_HOME/bin/java TestCryptoLevel
# Check unlimited policy has been used
$JAVA_HOME/bin/javac -d . %{SOURCE13}
$JAVA_HOME/bin/java TestCryptoLevel
# Check ECC is working
$JAVA_HOME/bin/javac -d . %{SOURCE14}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check ECC is working
$JAVA_HOME/bin/javac -d . %{SOURCE14}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check system crypto (policy) is active and can be disabled
# Test takes a single argument - true or false - to state whether system
# security properties are enabled or not.
# Portable specific: default is false
$JAVA_HOME/bin/javac -d . %{SOURCE15}
export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
export SEC_DEBUG="-Djava.security.debug=properties"
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
# Check system crypto (policy) is active and can be disabled
# Test takes a single argument - true or false - to state whether system
# security properties are enabled or not.
$JAVA_HOME/bin/javac -d . %{SOURCE15}
export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
export SEC_DEBUG="-Djava.security.debug=properties"
# Portable specific: set false whereas its true for upstream
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Check translations are available for new timezones
$JAVA_HOME/bin/javac -d . %{SOURCE18}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
# Check src.zip has all sources. See RHBZ#1130490
unzip -l $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
# Check class files include useful debugging information
$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
# Check generated class files include useful debugging information
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
%else
# Just run a basic java -version test on other architectures
$JAVA_HOME/bin/java -version
%endif
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Check java launcher has no SSB mitigation
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
@ -1357,6 +1321,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
%endif
# Check translations are available for new timezones
$JAVA_HOME/bin/javac -d . %{SOURCE18}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
# Release builds strip the debug symbols into external .debuginfo files
if [ "x$suffix" = "x" ] ; then
so_suffix="debuginfo"
@ -1430,6 +1398,19 @@ EOF
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif
# Check src.zip has all sources. See RHBZ#1130490
jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
# Check class files include useful debugging information
$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
# Check generated class files include useful debugging information
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
# build cycles check
done
@ -1445,9 +1426,12 @@ for suffix in %{build_loop} ; do
nameSuffix=`echo "$suffix"| sed s/-/./`
fi
# These definitions should match those in packagejdk
# These definitions should match those in installjdk
jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}
jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
@ -1457,33 +1441,32 @@ for suffix in %{build_loop} ; do
mv ${jrearchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
if [ "x$suffix" = "x" ] ; then
# These definitions should match those in packagejdk
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
docarchive=${packagesdir}/%{docportablearchive}
miscarchive=${packagesdir}/%{miscportablearchive}
mv ${debugjdkarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${debugjdkarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${debugjrearchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${debugjrearchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${unstrippedarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${unstrippedarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
fi
done
# These definitions should match those in installjdk
# Install outside the loop as there are no debug variants
docarchive=${packagesdir}/%{docportablearchive}
miscarchive=${packagesdir}/%{miscportablearchive}
mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
# To show sha in the build log
for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do
ls -l $file ;
cat $file ;
done
%if %{include_normal_build}
%files
@ -1492,36 +1475,23 @@ done
%{_jvmdir}/%{jreportablearchive -- .debuginfo}
%{_jvmdir}/%{jreportablearchive -- %%{nil}}.sha256sum
%{_jvmdir}/%{jreportablearchive -- .debuginfo}.sha256sum
%else
%files
# placeholder
%endif
%if %{include_normal_build}
%files devel
%{_jvmdir}/%{jdkportablearchive -- %%{nil}}
%{_jvmdir}/%{jdkportablearchive -- .debuginfo}
%{_jvmdir}/%{jdkportablearchive -- %%{nil}}.sha256sum
%{_jvmdir}/%{jdkportablearchive -- .debuginfo}.sha256sum
%endif
%files unstripped
%{_jvmdir}/%{jdkportablearchive -- .unstripped}
%{_jvmdir}/%{jdkportablearchive -- .unstripped}.sha256sum
%files docs
%{_jvmdir}/%{docportablearchive}
%{_jvmdir}/%{docportablearchive}.sha256sum
%files misc
%{_jvmdir}/%{miscportablearchive}
%{_jvmdir}/%{miscportablearchive}.sha256sum
%endif
%if %{include_debug_build}
%files slowdebug
@ -1531,7 +1501,6 @@ done
%files devel-slowdebug
%{_jvmdir}/%{jdkportablearchive -- .slowdebug}
%{_jvmdir}/%{jdkportablearchive -- .slowdebug}.sha256sum
%endif
%if %{include_fastdebug_build}
@ -1546,203 +1515,15 @@ done
%endif
%changelog
* Thu Jan 16 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.442.b06-1
- Update to 8u442-b06 (GA)
- Update release notes for 8u442-b06.
- Switch to GA mode for final release
- Revise JDK-8141590 backport to install libffi.so* in lib as well as jre/lib
* Thu Jan 16 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.442.b05-0.2.ea
- Include backport of JDK-8141590 to allow bundling of libffi on Zero architectures
- Rebase FIPS patch after application of 8141590
- Add local patch on top of 8141590 to improve path detection for s390x
- Don't attempt to strip libffi.so*
* Mon Jan 06 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.442.b05-0.1.ea
- Update to 8u442-b05 (EA).
- Update release notes for 8u442-b05.
- Switch to EA mode for pre-release.
* Fri Oct 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.432.b06-1
- Update to shenandoah-jdk8u432-b06 (GA)
- Update release notes for shenandoah-8u432-b06.
- Switch to GA mode.
- ** This tarball is embargoed until 2024-10-15 @ 1pm PT. **
* Thu Oct 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.432.b05-0.1.ea
- Update to shenandoah-jdk8u432-b05 (EA)
- Update release notes for shenandoah-8u432-b05.
- Switch to EA mode.
- Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version
- Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration
- Bump version of bundled zlib to 1.3.1 following JDK-8324632
- Add build dependency on make
- Reorganise build dependencies to retain alphabetical order for unconditional deps
- Include backport of JDK-8328999 to update giflib to 5.2.2
- Bump version of bundled giflib to 5.2.2 following JDK-8328999
- Add build scripts to repository to ease remembering all CentOS & RHEL targets and options
- Resolves: OPENJDK-3348
* Wed Jul 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.422.b05-1.1
- Update to shenandoah-jdk8u422-b05 (GA)
- Update release notes for shenandoah-8u422-b05.
- Rebase PR2462 patch following patched hunk being removed by JDK-8322106
- Switch to GA mode.
- Limit Java only tests to one architecture using jdk_test_arch
- Remove unused policy repacking script repackReproduciblePolycies.sh
- Sync README.md with RHEL 8
- Add missing build dependency on zlib-devel
- Update LCMS version to match JDK-8245400
- Move unstripped, misc and doc tarball handling into normal build / no suffix blocks
- Drop unneeded tzdata-java build dependency following 11d4d3308dd3334acae563101c007be9db017b83
- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. **
- Resolves: OPENJDK-3183
- Resolves: OPENJDK-3187
- Resolves: OPENJDK-3193
* Tue Jul 09 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.422.b01-0.1.ea
- Update to shenandoah-jdk8u422-b01 (EA)
- Update release notes for shenandoah-8u422-b01.
- Switch to EA mode.
* Wed Apr 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b08-2
- Add CVEs to release notes
* Mon Apr 08 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b08-1
- Update to shenandoah-jdk8u412-b08 (GA)
- Update release notes for shenandoah-8u412-b08.
- Complete release note for Certainly roots
- Switch to GA mode.
- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
* Fri Apr 05 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b07-0.1.ea
- Update to shenandoah-jdk8u412-b07 (EA)
- Update release notes for shenandoah-8u412-b07.
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
* Fri Mar 29 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b01-0.2.ea
- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources
- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity
- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork
- generate_source_tarball.sh: Adapt version logic to work with 8u
- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086)
- generate_source_tarball.sh: Update examples in header for clarity
- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
- icedtea_sync.sh: Reinstate from rhel-8.8.0 branch
- Move maintenance scripts to a scripts subdirectory
- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository
- jconsole.desktop.in: Restored by running icedtea_sync.sh
- policytool.desktop.in: Likewise.
- Restore IcedTea sources correctly in spec file
- discover_trees.sh: Set compile-command and indentation instructions for Emacs
- discover_trees.sh: shellcheck: Do not use -o (SC2166)
- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: Add authorship
- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
- Remove pointless empty file generate_singlerepo_source_tarball.sh
- Remove pointless empty file update_main_sources.sh
- generate_source_tarball.sh: Handle an existing checkout
- generate_source_tarball.sh: Sync indentation with java-21-openjdk version
- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS
* Fri Mar 29 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:1.8.0.412.b01-0.2.ea
- generate_source_tarball.sh: Add WITH_TEMP environment variable
- generate_source_tarball.sh: Multithread xz on all available cores
- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable
- generate_source_tarball.sh: Update comment about tarball naming
- generate_source_tarball.sh: Reformat comment header
- generate_source_tarball.sh: Reformat and update help output
- generate_source_tarball.sh: Do a shallow clone, for speed
- generate_source_tarball.sh: Eliminate some removal prompting
- generate_source_tarball.sh: Make tarball reproducible
- generate_source_tarball.sh: Prefix temporary directory with temp-
- generate_source_tarball.sh: Remove temporary directory exit conditions
- generate_source_tarball.sh: Set compile-command in Emacs
- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT
- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks
- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)
- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)
- Use backward-compatible patch syntax
- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST
- generate_source_tarball.sh: Remove trailing period in echo
- generate_source_tarball.sh: Use long-style argument to grep
- generate_source_tarball.sh: Add license
- generate_source_tarball.sh: Add indentation instructions for Emacs
* Fri Mar 22 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b01-0.1.ea
- Introduce tar_opts to avoid repetition of lengthy tar creation options
- Normalise whitespace
- Turn off xz multi-threading on i686 as it fails with an out of memory error
* Fri Mar 22 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:1.8.0.412.b01-0.1.ea
- Invoke xz in multi-threaded mode
- Make portable tarball modification times reproducible
* Thu Mar 21 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b01-0.1.ea
- Update to shenandoah-jdk8u412-b01 (EA)
- Update release notes for shenandoah-8u412-b01.
- Switch to EA mode.
* Thu Jan 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.402.b06-0.1.ea
- Update to shenandoah-jdk8u402-b06 (GA)
- Update release notes for shenandoah-8u402-b06.
- Drop local copy of JDK-8312489 which is now included upstream
- Switch to GA mode.
- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. **
%files docs
%{_jvmdir}/%{docportablearchive}
%{_jvmdir}/%{docportablearchive}.sha256sum
* Tue Dec 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.402.b01-0.1.ea
- Update to shenandoah-jdk8u402-b01 (EA)
- Update release notes for shenandoah-8u402-b01.
- Switch to EA mode.
- Sync NEWS with vanilla branch version.
* Wed Oct 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b08-1
- Update to shenandoah-jdk8u392-b08 (GA)
- Update release notes for shenandoah-8u392-b08.
- Regenerate PR2462 patch following JDK-8315135
- Bump version of bundled libpng to 1.6.39
- Add backport of JDK-8312489 heading upstream for 8u402 (see OPENJDK-2095)
- ** This tarball is embargoed until 2023-10-17 @ 1pm PT. **
* Fri Sep 29 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b01-1
- Update to shenandoah-jdk8u392-b01 (GA)
- Update release notes for shenandoah-8u392-b01.
- Update generate_tarball.sh to be closer to upstream vanilla script inc. no more ECC removal
- Update bug URL for RHEL to point to the Red Hat customer portal
- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-2
- Re-enable SystemTap support and perform only substitutions possible without final NVR available
- Include tapsets in the miscellaneous tarball
- Drop unused globals for tapset installation
* Fri Jul 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b05-1
- Update to shenandoah-jdk8u382-b05 (GA)
- Update release notes for shenandoah-8u382-b05.
- ** This tarball is embargoed until 2023-07-18 @ 1pm PT. **
* Fri Jul 07 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b04-0.1.ea
- Update to shenandoah-jdk8u382-b04 (EA)
- Update release notes for shenandoah-8u382-b04.
* Wed Jun 28 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.382.b01-0.1.ea
- Update to shenandoah-jdk8u382-b01 (EA)
- Update release notes for shenandoah-8u382-b01.
- Switch to EA mode.
- Remove JDK-8271199 patch which is now upstream.
- Add version of bundled zlib (bumped from 1.2.11 to 1.2.13 with this update)
%files misc
%{_jvmdir}/%{miscportablearchive}
%{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog
* Thu Apr 27 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-2
- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8
- Fix debug symbols flag to newboot and package naming

0
SOURCES/remove-intree-libraries.sh → SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh
Unescape View File

51
SOURCES/jdk8141590-bundle_libffi-followup.patch
Unescape View File

@ -1,51 +0,0 @@
commit 928f3bf4a3017931ecc7012688e62d8a03264e61
Author: Andrew Hughes <gnu.andrew@redhat.com>
AuthorDate: Thu Jan 16 17:40:36 2025 +0000
Commit: Andrew Hughes <gnu.andrew@redhat.com>
CommitDate: Thu Jan 16 22:50:24 2025 +0000
Search /usr/lib64 on architectures other than x86_64
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
index 587b4c2657..5aeebe49a3 100644
--- a/common/autoconf/generated-configure.sh
+++ b/common/autoconf/generated-configure.sh
@@ -4493,7 +4493,7 @@ VS_TOOLSET_SUPPORTED_2022=true
#CUSTOM_AUTOCONF_INCLUDE
# Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1737049912
+DATE_WHEN_GENERATED=1737067804
###############################################################################
#
@@ -50590,9 +50590,11 @@ $as_echo_n "checking for libffi lib file location... " >&6; }
as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5
fi
else
- # Fallback on the default /usr/lib dir
+ # Fallback on the default /usr/lib and /usr/lib64 dirs
if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then
LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?"
+ elif test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?"
else
as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5
fi
diff --git a/common/autoconf/libraries.m4 b/common/autoconf/libraries.m4
index 4ed8b4fdd6..6ab6dbc075 100644
--- a/common/autoconf/libraries.m4
+++ b/common/autoconf/libraries.m4
@@ -1121,9 +1121,11 @@ AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP],
AC_MSG_ERROR([Could not locate libffi.so.? for bundling])
fi
else
- # Fallback on the default /usr/lib dir
+ # Fallback on the default /usr/lib and /usr/lib64 dirs
if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then
LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?"
+ elif test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?"
else
AC_MSG_ERROR([Could not locate libffi.so.? for bundling])
fi

763
SOURCES/jdk8141590-bundle_libffi.patch
Unescape View File

@ -1,763 +0,0 @@
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
index ad3f7f232e..587b4c2657 100644
--- a/common/autoconf/generated-configure.sh
+++ b/common/autoconf/generated-configure.sh
@@ -649,6 +649,9 @@ LLVM_LIBS
LLVM_LDFLAGS
LLVM_CFLAGS
LLVM_CONFIG
+LIBFFI_LIB_FILE
+LIBFFI_LIB_DIR
+ENABLE_LIBFFI_BUNDLING
LIBFFI_LIBS
LIBFFI_CFLAGS
STATIC_CXX_SETTING
@@ -1117,6 +1120,10 @@ with_fontconfig_include
with_giflib
with_zlib
with_stdc__lib
+with_libffi
+with_libffi_include
+with_libffi_lib
+enable_libffi_bundling
with_msvcr_dll
with_msvcp_dll
with_vcruntime_1_dll
@@ -1867,6 +1874,9 @@ Optional Features:
disable bundling of the freetype library with the
build result [enabled on Windows or when using
--with-freetype, disabled otherwise]
+ --enable-libffi-bundling
+ enable bundling of libffi.so to make the built JDK
+ runnable on more systems
--enable-sjavac use sjavac to do fast incremental compiles
[disabled]
--disable-precompiled-headers
@@ -1996,6 +2006,11 @@ Optional Packages:
force linking of the C++ runtime on Linux to either
static or dynamic, default is static with dynamic as
fallback
+ --with-libffi specify prefix directory for the libffi package
+ (expecting the libraries under PATH/lib and the
+ headers under PATH/include)
+ --with-libffi-include specify directory for the libffi include files
+ --with-libffi-lib specify directory for the libffi library
--with-msvcr-dll path to microsoft C runtime dll (msvcr*.dll)
(Windows only) [probed]
--with-msvcp-dll path to microsoft C++ runtime dll (msvcp*.dll)
@@ -2878,6 +2893,52 @@ $as_echo "$ac_res" >&6; }
eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ test -x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
@@ -4432,7 +4493,7 @@ VS_TOOLSET_SUPPORTED_2022=true
#CUSTOM_AUTOCONF_INCLUDE
# Do not change or remove the following line, it is needed for consistency checks:
-DATE_WHEN_GENERATED=1716396030
+DATE_WHEN_GENERATED=1737049912
###############################################################################
#
@@ -50215,8 +50276,70 @@ $as_echo "static" >&6; }
fi
+
+# Check whether --with-libffi was given.
+if test "${with_libffi+set}" = set; then :
+ withval=$with_libffi;
+fi
+
+
+# Check whether --with-libffi-include was given.
+if test "${with_libffi_include+set}" = set; then :
+ withval=$with_libffi_include;
+fi
+
+
+# Check whether --with-libffi-lib was given.
+if test "${with_libffi_lib+set}" = set; then :
+ withval=$with_libffi_lib;
+fi
+
+ # Check whether --enable-libffi-bundling was given.
+if test "${enable_libffi_bundling+set}" = set; then :
+ enableval=$enable_libffi_bundling;
+fi
+
+
+ # Check if ffi is needed
if test "x$JVM_VARIANT_ZERO" = xtrue || test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then
- # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS
+ NEEDS_LIB_FFI=true
+ else
+ NEEDS_LIB_FFI=false
+ fi
+
+ if test "x$NEEDS_LIB_FFI" = xfalse; then
+ if test "x${with_libffi}" != x || test "x${with_libffi_include}" != x || test "x${with_libffi_lib}" != x; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: libffi not used, so --with-libffi is ignored" >&5
+$as_echo "$as_me: WARNING: libffi not used, so --with-libffi is ignored" >&2;}
+ fi
+ LIBFFI_CFLAGS=
+ LIBFFI_LIBS=
+ else
+ LIBFFI_FOUND=no
+
+ if test "x${with_libffi}" = xno || test "x${with_libffi_include}" = xno || test "x${with_libffi_lib}" = xno; then
+ as_fn_error $? "It is not possible to disable the use of libffi. Remove the --without-libffi option." "$LINENO" 5
+ fi
+
+ if test "x${with_libffi}" != x; then
+ LIBFFI_LIB_PATH="${with_libffi}/lib"
+ LIBFFI_LIBS="-L${with_libffi}/lib -lffi"
+ LIBFFI_CFLAGS="-I${with_libffi}/include"
+ LIBFFI_FOUND=yes
+ fi
+ if test "x${with_libffi_include}" != x; then
+ LIBFFI_CFLAGS="-I${with_libffi_include}"
+ LIBFFI_FOUND=yes
+ fi
+ if test "x${with_libffi_lib}" != x; then
+ LIBFFI_LIB_PATH="${with_libffi_lib}"
+ LIBFFI_LIBS="-L${with_libffi_lib} -lffi"
+ LIBFFI_FOUND=yes
+ fi
+ # Do not try pkg-config if we have a sysroot set.
+ if test "x$SYSROOT" = x; then
+ if test "x$LIBFFI_FOUND" = xno; then
+ # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS
pkg_failed=no
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBFFI" >&5
@@ -50272,40 +50395,224 @@ fi
# Put the nasty error message in config.log where it belongs
echo "$LIBFFI_PKG_ERRORS" >&5
- as_fn_error $? "Package requirements (libffi) were not met:
-
-$LIBFFI_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-Alternatively, you may set the environment variables LIBFFI_CFLAGS
-and LIBFFI_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-" "$LINENO" 5
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBFFI_FOUND=no
elif test $pkg_failed = untried; then
- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
-as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-Alternatively, you may set the environment variables LIBFFI_CFLAGS
-and LIBFFI_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.
-See \`config.log' for more details" "$LINENO" 5; }
+ LIBFFI_FOUND=no
else
LIBFFI_CFLAGS=$pkg_cv_LIBFFI_CFLAGS
LIBFFI_LIBS=$pkg_cv_LIBFFI_LIBS
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
- :
+ LIBFFI_FOUND=yes
+fi
+ fi
+ fi
+ if test "x$LIBFFI_FOUND" = xno; then
+ for ac_header in ffi.h
+do :
+ ac_fn_cxx_check_header_mongrel "$LINENO" "ffi.h" "ac_cv_header_ffi_h" "$ac_includes_default"
+if test "x$ac_cv_header_ffi_h" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_FFI_H 1
+_ACEOF
+
+ LIBFFI_FOUND=yes
+ LIBFFI_CFLAGS=
+ LIBFFI_LIBS=-lffi
+
+else
+ LIBFFI_FOUND=no
+
+fi
+
+done
+
+ fi
+ if test "x$LIBFFI_FOUND" = xno; then
+
+ # Print a helpful message on how to acquire the necessary build dependency.
+ # ffi is the help tag: freetype, cups, pulse, alsa etc
+ MISSING_DEPENDENCY=ffi
+
+ if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+ cygwin_help $MISSING_DEPENDENCY
+ elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+ msys_help $MISSING_DEPENDENCY
+ else
+ PKGHANDLER_COMMAND=
+
+ case $PKGHANDLER in
+ apt-get)
+ apt_help $MISSING_DEPENDENCY ;;
+ yum)
+ yum_help $MISSING_DEPENDENCY ;;
+ port)
+ port_help $MISSING_DEPENDENCY ;;
+ pkgutil)
+ pkgutil_help $MISSING_DEPENDENCY ;;
+ pkgadd)
+ pkgadd_help $MISSING_DEPENDENCY ;;
+ esac
+
+ if test "x$PKGHANDLER_COMMAND" != x; then
+ HELP_MSG="You might be able to fix this by running '$PKGHANDLER_COMMAND'."
+ fi
+ fi
+
+ as_fn_error $? "Could not find libffi! $HELP_MSG" "$LINENO" 5
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libffi works" >&5
+$as_echo_n "checking if libffi works... " >&6; }
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ OLD_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $LIBFFI_CFLAGS"
+ OLD_LIBS="$LIBS"
+ LIBS="$LIBS $LIBFFI_LIBS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ffi.h>
+int
+main (void)
+{
+
+ ffi_call(NULL, NULL, NULL, NULL);
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ LIBFFI_WORKS=yes
+else
+ LIBFFI_WORKS=no
+
fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ CFLAGS="$OLD_CFLAGS"
+ LIBS="$OLD_LIBS"
+ ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBFFI_WORKS" >&5
+$as_echo "$LIBFFI_WORKS" >&6; }
+ if test "x$LIBFFI_WORKS" = xno; then
+
+ # Print a helpful message on how to acquire the necessary build dependency.
+ # ffi is the help tag: freetype, cups, pulse, alsa etc
+ MISSING_DEPENDENCY=ffi
+
+ if test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.cygwin"; then
+ cygwin_help $MISSING_DEPENDENCY
+ elif test "x$OPENJDK_BUILD_OS_ENV" = "xwindows.msys"; then
+ msys_help $MISSING_DEPENDENCY
+ else
+ PKGHANDLER_COMMAND=
+
+ case $PKGHANDLER in
+ apt-get)
+ apt_help $MISSING_DEPENDENCY ;;
+ yum)
+ yum_help $MISSING_DEPENDENCY ;;
+ port)
+ port_help $MISSING_DEPENDENCY ;;
+ pkgutil)
+ pkgutil_help $MISSING_DEPENDENCY ;;
+ pkgadd)
+ pkgadd_help $MISSING_DEPENDENCY ;;
+ esac
+
+ if test "x$PKGHANDLER_COMMAND" != x; then
+ HELP_MSG="You might be able to fix this by running '$PKGHANDLER_COMMAND'."
+ fi
fi
+ as_fn_error $? "Found libffi but could not link and compile with it. $HELP_MSG" "$LINENO" 5
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libffi should be bundled" >&5
+$as_echo_n "checking if libffi should be bundled... " >&6; }
+ if test "x$enable_libffi_bundling" = "x"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ENABLE_LIBFFI_BUNDLING=false
+ elif test "x$enable_libffi_bundling" = "xno"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, forced" >&5
+$as_echo "no, forced" >&6; }
+ ENABLE_LIBFFI_BUNDLING=false
+ elif test "x$enable_libffi_bundling" = "xyes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, forced" >&5
+$as_echo "yes, forced" >&6; }
+ ENABLE_LIBFFI_BUNDLING=true
+ else
+ as_fn_error $? "Invalid value for --enable-libffi-bundling" "$LINENO" 5
+ fi
+
+ # Find the libffi.so.X to bundle
+ if test "x${ENABLE_LIBFFI_BUNDLING}" = "xtrue"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libffi lib file location" >&5
+$as_echo_n "checking for libffi lib file location... " >&6; }
+ if test "x${LIBFFI_LIB_PATH}" != x; then
+ if test -e ${LIBFFI_LIB_PATH}/libffi.so.?; then
+ LIBFFI_LIB_FILE="${LIBFFI_LIB_PATH}/libffi.so.?"
+ else
+ as_fn_error $? "Could not locate libffi.so.? for bundling in ${LIBFFI_LIB_PATH}" "$LINENO" 5
+ fi
+ else
+ # If we don't have an explicit path, look in a few obvious places
+ if test "x${OPENJDK_TARGET_CPU}" = "xx86"; then
+ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?"
+ elif test -e ${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.?"
+ else
+ as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5
+ fi
+ elif test "x${OPENJDK_TARGET_CPU}" = "xx86_64"; then
+ if test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?"
+ elif test -e ${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.?"
+ else
+ as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5
+ fi
+ else
+ # Fallback on the default /usr/lib dir
+ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?"
+ else
+ as_fn_error $? "Could not locate libffi.so.? for bundling" "$LINENO" 5
+ fi
+ fi
+ fi
+ # Make sure the wildcard is evaluated
+ LIBFFI_LIB_FILE="$(ls ${LIBFFI_LIB_FILE})"
+ LIBFFI_LIB_DIR="$(dirname ${LIBFFI_LIB_FILE})"
+ LIBFFI_LIB_FILE="$(basename ${LIBFFI_LIB_FILE})"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${LIBFFI_LIB_FILE} in ${LIBFFI_LIB_DIR}" >&5
+$as_echo "${LIBFFI_LIB_FILE} in ${LIBFFI_LIB_DIR}" >&6; }
+ fi
+ fi
+
+
+
+
+
+
+
if test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then
# Extract the first word of "llvm-config", so it can be a program name with args.
set dummy llvm-config; ac_word=$2
diff --git a/common/autoconf/libraries.m4 b/common/autoconf/libraries.m4
index 6efae578ea..4ed8b4fdd6 100644
--- a/common/autoconf/libraries.m4
+++ b/common/autoconf/libraries.m4
@@ -988,12 +988,161 @@ AC_DEFUN_ONCE([LIB_SETUP_STATIC_LINK_LIBSTDCPP],
fi
AC_SUBST(STATIC_CXX_SETTING)
+ AC_ARG_WITH(libffi, [AS_HELP_STRING([--with-libffi],
+ [specify prefix directory for the libffi package
+ (expecting the libraries under PATH/lib and the headers under PATH/include)])])
+ AC_ARG_WITH(libffi-include, [AS_HELP_STRING([--with-libffi-include],
+ [specify directory for the libffi include files])])
+ AC_ARG_WITH(libffi-lib, [AS_HELP_STRING([--with-libffi-lib],
+ [specify directory for the libffi library])])
+ AC_ARG_ENABLE(libffi-bundling, [AS_HELP_STRING([--enable-libffi-bundling],
+ [enable bundling of libffi.so to make the built JDK runnable on more systems])])
+
+ # Check if ffi is needed
if test "x$JVM_VARIANT_ZERO" = xtrue || test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then
- # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS
- PKG_CHECK_MODULES([LIBFFI], [libffi])
+ NEEDS_LIB_FFI=true
+ else
+ NEEDS_LIB_FFI=false
+ fi
+
+ if test "x$NEEDS_LIB_FFI" = xfalse; then
+ if test "x${with_libffi}" != x || test "x${with_libffi_include}" != x || test "x${with_libffi_lib}" != x; then
+ AC_MSG_WARN([libffi not used, so --with-libffi is ignored])
+ fi
+ LIBFFI_CFLAGS=
+ LIBFFI_LIBS=
+ else
+ LIBFFI_FOUND=no
+ if test "x${with_libffi}" = xno || test "x${with_libffi_include}" = xno || test "x${with_libffi_lib}" = xno; then
+ AC_MSG_ERROR([It is not possible to disable the use of libffi. Remove the --without-libffi option.])
+ fi
+
+ if test "x${with_libffi}" != x; then
+ LIBFFI_LIB_PATH="${with_libffi}/lib"
+ LIBFFI_LIBS="-L${with_libffi}/lib -lffi"
+ LIBFFI_CFLAGS="-I${with_libffi}/include"
+ LIBFFI_FOUND=yes
+ fi
+ if test "x${with_libffi_include}" != x; then
+ LIBFFI_CFLAGS="-I${with_libffi_include}"
+ LIBFFI_FOUND=yes
+ fi
+ if test "x${with_libffi_lib}" != x; then
+ LIBFFI_LIB_PATH="${with_libffi_lib}"
+ LIBFFI_LIBS="-L${with_libffi_lib} -lffi"
+ LIBFFI_FOUND=yes
+ fi
+ # Do not try pkg-config if we have a sysroot set.
+ if test "x$SYSROOT" = x; then
+ if test "x$LIBFFI_FOUND" = xno; then
+ # Figure out LIBFFI_CFLAGS and LIBFFI_LIBS
+ PKG_CHECK_MODULES([LIBFFI], [libffi], [LIBFFI_FOUND=yes], [LIBFFI_FOUND=no])
+ fi
+ fi
+ if test "x$LIBFFI_FOUND" = xno; then
+ AC_CHECK_HEADERS([ffi.h],
+ [
+ LIBFFI_FOUND=yes
+ LIBFFI_CFLAGS=
+ LIBFFI_LIBS=-lffi
+ ],
+ [LIBFFI_FOUND=no]
+ )
+ fi
+ if test "x$LIBFFI_FOUND" = xno; then
+ HELP_MSG_MISSING_DEPENDENCY([ffi])
+ AC_MSG_ERROR([Could not find libffi! $HELP_MSG])
+ fi
+
+ AC_MSG_CHECKING([if libffi works])
+ AC_LANG_PUSH(C)
+ OLD_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS $LIBFFI_CFLAGS"
+ OLD_LIBS="$LIBS"
+ LIBS="$LIBS $LIBFFI_LIBS"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <ffi.h>],
+ [
+ ffi_call(NULL, NULL, NULL, NULL);
+ return 0;
+ ])],
+ [LIBFFI_WORKS=yes],
+ [LIBFFI_WORKS=no]
+ )
+ CFLAGS="$OLD_CFLAGS"
+ LIBS="$OLD_LIBS"
+ AC_LANG_POP(C)
+ AC_MSG_RESULT([$LIBFFI_WORKS])
+
+ if test "x$LIBFFI_WORKS" = xno; then
+ HELP_MSG_MISSING_DEPENDENCY([ffi])
+ AC_MSG_ERROR([Found libffi but could not link and compile with it. $HELP_MSG])
+ fi
+
+ AC_MSG_CHECKING([if libffi should be bundled])
+ if test "x$enable_libffi_bundling" = "x"; then
+ AC_MSG_RESULT([no])
+ ENABLE_LIBFFI_BUNDLING=false
+ elif test "x$enable_libffi_bundling" = "xno"; then
+ AC_MSG_RESULT([no, forced])
+ ENABLE_LIBFFI_BUNDLING=false
+ elif test "x$enable_libffi_bundling" = "xyes"; then
+ AC_MSG_RESULT([yes, forced])
+ ENABLE_LIBFFI_BUNDLING=true
+ else
+ AC_MSG_ERROR([Invalid value for --enable-libffi-bundling])
+ fi
+
+ # Find the libffi.so.X to bundle
+ if test "x${ENABLE_LIBFFI_BUNDLING}" = "xtrue"; then
+ AC_MSG_CHECKING([for libffi lib file location])
+ if test "x${LIBFFI_LIB_PATH}" != x; then
+ if test -e ${LIBFFI_LIB_PATH}/libffi.so.?; then
+ LIBFFI_LIB_FILE="${LIBFFI_LIB_PATH}/libffi.so.?"
+ else
+ AC_MSG_ERROR([Could not locate libffi.so.? for bundling in ${LIBFFI_LIB_PATH}])
+ fi
+ else
+ # If we don't have an explicit path, look in a few obvious places
+ if test "x${OPENJDK_TARGET_CPU}" = "xx86"; then
+ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?"
+ elif test -e ${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/i386-linux-gnu/libffi.so.?"
+ else
+ AC_MSG_ERROR([Could not locate libffi.so.? for bundling])
+ fi
+ elif test "x${OPENJDK_TARGET_CPU}" = "xx86_64"; then
+ if test -e ${SYSROOT}/usr/lib64/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib64/libffi.so.?"
+ elif test -e ${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/x86_64-linux-gnu/libffi.so.?"
+ else
+ AC_MSG_ERROR([Could not locate libffi.so.? for bundling])
+ fi
+ else
+ # Fallback on the default /usr/lib dir
+ if test -e ${SYSROOT}/usr/lib/libffi.so.? ; then
+ LIBFFI_LIB_FILE="${SYSROOT}/usr/lib/libffi.so.?"
+ else
+ AC_MSG_ERROR([Could not locate libffi.so.? for bundling])
+ fi
+ fi
+ fi
+ # Make sure the wildcard is evaluated
+ LIBFFI_LIB_FILE="$(ls ${LIBFFI_LIB_FILE})"
+ LIBFFI_LIB_DIR="$(dirname ${LIBFFI_LIB_FILE})"
+ LIBFFI_LIB_FILE="$(basename ${LIBFFI_LIB_FILE})"
+ AC_MSG_RESULT([${LIBFFI_LIB_FILE} in ${LIBFFI_LIB_DIR}])
+ fi
fi
+ AC_SUBST(LIBFFI_CFLAGS)
+ AC_SUBST(LIBFFI_LIBS)
+ AC_SUBST(ENABLE_LIBFFI_BUNDLING)
+ AC_SUBST(LIBFFI_LIB_DIR)
+ AC_SUBST(LIBFFI_LIB_FILE)
+
if test "x$JVM_VARIANT_ZEROSHARK" = xtrue; then
AC_CHECK_PROG([LLVM_CONFIG], [llvm-config], [llvm-config])
diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in
index 9573bb2cbd..8da3ac32a0 100644
--- a/common/autoconf/spec.gmk.in
+++ b/common/autoconf/spec.gmk.in
@@ -311,6 +311,11 @@ FONTCONFIG_CFLAGS:=@FONTCONFIG_CFLAGS@
CUPS_CFLAGS:=@CUPS_CFLAGS@
ALSA_LIBS:=@ALSA_LIBS@
ALSA_CFLAGS:=@ALSA_CFLAGS@
+LIBFFI_LIBS:=@LIBFFI_LIBS@
+LIBFFI_CFLAGS:=@LIBFFI_CFLAGS@
+ENABLE_LIBFFI_BUNDLING:=@ENABLE_LIBFFI_BUNDLING@
+LIBFFI_LIB_DIR:=@LIBFFI_LIB_DIR@
+LIBFFI_LIB_FILE:=@LIBFFI_LIB_FILE@
PACKAGE_PATH=@PACKAGE_PATH@
diff --git a/hotspot/make/Makefile b/hotspot/make/Makefile
index ad195763be..b9114cb99a 100644
--- a/hotspot/make/Makefile
+++ b/hotspot/make/Makefile
@@ -476,6 +476,8 @@ $(EXPORT_INCLUDE_DIR)/%: $(ZERO_BUILD_DIR)/../generated/jvmtifiles/%
# Unix
$(EXPORT_JRE_LIB_ARCH_DIR)/%.$(LIBRARY_SUFFIX): $(ZERO_BUILD_DIR)/%.$(LIBRARY_SUFFIX)
$(install-file)
+$(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE): $(LIBFFI_LIB_DIR)/$(LIBFFI_LIB_FILE)
+ $(install-file)
$(EXPORT_JRE_LIB_ARCH_DIR)/%.debuginfo: $(ZERO_BUILD_DIR)/%.debuginfo
$(install-file)
$(EXPORT_JRE_LIB_ARCH_DIR)/%.diz: $(ZERO_BUILD_DIR)/%.diz
diff --git a/hotspot/make/aix/makefiles/defs.make b/hotspot/make/aix/makefiles/defs.make
index b12c9c8df2..db10f6a68f 100644
--- a/hotspot/make/aix/makefiles/defs.make
+++ b/hotspot/make/aix/makefiles/defs.make
@@ -220,4 +220,7 @@ ADD_SA_BINARIES/zero =
EXPORT_LIST += $(ADD_SA_BINARIES/$(HS_ARCH))
+ifeq ($(ENABLE_LIBFFI_BUNDLING), true)
+ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE)
+endif
diff --git a/hotspot/make/bsd/makefiles/defs.make b/hotspot/make/bsd/makefiles/defs.make
index 7cd21cc175..23436f12d8 100644
--- a/hotspot/make/bsd/makefiles/defs.make
+++ b/hotspot/make/bsd/makefiles/defs.make
@@ -364,6 +364,10 @@ ADD_SA_BINARIES/zero =
EXPORT_LIST += $(ADD_SA_BINARIES/$(HS_ARCH))
+ifeq ($(ENABLE_LIBFFI_BUNDLING), true)
+ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE)
+endif
+
# Universal build settings
ifeq ($(OS_VENDOR), Darwin)
# Build universal binaries by default on Mac OS X
diff --git a/hotspot/make/linux/makefiles/defs.make b/hotspot/make/linux/makefiles/defs.make
index ec414639d2..0baa4f068d 100644
--- a/hotspot/make/linux/makefiles/defs.make
+++ b/hotspot/make/linux/makefiles/defs.make
@@ -333,4 +333,6 @@ ADD_SA_BINARIES/zero =
EXPORT_LIST += $(ADD_SA_BINARIES/$(HS_ARCH))
-
+ifeq ($(ENABLE_LIBFFI_BUNDLING), true)
+ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE)
+endif
diff --git a/hotspot/make/solaris/makefiles/defs.make b/hotspot/make/solaris/makefiles/defs.make
index c88351c82b..cb838e854d 100644
--- a/hotspot/make/solaris/makefiles/defs.make
+++ b/hotspot/make/solaris/makefiles/defs.make
@@ -304,3 +304,7 @@ ifeq ($(ENABLE_FULL_DEBUG_SYMBOLS),1)
endif
endif
EXPORT_LIST += $(EXPORT_LIB_DIR)/sa-jdi.jar
+
+ifeq ($(ENABLE_LIBFFI_BUNDLING), true)
+ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE)
+endif
diff --git a/hotspot/make/windows/makefiles/defs.make b/hotspot/make/windows/makefiles/defs.make
index 6b36f0e2bc..6f42c7ad37 100644
--- a/hotspot/make/windows/makefiles/defs.make
+++ b/hotspot/make/windows/makefiles/defs.make
@@ -300,6 +300,10 @@ ifeq ($(BUILD_WIN_SA), 1)
MAKE_ARGS += BUILD_WIN_SA=1
endif
+ifeq ($(ENABLE_LIBFFI_BUNDLING), true)
+ EXPORT_LIST += $(EXPORT_JRE_LIB_ARCH_DIR)/$(LIBFFI_LIB_FILE)
+endif
+
# Propagate compiler and tools paths from configure to nmake.
# Need to make sure they contain \\ and not /.
ifneq ($(SPEC),)
diff --git a/jdk/make/Images.gmk b/jdk/make/Images.gmk
index 2e378c9134..0edefd7b5c 100644
--- a/jdk/make/Images.gmk
+++ b/jdk/make/Images.gmk
@@ -249,7 +249,8 @@ endif
ifneq ($(findstring $(OPENJDK_TARGET_OS), linux solaris),) # If Linux or Solaris
JDK_LIB_FILES += $(LIBRARY_PREFIX)jli$(SHARED_LIBRARY_SUFFIX) \
- $(LIBRARY_PREFIX)jawt$(SHARED_LIBRARY_SUFFIX)
+ $(LIBRARY_PREFIX)jawt$(SHARED_LIBRARY_SUFFIX) \
+ $(LIBFFI_LIB_FILE)
endif
# Find all files to copy from $(JDK_OUTPUTDIR)/lib
diff --git a/jdk/make/Import.gmk b/jdk/make/Import.gmk
index b115fa7f86..29fa2662a6 100644
--- a/jdk/make/Import.gmk
+++ b/jdk/make/Import.gmk
@@ -114,7 +114,7 @@ endef
#
# Import hotspot
#
-HOTSPOT_IMPORT_FILES := $(addprefix $(LIBRARY_PREFIX), jvm.* saproc.* jsig.* sawindbg.* jvm_db.* jvm_dtrace.*) \
+HOTSPOT_IMPORT_FILES := $(addprefix $(LIBRARY_PREFIX), jvm.* saproc.* jsig.* sawindbg.* jvm_db.* jvm_dtrace.* ffi.*) \
Xusage.txt sa-jdi.jar
ifeq ($(OPENJDK_TARGET_OS), macosx)
diff --git a/make/devkit/Tools.gmk b/make/devkit/Tools.gmk
index c2460105b7..cf2ef251ac 100644
--- a/make/devkit/Tools.gmk
+++ b/make/devkit/Tools.gmk
@@ -82,8 +82,8 @@ RPM_LIST := \
libXi libXi-devel \
libXdmcp libXdmcp-devel \
libXau libXau-devel \
- libgcc
-
+ libgcc \
+ libffi libffi-devel
ifeq ($(ARCH),x86_64)
RPM_DIR ?= $(RPM_DIR_x86_64)
@@ -203,6 +203,18 @@ $(libs) : $(rpms)
@mkdir -p $(SYSROOT)/usr/lib
@touch $@
+##########################################################################################
+# Create links for ffi header files so that they become visible by default when using the
+# devkit.
+
+$(SYSROOT)/usr/include/ffi.h: $(rpms)
+ cd $(@D) && rm $(@F) && ln -s ../lib/libffi-*/include/$(@F) .
+
+$(SYSROOT)/usr/include/ffitarget.h: $(rpms)
+ cd $(@D) && rm $(@F) && ln -s ../lib/libffi-*/include/$(@F) .
+
+SYSROOT_LINKS += $(SYSROOT)/usr/include/ffi.h $(SYSROOT)/usr/include/ffitarget.h
+
##########################################################################################
# Define marker files for each source package to be compiled
@@ -479,7 +491,7 @@ rpms : $(rpms)
libs : $(libs)
sysroot : rpms libs
gcc : sysroot $(gcc) $(gccpatch)
-all : binutils gcc bfdlib $(PREFIX)/devkit.info
+all : binutils gcc bfdlib $(PREFIX)/devkit.info $(SYSROOT_LINKS)
# this is only built for host. so separate.
ccache : $(ccache)

286
SOURCES/jdk8186464-rh1433262-zip64_failure.patch
Unescape View File

@ -1,286 +0,0 @@
# HG changeset patch
# User sherman
# Date 1505950914 25200
# Wed Sep 20 16:41:54 2017 -0700
# Node ID 723486922bfe4c17e3f5c067ce5e97229842fbcd
# Parent c8ac05bbe47771b3dafa2e7fc9a95d86d68d7c07
8186464: ZipFile cannot read some InfoZip ZIP64 zip files
Reviewed-by: martin
diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
index 26e2a5bf9e9..2630c118817 100644
--- openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
+++ openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
@@ -92,6 +92,7 @@ public class ZipFileSystem extends FileSystem {
private final boolean createNew; // create a new zip if not exists
private static final boolean isWindows =
System.getProperty("os.name").startsWith("Windows");
+ private final boolean forceEnd64;
// a threshold, in bytes, to decide whether to create a temp file
// for outputstream of a zip entry
@@ -112,12 +113,13 @@ public class ZipFileSystem extends FileSystem {
if (this.defaultDir.charAt(0) != '/')
throw new IllegalArgumentException("default dir should be absolute");
+ this.forceEnd64 = "true".equals(env.get("forceZIP64End"));
this.provider = provider;
this.zfpath = zfpath;
if (Files.notExists(zfpath)) {
if (createNew) {
try (OutputStream os = Files.newOutputStream(zfpath, CREATE_NEW, WRITE)) {
- new END().write(os, 0);
+ new END().write(os, 0, forceEnd64);
}
} else {
throw new FileSystemNotFoundException(zfpath.toString());
@@ -1014,28 +1016,36 @@ public class ZipFileSystem extends FileSystem {
end.cenoff = ENDOFF(buf);
end.comlen = ENDCOM(buf);
end.endpos = pos + i;
- if (end.cenlen == ZIP64_MINVAL ||
- end.cenoff == ZIP64_MINVAL ||
- end.centot == ZIP64_MINVAL32)
- {
- // need to find the zip64 end;
- byte[] loc64 = new byte[ZIP64_LOCHDR];
- if (readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR)
- != loc64.length) {
- return end;
- }
- long end64pos = ZIP64_LOCOFF(loc64);
- byte[] end64buf = new byte[ZIP64_ENDHDR];
- if (readFullyAt(end64buf, 0, end64buf.length, end64pos)
- != end64buf.length) {
- return end;
- }
- // end64 found, re-calcualte everything.
- end.cenlen = ZIP64_ENDSIZ(end64buf);
- end.cenoff = ZIP64_ENDOFF(end64buf);
- end.centot = (int)ZIP64_ENDTOT(end64buf); // assume total < 2g
- end.endpos = end64pos;
+ // try if there is zip64 end;
+ byte[] loc64 = new byte[ZIP64_LOCHDR];
+ if (end.endpos < ZIP64_LOCHDR ||
+ readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR)
+ != loc64.length ||
+ !locator64SigAt(loc64, 0)) {
+ return end;
+ }
+ long end64pos = ZIP64_LOCOFF(loc64);
+ byte[] end64buf = new byte[ZIP64_ENDHDR];
+ if (readFullyAt(end64buf, 0, end64buf.length, end64pos)
+ != end64buf.length ||
+ !end64SigAt(end64buf, 0)) {
+ return end;
+ }
+ // end64 found,
+ long cenlen64 = ZIP64_ENDSIZ(end64buf);
+ long cenoff64 = ZIP64_ENDOFF(end64buf);
+ long centot64 = ZIP64_ENDTOT(end64buf);
+ // double-check
+ if (cenlen64 != end.cenlen && end.cenlen != ZIP64_MINVAL ||
+ cenoff64 != end.cenoff && end.cenoff != ZIP64_MINVAL ||
+ centot64 != end.centot && end.centot != ZIP64_MINVAL32) {
+ return end;
}
+ // to use the end64 values
+ end.cenlen = cenlen64;
+ end.cenoff = cenoff64;
+ end.centot = (int)centot64; // assume total < 2g
+ end.endpos = end64pos;
return end;
}
}
@@ -1201,7 +1211,7 @@ public class ZipFileSystem extends FileSystem {
// sync the zip file system, if there is any udpate
private void sync() throws IOException {
- //System.out.printf("->sync(%s) starting....!%n", toString());
+ // System.out.printf("->sync(%s) starting....!%n", toString());
// check ex-closer
if (!exChClosers.isEmpty()) {
for (ExChannelCloser ecc : exChClosers) {
@@ -1292,7 +1302,7 @@ public class ZipFileSystem extends FileSystem {
}
end.centot = elist.size();
end.cenlen = written - end.cenoff;
- end.write(os, written);
+ end.write(os, written, forceEnd64);
}
if (!streams.isEmpty()) {
//
@@ -1849,8 +1859,8 @@ public class ZipFileSystem extends FileSystem {
long endpos;
int disktot;
- void write(OutputStream os, long offset) throws IOException {
- boolean hasZip64 = false;
+ void write(OutputStream os, long offset, boolean forceEnd64) throws IOException {
+ boolean hasZip64 = forceEnd64; // false;
long xlen = cenlen;
long xoff = cenoff;
if (xlen >= ZIP64_MINVAL) {
@@ -1875,8 +1885,8 @@ public class ZipFileSystem extends FileSystem {
writeShort(os, 45); // version needed to extract
writeInt(os, 0); // number of this disk
writeInt(os, 0); // central directory start disk
- writeLong(os, centot); // number of directory entires on disk
- writeLong(os, centot); // number of directory entires
+ writeLong(os, centot); // number of directory entries on disk
+ writeLong(os, centot); // number of directory entries
writeLong(os, cenlen); // length of central directory
writeLong(os, cenoff); // offset of central directory
diff --git openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c
index 5fd6fea049d..858e5814e92 100644
--- openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c
+++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c
@@ -385,6 +385,9 @@ findEND64(jzfile *zip, void *end64buf, jlong endpos)
{
char loc64[ZIP64_LOCHDR];
jlong end64pos;
+ if (endpos < ZIP64_LOCHDR) {
+ return -1;
+ }
if (readFullyAt(zip->zfd, loc64, ZIP64_LOCHDR, endpos - ZIP64_LOCHDR) == -1) {
return -1; // end64 locator not found
}
@@ -567,6 +570,7 @@ readCEN(jzfile *zip, jint knownTotal)
{
/* Following are unsigned 32-bit */
jlong endpos, end64pos, cenpos, cenlen, cenoff;
+ jlong cenlen64, cenoff64, centot64;
/* Following are unsigned 16-bit */
jint total, tablelen, i, j;
unsigned char *cenbuf = NULL;
@@ -594,13 +598,20 @@ readCEN(jzfile *zip, jint knownTotal)
cenlen = ENDSIZ(endbuf);
cenoff = ENDOFF(endbuf);
total = ENDTOT(endbuf);
- if (cenlen == ZIP64_MAGICVAL || cenoff == ZIP64_MAGICVAL ||
- total == ZIP64_MAGICCOUNT) {
- unsigned char end64buf[ZIP64_ENDHDR];
- if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) {
- cenlen = ZIP64_ENDSIZ(end64buf);
- cenoff = ZIP64_ENDOFF(end64buf);
- total = (jint)ZIP64_ENDTOT(end64buf);
+ unsigned char end64buf[ZIP64_ENDHDR];
+ if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) {
+ // end64 candidate found,
+ cenlen64 = ZIP64_ENDSIZ(end64buf);
+ cenoff64 = ZIP64_ENDOFF(end64buf);
+ centot64 = ZIP64_ENDTOT(end64buf);
+ // double-check
+ if ((cenlen64 == cenlen || cenlen == ZIP64_MAGICVAL) &&
+ (cenoff64 == cenoff || cenoff == ZIP64_MAGICVAL) &&
+ (centot64 == total || total == ZIP64_MAGICCOUNT)) {
+ // to use the end64 values
+ cenlen = cenlen64;
+ cenoff = cenoff64;
+ total = (jint)centot64;
endpos = end64pos;
endhdrlen = ZIP64_ENDHDR;
}
diff --git openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java
index ffe8a8ed712..9b380003893 100644
--- openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java
+++ openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java
@@ -22,7 +22,7 @@
*/
/* @test
- * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993
+ * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 8186464
* @summary Make sure we can read a zip file.
@key randomness
* @run main/othervm ReadZip
@@ -31,12 +31,24 @@
*/
import java.io.*;
+import java.net.URI;
import java.nio.file.Files;
+import java.nio.file.FileSystem;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import java.util.zip.*;
+import sun.misc.IOUtils;
+
+import static java.nio.charset.StandardCharsets.US_ASCII;
+
public class ReadZip {
private static void unreached (Object o)
throws Exception
@@ -144,8 +156,6 @@ public class ReadZip {
newZip.delete();
}
-
-
// Throw a FNF exception when read a non-existing zip file
try { unreached (new ZipFile(
new File(System.getProperty("test.src", "."),
@@ -153,5 +163,54 @@ public class ReadZip {
+ String.valueOf(new java.util.Random().nextInt())
+ ".zip")));
} catch (FileNotFoundException fnfe) {}
+
+ // read a zip file with ZIP64 end
+ Path path = Paths.get(System.getProperty("test.dir", ""), "end64.zip");
+ try {
+ URI uri = URI.create("jar:" + path.toUri());
+ Map<String, Object> env = new HashMap<>();
+ env.put("create", "true");
+ env.put("forceZIP64End", "true");
+ try (FileSystem fs = FileSystems.newFileSystem(uri, env)) {
+ Files.write(fs.getPath("hello"), "hello".getBytes());
+ }
+ try (ZipFile zf = new ZipFile(path.toFile())) {
+ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("hello"))),
+ US_ASCII)))
+ throw new RuntimeException("zipfile: read entry failed");
+ } catch (IOException x) {
+ throw new RuntimeException("zipfile: zip64 end failed");
+ }
+ try (FileSystem fs = FileSystems.newFileSystem(uri, Collections.emptyMap())) {
+ if (!"hello".equals(new String(Files.readAllBytes(fs.getPath("hello")))))
+ throw new RuntimeException("zipfs: read entry failed");
+ } catch (IOException x) {
+ throw new RuntimeException("zipfile: zip64 end failed");
+ }
+ } finally {
+ Files.deleteIfExists(path);
+ }
+
+ // read a zip file created via "echo hello | zip dst.zip -", which uses
+ // ZIP64 end record
+ if (Files.notExists(Paths.get("/usr/bin/zip")))
+ return;
+ try {
+ Process zip = new ProcessBuilder("zip", path.toString().toString(), "-").start();
+ OutputStream os = zip.getOutputStream();
+ os.write("hello".getBytes(US_ASCII));
+ os.close();
+ zip.waitFor();
+ if (zip.exitValue() == 0 && Files.exists(path)) {
+ try (ZipFile zf = new ZipFile(path.toFile())) {
+ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("-"))))))
+ throw new RuntimeException("zipfile: read entry failed");
+ } catch (IOException x) {
+ throw new RuntimeException("zipfile: zip64 end failed");
+ }
+ }
+ } finally {
+ Files.deleteIfExists(path);
+ }
}
}

52
SOURCES/jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch
Unescape View File

@ -7,11 +7,10 @@
PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4
index 113bf367e2..bed030e8d1 100644
--- a/common/autoconf/flags.m4
+++ b/common/autoconf/flags.m4
@@ -451,6 +451,21 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_JDK],
diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
--- openjdk.orig///common/autoconf/flags.m4
+++ openjdk///common/autoconf/flags.m4
@@ -402,6 +402,21 @@
AC_SUBST($2CXXSTD_CXXFLAG)
fi
@ -33,32 +32,23 @@ index 113bf367e2..bed030e8d1 100644
if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then
AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags])
fi
diff --git a/common/autoconf/hotspot-spec.gmk.in b/common/autoconf/hotspot-spec.gmk.in
index 3f86751d2b..f8a271383f 100644
--- a/common/autoconf/hotspot-spec.gmk.in
+++ b/common/autoconf/hotspot-spec.gmk.in
@@ -114,13 +114,14 @@ RC:=@HOTSPOT_RC@
# Retain EXTRA_{CFLAGS,CXXFLAGS,LDFLAGS,ASFLAGS} for the target flags to
# maintain compatibility with the existing Makefiles
EXTRA_CFLAGS=@LEGACY_TARGET_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \
+ $(REALIGN_CFLAG)
EXTRA_CXXFLAGS=@LEGACY_TARGET_CXXFLAGS@
EXTRA_LDFLAGS=@LEGACY_TARGET_LDFLAGS@
EXTRA_ASFLAGS=@LEGACY_TARGET_ASFLAGS@
# Define an equivalent set for the host flags (i.e. without sysroot options)
HOST_CFLAGS=@LEGACY_HOST_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
HOST_CXXFLAGS=@LEGACY_HOST_CXXFLAGS@
HOST_LDFLAGS=@LEGACY_HOST_LDFLAGS@
HOST_ASFLAGS=@LEGACY_HOST_ASFLAGS@
diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in
index 9573bb2cbd..fe7efc130c 100644
--- a/common/autoconf/spec.gmk.in
+++ b/common/autoconf/spec.gmk.in
@@ -366,6 +366,7 @@ CXXFLAGS_JDKEXE:=@CXXFLAGS_JDKEXE@
diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/autoconf/hotspot-spec.gmk.in
--- openjdk.orig///common/autoconf/hotspot-spec.gmk.in
+++ openjdk///common/autoconf/hotspot-spec.gmk.in
@@ -112,7 +112,8 @@
RC:=@HOTSPOT_RC@
EXTRA_CFLAGS=@LEGACY_EXTRA_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \
+ $(REALIGN_CFLAG)
EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@
EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@
EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@
diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in
--- openjdk.orig///common/autoconf/spec.gmk.in
+++ openjdk///common/autoconf/spec.gmk.in
@@ -366,6 +366,7 @@
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@

12
SOURCES/jdk8218811-perfMemory_linux.patch
Unescape View File

@ -0,0 +1,12 @@
diff --git openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
--- openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp
+++ openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
@@ -878,7 +878,7 @@
// open the file
int result;
- RESTARTABLE(::open(filename, oflags), result);
+ RESTARTABLE(::open(filename, oflags, 0), result);
if (result == OS_ERR) {
if (errno == ENOENT) {
THROW_MSG_(vmSymbols::java_lang_IllegalArgumentException(),

167
SOURCES/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
Unescape View File

@ -0,0 +1,167 @@
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
Author: Alexey Bakhtin <abakhtin@openjdk.org>
Date: Tue Apr 4 10:29:11 2023 +0000
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Reviewed-by: andrew, mbalao
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
index a79e97d7c74..5378446b97b 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitVerify(PublicKey publicKey)
throws InvalidKeyException {
- if (!(publicKey instanceof RSAPublicKey)) {
+ if (publicKey instanceof RSAPublicKey) {
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
+ isPublicKeyValid(rsaPubKey);
+ this.pubKey = rsaPubKey;
+ this.privKey = null;
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPublicKey");
}
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
- this.privKey = null;
- resetDigest();
}
// initialize for signing. See JCA doc
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
throws InvalidKeyException {
- if (!(privateKey instanceof RSAPrivateKey)) {
+ if (privateKey instanceof RSAPrivateKey) {
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
+ isPrivateKeyValid(rsaPrivateKey);
+ this.privKey = rsaPrivateKey;
+ this.pubKey = null;
+ this.random =
+ (random == null ? JCAUtil.getSecureRandom() : random);
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPrivateKey");
}
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
- this.pubKey = null;
- this.random =
- (random == null? JCAUtil.getSecureRandom() : random);
- resetDigest();
}
/**
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
}
}
+ /**
+ * Validate the specified RSAPrivateKey
+ */
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
+ try {
+ if (prKey instanceof RSAPrivateCrtKey) {
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ crtKey.getModulus().bitLength(),
+ crtKey.getPublicExponent());
+ } else {
+ throw new InvalidKeyException(
+ "Some of the CRT-specific components are not available");
+ }
+ } else {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ prKey.getModulus().bitLength(),
+ null);
+ }
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access private key components", e);
+ }
+ isValid(prKey);
+ }
+
+ /**
+ * Validate the specified RSAPublicKey
+ */
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
+ try {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ pKey.getModulus().bitLength(),
+ pKey.getPublicExponent());
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access public key components", e);
+ }
+ isValid(pKey);
+ }
+
/**
* Validate the specified RSAKey and its associated parameters against
* internal signature parameters.
*/
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
try {
AlgorithmParameterSpec keyParams = rsaKey.getParams();
// validate key parameters
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
}
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
}
- return rsaKey;
} catch (SignatureException e) {
throw new InvalidKeyException(e);
}
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
index 6b219937981..b3c1fae9672 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
// check all CRT-specific components are available, if any one
// missing, return a non-CRT key instead
- if ((key.getPublicExponent().signum() == 0) ||
- (key.getPrimeExponentP().signum() == 0) ||
- (key.getPrimeExponentQ().signum() == 0) ||
- (key.getPrimeP().signum() == 0) ||
- (key.getPrimeQ().signum() == 0) ||
- (key.getCrtCoefficient().signum() == 0)) {
+ if (checkComponents(key)) {
+ return key;
+ } else {
return new RSAPrivateKeyImpl(
key.algid,
key.getModulus(),
- key.getPrivateExponent()
- );
- } else {
- return key;
+ key.getPrivateExponent());
}
}
+ /**
+ * Validate if all CRT-specific components are available.
+ */
+ static boolean checkComponents(RSAPrivateCrtKey key) {
+ return !((key.getPublicExponent().signum() == 0) ||
+ (key.getPrimeExponentP().signum() == 0) ||
+ (key.getPrimeExponentQ().signum() == 0) ||
+ (key.getPrimeP().signum() == 0) ||
+ (key.getPrimeQ().signum() == 0) ||
+ (key.getCrtCoefficient().signum() == 0));
+ }
+
/**
* Generate a new key from the specified type and components.
* Returns a CRT key if possible and a non-CRT key otherwise.

67
SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
Unescape View File

@ -0,0 +1,67 @@
# HG changeset patch
# User Andrew John Hughes <gnu_andrew@member.fsf.org>
# Date 1620365804 -3600
# Fri May 07 06:36:44 2021 +0100
# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8
# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b
PR3836: Extra compiler flags not passed to adlc build
diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make
--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make
+++ openjdk/hotspot/make/aix/makefiles/adlc.make
@@ -69,6 +69,11 @@
CFLAGS_WARN = -w
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make
--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make
+++ openjdk/hotspot/make/bsd/makefiles/adlc.make
@@ -71,6 +71,11 @@
endif
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make
--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make
+++ openjdk/hotspot/make/linux/makefiles/adlc.make
@@ -69,6 +69,11 @@
CFLAGS_WARN = $(WARNINGS_ARE_ERRORS)
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make
--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make
+++ openjdk/hotspot/make/solaris/makefiles/adlc.make
@@ -85,6 +85,10 @@
endif
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
ifeq ("${Platform_compiler}", "sparcWorks")
# Enable the following CFLAGS addition if you need to compare the
# built ELF objects.

2596
SOURCES/jdk8328999-update_giflib_5.2.2.patch
View File

File diff suppressed because it is too large Load Diff

107
SOURCES/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch
Unescape View File

@ -7,11 +7,10 @@
8074839: Resolve disabled warnings for libunpack and the unpack200 binary
Reviewed-by: dholmes, ksrini
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
index bdaf95a2f6a..60c5b4f2a69 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
@@ -63,7 +63,7 @@ struct bytes {
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
@@ -63,7 +63,7 @@
bytes res;
res.ptr = ptr + beg;
res.len = end - beg;
@ -20,11 +19,10 @@ index bdaf95a2f6a..60c5b4f2a69 100644
return res;
}
// building C strings inside byte buffers:
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
index 5fbc7261fb3..4c002e779d8 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
@@ -292,7 +292,7 @@
if (uPtr->aborting()) {
THROW_IOE(uPtr->get_abort_message());
@ -33,16 +31,16 @@ index 5fbc7261fb3..4c002e779d8 100644
}
// We have fetched all the files.
@@ -312,7 +312,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
// There's no need to create a new unpacker here if we don't already have one
// just to immediatly free it afterwards.
unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true);
@@ -310,7 +310,7 @@
JNIEXPORT jlong JNICALL
Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
unpacker* uPtr = get_unpacker(env, pObj, false);
- CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0);
size_t consumed = uPtr->input_consumed();
// free_unpacker() will set the unpacker field on 'pObj' to null
free_unpacker(env, pObj, uPtr);
@@ -323,6 +323,7 @@ JNIEXPORT jboolean JNICALL
return consumed;
@@ -320,6 +320,7 @@
Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj,
jstring pProp, jstring pValue) {
unpacker* uPtr = get_unpacker(env, pObj);
@ -50,11 +48,10 @@ index 5fbc7261fb3..4c002e779d8 100644
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
CHECK_EXCEPTION_RETURN_VALUE(prop, false);
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
index 6fbc43a18ae..722c8baaff0 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) {
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
@@ -142,31 +142,28 @@
return progname;
}
@ -104,11 +101,10 @@ index 6fbc43a18ae..722c8baaff0 100644
}
}
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
index a585535c513..8df3fade499 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
@@ -225,9 +225,9 @@ struct entry {
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
@@ -222,9 +222,9 @@
}
#ifdef PRODUCT
@ -120,7 +116,7 @@ index a585535c513..8df3fade499 100644
#endif
};
@@ -719,13 +719,13 @@ void unpacker::read_file_header() {
@@ -715,13 +715,13 @@
// Now we can size the whole archive.
// Read everything else into a mega-buffer.
rp = hdr.rp;
@ -138,7 +134,7 @@ index a585535c513..8df3fade499 100644
abort("EOF reading fixed input buffer");
return;
}
@@ -739,7 +739,7 @@ void unpacker::read_file_header() {
@@ -735,7 +735,7 @@
return;
}
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
@ -147,7 +143,7 @@ index a585535c513..8df3fade499 100644
CHECK;
assert(input.limit()[0] == 0);
// Move all the bytes we read initially into the real buffer.
@@ -962,13 +962,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) {
@@ -958,13 +958,13 @@
nentries = next_entry;
// place a limit on future CP growth:
@ -163,7 +159,18 @@ index a585535c513..8df3fade499 100644
// Note that this CP does not include "empty" entries
// for longs and doubles. Those are introduced when
@@ -3694,21 +3694,22 @@ void cpool::computeOutputIndexes() {
@@ -982,8 +982,9 @@
}
// Initialize *all* our entries once
- for (int i = 0 ; i < maxentries ; i++)
+ for (uint i = 0 ; i < maxentries ; i++) {
entries[i].outputIndex = REQUESTED_NONE;
+ }
initGroupIndexes();
// Initialize hashTab to a generous power-of-two size.
@@ -3677,21 +3678,22 @@
unpacker* debug_u;
@ -190,7 +197,7 @@ index a585535c513..8df3fade499 100644
case CONSTANT_Signature:
if (value.b.ptr == null)
return ref(0)->string();
@@ -3728,26 +3729,28 @@ char* entry::string() {
@@ -3711,26 +3713,28 @@
break;
default:
if (nrefs == 0) {
@ -228,11 +235,10 @@ index a585535c513..8df3fade499 100644
}
void print_cp_entries(int beg, int end) {
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
index 4ec595333c4..aad0c971ef2 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
@@ -209,7 +209,7 @@ struct unpacker {
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
@@ -209,7 +209,7 @@
byte* rp; // read pointer (< rplimit <= input.limit())
byte* rplimit; // how much of the input block has been read?
julong bytes_read;
@ -241,11 +247,10 @@ index 4ec595333c4..aad0c971ef2 100644
// callback to read at least one byte, up to available input
typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen);
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
index da39a589545..1281d8b25c8 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
@@ -81,7 +81,7 @@
int assert_failed(const char* p) {
char message[1<<12];
sprintf(message, "@assert failed: %s\n", p);
@ -254,11 +259,10 @@ index da39a589545..1281d8b25c8 100644
breakpoint();
unpack_abort(message);
return 0;
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
index f58c94956c0..343da3e183b 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) {
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
@@ -84,7 +84,7 @@
}
// Write data to the ZIP output stream.
@ -267,7 +271,7 @@ index f58c94956c0..343da3e183b 100644
while (len > 0) {
int rc = (int)fwrite(buff, 1, len, jarfp);
if (rc <= 0) {
@@ -323,12 +323,12 @@ void jar::write_central_directory() {
@@ -323,12 +323,12 @@
// Total number of disks (int)
header64[36] = (ushort)SWAP_BYTES(1);
header64[37] = 0;
@ -282,11 +286,10 @@ index f58c94956c0..343da3e183b 100644
PRINTCR((2, "writing zip comment\n"));
// Write the comment.
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
index 14ffc9d65bd..9877f6f68ca 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
@@ -68,8 +68,8 @@ struct jar {
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
@@ -68,8 +68,8 @@
}
// Private Methods

0
SOURCES/repack_reproducible_policies.sh → SOURCES/repackReproduciblePolycies.sh
Unescape View File

16
SOURCES/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
Unescape View File

@ -1,16 +0,0 @@
diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java
--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500
+++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500
@@ -883,7 +883,11 @@
return null;
}
});
- loadAssistiveTechnologies();
+ try {
+ loadAssistiveTechnologies();
+ } catch ( AWTError error) {
+ // ignore silently
+ }
}
return toolkit;
}

13
SOURCES/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
Unescape View File

@ -1,13 +0,0 @@
--- openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100
+++ openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100
@@ -48,8 +48,8 @@
private final static String PROP_NAME = "sun.security.smartcardio.library";
- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so";
- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
+ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
PlatformPCSC() {

664
SPECS/java-1.8.0-openjdk.spec
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save