diff --git a/SOURCES/NEWS b/SOURCES/NEWS index fb93c94..7e18bea 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -6,7 +6,7 @@ CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release OpenJDK 11.0.17 (2022-10-18): ============================================= Live versions of these release notes can be found at: - * https://bit.ly/openjdk11017 + * https://bitly.com/openjdk11017 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html * Security fixes @@ -254,17 +254,6 @@ respectively. More information about them can be found on the Networking Properties page: https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html. -JDK-8286918: Better HttpServer service -====================================== -The HttpServer can be optionally configured with a maximum connection -limit by setting the jdk.httpserver.maxConnections system property. A -value of 0 or a negative integer is ignored and considered to -represent no connection limit. In the case of a positive integer -value, any newly accepted connections will be first checked against -the current count of established connections and, if the configured -limit has been reached, then the newly accepted connection will be -closed immediately. - hotspot/runtime: JDK-8281181: CPU Shares Ignored When Computing Active Processor Count diff --git a/SOURCES/remove-intree-libraries.sh b/SOURCES/remove-intree-libraries.sh index ee02f60..d475909 100644 --- a/SOURCES/remove-intree-libraries.sh +++ b/SOURCES/remove-intree-libraries.sh @@ -5,7 +5,6 @@ TREE=${1} TYPE=${2} ZIP_SRC=src/java.base/share/native/libzip/zlib/ -FREETYPE_SRC=src/java.desktop/share/native/libfreetype/ JPEG_SRC=src/java.desktop/share/native/libjavajpeg/ GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/ PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/ @@ -32,21 +31,15 @@ cd ${TREE} echo "Removing built-in libs (they will be linked)" -# On full runs, allow for zlib & freetype having already been deleted by minimal +# On full runs, allow for zlib having already been deleted by minimal echo "Removing zlib" if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then echo "${ZIP_SRC} does not exist. Refusing to proceed." exit 1 fi rm -rvf ${ZIP_SRC} -echo "Removing freetype" -if [ "x${TYPE}" = "xminimal" -a ! -d ${FREETYPE_SRC} ]; then - echo "${FREETYPE_SRC} does not exist. Refusing to proceed." - exit 1 -fi -rm -rvf ${FREETYPE_SRC} -# Minimal is limited to just zlib and freetype so finish here +# Minimal is limited to just zlib so finish here if test "x${TYPE}" = "xminimal"; then echo "Finished."; exit 0; diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index cc3e53f..6e57f20 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -25,8 +25,6 @@ %bcond_with artifacts # Build a fresh libjvm.so for use in a copy of the bootstrap JDK %bcond_without fresh_libjvm -# Build with system libraries -%bcond_with system_libs # Workaround for stripping of debug symbols from static libraries %if %{with staticlibs} @@ -43,16 +41,6 @@ %global build_hotspot_first 0 %endif -%if %{with system_libs} -%global system_libs 1 -%global link_type system -%global freetype_lib %{nil} -%else -%global system_libs 0 -%global link_type bundled -%global freetype_lib |libfreetype[.]so.* -%endif - # The -g flag says to use strip -g instead of full strip on DSOs or EXEs. # This fixes detailed NMT and other tools which need minimal debug info. # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 @@ -209,15 +197,11 @@ %global staticlibs_loop %{nil} %endif -%if 0%{?flatpak} -%global bootstrap_build false -%else %ifarch %{bootstrap_arches} %global bootstrap_build true %else %global bootstrap_build false %endif -%endif %if %{include_staticlibs} # Extra target for producing the static-libraries. Separate from @@ -378,7 +362,7 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 8 -%global rpmrelease 1 +%global rpmrelease 2 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -437,7 +421,7 @@ # fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349 # https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14 # https://bugzilla.redhat.com/show_bug.cgi?id=1655938 -%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*%{freetype_lib} +%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.* %global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.* %if %is_system_jdk %global __provides_exclude ^(%{_privatelibs})$ @@ -861,9 +845,6 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libawt_headless.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libdt_socket.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfontmanager.so -%if ! %{system_libs} -%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfreetype.so -%endif %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libinstrument.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2gss.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2pcsc.so @@ -1438,8 +1419,14 @@ BuildRequires: desktop-file-utils # elfutils only are OK for build without AOT BuildRequires: elfutils-devel BuildRequires: fontconfig-devel +BuildRequires: freetype-devel +BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: gdb +BuildRequires: harfbuzz-devel +BuildRequires: lcms2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel BuildRequires: libxslt BuildRequires: libX11-devel BuildRequires: libXi-devel @@ -1473,30 +1460,6 @@ BuildRequires: systemtap-sdt-devel %endif BuildRequires: make -%if %{system_libs} -BuildRequires: freetype-devel -BuildRequires: giflib-devel -BuildRequires: harfbuzz-devel -BuildRequires: lcms2-devel -BuildRequires: libjpeg-devel -BuildRequires: libpng-devel -%else -# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h -Provides: bundled(freetype) = 2.12.1 -# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h -Provides: bundled(giflib) = 5.2.1 -# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h -Provides: bundled(harfbuzz) = 4.4.1 -# Version in src/java.desktop/share/native/liblcms/lcms2.h -Provides: bundled(lcms2) = 2.12.0 -# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h -Provides: bundled(libjpeg) = 6b -# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h -Provides: bundled(libpng) = 1.6.37 -# We link statically against libstdc++ to increase portability -BuildRequires: libstdc++-static -%endif - # this is always built, also during debug-only build # when it is built in debug-only this package is just placeholder %{java_rpo %{nil}} @@ -1832,11 +1795,8 @@ if [ $prioritylength -ne 8 ] ; then fi # OpenJDK patches - -%if %{system_libs} # Remove libraries that are linked by both static and dynamic builds sh %{SOURCE12} %{top_level_dir_name} -%endif # Patch the JDK pushd %{top_level_dir_name} @@ -1847,7 +1807,7 @@ pushd %{top_level_dir_name} %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 -# tzdata updates targetted for 11.0.18 +# tzdata updates targetted for 17.0.6 %patch2001 -p1 %patch2002 -p1 %patch2003 -p1 @@ -1954,14 +1914,6 @@ function buildjdk() { local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} local top_dir_abs_build_path=$(pwd)/${outputdir} - # This must be set using the global, so that the - # static libraries still use a dynamic stdc++lib - if [ "x%{link_type}" = "xbundled" ] ; then - libc_link_opt="static"; - else - libc_link_opt="dynamic"; - fi - echo "Using output directory: ${outputdir}"; echo "Checking build JDK ${buildjdk} is operational..." ${buildjdk}/bin/java -version @@ -1973,10 +1925,6 @@ function buildjdk() { mkdir -p ${outputdir} pushd ${outputdir} - # Note: zlib and freetype use %{link_type} - # rather than ${link_opt} as the system versions - # are always used in a system_libs build, even - # for the static library build bash ${top_dir_abs_src_path}/configure \ %ifarch %{zero_arches} --with-jvm-variants=zero \ @@ -1997,14 +1945,13 @@ function buildjdk() { --with-native-debug-symbols="%{debug_symbols}" \ --disable-sysconf-nss \ --enable-unlimited-crypto \ - --with-zlib=%{link_type} \ - --with-freetype=%{link_type} \ + --with-zlib=system \ --with-libjpeg=${link_opt} \ --with-giflib=${link_opt} \ --with-libpng=${link_opt} \ --with-lcms=${link_opt} \ --with-harfbuzz=${link_opt} \ - --with-stdc++lib=${libc_link_opt} \ + --with-stdc++lib=dynamic \ --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ --with-extra-cflags="$EXTRA_CFLAGS" \ --with-extra-asflags="$EXTRA_ASFLAGS" \ @@ -2115,13 +2062,12 @@ for suffix in %{build_loop} ; do bootinstalldir=boot${installdir} if test "x${loop}" = "x%{main_suffix}" ; then - link_opt="%{link_type}" -%if %{system_libs} # Copy the source tree so we can remove all in-tree libraries cp -a %{top_level_dir_name} %{top_level_dir_name_backup} # Remove all libraries that are linked sh %{SOURCE12} %{top_level_dir_name} full -%endif + # Use system libraries + link_opt="system" # Debug builds don't need same targets as release for # build speed-up. We also avoid bootstrapping these # slower builds. @@ -2142,11 +2088,9 @@ for suffix in %{build_loop} ; do buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} installjdk ${builddir} ${installdir} fi -%if %{system_libs} # Restore original source tree we modified by removing full in-tree sources rm -rf %{top_level_dir_name} mv %{top_level_dir_name_backup} %{top_level_dir_name} -%endif else # Use bundled libraries for building statically link_opt="bundled" @@ -2666,41 +2610,40 @@ require "copy_jdk_configs.lua" * Wed Mar 15 2023 MSVSphere Packaging Team - 11.0.16.1.1-3 - Rebuilt for MSVSphere 9.1. -* Wed Oct 26 2022 Andrew Hughes - 1:11.0.17.0.8-1 -- Update to jdk-11.0.17+8 (GA) -- Update release notes to 11.0.17+8 -- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853 -- Bump FreeType bundled version to 2.12.1 following JDK-8290334 +* Sat Oct 15 2022 Andrew Hughes - 1:11.0.17.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream -- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds -- Remove freetype sources along with zlib sources -- Resolves: rhbz#2131864 +- Related: rhbz#2133695 + +* Wed Oct 12 2022 Andrew Hughes - 1:11.0.17.0.8-1 +- Update to jdk-11.0.17+8 (GA) +- Update release notes to 11.0.17+8 +- Switch to GA mode for release - Resolves: rhbz#2133695 -* Tue Aug 30 2022 Andrew Hughes - 1:11.0.16.1.1-3 -- Switch to static builds, reducing system dependencies and making build more portable -- Resolves: rhbz#2121275 +* Wed Oct 05 2022 Andrew Hughes - 1:11.0.17.0.7-0.1.ea +- Update to jdk-11.0.17+7 +- Update release notes to 11.0.17+7 +- Resolves: rhbz#2131865 -* Wed Aug 24 2022 Andrew Hughes - 1:11.0.16.1.1-2 +* Tue Sep 06 2022 Andrew Hughes - 1:11.0.17.0.1-0.1.ea +- Update to jdk-11.0.17+1 +- Update release notes to 11.0.17+1 +- Switch to EA mode for 11.0.17 pre-release builds. +- Related: rhbz#2131865 + +* Wed Aug 24 2022 Andrew Hughes - 1:11.0.16.1.1-1 - Update to jdk-11.0.16.1+1 - Update release notes to 11.0.16.1+1 - Add patch to provide translations for Europe/Kyiv added in tzdata2022b - Add test to ensure timezones can be translated -- Resolves: rhbz#2119528 +- Resolves: rhbz#2121188 -* Fri Jul 22 2022 Andrew Hughes - 1:11.0.16.0.8-2 +* Sun Jul 17 2022 Andrew Hughes - 1:11.0.16.0.8-1 - Update to jdk-11.0.16+8 - Update release notes to 11.0.16+8 -- Switch to GA mode for release -- Resolves: rhbz#2106517 - -* Sat Jul 16 2022 Andrew Hughes - 1:11.0.16.0.7-0.1.ea -- Update to jdk-11.0.16+7 -- Update release notes to 11.0.16+7 -- Switch to EA mode for 11.0.16 pre-release builds. - Use same tarball naming style as java-17-openjdk and java-latest-openjdk - Drop JDK-8257794 patch now upstreamed - Print release file during build, which should now include a correct SOURCE value from .src-rev @@ -2710,13 +2653,6 @@ require "copy_jdk_configs.lua" - Update tzdata requirement to 2022a to match JDK-8283350 - Make use of the vendor version string to store our version & release rather than an upstream release date - Explicitly require crypto-policies during build and runtime for system security properties -- Resolves: rhbz#2083325 - -* Thu Jul 14 2022 Jiri Vanek - 1:11.0.16.0.7-0.1.ea -- Add additional patch during tarball generation to align tests with ECC changes -- Related: rhbz#2083325 - -* Fri Jul 08 2022 Andrew Hughes - 1:11.0.15.0.10-4 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together @@ -2724,34 +2660,24 @@ require "copy_jdk_configs.lua" - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on -- Resolves: rhbz#2099839 -- Resolves: rhbz#2100676 +- Resolves: rhbz#2106516 +- Resolves: rhbz#2099915 +- Resolves: rhbz#2107868 -* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:11.0.15.0.10-3 -- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode -- Resolves: rhbz#2102434 +* Thu Jul 14 2022 Jiri Vanek - 1:11.0.16.0.8-1 +- Add additional patch during tarball generation to align tests with ECC changes +- Related: rhbz#2106516 -* Thu Jun 30 2022 Stephan Bergmann - 1:11.0.15.0.10-2 -- Fix flatpak builds by exempting them from bootstrap -- Resolves: rhbz#2067189 +* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:11.0.16.0.8-1 +- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode +- Resolves: rhbz#2107866 * Sun Apr 24 2022 Andrew Hughes - 1:11.0.15.0.10-1 - Update to jdk-11.0.15.0+10 - Update release notes to 11.0.15.0+10 - Switch to GA mode for release -- Resolves: rhbz#2073595 - -* Tue Apr 12 2022 Andrew Hughes - 1:11.0.15.0.8-0.1.ea -- Update to jdk-11.0.15.0+8 -- Update release notes to 11.0.15.0+8 - Rebase RH1996182 FIPS patch after JDK-8254410 -- Resolves: rhbz#2050458 - -* Tue Apr 12 2022 Andrew Hughes - 1:11.0.15.0.1-0.1.ea -- Update to jdk-11.0.15.0+1 -- Update release notes to 11.0.15.0+1 -- Switch to EA mode for 11.0.15 pre-release builds. -- Related: rhbz#2050458 +- Resolves: rhbz#2073594 * Mon Feb 28 2022 Andrew Hughes - 1:11.0.14.1.1-6 - Detect NSS at runtime for FIPS detection