import java-17-openjdk-portable-17.0.14.0.7-1.el8

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/openjdk-17.0.9+9.tar.xz
 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+SOURCES/openjdk-17.0.14+7.tar.xz

.java-17-openjdk-portable.metadata

@@ -0,0 +1,2 @@
+c8281ee37b77d535c9c1af86609a531958ff7b34  SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+9a22dd5bbab0d3755b8d391790dd63650b19f5bc  SOURCES/openjdk-17.0.14+7.tar.xz

.java-17-openjdk.metadata

@@ -1,2 +0,0 @@
-a58b92201b1d3e26d8375f67708fe2e740cd39eb SOURCES/openjdk-17.0.9+9.tar.xz
-c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

SOURCES/README.md

@@ -1,41 +0,0 @@
-OpenJDK 17 is the latest Long-Term Support (LTS) release of the Java platform.
-
-For a list of major changes from OpenJDK 11 (java-11-openjdk), see the upstream
-release page for OpenJDK 17 and the preceding interim releases:
-
-* 12: https://openjdk.java.net/projects/jdk/12/
-* 13: https://openjdk.java.net/projects/jdk/13/
-* 14: https://openjdk.java.net/projects/jdk/14/
-* 15: https://openjdk.java.net/projects/jdk/15/
-* 16: https://openjdk.java.net/projects/jdk/16/
-* 17: https://openjdk.java.net/projects/jdk/17/
-
-# Rebuilding the OpenJDK package
-
-The OpenJDK packages are now created from a single build which is then
-packaged for different major versions of Red Hat Enterprise Linux
-(RHEL). This allows the OpenJDK team to focus their efforts on the
-development and testing of this single build, rather than having
-multiple builds which only differ by the platform they were built on.
-
-This does make rebuilding the package slightly more complicated than a
-normal package. Modifications should be made to the
-`java-17-openjdk-portable.specfile` file, which can be found with this
-README file in the source RPM or installed in the documentation tree
-by the `java-17-openjdk-headless` RPM.
-
-Once the modified `java-17-openjdk-portable` RPMs are built, they
-should be installed and will produce a number of tarballs in the
-`/usr/lib/jvm` directory. The `java-17-openjdk` RPMs can then be
-built, which will use these tarballs to create the usual RPMs found in
-RHEL. The `java-17-openjdk-portable` RPMs can be uninstalled once the
-desired final RPMs are produced.
-
-Note that the `java-17-openjdk.spec` file has a hard requirement on
-the exact version of java-17-openjdk-portable to use, so this will
-need to be modified if the version or rpmrelease values are changed in
-`java-17-openjdk-portable.specfile`.
-
-To reduce the number of RPMs involved, the `fastdebug` and `slowdebug`
-builds may be disabled using `--without fastdebug` and `--without
-slowdebug`.

SOURCES/fips-17u-e893be00150.patch

@@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80
 +  AC_SUBST(NSS_LIBDIR)
 +])
 diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
-index 366682cf044..1f8d782f419 100644
+index 62db5b16c31..f0bb4333fc9 100644
 --- a/make/autoconf/libraries.m4
 +++ b/make/autoconf/libraries.m4
 @@ -33,6 +33,7 @@ m4_include([lib-std.m4])
@@ -136,10 +136,10 @@ index 366682cf044..1f8d782f419 100644
    BASIC_JDKLIB_LIBS=""
    if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then
 diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
-index 537c3e3043c..16ad3df6f09 100644
+index 807ba27589b..47cb6b7753b 100644
 --- a/make/autoconf/spec.gmk.in
 +++ b/make/autoconf/spec.gmk.in
-@@ -841,6 +841,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
+@@ -844,6 +844,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
  # Libraries
  #
  
@@ -2508,7 +2508,7 @@ index 00000000000..dc8bc72fccb
 +    }
 +}
 diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
-index 9be02033877..4dd055a9ccf 100644
+index 8f6e1e12a7e..2726391bcea 100644
 --- a/src/java.base/share/conf/security/java.security
 +++ b/src/java.base/share/conf/security/java.security
 @@ -82,6 +82,17 @@ security.provider.tbd=Apple
@@ -2606,10 +2606,10 @@ index 00000000000..55bbba98b7a
 +attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
 +
 diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
-index b22f26947af..02bea84e210 100644
+index 4e3c326cb2f..c39faee2f43 100644
 --- a/src/java.base/share/lib/security/default.policy
 +++ b/src/java.base/share/lib/security/default.policy
-@@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" {
+@@ -123,6 +123,7 @@ grant codeBase "jrt:/jdk.charsets" {
  grant codeBase "jrt:/jdk.crypto.ec" {
      permission java.lang.RuntimePermission
                     "accessClassInPackage.sun.security.*";
@@ -2617,7 +2617,7 @@ index b22f26947af..02bea84e210 100644
      permission java.lang.RuntimePermission "loadLibrary.sunec";
      permission java.security.SecurityPermission "putProviderProperty.SunEC";
      permission java.security.SecurityPermission "clearProviderProperties.SunEC";
-@@ -130,6 +131,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
+@@ -132,6 +133,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
  grant codeBase "jrt:/jdk.crypto.cryptoki" {
      permission java.lang.RuntimePermission
                     "accessClassInPackage.com.sun.crypto.provider";
@@ -2625,7 +2625,7 @@ index b22f26947af..02bea84e210 100644
      permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
      permission java.lang.RuntimePermission
                     "accessClassInPackage.sun.security.*";
-@@ -140,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
+@@ -142,6 +144,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
      permission java.util.PropertyPermission "os.name", "read";
      permission java.util.PropertyPermission "os.arch", "read";
      permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
@@ -3496,7 +3496,7 @@ index 00000000000..f8d505ca815
 +}
 \ No newline at end of file
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
-index 0736ce997e4..0a937fef377 100644
+index d12244337a5..f2e8e4094c8 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
 @@ -37,6 +37,8 @@ import javax.crypto.*;
@@ -3518,30 +3518,22 @@ index 0736ce997e4..0a937fef377 100644
      private static final long serialVersionUID = -2575874101938349339L;
  
      private static final String PUBLIC = "public";
-@@ -139,9 +144,7 @@ abstract class P11Key implements Key, Length {
-         this.tokenObject = tokenObject;
-         this.sensitive = sensitive;
-         this.extractable = extractable;
--        char[] tokenLabel = this.token.tokenInfo.label;
--        isNSS = (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
--                && tokenLabel[2] == 'S');
-+        isNSS = P11Util.isNSS(this.token);
-         boolean extractKeyInfo = (!DISABLE_NATIVE_KEYS_EXTRACTION && isNSS &&
-                 extractable && !tokenObject);
-         this.keyIDHolder = new NativeKeyHolder(this, keyID, session,
-@@ -383,7 +386,9 @@ abstract class P11Key implements Key, Length {
-             new CK_ATTRIBUTE(CKA_SENSITIVE),
-             new CK_ATTRIBUTE(CKA_EXTRACTABLE),
+@@ -393,9 +398,10 @@ abstract class P11Key implements Key, Length {
+                     new CK_ATTRIBUTE(CKA_EXTRACTABLE),
          });
--        if (attributes[1].getBoolean() || (attributes[2].getBoolean() == false)) {
+ 
+-        boolean keySensitive =
+-                (attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
+-                attrs[1].getBoolean() || !attrs[2].getBoolean();
 +        boolean exportable = plainKeySupportEnabled && !algorithm.equals("DH");
-+        if (!exportable && (attributes[1].getBoolean() ||
-+                (attributes[2].getBoolean() == false))) {
-             return new P11PrivateKey
-                 (session, keyID, algorithm, keyLength, attributes);
-         } else {
-@@ -465,7 +470,8 @@ abstract class P11Key implements Key, Length {
-         }
++        boolean keySensitive = (!exportable &&
++            ((attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
++             attrs[1].getBoolean() || !attrs[2].getBoolean()));
+ 
+         switch (algorithm) {
+         case "RSA":
+@@ -450,7 +456,8 @@ abstract class P11Key implements Key, Length {
+ 
          public String getFormat() {
              token.ensureValid();
 -            if (sensitive || !extractable || (isNSS && tokenObject)) {
@@ -3971,7 +3963,7 @@ index 8d1b8ccb0ae..7ea9b4c5e7f 100644
      }
  
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
-index 262cfc062ad..72b64f72c0a 100644
+index cabee449346..72b64f72c0a 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
 @@ -27,6 +27,10 @@ package sun.security.pkcs11;
@@ -3985,7 +3977,7 @@ index 262cfc062ad..72b64f72c0a 100644
  
  /**
   * Collection of static utility methods.
-@@ -40,10 +44,106 @@ public final class P11Util {
+@@ -40,6 +44,93 @@ public final class P11Util {
  
      private static volatile Provider sun, sunRsaSign, sunJce;
  
@@ -4079,19 +4071,6 @@ index 262cfc062ad..72b64f72c0a 100644
      private P11Util() {
          // empty
      }
- 
-+    static boolean isNSS(Token token) {
-+        char[] tokenLabel = token.tokenInfo.label;
-+        if (tokenLabel != null && tokenLabel.length >= 3) {
-+            return (tokenLabel[0] == 'N' && tokenLabel[1] == 'S'
-+                    && tokenLabel[2] == 'S');
-+        }
-+        return false;
-+    }
-+
-     static Provider getSunProvider() {
-         Provider p = sun;
-         if (p == null) {
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
 index aa35e8fa668..1855e5631bd 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -4527,7 +4506,7 @@ index aa35e8fa668..1855e5631bd 100644
                  debug.println("logout succeeded");
              }
 diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
-index 9858a5faedf..e63585486d9 100644
+index 1f94fe3e18a..99eec2114e4 100644
 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
 +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
 @@ -33,6 +33,7 @@ import java.lang.ref.*;

SOURCES/jconsole.desktop.in

@@ -1,10 +0,0 @@
-[Desktop Entry]
-Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@)
-Comment=Monitor and manage OpenJDK applications
-Exec=_SDKBINDIR_/jconsole
-Icon=java-@JAVA_VER@-@JAVA_VENDOR@
-Terminal=false
-Type=Application
-StartupWMClass=sun-tools-jconsole-JConsole
-Categories=Development;Profiling;Java;
-Version=1.0

SOURCES/jdk8312489-max_sig_default_increase.patch

@@ -1,50 +0,0 @@
-commit 5b613e3ebed6c141146e743e64c894fe4f39421e
-Author: Andrew John Hughes <andrew@openjdk.org>
-Date:   Fri Sep 1 15:53:41 2023 +0000
-
-    8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
-    
-    Backport-of: e47a84f23dd2608c6f5748093eefe301fb5bf750
-
-diff --git a/src/java.base/share/classes/java/util/jar/JarFile.java b/src/java.base/share/classes/java/util/jar/JarFile.java
-index bd538649a4f..70cf99504e4 100644
---- a/src/java.base/share/classes/java/util/jar/JarFile.java
-+++ b/src/java.base/share/classes/java/util/jar/JarFile.java
-@@ -803,7 +803,9 @@ private byte[] getBytes(ZipEntry ze) throws IOException {
-                 throw new IOException("Unsupported size: " + uncompressedSize +
-                         " for JarEntry " + ze.getName() +
-                         ". Allowed max size: " +
--                        SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes");
-+                        SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " +
-+                        "You can use the jdk.jar.maxSignatureFileSize " +
-+                        "system property to increase the default value.");
-             }
-             int len = (int)uncompressedSize;
-             int bytesRead;
-diff --git a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
-index 4ea9255ba0a..05acdcb9474 100644
---- a/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
-+++ b/src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
-@@ -856,16 +856,16 @@ private static int initializeMaxSigFileSize() {
-          * the maximum allowed number of bytes for the signature-related files
-          * in a JAR file.
-          */
--        Integer tmp = GetIntegerAction.privilegedGetProperty(
--                "jdk.jar.maxSignatureFileSize", 8000000);
-+        int tmp = GetIntegerAction.privilegedGetProperty(
-+                "jdk.jar.maxSignatureFileSize", 16000000);
-         if (tmp < 0 || tmp > MAX_ARRAY_SIZE) {
-             if (debug != null) {
--                debug.println("Default signature file size 8000000 bytes " +
--                        "is used as the specified size for the " +
--                        "jdk.jar.maxSignatureFileSize system property " +
-+                debug.println("The default signature file size of 16000000 bytes " +
-+                        "will be used for the jdk.jar.maxSignatureFileSize " +
-+                        "system property since the specified value " +
-                         "is out of range: " + tmp);
-             }
--            tmp = 8000000;
-+            tmp = 16000000;
-         }
-         return tmp;
-     }

SOURCES/rh1648644-java_access_bridge_privileged_security.patch

@@ -1,20 +0,0 @@
---- openjdk/src/java.base/share/conf/security/java.security
-+++ openjdk/src/java.base/share/conf/security/java.security
-@@ -304,6 +304,8 @@
- #
- package.access=sun.misc.,\
-                sun.reflect.,\
-+               org.GNOME.Accessibility.,\
-+               org.GNOME.Bonobo.,\
- 
- #
- # List of comma-separated packages that start with or equal this string
-@@ -316,6 +318,8 @@
- #
- package.definition=sun.misc.,\
-                    sun.reflect.,\
-+                   org.GNOME.Accessibility.,\
-+                   org.GNOME.Bonobo.,\
- 
- #
- # Determines whether this properties file can be appended to

SOURCES/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch

@@ -1,19 +0,0 @@
-Remove uses of FAR in jpeg code
-
-Upstream libjpeg-trubo removed the (empty) FAR macro:
-http://sourceforge.net/p/libjpeg-turbo/code/1312/
-
-Adjust our code to not use the undefined FAR macro anymore.
-
-diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
---- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
-+++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
-@@ -1385,7 +1385,7 @@
-     /* and fill it in */
-     dst_ptr = icc_data;
-     for (seq_no = first; seq_no < last; seq_no++) {
--        JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
-+        JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
-         unsigned int length =
-             icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN;
- 

SPECS/java-17-openjdk.spec

@@ -1 +0,0 @@
-../SOURCES/java-17-openjdk-portable.specfile