diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 0aacfef..b1f281d 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -275,17 +275,6 @@ make it clear they map to the current user: * "Windows-MY-CURRENTUSER" (same as "Windows-MY") * "Windows-ROOT-CURRENTUSER" (same as "Windows-ROOT") -JDK-8286918: Better HttpServer service -====================================== -The HttpServer can be optionally configured with a maximum connection -limit by setting the jdk.httpserver.maxConnections system property. A -value of 0 or a negative integer is ignored and considered to -represent no connection limit. In the case of a positive integer -value, any newly accepted connections will be first checked against -the current count of established connections and, if the configured -limit has been reached, then the newly accepted connection will be -closed immediately. - hotspot/runtime: JDK-8281181: CPU Shares Ignored When Computing Active Processor Count @@ -380,7 +369,6 @@ Live versions of these release notes can be found at: * Security fixes - JDK-8272243: Improve DER parsing - JDK-8272249: Better properties of loaded Properties - - JDK-8273056, JDK-8283875, CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions - JDK-8277608: Address IP Addressing - JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations @@ -435,6 +423,7 @@ Live versions of these release notes can be found at: - JDK-8272493: Suboptimal code generation around Preconditions.checkIndex intrinsic with AVX2 - JDK-8272908: Missing coverage for certain classes in com.sun.org.apache.xml.internal.security - JDK-8272964: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted + - JDK-8273056: java.util.random does not correctly sample exponential or Gaussian distributions - JDK-8273095: vmTestbase/vm/mlvm/anonloader/stress/oome/heap/Test.java fails with "wrong OOME" - JDK-8273139: C2: assert(f <= 1 && f >= 0) failed: Incorrect frequency - JDK-8273142: Remove dependancy of TestHttpServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/http/ tests diff --git a/SOURCES/remove-intree-libraries.sh b/SOURCES/remove-intree-libraries.sh index 25c2fc8..e999c7e 100644 --- a/SOURCES/remove-intree-libraries.sh +++ b/SOURCES/remove-intree-libraries.sh @@ -5,7 +5,6 @@ TREE=${1} TYPE=${2} ZIP_SRC=src/java.base/share/native/libzip/zlib/ -FREETYPE_SRC=src/java.desktop/share/native/libfreetype/ JPEG_SRC=src/java.desktop/share/native/libjavajpeg/ GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/ PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/ @@ -32,21 +31,15 @@ cd ${TREE} echo "Removing built-in libs (they will be linked)" -# On full runs, allow for zlib & freetype having already been deleted by minimal +# On full runs, allow for zlib having already been deleted by minimal echo "Removing zlib" if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then echo "${ZIP_SRC} does not exist. Refusing to proceed." exit 1 fi rm -rvf ${ZIP_SRC} -echo "Removing freetype" -if [ "x${TYPE}" = "xminimal" -a ! -d ${FREETYPE_SRC} ]; then - echo "${FREETYPE_SRC} does not exist. Refusing to proceed." - exit 1 -fi -rm -rvf ${FREETYPE_SRC} -# Minimal is limited to just zlib and freetype so finish here +# Minimal is limited to just zlib so finish here if test "x${TYPE}" = "xminimal"; then echo "Finished."; exit 0; diff --git a/SPECS/java-17-openjdk.spec b/SPECS/java-17-openjdk.spec index 80fea75..9ae0d62 100644 --- a/SPECS/java-17-openjdk.spec +++ b/SPECS/java-17-openjdk.spec @@ -23,8 +23,6 @@ %bcond_without staticlibs # Build a fresh libjvm.so for use in a copy of the bootstrap JDK %bcond_without fresh_libjvm -# Build with system libraries -%bcond_with system_libs # Workaround for stripping of debug symbols from static libraries %if %{with staticlibs} @@ -41,16 +39,6 @@ %global build_hotspot_first 0 %endif -%if %{with system_libs} -%global system_libs 1 -%global link_type system -%global freetype_lib %{nil} -%else -%global system_libs 0 -%global link_type bundled -%global freetype_lib |libfreetype[.]so.* -%endif - # The -g flag says to use strip -g instead of full strip on DSOs or EXEs. # This fixes detailed NMT and other tools which need minimal debug info. # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 @@ -202,15 +190,11 @@ %global staticlibs_loop %{nil} %endif -%if 0%{?flatpak} -%global bootstrap_build false -%else %ifarch %{bootstrap_arches} %global bootstrap_build true %else %global bootstrap_build false %endif -%endif %if %{include_staticlibs} # Extra target for producing the static-libraries. Separate from @@ -369,7 +353,7 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 8 -%global rpmrelease 1 +%global rpmrelease 2 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -427,7 +411,7 @@ # fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349 # https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14 # https://bugzilla.redhat.com/show_bug.cgi?id=1655938 -%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsystemconf[.]so.*|libzip[.]so.*%{freetype_lib} +%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsystemconf[.]so.*|libzip[.]so.* %global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.* %if %is_system_jdk %global __provides_exclude ^(%{_privatelibs})$ @@ -831,9 +815,6 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libawt_headless.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libdt_socket.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfontmanager.so -%if ! %{system_libs} -%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfreetype.so -%endif %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libinstrument.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2gss.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2pcsc.so @@ -952,7 +933,7 @@ exit 0 %ifarch %{sa_arches} %ifnarch %{zero_arches} %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhsdb -%{_mandir}/man1/jhsdb-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jhsdb-%{uniquesuffix -- %{?1}}.1.gz %endif %endif %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo @@ -991,11 +972,11 @@ exit 0 %{_mandir}/man1/jstat-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jdeprscan-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jlink-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jmod-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jshell-%{uniquesuffix -- %{?1}}.1* -%{_mandir}/man1/jfr-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/jdeprscan-%{uniquesuffix -- %{?1}}.1.gz +%{_mandir}/man1/jlink-%{uniquesuffix -- %{?1}}.1.gz +%{_mandir}/man1/jmod-%{uniquesuffix -- %{?1}}.1.gz +%{_mandir}/man1/jshell-%{uniquesuffix -- %{?1}}.1.gz +%{_mandir}/man1/jfr-%{uniquesuffix -- %{?1}}.1.gz %if %{with_systemtap} %dir %{tapsetroot} @@ -1339,7 +1320,7 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch # Crypto policy and FIPS support patches -# Patch is generated from the fips-17u tree at https://github.com/rh-openjdk/jdk/tree/fips-17u +# Patch is generated from the fips-17u tree at https://github.com/rh-openjdk/jdk/tree/fips-17u-cpu-2022-07 # as follows: git diff %%{vcstag} src make > fips-17u-$(git show -s --format=%h HEAD).patch # Diff is limited to src and make subdirectories to exclude .github changes # Fixes currently included: @@ -1378,13 +1359,7 @@ Patch2000: jdk8275535-rh2053256-ldap_auth.patch ############################################# # -# OpenJDK patches appearing in 17.0.3 -# -############################################# - -############################################# -# -# OpenJDK patches targetted for 17.0.6 +# OpenJDK patches appearing in 17.0.6 # ############################################# # JDK-8293834: Update CLDR data following tzdata 2022c update @@ -1403,8 +1378,14 @@ BuildRequires: desktop-file-utils # elfutils only are OK for build without AOT BuildRequires: elfutils-devel BuildRequires: fontconfig-devel +BuildRequires: freetype-devel +BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: gdb +BuildRequires: harfbuzz-devel +BuildRequires: lcms2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel BuildRequires: libxslt BuildRequires: libX11-devel BuildRequires: libXi-devel @@ -1429,6 +1410,7 @@ BuildRequires: libffi-devel # 2022d required as of JDK-8294357 # Should be bumped to 2022e once available (JDK-8295173) BuildRequires: tzdata-java >= 2022d + # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1437,30 +1419,6 @@ BuildRequires: systemtap-sdt-devel %endif BuildRequires: make -%if %{system_libs} -BuildRequires: freetype-devel -BuildRequires: giflib-devel -BuildRequires: harfbuzz-devel -BuildRequires: lcms2-devel -BuildRequires: libjpeg-devel -BuildRequires: libpng-devel -%else -# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h -Provides: bundled(freetype) = 2.12.1 -# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h -Provides: bundled(giflib) = 5.2.1 -# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h -Provides: bundled(harfbuzz) = 4.4.1 -# Version in src/java.desktop/share/native/liblcms/lcms2.h -Provides: bundled(lcms2) = 2.12.0 -# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h -Provides: bundled(libjpeg) = 6b -# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h -Provides: bundled(libpng) = 1.6.37 -# We link statically against libstdc++ to increase portability -BuildRequires: libstdc++-static -%endif - # this is always built, also during debug-only build # when it is built in debug-only this package is just placeholder %{java_rpo %{nil}} @@ -1810,11 +1768,8 @@ if [ $prioritylength -ne 8 ] ; then fi # OpenJDK patches - -%if %{system_libs} # Remove libraries that are linked by both static and dynamic builds sh %{SOURCE12} %{top_level_dir_name} -%endif # Patch the JDK pushd %{top_level_dir_name} @@ -1952,14 +1907,6 @@ function buildjdk() { local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} local top_dir_abs_build_path=$(pwd)/${outputdir} - # This must be set using the global, so that the - # static libraries still use a dynamic stdc++lib - if [ "x%{link_type}" = "xbundled" ] ; then - libc_link_opt="static"; - else - libc_link_opt="dynamic"; - fi - echo "Using output directory: ${outputdir}"; echo "Checking build JDK ${buildjdk} is operational..." ${buildjdk}/bin/java -version @@ -1971,10 +1918,6 @@ function buildjdk() { mkdir -p ${outputdir} pushd ${outputdir} - # Note: zlib and freetype use %{link_type} - # rather than ${link_opt} as the system versions - # are always used in a system_libs build, even - # for the static library build bash ${top_dir_abs_src_path}/configure \ %ifarch %{zero_arches} --with-jvm-variants=zero \ @@ -1995,14 +1938,13 @@ function buildjdk() { --with-native-debug-symbols="%{debug_symbols}" \ --disable-sysconf-nss \ --enable-unlimited-crypto \ - --with-zlib=%{link_type} \ - --with-freetype=%{link_type} \ + --with-zlib=system \ --with-libjpeg=${link_opt} \ --with-giflib=${link_opt} \ --with-libpng=${link_opt} \ --with-lcms=${link_opt} \ --with-harfbuzz=${link_opt} \ - --with-stdc++lib=${libc_link_opt} \ + --with-stdc++lib=dynamic \ --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ --with-extra-cflags="$EXTRA_CFLAGS" \ --with-extra-ldflags="%{ourldflags}" \ @@ -2088,13 +2030,12 @@ for suffix in %{build_loop} ; do bootbuilddir=boot${builddir} if test "x${loop}" = "x%{main_suffix}" ; then - link_opt="%{link_type}" -%if %{system_libs} # Copy the source tree so we can remove all in-tree libraries cp -a %{top_level_dir_name} %{top_level_dir_name_backup} # Remove all libraries that are linked sh %{SOURCE12} %{top_level_dir_name} full -%endif + # Use system libraries + link_opt="system" # Debug builds don't need same targets as release for # build speed-up. We also avoid bootstrapping these # slower builds. @@ -2112,11 +2053,9 @@ for suffix in %{build_loop} ; do else buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} fi -%if %{system_libs} # Restore original source tree we modified by removing full in-tree sources rm -rf %{top_level_dir_name} mv %{top_level_dir_name_backup} %{top_level_dir_name} -%endif else # Use bundled libraries for building statically link_opt="bundled" @@ -2150,8 +2089,6 @@ top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticli export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage} -# Pre-test setup - #check Shenandoah is enabled %if %{use_shenandoah_hotspot} $JAVA_HOME//bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -version @@ -2645,55 +2582,53 @@ cjc.mainProgram(args) %endif %changelog -* Wed Oct 26 2022 Andrew Hughes - 1:17.0.5.0.8-1 -- Update to jdk-17.0.5+8 (GA) -- Update release notes to 17.0.5+8 (GA) -- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853 -- Bump FreeType bundled version to 2.12.1 following JDK-8290334 +* Sat Oct 15 2022 Andrew Hughes - 1:17.0.5.0.8-2 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream -- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds -- Remove freetype sources along with zlib sources -- Resolves: rhbz#2132933 -- Resolves: rhbz#2133695 - -* Tue Aug 30 2022 Andrew Hughes - 1:17.0.4.1.1-5 -- Switch to static builds, reducing system dependencies and making build more portable -- Resolves: rhbz#2121268 - -* Mon Aug 29 2022 Stephan Bergmann - 1:17.0.4.1.1-4 -- Fix flatpak builds (catering for their uncompressed manual pages) -- Fix flatpak builds by exempting them from bootstrap -- Resolves: rhbz#2102726 +- Related: rhbz#2132934 -* Mon Aug 29 2022 Andrew Hughes - 1:17.0.4.1.1-3 +* Thu Oct 13 2022 Andrew Hughes - 1:17.0.5.0.8-1 +- Update to jdk-17.0.5+8 (GA) +- Update release notes to 17.0.5+8 (GA) +- Switch to GA mode for final release. +- * This tarball is embargoed until 2022-10-18 @ 1pm PT. * +- Resolves: rhbz#2132934 + +* Tue Oct 04 2022 Andrew Hughes - 1:17.0.5.0.7-0.1.ea +- Update to jdk-17.0.5+7 +- Update release notes to 17.0.5+7 +- Resolves: rhbz#2132934 + +* Mon Oct 03 2022 Andrew Hughes - 1:17.0.5.0.1-0.1.ea +- Update to jdk-17.0.5+1 +- Update release notes to 17.0.5+1 +- Switch to EA mode for 17.0.5 pre-release builds. +- Related: rhbz#2132934 + +* Fri Sep 02 2022 Andrew Hughes - 1:17.0.4.1.1-2 - Update FIPS support to bring in latest changes +- * RH2023467: Enable FIPS keys export - * RH2104724: Avoid import/export of DH private keys - * RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode - * Build the systemconf library on all platforms - * RH2048582: Support PKCS#12 keystores - * RH2020290: Support TLS 1.3 in FIPS mode -- Resolves: rhbz#2104725 -- Resolves: rhbz#2117758 -- Resolves: rhbz#2115164 -- Resolves: rhbz#2029665 +- Resolves: rhbz#2123579 +- Resolves: rhbz#2123580 +- Resolves: rhbz#2123581 +- Resolves: rhbz#2123583 +- Resolves: rhbz#2123584 -* Sun Aug 21 2022 Andrew Hughes - 1:17.0.4.1.1-2 +* Sun Aug 21 2022 Andrew Hughes - 1:17.0.4.1.1-1 - Update to jdk-17.0.4.1+1 - Update release notes to 17.0.4.1+1 - Add patch to provide translations for Europe/Kyiv added in tzdata2022b - Add test to ensure timezones can be translated -- Resolves: rhbz#2119532 +- Resolves: rhbz#2120058 -* Fri Jul 22 2022 Andrew Hughes - 1:17.0.4.0.8-3 -- Update to jdk-17.0.4.0+8 -- Update release notes to 17.0.4.0+8 -- Switch to GA mode for release -- Resolves: rhbz#2106524 - -* Wed Jul 20 2022 Andrew Hughes - 1:17.0.4.0.7-0.2.ea +* Wed Jul 20 2022 Andrew Hughes - 1:17.0.4.0.8-0.2.ea - Revert the following changes until copy-java-configs has adapted to relative symlinks: - * Move cacerts replacement to install section and retain original of this and tzdb.dat - * Run tests on the installed image, rather than the build image @@ -2701,95 +2636,56 @@ cjc.mainProgram(args) - * Use relative symlinks so they work within the image - * Run debug symbols check during build stage, before the install strips them - The move of turning on system security properties is retained so we don't ship with them off -- Related: rhbz#2084218 +- Related: rhbz#2084779 -* Sat Jul 16 2022 Andrew Hughes - 1:17.0.4.0.7-0.1.ea -- Update to jdk-17.0.3.0+7 -- Update release notes to 17.0.3.0+7 +* Mon Jul 18 2022 Andrew Hughes - 1:17.0.4.0.8-1 +- Update to jdk-17.0.4.0+8 +- Update release notes to 17.0.4.0+8 - Need to include the '.S' suffix in debuginfo checks after JDK-8284661 -- Explicitly require crypto-policies during build and runtime for system security properties -- Make use of the vendor version string to store our version & release rather than an upstream release date -- Include a test in the RPM to check the build has the correct vendor information. -- Resolves: rhbz#2084218 - -* Thu Jul 14 2022 Jayashree Huttanagoudar - 1:17.0.4.0.1-0.2.ea -- Fix issue where CheckVendor.java test erroneously passes when it should fail. -- Add proper quoting so '&' is not treated as a special character by the shell. -- Related: rhbz#2084218 - -* Tue Jul 12 2022 Andrew Hughes - 1:17.0.4.0.1-0.1.ea -- Update to jdk-17.0.4.0+1 -- Update release notes to 17.0.4.0+1 -- Switch to EA mode for 17.0.4 pre-release builds. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Update tarball script with IcedTea GitHub URL and .src-rev generation - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Move EA designator check to prep so failures can be caught earlier - Make EA designator check non-fatal while upstream is not maintaining it -- Related: rhbz#2084218 - -* Fri Jul 08 2022 Andrew Hughes - 1:17.0.3.0.7-5 -- Fix whitespace in spec file -- Related: rhbz#2100677 - -* Fri Jul 08 2022 Andrew Hughes - 1:17.0.3.0.7-5 -- Sequence spec file sections as they are run by rpmbuild (build, install then test) -- Related: rhbz#2100677 - -* Fri Jul 08 2022 Andrew Hughes - 1:17.0.3.0.7-5 +- Explicitly require crypto-policies during build and runtime for system security properties +- Make use of the vendor version string to store our version & release rather than an upstream release date +- Include a test in the RPM to check the build has the correct vendor information. +- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository +- * RH2094027: SunEC runtime permission for FIPS +- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +- * RH2090378: Revert to disabling system security properties and FIPS mode support together +- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch +- Enable system security properties in the RPM (now disabled by default in the FIPS repo) +- Improve security properties test to check both enabled and disabled behaviour +- Run security properties test with property debugging on - Turn on system security properties as part of the build's install section - Move cacerts replacement to install section and retain original of this and tzdb.dat - Run tests on the installed image, rather than the build image - Introduce variables to refer to the static library installation directories - Use relative symlinks so they work within the image - Run debug symbols check during build stage, before the install strips them -- Related: rhbz#2100677 +- Resolves: rhbz#2084779 +- Resolves: rhbz#2099919 +- Resolves: rhbz#2107943 +- Resolves: rhbz#2107941 +- Resolves: rhbz#2106523 -* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:17.0.3.0.7-4 -- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode -- Resolves: rhbz#2102433 - -* Wed Jun 22 2022 Andrew Hughes - 1:17.0.3.0.7-3 -- Update FIPS support to bring in latest changes -- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage -- * RH2090378: Revert to disabling system security properties and FIPS mode support together -- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch -- Enable system security properties in the RPM (now disabled by default in the FIPS repo) -- Improve security properties test to check both enabled and disabled behaviour -- Run security properties test with property debugging on -- Resolves: rhbz#2099844 -- Resolves: rhbz#2100677 +* Thu Jul 14 2022 Jayashree Huttanagoudar - 1:17.0.4.0.1-0.2.ea +- Fix issue where CheckVendor.java test erroneously passes when it should fail. +- Add proper quoting so '&' is not treated as a special character by the shell. +- Related: rhbz#2084779 -* Sun Jun 12 2022 Andrew Hughes - 1:17.0.3.0.7-2 -- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository -- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch -- RH2023467: Enable FIPS keys export -- RH2094027: SunEC runtime permission for FIPS -- Resolves: rhbz#2029657 -- Resolves: rhbz#2096117 +* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:17.0.3.0.7-2 +- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode +- Resolves: rhbz#2105395 * Wed Apr 20 2022 Andrew Hughes - 1:17.0.3.0.7-1 -- April 2022 security update to jdk 17.0.3+6 -- Update to jdk-17.0.3.0+6 pre-release tarball (17usec.17.0.3+5-220408) -- Add JDK-8284548 regression fix missing from pre-release tarball but in jdk-17.0.3+6/jdk-17.0.3-ga -- Update release notes to 17.0.3.0+6 +- April 2022 security update to jdk 17.0.3+7 +- Update to jdk-17.0.3.0+7 tarball +- Update release notes to 17.0.3.0+7 - Add missing README.md and generate_source_tarball.sh -- Switch to GA mode for release -- JDK-8283911 patch no longer needed now we're GA... -- Resolves: rhbz#2073579 - -* Wed Apr 06 2022 Andrew Hughes - 1:17.0.3.0.5-0.1.ea -- Update to jdk-17.0.3.0+5 -- Update release notes to 17.0.3.0+5 -- Resolves: rhbz#2050460 - -* Tue Mar 29 2022 Andrew Hughes - 1:17.0.3.0.1-0.1.ea -- Update to jdk-17.0.3.0+1 -- Update release notes to 17.0.3.0+1 -- Switch to EA mode for 17.0.3 pre-release builds. -- Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value -- Related: rhbz#2050460 +- Resolves: rhbz#2073578 * Mon Feb 28 2022 Andrew Hughes - 1:17.0.2.0.8-13 - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode