import java-17-openjdk-17.0.5.0.8-2.el9_0

2 years ago · e553aa66a2
parent 9fc49ecb45
commit e553aa66a2
3 changed files with 85 additions and 207 deletions
--- a/SOURCES/NEWS
+++ b/SOURCES/NEWS
@ -275,17 +275,6 @@ make it clear they map to the current user:
 * "Windows-MY-CURRENTUSER" (same as "Windows-MY")
 * "Windows-ROOT-CURRENTUSER" (same as "Windows-ROOT")

-JDK-8286918: Better HttpServer service
-======================================
-The HttpServer can be optionally configured with a maximum connection
-limit by setting the jdk.httpserver.maxConnections system property. A
-value of 0 or a negative integer is ignored and considered to
-represent no connection limit. In the case of a positive integer
-value, any newly accepted connections will be first checked against
-the current count of established connections and, if the configured
-limit has been reached, then the newly accepted connection will be
-closed immediately.
-
 hotspot/runtime:

 JDK-8281181: CPU Shares Ignored When Computing Active Processor Count
@ -380,7 +369,6 @@ Live versions of these release notes can be found at:
 * Security fixes
  - JDK-8272243: Improve DER parsing
  - JDK-8272249: Better properties of loaded Properties
-  - JDK-8273056, JDK-8283875, CVE-2022-21549: java.util.random does not correctly sample exponential or Gaussian distributions
  - JDK-8277608: Address IP Addressing
  - JDK-8281859, CVE-2022-21540: Improve class compilation
  - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations
@ -435,6 +423,7 @@ Live versions of these release notes can be found at:
  - JDK-8272493: Suboptimal code generation around Preconditions.checkIndex intrinsic with AVX2
  - JDK-8272908: Missing coverage for certain classes in com.sun.org.apache.xml.internal.security
  - JDK-8272964: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
+  - JDK-8273056: java.util.random does not correctly sample exponential or Gaussian distributions
  - JDK-8273095: vmTestbase/vm/mlvm/anonloader/stress/oome/heap/Test.java fails with "wrong OOME"
  - JDK-8273139: C2: assert(f <= 1 && f >= 0) failed: Incorrect frequency
  - JDK-8273142: Remove dependancy of TestHttpServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/http/ tests
--- a/SOURCES/remove-intree-libraries.sh
+++ b/SOURCES/remove-intree-libraries.sh
@ -5,7 +5,6 @@ TREE=${1}
 TYPE=${2}

 ZIP_SRC=src/java.base/share/native/libzip/zlib/
-FREETYPE_SRC=src/java.desktop/share/native/libfreetype/
 JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
 GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
 PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
@ -32,21 +31,15 @@ cd ${TREE}

 echo "Removing built-in libs (they will be linked)"

-# On full runs, allow for zlib & freetype having already been deleted by minimal
+# On full runs, allow for zlib having already been deleted by minimal
 echo "Removing zlib"
 if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
 	echo "${ZIP_SRC} does not exist. Refusing to proceed."
 	exit 1
 fi	
 rm -rvf ${ZIP_SRC}
-echo "Removing freetype"
-if [ "x${TYPE}" = "xminimal" -a ! -d ${FREETYPE_SRC} ]; then
-	echo "${FREETYPE_SRC} does not exist. Refusing to proceed."
-	exit 1
-fi
-rm -rvf ${FREETYPE_SRC}

-# Minimal is limited to just zlib and freetype so finish here
+# Minimal is limited to just zlib so finish here
 if test "x${TYPE}" = "xminimal"; then
    echo "Finished.";
    exit 0;
--- a/SPECS/java-17-openjdk.spec
+++ b/SPECS/java-17-openjdk.spec
@ -23,8 +23,6 @@
 %bcond_without staticlibs
 # Build a fresh libjvm.so for use in a copy of the bootstrap JDK
 %bcond_without fresh_libjvm
-# Build with system libraries
-%bcond_with system_libs

 # Workaround for stripping of debug symbols from static libraries
 %if %{with staticlibs}
@ -41,16 +39,6 @@
 %global build_hotspot_first 0
 %endif

-%if %{with system_libs}
-%global system_libs 1
-%global link_type system
-%global freetype_lib %{nil}
-%else
-%global system_libs 0
-%global link_type bundled
-%global freetype_lib |libfreetype[.]so.*
-%endif
-
 # The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
 # This fixes detailed NMT and other tools which need minimal debug info.
 # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
@ -202,15 +190,11 @@
 %global staticlibs_loop %{nil}
 %endif

-%if 0%{?flatpak}
-%global bootstrap_build false
-%else
 %ifarch %{bootstrap_arches}
 %global bootstrap_build true
 %else
 %global bootstrap_build false
 %endif
-%endif

 %if %{include_staticlibs}
 # Extra target for producing the static-libraries. Separate from
@ -369,7 +353,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        8
-%global rpmrelease      1
+%global rpmrelease      2
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -427,7 +411,7 @@
 # fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349
 #         https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14
 #         https://bugzilla.redhat.com/show_bug.cgi?id=1655938
-%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsystemconf[.]so.*|libzip[.]so.*%{freetype_lib}
+%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsystemconf[.]so.*|libzip[.]so.*
 %global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.*
 %if %is_system_jdk
 %global __provides_exclude ^(%{_privatelibs})$
@ -831,9 +815,6 @@ exit 0
 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libawt_headless.so
 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libdt_socket.so
 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfontmanager.so
-%if ! %{system_libs}
-%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfreetype.so
-%endif
 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libinstrument.so
 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2gss.so
 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2pcsc.so
@ -952,7 +933,7 @@ exit 0
 %ifarch %{sa_arches}
 %ifnarch %{zero_arches}
 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhsdb
-%{_mandir}/man1/jhsdb-%{uniquesuffix -- %{?1}}.1*
+%{_mandir}/man1/jhsdb-%{uniquesuffix -- %{?1}}.1.gz
 %endif
 %endif
 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
@ -991,11 +972,11 @@ exit 0
 %{_mandir}/man1/jstat-%{uniquesuffix -- %{?1}}.1*
 %{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1*
 %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1*
-%{_mandir}/man1/jdeprscan-%{uniquesuffix -- %{?1}}.1*
-%{_mandir}/man1/jlink-%{uniquesuffix -- %{?1}}.1*
-%{_mandir}/man1/jmod-%{uniquesuffix -- %{?1}}.1*
-%{_mandir}/man1/jshell-%{uniquesuffix -- %{?1}}.1*
-%{_mandir}/man1/jfr-%{uniquesuffix -- %{?1}}.1*
+%{_mandir}/man1/jdeprscan-%{uniquesuffix -- %{?1}}.1.gz
+%{_mandir}/man1/jlink-%{uniquesuffix -- %{?1}}.1.gz
+%{_mandir}/man1/jmod-%{uniquesuffix -- %{?1}}.1.gz
+%{_mandir}/man1/jshell-%{uniquesuffix -- %{?1}}.1.gz
+%{_mandir}/man1/jfr-%{uniquesuffix -- %{?1}}.1.gz

 %if %{with_systemtap}
 %dir %{tapsetroot}
@ -1339,7 +1320,7 @@ Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
 Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch

 # Crypto policy and FIPS support patches
-# Patch is generated from the fips-17u tree at https://github.com/rh-openjdk/jdk/tree/fips-17u
+# Patch is generated from the fips-17u tree at https://github.com/rh-openjdk/jdk/tree/fips-17u-cpu-2022-07
 # as follows: git diff %%{vcstag} src make > fips-17u-$(git show -s --format=%h HEAD).patch
 # Diff is limited to src and make subdirectories to exclude .github changes
 # Fixes currently included:
@ -1378,13 +1359,7 @@ Patch2000: jdk8275535-rh2053256-ldap_auth.patch

 #############################################
 #
-# OpenJDK patches appearing in 17.0.3
-#
-#############################################
-
-#############################################
-#
-# OpenJDK patches targetted for 17.0.6
+# OpenJDK patches appearing in 17.0.6
 #
 #############################################
 # JDK-8293834: Update CLDR data following tzdata 2022c update
@ -1403,8 +1378,14 @@ BuildRequires: desktop-file-utils
 # elfutils only are OK for build without AOT
 BuildRequires: elfutils-devel
 BuildRequires: fontconfig-devel
+BuildRequires: freetype-devel
+BuildRequires: giflib-devel
 BuildRequires: gcc-c++
 BuildRequires: gdb
+BuildRequires: harfbuzz-devel
+BuildRequires: lcms2-devel
+BuildRequires: libjpeg-devel
+BuildRequires: libpng-devel
 BuildRequires: libxslt
 BuildRequires: libX11-devel
 BuildRequires: libXi-devel
@ -1429,6 +1410,7 @@ BuildRequires: libffi-devel
 # 2022d required as of JDK-8294357
 # Should be bumped to 2022e once available (JDK-8295173)
 BuildRequires: tzdata-java >= 2022d
+
 # Earlier versions have a bug in tree vectorization on PPC
 BuildRequires: gcc >= 4.8.3-8

@ -1437,30 +1419,6 @@ BuildRequires: systemtap-sdt-devel
 %endif
 BuildRequires: make

-%if %{system_libs}
-BuildRequires: freetype-devel
-BuildRequires: giflib-devel
-BuildRequires: harfbuzz-devel
-BuildRequires: lcms2-devel
-BuildRequires: libjpeg-devel
-BuildRequires: libpng-devel
-%else
-# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
-Provides: bundled(freetype) = 2.12.1
-# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
-Provides: bundled(giflib) = 5.2.1
-# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
-Provides: bundled(harfbuzz) = 4.4.1
-# Version in src/java.desktop/share/native/liblcms/lcms2.h
-Provides: bundled(lcms2) = 2.12.0
-# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
-Provides: bundled(libjpeg) = 6b
-# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
-Provides: bundled(libpng) = 1.6.37
-# We link statically against libstdc++ to increase portability
-BuildRequires: libstdc++-static
-%endif
-
 # this is always built, also during debug-only build
 # when it is built in debug-only this package is just placeholder
 %{java_rpo %{nil}}
@ -1810,11 +1768,8 @@ if [ $prioritylength -ne 8 ] ; then
 fi

 # OpenJDK patches
-
-%if %{system_libs}
 # Remove libraries that are linked by both static and dynamic builds
 sh %{SOURCE12} %{top_level_dir_name}
-%endif

 # Patch the JDK
 pushd %{top_level_dir_name}
@ -1952,14 +1907,6 @@ function buildjdk() {
    local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
    local top_dir_abs_build_path=$(pwd)/${outputdir}

-    # This must be set using the global, so that the
-    # static libraries still use a dynamic stdc++lib
-    if [ "x%{link_type}" = "xbundled" ] ; then
-        libc_link_opt="static";
-    else
-        libc_link_opt="dynamic";
-    fi
-
    echo "Using output directory: ${outputdir}";
    echo "Checking build JDK ${buildjdk} is operational..."
    ${buildjdk}/bin/java -version
@ -1971,10 +1918,6 @@ function buildjdk() {
    mkdir -p ${outputdir}
    pushd ${outputdir}

-    # Note: zlib and freetype use %{link_type}
-    # rather than ${link_opt} as the system versions
-    # are always used in a system_libs build, even
-    # for the static library build
    bash ${top_dir_abs_src_path}/configure \
 %ifarch %{zero_arches}
    --with-jvm-variants=zero \
@ -1995,14 +1938,13 @@ function buildjdk() {
    --with-native-debug-symbols="%{debug_symbols}" \
    --disable-sysconf-nss \
    --enable-unlimited-crypto \
-    --with-zlib=%{link_type} \
-    --with-freetype=%{link_type} \
+    --with-zlib=system \
    --with-libjpeg=${link_opt} \
    --with-giflib=${link_opt} \
    --with-libpng=${link_opt} \
    --with-lcms=${link_opt} \
    --with-harfbuzz=${link_opt} \
-    --with-stdc++lib=${libc_link_opt} \
+    --with-stdc++lib=dynamic \
    --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
    --with-extra-cflags="$EXTRA_CFLAGS" \
    --with-extra-ldflags="%{ourldflags}" \
@ -2088,13 +2030,12 @@ for suffix in %{build_loop} ; do
    bootbuilddir=boot${builddir}

    if test "x${loop}" = "x%{main_suffix}" ; then
-      link_opt="%{link_type}"
-%if %{system_libs}
      # Copy the source tree so we can remove all in-tree libraries
      cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
      # Remove all libraries that are linked
      sh %{SOURCE12} %{top_level_dir_name} full
-%endif
+      # Use system libraries
+      link_opt="system"
      # Debug builds don't need same targets as release for
      # build speed-up. We also avoid bootstrapping these
      # slower builds.
@ -2112,11 +2053,9 @@ for suffix in %{build_loop} ; do
      else
        buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
      fi
-%if %{system_libs}
      # Restore original source tree we modified by removing full in-tree sources
      rm -rf %{top_level_dir_name}
      mv %{top_level_dir_name_backup} %{top_level_dir_name}
-%endif
    else
      # Use bundled libraries for building statically
      link_opt="bundled"
@ -2150,8 +2089,6 @@ top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticli

 export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}

-# Pre-test setup
-
 #check Shenandoah is enabled
 %if %{use_shenandoah_hotspot}
 $JAVA_HOME//bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -version
@ -2648,55 +2585,53 @@ cjc.mainProgram(args)
 * Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 17.0.4.1.1-5
 - Rebuilt for MSVSphere 9.1.

-* Wed Oct 26 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-1
- Update to jdk-17.0.5+8 (GA)
- Update release notes to 17.0.5+8 (GA)
- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
- Bump FreeType bundled version to 2.12.1 following JDK-8290334
+* Sat Oct 15 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-2
 - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
 - Update CLDR data with Europe/Kyiv (JDK-8293834)
 - Drop JDK-8292223 patch which we found to be unnecessary
 - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds
- Remove freetype sources along with zlib sources
- Resolves: rhbz#2132933
- Resolves: rhbz#2133695
-
-* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-5
- Switch to static builds, reducing system dependencies and making build more portable
- Resolves: rhbz#2121268
-
-* Mon Aug 29 2022 Stephan Bergmann <sbergman@redhat.com> - 1:17.0.4.1.1-4
- Fix flatpak builds (catering for their uncompressed manual pages)
- Fix flatpak builds by exempting them from bootstrap
- Resolves: rhbz#2102726
+- Related: rhbz#2132934

-* Mon Aug 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-3
+* Thu Oct 13 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.8-1
+- Update to jdk-17.0.5+8 (GA)
+- Update release notes to 17.0.5+8 (GA)
+- Switch to GA mode for final release.
+- * This tarball is embargoed until 2022-10-18 @ 1pm PT. *
+- Resolves: rhbz#2132934
+
+* Tue Oct 04 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.7-0.1.ea
+- Update to jdk-17.0.5+7
+- Update release notes to 17.0.5+7
+- Resolves: rhbz#2132934
+
+* Mon Oct 03 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.5.0.1-0.1.ea
+- Update to jdk-17.0.5+1
+- Update release notes to 17.0.5+1
+- Switch to EA mode for 17.0.5 pre-release builds.
+- Related: rhbz#2132934
+
+* Fri Sep 02 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
 - Update FIPS support to bring in latest changes
+- * RH2023467: Enable FIPS keys export
 - * RH2104724: Avoid import/export of DH private keys
 - * RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
 - * Build the systemconf library on all platforms
 - * RH2048582: Support PKCS#12 keystores
 - * RH2020290: Support TLS 1.3 in FIPS mode
- Resolves: rhbz#2104725
- Resolves: rhbz#2117758
- Resolves: rhbz#2115164
- Resolves: rhbz#2029665
+- Resolves: rhbz#2123579
+- Resolves: rhbz#2123580
+- Resolves: rhbz#2123581
+- Resolves: rhbz#2123583
+- Resolves: rhbz#2123584

-* Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-2
+* Sun Aug 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.1.1-1
 - Update to jdk-17.0.4.1+1
 - Update release notes to 17.0.4.1+1
 - Add patch to provide translations for Europe/Kyiv added in tzdata2022b
 - Add test to ensure timezones can be translated
- Resolves: rhbz#2119532
+- Resolves: rhbz#2120058

-* Fri Jul 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.8-3
- Update to jdk-17.0.4.0+8
- Update release notes to 17.0.4.0+8
- Switch to GA mode for release
- Resolves: rhbz#2106524
-
-* Wed Jul 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.2.ea
+* Wed Jul 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.8-0.2.ea
 - Revert the following changes until copy-java-configs has adapted to relative symlinks:
 - * Move cacerts replacement to install section and retain original of this and tzdb.dat
 - * Run tests on the installed image, rather than the build image
@ -2704,95 +2639,56 @@ cjc.mainProgram(args)
 - * Use relative symlinks so they work within the image
 - * Run debug symbols check during build stage, before the install strips them
 - The move of turning on system security properties is retained so we don't ship with them off
- Related: rhbz#2084218
+- Related: rhbz#2084779

-* Sat Jul 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.7-0.1.ea
- Update to jdk-17.0.3.0+7
- Update release notes to 17.0.3.0+7
+* Mon Jul 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.8-1
+- Update to jdk-17.0.4.0+8
+- Update release notes to 17.0.4.0+8
 - Need to include the '.S' suffix in debuginfo checks after JDK-8284661
- Explicitly require crypto-policies during build and runtime for system security properties
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
- Resolves: rhbz#2084218
-
-* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Related: rhbz#2084218
-
-* Tue Jul 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.4.0.1-0.1.ea
- Update to jdk-17.0.4.0+1
- Update release notes to 17.0.4.0+1
- Switch to EA mode for 17.0.4 pre-release builds.
 - Print release file during build, which should now include a correct SOURCE value from .src-rev
 - Update tarball script with IcedTea GitHub URL and .src-rev generation
 - Include script to generate bug list for release notes
 - Update tzdata requirement to 2022a to match JDK-8283350
 - Move EA designator check to prep so failures can be caught earlier
 - Make EA designator check non-fatal while upstream is not maintaining it
- Related: rhbz#2084218
-
-* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
- Fix whitespace in spec file
- Related: rhbz#2100677
-
-* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
- Sequence spec file sections as they are run by rpmbuild (build, install then test)
- Related: rhbz#2100677
-
-* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
+- Explicitly require crypto-policies during build and runtime for system security properties
+- Make use of the vendor version string to store our version & release rather than an upstream release date
+- Include a test in the RPM to check the build has the correct vendor information.
+- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
+- * RH2094027: SunEC runtime permission for FIPS
+- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
+- * RH2090378: Revert to disabling system security properties and FIPS mode support together
+- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
+- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
+- Improve security properties test to check both enabled and disabled behaviour
+- Run security properties test with property debugging on
 - Turn on system security properties as part of the build's install section
 - Move cacerts replacement to install section and retain original of this and tzdb.dat
 - Run tests on the installed image, rather than the build image
 - Introduce variables to refer to the static library installation directories
 - Use relative symlinks so they work within the image
 - Run debug symbols check during build stage, before the install strips them
- Related: rhbz#2100677
+- Resolves: rhbz#2084779
+- Resolves: rhbz#2099919
+- Resolves: rhbz#2107943
+- Resolves: rhbz#2107941
+- Resolves: rhbz#2106523

-* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-4
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
- Resolves: rhbz#2102433
-
-* Wed Jun 22 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-3
- Update FIPS support to bring in latest changes
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Resolves: rhbz#2099844
- Resolves: rhbz#2100677
+* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:17.0.4.0.1-0.2.ea
+- Fix issue where CheckVendor.java test erroneously passes when it should fail.
+- Add proper quoting so '&' is not treated as a special character by the shell.
+- Related: rhbz#2084779

-* Sun Jun 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-2
- Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- RH2023467: Enable FIPS keys export
- RH2094027: SunEC runtime permission for FIPS
- Resolves: rhbz#2029657
- Resolves: rhbz#2096117
+* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-2
+- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
+- Resolves: rhbz#2105395

 * Wed Apr 20 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-1
- April 2022 security update to jdk 17.0.3+6
- Update to jdk-17.0.3.0+6 pre-release tarball (17usec.17.0.3+5-220408)
- Add JDK-8284548 regression fix missing from pre-release tarball but in jdk-17.0.3+6/jdk-17.0.3-ga
- Update release notes to 17.0.3.0+6
+- April 2022 security update to jdk 17.0.3+7
+- Update to jdk-17.0.3.0+7 tarball
+- Update release notes to 17.0.3.0+7
 - Add missing README.md and generate_source_tarball.sh
- Switch to GA mode for release
- JDK-8283911 patch no longer needed now we're GA...
- Resolves: rhbz#2073579
-
-* Wed Apr 06 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.5-0.1.ea
- Update to jdk-17.0.3.0+5
- Update release notes to 17.0.3.0+5
- Resolves: rhbz#2050460
-
-* Tue Mar 29 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.1-0.1.ea
- Update to jdk-17.0.3.0+1
- Update release notes to 17.0.3.0+1
- Switch to EA mode for 17.0.3 pre-release builds.
- Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
- Related: rhbz#2050460
+- Resolves: rhbz#2073578

 * Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-13
 - Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode