import java-11-openjdk-11.0.11.0.9-2.el8_4

1eb82828 · CentOS Sources · 7318fd85 · 1eb82828 · 1eb82828 · 1eb82828
Commit 1eb82828 authored 3 years ago by CentOS Sources
--- a/.gitignore
+++ b/.gitignore
-SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz
+SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
--- a/.java-11-openjdk.metadata
+++ b/.java-11-openjdk.metadata
-8fb81cb2ae37ec04bfc0e3651257a9f9756786a6 SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz
+a339f6e108c16a23c47504565b602a6fc395bf2e SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
 c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
--- a/SOURCES/NEWS
+++ b/SOURCES/NEWS
--- a/SOURCES/rh1868740-cryptoki_access_to_sunjce.patch
+++ b/SOURCES/rh1868740-cryptoki_access_to_sunjce.patch
-diff -r eba0f976c468 -r 1fceafb49be5 src/java.base/share/classes/module-info.java
--- openjdk/src/java.base/share/classes/module-info.java	Thu Jul 30 15:05:22 2020 +0200
-+++ openjdk/src/java.base/share/classes/module-info.java	Thu Aug 13 15:17:59 2020 +0200
-@@ -132,6 +132,8 @@
-     // additional qualified exports may be inserted at build time
-     // see make/gensrc/GenModuleInfo.gmk
- 
-+    exports com.sun.crypto.provider to
-+        jdk.crypto.cryptoki;
-     exports com.sun.security.ntlm to
-         java.security.sasl;
-     exports jdk.internal to
--- a/SOURCES/rh1868754-pkcs11_cancel_on_failure.patch
+++ b/SOURCES/rh1868754-pkcs11_cancel_on_failure.patch
-diff -r e10f558e1df5 openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
--- openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Aug 31 16:12:32 2020 +0100
-+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Aug 31 15:17:50 2020 -0300
-@@ -628,7 +628,7 @@
-                 throw (ShortBufferException)
-                         (new ShortBufferException().initCause(e));
-             }
-            reset(false);
-+            reset(true);
-             throw new ProviderException("update() failed", e);
-         }
-     }
-@@ -746,7 +746,7 @@
-                 throw (ShortBufferException)
-                         (new ShortBufferException().initCause(e));
-             }
-            reset(false);
-+            reset(true);
-             throw new ProviderException("update() failed", e);
-         }
-     }
--- a/SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch
+++ b/SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch
-# HG changeset patch
-# User Zdenek Zambersky <zzambers@redhat.com>
-# Date 1601403587 -7200
-#      Tue Sep 29 20:19:47 2020 +0200
-# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
-# Parent  d484fdfcc7d5c21812de8a0712236d077b0f2dde
-Fixed default policy for jdk.crypto.cryptoki
-
-diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
--- openjdk.orig/src/java.base/share/lib/security/default.policy	Wed Sep 02 07:36:15 2020 +0200
-+++ openjdk/src/java.base/share/lib/security/default.policy	Tue Sep 29 20:19:47 2020 +0200
-@@ -124,6 +124,8 @@
- grant codeBase "jrt:/jdk.crypto.cryptoki" {
-     permission java.lang.RuntimePermission
-                    "accessClassInPackage.sun.security.*";
-+    permission java.lang.RuntimePermission
-+                   "accessClassInPackage.com.sun.crypto.provider";
-     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
-     permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
-     permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
-# HG changeset patch
-# User Zdenek Zambersky <zzambers@redhat.com>
-# Date 1601419086 -7200
-#      Wed Sep 30 00:38:06 2020 +0200
-# Node ID 02c8b154f728be3dd06239a98519d654e2127186
-# Parent  f77ac813eee61b2e9616b2d71a2c5372d0cbd158
-P11Util: Create provider in priviledged block
-
-diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Tue Sep 29 20:19:47 2020 +0200
-+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Wed Sep 30 00:38:06 2020 +0200
-@@ -87,14 +87,20 @@
-         }
-         p = Security.getProvider(providerName);
-         if (p == null) {
-            try {
-                @SuppressWarnings("deprecation")
-                Object o = Class.forName(className).newInstance();
-                p = (Provider)o;
-            } catch (Exception e) {
-                throw new ProviderException
-                        ("Could not find provider " + providerName, e);
-            }
-+            p = AccessController.doPrivileged(
-+                new PrivilegedAction<Provider>() {
-+                    public Provider run() {
-+                        try {
-+                            @SuppressWarnings("deprecation")
-+                            Object o = Class.forName(className).newInstance();
-+                            return (Provider) o;
-+                        } catch (Exception e) {
-+                            throw new ProviderException
-+                                ("Could not find provider " + providerName, e);
-+                        }
-+                    }
-+                }
-+            );
-         }
-         return p;
-     }
--- a/SPECS/java-11-openjdk.spec
+++ b/SPECS/java-11-openjdk.spec
@@ -156,6 +156,8 @@
 %else
 %global include_fastdebug_build 0
 %endif
+%else
+%global include_fastdebug_build 0
 %endif

 %if %{include_debug_build}
@@ -289,7 +291,7 @@
 # New Version-String scheme-style defines
 %global featurever 11
 %global interimver 0
-%global updatever 10
+%global updatever 11
 %global patchver 0
 # If you bump featurever, you must bump also vendor_version_string
 # Used via new version scheme. JDK 11 was
@@ -310,7 +312,7 @@

 # Define vendor information used by OpenJDK
 %global oj_vendor Red Hat, Inc.
-%global oj_vendor_url "https://www.redhat.com/"
+%global oj_vendor_url https://www.redhat.com/
 # Define what url should JVM offer in case of a crash report
 # order may be important, epel may have rhel declared
 %if 0%{?epel}
@@ -337,7 +339,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        9
-%global rpmrelease      8
+%global rpmrelease      2
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@@ -1005,8 +1007,8 @@ Requires: ca-certificates
 # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
 Requires: javapackages-filesystem
 # Require zone-info data provided by tzdata-java sub-package
-# 2020b required as of JDK-8254177 in October CPU
-Requires: tzdata-java >= 2020b
+# 2021a required as of JDK-8260356 in April 2021 CPU
+Requires: tzdata-java >= 2021a
 # for support of kernel stream control
 # libsctp.so.1 is being `dlopen`ed on demand
 Requires: lksctp-tools%{?_isa}
@@ -1225,10 +1227,6 @@ Patch1001: rh1655466-global_crypto_and_fips.patch
 Patch1002: rh1818909-fips_default_keystore_type.patch
 # RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
 Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
-# RH1868740: FIPS: IllegalAccessException by pkcs11 provider
-Patch1005: rh1868740-cryptoki_access_to_sunjce.patch
-# RH1883849: FIPS: IllegalAccessException by pkcs11 provider with security manager on
-Patch1006: rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch
 # RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
 Patch1007: rh1915071-always_initialise_configurator_access.patch

@@ -1254,8 +1252,6 @@ Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
 Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
 # PR3695: Allow use of system crypto policy to be disabled by the user
 Patch7: pr3695-toggle_system_crypto_policy.patch
-# RH1868754: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer
-Patch11: rh1868754-pkcs11_cancel_on_failure.patch

 #############################################
 #
@@ -1304,8 +1300,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
 %ifnarch %{jit_arches}
 BuildRequires: libffi-devel
 %endif
-# 2020b required as of JDK-8254177 in October CPU
-BuildRequires: tzdata-java >= 2020b
+# 2021a required as of JDK-8260356 in April 2021 CPU
+BuildRequires: tzdata-java >= 2021a
 # Earlier versions have a bug in tree vectorization on PPC
 BuildRequires: gcc >= 4.8.3-8

@@ -1633,7 +1629,6 @@ pushd %{top_level_dir_name}
 %patch3 -p1
 %patch4 -p1
 %patch7 -p1
-%patch11 -p1
 popd # openjdk

 %patch1000
@@ -1642,8 +1637,6 @@ popd # openjdk
 %patch1002
 %patch1003
 %patch1004
-%patch1005
-%patch1006
 %patch1007

 # Extract systemtap tapsets
@@ -1878,7 +1871,7 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")

 # Check correct vendor values have been set
 $JAVA_HOME/bin/javac -d . %{SOURCE16}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}"

 # Check java launcher has no SSB mitigation
 if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
@@ -2350,6 +2343,32 @@ end
 %endif

 %changelog
+* Thu Apr 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-2
+- Require tzdata 2021a to match upstream change JDK-8260356
+- Resolves: rhbz#1942310
+
+* Tue Apr 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-1
+- Update to jdk-11.0.11.0+9
+- Update release notes to 11.0.11.0+9
+- Switch to GA mode for final release.
+- This tarball is embargoed until 2021-04-20 @ 1pm PT.
+- Resolves: rhbz#1938201
+
+* Tue Apr 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.7-0.1.ea
+- Update to jdk-11.0.11.0+7
+- Update release notes to 11.0.11.0+7
+- Switch to EA mode for 11.0.11 pre-release builds.
+- Require tzdata 2020f to match upstream change JDK-8259048
+- Remove RH1868754 patch as this is now resolved upstream by JDK-8258833
+- Remove RH1868740 & RH1883849 patches as these are now resolved by JDK-8259319
+- Resolves: rhbz#1942310
+
+* Tue Apr 13 2021 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:11.0.11.0.7-0.1.ea
+- Fix issue where CheckVendor.java test erroneously passes when it should fail.
+- Add proper quoting so '&' is not treated as a special character by the shell.
+- Fixed not-including fastdebug build in case of --without fastdebug
+- Resolves: rhbz#1942310
+
 * Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-8
 - Perform static library build on a separate source tree with bundled image libraries
 - Make static library build optional