From 5d89083a73aa6c05e67cc48fcc254f17c3db7277 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Mon, 12 May 2025 10:38:04 +0800 Subject: [PATCH 1/3] [CVE]update to java-17-openjdk-17.0.15.0.6-2 to #IC2330 update to java-17-openjdk-17.0.15.0.6-2 for CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 Project: TC2024080204 Signed-off-by: Jacob Wang --- download | 2 +- ...e00150.patch => fips-17u-df4c415ac9a.patch | 60 +++++++++--------- java-17-openjdk-portable.specfile | 39 ++++++++++-- java-17-openjdk.spec | 63 ++++++++++--------- 4 files changed, 99 insertions(+), 65 deletions(-) rename fips-17u-e893be00150.patch => fips-17u-df4c415ac9a.patch (99%) diff --git a/download b/download index bf70952..80a8f70 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -b4bdb14fa4745543824cb7178f39c00a openjdk-17.0.14+7.tar.xz +4632234bf39b0bf2cb016608ce8cd5bb openjdk-17.0.15+6.tar.xz 5d441d6217cc75372ca5a0943997cb24 tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/fips-17u-e893be00150.patch b/fips-17u-df4c415ac9a.patch similarity index 99% rename from fips-17u-e893be00150.patch rename to fips-17u-df4c415ac9a.patch index 32219c4..30c70ce 100644 --- a/fips-17u-e893be00150.patch +++ b/fips-17u-df4c415ac9a.patch @@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80 + AC_SUBST(NSS_LIBDIR) +]) diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4 -index 62db5b16c31..f0bb4333fc9 100644 +index 865feea36d9..5c3a137e65c 100644 --- a/make/autoconf/libraries.m4 +++ b/make/autoconf/libraries.m4 @@ -33,6 +33,7 @@ m4_include([lib-std.m4]) @@ -2508,7 +2508,7 @@ index 00000000000..dc8bc72fccb + } +} diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security -index 8f6e1e12a7e..2726391bcea 100644 +index e26b7f8c394..08effe23fce 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -82,6 +82,17 @@ security.provider.tbd=Apple @@ -3496,7 +3496,7 @@ index 00000000000..f8d505ca815 +} \ No newline at end of file diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java -index d12244337a5..f2e8e4094c8 100644 +index e05892e2c22..cb40c3bf794 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java @@ -37,6 +37,8 @@ import javax.crypto.*; @@ -3518,7 +3518,7 @@ index d12244337a5..f2e8e4094c8 100644 private static final long serialVersionUID = -2575874101938349339L; private static final String PUBLIC = "public"; -@@ -393,9 +398,10 @@ abstract class P11Key implements Key, Length { +@@ -406,9 +411,10 @@ abstract class P11Key implements Key, Length { new CK_ATTRIBUTE(CKA_EXTRACTABLE), }); @@ -3532,7 +3532,7 @@ index d12244337a5..f2e8e4094c8 100644 switch (algorithm) { case "RSA": -@@ -450,7 +456,8 @@ abstract class P11Key implements Key, Length { +@@ -463,7 +469,8 @@ abstract class P11Key implements Key, Length { public String getFormat() { token.ensureValid(); @@ -4072,7 +4072,7 @@ index cabee449346..72b64f72c0a 100644 // empty } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java -index aa35e8fa668..1855e5631bd 100644 +index 00fbbcfe07c..b5a30c6da4e 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -26,6 +26,9 @@ @@ -4411,10 +4411,10 @@ index aa35e8fa668..1855e5631bd 100644 d(SIG, "RawDSA", P11Signature, List.of("NONEwithDSA"), m(CKM_DSA)); -@@ -1144,9 +1356,21 @@ public final class SunPKCS11 extends AuthProvider { - if (ds == null) { +@@ -1120,9 +1332,21 @@ public final class SunPKCS11 extends AuthProvider { continue; } + boolean allowLegacy = config.getAllowLegacy(); + descLoop: for (Descriptor d : ds) { Integer oldMech = supportedAlgs.get(d); @@ -4430,10 +4430,10 @@ index aa35e8fa668..1855e5631bd 100644 + } + } + } - supportedAlgs.put(d, integerMech); - continue; - } -@@ -1220,11 +1444,52 @@ public final class SunPKCS11 extends AuthProvider { + + // assume full support if no mech info available + if (!allowLegacy && mechInfo != null) { +@@ -1211,11 +1435,52 @@ public final class SunPKCS11 extends AuthProvider { } @Override @@ -4486,7 +4486,7 @@ index aa35e8fa668..1855e5631bd 100644 try { return newInstance0(param); } catch (PKCS11Exception e) { -@@ -1244,6 +1509,8 @@ public final class SunPKCS11 extends AuthProvider { +@@ -1235,6 +1500,8 @@ public final class SunPKCS11 extends AuthProvider { } else if (algorithm.endsWith("GCM/NoPadding") || algorithm.startsWith("ChaCha20-Poly1305")) { return new P11AEADCipher(token, algorithm, mechanism); @@ -4495,7 +4495,7 @@ index aa35e8fa668..1855e5631bd 100644 } else { return new P11Cipher(token, algorithm, mechanism); } -@@ -1579,6 +1846,9 @@ public final class SunPKCS11 extends AuthProvider { +@@ -1570,6 +1837,9 @@ public final class SunPKCS11 extends AuthProvider { try { session = token.getOpSession(); p11.C_Logout(session.id()); @@ -4592,7 +4592,7 @@ index 0c9ebb289c1..b4b2448464d 100644 // CK_MECHANISM(long) constructor and setParameter(CK_RSA_PKCS_PSS_PARAMS) // methods instead of creating yet another constructor diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_PBE_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_PBE_PARAMS.java -index e8b048869c4..a25fa1c39e5 100644 +index 7b874ced493..d6c291ebc57 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_PBE_PARAMS.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_PBE_PARAMS.java @@ -50,15 +50,15 @@ package sun.security.pkcs11.wrapper; @@ -4895,7 +4895,7 @@ index 1f9c4d39f57..5e3c1b9d29f 100644 public String toString() { StringBuilder sb = new StringBuilder(); diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java -index 5c0aacd1a67..d796aaa3075 100644 +index 421c4212361..4e6520e70a1 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java @@ -49,6 +49,9 @@ package sun.security.pkcs11.wrapper; @@ -4999,7 +4999,7 @@ index 5c0aacd1a67..d796aaa3075 100644 /** * Connects this object to the specified PKCS#11 library. This method is for * internal use only. -@@ -1625,7 +1677,7 @@ public class PKCS11 { +@@ -1661,7 +1713,7 @@ public class PKCS11 { static class SynchronizedPKCS11 extends PKCS11 { SynchronizedPKCS11(String pkcs11ModulePath, String functionListName) @@ -5008,7 +5008,7 @@ index 5c0aacd1a67..d796aaa3075 100644 super(pkcs11ModulePath, functionListName); } -@@ -1911,4 +1963,194 @@ static class SynchronizedPKCS11 extends PKCS11 { +@@ -1947,4 +1999,194 @@ static class SynchronizedPKCS11 extends PKCS11 { super.C_GenerateRandom(hSession, randomData); } } @@ -5266,10 +5266,10 @@ index 0d65ee26805..38fd4aff1f3 100644 + /* (CKM_NSS + 32) */ = 0xCE534370L; } diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c -index d941b574cc7..e2de13648be 100644 +index 3ea91a6cfd1..26309f4f7b2 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c -@@ -1515,6 +1515,10 @@ CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam, +@@ -1518,6 +1518,10 @@ CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam, case CKM_PBE_SHA1_DES3_EDE_CBC: case CKM_PBE_SHA1_DES2_EDE_CBC: case CKM_PBA_SHA1_WITH_SHA1_HMAC: @@ -5280,7 +5280,7 @@ index d941b574cc7..e2de13648be 100644 ckpParamPtr = jPbeParamToCKPbeParamPtr(env, jParam, ckpLength); break; case CKM_PKCS5_PBKD2: -@@ -1658,13 +1662,13 @@ jPbeParamToCKPbeParamPtr(JNIEnv *env, jobject jParam, CK_ULONG *pLength) +@@ -1661,13 +1665,13 @@ jPbeParamToCKPbeParamPtr(JNIEnv *env, jobject jParam, CK_ULONG *pLength) // retrieve java values jPbeParamsClass = (*env)->FindClass(env, CLASS_PBE_PARAMS); if (jPbeParamsClass == NULL) { return NULL; } @@ -5296,7 +5296,7 @@ index d941b574cc7..e2de13648be 100644 if (fieldID == NULL) { return NULL; } jSalt = (*env)->GetObjectField(env, jParam, fieldID); fieldID = (*env)->GetFieldID(env, jPbeParamsClass, "ulIteration", "J"); -@@ -1680,15 +1684,15 @@ jPbeParamToCKPbeParamPtr(JNIEnv *env, jobject jParam, CK_ULONG *pLength) +@@ -1683,15 +1687,15 @@ jPbeParamToCKPbeParamPtr(JNIEnv *env, jobject jParam, CK_ULONG *pLength) // populate using java values ckParamPtr->ulIteration = jLongToCKULong(jIteration); @@ -5315,7 +5315,7 @@ index d941b574cc7..e2de13648be 100644 if ((*env)->ExceptionCheck(env)) { goto cleanup; } -@@ -1767,31 +1771,59 @@ void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, job +@@ -1770,31 +1774,59 @@ void copyBackPBEInitializationVector(JNIEnv *env, CK_MECHANISM *ckMechanism, job } } @@ -5384,7 +5384,7 @@ index d941b574cc7..e2de13648be 100644 fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "saltSource", "J"); if (fieldID == NULL) { return NULL; } jSaltSource = (*env)->GetLongField(env, jParam, fieldID); -@@ -1807,36 +1839,60 @@ jPkcs5Pbkd2ParamToCKPkcs5Pbkd2ParamPtr(JNIEnv *env, jobject jParam, CK_ULONG *pL +@@ -1810,36 +1842,60 @@ jPkcs5Pbkd2ParamToCKPkcs5Pbkd2ParamPtr(JNIEnv *env, jobject jParam, CK_ULONG *pL fieldID = (*env)->GetFieldID(env, jPkcs5Pbkd2ParamsClass, "pPrfData", "[B"); if (fieldID == NULL) { return NULL; } jPrfData = (*env)->GetObjectField(env, jParam, fieldID); @@ -5458,7 +5458,7 @@ index d941b574cc7..e2de13648be 100644 return NULL; diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c -index 520bd52a2cd..aa76945283d 100644 +index 84edb3c5105..0f49657ada1 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c @@ -410,11 +410,27 @@ void freeCKMechanismPtr(CK_MECHANISM_PTR mechPtr) { @@ -5490,7 +5490,7 @@ index 520bd52a2cd..aa76945283d 100644 // PBE mechs, WTLS mechs, CMS mechs, // CKM_EXTRACT_KEY_FROM_KEY, CKM_OTP, CKM_KIP, // CKM_DSA_PARAMETER_GEN?, CKM_GOSTR3410_* -@@ -517,12 +533,11 @@ void jBooleanArrayToCKBBoolArray(JNIEnv *env, const jbooleanArray jArray, CK_BBO +@@ -528,12 +544,11 @@ void jBooleanArrayToCKBBoolArray(JNIEnv *env, const jbooleanArray jArray, CK_BBO jboolean* jpTemp; CK_ULONG i; @@ -5505,7 +5505,7 @@ index 520bd52a2cd..aa76945283d 100644 jpTemp = (jboolean*) calloc(*ckpLength, sizeof(jboolean)); if (jpTemp == NULL) { throwOutOfMemoryError(env, 0); -@@ -559,12 +574,11 @@ void jByteArrayToCKByteArray(JNIEnv *env, const jbyteArray jArray, CK_BYTE_PTR * +@@ -570,12 +585,11 @@ void jByteArrayToCKByteArray(JNIEnv *env, const jbyteArray jArray, CK_BYTE_PTR * jbyte* jpTemp; CK_ULONG i; @@ -5520,7 +5520,7 @@ index 520bd52a2cd..aa76945283d 100644 jpTemp = (jbyte*) calloc(*ckpLength, sizeof(jbyte)); if (jpTemp == NULL) { throwOutOfMemoryError(env, 0); -@@ -606,12 +620,11 @@ void jLongArrayToCKULongArray(JNIEnv *env, const jlongArray jArray, CK_ULONG_PTR +@@ -617,12 +631,11 @@ void jLongArrayToCKULongArray(JNIEnv *env, const jlongArray jArray, CK_ULONG_PTR jlong* jTemp; CK_ULONG i; @@ -5535,7 +5535,7 @@ index 520bd52a2cd..aa76945283d 100644 jTemp = (jlong*) calloc(*ckpLength, sizeof(jlong)); if (jTemp == NULL) { throwOutOfMemoryError(env, 0); -@@ -648,12 +661,11 @@ void jCharArrayToCKCharArray(JNIEnv *env, const jcharArray jArray, CK_CHAR_PTR * +@@ -659,12 +672,11 @@ void jCharArrayToCKCharArray(JNIEnv *env, const jcharArray jArray, CK_CHAR_PTR * jchar* jpTemp; CK_ULONG i; @@ -5550,7 +5550,7 @@ index 520bd52a2cd..aa76945283d 100644 jpTemp = (jchar*) calloc(*ckpLength, sizeof(jchar)); if (jpTemp == NULL) { throwOutOfMemoryError(env, 0); -@@ -690,12 +702,11 @@ void jCharArrayToCKUTF8CharArray(JNIEnv *env, const jcharArray jArray, CK_UTF8CH +@@ -701,12 +713,11 @@ void jCharArrayToCKUTF8CharArray(JNIEnv *env, const jcharArray jArray, CK_UTF8CH jchar* jTemp; CK_ULONG i; diff --git a/java-17-openjdk-portable.specfile b/java-17-openjdk-portable.specfile index 94dd3d0..5d04f53 100644 --- a/java-17-openjdk-portable.specfile +++ b/java-17-openjdk-portable.specfile @@ -315,7 +315,7 @@ # New Version-String scheme-style defines %global featurever 17 %global interimver 0 -%global updatever 14 +%global updatever 15 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -365,7 +365,7 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver e893be00150 +%global fipsver df4c415ac9a # Define JDK versions %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} %global javaver %{featurever} @@ -379,8 +379,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 7 -%global rpmrelease 1 +%global buildver 6 +%global rpmrelease 1 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -1832,6 +1832,37 @@ done %endif %changelog +* Thu Apr 10 2025 Andrew Hughes - 1:17.0.15.0.6-1 +- Update NEWS for jdk-17.0.15+6 (GA) + +* Thu Apr 10 2025 Thomas Fitzsimmons - 1:17.0.15.0.6-1 +- Update to jdk-17.0.15+6 (GA) +- Add to .gitignore openjdk-17.0.15+6.tar.xz +- Set buildver to 6 +- Set rpmrelease to 1 +- Set is_ga to 1 +- Update sources to openjdk-17.0.15+6.tar.xz +- ** This tarball is embargoed until 2025-04-15 @ 1pm PT. ** + +* Mon Apr 7 2025 Andrew Hughes - 1:17.0.15.0.5-0.2.ea +- Add missing jdk-17.0.15+5 (EA) NEWS entries +- Add release note for JDK-8346587 to NEWS +- Set rpmrelease to 2 + +* Sun Apr 6 2025 Thomas Fitzsimmons - 1:17.0.15.0.5-0.1.ea +- Update FIPS patch + +* Fri Apr 4 2025 Andrew Hughes - 1:17.0.15.0.5-0.1.ea +- Update NEWS for jdk-17.0.15+5 (EA) + +* Fri Apr 4 2025 Thomas Fitzsimmons - 1:17.0.15.0.5-0.1.ea +- Update to jdk-17.0.15+5 (EA) +- Add to .gitignore openjdk-17.0.15+5-ea.tar.xz +- Set updatever to 15 +- Set buildver to 5 +- Set is_ga to 0 +- Update sources to openjdk-17.0.15+5-ea.tar.xz + * Mon Jan 13 2025 Thomas Fitzsimmons - 1:17.0.14.0.7-1 - Update to jdk-17.0.14+7 (GA) - Add to .gitignore openjdk-17.0.14+7.tar.xz diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec index 4c8199d..047962b 100644 --- a/java-17-openjdk.spec +++ b/java-17-openjdk.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.2 # To rebuild this RPM, you must first rebuild the portable # RPM using the java-17-openjdk-portable.specfile, install # it and then adjust portablerelease and portablesuffix @@ -123,11 +122,11 @@ # Set of architectures which support multiple ABIs %global multilib_arches %{power64} sparc64 x86_64 # Set of architectures for which we build slowdebug builds -%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x loongarch64 +%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x # Set of architectures for which we build fastdebug builds -%global fastdebug_arches x86_64 ppc64le aarch64 loongarch64 +%global fastdebug_arches x86_64 ppc64le aarch64 # Set of architectures with a Just-In-Time (JIT) compiler -%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64 loongarch64 +%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64 # Set of architectures which use the Zero assembler port (!jit_arches) %global zero_arches ppc s390 # Set of architectures which run a full bootstrap cycle @@ -137,15 +136,15 @@ # Set of architectures with a Ahead-Of-Time (AOT) compiler %global aot_arches x86_64 %{aarch64} # Set of architectures which support the serviceability agent -%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} loongarch64 +%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} # Set of architectures which support class data sharing # As of JDK-8005165 in OpenJDK 10, class sharing is not arch-specific # However, it does segfault on the Zero assembler port, so currently JIT only %global share_arches %{jit_arches} # Set of architectures for which we build the Shenandoah garbage collector -%global shenandoah_arches x86_64 %{aarch64} loongarch64 +%global shenandoah_arches x86_64 %{aarch64} # Set of architectures for which we build the Z garbage collector -%global zgc_arches x86_64 loongarch64 +%global zgc_arches x86_64 # Set of architectures for which alt-java has SSB mitigation %global ssbd_arches x86_64 # Set of architectures for which java has short vector math library (libjsvml.so) @@ -300,10 +299,6 @@ %global archinstall aarch64 %global stapinstall arm64 %endif -%ifarch loongarch64 -%global archinstall loongarch64 -%global stapinstall loongarch64 -%endif # 32 bit sparc, optimized for v9 %ifarch sparcv9 %global archinstall sparc @@ -329,7 +324,7 @@ # New Version-String scheme-style defines %global featurever 17 %global interimver 0 -%global updatever 14 +%global updatever 15 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -369,7 +364,7 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver e893be00150 +%global fipsver df4c415ac9a %global javaver %{featurever} %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} @@ -384,12 +379,12 @@ %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 7 +%global buildver 6 # rpmrelease numbering must start at 2 to be later than the 8.6 RPM -%global rpmrelease 3 +%global rpmrelease 2 # Settings used by the portable build -%global portablerelease 1%{anolis_release} -%global portablesuffix an8 +%global portablerelease 1 +%global portablesuffix el8 %global portablebuilddir /builddir/build/BUILD # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -1131,8 +1126,8 @@ Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros Requires: javapackages-filesystem # Require zone-info data provided by tzdata-java sub-package -# 2024a required as of JDK-8325150 -Requires: tzdata-java >= 2024a +# 2025a required as of JDK-8347965 +Requires: tzdata-java >= 2025a # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1256,7 +1251,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{newjavaver}.%{buildver} -Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{anolis_release}%{?dist} +Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} # Equivalent for the portable build %global prelease %{?eaprefix}%{portablerelease}%{?extraver} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons @@ -1462,8 +1457,8 @@ BuildRequires: java-%{featurever}-openjdk-portable-misc = %{epoch}:%{version}-%{ %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2024a required as of JDK-8325150 -BuildRequires: tzdata-java >= 2024a +# 2025a required as of JDK-8347965 +BuildRequires: tzdata-java >= 2025a # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1482,11 +1477,11 @@ BuildRequires: libpng-devel BuildRequires: zlib-devel %else # Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h -Provides: bundled(freetype) = 2.13.0 +Provides: bundled(freetype) = 2.13.2 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.2 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h -Provides: bundled(harfbuzz) = 7.2.0 +Provides: bundled(harfbuzz) = 8.2.2 # Version in src/java.desktop/share/legal/lcms.md Provides: bundled(lcms2) = 2.16.0 # Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h @@ -2504,12 +2499,20 @@ cjc.mainProgram(args) %endif %changelog -* Mon Feb 17 2025 Leslie Zhai - 1:17.0.14.0.7-3.0.2 -- Add loongarch64 base support - -* Fri Jan 24 2025 Jacob Wang - 1:17.0.14.0.7-3.0.1 -- Update portable pkg dist -- Remove loongarch64 +* Thu Apr 10 2025 Thomas Fitzsimmons - 1:17.0.15.0.6-2 +- Update to jdk-17.0.15+6 (GA) +- Add to .gitignore openjdk-17.0.15+6.tar.xz +- Set updatever to 15 +- Set buildver to 6 +- Set rpmrelease to 2 +- Update sources to openjdk-17.0.15+6.tar.xz +- Set bundled freetype provide version to 2.13.2 +- Set bundled harfbuzz provide version to 8.2.2 +- Require tzdata-java 2025a at runtime and for build +- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 +- Update FIPS patch +- Resolves: RHEL-86624 +- ** This tarball is embargoed until 2025-04-15 @ 1pm PT. ** * Wed Jan 15 2025 Thomas Fitzsimmons - 1:17.0.14.0.7-3 - Set rpmrelease to 3 -- Gitee From 03ff65e41ebdd8add559ca8ddc84b5416d472cb6 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Sat, 1 Jul 2023 20:50:26 +0800 Subject: [PATCH 2/3] Update portable pkg dist Signed-off-by: Jacob Wang --- java-17-openjdk.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec index 047962b..f3bd78b 100644 --- a/java-17-openjdk.spec +++ b/java-17-openjdk.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 # To rebuild this RPM, you must first rebuild the portable # RPM using the java-17-openjdk-portable.specfile, install # it and then adjust portablerelease and portablesuffix @@ -383,8 +384,8 @@ # rpmrelease numbering must start at 2 to be later than the 8.6 RPM %global rpmrelease 2 # Settings used by the portable build -%global portablerelease 1 -%global portablesuffix el8 +%global portablerelease 1%{anolis_release} +%global portablesuffix an8 %global portablebuilddir /builddir/build/BUILD # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -1251,7 +1252,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release} Name: java-%{javaver}-%{origin} Version: %{newjavaver}.%{buildver} -Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} +Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{anolis_release}%{?dist} # Equivalent for the portable build %global prelease %{?eaprefix}%{portablerelease}%{?extraver} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons @@ -2499,6 +2500,9 @@ cjc.mainProgram(args) %endif %changelog +* Mon May 12 2025 Jacob Wang - 1:17.0.15.0.6-2.0.1 +- Update portable pkg dist + * Thu Apr 10 2025 Thomas Fitzsimmons - 1:17.0.15.0.6-2 - Update to jdk-17.0.15+6 (GA) - Add to .gitignore openjdk-17.0.15+6.tar.xz -- Gitee From 41f03c456f2933f781ad329eedc4008aa7483d8a Mon Sep 17 00:00:00 2001 From: zhaixiang Date: Thu, 22 Feb 2024 16:42:37 +0800 Subject: [PATCH 3/3] Add loongarch64 base support --- java-17-openjdk.spec | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec index f3bd78b..f7c1fad 100644 --- a/java-17-openjdk.spec +++ b/java-17-openjdk.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 # To rebuild this RPM, you must first rebuild the portable # RPM using the java-17-openjdk-portable.specfile, install # it and then adjust portablerelease and portablesuffix @@ -123,11 +123,11 @@ # Set of architectures which support multiple ABIs %global multilib_arches %{power64} sparc64 x86_64 # Set of architectures for which we build slowdebug builds -%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x +%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x loongarch64 # Set of architectures for which we build fastdebug builds -%global fastdebug_arches x86_64 ppc64le aarch64 +%global fastdebug_arches x86_64 ppc64le aarch64 loongarch64 # Set of architectures with a Just-In-Time (JIT) compiler -%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64 +%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64 loongarch64 # Set of architectures which use the Zero assembler port (!jit_arches) %global zero_arches ppc s390 # Set of architectures which run a full bootstrap cycle @@ -137,15 +137,15 @@ # Set of architectures with a Ahead-Of-Time (AOT) compiler %global aot_arches x86_64 %{aarch64} # Set of architectures which support the serviceability agent -%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} +%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} loongarch64 # Set of architectures which support class data sharing # As of JDK-8005165 in OpenJDK 10, class sharing is not arch-specific # However, it does segfault on the Zero assembler port, so currently JIT only %global share_arches %{jit_arches} # Set of architectures for which we build the Shenandoah garbage collector -%global shenandoah_arches x86_64 %{aarch64} +%global shenandoah_arches x86_64 %{aarch64} loongarch64 # Set of architectures for which we build the Z garbage collector -%global zgc_arches x86_64 +%global zgc_arches x86_64 loongarch64 # Set of architectures for which alt-java has SSB mitigation %global ssbd_arches x86_64 # Set of architectures for which java has short vector math library (libjsvml.so) @@ -300,6 +300,10 @@ %global archinstall aarch64 %global stapinstall arm64 %endif +%ifarch loongarch64 +%global archinstall loongarch64 +%global stapinstall loongarch64 +%endif # 32 bit sparc, optimized for v9 %ifarch sparcv9 %global archinstall sparc @@ -2500,6 +2504,9 @@ cjc.mainProgram(args) %endif %changelog +* Mon May 12 2025 Leslie Zhai - 1:17.0.15.0.6-2.0.2 +- Add loongarch64 base support + * Mon May 12 2025 Jacob Wang - 1:17.0.15.0.6-2.0.1 - Update portable pkg dist -- Gitee