The package rpms/java-1.8.0-openjdk.git has added or updated architecture specific content
in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id....
Change:
+%ifarch %{ssbd_arches}
Thanks.
Full change:
============
commit aa2fac59de9a77b026139755c77d0f89a671a3cc
Author: Jiri Vanek <jvanek(a)redhat.com>
Date: Thu Dec 17 15:49:22 2020 +0100
Added checks and restrictions around alt-java
diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec
index a96e6b3..4e4cbfc 100644
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@@ -80,6 +80,8 @@
%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64}
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64}
%global jfr_arches x86_64 sparcv9 sparc64 %{aarch64} %{power64}
+# Set of architectures for which alt-java has SSB mitigation
+%global ssbd_arches x86_64
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
@@ -260,7 +262,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease 2
+%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
@@ -1967,6 +1969,17 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed
"s|\.java||")
$JAVA_HOME/bin/javac -d . %{SOURCE15}
$JAVA_HOME/bin/java -Djava.security.disableSystemPropertiesFile=true $(echo $(basename
%{SOURCE15})|sed "s|\.java||")
+# Check java launcher has no SSB mitigation
+if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
+
+# Check alt-java launcher has SSB mitigation on supported architectures
+%ifarch %{ssbd_arches}
+nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
+%else
+if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false;
fi
+%endif
+
+
# Check debug symbols are present and can identify code
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0'
lib
do
@@ -2420,6 +2433,11 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Thu Dec 17 2020 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.275.b01-3
+- introduced nm based check to verify alt-java on x86_64 is patched, and no other
alt-java or java is patched
+- patch600 rh1750419-redhat_alt_java.patch amended to die, if it is used wrongly
+- introduced ssbd_arches with currently only valid arch of x86_64 to separate real
alt-java architectures
+
* Fri Nov 27 2020 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.275.b01-2
- added patch600, rh1750419-redhat_alt_java.patch
- Replaced alt-java palceholder by real pathced alt-java
diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch
index d7accf1..b3cbff8 100644
--- a/rh1750419-redhat_alt_java.patch
+++ b/rh1750419-redhat_alt_java.patch
@@ -1,12 +1,13 @@
diff -r 25e94aa812b2 make/CompileLaunchers.gmk
--- openjdk/jdk/make/CompileLaunchers.gmk Wed Feb 05 12:20:36 2020 -0300
+++ openjdk/jdk/make/CompileLaunchers.gmk Tue Jun 02 17:15:28 2020 +0100
-@@ -234,6 +234,20 @@
+@@ -234,6 +234,21 @@
BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/java$(EXE_SUFFIX)
++#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
+$(eval $(call SetupLauncher,alt-java, \
-+ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \
++ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA -Wno-error=cpp,,,user32.lib
comctl32.lib, \
+ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \
+ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true))
+
@@ -102,12 +103,16 @@ diff -r 25e94aa812b2 src/share/bin/alt_main.h
diff -r 25e94aa812b2 src/share/bin/main.c
--- openjdk/jdk/src/share/bin/main.c Wed Feb 05 12:20:36 2020 -0300
+++ openjdk/jdk/src/share/bin/main.c Tue Jun 02 17:15:28 2020 +0100
-@@ -32,6 +32,10 @@
+@@ -32,6 +32,14 @@
#include "defines.h"
++#ifdef REDHAT_ALT_JAVA
+#if defined(__linux__) && defined(__x86_64__)
+#include "alt_main.h"
++#else
++#warning alt-java requested but SSB mitigation not available on this platform.
++#endif
+#endif
+
#ifdef _MSC_VER