[java-1.7.0-openjdk/f20] Updated to security update of 20.1.2015 Replace unmodified java.security file via headless post scr
jiri vanek
jvanek at fedoraproject.org
Wed Jan 21 08:35:29 UTC 2015
commit 86833e39c22bf467a67f08368d68f53a4122eeaa
Author: Jiri Vanek <jvanek at redhat.com>
Date: Wed Jan 21 09:35:37 2015 +0100
Updated to security update of 20.1.2015
Replace unmodified java.security file via headless post scriptlet.
Fix macro expansion in changelog
Fix elliptic curve list as part of fsg.sh
Bump release so that the RHEL 7.1 version is built on AArch64.
Bump to 2.5.4 using OpenJDK 7u75 b13.
Bump AArch64 port to 2.6.0pre17.
Fix abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs.
Remove OpenJDK 8 / AArch64 version of PStack patch as this is no longer needed.
.gitignore | 2 +
PStack-808293-aarch64.patch | 30 ---------------
abrt_friendly_hs_log_jdk7.patch | 4 +-
fsg.sh | 4 ++
java-1.7.0-openjdk.spec | 77 +++++++++++++++++++++------------------
rh1155012-jdk-speedup.patch | 30 ---------------
sources | 4 +-
7 files changed, 52 insertions(+), 99 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d593766..dcfe602 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,5 @@
/openjdk-icedtea-2.5.2.tar.xz
/openjdk-icedtea-2.5.3.tar.xz
/jdk7u80_b03_aarch64_hotspot-39befa03b58a.tar.bz2
+/openjdk-icedtea-2.5.4.tar.xz
+/aarch64-icedtea-2.6pre17.tar.bz2
diff --git a/abrt_friendly_hs_log_jdk7.patch b/abrt_friendly_hs_log_jdk7.patch
index 6e0afa6..dba02bd 100644
--- a/abrt_friendly_hs_log_jdk7.patch
+++ b/abrt_friendly_hs_log_jdk7.patch
@@ -10,7 +10,7 @@
size_t len = strlen(cwd);
@@ -938,6 +939,24 @@
os::file_separator(), os::current_process_id());
- fd = open(buffer, O_RDWR | O_CREAT | O_TRUNC, 0666);
+ fd = open(buffer, O_RDWR | O_CREAT | O_EXCL, 0666);
}
+ */
+
@@ -26,7 +26,7 @@
+ jio_snprintf(buffer, sizeof(buffer), "%s%sjvm-%u%shs_error.log",
+ tmpdir, os::file_separator(), os::current_process_id(),
+ os::file_separator());
-+ fd = open(buffer, O_WRONLY | O_CREAT | O_TRUNC, 0444); // read-only file
++ fd = open(buffer, O_WRONLY | O_CREAT | O_EXCL, 0444); // read-only file
+ }
+ }
+ }
diff --git a/fsg.sh b/fsg.sh
index 838e585..c338e51 100644
--- a/fsg.sh
+++ b/fsg.sh
@@ -107,3 +107,7 @@ rm -rvf openjdk/jdk/test/com/sun/servicetag
echo "Removing EC source code we don't build"
rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl
+
+# Requires IcedTea patch PR2124 (not included)
+echo "Syncing EC list with NSS"
+patch -Np0 < pr2124.patch
diff --git a/java-1.7.0-openjdk.spec b/java-1.7.0-openjdk.spec
index 07b30a0..44706af 100644
--- a/java-1.7.0-openjdk.spec
+++ b/java-1.7.0-openjdk.spec
@@ -1,11 +1,11 @@
# If debug is 1, OpenJDK is built with all debug info present.
%global debug 0
-%global icedtea_version 2.5.3
+%global icedtea_version 2.5.4
%global hg_tag icedtea-{icedtea_version}
-%global aarch64_rev 39befa03b58a
-%global aarch64_tag jdk7u80_b03_aarch64_hotspot-%{aarch64_rev}
+%global aarch64_rev 4d25046abb67
+%global aarch64_tag icedtea-2.6pre17
%global aarch64 aarch64 arm64 armv8
#sometimes we need to distinguish big and little endian PPC64
@@ -43,8 +43,8 @@
%global archdef PPC
%endif
%ifarch %{ppc64le}
-%global archbuild ppc64le
-%global archinstall ppc64le
+%global archbuild ppc64
+%global archinstall ppc64
%global archdef PPC64
%endif
%ifarch %{ix86}
@@ -132,8 +132,8 @@
# Standard JPackage naming and versioning defines.
%global origin openjdk
-%global updatever 71
-%global buildver 14
+%global updatever 75
+%global buildver 13
# Keep priority on 6digits in case updatever>9
%global priority 1700%{updatever}
%global javaver 1.7.0
@@ -177,7 +177,7 @@
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}
-Release: %{icedtea_version}.3%{?dist}
+Release: %{icedtea_version}.2%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -197,7 +197,7 @@ URL: http://openjdk.java.net/
#head
#REPO=http://icedtea.classpath.org/hg/icedtea7-forest
#current release
-#REPO=http://icedtea.classpath.org/hg/release/icedtea7-forest-2.4
+#REPO=http://icedtea.classpath.org/hg/release/icedtea7-forest-2.5
# hg clone $REPO/ openjdk -r %{hg_tag}
# hg clone $REPO/corba/ openjdk/corba -r %{hg_tag}
# hg clone $REPO/hotspot/ openjdk/hotspot -r %{hg_tag}
@@ -206,12 +206,11 @@ URL: http://openjdk.java.net/
# hg clone $REPO/jdk/ openjdk/jdk -r %{hg_tag}
# hg clone $REPO/langtools/ openjdk/langtools -r %{hg_tag}
# find openjdk -name ".hg" -exec rm -rf '{}' \;
-# sh /git/java-1.7.0-openjdk/fX/fsg.sh
+# sh /git/java-1.7.0-openjdk/rhel-7.0/fsg.sh
# tar cJf openjdk-icedtea-%{icedtea_version}.tar.xz openjdk
Source0: openjdk-icedtea-%{icedtea_version}.tar.xz
-# wget http://hg.openjdk.java.net/aarch64-port/jdk7u/hotspot/archive/%{aarch64_tag}.tar.bz2
-# wget from http://icedtea.classpath.org/hg/icedtea7-forest-aarch64/hotspot/ tag tar.bz.2
-Source1: %{aarch64_tag}.tar.bz2
+# wget -v -O %{aarch64_tag}.tar.bz2 http://hg.openjdk.java.net/aarch64-port/jdk7u/hotspot/archive/%{aarch64_rev}.tar.bz2
+Source1: http://icedtea.classpath.org/hg/icedtea7-forest/hotspot/archive/%{aarch64_rev}.tar.bz2#/aarch64-%{aarch64_tag}.tar.bz2
# README file
# This source is under maintainer's/java-team's control
@@ -294,12 +293,8 @@ Patch400: rh1022017.patch
#Workaround RH902004
Patch403: PStack-808293.patch
-Patch4030: PStack-808293-aarch64.patch
-Patch404: rh1155012-jdk-speedup.patch
# End of tmp patches
-
-
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -531,9 +526,6 @@ popd
# Remove libraries that are linked
sh %{SOURCE10}
-# Copy jaxp, jaf and jaxws drops
-mkdir drops/
-
# Extract the rewriter (to rewrite rhino classes)
tar xzf %{SOURCE5}
@@ -574,18 +566,9 @@ tar xzf %{SOURCE9}
%endif
%patch106
-%ifnarch %{aarch64}
-#friendly hserror is not applicable in head, needs to be revisited
%patch200
-%endif
-%ifarch %{aarch64}
-%patch4030
-%else
%patch403
-%endif
-
-%patch404
%build
# How many cpu's do we have?
@@ -600,7 +583,8 @@ export ARCH_DATA_MODEL=64
export CFLAGS="$CFLAGS -mieee"
%endif
-export CFLAGS="$CFLAGS -fstack-protector-strong"
+CFLAGS="$CFLAGS -fstack-protector-strong"
+export CFLAGS
# Build the re-written rhino jar
mkdir -p rhino/{old,new}
@@ -640,7 +624,6 @@ export JDK_TO_BUILD_WITH=/usr/lib/jvm/java-1.7.0-openjdk
pushd openjdk >& /dev/null
-export ALT_DROPS_DIR=$PWD/../drops
export ALT_BOOTDIR="$JDK_TO_BUILD_WITH"
# Save old umask as jdk_generic_profile overwrites it
@@ -664,9 +647,6 @@ make \
JDK_UPDATE_VERSION=`printf "%02d" %{updatever}` \
JDK_BUILD_NUMBER=b`printf "%02d" %{buildver}` \
JRE_RELEASE_VERSION=%{javaver}_`printf "%02d" %{updatever}`-b`printf "%02d" %{buildver}` \
-%ifarch %{aarch64}
- HOTSPOT_BUILD_VERSION="aarch64_%{aarch64_rev}" \
-%endif
MILESTONE="fcs" \
ALT_PARALLEL_COMPILE_JOBS="$NUM_PROC" \
HOTSPOT_BUILD_JOBS="$NUM_PROC" \
@@ -1118,6 +1098,22 @@ exit 0
# FIXME: identical binaries are copied, not linked. This needs to be
# fixed upstream.
%post headless
+# The pretrans lua scriptlet prevents an unmodified java.security
+# from being replaced via an update. It gets created as
+# java.security.rpmnew instead. This invalidates the patch of
+# JDK-8061210 of the January 2015 CPU. We fix this via a
+# post scriptlet which runs on updates.
+if [ "$1" -gt 1 ]; then
+ javasecurity="%{_jvmdir}/%{uniquesuffix}/jre/lib/security/java.security"
+ sum=$(md5sum "${javasecurity}" | cut -d' ' -f1)
+ # This is the md5sum of an unmodified java.security file
+ if [ "${sum}" = '567d9244d9ef1ac0e557d05eb0892413' ]; then
+ if [ -f "${javasecurity}.rpmnew" ]; then
+ mv -f "${javasecurity}.rpmnew" "${javasecurity}"
+ fi
+ fi
+fi
+
%ifarch %{jit_arches}
#see https://bugzilla.redhat.com/show_bug.cgi?id=513605
%{jrebindir}/java -Xshare:dump >/dev/null 2>/dev/null
@@ -1567,6 +1563,17 @@ exit 0
%{_jvmdir}/%{jredir}/lib/accessibility.properties
%changelog
+* Wed Jan 21 2015 Jiri Vanek <jvanek at redhat.com> - 1:1.7.0.75-2.5.4.2
+- Updated to security update of 20.1.2015
+- Replace unmodified java.security file via headless post scriptlet.
+- Fix macro expansion in changelog
+- Fix elliptic curve list as part of fsg.sh
+- Bump release so that the RHEL 7.1 version is built on AArch64.
+- Bump to 2.5.4 using OpenJDK 7u75 b13.
+- Bump AArch64 port to 2.6.0pre17.
+- Fix abrt_friendly_hs_log_jdk7.patch to apply again and enable on all archs.
+- Remove OpenJDK 8 / AArch64 version of PStack patch as this is no longer needed.
+
* Tue Dec 16 2014 Jiri Vanek <jvanek at redhat.com> - 1:1.7.0.71-2.5.3.3
- aarch64 sources updated to most recent stable tag
- adapted patch4030 PStack-808293-aarch64.patch
@@ -1921,7 +1928,7 @@ exit 0
- size_t patch adapted to 2.3 which is now default on all except arm arches
* Fri May 17 2013 Omair Majid <omajid at redhat.com> - 1.7.0.19-2.3.9.10.fc20
-- Replace %{name} with %{uniquesuffix} where it's used as a unique suffix.
+- Replace %%{name} with %%{uniquesuffix} where it's used as a unique suffix.
* Tue May 14 2013 Jiri Vanek <jvanek at redhat.com> 1.7.0.19-2.3.9.9.fc19
- patch402 gstackbounds.patch applied only to jit arches
diff --git a/sources b/sources
index 425b562..43f9d78 100644
--- a/sources
+++ b/sources
@@ -1,5 +1,5 @@
ea344cc5b53b73f375558ba41760ff64 class-rewriter.tar.gz
-f7d3e95a060b1d5685a92bb4b9891cad openjdk-icedtea-2.5.3.tar.xz
+334ff0b53faff6ee1d718194bbf6b806 openjdk-icedtea-2.5.4.tar.xz
1cb61996cf5dbe80827abbe7d009bf28 pulseaudio.tar.gz
013ddff65e090aafe9ff89d4ce767e8d systemtap-tapset-2014-03-19.tar.xz
-a66c6b8557cf8ef1123e6934a54f4066 jdk7u80_b03_aarch64_hotspot-39befa03b58a.tar.bz2
+b81828aaccf3e7f6d6dafb78d67709f2 aarch64-icedtea-2.6pre17.tar.bz2
More information about the scm-commits
mailing list