diff --git a/dragonwell-extended-11.0.17.13_jdk-11.0.17-ga.tar.gz b/dragonwell-extended-11.0.19.15_jdk-11.0.19-ga.tar.gz similarity index 86% rename from dragonwell-extended-11.0.17.13_jdk-11.0.17-ga.tar.gz rename to dragonwell-extended-11.0.19.15_jdk-11.0.19-ga.tar.gz index 3da0a54b5393d142096b62c63531e422591cd32d..c085f82c3c0af7dc4665b29810dfc4ac016821d9 100644 Binary files a/dragonwell-extended-11.0.17.13_jdk-11.0.17-ga.tar.gz and b/dragonwell-extended-11.0.19.15_jdk-11.0.19-ga.tar.gz differ diff --git a/java-11-alibaba-dragonwell.spec b/java-11-alibaba-dragonwell.spec index 89515fbbdff22a104203c315eabd66533fdce8ae..02af2d89a50daf4c07c2e18da1b0069cd8b54e3c 100644 --- a/java-11-alibaba-dragonwell.spec +++ b/java-11-alibaba-dragonwell.spec @@ -18,8 +18,8 @@ %global major_ver 11 %global inter_ver 0 -%global update_ver 17 -%global patch_ver 13 +%global update_ver 19 +%global patch_ver 15 %global alibaba_ver 8 %global build_ver 8 %global dragonwell_ver %{major_ver}.%{inter_ver}.%{update_ver} @@ -239,7 +239,6 @@ Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3695: Allow use of system crypto policy to be disabled by the user Patch7: pr3695-toggle_system_crypto_policy.patch # JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked -Patch8: jdk8275535-rh2053256-ldap_auth.patch BuildArch: x86_64 aarch64 @@ -750,7 +749,6 @@ pushd %{top_level_dir_name} %patch1009 -p1 %patch1011 -p1 %patch1015 -p1 -%patch8 -p1 popd # Extract systemtap tapsets tar --strip-components=1 -x -I xz -f %{SOURCE11} @@ -2248,6 +2246,9 @@ alternatives --install %{_jvmdir}/java-%{major_ver}-%{origin} $key %{_jvmdir}/%{ %endif %changelog +* Fri Jun 02 2023 zhaoyuanfang - 3:11.0.19.15.8-3 +- update package to 11.0.19.15 + * Wed Feb 22 2023 happy_orange - 3:11.0.17.13.8-3 - unset the java-11-alibaba-dragonwell is a system java diff --git a/jdk8275535-rh2053256-ldap_auth.patch b/jdk8275535-rh2053256-ldap_auth.patch deleted file mode 100644 index 7a25e4bc3087a95c1a2d1de6312907078ce31925..0000000000000000000000000000000000000000 --- a/jdk8275535-rh2053256-ldap_auth.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -index 300f3682655..6f3eb6c450b 100644 ---- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -@@ -226,6 +226,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor - ctx = getLdapCtxFromUrl( - r.getDomainName(), url, new LdapURL(u), env); - return ctx; -+ } catch (AuthenticationException e) { -+ // do not retry on a different endpoint to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - // try the next element - lastException = e; -@@ -278,6 +282,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor - for (String u : urls) { - try { - return getUsingURL(u, env); -+ } catch (AuthenticationException e) { -+ // do not retry on a different URL to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - ex = e; - } diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch index e6355f2af927f9271f0377c96f03e00dc03f0718..dbf846e792cad4a8d037453006d7a1a64856adfd 100644 --- a/rh1750419-redhat_alt_java.patch +++ b/rh1750419-redhat_alt_java.patch @@ -1,10 +1,10 @@ diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk --- openjdk/make/launcher/Launcher-java.base.gmk Wed Nov 25 08:27:15 2020 +0100 +++ openjdk/make/launcher/Launcher-java.base.gmk Tue Dec 01 12:29:30 2020 +0100 -@@ -41,6 +41,16 @@ +@@ -41,6 +41,16 @@ $(eval $(call SetupBuildLauncher, java, OPTIMIZATION := HIGH, \ )) - + +#Wno-error=cpp is present to allow commented warning in ifdef part of main.c +$(eval $(call SetupBuildLauncher, alt-java, \ + CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \ @@ -15,7 +15,7 @@ diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk + OPTIMIZATION := HIGH, \ +)) + - ifeq ($(OPENJDK_TARGET_OS), windows) + ifeq ($(call isTargetOs, windows), true) $(eval $(call SetupBuildLauncher, javaw, \ CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \ diff --git a/rh1860986-disable_tlsv1.3_in_fips_mode.patch b/rh1860986-disable_tlsv1.3_in_fips_mode.patch index 86d7041e648b95977c481f3a24ccc76d0f35f987..5d6acba33fdbe20d11cfb0ab6ecb01729fca465e 100644 --- a/rh1860986-disable_tlsv1.3_in_fips_mode.patch +++ b/rh1860986-disable_tlsv1.3_in_fips_mode.patch @@ -149,7 +149,7 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/jdk/internal/misc/JavaSecurityS diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java --- openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Thu Jan 23 18:22:31 2020 -0300 +++ openjdk/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java Sat Aug 01 23:16:51 2020 -0300 -@@ -31,6 +31,7 @@ +@@ -31,6 +31,7 @@ import java.security.*; import java.security.cert.*; import java.util.*; import javax.net.ssl.*; @@ -157,8 +157,8 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl import sun.security.action.GetPropertyAction; import sun.security.provider.certpath.AlgorithmChecker; import sun.security.validator.Validator; -@@ -542,20 +543,38 @@ - +@@ -542,20 +543,38 @@ public abstract class SSLContextImpl ext + static { if (SunJSSE.isFIPS()) { - supportedProtocols = Arrays.asList( @@ -167,6 +167,14 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl - ProtocolVersion.TLS11, - ProtocolVersion.TLS10 - ); +- +- serverDefaultProtocols = getAvailableProtocols( +- new ProtocolVersion[] { +- ProtocolVersion.TLS13, +- ProtocolVersion.TLS12, +- ProtocolVersion.TLS11, +- ProtocolVersion.TLS10 +- }); + if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() + .isSystemFipsEnabled()) { + // RH1860986: TLSv1.3 key derivation not supported with @@ -176,14 +184,7 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl + ProtocolVersion.TLS11, + ProtocolVersion.TLS10 + ); - -- serverDefaultProtocols = getAvailableProtocols( -- new ProtocolVersion[] { -- ProtocolVersion.TLS13, -- ProtocolVersion.TLS12, -- ProtocolVersion.TLS11, -- ProtocolVersion.TLS10 -- }); ++ + serverDefaultProtocols = getAvailableProtocols( + new ProtocolVersion[] { + ProtocolVersion.TLS12, @@ -209,40 +210,7 @@ diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SSLContextImpl } else { supportedProtocols = Arrays.asList( ProtocolVersion.TLS13, -@@ -620,6 +639,16 @@ - - static ProtocolVersion[] getSupportedProtocols() { - if (SunJSSE.isFIPS()) { -+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() -+ .isSystemFipsEnabled()) { -+ // RH1860986: TLSv1.3 key derivation not supported with -+ // the Security Providers available in system FIPS mode. -+ return new ProtocolVersion[] { -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10 -+ }; -+ } - return new ProtocolVersion[] { - ProtocolVersion.TLS13, - ProtocolVersion.TLS12, -@@ -949,6 +978,16 @@ - - static ProtocolVersion[] getProtocols() { - if (SunJSSE.isFIPS()) { -+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() -+ .isSystemFipsEnabled()) { -+ // RH1860986: TLSv1.3 key derivation not supported with -+ // the Security Providers available in system FIPS mode. -+ return new ProtocolVersion[] { -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10 -+ }; -+ } - return new ProtocolVersion[]{ - ProtocolVersion.TLS13, - ProtocolVersion.TLS12, + diff -r bbc65dfa59d1 src/java.base/share/classes/sun/security/ssl/SunJSSE.java --- openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Thu Jan 23 18:22:31 2020 -0300 +++ openjdk/src/java.base/share/classes/sun/security/ssl/SunJSSE.java Sat Aug 01 23:16:51 2020 -0300