| |
@@ -101,6 +101,8 @@
|
| |
%global shenandoah_arches x86_64 %{aarch64}
|
| |
# Set of architectures for which we build the Z garbage collector
|
| |
%global zgc_arches x86_64
|
| |
+ # Set of architectures for which alt-java has SSB mitigation
|
| |
+ %global ssbd_arches x86_64
|
| |
|
| |
# By default, we build a debug build during main build on JIT architectures
|
| |
%if %{with slowdebug}
|
| |
@@ -259,7 +261,7 @@
|
| |
%global top_level_dir_name %{origin}
|
| |
%global minorver 0
|
| |
%global buildver 11
|
| |
- %global rpmrelease 5
|
| |
+ %global rpmrelease 6
|
| |
#%%global tagsuffix ""
|
| |
# priority must be 8 digits in total; untill openjdk 1.8 we were using 18..... so when moving to 11 we had to add another digit
|
| |
%if %is_system_jdk
|
| |
@@ -1598,6 +1600,16 @@
|
| |
$JAVA_HOME/bin/javac -d . %{SOURCE15}
|
| |
$JAVA_HOME/bin/java -Djava.security.disableSystemPropertiesFile=true $(echo $(basename %{SOURCE15})|sed "s|\.java||")
|
| |
|
| |
+ # Check java launcher has no SSB mitigation
|
| |
+ if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
|
| |
+
|
| |
+ # Check alt-java launcher has SSB mitigation on supported architectures
|
| |
+ %ifarch %{ssbd_arches}
|
| |
+ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
|
| |
+ %else
|
| |
+ if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
|
| |
+ %endif
|
| |
+
|
| |
# Check debug symbols in static libraries (smoke test)
|
| |
export STATIC_LIBS_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{static_libs_image}
|
| |
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
|
| |
@@ -1974,6 +1986,11 @@
|
| |
|
| |
|
| |
%changelog
|
| |
+ * Thu Dec 17 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-6
|
| |
+ - introduced nm based check to verify alt-java on x86_64 is patched, and no other alt-java or java is patched
|
| |
+ - patch600 rh1750419-redhat_alt_java.patch amended to die, if it is used wrongly
|
| |
+ - introduced ssbd_arches with currently only valid arch of x86_64 to separate real alt-java architectures
|
| |
+
|
| |
* Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-5
|
| |
- removed patch6, rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch
|
| |
- added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch
|
| |
I'm in favour of merge both commits to single one