ELSA-2022-5726

Описание

[1:17.0.4.0.8-0.2.ea]

• Add rpminspect.yaml to turn off Java bytecode inspections
• java-17-openjdk deliberately produces Java 17 bytecode, not the default Java 11 bytecode
• Resolves: rhbz#2109106

[1:17.0.4.0.8-0.2.ea]

• Revert the following changes until copy-java-configs has adapted to relative symlinks:
• • Move cacerts replacement to install section and retain original of this and tzdb.dat
• • Run tests on the installed image, rather than the build image
• • Introduce variables to refer to the static library installation directories
• • Use relative symlinks so they work within the image
• • Run debug symbols check during build stage, before the install strips them
• The move of turning on system security properties is retained so we don't ship with them off
• Related: rhbz#2084650

[1:17.0.4.0.8-0.2.ea]

• Returned absolute symlinks
• Relative symlinks are breaking cjc, and deeper investigations are necessary -- why cjc intentionally skips relative symllinks
• Images have to be workarounded differently
• Related: rhbz#2084650

[1:17.0.4.0.8-1]

• Update to jdk-17.0.4.0+8
• Update release notes to 17.0.4.0+8
• Need to include the '.S' suffix in debuginfo checks after JDK-8284661
• Print release file during build, which should now include a correct SOURCE value from .src-rev
• Update tarball script with IcedTea GitHub URL and .src-rev generation
• Include script to generate bug list for release notes
• Update tzdata requirement to 2022a to match JDK-8283350
• Move EA designator check to prep so failures can be caught earlier
• Make EA designator check non-fatal while upstream is not maintaining it
• Explicitly require crypto-policies during build and runtime for system security properties
• Make use of the vendor version string to store our version & release rather than an upstream release date
• Include a test in the RPM to check the build has the correct vendor information.
• Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
• • RH2094027: SunEC runtime permission for FIPS
• • RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
• • RH2090378: Revert to disabling system security properties and FIPS mode support together
• Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
• Enable system security properties in the RPM (now disabled by default in the FIPS repo)
• Improve security properties test to check both enabled and disabled behaviour
• Run security properties test with property debugging on
• Turn on system security properties as part of the build's install section
• Move cacerts replacement to install section and retain original of this and tzdb.dat
• Run tests on the installed image, rather than the build image
• Introduce variables to refer to the static library installation directories
• Use relative symlinks so they work within the image
• Run debug symbols check during build stage, before the install strips them
• Resolves: rhbz#2084650
• Resolves: rhbz#2099913
• Resolves: rhbz#2108206
• Resolves: rhbz#2108209
• Resolves: rhbz#2106521

[1:17.0.4.0.1-0.2.ea]

• Fix issue where CheckVendor.java test erroneously passes when it should fail.
• Add proper quoting so '&' is not treated as a special character by the shell.
• Related: rhbz#2084650