kumquat-buildroot/package/openjdk/openjdk.mk
Adam Duskett c1038fe47c package/openjdk{-bin}: security bump versions to 11.0.20+8 and 17.0.8+7
Fixed the following security issues:

* CVEs
  - CVE-2023-22006
  - CVE-2023-22036
  - CVE-2023-22041
  - CVE-2023-22044
  - CVE-2023-22045
  - CVE-2023-22049
  - CVE-2023-25193
* Security fixes
  - JDK-8298676: Enhanced Look and Feel
  - JDK-8300285: Enhance TLS data handling
  - JDK-8300596: Enhance Jar Signature validation
  - JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
  - JDK-8302475: Enhance HTTP client file downloading
  - JDK-8302483: Enhance ZIP performance
  - JDK-8303376: Better launching of JDI
  - JDK-8304468: Better array usages
  - JDK-8305312: Enhanced path handling
  - JDK-8308682: Enhance AES performance

For details, see the announcements:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024064.html
https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024063.html

Signed-off-by: Adam Duskett <aduskett@gmail.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-08-30 21:36:43 +02:00

161 lines
4.8 KiB
Makefile

################################################################################
#
# openjdk
#
################################################################################
ifeq ($(BR2_PACKAGE_OPENJDK_VERSION_17),y)
OPENJDK_VERSION_MAJOR = 17
OPENJDK_VERSION_MINOR = 0.8+7
else
OPENJDK_VERSION_MAJOR = 11
OPENJDK_VERSION_MINOR = 0.20+8
endif
OPENJDK_VERSION = $(OPENJDK_VERSION_MAJOR).$(OPENJDK_VERSION_MINOR)
OPENJDK_SITE = $(call github,openjdk,jdk$(OPENJDK_VERSION_MAJOR)u,jdk-$(OPENJDK_VERSION))
OPENJDK_LICENSE = GPL-2.0+ with exception
OPENJDK_LICENSE_FILES = LICENSE
OPENJDK_INSTALL_STAGING = YES
# OpenJDK requires Alsa, cups, and X11 even for a headless build.
# host-zip is needed for the zip executable.
OPENJDK_DEPENDENCIES = \
host-gawk \
host-openjdk-bin \
host-pkgconf \
host-zip \
host-zlib \
alsa-lib \
cups \
fontconfig \
giflib \
jpeg \
lcms2 \
libpng \
libusb \
xlib_libXrandr \
xlib_libXrender \
xlib_libXt \
xlib_libXtst \
zlib
# JVM variants
ifeq ($(BR2_PACKAGE_OPENJDK_JVM_VARIANT_CLIENT),y)
OPENJDK_JVM_VARIANT = client
endif
ifeq ($(BR2_PACKAGE_OPENJDK_JVM_VARIANT_SERVER),y)
OPENJDK_JVM_VARIANT = server
endif
ifeq ($(BR2_PACKAGE_OPENJDK_JVM_VARIANT_ZERO),y)
OPENJDK_JVM_VARIANT = zero
OPENJDK_DEPENDENCIES += libffi
endif
ifeq ($(BR2_PACKAGE_OPENJDK_FULL_JDK),y)
OPENJDK_VARIANT = jdk
OPENJDK_MAKE_TARGET = jdk-image
else
OPENJDK_VARIANT = jre
OPENJDK_MAKE_TARGET = legacy-jre-image
endif
# OpenJDK installs a file named 'modules' in jre/lib, which gets installed as
# /usr/lib/modules. However, with a merged /usr, this conflicts with the
# directory named 'modules' installed by the kernel. If OpenJDK gets built
# after the kernel, this manifests itself with: "cp: cannot overwrite
# directory '/usr/lib/modules with non-directory."
OPENJDK_INSTALL_BASE = /usr/lib/jvm
# OpenJDK ignores some variables unless passed via the environment.
# These variables are PATH, LD, CC, CXX, and CPP.
# OpenJDK defaults ld to the ld binary but passes -Xlinker and -z as
# arguments during the linking process, which causes compilation failures.
# To fix this issue, LD is set to point to gcc.
OPENJDK_CONF_ENV = \
PATH=$(BR_PATH) \
CC=$(TARGET_CC) \
CPP=$(TARGET_CPP) \
CXX=$(TARGET_CXX) \
LD=$(TARGET_CC) \
BUILD_SYSROOT_CFLAGS="$(HOST_CFLAGS)" \
BUILD_SYSROOT_LDFLAGS="$(HOST_LDFLAGS)"
OPENJDK_CONF_OPTS = \
--disable-full-docs \
--disable-hotspot-gtest \
--disable-manpages \
--disable-warnings-as-errors \
--enable-headless-only \
--enable-openjdk-only \
--enable-unlimited-crypto \
--openjdk-target=$(GNU_TARGET_NAME) \
--with-boot-jdk=$(HOST_OPENJDK_BIN_ROOT_DIR) \
--with-stdc++lib=dynamic \
--with-debug-level=release \
--with-devkit=$(HOST_DIR) \
--with-extra-cflags="$(TARGET_CFLAGS)" \
--with-extra-cxxflags="$(TARGET_CXXFLAGS)" \
--with-extra-ldflags="-Wl,-rpath,$(OPENJDK_INSTALL_BASE)/lib,-rpath,$(OPENJDK_INSTALL_BASE)/lib/$(OPENJDK_JVM_VARIANT)" \
--with-giflib=system \
--with-jobs=$(PARALLEL_JOBS) \
--with-jvm-variants=$(OPENJDK_JVM_VARIANT) \
--with-lcms=system \
--with-libjpeg=system \
--with-libpng=system \
--with-zlib=system \
--with-native-debug-symbols=none \
--without-version-pre \
--with-sysroot=$(STAGING_DIR) \
--with-version-build="$(OPENJDK_VERSION_MAJOR)" \
--with-version-string="$(OPENJDK_VERSION_MAJOR)"
# If building for AArch64, use the provided CPU port.
ifeq ($(BR2_aarch64),y)
OPENJDK_CONF_OPTS += --with-abi-profile=aarch64
endif
ifeq ($(BR2_CCACHE),y)
OPENJDK_CONF_OPTS += \
--enable-ccache \
--with-ccache-dir=$(BR2_CCACHE_DIR)
endif
# Autogen and configure are performed in a single step.
define OPENJDK_CONFIGURE_CMDS
chmod +x $(@D)/configure
cd $(@D); $(OPENJDK_CONF_ENV) ./configure autogen $(OPENJDK_CONF_OPTS)
endef
# Make -jn is unsupported. Instead, set the "--with-jobs=" configure option,
# and use $(MAKE1).
define OPENJDK_BUILD_CMDS
$(TARGET_MAKE_ENV) $(OPENJDK_CONF_ENV) $(MAKE1) -C $(@D) $(OPENJDK_MAKE_TARGET)
endef
# Calling make install always builds and installs the JDK instead of the JRE,
# which makes manual installation necessary.
define OPENJDK_INSTALL_TARGET_CMDS
mkdir -p $(TARGET_DIR)$(OPENJDK_INSTALL_BASE)
cp -dpfr $(@D)/build/linux-*-release/images/$(OPENJDK_VARIANT)/* \
$(TARGET_DIR)$(OPENJDK_INSTALL_BASE)/
cd $(TARGET_DIR)/usr/bin && ln -snf ../..$(OPENJDK_INSTALL_BASE)/bin/* .
endef
define OPENJDK_INSTALL_STAGING_CMDS
mkdir -p $(STAGING_DIR)/usr/include/jvm
cp -dpfr $(@D)/build/linux-*-release/jdk/include/* \
$(STAGING_DIR)/usr/include/jvm
endef
# Demos and includes are not needed on the target
ifeq ($(BR2_PACKAGE_OPENJDK_FULL_JDK),y)
define OPENJDK_REMOVE_UNEEDED_JDK_DIRECTORIES
$(RM) -r $(TARGET_DIR)$(OPENJDK_INSTALL_BASE)/include/
$(RM) -r $(TARGET_DIR)$(OPENJDK_INSTALL_BASE)/demo/
endef
OPENJDK_TARGET_FINALIZE_HOOKS += OPENJDK_REMOVE_UNEEDED_JDK_DIRECTORIES
endif
$(eval $(generic-package))