Bug 1888633

Summary: migrate icedtea-web to use alt-java special binary in our JDK8 packages instead of plain java [rhel-8]
Product: Red Hat Enterprise Linux 8 Reporter: jiri vanek <jvanek>
Component: icedtea-webAssignee: jiri vanek <jvanek>
Status: CLOSED ERRATA QA Contact: OpenJDK QA <java-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.4CC: ahughes, aph, jandrlik, neugens, security-response-team
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: 8.4Flags: pm-rhel: mirror+
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1901637 1901638 1901639 1901641 1901678 1901679 1901680 (view as bug list) Environment:
Last Closed: 2021-05-18 15:52:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1750419, 1784116, 1901637, 1901638, 1901639, 1901641, 1901678, 1901679, 1901680    

Description jiri vanek 2020-10-15 12:04:19 UTC 
In response to CVE-2018-3639, Spectre V4 (SSB), we had added  patch(es) of: 
http://pkgs.devel.redhat.com/cgit/rpms/java-1.8.0-openjdk/commit/?h=rhel-8.4.0&id=1211c3e73af8f1eb567ec0716e38ce6456f40f9a
http://pkgs.devel.redhat.com/cgit/rpms/java-11-openjdk/commit/?h=rhel-8.4.0&id=3c5ec0a61f0f45fe5333fcdc6f7d3778797ac09a

That patch was released with known, very small, performance drop. In time it proved, that this performance regression is making some customers unhappy. 

Later the patch(es) for CVE_2018_3639-speculative_store_bypass were definitely denied for upstream inclusion by project reviwers.

As a response to this evolution, we decided to provide two java binaries in our rpms:
 java - without the patch(es), and with same performance as usptream jdk
 alt-java - with the patch(es) and with the performance regression. This 

At the end, we decided that there is only one software in RH repos, which needs use alt-java by default. And that is icedtea-web


See also: INC1447202 (make ITW using the alt-java launcher)

Targeted branches after fedoras and 8.4 are done are 8.3.z and 7.9.z
Comment 1 jiri vanek 2020-11-20 16:25:57 UTC 
Currenlty used bianry name is  alt-java:
http://pkgs.devel.redhat.com/cgit/rpms/java-1.8.0-openjdk/commit/?h=rhel-8.4.0&id=efeea2697850ed9c413b9a1cc47fe69b394b3f2e
Comment 2 jiri vanek 2020-11-20 17:38:53 UTC 
http://pkgs.devel.redhat.com/cgit/rpms/icedtea-web/commit/?h=rhel-8.4.0&id=1fb7c49acea158c1c30a4898d660a6ac60e1ede1
https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=33188980
Comment 11 errata-xmlrpc 2021-05-18 15:52:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (icedtea-web bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1863