diff --git a/.gitignore b/.gitignore index f34cedd..d5493bd 100644 --- a/.gitignore +++ b/.gitignore @@ -244,3 +244,5 @@ /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz +/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz +/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz diff --git a/NEWS b/NEWS index 05c1b39..ef9db68 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,33 @@ Live versions of these release notes can be found at: * https://bitly.com/openjdk8u312 * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt +* Security fixes + - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 + - JDK-8161016: Strange behavior of URLConnection with proxy + - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference + - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close + - JDK-8263314: Enhance XML Dsig modes + - JDK-8265167, CVE-2021-35556: Richer Text Editors + - JDK-8265574: Improve handling of sheets + - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit + - JDK-8265776: Improve Stream handling for SSL + - JDK-8266097, CVE-2021-35561: Better hashing support + - JDK-8266103: Better specified spec values + - JDK-8266109: More Resilient Classloading + - JDK-8266115: More Manifest Jar Loading + - JDK-8266137, CVE-2021-35564: Improve Keystore integrity + - JDK-8266689, CVE-2021-35567: More Constrained Delegation + - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic + - JDK-8267712: Better LDAP reference processing + - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking + - JDK-8267735, CVE-2021-35586: Better BMP support + - JDK-8268193: Improve requests of certificates + - JDK-8268199: Correct certificate requests + - JDK-8268506: More Manifest Digests + - JDK-8269618, CVE-2021-35603: Better session identification + - JDK-8269624: Enhance method selection support + - JDK-8270398: Enhance canonicalization + - JDK-8270404: Better canonicalization * Other changes - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection @@ -29,10 +56,9 @@ Live versions of these release notes can be found at: - JDK-8134869: AARCH64: GHASH intrinsic is not optimal - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get - - JDK-8161016: Strange behavior of URLConnection with proxy + - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream - JDK-8166673: The new implementation of Robot.waitForIdle() may hang - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders - - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore @@ -40,6 +66,7 @@ Live versions of these release notes can be found at: - JDK-8214418: half-closed SSLEngine status may cause application dead loop - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11 - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr + - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4 - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7 @@ -49,7 +76,6 @@ Live versions of these release notes can be found at: - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken. - - JDK-8254967: com.sun.net.HttpsServer spins on TLS session close - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space" - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames() @@ -61,7 +87,9 @@ Live versions of these release notes can be found at: - JDK-8265978: make test should look for more locations when searching for exit code - JDK-8266206: Build failure after JDK-8264752 with older GCCs - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836 + - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark + - JDK-8269763: The JEditorPane is blank after JDK-8265167 - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short @@ -72,6 +100,34 @@ Live versions of these release notes can be found at: - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon - JDK-8272214: [8u] Build failure after backport of JDK-8248901 - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013 +* Shenandoah + - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array + - Re-cast JNI critical strings patch to be Shenandoah-specific + +Notes on individual issues: +=========================== + +core-libs/java.net: + +JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found +================================================================================ +The behavior of HttpURLConnection when using a ProxySelector has been +modified with this JDK release. HttpURLConnection used to fall back to +a DIRECT connection attempt if the configured proxy(s) failed to make +a connection. This release introduces a change whereby no DIRECT +connection will be attempted in such a scenario. Instead, the +HttpURLConnection.connect() method will fail and throw an IOException +which occurred from the last proxy tested. + +security-libs/javax.net.ssl: + +JDK-8219551: Updated the Default Enabled Cipher Suites Preference +================================================================= +The preference of the default enabled cipher suites has been +changed. The compatibility impact should be minimal. If needed, +applications can customize the enabled cipher suites and the +preference. For more details, refer to the SunJSSE provider +documentation and the JSSE Reference Guide documentation. New in release OpenJDK 8u302 (2021-07-20): =========================================== diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index 16c2d89..afad6cd 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -296,7 +296,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u312-b05 +%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -311,12 +311,12 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 2 +%global rpmrelease 1 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -2624,6 +2624,11 @@ cjc.mainProgram(args) %endif %changelog +* Fri Oct 15 2021 Andrew Hughes - 1:1.8.0.312.b07-1 +- Update to aarch64-shenandoah-jdk8u312-b07 (GA) +- Update release notes for 8u312-b07. +- Switch to GA mode for final release. + * Thu Oct 07 2021 Andrew Hughes - 1:1.8.0.312.b05-0.2.ea - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false diff --git a/sources b/sources index 7c2359c..32ce1e2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671 -SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz) = 41aa7cfe6946f9b88e8ae66716e8db204a401f5ded43037c54c071b7a895e08df389d6a7ae5961da00c309a6802c88197cd59ed8e5e52a466c997a680f7f425f +SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7