Update to aarch64-shenandoah-jdk8u312-b07 (GA)

Update release notes for 8u312-b07. Switch to GA mode for final release.
2021-10-20 01:46:06 +01:00 · 2021-10-20 01:46:06 +01:00 · 06afebf801
commit 06afebf801
parent 38ede77603
4 changed files with 70 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -244,3 +244,5 @@
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b03-4curve.tar.xz
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b04-4curve.tar.xz
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-shenandoah-merge-2021-10-07-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
--- a/62
+++ b/62
@ -9,6 +9,33 @@ Live versions of these release notes can be found at:
  * https://bitly.com/openjdk8u312
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt

+* Security fixes
+  - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
+  - JDK-8161016: Strange behavior of URLConnection with proxy
+  - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
+  - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
+  - JDK-8263314: Enhance XML Dsig modes
+  - JDK-8265167, CVE-2021-35556: Richer Text Editors
+  - JDK-8265574: Improve handling of sheets
+  - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
+  - JDK-8265776: Improve Stream handling for SSL
+  - JDK-8266097, CVE-2021-35561: Better hashing support
+  - JDK-8266103: Better specified spec values
+  - JDK-8266109: More Resilient Classloading
+  - JDK-8266115: More Manifest Jar Loading
+  - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
+  - JDK-8266689, CVE-2021-35567: More Constrained Delegation
+  - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
+  - JDK-8267712: Better LDAP reference processing
+  - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
+  - JDK-8267735, CVE-2021-35586: Better BMP support
+  - JDK-8268193: Improve requests of certificates
+  - JDK-8268199: Correct certificate requests
+  - JDK-8268506: More Manifest Digests
+  - JDK-8269618, CVE-2021-35603: Better session identification
+  - JDK-8269624: Enhance method selection support
+  - JDK-8270398: Enhance canonicalization
+  - JDK-8270404: Better canonicalization
 * Other changes
  - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
  - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
@ -29,10 +56,9 @@ Live versions of these release notes can be found at:
  - JDK-8134869: AARCH64: GHASH intrinsic is not optimal
  - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
  - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
-  - JDK-8161016: Strange behavior of URLConnection with proxy
+  - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
  - JDK-8166673: The new implementation of Robot.waitForIdle() may hang
  - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
-  - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
  - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
  - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
  - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
@ -40,6 +66,7 @@ Live versions of these release notes can be found at:
  - JDK-8214418: half-closed SSLEngine status may cause application dead loop
  - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
  - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
+  - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
  - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
  - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
  - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
@ -49,7 +76,6 @@ Live versions of these release notes can be found at:
  - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
  - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
  - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
-  - JDK-8254967: com.sun.net.HttpsServer spins on TLS session close
  - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
  - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
  - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
@ -61,7 +87,9 @@ Live versions of these release notes can be found at:
  - JDK-8265978: make test should look for more locations when searching for exit code
  - JDK-8266206: Build failure after JDK-8264752 with older GCCs
  - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
+  - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
  - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
+  - JDK-8269763: The JEditorPane is blank after JDK-8265167
  - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
  - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
  - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
@ -72,6 +100,34 @@ Live versions of these release notes can be found at:
  - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
  - JDK-8272214: [8u] Build failure after backport of JDK-8248901
  - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
+* Shenandoah
+  - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array
+  - Re-cast JNI critical strings patch to be Shenandoah-specific
+
+Notes on individual issues:
+===========================
+
+core-libs/java.net:
+
+JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
+================================================================================
+The behavior of HttpURLConnection when using a ProxySelector has been
+modified with this JDK release. HttpURLConnection used to fall back to
+a DIRECT connection attempt if the configured proxy(s) failed to make
+a connection. This release introduces a change whereby no DIRECT
+connection will be attempted in such a scenario. Instead, the
+HttpURLConnection.connect() method will fail and throw an IOException
+which occurred from the last proxy tested.
+
+security-libs/javax.net.ssl:
+
+JDK-8219551: Updated the Default Enabled Cipher Suites Preference
+=================================================================
+The preference of the default enabled cipher suites has been
+changed. The compatibility impact should be minimal. If needed,
+applications can customize the enabled cipher suites and the
+preference. For more details, refer to the SunJSSE provider
+documentation and the JSSE Reference Guide documentation.

 New in release OpenJDK 8u302 (2021-07-20):
 ===========================================
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@ -296,7 +296,7 @@
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
 %global shenandoah_project	aarch64-port
 %global shenandoah_repo		jdk8u-shenandoah
-%global shenandoah_revision    	aarch64-shenandoah-jdk8u312-b05
+%global shenandoah_revision    	aarch64-shenandoah-jdk8u312-b07
 # Define old aarch64/jdk8u tree variables for compatibility
 %global project         %{shenandoah_project}
 %global repo            %{shenandoah_repo}
@ -311,12 +311,12 @@
 %global updatever       %(VERSION=%{whole_update}; echo ${VERSION##*u})
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease      2
+%global rpmrelease      1
 # Define milestone (EA for pre-releases, GA ("fcs") for releases)
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           0
+%global is_ga           1
 %if %{is_ga}
 %global milestone          fcs
 %global milestone_version  %{nil}
@ -2624,6 +2624,11 @@ cjc.mainProgram(args)
 %endif

 %changelog
+* Fri Oct 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b07-1
+- Update to aarch64-shenandoah-jdk8u312-b07 (GA)
+- Update release notes for 8u312-b07.
+- Switch to GA mode for final release.
+
 * Thu Oct 07 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b05-0.2.ea
 - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false

--- a/2
+++ b/2
@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b05-4curve.tar.xz) = 41aa7cfe6946f9b88e8ae66716e8db204a401f5ded43037c54c071b7a895e08df389d6a7ae5961da00c309a6802c88197cd59ed8e5e52a466c997a680f7f425f
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz) = 6da9aab9f456336d73cb41755b9e075c43b21ce54fa208d94295aaeef0dce9e4059740efe87458e131b633c3ab3d6f964a5d2407a76e79dd9b080a5416efd7e7