diff --git a/.gitignore b/.gitignore index fdea525..3d74887 100644 --- a/.gitignore +++ b/.gitignore @@ -289,3 +289,4 @@ /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.ppc64le.tar.xz /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz /java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz +/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz diff --git a/NEWS b/NEWS index a6788c4..51e3859 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,210 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u372 (2023-04-18): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u372 + +* CVEs + - CVE-2023-21930 + - CVE-2023-21937 + - CVE-2023-21938 + - CVE-2023-21939 + - CVE-2023-21954 + - CVE-2023-21967 + - CVE-2023-21968 +* Security fixes + - JDK-8287404: Improve ping times + - JDK-8288436: Improve Xalan supports + - JDK-8294474: Better AES support + - JDK-8295304: Runtime support improvements + - JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation + - JDK-8296676, JDK-8296622: Improve String platform support + - JDK-8296684: Improve String platform support + - JDK-8296692: Improve String platform support + - JDK-8296700: Improve String platform support + - JDK-8296832: Improve Swing platform support + - JDK-8297371: Improve UTF8 representation redux + - JDK-8298191: Enhance object reclamation process + - JDK-8298310: Enhance TLS session negotiation + - JDK-8298667: Improved path handling + - JDK-8299129: Enhance NameService lookups +* New features + - JDK-8230305: Cgroups v2: Container awareness +* Other changes + - JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html + - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows + - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails + - JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be + - JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation + - JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java + - JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows + - JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled + - JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB + - JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error + - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing + - JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu + - JDK-8156579: Two JavaBeans tests failed + - JDK-8156581: Cleanup of ProblemList.txt + - JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail + - JDK-8177560: @headful key can be removed from the tests for JavaSound + - JDK-8196196: Headful tests should not be run in headless mode + - JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails + - JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp + - JDK-8203485: [freetype] text rotated on 180 degrees is too narrow + - JDK-8205959: Do not restart close if errno is EINTR + - JDK-8216366: Add rationale to PER_CPU_SHARES define + - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails + - JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes) + - JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12 + - JDK-8229202: Docker reporting causes secondary crashes in error handling + - JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy + - JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation + - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos + - JDK-8234484: Add ability to configure third port for remote JMX + - JDK-8237479: 8230305 causes slowdebug build failure + - JDK-8239559: Cgroups: Incorrect detection logic on some systems + - JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot + - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual + - JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111 + - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873 + - JDK-8242468: VS2019 build missing vcruntime140_1.dll + - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails + - JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java + - JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible) + - JDK-8245654: Add Certigna Root CA + - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows + - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked + - JDK-8252359: HotSpot Not Identifying it is Running in a Container + - JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota + - JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist + - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high + - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly + - JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems + - JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code + - JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection + - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards + - JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes + - JDK-8257620: Do not use objc_msgSend_stret to get macOS version + - JDK-8262379: Add regression test for JDK-8257746 + - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec + - JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics + - JDK-8270317: Large Allocation in CipherSuite + - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked + - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11 + - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc + - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10 + - JDK-8280048: Missing comma in copyright header + - JDK-8282398: EndingDotHostname.java test fails because SSL cert expired + - JDK-8282511: Use fixed certificate validation date in SSLExampleCert template + - JDK-8282947: JFR: Dump on shutdown live-locks in some conditions + - JDK-8283277: ISO 4217 Amendment 171 Update + - JDK-8283606: Tests may fail with zh locale on MacOS + - JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124 + - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox + - JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem + - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist + - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 + - JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller + - JDK-8287109: Distrust.java failed with CertificateExpiredException + - JDK-8287463: JFR: Disable TestDevNull.java on Windows + - JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete + - JDK-8289549: ISO 4217 Amendment 172 Update + - JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun + - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u + - JDK-8292083: Detected container memory limit may exceed physical machine memory + - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory + - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present + - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts + - JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings + - JDK-8294307: ISO 4217 Amendment 173 Update + - JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features + - JDK-8295322: Tests for JDK-8271459 were not backported to 11u + - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 + - JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process + - JDK-8296239: ISO 4217 Amendment 174 Update + - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing + - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException + - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent + - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 + - JDK-8297329: [8u] hotspot needs to recognise VS2019 + - JDK-8297739: Bump update version of OpenJDK: 8u372 + - JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's + - JDK-8298027: Remove SCCS id's from awt jtreg tests + - JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u + - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + - JDK-8299445: EndingDotHostname.java fails because of compilation errors + - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java + - JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u + - JDK-8299804: Fix non-portable code in hotspot shell tests in 8u + - JDK-8300014: Some backports placed the tests in the wrong location + - JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems + - JDK-8301122: [8u] Fix unreliable vs2010 download link + - JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper + - JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig + - JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport + - JDK-8301550: [8u] Enable additional linux build testing in GitHub + - JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors + - JDK-8301760: Fix possible leak in SpNegoContext dispose + - JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391 + - JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391 + - JDK-8304053: Revert os specific stubs for SystemMetrics + - JDK-8305113: (tz) Update Timezone Data to 2023c + +Notes on individual issues: +=========================== + +hotspot: +core-libs: + +JDK-8305562: Cgroups v2: Container awareness +============================================ +The HotSpot runtime code as well as the core libraries code in the JDK +has been updated in order to detect a cgroup v2 host system when +running OpenJDK within a Linux container. + +Since the 8u202 release of OpenJDK, the container detection code +recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later +releases, both versions of the underlying cgroups pseudo filesystem +will be detected and corresponding container limits applied to the +OpenJDK runtime. + +Without this enhancement, OpenJDK would not apply container resource +limits when running on a cgroup v2 Linux host system, but would use +the underlying hosts' resource limits instead. + +client-libs/javax.swing: + +JDK-8296832: Improve Swing platform support +=========================================== +Earlier OpenJDK releases would always render HTML object tags embedded in +Swing HTML components. With this release, rendering only occurs when the +new system property "swing.html.object" is set to true. By default, it +is set to false. + +core-svc/javax.management: + +JDK-8234484: Added Ability to Configure Third Port for Remote JMX +================================================================= +A local access port can now be configured for JMX connections by +setting the property `com.sun.management.jmxremote.local.port`. This +local port was previously selected at random, which could lead to port +collisions. The property works in the same way as the existing +properties for configuring the remote access port +(`com.sun.management.jmxremote.port`) and the RMI port +(`com.sun.management.jmxremote.rmi.port`) + +security-libs/java.security: + +JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate +========================================================== +The following root certificate has been added to the cacerts truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR + New in release OpenJDK 8u362 (2023-01-17): =========================================== Live versions of these release notes can be found at: diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh index 3f33d68..b03b0a9 100755 --- a/generate_source_tarball.sh +++ b/generate_source_tarball.sh @@ -10,7 +10,7 @@ # PROJECT_NAME=openjdk # REPO_NAME=shenandoah-jdk8u # VERSION=HEAD -# +# # They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set) # This script creates a single source tarball out of the repository @@ -31,8 +31,8 @@ fi if [ "x${JCONSOLE_JS_PATCH}" != "x" ] ; then if [ ! -f "${JCONSOLE_JS_PATCH}" ] ; then - echo "You have specified the jconsole.js patch as ${JCONSOLE_JS_PATCH} but it does not exist. Exiting."; - exit 2; + echo "You have specified the jconsole.js patch as ${JCONSOLE_JS_PATCH} but it does not exist. Exiting."; + exit 2; fi else JCONSOLE_JS_PATCH=${JCONSOLE_JS_PATCH_DEFAULT} @@ -53,29 +53,58 @@ if [ "x$1" = "xhelp" ] ; then echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})" echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})" echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)" - echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)" + echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)" echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)" echo "JCONSOLE_JS_PATCH - the path to a patch to fix non-availiability of jconsole.js (optional; defaults to ${JCONSOLE_JS_PATCH_DEFAULT})" + echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run" exit 1; fi if [ "x$VERSION" = "x" ] ; then echo "No VERSION specified" - exit -2 + exit 2 fi echo "Version: ${VERSION}" - + +NUM_VER=${VERSION##jdk-} +RELEASE_VER=${NUM_VER%%+*} +BUILD_VER=${NUM_VER##*+} +MAJOR_VER=${RELEASE_VER%%.*} +echo "Major version is ${MAJOR_VER}, release ${RELEASE_VER}, build ${BUILD_VER}" + +if [ "x$BOOT_JDK" = "x" ] ; then + echo "No boot JDK specified". + BOOT_JDK=/usr/lib/jvm/java-${MAJOR_VER}-openjdk; + echo -n "Checking for ${BOOT_JDK}..."; + if [ -d ${BOOT_JDK} -a -x ${BOOT_JDK}/bin/java ] ; then + echo "Boot JDK found at ${BOOT_JDK}"; + else + echo "Not found"; + PREV_VER=$((${MAJOR_VER} - 1)); + BOOT_JDK=/usr/lib/jvm/java-${PREV_VER}-openjdk; + echo -n "Checking for ${BOOT_JDK}..."; + if [ -d ${BOOT_JDK} -a -x ${BOOT_JDK}/bin/java ] ; then + echo "Boot JDK found at ${BOOT_JDK}"; + else + echo "Not found"; + exit 4; + fi + fi +else + echo "Boot JDK: ${BOOT_JDK}"; +fi + # REPO_NAME is only needed when we default on REPO_ROOT and FILE_NAME_ROOT if [ "x$FILE_NAME_ROOT" = "x" -o "x$REPO_ROOT" = "x" ] ; then if [ "x$PROJECT_NAME" = "x" ] ; then - echo "No PROJECT_NAME specified" - exit -1 + echo "No PROJECT_NAME specified" + exit 1 fi echo "Project name: ${PROJECT_NAME}" if [ "x$REPO_NAME" = "x" ] ; then - echo "No REPO_NAME specified" - exit -3 + echo "No REPO_NAME specified" + exit 3 fi echo "Repository name: ${REPO_NAME}" fi @@ -112,6 +141,7 @@ echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}" echo -e "\tREPO_ROOT: ${REPO_ROOT}" echo -e "\tPR3822: ${PR3822}" echo -e "\tJCONSOLE_JS_PATCH: ${JCONSOLE_JS_PATCH}" +echo -e "\tBOOT_JDK: ${BOOT_JDK}" mkdir "${FILE_NAME_ROOT}" pushd "${FILE_NAME_ROOT}" @@ -120,7 +150,7 @@ echo "Cloning ${VERSION} root repository from ${REPO_ROOT}" git clone -b ${VERSION} ${REPO_ROOT} openjdk pushd openjdk - + # UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free if [ -d langtools ] ; then echo "Removing langtools test case with non-Free license" @@ -144,15 +174,15 @@ if [ -d jdk ]; then echo "Syncing EC list with NSS" if [ "x$PR3822" = "x" ] ; then - # get pr3822.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch - # Do not push it or publish it - wget -O pr3822.patch https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/pr3822-4curve.patch - echo "Applying ${PWD}/pr3822.patch" - git apply --stat --apply -v -p1 pr3822.patch - rm pr3822.patch + # get pr3822.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch + # Do not push it or publish it + wget -O pr3822.patch https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/pr3822-4curve.patch + echo "Applying ${PWD}/pr3822.patch" + git apply --stat --apply -v -p1 pr3822.patch + rm pr3822.patch else - echo "Applying ${PR3822}" - git apply --stat --apply -v -p1 $PR3822 + echo "Applying ${PR3822}" + git apply --stat --apply -v -p1 $PR3822 fi; fi @@ -166,11 +196,29 @@ popd # Generate .src-rev so build has knowledge of the revision the tarball was created from mkdir build pushd build -sh ${PWD}/../openjdk/configure +sh ${PWD}/../openjdk/configure --with-boot-jdk=${BOOT_JDK} make store-source-revision popd rm -rf build +# Remove commit checks +echo "Removing $(find openjdk -name '.jcheck' -print)" +find openjdk -name '.jcheck' -print0 | xargs -0 rm -r + +# Remove history and GHA +echo "find openjdk -name '.hgtags'" +find openjdk -name '.hgtags' -exec rm -v '{}' '+' +echo "find openjdk -name '.hgignore'" +find openjdk -name '.hgignore' -exec rm -v '{}' '+' +echo "find openjdk -name '.gitattributes'" +find openjdk -name '.gitattributes' -exec rm -v '{}' '+' +echo "find openjdk -name '.gitignore'" +find openjdk -name '.gitignore' -exec rm -v '{}' '+' +echo "find openjdk -name '.git'" +find openjdk -name '.git' -exec rm -rv '{}' '+' +echo "find openjdk -name '.github'" +find openjdk -name '.github' -exec rm -rv '{}' '+' + echo "Compressing remaining forest" if [ "X$COMPRESSION" = "Xxz" ] ; then SWITCH=cJf diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index d7cece3..e6782b2 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -318,7 +318,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project openjdk %global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u362-b09 +%global openjdk_revision jdk8u372-b07 %global shenandoah_revision shenandoah-%{openjdk_revision} # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} @@ -339,15 +339,11 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 4 +%global rpmrelease 2 # Settings used by the portable build -%global portablerelease 4 -%global portablesuffix el7openjdkportable +%global portablerelease 2 +%global portablesuffix el8 %global portablebuilddir /builddir/build/BUILD -# Temporary override until we have the portable version in sync -# b09 only contains some build fixes for RHEL 6 & Windows -%global portablebuildver b08 -%global portableversion %{javaver}.%{updatever}.%{portablebuildver} # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): @@ -1360,64 +1356,12 @@ Source20: repackReproduciblePolycies.sh Source100: config.guess Source101: config.sub -# TODO: Portable packages are not yet available in buildroot -# Temporarily add them as sources - -# aarch64 -Source1000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.aarch64.tar.xz -Source1002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.aarch64.tar.xz -Source1003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.aarch64.tar.xz -Source1004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.aarch64.tar.xz -Source1006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.aarch64.tar.xz - -# ppc64le -Source2000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.ppc64le.tar.xz -Source2002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.ppc64le.tar.xz -Source2003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.ppc64le.tar.xz -Source2004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.ppc64le.tar.xz -Source2006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.ppc64le.tar.xz - -# s390x -Source3000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.s390x.tar.xz -Source3002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.s390x.tar.xz -Source3003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.s390x.tar.xz - -# x86_64 -Source4000: %{name}-portable-%{portableversion}-%{portablerelease}.portable.unstripped.jdk.el.x86_64.tar.xz -Source4002: %{name}-portable-%{portableversion}-%{portablerelease}.portable.docs.el.x86_64.tar.xz -Source4003: %{name}-portable-%{portableversion}-%{portablerelease}.portable.misc.el.x86_64.tar.xz -Source4004: %{name}-portable-%{portableversion}-%{portablerelease}.portable.slowdebug.jdk.el.x86_64.tar.xz -Source4006: %{name}-portable-%{portableversion}-%{portablerelease}.portable.fastdebug.jdk.el.x86_64.tar.xz - # Setup variables to reference correct sources -%ifarch %{aarch64} -%global releasezip %{SOURCE1000} -%global docszip %{SOURCE1002} -%global misczip %{SOURCE1003} -%global slowdebugzip %{SOURCE1004} -%global fastdebugzip %{SOURCE1006} -%endif -%ifarch %{ppc64le} -%global releasezip %{SOURCE2000} -%global docszip %{SOURCE2002} -%global misczip %{SOURCE2003} -%global slowdebugzip %{SOURCE2004} -%global fastdebugzip %{SOURCE2006} -%endif -%ifarch s390x -%global releasezip %{SOURCE3000} -%global docszip %{SOURCE3002} -%global misczip %{SOURCE3003} -%global slowdebugzip %{nil} -%global fastdebugzip %{nil} -%endif -%ifarch x86_64 -%global releasezip %{SOURCE4000} -%global docszip %{SOURCE4002} -%global misczip %{SOURCE4003} -%global slowdebugzip %{SOURCE4004} -%global fastdebugzip %{SOURCE4006} -%endif +%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz +%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz +%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz +%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz +%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz ############################################ # @@ -1488,8 +1432,6 @@ Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch Patch600: rh1750419-redhat_alt_java.patch # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch -# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked -Patch113: jdk8275535-rh2053256-ldap_auth.patch ############################################# # @@ -1537,13 +1479,15 @@ Patch581: jdk8257794-remove_broken_assert.patch ############################################# # -# Patches appearing in 8u362 +# Patches appearing in 8u382 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be # able to be removed once that release is out # and used by this RPM. ############################################# +# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key +Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch ############################################# # @@ -1609,12 +1553,17 @@ BuildRequires: unzip # For definitions and macros like jvmdir BuildRequires: javapackages-filesystem %ifarch %{portable_build_arches} -# TODO: Portable packages are not yet available in buildroot -#BuildRequires: %{name}-portable-unstripped = %{VERSION} -#BuildRequires: %{name}-portable-docs = %{VERSION} -#BuildRequires: %{name}-portable-misc = %{VERSION} -#BuildRequires: %{name}-portable-devel-fastdebug = %{VERSION} -#BuildRequires: %{name}-portable-devel-slowdebug = %{VERSION} +%if %{include_normal_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +%if %{include_fastdebug_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +%if %{include_debug_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} %else # Require a boot JDK which doesn't fail due to RH1482244 BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 @@ -1623,8 +1572,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2022g required as of JDK-8297804 -BuildRequires: tzdata-java >= 2022g +# 2023c required as of JDK-8305113 +BuildRequires: tzdata-java >= 2023c # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1976,7 +1925,6 @@ sh %{SOURCE12} %patch574 %patch112 %patch581 -%patch113 pushd %{top_level_dir_name} # Add crypto policy and FIPS support @@ -1985,6 +1933,8 @@ pushd %{top_level_dir_name} %patch1000 -p1 # system cacerts support %patch539 -p1 +# 8u382 fix +%patch2001 -p1 popd # RPM-only fixes @@ -2273,7 +2223,7 @@ for suffix in %{build_loop} ; do mkdir -p $(dirname ${installdir}) mv %{name}* ${installdir} # Fix build paths in ELF files so it looks like we built them - portablenvr="%{name}-portable-%{portableversion}-%{portablerelease}.%{portablesuffix}.%{_arch}" + portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}" for file in $(find ${installdir} -type f) ; do if file ${file} | grep -q 'ELF'; then %{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file} @@ -2556,11 +2506,10 @@ if ! echo $suffix | grep -q "debug" ; then # Install Javadoc documentation install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} cp -a ${docdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} + built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip %ifarch %{portable_build_arches} - built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{portablebuildver}-docs.zip cp -a ${docdir}/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip %else - built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip %endif fi @@ -2876,6 +2825,20 @@ cjc.mainProgram(args) %endif %changelog +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-2 +- Update to shenandoah-jdk8u372-b07 (GA) +- Update release notes for shenandoah-8u372-b07. +- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 +- Update generate_tarball.sh to add support for passing a boot JDK to the configure run +- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace +- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs +- Drop JDK-8275535/RH2053256 patch which is now upstream +- Include JDK-8271199 backport early ahead of 8u382 (RH2175317) +- Drop hack for difference in local and portable build version +- Replace local copies of JDK portable binaries with build dependencies +- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** +- Related: RHEL-12211 + * Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 - On portable architectures, replace build section with extraction of existing builds from portables - Rewrite ELF files so the source file path is correct and debugsources can be assembled diff --git a/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch b/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch new file mode 100644 index 0000000..42ac516 --- /dev/null +++ b/jdk8271199-rh2175317-custom_pkcs11_provider_support.patch @@ -0,0 +1,167 @@ +commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99 +Author: Alexey Bakhtin +Date: Tue Apr 4 10:29:11 2023 +0000 + + 8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key + + Reviewed-by: andrew, mbalao + Backport-of: f6232982b91cb2314e96ddbde3984836a810a556 + +diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java +index a79e97d7c74..5378446b97b 100644 +--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java ++++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java +@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi { + @Override + protected void engineInitVerify(PublicKey publicKey) + throws InvalidKeyException { +- if (!(publicKey instanceof RSAPublicKey)) { ++ if (publicKey instanceof RSAPublicKey) { ++ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey; ++ isPublicKeyValid(rsaPubKey); ++ this.pubKey = rsaPubKey; ++ this.privKey = null; ++ resetDigest(); ++ } else { + throw new InvalidKeyException("key must be RSAPublicKey"); + } +- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey); +- this.privKey = null; +- resetDigest(); + } + + // initialize for signing. See JCA doc +@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi { + @Override + protected void engineInitSign(PrivateKey privateKey, SecureRandom random) + throws InvalidKeyException { +- if (!(privateKey instanceof RSAPrivateKey)) { ++ if (privateKey instanceof RSAPrivateKey) { ++ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey; ++ isPrivateKeyValid(rsaPrivateKey); ++ this.privKey = rsaPrivateKey; ++ this.pubKey = null; ++ this.random = ++ (random == null ? JCAUtil.getSecureRandom() : random); ++ resetDigest(); ++ } else { + throw new InvalidKeyException("key must be RSAPrivateKey"); + } +- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey); +- this.pubKey = null; +- this.random = +- (random == null? JCAUtil.getSecureRandom() : random); +- resetDigest(); + } + + /** +@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi { + } + } + ++ /** ++ * Validate the specified RSAPrivateKey ++ */ ++ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException { ++ try { ++ if (prKey instanceof RSAPrivateCrtKey) { ++ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey; ++ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) { ++ RSAKeyFactory.checkRSAProviderKeyLengths( ++ crtKey.getModulus().bitLength(), ++ crtKey.getPublicExponent()); ++ } else { ++ throw new InvalidKeyException( ++ "Some of the CRT-specific components are not available"); ++ } ++ } else { ++ RSAKeyFactory.checkRSAProviderKeyLengths( ++ prKey.getModulus().bitLength(), ++ null); ++ } ++ } catch (InvalidKeyException ikEx) { ++ throw ikEx; ++ } catch (Exception e) { ++ throw new InvalidKeyException( ++ "Can not access private key components", e); ++ } ++ isValid(prKey); ++ } ++ ++ /** ++ * Validate the specified RSAPublicKey ++ */ ++ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException { ++ try { ++ RSAKeyFactory.checkRSAProviderKeyLengths( ++ pKey.getModulus().bitLength(), ++ pKey.getPublicExponent()); ++ } catch (InvalidKeyException ikEx) { ++ throw ikEx; ++ } catch (Exception e) { ++ throw new InvalidKeyException( ++ "Can not access public key components", e); ++ } ++ isValid(pKey); ++ } ++ + /** + * Validate the specified RSAKey and its associated parameters against + * internal signature parameters. + */ +- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException { ++ private void isValid(RSAKey rsaKey) throws InvalidKeyException { + try { + AlgorithmParameterSpec keyParams = rsaKey.getParams(); + // validate key parameters +@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi { + } + checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength()); + } +- return rsaKey; + } catch (SignatureException e) { + throw new InvalidKeyException(e); + } +diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java +index 6b219937981..b3c1fae9672 100644 +--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java ++++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java +@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl + RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded); + // check all CRT-specific components are available, if any one + // missing, return a non-CRT key instead +- if ((key.getPublicExponent().signum() == 0) || +- (key.getPrimeExponentP().signum() == 0) || +- (key.getPrimeExponentQ().signum() == 0) || +- (key.getPrimeP().signum() == 0) || +- (key.getPrimeQ().signum() == 0) || +- (key.getCrtCoefficient().signum() == 0)) { ++ if (checkComponents(key)) { ++ return key; ++ } else { + return new RSAPrivateKeyImpl( + key.algid, + key.getModulus(), +- key.getPrivateExponent() +- ); +- } else { +- return key; ++ key.getPrivateExponent()); + } + } + ++ /** ++ * Validate if all CRT-specific components are available. ++ */ ++ static boolean checkComponents(RSAPrivateCrtKey key) { ++ return !((key.getPublicExponent().signum() == 0) || ++ (key.getPrimeExponentP().signum() == 0) || ++ (key.getPrimeExponentQ().signum() == 0) || ++ (key.getPrimeP().signum() == 0) || ++ (key.getPrimeQ().signum() == 0) || ++ (key.getCrtCoefficient().signum() == 0)); ++ } ++ + /** + * Generate a new key from the specified type and components. + * Returns a CRT key if possible and a non-CRT key otherwise. diff --git a/jdk8275535-rh2053256-ldap_auth.patch b/jdk8275535-rh2053256-ldap_auth.patch deleted file mode 100644 index ca3e985..0000000 --- a/jdk8275535-rh2053256-ldap_auth.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -index cf4becb7db..4ab2ac0a31 100644 ---- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor - ctx = getLdapCtxFromUrl( - r.getDomainName(), url, new LdapURL(u), env); - return ctx; -+ } catch (AuthenticationException e) { -+ // do not retry on a different endpoint to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - // try the next element - lastException = e; -@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor - for (String u : urls) { - try { - return getUsingURL(u, env); -+ } catch (AuthenticationException e) { -+ // do not retry on a different URL to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - ex = e; - } diff --git a/sources b/sources index ea53fc4..808ed42 100644 --- a/sources +++ b/sources @@ -1,20 +1,2 @@ SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671 -SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz) = 2ed16c616189e7872ecf36c82e86b551b1e6efc4d11a93264db856f01191875a82ddaec3363b5f8296ea225a9a8edf4c0e1504ff27d8474088ba0b2f6fc061d5 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.aarch64.tar.xz) = 7fce6dc8ebceb8e0806da8539f06d126fa4b688c5c9522aa93e9493103fa1bff0608de0edb264ce4a86b25fc9f89973f6a054d72e98529f68c49150395c72b98 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.ppc64le.tar.xz) = 2bac5b118490e76efb843dd4f0a9c96e478c85d46cd765becc7e2525cb39b9e6fde1c58a416cd3ddbc7df078e31ba037e742af6821f8a03bc207f5d4d4e66612 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.s390x.tar.xz) = 9158b158a189f36c9b58a3e24c7e3e24feeaa7e15d3dbca085b4f20689ec2874be5d8b9bebf2b76320f5e934bf16b42daaa743f5b27a7b3bf9ec39f156245b09 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.docs.el.x86_64.tar.xz) = 7189898f419e83a83e242ed45b2bda70b5c1e69f0fcdfd8bf721f1e99a7cc24220912aa110385466da294bd15c294fc923ce6baf57c84ed2b021e8d56f5c503c -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.aarch64.tar.xz) = 949110664035f93eccd6f47b2d5df7e43bb26ce120c97ec8a56fffd2f6e68d7b6fe368e4661d6bb7669726c24a47ed21985865a2eafc911ddd27def7bd1ae955 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.ppc64le.tar.xz) = 13f5982dd99e99fc88e22cd604575ae7e4430caaee9c86ae7f8ab332d2bbfe4cd97a343da4a9ffe5eb685b00ccdb9cb03d38e2779d279717a3ba32b81608bc54 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.fastdebug.jdk.el.x86_64.tar.xz) = b0ee5f1ab913655860005c0aeac36afcf47811eb1c026b05ef2927695829d4fe6f99f1b038107c99b8d12039122a48d08a5ae1f291804f4b4b5dc19529c8f903 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.aarch64.tar.xz) = 5cfe934f17949d7c4dfbd0f825957039c85d544bd09004e1825f7cca0c5ce34a6dbccc34150bc7d87cee055d538a5ffb435a9accc335000fac7193696d4fe40b -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.ppc64le.tar.xz) = fd5511e78fabb85a1a73a3d8e7dfca50f36852d45e0f598bc9d9813056ea509e539dad0d10546291a7bfadae4ae2b1897cdb635949fb41a195649db757619644 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.s390x.tar.xz) = 41488ef06b28013c96a04ec5c932b2e37ce3580f2beddec70760216e84e6de69206f8ba370788f8e382af2e42380d13c8f598cbc0ef6148bebeb6caed15e6358 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.misc.el.x86_64.tar.xz) = 7805e8c6647250198e7c41cfa8ef1aec8ed6f6cbf62d816e9bf161b5177fd1f3007bf247205dc2360e5026060eb44921f17111694dc93cafa1ebf4fdde697086 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.aarch64.tar.xz) = f79d6086eec6c751aca4a2ba22ca03a30a24dc8d10a0115fbc5a901e1a9c4fdfb7fc463ff0cdaddba0b9285ef25aa9ab7b1c8c0e772c06e53617741484e010c7 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.ppc64le.tar.xz) = 870a2de374d90d53e2078a930b6df3800001489b1bcd01a8014c227a9dd8be86ae1038a92ae65730ffeba08df88a085ab9b00c337f95e7577593ace3e67ca128 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.slowdebug.jdk.el.x86_64.tar.xz) = 35cef5ec1fdf04e6095c4cc018948e07616102d9f82db11e5ad0c3e0ddd0fbc83d4b2c134d47e6311650a91ee7301c5606b7657486c6a71c4c7982aac103f048 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.aarch64.tar.xz) = 0b83725711408fedf3bae3cfeb4a670312085982699da6510652d2f516729082dae3733e1736815a035a355d55af8c70407196fc8377b0fd8dccc062711d2d0d -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.ppc64le.tar.xz) = d8267a6f30a379181f461ce030a0b325e69dde89cbab7eba82ec8431227f2d982350b60ecf3380cafc1943696a8d17f477baab87b4c9a38a454543f5091841af -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.s390x.tar.xz) = bc80c58e6010f9722c932c4231e90c79b3285c6dc47fcffaeaf76839cd08e7602314d3648568354858c99f4b8163dc1cf3d4bf5e651dea8d715dde286a836c00 -SHA512 (java-1.8.0-openjdk-portable-1.8.0.362.b08-4.portable.unstripped.jdk.el.x86_64.tar.xz) = 0e4eed7f8d21473c07c4edd2cd764b659527676d5e8547403db60d2ca52a81567084f444b479bf1fa4f5cb3f863fce811d2be04d6608399f8fd5ab26b5720d00 +SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz) = afc1324463883404f22cea3c37177d7b6164fc4cf285d958e7ec21aba976dc306045296eadaa296a31795be6b543ca0b742e0ba074689c3e5a50b9956383934b