Update to aarch64-shenandoah-jdk8u292-b01 (EA)

Update release notes for 8u292-b01.
Switch to EA mode.
Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes

.gitignore

@@ -218,3 +218,4 @@
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b06-4curve.tar.xz
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b07-4curve.tar.xz
 /aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz
+/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz

NEWS

@@ -3,6 +3,140 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
+New in release OpenJDK 8u292 (2021-04-20):
+===========================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk8u292
+  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
+
+* Other changes
+  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
+  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
+  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
+  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
+  - JDK-8038723: Openup some PrinterJob tests
+  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
+  - JDK-8078450: Implement consistent process for quarantine of tests
+  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
+  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
+  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
+  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
+  - JDK-8160217: JavaSound should clean up resources better
+  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
+  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
+  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
+  - JDK-8202343: Disable TLS 1.0 and 1.1
+  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
+  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
+  - JDK-8217338: [Containers] Improve systemd slice memory limit support
+  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
+  - JDK-8223186: HotSpot compile warnings from GCC 9
+  - JDK-8225805: Java Access Bridge does not close the logger
+  - JDK-8226899: Problemlist compiler/rtm tests
+  - JDK-8227642: [TESTBUG] Make docker tests podman compatible
+  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
+  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
+  - JDK-8230388: Problemlist additional compiler/rtm tests
+  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
+  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
+  - JDK-8234728: Some security tests should support TLSv1.3
+  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
+  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
+  - JDK-8242141: New System Properties to configure the TLS signature schemes
+  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
+  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
+  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
+  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
+  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
+  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
+  - JDK-8253368: TLS connection always receives close_notify exception
+  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
+  - JDK-8253932: SSL debug log prints incorrect caller info
+  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
+  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
+  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
+  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
+  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
+  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
+  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
+  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
+  - JDK-8258933: G1 needs klass_or_null_acquire
+  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
+  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
+  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
+  - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
+===================================================================================
+Weak named curves are disabled by default by adding them to the
+following `disabledAlgorithms` security properties:
+
+* jdk.tls.disabledAlgorithms
+* jdk.certpath.disabledAlgorithms
+* jdk.jar.disabledAlgorithms
+
+Red Hat has always disabled many of the curves provided by upstream,
+so the only addition in this release is:
+
+* secp256k1
+
+The curves that remain enabled are:
+
+* secp256r1
+* secp384r1
+* secp521r1
+* X25519
+* X448
+
+When large numbers of weak named curves need to be disabled, adding
+individual named curves to each `disabledAlgorithms` property would be
+overwhelming. To relieve this, a new security property,
+`jdk.disabled.namedCurves`, is implemented that can list the named
+curves common to all of the `disabledAlgorithms` properties. To use
+the new property in the `disabledAlgorithms` properties, precede the
+full property name with the keyword `include`.  Users can still add
+individual named curves to `disabledAlgorithms` properties separate
+from this new property.  No other properties can be included in the
+`disabledAlgorithms` properties.
+
+To restore the named curves, remove the `include
+jdk.disabled.namedCurves` either from specific or from all
+`disabledAlgorithms` security properties. To restore one or more
+curves, remove the specific named curve(s) from the
+`jdk.disabled.namedCurves` property.
+
+security-libs/javax.net.ssl:
+
+JDK-8256490: Disable TLS 1.0 and 1.1
+====================================
+TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
+considered secure and have been superseded by more secure and modern
+versions (TLS 1.2 and 1.3).
+
+These versions have now been disabled by default. If you encounter
+issues, you can, at your own risk, re-enable the versions by removing
+"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
+security property in the `java.security` configuration file.
+
+JDK-8242147: New System Properties to Configure the TLS Signature Schemes
+=========================================================================
+Two new system properties have been added to customize the TLS
+signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
+added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
+has been added for the server side.
+
+Each system property contains a comma-separated list of supported
+signature scheme names specifying the signature schemes that could be
+used for the TLS connections.
+
+The names are described in the "Signature Schemes" section of the
+*Java Security Standard Algorithm Names Specification*.
+
 New in release OpenJDK 8u282 (2021-01-19):
 ===========================================
 Live versions of these release notes can be found at:

generate_source_tarball.sh

@@ -4,7 +4,7 @@
 # Example:
 # When used from local repo set REPO_ROOT pointing to file:// with your repo
 # If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
-# If you want to use a local copy of patch PR3799, set the path to it in the PR3799 variable
+# If you want to use a local copy of patch PR3822, set the path to it in the PR3822 variable
 #
 # In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
 # PROJECT_NAME=jdk8u   OR   aarch64-port 
@@ -19,9 +19,9 @@
 # level folder, name is created, based on parameter
 #
 
-if [ ! "x$PR3799" = "x" ] ; then
+if [ ! "x$PR3822" = "x" ] ; then
-  if [ ! -f "$PR3799" ] ; then
+  if [ ! -f "$PR3822" ] ; then
-    echo "You have specified PR3799 as $PR3799 but it does not exists. exiting"
+    echo "You have specified PR3822 as $PR3822 but it does not exists. exiting"
     exit 1
   fi
 fi
@@ -41,7 +41,7 @@ if [ "x$1" = "xhelp" ] ; then
     echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
     echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
     echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
-    echo "PR3799 - the path to the PR3799 patch to apply (optional; downloaded if unavailable)"
+    echo "PR3822 - the path to the PR3822 patch to apply (optional; downloaded if unavailable)"
     echo "REPOS - specify the repositories to use (optional; defaults to ${REPOS_DEFAULT})"
     exit 1;
 fi
@@ -124,15 +124,15 @@ rm -vf jdk/src/share/native/sun/security/ec/impl/ecp_224.c
 
 echo "Syncing EC list with NSS"
 
-if [ "x$PR3799" = "x" ] ; then
+if [ "x$PR3822" = "x" ] ; then
-# get pr3799.patch (from http://icedtea.classpath.org/hg/icedtea8) from most correct tag
+# get pr3822.patch (from http://icedtea.classpath.org/hg/icedtea8) from most correct tag
-# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3799)
+# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3822)
-    wget -O pr3799.patch http://icedtea.classpath.org/hg/icedtea8/raw-file/tip/patches/pr3799-4curve.patch
+    wget -O pr3822.patch http://icedtea.classpath.org/hg/icedtea8/raw-file/tip/patches/pr3822-4curve.patch
-    patch -Np1 < pr3799.patch
+    patch -Np1 < pr3822.patch
-    rm pr3799.patch
+    rm pr3822.patch
 else
-    echo "Applying ${PR3799}"
+    echo "Applying ${PR3822}"
-    patch -Np1 < $PR3799
+    patch -Np1 < $PR3822
 fi;
 fi
 find . -name '*.orig' -exec rm -vf '{}' ';'

java-1.8.0-openjdk.spec

@@ -296,7 +296,7 @@
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
 %global shenandoah_project	aarch64-port
 %global shenandoah_repo		jdk8u-shenandoah
-%global shenandoah_revision    	aarch64-shenandoah-jdk8u282-b08
+%global shenandoah_revision    	aarch64-shenandoah-jdk8u292-b01
 # Define old aarch64/jdk8u tree variables for compatibility
 %global project         %{shenandoah_project}
 %global repo            %{shenandoah_repo}
@@ -311,12 +311,12 @@
 %global updatever       %(VERSION=%{whole_update}; echo ${VERSION##*u})
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
-%global rpmrelease      5
+%global rpmrelease      0
 # Define milestone (EA for pre-releases, GA ("fcs") for releases)
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           1
+%global is_ga           0
 %if %{is_ga}
 %global milestone          fcs
 %global milestone_version  %{nil}
@@ -2622,6 +2622,13 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Fri Feb 19 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.292.b01-0.0.ea
+- Update to aarch64-shenandoah-jdk8u292-b01 (EA)
+- Update release notes for 8u292-b01.
+- Switch to EA mode.
+- Update tarball generation script to use PR3822 which handles
+    JDK-8233228 & JDK-8035166 changes
+
 * Thu Feb 18 2021 Stephan Bergmann <sbergman@redhat.com> - 1:1.8.0.282.b08-5
 - Hardcode /usr/sbin/alternatives for Flatpak builds
 

sources

@@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz) = 166549a3cebab7a27811b9a486930d4cdce688af9a8e0ab6d6718550694cff42718cc6a9cee7703e409d82a967eacc6b009e9389ca85cfa0748d93bda3517c66
+SHA512 (aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz) = 35e527c387f55af66132cdae8c8ea198700d731ce2a69136cf7e02a8f837a6f2d9c96303c84468305cc7762d65c3f95ef8264218a82652a00063179d2557a648