Update to 8u462-b08 (GA)

- Update release notes for 8u462-b08. - Require tzdata 2025b due to upstream inclusion of JDK-8352716 ** This tarball is embargoed until 2025-07-15 @ 1pm PT. ** Resolves: RHEL-101655 Resolves: RHEL-102306
2025-07-11 00:11:54 +01:00 · 2025-07-11 00:11:54 +01:00 · 5baa55e217
commit 5baa55e217
parent 7659bad5b0
4 changed files with 109 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -444,3 +444,4 @@
 /openjdk8u452-b08.tar.xz
 /openjdk8u452-b09.tar.xz
 /shenandoah8u452-b09.tar.xz
+/shenandoah8u462-b08.tar.xz
--- a/95
+++ b/95
@ -3,6 +3,101 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

+New in release OpenJDK 8u462 (2025-07-15):
+===========================================
+Live versions of these release notes can be found at:
+  * https://bit.ly/openjdk8u462
+
+* CVEs
+  - CVE-2025-30749
+  - CVE-2025-30754
+  - CVE-2025-30761
+  - CVE-2025-50106
+* Changes
+  - JDK-8026976: ECParameters, Point does not match field size
+  - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed
+  - JDK-8046883: com/sun/jdi/ProcessAttachTest.sh gets "java.io.IOException: Invalid process identifier" on windows
+  - JDK-8071996: split_if accesses NULL region of ConstraintCast
+  - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
+  - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names
+  - JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte
+  - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken
+  - JDK-8274597: Some of the dnd tests time out and fail intermittently
+  - JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test
+  - JDK-8278472: Invalid value set to CANDIDATEFORM structure
+  - JDK-8293107: GHA: Bump to Ubuntu 22.04
+  - JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
+  - JDK-8303770: Remove Baltimore root certificate expiring in May 2025
+  - JDK-8341946: [8u] sun/security/pkcs11/ec/ tests fail on RHEL9
+  - JDK-8345133: Test sun/security/tools/jarsigner/TsacertOptionTest.java failed: Warning found in stdout
+  - JDK-8345625: Better HTTP connections
+  - JDK-8346887: DrawFocusRect() may cause an assertion failure
+  - JDK-8348989: Better Glyph drawing
+  - JDK-8349111: Enhance Swing supports
+  - JDK-8349594: Enhance TLS protocol support
+  - JDK-8350498: Remove two Camerfirma root CA certificates
+  - JDK-8351098: Bump update version of OpenJDK: 8u462
+  - JDK-8351422: Improve scripting supports
+  - JDK-8351439: [8u] test/java/util/TimeZone/tools/share/Makefile use wrong path to tzdb
+  - JDK-8352716: (tz) Update Timezone Data to 2025b
+  - JDK-8356096: ISO 4217 Amendment 179 Update
+  - JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
+  - JDK-8360147: Better Glyph drawing redux
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8303770: Remove Baltimore root certificate expiring in May 2025
+===================================================================
+The following root certificate from Baltimore has been removed from
+the `cacerts` keystore:
+
+Alias Name: baltimorecybertrustca [jdk]
+Distinguished Name: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
+
+JDK-8350498: Remove two Camerfirma root CA certificates
+=======================================================
+The following expired root certificates from Camerfirma have been
+removed from the `cacerts` keystore:
+
+Alias name: camerfirmachamberscommerceca [jdk]
+CN=Chambers of Commerce Root
+OU=http://www.chambersign.org
+O=AC Camerfirma SA CIF A82743287
+C=EU
+SHA256: 0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3
+
+Alias name: camerfirmachambersignca [jdk]
+CN=Global Chambersign Root - 2008
+O=AC Camerfirma S.A.
+SERIALNUMBER=A82743287
+L=Madrid (see current address at www.camerfirma.com/address)
+C=EU
+SHA256: 13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA
+
+JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
+=============================================
+The following root certificates have been added to the cacerts
+truststore:
+
+Name: Sectigo Limited
+Alias Name: sectigocodesignroote46
+Distinguished Name: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB
+
+Name: Sectigo Limited
+Alias Name: sectigocodesignrootr46
+Distinguished Name: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB
+
+Name: Sectigo Limited
+Alias Name: sectigotlsroote46
+Distinguished Name: Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB
+
+Name: Sectigo Limited
+Alias Name: sectigotlsrootr46
+Distinguished Name: Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB
+
 New in release OpenJDK 8u452 (2025-04-15):
 ===========================================
 Live versions of these release notes can be found at:
--- a/java-1.8.0-openjdk.spec
+++ b/java-1.8.0-openjdk.spec
@ -299,7 +299,7 @@
 # Define version of OpenJDK 8 used
 %global project openjdk
 %global repo shenandoah-jdk8u
-%global openjdk_revision 8u452-b09
+%global openjdk_revision 8u462-b08
 %global shenandoah_revision shenandoah%{openjdk_revision}
 # Define IcedTea version used for SystemTap tapsets and desktop files
 %global icedteaver      3.15.0
@ -346,7 +346,7 @@
 # eg jdk8u60-b27 -> b27
 %global buildver        %(VERSION=%{version_tag}; echo ${VERSION##*-})
 # rpmrelease numbering must start at 2 to be later than the 8.6 RPM
-%global rpmrelease      3
+%global rpmrelease      2
 # Settings used by the portable build
 %global portablerelease 1
 %global portablerhel 8
@ -1163,8 +1163,8 @@ Provides: jre%{?1} = %{epoch}:%{javaver}
 Requires: ca-certificates
 # Require javapackages-filesystem for ownership of /usr/lib/jvm/
 Requires: javapackages-filesystem
-# 2025a required as of JDK-8347965
-Requires: tzdata-java >= 2025a
+# 2025b required as of JDK-8352716
+Requires: tzdata-java >= 2025b
 # for support of kernel stream control
 # libsctp.so.1 is being `dlopen`ed on demand
 Requires: lksctp-tools%{?_isa}
@ -2715,6 +2715,14 @@ cjc.mainProgram(args)
 %endif

 %changelog
+* Thu Jul 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.462.b08-2
+- Update to 8u462-b08 (GA)
+- Update release notes for 8u462-b08.
+- Require tzdata 2025b due to upstream inclusion of JDK-8352716
+- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. **
+- Resolves: RHEL-101655
+- Resolves: RHEL-102306
+
 * Fri Apr 11 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.452.b09-3
 - Bump rpmrelease for CentOS build
 - Related: RHEL-86965
--- a/2
+++ b/2
@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
-SHA512 (shenandoah8u452-b09.tar.xz) = 1f2b77693069828e06459fd0093722a48b02db9a8622956cceaaabc09da8868c522fa434555c217db4a634bbe2ec9e1daefe9905f13411ec177a5d803cfc6f0a
+SHA512 (shenandoah8u462-b08.tar.xz) = d2572bf0923eacca803e7e5f5bf8fb858b63bdf61cf6221c1d279fbb4c60c0f60f981c5012c2e6ec4ab28135ebb5342e13a36e7976bbd0ffa72aa7eba322fbb9