Update to 8u462-b08 (GA)

- Update release notes for 8u462-b08.
- Require tzdata 2025b due to upstream inclusion of JDK-8352716

** This tarball is embargoed until 2025-07-15 @ 1pm PT. **

Resolves: RHEL-101655
Resolves: RHEL-102306
This commit is contained in:
Andrew Hughes 2025-07-11 00:11:54 +01:00
parent 7659bad5b0
commit 5baa55e217
4 changed files with 109 additions and 5 deletions

1
.gitignore vendored
View File

@ -444,3 +444,4 @@
/openjdk8u452-b08.tar.xz
/openjdk8u452-b09.tar.xz
/shenandoah8u452-b09.tar.xz
/shenandoah8u462-b08.tar.xz

95
NEWS
View File

@ -3,6 +3,101 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u462 (2025-07-15):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u462
* CVEs
- CVE-2025-30749
- CVE-2025-30754
- CVE-2025-30761
- CVE-2025-50106
* Changes
- JDK-8026976: ECParameters, Point does not match field size
- JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed
- JDK-8046883: com/sun/jdi/ProcessAttachTest.sh gets "java.io.IOException: Invalid process identifier" on windows
- JDK-8071996: split_if accesses NULL region of ConstraintCast
- JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
- JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names
- JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte
- JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken
- JDK-8274597: Some of the dnd tests time out and fail intermittently
- JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test
- JDK-8278472: Invalid value set to CANDIDATEFORM structure
- JDK-8293107: GHA: Bump to Ubuntu 22.04
- JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
- JDK-8303770: Remove Baltimore root certificate expiring in May 2025
- JDK-8341946: [8u] sun/security/pkcs11/ec/ tests fail on RHEL9
- JDK-8345133: Test sun/security/tools/jarsigner/TsacertOptionTest.java failed: Warning found in stdout
- JDK-8345625: Better HTTP connections
- JDK-8346887: DrawFocusRect() may cause an assertion failure
- JDK-8348989: Better Glyph drawing
- JDK-8349111: Enhance Swing supports
- JDK-8349594: Enhance TLS protocol support
- JDK-8350498: Remove two Camerfirma root CA certificates
- JDK-8351098: Bump update version of OpenJDK: 8u462
- JDK-8351422: Improve scripting supports
- JDK-8351439: [8u] test/java/util/TimeZone/tools/share/Makefile use wrong path to tzdb
- JDK-8352716: (tz) Update Timezone Data to 2025b
- JDK-8356096: ISO 4217 Amendment 179 Update
- JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
- JDK-8360147: Better Glyph drawing redux
Notes on individual issues:
===========================
security-libs/java.security:
JDK-8303770: Remove Baltimore root certificate expiring in May 2025
===================================================================
The following root certificate from Baltimore has been removed from
the `cacerts` keystore:
Alias Name: baltimorecybertrustca [jdk]
Distinguished Name: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
JDK-8350498: Remove two Camerfirma root CA certificates
=======================================================
The following expired root certificates from Camerfirma have been
removed from the `cacerts` keystore:
Alias name: camerfirmachamberscommerceca [jdk]
CN=Chambers of Commerce Root
OU=http://www.chambersign.org
O=AC Camerfirma SA CIF A82743287
C=EU
SHA256: 0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3
Alias name: camerfirmachambersignca [jdk]
CN=Global Chambersign Root - 2008
O=AC Camerfirma S.A.
SERIALNUMBER=A82743287
L=Madrid (see current address at www.camerfirma.com/address)
C=EU
SHA256: 13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA
JDK-8359170: Add 2 TLS and 2 CS Sectigo roots
=============================================
The following root certificates have been added to the cacerts
truststore:
Name: Sectigo Limited
Alias Name: sectigocodesignroote46
Distinguished Name: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB
Name: Sectigo Limited
Alias Name: sectigocodesignrootr46
Distinguished Name: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB
Name: Sectigo Limited
Alias Name: sectigotlsroote46
Distinguished Name: Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB
Name: Sectigo Limited
Alias Name: sectigotlsrootr46
Distinguished Name: Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB
New in release OpenJDK 8u452 (2025-04-15):
===========================================
Live versions of these release notes can be found at:

View File

@ -299,7 +299,7 @@
# Define version of OpenJDK 8 used
%global project openjdk
%global repo shenandoah-jdk8u
%global openjdk_revision 8u452-b09
%global openjdk_revision 8u462-b08
%global shenandoah_revision shenandoah%{openjdk_revision}
# Define IcedTea version used for SystemTap tapsets and desktop files
%global icedteaver 3.15.0
@ -346,7 +346,7 @@
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
# rpmrelease numbering must start at 2 to be later than the 8.6 RPM
%global rpmrelease 3
%global rpmrelease 2
# Settings used by the portable build
%global portablerelease 1
%global portablerhel 8
@ -1163,8 +1163,8 @@ Provides: jre%{?1} = %{epoch}:%{javaver}
Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/
Requires: javapackages-filesystem
# 2025a required as of JDK-8347965
Requires: tzdata-java >= 2025a
# 2025b required as of JDK-8352716
Requires: tzdata-java >= 2025b
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@ -2715,6 +2715,14 @@ cjc.mainProgram(args)
%endif
%changelog
* Thu Jul 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.462.b08-2
- Update to 8u462-b08 (GA)
- Update release notes for 8u462-b08.
- Require tzdata 2025b due to upstream inclusion of JDK-8352716
- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. **
- Resolves: RHEL-101655
- Resolves: RHEL-102306
* Fri Apr 11 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.452.b09-3
- Bump rpmrelease for CentOS build
- Related: RHEL-86965

View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
SHA512 (shenandoah8u452-b09.tar.xz) = 1f2b77693069828e06459fd0093722a48b02db9a8622956cceaaabc09da8868c522fa434555c217db4a634bbe2ec9e1daefe9905f13411ec177a5d803cfc6f0a
SHA512 (shenandoah8u462-b08.tar.xz) = d2572bf0923eacca803e7e5f5bf8fb858b63bdf61cf6221c1d279fbb4c60c0f60f981c5012c2e6ec4ab28135ebb5342e13a36e7976bbd0ffa72aa7eba322fbb9