import java-1.8.0-openjdk-1.8.0.372.b07-1.el9_1

This commit is contained in:
CentOS Sources 2023-04-25 03:56:35 +00:00 committed by Stepan Oksanichenko
parent aa0824129b
commit 5e208f7f0a
6 changed files with 395 additions and 36 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -1,2 +1,2 @@
10817d699dd7c85b03cfbd8eb820e00b19ddcae7 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b09-4curve.tar.xz 3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -3,6 +3,210 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u372 (2023-04-18):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u372
* CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
* Security fixes
- JDK-8287404: Improve ping times
- JDK-8288436: Improve Xalan supports
- JDK-8294474: Better AES support
- JDK-8295304: Runtime support improvements
- JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation
- JDK-8296676, JDK-8296622: Improve String platform support
- JDK-8296684: Improve String platform support
- JDK-8296692: Improve String platform support
- JDK-8296700: Improve String platform support
- JDK-8296832: Improve Swing platform support
- JDK-8297371: Improve UTF8 representation redux
- JDK-8298191: Enhance object reclamation process
- JDK-8298310: Enhance TLS session negotiation
- JDK-8298667: Improved path handling
- JDK-8299129: Enhance NameService lookups
* New features
- JDK-8230305: Cgroups v2: Container awareness
* Other changes
- JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
- JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be
- JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation
- JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java
- JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
- JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB
- JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error
- JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
- JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu
- JDK-8156579: Two JavaBeans tests failed
- JDK-8156581: Cleanup of ProblemList.txt
- JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail
- JDK-8177560: @headful key can be removed from the tests for JavaSound
- JDK-8196196: Headful tests should not be run in headless mode
- JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails
- JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp
- JDK-8203485: [freetype] text rotated on 180 degrees is too narrow
- JDK-8205959: Do not restart close if errno is EINTR
- JDK-8216366: Add rationale to PER_CPU_SHARES define
- JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
- JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes)
- JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12
- JDK-8229202: Docker reporting causes secondary crashes in error handling
- JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
- JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation
- JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
- JDK-8234484: Add ability to configure third port for remote JMX
- JDK-8237479: 8230305 causes slowdebug build failure
- JDK-8239559: Cgroups: Incorrect detection logic on some systems
- JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
- JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
- JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
- JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
- JDK-8242468: VS2019 build missing vcruntime140_1.dll
- JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
- JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
- JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
- JDK-8245654: Add Certigna Root CA
- JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
- JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
- JDK-8252359: HotSpot Not Identifying it is Running in a Container
- JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
- JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
- JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
- JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
- JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
- JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
- JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
- JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
- JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
- JDK-8257620: Do not use objc_msgSend_stret to get macOS version
- JDK-8262379: Add regression test for JDK-8257746
- JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
- JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
- JDK-8270317: Large Allocation in CipherSuite
- JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
- JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
- JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
- JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
- JDK-8280048: Missing comma in copyright header
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
- JDK-8282947: JFR: Dump on shutdown live-locks in some conditions
- JDK-8283277: ISO 4217 Amendment 171 Update
- JDK-8283606: Tests may fail with zh locale on MacOS
- JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
- JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
- JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
- JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
- JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
- JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
- JDK-8287109: Distrust.java failed with CertificateExpiredException
- JDK-8287463: JFR: Disable TestDevNull.java on Windows
- JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
- JDK-8289549: ISO 4217 Amendment 172 Update
- JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun
- JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
- JDK-8292083: Detected container memory limit may exceed physical machine memory
- JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
- JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
- JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
- JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
- JDK-8294307: ISO 4217 Amendment 173 Update
- JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features
- JDK-8295322: Tests for JDK-8271459 were not backported to 11u
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
- JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process
- JDK-8296239: ISO 4217 Amendment 174 Update
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
- JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
- JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
- JDK-8297329: [8u] hotspot needs to recognise VS2019
- JDK-8297739: Bump update version of OpenJDK: 8u372
- JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's
- JDK-8298027: Remove SCCS id's from awt jtreg tests
- JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- JDK-8299445: EndingDotHostname.java fails because of compilation errors
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u
- JDK-8299804: Fix non-portable code in hotspot shell tests in 8u
- JDK-8300014: Some backports placed the tests in the wrong location
- JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
- JDK-8301122: [8u] Fix unreliable vs2010 download link
- JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper
- JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig
- JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport
- JDK-8301550: [8u] Enable additional linux build testing in GitHub
- JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors
- JDK-8301760: Fix possible leak in SpNegoContext dispose
- JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391
- JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391
- JDK-8304053: Revert os specific stubs for SystemMetrics
- JDK-8305113: (tz) Update Timezone Data to 2023c
Notes on individual issues:
===========================
hotspot:
core-libs:
JDK-8305562: Cgroups v2: Container awareness
============================================
The HotSpot runtime code as well as the core libraries code in the JDK
has been updated in order to detect a cgroup v2 host system when
running OpenJDK within a Linux container.
Since the 8u202 release of OpenJDK, the container detection code
recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later
releases, both versions of the underlying cgroups pseudo filesystem
will be detected and corresponding container limits applied to the
OpenJDK runtime.
Without this enhancement, OpenJDK would not apply container resource
limits when running on a cgroup v2 Linux host system, but would use
the underlying hosts' resource limits instead.
client-libs/javax.swing:
JDK-8296832: Improve Swing platform support
===========================================
Earlier OpenJDK releases would always render HTML object tags embedded in
Swing HTML components. With this release, rendering only occurs when the
new system property "swing.html.object" is set to true. By default, it
is set to false.
core-svc/javax.management:
JDK-8234484: Added Ability to Configure Third Port for Remote JMX
=================================================================
A local access port can now be configured for JMX connections by
setting the property `com.sun.management.jmxremote.local.port`. This
local port was previously selected at random, which could lead to port
collisions. The property works in the same way as the existing
properties for configuring the remote access port
(`com.sun.management.jmxremote.port`) and the RMI port
(`com.sun.management.jmxremote.rmi.port`)
security-libs/java.security:
JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
==========================================================
The following root certificate has been added to the cacerts truststore:
Name: Certigna (Dhimyotis)
Alias Name: certignarootca
Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
New in release OpenJDK 8u362 (2023-01-17): New in release OpenJDK 8u362 (2023-01-17):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:

View File

@ -0,0 +1,167 @@
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
Author: Alexey Bakhtin <abakhtin@openjdk.org>
Date: Tue Apr 4 10:29:11 2023 +0000
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Reviewed-by: andrew, mbalao
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
index a79e97d7c74..5378446b97b 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitVerify(PublicKey publicKey)
throws InvalidKeyException {
- if (!(publicKey instanceof RSAPublicKey)) {
+ if (publicKey instanceof RSAPublicKey) {
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
+ isPublicKeyValid(rsaPubKey);
+ this.pubKey = rsaPubKey;
+ this.privKey = null;
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPublicKey");
}
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
- this.privKey = null;
- resetDigest();
}
// initialize for signing. See JCA doc
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
@Override
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
throws InvalidKeyException {
- if (!(privateKey instanceof RSAPrivateKey)) {
+ if (privateKey instanceof RSAPrivateKey) {
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
+ isPrivateKeyValid(rsaPrivateKey);
+ this.privKey = rsaPrivateKey;
+ this.pubKey = null;
+ this.random =
+ (random == null ? JCAUtil.getSecureRandom() : random);
+ resetDigest();
+ } else {
throw new InvalidKeyException("key must be RSAPrivateKey");
}
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
- this.pubKey = null;
- this.random =
- (random == null? JCAUtil.getSecureRandom() : random);
- resetDigest();
}
/**
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
}
}
+ /**
+ * Validate the specified RSAPrivateKey
+ */
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
+ try {
+ if (prKey instanceof RSAPrivateCrtKey) {
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ crtKey.getModulus().bitLength(),
+ crtKey.getPublicExponent());
+ } else {
+ throw new InvalidKeyException(
+ "Some of the CRT-specific components are not available");
+ }
+ } else {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ prKey.getModulus().bitLength(),
+ null);
+ }
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access private key components", e);
+ }
+ isValid(prKey);
+ }
+
+ /**
+ * Validate the specified RSAPublicKey
+ */
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
+ try {
+ RSAKeyFactory.checkRSAProviderKeyLengths(
+ pKey.getModulus().bitLength(),
+ pKey.getPublicExponent());
+ } catch (InvalidKeyException ikEx) {
+ throw ikEx;
+ } catch (Exception e) {
+ throw new InvalidKeyException(
+ "Can not access public key components", e);
+ }
+ isValid(pKey);
+ }
+
/**
* Validate the specified RSAKey and its associated parameters against
* internal signature parameters.
*/
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
try {
AlgorithmParameterSpec keyParams = rsaKey.getParams();
// validate key parameters
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
}
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
}
- return rsaKey;
} catch (SignatureException e) {
throw new InvalidKeyException(e);
}
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
index 6b219937981..b3c1fae9672 100644
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
// check all CRT-specific components are available, if any one
// missing, return a non-CRT key instead
- if ((key.getPublicExponent().signum() == 0) ||
- (key.getPrimeExponentP().signum() == 0) ||
- (key.getPrimeExponentQ().signum() == 0) ||
- (key.getPrimeP().signum() == 0) ||
- (key.getPrimeQ().signum() == 0) ||
- (key.getCrtCoefficient().signum() == 0)) {
+ if (checkComponents(key)) {
+ return key;
+ } else {
return new RSAPrivateKeyImpl(
key.algid,
key.getModulus(),
- key.getPrivateExponent()
- );
- } else {
- return key;
+ key.getPrivateExponent());
}
}
+ /**
+ * Validate if all CRT-specific components are available.
+ */
+ static boolean checkComponents(RSAPrivateCrtKey key) {
+ return !((key.getPublicExponent().signum() == 0) ||
+ (key.getPrimeExponentP().signum() == 0) ||
+ (key.getPrimeExponentQ().signum() == 0) ||
+ (key.getPrimeP().signum() == 0) ||
+ (key.getPrimeQ().signum() == 0) ||
+ (key.getCrtCoefficient().signum() == 0));
+ }
+
/**
* Generate a new key from the specified type and components.
* Returns a CRT key if possible and a non-CRT key otherwise.

View File

@ -1,26 +0,0 @@
diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
index cf4becb7db..4ab2ac0a31 100644
--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
ctx = getLdapCtxFromUrl(
r.getDomainName(), url, new LdapURL(u), env);
return ctx;
+ } catch (AuthenticationException e) {
+ // do not retry on a different endpoint to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
// try the next element
lastException = e;
@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
for (String u : urls) {
try {
return getUsingURL(u, env);
+ } catch (AuthenticationException e) {
+ // do not retry on a different URL to avoid blocking
+ // the user if authentication credentials are wrong.
+ throw e;
} catch (NamingException e) {
ex = e;
}

View File

@ -326,7 +326,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk %global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u %global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u362-b09 %global openjdk_revision jdk8u372-b07
%global shenandoah_revision shenandoah-%{openjdk_revision} %global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility # Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project} %global project %{shenandoah_project}
@ -347,7 +347,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 2 %global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases) # Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases, # - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -1493,8 +1493,6 @@ Patch600: rh1750419-redhat_alt_java.patch
Patch111: jdk8218811-perfMemory_linux.patch Patch111: jdk8218811-perfMemory_linux.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
Patch113: jdk8275535-rh2053256-ldap_auth.patch
############################################# #############################################
# #
@ -1542,13 +1540,15 @@ Patch581: jdk8257794-remove_broken_assert.patch
############################################# #############################################
# #
# Patches appearing in 8u362 # Patches appearing in 8u382
# #
# This section includes patches which are present # This section includes patches which are present
# in the listed OpenJDK 8u release and should be # in the listed OpenJDK 8u release and should be
# able to be removed once that release is out # able to be removed once that release is out
# and used by this RPM. # and used by this RPM.
############################################# #############################################
# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch
############################################# #############################################
# #
@ -1618,8 +1618,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
%ifarch %{zero_arches} %ifarch %{zero_arches}
BuildRequires: libffi-devel BuildRequires: libffi-devel
%endif %endif
# 2022g required as of JDK-8297804 # 2023c required as of JDK-8305113
BuildRequires: tzdata-java >= 2022g BuildRequires: tzdata-java >= 2023c
# Earlier versions have a bug in tree vectorization on PPC # Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8 BuildRequires: gcc >= 4.8.3-8
@ -1932,7 +1932,6 @@ sh %{SOURCE12}
%patch111 %patch111
%patch112 %patch112
%patch581 %patch581
%patch113
pushd %{top_level_dir_name} pushd %{top_level_dir_name}
# Add crypto policy and FIPS support # Add crypto policy and FIPS support
@ -1941,6 +1940,8 @@ pushd %{top_level_dir_name}
%patch1000 -p1 %patch1000 -p1
# cacerts patch; must follow FIPS patch as it also alters java.security # cacerts patch; must follow FIPS patch as it also alters java.security
%patch539 -p1 %patch539 -p1
# 8u382 fix
%patch2001 -p1
popd popd
# RPM-only fixes # RPM-only fixes
@ -2720,6 +2721,19 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Tue Apr 18 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.372.b07-1
- Update to shenandoah-jdk8u372-b07 (GA)
- Update release notes for shenandoah-8u372-b07.
- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07
- Reintroduce jconsole-plugin.patch from RHEL 9
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
- Drop JDK-8275535/RH2053256 patch which is now upstream
- Include JDK-8271199 backport early ahead of 8u382 (RH2175317)
- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. **
- Resolves: rhbz#2185182
* Tue Jan 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-2 * Tue Jan 24 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b09-2
- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - Update cacerts patch to fix OPENJDK-1433 SecurityManager issue
- Update to shenandoah-jdk8u352-b09 (GA) - Update to shenandoah-jdk8u352-b09 (GA)