diff --git a/.gitignore b/.gitignore index c626987..6c80e96 100644 --- a/.gitignore +++ b/.gitignore @@ -437,3 +437,4 @@ /openjdk8u452-b08.tar.xz /openjdk8u452-b09.tar.xz /shenandoah8u452-b09.tar.xz +/shenandoah8u462-b08.tar.xz diff --git a/NEWS b/NEWS index d8b827e..0a796bb 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,101 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u462 (2025-07-15): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u462 + +* CVEs + - CVE-2025-30749 + - CVE-2025-30754 + - CVE-2025-30761 + - CVE-2025-50106 +* Changes + - JDK-8026976: ECParameters, Point does not match field size + - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed + - JDK-8046883: com/sun/jdi/ProcessAttachTest.sh gets "java.io.IOException: Invalid process identifier" on windows + - JDK-8071996: split_if accesses NULL region of ConstraintCast + - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java + - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names + - JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte + - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken + - JDK-8274597: Some of the dnd tests time out and fail intermittently + - JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test + - JDK-8278472: Invalid value set to CANDIDATEFORM structure + - JDK-8293107: GHA: Bump to Ubuntu 22.04 + - JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + - JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + - JDK-8341946: [8u] sun/security/pkcs11/ec/ tests fail on RHEL9 + - JDK-8345133: Test sun/security/tools/jarsigner/TsacertOptionTest.java failed: Warning found in stdout + - JDK-8345625: Better HTTP connections + - JDK-8346887: DrawFocusRect() may cause an assertion failure + - JDK-8348989: Better Glyph drawing + - JDK-8349111: Enhance Swing supports + - JDK-8349594: Enhance TLS protocol support + - JDK-8350498: Remove two Camerfirma root CA certificates + - JDK-8351098: Bump update version of OpenJDK: 8u462 + - JDK-8351422: Improve scripting supports + - JDK-8351439: [8u] test/java/util/TimeZone/tools/share/Makefile use wrong path to tzdb + - JDK-8352716: (tz) Update Timezone Data to 2025b + - JDK-8356096: ISO 4217 Amendment 179 Update + - JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + - JDK-8360147: Better Glyph drawing redux + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8303770: Remove Baltimore root certificate expiring in May 2025 +=================================================================== +The following root certificate from Baltimore has been removed from +the `cacerts` keystore: + +Alias Name: baltimorecybertrustca [jdk] +Distinguished Name: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE + +JDK-8350498: Remove two Camerfirma root CA certificates +======================================================= +The following expired root certificates from Camerfirma have been +removed from the `cacerts` keystore: + +Alias name: camerfirmachamberscommerceca [jdk] +CN=Chambers of Commerce Root +OU=http://www.chambersign.org +O=AC Camerfirma SA CIF A82743287 +C=EU +SHA256: 0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3 + +Alias name: camerfirmachambersignca [jdk] +CN=Global Chambersign Root - 2008 +O=AC Camerfirma S.A. +SERIALNUMBER=A82743287 +L=Madrid (see current address at www.camerfirma.com/address) +C=EU +SHA256: 13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA + +JDK-8359170: Add 2 TLS and 2 CS Sectigo roots +============================================= +The following root certificates have been added to the cacerts +truststore: + +Name: Sectigo Limited +Alias Name: sectigocodesignroote46 +Distinguished Name: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigocodesignrootr46 +Distinguished Name: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigotlsroote46 +Distinguished Name: Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigotlsrootr46 +Distinguished Name: Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB + New in release OpenJDK 8u452 (2025-04-15): =========================================== Live versions of these release notes can be found at: diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index 55cc712..74889aa 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -312,7 +312,7 @@ # Define version of OpenJDK 8 used %global project openjdk %global repo shenandoah-jdk8u -%global openjdk_revision 8u452-b09 +%global openjdk_revision 8u462-b08 %global shenandoah_revision shenandoah%{openjdk_revision} # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 @@ -359,7 +359,7 @@ # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) # rpmrelease numbering must start at 2 to be later than the 9.0 RPM -%global rpmrelease 4 +%global rpmrelease 3 # Settings used by the portable build %global portablerelease 1 # Portable suffix differs between RHEL and CentOS @@ -1279,8 +1279,8 @@ Provides: jre%{?1} = %{epoch}:%{version}-%{release} Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros Requires: javapackages-filesystem -# 2025a required as of JDK-8347965 -Requires: tzdata-java >= 2025a +# 2025b required as of JDK-8352716 +Requires: tzdata-java >= 2025b # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -2966,6 +2966,14 @@ cjc.mainProgram(args) %endif %changelog +* Thu Jul 10 2025 Andrew Hughes - 1:1.8.0.462.b08-3 +- Update to 8u462-b08 (GA) +- Update release notes for 8u462-b08. +- Require tzdata 2025b due to upstream inclusion of JDK-8352716 +- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. ** +- Resolves: RHEL-101648 +- Resolves: RHEL-102312 + * Sat Jun 14 2025 Andrew Hughes - 1:1.8.0.452.b09-4 - Bump rpmrelease for CentOS build - Related: RHEL-86967 diff --git a/sources b/sources index d6c5966..2a8d5c7 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671 -SHA512 (shenandoah8u452-b09.tar.xz) = 1f2b77693069828e06459fd0093722a48b02db9a8622956cceaaabc09da8868c522fa434555c217db4a634bbe2ec9e1daefe9905f13411ec177a5d803cfc6f0a +SHA512 (shenandoah8u462-b08.tar.xz) = d2572bf0923eacca803e7e5f5bf8fb858b63bdf61cf6221c1d279fbb4c60c0f60f981c5012c2e6ec4ab28135ebb5342e13a36e7976bbd0ffa72aa7eba322fbb9