From 8aea63480bf7514ab6bcd6cbb2d8f1d38ef9f448 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Fri, 18 Jul 2025 00:32:42 +0000 Subject: [PATCH] import UBI java-1.8.0-openjdk-1.8.0.462.b08-2.el8 --- .gitignore | 2 +- .java-1.8.0-openjdk.metadata | 2 +- SOURCES/NEWS | 95 +++++++++++++++++++ SOURCES/java-1.8.0-openjdk-portable.specfile | 17 +++- SOURCES/jdk8339414-fix_8202369_backport.patch | 63 ++++++++++++ SPECS/java-1.8.0-openjdk.spec | 25 ++++- 6 files changed, 196 insertions(+), 8 deletions(-) create mode 100644 SOURCES/jdk8339414-fix_8202369_backport.patch diff --git a/.gitignore b/.gitignore index 7be08b7..1ec7af2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/shenandoah8u452-b09.tar.xz +SOURCES/shenandoah8u462-b08.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index d15455f..be27acf 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -c09d806f1a991cd77d3f15bb35ff69cb9d1bdbc0 SOURCES/shenandoah8u452-b09.tar.xz +94dfa3718b7228b2c02cce1242172a0de3cbe70f SOURCES/shenandoah8u462-b08.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index d8b827e..0a796bb 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,101 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u462 (2025-07-15): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u462 + +* CVEs + - CVE-2025-30749 + - CVE-2025-30754 + - CVE-2025-30761 + - CVE-2025-50106 +* Changes + - JDK-8026976: ECParameters, Point does not match field size + - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed + - JDK-8046883: com/sun/jdi/ProcessAttachTest.sh gets "java.io.IOException: Invalid process identifier" on windows + - JDK-8071996: split_if accesses NULL region of ConstraintCast + - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java + - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names + - JDK-8186787: clang-4.0 SIGSEGV in Unsafe_PutByte + - JDK-8248001: javadoc generates invalid HTML pages whose ftp:// links are broken + - JDK-8274597: Some of the dnd tests time out and fail intermittently + - JDK-8274606: Fix jaxp/javax/xml/jaxp/unittest/transform/SurrogateTest.java test + - JDK-8278472: Invalid value set to CANDIDATEFORM structure + - JDK-8293107: GHA: Bump to Ubuntu 22.04 + - JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts + - JDK-8303770: Remove Baltimore root certificate expiring in May 2025 + - JDK-8341946: [8u] sun/security/pkcs11/ec/ tests fail on RHEL9 + - JDK-8345133: Test sun/security/tools/jarsigner/TsacertOptionTest.java failed: Warning found in stdout + - JDK-8345625: Better HTTP connections + - JDK-8346887: DrawFocusRect() may cause an assertion failure + - JDK-8348989: Better Glyph drawing + - JDK-8349111: Enhance Swing supports + - JDK-8349594: Enhance TLS protocol support + - JDK-8350498: Remove two Camerfirma root CA certificates + - JDK-8351098: Bump update version of OpenJDK: 8u462 + - JDK-8351422: Improve scripting supports + - JDK-8351439: [8u] test/java/util/TimeZone/tools/share/Makefile use wrong path to tzdb + - JDK-8352716: (tz) Update Timezone Data to 2025b + - JDK-8356096: ISO 4217 Amendment 179 Update + - JDK-8359170: Add 2 TLS and 2 CS Sectigo roots + - JDK-8360147: Better Glyph drawing redux + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8303770: Remove Baltimore root certificate expiring in May 2025 +=================================================================== +The following root certificate from Baltimore has been removed from +the `cacerts` keystore: + +Alias Name: baltimorecybertrustca [jdk] +Distinguished Name: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE + +JDK-8350498: Remove two Camerfirma root CA certificates +======================================================= +The following expired root certificates from Camerfirma have been +removed from the `cacerts` keystore: + +Alias name: camerfirmachamberscommerceca [jdk] +CN=Chambers of Commerce Root +OU=http://www.chambersign.org +O=AC Camerfirma SA CIF A82743287 +C=EU +SHA256: 0C:25:8A:12:A5:67:4A:EF:25:F2:8B:A7:DC:FA:EC:EE:A3:48:E5:41:E6:F5:CC:4E:E6:3B:71:B3:61:60:6A:C3 + +Alias name: camerfirmachambersignca [jdk] +CN=Global Chambersign Root - 2008 +O=AC Camerfirma S.A. +SERIALNUMBER=A82743287 +L=Madrid (see current address at www.camerfirma.com/address) +C=EU +SHA256: 13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA + +JDK-8359170: Add 2 TLS and 2 CS Sectigo roots +============================================= +The following root certificates have been added to the cacerts +truststore: + +Name: Sectigo Limited +Alias Name: sectigocodesignroote46 +Distinguished Name: CN=Sectigo Public Code Signing Root E46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigocodesignrootr46 +Distinguished Name: CN=Sectigo Public Code Signing Root R46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigotlsroote46 +Distinguished Name: Sectigo Public Server Authentication Root E46, O=Sectigo Limited, C=GB + +Name: Sectigo Limited +Alias Name: sectigotlsrootr46 +Distinguished Name: Sectigo Public Server Authentication Root R46, O=Sectigo Limited, C=GB + New in release OpenJDK 8u452 (2025-04-15): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/java-1.8.0-openjdk-portable.specfile b/SOURCES/java-1.8.0-openjdk-portable.specfile index 9315c28..faf0a5b 100644 --- a/SOURCES/java-1.8.0-openjdk-portable.specfile +++ b/SOURCES/java-1.8.0-openjdk-portable.specfile @@ -269,7 +269,7 @@ # Define version of OpenJDK 8 used %global project openjdk %global repo shenandoah-jdk8u -%global openjdk_revision 8u452-b09 +%global openjdk_revision 8u462-b08 %global shenandoah_revision shenandoah%{openjdk_revision} # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 3.15.0 @@ -601,13 +601,14 @@ Patch15: jdk8141590-bundle_libffi-followup.patch ############################################# # -# Patches appearing in 8u382 +# Patches appearing in 8u472 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be # able to be removed once that release is out # and used by this RPM. ############################################# +Patch901: jdk8339414-fix_8202369_backport.patch ############################################# # @@ -882,6 +883,11 @@ pushd %{top_level_dir_name} %patch -P15 -p1 popd +# Early fixes +pushd %{top_level_dir_name} +%patch -P901 -p1 +popd + pushd %{top_level_dir_name} # Add crypto policy and FIPS support %patch -P1001 -p1 @@ -1547,6 +1553,13 @@ done %endif %changelog +* Thu Jul 10 2025 Andrew Hughes - 1:1.8.0.462.b08-1 +- Update to 8u462-b08 (GA) +- Update release notes for 8u462-b08. +- Add early backport of JDK-8339414 +- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. ** +- Resolves: OPENJDK-3965 + * Fri Apr 11 2025 Andrew Hughes - 1:1.8.0.452.b09-1 - Update to 8u452-b09 (GA) - Update release notes for 8u452-b09. diff --git a/SOURCES/jdk8339414-fix_8202369_backport.patch b/SOURCES/jdk8339414-fix_8202369_backport.patch new file mode 100644 index 0000000..3250ef4 --- /dev/null +++ b/SOURCES/jdk8339414-fix_8202369_backport.patch @@ -0,0 +1,63 @@ +commit 51b6307937d9584f8690e4916444e479eeafff28 +Author: Thomas Fitzsimmons +Date: Mon Jun 16 23:04:07 2025 +0000 + + 8339414: Fix JDK-8202369 incorrect backport for 8u + + Reviewed-by: andrew + +diff --git a/jdk/src/solaris/native/java/net/Inet4AddressImpl.c b/jdk/src/solaris/native/java/net/Inet4AddressImpl.c +index e30851df576..8b2e3cdce93 100644 +--- a/jdk/src/solaris/native/java/net/Inet4AddressImpl.c ++++ b/jdk/src/solaris/native/java/net/Inet4AddressImpl.c +@@ -332,37 +332,33 @@ Java_java_net_Inet4AddressImpl_getHostByAddr(JNIEnv *env, jobject this, + */ + JNIEXPORT jstring JNICALL + Java_java_net_Inet4AddressImpl_getLocalHostName(JNIEnv *env, jobject this) { +- char hostname[NI_MAXHOST+1]; ++ char hostname[NI_MAXHOST + 1]; + + hostname[0] = '\0'; + if (JVM_GetHostName(hostname, sizeof(hostname))) { +- /* Something went wrong, maybe networking is not setup? */ + strcpy(hostname, "localhost"); + } else { ++#if defined(__solaris__) ++ // try to resolve hostname via nameservice ++ // if it is known but getnameinfo fails, hostname will still be the ++ // value from gethostname + struct addrinfo hints, *res; +- int error; + ++ // make sure string is null-terminated + hostname[NI_MAXHOST] = '\0'; + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + hints.ai_family = AF_INET; + +- error = getaddrinfo(hostname, NULL, &hints, &res); +- +- if (error == 0) {/* host is known to name service */ +- getnameinfo(res->ai_addr, +- res->ai_addrlen, +- hostname, +- NI_MAXHOST, +- NULL, +- 0, +- NI_NAMEREQD); +- +- /* if getnameinfo fails hostname is still the value +- from gethostname */ +- ++ if (getaddrinfo(hostname, NULL, &hints, &res) == 0) { ++ getnameinfo(res->ai_addr, res->ai_addrlen, hostname, NI_MAXHOST, ++ NULL, 0, NI_NAMEREQD); + freeaddrinfo(res); + } ++#else ++ // make sure string is null-terminated ++ hostname[NI_MAXHOST] = '\0'; ++#endif + } + return (*env)->NewStringUTF(env, hostname); + } diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 79e4619..11023be 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -299,7 +299,7 @@ # Define version of OpenJDK 8 used %global project openjdk %global repo shenandoah-jdk8u -%global openjdk_revision 8u452-b09 +%global openjdk_revision 8u462-b08 %global shenandoah_revision shenandoah%{openjdk_revision} # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 @@ -1163,8 +1163,8 @@ Provides: jre%{?1} = %{epoch}:%{javaver} Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ Requires: javapackages-filesystem -# 2025a required as of JDK-8347965 -Requires: tzdata-java >= 2025a +# 2025b required as of JDK-8352716 +Requires: tzdata-java >= 2025b # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1506,13 +1506,14 @@ Patch15: jdk8141590-bundle_libffi-followup.patch ############################################# # -# Patches appearing in 8u382 +# Patches appearing in 8u472 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be # able to be removed once that release is out # and used by this RPM. ############################################# +Patch901: jdk8339414-fix_8202369_backport.patch ############################################# @@ -1979,6 +1980,11 @@ pushd %{top_level_dir_name} %patch -P539 -p1 popd +# Upstreamed fixes +pushd %{top_level_dir_name} +%patch -P901 -p1 +popd + # RPM-only fixes %patch -P600 %patch -P1003 @@ -2704,6 +2710,17 @@ cjc.mainProgram(args) %endif %changelog +* Thu Jul 10 2025 Andrew Hughes - 1:1.8.0.462.b08-1 +- Update to 8u462-b08 (GA) +- Update release notes for 8u462-b08. +- Require tzdata 2025b due to upstream inclusion of JDK-8352716 +- Add early backport of JDK-8339414 +- Sync the copy of the portable specfile with the latest update +- ** This tarball is embargoed until 2025-07-15 @ 1pm PT. ** +- Resolves: RHEL-101654 +- Resolves: RHEL-102307 +- Resolves: RHEL-102907 + * Fri Apr 11 2025 Andrew Hughes - 1:1.8.0.452.b09-1 - Update to 8u452-b09 (GA) - Update release notes for 8u452-b09.