import java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5

This commit is contained in:
CentOS Sources 2022-01-27 08:48:23 -05:00 committed by Stepan Oksanichenko
parent 76e75c6efc
commit bb7474becd
7 changed files with 262 additions and 22 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
SOURCES/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -1,2 +1,2 @@
097b9b3d7dc423db2c9a6ef554370fb77d614952 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
c54dd40b6deb5defa8d4d7132d650080d0e300f4 SOURCES/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -3,6 +3,132 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u322 (2022-01-18):
===========================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u322
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
* Security fixes
- JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
- JDK-8268488: More valuable DerValues
- JDK-8268494: Better inlining of inlined interfaces
- JDK-8268512: More content for ContentInfo
- JDK-8268795: Enhance digests of Jar files
- JDK-8268801: Improve PKCS attribute handling
- JDK-8268813, CVE-2022-21283: Better String matching
- JDK-8269151: Better construction of EncryptedPrivateKeyInfo
- JDK-8269944: Better HTTP transport redux
- JDK-8270392, CVE-2022-21293: Improve String constructions
- JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
- JDK-8270492, CVE-2022-21282: Better resolution of URIs
- JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
- JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
- JDK-8271962: Better TrueType font loading
- JDK-8271968: Better canonical naming
- JDK-8271987: Manifest improved manifest entries
- JDK-8272014, CVE-2022-21305: Better array indexing
- JDK-8272026, CVE-2022-21340: Verify Jar Verification
- JDK-8272236, CVE-2022-21341: Improve serial forms for transport
- JDK-8272272: Enhance jcmd communication
- JDK-8272462: Enhance image handling
- JDK-8273290: Enhance sound handling
- JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
- JDK-8273756, CVE-2022-21360: Enhance BMP image support
- JDK-8273838, CVE-2022-21365: Enhanced BMP processing
* Other changes
- JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
- JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
- JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
- JDK-8041928: MouseEvent.getModifiersEx gives wrong result
- JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
- JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
- JDK-8048021: Remove @version tag in jaxp repo
- JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
- JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
- JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
- JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
- JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
- JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
- JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
- JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
- JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
- JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
- JDK-8148915: Intermittent failures of bug6400879.java
- JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
- JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
- JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
- JDK-8182036: Load from initializing arraycopy uses wrong memory state
- JDK-8183369: RFC unconformity of HttpURLConnection with proxy
- JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
- JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
- JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
- JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
- JDK-8190793: Httpserver does not detect truncated request body
- JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
- JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
- JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
- JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
- JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
- JDK-8225083: Remove Google certificate that is expiring in December 2021
- JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
- JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
- JDK-8231438: [macOS] Dark mode for the desktop is not supported
- JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
- JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
- JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
- JDK-8236897: Fix the copyright header for pkcs11gcm2.h
- JDK-8237499: JFR: Include stack trace in the ThreadStart event
- JDK-8239886: Minimal VM build fails after JDK-8237499
- JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
- JDK-8273308: PatternMatchTest.java fails on CI
- JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- JDK-8273826: Correct Manifest file name and NPE checks
- JDK-8273968: JCK javax_xml tests fail in CI
- JDK-8274407: (tz) Update Timezone Data to 2021c
- JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
- JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
- JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
- JDK-8275766: (tz) Update Timezone Data to 2021e
- JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
- JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
Notes on individual issues:
===========================
security-libs/java.security:
JDK-8271434: Removed IdenTrust Root Certificate
===============================================
The following root certificate from IdenTrust has been removed from
the `cacerts` keystore:
Alias Name: identrustdstx3 [jdk]
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
JDK-8272535: Removed Google's GlobalSign Root Certificate
=========================================================
The following root certificate from Google has been removed from the
`cacerts` keystore:
Alias Name: globalsignr2ca [jdk]
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
core-libs/java.time:
JDK-8274857: Update Timezone Data to 2021c
===========================================
IANA Time Zone Database, on which JDK's Date/Time libraries are based,
has been updated to version 2021c
(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
that with this update, some of the time zone rules prior to the year
1970 have been modified according to the changes which were introduced
with 2021b. For more detail, refer to the announcement of 2021b
(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
New in release OpenJDK 8u312 (2021-10-19):
===========================================
Live versions of these release notes can be found at:

View File

@ -0,0 +1,23 @@
# HG changeset patch
# User zgu
# Date 1641313782 0
# Tue Jan 04 16:29:42 2022 +0000
# Node ID b694a28adaa2a602fedbc4aeba69b9c2350e7409
# Parent 3177fc2314df6deb4d4771148f27934a597dd1d7
8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
Reviewed-by: phh
diff --git openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
--- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
+++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
@@ -176,6 +176,10 @@
Thread* t = ThreadLocalStorage::get_thread_slow();
+ // Must do this before SignalHandlerMark, if crash protection installed we will longjmp away
+ // (no destructors can be run)
+ os::ThreadCrashProtection::check_crash_protection(sig, t);
+
SignalHandlerMark shm(t);
// Note: it's not uncommon that JNI code uses signal/sigset to install

View File

@ -0,0 +1,28 @@
commit 06c2decab204fcce5aca2d285953fcac1820b1ae
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Mon Jan 24 01:23:28 2022 +0000
RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
index 40ca609e02..0dafe6f59c 100644
--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
+++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
@@ -31,6 +31,7 @@ import java.io.Console;
import java.io.FileDescriptor;
import java.io.ObjectInputStream;
import java.security.ProtectionDomain;
+import java.security.Security;
import java.security.Signature;
import java.security.AccessController;
@@ -255,6 +256,9 @@ public class SharedSecrets {
}
public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
+ if (javaSecuritySystemConfiguratorAccess == null) {
+ unsafe.ensureClassInitialized(Security.class);
+ }
return javaSecuritySystemConfiguratorAccess;
}
}

View File

@ -0,0 +1,24 @@
commit 7f58a05104138ebdfd3b7b968ed67ea4c8573073
Author: Fridrich Strba <fstrba@suse.com>
Date: Mon Jan 24 01:10:57 2022 +0000
RH2021263: Return in C code after having generated Java exception
diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
index 6f4656bfcb..34d0ff0ce9 100644
--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
+++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
+ return JNI_FALSE;
}
fips_enabled = fgetc(fe);
fclose(fe);
if (fips_enabled == EOF) {
throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
+ return JNI_FALSE;
}
msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
" read character is '%c'", fips_enabled);

View File

@ -70,8 +70,10 @@
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches}
# Set of architectures which use the Zero assembler port (!jit_arches)
%global zero_arches %{arm} ppc s390 s390x
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches}
%global bootstrap_arches %{jit_arches} %{zero_arches}
# Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches}
# Set of architectures which support the serviceability agent
@ -124,9 +126,9 @@
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
%ifarch %{bootstrap_arches}
%global bootstrap_build 1
%global bootstrap_build true
%else
%global bootstrap_build 1
%global bootstrap_build false
%endif
%global bootstrap_targets images
@ -263,9 +265,9 @@
%endif
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project aarch64-port
%global shenandoah_repo jdk8u-shenandoah
%global shenandoah_revision aarch64-shenandoah-jdk8u312-b07
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
%global shenandoah_revision aarch64-shenandoah-jdk8u322-b06
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
%global repo %{shenandoah_repo}
@ -968,8 +970,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/
Requires: javapackages-filesystem
# Require zoneinfo data provided by tzdata-java subpackage.
# 2021a required as of JDK-8260356 in April CPU
Requires: tzdata-java >= 2021a
# 2021e required as of JDK-8275766 in January 2022 CPU
Requires: tzdata-java >= 2021e
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
%if ! 0%{?flatpak}
@ -1204,6 +1206,9 @@ Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
Patch1008: rh1996182-login_to_nss_software_token.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
#############################################
#
@ -1279,13 +1284,14 @@ Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
#############################################
#
# Patches appearing in 8u282
# Patches appearing in 8u332
#
# This section includes patches which are present
# in the listed OpenJDK 8u release and should be
# able to be removed once that release is out
# and used by this RPM.
#############################################
Patch700: jdk8279077-missing_crash_protector_ppc.patch
#############################################
#
@ -1362,8 +1368,8 @@ BuildRequires: java-1.8.0-openjdk-devel
%ifnarch %{jit_arches}
BuildRequires: libffi-devel
%endif
# 2021a required as of JDK-8260356 in April CPU
BuildRequires: tzdata-java >= 2021a
# 2021e required as of JDK-8275766 in January 2022 CPU
BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@ -1696,6 +1702,9 @@ sh %{SOURCE12}
%patch580
%patch539
# Upstreamed fixes
%patch700
# RPM-only fixes
%patch600
%patch1000
@ -1708,6 +1717,8 @@ sh %{SOURCE12}
%patch1007
%patch1008
%patch1011
%patch1014
%patch1015
# RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7
@ -1916,19 +1927,23 @@ installdir=%{installoutputdir -- $suffix}
bootinstalldir=boot${installdir}
# Debug builds don't need same targets as release for
# build speed-up
maketargets="%{release_targets}"
# build speed-up. We also avoid bootstrapping these
# slower builds.
if echo $debugbuild | grep -q "debug" ; then
maketargets="%{debug_targets}"
run_bootstrap=false
else
maketargets="%{release_targets}"
run_bootstrap=%{bootstrap_build}
fi
%if %{bootstrap_build}
buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
%{!?with_artifacts:rm -rf ${bootinstalldir}}
%else
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
%endif
if ${run_bootstrap} ; then
buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
%{!?with_artifacts:rm -rf ${bootinstalldir}}
else
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
fi
# Install nss.cfg right away as we will be using the JRE above
export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
@ -2450,6 +2465,30 @@ cjc.mainProgram(args)
%endif
%changelog
* Mon Jan 24 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-2
- Fix FIPS issues in native code and with initialisation of java.security.Security
- Related: rhbz#2039366
* Fri Jan 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-1
- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
- Update release notes for 8u322-b06.
- Switch to GA mode for final release.
- Require tzdata 2021e as of JDK-8275766.
- Update tarball generation script to use git following shenandoah-jdk8u's move to github
- Resolves: rhbz#2039366
* Tue Jan 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b04-0.2.ea
- Add backport of JDK-8279077 to fix crash on ppc64
- Resolves: rhbz#2030399
* Mon Jan 10 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b04-0.1.ea
- Update to aarch64-shenandoah-jdk8u322-b04 (EA)
- Update release notes for 8u322-b04.
- Require tzdata 2021c as of JDK-8274407.
- Switch to EA mode.
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
- Related: rhbz#2039366
* Fri Oct 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b07-2
- Update to aarch64-shenandoah-jdk8u312-b07 (EA)
- Update release notes for 8u312-b07.