import java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
+SOURCES/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
 SOURCES/tapsets-icedtea-3.15.0.tar.xz

.java-1.8.0-openjdk.metadata

@@ -1,2 +1,2 @@
-097b9b3d7dc423db2c9a6ef554370fb77d614952 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u312-b07-4curve.tar.xz
+c54dd40b6deb5defa8d4d7132d650080d0e300f4 SOURCES/openjdk-shenandoah-jdk8u-aarch64-shenandoah-jdk8u322-b06-4curve.tar.xz
 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

SOURCES/NEWS

@@ -3,6 +3,132 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
+New in release OpenJDK 8u322 (2022-01-18):
+===========================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk8u322
+  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
+
+* Security fixes
+  - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+  - JDK-8268488: More valuable DerValues
+  - JDK-8268494: Better inlining of inlined interfaces
+  - JDK-8268512: More content for ContentInfo
+  - JDK-8268795: Enhance digests of Jar files
+  - JDK-8268801: Improve PKCS attribute handling
+  - JDK-8268813, CVE-2022-21283: Better String matching
+  - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+  - JDK-8269944: Better HTTP transport redux
+  - JDK-8270392, CVE-2022-21293: Improve String constructions
+  - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+  - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+  - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+  - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+  - JDK-8271962: Better TrueType font loading
+  - JDK-8271968: Better canonical naming
+  - JDK-8271987: Manifest improved manifest entries
+  - JDK-8272014, CVE-2022-21305: Better array indexing
+  - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+  - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+  - JDK-8272272: Enhance jcmd communication
+  - JDK-8272462: Enhance image handling
+  - JDK-8273290: Enhance sound handling
+  - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
+  - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+  - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
+* Other changes
+  - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
+  - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
+  - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
+  - JDK-8041928: MouseEvent.getModifiersEx gives wrong result
+  - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
+  - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
+  - JDK-8048021: Remove @version tag in jaxp repo
+  - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
+  - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
+  - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
+  - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
+  - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
+  - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
+  - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
+  - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
+  - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
+  - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
+  - JDK-8148915: Intermittent failures of bug6400879.java
+  - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
+  - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
+  - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
+  - JDK-8182036: Load from initializing arraycopy uses wrong memory state
+  - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
+  - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
+  - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
+  - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
+  - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
+  - JDK-8190793: Httpserver does not detect truncated request body
+  - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
+  - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
+  - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
+  - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
+  - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
+  - JDK-8225083: Remove Google certificate that is expiring in December 2021
+  - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
+  - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
+  - JDK-8231438: [macOS] Dark mode for the desktop is not supported
+  - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
+  - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
+  - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
+  - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
+  - JDK-8237499: JFR: Include stack trace in the ThreadStart event
+  - JDK-8239886: Minimal VM build fails after JDK-8237499
+  - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
+  - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
+  - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+  - JDK-8273308: PatternMatchTest.java fails on CI
+  - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+  - JDK-8273826: Correct Manifest file name and NPE checks
+  - JDK-8273968: JCK javax_xml tests fail in CI
+  - JDK-8274407: (tz) Update Timezone Data to 2021c
+  - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+  - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
+  - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
+  - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+  - JDK-8275766: (tz) Update Timezone Data to 2021e
+  - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+  - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8271434: Removed IdenTrust Root Certificate
+===============================================
+The following root certificate from IdenTrust has been removed from
+the `cacerts` keystore:
+
+Alias Name: identrustdstx3 [jdk]
+Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
+
+JDK-8272535: Removed Google's GlobalSign Root Certificate
+=========================================================
+The following root certificate from Google has been removed from the
+`cacerts` keystore:
+
+Alias Name: globalsignr2ca [jdk]
+Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+
+core-libs/java.time:
+
+JDK-8274857:  Update Timezone Data to 2021c
+===========================================
+IANA Time Zone Database, on which JDK's Date/Time libraries are based,
+has been updated to version 2021c
+(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
+that with this update, some of the time zone rules prior to the year
+1970 have been modified according to the changes which were introduced
+with 2021b. For more detail, refer to the announcement of 2021b
+(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
+
 New in release OpenJDK 8u312 (2021-10-19):
 ===========================================
 Live versions of these release notes can be found at:

SOURCES/jdk8279077-missing_crash_protector_ppc.patch

@@ -0,0 +1,23 @@
+# HG changeset patch
+# User zgu
+# Date 1641313782 0
+#      Tue Jan 04 16:29:42 2022 +0000
+# Node ID b694a28adaa2a602fedbc4aeba69b9c2350e7409
+# Parent  3177fc2314df6deb4d4771148f27934a597dd1d7
+8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
+Reviewed-by: phh
+
+diff --git openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
+--- openjdk.orig/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
++++ openjdk/hotspot/src/os_cpu/linux_ppc/vm/os_linux_ppc.cpp
+@@ -176,6 +176,10 @@
+ 
+   Thread* t = ThreadLocalStorage::get_thread_slow();
+ 
++  // Must do this before SignalHandlerMark, if crash protection installed we will longjmp away
++  // (no destructors can be run)
++  os::ThreadCrashProtection::check_crash_protection(sig, t);
++
+   SignalHandlerMark shm(t);
+ 
+   // Note: it's not uncommon that JNI code uses signal/sigset to install

SOURCES/rh2021263-fips_ensure_security_initialised.patch

@@ -0,0 +1,28 @@
+commit 06c2decab204fcce5aca2d285953fcac1820b1ae
+Author: Andrew John Hughes <andrew@openjdk.org>
+Date:   Mon Jan 24 01:23:28 2022 +0000
+
+    RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+index 40ca609e02..0dafe6f59c 100644
+--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java
++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java
+@@ -31,6 +31,7 @@ import java.io.Console;
+ import java.io.FileDescriptor;
+ import java.io.ObjectInputStream;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+ 
+ import java.security.AccessController;
+@@ -255,6 +256,9 @@ public class SharedSecrets {
+     }
+ 
+     public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++        if (javaSecuritySystemConfiguratorAccess == null) {
++            unsafe.ensureClassInitialized(Security.class);
++        }
+         return javaSecuritySystemConfiguratorAccess;
+     }
+ }

SOURCES/rh2021263-fips_missing_native_returns.patch

@@ -0,0 +1,24 @@
+commit 7f58a05104138ebdfd3b7b968ed67ea4c8573073
+Author: Fridrich Strba <fstrba@suse.com>
+Date:   Mon Jan 24 01:10:57 2022 +0000
+
+    RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c openjdk/jdk/src/solaris/native/java/security/systemconf.c
+index 6f4656bfcb..34d0ff0ce9 100644
+--- openjdk.orig/jdk/src/solaris/native/java/security/systemconf.c
++++ openjdk/jdk/src/solaris/native/java/security/systemconf.c
+@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+     dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+     if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+         throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++        return JNI_FALSE;
+     }
+     fips_enabled = fgetc(fe);
+     fclose(fe);
+     if (fips_enabled == EOF) {
+         throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++        return JNI_FALSE;
+     }
+     msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+             " read character is '%c'", fips_enabled);

SPECS/java-1.8.0-openjdk.spec

@@ -70,8 +70,10 @@
 %global fastdebug_arches x86_64 ppc64le aarch64
 # Set of architectures with a Just-In-Time (JIT) compiler
 %global jit_arches      %{debug_arches}
+# Set of architectures which use the Zero assembler port (!jit_arches)
+%global zero_arches %{arm} ppc s390 s390x
 # Set of architectures which run a full bootstrap cycle
-%global bootstrap_arches %{jit_arches}
+%global bootstrap_arches %{jit_arches} %{zero_arches}
 # Set of architectures which support SystemTap tapsets
 %global systemtap_arches %{jit_arches}
 # Set of architectures which support the serviceability agent
@@ -124,9 +126,9 @@
 %global build_loop  %{slowdebug_build} %{fastdebug_build} %{normal_build}
 
 %ifarch %{bootstrap_arches}
-%global bootstrap_build 1
+%global bootstrap_build true
 %else
-%global bootstrap_build 1
+%global bootstrap_build false
 %endif
 
 %global bootstrap_targets images
@@ -263,9 +265,9 @@
 %endif
 
 # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
-%global shenandoah_project	aarch64-port
-%global shenandoah_repo		jdk8u-shenandoah
-%global shenandoah_revision    	aarch64-shenandoah-jdk8u312-b07
+%global shenandoah_project	openjdk
+%global shenandoah_repo		shenandoah-jdk8u
+%global shenandoah_revision    	aarch64-shenandoah-jdk8u322-b06
 # Define old aarch64/jdk8u tree variables for compatibility
 %global project         %{shenandoah_project}
 %global repo            %{shenandoah_repo}
@@ -968,8 +970,8 @@ Requires: ca-certificates
 # Require javapackages-filesystem for ownership of /usr/lib/jvm/
 Requires: javapackages-filesystem
 # Require zoneinfo data provided by tzdata-java subpackage.
-# 2021a required as of JDK-8260356 in April CPU
-Requires: tzdata-java >= 2021a
+# 2021e required as of JDK-8275766 in January 2022 CPU
+Requires: tzdata-java >= 2021e
 # libsctp.so.1 is being `dlopen`ed on demand
 Requires: lksctp-tools%{?_isa}
 %if ! 0%{?flatpak}
@@ -1204,6 +1206,9 @@ Patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch
 Patch1008: rh1996182-login_to_nss_software_token.patch
 # RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
 Patch1011: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
 
 #############################################
 #
@@ -1279,13 +1284,14 @@ Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
 
 #############################################
 #
-# Patches appearing in 8u282
+# Patches appearing in 8u332
 #
 # This section includes patches which are present
 # in the listed OpenJDK 8u release and should be
 # able to be removed once that release is out
 # and used by this RPM.
 #############################################
+Patch700: jdk8279077-missing_crash_protector_ppc.patch
 
 #############################################
 #
@@ -1362,8 +1368,8 @@ BuildRequires: java-1.8.0-openjdk-devel
 %ifnarch %{jit_arches}
 BuildRequires: libffi-devel
 %endif
-# 2021a required as of JDK-8260356 in April CPU
-BuildRequires: tzdata-java >= 2021a
+# 2021e required as of JDK-8275766 in January 2022 CPU
+BuildRequires: tzdata-java >= 2021e
 # Earlier versions have a bug in tree vectorization on PPC
 BuildRequires: gcc >= 4.8.3-8
 
@@ -1696,6 +1702,9 @@ sh %{SOURCE12}
 %patch580
 %patch539
 
+# Upstreamed fixes
+%patch700
+
 # RPM-only fixes
 %patch600
 %patch1000
@@ -1708,6 +1717,8 @@ sh %{SOURCE12}
 %patch1007
 %patch1008
 %patch1011
+%patch1014
+%patch1015
 
 # RHEL-only patches
 %if ! 0%{?fedora} && 0%{?rhel} <= 7
@@ -1916,19 +1927,23 @@ installdir=%{installoutputdir -- $suffix}
 bootinstalldir=boot${installdir}
 
 # Debug builds don't need same targets as release for
-# build speed-up
-maketargets="%{release_targets}"
+# build speed-up. We also avoid bootstrapping these
+# slower builds.
 if echo $debugbuild | grep -q "debug" ; then
   maketargets="%{debug_targets}"
+  run_bootstrap=false
+else
+  maketargets="%{release_targets}"
+  run_bootstrap=%{bootstrap_build}
 fi
 
-%if %{bootstrap_build}
-buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
-buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
-%{!?with_artifacts:rm -rf ${bootinstalldir}}
-%else
-buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
-%endif
+if ${run_bootstrap} ; then
+  buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild}
+  buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild}
+  %{!?with_artifacts:rm -rf ${bootinstalldir}}
+else
+  buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild}
+fi
 
 # Install nss.cfg right away as we will be using the JRE above
 export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
@@ -2450,6 +2465,30 @@ cjc.mainProgram(args)
 %endif
 
 %changelog
+* Mon Jan 24 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-2
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+- Related: rhbz#2039366
+
+* Fri Jan 21 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b06-1
+- Update to aarch64-shenandoah-jdk8u322-b06 (EA)
+- Update release notes for 8u322-b06.
+- Switch to GA mode for final release.
+- Require tzdata 2021e as of JDK-8275766.
+- Update tarball generation script to use git following shenandoah-jdk8u's move to github
+- Resolves: rhbz#2039366
+
+* Tue Jan 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b04-0.2.ea
+- Add backport of JDK-8279077 to fix crash on ppc64
+- Resolves: rhbz#2030399
+
+* Mon Jan 10 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.322.b04-0.1.ea
+- Update to aarch64-shenandoah-jdk8u322-b04 (EA)
+- Update release notes for 8u322-b04.
+- Require tzdata 2021c as of JDK-8274407.
+- Switch to EA mode.
+- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
+- Related: rhbz#2039366
+
 * Fri Oct 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.312.b07-2
 - Update to aarch64-shenandoah-jdk8u312-b07 (EA)
 - Update release notes for 8u312-b07.