diff --git a/.gitignore b/.gitignore index 8ec9570..b89a8ef 100644 --- a/.gitignore +++ b/.gitignore @@ -297,3 +297,4 @@ /shenandoah8u412-b07.tar.xz /shenandoah8u412-b08.tar.xz /shenandoah8u422-b01.tar.xz +/shenandoah8u422-b05.tar.xz diff --git a/NEWS b/NEWS index 195d4bb..80e7b13 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,23 @@ New in release OpenJDK 8u422 (2024-07-16): Live versions of these release notes can be found at: * https://bit.ly/openjdk8u422 +* CVEs + - CVE-2024-21131 + - CVE-2024-21138 + - CVE-2024-21140 + - CVE-2024-21144 + - CVE-2024-21145 + - CVE-2024-21147 +* Security fixes + - JDK-8314794: Improve UTF8 String supports + - JDK-8319859: Better symbol storage + - JDK-8320097: Improve Image transformations + - JDK-8320548: Improved loop handling + - JDK-8322106: Enhance Pack 200 loading + - JDK-8323231: Improve array management + - JDK-8323390: Enhance mask blit functionality + - JDK-8324559: Improve 2D image handling + - JDK-8325600: Better symbol storage * Other changes - JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105 - JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings @@ -15,16 +32,24 @@ Live versions of these release notes can be found at: - JDK-8159690: [TESTBUG] Mark headful tests with @key headful. - JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails - JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails + - JDK-8205407: [windows, vs<2017] C4800 after 8203197 + - JDK-8235834: IBM-943 charset encoder needs updating + - JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly" - JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled - JDK-8256152: tests fail because of ambiguous method resolution - JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 + - JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. - JDK-8268916: Tests for AffirmTrust roots - JDK-8278067: Make HttpURLConnection default keep alive timeout configurable - JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067 - JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value - JDK-8291638: Keep-Alive timeout of 0 should close connection immediately + - JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections + - JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL - JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM - JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + - JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. + - JDK-8316138: Add GlobalSign 2 TLS root certificates - JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows - JDK-8320005: Allow loading of shared objects with .a extension on AIX - JDK-8324185: [8u] Accept Xcode 12+ builds on macOS @@ -33,7 +58,11 @@ Live versions of these release notes can be found at: - JDK-8326686: Bump update version of OpenJDK: 8u422 - JDK-8327440: Fix "bad source file" error during beaninfo generation - JDK-8328809: [8u] Problem list some CA tests + - JDK-8328825: Google CAInterop test failures - JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary + - JDK-8331791: [8u] AIX build break from JDK-8320005 backport + - JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test + - JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes Notes on individual issues: =========================== @@ -54,6 +83,21 @@ server or proxy will be closed, respectively. If the server or proxy specifies a keep alive time in a "Keep-Alive" response header, this will take precedence over the values of these properties. +security-libs/java.security: + +JDK-8316138: Add GlobalSign 2 TLS root certificates +=================================================== +The following root certificates have been added to the cacerts +truststore: + +Name: GlobalSign +Alias Name: globalsignr46 +Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE + +Name: GlobalSign +Alias Name: globalsigne46 +Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE + New in release OpenJDK 8u412 (2024-04-16): =========================================== Live versions of these release notes can be found at: diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index f0f4a6c..d4f690f 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -316,7 +316,7 @@ # Define version of OpenJDK 8 used %global project openjdk %global repo shenandoah-jdk8u -%global openjdk_revision 8u422-b01 +%global openjdk_revision 8u422-b05 %global shenandoah_revision shenandoah%{openjdk_revision} # Define IcedTea version used for SystemTap tapsets and desktop files %global icedteaver 3.15.0 @@ -378,7 +378,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -2014,7 +2014,6 @@ sh %{SOURCE12} %patch -P105 # Upstreamable fixes -%patch -P502 %patch -P512 %patch -P523 %patch -P528 @@ -2024,6 +2023,9 @@ sh %{SOURCE12} %patch -P581 %patch -P541 %patch -P12 +pushd %{top_level_dir_name} +%patch -P502 -p1 +popd pushd %{top_level_dir_name} # Add crypto policy and FIPS support @@ -2935,6 +2937,15 @@ cjc.mainProgram(args) %endif %changelog +* Wed Jul 10 2024 Andrew Hughes - 1:1.8.0.422.b05-2 +- Update to shenandoah-jdk8u422-b05 (GA) +- Update release notes for shenandoah-8u422-b05. +- Rebase PR2462 patch following patched hunk being removed by JDK-8322106 +- Switch to GA mode. +- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. ** +- Resolves: RHEL-46858 +- Resolves: RHEL-47013 + * Tue Jul 09 2024 Andrew Hughes - 1:1.8.0.422.b01-0.2.ea - Update to shenandoah-jdk8u422-b01 (EA) - Update release notes for shenandoah-8u422-b01. diff --git a/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch b/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch index 5f05d73..cbb72b6 100644 --- a/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch +++ b/pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch @@ -7,10 +7,10 @@ 8074839: Resolve disabled warnings for libunpack and the unpack200 binary Reviewed-by: dholmes, ksrini -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h index bdaf95a2f6a..60c5b4f2a69 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h @@ -63,7 +63,7 @@ struct bytes { bytes res; res.ptr = ptr + beg; @@ -20,10 +20,10 @@ index bdaf95a2f6a..60c5b4f2a69 100644 return res; } // building C strings inside byte buffers: -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp index 5fbc7261fb3..4c002e779d8 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp @@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject if (uPtr->aborting()) { @@ -50,10 +50,10 @@ index 5fbc7261fb3..4c002e779d8 100644 const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); CHECK_EXCEPTION_RETURN_VALUE(prop, false); const char* value = env->GetStringUTFChars(pValue, JNI_FALSE); -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp index 6fbc43a18ae..722c8baaff0 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp @@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) { return progname; } @@ -104,10 +104,10 @@ index 6fbc43a18ae..722c8baaff0 100644 } } -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp -index 56f391b1e87..f0a25f8cd20 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +index a585535c513..8df3fade499 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp @@ -225,9 +225,9 @@ struct entry { } @@ -120,7 +120,7 @@ index 56f391b1e87..f0a25f8cd20 100644 #endif }; -@@ -718,13 +718,13 @@ void unpacker::read_file_header() { +@@ -719,13 +719,13 @@ void unpacker::read_file_header() { // Now we can size the whole archive. // Read everything else into a mega-buffer. rp = hdr.rp; @@ -138,7 +138,7 @@ index 56f391b1e87..f0a25f8cd20 100644 abort("EOF reading fixed input buffer"); return; } -@@ -738,7 +738,7 @@ void unpacker::read_file_header() { +@@ -739,7 +739,7 @@ void unpacker::read_file_header() { return; } input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), @@ -147,7 +147,7 @@ index 56f391b1e87..f0a25f8cd20 100644 CHECK; assert(input.limit()[0] == 0); // Move all the bytes we read initially into the real buffer. -@@ -961,13 +961,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { +@@ -962,13 +962,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { nentries = next_entry; // place a limit on future CP growth: @@ -163,18 +163,7 @@ index 56f391b1e87..f0a25f8cd20 100644 // Note that this CP does not include "empty" entries // for longs and doubles. Those are introduced when -@@ -985,8 +985,9 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { - } - - // Initialize *all* our entries once -- for (int i = 0 ; i < maxentries ; i++) -+ for (uint i = 0 ; i < maxentries ; i++) { - entries[i].outputIndex = REQUESTED_NONE; -+ } - - initGroupIndexes(); - // Initialize hashTab to a generous power-of-two size. -@@ -3681,21 +3682,22 @@ void cpool::computeOutputIndexes() { +@@ -3694,21 +3694,22 @@ void cpool::computeOutputIndexes() { unpacker* debug_u; @@ -201,7 +190,7 @@ index 56f391b1e87..f0a25f8cd20 100644 case CONSTANT_Signature: if (value.b.ptr == null) return ref(0)->string(); -@@ -3715,26 +3717,28 @@ char* entry::string() { +@@ -3728,26 +3729,28 @@ char* entry::string() { break; default: if (nrefs == 0) { @@ -239,10 +228,10 @@ index 56f391b1e87..f0a25f8cd20 100644 } void print_cp_entries(int beg, int end) { -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h -index cec7a88b24e..ed5f3336a59 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +index 4ec595333c4..aad0c971ef2 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h @@ -209,7 +209,7 @@ struct unpacker { byte* rp; // read pointer (< rplimit <= input.limit()) byte* rplimit; // how much of the input block has been read? @@ -252,10 +241,10 @@ index cec7a88b24e..ed5f3336a59 100644 // callback to read at least one byte, up to available input typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen); -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp -index e5197e1a3f1..40a10055ea5 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +index da39a589545..1281d8b25c8 100644 +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp @@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger int assert_failed(const char* p) { char message[1<<12]; @@ -265,10 +254,10 @@ index e5197e1a3f1..40a10055ea5 100644 breakpoint(); unpack_abort(message); return 0; -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp index f58c94956c0..343da3e183b 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp @@ -84,7 +84,7 @@ void jar::init(unpacker* u_) { } @@ -293,10 +282,10 @@ index f58c94956c0..343da3e183b 100644 PRINTCR((2, "writing zip comment\n")); // Write the comment. -diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h index 14ffc9d65bd..9877f6f68ca 100644 ---- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h -+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h ++++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h @@ -68,8 +68,8 @@ struct jar { } diff --git a/sources b/sources index e1b473f..0caf8f4 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671 -SHA512 (shenandoah8u422-b01.tar.xz) = 3c5f16f08f42ff5b4d060de50db53c4db9fabef004f49255752f9775030b8b15fb4864aee7b16b68e26f34c0e90f6966ab9fd3d8d69086e426678bac7fb44c5c +SHA512 (shenandoah8u422-b05.tar.xz) = 4b43e18edf4de7f69874d76eeebe16388fd8741b23924df9396a2cd9efafea23a6200224eddbec3f5056c2db54a45e95512f0ccc305589ecaa34e741c0400416