rpms
/
java-1.8.0-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import java-1.8.0-openjdk-1.8.0.362.b01-0.3.ea.el8

This commit is contained in:
CentOS Sources 2023-01-16 14:09:15 +00:00 committed by Stepan Oksanichenko
parent ccc876292f
commit f78aa278bd
6 changed files with 167 additions and 140 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b01-4curve.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz

2
.java-1.8.0-openjdk.metadata
View File

@ -1,2 +1,2 @@
11e3bf44f3c54d25e2018fc7df16c231daf041c5 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz
530cbd11e7e26a8f38fe26dbffc405c55d526808 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b01-4curve.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

52
SOURCES/NEWS
View File

@ -3,6 +3,45 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u362 (2022-01-17):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u362
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u362.html
* Other changes
- JDK-8054066: com/sun/jdi/DoubleAgentTest.java fails with timeout
- JDK-8067941: [TESTBUG] Fix tests for OS with 64K page size.
- JDK-8071530: Update OS detection code to reflect Windows 10 version change
- JDK-8148005: One byte may be corrupted by get_datetime_string()
- JDK-8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
- JDK-8206456: [TESTBUG] docker jtreg tests fail on systems without cpuset.effective_cpus / cpuset.effective_mems
- JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
- JDK-8265527: tools/javac/diags/CheckExamples.java fails after JDK-8078024 8u backport
- JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0
- JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
- JDK-8273176: handle latest VS2019 in abstract_vm_version
- JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
- JDK-8274840: Update OS detection code to recognize Windows 11
- JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode
- JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041)
- JDK-8292762: Remove .jcheck directories from jdk8u subcomponents
- JDK-8293181: Bump update version of OpenJDK: 8u362
- JDK-8293461: Add a test for JDK-8290832
- JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening
- JDK-8294863: Enable partial tier1 testing in GHA for JDK8
- JDK-8295164: JDK 8 jdi tests should not use tasklist command on Windows
Notes on individual issues:
===========================
hotspot/runtime:
JDK-8274840: Release Now Recognises Windows 11
==============================================
This release now correctly sets the `os.name` property to `Windows
11`, as would be expected.
New in release OpenJDK 8u352 (2022-10-18):
===========================================
Live versions of these release notes can be found at:
@ -108,6 +147,19 @@ change might only impact existing code that would depend on
PhantomReference being enqueued rather than when the referent be freed
from the heap.
core-libs/java.net:
JDK-8286918: Better HttpServer service
======================================
The HttpServer can be optionally configured with a maximum connection
limit by setting the jdk.httpserver.maxConnections system property. A
value of 0 or a negative integer is ignored and considered to
represent no connection limit. In the case of a positive integer
value, any newly accepted connections will be first checked against
the current count of established connections and, if the configured
limit has been reached, then the newly accepted connection will be
closed immediately.
security-libs/javax.net.ssl:
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles

125
SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
View File

@ -1,125 +0,0 @@
# HG changeset patch
# User mbalao
# Date 1529971845 -28800
# Tue Jun 26 08:10:45 2018 +0800
# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc
# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff
8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Reviewed-by: valeriep, weijun
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java
@@ -197,7 +197,7 @@
if (configDir != null) {
String configDirPath = null;
- String sqlPrefix = "sql:/";
+ String sqlPrefix = "sql:";
if (!configDir.startsWith(sqlPrefix)) {
configDirPath = configDir;
} else {
diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
--- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
+++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c
@@ -69,9 +69,14 @@
int res = 0;
FPTR_Initialize initialize =
(FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize");
+ #ifdef SECMOD_DEBUG
+ FPTR_GetError getError =
+ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError");
+ #endif // SECMOD_DEBUG
unsigned int flags = 0x00;
const char *configDir = NULL;
const char *functionName = NULL;
+ const char *configFile = NULL;
/* If we cannot initialize, exit now */
if (initialize == NULL) {
@@ -97,13 +102,18 @@
flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag
}
+ configFile = "secmod.db";
+ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) {
+ configFile = "pkcs11.txt";
+ }
+
/*
* If the NSS_Init function is requested then call NSS_Initialize to
* open the Cert, Key and Security Module databases, read only.
*/
if (strcmp("NSS_Init", functionName) == 0) {
flags = flags | 0x01; // NSS_INIT_READONLY flag
- res = initialize(configDir, "", "", "secmod.db", flags);
+ res = initialize(configDir, "", "", configFile, flags);
/*
* If the NSS_InitReadWrite function is requested then call
@@ -111,7 +121,7 @@
* read/write.
*/
} else if (strcmp("NSS_InitReadWrite", functionName) == 0) {
- res = initialize(configDir, "", "", "secmod.db", flags);
+ res = initialize(configDir, "", "", configFile, flags);
/*
* If the NSS_NoDB_Init function is requested then call
@@ -137,6 +147,13 @@
(*env)->ReleaseStringUTFChars(env, jConfigDir, configDir);
}
dprintf1("-res: %d\n", res);
+ #ifdef SECMOD_DEBUG
+ if (res == -1) {
+ if (getError != NULL) {
+ dprintf1("-NSS error: %d\n", getError());
+ }
+ }
+ #endif // SECMOD_DEBUG
return (res == 0) ? JNI_TRUE : JNI_FALSE;
}
diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
--- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
+++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h
@@ -34,6 +34,10 @@
const char *certPrefix, const char *keyPrefix,
const char *secmodName, unsigned int flags);
+#ifdef SECMOD_DEBUG
+typedef int (*FPTR_GetError)(void);
+#endif //SECMOD_DEBUG
+
// in secmod.h
//extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
// PRBool recurse);
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
new file mode 100644
--- /dev/null
+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt
@@ -0,0 +1,4 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription=''
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
--- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java
+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java
@@ -55,7 +55,7 @@
DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb";
if (useSqlite) {
- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR);
+ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR);
} else {
System.setProperty("pkcs11test.nss.db", DBDIR);
}
@@ -67,6 +67,7 @@
if (useSqlite) {
copyFile("key4.db", BASE, DBDIR);
copyFile("cert9.db", BASE, DBDIR);
+ copyFile("pkcs11.txt", BASE, DBDIR);
} else {
copyFile("secmod.db", BASE, DBDIR);
copyFile("key3.db", BASE, DBDIR);

82
SOURCES/jdk8255559-rh2124390-file_descriptor_leak.patch Normal file
View File

@ -0,0 +1,82 @@
commit db11331cd62ad8bc4f5454c33a42280f419909d2
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Wed Nov 9 15:49:09 2022 +0000
Backport d53072236c503295b893efa6372c869ac84fa688
diff --git a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
index c4cac5351cc..53de0490c5b 100644
--- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
+++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
@@ -500,38 +500,44 @@ public final class DOMReference extends DOMStructure
}
boolean secVal = Utils.secureValidation(context);
- xi.setSecureValidation(secVal);
- if (context instanceof XMLSignContext && c14n11
- && !xi.isOctetStream() && !xi.isOutputStreamSet()) {
- TransformService spi = null;
- if (provider == null) {
- spi = TransformService.getInstance(c14nalg, "DOM");
- } else {
- try {
- spi = TransformService.getInstance(c14nalg, "DOM", provider);
- } catch (NoSuchAlgorithmException nsae) {
+ try {
+ xi.setSecureValidation(secVal);
+ if (context instanceof XMLSignContext && c14n11
+ && !xi.isOctetStream() && !xi.isOutputStreamSet()) {
+ TransformService spi = null;
+ if (provider == null) {
spi = TransformService.getInstance(c14nalg, "DOM");
+ } else {
+ try {
+ spi = TransformService.getInstance(c14nalg, "DOM", provider);
+ } catch (NoSuchAlgorithmException nsae) {
+ spi = TransformService.getInstance(c14nalg, "DOM");
+ }
}
- }
- DOMTransform t = new DOMTransform(spi);
- Element transformsElem = null;
- String dsPrefix = DOMUtils.getSignaturePrefix(context);
- if (allTransforms.isEmpty()) {
- transformsElem = DOMUtils.createElement(
- refElem.getOwnerDocument(),
- "Transforms", XMLSignature.XMLNS, dsPrefix);
- refElem.insertBefore(transformsElem,
- DOMUtils.getFirstChildElement(refElem));
+ DOMTransform t = new DOMTransform(spi);
+ Element transformsElem = null;
+ String dsPrefix = DOMUtils.getSignaturePrefix(context);
+ if (allTransforms.isEmpty()) {
+ transformsElem = DOMUtils.createElement(
+ refElem.getOwnerDocument(),
+ "Transforms", XMLSignature.XMLNS, dsPrefix);
+ refElem.insertBefore(transformsElem,
+ DOMUtils.getFirstChildElement(refElem));
+ } else {
+ transformsElem = DOMUtils.getFirstChildElement(refElem);
+ }
+ t.marshal(transformsElem, dsPrefix,
+ (DOMCryptoContext) context);
+ allTransforms.add(t);
+ xi.updateOutputStream(os, true);
} else {
- transformsElem = DOMUtils.getFirstChildElement(refElem);
+ xi.updateOutputStream(os);
+ }
+ } finally {
+ if(xi.getOctetStreamReal() != null) {
+ xi.getOctetStreamReal().close();
}
- t.marshal(transformsElem, dsPrefix,
- (DOMCryptoContext)context);
- allTransforms.add(t);
- xi.updateOutputStream(os, true);
- } else {
- xi.updateOutputStream(os);
}
}
os.flush();

44
SPECS/java-1.8.0-openjdk.spec
View File

@ -313,7 +313,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u352-b08
%global openjdk_revision jdk8u362-b01
%global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
@ -332,12 +332,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 2
%global rpmrelease 3
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@ -1446,10 +1446,10 @@ Patch202: jdk8035341-allow_using_system_installed_libpng.patch
# 8042159: Allow using a system-installed lcms2
Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch
Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1
Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch581: jdk8257794-remove_broken_assert.patch
# JDK-8255559, RH2124390: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
Patch582: jdk8255559-rh2124390-file_descriptor_leak.patch
#############################################
#
@ -1884,7 +1884,6 @@ sh %{SOURCE12}
%patch571
%patch574
%patch112
%patch580
%patch581
%patch113
@ -1898,6 +1897,8 @@ pushd %{top_level_dir_name}
# tzdata updates targetted for 8u362
%patch2002 -p1
%patch2003 -p1
# fix for file leak in XML code
%patch582 -p1
popd
# RPM-only fixes
@ -2218,10 +2219,6 @@ export SEC_DEBUG="-Djava.security.debug=properties"
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Check java launcher has no SSB mitigation
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
@ -2232,6 +2229,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
%endif
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Check translations are available for new timezones
$JAVA_HOME/bin/javac -d . %{SOURCE18}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
@ -2705,15 +2706,32 @@ cjc.mainProgram(args)
%endif
%changelog
* Sun Oct 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b08-2
* Tue Jan 10 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.362.b01-0.3.ea
- Update to shenandoah-jdk8u362-b01 (EA)
- Update release notes for shenandoah-8u362-b01.
- Switch to EA mode for 8u362 pre-release builds.
- Drop JDK-8195607/PR3776/RH1760437 now this is upstream
- Related: rhbz#2150193
* Thu Nov 10 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b08-3
- Add backport of JDK-8255559 to fix file descriptor leak in XML code
- Resolves: rhbz#2124390
* Wed Oct 19 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b08-2
- Update to shenandoah-jdk8u352-b08 (GA)
- Update release notes for shenandoah-8u352-b08.
- Rebase FIPS patch against 8u352-b07
- Switch to GA mode for final release.
- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
- Add test to ensure timezones can be translated
- * This tarball is embargoed until 2022-10-18 @ 1pm PT. *
- Resolves: rhbz#2133695
* Wed Oct 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b07-0.2.ea
- Update to shenandoah-jdk8u352-b07 (EA)
- Update release notes for shenandoah-8u352-b07.
- Switch to EA mode for 8u352 pre-release builds.
- Rebase FIPS patch against 8u352-b07
- Resolves: rhbz#2130612
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.345.b01-5
- Switch to static builds, reducing system dependencies and making build more portable
- Resolves: rhbz#2048542