From 32e1bc999a0ba4b9fff4d74989436c36250d2f7c Mon Sep 17 00:00:00 2001
From: Andrew Hughes <gnu.andrew@redhat.com>
Date: Wed, 11 Jan 2023 04:10:47 +0000
Subject: [PATCH] Update to jdk-11.0.18+10 (GA)

Update release notes to 11.0.18+10
Switch to GA mode for release
---
 .gitignore           |  1 +
 NEWS                 | 49 ++++++++++++++++++++++++++++++++++++++++++++
 java-11-openjdk.spec | 11 +++++++---
 sources              |  2 +-
 4 files changed, 59 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index e16dfe2..b7d57f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -112,3 +112,4 @@
 /openjdk-jdk11u-jdk-11.0.17+8-4curve.tar.xz
 /openjdk-jdk11u-jdk-11.0.18+1-4curve.tar.xz
 /openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz
+/openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz
diff --git a/NEWS b/NEWS
index 28e8529..e03d474 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,21 @@ Live versions of these release notes can be found at:
   * https://bit.ly/openjdk11018
   * https://builds.shipilev.net/backports-monitor/release-notes-11.0.18.html
 
+* CVEs
+  - CVE-2023-21835
+  - CVE-2023-21843
+* Security fixes
+  - JDK-8286070: Improve UTF8 representation
+  - JDK-8286496: Improve Thread labels
+  - JDK-8287411: Enhance DTLS performance
+  - JDK-8288516: Enhance font creation
+  - JDK-8289350: Better media supports
+  - JDK-8293554: Enhanced DH Key Exchanges
+  - JDK-8293598: Enhance InetAddress address handling
+  - JDK-8293717: Objective view of ObjectView
+  - JDK-8293734: Improve BMP image handling
+  - JDK-8293742: Better Banking of Sounds
+  - JDK-8295687: Better BMP bounds
 * Other changes
   - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException
   - JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider
@@ -202,9 +217,11 @@ Live versions of these release notes can be found at:
   - JDK-8295554: Move the "sizecalc.h" to the correct location
   - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
   - JDK-8295714: GHA ::set-output is deprecated and will be removed
+  - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
   - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
   - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
   - JDK-8296108: (tz) Update Timezone Data to 2022f
+  - JDK-8296239: ISO 4217 Amendment 174 Update
   - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
   - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
   - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
@@ -219,10 +236,34 @@ Live versions of these release notes can be found at:
   - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
   - JDK-8297804: (tz) Update Timezone Data to 2022g
   - JDK-8298737: 8296772 backport to jdk11u caused build error on sparc
+  - JDK-8299393: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18
+  - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
+  - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
+  - JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport
 
 Notes on individual issues:
 ===========================
 
+client-libs/javax.imageio:
+
+JDK-8295687: Better BMP bounds
+==============================
+Loading a linked ICC profile within a BMP image is now disabled by
+default. To re-enable it, set the new system property
+`sun.imageio.bmp.enabledLinkedProfiles` to `true`.  This new property
+replaces the old property,
+`sun.imageio.plugins.bmp.disableLinkedProfiles`.
+
+client-libs/javax.sound:
+
+JDK-8293742: Better Banking of Sounds
+=====================================
+Previously, the SoundbankReader implementation,
+`com.sun.media.sound.JARSoundbankReader`, would download a JAR
+soundbank from a URL.  This behaviour is now disabled by default. To
+re-enable it, set the new system property `jdk.sound.jarsoundbank` to
+`true`.
+
 security-libs/javax.crypto:
 
 JDK-6782021: Windows KeyStore Updated to Include Access to the Local Machine Location
@@ -260,6 +301,14 @@ the same change is made in third party modules.  Developers of third
 party modules are advised to verify that their logout() method does not
 throw a NullPointerException.
 
+security-libs/javax.net.ssl:
+
+JDK-8287411: Enhance DTLS performance
+=====================================
+The JDK now exchanges DTLS cookies for all handshakes, new and
+resumed. The previous behaviour can be re-enabled by setting the new
+system property `jdk.tls.enableDtlsResumeCookie` to `false`.
+
 New in release OpenJDK 11.0.17 (2022-10-18):
 =============================================
 Live versions of these release notes can be found at:
diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 768d6c6..4997423 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -377,7 +377,7 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        9
+%global buildver        10
 %global rpmrelease      1
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
@@ -406,7 +406,7 @@
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           0
+%global is_ga           1
 %if %{is_ga}
 %global ea_designator ""
 %global ea_designator_zip ""
@@ -1306,7 +1306,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
 
 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -2715,6 +2715,11 @@ end
 %endif
 
 %changelog
+* Thu Jan 26 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.18.0.10-1
+- Update to jdk-11.0.18+10 (GA)
+- Update release notes to 11.0.18+10
+- Switch to GA mode for release
+
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:11.0.18.0.9-0.1.ea.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 
diff --git a/sources b/sources
index 412862d..5ea198a 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz) = ab6149bd4459124e1993eb837f76076d07e8c363016dd69a5dc1176990d6337aeed1fc1afa499aaefad44885b03147baa58db13f6768d178c9336da6c4756599
+SHA512 (openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz) = c946ec14e1fb4ec40269e0928734368a6d68712549ae450e346d53ab1ae553a280402c6c7e346c859a3e65ec83fc1adefbad733fe8d5e89f0b6d43314558a0b5