diff --git a/.gitignore b/.gitignore index c595679..00df8f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/jdk-updates-jdk11u-jdk-11.0.14+9-4curve.tar.xz +SOURCES/jdk-updates-jdk11u-jdk-11.0.14.1+1-4curve.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index 5813a51..4c5a915 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -f8da9d387162a2354eb36d9bdb6d540e84321422 SOURCES/jdk-updates-jdk11u-jdk-11.0.14+9-4curve.tar.xz +dc2a5d071dcf324a925de54709e153c6df94dd43 SOURCES/jdk-updates-jdk11u-jdk-11.0.14.1+1-4curve.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 68212a8..8069f37 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,17 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 11.0.14.1 (2022-02-08): +============================================= +Live versions of these release notes can be found at: + * https://bitly.com/openjdk110141 + * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.1.txt + +* Other changes + - JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient + - JDK-8280786: Build failure on Solaris after 8262392 + - JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1 + New in release OpenJDK 11.0.14 (2022-01-18): ============================================= Live versions of these release notes can be found at: diff --git a/SOURCES/jdk8275535-rh2053256-ldap_auth.patch b/SOURCES/jdk8275535-rh2053256-ldap_auth.patch new file mode 100644 index 0000000..7a25e4b --- /dev/null +++ b/SOURCES/jdk8275535-rh2053256-ldap_auth.patch @@ -0,0 +1,26 @@ +diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java +index 300f3682655..6f3eb6c450b 100644 +--- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java ++++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java +@@ -226,6 +226,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor + ctx = getLdapCtxFromUrl( + r.getDomainName(), url, new LdapURL(u), env); + return ctx; ++ } catch (AuthenticationException e) { ++ // do not retry on a different endpoint to avoid blocking ++ // the user if authentication credentials are wrong. ++ throw e; + } catch (NamingException e) { + // try the next element + lastException = e; +@@ -278,6 +282,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor + for (String u : urls) { + try { + return getUsingURL(u, env); ++ } catch (AuthenticationException e) { ++ // do not retry on a different URL to avoid blocking ++ // the user if authentication credentials are wrong. ++ throw e; + } catch (NamingException e) { + ex = e; + } diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 03ad81b..55bb9ed 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -298,7 +298,7 @@ %global featurever 11 %global interimver 0 %global updatever 14 -%global patchver 0 +%global patchver 1 # If you bump featurever, you must bump also vendor_version_string # Used via new version scheme. JDK 11 was # GA'ed in September 2018 => 18.9 @@ -344,7 +344,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 9 +%global buildver 1 %global rpmrelease 2 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -1264,6 +1264,8 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3695: Allow use of system crypto policy to be disabled by the user Patch7: pr3695-toggle_system_crypto_policy.patch +# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked +Patch8: jdk8275535-rh2053256-ldap_auth.patch ############################################# # @@ -1679,6 +1681,8 @@ popd # openjdk %patch1014 %patch1015 +%patch8 + # Extract systemtap tapsets %if %{with_systemtap} tar --strip-components=1 -x -I xz -f %{SOURCE8} @@ -2457,6 +2461,15 @@ end %endif %changelog +* Wed Feb 23 2022 Andrew Hughes - 1:11.0.14.1.1-2 +- Add JDK-8275535 patch to fix LDAP authentication issue. +- Resolves: rhbz#2055344 + +* Fri Feb 11 2022 Andrew Hughes - 1:11.0.14.1.1-1 +- Update to jdk-11.0.14.1+1 +- Update release notes to 11.0.14.1+1 +- Resolves: rhbz#2052809 + * Tue Jan 18 2022 Andrew Hughes - 1:11.0.14.0.9-2 - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz#2039366