From 0d2d49b195ce155f6f98efb5ef578b0e90b22e3e Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Thu, 16 Mar 2023 02:13:48 +0000
Subject: [PATCH] Auto sync2gitlab import of
 java-17-openjdk-17.0.6.0.10-3.el8.src.rpm

---
 .gitignore           |  1 +
 NEWS                 | 48 ++++++++++++++++++++++++++++++++++++++++++++
 java-17-openjdk.spec | 12 ++++++++---
 rpminspect.yaml      |  3 ---
 sources              |  2 +-
 5 files changed, 59 insertions(+), 7 deletions(-)
 delete mode 100644 rpminspect.yaml

diff --git a/.gitignore b/.gitignore
index 6a31e74..c5fbee8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
 /openjdk-jdk17u-jdk-17.0.6+9.tar.xz
 /tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
diff --git a/NEWS b/NEWS
index 3104608..e679dc1 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,21 @@ Live versions of these release notes can be found at:
   * https://bitly.com/openjdk1706
   * https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
 
+* CVEs
+  - CVE-2023-21835
+  - CVE-2023-21843
+* Security fixes
+  - JDK-8286070: Improve UTF8 representation
+  - JDK-8286496: Improve Thread labels
+  - JDK-8287411: Enhance DTLS performance
+  - JDK-8288516: Enhance font creation
+  - JDK-8289350: Better media supports
+  - JDK-8293554: Enhanced DH Key Exchanges
+  - JDK-8293598: Enhance InetAddress address handling
+  - JDK-8293717: Objective view of ObjectView
+  - JDK-8293734: Improve BMP image handling
+  - JDK-8293742: Better Banking of Sounds
+  - JDK-8295687: Better BMP bounds
 * Other changes
   - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
   - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
@@ -252,10 +267,12 @@ Live versions of these release notes can be found at:
   - JDK-8295554: Move the "sizecalc.h" to the correct location
   - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
   - JDK-8295714: GHA ::set-output is deprecated and will be removed
+  - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
   - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
   - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
   - JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
   - JDK-8296108: (tz) Update Timezone Data to 2022f
+  - JDK-8296239: ISO 4217 Amendment 174 Update
   - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
   - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
   - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
@@ -278,10 +295,33 @@ Live versions of these release notes can be found at:
   - JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
   - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
   - JDK-8297804: (tz) Update Timezone Data to 2022g
+  - JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6
+  - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
+  - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
 
 Notes on individual issues:
 ===========================
 
+client-libs/javax.imageio:
+
+JDK-8295687: Better BMP bounds
+==============================
+Loading a linked ICC profile within a BMP image is now disabled by
+default. To re-enable it, set the new system property
+`sun.imageio.bmp.enabledLinkedProfiles` to `true`.  This new property
+replaces the old property,
+`sun.imageio.plugins.bmp.disableLinkedProfiles`.
+
+client-libs/javax.sound:
+
+JDK-8293742: Better Banking of Sounds
+=====================================
+Previously, the SoundbankReader implementation,
+`com.sun.media.sound.JARSoundbankReader`, would download a JAR
+soundbank from a URL.  This behaviour is now disabled by default. To
+re-enable it, set the new system property `jdk.sound.jarsoundbank` to
+`true`.
+
 security-libs/java.security:
 
 JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
@@ -302,6 +342,14 @@ the same change is made in third party modules.  Developers of third
 party modules are advised to verify that their logout() method does not
 throw a NullPointerException.
 
+security-libs/javax.net.ssl:
+
+JDK-8287411: Enhance DTLS performance
+=====================================
+The JDK now exchanges DTLS cookies for all handshakes, new and
+resumed. The previous behaviour can be re-enabled by setting the new
+system property `jdk.tls.enableDtlsResumeCookie` to `false`.
+
 New in release OpenJDK 17.0.5 (2022-10-18):
 ===========================================
 Live versions of these release notes can be found at:
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index 67ffa34..85868f8 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -368,8 +368,8 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        9
-%global rpmrelease      4
+%global buildver        10
+%global rpmrelease      3
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -395,7 +395,7 @@
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           0
+%global is_ga           1
 %if %{is_ga}
 %global build_type GA
 %global ea_designator ""
@@ -2626,6 +2626,12 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Fri Jan 20 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
+- Update to jdk-17.0.6.0+10
+- Update release notes to 17.0.6.0+10
+- Switch to GA mode for release
+- Resolves: rhbz#2160111
+
 * Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.4.ea
 - Update FIPS support to bring in latest changes
 - * OJ1357: Fix issue on FIPS with a SecurityManager in place
diff --git a/rpminspect.yaml b/rpminspect.yaml
deleted file mode 100644
index 8b4fa58..0000000
--- a/rpminspect.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-inspections:
-    javabytecode: off
diff --git a/sources b/sources
index 5be523a..14c80c4 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (openjdk-jdk17u-jdk-17.0.6+9.tar.xz) = bad612ec3b5cf9287b4fdfa4ae6618751e9d50e9347c66c87af9d9eba06276ef1c95abb1b72f381bc629d0e7f2a520fdd26cb6d7f782c517a16102c7dd236ca2
+SHA512 (openjdk-jdk17u-jdk-17.0.6+10.tar.xz) = 2878aae52e2f49146b9631e3b0379370dce1a0a620dc5c5b763d1432b82e705e3aa33a83008391b4845bf0cb493b08179e7ac3419f597fb80fd65df393e12cf1
 SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30