diff --git a/.gitignore b/.gitignore index 45a2d96..04d7888 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-jdk17u-jdk-17.0.5+8.tar.xz +SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-17-openjdk.metadata b/.java-17-openjdk.metadata index df6a5fd..79c2f67 100644 --- a/.java-17-openjdk.metadata +++ b/.java-17-openjdk.metadata @@ -1,2 +1,2 @@ -7d985db5968fb24fbeb9ff2cd2819d63ab9ca64e SOURCES/openjdk-jdk17u-jdk-17.0.5+8.tar.xz +fc29dd4013a289be075afdcb29c8df29d1349c0d SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index df694d8..d601730 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,353 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 17.0.6 (2023-01-17): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk1706 + * https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html + +* CVEs + - CVE-2023-21835 + - CVE-2023-21843 +* Security fixes + - JDK-8286070: Improve UTF8 representation + - JDK-8286496: Improve Thread labels + - JDK-8287411: Enhance DTLS performance + - JDK-8288516: Enhance font creation + - JDK-8289350: Better media supports + - JDK-8293554: Enhanced DH Key Exchanges + - JDK-8293598: Enhance InetAddress address handling + - JDK-8293717: Objective view of ObjectView + - JDK-8293734: Improve BMP image handling + - JDK-8293742: Better Banking of Sounds + - JDK-8295687: Better BMP bounds +* Other changes + - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows + - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails + - JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails + - JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails + - JDK-8029633: Raw inner class constructor ref should not perform diamond inference + - JDK-8030121: java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java fails + - JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled + - JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails + - JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java + - JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/MultiresolutionIconTest.java + - JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout + - JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails + - JDK-8210558: serviceability/sa/TestJhsdbJstackLock.java fails to find '^\s+- waiting to lock <0x[0-9a-f]+> \(a java\.lang\.Class ...' + - JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop" + - JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs + - JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos + - JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos + - JDK-8244670: convert clhsdb "whatis" command from javascript to java + - JDK-8251466: test/java/io/File/GetXSpace.java fails on Windows with mapped network drives. + - JDK-8255439: System Tray icons get corrupted when Windows scaling changes + - JDK-8256811: Delayed/missed jdwp class unloading events + - JDK-8257722: Improve "keytool -printcert -jarfile" output + - JDK-8262721: Add Tests to verify single iteration loops are properly optimized + - JDK-8265489: Stress test times out because of long ObjectSynchronizer::monitors_iterate(...) operation + - JDK-8266082: AssertionError in Annotate.fromAnnotations with -Xdoclint + - JDK-8266519: Cleanup resolve() leftovers from BarrierSet et al + - JDK-8267138: Stray suffix when starting gtests via GTestWrapper.java + - JDK-8268033: compiler/intrinsics/bmi/verifycode/BzhiTestI2L.java fails with "fatal error: Not compilable at tier 3: CodeBuffer overflow" + - JDK-8268276: Base64 Decoding optimization for x86 using AVX-512 + - JDK-8268297: jdk/jfr/api/consumer/streaming/TestLatestEvent.java times out + - JDK-8268779: ZGC: runtime/InternalApi/ThreadCpuTimesDeadlock.java#id1 failed with "OutOfMemoryError: Java heap space" + - JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs + - JDK-8269404: Base64 Encoding optimization enhancements for x86 using AVX-512 + - JDK-8269571: NMT should print total malloc bytes and invocation count + - JDK-8269743: test/hotspot/jtreg/vmTestbase/vm/mlvm/meth/stress/jni/nativeAndMH/Test.java crash with small heap (-Xmx50m) + - JDK-8270086: ARM32-softfp: Do not load CONSTANT_double using the condy helper methods in the interpreter + - JDK-8270155: ARM32: Improve register dump in hs_err + - JDK-8270609: [TESTBUG] java/awt/print/Dialog/DialogCopies.java does not show instruction + - JDK-8270848: Redundant unsafe opmask register allocation in some instruction patterns. + - JDK-8270947: AArch64: C1: use zero_words to initialize all objects + - JDK-8271015: Split cds/SharedBaseAddress.java test into smaller parts + - JDK-8271834: TestStringDeduplicationAgeThreshold intermittent failures on Shenandoah + - JDK-8271956: AArch64: C1 build failed after JDK-8270947 + - JDK-8272094: compiler/codecache/TestStressCodeBuffers.java crashes with "failed to allocate space for trampoline" + - JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64 + - JDK-8272608: java_lang_System::allow_security_manager() doesn't set its initialization flag + - JDK-8272776: NullPointerException not reported + - JDK-8272791: java -XX:BlockZeroingLowLimit=1 crashes after 8270947 + - JDK-8272809: JFR thread sampler SI_KERNEL SEGV in metaspace::VirtualSpaceList::contains + - JDK-8273043: [TEST_BUG] Automate NimbusJTreeSelTextColor.java + - JDK-8273108: RunThese24H crashes with SEGV in markWord::displaced_mark_helper() after JDK-8268276 + - JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints + - JDK-8273380: ARM32: Default to {ldrexd,strexd} in StubRoutines::atomic_{load|store}_long + - JDK-8273459: Update code segment alignment to 64 bytes + - JDK-8273497: building.md should link to both md and html + - JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 + - JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12 + - JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction + - JDK-8273880: Zero: Print warnings when unsupported intrinsics are enabled + - JDK-8273881: Metaspace: test repeated deallocations + - JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java + - JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ImageTypes.java & show test UI + - JDK-8274160: java/awt/Window/ShapedAndTranslucentWindows/Common.java delay is too high + - JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS + - JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java + - JDK-8274527: Minimal VM build fails after JDK-8273459 + - JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening + - JDK-8274903: Zero: Support AsyncGetCallTrace + - JDK-8275170: Some jtreg sound tests should be marked with sound keyword + - JDK-8275234: java/awt/GraphicsDevice/DisplayModes/CycleDMImage.java is entered twice in ProblemList + - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked + - JDK-8275569: Add linux-aarch64 to test-make profiles + - JDK-8276108: Wrong instruction generation in aarch64 backend + - JDK-8276904: Optional.toString() is unnecessarily expensive + - JDK-8277092: TestMetaspaceAllocationMT2.java#ndebug-default fails with "RuntimeException: Committed seems high: NNNN expected at most MMMM" + - JDK-8277346: ProblemList 7 serviceability/sa tests on macosx-x64 + - JDK-8277351: ProblemList runtime/jni/checked/TestPrimitiveArrayCriticalWithBadParam.java on macosx-x64 + - JDK-8277358: Accelerate CRC32-C + - JDK-8277411: C2 fast_unlock intrinsic on AArch64 has unnecessary ownership check + - JDK-8277576: ProblemList runtime/ErrorHandling/CreateCoredumpOnCrash.java on macosx-X64 + - JDK-8277577: ProblemList compiler/onSpinWait/TestOnSpinWaitAArch64DefaultFlags.java on linux-aarch64 + - JDK-8277578: ProblemList applications/jcstress/acqrel.java on linux-aarch64 + - JDK-8277866: gc/epsilon/TestMemoryMXBeans.java failed with wrong initial heap size + - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode + - JDK-8277928: Fix compilation on macosx-aarch64 after 8276108 + - JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch" + - JDK-8278826: Print error if Shenandoah flags are empty (instead of crashing) + - JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore + - JDK-8279398: jdk/jfr/api/recording/time/TestTimeMultiple.java failed with "RuntimeException: getStopTime() > afterStop" + - JDK-8279536: jdk/nio/zipfs/ZipFSOutputStreamTest.java timed out + - JDK-8279662: serviceability/sa/ClhsdbScanOops.java can fail due to unexpected GC + - JDK-8279941: sun/security/pkcs11/Signature/TestDSAKeyLength.java fails when NSS version detection fails + - JDK-8280016: gc/g1/TestShrinkAuxiliaryData30 test fails on large machines + - JDK-8280124: Reduce branches decoding latin-1 chars from UTF-8 encoded bytes + - JDK-8280234: AArch64 "core" variant does not build after JDK-8270947 + - JDK-8280391: NMT: Correct NMT tag on CollectedHeap + - JDK-8280511: AArch64: Combine shift and negate to a single instruction + - JDK-8280554: resourcehogs/serviceability/sa/ClhsdbRegionDetailsScanOopsForG1.java can fail if GC is triggered + - JDK-8280555: serviceability/sa/TestObjectMonitorIterate.java is failing due to ObjectMonitor referencing a null Object + - JDK-8280872: Reorder code cache segments to improve code density + - JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR + - JDK-8280948: Write a regression test for JDK-4659800 + - JDK-8281296: Create a regression test for JDK-4515999 + - JDK-8281744: x86: Use short jumps in TIG::set_vtos_entry_points + - JDK-8282049: AArch64: Use ZR for integer zero immediate volatile stores + - JDK-8282276: Problem list failing two Robot Screen Capture tests + - JDK-8282347: AARCH64: Untaken branch in has_negatives stub + - JDK-8282398: EndingDotHostname.java test fails because SSL cert expired + - JDK-8282402: Create a regression test for JDK-4666101 + - JDK-8282511: Use fixed certificate validation date in SSLExampleCert template + - JDK-8282528: AArch64: Incorrect replicate2L_zero rule + - JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary + - JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/LoadUnloadGC2.java fails intermittently with exit code 1 + - JDK-8282730: LdapLoginModule throw NPE from logout method after login failure + - JDK-8282777: Create a Regression test for JDK-4515031 + - JDK-8282857: Create a regression test for JDK-4702690 + - JDK-8283059: Uninitialized warning in check_code.c with GCC 11.2 + - JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup + - JDK-8283298: Make CodeCacheSegmentSize a product flag + - JDK-8283337: Posix signal handler modification warning triggering incorrectly + - JDK-8283353: compiler/c2/cr6865031/Test.java and compiler/runtime/Test6826736.java fails on x86_32 + - JDK-8283383: [macos] a11y : Screen magnifier shows extra characters (0) at the end JButton accessibility name + - JDK-8283999: Update JMH devkit to 1.35 + - JDK-8284533: Improve InterpreterCodelet data footprint + - JDK-8284681: compiler/c2/aarch64/TestFarJump.java fails with "RuntimeException: for CodeHeap < 250MB the far jump is expected to be encoded with a single branch instruction" + - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox + - JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X + - JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation + - JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" + - JDK-8284892: java/net/httpclient/http2/TLSConnection.java fails intermittently + - JDK-8284980: Test vmTestbase/nsk/stress/except/except010.java times out with -Xcomp -XX:+DeoptimizeALot + - JDK-8285093: Introduce UTIL_ARG_WITH + - JDK-8285305: Create an automated test for JDK-4495286 + - JDK-8285373: Create an automated test for JDK-4702233 + - JDK-8285604: closed sun/java2d/GdiRendering/ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)" + - JDK-8285612: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ClippedImages.java + - JDK-8285687: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PageRangesDlgTest.java + - JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox + - JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment + - JDK-8285836: sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server" + - JDK-8286172: Create an automated test for JDK-4516019 + - JDK-8286263: compiler/c1/TestPinnedIntrinsics.java failed with "RuntimeException: testCurrentTimeMillis failed with -3" + - JDK-8286313: [macos] Voice over reads the boolean value as null in the JTable + - JDK-8286452: The array length of testSmallConstArray should be small and const + - JDK-8286460: Remove dependence on JAR filename in CDS tests + - JDK-8286551: JDK-8286460 causes tests to fail to compile in Tier2 + - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 + - JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray + - JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/DropTargetInInternalFrameTest.html times out and fails in Windows + - JDK-8286872: Refactor add/modify notification icon (TrayIcon) + - JDK-8287011: Improve container information + - JDK-8287076: Document.normalizeDocument() produces different results + - JDK-8287349: AArch64: Merge LDR instructions to improve C1 OSR performance + - JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path + - JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative + - JDK-8287740: NSAccessibilityShowMenuAction not working for text editors + - JDK-8287826: javax/accessibility/4702233/AccessiblePropertiesTest.java fails to compile + - JDK-8288132: Update test artifacts in QuoVadis CA interop tests + - JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces + - JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable + - JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding + - JDK-8288651: CDS test HelloUnload.java should not use literal string as ClassLoader name + - JDK-8289044: ARM32: missing LIR_Assembler::cmove metadata type support + - JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output + - JDK-8289257: Some custom loader tests failed due to symbol refcount not decremented + - JDK-8289301: P11Cipher should not throw out of bounds exception during padding + - JDK-8289524: Add JFR JIT restart event + - JDK-8289559: java/awt/a11y/AccessibleJPopupMenuTest.java test fails with java.lang.NullPointerException + - JDK-8289562: Change bugs.java.com and bugreport.java.com URL's to https + - JDK-8290207: Missing notice in dom.md + - JDK-8290209: jcup.md missing additional text + - JDK-8290374: Shenandoah: Remove inaccurate comment on SBS::load_reference_barrier() + - JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1 + - JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure + - JDK-8290532: Adjust PKCS11Exception and handle more PKCS11 error codes + - JDK-8290687: serviceability/sa/TestClassDump.java could leave files owned by root on macOS + - JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI" + - JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize + - JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses + - JDK-8290839: jdk/jfr/event/compiler/TestJitRestart.java failed with "RuntimeException: No JIT restart event found: expected true, was false" + - JDK-8290908: misc tests fail: assert(!thread->owns_locks()) failed: must release all locks when leaving VM + - JDK-8290920: sspi_bridge.dll not built if BUILD_CRYPTO is false + - JDK-8291456: com/sun/jdi/ClassUnloadEventTest.java failed with: Wrong number of class unload events: expected 10 got 4 + - JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*) + - JDK-8291599: Assertion in PhaseIdealLoop::skeleton_predicate_has_opaque after JDK-8289127 + - JDK-8291650: Add delay to ClassUnloadEventTest before exiting to give time for JVM to send all events before VMDeath + - JDK-8291775: C2: assert(r != __null && r->is_Region()) failed: this phi must have a region + - JDK-8292083: Detected container memory limit may exceed physical machine memory + - JDK-8292158: AES-CTR cipher state corruption with AVX-512 + - JDK-8292385: assert(ctrl == kit.control()) failed: Control flow was added although the intrinsic bailed out + - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory + - JDK-8292586: simplify cleanups in NTLMAuthSequence getCredentialsHandle + - JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update + - JDK-8292695: SIGQUIT and jcmd attaching mechanism does not work with signal chaining library + - JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free + - JDK-8292816: GPL Classpath exception missing from assemblyprefix.h + - JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures + - JDK-8292879: com/sun/jdi/ClassUnloadEventTest.java failed due to classes not unloading + - JDK-8292880: Improve debuggee logging for com/sun/jdi/ClassUnloadEventTest.java + - JDK-8292888: Bump update version for OpenJDK: jdk-17.0.6 + - JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform + - JDK-8292903: enhance round_up_power_of_2 assertion output + - JDK-8293010: JDI ObjectReference/referringObjects/referringObjects001 fails: assert(env->is_enabled(JVMTI_EVENT_OBJECT_FREE)) failed: checking + - JDK-8293044: C1: Missing access check on non-accessible class + - JDK-8293232: Fix race condition in pkcs11 SessionManager + - JDK-8293319: [C2 cleanup] Remove unused other_path arg in Parse::adjust_map_after_if + - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present + - JDK-8293489: Accept CAs with BasicConstraints without pathLenConstraint + - JDK-8293535: jdk/javadoc/doclet/testJavaFX/TestJavaFxMode.java fail with jfx + - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts + - JDK-8293550: Optionally add get-task-allow entitlement to macos binaries + - JDK-8293578: Duplicate ldc generated by javac + - JDK-8293657: sun/management/jmxremote/bootstrap/RmiBootstrapTest.java#id1 failed with "SSLHandshakeException: Remote host terminated the handshake" + - JDK-8293659: Improve UnsatisfiedLinkError error message to include dlopen error details + - JDK-8293672: Update freetype md file + - JDK-8293701: jdeps InverseDepsAnalyzer runs into NoSuchElementException: No value present + - JDK-8293808: mscapi destroyKeyContainer enhance KeyStoreException: Access is denied exception + - JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation + - JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent + - JDK-8293826: Closed test fails after JDK-8276108 on aarch64 + - JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening + - JDK-8293834: Update CLDR data following tzdata 2022c update + - JDK-8293891: gc/g1/mixedgc/TestOldGenCollectionUsage.java (still) assumes that GCs take 1ms minimum + - JDK-8293965: Code signing warnings after JDK-8293550 + - JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC + - JDK-8294307: ISO 4217 Amendment 173 Update + - JDK-8294310: compare.sh fails on macos after JDK-8293550 + - JDK-8294357: (tz) Update Timezone Data to 2022d + - JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode + - JDK-8294740: Add cgroups keyword to TestDockerBasic.java + - JDK-8294837: unify Windows 2019 version check in os_windows and java_props_md + - JDK-8294840: langtools OptionalDependencyTest.java use File.pathSeparator + - JDK-8295173: (tz) Update Timezone Data to 2022e + - JDK-8295288: Some vm_flags tests associate with a wrong BugID + - JDK-8295405: Add cause in a couple of IllegalArgumentException and InvalidParameterException shown by sun/security/pkcs11 tests + - JDK-8295412: support latest VS2022 MSC_VER in abstract_vm_version.cpp + - JDK-8295419: JFR: Change name of jdk.JitRestart + - JDK-8295429: Update harfbuzz md file + - JDK-8295469: S390X: Optimized builds are broken + - JDK-8295554: Move the "sizecalc.h" to the correct location + - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev + - JDK-8295714: GHA ::set-output is deprecated and will be removed + - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error + - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor + - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 + - JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + - JDK-8296108: (tz) Update Timezone Data to 2022f + - JDK-8296239: ISO 4217 Amendment 174 Update + - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing + - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException + - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation + - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent + - JDK-8296715: CLDR v42 update for tzdata 2022f + - JDK-8296733: JFR: File Read event for RandomAccessFile::write(byte[]) is incorrect + - JDK-8296945: PublicMethodsTest is slow due to dependency verification with debug builds + - JDK-8296956: [JVMCI] HotSpotResolvedJavaFieldImpl.getIndex returns wrong value + - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 + - JDK-8296958: [JVMCI] add API for retrieving ConstantValue attributes + - JDK-8296960: [JVMCI] list HotSpotConstantPool.loadReferencedType to ConstantPool + - JDK-8296961: [JVMCI] Access to j.l.r.Method/Constructor/Field for ResolvedJavaMethod/ResolvedJavaField + - JDK-8296967: [JVMCI] rationalize relationship between getCodeSize and getCode in ResolvedJavaMethod + - JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used + - JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails again + - JDK-8297241: Update sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java + - JDK-8297309: Memory leak in ShenandoahFullGC + - JDK-8297481: Create a regression test for JDK-4424517 + - JDK-8297530: java.lang.IllegalArgumentException: Negative length on strings concatenation + - JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run + - JDK-8297656: AArch64: Enable AES/GCM Intrinsics + - JDK-8297804: (tz) Update Timezone Data to 2022g + - JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6 + - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java + +Notes on individual issues: +=========================== + +client-libs/javax.imageio: + +JDK-8295687: Better BMP bounds +============================== +Loading a linked ICC profile within a BMP image is now disabled by +default. To re-enable it, set the new system property +`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property +replaces the old property, +`sun.imageio.plugins.bmp.disableLinkedProfiles`. + +client-libs/javax.sound: + +JDK-8293742: Better Banking of Sounds +===================================== +Previously, the SoundbankReader implementation, +`com.sun.media.sound.JARSoundbankReader`, would download a JAR +soundbank from a URL. This behaviour is now disabled by default. To +re-enable it, set the new system property `jdk.sound.jarsoundbank` to +`true`. + +security-libs/java.security: + +JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set +========================================================================================================== +Back in OpenJDK 9, JDK-8015081 changed the Set implementation used to +hold principals and credentials so that it rejected null +values. Attempts to call add(null), contains(null) or remove(null) +were changed to throw a NullPointerException. + +However, the logout() methods in the LoginModule implementations +within the JDK were not updated to check for null values, which may +occur in the event of a failed login. As a result, a logout() call may +throw a NullPointerException. + +The LoginModule implementations have now been updated with such checks +and an implementation note added to the specification to suggest that +the same change is made in third party modules. Developers of third +party modules are advised to verify that their logout() method does not +throw a NullPointerException. + +security-libs/javax.net.ssl: + +JDK-8287411: Enhance DTLS performance +===================================== +The JDK now exchanges DTLS cookies for all handshakes, new and +resumed. The previous behaviour can be re-enabled by setting the new +system property `jdk.tls.enableDtlsResumeCookie` to `false`. + New in release OpenJDK 17.0.5 (2022-10-18): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/TestTranslations.java b/SOURCES/TestTranslations.java index dbea417..d87647a 100644 --- a/SOURCES/TestTranslations.java +++ b/SOURCES/TestTranslations.java @@ -30,7 +30,7 @@ import java.util.TimeZone; public class TestTranslations { - private static Map KYIV; + private static Map KYIV, CIUDAD_JUAREZ; static { Map map = new HashMap(); @@ -44,6 +44,18 @@ public class TestTranslations { "Osteurop\u00e4ische Sommerzeit", "OESZ", "OESZ", "Osteurop\u00e4ische Zeit", "OEZ", "OEZ"}); KYIV = Collections.unmodifiableMap(map); + + map = new HashMap(); + map.put(Locale.US, new String[] { "Mountain Standard Time", "MST", "MST", + "Mountain Daylight Time", "MDT", "MDT", + "Mountain Time", "MT", "MT"}); + map.put(Locale.FRANCE, new String[] { "heure normale des Rocheuses", "UTC\u221207:00", "MST", + "heure d\u2019\u00e9t\u00e9 des Rocheuses", "UTC\u221206:00", "MDT", + "heure des Rocheuses", "UTC\u221207:00", "MT"}); + map.put(Locale.GERMANY, new String[] { "Rocky Mountain-Normalzeit", "GMT-07:00", "MST", + "Rocky-Mountain-Sommerzeit", "GMT-06:00", "MDT", + "Rocky-Mountain-Zeit", "GMT-07:00", "MT"}); + CIUDAD_JUAREZ = Collections.unmodifiableMap(map); } @@ -53,7 +65,6 @@ public class TestTranslations { System.exit(1); } - String localeProvider = args[0]; System.out.println("Checking sanity of full zone string set..."); boolean invalid = Arrays.stream(Locale.getAvailableLocales()) .peek(l -> System.out.println("Locale: " + l)) @@ -68,9 +79,18 @@ public class TestTranslations { System.exit(2); } - for (Locale l : KYIV.keySet()) { - String[] expected = KYIV.get(l); - for (String id : new String[] { "Europe/Kiev", "Europe/Kyiv", "Europe/Uzhgorod", "Europe/Zaporozhye" }) { + String localeProvider = args[0]; + testZone(localeProvider, KYIV, + new String[] { "Europe/Kiev", "Europe/Kyiv", "Europe/Uzhgorod", "Europe/Zaporozhye" }); + testZone(localeProvider, CIUDAD_JUAREZ, + new String[] { "America/Cambridge_Bay", "America/Ciudad_Juarez" }); + } + + private static void testZone(String localeProvider, Map exp, String[] ids) { + for (Locale l : exp.keySet()) { + String[] expected = exp.get(l); + System.out.printf("Expected values for %s are %s\n", l, Arrays.toString(expected)); + for (String id : ids) { String expectedShortStd = null; String expectedShortDST = null; String expectedShortGen = null; @@ -124,7 +144,7 @@ public class TestTranslations { } if (!expected[6].equals(longGen)) { - System.err.printf("Long standard display name for %s in %s was %s, expected %s\n", + System.err.printf("Long generic display name for %s in %s was %s, expected %s\n", id, l, longGen, expected[6]); System.exit(8); } diff --git a/SOURCES/fips-17u-0bd5ca9ccc5.patch b/SOURCES/fips-17u-257d544b594.patch similarity index 92% rename from SOURCES/fips-17u-0bd5ca9ccc5.patch rename to SOURCES/fips-17u-257d544b594.patch index 86fb1ab..6c03d6f 100644 --- a/SOURCES/fips-17u-0bd5ca9ccc5.patch +++ b/SOURCES/fips-17u-257d544b594.patch @@ -1,9 +1,33 @@ +diff --git a/make/autoconf/build-aux/pkg.m4 b/make/autoconf/build-aux/pkg.m4 +index 5f4b22bb27f..1ca9f5b8ffe 100644 +--- a/make/autoconf/build-aux/pkg.m4 ++++ b/make/autoconf/build-aux/pkg.m4 +@@ -179,3 +179,19 @@ else + ifelse([$3], , :, [$3]) + fi[]dnl + ])# PKG_CHECK_MODULES ++ ++dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, ++dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) ++dnl ------------------------------------------- ++dnl Since: 0.28 ++dnl ++dnl Retrieves the value of the pkg-config variable for the given module. ++AC_DEFUN([PKG_CHECK_VAR], ++[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl ++AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl ++ ++_PKG_CONFIG([$1], [variable="][$3]["], [$2]) ++AS_VAR_COPY([$1], [pkg_cv_][$1]) ++ ++AS_VAR_IF([$1], [""], [$5], [$4])dnl ++])dnl PKG_CHECK_VAR diff --git a/make/autoconf/lib-sysconf.m4 b/make/autoconf/lib-sysconf.m4 new file mode 100644 -index 00000000000..b2b1c1787da +index 00000000000..f48fc7f7e80 --- /dev/null +++ b/make/autoconf/lib-sysconf.m4 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,87 @@ +# +# Copyright (c) 2021, Red Hat, Inc. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. @@ -38,8 +62,10 @@ index 00000000000..b2b1c1787da + # + # Check for the NSS library + # ++ AC_MSG_CHECKING([for NSS library directory]) ++ PKG_CHECK_VAR(NSS_LIBDIR, nss, libdir, [AC_MSG_RESULT([$NSS_LIBDIR])], [AC_MSG_RESULT([not found])]) + -+ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)]) ++ AC_MSG_CHECKING([whether to link the system NSS library with the System Configurator (libsysconf)]) + + # default is not available + DEFAULT_SYSCONF_NSS=no @@ -87,6 +113,7 @@ index 00000000000..b2b1c1787da + fi + fi + AC_SUBST(USE_SYSCONF_NSS) ++ AC_SUBST(NSS_LIBDIR) +]) diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4 index a65d91ee974..a8f054c1397 100644 @@ -109,20 +136,43 @@ index a65d91ee974..a8f054c1397 100644 BASIC_JDKLIB_LIBS="" if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in -index c2c9c4adf3a..9d105b37acf 100644 +index d557549adb3..1cb44bd2595 100644 --- a/make/autoconf/spec.gmk.in +++ b/make/autoconf/spec.gmk.in -@@ -836,6 +836,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@ +@@ -840,6 +840,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@ # Libraries # +USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@ +NSS_LIBS:=@NSS_LIBS@ +NSS_CFLAGS:=@NSS_CFLAGS@ ++NSS_LIBDIR:=@NSS_LIBDIR@ + USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@ LCMS_CFLAGS:=@LCMS_CFLAGS@ LCMS_LIBS:=@LCMS_LIBS@ +diff --git a/make/modules/java.base/Gendata.gmk b/make/modules/java.base/Gendata.gmk +index 4b894eeae4a..51567071aa8 100644 +--- a/make/modules/java.base/Gendata.gmk ++++ b/make/modules/java.base/Gendata.gmk +@@ -98,3 +98,17 @@ $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS_JDK) $(GENDATA_JAVA_SECURITY_SRC) $(REST + TARGETS += $(GENDATA_JAVA_SECURITY) + + ################################################################################ ++ ++GENDATA_NSS_FIPS_CFG_SRC := $(TOPDIR)/src/java.base/share/conf/security/nss.fips.cfg.in ++GENDATA_NSS_FIPS_CFG := $(SUPPORT_OUTPUTDIR)/modules_conf/java.base/security/nss.fips.cfg ++ ++$(GENDATA_NSS_FIPS_CFG): $(GENDATA_NSS_FIPS_CFG_SRC) ++ $(call LogInfo, Generating nss.fips.cfg) ++ $(call MakeTargetDir) ++ $(call ExecuteWithLog, $(SUPPORT_OUTPUTDIR)/gensrc/java.base/_$(@F), \ ++ ( $(SED) -e 's:@NSS_LIBDIR@:$(NSS_LIBDIR):g' $< ) > $@ \ ++ ) ++ ++TARGETS += $(GENDATA_NSS_FIPS_CFG) ++ ++################################################################################ diff --git a/make/modules/java.base/Lib.gmk b/make/modules/java.base/Lib.gmk index 5658ff342e5..c8bc5bde1e1 100644 --- a/make/modules/java.base/Lib.gmk @@ -1771,7 +1821,7 @@ index f6d3638c3dd..a1ee182d913 100644 + } } diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java -index 63bb580eb3a..dbbf11bbb22 100644 +index 9faee9cae36..27f43550aa4 100644 --- a/src/java.base/share/classes/module-info.java +++ b/src/java.base/share/classes/module-info.java @@ -152,6 +152,8 @@ module java.base { @@ -2193,18 +2243,6 @@ index ca79f25cc44..225517ac69b 100644 addA(p, "AlgorithmParameters", "RSASSA-PSS", "sun.security.rsa.PSSParameters", null); } -diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java -index 6ffdfeda18d..82e896170f0 100644 ---- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java -+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java -@@ -32,6 +32,7 @@ import java.security.cert.*; - import java.util.*; - import java.util.concurrent.locks.ReentrantLock; - import javax.net.ssl.*; -+import jdk.internal.access.SharedSecrets; - import sun.security.action.GetPropertyAction; - import sun.security.provider.certpath.AlgorithmChecker; - import sun.security.validator.Validator; diff --git a/src/java.base/share/classes/sun/security/util/PBEUtil.java b/src/java.base/share/classes/sun/security/util/PBEUtil.java new file mode 100644 index 00000000000..dc8bc72fccb @@ -2509,7 +2547,7 @@ index 00000000000..dc8bc72fccb + } +} diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security -index 6d91e3f8e4e..f357b630460 100644 +index 63be286686d..b0a589c3fb4 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -79,6 +79,16 @@ security.provider.tbd=Apple @@ -2529,7 +2567,7 @@ index 6d91e3f8e4e..f357b630460 100644 # # A list of preferred providers for specific algorithms. These providers will # be searched for matching algorithms before the list of registered providers. -@@ -289,6 +299,11 @@ policy.ignoreIdentityScope=false +@@ -289,6 +299,47 @@ policy.ignoreIdentityScope=false # keystore.type=pkcs12 @@ -2537,11 +2575,47 @@ index 6d91e3f8e4e..f357b630460 100644 +# Default keystore type used when global crypto-policies are set to FIPS. +# +fips.keystore.type=pkcs12 ++ ++# ++# Location of the NSS DB keystore (PKCS11) in FIPS mode. ++# ++# The syntax for this property is identical to the 'nssSecmodDirectory' ++# attribute available in the SunPKCS11 NSS configuration file. Use the ++# 'sql:' prefix to refer to an SQLite DB. ++# ++# If the system property fips.nssdb.path is also specified, it supersedes ++# the security property value defined here. ++# ++# Note: the default value for this property points to an NSS DB that might be ++# readable by multiple operating system users and unsuitable to store keys. ++# ++fips.nssdb.path=sql:/etc/pki/nssdb ++ ++# ++# PIN for the NSS DB keystore (PKCS11) in FIPS mode. ++# ++# Values must take any of the following forms: ++# 1) pin: ++# Value: clear text PIN value. ++# 2) env: ++# Value: environment variable containing the PIN value. ++# 3) file: ++# Value: path to a file containing the PIN value in its first ++# line. ++# ++# If the system property fips.nssdb.pin is also specified, it supersedes ++# the security property value defined here. ++# ++# When used as a system property, UTF-8 encoded values are valid. When ++# used as a security property (such as in this file), encode non-Basic ++# Latin Unicode characters with \uXXXX. ++# ++fips.nssdb.pin=pin: + # # Controls compatibility mode for JKS and PKCS12 keystore types. # -@@ -326,6 +341,13 @@ package.definition=sun.misc.,\ +@@ -326,6 +377,13 @@ package.definition=sun.misc.,\ # security.overridePropertiesFile=true @@ -2555,8 +2629,22 @@ index 6d91e3f8e4e..f357b630460 100644 # # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. +diff --git a/src/java.base/share/conf/security/nss.fips.cfg.in b/src/java.base/share/conf/security/nss.fips.cfg.in +new file mode 100644 +index 00000000000..55bbba98b7a +--- /dev/null ++++ b/src/java.base/share/conf/security/nss.fips.cfg.in +@@ -0,0 +1,8 @@ ++name = NSS-FIPS ++nssLibraryDirectory = @NSS_LIBDIR@ ++nssSecmodDirectory = ${fips.nssdb.path} ++nssDbMode = readWrite ++nssModule = fips ++ ++attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true } ++ diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy -index b22f26947af..3ee2ce6ea88 100644 +index b22f26947af..02bea84e210 100644 --- a/src/java.base/share/lib/security/default.policy +++ b/src/java.base/share/lib/security/default.policy @@ -121,6 +121,7 @@ grant codeBase "jrt:/jdk.charsets" { @@ -2575,6 +2663,15 @@ index b22f26947af..3ee2ce6ea88 100644 permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"; permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; +@@ -140,6 +142,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" { + permission java.util.PropertyPermission "os.name", "read"; + permission java.util.PropertyPermission "os.arch", "read"; + permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; ++ permission java.util.PropertyPermission "fips.nssdb.path", "read,write"; ++ permission java.util.PropertyPermission "fips.nssdb.pin", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c new file mode 100644 index 00000000000..ddf9befe5bc @@ -2819,10 +2916,10 @@ index 00000000000..ddf9befe5bc +#endif diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java new file mode 100644 -index 00000000000..8cfa2734d4e +index 00000000000..d3f0bffb821 --- /dev/null +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java -@@ -0,0 +1,461 @@ +@@ -0,0 +1,457 @@ +/* + * Copyright (c) 2021, Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. @@ -2897,9 +2994,6 @@ index 00000000000..8cfa2734d4e + private static volatile Provider sunECProvider = null; + private static final ReentrantLock sunECProviderLock = new ReentrantLock(); + -+ private static volatile KeyFactory DHKF = null; -+ private static final ReentrantLock DHKFLock = new ReentrantLock(); -+ + static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes) + throws PKCS11Exception { + long keyID = -1; @@ -3144,8 +3238,7 @@ index 00000000000..8cfa2734d4e + CKA_PRIVATE_EXPONENT, CKA_PRIME_1, CKA_PRIME_2, + CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT); + RSAPrivateKey rsaPKey = RSAPrivateCrtKeyImpl.newKey( -+ RSAUtil.KeyType.RSA, "PKCS#8", plainExportedKey -+ ); ++ RSAUtil.KeyType.RSA, "PKCS#8", plainExportedKey); + CK_ATTRIBUTE attr; + if ((attr = sensitiveAttrs.get(CKA_PRIVATE_EXPONENT)) != null) { + attr.pValue = rsaPKey.getPrivateExponent().toByteArray(); @@ -3284,6 +3377,162 @@ index 00000000000..8cfa2734d4e + } + } +} +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java +new file mode 100644 +index 00000000000..f8d505ca815 +--- /dev/null ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java +@@ -0,0 +1,149 @@ ++/* ++ * Copyright (c) 2022, Red Hat, Inc. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.security.pkcs11; ++ ++import java.io.BufferedReader; ++import java.io.ByteArrayInputStream; ++import java.io.InputStream; ++import java.io.InputStreamReader; ++import java.io.IOException; ++import java.nio.charset.StandardCharsets; ++import java.nio.file.Files; ++import java.nio.file.Path; ++import java.nio.file.Paths; ++import java.nio.file.StandardOpenOption; ++import java.security.ProviderException; ++ ++import javax.security.auth.callback.Callback; ++import javax.security.auth.callback.CallbackHandler; ++import javax.security.auth.callback.PasswordCallback; ++import javax.security.auth.callback.UnsupportedCallbackException; ++ ++import sun.security.util.Debug; ++import sun.security.util.SecurityProperties; ++ ++final class FIPSTokenLoginHandler implements CallbackHandler { ++ ++ private static final String FIPS_NSSDB_PIN_PROP = "fips.nssdb.pin"; ++ ++ private static final Debug debug = Debug.getInstance("sunpkcs11"); ++ ++ public void handle(Callback[] callbacks) ++ throws IOException, UnsupportedCallbackException { ++ if (!(callbacks[0] instanceof PasswordCallback)) { ++ throw new UnsupportedCallbackException(callbacks[0]); ++ } ++ PasswordCallback pc = (PasswordCallback)callbacks[0]; ++ pc.setPassword(getFipsNssdbPin()); ++ } ++ ++ private static char[] getFipsNssdbPin() throws ProviderException { ++ if (debug != null) { ++ debug.println("FIPS: Reading NSS DB PIN for token..."); ++ } ++ String pinProp = SecurityProperties ++ .privilegedGetOverridable(FIPS_NSSDB_PIN_PROP); ++ if (pinProp != null && !pinProp.isEmpty()) { ++ String[] pinPropParts = pinProp.split(":", 2); ++ if (pinPropParts.length < 2) { ++ throw new ProviderException("Invalid " + FIPS_NSSDB_PIN_PROP + ++ " property value."); ++ } ++ String prefix = pinPropParts[0].toLowerCase(); ++ String value = pinPropParts[1]; ++ String pin = null; ++ if (prefix.equals("env")) { ++ if (debug != null) { ++ debug.println("FIPS: PIN value from the '" + value + ++ "' environment variable."); ++ } ++ pin = System.getenv(value); ++ } else if (prefix.equals("file")) { ++ if (debug != null) { ++ debug.println("FIPS: PIN value from the '" + value + ++ "' file."); ++ } ++ pin = getPinFromFile(Paths.get(value)); ++ } else if (prefix.equals("pin")) { ++ if (debug != null) { ++ debug.println("FIPS: PIN value from the " + ++ FIPS_NSSDB_PIN_PROP + " property."); ++ } ++ pin = value; ++ } else { ++ throw new ProviderException("Unsupported prefix for " + ++ FIPS_NSSDB_PIN_PROP + "."); ++ } ++ if (pin != null && !pin.isEmpty()) { ++ if (debug != null) { ++ debug.println("FIPS: non-empty PIN."); ++ } ++ /* ++ * C_Login in libj2pkcs11 receives the PIN in a char[] and ++ * discards the upper byte of each char, before passing ++ * the value to the NSS Software Token. However, the ++ * NSS Software Token accepts any UTF-8 PIN value. Thus, ++ * expand the PIN here to account for later truncation. ++ */ ++ byte[] pinUtf8 = pin.getBytes(StandardCharsets.UTF_8); ++ char[] pinChar = new char[pinUtf8.length]; ++ for (int i = 0; i < pinChar.length; i++) { ++ pinChar[i] = (char)(pinUtf8[i] & 0xFF); ++ } ++ return pinChar; ++ } ++ } ++ if (debug != null) { ++ debug.println("FIPS: empty PIN."); ++ } ++ return null; ++ } ++ ++ /* ++ * This method extracts the token PIN from the first line of a password ++ * file in the same way as NSS modutil. See for example the -newpwfile ++ * argument used to change the password for an NSS DB. ++ */ ++ private static String getPinFromFile(Path f) throws ProviderException { ++ try (InputStream is = ++ Files.newInputStream(f, StandardOpenOption.READ)) { ++ /* ++ * SECU_FilePasswd in NSS (nss/cmd/lib/secutil.c), used by modutil, ++ * reads up to 4096 bytes. In addition, the NSS Software Token ++ * does not accept PINs longer than 500 bytes (see SFTK_MAX_PIN ++ * in nss/lib/softoken/pkcs11i.h). ++ */ ++ BufferedReader in = ++ new BufferedReader(new InputStreamReader( ++ new ByteArrayInputStream(is.readNBytes(4096)), ++ StandardCharsets.UTF_8)); ++ return in.readLine(); ++ } catch (IOException ioe) { ++ throw new ProviderException("Error reading " + FIPS_NSSDB_PIN_PROP + ++ " from the '" + f + "' file.", ioe); ++ } ++ } ++} +\ No newline at end of file diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java index 9b69072280e..5696b904979 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java @@ -3597,7 +3846,7 @@ index 00000000000..ae4262703e6 + +} diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java -index c98960f7fcc..c14319a5356 100644 +index 8d1b8ccb0ae..950ed20cf62 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java @@ -31,6 +31,7 @@ import java.security.*; @@ -3608,7 +3857,7 @@ index c98960f7fcc..c14319a5356 100644 import javax.crypto.spec.*; import static sun.security.pkcs11.TemplateManager.*; -@@ -193,6 +194,128 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { +@@ -194,6 +195,128 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { return p11Key; } @@ -3737,7 +3986,7 @@ index c98960f7fcc..c14319a5356 100644 static void fixDESParity(byte[] key, int offset) { for (int i = 0; i < 8; i++) { int b = key[offset] & 0xfe; -@@ -319,6 +442,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { +@@ -320,6 +443,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { keySpec = new SecretKeySpec(keyBytes, "DESede"); return engineGenerateSecret(keySpec); } @@ -3747,7 +3996,7 @@ index c98960f7fcc..c14319a5356 100644 } throw new InvalidKeySpecException ("Unsupported spec: " + keySpec.getClass().getName()); -@@ -372,6 +498,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { +@@ -373,6 +499,9 @@ final class P11SecretKeyFactory extends SecretKeyFactorySpi { // see JCE spec protected SecretKey engineTranslateKey(SecretKey key) throws InvalidKeyException { @@ -3880,7 +4129,7 @@ index 262cfc062ad..72b64f72c0a 100644 Provider p = sun; if (p == null) { diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java -index 112b639aa96..3e170b4c115 100644 +index aa35e8fa668..1855e5631bd 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -26,6 +26,9 @@ @@ -3893,7 +4142,7 @@ index 112b639aa96..3e170b4c115 100644 import java.util.*; import java.security.*; -@@ -42,6 +45,7 @@ import javax.security.auth.callback.PasswordCallback; +@@ -42,10 +45,12 @@ import javax.security.auth.callback.PasswordCallback; import com.sun.crypto.provider.ChaCha20Poly1305Parameters; @@ -3901,7 +4150,12 @@ index 112b639aa96..3e170b4c115 100644 import jdk.internal.misc.InnocuousThread; import sun.security.util.Debug; import sun.security.util.ResourcesMgr; -@@ -62,6 +66,37 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.*; + import static sun.security.util.SecurityConstants.PROVIDER_VER; ++import sun.security.util.SecurityProperties; + import static sun.security.util.SecurityProviderConstants.getAliases; + + import sun.security.pkcs11.Secmod.*; +@@ -62,6 +67,39 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.*; */ public final class SunPKCS11 extends AuthProvider { @@ -3935,11 +4189,43 @@ index 112b639aa96..3e170b4c115 100644 + fipsImportKey = fipsImportKeyTmp; + fipsExportKey = fipsExportKeyTmp; + } ++ ++ private static final String FIPS_NSSDB_PATH_PROP = "fips.nssdb.path"; + private static final long serialVersionUID = -1354835039035306505L; static final Debug debug = Debug.getInstance("sunpkcs11"); -@@ -320,10 +355,19 @@ public final class SunPKCS11 extends AuthProvider { +@@ -115,6 +153,29 @@ public final class SunPKCS11 extends AuthProvider { + return AccessController.doPrivileged(new PrivilegedExceptionAction<>() { + @Override + public SunPKCS11 run() throws Exception { ++ if (systemFipsEnabled) { ++ /* ++ * The nssSecmodDirectory attribute in the SunPKCS11 ++ * NSS configuration file takes the value of the ++ * fips.nssdb.path System property after expansion. ++ * Security properties expansion is unsupported. ++ */ ++ String nssdbPath = ++ SecurityProperties.privilegedGetOverridable( ++ FIPS_NSSDB_PATH_PROP); ++ if (System.getSecurityManager() != null) { ++ AccessController.doPrivileged( ++ (PrivilegedAction) () -> { ++ System.setProperty( ++ FIPS_NSSDB_PATH_PROP, ++ nssdbPath); ++ return null; ++ }); ++ } else { ++ System.setProperty( ++ FIPS_NSSDB_PATH_PROP, nssdbPath); ++ } ++ } + return new SunPKCS11(new Config(newConfigName)); + } + }); +@@ -320,10 +381,19 @@ public final class SunPKCS11 extends AuthProvider { // request multithreaded access first initArgs.flags = CKF_OS_LOCKING_OK; PKCS11 tmpPKCS11; @@ -3960,7 +4246,7 @@ index 112b639aa96..3e170b4c115 100644 } catch (PKCS11Exception e) { if (debug != null) { debug.println("Multi-threaded initialization failed: " + e); -@@ -339,11 +383,12 @@ public final class SunPKCS11 extends AuthProvider { +@@ -339,11 +409,12 @@ public final class SunPKCS11 extends AuthProvider { initArgs.flags = 0; } tmpPKCS11 = PKCS11.getInstance(library, @@ -3975,32 +4261,7 @@ index 112b639aa96..3e170b4c115 100644 if (p11Info.cryptokiVersion.major < 2) { throw new ProviderException("Only PKCS#11 v2.0 and later " + "supported, library version is v" + p11Info.cryptokiVersion); -@@ -379,6 +424,24 @@ public final class SunPKCS11 extends AuthProvider { - if (nssModule != null) { - nssModule.setProvider(this); - } -+ if (systemFipsEnabled) { -+ // The NSS Software Token in FIPS 140-2 mode requires a user -+ // login for most operations. See sftk_fipsCheck. The NSS DB -+ // (/etc/pki/nssdb) PIN is empty. -+ Session session = null; -+ try { -+ session = token.getOpSession(); -+ p11.C_Login(session.id(), CKU_USER, new char[] {}); -+ } catch (PKCS11Exception p11e) { -+ if (debug != null) { -+ debug.println("Error during token login: " + -+ p11e.getMessage()); -+ } -+ throw p11e; -+ } finally { -+ token.releaseSession(session); -+ } -+ } - } catch (Exception e) { - if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) { - throw new UnsupportedOperationException -@@ -417,14 +480,19 @@ public final class SunPKCS11 extends AuthProvider { +@@ -417,14 +488,19 @@ public final class SunPKCS11 extends AuthProvider { final String className; final List aliases; final int[] mechanisms; @@ -4021,7 +4282,7 @@ index 112b639aa96..3e170b4c115 100644 } private P11Service service(Token token, int mechanism) { return new P11Service -@@ -458,18 +526,29 @@ public final class SunPKCS11 extends AuthProvider { +@@ -458,18 +534,29 @@ public final class SunPKCS11 extends AuthProvider { private static void d(String type, String algorithm, String className, int[] m) { @@ -4054,7 +4315,7 @@ index 112b639aa96..3e170b4c115 100644 } private static void register(Descriptor d) { -@@ -525,6 +604,7 @@ public final class SunPKCS11 extends AuthProvider { +@@ -525,6 +612,7 @@ public final class SunPKCS11 extends AuthProvider { String P11Cipher = "sun.security.pkcs11.P11Cipher"; String P11RSACipher = "sun.security.pkcs11.P11RSACipher"; String P11AEADCipher = "sun.security.pkcs11.P11AEADCipher"; @@ -4062,7 +4323,7 @@ index 112b639aa96..3e170b4c115 100644 String P11Signature = "sun.security.pkcs11.P11Signature"; String P11PSSSignature = "sun.security.pkcs11.P11PSSSignature"; -@@ -587,6 +667,30 @@ public final class SunPKCS11 extends AuthProvider { +@@ -587,6 +675,30 @@ public final class SunPKCS11 extends AuthProvider { d(MAC, "SslMacSHA1", P11Mac, m(CKM_SSL3_SHA1_MAC)); @@ -4093,7 +4354,7 @@ index 112b639aa96..3e170b4c115 100644 d(KPG, "RSA", P11KeyPairGenerator, getAliases("PKCS1"), m(CKM_RSA_PKCS_KEY_PAIR_GEN)); -@@ -685,6 +789,66 @@ public final class SunPKCS11 extends AuthProvider { +@@ -685,6 +797,66 @@ public final class SunPKCS11 extends AuthProvider { d(SKF, "ChaCha20", P11SecretKeyFactory, m(CKM_CHACHA20_POLY1305)); @@ -4160,7 +4421,7 @@ index 112b639aa96..3e170b4c115 100644 // XXX attributes for Ciphers (supported modes, padding) dA(CIP, "ARCFOUR", P11Cipher, m(CKM_RC4)); -@@ -754,6 +918,46 @@ public final class SunPKCS11 extends AuthProvider { +@@ -754,6 +926,46 @@ public final class SunPKCS11 extends AuthProvider { d(CIP, "RSA/ECB/NoPadding", P11RSACipher, m(CKM_RSA_X_509)); @@ -4207,7 +4468,7 @@ index 112b639aa96..3e170b4c115 100644 d(SIG, "RawDSA", P11Signature, List.of("NONEwithDSA"), m(CKM_DSA)); -@@ -1144,9 +1348,21 @@ public final class SunPKCS11 extends AuthProvider { +@@ -1144,9 +1356,21 @@ public final class SunPKCS11 extends AuthProvider { if (ds == null) { continue; } @@ -4229,7 +4490,60 @@ index 112b639aa96..3e170b4c115 100644 supportedAlgs.put(d, integerMech); continue; } -@@ -1244,6 +1460,8 @@ public final class SunPKCS11 extends AuthProvider { +@@ -1220,11 +1444,52 @@ public final class SunPKCS11 extends AuthProvider { + } + + @Override ++ @SuppressWarnings("removal") + public Object newInstance(Object param) + throws NoSuchAlgorithmException { + if (token.isValid() == false) { + throw new NoSuchAlgorithmException("Token has been removed"); + } ++ if (systemFipsEnabled && !token.fipsLoggedIn && ++ !getType().equals("KeyStore")) { ++ /* ++ * The NSS Software Token in FIPS 140-2 mode requires a ++ * user login for most operations. See sftk_fipsCheck ++ * (nss/lib/softoken/fipstokn.c). In case of a KeyStore ++ * service, let the caller perform the login with ++ * KeyStore::load. Keytool, for example, does this to pass a ++ * PIN from either the -srcstorepass or -deststorepass ++ * argument. In case of a non-KeyStore service, perform the ++ * login now with the PIN available in the fips.nssdb.pin ++ * property. ++ */ ++ try { ++ if (System.getSecurityManager() != null) { ++ try { ++ AccessController.doPrivileged( ++ (PrivilegedExceptionAction) () -> { ++ token.ensureLoggedIn(null); ++ return null; ++ }); ++ } catch (PrivilegedActionException pae) { ++ Exception e = pae.getException(); ++ if (e instanceof LoginException le) { ++ throw le; ++ } else if (e instanceof PKCS11Exception p11e) { ++ throw p11e; ++ } else { ++ throw new RuntimeException(e); ++ } ++ } ++ } else { ++ token.ensureLoggedIn(null); ++ } ++ } catch (PKCS11Exception | LoginException e) { ++ throw new ProviderException("FIPS: error during the Token" + ++ " login required for the " + getType() + ++ " service.", e); ++ } ++ } + try { + return newInstance0(param); + } catch (PKCS11Exception e) { +@@ -1244,6 +1509,8 @@ public final class SunPKCS11 extends AuthProvider { } else if (algorithm.endsWith("GCM/NoPadding") || algorithm.startsWith("ChaCha20-Poly1305")) { return new P11AEADCipher(token, algorithm, mechanism); @@ -4238,6 +4552,63 @@ index 112b639aa96..3e170b4c115 100644 } else { return new P11Cipher(token, algorithm, mechanism); } +@@ -1579,6 +1846,9 @@ public final class SunPKCS11 extends AuthProvider { + try { + session = token.getOpSession(); + p11.C_Logout(session.id()); ++ if (systemFipsEnabled) { ++ token.fipsLoggedIn = false; ++ } + if (debug != null) { + debug.println("logout succeeded"); + } +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java +index 9858a5faedf..e63585486d9 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java +@@ -33,6 +33,7 @@ import java.lang.ref.*; + import java.security.*; + import javax.security.auth.login.LoginException; + ++import jdk.internal.access.SharedSecrets; + import sun.security.jca.JCAUtil; + + import sun.security.pkcs11.wrapper.*; +@@ -48,6 +49,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.*; + */ + class Token implements Serializable { + ++ private static final boolean systemFipsEnabled = SharedSecrets ++ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled(); ++ + // need to be serializable to allow SecureRandom to be serialized + private static final long serialVersionUID = 2541527649100571747L; + +@@ -114,6 +118,10 @@ class Token implements Serializable { + // flag indicating whether we are logged in + private volatile boolean loggedIn; + ++ // Flag indicating the login status for the NSS Software Token in FIPS mode. ++ // This Token is never asynchronously removed. Used from SunPKCS11. ++ volatile boolean fipsLoggedIn; ++ + // time we last checked login status + private long lastLoginCheck; + +@@ -232,7 +240,12 @@ class Token implements Serializable { + // call provider.login() if not + void ensureLoggedIn(Session session) throws PKCS11Exception, LoginException { + if (isLoggedIn(session) == false) { +- provider.login(null, null); ++ if (systemFipsEnabled) { ++ provider.login(null, new FIPSTokenLoginHandler()); ++ fipsLoggedIn = true; ++ } else { ++ provider.login(null, null); ++ } + } + } + diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java index 88ff8a71fc3..47a2f97eddf 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_ECDH1_DERIVE_PARAMS.java @@ -4877,7 +5248,7 @@ index 5c0aacd1a67..5fbf8addcba 100644 +} } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java -index d22844cfba8..9e02958b4b0 100644 +index 0d65ee26805..38fd4aff1f3 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11Constants.java @@ -1104,17 +1104,6 @@ public interface PKCS11Constants { @@ -4939,7 +5310,7 @@ index d22844cfba8..9e02958b4b0 100644 + /* (CKM_NSS + 32) */ = 0xCE534370L; } diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c -index 666c5eb9b3b..5523dafcdb4 100644 +index d941b574cc7..e2de13648be 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_convert.c @@ -1515,6 +1515,10 @@ CK_VOID_PTR jMechParamToCKMechParamPtrSlow(JNIEnv *env, jobject jParam, diff --git a/SOURCES/jdk8275535-rh2053256-ldap_auth.patch b/SOURCES/jdk8275535-rh2053256-ldap_auth.patch deleted file mode 100644 index 51bd6d2..0000000 --- a/SOURCES/jdk8275535-rh2053256-ldap_auth.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -index 70903206ea0..09956084cf9 100644 ---- openjdk.orig/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -+++ openjdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java -@@ -189,6 +189,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor - ctx = getLdapCtxFromUrl( - r.getDomainName(), url, new LdapURL(u), env); - return ctx; -+ } catch (AuthenticationException e) { -+ // do not retry on a different endpoint to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - // try the next element - lastException = e; -@@ -241,6 +245,10 @@ public final class LdapCtxFactory implements ObjectFactory, InitialContextFactor - for (String u : urls) { - try { - return getUsingURL(u, env); -+ } catch (AuthenticationException e) { -+ // do not retry on a different URL to avoid blocking -+ // the user if authentication credentials are wrong. -+ throw e; - } catch (NamingException e) { - ex = e; - } diff --git a/SOURCES/jdk8293834-kyiv_cldr_update.patch b/SOURCES/jdk8293834-kyiv_cldr_update.patch deleted file mode 100644 index b8dda24..0000000 --- a/SOURCES/jdk8293834-kyiv_cldr_update.patch +++ /dev/null @@ -1,51 +0,0 @@ -diff --git a/make/data/cldr/common/bcp47/timezone.xml b/make/data/cldr/common/bcp47/timezone.xml -index 41ff6d236c8..e703020dcdd 100644 ---- a/make/data/cldr/common/bcp47/timezone.xml -+++ b/make/data/cldr/common/bcp47/timezone.xml -@@ -393,7 +393,7 @@ For terms of use, see http://www.unicode.org/copyright.html - - - -- -+ - - - -diff --git a/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java b/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java -index eb56c087ad6..e398af3c151 100644 ---- a/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java -+++ b/test/jdk/sun/util/resources/cldr/TimeZoneNamesTest.java -@@ -23,7 +23,7 @@ - - /* - * @test -- * @bug 8181157 8202537 8234347 8236548 8261279 -+ * @bug 8181157 8202537 8234347 8236548 8261279 8293834 - * @modules jdk.localedata - * @summary Checks CLDR time zone names are generated correctly at runtime - * @run testng/othervm -Djava.locale.providers=CLDR TimeZoneNamesTest -@@ -102,6 +102,24 @@ public class TimeZoneNamesTest { - "UTC+04:00", - "heure : Astrakhan", - "UTC+04:00"}, -+ {"Europe/Kyiv", Locale.US, "Eastern European Standard Time", -+ "GMT+02:00", -+ "Eastern European Summer Time", -+ "GMT+03:00", -+ "Eastern European Time", -+ "GMT+02:00"}, -+ {"Europe/Kyiv", Locale.FRANCE, "heure normale d\u2019Europe de l\u2019Est", -+ "UTC+02:00", -+ "heure d\u2019\u00e9t\u00e9 d\u2019Europe de l\u2019Est", -+ "UTC+03:00", -+ "heure d\u2019Europe de l\u2019Est", -+ "UTC+02:00"}, -+ {"Europe/Kyiv", Locale.GERMANY, "Osteurop\u00e4ische Normalzeit", -+ "OEZ", -+ "Osteurop\u00e4ische Sommerzeit", -+ "OESZ", -+ "Osteurop\u00e4ische Zeit", -+ "OEZ"}, - {"Europe/Saratov", Locale.US, "Saratov Standard Time", - "GMT+04:00", - "Saratov Daylight Time", diff --git a/SOURCES/jdk8294357-tzdata2022d.patch b/SOURCES/jdk8294357-tzdata2022d.patch deleted file mode 100644 index 9eb6727..0000000 --- a/SOURCES/jdk8294357-tzdata2022d.patch +++ /dev/null @@ -1,303 +0,0 @@ -commit 3d93fdc583ed1c03ecf355b64d41c5f5fe4c07ce -Author: Goetz Lindenmaier -Date: Wed Oct 5 07:13:43 2022 +0000 - - 8294357: (tz) Update Timezone Data to 2022d - - Backport-of: f01573368f905f27d26f1d07d9cfd26dcc736a54 - -diff --git a/make/data/tzdata/VERSION b/make/data/tzdata/VERSION -index decb8716b22..889d0e6dad7 100644 ---- a/make/data/tzdata/VERSION -+++ b/make/data/tzdata/VERSION -@@ -21,4 +21,4 @@ - # or visit www.oracle.com if you need additional information or have any - # questions. - # --tzdata2022c -+tzdata2022d -diff --git a/make/data/tzdata/asia b/make/data/tzdata/asia -index 3a150b0f36b..f9df7432947 100644 ---- a/make/data/tzdata/asia -+++ b/make/data/tzdata/asia -@@ -3398,10 +3398,6 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 - # The winter time in 2015 started on October 23 at 01:00. - # https://wafa.ps/ar_page.aspx?id=CgpCdYa670694628582aCgpCdY - # http://www.palestinecabinet.gov.ps/portal/meeting/details/27583 --# --# From Paul Eggert (2019-04-10): --# For now, guess spring-ahead transitions are at 00:00 on the Saturday --# preceding March's last Sunday (i.e., Sat>=24). - - # From P Chan (2021-10-18): - # http://wafa.ps/Pages/Details/34701 -@@ -3418,6 +3414,18 @@ Zone Asia/Karachi 4:28:12 - LMT 1907 - # From Heba Hamad (2022-03-10): - # summer time will begin in Palestine from Sunday 03-27-2022, 00:00 AM. - -+# From Heba Hamad (2022-08-30): -+# winter time will begin in Palestine from Saturday 10-29, 02:00 AM by -+# 60 minutes backwards. Also the state of Palestine adopted the summer -+# and winter time for the years: 2023,2024,2025,2026 ... -+# https://mm.icann.org/pipermail/tz/attachments/20220830/9f024566/Time-0001.pdf -+# (2022-08-31): ... the Saturday before the last Sunday in March and October -+# at 2:00 AM ,for the years from 2023 to 2026. -+# (2022-09-05): https://mtit.pna.ps/Site/New/1453 -+# -+# From Paul Eggert (2022-08-31): -+# For now, assume that this rule will also be used after 2026. -+ - # Rule NAME FROM TO - IN ON AT SAVE LETTER/S - Rule EgyptAsia 1957 only - May 10 0:00 1:00 S - Rule EgyptAsia 1957 1958 - Oct 1 0:00 0 - -@@ -3448,14 +3456,16 @@ Rule Palestine 2013 only - Sep 27 0:00 0 - - Rule Palestine 2014 only - Oct 24 0:00 0 - - Rule Palestine 2015 only - Mar 28 0:00 1:00 S - Rule Palestine 2015 only - Oct 23 1:00 0 - --Rule Palestine 2016 2018 - Mar Sat>=24 1:00 1:00 S --Rule Palestine 2016 2018 - Oct Sat>=24 1:00 0 - -+Rule Palestine 2016 2018 - Mar Sat<=30 1:00 1:00 S -+Rule Palestine 2016 2018 - Oct Sat<=30 1:00 0 - - Rule Palestine 2019 only - Mar 29 0:00 1:00 S --Rule Palestine 2019 only - Oct Sat>=24 0:00 0 - --Rule Palestine 2020 2021 - Mar Sat>=24 0:00 1:00 S -+Rule Palestine 2019 only - Oct Sat<=30 0:00 0 - -+Rule Palestine 2020 2021 - Mar Sat<=30 0:00 1:00 S - Rule Palestine 2020 only - Oct 24 1:00 0 - --Rule Palestine 2021 max - Oct Fri>=23 1:00 0 - --Rule Palestine 2022 max - Mar Sun>=25 0:00 1:00 S -+Rule Palestine 2021 only - Oct 29 1:00 0 - -+Rule Palestine 2022 only - Mar 27 0:00 1:00 S -+Rule Palestine 2022 max - Oct Sat<=30 2:00 0 - -+Rule Palestine 2023 max - Mar Sat<=30 2:00 1:00 S - - # Zone NAME STDOFF RULES FORMAT [UNTIL] - Zone Asia/Gaza 2:17:52 - LMT 1900 Oct -diff --git a/make/data/tzdata/backward b/make/data/tzdata/backward -index d4a29e8cf29..7765d99aedf 100644 ---- a/make/data/tzdata/backward -+++ b/make/data/tzdata/backward -@@ -113,6 +113,8 @@ Link Etc/UTC Etc/UCT - Link Europe/London Europe/Belfast - Link Europe/Kyiv Europe/Kiev - Link Europe/Chisinau Europe/Tiraspol -+Link Europe/Kyiv Europe/Uzhgorod -+Link Europe/Kyiv Europe/Zaporozhye - Link Europe/London GB - Link Europe/London GB-Eire - Link Etc/GMT GMT+0 -diff --git a/make/data/tzdata/europe b/make/data/tzdata/europe -index 879b5337536..accc845dbaf 100644 ---- a/make/data/tzdata/europe -+++ b/make/data/tzdata/europe -@@ -2638,10 +2638,14 @@ Zone Europe/Simferopol 2:16:24 - LMT 1880 - # From Alexander Krivenyshev (2014-03-17): - # time change at 2:00 (2am) on March 30, 2014 - # https://vz.ru/news/2014/3/17/677464.html --# From Paul Eggert (2014-03-30): --# Simferopol and Sevastopol reportedly changed their central town clocks --# late the previous day, but this appears to have been ceremonial --# and the discrepancies are small enough to not worry about. -+# From Tim Parenti (2022-07-01), per Paul Eggert (2014-03-30): -+# The clocks at the railway station in Simferopol were put forward from 22:00 -+# to 24:00 the previous day in a "symbolic ceremony"; however, per -+# contemporaneous news reports, "ordinary Crimeans [made] the daylight savings -+# time switch at 2am" on Sunday. -+# https://www.business-standard.com/article/pti-stories/crimea-to-set-clocks-to-russia-time-114033000014_1.html -+# https://www.reuters.com/article/us-ukraine-crisis-crimea-time/crimea-switches-to-moscow-time-amid-incorporation-frenzy-idUKBREA2S0LT20140329 -+# https://www.bbc.com/news/av/world-europe-26806583 - 2:00 EU EE%sT 2014 Mar 30 2:00 - 4:00 - MSK 2014 Oct 26 2:00s - 3:00 - MSK -@@ -3774,8 +3778,8 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. - # US colleague David Cochrane) are still trying to get more - # information upon these local deviations from Kiev rules. - # --# From Paul Eggert (2022-02-08): --# For now, assume that Ukraine's other three zones followed the same rules, -+# From Paul Eggert (2022-08-27): -+# For now, assume that Ukraine's zones all followed the same rules, - # except that Crimea switched to Moscow time in 1994 as described elsewhere. - - # From Igor Karpov, who works for the Ukrainian Ministry of Justice, -@@ -3845,21 +3849,7 @@ Link Europe/Istanbul Asia/Istanbul # Istanbul is in both continents. - # * Ukrainian Government's Resolution of 20.03.1992, No. 139. - # http://www.uazakon.com/documents/date_8u/pg_grcasa.htm - --# From Paul Eggert (2022-04-12): --# As is usual in tzdb, Ukrainian zones use the most common English spellings. --# In particular, tzdb's name Europe/Kyiv uses the most common spelling in --# English for Ukraine's capital. Although tzdb's former name was Europe/Kiev, --# "Kyiv" is now more common due to widespread reporting of the current conflict. --# Conversely, tzdb continues to use the names Europe/Uzhgorod and --# Europe/Zaporozhye; this is similar to tzdb's use of Europe/Prague, which is --# certainly wrong as a transliteration of the Czech "Praha". --# English-language spelling of Ukrainian names is in flux, and --# some day "Uzhhorod" or "Zaporizhzhia" may become substantially more --# common in English; in the meantime, do not change these --# English spellings as that means less disruption for our users. -- - # Zone NAME STDOFF RULES FORMAT [UNTIL] --# This represents most of Ukraine. See above for the spelling of "Kyiv". - Zone Europe/Kyiv 2:02:04 - LMT 1880 - 2:02:04 - KMT 1924 May 2 # Kyiv Mean Time - 2:00 - EET 1930 Jun 21 -@@ -3869,34 +3859,6 @@ Zone Europe/Kyiv 2:02:04 - LMT 1880 - 2:00 1:00 EEST 1991 Sep 29 3:00 - 2:00 C-Eur EE%sT 1996 May 13 - 2:00 EU EE%sT --# Transcarpathia used CET 1990/1991. --# "Uzhhorod" is the transliteration of the Rusyn/Ukrainian pronunciation, but --# "Uzhgorod" is more common in English. --Zone Europe/Uzhgorod 1:29:12 - LMT 1890 Oct -- 1:00 - CET 1940 -- 1:00 C-Eur CE%sT 1944 Oct -- 1:00 1:00 CEST 1944 Oct 26 -- 1:00 - CET 1945 Jun 29 -- 3:00 Russia MSK/MSD 1990 -- 3:00 - MSK 1990 Jul 1 2:00 -- 1:00 - CET 1991 Mar 31 3:00 -- 2:00 - EET 1992 Mar 20 -- 2:00 C-Eur EE%sT 1996 May 13 -- 2:00 EU EE%sT --# Zaporozh'ye and eastern Lugansk oblasts observed DST 1990/1991. --# "Zaporizhzhia" is the transliteration of the Ukrainian name, but --# "Zaporozh'ye" is more common in English. Use the common English --# spelling, except omit the apostrophe as it is not allowed in --# portable Posix file names. --Zone Europe/Zaporozhye 2:20:40 - LMT 1880 -- 2:20 - +0220 1924 May 2 -- 2:00 - EET 1930 Jun 21 -- 3:00 - MSK 1941 Aug 25 -- 1:00 C-Eur CE%sT 1943 Oct 25 -- 3:00 Russia MSK/MSD 1991 Mar 31 2:00 -- 2:00 E-Eur EE%sT 1992 Mar 20 -- 2:00 C-Eur EE%sT 1996 May 13 -- 2:00 EU EE%sT - - # Vatican City - # See Europe/Rome. -diff --git a/make/data/tzdata/southamerica b/make/data/tzdata/southamerica -index 13ec081c7e0..3c0e0e2061c 100644 ---- a/make/data/tzdata/southamerica -+++ b/make/data/tzdata/southamerica -@@ -1332,8 +1332,14 @@ Zone America/Rio_Branco -4:31:12 - LMT 1914 - # for America/Santiago will start on midnight of September 11th; - # and will end on April 1st, 2023. Magallanes region (America/Punta_Arenas) - # will keep UTC -3 "indefinitely"... This is because on September 4th --# we will have a voting whether to approve a new Constitution.... --# https://www.interior.gob.cl/noticias/2022/08/09/comunicado-el-proximo-sabado-10-de-septiembre-los-relojes-se-deben-adelantar-una-hora/ -+# we will have a voting whether to approve a new Constitution. -+# -+# From Eduardo Romero Urra (2022-08-17): -+# https://www.diariooficial.interior.gob.cl/publicaciones/2022/08/13/43327/01/2172567.pdf -+# -+# From Paul Eggert (2022-08-17): -+# Although the presidential decree stops at fall 2026, assume that -+# similar DST rules will continue thereafter. - - # Rule NAME FROM TO - IN ON AT SAVE LETTER/S - Rule Chile 1927 1931 - Sep 1 0:00 1:00 - -diff --git a/make/data/tzdata/zone.tab b/make/data/tzdata/zone.tab -index 51b65fa273c..ee025196e50 100644 ---- a/make/data/tzdata/zone.tab -+++ b/make/data/tzdata/zone.tab -@@ -424,8 +424,6 @@ TV -0831+17913 Pacific/Funafuti - TW +2503+12130 Asia/Taipei - TZ -0648+03917 Africa/Dar_es_Salaam - UA +5026+03031 Europe/Kyiv Ukraine (most areas) --UA +4837+02218 Europe/Uzhgorod Transcarpathia --UA +4750+03510 Europe/Zaporozhye Zaporozhye and east Lugansk - UG +0019+03225 Africa/Kampala - UM +2813-17722 Pacific/Midway Midway Islands - UM +1917+16637 Pacific/Wake Wake Island -diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java -index 15c2f0d1275..6f6e190efcd 100644 ---- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java -+++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java -@@ -574,12 +574,8 @@ public final class ZoneInfoFile { - // we can then pass in the dom = -1, dow > 0 into ZoneInfo - // - // hacking, assume the >=24 is the result of ZRB optimization for -- // "last", it works for now. From tzdata2020d this hacking -- // will not work for Asia/Gaza and Asia/Hebron which follow -- // Palestine DST rules. -- if (dom < 0 || dom >= 24 && -- !(zoneId.equals("Asia/Gaza") || -- zoneId.equals("Asia/Hebron"))) { -+ // "last", it works for now. -+ if (dom < 0 || dom >= 24) { - params[1] = -1; - params[2] = toCalendarDOW[dow]; - } else { -@@ -601,7 +597,6 @@ public final class ZoneInfoFile { - params[7] = 0; - } else { - // hacking: see comment above -- // No need of hacking for Asia/Gaza and Asia/Hebron from tz2021e - if (dom < 0 || dom >= 24) { - params[6] = -1; - params[7] = toCalendarDOW[dow]; -diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION -index c32bee39fba..71470168456 100644 ---- a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION -+++ b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION -@@ -1 +1 @@ --tzdata2022c -+tzdata2022d -diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt b/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt -index a5e6428a3f5..e3ce742f887 100644 ---- a/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt -+++ b/test/jdk/java/util/TimeZone/TimeZoneData/aliases.txt -@@ -183,6 +183,8 @@ Link Etc/UTC Etc/UCT - Link Europe/London Europe/Belfast - Link Europe/Kyiv Europe/Kiev - Link Europe/Chisinau Europe/Tiraspol -+Link Europe/Kyiv Europe/Uzhgorod -+Link Europe/Kyiv Europe/Zaporozhye - Link Europe/London GB - Link Europe/London GB-Eire - Link Etc/GMT GMT+0 -diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt -index fc148537f1f..b3823958ae4 100644 ---- a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt -+++ b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt -@@ -163,11 +163,9 @@ Europe/Simferopol MSK - Europe/Sofia EET EEST - Europe/Tallinn EET EEST - Europe/Tirane CET CEST --Europe/Uzhgorod EET EEST - Europe/Vienna CET CEST - Europe/Vilnius EET EEST - Europe/Warsaw CET CEST --Europe/Zaporozhye EET EEST - Europe/Zurich CET CEST - HST HST - MET MET MEST -diff --git a/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java b/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java -index 7b50c342a0d..a7d14f1aa21 100644 ---- a/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java -+++ b/test/jdk/sun/util/calendar/zi/TestZoneInfo310.java -@@ -176,11 +176,12 @@ public class TestZoneInfo310 { - * save time in IANA tzdata. This bug is tracked via JDK-8223388. - * - * These are the zones/rules that employ negative DST in vanguard -- * format (as of 2019a): -+ * format (as of 2019a), Palestine added in 2022d: - * - * - Rule "Eire" - * - Rule "Morocco" - * - Rule "Namibia" -+ * - Rule "Palestine" - * - Zone "Europe/Prague" - * - * Tehran/Iran rule has rules beyond 2037, in which javazic assumes -@@ -196,6 +197,8 @@ public class TestZoneInfo310 { - zid.equals("Europe/Dublin") || // uses "Eire" rule - zid.equals("Europe/Prague") || - zid.equals("Asia/Tehran") || // last rule mismatch -+ zid.equals("Asia/Gaza") || // uses "Palestine" rule -+ zid.equals("Asia/Hebron") || // uses "Palestine" rule - zid.equals("Iran")) { // last rule mismatch - continue; - } diff --git a/SOURCES/jdk8295173-tzdata2022e.patch b/SOURCES/jdk8295173-tzdata2022e.patch deleted file mode 100644 index 8ffd2ee..0000000 --- a/SOURCES/jdk8295173-tzdata2022e.patch +++ /dev/null @@ -1,420 +0,0 @@ -commit d159a377e0243bd2c80593689fd7cd20b2b578f7 -Author: duke -Date: Fri Oct 14 03:37:19 2022 +0000 - - Backport 21407dec0156301871a83328615e4d975c4287c4 - -diff --git a/make/data/tzdata/VERSION b/make/data/tzdata/VERSION -index 889d0e6dad7..b8cb36e69f4 100644 ---- a/make/data/tzdata/VERSION -+++ b/make/data/tzdata/VERSION -@@ -21,4 +21,4 @@ - # or visit www.oracle.com if you need additional information or have any - # questions. - # --tzdata2022d -+tzdata2022e -diff --git a/make/data/tzdata/asia b/make/data/tzdata/asia -index f9df7432947..5b2337fd0b6 100644 ---- a/make/data/tzdata/asia -+++ b/make/data/tzdata/asia -@@ -2254,6 +2254,17 @@ Zone Asia/Tokyo 9:18:59 - LMT 1887 Dec 31 15:00u - # From the Arabic version, it seems to say it would be at midnight - # (assume 24:00) on the last Thursday in February, starting from 2022. - -+# From Issam Al-Zuwairi (2022-10-05): -+# The Council of Ministers in Jordan decided Wednesday 5th October 2022, -+# that daylight saving time (DST) will be throughout the year.... -+# -+# From Brian Inglis (2022-10-06): -+# https://petra.gov.jo/Include/InnerPage.jsp?ID=45567&lang=en&name=en_news -+# -+# From Paul Eggert (2022-10-05): -+# Like Syria, model this as a transition from EEST +03 (DST) to plain +03 -+# (non-DST) at the point where DST would otherwise have ended. -+ - # Rule NAME FROM TO - IN ON AT SAVE LETTER/S - Rule Jordan 1973 only - Jun 6 0:00 1:00 S - Rule Jordan 1973 1975 - Oct 1 0:00 0 - -@@ -2285,11 +2296,12 @@ Rule Jordan 2005 only - Sep lastFri 0:00s 0 - - Rule Jordan 2006 2011 - Oct lastFri 0:00s 0 - - Rule Jordan 2013 only - Dec 20 0:00 0 - - Rule Jordan 2014 2021 - Mar lastThu 24:00 1:00 S --Rule Jordan 2014 max - Oct lastFri 0:00s 0 - --Rule Jordan 2022 max - Feb lastThu 24:00 1:00 S -+Rule Jordan 2014 2022 - Oct lastFri 0:00s 0 - -+Rule Jordan 2022 only - Feb lastThu 24:00 1:00 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] - Zone Asia/Amman 2:23:44 - LMT 1931 -- 2:00 Jordan EE%sT -+ 2:00 Jordan EE%sT 2022 Oct 28 0:00s -+ 3:00 - +03 - - - # Kazakhstan -@@ -3838,19 +3850,27 @@ Rule Syria 2007 only - Nov Fri>=1 0:00 0 - - # Our brief summary: - # https://www.timeanddate.com/news/time/syria-dst-2012.html - --# From Arthur David Olson (2012-03-27): --# Assume last Friday in March going forward XXX. -+# From Steffen Thorsen (2022-10-05): -+# Syria is adopting year-round DST, starting this autumn.... -+# From https://www.enabbaladi.net/archives/607812 -+# "This [the decision] came after the weekly government meeting today, -+# Tuesday 4 October ..." -+# -+# From Paul Eggert (2022-10-05): -+# Like Jordan, model this as a transition from EEST +03 (DST) to plain +03 -+# (non-DST) at the point where DST would otherwise have ended. - - Rule Syria 2008 only - Apr Fri>=1 0:00 1:00 S - Rule Syria 2008 only - Nov 1 0:00 0 - - Rule Syria 2009 only - Mar lastFri 0:00 1:00 S - Rule Syria 2010 2011 - Apr Fri>=1 0:00 1:00 S --Rule Syria 2012 max - Mar lastFri 0:00 1:00 S --Rule Syria 2009 max - Oct lastFri 0:00 0 - -+Rule Syria 2012 2022 - Mar lastFri 0:00 1:00 S -+Rule Syria 2009 2022 - Oct lastFri 0:00 0 - - - # Zone NAME STDOFF RULES FORMAT [UNTIL] - Zone Asia/Damascus 2:25:12 - LMT 1920 # Dimashq -- 2:00 Syria EE%sT -+ 2:00 Syria EE%sT 2022 Oct 28 0:00 -+ 3:00 - +03 - - # Tajikistan - # From Shanks & Pottenger. -diff --git a/make/data/tzdata/europe b/make/data/tzdata/europe -index accc845dbaf..2832c4b9763 100644 ---- a/make/data/tzdata/europe -+++ b/make/data/tzdata/europe -@@ -3417,7 +3417,7 @@ Zone Europe/Madrid -0:14:44 - LMT 1901 Jan 1 0:00u - 0:00 Spain WE%sT 1940 Mar 16 23:00 - 1:00 Spain CE%sT 1979 - 1:00 EU CE%sT --Zone Africa/Ceuta -0:21:16 - LMT 1900 Dec 31 23:38:44 -+Zone Africa/Ceuta -0:21:16 - LMT 1901 Jan 1 0:00u - 0:00 - WET 1918 May 6 23:00 - 0:00 1:00 WEST 1918 Oct 7 23:00 - 0:00 - WET 1924 -diff --git a/make/data/tzdata/northamerica b/make/data/tzdata/northamerica -index 114cef14cce..ce4ee74582c 100644 ---- a/make/data/tzdata/northamerica -+++ b/make/data/tzdata/northamerica -@@ -462,7 +462,7 @@ Rule Chicago 1922 1966 - Apr lastSun 2:00 1:00 D - Rule Chicago 1922 1954 - Sep lastSun 2:00 0 S - Rule Chicago 1955 1966 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24 -+Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1920 - -6:00 Chicago C%sT 1936 Mar 1 2:00 - -5:00 - EST 1936 Nov 15 2:00 -@@ -471,7 +471,7 @@ Zone America/Chicago -5:50:36 - LMT 1883 Nov 18 12:09:24 - -6:00 Chicago C%sT 1967 - -6:00 US C%sT - # Oliver County, ND switched from mountain to central time on 1992-10-25. --Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48 -+Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 19:00u - -7:00 US M%sT 1992 Oct 25 2:00 - -6:00 US C%sT - # Morton County, ND, switched from mountain to central time on -@@ -481,7 +481,7 @@ Zone America/North_Dakota/Center -6:45:12 - LMT 1883 Nov 18 12:14:48 - # Jones, Mellette, and Todd Counties in South Dakota; - # but in practice these other counties were already observing central time. - # See . --Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21 -+Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 19:00u - -7:00 US M%sT 2003 Oct 26 2:00 - -6:00 US C%sT - -@@ -498,7 +498,7 @@ Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21 - # largest city in Mercer County). Google Maps places Beulah's city hall - # at 47° 15' 51" N, 101° 46' 40" W, which yields an offset of 6h47'07". - --Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 12:12:53 -+Zone America/North_Dakota/Beulah -6:47:07 - LMT 1883 Nov 18 19:00u - -7:00 US M%sT 2010 Nov 7 2:00 - -6:00 US C%sT - -@@ -530,7 +530,7 @@ Rule Denver 1921 only - May 22 2:00 0 S - Rule Denver 1965 1966 - Apr lastSun 2:00 1:00 D - Rule Denver 1965 1966 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Denver -6:59:56 - LMT 1883 Nov 18 12:00:04 -+Zone America/Denver -6:59:56 - LMT 1883 Nov 18 19:00u - -7:00 US M%sT 1920 - -7:00 Denver M%sT 1942 - -7:00 US M%sT 1946 -@@ -583,7 +583,7 @@ Rule CA 1950 1966 - Apr lastSun 1:00 1:00 D - Rule CA 1950 1961 - Sep lastSun 2:00 0 S - Rule CA 1962 1966 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 12:07:02 -+Zone America/Los_Angeles -7:52:58 - LMT 1883 Nov 18 20:00u - -8:00 US P%sT 1946 - -8:00 CA P%sT 1967 - -8:00 US P%sT -@@ -845,7 +845,7 @@ Zone Pacific/Honolulu -10:31:26 - LMT 1896 Jan 13 12:00 - # Go with the Arizona State Library instead. - - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 11:31:42 -+Zone America/Phoenix -7:28:18 - LMT 1883 Nov 18 19:00u - -7:00 US M%sT 1944 Jan 1 0:01 - -7:00 - MST 1944 Apr 1 0:01 - -7:00 US M%sT 1944 Oct 1 0:01 -@@ -873,7 +873,7 @@ Link America/Phoenix America/Creston - # switched four weeks late in 1974. - # - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Boise -7:44:49 - LMT 1883 Nov 18 12:15:11 -+Zone America/Boise -7:44:49 - LMT 1883 Nov 18 20:00u - -8:00 US P%sT 1923 May 13 2:00 - -7:00 US M%sT 1974 - -7:00 - MST 1974 Feb 3 2:00 -@@ -945,7 +945,7 @@ Rule Indianapolis 1941 only - Jun 22 2:00 1:00 D - Rule Indianapolis 1941 1954 - Sep lastSun 2:00 0 S - Rule Indianapolis 1946 1954 - Apr lastSun 2:00 1:00 D - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 12:15:22 -+Zone America/Indiana/Indianapolis -5:44:38 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1920 - -6:00 Indianapolis C%sT 1942 - -6:00 US C%sT 1946 -@@ -965,7 +965,7 @@ Rule Marengo 1951 only - Sep lastSun 2:00 0 S - Rule Marengo 1954 1960 - Apr lastSun 2:00 1:00 D - Rule Marengo 1954 1960 - Sep lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 12:14:37 -+Zone America/Indiana/Marengo -5:45:23 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1951 - -6:00 Marengo C%sT 1961 Apr 30 2:00 - -5:00 - EST 1969 -@@ -989,7 +989,7 @@ Rule Vincennes 1960 only - Oct lastSun 2:00 0 S - Rule Vincennes 1961 only - Sep lastSun 2:00 0 S - Rule Vincennes 1962 1963 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 12:09:53 -+Zone America/Indiana/Vincennes -5:50:07 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1946 - -6:00 Vincennes C%sT 1964 Apr 26 2:00 - -5:00 - EST 1969 -@@ -1009,7 +1009,7 @@ Rule Perry 1955 1960 - Sep lastSun 2:00 0 S - Rule Perry 1956 1963 - Apr lastSun 2:00 1:00 D - Rule Perry 1961 1963 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 12:12:57 -+Zone America/Indiana/Tell_City -5:47:03 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1946 - -6:00 Perry C%sT 1964 Apr 26 2:00 - -5:00 - EST 1967 Oct 29 2:00 -@@ -1026,7 +1026,7 @@ Rule Pike 1955 1960 - Sep lastSun 2:00 0 S - Rule Pike 1956 1964 - Apr lastSun 2:00 1:00 D - Rule Pike 1961 1964 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 12:10:53 -+Zone America/Indiana/Petersburg -5:49:07 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1955 - -6:00 Pike C%sT 1965 Apr 25 2:00 - -5:00 - EST 1966 Oct 30 2:00 -@@ -1048,7 +1048,7 @@ Rule Starke 1955 1956 - Oct lastSun 2:00 0 S - Rule Starke 1957 1958 - Sep lastSun 2:00 0 S - Rule Starke 1959 1961 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 12:13:30 -+Zone America/Indiana/Knox -5:46:30 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1947 - -6:00 Starke C%sT 1962 Apr 29 2:00 - -5:00 - EST 1963 Oct 27 2:00 -@@ -1064,7 +1064,7 @@ Rule Pulaski 1946 1954 - Sep lastSun 2:00 0 S - Rule Pulaski 1955 1956 - Oct lastSun 2:00 0 S - Rule Pulaski 1957 1960 - Sep lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35 -+Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1946 - -6:00 Pulaski C%sT 1961 Apr 30 2:00 - -5:00 - EST 1969 -@@ -1075,7 +1075,7 @@ Zone America/Indiana/Winamac -5:46:25 - LMT 1883 Nov 18 12:13:35 - # - # Switzerland County, Indiana, did not observe DST from 1973 through 2005. - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 12:19:44 -+Zone America/Indiana/Vevay -5:40:16 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1954 Apr 25 2:00 - -5:00 - EST 1969 - -5:00 US E%sT 1973 -@@ -1111,7 +1111,7 @@ Rule Louisville 1950 1961 - Apr lastSun 2:00 1:00 D - Rule Louisville 1950 1955 - Sep lastSun 2:00 0 S - Rule Louisville 1956 1961 - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] --Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58 -+Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1921 - -6:00 Louisville C%sT 1942 - -6:00 US C%sT 1946 -@@ -1145,7 +1145,7 @@ Zone America/Kentucky/Louisville -5:43:02 - LMT 1883 Nov 18 12:16:58 - # Federal Register 65, 160 (2000-08-17), pp 50154-50158. - # https://www.gpo.gov/fdsys/pkg/FR-2000-08-17/html/00-20854.htm - # --Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 12:20:36 -+Zone America/Kentucky/Monticello -5:39:24 - LMT 1883 Nov 18 18:00u - -6:00 US C%sT 1946 - -6:00 - CST 1968 - -6:00 US C%sT 2000 Oct 29 2:00 -@@ -2640,6 +2640,8 @@ Zone America/Dawson -9:17:40 - LMT 1900 Aug 20 - # longitude they are located at. - - # Rule NAME FROM TO - IN ON AT SAVE LETTER/S -+Rule Mexico 1931 only - May 1 23:00 1:00 D -+Rule Mexico 1931 only - Oct 1 0:00 0 S - Rule Mexico 1939 only - Feb 5 0:00 1:00 D - Rule Mexico 1939 only - Jun 25 0:00 0 S - Rule Mexico 1940 only - Dec 9 0:00 1:00 D -@@ -2656,13 +2658,13 @@ Rule Mexico 2002 max - Apr Sun>=1 2:00 1:00 D - Rule Mexico 2002 max - Oct lastSun 2:00 0 S - # Zone NAME STDOFF RULES FORMAT [UNTIL] - # Quintana Roo; represented by Cancún --Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 0:12:56 -+Zone America/Cancun -5:47:04 - LMT 1922 Jan 1 6:00u - -6:00 - CST 1981 Dec 23 - -5:00 Mexico E%sT 1998 Aug 2 2:00 - -6:00 Mexico C%sT 2015 Feb 1 2:00 - -5:00 - EST - # Campeche, Yucatán; represented by Mérida --Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32 -+Zone America/Merida -5:58:28 - LMT 1922 Jan 1 6:00u - -6:00 - CST 1981 Dec 23 - -5:00 - EST 1982 Dec 2 - -6:00 Mexico C%sT -@@ -2676,23 +2678,21 @@ Zone America/Merida -5:58:28 - LMT 1922 Jan 1 0:01:32 - # See: Inicia mañana Horario de Verano en zona fronteriza, El Universal, - # 2016-03-12 - # http://www.eluniversal.com.mx/articulo/estados/2016/03/12/inicia-manana-horario-de-verano-en-zona-fronteriza --Zone America/Matamoros -6:40:00 - LMT 1921 Dec 31 23:20:00 -+Zone America/Matamoros -6:30:00 - LMT 1922 Jan 1 6:00u - -6:00 - CST 1988 - -6:00 US C%sT 1989 - -6:00 Mexico C%sT 2010 - -6:00 US C%sT - # Durango; Coahuila, Nuevo León, Tamaulipas (away from US border) --Zone America/Monterrey -6:41:16 - LMT 1921 Dec 31 23:18:44 -+Zone America/Monterrey -6:41:16 - LMT 1922 Jan 1 6:00u - -6:00 - CST 1988 - -6:00 US C%sT 1989 - -6:00 Mexico C%sT - # Central Mexico --Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24 -+Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 7:00u - -7:00 - MST 1927 Jun 10 23:00 - -6:00 - CST 1930 Nov 15 -- -7:00 - MST 1931 May 1 23:00 -- -6:00 - CST 1931 Oct -- -7:00 - MST 1932 Apr 1 -+ -7:00 Mexico M%sT 1932 Apr 1 - -6:00 Mexico C%sT 2001 Sep 30 2:00 - -6:00 - CST 2002 Feb 20 - -6:00 Mexico C%sT -@@ -2700,35 +2700,29 @@ Zone America/Mexico_City -6:36:36 - LMT 1922 Jan 1 0:23:24 - # This includes the municipalities of Janos, Ascensión, Juárez, Guadalupe, - # Práxedis G Guerrero, Coyame del Sotol, Ojinaga, and Manuel Benavides. - # (See the 2016-03-12 El Universal source mentioned above.) --Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 0:02:20 -+Zone America/Ojinaga -6:57:40 - LMT 1922 Jan 1 7:00u - -7:00 - MST 1927 Jun 10 23:00 - -6:00 - CST 1930 Nov 15 -- -7:00 - MST 1931 May 1 23:00 -- -6:00 - CST 1931 Oct -- -7:00 - MST 1932 Apr 1 -+ -7:00 Mexico M%sT 1932 Apr 1 - -6:00 - CST 1996 - -6:00 Mexico C%sT 1998 - -6:00 - CST 1998 Apr Sun>=1 3:00 - -7:00 Mexico M%sT 2010 - -7:00 US M%sT - # Chihuahua (away from US border) --Zone America/Chihuahua -7:04:20 - LMT 1921 Dec 31 23:55:40 -+Zone America/Chihuahua -7:04:20 - LMT 1922 Jan 1 7:00u - -7:00 - MST 1927 Jun 10 23:00 - -6:00 - CST 1930 Nov 15 -- -7:00 - MST 1931 May 1 23:00 -- -6:00 - CST 1931 Oct -- -7:00 - MST 1932 Apr 1 -+ -7:00 Mexico M%sT 1932 Apr 1 - -6:00 - CST 1996 - -6:00 Mexico C%sT 1998 - -6:00 - CST 1998 Apr Sun>=1 3:00 - -7:00 Mexico M%sT - # Sonora --Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08 -+Zone America/Hermosillo -7:23:52 - LMT 1922 Jan 1 7:00u - -7:00 - MST 1927 Jun 10 23:00 - -6:00 - CST 1930 Nov 15 -- -7:00 - MST 1931 May 1 23:00 -- -6:00 - CST 1931 Oct -- -7:00 - MST 1932 Apr 1 -+ -7:00 Mexico M%sT 1932 Apr 1 - -6:00 - CST 1942 Apr 24 - -7:00 - MST 1949 Jan 14 - -8:00 - PST 1970 -@@ -2763,24 +2757,20 @@ Zone America/Hermosillo -7:23:52 - LMT 1921 Dec 31 23:36:08 - # Use "Bahia_Banderas" to keep the name to fourteen characters. - - # Mazatlán --Zone America/Mazatlan -7:05:40 - LMT 1921 Dec 31 23:54:20 -+Zone America/Mazatlan -7:05:40 - LMT 1922 Jan 1 7:00u - -7:00 - MST 1927 Jun 10 23:00 - -6:00 - CST 1930 Nov 15 -- -7:00 - MST 1931 May 1 23:00 -- -6:00 - CST 1931 Oct -- -7:00 - MST 1932 Apr 1 -+ -7:00 Mexico M%sT 1932 Apr 1 - -6:00 - CST 1942 Apr 24 - -7:00 - MST 1949 Jan 14 - -8:00 - PST 1970 - -7:00 Mexico M%sT - - # Bahía de Banderas --Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00 -+Zone America/Bahia_Banderas -7:01:00 - LMT 1922 Jan 1 7:00u - -7:00 - MST 1927 Jun 10 23:00 - -6:00 - CST 1930 Nov 15 -- -7:00 - MST 1931 May 1 23:00 -- -6:00 - CST 1931 Oct -- -7:00 - MST 1932 Apr 1 -+ -7:00 Mexico M%sT 1932 Apr 1 - -6:00 - CST 1942 Apr 24 - -7:00 - MST 1949 Jan 14 - -8:00 - PST 1970 -@@ -2788,7 +2778,7 @@ Zone America/Bahia_Banderas -7:01:00 - LMT 1921 Dec 31 23:59:00 - -6:00 Mexico C%sT - - # Baja California --Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 0:11:56 -+Zone America/Tijuana -7:48:04 - LMT 1922 Jan 1 7:00u - -7:00 - MST 1924 - -8:00 - PST 1927 Jun 10 23:00 - -7:00 - MST 1930 Nov 15 -diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION -index 71470168456..0cad939008f 100644 ---- a/test/jdk/java/util/TimeZone/TimeZoneData/VERSION -+++ b/test/jdk/java/util/TimeZone/TimeZoneData/VERSION -@@ -1 +1 @@ --tzdata2022d -+tzdata2022e -diff --git a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt -index b3823958ae4..2f2786f1c69 100644 ---- a/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt -+++ b/test/jdk/java/util/TimeZone/TimeZoneData/displaynames.txt -@@ -97,9 +97,7 @@ America/Winnipeg CST CDT - America/Yakutat AKST AKDT - America/Yellowknife MST MDT - Antarctica/Macquarie AEST AEDT --Asia/Amman EET EEST - Asia/Beirut EET EEST --Asia/Damascus EET EEST - Asia/Famagusta EET EEST - Asia/Gaza EET EEST - Asia/Hebron EET EEST diff --git a/SOURCES/nss.fips.cfg.in b/SOURCES/nss.fips.cfg.in deleted file mode 100644 index 2d9ec35..0000000 --- a/SOURCES/nss.fips.cfg.in +++ /dev/null @@ -1,8 +0,0 @@ -name = NSS-FIPS -nssLibraryDirectory = @NSS_LIBDIR@ -nssSecmodDirectory = sql:/etc/pki/nssdb -nssDbMode = readOnly -nssModule = fips - -attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true } - diff --git a/SPECS/java-17-openjdk.spec b/SPECS/java-17-openjdk.spec index 1566032..a963872 100644 --- a/SPECS/java-17-openjdk.spec +++ b/SPECS/java-17-openjdk.spec @@ -321,7 +321,7 @@ # New Version-String scheme-style defines %global featurever 17 %global interimver 0 -%global updatever 5 +%global updatever 6 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -361,15 +361,15 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver 0bd5ca9ccc5 +%global fipsver 257d544b594 # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 8 -%global rpmrelease 1 +%global buildver 10 +%global rpmrelease 3 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -1118,9 +1118,8 @@ Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros Requires: javapackages-filesystem # Require zone-info data provided by tzdata-java sub-package -# 2022d required as of JDK-8294357 -# Should be bumped to 2022e once available (JDK-8295173) -Requires: tzdata-java >= 2022d +# 2022g required as of JDK-8297804 +Requires: tzdata-java >= 2022g # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1312,9 +1311,6 @@ Source15: TestSecurityProperties.java # Ensure vendor settings are correct Source16: CheckVendor.java -# nss fips configuration file -Source17: nss.fips.cfg.in - # Ensure translations are available for new timezones Source18: TestTranslations.java @@ -1366,6 +1362,10 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d # Build the systemconf library on all platforms # RH2048582: Support PKCS#12 keystores # RH2020290: Support TLS 1.3 in FIPS mode +# Add nss.fips.cfg support to OpenJDK tree +# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode +# Remove forgotten dead code from RH2020290 and RH2104724 +# OJ1357: Fix issue on FIPS with a SecurityManager in place Patch1001: fips-17u-%{fipsver}.patch ############################################# @@ -1373,20 +1373,12 @@ Patch1001: fips-17u-%{fipsver}.patch # OpenJDK patches in need of upstreaming # ############################################# -# JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked -Patch2000: jdk8275535-rh2053256-ldap_auth.patch ############################################# # # OpenJDK patches appearing in 17.0.6 # ############################################# -# JDK-8293834: Update CLDR data following tzdata 2022c update -Patch2001: jdk8293834-kyiv_cldr_update.patch -# JDK-8294357: (tz) Update Timezone Data to 2022d -Patch2002: jdk8294357-tzdata2022d.patch -# JDK-8295173: (tz) Update Timezone Data to 2022e -Patch2003: jdk8295173-tzdata2022e.patch BuildRequires: autoconf BuildRequires: automake @@ -1420,9 +1412,8 @@ BuildRequires: java-17-openjdk-devel %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2022d required as of JDK-8294357 -# Should be bumped to 2022e once available (JDK-8295173) -BuildRequires: tzdata-java >= 2022d +# 2022g required as of JDK-8297804 +BuildRequires: tzdata-java >= 2022g # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1820,16 +1811,10 @@ pushd %{top_level_dir_name} %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 -# tzdata updates targetted for 17.0.6 -%patch2001 -p1 -%patch2002 -p1 -%patch2003 -p1 popd # openjdk %patch600 -%patch2000 - # The OpenJDK version file includes the current # upstream version information. For some reason, # configure does not automatically use the @@ -1847,8 +1832,7 @@ if [ "x${UPSTREAM_EA_DESIGNATOR}" != "x%{ea_designator}" ] ; then echo "WARNING: Designator mismatch"; echo "Spec file is configured for a %{build_type} build with designator '%{ea_designator}'" echo "Upstream version-pre setting is '${UPSTREAM_EA_DESIGNATOR}'"; - # Don't fail at present as upstream are not maintaining the value correctly - #exit 17 + exit 17 fi # Extract systemtap tapsets @@ -1900,9 +1884,6 @@ done # Setup nss.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg -# Setup nss.fips.cfg -sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg - %build # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) @@ -2036,9 +2017,6 @@ function installjdk() { # Install nss.cfg right away as we will be using the JRE above install -m 644 nss.cfg ${imagepath}/conf/security/ - # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) - install -m 644 nss.fips.cfg ${imagepath}/conf/security/ - # Turn on system security properties sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ ${imagepath}/conf/security/java.security @@ -2178,10 +2156,14 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi %endif -# Check translations are available for new timezones +%if ! 0%{?flatpak} +# Check translations are available for new timezones (during flatpak builds, the +# tzdb.dat used by this test is not where the test expects it, so this is +# disabled for flatpak builds) $JAVA_HOME/bin/javac -d . %{SOURCE18} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR +%endif %if %{include_staticlibs} # Check debug symbols in static libraries (smoke test) @@ -2638,6 +2620,52 @@ require "copy_jdk_configs.lua" %endif %changelog +* Sat Jan 14 2023 Andrew Hughes - 1:17.0.6.0.10-3 +- Add missing release note for JDK-8295687 +- Resolves: rhbz#2160111 + +* Fri Jan 13 2023 Andrew Hughes - 1:17.0.6.0.10-3 +- Update FIPS support to bring in latest changes +- * OJ1357: Fix issue on FIPS with a SecurityManager in place +- Related: rhbz#2147473 + +* Fri Jan 13 2023 Stephan Bergmann - 1:17.0.6.0.10-3 +- Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat +- Related: rhbz#2160111 + +* Wed Jan 11 2023 Andrew Hughes - 1:17.0.6.0.10-2 +- Update to jdk-17.0.6.0+10 +- Update release notes to 17.0.6.0+10 +- Switch to GA mode for release +- ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** +- Related: rhbz#2153010 + +* Wed Jan 04 2023 Andrew Hughes - 1:17.0.6.0.9-0.2.ea +- Update to jdk-17.0.6+9 +- Update release notes to 17.0.6+9 +- Drop local copy of JDK-8293834 now this is upstream +- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 +- Update TestTranslations.java to test the new America/Ciudad_Juarez zone +- Resolves: rhbz#2153010 + +* Sat Dec 03 2022 Andrew Hughes - 1:17.0.6.0.1-0.2.ea +- Update to jdk-17.0.6+1 +- Update release notes to 17.0.6+1 +- Switch to EA mode for 17.0.6 pre-release builds. +- Re-enable EA upstream status check now it is being actively maintained. +- Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream +- Drop JDK-8275535 local patch now this has been accepted and backported upstream +- Bump tzdata requirement to 2022e now the package is available in RHEL +- Related: rhbz#2153010 + +* Wed Nov 23 2022 Andrew Hughes - 1:17.0.5.0.8-4 +- Update FIPS support to bring in latest changes +- * Add nss.fips.cfg support to OpenJDK tree +- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode +- * Remove forgotten dead code from RH2020290 and RH2104724 +- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build +- Resolves: rhbz#2147473 + * Wed Oct 26 2022 Andrew Hughes - 1:17.0.5.0.8-1 - Update to jdk-17.0.5+8 (GA) - Update release notes to 17.0.5+8 (GA)