import java-17-openjdk-17.0.6.0.10-3.el8

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
+SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

.java-17-openjdk.metadata

@@ -1,2 +1,2 @@
-95213324016613e314e5c97dc87f31a0576df00c SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz
+fc29dd4013a289be075afdcb29c8df29d1349c0d SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
 c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

SOURCES/NEWS

@@ -9,6 +9,21 @@ Live versions of these release notes can be found at:
   * https://bitly.com/openjdk1706
   * https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
 
+* CVEs
+  - CVE-2023-21835
+  - CVE-2023-21843
+* Security fixes
+  - JDK-8286070: Improve UTF8 representation
+  - JDK-8286496: Improve Thread labels
+  - JDK-8287411: Enhance DTLS performance
+  - JDK-8288516: Enhance font creation
+  - JDK-8289350: Better media supports
+  - JDK-8293554: Enhanced DH Key Exchanges
+  - JDK-8293598: Enhance InetAddress address handling
+  - JDK-8293717: Objective view of ObjectView
+  - JDK-8293734: Improve BMP image handling
+  - JDK-8293742: Better Banking of Sounds
+  - JDK-8295687: Better BMP bounds
 * Other changes
   - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
   - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
@@ -252,10 +267,12 @@ Live versions of these release notes can be found at:
   - JDK-8295554: Move the "sizecalc.h" to the correct location
   - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
   - JDK-8295714: GHA ::set-output is deprecated and will be removed
+  - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
   - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
   - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
   - JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
   - JDK-8296108: (tz) Update Timezone Data to 2022f
+  - JDK-8296239: ISO 4217 Amendment 174 Update
   - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
   - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
   - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
@@ -278,10 +295,33 @@ Live versions of these release notes can be found at:
   - JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
   - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
   - JDK-8297804: (tz) Update Timezone Data to 2022g
+  - JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6
+  - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
+  - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
 
 Notes on individual issues:
 ===========================
 
+client-libs/javax.imageio:
+
+JDK-8295687: Better BMP bounds
+==============================
+Loading a linked ICC profile within a BMP image is now disabled by
+default. To re-enable it, set the new system property
+`sun.imageio.bmp.enabledLinkedProfiles` to `true`.  This new property
+replaces the old property,
+`sun.imageio.plugins.bmp.disableLinkedProfiles`.
+
+client-libs/javax.sound:
+
+JDK-8293742: Better Banking of Sounds
+=====================================
+Previously, the SoundbankReader implementation,
+`com.sun.media.sound.JARSoundbankReader`, would download a JAR
+soundbank from a URL.  This behaviour is now disabled by default. To
+re-enable it, set the new system property `jdk.sound.jarsoundbank` to
+`true`.
+
 security-libs/java.security:
 
 JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
@@ -302,6 +342,14 @@ the same change is made in third party modules.  Developers of third
 party modules are advised to verify that their logout() method does not
 throw a NullPointerException.
 
+security-libs/javax.net.ssl:
+
+JDK-8287411: Enhance DTLS performance
+=====================================
+The JDK now exchanges DTLS cookies for all handshakes, new and
+resumed. The previous behaviour can be re-enabled by setting the new
+system property `jdk.tls.enableDtlsResumeCookie` to `false`.
+
 New in release OpenJDK 17.0.5 (2022-10-18):
 ===========================================
 Live versions of these release notes can be found at:

SPECS/java-17-openjdk.spec

@@ -368,8 +368,8 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        9
+%global buildver        10
-%global rpmrelease      4
+%global rpmrelease      3
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -395,7 +395,7 @@
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           0
+%global is_ga           1
 %if %{is_ga}
 %global build_type GA
 %global ea_designator ""
@@ -2626,6 +2626,12 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Fri Jan 20 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-3
+- Update to jdk-17.0.6.0+10
+- Update release notes to 17.0.6.0+10
+- Switch to GA mode for release
+- Resolves: rhbz#2160111
+
 * Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.9-0.4.ea
 - Update FIPS support to bring in latest changes
 - * OJ1357: Fix issue on FIPS with a SecurityManager in place