Update to jdk-17.0.19+10 (GA)
- Update to jdk-17.0.19+10 (GA) - Add to .gitignore openjdk-17.0.19+10.tar.xz - Set updatever to 19 - Set buildver to 10 - Set rpmrelease to 1 - Update sources to openjdk-17.0.19+10.tar.xz - ** This tarball is embargoed until 2026-04-21 @ 1pm PT. ** - Set tzdata requires and build requires to 2026a - Set bundled freetype library version to 2.14.2 - Set bundled giflib library version to 6.1.2 - Set bundled harfbuzz library version to 12.3.2 - Set bundled libpng library version to 1.6.57 - Set bundled zlib library version to 1.3.2 - Set fipsver to e1780dd5d39 - Set fipsver to 62c0f885e30 - Sync NEWS from openjdk-portable-rhel-8 - Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8 - Resolves: RHEL-133292 - Resolves: RHEL-147350 - Resolves: RHEL-148408 - Resolves: RHEL-148987 - Resolves: RHEL-161296 - Resolves: RHEL-161445 - Resolves: RHEL-157135
This commit is contained in:
parent
b5c5b432a6
commit
be56a438fe
1
.gitignore
vendored
1
.gitignore
vendored
@ -80,3 +80,4 @@
|
||||
/openjdk-17.0.17+10.tar.xz
|
||||
/openjdk-17.0.18+7-ea.tar.xz
|
||||
/openjdk-17.0.18+8.tar.xz
|
||||
/openjdk-17.0.19+10.tar.xz
|
||||
|
||||
204
NEWS
204
NEWS
@ -3,6 +3,210 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 17.0.19 (2026-04-21):
|
||||
============================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk17019
|
||||
|
||||
* Changes
|
||||
- JDK-6899304: java.awt.Toolkit.getScreenInsets(GraphicsConfiguration) returns incorrect values
|
||||
- JDK-7036144: GZIPInputStream readTrailer uses faulty available() test for end-of-stream
|
||||
- JDK-8030957: AIX: Implement OperatingSystemMXBean.getSystemCpuLoad() and .getProcessCpuLoad() on AIX
|
||||
- JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails
|
||||
- JDK-8244336: Restrict algorithms at JCE layer
|
||||
- JDK-8244400: MenuItem may cache the size and did not update it when the screen DPI is changed
|
||||
- JDK-8256289: java/awt/Focus/AppletInitialFocusTest/AppletInitialFocusTest1.java failed with "RuntimeException: Wrong focus owner: java.awt.Button[button1,41,36,56x23,label=Button1]"
|
||||
- JDK-8271396: Spelling errors
|
||||
- JDK-8275405: Linking error for classes with lambda template parameters and virtual functions
|
||||
- JDK-8282484: G1: Predicted old time in log always zero
|
||||
- JDK-8283784: java_lang_String::as_platform_dependent_str stores to oop in native state
|
||||
- JDK-8288556: VM crashes if it gets sent SIGUSR2 from outside
|
||||
- JDK-8301875: java.util.TimeZone.getSystemTimeZoneID uses C library default file mode
|
||||
- JDK-8303475: potential null pointer dereference in filemap.cpp
|
||||
- JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry
|
||||
- JDK-8311644: Server should not send bad_certificate alert when the client does not send any certificates
|
||||
- JDK-8314555: Build with mawk fails on Windows
|
||||
- JDK-8317633: Modernize text.testlib.HexDumpReader
|
||||
- JDK-8326705: Test CertMsgCheck.java fails to find alert certificate_required
|
||||
- JDK-8328608: Multiple NewSessionTicket support for TLS
|
||||
- JDK-8329258: TailCall should not use frame pointer register for jump target
|
||||
- JDK-8330016: Stress seed should be initialized for runtime stub compilation
|
||||
- JDK-8331431: Update to use jtreg 7.4
|
||||
- JDK-8333386: TestAbortOnVMOperationTimeout test fails for client VM
|
||||
- JDK-8334670: SSLSocketOutputRecord buffer miscalculation
|
||||
- JDK-8336695: Update Commons BCEL to Version 6.10.0
|
||||
- JDK-8337102: JITTester: Fix breaks in static initialization blocks
|
||||
- JDK-8337681: PNGImageWriter uses much more memory than necessary
|
||||
- JDK-8337795: Type annotation attached to incorrect type during class reading
|
||||
- JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations
|
||||
- JDK-8339271: giflib attribution correction
|
||||
- JDK-8339791: Refactor MiscUndecorated/ActiveAWTWindowTest.java
|
||||
- JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index
|
||||
- JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377)
|
||||
- JDK-8342175: MemoryEaterMT fails intermittently with ExceptionInInitializerError
|
||||
- JDK-8343622: AesDkCrypto.stringToKey should not return null
|
||||
- JDK-8345578: New test in JDK-8343622 fails with a promoted build
|
||||
- JDK-8346048: test/lib/containers/docker/DockerRunOptions.java uses addJavaOpts() from ctor
|
||||
- JDK-8346962: Test CRLReadTimeout.java fails with -Xcomp on a fastdebug build
|
||||
- JDK-8347475: GTK: javax/swing/JColorChooser/Test8152419.java there are no swatches or RGB tab in JColorChooser
|
||||
- JDK-8348014: Enhance certificate processing
|
||||
- JDK-8349351: Combine Screen Inset Tests into a Single File
|
||||
- JDK-8351359: OperatingSystemMXBean: values from getCpuLoad and getProcessCpuLoad are stale after 24.8 days (Windows)
|
||||
- JDK-8351639: Improve debuggability of test/langtools/jdk/jshell/JdiHangingListenExecutionControlTest.java test
|
||||
- JDK-8353755: Add a helper method to Util - findComponent()
|
||||
- JDK-8354219: Automate javax/swing/JComboBox/ComboPopupBug.java
|
||||
- JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001)
|
||||
- JDK-8355278: Improve debuggability of com/sun/jndi/ldap/LdapPoolTimeoutTest.java test
|
||||
- JDK-8355632: WhiteBox.waitForReferenceProcessing() fails assert for return type
|
||||
- JDK-8357277: Update OpenSSL library for interop tests
|
||||
- JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed
|
||||
- JDK-8360539: DTLS handshakes fails due to improper cookie validation logic
|
||||
- JDK-8361067: Test ExtraButtonDrag.java requires frame.dispose in finally block
|
||||
- JDK-8361117: SIGSEGV in LShiftLNode::Ideal due to unexpected dead node
|
||||
- JDK-8361530: Test javax/swing/GraphicsConfigNotifier/StalePreferredSize.java timed out
|
||||
- JDK-8363950: Incorrect jtreg header in TestLayoutVsICU.java
|
||||
- JDK-8364373: Transform Affine transformations
|
||||
- JDK-8364465: Enhance behavior of some intrinsics
|
||||
- JDK-8366694: Test JdbStopInNotificationThreadTest.java timed out after 60 second
|
||||
- JDK-8366817: test/jdk/javax/net/ssl/TLSCommon/interop/JdkProcServer.java and JdkProcClient.java should not delete logs
|
||||
- JDK-8366850: Test com/sun/jdi/JdbStopInNotificationThreadTest.java failed
|
||||
- JDK-8366866: SslRMIClientSocketFactory#createSocket lacking priviledges (securitymanger)
|
||||
- JDK-8366938: Test runtime/handshake/HandshakeTimeoutTest.java crashed
|
||||
- JDK-8367135: Test compiler/loopstripmining/CheckLoopStripMining.java needs internal timeouts adjusted
|
||||
- JDK-8367904: Test java/net/InetAddress/ptr/Lookup.java should throw SkippedException
|
||||
- JDK-8368787: Error reporting: hs_err files should show instructions when referencing code in nmethods
|
||||
- JDK-8368882: NPE during text drawing on machine with JP locale
|
||||
- JDK-8368960: Adjust java UL logging in the build
|
||||
- JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
|
||||
- JDK-8369563: Gtest dll_address_to_function_and_library_name has issues with stripped pdb files
|
||||
- JDK-8369575: Enhance crypto algorithm support
|
||||
- JDK-8370529: Enhance Path Factories Redux
|
||||
- JDK-8370579: PPC: fix inswri immediate argument order
|
||||
- JDK-8370615: Improve Kerberos credentialing
|
||||
- JDK-8370986: Enhance Zip file reading
|
||||
- JDK-8370995: Enhance ZipFile usage
|
||||
- JDK-8371103: vmTestbase/nsk/jvmti/scenarios/events/EM02/em02t006/TestDescription.java failing
|
||||
- JDK-8371559: Intermittent timeouts in test javax/net/ssl/Stapling/HttpsUrlConnClient.java
|
||||
- JDK-8371830: Enhance certificate chain validation
|
||||
- JDK-8371935: Enhance key generation
|
||||
- JDK-8371978: tools/jar/ReproducibleJar.java fails on XFS
|
||||
- JDK-8372048: Performance improvement on Linux remote desktop
|
||||
- JDK-8372465: Bump update version for OpenJDK: jdk-17.0.19
|
||||
- JDK-8372756: Mouse additional buttons and horizontal scrolling are broken on XWayland GNOME >= 47 after JDK-8351907
|
||||
- JDK-8372857: Improve debuggability of java/rmi/server/RemoteServer/AddrInUse.java test
|
||||
- JDK-8372977: Unnecessary gthread-2.0 loading
|
||||
- JDK-8373290: Update FreeType to 2.14.1
|
||||
- JDK-8373476: (tz) Update Timezone Data to 2025c
|
||||
- JDK-8373727: New XBM images parser regression: only the first line of the bitmap array is parsed
|
||||
- JDK-8374056: RISC-V: Fix argument passing for the RiscvFlushIcache::flush
|
||||
- JDK-8374209: [17u,21u] Backout JDK-8361748 due to JDK-8373727
|
||||
- JDK-8374557: Enhance TLS connection handling
|
||||
- JDK-8374642: EscapeHash macro fails with GNU make 4.3 and 4.4
|
||||
- JDK-8375057: Update HarfBuzz to 12.3.2
|
||||
- JDK-8375063: Update Libpng to 1.6.54
|
||||
- JDK-8375530: PPC64: incorrect quick verify_method_data_pointer check causes poor performance in debug build
|
||||
- JDK-8375549: ConcurrentModificationException if jdk.crypto.disabledAlgorithms has multiple entries with known oid
|
||||
- JDK-8376251: [macos] java/awt/Frame/I18NTitle.java fails on MacOS (JDK-8355884)
|
||||
- JDK-8376270: [21u, 17u] Redo JDK-8361748: Enforce limits on the size of an XBM image
|
||||
- JDK-8377509: Add licenses for gcc 14.2.0
|
||||
- JDK-8377526: Update Libpng to 1.6.55
|
||||
- JDK-8377905: gcc.md included with every build
|
||||
- JDK-8378218: MSYS2 reports cygwin triplet causing bash configure failure
|
||||
- JDK-8378631: Update Zlib Data Compression Library to Version 1.3.2
|
||||
- JDK-8378823: AIX build fails after zlib updated by JDK-8378631
|
||||
- JDK-8379035: (tz) Update Timezone Data to 2026a
|
||||
- JDK-8379158: Update FreeType to 2.14.2
|
||||
- JDK-8379256: Update GIFlib to 6.1.1
|
||||
- JDK-8380078: Update GIFlib to 6.1.2
|
||||
- JDK-8380959: Update Libpng to 1.6.56
|
||||
- JDK-8382047: Update Libpng to 1.6.57
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
tools/javac:
|
||||
|
||||
JDK-8341779: Type annotations are not visible to javac plugins across compilation boundaries
|
||||
============================================================================================
|
||||
`TypeMirror` now provides access to annotations for types loaded from
|
||||
bytecode. Programs that relied on annotations not being present in
|
||||
loaded bytecode need to be updated to handle them.
|
||||
|
||||
core-libs/java.util.jar:
|
||||
|
||||
JDK-7036144: GZIPInputStream readTrailer uses faulty available() test for end-of-stream
|
||||
=======================================================================================
|
||||
`GZipInputStream`'s `read` methods will now check for a GZIP stream
|
||||
header in additional data in the internal `InputStream`, instead of
|
||||
using InputStream.available().
|
||||
|
||||
security-libs/javax.net.ssl:
|
||||
|
||||
JDK-8328608: Multiple NewSessionTicket support for TLS
|
||||
======================================================
|
||||
This JDK version introduces a new system property,
|
||||
`jdk.tls.server.newSessionTicketCount`. It can be used to set the
|
||||
number of TLSv1.3 resumption tickets sent per session by a JSSE
|
||||
server. The default is 1 and the valid range is [0, 10].
|
||||
|
||||
See also "Customizing JSSE" at
|
||||
https://docs.oracle.com/en/java/javase/24/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-A41282C3-19A3-400A-A40F-86F4DA22ABA9
|
||||
|
||||
JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
|
||||
===============================================================================
|
||||
In accordance with similar plans recently announced by Google and
|
||||
Mozilla, the JDK will not trust Transport Layer Security (TLS)
|
||||
certificates issued after the 17th of March 2026 which are anchored by
|
||||
Chungwa root certificates.
|
||||
|
||||
Certificates issued on or before the 17th of March, 2026 will continue
|
||||
to be trusted until they expire.
|
||||
|
||||
If a server's certificate chain is anchored by an affected
|
||||
certificate, attempts to negotiate a TLS session will fail with an
|
||||
Exception that indicates the trust anchor is not trusted. For example,
|
||||
|
||||
"TLS server certificate issued after 2026-03-17 and anchored by a
|
||||
distrusted legacy Chungwa root CA: OU=ePKI Root Certification
|
||||
Authority, O="Chunghwa Telecom Co.", Ltd. C=TW"
|
||||
|
||||
To check whether a certificate in a JDK keystore is affected by this
|
||||
change, you can the `keytool` utility:
|
||||
|
||||
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
|
||||
|
||||
If any of the certificates in the chain are affected by this change,
|
||||
then you will need to update the certificate or contact the
|
||||
organisation responsible for managing the certificate.
|
||||
|
||||
These restrictions apply to the following Chungwa root certificates
|
||||
included in the JDK:
|
||||
|
||||
Alias name: chunghwaepkirootca
|
||||
OU=ePKI Root Certification Authority
|
||||
O="Chunghwa Telecom Co., Ltd."
|
||||
C=TW
|
||||
SHA256:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5
|
||||
|
||||
Users can, *at their own risk*, remove this restriction by modifying
|
||||
the `java.security` configuration file (or override it by using the
|
||||
`java.security.properties` system property) so "CHUNGWA_TLS" is no
|
||||
longer listed in the `jdk.security.caDistrustPolicies` security
|
||||
property.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8244336: Restrict algorithms at JCE layer
|
||||
=============================================
|
||||
The `java.security` file defines a new security property,
|
||||
`jdk.crypto.disabledAlgorithms` that can be used to disable JCE/JCA
|
||||
cryptographic services algorithms. For now, no algorithms are disabled
|
||||
by default. Applications can set a system property of the same name to
|
||||
override security property's value.
|
||||
|
||||
See also "Disabled and Restricted Cryptographic Algorithms" at
|
||||
https://docs.oracle.com/en/java/javase/26/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-0A438179-32A7-4900-A81C-29E3073E1E90
|
||||
|
||||
New in release OpenJDK 17.0.18 (2026-01-20):
|
||||
============================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
||||
@ -512,7 +512,7 @@ index db56dfcd505..07e34e95c05 100644
|
||||
|
||||
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
|
||||
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
|
||||
index a020e1c15d8..3c064965e82 100644
|
||||
index 33172288ba3..de1ee6fd7a1 100644
|
||||
--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
|
||||
+++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
|
||||
@@ -31,6 +31,7 @@ import java.security.SecureRandom;
|
||||
@ -534,10 +534,16 @@ index a020e1c15d8..3c064965e82 100644
|
||||
@java.io.Serial
|
||||
private static final long serialVersionUID = 6812507587804302833L;
|
||||
|
||||
@@ -143,285 +148,287 @@ public final class SunJCE extends Provider {
|
||||
@@ -143,288 +148,290 @@ public final class SunJCE extends Provider {
|
||||
void putEntries() {
|
||||
// reuse attribute map and reset before each reuse
|
||||
HashMap<String, String> attrs = new HashMap<>(3);
|
||||
- attrs.put("SupportedKeyClasses",
|
||||
- "java.security.interfaces.RSAPublicKey" +
|
||||
- "|java.security.interfaces.RSAPrivateKey");
|
||||
- ps("Signature", "NONEwithRSA",
|
||||
- "com.sun.crypto.provider.RSACipherAdaptor", null, attrs);
|
||||
- // continue adding cipher specific attributes
|
||||
- attrs.put("SupportedModes", "ECB");
|
||||
- attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
|
||||
- + "|OAEPWITHMD5ANDMGF1PADDING"
|
||||
@ -549,9 +555,6 @@ index a020e1c15d8..3c064965e82 100644
|
||||
- + "|OAEPWITHSHA-512ANDMGF1PADDING"
|
||||
- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
|
||||
- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
|
||||
- attrs.put("SupportedKeyClasses",
|
||||
- "java.security.interfaces.RSAPublicKey" +
|
||||
- "|java.security.interfaces.RSAPrivateKey");
|
||||
- ps("Cipher", "RSA",
|
||||
- "com.sun.crypto.provider.RSACipher", null, attrs);
|
||||
-
|
||||
@ -818,6 +821,12 @@ index a020e1c15d8..3c064965e82 100644
|
||||
- "com.sun.crypto.provider.DHKeyPairGenerator",
|
||||
- null);
|
||||
+ if (!systemFipsEnabled) {
|
||||
+ attrs.put("SupportedKeyClasses",
|
||||
+ "java.security.interfaces.RSAPublicKey" +
|
||||
+ "|java.security.interfaces.RSAPrivateKey");
|
||||
+ ps("Signature", "NONEwithRSA",
|
||||
+ "com.sun.crypto.provider.RSACipherAdaptor", null, attrs);
|
||||
+ // continue adding cipher specific attributes
|
||||
+ attrs.put("SupportedModes", "ECB");
|
||||
+ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
|
||||
+ + "|OAEPWITHMD5ANDMGF1PADDING"
|
||||
@ -829,9 +838,6 @@ index a020e1c15d8..3c064965e82 100644
|
||||
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
|
||||
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
|
||||
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
|
||||
+ attrs.put("SupportedKeyClasses",
|
||||
+ "java.security.interfaces.RSAPublicKey" +
|
||||
+ "|java.security.interfaces.RSAPrivateKey");
|
||||
+ ps("Cipher", "RSA",
|
||||
+ "com.sun.crypto.provider.RSACipher", null, attrs);
|
||||
+
|
||||
@ -1101,7 +1107,7 @@ index a020e1c15d8..3c064965e82 100644
|
||||
|
||||
/*
|
||||
* Algorithm parameter generation engines
|
||||
@@ -430,15 +437,17 @@ public final class SunJCE extends Provider {
|
||||
@@ -433,15 +440,17 @@ public final class SunJCE extends Provider {
|
||||
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
|
||||
null);
|
||||
|
||||
@ -1128,7 +1134,7 @@ index a020e1c15d8..3c064965e82 100644
|
||||
|
||||
/*
|
||||
* Algorithm Parameter engines
|
||||
@@ -610,118 +619,120 @@ public final class SunJCE extends Provider {
|
||||
@@ -613,118 +622,120 @@ public final class SunJCE extends Provider {
|
||||
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
|
||||
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
|
||||
|
||||
@ -2508,7 +2514,7 @@ index 00000000000..dc8bc72fccb
|
||||
+ }
|
||||
+}
|
||||
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
|
||||
index 50944836820..9391ad0d798 100644
|
||||
index cd6407ceffc..2c14cf189a1 100644
|
||||
--- a/src/java.base/share/conf/security/java.security
|
||||
+++ b/src/java.base/share/conf/security/java.security
|
||||
@@ -82,6 +82,17 @@ security.provider.tbd=Apple
|
||||
@ -2603,7 +2609,7 @@ index 00000000000..6de716e6b42
|
||||
+nssDbMode = readWrite
|
||||
+nssModule = fips
|
||||
+
|
||||
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
|
||||
+attributes(*,CKO_SECRET_KEY,*)={ CKA_SIGN=true CKA_ENCRYPT=true }
|
||||
+
|
||||
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
|
||||
index 9bd5dd53bd3..d1eba14c252 100644
|
||||
@ -4072,7 +4078,7 @@ index cabee449346..72b64f72c0a 100644
|
||||
// empty
|
||||
}
|
||||
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
index 00fbbcfe07c..b5a30c6da4e 100644
|
||||
index 19f89ad5f38..a55c890b93d 100644
|
||||
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
|
||||
@@ -26,6 +26,9 @@
|
||||
@ -4411,7 +4417,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
|
||||
d(SIG, "RawDSA", P11Signature,
|
||||
List.of("NONEwithDSA"),
|
||||
m(CKM_DSA));
|
||||
@@ -1120,9 +1332,21 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -1122,9 +1334,21 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
continue;
|
||||
}
|
||||
boolean allowLegacy = config.getAllowLegacy();
|
||||
@ -4433,7 +4439,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
|
||||
|
||||
// assume full support if no mech info available
|
||||
if (!allowLegacy && mechInfo != null) {
|
||||
@@ -1211,11 +1435,52 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -1213,11 +1437,52 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -4486,7 +4492,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
|
||||
try {
|
||||
return newInstance0(param);
|
||||
} catch (PKCS11Exception e) {
|
||||
@@ -1235,6 +1500,8 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -1237,6 +1502,8 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
} else if (algorithm.endsWith("GCM/NoPadding") ||
|
||||
algorithm.startsWith("ChaCha20-Poly1305")) {
|
||||
return new P11AEADCipher(token, algorithm, mechanism);
|
||||
@ -4495,7 +4501,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
|
||||
} else {
|
||||
return new P11Cipher(token, algorithm, mechanism);
|
||||
}
|
||||
@@ -1570,6 +1837,9 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
@@ -1574,6 +1841,9 @@ public final class SunPKCS11 extends AuthProvider {
|
||||
try {
|
||||
session = token.getOpSession();
|
||||
p11.C_Logout(session.id());
|
||||
@ -315,7 +315,7 @@
|
||||
# New Version-String scheme-style defines
|
||||
%global featurever 17
|
||||
%global interimver 0
|
||||
%global updatever 18
|
||||
%global updatever 19
|
||||
%global patchver 0
|
||||
# buildjdkver is usually same as %%{featurever},
|
||||
# but in time of bootstrap of next jdk, it is featurever-1,
|
||||
@ -365,7 +365,7 @@
|
||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||
# Define current Git revision for the FIPS support patches
|
||||
%global fipsver e1780dd5d39
|
||||
%global fipsver 62c0f885e30
|
||||
# Define JDK versions
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
%global javaver %{featurever}
|
||||
@ -379,8 +379,8 @@
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{vcstag}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 8
|
||||
%global rpmrelease 2
|
||||
%global buildver 10
|
||||
%global rpmrelease 1
|
||||
#%%global tagsuffix %%{nil}
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
@ -753,19 +753,19 @@ BuildRequires: libpng-devel
|
||||
BuildRequires: zlib-devel
|
||||
%else
|
||||
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
|
||||
Provides: bundled(freetype) = 2.13.3
|
||||
Provides: bundled(freetype) = 2.14.2
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
|
||||
Provides: bundled(giflib) = 5.2.2
|
||||
Provides: bundled(giflib) = 6.1.2
|
||||
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
|
||||
Provides: bundled(harfbuzz) = 11.2.0
|
||||
Provides: bundled(harfbuzz) = 12.3.2
|
||||
# Version in src/java.desktop/share/native/liblcms/lcms2.h
|
||||
Provides: bundled(lcms2) = 2.17.0
|
||||
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
|
||||
Provides: bundled(libjpeg) = 6b
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
|
||||
Provides: bundled(libpng) = 1.6.51
|
||||
Provides: bundled(libpng) = 1.6.57
|
||||
# Version in src/java.base/share/native/libzip/zlib/zlib.h
|
||||
Provides: bundled(zlib) = 1.3.1
|
||||
Provides: bundled(zlib) = 1.3.2
|
||||
# We link statically against libstdc++ to increase portability
|
||||
BuildRequires: libstdc++-static
|
||||
%endif
|
||||
@ -1838,13 +1838,36 @@ done
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Apr 17 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.19.0.10-1
|
||||
- Set fipsver to 62c0f885e30
|
||||
|
||||
* Thu Apr 16 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.19.0.10-1
|
||||
- Update to jdk-17.0.19+10 (GA)
|
||||
- Add to .gitignore openjdk-17.0.19+10.tar.xz
|
||||
- Set updatever to 19
|
||||
- Set buildver to 10
|
||||
- Set rpmrelease to 1
|
||||
- Update sources to openjdk-17.0.19+10.tar.xz
|
||||
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
|
||||
- Set bundled freetype library version to 2.14.2
|
||||
- Set bundled giflib library version to 6.1.2
|
||||
- Set bundled harfbuzz library version to 12.3.2
|
||||
- Set bundled libpng library version to 1.6.57
|
||||
- Set bundled zlib library version to 1.3.2
|
||||
- Update NEWS for jdk-17.0.19+10 (GA)
|
||||
|
||||
* Wed Feb 11 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.18.0.8-2
|
||||
- Add test to ensure blocked.certs is valid (OPENJDK-4362)
|
||||
- Handle 'upgrade' as an alternative to 'update' in openjdk_news.sh
|
||||
- Add gating scripts to simplify obtaining results and waiving issues
|
||||
- Remove 8.2.0-z from tag_rhel_8_public.sh and tag_rhel_8_embargoed.sh
|
||||
- Resolves: RHEL-149327
|
||||
- Related: RHEL-151197
|
||||
|
||||
* Wed Feb 11 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.18.0.8-2
|
||||
- Set rpmrelease to 2
|
||||
- Set fipsver to e1780dd5d39
|
||||
- Resolves: RHEL-122136
|
||||
|
||||
* Fri Jan 16 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.18.0.8-1
|
||||
- Update to jdk-17.0.18+8 (GA)
|
||||
@ -1862,7 +1885,10 @@ done
|
||||
- Set buildver to 7
|
||||
- Set is_ga to 0
|
||||
- Update sources to openjdk-17.0.18+7-ea.tar.xz
|
||||
- Resolves: RHEL-139552
|
||||
- Set bundled libpng version to 1.6.51
|
||||
- Resolves: RHEL-131590
|
||||
- Resolves: RHEL-131601
|
||||
- Adjust attributes in nss.fips.cfg.in in fips-17u-df4c415ac9a.patch
|
||||
- Related: OPENJDK-4013
|
||||
- Related: RHEL-122136
|
||||
|
||||
@ -328,7 +328,7 @@
|
||||
# New Version-String scheme-style defines
|
||||
%global featurever 17
|
||||
%global interimver 0
|
||||
%global updatever 18
|
||||
%global updatever 19
|
||||
%global patchver 0
|
||||
# buildjdkver is usually same as %%{featurever},
|
||||
# but in time of bootstrap of next jdk, it is featurever-1,
|
||||
@ -368,7 +368,7 @@
|
||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||
# Define current Git revision for the FIPS support patches
|
||||
%global fipsver e1780dd5d39
|
||||
%global fipsver 62c0f885e30
|
||||
%global javaver %{featurever}
|
||||
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
|
||||
|
||||
@ -383,8 +383,8 @@
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{vcstag}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 8
|
||||
%global rpmrelease 2
|
||||
%global buildver 10
|
||||
%global rpmrelease 1
|
||||
# Settings used by the portable build
|
||||
%global portablerelease 2
|
||||
# Portable suffix differs between RHEL and CentOS
|
||||
@ -1137,8 +1137,8 @@ Requires: ca-certificates
|
||||
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
|
||||
Requires: javapackages-filesystem
|
||||
# Require zone-info data provided by tzdata-java sub-package
|
||||
# 2025b required as of JDK-8352716
|
||||
Requires: tzdata-java >= 2025b
|
||||
# 2026a required as of JDK-8379035
|
||||
Requires: tzdata-java >= 2026a
|
||||
# for support of kernel stream control
|
||||
# libsctp.so.1 is being `dlopen`ed on demand
|
||||
Requires: lksctp-tools%{?_isa}
|
||||
@ -1470,8 +1470,8 @@ BuildRequires: java-%{featurever}-openjdk-portable-misc = %{epoch}:%{version}-%{
|
||||
%ifarch %{zero_arches}
|
||||
BuildRequires: libffi-devel
|
||||
%endif
|
||||
# 2025b required as of JDK-8352716
|
||||
BuildRequires: tzdata-java >= 2025b
|
||||
# 2026a required as of JDK-8379035
|
||||
BuildRequires: tzdata-java >= 2026a
|
||||
# Earlier versions have a bug in tree vectorization on PPC
|
||||
BuildRequires: gcc >= 4.8.3-8
|
||||
|
||||
@ -1490,19 +1490,19 @@ BuildRequires: libpng-devel
|
||||
BuildRequires: zlib-devel
|
||||
%else
|
||||
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
|
||||
Provides: bundled(freetype) = 2.13.3
|
||||
Provides: bundled(freetype) = 2.14.2
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
|
||||
Provides: bundled(giflib) = 5.2.2
|
||||
Provides: bundled(giflib) = 6.1.2
|
||||
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
|
||||
Provides: bundled(harfbuzz) = 11.2.0
|
||||
Provides: bundled(harfbuzz) = 12.3.2
|
||||
# Version in src/java.desktop/share/native/liblcms/lcms2.h
|
||||
Provides: bundled(lcms2) = 2.17.0
|
||||
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
|
||||
Provides: bundled(libjpeg) = 6b
|
||||
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
|
||||
Provides: bundled(libpng) = 1.6.51
|
||||
Provides: bundled(libpng) = 1.6.57
|
||||
# Version in src/java.base/share/native/libzip/zlib/zlib.h
|
||||
Provides: bundled(zlib) = 1.3.1
|
||||
Provides: bundled(zlib) = 1.3.2
|
||||
%endif
|
||||
|
||||
# this is always built, also during debug-only build
|
||||
@ -2512,6 +2512,31 @@ cjc.mainProgram(args)
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Apr 16 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.19.0.10-1
|
||||
- Update to jdk-17.0.19+10 (GA)
|
||||
- Add to .gitignore openjdk-17.0.19+10.tar.xz
|
||||
- Set updatever to 19
|
||||
- Set buildver to 10
|
||||
- Set rpmrelease to 1
|
||||
- Update sources to openjdk-17.0.19+10.tar.xz
|
||||
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
|
||||
- Set tzdata requires and build requires to 2026a
|
||||
- Set bundled freetype library version to 2.14.2
|
||||
- Set bundled giflib library version to 6.1.2
|
||||
- Set bundled harfbuzz library version to 12.3.2
|
||||
- Set bundled libpng library version to 1.6.57
|
||||
- Set bundled zlib library version to 1.3.2
|
||||
- Set fipsver to 62c0f885e30
|
||||
- Sync NEWS from openjdk-portable-rhel-8
|
||||
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8
|
||||
- Resolves: RHEL-133292
|
||||
- Resolves: RHEL-147350
|
||||
- Resolves: RHEL-148408
|
||||
- Resolves: RHEL-148987
|
||||
- Resolves: RHEL-161296
|
||||
- Resolves: RHEL-161445
|
||||
- Resolves: RHEL-157135
|
||||
|
||||
* Thu Feb 12 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.18.0.8-2
|
||||
- Set portablerelease to 2
|
||||
- Remove test to ensure blocked.certs is valid, done in portable
|
||||
|
||||
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
|
||||
SHA512 (openjdk-17.0.18+8.tar.xz) = 71b499f76b4ec42836a45a102f202fb5384c3bfb440d94afad004d4c8e9346298f5c557f16c409a27e6d347930eeae838e43d94c226c5938da008e7ee98db0ff
|
||||
SHA512 (openjdk-17.0.19+10.tar.xz) = a905a9689363d4f0d0ff8e1ddf79a605209c5ec65d0858f3bb4b9ddcb3ffa0354c75fd4660323204957b58913c831a79b78dcd7615358b8135f38fc1c2d4c3bb
|
||||
|
||||
Loading…
Reference in New Issue
Block a user