Update to jdk-17.0.19+10 (GA)

- Update to jdk-17.0.19+10 (GA)
- Add to .gitignore openjdk-17.0.19+10.tar.xz
- Set updatever to 19
- Set buildver to 10
- Set rpmrelease to 1
- Update sources to openjdk-17.0.19+10.tar.xz
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Set tzdata requires and build requires to 2026a
- Set bundled freetype library version to 2.14.2
- Set bundled giflib library version to 6.1.2
- Set bundled harfbuzz library version to 12.3.2
- Set bundled libpng library version to 1.6.57
- Set bundled zlib library version to 1.3.2
- Set fipsver to e1780dd5d39
- Set fipsver to 62c0f885e30
- Sync NEWS from openjdk-portable-rhel-8
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8
- Resolves: RHEL-133292
- Resolves: RHEL-147350
- Resolves: RHEL-148408
- Resolves: RHEL-148987
- Resolves: RHEL-161296
- Resolves: RHEL-161445
- Resolves: RHEL-157135
This commit is contained in:
Thomas Fitzsimmons 2026-04-16 20:01:50 -04:00
parent b5c5b432a6
commit be56a438fe
6 changed files with 302 additions and 40 deletions

1
.gitignore vendored
View File

@ -80,3 +80,4 @@
/openjdk-17.0.17+10.tar.xz
/openjdk-17.0.18+7-ea.tar.xz
/openjdk-17.0.18+8.tar.xz
/openjdk-17.0.19+10.tar.xz

204
NEWS
View File

@ -3,6 +3,210 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 17.0.19 (2026-04-21):
============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk17019
* Changes
- JDK-6899304: java.awt.Toolkit.getScreenInsets(GraphicsConfiguration) returns incorrect values
- JDK-7036144: GZIPInputStream readTrailer uses faulty available() test for end-of-stream
- JDK-8030957: AIX: Implement OperatingSystemMXBean.getSystemCpuLoad() and .getProcessCpuLoad() on AIX
- JDK-8200566: DistributionPointFetcher fails to fetch CRLs if the DistributionPoints field contains more than one DistributionPoint and the first one fails
- JDK-8244336: Restrict algorithms at JCE layer
- JDK-8244400: MenuItem may cache the size and did not update it when the screen DPI is changed
- JDK-8256289: java/awt/Focus/AppletInitialFocusTest/AppletInitialFocusTest1.java failed with "RuntimeException: Wrong focus owner: java.awt.Button[button1,41,36,56x23,label=Button1]"
- JDK-8271396: Spelling errors
- JDK-8275405: Linking error for classes with lambda template parameters and virtual functions
- JDK-8282484: G1: Predicted old time in log always zero
- JDK-8283784: java_lang_String::as_platform_dependent_str stores to oop in native state
- JDK-8288556: VM crashes if it gets sent SIGUSR2 from outside
- JDK-8301875: java.util.TimeZone.getSystemTimeZoneID uses C library default file mode
- JDK-8303475: potential null pointer dereference in filemap.cpp
- JDK-8309667: TLS handshake fails because of ConcurrentModificationException in PKCS12KeyStore.engineGetEntry
- JDK-8311644: Server should not send bad_certificate alert when the client does not send any certificates
- JDK-8314555: Build with mawk fails on Windows
- JDK-8317633: Modernize text.testlib.HexDumpReader
- JDK-8326705: Test CertMsgCheck.java fails to find alert certificate_required
- JDK-8328608: Multiple NewSessionTicket support for TLS
- JDK-8329258: TailCall should not use frame pointer register for jump target
- JDK-8330016: Stress seed should be initialized for runtime stub compilation
- JDK-8331431: Update to use jtreg 7.4
- JDK-8333386: TestAbortOnVMOperationTimeout test fails for client VM
- JDK-8334670: SSLSocketOutputRecord buffer miscalculation
- JDK-8336695: Update Commons BCEL to Version 6.10.0
- JDK-8337102: JITTester: Fix breaks in static initialization blocks
- JDK-8337681: PNGImageWriter uses much more memory than necessary
- JDK-8337795: Type annotation attached to incorrect type during class reading
- JDK-8337998: CompletionFailure in getEnclosingType attaching type annotations
- JDK-8339271: giflib attribution correction
- JDK-8339791: Refactor MiscUndecorated/ActiveAWTWindowTest.java
- JDK-8340024: In ClassReader, extract a constant for the superclass supertype_index
- JDK-8341779: [REDO BACKPORT] type annotations are not visible to javac plugins across compilation boundaries (JDK-8225377)
- JDK-8342175: MemoryEaterMT fails intermittently with ExceptionInInitializerError
- JDK-8343622: AesDkCrypto.stringToKey should not return null
- JDK-8345578: New test in JDK-8343622 fails with a promoted build
- JDK-8346048: test/lib/containers/docker/DockerRunOptions.java uses addJavaOpts() from ctor
- JDK-8346962: Test CRLReadTimeout.java fails with -Xcomp on a fastdebug build
- JDK-8347475: GTK: javax/swing/JColorChooser/Test8152419.java there are no swatches or RGB tab in JColorChooser
- JDK-8348014: Enhance certificate processing
- JDK-8349351: Combine Screen Inset Tests into a Single File
- JDK-8351359: OperatingSystemMXBean: values from getCpuLoad and getProcessCpuLoad are stale after 24.8 days (Windows)
- JDK-8351639: Improve debuggability of test/langtools/jdk/jshell/JdiHangingListenExecutionControlTest.java test
- JDK-8353755: Add a helper method to Util - findComponent()
- JDK-8354219: Automate javax/swing/JComboBox/ComboPopupBug.java
- JDK-8354893: [REDO BACKPORT] javac crashes while adding type annotations to the return type of a constructor (JDK-8320001)
- JDK-8355278: Improve debuggability of com/sun/jndi/ldap/LdapPoolTimeoutTest.java test
- JDK-8355632: WhiteBox.waitForReferenceProcessing() fails assert for return type
- JDK-8357277: Update OpenSSL library for interop tests
- JDK-8360406: [21u] Disable logic for attaching type annotations to class files until 8359336 is fixed
- JDK-8360539: DTLS handshakes fails due to improper cookie validation logic
- JDK-8361067: Test ExtraButtonDrag.java requires frame.dispose in finally block
- JDK-8361117: SIGSEGV in LShiftLNode::Ideal due to unexpected dead node
- JDK-8361530: Test javax/swing/GraphicsConfigNotifier/StalePreferredSize.java timed out
- JDK-8363950: Incorrect jtreg header in TestLayoutVsICU.java
- JDK-8364373: Transform Affine transformations
- JDK-8364465: Enhance behavior of some intrinsics
- JDK-8366694: Test JdbStopInNotificationThreadTest.java timed out after 60 second
- JDK-8366817: test/jdk/javax/net/ssl/TLSCommon/interop/JdkProcServer.java and JdkProcClient.java should not delete logs
- JDK-8366850: Test com/sun/jdi/JdbStopInNotificationThreadTest.java failed
- JDK-8366866: SslRMIClientSocketFactory#createSocket lacking priviledges (securitymanger)
- JDK-8366938: Test runtime/handshake/HandshakeTimeoutTest.java crashed
- JDK-8367135: Test compiler/loopstripmining/CheckLoopStripMining.java needs internal timeouts adjusted
- JDK-8367904: Test java/net/InetAddress/ptr/Lookup.java should throw SkippedException
- JDK-8368787: Error reporting: hs_err files should show instructions when referencing code in nmethods
- JDK-8368882: NPE during text drawing on machine with JP locale
- JDK-8368960: Adjust java UL logging in the build
- JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
- JDK-8369563: Gtest dll_address_to_function_and_library_name has issues with stripped pdb files
- JDK-8369575: Enhance crypto algorithm support
- JDK-8370529: Enhance Path Factories Redux
- JDK-8370579: PPC: fix inswri immediate argument order
- JDK-8370615: Improve Kerberos credentialing
- JDK-8370986: Enhance Zip file reading
- JDK-8370995: Enhance ZipFile usage
- JDK-8371103: vmTestbase/nsk/jvmti/scenarios/events/EM02/em02t006/TestDescription.java failing
- JDK-8371559: Intermittent timeouts in test javax/net/ssl/Stapling/HttpsUrlConnClient.java
- JDK-8371830: Enhance certificate chain validation
- JDK-8371935: Enhance key generation
- JDK-8371978: tools/jar/ReproducibleJar.java fails on XFS
- JDK-8372048: Performance improvement on Linux remote desktop
- JDK-8372465: Bump update version for OpenJDK: jdk-17.0.19
- JDK-8372756: Mouse additional buttons and horizontal scrolling are broken on XWayland GNOME >= 47 after JDK-8351907
- JDK-8372857: Improve debuggability of java/rmi/server/RemoteServer/AddrInUse.java test
- JDK-8372977: Unnecessary gthread-2.0 loading
- JDK-8373290: Update FreeType to 2.14.1
- JDK-8373476: (tz) Update Timezone Data to 2025c
- JDK-8373727: New XBM images parser regression: only the first line of the bitmap array is parsed
- JDK-8374056: RISC-V: Fix argument passing for the RiscvFlushIcache::flush
- JDK-8374209: [17u,21u] Backout JDK-8361748 due to JDK-8373727
- JDK-8374557: Enhance TLS connection handling
- JDK-8374642: EscapeHash macro fails with GNU make 4.3 and 4.4
- JDK-8375057: Update HarfBuzz to 12.3.2
- JDK-8375063: Update Libpng to 1.6.54
- JDK-8375530: PPC64: incorrect quick verify_method_data_pointer check causes poor performance in debug build
- JDK-8375549: ConcurrentModificationException if jdk.crypto.disabledAlgorithms has multiple entries with known oid
- JDK-8376251: [macos] java/awt/Frame/I18NTitle.java fails on MacOS (JDK-8355884)
- JDK-8376270: [21u, 17u] Redo JDK-8361748: Enforce limits on the size of an XBM image
- JDK-8377509: Add licenses for gcc 14.2.0
- JDK-8377526: Update Libpng to 1.6.55
- JDK-8377905: gcc.md included with every build
- JDK-8378218: MSYS2 reports cygwin triplet causing bash configure failure
- JDK-8378631: Update Zlib Data Compression Library to Version 1.3.2
- JDK-8378823: AIX build fails after zlib updated by JDK-8378631
- JDK-8379035: (tz) Update Timezone Data to 2026a
- JDK-8379158: Update FreeType to 2.14.2
- JDK-8379256: Update GIFlib to 6.1.1
- JDK-8380078: Update GIFlib to 6.1.2
- JDK-8380959: Update Libpng to 1.6.56
- JDK-8382047: Update Libpng to 1.6.57
Notes on individual issues:
===========================
tools/javac:
JDK-8341779: Type annotations are not visible to javac plugins across compilation boundaries
============================================================================================
`TypeMirror` now provides access to annotations for types loaded from
bytecode. Programs that relied on annotations not being present in
loaded bytecode need to be updated to handle them.
core-libs/java.util.jar:
JDK-7036144: GZIPInputStream readTrailer uses faulty available() test for end-of-stream
=======================================================================================
`GZipInputStream`'s `read` methods will now check for a GZIP stream
header in additional data in the internal `InputStream`, instead of
using InputStream.available().
security-libs/javax.net.ssl:
JDK-8328608: Multiple NewSessionTicket support for TLS
======================================================
This JDK version introduces a new system property,
`jdk.tls.server.newSessionTicketCount`. It can be used to set the
number of TLSv1.3 resumption tickets sent per session by a JSSE
server. The default is 1 and the valid range is [0, 10].
See also "Customizing JSSE" at
https://docs.oracle.com/en/java/javase/24/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-A41282C3-19A3-400A-A40F-86F4DA22ABA9
JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
===============================================================================
In accordance with similar plans recently announced by Google and
Mozilla, the JDK will not trust Transport Layer Security (TLS)
certificates issued after the 17th of March 2026 which are anchored by
Chungwa root certificates.
Certificates issued on or before the 17th of March, 2026 will continue
to be trusted until they expire.
If a server's certificate chain is anchored by an affected
certificate, attempts to negotiate a TLS session will fail with an
Exception that indicates the trust anchor is not trusted. For example,
"TLS server certificate issued after 2026-03-17 and anchored by a
distrusted legacy Chungwa root CA: OU=ePKI Root Certification
Authority, O="Chunghwa Telecom Co.", Ltd. C=TW"
To check whether a certificate in a JDK keystore is affected by this
change, you can the `keytool` utility:
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
If any of the certificates in the chain are affected by this change,
then you will need to update the certificate or contact the
organisation responsible for managing the certificate.
These restrictions apply to the following Chungwa root certificates
included in the JDK:
Alias name: chunghwaepkirootca
OU=ePKI Root Certification Authority
O="Chunghwa Telecom Co., Ltd."
C=TW
SHA256:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so "CHUNGWA_TLS" is no
longer listed in the `jdk.security.caDistrustPolicies` security
property.
security-libs/java.security:
JDK-8244336: Restrict algorithms at JCE layer
=============================================
The `java.security` file defines a new security property,
`jdk.crypto.disabledAlgorithms` that can be used to disable JCE/JCA
cryptographic services algorithms. For now, no algorithms are disabled
by default. Applications can set a system property of the same name to
override security property's value.
See also "Disabled and Restricted Cryptographic Algorithms" at
https://docs.oracle.com/en/java/javase/26/security/java-secure-socket-extension-jsse-reference-guide.html#GUID-0A438179-32A7-4900-A81C-29E3073E1E90
New in release OpenJDK 17.0.18 (2026-01-20):
============================================
Live versions of these release notes can be found at:

View File

@ -512,7 +512,7 @@ index db56dfcd505..07e34e95c05 100644
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
index a020e1c15d8..3c064965e82 100644
index 33172288ba3..de1ee6fd7a1 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -31,6 +31,7 @@ import java.security.SecureRandom;
@ -534,10 +534,16 @@ index a020e1c15d8..3c064965e82 100644
@java.io.Serial
private static final long serialVersionUID = 6812507587804302833L;
@@ -143,285 +148,287 @@ public final class SunJCE extends Provider {
@@ -143,288 +148,290 @@ public final class SunJCE extends Provider {
void putEntries() {
// reuse attribute map and reset before each reuse
HashMap<String, String> attrs = new HashMap<>(3);
- attrs.put("SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
- ps("Signature", "NONEwithRSA",
- "com.sun.crypto.provider.RSACipherAdaptor", null, attrs);
- // continue adding cipher specific attributes
- attrs.put("SupportedModes", "ECB");
- attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
- + "|OAEPWITHMD5ANDMGF1PADDING"
@ -549,9 +555,6 @@ index a020e1c15d8..3c064965e82 100644
- + "|OAEPWITHSHA-512ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
- attrs.put("SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
- ps("Cipher", "RSA",
- "com.sun.crypto.provider.RSACipher", null, attrs);
-
@ -818,6 +821,12 @@ index a020e1c15d8..3c064965e82 100644
- "com.sun.crypto.provider.DHKeyPairGenerator",
- null);
+ if (!systemFipsEnabled) {
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+ ps("Signature", "NONEwithRSA",
+ "com.sun.crypto.provider.RSACipherAdaptor", null, attrs);
+ // continue adding cipher specific attributes
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ + "|OAEPWITHMD5ANDMGF1PADDING"
@ -829,9 +838,6 @@ index a020e1c15d8..3c064965e82 100644
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+ ps("Cipher", "RSA",
+ "com.sun.crypto.provider.RSACipher", null, attrs);
+
@ -1101,7 +1107,7 @@ index a020e1c15d8..3c064965e82 100644
/*
* Algorithm parameter generation engines
@@ -430,15 +437,17 @@ public final class SunJCE extends Provider {
@@ -433,15 +440,17 @@ public final class SunJCE extends Provider {
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
null);
@ -1128,7 +1134,7 @@ index a020e1c15d8..3c064965e82 100644
/*
* Algorithm Parameter engines
@@ -610,118 +619,120 @@ public final class SunJCE extends Provider {
@@ -613,118 +622,120 @@ public final class SunJCE extends Provider {
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
@ -2508,7 +2514,7 @@ index 00000000000..dc8bc72fccb
+ }
+}
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 50944836820..9391ad0d798 100644
index cd6407ceffc..2c14cf189a1 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -82,6 +82,17 @@ security.provider.tbd=Apple
@ -2603,7 +2609,7 @@ index 00000000000..6de716e6b42
+nssDbMode = readWrite
+nssModule = fips
+
+attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
+attributes(*,CKO_SECRET_KEY,*)={ CKA_SIGN=true CKA_ENCRYPT=true }
+
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
index 9bd5dd53bd3..d1eba14c252 100644
@ -4072,7 +4078,7 @@ index cabee449346..72b64f72c0a 100644
// empty
}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index 00fbbcfe07c..b5a30c6da4e 100644
index 19f89ad5f38..a55c890b93d 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
@ -4411,7 +4417,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
d(SIG, "RawDSA", P11Signature,
List.of("NONEwithDSA"),
m(CKM_DSA));
@@ -1120,9 +1332,21 @@ public final class SunPKCS11 extends AuthProvider {
@@ -1122,9 +1334,21 @@ public final class SunPKCS11 extends AuthProvider {
continue;
}
boolean allowLegacy = config.getAllowLegacy();
@ -4433,7 +4439,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
// assume full support if no mech info available
if (!allowLegacy && mechInfo != null) {
@@ -1211,11 +1435,52 @@ public final class SunPKCS11 extends AuthProvider {
@@ -1213,11 +1437,52 @@ public final class SunPKCS11 extends AuthProvider {
}
@Override
@ -4486,7 +4492,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
try {
return newInstance0(param);
} catch (PKCS11Exception e) {
@@ -1235,6 +1500,8 @@ public final class SunPKCS11 extends AuthProvider {
@@ -1237,6 +1502,8 @@ public final class SunPKCS11 extends AuthProvider {
} else if (algorithm.endsWith("GCM/NoPadding") ||
algorithm.startsWith("ChaCha20-Poly1305")) {
return new P11AEADCipher(token, algorithm, mechanism);
@ -4495,7 +4501,7 @@ index 00fbbcfe07c..b5a30c6da4e 100644
} else {
return new P11Cipher(token, algorithm, mechanism);
}
@@ -1570,6 +1837,9 @@ public final class SunPKCS11 extends AuthProvider {
@@ -1574,6 +1841,9 @@ public final class SunPKCS11 extends AuthProvider {
try {
session = token.getOpSession();
p11.C_Logout(session.id());

View File

@ -315,7 +315,7 @@
# New Version-String scheme-style defines
%global featurever 17
%global interimver 0
%global updatever 18
%global updatever 19
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
@ -365,7 +365,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver e1780dd5d39
%global fipsver 62c0f885e30
# Define JDK versions
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
@ -379,8 +379,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
%global rpmrelease 2
%global buildver 10
%global rpmrelease 1
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@ -753,19 +753,19 @@ BuildRequires: libpng-devel
BuildRequires: zlib-devel
%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.13.3
Provides: bundled(freetype) = 2.14.2
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2
Provides: bundled(giflib) = 6.1.2
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 11.2.0
Provides: bundled(harfbuzz) = 12.3.2
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.17.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.51
Provides: bundled(libpng) = 1.6.57
# Version in src/java.base/share/native/libzip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
Provides: bundled(zlib) = 1.3.2
# We link statically against libstdc++ to increase portability
BuildRequires: libstdc++-static
%endif
@ -1838,13 +1838,36 @@ done
%endif
%changelog
* Fri Apr 17 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.19.0.10-1
- Set fipsver to 62c0f885e30
* Thu Apr 16 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.19.0.10-1
- Update to jdk-17.0.19+10 (GA)
- Add to .gitignore openjdk-17.0.19+10.tar.xz
- Set updatever to 19
- Set buildver to 10
- Set rpmrelease to 1
- Update sources to openjdk-17.0.19+10.tar.xz
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Set bundled freetype library version to 2.14.2
- Set bundled giflib library version to 6.1.2
- Set bundled harfbuzz library version to 12.3.2
- Set bundled libpng library version to 1.6.57
- Set bundled zlib library version to 1.3.2
- Update NEWS for jdk-17.0.19+10 (GA)
* Wed Feb 11 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.18.0.8-2
- Add test to ensure blocked.certs is valid (OPENJDK-4362)
- Handle 'upgrade' as an alternative to 'update' in openjdk_news.sh
- Add gating scripts to simplify obtaining results and waiving issues
- Remove 8.2.0-z from tag_rhel_8_public.sh and tag_rhel_8_embargoed.sh
- Resolves: RHEL-149327
- Related: RHEL-151197
* Wed Feb 11 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.18.0.8-2
- Set rpmrelease to 2
- Set fipsver to e1780dd5d39
- Resolves: RHEL-122136
* Fri Jan 16 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.18.0.8-1
- Update to jdk-17.0.18+8 (GA)
@ -1862,7 +1885,10 @@ done
- Set buildver to 7
- Set is_ga to 0
- Update sources to openjdk-17.0.18+7-ea.tar.xz
- Resolves: RHEL-139552
- Set bundled libpng version to 1.6.51
- Resolves: RHEL-131590
- Resolves: RHEL-131601
- Adjust attributes in nss.fips.cfg.in in fips-17u-df4c415ac9a.patch
- Related: OPENJDK-4013
- Related: RHEL-122136

View File

@ -328,7 +328,7 @@
# New Version-String scheme-style defines
%global featurever 17
%global interimver 0
%global updatever 18
%global updatever 19
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
@ -368,7 +368,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver e1780dd5d39
%global fipsver 62c0f885e30
%global javaver %{featurever}
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
@ -383,8 +383,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8
%global rpmrelease 2
%global buildver 10
%global rpmrelease 1
# Settings used by the portable build
%global portablerelease 2
# Portable suffix differs between RHEL and CentOS
@ -1137,8 +1137,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
# 2025b required as of JDK-8352716
Requires: tzdata-java >= 2025b
# 2026a required as of JDK-8379035
Requires: tzdata-java >= 2026a
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@ -1470,8 +1470,8 @@ BuildRequires: java-%{featurever}-openjdk-portable-misc = %{epoch}:%{version}-%{
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
# 2025b required as of JDK-8352716
BuildRequires: tzdata-java >= 2025b
# 2026a required as of JDK-8379035
BuildRequires: tzdata-java >= 2026a
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@ -1490,19 +1490,19 @@ BuildRequires: libpng-devel
BuildRequires: zlib-devel
%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.13.3
Provides: bundled(freetype) = 2.14.2
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2
Provides: bundled(giflib) = 6.1.2
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 11.2.0
Provides: bundled(harfbuzz) = 12.3.2
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.17.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.51
Provides: bundled(libpng) = 1.6.57
# Version in src/java.base/share/native/libzip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
Provides: bundled(zlib) = 1.3.2
%endif
# this is always built, also during debug-only build
@ -2512,6 +2512,31 @@ cjc.mainProgram(args)
%endif
%changelog
* Thu Apr 16 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.19.0.10-1
- Update to jdk-17.0.19+10 (GA)
- Add to .gitignore openjdk-17.0.19+10.tar.xz
- Set updatever to 19
- Set buildver to 10
- Set rpmrelease to 1
- Update sources to openjdk-17.0.19+10.tar.xz
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Set tzdata requires and build requires to 2026a
- Set bundled freetype library version to 2.14.2
- Set bundled giflib library version to 6.1.2
- Set bundled harfbuzz library version to 12.3.2
- Set bundled libpng library version to 1.6.57
- Set bundled zlib library version to 1.3.2
- Set fipsver to 62c0f885e30
- Sync NEWS from openjdk-portable-rhel-8
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8
- Resolves: RHEL-133292
- Resolves: RHEL-147350
- Resolves: RHEL-148408
- Resolves: RHEL-148987
- Resolves: RHEL-161296
- Resolves: RHEL-161445
- Resolves: RHEL-157135
* Thu Feb 12 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:17.0.18.0.8-2
- Set portablerelease to 2
- Remove test to ensure blocked.certs is valid, done in portable

View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-17.0.18+8.tar.xz) = 71b499f76b4ec42836a45a102f202fb5384c3bfb440d94afad004d4c8e9346298f5c557f16c409a27e6d347930eeae838e43d94c226c5938da008e7ee98db0ff
SHA512 (openjdk-17.0.19+10.tar.xz) = a905a9689363d4f0d0ff8e1ddf79a605209c5ec65d0858f3bb4b9ddcb3ffa0354c75fd4660323204957b58913c831a79b78dcd7615358b8135f38fc1c2d4c3bb