October CPU 2021 update
This commit is contained in:
parent
2891e38fa2
commit
fb48b1ebd8
1
.gitignore
vendored
1
.gitignore
vendored
@ -18,3 +18,4 @@
|
|||||||
/openjdk-jdk17-jdk-17+26.tar.xz
|
/openjdk-jdk17-jdk-17+26.tar.xz
|
||||||
/openjdk-jdk17-jdk-17+33.tar.xz
|
/openjdk-jdk17-jdk-17+33.tar.xz
|
||||||
/openjdk-jdk17-jdk-17+35.tar.xz
|
/openjdk-jdk17-jdk-17+35.tar.xz
|
||||||
|
/openjdk-jdk17u-jdk-17.0.1+12.tar.xz
|
||||||
|
91
NEWS
91
NEWS
@ -3,6 +3,97 @@ Key:
|
|||||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||||
|
|
||||||
|
New in release OpenJDK 17.0.1 (2021-10-19):
|
||||||
|
===========================================
|
||||||
|
Live versions of these release notes can be found at:
|
||||||
|
* https://builds.shipilev.net/backports-monitor/release-notes-17.0.1.txt
|
||||||
|
|
||||||
|
* Security fixes
|
||||||
|
- JDK-8263314: Enhance XML Dsig modes
|
||||||
|
- JDK-8265167, CVE-2021-35556: Richer Text Editors
|
||||||
|
- JDK-8265574: Improve handling of sheets
|
||||||
|
- JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
|
||||||
|
- JDK-8265776: Improve Stream handling for SSL
|
||||||
|
- JDK-8266097, CVE-2021-35561: Better hashing support
|
||||||
|
- JDK-8266103: Better specified spec values
|
||||||
|
- JDK-8266109: More Resilient Classloading
|
||||||
|
- JDK-8266115: More Manifest Jar Loading
|
||||||
|
- JDK-8266137, CVE-2021-35564: Improve Keystore integrity
|
||||||
|
- JDK-8266689, CVE-2021-35567: More Constrained Delegation
|
||||||
|
- JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
|
||||||
|
- JDK-8267712: Better LDAP reference processing
|
||||||
|
- JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
|
||||||
|
- JDK-8267735, CVE-2021-35586: Better BMP support
|
||||||
|
- JDK-8268193: Improve requests of certificates
|
||||||
|
- JDK-8268199: Correct certificate requests
|
||||||
|
- JDK-8268205: Enhance DTLS client handshake
|
||||||
|
- JDK-8268500: Better specified ParameterSpecs
|
||||||
|
- JDK-8268506: More Manifest Digests
|
||||||
|
- JDK-8269618, CVE-2021-35603: Better session identification
|
||||||
|
- JDK-8269624: Enhance method selection support
|
||||||
|
- JDK-8270398: Enhance canonicalization
|
||||||
|
- JDK-8270404: Better canonicalization
|
||||||
|
* Other changes
|
||||||
|
- JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
|
||||||
|
- JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
|
||||||
|
- JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
|
||||||
|
- JDK-8261088: Repeatable annotations without @Target cannot have containers that target module declarations
|
||||||
|
- JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
|
||||||
|
- JDK-8263531: Remove unused buffer int
|
||||||
|
- JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java
|
||||||
|
- JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
|
||||||
|
- JDK-8267666: Add option to jcmd GC.heap_dump to use existing file
|
||||||
|
- JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected
|
||||||
|
- JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info.
|
||||||
|
- JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance
|
||||||
|
- JDK-8268963: [IR Framework] Some default regexes matching on PrintOptoAssembly in IRNode.java do not work on all platforms
|
||||||
|
- JDK-8269297: Bump version numbers for JDK 17.0.1
|
||||||
|
- JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient
|
||||||
|
- JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
|
||||||
|
- JDK-8269763: The JEditorPane is blank after JDK-8265167
|
||||||
|
- JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
|
||||||
|
- JDK-8269882: stack-use-after-scope in NewObjectA
|
||||||
|
- JDK-8269897: Shenandoah: Resolve UNKNOWN access strength, where possible
|
||||||
|
- JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
|
||||||
|
- JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags
|
||||||
|
- JDK-8270094: Shenandoah: Provide human-readable labels for test configurations
|
||||||
|
- JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode
|
||||||
|
- JDK-8270098: ZGC: ZBarrierSetC2::clone_at_expansion fails with "Guard against surprises" assert
|
||||||
|
- JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
|
||||||
|
- JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
|
||||||
|
- JDK-8270344: Session resumption errors
|
||||||
|
- JDK-8271203: C2: assert(iff->Opcode() == Op_If || iff->Opcode() == Op_CountedLoopEnd || iff->Opcode() == Op_RangeCheck) failed: Check this code when new subtype is added
|
||||||
|
- JDK-8271276: C2: Wrong JVM state used for receiver null check
|
||||||
|
- JDK-8271335: Updating RE Configs for BUILD REQUEST 17.0.1+4
|
||||||
|
- JDK-8271589: fatal error with variable shift count integer rotate operation.
|
||||||
|
- JDK-8271723: Unproblemlist runtime/InvocationTests/invokevirtualTests.java
|
||||||
|
- JDK-8271730: Client authentication using RSASSA-PSS fails after correct certificate requests
|
||||||
|
- JDK-8271925: ZGC: Arraycopy stub passes invalid oop to load barrier
|
||||||
|
- JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
|
||||||
|
- JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
|
||||||
|
- JDK-8272326: java/util/Random/RandomTestMoments.java had two Gaussian fails
|
||||||
|
- JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790
|
||||||
|
- JDK-8272472: StackGuardPages test doesn't build with glibc 2.34
|
||||||
|
- JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182
|
||||||
|
- JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used
|
||||||
|
- JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848
|
||||||
|
- JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
|
||||||
|
- JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed
|
||||||
|
- JDK-8273358: macOS Monterey does not have the font Times needed by Serif
|
||||||
|
|
||||||
|
Notes on individual issues:
|
||||||
|
===========================
|
||||||
|
|
||||||
|
security-libs/java.security:
|
||||||
|
|
||||||
|
JDK-8271434: Removed IdenTrust Root Certificate
|
||||||
|
===============================================
|
||||||
|
The following root certificate from IdenTrust has been removed from
|
||||||
|
the `cacerts` keystore:
|
||||||
|
|
||||||
|
Alias Name: identrustdstx3 [jdk]
|
||||||
|
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
|
||||||
|
|
||||||
New in release OpenJDK 17.0.0 (2021-09-14):
|
New in release OpenJDK 17.0.0 (2021-09-14):
|
||||||
===========================================
|
===========================================
|
||||||
The full list of changes in the interim releases from 11u to 17u can be found at:
|
The full list of changes in the interim releases from 11u to 17u can be found at:
|
||||||
|
@ -274,7 +274,7 @@
|
|||||||
# New Version-String scheme-style defines
|
# New Version-String scheme-style defines
|
||||||
%global featurever 17
|
%global featurever 17
|
||||||
%global interimver 0
|
%global interimver 0
|
||||||
%global updatever 0
|
%global updatever 1
|
||||||
%global patchver 0
|
%global patchver 0
|
||||||
# If you bump featurever, you must also bump vendor_version_string
|
# If you bump featurever, you must also bump vendor_version_string
|
||||||
# Used via new version scheme. JDK 17 was
|
# Used via new version scheme. JDK 17 was
|
||||||
@ -297,8 +297,8 @@
|
|||||||
%global origin_nice OpenJDK
|
%global origin_nice OpenJDK
|
||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||||
%global buildver 35
|
%global buildver 12
|
||||||
%global rpmrelease 5
|
%global rpmrelease 1
|
||||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
||||||
@ -1109,8 +1109,7 @@ URL: http://openjdk.java.net/
|
|||||||
|
|
||||||
# to regenerate source0 (jdk) run update_package.sh
|
# to regenerate source0 (jdk) run update_package.sh
|
||||||
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
|
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
|
||||||
Source0: openjdk-jdk%{featurever}-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
|
Source0: openjdk-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz
|
||||||
#Source0: openjdk-jdk%{featurever}-jdk-%{filever}+%{buildver}.tar.xz
|
|
||||||
|
|
||||||
# Use 'icedtea_sync.sh' to update the following
|
# Use 'icedtea_sync.sh' to update the following
|
||||||
# They are based on code contained in the IcedTea project (3.x).
|
# They are based on code contained in the IcedTea project (3.x).
|
||||||
@ -2277,6 +2276,10 @@ cjc.mainProgram(args)
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 20 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-1.rolling
|
||||||
|
- October CPU update to jdk 17.0.1+12
|
||||||
|
- dropped commented-out source line
|
||||||
|
|
||||||
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5.rolling
|
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.0.0.35-5.rolling
|
||||||
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
|
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
|
||||||
|
|
||||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
|
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
|
||||||
SHA512 (openjdk-jdk17-jdk-17+35.tar.xz) = 51f533812219e732f74fd77a19df0e82ecf11a3341d958cf9cb0438350805118a4852ddbbeccce374f96c7b12c80c410435cdcd9e3f576497a7deb6f72e17c69
|
SHA512 (openjdk-jdk17u-jdk-17.0.1+12.tar.xz) = d9503de1001e42657ddb2600e1141d4169e333f0592ce3ad3c4ce14f817ca73a6bf6fb867e15930150c7b55e8fd4c4cd73d43984979e721df481a9ac7919580c
|
||||||
|
Loading…
Reference in New Issue
Block a user