Update to jdk-25.0.1+8 (GA)

- Update release notes to 25.0.1+8

Resolves: RHEL-126022

.gitignore

@@ -42,3 +42,4 @@
 /openjdk-23.0.2+7.tar.xz
 /openjdk-24.0.2+12.tar.xz
 /openjdk-25+36.tar.xz
+/openjdk-25.0.1+8.tar.xz

NEWS

@@ -3,6 +3,95 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
+New in release OpenJDK 25.0.1 (2025-10-21):
+===========================================
+
+* CVEs
+  - CVE-2025-53057
+  - CVE-2025-53066
+  - CVE-2025-61748
+* Changes
+  - JDK-8315131: Clarify VarHandle set/get access on 32-bit platforms
+  - JDK-8352637: Enhance bytecode verification
+  - JDK-8356294: Enhance Path Factories
+  - JDK-8356587: Missing object ID X in pool jdk.types.Method
+  - JDK-8357826: Avoid running some jtreg tests when asan is configured
+  - JDK-8358452: JNI exception pending in Java_sun_awt_screencast_ScreencastHelper_remoteDesktopKeyImpl of screencast_pipewire.c:1214 (ID: 51119)
+  - JDK-8358577: Test serviceability/jvmti/thread/GetCurrentContendedMonitor/contmon01/contmon01.java failed: unexpexcted monitor object
+  - JDK-8358819: The first year is not displayed correctly in Japanese Calendar
+  - JDK-8359059: Bump version numbers for 25.0.1
+  - JDK-8359218: RISC-V: Only enable CRC32 intrinsic when AvoidUnalignedAccess == false
+  - JDK-8359270: C2: alignment check should consider base offset when emitting arraycopy runtime call
+  - JDK-8359454: Enhance String handling
+  - JDK-8359596: Behavior change when both -Xlint:options and -Xlint:-options flags are given
+  - JDK-8360179: RISC-V: Only enable BigInteger intrinsics when AvoidUnalignedAccess == false
+  - JDK-8360533: ContainerRuntimeVersionTestUtils fromVersionString fails with some docker versions
+  - JDK-8360647: [XWayland] [OL10] NumPad keys are not triggered
+  - JDK-8360679: Shenandoah: AOT saved adapter calls into broken GC barrier stub
+  - JDK-8360937: Enhance certificate handling
+  - JDK-8361212: Remove AffirmTrust root CAs
+  - JDK-8361532: RISC-V: Several vector tests fail after JDK-8354383
+  - JDK-8361829: [TESTBUG] RISC-V: compiler/vectorization/runner/BasicIntOpTest.java fails with RVV but not Zvbb
+  - JDK-8362109: Change milestone to fcs for all releases
+  - JDK-8362882: Update SubmissionPublisher() specification to reflect use of ForkJoinPool.asyncCommonPool()
+  - JDK-8366223: ZGC: ZPageAllocator::cleanup_failed_commit_multi_partition is broken
+  - JDK-8367031: [backout] Change java.time month/day field types to 'byte'
+  - JDK-8368308: ISO 4217 Amendment 180 Update
+
+Notes on individual issues:
+===========================
+
+core-libs/java.io:serialization:
+
+JDK-8367031: [backout] Change java.time month/day field types to 'byte'
+=======================================================================
+In the initial release of OpenJDK 25, attempting to read serialised
+Class objects created by earlier versions of OpenJDK for several of
+the `java.time` classes would fail with a
+`InvalidClassException`. Similarly, `java.time` Class objects
+serialised with OpenJDK 25 could not be read by older OpenJDK
+versions.  This was due to the type of the day and month fields in
+these classes being changed to `byte`. This change has now been
+reverted and compatibility between OpenJDK 25 and older versions
+restored.
+
+Note that this incompatibility occurred with the `Class` object and
+not an instance of the object i.e. `writeObject(LocalDate.class)`
+would produce incompatible serialised data, but
+`writeObject(LocalDate.now())` would not.
+
+security-libs/java.security:
+
+JDK-8361212: Remove AffirmTrust root CAs
+========================================
+The following root certificates from AffirmTrust, which were
+deactivated in the 21.0.5 release of October 2024, have been removed
+from the `cacerts` keystore:
+
+Alias name: affirmtrustcommercialca [jdk]
+CN=AffirmTrust Commercial
+O=AffirmTrust
+C=US
+SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7
+
+Alias name: affirmtrustnetworkingca [jdk]
+CN=AffirmTrust Networking
+O=AffirmTrust
+C=US
+SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B
+
+Alias name: affirmtrustpremiumca [jdk]
+CN=AffirmTrust Premium
+O=AffirmTrust
+C=US
+SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A
+
+Alias name: affirmtrustpremiumeccca [jdk]
+CN=AffirmTrust Premium ECC
+O=AffirmTrust
+C=US
+SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23
+
 New in release OpenJDK 25.0.0 (2025-09-16):
 ===========================================
 Major changes are listed below.  Some changes may have been backported

java-25-openjdk.spec

@@ -316,7 +316,7 @@
 # New Version-String scheme-style defines
 %global featurever 25
 %global interimver 0
-%global updatever 0
+%global updatever 1
 %global patchver 0
 # We don't add any LTS designator for STS packages (Fedora and EPEL).
 # We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined.
@@ -375,10 +375,10 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{vcstag}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        36
+%global buildver        8
 %global rpmrelease      1
 # Settings used by the portable build
-%global portablerelease 2
+%global portablerelease 1
 # Portable suffix differs between RHEL and CentOS
 %if 0%{?centos} == 0
 %global portablerhel %{?pkgos:7_9}%{!?pkgos:8}
@@ -2553,11 +2553,12 @@ exit 0
 %endif
 
 %changelog
-* Sun Nov 09 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.0.0.36-1
+* Mon Nov 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-1
 - Create java-25-openjdk package based on java-21-openjdk
-- Update to jdk-25.0.0+36 (GA)
+- Update to jdk-25.0.1+8 (GA)
 - Update release notes with features of JDK 22, 23, 24 & 25
 - Mention finalisation JEP for features finalised in JDK 22, 23 & 24
+- Update release notes to 25.0.1+8
 - Update README file for java-25-openjdk
 - Make sure this is not the default/system JDK providing 'java', 'jre', 'java-devel' ,etc.
 - Remove 21u FIPS patch and disable use until we are ready for the 25 version
@@ -2582,4 +2583,4 @@ exit 0
 - Add recent native libraries to _privatelibs (libjsvml.so, libsimdsort.so, libsyslookup.so)
 - Support libsleef on AArch64 & RISC-V added by JDK-8329816, JDK-8320500 (RISC-V) & JDK-8312425 (AArch64)
 - Sync the copy of the portable specfile with the latest update
-- Related: RHEL-126022
+- Resolves: RHEL-126022

sources

@@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-25+36.tar.xz) = 062f55acdcccb32dd62377dce9573a70b0535312f2f69cb660be1d321b52ad3e24ef9c333055434b19e6fedb94dd5a1408addfb7e5f47d36664587ab1c12a22b
+SHA512 (openjdk-25.0.1+8.tar.xz) = eb84d876f81ca02803283e8294c89b6acbed3753426811c3bcc228615c9618deefc85da4aa702800cac2feb103e628ee8b92292b316e9d7e12a58b6de69c5085