diff --git a/.gitignore b/.gitignore index 35138ce..e7d6d38 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz +SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b01-4curve.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index ce1ddd8..a3203e8 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -11e3bf44f3c54d25e2018fc7df16c231daf041c5 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b08-4curve.tar.xz +530cbd11e7e26a8f38fe26dbffc405c55d526808 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b01-4curve.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 08b5588..4d9ea45 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,45 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u362 (2022-01-17): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u362 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u362.html + +* Other changes + - JDK-8054066: com/sun/jdi/DoubleAgentTest.java fails with timeout + - JDK-8067941: [TESTBUG] Fix tests for OS with 64K page size. + - JDK-8071530: Update OS detection code to reflect Windows 10 version change + - JDK-8148005: One byte may be corrupted by get_datetime_string() + - JDK-8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 + - JDK-8206456: [TESTBUG] docker jtreg tests fail on systems without cpuset.effective_cpus / cpuset.effective_mems + - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn + - JDK-8265527: tools/javac/diags/CheckExamples.java fails after JDK-8078024 8u backport + - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0 + - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity + - JDK-8273176: handle latest VS2019 in abstract_vm_version + - JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening + - JDK-8274840: Update OS detection code to recognize Windows 11 + - JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode + - JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041) + - JDK-8292762: Remove .jcheck directories from jdk8u subcomponents + - JDK-8293181: Bump update version of OpenJDK: 8u362 + - JDK-8293461: Add a test for JDK-8290832 + - JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening + - JDK-8294863: Enable partial tier1 testing in GHA for JDK8 + - JDK-8295164: JDK 8 jdi tests should not use tasklist command on Windows + +Notes on individual issues: +=========================== + +hotspot/runtime: + +JDK-8274840: Release Now Recognises Windows 11 +============================================== +This release now correctly sets the `os.name` property to `Windows +11`, as would be expected. + New in release OpenJDK 8u352 (2022-10-18): =========================================== Live versions of these release notes can be found at: @@ -108,6 +147,19 @@ change might only impact existing code that would depend on PhantomReference being enqueued rather than when the referent be freed from the heap. +core-libs/java.net: + +JDK-8286918: Better HttpServer service +====================================== +The HttpServer can be optionally configured with a maximum connection +limit by setting the jdk.httpserver.maxConnections system property. A +value of 0 or a negative integer is ignored and considered to +represent no connection limit. In the case of a positive integer +value, any newly accepted connections will be first checked against +the current count of established connections and, if the configured +limit has been reached, then the newly accepted connection will be +closed immediately. + security-libs/javax.net.ssl: JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles diff --git a/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch b/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch deleted file mode 100644 index ddab642..0000000 --- a/SOURCES/jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch +++ /dev/null @@ -1,125 +0,0 @@ -# HG changeset patch -# User mbalao -# Date 1529971845 -28800 -# Tue Jun 26 08:10:45 2018 +0800 -# Node ID e9c20b7250cd98d16a67f2a30b34284c2caa01dc -# Parent 9f1aa2e38d90dd60522237d7414af6bdcf03c4ff -8195607, PR3776: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 -Reviewed-by: valeriep, weijun - -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java -@@ -197,7 +197,7 @@ - - if (configDir != null) { - String configDirPath = null; -- String sqlPrefix = "sql:/"; -+ String sqlPrefix = "sql:"; - if (!configDir.startsWith(sqlPrefix)) { - configDirPath = configDir; - } else { -diff --git openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c ---- openjdk.orig/jdk/src/share/native/sun/security/pkcs11/j2secmod.c -+++ openjdk/jdk/src/share/native/sun/security/pkcs11/j2secmod.c -@@ -69,9 +69,14 @@ - int res = 0; - FPTR_Initialize initialize = - (FPTR_Initialize)findFunction(env, jHandle, "NSS_Initialize"); -+ #ifdef SECMOD_DEBUG -+ FPTR_GetError getError = -+ (FPTR_GetError)findFunction(env, jHandle, "PORT_GetError"); -+ #endif // SECMOD_DEBUG - unsigned int flags = 0x00; - const char *configDir = NULL; - const char *functionName = NULL; -+ const char *configFile = NULL; - - /* If we cannot initialize, exit now */ - if (initialize == NULL) { -@@ -97,13 +102,18 @@ - flags = 0x20; // NSS_INIT_OPTIMIZESPACE flag - } - -+ configFile = "secmod.db"; -+ if (configDir != NULL && strncmp("sql:", configDir, 4U) == 0) { -+ configFile = "pkcs11.txt"; -+ } -+ - /* - * If the NSS_Init function is requested then call NSS_Initialize to - * open the Cert, Key and Security Module databases, read only. - */ - if (strcmp("NSS_Init", functionName) == 0) { - flags = flags | 0x01; // NSS_INIT_READONLY flag -- res = initialize(configDir, "", "", "secmod.db", flags); -+ res = initialize(configDir, "", "", configFile, flags); - - /* - * If the NSS_InitReadWrite function is requested then call -@@ -111,7 +121,7 @@ - * read/write. - */ - } else if (strcmp("NSS_InitReadWrite", functionName) == 0) { -- res = initialize(configDir, "", "", "secmod.db", flags); -+ res = initialize(configDir, "", "", configFile, flags); - - /* - * If the NSS_NoDB_Init function is requested then call -@@ -137,6 +147,13 @@ - (*env)->ReleaseStringUTFChars(env, jConfigDir, configDir); - } - dprintf1("-res: %d\n", res); -+ #ifdef SECMOD_DEBUG -+ if (res == -1) { -+ if (getError != NULL) { -+ dprintf1("-NSS error: %d\n", getError()); -+ } -+ } -+ #endif // SECMOD_DEBUG - - return (res == 0) ? JNI_TRUE : JNI_FALSE; - } -diff --git openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h ---- openjdk.orig/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h -+++ openjdk/jdk/src/solaris/native/sun/security/pkcs11/j2secmod_md.h -@@ -34,6 +34,10 @@ - const char *certPrefix, const char *keyPrefix, - const char *secmodName, unsigned int flags); - -+#ifdef SECMOD_DEBUG -+typedef int (*FPTR_GetError)(void); -+#endif //SECMOD_DEBUG -+ - // in secmod.h - //extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent, - // PRBool recurse); -diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/pkcs11.txt -@@ -0,0 +1,4 @@ -+library= -+name=NSS Internal PKCS #11 Module -+parameters=configdir='sql:./tmpdb' certPrefix='' keyPrefix='' secmod='' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' -+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30}) -diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java ---- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java -+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java -@@ -55,7 +55,7 @@ - - DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb"; - if (useSqlite) { -- System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR); -+ System.setProperty("pkcs11test.nss.db", "sql:" + DBDIR); - } else { - System.setProperty("pkcs11test.nss.db", DBDIR); - } -@@ -67,6 +67,7 @@ - if (useSqlite) { - copyFile("key4.db", BASE, DBDIR); - copyFile("cert9.db", BASE, DBDIR); -+ copyFile("pkcs11.txt", BASE, DBDIR); - } else { - copyFile("secmod.db", BASE, DBDIR); - copyFile("key3.db", BASE, DBDIR); diff --git a/SOURCES/jdk8255559-rh2124390-file_descriptor_leak.patch b/SOURCES/jdk8255559-rh2124390-file_descriptor_leak.patch new file mode 100644 index 0000000..1fbe38f --- /dev/null +++ b/SOURCES/jdk8255559-rh2124390-file_descriptor_leak.patch @@ -0,0 +1,82 @@ +commit db11331cd62ad8bc4f5454c33a42280f419909d2 +Author: Andrew John Hughes +Date: Wed Nov 9 15:49:09 2022 +0000 + + Backport d53072236c503295b893efa6372c869ac84fa688 + +diff --git a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java +index c4cac5351cc..53de0490c5b 100644 +--- a/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java ++++ b/jdk/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java +@@ -500,38 +500,44 @@ public final class DOMReference extends DOMStructure + } + + boolean secVal = Utils.secureValidation(context); +- xi.setSecureValidation(secVal); +- if (context instanceof XMLSignContext && c14n11 +- && !xi.isOctetStream() && !xi.isOutputStreamSet()) { +- TransformService spi = null; +- if (provider == null) { +- spi = TransformService.getInstance(c14nalg, "DOM"); +- } else { +- try { +- spi = TransformService.getInstance(c14nalg, "DOM", provider); +- } catch (NoSuchAlgorithmException nsae) { ++ try { ++ xi.setSecureValidation(secVal); ++ if (context instanceof XMLSignContext && c14n11 ++ && !xi.isOctetStream() && !xi.isOutputStreamSet()) { ++ TransformService spi = null; ++ if (provider == null) { + spi = TransformService.getInstance(c14nalg, "DOM"); ++ } else { ++ try { ++ spi = TransformService.getInstance(c14nalg, "DOM", provider); ++ } catch (NoSuchAlgorithmException nsae) { ++ spi = TransformService.getInstance(c14nalg, "DOM"); ++ } + } +- } + +- DOMTransform t = new DOMTransform(spi); +- Element transformsElem = null; +- String dsPrefix = DOMUtils.getSignaturePrefix(context); +- if (allTransforms.isEmpty()) { +- transformsElem = DOMUtils.createElement( +- refElem.getOwnerDocument(), +- "Transforms", XMLSignature.XMLNS, dsPrefix); +- refElem.insertBefore(transformsElem, +- DOMUtils.getFirstChildElement(refElem)); ++ DOMTransform t = new DOMTransform(spi); ++ Element transformsElem = null; ++ String dsPrefix = DOMUtils.getSignaturePrefix(context); ++ if (allTransforms.isEmpty()) { ++ transformsElem = DOMUtils.createElement( ++ refElem.getOwnerDocument(), ++ "Transforms", XMLSignature.XMLNS, dsPrefix); ++ refElem.insertBefore(transformsElem, ++ DOMUtils.getFirstChildElement(refElem)); ++ } else { ++ transformsElem = DOMUtils.getFirstChildElement(refElem); ++ } ++ t.marshal(transformsElem, dsPrefix, ++ (DOMCryptoContext) context); ++ allTransforms.add(t); ++ xi.updateOutputStream(os, true); + } else { +- transformsElem = DOMUtils.getFirstChildElement(refElem); ++ xi.updateOutputStream(os); ++ } ++ } finally { ++ if(xi.getOctetStreamReal() != null) { ++ xi.getOctetStreamReal().close(); + } +- t.marshal(transformsElem, dsPrefix, +- (DOMCryptoContext)context); +- allTransforms.add(t); +- xi.updateOutputStream(os, true); +- } else { +- xi.updateOutputStream(os); + } + } + os.flush(); diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 16fbf02..f8991a3 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -313,7 +313,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project openjdk %global shenandoah_repo shenandoah-jdk8u -%global openjdk_revision jdk8u352-b08 +%global openjdk_revision jdk8u362-b01 %global shenandoah_revision shenandoah-%{openjdk_revision} # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} @@ -332,12 +332,12 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 2 +%global rpmrelease 3 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 1 +%global is_ga 0 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -1446,10 +1446,10 @@ Patch202: jdk8035341-allow_using_system_installed_libpng.patch # 8042159: Allow using a system-installed lcms2 Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch -# JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 -Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch # JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 Patch581: jdk8257794-remove_broken_assert.patch +# JDK-8255559, RH2124390: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() +Patch582: jdk8255559-rh2124390-file_descriptor_leak.patch ############################################# # @@ -1884,7 +1884,6 @@ sh %{SOURCE12} %patch571 %patch574 %patch112 -%patch580 %patch581 %patch113 @@ -1898,6 +1897,8 @@ pushd %{top_level_dir_name} # tzdata updates targetted for 8u362 %patch2002 -p1 %patch2003 -p1 +# fix for file leak in XML code +%patch582 -p1 popd # RPM-only fixes @@ -2218,10 +2219,6 @@ export SEC_DEBUG="-Djava.security.debug=properties" $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false -# Check correct vendor values have been set -$JAVA_HOME/bin/javac -d . %{SOURCE16} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} - # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi @@ -2232,6 +2229,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi %endif +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} + # Check translations are available for new timezones $JAVA_HOME/bin/javac -d . %{SOURCE18} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE @@ -2705,15 +2706,32 @@ cjc.mainProgram(args) %endif %changelog -* Sun Oct 16 2022 Andrew Hughes - 1:1.8.0.352.b08-2 +* Tue Jan 10 2023 Andrew Hughes - 1:1.8.0.362.b01-0.3.ea +- Update to shenandoah-jdk8u362-b01 (EA) +- Update release notes for shenandoah-8u362-b01. +- Switch to EA mode for 8u362 pre-release builds. +- Drop JDK-8195607/PR3776/RH1760437 now this is upstream +- Related: rhbz#2150193 + +* Thu Nov 10 2022 Andrew Hughes - 1:1.8.0.352.b08-3 +- Add backport of JDK-8255559 to fix file descriptor leak in XML code +- Resolves: rhbz#2124390 + +* Wed Oct 19 2022 Andrew Hughes - 1:1.8.0.352.b08-2 - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. -- Rebase FIPS patch against 8u352-b07 +- Switch to GA mode for final release. - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated -- * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 +* Wed Oct 12 2022 Andrew Hughes - 1:1.8.0.352.b07-0.2.ea +- Update to shenandoah-jdk8u352-b07 (EA) +- Update release notes for shenandoah-8u352-b07. +- Switch to EA mode for 8u352 pre-release builds. +- Rebase FIPS patch against 8u352-b07 +- Resolves: rhbz#2130612 + * Tue Aug 30 2022 Andrew Hughes - 1:1.8.0.345.b01-5 - Switch to static builds, reducing system dependencies and making build more portable - Resolves: rhbz#2048542