diff --git a/.gitignore b/.gitignore index 28181b7..2a6a1b1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz +SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 9832ba2..758a817 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -de58a4f646ca65cafbd2166d7d08eb330adaf4e6 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz +7a2f925314ef0511cf09fde8e055d28ff0728792 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index ee1e724..bc656ee 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,140 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u292 (2021-04-20): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u292 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt + +* Other changes + - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop + - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently + - JDK-8035166: Remove dependency on EC classes from pkcs11 provider + - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error + - JDK-8038723: Openup some PrinterJob tests + - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton + - JDK-8078450: Implement consistent process for quarantine of tests + - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid + - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment + - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256 + - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output + - JDK-8160217: JavaSound should clean up resources better + - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods + - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node + - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key" + - JDK-8202343: Disable TLS 1.0 and 1.1 + - JDK-8211339: NPE during SSL handshake caused by HostnameChecker + - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy + - JDK-8217338: [Containers] Improve systemd slice memory limit support + - JDK-8221408: Windows 32bit build build errors/warnings in hotspot + - JDK-8223186: HotSpot compile warnings from GCC 9 + - JDK-8225805: Java Access Bridge does not close the logger + - JDK-8226899: Problemlist compiler/rtm tests + - JDK-8227642: [TESTBUG] Make docker tests podman compatible + - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642 + - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage + - JDK-8230388: Problemlist additional compiler/rtm tests + - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR + - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3 + - JDK-8234728: Some security tests should support TLSv1.3 + - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property. + - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read + - JDK-8242141: New System Properties to configure the TLS signature schemes + - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 + - JDK-8249183: JVM crash in "AwtFrame::WmSize" method + - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows + - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities + - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray + - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows + - JDK-8253368: TLS connection always receives close_notify exception + - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities + - JDK-8253932: SSL debug log prints incorrect caller info + - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations + - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem + - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java + - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed + - JDK-8258079: Eliminate ParNew's use of klass_or_null() + - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575 + - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() + - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes + - JDK-8258933: G1 needs klass_or_null_acquire + - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will + - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548 + - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport + - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01. + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default +=================================================================================== +Weak named curves are disabled by default by adding them to the +following `disabledAlgorithms` security properties: + +* jdk.tls.disabledAlgorithms +* jdk.certpath.disabledAlgorithms +* jdk.jar.disabledAlgorithms + +Red Hat has always disabled many of the curves provided by upstream, +so the only addition in this release is: + +* secp256k1 + +The curves that remain enabled are: + +* secp256r1 +* secp384r1 +* secp521r1 +* X25519 +* X448 + +When large numbers of weak named curves need to be disabled, adding +individual named curves to each `disabledAlgorithms` property would be +overwhelming. To relieve this, a new security property, +`jdk.disabled.namedCurves`, is implemented that can list the named +curves common to all of the `disabledAlgorithms` properties. To use +the new property in the `disabledAlgorithms` properties, precede the +full property name with the keyword `include`. Users can still add +individual named curves to `disabledAlgorithms` properties separate +from this new property. No other properties can be included in the +`disabledAlgorithms` properties. + +To restore the named curves, remove the `include +jdk.disabled.namedCurves` either from specific or from all +`disabledAlgorithms` security properties. To restore one or more +curves, remove the specific named curve(s) from the +`jdk.disabled.namedCurves` property. + +security-libs/javax.net.ssl: + +JDK-8256490: Disable TLS 1.0 and 1.1 +==================================== +TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer +considered secure and have been superseded by more secure and modern +versions (TLS 1.2 and 1.3). + +These versions have now been disabled by default. If you encounter +issues, you can, at your own risk, re-enable the versions by removing +"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` +security property in the `java.security` configuration file. + +JDK-8242147: New System Properties to Configure the TLS Signature Schemes +========================================================================= +Two new system properties have been added to customize the TLS +signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been +added for the TLS client side, and `jdk.tls.server.SignatureSchemes` +has been added for the server side. + +Each system property contains a comma-separated list of supported +signature scheme names specifying the signature schemes that could be +used for the TLS connections. + +The names are described in the "Signature Schemes" section of the +*Java Security Standard Algorithm Names Specification*. + New in release OpenJDK 8u282 (2021-01-19): =========================================== Live versions of these release notes can be found at: diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 02d2f7d..03ad08a 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -250,7 +250,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u282-b08 +%global shenandoah_revision aarch64-shenandoah-jdk8u292-b01 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -266,12 +266,12 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 4 +%global rpmrelease 2 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 1 +%global is_ga 0 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -2389,6 +2389,14 @@ require "copy_jdk_configs.lua" %endif %changelog +* Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b01-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b01 (EA) +- Update release notes for 8u292-b01. +- Switch to EA mode. +- Update tarball generation script to use PR3822 which handles + JDK-8233228 & JDK-8035166 changes +- Resolves: rhbz#1942306 + * Wed Feb 17 2021 Stephan Bergmann - 1:1.8.0.282.b08-4 - Resolves: rhbz#1896014 Hardcode /usr/sbin/alternatives for Flatpak builds