diff --git a/.gitignore b/.gitignore index 2a6a1b1..d94a307 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz +SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 758a817..3a0c9aa 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -7a2f925314ef0511cf09fde8e055d28ff0728792 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b01-4curve.tar.xz +08dd5e1bd85f5fc27dac4c9e2f31d0549057ce6d SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u292-b04-4curve.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index bc656ee..a34e64e 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -16,21 +16,31 @@ Live versions of these release notes can be found at: - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error - JDK-8038723: Openup some PrinterJob tests - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton + - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS - JDK-8078450: Implement consistent process for quarantine of tests + - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256 + - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output + - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address - JDK-8160217: JavaSound should clean up resources better - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node + - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63 + - JDK-8172404: Tools should warn if weak algorithms are used before restricting them - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key" + - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode - JDK-8202343: Disable TLS 1.0 and 1.1 + - JDK-8209333: Socket reset issue for TLS 1.3 socket close - JDK-8211339: NPE during SSL handshake caused by HostnameChecker - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy - JDK-8217338: [Containers] Improve systemd slice memory limit support + - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl - JDK-8221408: Windows 32bit build build errors/warnings in hotspot - JDK-8223186: HotSpot compile warnings from GCC 9 + - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14 - JDK-8225805: Java Access Bridge does not close the logger - JDK-8226899: Problemlist compiler/rtm tests - JDK-8227642: [TESTBUG] Make docker tests podman compatible @@ -40,12 +50,19 @@ Live versions of these release notes can be found at: - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3 - JDK-8234728: Some security tests should support TLSv1.3 + - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions + - JDK-8235311: Tag mismatch may alert bad_record_mac - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property. + - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read + - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code. + - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE" - JDK-8242141: New System Properties to configure the TLS signature schemes - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 - JDK-8249183: JVM crash in "AwtFrame::WmSize" method + - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows + - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows @@ -53,18 +70,26 @@ Live versions of these release notes can be found at: - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities - JDK-8253932: SSL debug log prints incorrect caller info - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations + - JDK-8255880: UI of Swing components is not redrawn after their internal state changed - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed - JDK-8258079: Eliminate ParNew's use of klass_or_null() + - JDK-8256682: JDK-8202343 is incomplete - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575 - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes + - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures - JDK-8258933: G1 needs klass_or_null_acquire - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548 - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport + - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS + - JDK-8260930: AARCH64: Invalid value passed to critical JNI function + - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017 + - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01. + - Revert differences against upstream 8u Notes on individual issues: =========================== @@ -110,6 +135,15 @@ jdk.disabled.namedCurves` either from specific or from all curves, remove the specific named curve(s) from the `jdk.disabled.namedCurves` property. +JDK-8244286: Tools Warn If Weak Algorithms Are Used +=================================================== +The `keytool` and `jarsigner` tools have been updated to warn users +when weak cryptographic algorithms are used in keys, certificates, and +signed JARs before they are disabled. The weak algorithms are set in +the `jdk.security.legacyAlgorithms` security property in the +`java.security` configuration file. In this release, the tools issue +warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys. + security-libs/javax.net.ssl: JDK-8256490: Disable TLS 1.0 and 1.1 diff --git a/SOURCES/rh1868759-pkcs11_cancel_on_failure.patch b/SOURCES/rh1868759-pkcs11_cancel_on_failure.patch deleted file mode 100644 index e578e00..0000000 --- a/SOURCES/rh1868759-pkcs11_cancel_on_failure.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 06:57:19 2020 +0100 -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:56:48 2020 -0300 -@@ -627,7 +627,7 @@ - throw (ShortBufferException) - (new ShortBufferException().initCause(e)); - } -- reset(false); -+ reset(true); - throw new ProviderException("update() failed", e); - } - } -@@ -745,7 +745,7 @@ - throw (ShortBufferException) - (new ShortBufferException().initCause(e)); - } -- reset(false); -+ reset(true); - throw new ProviderException("update() failed", e); - } - } diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 03ad08a..6073140 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -250,7 +250,7 @@ # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u292-b01 +%global shenandoah_revision aarch64-shenandoah-jdk8u292-b04 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -1209,8 +1209,6 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3655: Allow use of system crypto policy to be disabled by the user Patch401: pr3655-toggle_system_crypto_policy.patch -# RH1868759: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer -Patch540: rh1868759-pkcs11_cancel_on_failure.patch # enable build of speculative store bypass hardened alt-java Patch600: rh1750419-redhat_alt_java.patch @@ -1680,7 +1678,6 @@ sh %{SOURCE12} %patch574 %patch580 %patch539 -%patch540 # RPM-only fixes %patch600 @@ -2389,6 +2386,22 @@ require "copy_jdk_configs.lua" %endif %changelog +* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b04-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b04 (EA) +- Update release notes for 8u292-b04. +- Resolves: rhbz#1942306 + +* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b03-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b03 (EA) +- Update release notes for 8u292-b03. +- Resolves: rhbz#1942306 + +* Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b02-0.2.ea +- Update to aarch64-shenandoah-jdk8u292-b02 (EA) +- Update release notes for 8u292-b02. +- Remove RH1868759 patch as this is now resolved upstream by JDK-8258833. +- Resolves: rhbz#1942306 + * Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b01-0.2.ea - Update to aarch64-shenandoah-jdk8u292-b01 (EA) - Update release notes for 8u292-b01.