diff --git a/.gitignore b/.gitignore index 09a127e..6bb5934 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz +SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07-4curve.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 03f54ee..93dbbb4 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -a93b3d0fd5da1f95f22c85003fd3d4007e69ab32 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u332-b09-4curve.tar.xz +8c536a306b06fa2d7e6805c4f1a6f79776357926 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07-4curve.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index f9af271..2c012a8 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,7 +3,122 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY -New in release OpenJDK 8u332 (2022-04-19): +New in release OpenJDK 8u342 (2022-07-19): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk8u342 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt + +* Security fixes + - JDK-8272243: Improve DER parsing + - JDK-8272249: Better properties of loaded Properties + - JDK-8277608: Address IP Addressing + - JDK-8281859, CVE-2022-21540: Improve class compilation + - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations + - JDK-8283190: Improve MIDI processing + - JDK-8284370: Improve zlib usage + - JDK-8285407, CVE-2022-34169: Improve Xalan supports +* Other changes + - JDK-8031567: Better model for storing source revision information + - JDK-8076190: Customizing the generation of a PKCS12 keystore + - JDK-8129572: Cleanup usage of getResourceAsStream in jaxp + - JDK-8132256: jaxp: Investigate removal of com/sun/org/apache/bcel/internal/util/ClassPath.java + - JDK-8168926: C2: Bytecode escape analyzer crashes due to stack overflow + - JDK-8170385: JDK-8031567 broke source bundles + - JDK-8170392: JDK-8031567 broke builds from source bundles + - JDK-8170530: bash configure output contains a typo in a suggested library name + - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream + - JDK-8194154: System property user.dir should not be changed + - JDK-8202142: jfr/event/io/TestInstrumentation is unstable + - JDK-8221988: add possibility to build with Visual Studio 2019 + - JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp + - JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target + - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file + - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty" + - JDK-8248876: LoadObject with bad base address created for exec file on linux + - JDK-8253424: Add support for running pre-submit testing using GitHub Actions + - JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably + - JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command + - JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow + - JDK-8254175: Build no-pch configuration in debug mode for submit checks + - JDK-8254282: Add Linux x86_32 builds to submit workflow + - JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale + - JDK-8255305: Add Linux x86_32 tier1 to submit workflow + - JDK-8255352: Archive important test outputs in submit workflow + - JDK-8255373: Submit workflow artifact name is always "test-results_.zip" + - JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch + - JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow + - JDK-8256277: Github Action build on macOS should define OS and Xcode versions + - JDK-8256354: Github Action build on Windows should define OS and MSVC versions + - JDK-8256393: Github Actions build on Linux should define OS and GCC versions + - JDK-8256414: add optimized build to submit workflow + - JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing + - JDK-8257056: Submit workflow should apt-get update to avoid package installation errors + - JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386" + - JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386" + - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream) + - JDK-8263667: Avoid running GitHub actions on branches named pr/* + - JDK-8266187: Memory leak in appendBootClassPath() + - JDK-8274658: ISO 4217 Amendment 170 Update + - JDK-8274751: Drag And Drop hangs on Windows + - JDK-8278138: OpenJDK8 fails to start on Windows 8.1 after upgrading compiler to VS2017 + - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition + - JDK-8281814: Debuginfo.diz contains redundant build path after backport JDK-8025936 + - JDK-8282225: GHA: Allow one concurrent run per PR only + - JDK-8282458: Update .jcheck/conf file for 8u move to git + - JDK-8282552: Bump update version of OpenJDK: 8u342 + - JDK-8283350: (tz) Update Timezone Data to 2022a + - JDK-8284620: CodeBuffer may leak _overflow_arena + - JDK-8284772: 8u GHA: Use GCC Major Version Dependencies Only + - JDK-8285445: cannot open file "NUL:" + - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java + - JDK-8285591: [11] add signum checks in DSA.java engineVerify + - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head + - JDK-8286989: Build failure on macOS after 8281814 + - JDK-8287537: 8u JDK-8284620 backport broke AArch64 build + +Notes on individual issues: +=========================== + +security-libs/java.security: + +JDK-8215293: Customizing PKCS12 keystore Generation +=================================================== +New system and security properties have been added to enable users to +customize the generation of PKCS #12 keystores. This includes +algorithms and parameters for key protection, certificate protection, +and MacData. The detailed explanation and possible values for these +properties can be found in the "PKCS12 KeyStore properties" section of +the `java.security` file. + +Also, support for the following SHA-2 based HmacPBE algorithms has +been added to the SunJCE provider: + +* HmacPBESHA224 +* HmacPBESHA256 +* HmacPBESHA384 +* HmacPBESHA512 +* HmacPBESHA512/224 +* HmacPBESHA512/256 + +core-libs/java.io: + +JDK-8285660: Enable Windows Alternate Data Streams by default +============================================================= +The Windows implementation of `java.io.File` has been changed so that +strict validity checks are **not** performed by default on file +paths. This includes allowing colons (':') in the path other than only +immediately after a single drive letter. It also allows paths that +represent NTFS Alternate Data Streams (ADS), such as +"filename:streamname". This restores the default behavior of +`java.io.File` to what it was prior to the April 2022 CPU in which +strict validity checks were not performed by default on file paths on +Windows. To re-enable strict path checking in `java.io.File`, the +system property `jdk.io.File.enableADS` should be set to `false` (case +ignored). This might be preferable, for example, if Windows special +device paths such as `NUL:` are *not* used. + +New in release OpenJDK 8u332 (2022-04-22): =========================================== Live versions of these release notes can be found at: * https://bitly.com/openjdk8u332 diff --git a/SOURCES/jdk8186464-rh1433262-zip64_failure.patch b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch index 2d36fe2..572a36e 100644 --- a/SOURCES/jdk8186464-rh1433262-zip64_failure.patch +++ b/SOURCES/jdk8186464-rh1433262-zip64_failure.patch @@ -8,17 +8,18 @@ Reviewed-by: martin diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +index 26e2a5bf9e9..2630c118817 100644 --- openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java +++ openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java -@@ -93,6 +93,7 @@ +@@ -92,6 +92,7 @@ public class ZipFileSystem extends FileSystem { private final boolean createNew; // create a new zip if not exists private static final boolean isWindows = System.getProperty("os.name").startsWith("Windows"); + private final boolean forceEnd64; - ZipFileSystem(ZipFileSystemProvider provider, - Path zfpath, -@@ -109,12 +110,13 @@ + // a threshold, in bytes, to decide whether to create a temp file + // for outputstream of a zip entry +@@ -112,12 +113,13 @@ public class ZipFileSystem extends FileSystem { if (this.defaultDir.charAt(0) != '/') throw new IllegalArgumentException("default dir should be absolute"); @@ -33,7 +34,7 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi } } else { throw new FileSystemNotFoundException(zfpath.toString()); -@@ -1011,28 +1013,36 @@ +@@ -1014,28 +1016,36 @@ public class ZipFileSystem extends FileSystem { end.cenoff = ENDOFF(buf); end.comlen = ENDCOM(buf); end.endpos = pos + i; @@ -72,7 +73,7 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi + != end64buf.length || + !end64SigAt(end64buf, 0)) { + return end; - } ++ } + // end64 found, + long cenlen64 = ZIP64_ENDSIZ(end64buf); + long cenoff64 = ZIP64_ENDOFF(end64buf); @@ -82,7 +83,7 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi + cenoff64 != end.cenoff && end.cenoff != ZIP64_MINVAL || + centot64 != end.centot && end.centot != ZIP64_MINVAL32) { + return end; -+ } + } + // to use the end64 values + end.cenlen = cenlen64; + end.cenoff = cenoff64; @@ -91,7 +92,7 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi return end; } } -@@ -1198,7 +1208,7 @@ +@@ -1201,7 +1211,7 @@ public class ZipFileSystem extends FileSystem { // sync the zip file system, if there is any udpate private void sync() throws IOException { @@ -100,7 +101,7 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi // check ex-closer if (!exChClosers.isEmpty()) { for (ExChannelCloser ecc : exChClosers) { -@@ -1289,7 +1299,7 @@ +@@ -1292,7 +1302,7 @@ public class ZipFileSystem extends FileSystem { } end.centot = elist.size(); end.cenlen = written - end.cenoff; @@ -109,7 +110,7 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi } if (!streams.isEmpty()) { // -@@ -1727,8 +1737,8 @@ +@@ -1849,8 +1859,8 @@ public class ZipFileSystem extends FileSystem { long endpos; int disktot; @@ -120,7 +121,7 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi long xlen = cenlen; long xoff = cenoff; if (xlen >= ZIP64_MINVAL) { -@@ -1753,8 +1763,8 @@ +@@ -1875,8 +1885,8 @@ public class ZipFileSystem extends FileSystem { writeShort(os, 45); // version needed to extract writeInt(os, 0); // number of this disk writeInt(os, 0); // central directory start disk @@ -131,10 +132,11 @@ diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFi writeLong(os, cenlen); // length of central directory writeLong(os, cenoff); // offset of central directory -diff --git a/src/share/native/javopenjdk.orig/jdk/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c +diff --git openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c +index 5fd6fea049d..858e5814e92 100644 --- openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c +++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c -@@ -383,6 +383,9 @@ +@@ -385,6 +385,9 @@ findEND64(jzfile *zip, void *end64buf, jlong endpos) { char loc64[ZIP64_LOCHDR]; jlong end64pos; @@ -144,7 +146,7 @@ diff --git a/src/share/native/javopenjdk.orig/jdk/util/zip/zip_util.c openjdk/jd if (readFullyAt(zip->zfd, loc64, ZIP64_LOCHDR, endpos - ZIP64_LOCHDR) == -1) { return -1; // end64 locator not found } -@@ -545,6 +548,7 @@ +@@ -567,6 +570,7 @@ readCEN(jzfile *zip, jint knownTotal) { /* Following are unsigned 32-bit */ jlong endpos, end64pos, cenpos, cenlen, cenoff; @@ -152,7 +154,7 @@ diff --git a/src/share/native/javopenjdk.orig/jdk/util/zip/zip_util.c openjdk/jd /* Following are unsigned 16-bit */ jint total, tablelen, i, j; unsigned char *cenbuf = NULL; -@@ -572,13 +576,20 @@ +@@ -594,13 +598,20 @@ readCEN(jzfile *zip, jint knownTotal) cenlen = ENDSIZ(endbuf); cenoff = ENDOFF(endbuf); total = ENDTOT(endbuf); @@ -180,7 +182,8 @@ diff --git a/src/share/native/javopenjdk.orig/jdk/util/zip/zip_util.c openjdk/jd endpos = end64pos; endhdrlen = ZIP64_ENDHDR; } -diff --git a/test/javopenjdk.orig/jdk/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +diff --git openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java +index ffe8a8ed712..9b380003893 100644 --- openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java +++ openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java @@ -22,7 +22,7 @@ @@ -192,7 +195,7 @@ diff --git a/test/javopenjdk.orig/jdk/util/zip/ZipFile/ReadZip.java openjdk/jdk/ * @summary Make sure we can read a zip file. @key randomness * @run main/othervm ReadZip -@@ -30,12 +30,24 @@ +@@ -31,12 +31,24 @@ */ import java.io.*; @@ -217,7 +220,7 @@ diff --git a/test/javopenjdk.orig/jdk/util/zip/ZipFile/ReadZip.java openjdk/jdk/ public class ReadZip { private static void unreached (Object o) throws Exception -@@ -143,8 +155,6 @@ +@@ -144,8 +156,6 @@ public class ReadZip { newZip.delete(); } @@ -226,7 +229,7 @@ diff --git a/test/javopenjdk.orig/jdk/util/zip/ZipFile/ReadZip.java openjdk/jdk/ // Throw a FNF exception when read a non-existing zip file try { unreached (new ZipFile( new File(System.getProperty("test.src", "."), -@@ -152,5 +162,54 @@ +@@ -153,5 +163,54 @@ public class ReadZip { + String.valueOf(new java.util.Random().nextInt()) + ".zip"))); } catch (FileNotFoundException fnfe) {} diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index dfb3c81..eb7188a 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -216,9 +216,10 @@ %endif # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. -%global shenandoah_project openjdk -%global shenandoah_repo shenandoah-jdk8u -%global shenandoah_revision shenandoah-jdk8u332-b09 +%global shenandoah_project openjdk +%global shenandoah_repo shenandoah-jdk8u +%global openjdk_revision jdk8u342-b07 +%global shenandoah_revision shenandoah-%{openjdk_revision} # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -748,8 +749,9 @@ Requires: ca-certificates # Require jpackage-utils for ownership of /usr/lib/jvm/ Requires: jpackage-utils # Require zoneinfo data provided by tzdata-java subpackage. -# 2021e required as of JDK-8275766 in January 2022 CPU -Requires: tzdata-java >= 2021e +# 2022a required as of JDK-8283350 in 8u342 +Requires: tzdata-java >= 2022a +# for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it, @@ -1119,14 +1121,6 @@ BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel BuildRequires: zip BuildRequires: unzip -%ifarch %{arm} -BuildRequires: devtoolset-7-build -BuildRequires: devtoolset-7-binutils -BuildRequires: devtoolset-7-gcc -BuildRequires: devtoolset-7-gcc-c++ -BuildRequires: devtoolset-7-gdb -%endif - # Use OpenJDK 7 where available (on RHEL) to avoid # having to use the rhel-7.x-java-unsafe-candidate hack %if ! 0%{?fedora} && 0%{?rhel} <= 7 @@ -1139,8 +1133,8 @@ BuildRequires: java-1.8.0-openjdk-devel %ifnarch %{jit_arches} BuildRequires: libffi-devel %endif -# 2021e required as of JDK-8275766 in January 2022 CPU -BuildRequires: tzdata-java >= 2021e +# 2022a required as of JDK-8283350 in 8u342 +BuildRequires: tzdata-java >= 2022a # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1487,10 +1481,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg %build -%ifarch %{arm} -%{?enable_devtoolset7:%{enable_devtoolset7}} -%endif - # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -1514,9 +1504,6 @@ EXTRA_CPP_FLAGS="%ourcppflags" # fix rpmlint warnings EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif -%ifarch %{arm} -EXTRA_CFLAGS="$EXTRA_CFLAGS -Wno-nonnull" -%endif EXTRA_ASFLAGS="${EXTRA_CFLAGS}" export EXTRA_CFLAGS EXTRA_ASFLAGS @@ -1619,6 +1606,7 @@ function buildjdk() { echo "Removing output directory..."; rm -rf ${outputdir} %endif + } for suffix in %{build_loop} ; do @@ -1671,6 +1659,9 @@ echo "Hardened java binary recommended for launching untrusted code from the Web cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 popd +# Print release information +cat ${JAVA_HOME}/release + # build cycles done @@ -2183,6 +2174,18 @@ require "copy_jdk_configs.lua" %endif %changelog +* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b07-1 +- Update to shenandoah-jdk8u342-b07 +- Update release notes for shenandoah-8u342-b07. +- Print release file during build, which should now include a correct SOURCE value from .src-rev +- Update tarball script with IcedTea GitHub URL and .src-rev generation +- Use "git apply" with patches in the tarball script to allow binary diffs +- Remove redundant "REPOS" variable from tarball script +- Include script to generate bug list for release notes +- Update tzdata requirement to 2022a to match JDK-8283350 +- Rebase JDK-8186464 patch so it applies after JDK-8190753 +- Resolves: rhbz#2106502 + * Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b09-1 - Update to shenandoah-jdk8u332-b09 (GA) - Update release notes for 8u332-b09.