diff --git a/.gitignore b/.gitignore index 2e1256f..7d99f3a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz +SOURCES/openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index 3dbdfc7..eeef643 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -99b83c6bd4a99a9763594c4e3f661b983af6e031 SOURCES/openjdk-jdk11u-jdk-11.0.18+9-4curve.tar.xz +65abc412a085af5ba08c019cf6d0e7e44cfe94eb SOURCES/openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 28e8529..e03d474 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -9,6 +9,21 @@ Live versions of these release notes can be found at: * https://bit.ly/openjdk11018 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.18.html +* CVEs + - CVE-2023-21835 + - CVE-2023-21843 +* Security fixes + - JDK-8286070: Improve UTF8 representation + - JDK-8286496: Improve Thread labels + - JDK-8287411: Enhance DTLS performance + - JDK-8288516: Enhance font creation + - JDK-8289350: Better media supports + - JDK-8293554: Enhanced DH Key Exchanges + - JDK-8293598: Enhance InetAddress address handling + - JDK-8293717: Objective view of ObjectView + - JDK-8293734: Improve BMP image handling + - JDK-8293742: Better Banking of Sounds + - JDK-8295687: Better BMP bounds * Other changes - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException - JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider @@ -202,9 +217,11 @@ Live versions of these release notes can be found at: - JDK-8295554: Move the "sizecalc.h" to the correct location - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev - JDK-8295714: GHA ::set-output is deprecated and will be removed + - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 - JDK-8296108: (tz) Update Timezone Data to 2022f + - JDK-8296239: ISO 4217 Amendment 174 Update - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation @@ -219,10 +236,34 @@ Live versions of these release notes can be found at: - JDK-8297656: AArch64: Enable AES/GCM Intrinsics - JDK-8297804: (tz) Update Timezone Data to 2022g - JDK-8298737: 8296772 backport to jdk11u caused build error on sparc + - JDK-8299393: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18 + - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java + - JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport Notes on individual issues: =========================== +client-libs/javax.imageio: + +JDK-8295687: Better BMP bounds +============================== +Loading a linked ICC profile within a BMP image is now disabled by +default. To re-enable it, set the new system property +`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property +replaces the old property, +`sun.imageio.plugins.bmp.disableLinkedProfiles`. + +client-libs/javax.sound: + +JDK-8293742: Better Banking of Sounds +===================================== +Previously, the SoundbankReader implementation, +`com.sun.media.sound.JARSoundbankReader`, would download a JAR +soundbank from a URL. This behaviour is now disabled by default. To +re-enable it, set the new system property `jdk.sound.jarsoundbank` to +`true`. + security-libs/javax.crypto: JDK-6782021: Windows KeyStore Updated to Include Access to the Local Machine Location @@ -260,6 +301,14 @@ the same change is made in third party modules. Developers of third party modules are advised to verify that their logout() method does not throw a NullPointerException. +security-libs/javax.net.ssl: + +JDK-8287411: Enhance DTLS performance +===================================== +The JDK now exchanges DTLS cookies for all handshakes, new and +resumed. The previous behaviour can be re-enabled by setting the new +system property `jdk.tls.enableDtlsResumeCookie` to `false`. + New in release OpenJDK 11.0.17 (2022-10-18): ============================================= Live versions of these release notes can be found at: diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index a55010c..b415eed 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -377,7 +377,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 9 +%global buildver 10 %global rpmrelease 3 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -406,7 +406,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global ea_designator "" %global ea_designator_zip "" @@ -2676,6 +2676,12 @@ end %endif %changelog +* Wed Jan 11 2023 Andrew Hughes - 1:11.0.18.0.10-3 +- Update to jdk-11.0.18+10 (GA) +- Update release notes to 11.0.18+10 +- Switch to GA mode for release +- Resolves: rhbz#2160111 + * Tue Jan 03 2023 Andrew Hughes - 1:11.0.18.0.9-0.3.ea - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9