From bacc35b76be6d0b1b995f357ca1ed20716e840b7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 16 2023 02:13:35 +0000 Subject: import java-17-openjdk-17.0.6.0.10-3.el8 --- diff --git a/.gitignore b/.gitignore index cee4799..04d7888 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz +SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-17-openjdk.metadata b/.java-17-openjdk.metadata index f03aebb..79c2f67 100644 --- a/.java-17-openjdk.metadata +++ b/.java-17-openjdk.metadata @@ -1,2 +1,2 @@ -95213324016613e314e5c97dc87f31a0576df00c SOURCES/openjdk-jdk17u-jdk-17.0.6+9.tar.xz +fc29dd4013a289be075afdcb29c8df29d1349c0d SOURCES/openjdk-jdk17u-jdk-17.0.6+10.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 3104608..e679dc1 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -9,6 +9,21 @@ Live versions of these release notes can be found at: * https://bitly.com/openjdk1706 * https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html +* CVEs + - CVE-2023-21835 + - CVE-2023-21843 +* Security fixes + - JDK-8286070: Improve UTF8 representation + - JDK-8286496: Improve Thread labels + - JDK-8287411: Enhance DTLS performance + - JDK-8288516: Enhance font creation + - JDK-8289350: Better media supports + - JDK-8293554: Enhanced DH Key Exchanges + - JDK-8293598: Enhance InetAddress address handling + - JDK-8293717: Objective view of ObjectView + - JDK-8293734: Improve BMP image handling + - JDK-8293742: Better Banking of Sounds + - JDK-8295687: Better BMP bounds * Other changes - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails @@ -252,10 +267,12 @@ Live versions of these release notes can be found at: - JDK-8295554: Move the "sizecalc.h" to the correct location - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev - JDK-8295714: GHA ::set-output is deprecated and will be removed + - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 - JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM - JDK-8296108: (tz) Update Timezone Data to 2022f + - JDK-8296239: ISO 4217 Amendment 174 Update - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation @@ -278,10 +295,33 @@ Live versions of these release notes can be found at: - JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run - JDK-8297656: AArch64: Enable AES/GCM Intrinsics - JDK-8297804: (tz) Update Timezone Data to 2022g + - JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6 + - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR + - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java Notes on individual issues: =========================== +client-libs/javax.imageio: + +JDK-8295687: Better BMP bounds +============================== +Loading a linked ICC profile within a BMP image is now disabled by +default. To re-enable it, set the new system property +`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property +replaces the old property, +`sun.imageio.plugins.bmp.disableLinkedProfiles`. + +client-libs/javax.sound: + +JDK-8293742: Better Banking of Sounds +===================================== +Previously, the SoundbankReader implementation, +`com.sun.media.sound.JARSoundbankReader`, would download a JAR +soundbank from a URL. This behaviour is now disabled by default. To +re-enable it, set the new system property `jdk.sound.jarsoundbank` to +`true`. + security-libs/java.security: JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set @@ -302,6 +342,14 @@ the same change is made in third party modules. Developers of third party modules are advised to verify that their logout() method does not throw a NullPointerException. +security-libs/javax.net.ssl: + +JDK-8287411: Enhance DTLS performance +===================================== +The JDK now exchanges DTLS cookies for all handshakes, new and +resumed. The previous behaviour can be re-enabled by setting the new +system property `jdk.tls.enableDtlsResumeCookie` to `false`. + New in release OpenJDK 17.0.5 (2022-10-18): =========================================== Live versions of these release notes can be found at: diff --git a/SPECS/java-17-openjdk.spec b/SPECS/java-17-openjdk.spec index 67ffa34..85868f8 100644 --- a/SPECS/java-17-openjdk.spec +++ b/SPECS/java-17-openjdk.spec @@ -368,8 +368,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 9 -%global rpmrelease 4 +%global buildver 10 +%global rpmrelease 3 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -395,7 +395,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global build_type GA %global ea_designator "" @@ -2626,6 +2626,12 @@ require "copy_jdk_configs.lua" %endif %changelog +* Fri Jan 20 2023 Andrew Hughes - 1:17.0.6.0.10-3 +- Update to jdk-17.0.6.0+10 +- Update release notes to 17.0.6.0+10 +- Switch to GA mode for release +- Resolves: rhbz#2160111 + * Fri Jan 13 2023 Andrew Hughes - 1:17.0.6.0.9-0.4.ea - Update FIPS support to bring in latest changes - * OJ1357: Fix issue on FIPS with a SecurityManager in place