From ef2295275db9cd8d54fe0eaf46b927aa9918e1c7 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 14 2022 12:12:40 +0000 Subject: import java-17-openjdk-17.0.3.0.7-1.el8 --- diff --git a/.gitignore b/.gitignore index 22a8a69..9eb4637 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-jdk17u-jdk-17.0.3+5.tar.xz +SOURCES/openjdk-jdk17u-jdk-17.0.3+7.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-17-openjdk.metadata b/.java-17-openjdk.metadata index 439ad25..86d6067 100644 --- a/.java-17-openjdk.metadata +++ b/.java-17-openjdk.metadata @@ -1,2 +1,2 @@ -0d36992602220a83adaff3bd0702efc02e616a0a SOURCES/openjdk-jdk17u-jdk-17.0.3+5.tar.xz +48b4c7e58395ac81d19dae67b0f4d1cfe52c4e45 SOURCES/openjdk-jdk17u-jdk-17.0.3+7.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 7c85481..b0e58ad 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -9,6 +9,25 @@ Live versions of these release notes can be found at: * https://bitly.com/openjdk1703 * https://builds.shipilev.net/backports-monitor/release-notes-17.0.3.txt +* Security fixes + - JDK-8269938: Enhance XML processing passes redux + - JDK-8270504, CVE-2022-21426: Better XPath expression handling + - JDK-8272255: Completely handle MIDI files + - JDK-8272261: Improve JFR recording file processing + - JDK-8272588: Enhanced recording parsing + - JDK-8272594: Better record of recordings + - JDK-8274221: More definite BER encodings + - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0 + - JDK-8275151, CVE-2022-21443: Improved Object Identification + - JDK-8277227: Better identification of OIDs + - JDK-8277233, CVE-2022-21449: Improve ECDSA signature support + - JDK-8277672, CVE-2022-21434: Better invocation handler handling + - JDK-8278356: Improve file creation + - JDK-8278449: Improve keychain support + - JDK-8278798: Improve supported intrinsic + - JDK-8278805: Enhance BMP image loading + - JDK-8278972, CVE-2022-21496: Improve URL supports + - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo * Other changes - JDK-8177814: jdk/editpad is not in jdk TEST.groups - JDK-8186670: Implement _onSpinWait() intrinsic for AArch64 @@ -79,7 +98,6 @@ Live versions of these release notes can be found at: - JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler - JDK-8274935: dumptime_table has stale entry - JDK-8274944: AppCDS dump causes SEGV in VM thread while adjusting lambda proxy class info - - JDK-8275082: Update XML Security for Java to 2.3.0 - JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected - JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions - JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime @@ -175,7 +193,11 @@ Live versions of these release notes can be found at: - JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames - JDK-8281460: Let ObjectMonitor have its own NMT category - JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX + - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972 + - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods + - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException + - JDK-8284920: Incorrect Token type causes XPath expression to return empty result Notes on individual issues: =========================== diff --git a/SOURCES/jdk8283911-default_promoted_version_pre.patch b/SOURCES/jdk8283911-default_promoted_version_pre.patch deleted file mode 100644 index b94cbd5..0000000 --- a/SOURCES/jdk8283911-default_promoted_version_pre.patch +++ /dev/null @@ -1,16 +0,0 @@ -commit 37807a694f89611f60880260d2bb7162908bc0c8 -Author: Andrew Hughes -Date: Wed Mar 30 04:19:43 2022 +0100 - - 8283911: DEFAULT_PROMOTED_VERSION_PRE not reset to 'ea' for jdk-17.0.4 - -diff --git openjdk.orig/make/conf/version-numbers.conf openjdk/make/conf/version-numbers.conf -index 71b19762f2e..7378ec67a48 100644 ---- openjdk.orig/make/conf/version-numbers.conf -+++ openjdk/make/conf/version-numbers.conf -@@ -39,4 +39,4 @@ DEFAULT_VERSION_CLASSFILE_MINOR=0 - DEFAULT_VERSION_DOCS_API_SINCE=11 - DEFAULT_ACCEPTABLE_BOOT_VERSIONS="16 17" - DEFAULT_JDK_SOURCE_TARGET_VERSION=17 --DEFAULT_PROMOTED_VERSION_PRE= -+DEFAULT_PROMOTED_VERSION_PRE=ea diff --git a/SPECS/java-17-openjdk.spec b/SPECS/java-17-openjdk.spec index b7c2b62..41a34f0 100644 --- a/SPECS/java-17-openjdk.spec +++ b/SPECS/java-17-openjdk.spec @@ -333,7 +333,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 5 +%global buildver 7 %global rpmrelease 1 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -353,11 +353,14 @@ # Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames %global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) +# The tag used to create the OpenJDK tarball +%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} + # Define milestone (EA for pre-releases, GA for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global build_type GA %global expected_ea_designator "" @@ -1252,9 +1255,8 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv URL: http://openjdk.java.net/ -# to regenerate source0 (jdk) run update_package.sh -# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives -Source0: openjdk-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}.tar.xz +# The source tarball, generated using generate_source_tarball.sh +Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (6.x). @@ -1345,12 +1347,10 @@ Patch1018: rh2052070-enable_algorithmparameters_in_fips_mode.patch ############################################# # JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked Patch2000: jdk8275535-rh2053256-ldap_auth.patch -# JDK-8283911: DEFAULT_PROMOTED_VERSION_PRE not reset to 'ea' for jdk-17.0.4 -Patch2001: jdk8283911-default_promoted_version_pre.patch ############################################# # -# OpenJDK patches appearing in 17.0.1 +# OpenJDK patches appearing in 17.0.3 # ############################################# @@ -1778,7 +1778,6 @@ popd # openjdk %patch1018 %patch2000 -%patch2001 # Extract systemtap tapsets %if %{with_systemtap} @@ -2558,6 +2557,15 @@ require "copy_jdk_configs.lua" %endif %changelog +* Wed Apr 20 2022 Andrew Hughes - 1:17.0.3.0.7-1 +- April 2022 security update to jdk 17.0.3+7 +- Update to jdk-17.0.3.0+7 release tarball +- Update release notes to 17.0.3.0+6 +- Add missing README.md and generate_source_tarball.sh +- Switch to GA mode for release +- JDK-8283911 patch no longer needed now we're GA... +- Resolves: rhbz#2073577 + * Wed Apr 06 2022 Andrew Hughes - 1:17.0.3.0.5-0.1.ea - Update to jdk-17.0.3.0+5 - Update release notes to 17.0.3.0+5