From 9a0f0584f3b1cac0a43674f99e8f01608eea60ce Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Oct 19 2022 20:05:12 +0000 Subject: Update to jdk-11.0.17+8 (GA) Update release notes to 11.0.17+8 Switch to GA mode for release The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds Remove freetype sources along with zlib sources --- diff --git a/.gitignore b/.gitignore index 2cf39fa..20d6247 100644 --- a/.gitignore +++ b/.gitignore @@ -109,3 +109,4 @@ /openjdk-jdk11u-jdk-11.0.16.1+1-4curve.tar.xz /openjdk-jdk11u-jdk-11.0.17+1-4curve.tar.xz /openjdk-jdk11u-jdk-11.0.17+7-4curve.tar.xz +/openjdk-jdk11u-jdk-11.0.17+8-4curve.tar.xz diff --git a/NEWS b/NEWS index c697201..3386935 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,22 @@ Live versions of these release notes can be found at: * https://bitly.com/openjdk11017 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html +* Security fixes + - JDK-8282252: Improve BigInteger/Decimal validation + - JDK-8285662: Better permission resolution + - JDK-8286077, CVE-2022-21618: Wider MultiByte conversions + - JDK-8286511: Improve macro allocation + - JDK-8286519: Better memory handling + - JDK-8286526, CVE-2022-21619: Improve NTLM support + - JDK-8286533, CVE-2022-21626: Key X509 usages + - JDK-8286910, CVE-2022-21624: Improve JNDI lookups + - JDK-8286918, CVE-2022-21628: Better HttpServer service + - JDK-8287446: Enhance icon presentations + - JDK-8288508: Enhance ECDSA usage + - JDK-8289366, CVE-2022-39399: Improve HTTP/2 client usage + - JDK-8289853: Update HarfBuzz to 4.4.1 + - JDK-8290334: Update FreeType to 2.12.1 + - JDK-8293429: [11u] minor update in attribute style * Other changes - JDK-6606767: resexhausted00[34] fail assert(!thread->owns_locks(), "must release all locks when leaving VM") - JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7 @@ -205,13 +221,11 @@ Live versions of these release notes can be found at: - JDK-8289549: ISO 4217 Amendment 172 Update - JDK-8289569: [test] java/lang/ProcessBuilder/Basic.java fails on Alpine/musl - JDK-8289799: Build warning in methodData.cpp memset zero-length parameter - - JDK-8289853: Update HarfBuzz to 4.4.1 - JDK-8289856: [PPC64] SIGSEGV in C2Compiler::init_c2_runtime() after JDK-8289060 - JDK-8290000: Bump macOS GitHub actions to macOS 11 - JDK-8290004: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC - JDK-8290198: Shenandoah: a few Shenandoah tests failure after JDK-8214799 11u backport - JDK-8290246: test fails "assert(init != __null) failed: initialization not found" - - JDK-8290334: Update FreeType to 2.12.1 - JDK-8290813: jdk/nashorn/api/scripting/test/ScriptObjectMirrorTest.java fails: assertEquals is ambiguous - JDK-8290886: [11u]: Backport of JDK-8266250 introduced test failures - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u @@ -219,6 +233,7 @@ Live versions of these release notes can be found at: - JDK-8291794: [11u] Corrections after backport of JDK-8212028 - JDK-8292579: (tz) Update Timezone Data to 2022c - JDK-8292852: [11u] TestMemoryWithCgroupV1 fails after JDK-8292768 + - JDK-8295057: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.17 Notes on individual issues: =========================== @@ -239,6 +254,17 @@ respectively. More information about them can be found on the Networking Properties page: https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html. +JDK-8286918: Better HttpServer service +====================================== +The HttpServer can be optionally configured with a maximum connection +limit by setting the jdk.httpserver.maxConnections system property. A +value of 0 or a negative integer is ignored and considered to +represent no connection limit. In the case of a positive integer +value, any newly accepted connections will be first checked against +the current count of established connections and, if the configured +limit has been reached, then the newly accepted connection will be +closed immediately. + hotspot/runtime: JDK-8281181: CPU Shares Ignored When Computing Active Processor Count diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec index db6a35e..5044d01 100644 --- a/java-11-openjdk.spec +++ b/java-11-openjdk.spec @@ -377,8 +377,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 7 -%global rpmrelease 2 +%global buildver 8 +%global rpmrelease 1 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -406,7 +406,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global ea_designator "" %global ea_designator_zip "" @@ -1989,7 +1989,9 @@ function buildjdk() { local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} local top_dir_abs_build_path=$(pwd)/${outputdir} - if [ "x${link_opt}" = "xbundled" ] ; then + # This must be set using the global, so that the + # static libraries still use a dynamic stdc++lib + if [ "x%{link_type}" = "xbundled" ] ; then libc_link_opt="static"; else libc_link_opt="dynamic"; @@ -2006,6 +2008,10 @@ function buildjdk() { mkdir -p ${outputdir} pushd ${outputdir} + # Note: zlib and freetype use %{link_type} + # rather than ${link_opt} as the system versions + # are always used in a system_libs build, even + # for the static library build bash ${top_dir_abs_src_path}/configure \ %ifarch %{zero_arches} --with-jvm-variants=zero \ @@ -2026,8 +2032,8 @@ function buildjdk() { --with-native-debug-symbols="%{debug_symbols}" \ --disable-sysconf-nss \ --enable-unlimited-crypto \ - --with-zlib=${link_opt} \ - --with-freetype=${link_opt} \ + --with-zlib=%{link_type} \ + --with-freetype=%{link_type} \ --with-libjpeg=${link_opt} \ --with-giflib=${link_opt} \ --with-libpng=${link_opt} \ @@ -2721,6 +2727,13 @@ end %endif %changelog +* Wed Oct 19 2022 Andrew Hughes - 1:11.0.17.0.8-1 +- Update to jdk-11.0.17+8 (GA) +- Update release notes to 11.0.17+8 +- Switch to GA mode for release +- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds +- Remove freetype sources along with zlib sources + * Sat Oct 15 2022 Andrew Hughes - 1:11.0.17.0.7-0.2.ea - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) diff --git a/remove-intree-libraries.sh b/remove-intree-libraries.sh index d475909..ee02f60 100644 --- a/remove-intree-libraries.sh +++ b/remove-intree-libraries.sh @@ -5,6 +5,7 @@ TREE=${1} TYPE=${2} ZIP_SRC=src/java.base/share/native/libzip/zlib/ +FREETYPE_SRC=src/java.desktop/share/native/libfreetype/ JPEG_SRC=src/java.desktop/share/native/libjavajpeg/ GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/ PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/ @@ -31,15 +32,21 @@ cd ${TREE} echo "Removing built-in libs (they will be linked)" -# On full runs, allow for zlib having already been deleted by minimal +# On full runs, allow for zlib & freetype having already been deleted by minimal echo "Removing zlib" if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then echo "${ZIP_SRC} does not exist. Refusing to proceed." exit 1 fi rm -rvf ${ZIP_SRC} +echo "Removing freetype" +if [ "x${TYPE}" = "xminimal" -a ! -d ${FREETYPE_SRC} ]; then + echo "${FREETYPE_SRC} does not exist. Refusing to proceed." + exit 1 +fi +rm -rvf ${FREETYPE_SRC} -# Minimal is limited to just zlib so finish here +# Minimal is limited to just zlib and freetype so finish here if test "x${TYPE}" = "xminimal"; then echo "Finished."; exit 0; diff --git a/sources b/sources index 9ec8b46..7606cba 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30 -SHA512 (openjdk-jdk11u-jdk-11.0.17+7-4curve.tar.xz) = 26217602367ced7f357d80c6c68fb3c872ae0f67a21fa5e18c139af7ff31787c60f218de0014cf714e016fe2d8de8ee11f76309a8338768cc535954a96387b19 +SHA512 (openjdk-jdk11u-jdk-11.0.17+8-4curve.tar.xz) = 236c0ff89e85727c8b2bdb9ebbce6350db7653f319b2a9c2e12f2489844aec4fcc0629f65bc999798acfcf2a678177f1caaddab9353e55006df7bfe2aa69bcba