diff --git a/.gitignore b/.gitignore index 8a7b642..daec806 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ /openjdk-jdk17u-jdk-17.0.4.1+1.tar.xz /openjdk-jdk17u-jdk-17.0.5+1.tar.xz /openjdk-jdk17u-jdk-17.0.5+7.tar.xz +/openjdk-jdk17u-jdk-17.0.5+8.tar.xz diff --git a/NEWS b/NEWS index 277319c..f611a71 100644 --- a/NEWS +++ b/NEWS @@ -7,8 +7,22 @@ New in release OpenJDK 17.0.5 (2022-10-18): =========================================== Live versions of these release notes can be found at: * https://bitly.com/openjdk1705 - * https://builds.shipilev.net/backports-monitor/release-notes-17.0.5.txt + * https://builds.shipilev.net/backports-monitor/release-notes-17.0.5.html +* Security fixes + - JDK-8282252: Improve BigInteger/Decimal validation + - JDK-8285662: Better permission resolution + - JDK-8286077, CVE-2022-21618: Wider MultiByte conversions + - JDK-8286511: Improve macro allocation + - JDK-8286519: Better memory handling + - JDK-8286526, CVE-2022-21619: Improve NTLM support + - JDK-8286910, CVE-2022-21624: Improve JNDI lookups + - JDK-8286918, CVE-2022-21628: Better HttpServer service + - JDK-8287446: Enhance icon presentations + - JDK-8288508: Enhance ECDSA usage + - JDK-8289366, CVE-2022-39399: Improve HTTP/2 client usage + - JDK-8289853: Update HarfBuzz to 4.4.1 + - JDK-8290334: Update FreeType to 2.12.1 * Other changes - JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider - JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7 @@ -211,7 +225,6 @@ Live versions of these release notes can be found at: - JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun - JDK-8289697: buffer overflow in MTLVertexCache.m: MTLVertexCache_AddGlyphQuad - JDK-8289799: Build warning in methodData.cpp memset zero-length parameter - - JDK-8289853: Update HarfBuzz to 4.4.1 - JDK-8289856: [PPC64] SIGSEGV in C2Compiler::init_c2_runtime() after JDK-8289060 - JDK-8289910: unify os::message_box across posix platforms - JDK-8290000: Bump macOS GitHub actions to macOS 11 @@ -219,12 +232,12 @@ Live versions of these release notes can be found at: - JDK-8290020: Deadlock in leakprofiler::emit_events during shutdown - JDK-8290082: [PPC64] ZGC C2 load barrier stub needs to preserve vector registers - JDK-8290246: test fails "assert(init != __null) failed: initialization not found" - - JDK-8290334: Update FreeType to 2.12.1 - JDK-8290417: CDS cannot archive lamda proxy with useImplMethodHandle - JDK-8290456: remove os::print_statistics() - JDK-8291595: [17u] Delete files missed in backport of 8269039 - JDK-8291633: Build failures with GCC 11, Alpine 3 due to incompatible casts from nullptr - JDK-8292579: (tz) Update Timezone Data to 2022c + - JDK-8295056: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.5 Notes on individual issues: =========================== diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec index 1dcf98c..6fc0908 100644 --- a/java-17-openjdk.spec +++ b/java-17-openjdk.spec @@ -368,8 +368,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 7 -%global rpmrelease 2 +%global buildver 8 +%global rpmrelease 1 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -395,7 +395,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global build_type GA %global ea_designator "" @@ -1985,7 +1985,9 @@ function buildjdk() { local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} local top_dir_abs_build_path=$(pwd)/${outputdir} - if [ "x${link_opt}" = "xbundled" ] ; then + # This must be set using the global, so that the + # static libraries still use a dynamic stdc++lib + if [ "x%{link_type}" = "xbundled" ] ; then libc_link_opt="static"; else libc_link_opt="dynamic"; @@ -2002,6 +2004,10 @@ function buildjdk() { mkdir -p ${outputdir} pushd ${outputdir} + # Note: zlib and freetype use %{link_type} + # rather than ${link_opt} as the system versions + # are always used in a system_libs build, even + # for the static library build bash ${top_dir_abs_src_path}/configure \ %ifarch %{zero_arches} --with-jvm-variants=zero \ @@ -2022,8 +2028,8 @@ function buildjdk() { --with-native-debug-symbols="%{debug_symbols}" \ --disable-sysconf-nss \ --enable-unlimited-crypto \ - --with-zlib=${link_opt} \ - --with-freetype=${link_opt} \ + --with-zlib=%{link_type} \ + --with-freetype=%{link_type} \ --with-libjpeg=${link_opt} \ --with-giflib=${link_opt} \ --with-libpng=${link_opt} \ @@ -2681,6 +2687,13 @@ cjc.mainProgram(args) %endif %changelog +* Wed Oct 19 2022 Andrew Hughes - 1:17.0.5.0.8-1 +- Update to jdk-17.0.5+8 (GA) +- Update release notes to 17.0.5+8 (GA) +- Switch to GA mode for final release. +- The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds +- Remove freetype sources along with zlib sources + * Fri Oct 14 2022 Andrew Hughes - 1:17.0.5.0.7-0.2.ea - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) diff --git a/remove-intree-libraries.sh b/remove-intree-libraries.sh index e999c7e..25c2fc8 100644 --- a/remove-intree-libraries.sh +++ b/remove-intree-libraries.sh @@ -5,6 +5,7 @@ TREE=${1} TYPE=${2} ZIP_SRC=src/java.base/share/native/libzip/zlib/ +FREETYPE_SRC=src/java.desktop/share/native/libfreetype/ JPEG_SRC=src/java.desktop/share/native/libjavajpeg/ GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/ PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/ @@ -31,15 +32,21 @@ cd ${TREE} echo "Removing built-in libs (they will be linked)" -# On full runs, allow for zlib having already been deleted by minimal +# On full runs, allow for zlib & freetype having already been deleted by minimal echo "Removing zlib" if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then echo "${ZIP_SRC} does not exist. Refusing to proceed." exit 1 fi rm -rvf ${ZIP_SRC} +echo "Removing freetype" +if [ "x${TYPE}" = "xminimal" -a ! -d ${FREETYPE_SRC} ]; then + echo "${FREETYPE_SRC} does not exist. Refusing to proceed." + exit 1 +fi +rm -rvf ${FREETYPE_SRC} -# Minimal is limited to just zlib so finish here +# Minimal is limited to just zlib and freetype so finish here if test "x${TYPE}" = "xminimal"; then echo "Finished."; exit 0; diff --git a/sources b/sources index d0a250a..e7c6383 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30 -SHA512 (openjdk-jdk17u-jdk-17.0.5+7.tar.xz) = 43eb77ba56756748ce39e245824ca7d68c7cfe01fd4e72599e1b73f85bd522beadb3651029457c2b6dbb0080daf3d0550350929090e36fce8fc7892163222bc7 +SHA512 (openjdk-jdk17u-jdk-17.0.5+8.tar.xz) = 1acbda948374d7834347c9b98cfc25a7db24a5656e4466792831015158bdf24026a35a2cdbb8993c09e906a5f305b9e7749fa36b4dae3e75800a8976a2cb2b82