From 7ff15df48d324f52e01a9290a3de0630721d6b29 Mon Sep 17 00:00:00 2001
From: Andrew Hughes <gnu.andrew@redhat.com>
Date: Wed, 11 Jan 2023 04:51:13 +0000
Subject: [PATCH] Update to jdk-17.0.6.0+10

Update release notes to 17.0.6.0+10
Switch to GA mode for release
---
 .gitignore           |  1 +
 NEWS                 | 48 ++++++++++++++++++++++++++++++++++++++++++++
 java-17-openjdk.spec | 13 ++++++++----
 sources              |  2 +-
 4 files changed, 59 insertions(+), 5 deletions(-)

diff --git a/.gitignore b/.gitignore
index d0f8b66..4663d5a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -34,3 +34,4 @@
 /openjdk-jdk17u-jdk-17.0.5+8.tar.xz
 /openjdk-jdk17u-jdk-17.0.6+1.tar.xz
 /openjdk-jdk17u-jdk-17.0.6+9.tar.xz
+/openjdk-jdk17u-jdk-17.0.6+10.tar.xz
diff --git a/NEWS b/NEWS
index cce7454..5a69f0d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,21 @@ Live versions of these release notes can be found at:
   * https://bitly.com/openjdk1706
   * https://builds.shipilev.net/backports-monitor/release-notes-17.0.6.html
 
+* CVEs
+  - CVE-2023-21835
+  - CVE-2023-21843
+* Security fixes
+  - JDK-8286070: Improve UTF8 representation
+  - JDK-8286496: Improve Thread labels
+  - JDK-8287411: Enhance DTLS performance
+  - JDK-8288516: Enhance font creation
+  - JDK-8289350: Better media supports
+  - JDK-8293554: Enhanced DH Key Exchanges
+  - JDK-8293598: Enhance InetAddress address handling
+  - JDK-8293717: Objective view of ObjectView
+  - JDK-8293734: Improve BMP image handling
+  - JDK-8293742: Better Banking of Sounds
+  - JDK-8295687: Better BMP bounds
 * Other changes
   - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
   - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
@@ -252,10 +267,12 @@ Live versions of these release notes can be found at:
   - JDK-8295554: Move the "sizecalc.h" to the correct location
   - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
   - JDK-8295714: GHA ::set-output is deprecated and will be removed
+  - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
   - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
   - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
   - JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM
   - JDK-8296108: (tz) Update Timezone Data to 2022f
+  - JDK-8296239: ISO 4217 Amendment 174 Update
   - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
   - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
   - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
@@ -278,10 +295,33 @@ Live versions of these release notes can be found at:
   - JDK-8297590: [TESTBUG] HotSpotResolvedJavaFieldTest does not run
   - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
   - JDK-8297804: (tz) Update Timezone Data to 2022g
+  - JDK-8299392: [17u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.6
+  - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
+  - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
 
 Notes on individual issues:
 ===========================
 
+client-libs/javax.imageio:
+
+JDK-8295687: Better BMP bounds
+==============================
+Loading a linked ICC profile within a BMP image is now disabled by
+default. To re-enable it, set the new system property
+`sun.imageio.bmp.enabledLinkedProfiles` to `true`.  This new property
+replaces the old property,
+`sun.imageio.plugins.bmp.disableLinkedProfiles`.
+
+client-libs/javax.sound:
+
+JDK-8293742: Better Banking of Sounds
+=====================================
+Previously, the SoundbankReader implementation,
+`com.sun.media.sound.JARSoundbankReader`, would download a JAR
+soundbank from a URL.  This behaviour is now disabled by default. To
+re-enable it, set the new system property `jdk.sound.jarsoundbank` to
+`true`.
+
 security-libs/java.security:
 
 JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
@@ -302,6 +342,14 @@ the same change is made in third party modules.  Developers of third
 party modules are advised to verify that their logout() method does not
 throw a NullPointerException.
 
+security-libs/javax.net.ssl:
+
+JDK-8287411: Enhance DTLS performance
+=====================================
+The JDK now exchanges DTLS cookies for all handshakes, new and
+resumed. The previous behaviour can be re-enabled by setting the new
+system property `jdk.tls.enableDtlsResumeCookie` to `false`.
+
 New in release OpenJDK 17.0.5 (2022-10-18):
 ===========================================
 Live versions of these release notes can be found at:
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index dd69f92..d3fda7c 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -368,8 +368,8 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        9
-%global rpmrelease      2
+%global buildver        10
+%global rpmrelease      1
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
 # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -395,7 +395,7 @@
 # Release will be (where N is usually a number starting at 1):
 # - 0.N%%{?extraver}%%{?dist} for EA releases,
 # - N%%{?extraver}{?dist} for GA releases
-%global is_ga           0
+%global is_ga           1
 %if %{is_ga}
 %global build_type GA
 %global ea_designator ""
@@ -1285,7 +1285,7 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
 
 Name:    java-17-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}.1
+Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -2673,6 +2673,11 @@ cjc.mainProgram(args)
 %endif
 
 %changelog
+* Thu Jan 26 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.6.0.10-1
+- Update to jdk-17.0.6.0+10
+- Update release notes to 17.0.6.0+10
+- Switch to GA mode for release
+
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1:17.0.6.0.9-0.2.ea.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 
diff --git a/sources b/sources
index 861eb78..bf52ee4 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk17u-jdk-17.0.6+9.tar.xz) = bad612ec3b5cf9287b4fdfa4ae6618751e9d50e9347c66c87af9d9eba06276ef1c95abb1b72f381bc629d0e7f2a520fdd26cb6d7f782c517a16102c7dd236ca2
+SHA512 (openjdk-jdk17u-jdk-17.0.6+10.tar.xz) = 2878aae52e2f49146b9631e3b0379370dce1a0a620dc5c5b763d1432b82e705e3aa33a83008391b4845bf0cb493b08179e7ac3419f597fb80fd65df393e12cf1