From a391237efad8dd12bd8b6b3b15b38388cc2015b1be6e2609ffdbeac08c3de7df Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Sun, 15 Oct 2023 06:48:39 +0000 Subject: [PATCH 1/5] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=435 --- java-1_8_0-openjdk.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec index 25f38b9..b061856 100644 --- a/java-1_8_0-openjdk.spec +++ b/java-1_8_0-openjdk.spec @@ -765,7 +765,7 @@ find %{buildroot}%{_jvmdir}/%{sdkdir}/demo \ %if 0%{?suse_version} <= 1130 # bnc496378 - check the size of installed cacerts # 32 bytes means a default empty one -if [[ $(stat -c "%{s}" %{buildroot}/%{cacerts}) == "32" ]]; then +if [[ $(stat -c "%%s" %{buildroot}/%{cacerts}) == "32" ]]; then echo "ERROR: Default keystore seems empty" exit 1 fi From 97331844e6a09b16c5294461f07e103090974599fdff8801b396028d69ca2f87 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Wed, 18 Oct 2023 01:32:41 +0000 Subject: [PATCH 2/5] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=436 --- java-1_8_0-openjdk.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec index b061856..6e2f011 100644 --- a/java-1_8_0-openjdk.spec +++ b/java-1_8_0-openjdk.spec @@ -850,7 +850,7 @@ if [ X"`%{_bindir}/file --mime-type -b %{javacacerts}`" \ fi # remove the default empty cacert file, if it's installed -if [ 0`stat -c "%{s}" %{cacerts} 2>/dev/null` = "032" ] ; then +if [ 0`stat -c "%%s" %{cacerts} 2>/dev/null` = "032" ] ; then rm -f %{cacerts} fi From 9a58fb23530c4f47d8be262b88b341c1b7432c3f2c89f4c2e15734de4cecd09c Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Sat, 28 Oct 2023 08:05:04 +0000 Subject: [PATCH 3/5] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=437 --- aarch32-git.tar.xz | 4 ++-- icedtea-3.28.0.tar.xz | 3 --- icedtea-3.29.0.tar.xz | 3 +++ java-1_8_0-openjdk.spec | 6 +++--- openjdk-git.tar.xz | 4 ++-- shenandoah-git.tar.xz | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) delete mode 100644 icedtea-3.28.0.tar.xz create mode 100644 icedtea-3.29.0.tar.xz diff --git a/aarch32-git.tar.xz b/aarch32-git.tar.xz index 7f13e95..8757e5a 100644 --- a/aarch32-git.tar.xz +++ b/aarch32-git.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:86ac13cdd6ee4024e5bf4779418a6f62c75525a04f26ba70d2fcb7ad888f4a95 -size 7205604 +oid sha256:bb00d352f3748fdc5d26980999c83665bb3753ef4a74a9a4e82a8deee1f86476 +size 7205616 diff --git a/icedtea-3.28.0.tar.xz b/icedtea-3.28.0.tar.xz deleted file mode 100644 index eb5d46f..0000000 --- a/icedtea-3.28.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:822697a4f0039ec312cc143df40916fc8b68fbfe49c2631186bbba83bd6c5c8d -size 1571464 diff --git a/icedtea-3.29.0.tar.xz b/icedtea-3.29.0.tar.xz new file mode 100644 index 0000000..27f7ecf --- /dev/null +++ b/icedtea-3.29.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9954bf4ee8f7f4dbdec621419e6f2c42d3e97102987a7edb374e3bda7baf5169 +size 1572828 diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec index 6e2f011..d5f9a8b 100644 --- a/java-1_8_0-openjdk.spec +++ b/java-1_8_0-openjdk.spec @@ -18,7 +18,7 @@ %{!?aarch64:%global aarch64 aarch64 arm64 armv8} %global jit_arches %{ix86} x86_64 ppc64 ppc64le %{aarch64} %{arm} -%global icedtea_version 3.28.0 +%global icedtea_version 3.29.0 %global buildoutputdir openjdk.build/ # Convert an absolute path to a relative path. Each symbolic link is # specified relative to the directory in which it is installed so that @@ -31,8 +31,8 @@ # priority must be 6 digits in total %global priority 1805 %global javaver 1.8.0 -%global updatever 382 -%global buildver 05 +%global updatever 392 +%global buildver 08 # Standard JPackage directories and symbolic links. %global sdklnk java-%{javaver}-openjdk %global archname %{sdklnk} diff --git a/openjdk-git.tar.xz b/openjdk-git.tar.xz index 4f0fe59..ab45458 100644 --- a/openjdk-git.tar.xz +++ b/openjdk-git.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:e0e4bceac9b0fbcd67677d571158185e1146c61b7611a9a4ddbdee8f7d5f4c11 -size 59630060 +oid sha256:74d33382e17a757728bc209595a89068528406428fe3c66fc0bbf9d489ecfc14 +size 59648916 diff --git a/shenandoah-git.tar.xz b/shenandoah-git.tar.xz index 143ae15..f21197c 100644 --- a/shenandoah-git.tar.xz +++ b/shenandoah-git.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:b6ebadba01a70aafe3a0811c36d669e2631c90013a46cf55c845c2be160f2eb7 -size 7290172 +oid sha256:fae45df7da24d04252c8fda59e753f3cec5684b978e889cdf5ad04f7832f8542 +size 7289632 From 9661b553cc0edede6ad9406a63e94d1c7baec9784f657bfd74006abdfab8e64b Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Tue, 14 Nov 2023 06:07:40 +0000 Subject: [PATCH 4/5] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=438 --- java-1_8_0-openjdk.changes | 59 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/java-1_8_0-openjdk.changes b/java-1_8_0-openjdk.changes index 35e04d2..90b9cf8 100644 --- a/java-1_8_0-openjdk.changes +++ b/java-1_8_0-openjdk.changes @@ -1,3 +1,62 @@ +------------------------------------------------------------------- +Tue Nov 14 06:00:16 UTC 2023 - Fridrich Strba + +- Update to version jdk8u392 (icedtea-3.29.0) + * October 2023 CPU + * CVEs + + CVE-2023-22067, bsc#1216379 + + CVE-2023-22081, bsc#1216374 + * Security fixes + + JDK-8286503, JDK-8312367: Enhance security classes + + JDK-8297856: Improve handling of Bidi characters + + JDK-8303384: Improved communication in CORBA + + JDK-8305815, JDK-8307278: Update Libpng to 1.6.39 + + JDK-8309966: Enhanced TLS connections + * Import of OpenJDK 8 u392 build 08 + + JDK-6722928: Provide a default native GSS-API library on + Windows + + JDK-8040887: [TESTBUG] Remove + test/runtime/6925573/SortMethodsTest.java + + JDK-8042726: [TESTBUG] TEST.groups file was not updated after + runtime/6925573/SortMethodsTest.java removal + + JDK-8139348: Deprecate 3DES and RC4 in Kerberos + + JDK-8173072: zipfs fails to handle incorrect info-zip + "extended timestamp extra field" + + JDK-8200468: Port the native GSS-API bridge to Windows + + JDK-8202952: C2: Unexpected dead nodes after matching + + JDK-8205399: Set node color on pinned HashMap.TreeNode + deletion + + JDK-8209115: adjust libsplashscreen linux ppc64le builds for + easier libpng update + + JDK-8214046: [macosx] Undecorated Frame does not Iconify when + set to + + JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails + intermittently due to NumberFormatException + + JDK-8225687: Newly added sspi.cpp in JDK-6722928 still + contains some small errors + + JDK-8232225: Rework the fix for JDK-8071483 + + JDK-8242330: Arrays should be cloned in several JAAS Callback + classes + + JDK-8253269: The CheckCommonColors test should provide more + info on failure + + JDK-8283441: C2: segmentation fault in + ciMethodBlocks::make_block_at(int) + + JDK-8284910: Buffer clean in PasswordCallback + + JDK-8287073: NPE from CgroupV2Subsystem.getInstance() + + JDK-8287663: Add a regression test for JDK-8287073 + + JDK-8295685: Update Libpng to 1.6.38 + + JDK-8295894: Remove SECOM certificate that is expiring in + September 2023 + + JDK-8308788: [8u] Remove duplicate HaricaCA.java test + + JDK-8309122: Bump update version of OpenJDK: 8u392 + + JDK-8309143: [8u] fix archiving inconsistencies in GHA + + JDK-8310026: [8u] make java_lang_String::hash_code consistent + across platforms + + JDK-8314960: Add Certigna Root CA - 2 + + JDK-8315135: Memory leak in the native implementation of + Pack200.Unpacker.unpack() + + JDK-8317040: Exclude cleaner test failing on older releases + ------------------------------------------------------------------- Mon Jul 31 05:52:03 UTC 2023 - Fridrich Strba From 1e962eac2b7e0a12115ec550d2853bf79cbcf3eddeb643b0dd6adc26308e3af1 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Tue, 14 Nov 2023 06:28:06 +0000 Subject: [PATCH 5/5] OBS-URL: https://build.opensuse.org/package/show/Java:Factory/java-1_8_0-openjdk?expand=0&rev=439 --- bsc1211968.patch | 15 +++++++++++++++ java-1_8_0-openjdk.changes | 4 ++++ java-1_8_0-openjdk.spec | 3 +++ 3 files changed, 22 insertions(+) create mode 100644 bsc1211968.patch diff --git a/bsc1211968.patch b/bsc1211968.patch new file mode 100644 index 0000000..853cc57 --- /dev/null +++ b/bsc1211968.patch @@ -0,0 +1,15 @@ +--- openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java 2023-11-14 07:18:11.483931806 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java 2023-11-14 07:20:21.018138340 +0100 +@@ -253,11 +253,7 @@ + static { + String property = GetPropertyAction.privilegedGetProperty( + "jdk.tls.ephemeralDHKeySize"); +- if (property == null || property.isEmpty()) { +- useLegacyEphemeralDHKeys = false; +- useSmartEphemeralDHKeys = false; +- customizedDHKeySize = -1; +- } else if ("matched".equals(property)) { ++ if (property == null || property.isEmpty() || "matched".equals(property)) { + useLegacyEphemeralDHKeys = false; + useSmartEphemeralDHKeys = true; + customizedDHKeySize = -1; diff --git a/java-1_8_0-openjdk.changes b/java-1_8_0-openjdk.changes index 90b9cf8..37b90f9 100644 --- a/java-1_8_0-openjdk.changes +++ b/java-1_8_0-openjdk.changes @@ -56,6 +56,10 @@ Tue Nov 14 06:00:16 UTC 2023 - Fridrich Strba + JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() + JDK-8317040: Exclude cleaner test failing on older releases +- Added patch: + * bsc1211968.patch + + fix bsc#1211968: SLES12SP5 vulnerable to CVE-2015-4000 + (Logjam)? ------------------------------------------------------------------- Mon Jul 31 05:52:03 UTC 2023 - Fridrich Strba diff --git a/java-1_8_0-openjdk.spec b/java-1_8_0-openjdk.spec index d5f9a8b..4e7eb0b 100644 --- a/java-1_8_0-openjdk.spec +++ b/java-1_8_0-openjdk.spec @@ -172,6 +172,8 @@ Source3: https://icedtea.classpath.org/download/drops/icedtea8/%{icedtea_ # nss fips configuration file Source17: nss.fips.cfg.in # RPM/distribution specific patches +# bsc#1211968 +Patch1: bsc1211968.patch # RHBZ 1015432 Patch2: 1015432.patch # Restrict access to java-atk-wrapper classes @@ -508,6 +510,7 @@ sh autogen.sh make patch %{?_smp_mflags} +patch -p0 -i %{PATCH1} patch -p0 -i %{PATCH2} patch -p0 -i %{PATCH3} patch -p0 -i %{PATCH12}