Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package java-1_8_0-openjdk for openSUSE:Factory checked in at 2023-11-14 21:42:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/java-1_8_0-openjdk (Old) and /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new.17445 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "java-1_8_0-openjdk" Tue Nov 14 21:42:34 2023 rev:96 rq:1125800 version:1.8.0.392 Changes: -------- --- /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/java-1_8_0-openjdk.changes 2023-08-01 14:15:30.887482324 +0200 +++ /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new.17445/java-1_8_0-openjdk.changes 2023-11-14 21:42:37.199703586 +0100 @@ -1,0 +2,63 @@ +Tue Nov 14 06:00:16 UTC 2023 - Fridrich Strba <[email protected]> + +- Update to version jdk8u392 (icedtea-3.29.0) + * October 2023 CPU + * CVEs + + CVE-2023-22067, bsc#1216379 + + CVE-2023-22081, bsc#1216374 + * Security fixes + + JDK-8286503, JDK-8312367: Enhance security classes + + JDK-8297856: Improve handling of Bidi characters + + JDK-8303384: Improved communication in CORBA + + JDK-8305815, JDK-8307278: Update Libpng to 1.6.39 + + JDK-8309966: Enhanced TLS connections + * Import of OpenJDK 8 u392 build 08 + + JDK-6722928: Provide a default native GSS-API library on + Windows + + JDK-8040887: [TESTBUG] Remove + test/runtime/6925573/SortMethodsTest.java + + JDK-8042726: [TESTBUG] TEST.groups file was not updated after + runtime/6925573/SortMethodsTest.java removal + + JDK-8139348: Deprecate 3DES and RC4 in Kerberos + + JDK-8173072: zipfs fails to handle incorrect info-zip + "extended timestamp extra field" + + JDK-8200468: Port the native GSS-API bridge to Windows + + JDK-8202952: C2: Unexpected dead nodes after matching + + JDK-8205399: Set node color on pinned HashMap.TreeNode + deletion + + JDK-8209115: adjust libsplashscreen linux ppc64le builds for + easier libpng update + + JDK-8214046: [macosx] Undecorated Frame does not Iconify when + set to + + JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails + intermittently due to NumberFormatException + + JDK-8225687: Newly added sspi.cpp in JDK-6722928 still + contains some small errors + + JDK-8232225: Rework the fix for JDK-8071483 + + JDK-8242330: Arrays should be cloned in several JAAS Callback + classes + + JDK-8253269: The CheckCommonColors test should provide more + info on failure + + JDK-8283441: C2: segmentation fault in + ciMethodBlocks::make_block_at(int) + + JDK-8284910: Buffer clean in PasswordCallback + + JDK-8287073: NPE from CgroupV2Subsystem.getInstance() + + JDK-8287663: Add a regression test for JDK-8287073 + + JDK-8295685: Update Libpng to 1.6.38 + + JDK-8295894: Remove SECOM certificate that is expiring in + September 2023 + + JDK-8308788: [8u] Remove duplicate HaricaCA.java test + + JDK-8309122: Bump update version of OpenJDK: 8u392 + + JDK-8309143: [8u] fix archiving inconsistencies in GHA + + JDK-8310026: [8u] make java_lang_String::hash_code consistent + across platforms + + JDK-8314960: Add Certigna Root CA - 2 + + JDK-8315135: Memory leak in the native implementation of + Pack200.Unpacker.unpack() + + JDK-8317040: Exclude cleaner test failing on older releases +- Added patch: + * bsc1211968.patch + + fix bsc#1211968: SLES12SP5 vulnerable to CVE-2015-4000 + (Logjam)? + +------------------------------------------------------------------- Old: ---- icedtea-3.28.0.tar.xz New: ---- bsc1211968.patch icedtea-3.29.0.tar.xz BETA DEBUG BEGIN: New:- Added patch: * bsc1211968.patch + fix bsc#1211968: SLES12SP5 vulnerable to CVE-2015-4000 BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ java-1_8_0-openjdk.spec ++++++ --- /var/tmp/diff_new_pack.aBv1Qi/_old 2023-11-14 21:42:38.971769182 +0100 +++ /var/tmp/diff_new_pack.aBv1Qi/_new 2023-11-14 21:42:38.975769331 +0100 @@ -18,7 +18,7 @@ %{!?aarch64:%global aarch64 aarch64 arm64 armv8} %global jit_arches %{ix86} x86_64 ppc64 ppc64le %{aarch64} %{arm} -%global icedtea_version 3.28.0 +%global icedtea_version 3.29.0 %global buildoutputdir openjdk.build/ # Convert an absolute path to a relative path. Each symbolic link is # specified relative to the directory in which it is installed so that @@ -31,8 +31,8 @@ # priority must be 6 digits in total %global priority 1805 %global javaver 1.8.0 -%global updatever 382 -%global buildver 05 +%global updatever 392 +%global buildver 08 # Standard JPackage directories and symbolic links. %global sdklnk java-%{javaver}-openjdk %global archname %{sdklnk} @@ -172,6 +172,8 @@ # nss fips configuration file Source17: nss.fips.cfg.in # RPM/distribution specific patches +# bsc#1211968 +Patch1: bsc1211968.patch # RHBZ 1015432 Patch2: 1015432.patch # Restrict access to java-atk-wrapper classes @@ -508,6 +510,7 @@ make patch %{?_smp_mflags} +patch -p0 -i %{PATCH1} patch -p0 -i %{PATCH2} patch -p0 -i %{PATCH3} patch -p0 -i %{PATCH12} @@ -765,7 +768,7 @@ %if 0%{?suse_version} <= 1130 # bnc496378 - check the size of installed cacerts # 32 bytes means a default empty one -if [[ $(stat -c "%{s}" %{buildroot}/%{cacerts}) == "32" ]]; then +if [[ $(stat -c "%%s" %{buildroot}/%{cacerts}) == "32" ]]; then echo "ERROR: Default keystore seems empty" exit 1 fi @@ -850,7 +853,7 @@ fi # remove the default empty cacert file, if it's installed -if [ 0`stat -c "%{s}" %{cacerts} 2>/dev/null` = "032" ] ; then +if [ 0`stat -c "%%s" %{cacerts} 2>/dev/null` = "032" ] ; then rm -f %{cacerts} fi ++++++ aarch32-git.tar.xz ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/aarch32-git.tar.xz /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new.17445/aarch32-git.tar.xz differ: char 26, line 1 ++++++ bsc1211968.patch ++++++ --- openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java 2023-11-14 07:18:11.483931806 +0100 +++ openjdk/jdk/src/share/classes/sun/security/ssl/DHKeyExchange.java 2023-11-14 07:20:21.018138340 +0100 @@ -253,11 +253,7 @@ static { String property = GetPropertyAction.privilegedGetProperty( "jdk.tls.ephemeralDHKeySize"); - if (property == null || property.isEmpty()) { - useLegacyEphemeralDHKeys = false; - useSmartEphemeralDHKeys = false; - customizedDHKeySize = -1; - } else if ("matched".equals(property)) { + if (property == null || property.isEmpty() || "matched".equals(property)) { useLegacyEphemeralDHKeys = false; useSmartEphemeralDHKeys = true; customizedDHKeySize = -1; ++++++ icedtea-3.28.0.tar.xz -> icedtea-3.29.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/ChangeLog new/icedtea-3.29.0/ChangeLog --- old/icedtea-3.28.0/ChangeLog 2023-07-28 01:47:01.766061453 +0200 +++ new/icedtea-3.29.0/ChangeLog 2023-10-28 05:03:17.514586168 +0200 @@ -1,3 +1,38 @@ +2023-10-27 Andrew John Hughes <[email protected]> + + Prepare for release. + * NEWS: Set release date to today (2023-10-27). + +2023-10-24 Andrew John Hughes <[email protected]> + + Bump aarch32 to jdk8u392-ga-aarch32-20231020 + * hotspot.map.in: Bump aarch32 to + jdk8u392-ga-aarch32-20231020 + +2023-10-24 Andrew John Hughes <[email protected]> + + Bump shenandoah to shenandoah-jdk8u392-b08. + * hotspot.map.in: Bump shenandoah to + shenandoah-jdk8u392-b08. + +2023-10-24 Andrew John Hughes <[email protected]> + + Bump to icedtea-3.29.0. + * Makefile.am: + (OPENJDK_CHANGESET): Update to icedtea-3.29.0 tag. + (OPENJDK_SHA256SUM): Likewise. + * NEWS: Updated. + * acinclude.m4: + (IT_DETERMINE_VERSION): Set JDK_UPDATE_VERSION + to 392 and BUILD_VERSION to b08. + * configure.ac: Bump to 3.29.0. + +2023-10-24 Andrew John Hughes <[email protected]> + + Start 3.29.0 release cycle. + * NEWS: Add 3.29.0 section. + * configure.ac: Bump to 3.29.0pre00. + 2023-07-28 Andrew John Hughes <[email protected]> Prepare for release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/Makefile.am new/icedtea-3.29.0/Makefile.am --- old/icedtea-3.28.0/Makefile.am 2023-07-28 01:47:01.769394775 +0200 +++ new/icedtea-3.29.0/Makefile.am 2023-10-28 05:03:17.521252820 +0200 @@ -1,8 +1,8 @@ # Dependencies -OPENJDK_CHANGESET = 8d645fd44e +OPENJDK_CHANGESET = b5a9ddb3d9 -OPENJDK_SHA256SUM = e0e4bceac9b0fbcd67677d571158185e1146c61b7611a9a4ddbdee8f7d5f4c11 +OPENJDK_SHA256SUM = 74d33382e17a757728bc209595a89068528406428fe3c66fc0bbf9d489ecfc14 HS_TYPE = "`$(AWK) 'version==$$1 {print $$2}' version=$(HSBUILD) $(abs_top_builddir)/hotspot.map`" HS_URL = "`$(AWK) 'version==$$1 {print $$3}' version=$(HSBUILD) $(abs_top_builddir)/hotspot.map`" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/Makefile.in new/icedtea-3.29.0/Makefile.in --- old/icedtea-3.28.0/Makefile.in 2023-07-28 01:47:09.819370156 +0200 +++ new/icedtea-3.29.0/Makefile.in 2023-10-28 05:11:21.216759203 +0200 @@ -647,8 +647,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -OPENJDK_CHANGESET = 8d645fd44e -OPENJDK_SHA256SUM = e0e4bceac9b0fbcd67677d571158185e1146c61b7611a9a4ddbdee8f7d5f4c11 +OPENJDK_CHANGESET = b5a9ddb3d9 +OPENJDK_SHA256SUM = 74d33382e17a757728bc209595a89068528406428fe3c66fc0bbf9d489ecfc14 HS_TYPE = "`$(AWK) 'version==$$1 {print $$2}' version=$(HSBUILD) $(abs_top_builddir)/hotspot.map`" HS_URL = "`$(AWK) 'version==$$1 {print $$3}' version=$(HSBUILD) $(abs_top_builddir)/hotspot.map`" HS_CHANGESET = "`$(AWK) 'version==$$1 {print $$4}' version=$(HSBUILD) $(abs_top_builddir)/hotspot.map`" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/NEWS new/icedtea-3.29.0/NEWS --- old/icedtea-3.28.0/NEWS 2023-07-28 01:47:01.772728099 +0200 +++ new/icedtea-3.29.0/NEWS 2023-10-28 05:03:17.524586145 +0200 @@ -12,6 +12,47 @@ CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release 3.29.0 (2023-10-27): + +* CVEs + - CVE-2023-22067 + - CVE-2023-22081 +* Security fixes + - JDK-8286503, JDK-8312367: Enhance security classes + - JDK-8297856: Improve handling of Bidi characters + - JDK-8303384: Improved communication in CORBA + - JDK-8305815, JDK-8307278: Update Libpng to 1.6.39 + - JDK-8309966: Enhanced TLS connections +* Import of OpenJDK 8 u392 build 08 + - JDK-6722928: Provide a default native GSS-API library on Windows + - JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java + - JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal + - JDK-8139348: Deprecate 3DES and RC4 in Kerberos + - JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field" + - JDK-8200468: Port the native GSS-API bridge to Windows + - JDK-8202952: C2: Unexpected dead nodes after matching + - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion + - JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update + - JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to + - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException + - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors + - JDK-8232225: Rework the fix for JDK-8071483 + - JDK-8242330: Arrays should be cloned in several JAAS Callback classes + - JDK-8253269: The CheckCommonColors test should provide more info on failure + - JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) + - JDK-8284910: Buffer clean in PasswordCallback + - JDK-8287073: NPE from CgroupV2Subsystem.getInstance() + - JDK-8287663: Add a regression test for JDK-8287073 + - JDK-8295685: Update Libpng to 1.6.38 + - JDK-8295894: Remove SECOM certificate that is expiring in September 2023 + - JDK-8308788: [8u] Remove duplicate HaricaCA.java test + - JDK-8309122: Bump update version of OpenJDK: 8u392 + - JDK-8309143: [8u] fix archiving inconsistencies in GHA + - JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms + - JDK-8314960: Add Certigna Root CA - 2 + - JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack() + - JDK-8317040: Exclude cleaner test failing on older releases + New in release 3.28.0 (2023-07-28): * CVEs diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/acinclude.m4 new/icedtea-3.29.0/acinclude.m4 --- old/icedtea-3.28.0/acinclude.m4 2023-07-28 01:47:01.776061421 +0200 +++ new/icedtea-3.29.0/acinclude.m4 2023-10-28 05:03:17.524586145 +0200 @@ -1966,8 +1966,8 @@ dnl (e.g. 1.8.0 = 8, 1.7.0 = 7, etc.) JAVA_SPEC_VER=8 JAVA_VENDOR=openjdk - JDK_UPDATE_VERSION=382 - BUILD_VERSION=b05 + JDK_UPDATE_VERSION=392 + BUILD_VERSION=b08 MILESTONE=fcs if test "x${MILESTONE}" = "xfcs"; then COMBINED_VERSION=${JDK_UPDATE_VERSION}-${BUILD_VERSION} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/configure new/icedtea-3.29.0/configure --- old/icedtea-3.28.0/configure 2023-07-28 01:47:09.419371376 +0200 +++ new/icedtea-3.29.0/configure 2023-10-28 05:11:20.836760147 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for icedtea 3.28.0. +# Generated by GNU Autoconf 2.71 for icedtea 3.29.0. # # Report bugs to <[email protected]>. # @@ -611,8 +611,8 @@ # Identity of this package. PACKAGE_NAME='icedtea' PACKAGE_TARNAME='icedtea' -PACKAGE_VERSION='3.28.0' -PACKAGE_STRING='icedtea 3.28.0' +PACKAGE_VERSION='3.29.0' +PACKAGE_STRING='icedtea 3.29.0' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1763,7 +1763,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures icedtea 3.28.0 to adapt to many kinds of systems. +\`configure' configures icedtea 3.29.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1835,7 +1835,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of icedtea 3.28.0:";; + short | recursive ) echo "Configuration of icedtea 3.29.0:";; esac cat <<\_ACEOF @@ -2100,7 +2100,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -icedtea configure 3.28.0 +icedtea configure 3.29.0 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2574,7 +2574,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by icedtea $as_me 3.28.0, which was +It was created by icedtea $as_me 3.29.0, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -4173,7 +4173,7 @@ # Define the identity of the package. PACKAGE='icedtea' - VERSION='3.28.0' + VERSION='3.29.0' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -4404,8 +4404,8 @@ JAVA_VER=1.8.0 JAVA_SPEC_VER=8 JAVA_VENDOR=openjdk - JDK_UPDATE_VERSION=382 - BUILD_VERSION=b05 + JDK_UPDATE_VERSION=392 + BUILD_VERSION=b08 MILESTONE=fcs if test "x${MILESTONE}" = "xfcs"; then COMBINED_VERSION=${JDK_UPDATE_VERSION}-${BUILD_VERSION} @@ -16844,7 +16844,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by icedtea $as_me 3.28.0, which was +This file was extended by icedtea $as_me 3.29.0, which was generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -16903,7 +16903,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -icedtea config.status 3.28.0 +icedtea config.status 3.29.0 configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/configure.ac new/icedtea-3.29.0/configure.ac --- old/icedtea-3.28.0/configure.ac 2023-07-28 01:47:01.776061421 +0200 +++ new/icedtea-3.29.0/configure.ac 2023-10-28 05:03:17.524586145 +0200 @@ -1,4 +1,4 @@ -AC_INIT([icedtea], [3.28.0], [[email protected]]) +AC_INIT([icedtea], [3.29.0], [[email protected]]) AC_CANONICAL_HOST AC_CANONICAL_TARGET AM_INIT_AUTOMAKE([1.9 tar-pax foreign]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/icedtea-3.28.0/hotspot.map.in new/icedtea-3.29.0/hotspot.map.in --- old/icedtea-3.28.0/hotspot.map.in 2023-07-28 01:47:01.779394745 +0200 +++ new/icedtea-3.29.0/hotspot.map.in 2023-10-28 05:03:17.531252796 +0200 @@ -1,3 +1,3 @@ # version type(drop/hg) url changeset sha256sum -shenandoah drop https://icedtea.classpath.org/download/drops/icedtea8/@ICEDTEA_RELEASE@ b720f3669c7 b6ebadba01a70aafe3a0811c36d669e2631c90013a46cf55c845c2be160f2eb7 -aarch32 drop https://icedtea.classpath.org/download/drops/icedtea8/@ICEDTEA_RELEASE@ b7b4fbdb59 86ac13cdd6ee4024e5bf4779418a6f62c75525a04f26ba70d2fcb7ad888f4a95 +shenandoah drop https://icedtea.classpath.org/download/drops/icedtea8/@ICEDTEA_RELEASE@ aabeb2da532 fae45df7da24d04252c8fda59e753f3cec5684b978e889cdf5ad04f7832f8542 +aarch32 drop https://icedtea.classpath.org/download/drops/icedtea8/@ICEDTEA_RELEASE@ 6e20bc344f bb00d352f3748fdc5d26980999c83665bb3753ef4a74a9a4e82a8deee1f86476 ++++++ openjdk-git.tar.xz ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/openjdk-git.tar.xz /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new.17445/openjdk-git.tar.xz differ: char 27, line 1 ++++++ shenandoah-git.tar.xz ++++++ /work/SRC/openSUSE:Factory/java-1_8_0-openjdk/shenandoah-git.tar.xz /work/SRC/openSUSE:Factory/.java-1_8_0-openjdk.new.17445/shenandoah-git.tar.xz differ: char 26, line 1
