The package rpms/java-11-openjdk.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-11-openjdk.git/commit/?id=0180….
Change:
+%ifarch %{ssbd_arches}
Thanks.
Full change:
============
commit efdc99cf81498a3c03673e772023df1d9516f09b
Merge: 3568ce8 c59da7e
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Apr 30 10:54:10 2023 +0200
Merge branch 'f37' into f36
commit c59da7e972f3aa10c8e62e4ca8459b70c53a4b4a
Merge: fe878a8 3d2f837
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Apr 30 10:52:44 2023 +0200
Merge branch 'f38' into f37
commit 3d2f8374c5c59132a06e3007ff54684157b26de8
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Apr 29 17:21:07 2023 +0200
Added tzdata.usptream and cacerts.upstream
diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 3ba613f..368af80 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -824,6 +824,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfont.properties.ja
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfontj2d.properties
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat
+%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat.upstream
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/jli
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jli/libjli.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jvm.cfg
@@ -886,6 +887,7 @@ exit 0
%dir %{etcjavadir -- %{?1}}/lib
%dir %{etcjavadir -- %{?1}}/lib/security
%{etcjavadir -- %{?1}}/lib/security/cacerts
+%{etcjavadir -- %{?1}}/lib/security/cacerts.upstream
%dir %{etcjavadir -- %{?1}}/conf
%dir %{etcjavadir -- %{?1}}/conf/management
%dir %{etcjavadir -- %{?1}}/conf/security
commit 0180d4e988f72c718785051bbb34a8f2ad567225
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Apr 29 16:39:42 2023 +0200
updated to 17.0.7.0.7 underlying portables
- requirign 17.0.7.0.7-2 due to news, and much more tuning
- now untarring enforced version
- repacked bits are now requested in exact version
- repacked portables
- using icons from source package
- providing full sources via src package
- requiring exact version.reelase of portables
- todo, lost alt java manpage.. probably already in portables
- TODO conslut this clean up - javdoc
- todo, debuginfo
diff --git a/NEWS b/NEWS
deleted file mode 100644
index e03d474..0000000
--- a/NEWS
+++ /dev/null
@@ -1,4303 +0,0 @@
-Key:
-
-JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
-CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-
-New in release OpenJDK 11.0.18 (2023-01-17):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk11018
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.18.html
-
-* CVEs
- - CVE-2023-21835
- - CVE-2023-21843
-* Security fixes
- - JDK-8286070: Improve UTF8 representation
- - JDK-8286496: Improve Thread labels
- - JDK-8287411: Enhance DTLS performance
- - JDK-8288516: Enhance font creation
- - JDK-8289350: Better media supports
- - JDK-8293554: Enhanced DH Key Exchanges
- - JDK-8293598: Enhance InetAddress address handling
- - JDK-8293717: Objective view of ObjectView
- - JDK-8293734: Improve BMP image handling
- - JDK-8293742: Better Banking of Sounds
- - JDK-8295687: Better BMP bounds
-* Other changes
- - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException
- - JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider
- - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
- - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
- - JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails
- - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed
- - JDK-8029633: Raw inner class constructor ref should not perform diamond inference
- - JDK-8030121: java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java fails
- - JDK-8079267: [TEST_BUG] Test java/awt/Frame/MiscUndecorated/RepaintTest.java fails
- - JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails
- - JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
- - JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/MultiresolutionIconTest.java
- - JDK-8172269: When checking the default behaviour for a scroll tab layout and checking the 'opaque' checkbox, the area behind tabs is not red.
- - JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout
- - JDK-8193942: Regression automated test '/open/test/jdk/javax/swing/JFrame/8175301/ScaledFrameBackgroundTest.java' fails
- - JDK-8194126: Regression automated Test '/open/test/jdk/javax/swing/JColorChooser/Test7194184.java' fails
- - JDK-8198343: Test java/awt/print/PrinterJob/TestPgfmtSetMPA.java may fail w/o printer
- - JDK-8199290: [TESTBUG] sun.hotspot.WhiteBox$WhiteBoxPermission is not copied
- - JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails
- - JDK-8206125: [windows] cannot pass relative path to --with-boot-jdk
- - JDK-8210047: some pages contain content outside of landmark region
- - JDK-8211002: test/jdk/java/lang/Math/PowTests.java skips testing for non-corner-case values
- - JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch
- - JDK-8213239: Configure cannot handle command overrides with arguments
- - JDK-8215571: jdb does not include jdk.* in the default class filter
- - JDK-8217032: Check pandoc capabilities in configure
- - JDK-8222091: Javadoc does not handle package annotations correctly on package-info.java
- - JDK-8222251: preflow visitor is not visiting lambda expressions
- - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
- - JDK-8227179: Test for new gc+metaspace=info output format
- - JDK-8227651: Tests fail with SSLProtocolException: Input record too big
- - JDK-8228672: [TESTBUG] gc/metaspace/TestSizeTransitions.java fails on 32-bit platforms
- - JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs
- - JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos
- - JDK-8233565: [TESTBUG] NullModalityDialogTest.java fails on MacOS
- - JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos
- - JDK-8239708: Split basics.m4 into basic.m4 and util.m4
- - JDK-8240281: Remove failing assertion code when selecting first memory state in SuperWord::co_locate_pack
- - JDK-8242468: VS2019 build missing vcruntime140_1.dll
- - JDK-8243565: some gc tests use 'test.java.opts' and not 'test.vm.opts'
- - JDK-8243568: serviceability/logging/TestLogRotation.java uses 'test.java.opts' and not 'test.vm.opts'
- - JDK-8244010: Simplify usages of ProcessTools.createJavaProcessBuilder in our tests
- - JDK-8244557: test/jdk/javax/swing/JTabbedPane/TestBackgroundScrollPolicy.java failed
- - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
- - JDK-8249694: java/lang/StringBuffer/HugeCapacity.java and j/l/StringBuilder/HugeCapacity.java tests shouldn't be @ignore-d
- - JDK-8253877: gc/g1/TestGCLogMessages.java fails - missing "Evacuation failure" message
- - JDK-8254874: ZGC: JNIHandleBlock verification failure in stack watermark processing
- - JDK-8254976: Re-enable swing jtreg tests which were broken due to samevm mode
- - JDK-8255439: System Tray icons get corrupted when Windows scaling changes
- - JDK-8256109: Create implementation for NSAccessibilityButton protocol
- - JDK-8257679: Improved unix compatibility layer in Windows build (winenv)
- - JDK-8257722: Improve "keytool -printcert -jarfile" output
- - JDK-8258005: JDK build fails with incorrect fixpath script
- - JDK-8259485: Document need for short paths when building on Windows
- - JDK-8260272: bash configure --prefix does not work after JDK-8257679
- - JDK-8261336: IGV: enhance default filters
- - JDK-8261445: Use memory_order_relaxed for os::random().
- - JDK-8261758: [TESTBUG] gc/g1/TestGCLogMessages.java fails if ergonomics detect too small InitialHeapSize
- - JDK-8263326: Remove ReceiverTypeData check from serviceability/sa/TestPrintMdo.java
- - JDK-8263871: On sem_destroy() failing we should assert
- - JDK-8264593: debug.cpp utilities should be available in product builds.
- - JDK-8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class
- - JDK-8266082: AssertionError in Annotate.fromAnnotations with -Xdoclint
- - JDK-8266967: debug.cpp utility find() should print Java Object fields.
- - JDK-8268361: Fix the infinite loop in next_line
- - JDK-8268860: Windows-Aarch64 build is failing in GitHub actions
- - JDK-8268893: jcmd to trim the glibc heap
- - JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs
- - JDK-8269873: serviceability/sa/Clhsdb tests are using a C2 specific VMStruct field
- - JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64
- - JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints
- - JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
- - JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12
- - JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction
- - JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java
- - JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ImageTypes.java & show test UI
- - JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS
- - JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java
- - JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
- - JDK-8274597: Some of the dnd tests time out and fail intermittently
- - JDK-8275170: Some jtreg sound tests should be marked with sound keyword
- - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
- - JDK-8276841: Add support for Visual Studio 2022
- - JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points
- - JDK-8277497: Last column cell in the JTable row is read as empty cell
- - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
- - JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"
- - JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore
- - JDK-8279695: [TESTBUG] modify compiler/loopopts/TestSkeletonPredicateNegation.java to run on C1 also
- - JDK-8280158: New test from JDK-8274736 failed with/without patch in JDK11u
- - JDK-8280550: SplittableRandom#nextDouble(double,double) can return result >= bound
- - JDK-8280863: Update build README to reflect that MSYS2 is supported
- - JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
- - JDK-8280948: Write a regression test for JDK-4659800
- - JDK-8280950: RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
- - JDK-8281183: RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
- - JDK-8281296: Create a regression test for JDK-4515999
- - JDK-8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted)
- - JDK-8282046: Create a regression test for JDK-8000326
- - JDK-8282276: Problem list failing two Robot Screen Capture tests
- - JDK-8282306: os::is_first_C_frame(frame*) crashes on invalid link access
- - JDK-8282345: handle latest VS2022 in abstract_vm_version
- - JDK-8282402: Create a regression test for JDK-4666101
- - JDK-8282640: Create a test for JDK-4740761
- - JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/LoadUnloadGC2.java fails intermittently with exit code 1
- - JDK-8282730: LdapLoginModule throw NPE from logout method after login failure
- - JDK-8282777: Create a Regression test for JDK-4515031
- - JDK-8282778: Create a regression test for JDK-4699544
- - JDK-8282857: Create a regression test for JDK-4702690
- - JDK-8282936: Write a regression test for JDK-4615365
- - JDK-8282937: Write a regression test for JDK-4820080
- - JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup
- - JDK-8283422: Create a new test for JDK-8254790
- - JDK-8284294: Create an automated regression test for RFE 4138746
- - JDK-8284358: Unreachable loop is not removed from C2 IR, leading to a broken graph
- - JDK-8284521: Write an automated regression test for RFE 4371575
- - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
- - JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X
- - JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation
- - JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
- - JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java
- - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
- - JDK-8285305: Create an automated test for JDK-4495286
- - JDK-8285373: Create an automated test for JDK-4702233
- - JDK-8285604: closed sun/java2d/GdiRendering/ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)"
- - JDK-8285617: Fix java/awt/print/PrinterJob/ImagePrinting/PrintARGBImage.java manual test
- - JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox
- - JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment
- - JDK-8285836: sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server"
- - JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/AttachReturnError.java fails on Alpine
- - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
- - JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray
- - JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/DropTargetInInternalFrameTest.html times out and fails in Windows
- - JDK-8286872: Refactor add/modify notification icon (TrayIcon)
- - JDK-8287076: Document.normalizeDocument() produces different results
- - JDK-8287091: aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn
- - JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path
- - JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative
- - JDK-8287724: Fix various issues with msys2
- - JDK-8287826: javax/accessibility/4702233/AccessiblePropertiesTest.java fails to compile
- - JDK-8287895: Some langtools tests fail on msys2
- - JDK-8287896: PropertiesTest.sh fail on msys2
- - JDK-8287902: UnreadableRB case in MissingResourceCauseTest is not working reliably on Windows
- - JDK-8287917: System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier
- - JDK-8288132: Update test artifacts in QuoVadis CA interop tests
- - JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces
- - JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable
- - JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding
- - JDK-8288599: com/sun/management/OperatingSystemMXBean/TestTotalSwap.java: Expected total swap size ... but getTotalSwapSpaceSize returned ...
- - JDK-8288985: P11TlsKeyMaterialGenerator should work with ChaCha20-Poly1305
- - JDK-8289043: C2: Vector constant materialization attempt
- - JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output
- - JDK-8290207: Missing notice in dom.md
- - JDK-8290209: jcup.md missing additional text
- - JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1
- - JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure
- - JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI"
- - JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize
- - JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses
- - JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*)
- - JDK-8291461: assert(false) failed: bad AD file
- - JDK-8292083: Detected container memory limit may exceed physical machine memory
- - JDK-8292158: AES-CTR cipher state corruption with AVX-512
- - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
- - JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update
- - JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free
- - JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures
- - JDK-8292887: Bump update version for OpenJDK: jdk-11.0.18
- - JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform
- - JDK-8293044: C1: Missing access check on non-accessible class
- - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
- - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
- - JDK-8293578: Duplicate ldc generated by javac
- - JDK-8293672: Update freetype md file
- - JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent
- - JDK-8293826: Closed test fails after JDK-8276108 on aarch64
- - JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening
- - JDK-8293834: Update CLDR data following tzdata 2022c update
- - JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
- - JDK-8294138: [11u] Revert change from JDK-8210962 in basic.m4
- - JDK-8294307: ISO 4217 Amendment 173 Update
- - JDK-8294357: (tz) Update Timezone Data to 2022d
- - JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode
- - JDK-8294740: Add cgroups keyword to TestDockerBasic.java
- - JDK-8295173: (tz) Update Timezone Data to 2022e
- - JDK-8295288: Some vm_flags tests associate with a wrong BugID
- - JDK-8295322: Tests for JDK-8271459 were not backported to 11u
- - JDK-8295429: Update harfbuzz md file
- - JDK-8295469: S390X: Optimized builds are broken
- - JDK-8295554: Move the "sizecalc.h" to the correct location
- - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
- - JDK-8295714: GHA ::set-output is deprecated and will be removed
- - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
- - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
- - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
- - JDK-8296108: (tz) Update Timezone Data to 2022f
- - JDK-8296239: ISO 4217 Amendment 174 Update
- - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
- - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
- - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
- - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
- - JDK-8296652: Restore windows aarch64 fixpath patch that was removed in 8239708
- - JDK-8296715: CLDR v42 update for tzdata 2022f
- - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
- - JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used
- - JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails again
- - JDK-8297241: Update sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java
- - JDK-8297481: Create a regression test for JDK-4424517
- - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
- - JDK-8297804: (tz) Update Timezone Data to 2022g
- - JDK-8298737: 8296772 backport to jdk11u caused build error on sparc
- - JDK-8299393: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18
- - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- - JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport
-
-Notes on individual issues:
-===========================
-
-client-libs/javax.imageio:
-
-JDK-8295687: Better BMP bounds
-==============================
-Loading a linked ICC profile within a BMP image is now disabled by
-default. To re-enable it, set the new system property
-`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
-replaces the old property,
-`sun.imageio.plugins.bmp.disableLinkedProfiles`.
-
-client-libs/javax.sound:
-
-JDK-8293742: Better Banking of Sounds
-=====================================
-Previously, the SoundbankReader implementation,
-`com.sun.media.sound.JARSoundbankReader`, would download a JAR
-soundbank from a URL. This behaviour is now disabled by default. To
-re-enable it, set the new system property `jdk.sound.jarsoundbank` to
-`true`.
-
-security-libs/javax.crypto:
-
-JDK-6782021: Windows KeyStore Updated to Include Access to the Local Machine Location
-=====================================================================================
-The Windows KeyStore support in the SunMSCAPI provider has been
-expanded to include access to the local machine location. The new
-keystore types are:
-
-* "Windows-MY-LOCALMACHINE"
-* "Windows-ROOT-LOCALMACHINE"
-
-The following keystore types were also added, allowing developers to
-make it clear they map to the current user:
-
-* "Windows-MY-CURRENTUSER" (same as "Windows-MY")
-* "Windows-ROOT-CURRENTUSER" (same as "Windows-ROOT")
-
-security-libs/java.security:
-
-JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
-==========================================================================================================
-Back in OpenJDK 9, JDK-8015081 changed the Set implementation used to
-hold principals and credentials so that it rejected null
-values. Attempts to call add(null), contains(null) or remove(null)
-were changed to throw a NullPointerException.
-
-However, the logout() methods in the LoginModule implementations
-within the JDK were not updated to check for null values, which may
-occur in the event of a failed login. As a result, a logout() call may
-throw a NullPointerException.
-
-The LoginModule implementations have now been updated with such checks
-and an implementation note added to the specification to suggest that
-the same change is made in third party modules. Developers of third
-party modules are advised to verify that their logout() method does not
-throw a NullPointerException.
-
-security-libs/javax.net.ssl:
-
-JDK-8287411: Enhance DTLS performance
-=====================================
-The JDK now exchanges DTLS cookies for all handshakes, new and
-resumed. The previous behaviour can be re-enabled by setting the new
-system property `jdk.tls.enableDtlsResumeCookie` to `false`.
-
-New in release OpenJDK 11.0.17 (2022-10-18):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk11017
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html
-
-* Security fixes
- - JDK-8282252: Improve BigInteger/Decimal validation
- - JDK-8285662: Better permission resolution
- - JDK-8286077, CVE-2022-21618: Wider MultiByte conversions
- - JDK-8286511: Improve macro allocation
- - JDK-8286519: Better memory handling
- - JDK-8286526, CVE-2022-21619: Improve NTLM support
- - JDK-8286533, CVE-2022-21626: Key X509 usages
- - JDK-8286910, CVE-2022-21624: Improve JNDI lookups
- - JDK-8286918, CVE-2022-21628: Better HttpServer service
- - JDK-8287446: Enhance icon presentations
- - JDK-8288508: Enhance ECDSA usage
- - JDK-8289366, CVE-2022-39399: Improve HTTP/2 client usage
- - JDK-8289853: Update HarfBuzz to 4.4.1
- - JDK-8290334: Update FreeType to 2.12.1
- - JDK-8293429: [11u] minor update in attribute style
-* Other changes
- - JDK-6606767: resexhausted00[34] fail assert(!thread->owns_locks(), "must release all locks when leaving VM")
- - JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7
- - JDK-7131823: bug in GIFImageReader
- - JDK-8017175: [TESTBUG] javax/swing/JPopupMenu/4634626/bug4634626.java sometimes failed on mac
- - JDK-8028265: Add legacy tz tests to OpenJDK
- - JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires
- - JDK-8139348: Deprecate 3DES and RC4 in Kerberos
- - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
- - JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption
- - JDK-8169468: NoResizeEventOnDMChangeTest.java fails because FS Window didn't receive all resizes!
- - JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad"
- - JDK-8183372: Refactor java/lang/Class shell tests to java
- - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names
- - JDK-8193462: Fix Filer handling of package-info initial elements
- - JDK-8203277: preflow visitor used during lambda attribution shouldn't visit class definitions inside the lambda body
- - JDK-8208471: nsk/jdb/unwatch/unwatch002/unwatch002.java fails with "Prompt is not received during 300200 milliseconds"
- - JDK-8209052: Low contrast in docs/api/constant-values.html
- - JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode
- - JDK-8210107: vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed)
- - JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure
- - JDK-8210960: Allow --with-boot-jdk-jvmargs to work during configure
- - JDK-8212904: JTextArea line wrapping incorrect when using UI scale
- - JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in some configs
- - JDK-8214078: (fs) SecureDirectoryStream not supported on arm32
- - JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount()
- - JDK-8215291: Broken links when generating from project without modules
- - JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java timed out
- - JDK-8217332: JTREG: Clean up, use generics instead of raw types
- - JDK-8218128: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003 and 004 use wrong path to test classes
- - JDK-8218413: make reconfigure ignores configure-time AUTOCONF environment variable
- - JDK-8219074: [TESTBUG] runtime/containers/docker/TestCPUAwareness.java typo of printing parameters (period should be shares)
- - JDK-8219149: ProcessTools.ProcessBuilder should print timing info for subprocesses
- - JDK-8220744: [TESTBUG] Move RedefineTests from runtime to serviceability
- - JDK-8221871: javadoc should not set role=region on <section> elements
- - JDK-8221907: make reconfigure breaks when configured with relative paths
- - JDK-8223543: [TESTBUG] Regression test java/awt/Graphics2D/DrawString/LCDTextSrcEa.java has issues
- - JDK-8223575: add subspace transitions to gc+metaspace=info log lines
- - JDK-8225122: Test AncestorResized.java fails when Windows desktop is scaled.
- - JDK-8226976: SessionTimeOutTests uses == operator for String value check
- - JDK-8230708: Hotspot fails to build on linux-sparc with gcc-9
- - JDK-8233712: Limit default tests jobs based on ulimit -u setting
- - JDK-8235870: C2 crashes in IdealLoopTree::est_loop_flow_merge_sz()
- - JDK-8236490: Compiler bug relating to @NonNull annotation
- - JDK-8236823: Ensure that API documentation uses minified libraries
- - JDK-8238196: tests that use SA Attach should not be allowed to run against signed binaries on Mac OS X 10.14.5 and later
- - JDK-8238203: Return value of GetUserDefaultUILanguage() should be handled as LANGID
- - JDK-8238268: Many SA tests are not running on OSX because they do not attempt to use sudo when available
- - JDK-8238586: [TESTBUG] vmTestbase/jit/tiered/Test.java failed when TieredCompilation is disabled
- - JDK-8239265: JFR: Test cleanup of jdk.jfr.api.consumer package
- - JDK-8239379: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java on OSX
- - JDK-8239423: jdk/jfr/jvm/TestJFRIntrinsic.java failed with -XX:-TieredCompilation
- - JDK-8239902: [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class
- - JDK-8240903: Add test to check that jmod hashes are reproducible
- - JDK-8242188: error in jtreg test jdk/jfr/api/consumer/TestRecordedFrame.java on linux-aarch64
- - JDK-8247546: Pattern matching does not skip correctly over supplementary characters
- - JDK-8247907: XMLDsig logging does not work
- - JDK-8247964: All log0() in com/sun/org/slf4j/internal/Logger.java should be private
- - JDK-8249623: test @ignore-d due to 7013634 should be returned back to execution
- - JDK-8251152: ARM32: jtreg c2 Test8202414 test crash
- - JDK-8251551: Use .md filename extension for README
- - JDK-8252145: Unify Info.plist files with correct version strings
- - JDK-8253829: Wrong length compared in SSPI bridge
- - JDK-8253916: ResourceExhausted/resexhausted001 crashes on Linux-x64
- - JDK-8254178: Remove .hgignore
- - JDK-8254318: Remove .hgtags
- - JDK-8255724: [XRender] the BlitRotateClippedArea test fails on Linux in the XR pipeline
- - JDK-8255729: com.sun.tools.javac.processing.JavacFiler.FilerOutputStream is inefficient
- - JDK-8257623: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted001/TestDescription.java shouldn't use timeout
- - JDK-8258946: Fix optimization-unstable code involving signed integer overflow
- - JDK-8261160: Add a deserialization JFR event
- - JDK-8262085: Hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux
- - JDK-8264400: (fs) WindowsFileStore equality depends on how the FileStore was constructed
- - JDK-8264792: The NumberFormat for locale sq_XK formats price incorrectly.
- - JDK-8265020: tests must be updated for new TestNG module name
- - JDK-8265100: (fs) WindowsFileStore.hashCode() should read cached hash code once
- - JDK-8265531: doc/building.md should mention homebrew install freetype
- - JDK-8266250: WebSocketTest and WebSocketProxyTest call assertEquals(List<byte[]>, List<byte[]>)
- - JDK-8266254: Update to use jtreg 6
- - JDK-8266460: java.io tests fail on null stream with upgraded jtreg/TestNG
- - JDK-8266461: tools/jmod/hashes/HashesTest.java fails: static @Test methods
- - JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups
- - JDK-8266675: Optimize IntHashTable for encapsulation and ease of use
- - JDK-8266774: System property values for stdout/err on Windows UTF-8
- - JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java
- - JDK-8267180: Typo in copyright header for HashesTest
- - JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation
- - JDK-8267880: Upgrade the default PKCS12 MAC algorithm
- - JDK-8268185: Update GitHub Actions for jtreg 6
- - JDK-8269039: Disable SHA-1 Signed JARs
- - JDK-8269517: compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges
- - JDK-8270090: C2: LCM may prioritize CheckCastPP nodes over projections
- - JDK-8270312: Error: Not a test or directory containing tests: java/awt/print/PrinterJob/XparColor.java
- - JDK-8271010: vmTestbase/gc/lock/malloc/malloclock04/TestDescription.java crashes intermittently
- - JDK-8271078: jdk/incubator/vector/Float128VectorTests.java failed a subtest
- - JDK-8271512: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java due to 8270326
- - JDK-8272352: Java launcher can not parse Chinese character when system locale is set to UTF-8
- - JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
- - JDK-8273526: Extend the OSContainer API pids controller with pids.current
- - JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
- - JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false]
- - JDK-8274687: JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend
- - JDK-8275008: gtest build failure due to stringop-overflow warning with gcc11
- - JDK-8275689: [TESTBUG] Use color tolerance only for XRender in BlitRotateClippedArea test
- - JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
- - JDK-8277893: Arraycopy stress tests
- - JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
- - JDK-8278344: sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output
- - JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"
- - JDK-8279032: compiler/loopopts/TestSkeletonPredicateNegation.java times out with -XX:TieredStopAtLevel < 4
- - JDK-8279385: [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java after 8278344
- - JDK-8279622: C2: miscompilation of map pattern as a vector reduction
- - JDK-8280913: Create a regression test for JRootPane.setDefaultButton() method
- - JDK-8281181: Do not use CPU Shares to compute active processor count
- - JDK-8281535: Create a regression test for JDK-4670051
- - JDK-8281569: Create tests for Frame.setMinimumSize() method
- - JDK-8281628: KeyAgreement : generateSecret intermittently not resetting
- - JDK-8281738: Create a regression test for checking the 'Space' key activation of focused Button
- - JDK-8281745: Create a regression test for JDK-4514331
- - JDK-8281988: Create a regression test for JDK-4618767
- - JDK-8282214: Upgrade JQuery to version 3.6.0
- - JDK-8282234: Create a regression test for JDK-4532513
- - JDK-8282280: Update Xerces to Version 2.12.2
- - JDK-8282343: Create a regression test for JDK-4518432
- - JDK-8282538: PKCS11 tests fail on CentOS Stream 9
- - JDK-8282548: Create a regression test for JDK-4330998
- - JDK-8282555: Missing memory edge when spilling MoveF2I, MoveD2L etc
- - JDK-8282789: Create a regression test for the JTree usecase of JDK-4618767
- - JDK-8282860: Write a regression test for JDK-4164779
- - JDK-8282933: Create a test for JDK-4529616
- - JDK-8282947: JFR: Dump on shutdown live-locks in some conditions
- - JDK-8283015: Create a test for JDK-4715496
- - JDK-8283017: GHA: Workflows break with update release versions
- - JDK-8283087: Create a test or JDK-4715503
- - JDK-8283245: Create a test for JDK-4670319
- - JDK-8283277: ISO 4217 Amendment 171 Update
- - JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
- - JDK-8283493: Create an automated regression test for RFE 4231298
- - JDK-8283507: Create a regression test for RFE 4287690
- - JDK-8283621: Write a regression test for CCC4400728
- - JDK-8283623: Create an automated regression test for JDK-4525475
- - JDK-8283624: Create an automated regression test for RFE-4390885
- - JDK-8283712: Create a manual test framework class
- - JDK-8283803: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintGlyphVectorTest.java and fix test
- - JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee
- - JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode
- - JDK-8284077: Create an automated test for JDK-4170173
- - JDK-8284367: JQuery UI upgrade from 1.12.1 to 1.13.1
- - JDK-8284535: Fix PrintLatinCJKTest.java test that is failing with Parse Exception
- - JDK-8284680: sun.font.FontConfigManager.getFontConfig() leaks charset
- - JDK-8284694: Avoid evaluating SSLAlgorithmConstraints twice
- - JDK-8284754: print more interesting env variables in hs_err and VM.info
- - JDK-8284758: [linux] improve print_container_info
- - JDK-8284882: SIGSEGV in Node::verify_edges due to compilation bailout
- - JDK-8284898: Enhance PassFailJFrame
- - JDK-8284944: assert(cnt++ < 40) failed: infinite cycle in loop optimization
- - JDK-8284950: CgroupV1 detection code should consider memory.swappiness
- - JDK-8284956: Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment
- - JDK-8285081: Improve XPath operators count accuracy
- - JDK-8285097: Duplicate XML keys in XPATHErrorResources.java and XSLTErrorResources.java
- - JDK-8285380: Fix typos in security
- - JDK-8285398: Cache the results of constraint checks
- - JDK-8285693: Create an automated test for JDK-4702199
- - JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
- - JDK-8285728: Alpine Linux build fails with busybox tar
- - JDK-8285820: C2: LCM prioritizes locally dependent CreateEx nodes over projections after 8270090
- - JDK-8286114: [test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java
- - JDK-8286177: C2: "failed: non-reduction loop contains reduction nodes" assert failure
- - JDK-8286211: Update PCSC-Lite for Suse Linux to 1.9.5
- - JDK-8286314: Trampoline not created for far runtime targets outside small CodeCache
- - JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled
- - JDK-8287017: Bump update version for OpenJDK: jdk-11.0.17
- - JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
- - JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
- - JDK-8287202: GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event
- - JDK-8287223: C1: Inlining attempt through MH::invokeBasic() with null receiver
- - JDK-8287336: GHA: Workflows break on patch versions
- - JDK-8287366: Improve test failure reporting in GHA
- - JDK-8287432: C2: assert(tn->in(0) != __null) failed: must have live top node
- - JDK-8287463: JFR: Disable TestDevNull.java on Windows
- - JDK-8287663: Add a regression test for JDK-8287073
- - JDK-8287672: jtreg test com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails intermittently in nightly run
- - JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
- - JDK-8288360: CI: ciInstanceKlass::implementor() is not consistent for well-known classes
- - JDK-8288467: remove memory_operand assert for spilled instructions
- - JDK-8288754: GCC 12 fails to build zReferenceProcessor.cpp
- - JDK-8288763: Pack200 extraction failure with invalid size
- - JDK-8288781: C1: LIR_OpVisitState::maxNumberOfOperands too small
- - JDK-8288865: [aarch64] LDR instructions must use legitimized addresses
- - JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041)
- - JDK-8289471: Issue in Initialization of keys in ErrorMsg.java and XPATHErrorResources.java
- - JDK-8289477: Memory corruption with CPU_ALLOC, CPU_FREE on muslc
- - JDK-8289486: Improve XSLT XPath operators count efficiency
- - JDK-8289549: ISO 4217 Amendment 172 Update
- - JDK-8289569: [test] java/lang/ProcessBuilder/Basic.java fails on Alpine/musl
- - JDK-8289799: Build warning in methodData.cpp memset zero-length parameter
- - JDK-8289856: [PPC64] SIGSEGV in C2Compiler::init_c2_runtime() after JDK-8289060
- - JDK-8290000: Bump macOS GitHub actions to macOS 11
- - JDK-8290004: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
- - JDK-8290198: Shenandoah: a few Shenandoah tests failure after JDK-8214799 11u backport
- - JDK-8290246: test fails "assert(init != __null) failed: initialization not found"
- - JDK-8290813: jdk/nashorn/api/scripting/test/ScriptObjectMirrorTest.java fails: assertEquals is ambiguous
- - JDK-8290886: [11u]: Backport of JDK-8266250 introduced test failures
- - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
- - JDK-8291713: assert(!phase->exceeding_node_budget()) failed: sanity after JDK-8223389
- - JDK-8291794: [11u] Corrections after backport of JDK-8212028
- - JDK-8292579: (tz) Update Timezone Data to 2022c
- - JDK-8292852: [11u] TestMemoryWithCgroupV1 fails after JDK-8292768
- - JDK-8295057: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.17
-
-Notes on individual issues:
-===========================
-
-core-libs/java.net:
-
-JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
-===========================================================================
-Two system properties have been added which control the keep alive
-behavior of HttpURLConnection in the case where the server does not
-specify a keep alive time. Two properties are defined for controlling
-connections to servers and proxies separately. They are:
-
-* `http.keepAlive.time.server`
-* `http.keepAlive.time.proxy`
-
-respectively. More information about them can be found on the
-Networking Properties page:
-https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html.
-
-JDK-8286918: Better HttpServer service
-======================================
-The HttpServer can be optionally configured with a maximum connection
-limit by setting the jdk.httpserver.maxConnections system property. A
-value of 0 or a negative integer is ignored and considered to
-represent no connection limit. In the case of a positive integer
-value, any newly accepted connections will be first checked against
-the current count of established connections and, if the configured
-limit has been reached, then the newly accepted connection will be
-closed immediately.
-
-hotspot/runtime:
-
-JDK-8281181: CPU Shares Ignored When Computing Active Processor Count
-=====================================================================
-Previous JDK releases used an incorrect interpretation of the Linux
-cgroups parameter "cpu.shares". This might cause the JVM to use fewer
-CPUs than available, leading to an under utilization of CPU resources
-when the JVM is used inside a container.
-
-Starting from this JDK release, by default, the JVM no longer
-considers "cpu.shares" when deciding the number of threads to be used
-by the various thread pools. The `-XX:+UseContainerCpuShares`
-command-line option can be used to revert to the previous
-behavior. This option is deprecated and may be removed in a future JDK
-release.
-
-security-libs/java.security:
-
-JDK-8269039: Disabled SHA-1 Signed JARs
-=======================================
-JARs signed with SHA-1 algorithms are now restricted by default and
-treated as if they were unsigned. This applies to the algorithms used
-to digest, sign, and optionally timestamp the JAR. It also applies to
-the signature and digest algorithms of the certificates in the
-certificate chain of the code signer and the Timestamp Authority, and
-any CRLs or OCSP responses that are used to verify if those
-certificates have been revoked. These restrictions also apply to
-signed JCE providers.
-
-To reduce the compatibility risk for JARs that have been previously
-timestamped, there is one exception to this policy:
-
-- Any JAR signed with SHA-1 algorithms and timestamped prior to
- January 01, 2019 will not be restricted.
-
-This exception may be removed in a future JDK release. To determine if
-your signed JARs are affected by this change, run:
-
-$ jarsigner -verify -verbose -certs`
-
-on the signed JAR, and look for instances of "SHA1" or "SHA-1" and
-"disabled" and a warning that the JAR will be treated as unsigned in
-the output.
-
-For example:
-
- Signed by "CN="Signer""
- Digest algorithm: SHA-1 (disabled)
- Signature algorithm: SHA1withRSA (disabled), 2048-bit key
-
- WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
-
- jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
-
-JARs affected by these new restrictions should be replaced or
-re-signed with stronger algorithms.
-
-Users can, *at their own risk*, remove these restrictions by modifying
-the `java.security` configuration file (or override it by using the
-`java.security.properties` system property) and removing "SHA1 usage
-SignedJAR & denyAfter 2019-01-01" from the
-`jdk.certpath.disabledAlgorithms` security property and "SHA1
-denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security
-property.
-
-JDK-8267880: Upgrade the default PKCS12 MAC algorithm
-=====================================================
-
-The default MAC algorithm used in a PKCS #12 keystore has been
-updated. The new algorithm is based on SHA-256 and is stronger than
-the old one based on SHA-1. See the security properties starting with
-`keystore.pkcs12` in the `java.security` file for detailed
-information.
-
-The new SHA-256 based MAC algorithms were introduced in the 11.0.12
-release. Keystores created using this newer, stronger, MAC algorithm
-cannot be opened in versions of OpenJDK 11 earlier than 11.0.12. A
-'java.security.NoSuchAlgorithmException' exception will be thrown in
-such circumstances.
-
-For compatibility, use the `keystore.pkcs12.legacy` system property,
-which will revert the algorithms to use the older, weaker
-algorithms. There is no value defined for this property.
-
-core-libs/java.io:serialization:
-
-JDK-8261160: JDK Flight Recorder Event for Deserialization
-==========================================================
-It is now possible to monitor deserialization of objects using JDK
-Flight Recorder (JFR). When JFR is enabled and the JFR configuration
-includes deserialization events, JFR will emit an event whenever the
-running program attempts to deserialize an object. The deserialization
-event is named `jdk.Deserialization`, and it is disabled by
-default. The deserialization event contains information that is used
-by the serialization filter mechanism; see the ObjectInputFilter API
-specification for details.
-
-Additionally, if a filter is enabled, the JFR event indicates whether
-the filter accepted or rejected deserialization of the object. For
-further information about how to use the JFR deserialization event,
-see the article "Monitoring Deserialization to Improve Application
-Security"
-(https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/).
-
-For reference information about using and configuring JFR, see the
-"JFR Runtime Guide"
-(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165)
-and "JFR Command Reference"
-(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0)
-sections of the JDK Mission Control documentation.
-
-security-libs/org.ietf.jgss:krb5:
-
-JDK-8139348: Deprecate 3DES and RC4 in Kerberos
-===============================================
-The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
-are now deprecated and disabled by default. Users can set
-`allow_weak_crypto = true` in the `krb5.conf` configuration file to
-re-enable them (along with other weak etypes including `des-cbc-crc`
-and `des-cbc-md5`) at their own risk. To disable a subset of the weak
-etypes, users can list preferred etypes explicitly in any of the
-`default_tkt_enctypes`, `default_tgs_enctypes`, or
-`permitted_enctypes` settings.
-
-New in release OpenJDK 11.0.16.1 (2022-08-12):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk110161
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.1.txt
-
-* Other changes
- - JDK-8292255: Bump update version for OpenJDK: jdk-11.0.16.1
- - JDK-8292260: [BACKOUT] JDK-8279219: [REDO] C2 crash when allocating array of size too large
-
-Notes on individual issues:
-===========================
-
-hotspot/compiler:
-
-JDK-8292396: C2 Compilation Errors Unpredictably Crashes JVM
-============================================================
-Fixes a regression in the C2 JIT compiler which caused the Java
-Runtime to crash unpredictably.
-
-New in release OpenJDK 11.0.16 (2022-07-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11016
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt
-
-* Security fixes
- - JDK-8277608: Address IP Addressing
- - JDK-8272243: Improve DER parsing
- - JDK-8272249: Better properties of loaded Properties
- - JDK-8281859, CVE-2022-21540: Improve class compilation
- - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations
- - JDK-8283190: Improve MIDI processing
- - JDK-8284370: Improve zlib usage
- - JDK-8285407, CVE-2022-34169: Improve Xalan supports
-* Other changes
- - JDK-6986863: ProfileDeferralMgr throwing ConcurrentModificationException
- - JDK-7124293: [macosx] VoiceOver reads percentages rather than the actual values for sliders.
- - JDK-7124301: [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements.
- - JDK-8133713: [macosx] Accessible JTables always reported as empty
- - JDK-8139046: Compiler Control: IGVPrintLevel directive should set PrintIdealGraph
- - JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn
- - JDK-8163498: Many long-running security libs tests
- - JDK-8166727: javac crashed: [jimage.dll+0x1942] ImageStrings::find+0x28
- - JDK-8169004: Fix redundant @requires tags in tests
- - JDK-8181571: printing to CUPS fails on mac sandbox app
- - JDK-8182404: remove jdk.testlibrary.JDKToolFinder and JDKToolLauncher
- - JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests
- - JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with java.net.ConnectException
- - JDK-8193682: Infinite loop in ZipOutputStream.close()
- - JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java fails with "expected 0 to equal 10"
- - JDK-8202886: [macos] Test java/awt/MenuBar/8007006/bug8007006.java fails on MacOS
- - JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java
- - JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld test
- - JDK-8206187: javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java fails with Port already in use
- - JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java
- - JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003 fails to start
- - JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after co-location
- - JDK-8208246: flags duplications in vmTestbase_vm_g1classunloading tests
- - JDK-8208249: TriggerUnloadingByFillingMetaspace generates garbage class names
- - JDK-8208697: vmTestbase/metaspace/stressHierarchy/stressHierarchy012/TestDescription.java fails with OutOfMemoryError: Metaspace
- - JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a different test
- - JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test
- - JDK-8209883: ZGC: Compile without C1 broken
- - JDK-8209920: runtime/logging/RedefineClasses.java fail with OOME with ZGC
- - JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread and XRun
- - JDK-8210039: move OSInfo to top level testlibrary
- - JDK-8210108: sun/tools/jstatd test build failures after JDK-8210022
- - JDK-8210112: remove jdk.testlibrary.ProcessTools
- - JDK-8210649: AssertionError @ jdk.compiler/com.sun.tools.javac.comp.Modules.enter(Modules.java:244)
- - JDK-8210732: remove jdk.testlibrary.Utils
- - JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader after JDK-6788458
- - JDK-8211822: Some tests fail after JDK-8210039
- - JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound
- - JDK-8212151: jdi/ExclusiveBind.java times out due to "bind failed: Address already in use" on Solaris-X64
- - JDK-8213440: Lingering INCLUDE_ALL_GCS in test_oopStorage_parperf.cpp
- - JDK-8214275: CondyRepeatFailedResolution asserts "Dynamic constant has no fixed basic type"
- - JDK-8214799: Add package declaration to each JTREG test case in the gc folder
- - JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges to enable MacOS tests on Mach5
- - JDK-8216137: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
- - JDK-8216265: [testbug] Introduce Platform.sharedLibraryPathVariableName() and adapt all tests.
- - JDK-8216366: Add rationale to PER_CPU_SHARES define
- - JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265
- - JDK-8217233: Update build settings for AIX/xlc
- - JDK-8217340: Compilation failed: tools/launcher/Test7029048.java
- - JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP docker containers
- - JDK-8218136: minor hotspot adjustments for xlclang++ from xlc16 on AIX
- - JDK-8218751: Do not store original classfiles inside the CDS archive
- - JDK-8218965: aix: support xlclang++ in the compiler detection
- - JDK-8220658: Improve the readability of container information in the error log
- - JDK-8220813: update hotspot tier1_gc tests depending on GC to use @requires vm.gc.X
- - JDK-8222799: java.beans.Introspector uses an obsolete methods cache
- - JDK-8222926: Shenandoah build fails with --with-jvm-features=-compiler1
- - JDK-8223143: Restructure/clean-up for 'loopexit_or_null()'.
- - JDK-8223363: Bad node estimate assertion failure
- - JDK-8223389: Shenandoah optimizations fail with assert(!phase->exceeding_node_budget())
- - JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp
- - JDK-8223502: Node estimate for loop unswitching is not correct: assert(delta <= 2 * required) failed: Bad node estimate
- - JDK-8224648: assert(!exceeding_node_budget()) failed: Too many NODES required! failure with ctw
- - JDK-8225475: Node budget asserts on x86_32/64
- - JDK-8227171: provide function names in native stack trace on aix with xlc16
- - JDK-8227389: Remove unsupported xlc16 compile options on aix
- - JDK-8229202: Docker reporting causes secondary crashes in error handling
- - JDK-8229210: [TESTBUG] Move gc stress tests from JFR directory tree to gc/stress
- - JDK-8229486: Replace wildcard address with loopback or local host in tests - part 21
- - JDK-8229499: Node budget assert in fuzzed test
- - JDK-8230305: Cgroups v2: Container awareness
- - JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target
- - JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
- - JDK-8231454: File lock in Windows on a loaded jar due to a leak in Introspector::getBeanInfo
- - JDK-8231489: GC watermark_0_1 failed due to "metaspace.gc.Fault: GC has happened too rare"
- - JDK-8231565: More node budget asserts in fuzzed tests
- - JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS
- - JDK-8234382: Test tools/javac/processing/model/testgetallmembers/Main.java using too small heap
- - JDK-8234605: C2 failed "assert(C->live_nodes() - live_at_begin <= 2 * _nodes_required) failed: Bad node estimate: actual = 208 >> request = 101"
- - JDK-8234608: [TESTBUG] Fix G1 redefineClasses tests and a memory leak
- - JDK-8235220: ClhsdbScanOops.java fails with sun.jvm.hotspot.types.WrongTypeException
- - JDK-8235385: Crash on aarch64 JDK due to long offset
- - JDK-8237479: 8230305 causes slowdebug build failure
- - JDK-8239559: Cgroups: Incorrect detection logic on some systems
- - JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
- - JDK-8240132: ProblemList com/sun/jdi/InvokeHangTest.java
- - JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
- - JDK-8240335: C2: assert(found_sfpt) failed: no node in loop that's not input to safepoint
- - JDK-8240734: ModuleHashes attribute not reproducible between builds
- - JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
- - JDK-8241707: introduce randomness k/w to hotspot test suite
- - JDK-8242310: use reproducible random in hotspot compiler tests
- - JDK-8242311: use reproducible random in hotspot runtime tests
- - JDK-8242312: use reproducible random in hotspot gc tests
- - JDK-8242313: use reproducible random in hotspot svc tests
- - JDK-8242538: java/security/SecureRandom/ThreadSafe.java failed on windows
- - JDK-8243429: use reproducible random in :vmTestbase_nsk_stress
- - JDK-8243666: ModuleHashes attribute generated for JMOD and JAR files depends on timestamps
- - JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
- - JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a test
- - JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
- - JDK-8245938: Remove unused print_stack(void) method from XToolkit.c
- - JDK-8246494: introduce vm.flagless at-requires property
- - JDK-8246741: NetworkInterface/UniqueMacAddressesTest: mac address uniqueness test failed
- - JDK-8247589: Implementation of Alpine Linux/x64 Port
- - JDK-8247591: Document Alpine Linux build steps in OpenJDK build guide
- - JDK-8247592: refactor test/jdk/tools/launcher/Test7029048.java
- - JDK-8247614: java/nio/channels/DatagramChannel/Connect.java timed out
- - JDK-8248876: LoadObject with bad base address created for exec file on linux
- - JDK-8249592: Robot.mouseMove moves cursor to incorrect location when display scale varies and Java runs in DPI Unaware mode
- - JDK-8252117: com/sun/jdi/BadHandshakeTest.java failed with "ConnectException: Connection refused: connect"
- - JDK-8252248: __SIGRTMAX is not declared in musl libc
- - JDK-8252250: isnanf is obsolete
- - JDK-8252359: HotSpot Not Identifying it is Running in a Container
- - JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
- - JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
- - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
- - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
- - JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
- - JDK-8253872: ArgumentHandler must use the same delimiters as in jvmti_tools.cpp
- - JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
- - JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
- - JDK-8254887: C2: assert(cl->trip_count() > 0) failed: peeling a fully unrolled loop
- - JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
- - JDK-8255266: Update Public Suffix List to 3c213aa
- - JDK-8255604: java/nio/channels/DatagramChannel/Connect.java fails with java.net.BindException: Cannot assign requested address: connect
- - JDK-8255787: Tag container tests that use cGroups with cgroups keyword
- - JDK-8256146: Cleanup test/jdk/java/nio/channels/DatagramChannel/Connect.java
- - JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version
- - JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
- - JDK-8258795: Update IANA Language Subtag Registry to Version 2021-05-11
- - JDK-8258956: Memory Leak in StringCoding on ThreadLocal resultCached StringCoding.Result
- - JDK-8259517: Incorrect test path in test cases
- - JDK-8260518: Change default -mmacosx-version-min to 10.12
- - JDK-8261169: Upgrade HarfBuzz to the latest 2.8.0
- - JDK-8262379: Add regression test for JDK-8257746
- - JDK-8263364: sun/net/www/http/KeepAliveStream/KeepAliveStreamCloseWithWrongContentLength.java wedged in getInputStream
- - JDK-8263718: unused-result warning happens at os_linux.cpp
- - JDK-8263856: Github Actions for macos/aarch64 cross-build
- - JDK-8264179: [TESTBUG] Some compiler tests fail when running without C2
- - JDK-8265261: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
- - JDK-8265297: javax/net/ssl/SSLSession/TestEnabledProtocols.java failed with "RuntimeException: java.net.SocketException: Connection reset"
- - JDK-8265343: Update Debian-based cross-compilation recipes
- - JDK-8266251: compiler.inlining.InlineAccessors shouldn't do testing in driver VM
- - JDK-8266318: Switch to macos prefix for macOS bundles
- - JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
- - JDK-8266545: 8261169 broke Harfbuzz build with gcc 7 and 8
- - JDK-8268773: Improvements related to: Failed to start thread - pthread_create failed (EAGAIN)
- - JDK-8269772: [macos-aarch64] test compilation failed with "SocketException: No buffer space available"
- - JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support
- - JDK-8270797: ShortECDSA.java test is not complete
- - JDK-8271055: Crash during deoptimization with "assert(bb->is_reachable()) failed: getting result from unreachable basicblock" with -XX:+VerifyStack
- - JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
- - JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
- - JDK-8272358: Some tests may fail when executed with other locales than the US
- - JDK-8272493: Suboptimal code generation around Preconditions.checkIndex intrinsic with AVX2
- - JDK-8272908: Missing coverage for certain classes in com.sun.org.apache.xml.internal.security
- - JDK-8272964: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
- - JDK-8273176: handle latest VS2019 in abstract_vm_version
- - JDK-8273655: content-types.properties files are missing some common types
- - JDK-8274171: java/nio/file/Files/probeContentType/Basic.java failed on "Content type" mismatches
- - JDK-8274233: Minor cleanup for ToolBox
- - JDK-8274735: javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image
- - JDK-8274751: Drag And Drop hangs on Windows
- - JDK-8275082: Update XML Security for Java to 2.3.0
- - JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions
- - JDK-8275337: C1: assert(false) failed: live_in set of first block must be empty
- - JDK-8276657: XSLT compiler tries to define a class with empty name
- - JDK-8276990: Memory leak in invoker.c fillInvokeRequest() during JDI operations
- - JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive
- - JDK-8277093: Vector should throw ClassNotFoundException for a missing class of an element
- - JDK-8277396: [TESTBUG] In DefaultButtonModelCrashTest.java, frame is accessed from main thread
- - JDK-8277422: tools/jar/JarEntryTime.java fails with modified time mismatch
- - JDK-8277922: Unable to click JCheckBox in JTable through Java Access Bridge
- - JDK-8278065: Refactor subclassAudits to use ClassValue
- - JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils.parseIdFromSameDocumentURI throws StringIndexOutOfBoundsException when calling substring method
- - JDK-8278346: java/nio/file/Files/probeContentType/Basic.java fails on Linux SLES15 machine
- - JDK-8278472: Invalid value set to CANDIDATEFORM structure
- - JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
- - JDK-8278851: Correct signer logic for jars signed with multiple digestalgs
- - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
- - JDK-8279219: [REDO] C2 crash when allocating array of size too large
- - JDK-8279356: Method linking fails with guarantee(mh->adapter() != NULL) failed: Adapter blob must already exist!
- - JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT
- - JDK-8279520: SPNEGO has not passed channel binding info into the underlying mechanism
- - JDK-8279529: ProblemList java/nio/channels/DatagramChannel/ManySourcesAndTargets.java on macosx-aarch64
- - JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
- - JDK-8279668: x86: AVX2 versions of vpxor should be asserted
- - JDK-8279837: C2: assert(is_Loop()) failed: invalid node class: Region
- - JDK-8279842: HTTPS Channel Binding support for Java GSS/Kerberos
- - JDK-8279958: Provide configure hints for Alpine/apk package managers
- - JDK-8280041: Retry loop issues in java.io.ClassCache
- - JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
- - JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest clang
- - JDK-8280684: JfrRecorderService failes with guarantee(num_written > 0) when no space left on device.
- - JDK-8280799: С2: assert(false) failed: cyclic dependency prevents range check elimination
- - JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD CPUs
- - JDK-8280964: [Linux aarch64] : drawImage dithers TYPE_BYTE_INDEXED images incorrectly
- - JDK-8281274: deal with ActiveProcessorCount in os::Linux::print_container_info
- - JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths
- - JDK-8281615: Deadlock caused by jdwp agent
- - JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after JDK-8280799
- - JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder
- - JDK-8282172: CompileBroker::log_metaspace_failure is called from non-Java/compiler threads
- - JDK-8282225: GHA: Allow one concurrent run per PR only
- - JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
- - JDK-8282293: Domain value for system property jdk.https.negotiate.cbt should be case-insensitive
- - JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic on x86
- - JDK-8282382: Report glibc malloc tunables in error reports
- - JDK-8282422: JTable.print() failed with UnsupportedCharsetException on AIX ko_KR locale
- - JDK-8282501: Bump update version for OpenJDK: jdk-11.0.16
- - JDK-8282583: Update BCEL md to include the copyright notice
- - JDK-8282588: [11] set harfbuzz compilation flag to -std=c++11
- - JDK-8282589: runtime/ErrorHandling/ErrorHandler.java fails on MacOS aarch64 in jdk 11
- - JDK-8282887: Potential memory leak in sun.util.locale.provider.HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
- - JDK-8283018: 11u GHA: Update GCC 9 minor versions
- - JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in fontpath.c
- - JDK-8283323: libharfbuzz optimization level results in extreme build times
- - JDK-8283350: (tz) Update Timezone Data to 2022a
- - JDK-8283408: Fix a C2 crash when filling arrays with unsafe
- - JDK-8283420: [AOT] Exclude TrackedFlagTest/NotTrackedFlagTest in 11u because of intermittent java.lang.AssertionError: duplicate classes for name Ljava/lang/Boolean;
- - JDK-8283424: compiler/loopopts/LoopUnswitchingBadNodeBudget.java fails with release VMs due to lack of -XX:+UnlockDiagnosticVMOptions
- - JDK-8283451: C2: assert(_base == Long) failed: Not a Long
- - JDK-8283469: Don't use memset to initialize members in FileMapInfo and fix memory leak
- - JDK-8283497: [windows] print TMP and TEMP in hs_err and VM.info
- - JDK-8283614: [11] Repair compiler versions handling after 8233787
- - JDK-8283641: Large value for CompileThresholdScaling causes assert
- - JDK-8283834: Unmappable character for US-ASCII encoding in TestPredicateInputBelowLoopPredicate
- - JDK-8284033: Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
- - JDK-8284094: Memory leak in invoker_completeInvokeRequest()
- - JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
- - JDK-8284369: TestFailedAllocationBadGraph fails with -XX:TieredStopAtLevel < 4
- - JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer
- - JDK-8284458: CodeHeapState::aggregate() leaks blob_name
- - JDK-8284507: GHA: Only check test results if testing was not skipped
- - JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
- - JDK-8284573: [11u] ProblemList TestBubbleUpRef.java and TestGCOldWithCMS.java because of 8272195
- - JDK-8284604: [11u] Update Boot JDK used in GHA to 11.0.14.1
- - JDK-8284620: CodeBuffer may leak _overflow_arena
- - JDK-8284622: Update versions of some Github Actions used in JDK workflow
- - JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
- - JDK-8285395: [JVMCI] [11u] Partial backport of JDK-8220623: InstalledCode
- - JDK-8285397: JNI exception pending in CUPSfuncs.c:250
- - JDK-8285445: cannot open file "NUL:"
- - JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
- - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java
- - JDK-8285591: [11] add signum checks in DSA.java engineVerify
- - JDK-8285686: Update FreeType to 2.12.0
- - JDK-8285720: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails to compile after backport of 8273655
- - JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with version from head
- - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head
- - JDK-8285828: runtime/execstack/TestCheckJDK.java fails with zipped debug symbols
- - JDK-8286013: Incorrect test configurations for compiler/stable/TestStableShort.java
- - JDK-8286198: [linux] Fix process-memory information
- - JDK-8286293: Tests ShortResponseBody and ShortResponseBodyWithRetry should use less resources
- - JDK-8286444: javac errors after JDK-8251329 are not helpful enough to find root cause
- - JDK-8286594: (zipfs) Mention paths with dot elements in ZipException and cleanups
- - JDK-8286630: [11] avoid -std=c++11 CXX harfbuzz buildflag on Windows
- - JDK-8286855: javac error on invalid jar should only print filename
- - JDK-8287109: Distrust.java failed with CertificateExpiredException
- - JDK-8287119: Add Distrust.java to ProblemList
- - JDK-8287362: FieldAccessWatch testcase failed on AIX platform
- - JDK-8287378: GHA: Update cygwin to fix issues in langtools tests on Windows
- - JDK-8287739: [11u] ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
-
-Notes on individual issues:
-===========================
-
-core-libs/java.io:serialization:
-
-JDK-8277157: Vector should throw ClassNotFoundException for a missing class of an element
-=========================================================================================
-`java.util.Vector` is updated to correctly report
-`ClassNotFoundException that occurs during deserialization using
-`java.io.ObjectInputStream.GetField.get(name, object)` when the class
-of an element of the Vector is not found. Without this fix, a
-`StreamCorruptedException` is thrown that does not provide information
-about the missing class.
-
-core-libs/java.net:
-
-JDK-8285240: HTTPS Channel Binding support for Java GSS/Kerberos
-================================================================
-Support has been added for TLS channel binding tokens for
-Negotiate/Kerberos authentication over HTTPS through
-javax.net.HttpsURLConnection.
-
-Channel binding tokens are increasingly required as an enhanced form
-of security which can mitigate certain kinds of socially engineered,
-man in the middle (MITM) attacks. They work by communicating from a
-client to a server the client's understanding of the binding between
-connection security (as represented by a TLS server cert) and higher
-level authentication credentials (such as a username and
-password). The server can then detect if the client has been fooled by
-a MITM and shutdown the session/connection.
-
-The feature is controlled through a new system property
-`jdk.https.negotiate.cbt` which is described fully at the following
-page:
-
-https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt
-
-core-libs/java.lang:
-
-JDK-8283137: Incorrect handling of quoted arguments in ProcessBuilder
-=====================================================================
-ProcessBuilder on Windows is restored to address a regression caused
-by JDK-8250568. Previously, an argument to ProcessBuilder that
-started with a double-quote and ended with a backslash followed by a
-double-quote was passed to a command incorrectly and may cause the
-command to fail. For example the argument `"C:\\Program Files\"`,
-would be seen by the command with extra double-quotes. This update
-restores the long standing behavior that does not treat the backslash
-before the final double-quote specially.
-
-core-libs/java.util.jar:
-
-JDK-8278386: Default JDK compressor will be closed when IOException is encountered
-==================================================================================
-`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods
-have been modified to close out the associated default JDK compressor
-before propagating a Throwable up the
-stack. `ZIPOutputStream.closeEntry()` method has been modified to
-close out the associated default JDK compressor before propagating an
-IOException, not of type ZipException, up the stack.
-
-core-libs/java.io:
-
-JDK-8285660: New System Property to Disable Windows Alternate Data Stream Support in java.io.File
-=================================================================================================
-The Windows implementation of `java.io.File` allows access to NTFS
-Alternate Data Streams (ADS) by default. Such streams have a structure
-like “filename:streamname”. A system property `jdk.io.File.enableADS`
-has been added to control this behavior. To disable ADS support in
-`java.io.File`, the system property `jdk.io.File.enableADS` should be
-set to `false` (case ignored). Stricter path checking however prevents
-the use of special devices such as `NUL:`
-
-New in release OpenJDK 11.0.15 (2022-04-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11015
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.15.txt
-
-* New features
- - JDK-8253795: Implementation of JEP 391: macOS/AArch64 Port
-* Security fixes
- - JDK-8269938: Enhance XML processing passes redux
- - JDK-8270504, CVE-2022-21426: Better XPath expression handling
- - JDK-8272255: Completely handle MIDI files
- - JDK-8272261: Improve JFR recording file processing
- - JDK-8272594: Better record of recordings
- - JDK-8274221: More definite BER encodings
- - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0
- - JDK-8275151, CVE-2022-21443: Improved Object Identification
- - JDK-8277227: Better identification of OIDs
- - JDK-8277672, CVE-2022-21434: Better invocation handler handling
- - JDK-8278356: Improve file creation
- - JDK-8278449: Improve keychain support
- - JDK-8278798: Improve supported intrinsic
- - JDK-8278805: Enhance BMP image loading
- - JDK-8278972, CVE-2022-21496: Improve URL supports
- - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
-* Other changes
- - JDK-8065704: Set LC_ALL=C for all relevant commands in the build system
- - JDK-8177814: jdk/editpad is not in jdk TEST.groups
- - JDK-8186780: clang fastdebug assertion failure in os_linux_x86:os::verify_stack_alignment()
- - JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java and NonGregorianFormatTest fail intermittently
- - JDK-8193277: SimpleFileObject inconsistency between getName and getShortName
- - JDK-8199079: Test javax/swing/UIDefaults/6302464/bug6302464.java is unstable
- - JDK-8202142: jfr/event/io/TestInstrumentation is unstable
- - JDK-8207011: Remove uses of the register storage class specifier
- - JDK-8207793: [TESTBUG] runtime/Metaspace/FragmentMetaspace.java fails: heap needs to be increased
- - JDK-8208074: [TESTBUG] vmTestbase/nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption/TestDescription.java failed with NullPointerException
- - JDK-8210194: [TESTBUG] jvmti_FollowRefObjects.cpp missing initializer for member _jvmtiHeapCallbacks::heap_reference_callback
- - JDK-8210236: Prepare ciReceiverTypeData::translate_receiver_data_from for concurrent class unloading
- - JDK-8211170: AArch64: Warnings in C1 and template interpreter
- - JDK-8211333: AArch64: Fix another build failure after JDK-8211029
- - JDK-8214004: Missing space between compiler thread name and task info in hs_err
- - JDK-8214026: Canonicalized archive paths appearing in diagnostics
- - JDK-8214761: Bug in parallel Kahan summation implementation
- - JDK-8216969: ParseException thrown for certain months with russian locale
- - JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient
- - JDK-8220634: SymLinkArchiveTest should handle not being able to create symlinks
- - JDK-8222825: ARM32 SIGILL issue on single core CPU (not supported PLDW instruction)
- - JDK-8223142: Clean-up WS and CB.
- - JDK-8225559: assertion error at TransTypes.visitApply
- - JDK-8232533: G1 uses only a single thread for pretouching the java heap
- - JDK-8233827: Enable screenshots in the enhanced failure handler on Linux/macOS
- - JDK-8233986: ProblemList javax/swing/plaf/basic/BasicTextUI/8001470/bug8001470.java for windows-x64
- - JDK-8234930: Use MAP_JIT when allocating pages for code cache on macOS
- - JDK-8236210: javac generates wrong annotation for fields generated from record components
- - JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful
- - JDK-8237787: rewrite vmTestbase/vm/compiler/CodeCacheInfo* from shell to java
- - JDK-8237798: rewrite vmTestbase/jit/tiered from shell to java
- - JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/6318524/bug6318524.java never fails
- - JDK-8240904: Screen flashes on test failures when running tests from make
- - JDK-8241004: NMT tests fail on unaligned thread size with debug build
- - JDK-8241423: NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default
- - JDK-8247272: SA ELF file support has never worked for 64-bit causing address to symbol name mapping to fail
- - JDK-8247515: OSX pc_to_symbol() lookup does not work with core files
- - JDK-8249019: clean up FileInstaller $test.src $cwd in vmTestbase_vm_compiler tests
- - JDK-8250750: JDK-8247515 fix for OSX pc_to_symbol() lookup fails with some symbols
- - JDK-8251126: nsk.share.GoldChecker should read golden file from ${test.src}
- - JDK-8251127: clean up FileInstaller $test.src $cwd in remaining vmTestbase_vm_compiler tests
- - JDK-8251132: make main classes public in vmTestbase/jit tests
- - JDK-8251558: J2DBench should support shaped and translucent windows
- - JDK-8251998: remove usage of PropertyResolvingWrapper in vmTestbase/jit/t
- - JDK-8252005: narrow disabling of allowSmartActionArgs in vmTestbase
- - JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/TestDescription.java fails with "ERROR: DebuggeeSleepingThread: ThreadDeath lost"
- - JDK-8253816: Support macOS W^X
- - JDK-8253817: Support macOS Aarch64 ABI in Interpreter
- - JDK-8253818: Support macOS Aarch64 ABI for compiled wrappers
- - JDK-8253819: Implement os/cpu for macOS/AArch64
- - JDK-8253839: Update tests and JDK code for macOS/Aarch64
- - JDK-8254072: AArch64: Get rid of --disable-warnings-as-errors on Windows+ARM64 build
- - JDK-8254085: javax/swing/text/Caret/TestCaretPositionJTextPane.java failed with "RuntimeException: Wrong caret position"
- - JDK-8254827: JVMCI: Enable it for Windows+AArch64
- - JDK-8254940: AArch64: Cleanup non-product thread members
- - JDK-8254941: Implement Serviceability Agent for macOS/AArch64
- - JDK-8255035: Update BCEL to Version 6.5.0
- - JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale
- - JDK-8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider
- - JDK-8255776: Change build system for macOS/AArch64
- - JDK-8256154: Some TestNG tests require default constructors
- - JDK-8256321: Some "inactive" color profiles use the wrong profile class
- - JDK-8256373: [Windows/HiDPI] The Frame#setBounds does not work in a minimized state
- - JDK-8257467: [TESTBUG] -Wdeprecated-declarations is reported at sigset() in exesigtest.c
- - JDK-8257769: Cipher.getParameters() throws NPE for ChaCha20-Poly1305
- - JDK-8258554: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F
- - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream)
- - JDK-8261205: AssertionError: Cannot add metadata to an intersection type
- - JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt"
- - JDK-8262894: [macos_aarch64] SIGBUS in Assembler::ld_st2
- - JDK-8262896: [macos_aarch64] Crash in jni_fast_GetLongField
- - JDK-8262903: [macos_aarch64] Thread::current() called on detached thread
- - JDK-8263185: Mallinfo deprecated in glibc 2.33
- - JDK-8264650: Cross-compilation to macos/aarch64
- - JDK-8265150: AsyncGetCallTrace crashes on ResourceMark
- - JDK-8266168: -Wmaybe-uninitialized happens in check_code.c
- - JDK-8266170: -Wnonnull happens in classLoaderData.inline.hpp
- - JDK-8266171: -Warray-bounds happens in imageioJPEG.c
- - JDK-8266172: -Wstringop-overflow happens in vmError.cpp
- - JDK-8266173: -Wmaybe-uninitialized happens in jni_util.c
- - JDK-8266174: -Wmisleading-indentation happens in libmlib_image sources
- - JDK-8266176: -Wmaybe-uninitialized happens in libArrayIndexOutOfBoundsExceptionTest.c
- - JDK-8266187: Memory leak in appendBootClassPath()
- - JDK-8266421: Deadlock in Sound System
- - JDK-8266889: [macosx-aarch64] Crash with SIGBUS in MarkActivationClosure::do_code_blob during vmTestbase/nsk/jvmti/.../bi04t002 test run
- - JDK-8268014: Build failure on SUSE Linux Enterprise Server 11.4 (s390x) due to 'SYS_get_mempolicy' was not declared
- - JDK-8268542: serviceability/logging/TestFullNames.java tests only 1st test case
- - JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc
- - JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor
- - JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty
- - JDK-8272345: macos doesn't check `os::set_boot_path()` result
- - JDK-8272473: Parsing epoch seconds at a DST transition with a non-UTC parser is wrong
- - JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
- - JDK-8273277: C2: Move conditional negation into rc_predicate
- - JDK-8273341: Update Siphash to version 1.0
- - JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/bug6302464.java fails on macOS12
- - JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict tests
- - JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests
- - JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java failure
- - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated
- - JDK-8273634: [TEST_BUG] Improve javax/swing/text/ParagraphView/6364882/bug6364882.java
- - JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F
- - JDK-8273682: Upgrade Jline to 3.20.0
- - JDK-8273704: DrawStringWithInfiniteXform.java failed : drawString with InfiniteXform transform takes long time
- - JDK-8273933: [TESTBUG] Test must run without preallocated exceptions
- - JDK-8274265: Suspicious string concatenation in logTestUtils.inline.hpp
- - JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed "assert(m != __null) failed: NULL mirror"
- - JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/bug6364882.java failures
- - JDK-8274523: java/lang/management/MemoryMXBean/MemoryTest.java test should handle Shenandoah
- - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
- - JDK-8274658: ISO 4217 Amendment 170 Update
- - JDK-8274714: Incorrect verifier protected access error message
- - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
- - JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler
- - JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected
- - JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime
- - JDK-8275610: C2: Object field load floats above its null check resulting in a segfault
- - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
- - JDK-8275703: System.loadLibrary fails on Big Sur for libraries hidden from filesystem
- - JDK-8275811: Incorrect instance to dispose
- - JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle rounding correctly
- - JDK-8276141: XPathFactory set/getProperty method
- - JDK-8276177: nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here"
- - JDK-8276314: [JVMCI] check alignment of call displacement during code installation
- - JDK-8276623: JDK-8275650 accidentally pushed "out" file
- - JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows
- - JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for
- - JDK-8277385: Zero: Enable CompactStrings support
- - JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last
- - JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop
- - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- - JDK-8277795: ldap connection timeout not honoured under contention
- - JDK-8277796: Bump update version for OpenJDK: jdk-11.0.15
- - JDK-8277992: Add fast jdk_svc subtests to jdk:tier3
- - JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx
- - JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx
- - JDK-8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux
- - JDK-8278309: [windows] use of uninitialized OSThread::_state
- - JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
- - JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT
- - JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134
- - JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob
- - JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0
- - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
- - JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers
- - JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest
- - JDK-8279379: GHA: Print tests that are in error
- - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition
- - JDK-8279702: [macosx] ignore xcodebuild warnings on M1
- - JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16
- - JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks
- - JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id"
- - JDK-8280155: [PPC64, s390] frame size checks are not yet correct
- - JDK-8280414: Memory leak in DefaultProxySelector
- - JDK-8280526: x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1}
- - JDK-8280786: Build failure on Solaris after 8262392
- - JDK-8280999: array_bounds should be array-bounds after 8278507
- - JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames
- - JDK-8281520: JFR: A wrong parameter is passed to the constructor of LeakKlassWriter
- - JDK-8281599: test/lib/jdk/test/lib/KnownOIDs.java is redundant since JDK-8268801
- - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
- - JDK-8282372: [11] build issue on MacOS/aarch64 12.2.1 using Xcode 13.1: call to 'log2_intptr' is ambiguous
- - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
- - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
- - JDK-8283018: 11u GHA: Update GCC 9 minor versions
- - JDK-8283270: [11u] broken JRT_ENTRY_NO_ASYNC after Backport of JDK-8253795
- - JDK-8283778: 11u GHA: Fix GCC 9 ubuntu package names
- - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
- - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
-
-Notes on individual issues:
-===========================
-
-security-libs/javax.crypto:pkcs11:
-
-JDK-8275737: SunPKCS11 Provider Supports ChaCha20-Poly1305 Cipher and ChaCha20 KeyGenerator if Supported by PKCS11 Library
-==========================================================================================================================
-SunPKCS11 provider is enhanced to support the following crypto
-services and algorithms when the underlying PKCS11 library supports
-the corresponding PKCS#11 mechanisms:
-
-* ChaCha20 KeyGenerator <=> CKM_CHACHA20_KEY_GEN mechanism
-* ChaCha20-Poly1305 Cipher <=> CKM_CHACHA20_POLY1305 mechanism
-* ChaCha20-Poly1305 AlgorithmParameters <=> CKM_CHACHA20_POLY1305 mechanism
-* ChaCha20 SecretKeyFactory <=> CKM_CHACHA20_POLY1305 mechanism
-
-New in release OpenJDK 11.0.14.1 (2022-02-08):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk110141
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.1.txt
-
-* Other changes
- - JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient
- - JDK-8280786: Build failure on Solaris after 8262392
- - JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1
-
-New in release OpenJDK 11.0.14 (2022-01-18):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11014
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.txt
-
-* New features
- - JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
-* Security fixes
- - JDK-8217375: jarsigner breaks old signature with long lines in manifest
- - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
- - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
- - JDK-8268488: More valuable DerValues
- - JDK-8268494: Better inlining of inlined interfaces
- - JDK-8268512: More content for ContentInfo
- - JDK-8268795: Enhance digests of Jar files
- - JDK-8268801: Improve PKCS attribute handling
- - JDK-8268813, CVE-2022-21283: Better String matching
- - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
- - JDK-8269944: Better HTTP transport redux
- - JDK-8270386, CVE-2022-21291: Better verification of scan methods
- - JDK-8270392, CVE-2022-21293: Improve String constructions
- - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
- - JDK-8270492, CVE-2022-21282: Better resolution of URIs
- - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
- - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
- - JDK-8270952, CVE-2022-21277: Improve TIFF file handling
- - JDK-8271962: Better TrueType font loading
- - JDK-8271968: Better canonical naming
- - JDK-8271987: Manifest improved manifest entries
- - JDK-8272014, CVE-2022-21305: Better array indexing
- - JDK-8272026, CVE-2022-21340: Verify Jar Verification
- - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
- - JDK-8272272: Enhance jcmd communication
- - JDK-8272462: Enhance image handling
- - JDK-8273290: Enhance sound handling
- - JDK-8273756, CVE-2022-21360: Enhance BMP image support
- - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
- - JDK-8274096, CVE-2022-21366: Improve decoding of image files
- - JDK-8279541: Improve HarfBuzz
-* Other changes
- - JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.html fails
- - JDK-7105119: [TEST_BUG] [macosx] In test UIDefaults.toString() must be called with the invokeLater()
- - JDK-7151826: [TEST_BUG] [macosx] The test javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
- - JDK-7179006: [macosx] Print-to-file doesn't work: printing to the default printer instead
- - JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/bug4726194.java fails on MacOSX
- - JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong number of thread end events
- - JDK-8039261: [TEST_BUG]: There is not a minimal security level in Java Preferences and the TestApplet.html is blocked.
- - JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/AltTabCrashTest.java fails with exception
- - JDK-8075909: [TEST_BUG] The regression-swing case failed as it does not have the 'Open' button when select 'subdir' folder with NimbusLAF
- - JDK-8078219: Verify lack of @test tag in files in java/net test directory
- - JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails with "RuntimeException: Process terminated prematurely"
- - JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java timed out intermittently
- - JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails intermittently
- - JDK-8131745: java/lang/management/ThreadMXBean/AllThreadIds.java still fails intermittently
- - JDK-8136517: [macosx]Test java/awt/Focus/8073453/AWTFocusTransitionTest.java fails on MacOSX
- - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
- - JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/Test6541987.java fails
- - JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/bug4760494.java leaves key pressed
- - JDK-8159904: [TEST_BUG] Failure on solaris of java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
- - JDK-8163086: java/awt/Window/TranslucentJAppletTest/TranslucentJAppletTest.java fails
- - JDK-8165828: [TEST_BUG] The reg case:javax/swing/plaf/metal/MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look and Feel
- - JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not fired! on Windows
- - JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException: Default button is not pressed
- - JDK-8169959: javax/swing/JTable/6263446/bug6263446.java: Table should be editing
- - JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/7156657/bug7156657.java fails on OS X
- - JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails on Windows
- - JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java fails intermittently
- - JDK-8179880: Refactor javax/security shell tests to plain java tests
- - JDK-8180568: Refactor javax/crypto shell tests to plain java tests
- - JDK-8180569: Refactor sun/security/krb5/ shell tests to plain java tests
- - JDK-8180571: Refactor sun/security/pkcs11 shell tests to plain java tests and fix failures
- - JDK-8180573: Refactor sun/security/tools shell tests to plain java tests
- - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
- - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream
- - JDK-8195703: BasicJDWPConnectionTest.java: 'App exited unexpectedly with 2'
- - JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java fails
- - JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java fails
- - JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/NoEventsTest.java fails on Windows
- - JDK-8197811: Test java/awt/Choice/PopupPosTest/PopupPosTest.java fails on Windows
- - JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java fails on mac
- - JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java fails on mac
- - JDK-8198619: java/awt/Focus/FocusTraversalPolicy/ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java fails on mac
- - JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java fails on mac
- - JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/SubMenuShowTest/SubMenuShowTest.html fails on mac
- - JDK-8199138: Add RISC-V support to Zero
- - JDK-8199529: javax/swing/text/Utilities/8142966/SwingFontMetricsTest.java fails on windows
- - JDK-8201224: Make string buffer size dynamic in mlvmJvmtiUtils.c
- - JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/FollowReferences/followref003/TestDescription.java fails with "Location mismatch" errors
- - JDK-8204161: [TESTBUG] auto failed with the "Applet thread threw exception: java.lang.UnsupportedOperationException" exception
- - JDK-8206085: Refactor langtools/tools/javac/versions/Versions.java
- - JDK-8207936: TestZipFile failed with java.lang.AssertionError exception
- - JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
- - JDK-8209611: use C++ compiler for hotspot tests
- - JDK-8210182: Remove macros for C compilation from vmTestBase but non jvmti
- - JDK-8210198: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[A-F] tests
- - JDK-8210205: build fails on AIX in hotspot cpp tests (for example getstacktr001.cpp)
- - JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION on windows-x86
- - JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java back to tier1
- - JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[A-N] tests
- - JDK-8210392: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
- - JDK-8210395: Add doc to SecurityTools.java
- - JDK-8210429: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[G-Z] tests
- - JDK-8210481: Remove #ifdef cplusplus from vmTestbase
- - JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[N-R] tests
- - JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[R-U] tests
- - JDK-8210689: Remove the multi-line old C style for string literals
- - JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti/unit tests
- - JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
- - JDK-8210920: Native C++ tests are not using CXXFLAGS
- - JDK-8210984: [TESTBUG] hs203t003 fails with "# ERROR: hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti, thread)"
- - JDK-8211036: Remove the NSK_STUB macros from vmTestbase for non jvmti
- - JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[G-I]*
- - JDK-8211148: var in implicit lambdas shouldn't be accepted for source < 11
- - JDK-8211171: move JarUtils to top-level testlibrary
- - JDK-8211227: Inconsistent TLS protocol version in debug output
- - JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[A-G]*
- - JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
- - JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[I-S]*
- - JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[A-E]
- - JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[E-M]
- - JDK-8211905: Remove multiple casts for EM06 file
- - JDK-8211999: Window positioning bugs due to overlapping GraphicsDevice bounds (Windows/HiDPI)
- - JDK-8212082: Remove the NSK_CPP_STUB macros for remaining vmTestbase/jvmti/[sS]*
- - JDK-8212083: Handle remaining gc/lock native code and fix two strings
- - JDK-8212148: Remove remaining NSK_CPP_STUBs
- - JDK-8213110: Remove the use of applets in automatic tests
- - JDK-8213189: Make restricted headers in HTTP Client configurable and remove Date by default
- - JDK-8213263: fix legal headers in test/langtools
- - JDK-8213296: Fix legal headers in test/jdk/java/net
- - JDK-8213301: Fix legal headers in jdk logging tests
- - JDK-8213305: Fix legal headers in test/java/math
- - JDK-8213306: Fix legal headers in test/java/nio
- - JDK-8213328: Update test copyrights in test/java/util/zip and test/jdk/tools
- - JDK-8213330: Fix legal headers in i18n tests
- - JDK-8213707: [TEST] vmTestbase/nsk/stress/except/except011.java failed due to wrong class name
- - JDK-8214469: [macos] PIT: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails
- - JDK-8215410: Regression test for JDK-8214994
- - JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
- - JDK-8215624: Add parallel heap iteration for jmap –histo
- - JDK-8215889: assert(!_unloading) failed: This oop is not available to unloading class loader data with ZGC
- - JDK-8216318: The usage of Disposer in the java.awt.Robot can be deleted
- - JDK-8216417: cleanup of IPv6 scope-id handling
- - JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java failed with UnsupportedOperation exception
- - JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX
- - JDK-8217633: Configurable extensions with system properties
- - JDK-8217882: java/net/httpclient/MaxStreams.java failed once
- - JDK-8217903: java/net/httpclient/Response204.java fails with 404
- - JDK-8218483: Crash in "assert(_daemon_threads_count->get_value() > daemon_count) failed: thread count mismatch 5 : 5"
- - JDK-8219986: Change to Xcode 10.1 for building on Macosx at Oracle
- - JDK-8220575: Correctly format test URI's that contain a retrieved IPv6 address
- - JDK-8221259: New tests for java.net.Socket to exercise long standing behavior
- - JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails on MacOS + Solaris
- - JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/FocusTraversal.java fails on ubuntu
- - JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
- - JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed()) failed: Must invalidate if TypeFuncs differ
- - JDK-8223137: Rename predicate 'do_unroll_only()' to 'is_unroll_only()'.
- - JDK-8223138: Small clean-up in loop-tree support.
- - JDK-8223139: Rename mandatory policy-do routines.
- - JDK-8223140: Clean-up in 'ok_to_convert()'
- - JDK-8223141: Change (count) suffix _ct into _cnt.
- - JDK-8223400: Replace some enums with static const members in hotspot/runtime
- - JDK-8223658: Performance regression of XML.validation in 13-b19
- - JDK-8223923: C2: Missing interference with mismatched unsafe accesses
- - JDK-8224829: AsyncSSLSocketClose.java has timing issue
- - JDK-8225083: Remove Google certificate that is expiring in December 2021
- - JDK-8226514: Replace wildcard address with loopback or local host in tests - part 17
- - JDK-8226943: compile error in libfollowref003.cpp with XCode 10.2 on macosx
- - JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed due to "SSLException: An established connection was aborted by the software in your host machine"
- - JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java fails on Windows7
- - JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently positions text
- - JDK-8230019: [REDO] compiler/types/correctness/* tests fail with "assert(recv == __null || recv->is_klass()) failed: wrong type"
- - JDK-8230067: Add optional automatic retry when running jtreg tests
- - JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests may fail on some platforms
- - JDK-8231501: VM crash in MethodData::clean_extra_data(CleanExtraDataClosure*): fatal error: unexpected tag 99
- - JDK-8233403: Improve verbosity of some httpclient tests
- - JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
- - JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on MacOS
- - JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on MacOS
- - JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
- - JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
- - JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on macos
- - JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java is failing on macos
- - JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails on macos
- - JDK-8233562: [TESTBUG] Swing StyledEditorKit test bug4506788.java fails on MacOS
- - JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing
- - JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on MacoS
- - JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos
- - JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java fails on macos
- - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
- - JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails on macos
- - JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java fails on macos
- - JDK-8233637: [TESTBUG] Swing ActionListenerCalledTwiceTest.java fails on macos
- - JDK-8233638: [TESTBUG] Swing test ScreenMenuBarInputTwice.java fails on macos
- - JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails on macos
- - JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java fails on macos
- - JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on macos
- - JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is failing on macos
- - JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is failing on macos
- - JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture Recognition in all the platforms
- - JDK-8234823: java/net/Socket/Timeouts.java testcase testTimedConnect2() fails on Windows 10
- - JDK-8235784: java/lang/invoke/VarHandles/VarHandleTestByteArrayAsInt.java fails due to timeout with fastdebug bits
- - JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -Xcomp -XX:TieredStopAtLevel=1
- - JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60), cond_wait
- - JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT, when using proxy tunnel
- - JDK-8237354: Add option to jcmd to write a gzipped heap dump
- - JDK-8237589: Fix copyright header formatting
- - JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version
- - JDK-8239334: Tab Size does not work correctly in JTextArea with setLineWrap on
- - JDK-8239422: [TESTBUG] compiler/c1/TestPrintIRDuringConstruction.java failed when C1 is disabled
- - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
- - JDK-8240256: Better resource cleaning for SunPKCS11 Provider
- - JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test Server
- - JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/bug8020708.java fails in mach5 ubuntu system
- - JDK-8242793: Incorrect copyright header in ContinuousCallSiteTargetChange.java
- - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
- - JDK-8244292: Headful clients failing with --illegal-access=deny
- - JDK-8245147: Refactor and improve utility of test/langtools/tools/javac/versions/Versions.java
- - JDK-8245165: Update bug id for javax/swing/text/StyledEditorKit/4506788/bug4506788.java in ProblemList
- - JDK-8245665: Test WeakAlg.java should only make sure no warning for weak signature algorithms by keytool on root CA
- - JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails after 8241072 (multi-homed systems)
- - JDK-8246807: Incorrect copyright header in TimeZoneDatePermissionCheck.sh
- - JDK-8247403: JShell: No custom input (e.g. from GUI) possible with JavaShellToolBuilder
- - JDK-8247510: typo in IllegalHandshakeMessage
- - JDK-8248187: [TESTBUG] javax/swing/plaf/basic/BasicGraphicsUtils/8132119/bug8132119.java fails with String is not properly drawn
- - JDK-8248341: ProblemList java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java
- - JDK-8248500: AArch64: Remove the r18 dependency on Windows AArch64
- - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
- - JDK-8249195: Change to Xcode 11.3.1 for building on Macos at Oracle
- - JDK-8250521: Configure initial RTO to use minimal retry for loopback connections on Windows
- - JDK-8250810: Push missing parts of JDK-8248817
- - JDK-8250839: Improve test template SSLEngineTemplate with SSLContextTemplate
- - JDK-8250863: Build error with GCC 10 in NetworkInterface.c and k_standard.c
- - JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/gf08t001/TestDriver.java fails
- - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
- - JDK-8251377: [macos11] JTabbedPane selected tab text is barely legible
- - JDK-8251570: JDK-8215624 causes assert(worker_id < _n_workers) failed: Invalid worker_id
- - JDK-8251930: AArch64: Native types mismatch in hotspot
- - JDK-8252049: Native memory leak in ciMethodData ctor
- - JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x friendly
- - JDK-8252114: Windows-AArch64: Enable and test ZGC and ShenandoahGC
- - JDK-8253015: Aarch64: Move linux code out from generic CPU feature detection
- - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
- - JDK-8253497: Core Libs Terminology Refresh
- - JDK-8253682: The AppletInitialFocusTest1.java is unstable
- - JDK-8253763: ParallelObjectIterator should have virtual destructor
- - JDK-8253866: Security Libs Terminology Refresh
- - JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in "try throwing in GET_BODY"
- - JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java intermittently failing with TestServer: start exception: java.io.IOException: Invalid preface
- - JDK-8255264: Support for identifying the full range of IPv4 localhost addresses on Windows
- - JDK-8255716: AArch64: Regression: JVM crashes if manually offline a core
- - JDK-8255722: Create a new test for rotated blit
- - JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad
- - JDK-8256066: Tests use deprecated TestNG API that is no longer available in new versions
- - JDK-8256152: tests fail because of ambiguous method resolution
- - JDK-8256182: Update qemu-debootstrap cross-compilation recipe
- - JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/FullscreenWindowProps.java failed
- - JDK-8256202: Some tweaks for jarsigner tests PosixPermissionsTest and SymLinkTest
- - JDK-8256372: [macos] Unexpected symbol was displayed on JTextField with Monospaced font
- - JDK-8256956: RegisterImpl::max_slots_per_register is incorrect on AMD64
- - JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with InvalidPathException on windows
- - JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
- - JDK-8259237: Demo selection changes with left/right arrow key. No need to press space for selection.
- - JDK-8260571: Add PrintMetaspaceStatistics to print metaspace statistics upon VM exit
- - JDK-8260690: JConsole User Guide Link from the Help menu is not accessible by keyboard
- - JDK-8261036: Reduce classes loaded by CleanerFactory initialization
- - JDK-8261071: AArch64: Refactor interpreter native wrappers
- - JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch implementation
- - JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled
- - JDK-8261297: NMT: Final report should use scale 1
- - JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java fails because Reserved memory size is too big
- - JDK-8261916: gtest/GTestWrapper.java vmErrorTest.unimplemented1_vm_assert failed
- - JDK-8262438: sun/security/ssl/SSLLogger/LoggingFormatConsistency.java failed with "SocketException: Socket is closed"
- - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- - JDK-8262844: (fs) FileStore.supportsFileAttributeView might return false negative in case of ext3
- - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
- - JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
- - JDK-8263303: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
- - JDK-8263362: Avoid division by 0 in java/awt/font/TextJustifier.java justify
- - JDK-8263773: Reenable German localization for builds at Oracle
- - JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java failed with "java.lang.RuntimeException: Wrong method"
- - JDK-8264526: javax/swing/text/html/parser/Parser/8078268/bug8078268.java timeout
- - JDK-8264824: java/net/Inet6Address/B6206527.java doesn't close ServerSocket properly
- - JDK-8265019: Update tests for additional TestNG test permissions
- - JDK-8265173: [test] divert spurious log output away from stream under test in ProcessBuilder Basic test
- - JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
- - JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java
- - JDK-8266579: Update test/jdk/java/lang/ProcessHandle/PermissionTest.java & test/jdk/java/sql/testng/util/TestPolicy.java
- - JDK-8266949: Check possibility to disable OperationTimedOut on Unix
- - JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg tests on many-core machines
- - JDK-8267256: Extend minimal retry for loopback connections on Windows to PlainSocketImpl
- - JDK-8267304: Bump global JTReg memory limit to 768m
- - JDK-8267652: c2 loop unrolling by 8 results in reading memory past array
- - JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected
- - JDK-8268093: Manual Testcase: "sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE
- - JDK-8268555: Update HttpClient tests that use ITestContext to jtreg 6+1
- - JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can be in outer loop or out of both loops only
- - JDK-8269034: AccessControlException for SunPKCS11 daemon threads
- - JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to accessClassAndFindClass
- - JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
- - JDK-8269656: The test test/langtools/tools/javac/versions/Versions.java has duplicate test cycles
- - JDK-8269768: JFR Terminology Refresh
- - JDK-8269951: [macos] Focus not painted in JButton when setBorderPainted(false) is invoked
- - JDK-8269984: [macos] JTabbedPane title looks like disabled
- - JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags
- - JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to run in all LaFs, including Aqua on macOS
- - JDK-8270216: [macOS] Update named used for Java run loop mode
- - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
- - JDK-8270290: NTLM authentication fails if HEAD request is used
- - JDK-8270317: Large Allocation in CipherSuite
- - JDK-8270344: Session resumption errors
- - JDK-8270517: Add Zero support for LoongArch
- - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
- - JDK-8270886: Crash in PhaseIdealLoop::verify_strip_mined_scheduling
- - JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with "lists don't have the same size expected"
- - JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
- - JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java
- - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
- - JDK-8271490: [ppc] [s390]: Crash in JavaThread::pd_get_top_frame_for_profiling
- - JDK-8271560: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java still fails due to "An established connection was aborted by the software in your host machine"
- - JDK-8271567: AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions
- - JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
- - JDK-8272181: Windows-AArch64:Backport fix of `Backtracing broken on PAC enabled systems`
- - JDK-8272316: Wrong Boot JDK help message in 11
- - JDK-8272318: Improve performance of HeapDumpAllTest
- - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
- - JDK-8272570: C2: crash in PhaseCFG::global_code_motion
- - JDK-8272574: C2: assert(false) failed: Bad graph detected in build_loop_late
- - JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182
- - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
- - JDK-8272720: Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit
- - JDK-8272783: Epsilon: Refactor tests to improve performance
- - JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed
- - JDK-8272828: Add correct licenses to jszip.md
- - JDK-8272836: Limit run time for java/lang/invoke/LFCaching tests
- - JDK-8272850: Drop zapping values in the Zap* option descriptions
- - JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
- - JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test groups
- - JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java fails by timeout
- - JDK-8273026: Slow LoginContext.login() on multi threading application
- - JDK-8273229: Update OS detection code to recognize Windows Server 2022
- - JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on Windows 32bit
- - JDK-8273308: PatternMatchTest.java fails on CI
- - JDK-8273314: Add tier4 test groups
- - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- - JDK-8273358: macOS Monterey does not have the font Times needed by Serif
- - JDK-8273373: Zero: Cannot invoke JVM in primordial threads on Zero
- - JDK-8273498: compiler/c2/Test7179138_1.java timed out
- - JDK-8273541: Cleaner Thread creates with normal priority instead of MAX_PRIORITY - 2
- - JDK-8273547: [11u] [JVMCI] Partial module-info.java backport of JDK-8223332
- - JDK-8273606: Zero: SPARC64 build fails with si_band type mismatch
- - JDK-8273646: Add openssl from path variable also in to Default System Openssl Path in OpensslArtifactFetcher
- - JDK-8273671: Backport of 8260616 misses one JNF header inclusion removal
- - JDK-8273790: Potential cyclic dependencies between Gregorian and CalendarSystem
- - JDK-8273795: Zero SPARC64 debug builds fail due to missing interpreter fields
- - JDK-8273826: Correct Manifest file name and NPE checks
- - JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral
- - JDK-8273924: ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add()
- - JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file path contains '+' character
- - JDK-8273968: JCK javax_xml tests fail in CI
- - JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
- - JDK-8274083: Update testing docs to mention tiered testing
- - JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork is deprecated
- - JDK-8274326: [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m
- - JDK-8274329: Fix non-portable HotSpot code in MethodMatcher::parse_method_pattern
- - JDK-8274381: missing CAccessibility definitions in JNI code
- - JDK-8274407: (tz) Update Timezone Data to 2021c
- - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
- - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- - JDK-8274522: java/lang/management/ManagementFactory/MXBeanException.java test fails with Shenandoah
- - JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with NoSuchElementException after JDK-8271287
- - JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently fails on weak memory model platform
- - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
- - JDK-8274840: Update OS detection code to recognize Windows 11
- - JDK-8274860: gcc 10.2.1 produces an uninitialized warning in sharedRuntimeTrig.cpp
- - JDK-8275051: Shenandoah: Correct ordering of requested gc cause and gc request flag
- - JDK-8275131: Exceptions after a touchpad gesture on macOS
- - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
- - JDK-8275766: (tz) Update Timezone Data to 2021e
- - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
- - JDK-8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance
- - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
- - JDK-8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32
- - JDK-8276201: Shenandoah: Race results degenerated GC to enter wrong entry point
- - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
- - JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
- - JDK-8276774: Cookie stored in CookieHandler not sent if user headers contain cookie
- - JDK-8276854: Windows GHA builds fail due to broken Cygwin
- - JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify output array sizes
- - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
- - JDK-8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint
- - JDK-8277815: Fix mistakes in legal header backports
-
-Notes on individual issues:
-===========================
-
-core-svc/tools:
-
-JDK-8250554: New Option Added to jcmd for Writing a gzipped Heap Dump
-=====================================================================
-A new integer option `gz` has been added to the `GC.heap_dump`
-diagnostic command. If it is specified, it will enable the gzip
-compression of the written heap dump. The supplied value is the
-compression level. It can range from 1 (fastest) to 9 (slowest, but
-best compression). The recommended level is 1.
-
-security-libs/javax.net.ssl:
-
-JDK-8260310: Configurable Extensions With System Properties
-===========================================================
-Two new system properties have been added. The system property,
-`jdk.tls.client.disableExtensions`, is used to disable TLS extensions
-used in the client. The system property,
-`jdk.tls.server.disableExtensions`, is used to disable TLS extensions
-used in the server. If an extension is disabled, it will be neither
-produced nor processed in the handshake messages.
-
-The property string is a list of comma separated standard TLS
-extension names, as registered in the IANA documentation (for example,
-server_name, status_request, and signature_algorithms_cert). Note that
-the extension names are case sensitive. Unknown, unsupported,
-misspelled and duplicated TLS extension name tokens will be ignored.
-
-Please note that the impact of blocking TLS extensions is
-complicated. For example, a TLS connection may not be able to be
-established if a mandatory extension is disabled. Please do not
-disable mandatory extensions, and do not use this feature unless you
-clearly understand the impact.
-
-security-libs/javax.crypto:pkcs11:
-
-JDK-8272907: New SunPKCS11 Configuration Properties
-===================================================
-The SunPKCS11 provider gains new provider configuration attributes to
-better control native resources usage. The SunPKCS11 provider consumes
-native resources in order to work with native PKCS11 libraries. To
-manage and better control the native resources, additional
-configuration attributes are added to control the frequency of
-clearing native references as well as whether to destroy the
-underlying PKCS11 Token after logout.
-
-The 3 new attributes for the SunPKCS11 provider configuration file
-are:
-
-1) `destroyTokenAfterLogout` (boolean, defaults to false)
-
-If set to true, when `java.security.AuthProvider.logout()` is called
-upon the SunPKCS11 provider instance, the underlying Token object will
-be destroyed and resources will be freed. This essentially renders the
-SunPKCS11 provider instance unusable after `logout()` calls. Note that
-a PKCS11 provider with this attribute set to `true` should not be
-added to the system provider list since the provider object is not
-usable after a `logout()` method call.
-
-2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds)
-
-This defines the frequency for clearing native references during busy
-periods (such as, how often should the cleaner thread processes the
-no-longer-needed native references in the queue to free up native
-memory). Note that the cleaner thread will switch to the
-'longInterval' frequency after 200 failed tries (such as, when no
-references are found in the queue).
-
-3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds)
-
-This defines the frequency for checking native reference during
-non-busy period (such as, how often should the cleaner thread check
-the queue for native references). Note that the cleaner thread will
-switch back to the 'shortInterval' value if native PKCS11 references
-for cleaning are detected.
-
-core-libs/java.nio:
-
-JDK-8271517: Zip File System Provider Throws ZipException when entry name element contains "." or "."
-=====================================================================================================
-The ZIP file system provider has been changed to reject existing ZIP
-files that contain entries with "." or ".." in name elements. ZIP
-files with these entries can not be used as a file system. Invoking
-the `java.nio.file.FileSystems.newFileSystem(...)` methods will throw
-`ZipException` if the ZIP file contains these entries.
-
-security-libs/java.security:
-
-JDK-8272535: Removed Google's GlobalSign Root Certificate
-=========================================================
-The following root certificate from Google has been removed from the
-`cacerts` keystore:
-
-Alias Name: globalsignr2ca [jdk]
-Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
-
-core-libs/java.time:
-
-JDK-8274857: Update Timezone Data to 2021c
-===========================================
-IANA Time Zone Database, on which JDK's Date/Time libraries are based,
-has been updated to version 2021c
-(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
-that with this update, some of the time zone rules prior to the year
-1970 have been modified according to the changes which were introduced
-with 2021b. For more detail, refer to the announcement of 2021b
-(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
-
-New in release OpenJDK 11.0.13 (2021-10-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11013
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt
-
-* Security fixes
- - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
- - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
- - JDK-8263314: Enhance XML Dsig modes
- - JDK-8265167, CVE-2021-35556: Richer Text Editors
- - JDK-8265574: Improve handling of sheets
- - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
- - JDK-8265776: Improve Stream handling for SSL
- - JDK-8266097, CVE-2021-35561: Better hashing support
- - JDK-8266103: Better specified spec values
- - JDK-8266109: More Resilient Classloading
- - JDK-8266115: More Manifest Jar Loading
- - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
- - JDK-8266689, CVE-2021-35567: More Constrained Delegation
- - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
- - JDK-8267712: Better LDAP reference processing
- - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
- - JDK-8267735, CVE-2021-35586: Better BMP support
- - JDK-8268193: Improve requests of certificates
- - JDK-8268199: Correct certificate requests
- - JDK-8268205: Enhance DTLS client handshake
- - JDK-8268506: More Manifest Digests
- - JDK-8269618, CVE-2021-35603: Better session identification
- - JDK-8269624: Enhance method selection support
- - JDK-8270398: Enhance canonicalization
- - JDK-8270404: Better canonicalization
-* Other changes
- - JDK-8024368: private methods are allocated vtable indices
- - JDK-8042902: Test java/net/Inet6Address/serialize/Inet6AddressSerializationTest.java fails intermittently
- - JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites
- - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
- - JDK-8158066: SourceDebugExtensionTest fails to rename file
- - JDK-8168304: Make all of DependencyContext_test available in product mode
- - JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java fails intermittently with BindException
- - JDK-8181313: SA: Remove libthread_db dependency on Linux
- - JDK-8193214: Incorrect annotations.without.processors warnings with JDK 9
- - JDK-8194230: jdk/internal/jrtfs/remote/RemoteRuntimeImageTest.java fails with java.lang.NullPointerException
- - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
- - JDK-8199931: java/net/MulticastSocket/UnreferencedMulticastSockets.java fails with "incorrect data received"
- - JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK version changes
- - JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java failed on Mac 10.13 with zh_CN and zh_TW locales.
- - JDK-8207316: java/nio/channels/spi/SelectorProvider/inheritedChannel/InheritedChannelTest.java failed
- - JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64
- - JDK-8208363: test/jdk/java/lang/Package/PackageFromManifest.java missing module dependencies declaration
- - JDK-8209380: ARM: cleanup maybe-uninitialized and reorder compiler warnings
- - JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh to plain java test
- - JDK-8209772: Refactor shell test java/util/ServiceLoader/basic/basic.sh to java
- - JDK-8209773: Refactor shell test javax/naming/module/basic.sh to java
- - JDK-8209832: Refactor jdk/internal/reflect/Reflection/GetCallerClassTest.sh to plain java test
- - JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh to plain java test
- - JDK-8210406: Refactor java.util.PluggableLocale:i18n shell tests to plain java tests
- - JDK-8210407: Refactor java.util.Calendar:i18n shell tests to plain java tests
- - JDK-8210495: compiler crashes because of illegal signature in otherwise legal code
- - JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time image layout
- - JDK-8210802: temp files left by tests in jdk/java/net/httpclient
- - JDK-8210819: Update the host name in CNameTest.java
- - JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain java test
- - JDK-8210934: Move sun/net/www/protocol/http/GetErrorStream.java to OpenJDK
- - JDK-8210959: JShell fails and exits when statement throws an exception whose message contains a '%'.
- - JDK-8211055: Provide print to a file (PDF) feature even when printer was not connected
- - JDK-8211092: test/jdk/sun/net/www/http/HttpClient/MultiThreadTest.java fails intermittently when cleaning up
- - JDK-8211296: Remove HotSpot deprecation warning suppression for Mac/clang
- - JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails with cleaning up
- - JDK-8212040: Compilation error due to wrong usage of NSPrintJobDispositionValue in mac10.12
- - JDK-8212695: Add explicit timeout to several HTTP Client tests
- - JDK-8212718: Refactor some annotation processor tests to better use collections
- - JDK-8213007: Update the link in test/jdk/sun/security/provider/SecureRandom/DrbgCavp.java
- - JDK-8213137: Remove static initialization of monitor/mutex instances
- - JDK-8213235: java/nio/channels/SocketChannel/AsyncCloseChannel.java fails with threads that didn't exit
- - JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests to plain java tests
- - JDK-8213576: Make test AsyncCloseChannel.java run in othervm
- - JDK-8213694: Test Timeout.java should run in othervm mode
- - JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/except/except002 and except003
- - JDK-8213922: fix ctw stand-alone build
- - JDK-8214195: Align stdout messages in test/jdk/java/math/BigInteger/PrimitiveConversionTests.java
- - JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java failed with incorrect jtreg tags order
- - JDK-8214937: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed due to unexpected expiration date
- - JDK-8216532: tools/launcher/Test7029048.java fails (Solaris)
- - JDK-8217825: Verify @AfterTest is used correctly in WebSocket tests
- - JDK-8218145: block_if_requested is not proper inlined due to size
- - JDK-8219417: bump jtreg requiredVersion to b14
- - JDK-8219552: bump jtreg requiredVersion to b14 in test/jdk/sanity/client/
- - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
- - JDK-8220445: Support for side by side MSVC Toolset versions
- - JDK-8221988: add possibility to build with Visual Studio 2019
- - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
- - JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use Dependencies::find_unique_concrete_method() for non-virtual methods
- - JDK-8224853: CDS address sanitizer errors
- - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
- - JDK-8225583: Examine the HttpResponse.BodySubscribers for null handling and multiple subscriptions
- - JDK-8225690: Multiple AttachListener threads can be created
- - JDK-8225790: Two NestedDialogs tests fail on Ubuntu
- - JDK-8226319: Add forgotten test/jdk/java/net/httpclient/BodySubscribersTest.java
- - JDK-8226533: JVMCI: findUniqueConcreteMethod should handle statically bindable methods directly
- - JDK-8226602: Test convenience reactive primitives from java.net.http with RS TCK
- - JDK-8226683: Remove review suggestion from fix to 8219804
- - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
- - JDK-8227766: CheckUnhandledOops is broken in MemAllocator
- - JDK-8227815: Minimal VM: set_state is not a member of AttachListener
- - JDK-8230674: Heap dumps should exclude dormant CDS archived objects of unloaded classes
- - JDK-8230808: Remove Access::equals()
- - JDK-8230841: Remove oopDesc::equals()
- - JDK-8231717: Improve performance of charset decoding when charset is always compactable
- - JDK-8232243: Wrong caret position in JTextPane on Windows with a screen resolution > 100%
- - JDK-8232782: Shenandoah: streamline post-LRB CAS barrier (aarch64)
- - JDK-8233790: Forward output from heap dumper to jcmd/jmap
- - JDK-8233989: Create an IPv4 version of java/net/MulticastSocket/SetLoopbackMode.java
- - JDK-8234510: Remove file seeking requirement for writing a heap dump
- - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file
- - JDK-8235216: typo in test filename
- - JDK-8235866: bump jtreg requiredVersion to 4.2b16
- - JDK-8236111: narrow allowSmartActionArgs disabling
- - JDK-8236413: AbstractConnectTimeout should tolerate both NoRouteToHostException and UnresolvedAddressException
- - JDK-8236671: NullPointerException in JKS keystore
- - JDK-8238930: problem list compiler/c2/Test8004741.java
- - JDK-8238943: switch to jtreg 5.0
- - JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS breaks QuietOption.java test
- - JDK-8240983: Incorrect copyright header in Apache Santuario 2.1.3 files
- - JDK-8241336: Some java.net tests failed with NoRouteToHostException on MacOS with special network configuration
- - JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler
- - JDK-8241768: git needs .gitattributes
- - JDK-8242882: opening jar file with large manifest might throw NegativeArraySizeException
- - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty"
- - JDK-8245134: test/lib/jdk/test/lib/security/KeyStoreUtils.java should allow to specify aliases
- - JDK-8246261: TCKLocalTime.java failed due to "AssertionError: expected [18:14:22] but found [18:14:23]"
- - JDK-8246387: switch to jtreg 5.1
- - JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed allocating blob
- - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- - JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/TextLayout/ArabicDiacriticTest.java can leave frame open
- - JDK-8248403: AArch64: Remove uses of kernel integer types
- - JDK-8248414: AArch64: Remove uses of long and unsigned long ints
- - JDK-8248657: Windows: strengthening in ThreadCritical regarding memory model
- - JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread
- - JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC
- - JDK-8248671: AArch64: Remove unused variables
- - JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper
- - JDK-8248816: C1: Fix signature conflict in LIRGenerator::strength_reduce_multiply
- - JDK-8249095: tools/javac/launcher/SourceLauncherTest.java fails on Windows
- - JDK-8249548: backward focus traversal gets stuck in button group
- - JDK-8249773: Upgrade ReceiveISA.java test to be resilient to failure due to stray packets and interference
- - JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o bug-id
- - JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses @ignore w/o bug-id
- - JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses @ignore w/o bug-id
- - JDK-8250588: Shenandoah: LRB needs to save/restore fp registers for runtime call
- - JDK-8250824: AArch64: follow up for JDK-8248414
- - JDK-8251166: Add automated testcases for changes done in JDK-8214112
- - JDK-8251252: Add automated testcase for fix done in JDK-8214253
- - JDK-8251254: Add automated test for fix done in JDK-8218472
- - JDK-8251361: Potential race between Logger configuration and GCs in HttpURLConWithProxy test
- - JDK-8251549: Update docs on building for Git
- - JDK-8251945: SIGSEGV in PackageEntry::purge_qualified_exports()
- - JDK-8252194: Add automated test for fix done in JDK-8218469
- - JDK-8252648: Shenandoah: name gang tasks consistently
- - JDK-8252825: Add automated test for fix done in JDK-8218479
- - JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java fails intermittently with C1
- - JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially consistent
- - JDK-8253048: AArch64: When CallLeaf, no need to preserve callee-saved registers in caller
- - JDK-8253424: Add support for running pre-submit testing using GitHub Actions
- - JDK-8253631: Remove unimplemented CompileBroker methods after JEP-165
- - JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably
- - JDK-8253899: Make IsClassUnloadingEnabled signature match specification
- - JDK-8254024: Enhance native libs for AWT and Swing to work with GraalVM Native Image
- - JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command
- - JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow
- - JDK-8254175: Build no-pch configuration in debug mode for submit checks
- - JDK-8254244: Some code emitted by TemplateTable::branch is unused when running TieredCompilation
- - JDK-8254270: linux 32 bit build doesn't compile libjdwp/log_messages.c
- - JDK-8254282: Add Linux x86_32 builds to submit workflow
- - JDK-8254850: Update terminology in java.awt.GridBagLayout source code comments
- - JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
- - JDK-8255305: Add Linux x86_32 tier1 to submit workflow
- - JDK-8255352: Archive important test outputs in submit workflow
- - JDK-8255373: Submit workflow artifact name is always "test-results_.zip"
- - JDK-8255452: Doing GC during JVMTI MethodExit event posting breaks return oop
- - JDK-8255718: Zero: VM should know it runs in interpreter-only mode
- - JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F on Manjaro Linux
- - JDK-8255810: Zero: build fails without JVMTI
- - JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch
- - JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow
- - JDK-8256215: Shenandoah: re-organize saving/restoring machine state in assembler code
- - JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for x86_32 and lower -XX:+UseSSE
- - JDK-8256277: Github Action build on macOS should define OS and Xcode versions
- - JDK-8256354: Github Action build on Windows should define OS and MSVC versions
- - JDK-8256393: Github Actions build on Linux should define OS and GCC versions
- - JDK-8256414: add optimized build to submit workflow
- - JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing
- - JDK-8257056: Submit workflow should apt-get update to avoid package installation errors
- - JDK-8257148: Remove obsolete code in AWTView.m
- - JDK-8257497: Update keytool to create AKID from the SKID of the issuing certificate as specified by RFC 5280
- - JDK-8257620: Do not use objc_msgSend_stret to get macOS version
- - JDK-8257913: Add more known library locations to simplify Linux cross-compilation
- - JDK-8258703: Incorrect 512-bit vector registers restore on x86_32
- - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- - JDK-8259535: ECDSA SignatureValue do not always have the specified length
- - JDK-8259679: GitHub actions should use MSVC 14.28
- - JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386"
- - JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386"
- - JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
- - JDK-8260923: Add more tests for SSLSocket input/output shutdown
- - JDK-8261072: AArch64: Fix MacroAssembler::get_thread convention
- - JDK-8261147: C2: Node is wrongly marked as reduction resulting in a wrong execution due to wrong vector instructions
- - JDK-8261238: NMT should not limit baselining by size threshold
- - JDK-8261496: Shenandoah: reconsider pacing updates memory ordering
- - JDK-8261652: Remove some dead comments from os_bsd_x86
- - JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync with the StackFrameStream
- - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- - JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
- - JDK-8262392: Update Mesa 3-D Headers to version 21.0.3
- - JDK-8262409: sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions. SSL test failures caused by java failed with "Server reported the wrong exception"
- - JDK-8262470: Printed GlyphVector outline with low DPI has bad quality on Windows
- - JDK-8262862: Harden tests sun/security/x509/URICertStore/ExtensionsWithLDAP.java and krb5/canonicalize/Test.java
- - JDK-8263136: C4530 was reported from VS 2019 at access bridge
- - JDK-8263227: C2: inconsistent spilling due to dead nodes in exception block
- - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
- - JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X)
- - JDK-8263432: javac may report an invalid package/class clash on case insensitive filesystems
- - JDK-8263490: [macos] Crash occurs on JPasswordField with activated InputMethod
- - JDK-8263531: Remove unused buffer int
- - JDK-8263667: Avoid running GitHub actions on branches named pr/*
- - JDK-8263776: [JVMCI] add helper to perform Java upcalls
- - JDK-8264016: [JVMCI] add some thread local fields for use by JVMCI
- - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
- - JDK-8265132: C2 compilation fails with assert "missing precedence edge"
- - JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after fix for JDK-8264821
- - JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay description
- - JDK-8265756: AArch64: initialize memory allocated for locals according to Windows AArch64 stack page growth requirement in template interpreter
- - JDK-8265761: Font with missed font family name is not properly printed on Windows
- - JDK-8265773: incorrect jdeps message "jdk8internals" to describe a removed JDK internal API
- - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- - JDK-8266018: Shenandoah: fix an incorrect assert
- - JDK-8266206: Build failure after JDK-8264752 with older GCCs
- - JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
- - JDK-8266288: assert root method not found in witnessed_reabstraction_in_supers is too strong
- - JDK-8266404: Fatal error report generated with -XX:+CrashOnOutOfMemoryError should not contain suggestion to submit a bug report
- - JDK-8266480: Implicit null check optimization does not update control of hoisted memory operation
- - JDK-8266615: C2 incorrectly folds subtype checks involving an interface array
- - JDK-8266642: Improve ResolvedMethodTable hash function
- - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
- - JDK-8266761: AssertionError in sun.net.httpserver.ServerImpl.responseCompleted
- - JDK-8266813: Shenandoah: Use shorter instruction sequence for checking if marking in progress
- - JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due to uninitialized BasicObjectLock::_displaced_header
- - JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use Metaspace with less classes
- - JDK-8267396: Avoid recording "pc" in unhandled oops detector for better performance
- - JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java test failed with assertion
- - JDK-8267424: CTW: C1 fails with "State must not be null"
- - JDK-8267459: Pasting Unicode characters into JShell does not work.
- - JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
- - JDK-8267666: Add option to jcmd GC.heap_dump to use existing file
- - JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13
- - JDK-8267751: (test) jtreg.SkippedException has no serial VersionUID
- - JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle min_jint correctly
- - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
- - JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
- - JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info.
- - JDK-8268347: C2: nested locks optimization may create unbalanced monitor enter/exit code
- - JDK-8268360: Missing check for infinite loop during node placement
- - JDK-8268362: [REDO] C2 crash when compile negative Arrays.copyOf length after loop
- - JDK-8268366: Incorrect calculation of has_fpu_registers in C1 linear scan
- - JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to missing null check
- - JDK-8268417: Add test from JDK-8268360
- - JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance
- - JDK-8268617: [11u REDO] - WebSocket over authenticating proxy fails with NPE
- - JDK-8268620: InfiniteLoopException test may fail on x86 platforms
- - JDK-8268635: Corrupt oop in ClassLoaderData
- - JDK-8268699: Shenandoah: Add test for JDK-8268127
- - JDK-8268771: javadoc -notimestamp option does not work on index.html
- - JDK-8268775: Password is being converted to String in AccessibleJPasswordField
- - JDK-8268776: Test `ADatagramSocket.java` missing /othervm from @run tag
- - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
- - JDK-8269304: Regression ~5% in 2005 in b27
- - JDK-8269415: [11u] Remove ea from DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u
- - JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient
- - JDK-8269529: javax/swing/reliability/HangDuringStaticInitialization.java fails in Windows debug build
- - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
- - JDK-8269614: [s390] Interpreter checks wrong bit for slow path instance allocation
- - JDK-8269650: Optimize gc-locker in [Get|Release]StringCritical for latin string
- - JDK-8269661: JNI_GetStringCritical does not lock char array
- - JDK-8269668: [aarch64] java.library.path not including /usr/lib64
- - JDK-8269763: The JEditorPane is blank after JDK-8265167
- - JDK-8269795: C2: Out of bounds array load floats above its range check in loop peeling resulting in SEGV
- - JDK-8269847: JDK-8269594 backport breaks 11u builds
- - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0
- - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
- - JDK-8269882: stack-use-after-scope in NewObjectA
- - JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
- - JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode
- - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- - JDK-8270184: [TESTBUG] Add coverage for jvmci ResolvedJavaType.toJavaName() for lambdas
- - JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns incorrect type name for lambdas
- - JDK-8270556: Exclude security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA
- - JDK-8270893: IndexOutOfBoundsException while reading large TIFF file
- - JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies
- - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
- - JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
- - JDK-8272197: Update 11u GHA workflow with Shenandoah configurations
- - JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790
- - JDK-8272472: StackGuardPages test doesn't build with glibc 2.34
- - JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used
- - JDK-8272628: Problemlist gc/stress/gcbasher/TestGCBasherWithCMS.java for x86_32
- - JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848
- - JDK-8272772: Shenandoah: compiler/c2/aarch64/TestVolatilesShenandoah.java fails in 11u
- - JDK-8273939: Backport of 8248414 to JDK11 breaks MacroAssembler::adrp
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8271434: Removed IdenTrust Root Certificate
-===============================================
-The following root certificate from IdenTrust has been removed from
-the `cacerts` keystore:
-
-Alias Name: identrustdstx3 [jdk]
-Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
-
-JDK-8261922: Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280
-=====================================================================================================
-The `gencert` command of the `keytool` utility has been updated to
-create AKID from the SKID of the issuing certificate as specified by
-RFC 5280.
-
-security-libs/javax.net.ssl:
-
-JDK-8210799: ChaCha20 and Poly1305 TLS Cipher Suites
-====================================================
-New TLS cipher suites using the `ChaCha20-Poly1305` algorithm have
-been added to JSSE. These cipher suites are enabled by default. The
-TLS_CHACHA20_POLY1305_SHA256 cipher suite is available for TLS 1.3.
-The following cipher suites are available for TLS 1.2:
-
-* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-
-Refer to the "Java Secure Socket Extension (JSSE) Reference Guide" for
-details on these new TLS cipher suites.
-
-JDK-8219551: Updated the Default Enabled Cipher Suites Preference
-=================================================================
-The preference of the default enabled cipher suites has been
-changed. The compatibility impact should be minimal. If needed,
-applications can customize the enabled cipher suites and the
-preference. For more details, refer to the SunJSSE provider
-documentation and the JSSE Reference Guide documentation.
-
-New in release OpenJDK 11.0.12 (2021-07-20):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11012
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.12.txt
-
-* Security fixes
- - JDK-8256157: Improve bytecode assembly
- - JDK-8256491: Better HTTP transport
- - JDK-8258432, CVE-2021-2341: Improve file transfers
- - JDK-8260453: Improve Font Bounding
- - JDK-8260960: Signs of jarsigner signing
- - JDK-8260967, CVE-2021-2369: Better jar file validation
- - JDK-8262380: Enhance XML processing passes
- - JDK-8262403: Enhanced data transfer
- - JDK-8262410: Enhanced rules for zones
- - JDK-8262477: Enhance String Conclusions
- - JDK-8262967: Improve Zip file support
- - JDK-8264066, CVE-2021-2388: Enhance compiler validation
- - JDK-8264079: Improve abstractions
- - JDK-8264460: Improve NTLM support
-* Other changes
- - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- - JDK-7106851: Test should not use System.exit
- - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
- - JDK-8076190: Customizing the generation of a PKCS12 keystore
- - JDK-8153005: Upgrade the default PKCS12 encryption/MAC algorithms
- - JDK-8171303: sun/java2d/pipe/InterpolationQualityTest.java fails on Windows & Linux
- - JDK-8177068: incomplete classpath causes NPE in Flow
- - JDK-8185734: [Windows] Structured Exception Catcher missing around gtest execution
- - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
- - JDK-8190763: Class cast exception on (CompoundEdit) UndoableEditEvent.getEdit()
- - JDK-8195841: PNGImageReader.readNullTerminatedString() doesnt check for non-null terminated strings with length equal to maxLen
- - JDK-8196100: javax/swing/text/JTextComponent/5074573/bug5074573.java fails
- - JDK-8199646: JShell tests: jdk/jshell/FailOverDirectExecutionControlTest.java failed with java.lang.UnsupportedOperationException
- - JDK-8206925: Support the certificate_authorities extension
- - JDK-8207160: ClassReader::adjustMethodParams can potentially return null if the args list is empty
- - JDK-8207247: AARCH64: Enable Minimal and Client VM builds
- - JDK-8207404: MulticastSocket tests failing on AIX
- - JDK-8207779: Method::is_valid_method() compares 'this' with NULL
- - JDK-8208061: runtime/LoadClass/TestResize.java fails with "Load factor too high" when running in CDS mode.
- - JDK-8209459: TestSHA512MultiBlockIntrinsics failed on AArch64
- - JDK-8210443: Migrate Locale matching tests to JDK Repo.
- - JDK-8213231: ThreadSnapshot::_threadObj can become stale
- - JDK-8213483: ARM32: runtime/ErrorHandling/ShowRegistersOnAssertTest.java jtreg test fail
- - JDK-8213725: JShell NullPointerException due to class file with unexpected package
- - JDK-8213794: ARM32: disable TypeProfiling, CriticalJNINatives, Serviceablity tests for ARM32
- - JDK-8213845: ARM32: Interpreter doesn't call result handler after native calls
- - JDK-8214128: ARM32: wrong stack alignment on Deoptimization::unpack_frames
- - JDK-8214512: ARM32: Jtreg test compiler/c2/Test8062950.java fails on ARM
- - JDK-8214854: JDWP: Unforseen output truncation in logging
- - JDK-8214922: Add vectorization support for fmin/fmax
- - JDK-8215009: GCC 8 compilation error in libjli
- - JDK-8216184: CDS/appCDS tests failed on Windows due to long path to a classlist file
- - JDK-8216259: AArch64: Vectorize Adler32 intrinsics
- - JDK-8216314: SIGILL in CodeHeapState::print_names()
- - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
- - JDK-8217465: [REDO] - Optimize CodeHeap Analytics
- - JDK-8217561: X86: Add floating-point Math.min/max intrinsics
- - JDK-8217918: C2: -XX:+AggressiveUnboxing is broken
- - JDK-8218458: [TESTBUG] runtime/NMT/CheckForProperDetailStackTrace.java fails with Expected stack trace missing from output
- - JDK-8219142: Remove unused JIMAGE_ResourcePath
- - JDK-8219586: CodeHeap State Analytics processes dead nmethods
- - JDK-8220074: Clean up GCC 8.3 errors in LittleCMS
- - JDK-8220407: compiler/intrinsics/math/TestFpMinMaxIntrinsics.java timedout
- - JDK-8222302: [TESTBUG]test/hotspot/jtreg/compiler/intrinsics/sha/cli/TestUseSHAOptionOnUnsupportedCPU.java fails on any other CPU
- - JDK-8222412: AARCH64: multiple instructions encoding issues
- - JDK-8223020: aarch64: expand minI_rReg and maxI_rReg patterns into separate instructions
- - JDK-8223444: Improve CodeHeap Free Space Management
- - JDK-8223504: Improve performance of forall loops by better inlining of "iterator()" methods
- - JDK-8223667: ASAN build broken
- - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
- - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
- - JDK-8225438: javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java failed with Read timed out
- - JDK-8225756: [testbug] compiler/loopstripmining/CheckLoopStripMining.java sets too short a SafepointTimeoutDelay
- - JDK-8226374: Restrict TLS signature schemes and named groups
- - JDK-8226627: assert(t->singleton()) failed: must be a constant
- - JDK-8226721: Missing intrinsics for Math.ceil, floor, rint
- - JDK-8227080: (fs) Files.newInputStream(...).skip(n) is slow
- - JDK-8227222: vmTestbase/jit/FloatingPoint/gen_math/Loops04/Loops04.java failed XMM register should be 0-15
- - JDK-8227609: (fs) Files.newInputStream(...).skip(n) should allow skipping beyond file size
- - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
- - JDK-8231460: Performance issue (CodeHeap) with large free blocks
- - JDK-8231713: x86_32 build failures after JDK-8226721 (Missing intrinsics for Math.ceil, floor, rint)
- - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
- - JDK-8232084: HotSpot build failed with GCC 9.2.1
- - JDK-8232591: AArch64: Add missing match rules for smaddl, smsubl and smnegl
- - JDK-8233185: HttpServer.stop() blocks indefinitely when called on dispatch thread
- - JDK-8233787: Break cycle in vm_version* includes
- - JDK-8233948: AArch64: Incorrect mapping between OptoReg and VMReg for high 64 bits of Vector Register
- - JDK-8234355: Buffer overflow in jcmd GC.class_stats due to too many classes
- - JDK-8235368: Update BCEL to Version 6.4.1
- - JDK-8236859: WebSocket over authenticating proxy fails with NPE
- - JDK-8236992: AArch64: remove redundant load_klass in itable stub
- - JDK-8237743: test/langtools/jdk/jshell/FailOverExecutionControlTest.java fails No ExecutionControlProvider with name 'nonExistent' and parameter keys: []
- - JDK-8237804: sun/security/mscapi tests fail with "Key pair not generated, alias <nnnnnn> already exists"
- - JDK-8238175: CTW: Class.getDeclaredMethods fails with assert(k->is_subclass_of(SystemDictionary::Throwable_klass())) failed: invalid exception class
- - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- - JDK-8238812: assert(false) failed: bad AD file
- - JDK-8239312: [macos] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java
- - JDK-8239386: handle ContendedPaddingWidth in vm_version_aarch64
- - JDK-8239536: Can't use `java.util.List` object after importing `java.awt.List`
- - JDK-8240487: Cleanup whitespace in .cc, .hh, .m, and .mm files
- - JDK-8240848: ArrayIndexOutOfBoundsException buf for TextCallbackHandler
- - JDK-8241082: Upgrade IANA Language Subtag Registry data to 03-16-2020 version
- - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
- - JDK-8241101: [s390] jtreg test failure after JDK-8238696: not conformant features string
- - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- - JDK-8241372: Several test failures due to javax.net.ssl.SSLException: Connection reset
- - JDK-8241475: AArch64: Add missing support for PopCountVI node
- - JDK-8241829: Cleanup the code for PrinterJob on windows
- - JDK-8241960: The SHA3 message digests impl of SUN provider are not thread safe after cloned
- - JDK-8242010: Upgrade IANA Language Subtag Registry to Version 2020-04-01
- - JDK-8242429: Better implementation for sign extract
- - JDK-8242557: Add length limit for strings in PNGImageWriter
- - JDK-8242919: Paste locks up jshell
- - JDK-8243155: AArch64: Add support for SqrtVF
- - JDK-8243240: AArch64: Add support for MulVB
- - JDK-8243452: JFR: Could not create chunk in repository with over 200 recordings
- - JDK-8243559: Remove root certificates with 1024-bit keys
- - JDK-8243597: AArch64: Add support for integer vector abs
- - JDK-8244031: HttpClient should have more tests for HEAD requests
- - JDK-8244205: HTTP/2 tunnel connections through proxy may be reused regardless of which proxy is selected
- - JDK-8244847: Linux/PPC: runtime/CompressedOops/CompressedClassPointers: smallHeapTest fails
- - JDK-8245511: G1 adaptive IHOP does not account for reclamation of humongous objects by young GC
- - JDK-8246274: G1 old gen allocation tracking is not in a separate class
- - JDK-8247354: [aarch64] PopFrame causes assert(oopDesc::is_oop(obj)) failed: not an oop
- - JDK-8247408: IdealGraph bit check expression canonicalization
- - JDK-8247432: Update IANA Language Subtag Registry to Version 2020-09-29
- - JDK-8247438: JShell: When FailOverExecutionControlProvider fails the proximal cause is not shown
- - JDK-8247753: UIManager.getSytemLookAndFeelClassName() returns wrong value on Fedora 32
- - JDK-8248043: Need to eliminate excessive i2l conversions
- - JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
- - JDK-8248568: compiler/c2/TestBit.java failed: test missing from stdout/stderr
- - JDK-8248870: AARCH64: I2L/L2I conversions can be skipped for masked positive values
- - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
- - JDK-8249189: AARCH64: more L2I conversions can be skipped
- - JDK-8249719: MethodHandle performance suffers from bad ResolvedMethodTable hash function
- - JDK-8249875: GCC 10 warnings -Wtype-limits with JFR code
- - JDK-8250635: MethodArityHistogram should use Compile_lock in favour of fancy checks
- - JDK-8250876: Fix issues with cross-compile on macos
- - JDK-8251031: Some vmTestbase/nsk/monitoring/RuntimeMXBean tests fail with hostnames starting from digits
- - JDK-8251525: AARCH64: Faster Math.signum(fp)
- - JDK-8252259: AArch64: Adjust default value of FLOATPRESSURE
- - JDK-8252311: AArch64: save two words in itable lookup stub
- - JDK-8252779: compiler/graalunit/HotspotTest.java failed after 8251525
- - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
- - JDK-8253167: ARM32 builds fail after JDK-8247910
- - JDK-8253572: [windows] CDS archive may fail to open with long file names
- - JDK-8253923: C2 doesn't always run loop opts for compilations that include loops
- - JDK-8253948: Memory leak in ImageFileReader
- - JDK-8254631: Better support ALPN byte wire values in SunJSSE
- - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
- - JDK-8255086: Update the root locale display names
- - JDK-8255625: AArch64: Implement Base64.encodeBlock accelerator/intrinsic
- - JDK-8255763: C2: OSR miscompilation caused by invalid memory instruction placement
- - JDK-8255992: JFR EventWriter does not use first string from StringPool with id 0
- - JDK-8256037: [TESTBUG] com/sun/jndi/dns/ConfigTests/PortUnreachable.java fails due to the hard coded threshold is small
- - JDK-8256244: java/lang/ProcessHandle/PermissionTest.java fails with TestNG 7.1
- - JDK-8256287: [windows] add loop fuse to map_or_reserve_memory_aligned
- - JDK-8256523: Streamline Java SHA2 implementation
- - JDK-8257414: Drag n Drop target area is wrong on high DPI systems
- - JDK-8257569: Failure observed with JfrVirtualMemory::initialize
- - JDK-8257574: C2: "failed: parsing found no loops but there are some" assert failure
- - JDK-8257580: Bump update version for OpenJDK: jdk-11.0.12
- - JDK-8257604: JNI_ArgumentPusherVaArg leaks valist
- - JDK-8257621: JFR StringPool misses cached items across consecutive recordings
- - JDK-8257796: [TESTBUG] TestUseSHA512IntrinsicsOptionOnSupportedCPU.java fails on x86_32
- - JDK-8257822: C2 crashes with SIGFPE due to a division that floats above its zero check
- - JDK-8257828: SafeFetch may crash if invoked in non-JavaThreads
- - JDK-8257853: Remove dependencies on JNF's JNI utility functions in AWT and 2D code
- - JDK-8257858: [macOS]: Remove JNF dependency from libosxsecurity/KeystoreImpl.m
- - JDK-8257860: [macOS]: Remove JNF dependency from libosxkrb5/SCDynamicStoreConfig.m
- - JDK-8257988: Remove JNF dependency from libsaproc/MacosxDebuggerLocal.m
- - JDK-8258414: OldObjectSample events too expensive
- - JDK-8258505: [TESTBUG] TestDivZeroWithSplitIf.java fails due to missing UnlockDiagnosticVMOptions
- - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
- - JDK-8259061: C2: assert(found) failed: memory-writing node is not placed in its original loop or an ancestor of it
- - JDK-8259227: C2 crashes with SIGFPE due to a division that floats above its zero check
- - JDK-8259232: Bad JNI lookup during printing
- - JDK-8259276: C2: Empty expression stack when reexecuting tableswitch/lookupswitch instructions after deoptimization
- - JDK-8259343: [macOS] Update JNI error handling in Cocoa code.
- - JDK-8259585: Accessible actions do not work on mac os x
- - JDK-8259651: [macOS] Replace JNF_COCOA_ENTER/EXIT macros
- - JDK-8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl
- - JDK-8259710: Inlining trace leaks memory
- - JDK-8259729: Missed JNFInstanceOf -> IsInstanceOf conversion
- - JDK-8259777: Incorrect predication condition generated by ADLC
- - JDK-8259786: initialize last parameter of getpwuid_r
- - JDK-8259843: initialize dli_fname array before calling dll_address_to_library_name
- - JDK-8259869: [macOS] Remove desktop module dependencies on JNF Reference APIs
- - JDK-8259886: Improve SSL session cache performance and scalability
- - JDK-8259983: do not use uninitialized expand_ms value in G1CollectedHeap::expand_heap_after_young_collection
- - JDK-8260030: Improve stringStream buffer handling
- - JDK-8260236: better init AnnotationCollector _contended_group
- - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
- - JDK-8260284: C2: assert(_base == Int) failed: Not an Int
- - JDK-8260380: Upgrade to LittleCMS 2.12
- - JDK-8260420: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
- - JDK-8260426: awt debug_mem.c DMem_AllocateBlock might leak memory
- - JDK-8260432: allocateSpaceForGP in freetypeScaler.c might leak memory
- - JDK-8260616: Removing remaining JNF dependencies in the java.desktop module
- - JDK-8260653: Unreachable nodes keep speculative types alive
- - JDK-8260707: java/lang/instrument/PremainClass/InheritAgent0100.java times out
- - JDK-8260925: HttpsURLConnection does not work with other JSSE provider.
- - JDK-8260926: Trace resource exhausted events unconditionally
- - JDK-8261020: Wrong format parameter in create_emergency_chunk_path
- - JDK-8261027: AArch64: Support for LSE atomics C++ HotSpot code
- - JDK-8261167: print_process_memory_info add a close call after fopen
- - JDK-8261170: Upgrade to freetype 2.10.4
- - JDK-8261198: [macOS] Incorrect JNI parameters in number conversion in A11Y code
- - JDK-8261235: C1 compilation fails with assert(res->vreg_number() == index) failed: conversion check
- - JDK-8261261: The version extra fields needs to be overridable in jib-profiles.js
- - JDK-8261262: Kitchensink24HStress.java crashed with EXCEPTION_ACCESS_VIOLATION
- - JDK-8261354: SIGSEGV at MethodIteratorHost
- - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
- - JDK-8261397: try catch Method failing to work when dividing an integer by 0
- - JDK-8261422: Adjust problematic String.format calls in jdk/internal/util/Preconditions.java outOfBoundsMessage
- - JDK-8261447: MethodInvocationCounters frequently run into overflow
- - JDK-8261481: Cannot read Kerberos settings in dynamic store on macOS Big Sur
- - JDK-8261505: Test test/hotspot/jtreg/gc/parallel/TestDynShrinkHeap.java killed by Linux OOM Killer
- - JDK-8261601: free memory in early return in Java_sun_nio_ch_sctp_SctpChannelImpl_receive0
- - JDK-8261649: AArch64: Optimize LSE atomics in C++ code
- - JDK-8261730: C2 compilation fails with assert(store->find_edge(load) != -1) failed: missing precedence edge
- - JDK-8261752: Multiple GC test are missing memory requirements
- - JDK-8261791: (sctp) handleSendFailed in SctpChannelImpl.c potential leaks
- - JDK-8261812: C2 compilation fails with assert(!had_error) failed: bad dominance
- - JDK-8261914: IfNode::fold_compares_helper faces non-canonicalized bool when running JRuby JSON workload
- - JDK-8262093: java/util/concurrent/tck/JSR166TestCase.java failed "assert(false) failed: unexpected node"
- - JDK-8262110: DST starts from incorrect time in 2038
- - JDK-8262121: [11u] Redo 8244287: JFR: Methods samples have line number 0
- - JDK-8262163: Extend settings printout in jcmd VM.metaspace
- - JDK-8262295: C2: Out-of-Bounds Array Load from Clone Source
- - JDK-8262298: G1BarrierSetC2::step_over_gc_barrier fails with assert "bad barrier shape"
- - JDK-8262446: DragAndDrop hangs on Windows
- - JDK-8262461: handle wcstombsdmp return value correctly in unix awt_InputMethod.c
- - JDK-8262465: Very long compilation times and high memory consumption in C2 debug builds
- - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
- - JDK-8262739: String inflation C2 intrinsic prevents insertion of anti-dependencies
- - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- - JDK-8262837: handle split_USE correctly
- - JDK-8262900: ToolBasicTest fails to access HTTP server it starts
- - JDK-8263260: [s390] Support latest hardware (z14 and z15)
- - JDK-8263311: Watch registry changes for remote printers update instead of polling
- - JDK-8263361: Incorrect arraycopy stub selected by C2 for SATB collectors
- - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
- - JDK-8263425: AArch64: two potential bugs in C1 LIRGenerator::generate_address()
- - JDK-8263448: CTW: fatal error: meet not symmetric
- - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
- - JDK-8263557: Possible NULL dereference in Arena::destruct_contents()
- - JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true
- - JDK-8263676: AArch64: one potential bug in C1 LIRGenerator::generate_address()
- - JDK-8263729: [test] divert spurious output away from stream under test in ProcessBuilder Basic test
- - JDK-8263846: Bad JNI lookup getFocusOwner in accessibility code on Mac OS X
- - JDK-8264047: Duplicate global variable 'jvm' in libjavajpeg and libawt
- - JDK-8264096: slowdebug jvm crashes when StrInflatedCopy match rule is not supported
- - JDK-8264151: ciMethod::ensure_method_data() should return false is loading resulted in empty state
- - JDK-8264173: [s390] Improve Hardware Feature Detection And Reporting
- - JDK-8264190: Harden TLS interop tests
- - JDK-8264223: CodeHeap::verify fails extra_hops assertion in fastdebug test
- - JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
- - JDK-8264360: Loop strip mining verification fails with "should be on the backedge"
- - JDK-8264626: C1 should be able to inline excluded methods
- - JDK-8264640: CMS ParScanClosure misses a barrier
- - JDK-8264786: [macos] All Swing/AWT apps cause Allow Notifications prompt to appear when app is launched
- - JDK-8264821: DirectIOTest fails on a system with large block size
- - JDK-8264848: [macos] libjvm.dylib linker warning due to macOS version mismatch
- - JDK-8264923: PNGImageWriter.write_zTXt throws Exception with a typo
- - JDK-8264958: C2 compilation fails with assert "n is later than its clone"
- - JDK-8265099: Revert backport to 11u of 8236859: WebSocket over authenticating proxy fails with NPE
- - JDK-8265154: vinserti128 operand mix up for KNL platforms
- - JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
- - JDK-8265417: Backport of JDK-8249672 breaks Solaris x86 build
- - JDK-8265421: java/lang/String/StringRepeat.java test is missing a memory requirement
- - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
- - JDK-8265537: x86 version string truncated after JDK-8249672 11u backport
- - JDK-8265666: Enable AIX build platform to make external debug symbols
- - JDK-8265677: CMS: CardTableBarrierSet::write_ref_array_work() lacks storestore barrier
- - JDK-8265690: Use the latest Ubuntu base image version in Docker testing
- - JDK-8265718: Build failure after JDK-8258414 11u backport
- - JDK-8265750: Fatal error in safepoint.cpp after backport of 8258414
- - JDK-8265784: [C2] Hoisting of DecodeN leaves MachTemp inputs behind
- - JDK-8265938: C2's conditional move optimization does not handle top Phi
- - JDK-8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified
- - JDK-8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
- - JDK-8266713: [AIX] Build failure after 11u backport of JDK-8247753
- - JDK-8266802: Shenandoah: Round up region size to page size unconditionally
- - JDK-8266892: avoid maybe-uninitialized gcc warnings on linux s390x
- - JDK-8266929: Unable to use algorithms from 3p providers
- - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
- - JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
- - JDK-8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u
- - JDK-8267641: [11u] 8227609 backport typo
- - JDK-8267721: Enable sun/security/pkcs11 tests for Amazon Linux 2 AArch64
- - JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8215293: Customizing PKCS12 keystore Generation
-===================================================
-New system and security properties have been added to enable users to
-customize the generation of PKCS #12 keystores. This includes
-algorithms and parameters for key protection, certificate protection,
-and MacData. The detailed explanation and possible values for these
-properties can be found in the "PKCS12 KeyStore properties" section of
-the `java.security` file.
-
-Also, support for the following SHA-2 based HmacPBE algorithms has
-been added to the SunJCE provider:
-
-* HmacPBESHA224
-* HmacPBESHA256
-* HmacPBESHA384
-* HmacPBESHA512
-* HmacPBESHA512/224
-* HmacPBESHA512/256
-
-JDK-8256902: Removed Root Certificates with 1024-bit Keys
-=========================================================
-The following root certificates with weak 1024-bit RSA public keys
-have been removed from the `cacerts` keystore:
-
-Alias Name: thawtepremiumserverca [jdk]
-Distinguished Name: EMAILADDRESS=premium-server(a)thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
-
-Alias Name: verisignclass2g2ca [jdk]
-Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
-
-Alias Name: verisignclass3ca [jdk]
-Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
-
-Alias Name: verisignclass3g2ca [jdk]
-Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
-
-Alias Name: verisigntsaca [jdk]
-Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
-
-JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
-=================================================================
-
-The following root certificate have been removed from the cacerts truststore:
-
-Alias Name: soneraclass2ca
-Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
-
-JDK-8242069: Upgraded the Default PKCS12 Encryption and MAC Algorithms
-======================================================================
-The default encryption and MAC algorithms used in a PKCS #12 keystore
-have been updated. The new algorithms are based on AES-256 and SHA-256
-and are stronger than the old algorithms that were based on RC2,
-DESede, and SHA-1. See the security properties starting with
-`keystore.pkcs12` in the `java.security` file for detailed
-information.
-
-For compatibility, a new system property named
-`keystore.pkcs12.legacy` is defined that will revert the algorithms to
-use the older, weaker algorithms. There is no value defined for this
-property.
-
-security-libs/javax.net.ssl:
-
-JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
-=========================================================================================
-Certain TLS ALPN values couldn't be properly read or written by the
-SunJSSE provider. This is due to the choice of Strings as the API
-interface and the undocumented internal use of the UTF-8 Character Set
-which converts characters larger than U+00007F (7-bit ASCII) into
-multi-byte arrays that may not be expected by a peer.
-
-ALPN values are now represented using the network byte representation
-expected by the peer, which should require no modification for
-standard 7-bit ASCII-based character Strings. However, SunJSSE now
-encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
-characters. This means applications that used characters above
-U+000007F that were previously encoded using UTF-8 may need to either
-be modified to perform the UTF-8 conversion, or set the Java security
-property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
-
-See the updated guide at
-https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
-for more information.
-
-JDK-8244460: Support for certificate_authorities Extension
-==========================================================
-The "certificate_authorities" extension is an optional extension
-introduced in TLS 1.3. It is used to indicate the certificate
-authorities (CAs) that an endpoint supports and should be used by the
-receiving endpoint to guide certificate selection.
-
-With this JDK release, the "certificate_authorities" extension is
-supported for TLS 1.3 in both the client and the server sides. This
-extension is always present for client certificate selection, while it
-is optional for server certificate selection.
-
-Applications can enable this extension for server certificate
-selection by setting the `jdk.tls.client.enableCAExtension` system
-property to `true`. The default value of the property is `false`.
-
-Note that if the client trusts more CAs than the size limit of the
-extension (less than 2^16 bytes), the extension is not enabled. Also,
-some server implementations do not allow handshake messages to exceed
-2^14 bytes. Consequently, there may be interoperability issues when
-`jdk.tls.client.enableCAExtension` is set to `true` and the client
-trusts more CAs than the server implementation limit.
-
-New in release OpenJDK 11.0.11 (2021-04-20):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11011
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt
-
-* Security fixes
- - JDK-8244473: Contextualize registration for JNDI
- - JDK-8244543: Enhanced handling of abstract classes
- - JDK-8249906, CVE-2021-2163: Enhance opening JARs
- - JDK-8250568, CVE-2021-2161: Less ambiguous processing
- - JDK-8253799: Make lists of normal filenames
- - JDK-8257001: Improve Http Client Support
-* Other changes
- - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
- - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
- - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
- - JDK-8168869: jdeps: localized messages don't use proper line breaks
- - JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID
- - JDK-8202343: Disable TLS 1.0 and 1.1
- - JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers
- - JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes
- - JDK-8210413: AArch64: Optimize div/rem by constant in C1
- - JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction
- - JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar
- - JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output
- - JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak
- - JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module
- - JDK-8212043: Add floating-point Math.min/max intrinsics
- - JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out
- - JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows
- - JDK-8213909: jdeps --print-module-deps should report missing dependences
- - JDK-8214180: Need better granularity for sleeping
- - JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file
- - JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable
- - JDK-8214741: docs/index.html has no title or copyright
- - JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043
- - JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails
- - JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown
- - JDK-8218550: Add test omitted from JDK-8212043
- - JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
- - JDK-8221995: AARCH64: problems with CAS instructions encoding
- - JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread
- - JDK-8222785: aarch64: add necessary masking for immediate shift counts
- - JDK-8223186: HotSpot compile warnings from GCC 9
- - JDK-8225773: jdeps --check produces NPE if there are missing module dependences
- - JDK-8225805: Java Access Bridge does not close the logger
- - JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props
- - JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line
- - JDK-8229474: Shenandoah: Cleanup CM::update_roots()
- - JDK-8232225: Rework the fix for JDK-8071483
- - JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant
- - JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain
- - JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system
- - JDK-8233912: aarch64: minor improvements of atomic operations
- - JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
- - JDK-8234742: Improve handshake logging
- - JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure
- - JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate
- - JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag
- - JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test
- - JDK-8237392: Shenandoah: Remove unreliable assertion
- - JDK-8237483: AArch64 C1 OopMap inserted twice fatal error
- - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
- - JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS)
- - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
- - JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent."
- - JDK-8240751: Shenandoah: fold ShenandoahTracer definition
- - JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found"
- - JDK-8241598: Upgrade JLine to 3.14.0
- - JDK-8241649: Optimize Character.toString
- - JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module
- - JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I
- - JDK-8242030: Wrong package declarations in jline classes after JDK-8241598
- - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
- - JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox
- - JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal
- - JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI
- - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
- - JDK-8244340: Handshake processing thread lacks yielding
- - JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file
- - JDK-8244683: A TSA server used by tests
- - JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant
- - JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused
- - JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent
- - JDK-8245512: CRC32 optimization using AVX512 instructions
- - JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos
- - JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel
- - JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683
- - JDK-8247200: assert((unsigned)fpargs < 32)
- - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn.
- - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
- - JDK-8248865: Document JNDI/LDAP timeout properties
- - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- - JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent
- - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
- - JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash
- - JDK-8249787: Make TestGCLocker more resilient with concurrent GCs
- - JDK-8249867: xml declaration is not followed by a newline
- - JDK-8250911: [windows] os::pd_map_memory() error detection broken
- - JDK-8251255: [linux] Add process-memory information to hs-err and VM.info
- - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
- - JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance
- - JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java
- - JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X
- - JDK-8253220: Epsilon: clean up unused code/declarations
- - JDK-8253274: The CycleDMImagetest brokes the system
- - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
- - JDK-8253368: TLS connection always receives close_notify exception
- - JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms
- - JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop()
- - JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
- - JDK-8253409: Double-rounding possibility in float fma
- - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
- - JDK-8253524: C2: Refactor code that clones predicates during loop unswitching
- - JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected
- - JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
- - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
- - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
- - JDK-8254104: MethodCounters must exist before nmethod is installed
- - JDK-8254734: "dead loop detected" assert failure with patch from 8223051
- - JDK-8254748: Bad Copyright header format after JDK-8212218
- - JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs
- - JDK-8255058: C1: assert(is_virtual()) failed: type check
- - JDK-8255351: Add detection for Graviton 2 CPUs
- - JDK-8255387: Japanese characters were printed upside down on AIX
- - JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity
- - JDK-8255544: Create a checked cast
- - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
- - JDK-8255681: print callstack in error case in runAWTLoopWithApp
- - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
- - JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls
- - JDK-8255845: Memory leak in imageFile.cpp
- - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
- - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
- - JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls
- - JDK-8256056: Deoptimization stub doesn't save vector registers on x86
- - JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers
- - JDK-8256187: [TEST_BUG] Automate bug4275046.java test
- - JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg
- - JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe
- - JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows
- - JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32
- - JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails
- - JDK-8256387: Unexpected result if patching an entire instruction on AArch64
- - JDK-8256421: Add 2 HARICA roots to cacerts truststore
- - JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory
- - JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners
- - JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2
- - JDK-8256633: Fix product build on Windows+Arm64
- - JDK-8256682: JDK-8202343 is incomplete
- - JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file
- - JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32
- - JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
- - JDK-8256807: C2: Not marking stores correctly as mismatched in string opts
- - JDK-8256810: Incremental rebuild broken on Macosx
- - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
- - JDK-8256888: Client manual test problem list update
- - JDK-8257083: Security infra test failures caused by JDK-8202343
- - JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11
- - JDK-8257423: [PPC64] Support -XX:-UseInlineCaches
- - JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on
- - JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset())
- - JDK-8257547: Handle multiple prereqs on the same line in deps files
- - JDK-8257561: Some code is not vectorized after 8251925 and 8250607
- - JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler
- - JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification
- - JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle
- - JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm
- - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
- - JDK-8257707: Fix incorrect format string in Http1HeaderParser
- - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
- - JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset()
- - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
- - JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime.
- - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
- - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
- - JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234
- - JDK-8258247: Couple of issues in fix for JDK-8249906
- - JDK-8258373: Update the text handling in the JPasswordField
- - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
- - JDK-8258419: RSA cipher buffer cleanup
- - JDK-8258471: "search codecache" clhsdb command does not work
- - JDK-8258534: Epsilon: clean up unused includes
- - JDK-8258805: Japanese characters not entered by mouse click on Windows 10
- - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
- - JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo
- - JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test
- - JDK-8259007: This test printed a blank page
- - JDK-8259049: Uninitialized variable after JDK-8257513
- - JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false
- - JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- - JDK-8259231: Epsilon: improve performance under contention during virtual space expansion
- - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
- - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days
- - JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
- - JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input
- - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
- - JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty
- - JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags
- - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
- - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543
- - JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value
- - JDK-8259707: LDAP channel binding does not work with StartTLS extension
- - JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction
- - JDK-8259849: Shenandoah: Rename store-val to IU-barrier
- - JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
- - JDK-8260029: aarch64: fix typo in verify_oop_array
- - JDK-8260308: Update LogCompilation junit to 4.13.1
- - JDK-8260338: Some fields in HaltNode is not cloned
- - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
- - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
- - JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive
- - JDK-8260497: Shenandoah: Improve SATB flushing
- - JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
- - JDK-8260632: Build failures after JDK-8253353
- - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
- - JDK-8261022: Fix incorrect result of Math.abs() with char type
- - JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x
- - JDK-8261183: Follow on to Make lists of normal filenames
- - JDK-8261209: isStandalone property: remove dependency on pretty-print
- - JDK-8261231: Windows IME was disabled after DnD operation
- - JDK-8261251: Shenandoah: Use object size for full GC humongous compaction
- - JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined
- - JDK-8261334: NMT: tuning statistic shows incorrect hash distribution
- - JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
- - JDK-8261522: [PPC64] AES intrinsics write beyond the destination array
- - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined
- - JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap
- - JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702
- - JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u
- - JDK-8261912: Code IfNode::fold_compares_helper more defensively
- - JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales
- - JDK-8262018: Wrong format in SAP copyright header of OsVersionTest
- - JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator
-
-Notes on individual issues:
-===========================
-
-core-libs/javax.naming:
-
-JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos
-===============================================================
-A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has
-been added to enable TLS Channel Binding data in LDAP authentication
-over SSL/TLS protocol to the Windows AD server. The only valid value
-at present is "tls-server-end-point", where channel binding data is
-created on the base of the TLS server certificate. See RFC-5929 [0]
-and the module description of the `java.naming` module for further
-details.
-
-[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt
-
-security-libs/java.security:
-
-JDK-8260597: Added 2 HARICA Root CA Certificates
-================================================
-The following root certificates have been added to the cacerts truststore:
-
-Alias Name: haricarootca2015
-Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
-
-Alias Name: haricaeccrootca2015
-Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
-
-security-libs/javax.net.ssl:
-
-JDK-8256490: Disable TLS 1.0 and 1.1
-====================================
-TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
-considered secure and have been superseded by more secure and modern
-versions (TLS 1.2 and 1.3).
-
-These versions have now been disabled by default. If you encounter
-issues, you can, at your own risk, re-enable the versions by removing
-"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
-security property in the `java.security` configuration file.
-
-tools:
-
-JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies
-======================================================================
-`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps`
-options have been enhanced as follows.
-
-1. By default, they perform transitive module dependence analysis on
-libraries on the class path and module path, both directly and
-indirectly, as required by the given input JAR files or
-classes. Previously, they only reported the modules required by the
-given input JAR files or classes. The `--no-recursive` option can be
-used to request non-transitive dependence analysis.
-
-2. By default, they flag any missing dependency, i.e. not found from
-class path and module path, as an error. The `--ignore-missing-deps`
-option can be used to suppress missing dependence errors. Note that a
-custom image is created with the list of modules output by jdeps when
-using the `--ignore-missing-deps` option for a non-modular
-application. Such an application, running on the custom image, might
-fail at runtime when missing dependence errors are suppressed.
-
-xml/jaxp:
-
-JDK-8249867 XML declaration is not followed by a newline
-========================================================
-
-The DOM Load and Save `LSSerializer` does not have an explicit control
-for whether or not the XML Declaration ends with a newline. In this
-release, a JDK implementation specific property
-`http://www.oracle.com/xml/jaxp/properties/isStandalone` and
-corresponding System property `jdk.xml.isStandalone` are added to
-control the addition of a newline and act independently without
-having to set the pretty-print property. This property can be used to
-reverse the incompatible change introduced in Java SE 7 Update 4 with
-an update of Xalan 2.7.1 where a newline is omitted when pretty-print
-is required.
-
-For details, please refer to the bug report and the java.xml module-summary.
-
-Usage:
-
-// to set the property, get an instance of LSSerializer and set it along with pretty-print
-LSSerializer ser = impl.createLSSerializer();
-ser.getDomConfig().setParameter("format-pretty-print", true);
-ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true);
-
-// to use the System property, set it before initializing a LSSerializer
-System.setProperty("jdk.xml.isStandalone", “true”);
-
-// to clear the property, place the line anywhere after the LSSerializer is initialized
-System.clearProperty("jdk.xml.isStandalone");
-
-New in release OpenJDK 11.0.10 (2021-01-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11010
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.10.txt
-
-* Security fixes
- - JDK-8247619: Improve Direct Buffering of Characters
-* Other changes
- - JDK-6722928: Support SSPI as a native GSS-API provider
- - JDK-7185258: [macosx] Deadlock in SunToolKit.realSync()
- - JDK-8152332: [macosx] JFileChooser cannot be serialized on Mac OS X
- - JDK-8161684: [testconf] Add VerifyOops' testing into compiler tiers
- - JDK-8171279: Support X25519 and X448 in TLS
- - JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load
- - JDK-8173658: JvmtiExport::post_class_unload() is broken for non-JavaThread initiators
- - JDK-8191006: hsdis disassembler plugin does not compile with binutils 2.29+
- - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
- - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
- - JDK-8200151: Add 8 JNDI tests to com/sun/jndi/dns/ConfigTests/
- - JDK-8208279: Add 8 JNDI tests to com/sun/jndi/dns/EnvTests/
- - JDK-8208483: Add 5 JNDI tests to com/sun/jndi/dns/FactoryTests/
- - JDK-8208542: Add 4 JNDI tests to com/sun/jndi/dns/ListTests/
- - JDK-8208665: Amend cross-compilation docs with qemu-debootstrap recipe
- - JDK-8210088: ProblemList gc/epsilon/TestMemoryMXBeans.java
- - JDK-8210339: Add 10 JNDI tests to com/sun/jndi/dns/FedTests/
- - JDK-8211450: UndetVar::dup is not copying the kind field to the duplicated instance
- - JDK-8212160: JVMTI agent crashes with "assert(_value != 0LL) failed: resolving NULL _value"
- - JDK-8212226: SurfaceManager throws "Invalid Image variant" for MultiResolutionImage (Windows)
- - JDK-8213400: Support choosing group name in keytool keypair generation
- - JDK-8213535: Windows HiDPI html lightweight tooltips are truncated
- - JDK-8213698: Improve devkit creation and add support for linux/ppc64/ppc64le/s390x
- - JDK-8214025: assert(t->singleton()) failed: must be a constant when ScavengeRootsInCode < 2
- - JDK-8214242: compiler/arguments/TestScavengeRootsInCode.java fails because of missing UnlockDiagnosticVMOptions
- - JDK-8214787: Zero builds fail with "undefined JavaThread::thread_state()"
- - JDK-8215583: Exclude runtime/handshake/HandshakeWalkSuspendExitTest.java
- - JDK-8216012: Infinite loop in RSA KeyPairGenerator
- - JDK-8216324: GetClassMethods is confused by the presence of default methods in super interfaces
- - JDK-8217429: WebSocket over authenticating proxy fails to send Upgrade headers
- - JDK-8217976: test/jdk/java/net/httpclient/websocket/WebSocketProxyTest.java fails intermittently
- - JDK-8218021: Have jarsigner preserve posix permission attributes
- - JDK-8218287: jshell tool: input behavior unstable after 12-ea+24 on Windows
- - JDK-8218851: JVM crash in custom classloader stress test, JDK 12 & 13
- - JDK-8220420: Cleanup c1_LinearScan
- - JDK-8222072: JVMTI GenerateEvents() sends CompiledMethodLoad events to wrong jvmtiEnv
- - JDK-8222286: Fix for JDK-8213419 is broken on s390
- - JDK-8222527: HttpClient doesn't send HOST header when tunelling HTTP/1.1 through http proxy
- - JDK-8222533: jtreg test jdk/internal/platform/cgroup/TestCgroupMetrics.java fails on SLES12.3 linux ppc64le machine
- - JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137
- - JDK-8224555: vmTestbase/nsk/jvmti/scenarios/contention/TC02/tc02t001/TestDescription.java failed
- - JDK-8224650: Add tests to support X25519 and X448 in TLS
- - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
- - JDK-8225329: -XX:+PrintBiasedLockingStatistics causes crash during initialization on Windows platforms
- - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
- - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
- - JDK-8227275: Within native OOM error handling, assertions may hang the process
- - JDK-8227647: [Graal] Test8009761.java fails due to "RuntimeException: static java.lang.Object compiler.uncommontrap.Test8009761.m3(boolean,boolean) not compiled"
- - JDK-8229495: SIGILL in C2 generated OSR compilation
- - JDK-8230910: libsspi_bridge does not build on Windows 32bit
- - JDK-8232114: JVM crashed at imjpapi.dll in native code
- - JDK-8234147: Avoid looking up standard charsets in core libraries
- - JDK-8234393: [macos] printing ignores printer tray
- - JDK-8234863: Increase default value of MaxInlineLevel
- - JDK-8235218: Minimal VM is broken after JDK-8173361
- - JDK-8235456: Minimal VM is broken after JDK-8212160
- - JDK-8235829: graal crashes with Zombie.java test
- - JDK-8236124: Minimal VM slowdebug build failed after JDK-8212160
- - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
- - JDK-8236944: The legVecZ operand should be limited to zmm0-zmm15 registers
- - JDK-8237186: Fix typo in copyright header of java/io/Reader/TransferTo.java
- - JDK-8237499: JFR: Include stack trace in the ThreadStart event
- - JDK-8237512: AArch64: aarch64TestHook leaks a BufferBlob
- - JDK-8237524: AArch64: String.compareTo() may return incorrect result
- - JDK-8237950: C2 compilation fails with "Live Node limit exceeded limit" during ConvI2L::Ideal optimization
- - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
- - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
- - JDK-8239477: jdk/jfr/jcmd/TestJcmdStartStopDefault.java fails -XX:+VerifyOops with "verify_oop: rsi: broken oop"
- - JDK-8239497: SEGV in EdgeUtils::field_name_symbol(Edge const&)
- - JDK-8239886: Minimal VM build fails after JDK-8237499
- - JDK-8240633: Memory leaks in the implementations of FileChooserUI
- - JDK-8240690: Race condition between EDT and BasicDirectoryModel.FilesLoader.run0()
- - JDK-8241234: Unify monitor enter/exit runtime entries.
- - JDK-8241311: Move some charset mapping tests from closed to open
- - JDK-8241797: Add some tests to the problem list
- - JDK-8242029: AArch64: skip G1 array copy pre-barrier if marking not active
- - JDK-8242335: Additional Tests for RSASSA-PSS
- - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
- - JDK-8242614: cleanup duplicated test ldap server in some com/sun/jndi/ldap/ tests
- - JDK-8242846: Bring back test/jdk/tools/jlink/plugins/OrderResourcesPluginTest.java
- - JDK-8243114: Implement montgomery{Multiply,Square}intrinsics on Windows
- - JDK-8243290: Improve diagnostic messages for class verification and redefinition failures
- - JDK-8243488: Add tests for set/get SendBufferSize and getReceiveBufferSize in DatagramSocket
- - JDK-8243549: sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java failed with Unsupported signature algorithm: DSA
- - JDK-8243617: compiler/onSpinWait/TestOnSpinWaitC1.java test uses wrong class
- - JDK-8243619: compiler/codecache/CheckSegmentedCodeCache.java test misses -version
- - JDK-8244142: some hotspot/runtime tests don't check exit code of forked JVM
- - JDK-8244278: Excessive code cache flushes and sweeps
- - JDK-8244282: test/hotspot/jtreg/compiler/intrinsics/Test8237524.java fails with --illegal-access=deny
- - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
- - JDK-8244819: hsdis does not compile with binutils 2.34+
- - JDK-8245051: c1 is broken if it is compiled by gcc without -fno-lifetime-dse
- - JDK-8245168: jlink should not be treated as a "small" tool
- - JDK-8245400: Upgrade to LittleCMS 2.11
- - JDK-8246381: VM crashes with "Current BasicObjectLock* below than low_mark"
- - JDK-8246434: Threads::print_on_error assumes that the heap has been set up
- - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
- - JDK-8247201: Print potential pointer value of readable stack memory in hs_err file
- - JDK-8247763: assert(outer->outcnt() == 2) failed: 'only phis' failure in LoopNode::verify_strip_mined()
- - JDK-8247867: Upgrade to freetype 2.10.2
- - JDK-8248190: Enable Power10 system and implement new byte-reverse instructions
- - JDK-8248226: TestCloneAccessStressGCM fails with -XX:-ReduceBulkZeroing
- - JDK-8248347: windows build broken by JDK-8243114
- - JDK-8248532: Every time I change keyboard language at my MacBook, Java crashes
- - JDK-8248552: C2 crashes with SIGFPE due to division by zero
- - JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled
- - JDK-8248745: Add jarsigner and keytool tests for restricted algorithms
- - JDK-8248791: sun/util/resources/cldr/TimeZoneNamesTest.java fails with -XX:-ReduceInitialCardMarks -XX:-ReduceBulkZeroing
- - JDK-8248845: AArch64: stack corruption after spilling vector register
- - JDK-8249176: Update GlobalSignR6CA test certificates
- - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
- - JDK-8249192: MonitorInfo stores raw oops across safepoints
- - JDK-8249602: C2: assert(cnt == _outcnt) failed: no insertions allowed
- - JDK-8249603: C1: assert(has_error == false) failed: register allocation invalid
- - JDK-8249605: C2: assert(no_dead_loop) failed: dead loop detected
- - JDK-8249607: C2: assert(!had_error) failed: bad dominance
- - JDK-8249608: Vector register used by C2 compiled method corrupted at safepoint
- - JDK-8249672: Include microcode revision in features_string on x86
- - JDK-8249748: gtest silently ignores bad jvm arguments
- - JDK-8249821: Separate libharfbuzz from libfontmanager
- - JDK-8250598: Hyper-V is detected in spite of running on host OS
- - JDK-8250605: Linux x86_32 builds fail after JDK-8249821
- - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
- - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
- - JDK-8250772: Test com/sun/jndi/ldap/NamingExceptionMessageTest.java fails intermittently with javax.naming.ServiceUnavailableException
- - JDK-8250825: C2 crashes with assert(field != __null) failed: missing field
- - JDK-8250894: Provide a configure option to build and run against the platform libharfbuzz
- - JDK-8250928: JFR: Improve hash algorithm for stack traces
- - JDK-8250968: Symlinks attributes not preserved when using jarsigner on zip files
- - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
- - JDK-8251118: BiasedLocking::preserve_marks should not have a HandleMark
- - JDK-8251189: com/sun/jndi/ldap/LdapDnsProviderTest.java failed due to timeout
- - JDK-8251257: NMT: jcmd VM.native_memory scale=1 crashes target VM
- - JDK-8251365: Build failure on AIX after 8250636
- - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
- - JDK-8251456: [TESTBUG] compiler/vectorization/TestVectorsNotSavedAtSafepoint.java failed OutOfMemoryError
- - JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed"
- - JDK-8251535: Partial peeling at unsigned test adds incorrect loop exit check
- - JDK-8251949: ZGC: Set explicit heap size for compiler/gcbarriers tests
- - JDK-8252090: JFR: StreamWriterHost::write_unbuffered() stucks in an infinite loop OpenJDK (build 13.0.1+9)
- - JDK-8252415: Bump update version for OpenJDK: jdk-11.0.10
- - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
- - JDK-8252497: Incorrect numeric currency code for ROL
- - JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option
- - JDK-8252679: Two windows specific FileDIalog tests may fail on some Windows_Server_2016_Standard
- - JDK-8252696: Loop unswitching may cause out of bound array load to be executed
- - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
- - JDK-8253219: Epsilon: clean up unnecessary includes
- - JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
- - JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify
- - JDK-8253269: The CheckCommonColors test should provide more info on failure
- - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
- - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
- - JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
- - JDK-8253791: Issue with useAppleColor check in CSystemColors.m
- - JDK-8254016: Test8237524 fails with -XX:-CompactStrings option
- - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
- - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
- - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
- - JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
- - JDK-8254185: Fix Code cache sweeper heuristics for JDK 11
- - JDK-8254190: [s390] interpreter misses exception check after calling monitorenter
- - JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics
- - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
- - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
- - JDK-8255050: Add pkcs11/KeyStore/ClientAuth.sh to Problem list
- - JDK-8255065: Zero: accessor_entry misses the IRIW case
- - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
- - JDK-8255269: Unsigned overflow in g1Policy.cpp
- - JDK-8255365: Problem list failing client manual tests
- - JDK-8255457: Shenandoah: cleanup ShenandoahMarkTask
- - JDK-8255466: C2 crashes at ciObject::get_oop() const+0x0
- - JDK-8255550: x86: Assembler::cmpq(Address dst, Register src) encoding is incorrect
- - JDK-8255603: Memory/Performance regression after JDK-8210985
- - JDK-8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
- - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
- - JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX
- - JDK-8256452: Integrate missing part of JDK-8232370 to 11u
- - JDK-8256483: [TESTBUG] serviceability/jvmti/GetClassMethods/libOverpassMethods.c fails to compile on gcc 4.4.x
- - JDK-8256557: libharfbuzz fails to link on gcc 4.4.x due to -Wl,-z,defs
- - JDK-8256618: Zero: Linux x86_32 build still fails
- - JDK-8256736: Zero: GTest tests fail with "unsuppported vm variant"
- - JDK-8256809: Annotation processing causes NPE during flow analysis
- - JDK-8257181: s390x builds are very noisy with gc-sections messages
- - JDK-8257242: [macOS] Java app crashes while switching input methods
- - JDK-8257545: SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport
- - JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
- - JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays
- - JDK-8258630: Add expiry exception for QuoVadis root certificate
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8213821: -groupname Option Added to keytool Key Pair Generation
-===================================================================
-A new `-groupname` option has been added to `keytool -genkeypair` so
-that a user can specify a named group when generating a key pair. For
-example, `keytool -genkeypair -keyalg EC -groupname secp384r1` will
-generate an EC key pair by using the `secp384r1` curve. Because there
-might be multiple curves with the same size, using the `-groupname`
-option is preferred over the `-keysize` option.
-
-JDK-8248263: jarsigner Preserves POSIX File Permission and symlink Attributes
-=============================================================================
-When signing a file that contains POSIX file permission or symlink
-attributes, `jarsigner` now preserves these attributes in the newly
-signed file but warns that these attributes are unsigned and not
-protected by the signature. The same warning is printed during the
-`jarsigner -verify` operation for such files.
-
-Note that the `jar` tool does not read/write these attributes. This
-change is more visible to tools like `unzip` where these attributes
-are preserved.
-
-security-libs/javax.net.ssl:
-
-JDK-8225764: Support for X25519 and X448 in TLS
-================================================
-
-The named elliptic curve groups `x25519` and `x448` are now available
-for JSSE key agreement in TLS versions 1.0 to 1.3, with `x25519` being
-the most preferred of the default enabled named groups. The default
-ordered list is now:
-
-* x25519
-* secp256r1
-* secp384r1
-* secp521r1
-* x448
-* secp256k1
-* ffdhe2048
-* ffdhe3072
-* ffdhe4096
-* ffdhe6144
-* ffdhe8192
-
-The default list can be overridden using the system property *`jdk.tls.namedGroups`*.
-
-security-libs/org.ietf.jgss:
-
-JDK-8214079: Added a Default Native GSS-API Library on Windows
-==============================================================
-A native GSS-API library has been added to JDK on the Windows
-platform. The library is client-side only and uses the default
-credentials. It will be loaded when the `sun.security.jgss.native`
-system property is set to "true". A user can still load a third-party
-native GSS-API library by setting the system property
-`sun.security.jgss.lib` to its path.
-
-New in release OpenJDK 11.0.9.1 (2020-10-20):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11091
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.1.txt
-
-* Regression fixes
- - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
-
-New in release OpenJDK 11.0.9 (2020-10-20):
-===========================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk1109
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt
-
-* Security fixes
- - JDK-8233624: Enhance JNI linkage
- - JDK-8236196: Improve string pooling
- - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
- - JDK-8237995, CVE-2020-14782: Enhance certificate processing
- - JDK-8240124: Better VM Interning
- - JDK-8241114, CVE-2020-14792: Better range handling
- - JDK-8242680, CVE-2020-14796: Improved URI Support
- - JDK-8242685, CVE-2020-14797: Better Path Validation
- - JDK-8242695, CVE-2020-14798: Enhanced buffer support
- - JDK-8243302: Advanced class supports
- - JDK-8244136, CVE-2020-14803: Improved Buffer supports
- - JDK-8244479: Further constrain certificates
- - JDK-8244955: Additional Fix for JDK-8240124
- - JDK-8245407: Enhance zoning of times
- - JDK-8245412: Better class definitions
- - JDK-8245417: Improve certificate chain handling
- - JDK-8248574: Improve jpeg processing
- - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
- - JDK-8253019: Enhanced JPEG decoding
-* Other changes
- - JDK-6532025: GIF reader throws misleading exception with truncated images
- - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
- - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
- - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
- - JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed
- - JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/CloseServerSocket.java fails intermittently with Address already in use
- - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
- - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
- - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
- - JDK-8193367: Annotated type variable bounds crash javac
- - JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset
- - JDK-8203026: java.rmi.NoSuchObjectException: no such object in table
- - JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called
- - JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass
- - JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout
- - JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java
- - JDK-8204963: javax.swing.border.TitledBorder has a memory leak
- - JDK-8204994: SA might fail to attach to process with "Windbg Error: WaitForEvent failed"
- - JDK-8205534: Remove SymbolTable dependency from serviceability agent
- - JDK-8206309: Tier1 SA tests fail
- - JDK-8208281: java/nio/channels/AsynchronousSocketChannel/Basic.java timed out
- - JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1
- - JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect
- - JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!
- - JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful
- - JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout
- - JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2
- - JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC
- - JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java
- - JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code
- - JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3
- - JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack
- - JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests
- - JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds
- - JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout
- - JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4
- - JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject
- - JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test
- - JDK-8211694: JShell: Redeclared variable should be reset
- - JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent
- - JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest
- - JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55
- - JDK-8212807: tools/jar/multiRelease/Basic.java times out
- - JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)
- - JDK-8213214: Set -Djava.io.tmpdir= when running tests
- - JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found
- - JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes
- - JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface
- - JDK-8214074: Ghash optimization using AVX instructions
- - JDK-8214491: Upgrade to JLine 3.9.0
- - JDK-8214797: TestJmapCoreMetaspace.java timed out
- - JDK-8215243: JShell tests failing intermitently with \"Problem cleaning up the following threads:\"
- - JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed
- - JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)
- - JDK-8215438: jshell tool: Ctrl-D causes EOF
- - JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows
- - JDK-8216974: HttpConnection not returned to the pool after 204 response
- - JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time
- - JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs
- - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
- - JDK-8221658: aarch64: add necessary predicate for ubfx patterns
- - JDK-8221759: Crash when completing \"java.io.File.path\"
- - JDK-8221918: runtime/SharedArchiveFile/serviceability/ReplaceCriticalClasses.java fails: Shared archive not found
- - JDK-8222074: Enhance auto vectorization for x86
- - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
- - JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command
- - JDK-8223688: JShell: crash on the instantiation of raw anonymous class
- - JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error
- - JDK-8223940: Private key not supported by chosen signature algorithm
- - JDK-8224184: jshell got IOException at exiting with AIX
- - JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc
- - JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException
- - JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions
- - JDK-8226536: Catch OOM from deopt that fails rematerializing objects
- - JDK-8226575: OperatingSystemMXBean should be made container aware
- - JDK-8226697: Several tests which need the @key headful keyword are missing it.
- - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
- - JDK-8227059: sun/security/tools/keytool/DefaultSignatureAlgorithm.java timed out
- - JDK-8227269: Slow class loading when running with JDWP
- - JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to "exitValue = 6"
- - JDK-8228448: Jconsole can't connect to itself
- - JDK-8228967: Trust/Key store and SSL context utilities for tests
- - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
- - JDK-8229815: Upgrade Jline to 3.12.1
- - JDK-8230000: some httpclients testng tests run zero test
- - JDK-8230002: javax/xml/jaxp/unittest/transform/SecureProcessingTest.java runs zero test
- - JDK-8230010: Remove jdk8037819/BasicTest1.java
- - JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter
- - JDK-8230402: Allocation of compile task fails with assert: "Leaking compilation tasks?"
- - JDK-8230767: FlightRecorderListener returns null recording
- - JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java
- - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
- - JDK-8231586: enlarge encoding space for OopMapValue offsets
- - JDK-8231953: Wrong assumption in assertion in oop::register_oop
- - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
- - JDK-8232083: Minimal VM is broken after JDK-8231586
- - JDK-8232161: Align some one-way conversion in MS950 charset with Windows
- - JDK-8232855: jshell missing word in /help help
- - JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration
- - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
- - JDK-8233386: Initialize NULL fields for unused decorations
- - JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result
- - JDK-8233686: XML transformer uses excessive amount of memory
- - JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions
- - JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment
- - JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose
- - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
- - JDK-8234058: runtime/CompressedOops/CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr
- - JDK-8234149: Several regression tests do not dispose Frame at end
- - JDK-8234347: "Turkey" meta time zone does not generate composed localized names
- - JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/bug6980209.java fails in linux nightly
- - JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC
- - JDK-8234541: C1 emits an empty message when it inlines successfully
- - JDK-8234687: change javap reporting on unknown attributes
- - JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11
- - JDK-8236548: Localized time zone name inconsistency between English and other locales
- - JDK-8236617: jtreg test containers/docker/TestMemoryAwareness.java fails after 8226575
- - JDK-8237182: Update copyright header for shenandoah and epsilon files
- - JDK-8237888: security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval
- - JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java
- - JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response
- - JDK-8238284: [macos] Zero VM build fails due to an obvious typo
- - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
- - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
- - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
- - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
- - JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code
- - JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), "should be non-static concrete method");
- - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
- - JDK-8240169: javadoc fails to link to non-modular api docs
- - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
- - JDK-8240360: NativeLibraryEvent has wrong library name on Linux
- - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
- - JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support
- - JDK-8241065: Shenandoah: remove leftover code after JDK-8231086
- - JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows
- - JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException
- - JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector
- - JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark
- - JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME
- - JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure
- - JDK-8241750: x86_32 build failure after JDK-8227269
- - JDK-8242184: CRL generation error with RSASSA-PSS
- - JDK-8242283: Can't start JVM when java home path includes non-ASCII character
- - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
- - JDK-8243029: Rewrite javax/net/ssl/compatibility/Compatibility.java with a flexible interop test framework
- - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
- - JDK-8243320: Add SSL root certificates to Oracle Root CA program
- - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
- - JDK-8243389: enhance os::pd_print_cpu_info on linux
- - JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment
- - JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp
- - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
- - JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)
- - JDK-8244087: 2020-04-24 public suffix list update
- - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
- - JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base
- - JDK-8244196: adjust output in os_linux
- - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
- - JDK-8244287: JFR: Methods samples have line number 0
- - JDK-8244703: "platform encoding not initialized" exceptions with debugger, JNI
- - JDK-8244719: CTW: C2 compilation fails with "assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it"
- - JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb
- - JDK-8244763: Update --release 8 symbol information after JSR 337 MR3
- - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
- - JDK-8245151: jarsigner should not raise duplicate warnings on verification
- - JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9
- - JDK-8245714: "Bad graph detected in build_loop_late" when loads are pinned on loop limit check uncommon branch
- - JDK-8245801: StressRecompilation triggers assert "redundunt OSR recompilation detected. memory leak in CodeCache!"
- - JDK-8245832: JDK build make-static-libs should build all JDK libraries
- - JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan
- - JDK-8245981: Upgrade to jQuery 3.5.1
- - JDK-8246027: Minimal fastdebug build broken after JDK-8245801
- - JDK-8246094: [macos] Sound Recording and playback is not working
- - JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode
- - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
- - JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError
- - JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN
- - JDK-8246330: Add TLS Tests for Legacy ECDSA curves
- - JDK-8246453: TestClone crashes with "all collected exceptions must come from the same place"
- - JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods
- - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
- - JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code
- - JDK-8247615: Initialize the bytes left for the heap sampler
- - JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand
- - JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'
- - JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg
- - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
- - JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield
- - JDK-8248348: Regression caused by the update to BCEL 6.0
- - JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1
- - JDK-8248495: [macos] zerovm is broken due to libffi headers location
- - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
- - JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows
- - JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650
- - JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows.
- - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
- - JDK-8249255: Build fails if source code in cygwin home dir
- - JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11
- - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
- - JDK-8249560: Shenandoah: Fix racy GC request handling
- - JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle
- - JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases
- - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
- - JDK-8250609: C2 crash in IfNode::fold_compares
- - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
- - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
- - JDK-8250787: Provider.put no longer registering aliases in FIPS env
- - JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM
- - JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk
- - JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds
- - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
- - JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure
- - JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
- - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
- - JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase
- - JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured"
- - JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility
- - JDK-8252258: [11u] JDK-8242154 changes the default vendor
- - JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011
- - JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11
- - JDK-8253283: [11u] Test build/translations/VerifyTranslations.java failing after JDK-8252258
- - JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes
-
-Notes on individual issues:
-===========================
-
-core-libs/java.nio.charsets:
-
-JDK-8240196: Modified the MS950 charset Encoder's Conversion Table
-==================================================================
-In this release, some of the one-way byte-to-char mappings have been
-aligned with the preferred mappings provided by the Unicode Consortium
-(https://unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WindowsBestFit/bestfit950.txt).
-
-core-libs/java.util:i18n:
-
-JDK-8238914: Localized Time Zone Name Inconsistency Between English and Other Locales
-=====================================================================================
-English time zone names provided by the CLDR locale provider are now
-correctly synthesized following the CLDR spec, rather than substituted
-from the COMPAT provider. For example, SHORT style names are no longer
-synthesized abbreviations of LONG style names, but instead produce GMT
-offset formats.
-
-core-svc/java.lang.management:
-
-JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
-============================================================================================
-When executing in a container, or other virtualized operating
-environment, the following `OperatingSystemMXBean` methods in this
-release return container specific information, if
-available. Otherwise, they return host specific data:
-
-* getFreePhysicalMemorySize()
-* getTotalPhysicalMemorySize()
-* getFreeSwapSpaceSize()
-* getTotalSwapSpaceSize()
-* getSystemCpuLoad()
-
-security-libs/java.security:
-
-JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
-========================================================================
-The Entrust root certificate has been added to the cacerts truststore:
-
-Alias Name: entrustrootcag4
-Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
-
-JDK-8250860: Added 3 SSL Corporation Root CA Certificates
-=========================================================
-The following root certificates have been added to the cacerts truststore for the SSL Corporation:
-
-Alias Name: sslrootrsaca
-Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-Alias Name: sslrootevrsaca
-Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-Alias Name: sslrooteccca
-Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
-===================================================================================
-Weak named curves are disabled by default by adding them to the
-following `disabledAlgorithms` security properties:
-
-* jdk.tls.disabledAlgorithms
-* jdk.certpath.disabledAlgorithms
-* jdk.jar.disabledAlgorithms
-
-Red Hat has always disabled many of the curves provided by upstream,
-so the only addition in this release is:
-
-* secp256k1
-
-The curves that remain enabled are:
-
-* secp256r1
-* secp384r1
-* secp521r1
-* X25519
-* X448
-
-When large numbers of weak named curves need to be disabled, adding
-individual named curves to each `disabledAlgorithms` property would be
-overwhelming. To relieve this, a new security property,
-`jdk.disabled.namedCurves`, is implemented that can list the named
-curves common to all of the `disabledAlgorithms` properties. To use
-the new property in the `disabledAlgorithms` properties, precede the
-full property name with the keyword `include`. Users can still add
-individual named curves to `disabledAlgorithms` properties separate
-from this new property. No other properties can be included in the
-`disabledAlgorithms` properties.
-
-To restore the named curves, remove the `include
-jdk.disabled.namedCurves` either from specific or from all
-`disabledAlgorithms` security properties. To restore one or more
-curves, remove the specific named curve(s) from the
-`jdk.disabled.namedCurves` property.
-
-JDK-8244286: Tools Warn If Weak Algorithms Are Used Before Restricting Them
-===========================================================================
-The `keytool` and `jarsigner` tools have been updated to warn users
-about weak cryptographic algorithms being used before they are
-disabled. In this release, the tools issue warnings for the SHA-1 hash
-algorithm and 1024-bit RSA/DSA keys.
-
-security-libs/javax.net.ssl:
-
-JDK-8242147: New System Properties to Configure the TLS Signature Schemes
-=========================================================================
-Two new system properties have been added to customize the TLS
-signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
-added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
-has been added for the server side.
-
-Each system property contains a comma-separated list of supported
-signature scheme names specifying the signature schemes that could be
-used for the TLS connections.
-
-The names are described in the "Signature Schemes" section of the
-*Java Security Standard Algorithm Names Specification*.
-
-security-libs/javax.security:
-
-JDK-8242059: Support for canonicalize in krb5.conf
-==================================================
-
-The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
-the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
-canonicalization is requested by clients in TGT requests to KDC
-services (AS protocol). Otherwise, and by default, it is not
-requested.
-
-The new default behavior is different from previous releases where
-name canonicalization was always requested by clients in TGT requests
-to KDC services (provided that support for RFC 6806[1] was not
-explicitly disabled with the *sun.security.krb5.disableReferrals*
-system or security properties).
-
-[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
-[1]: https://tools.ietf.org/html/rfc6806
-
-JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
-====================================================================
-Following JDK's update to tzdata2020b, the long-obsolete files
-pacificnew and systemv have been removed. As a result, the
-"US/Pacific-New" zone name declared in the pacificnew data file is no
-longer available for use.
-
-Information regarding the update can be viewed at
-https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
-
-New in release OpenJDK 11.0.8 (2020-07-14):
-===========================================
-Live versions of these release notes can be found at:
- * https://bitly.com/oj1108
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.8.txt
-
-* Security fixes
- - JDK-8230613: Better ASCII conversions
- - JDK-8231800: Better listing of arrays
- - JDK-8232014: Expand DTD support
- - JDK-8233234: Better Zip Naming
- - JDK-8233239, CVE-2020-14562: Enhance TIFF support
- - JDK-8233255: Better Swing Buttons
- - JDK-8234032: Improve basic calendar services
- - JDK-8234042: Better factory production of certificates
- - JDK-8234418: Better parsing with CertificateFactory
- - JDK-8234836: Improve serialization handling
- - JDK-8236191: Enhance OID processing
- - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling
- - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
- - JDK-8237592, CVE-2020-14577: Enhance certificate verification
- - JDK-8238002, CVE-2020-14581: Better matrix operations
- - JDK-8238013: Enhance String writing
- - JDK-8238804: Enhance key handling process
- - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- - JDK-8238843: Enhanced font handing
- - JDK-8238920, CVE-2020-14583: Better Buffer support
- - JDK-8238925: Enhance WAV file playback
- - JDK-8240119, CVE-2020-14593: Less Affine Transformations
- - JDK-8240482: Improved WAV file playback
- - JDK-8241379: Update JCEKS support
- - JDK-8241522: Manifest improved jar headers redux
- - JDK-8242136, CVE-2020-14621: Better XML namespace handling
-* Other changes
- - JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created
- - JDK-7124307: JSpinner and changing value by mouse
- - JDK-8022574: remove HaltNode code after uncommon trap calls
- - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
- - JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown
- - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
- - JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo
- - JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly
- - JDK-8080353: JShell: Better error message on attempting to add default method
- - JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled
- - JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot
- - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
- - JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily
- - JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping
- - JDK-8175984: ICC_Profile has un-needed, not-empty finalize method
- - JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments
- - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
- - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
- - JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently
- - JDK-8191930: [Graal] emits unparseable XML into compile log
- - JDK-8193879: Java debugger hangs on method invocation
- - JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows
- - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
- - JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows
- - JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/WrongParentAfterRemoveMenu.java debug assert on Windows
- - JDK-8198339: Test javax/swing/border/Test6981576.java is unstable
- - JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801
- - JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740
- - JDK-8203672: JNI exception pending in PlainSocketImpl.c
- - JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398
- - JDK-8204834: Fix confusing "allocate" naming in OopStorage
- - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
- - JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure
- - JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
- - JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M
- - JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages
- - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
- - JDK-8209333: Socket reset issue for TLS 1.3 socket close
- - JDK-8209439: C2 library_call can potentially ignore Math.pow intrinsic or use null pointer
- - JDK-8209534: [TESTBUG]runtime/appcds/cacheObject/ArchivedModuleCompareTest.java fails with EnableJVMCI.
- - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
- - JDK-8210284: "assert((av & 0x00000001) == 0) failed: unsupported V8" on Solaris 11.4
- - JDK-8210303: VM_HandshakeAllThreads fails assert with "failed: blocked and not walkable"
- - JDK-8210515: [TESTBUG]CheckArchivedModuleApp.java needs to check if EnableJVMCI is set.
- - JDK-8210788: Javadoc for Thread.join(long, int) should specify that it waits forever when both arguments are zero
- - JDK-8211301: [macos] support full window content options
- - JDK-8211332: Space for stub routines (code_size2) is too small on new Skylake CPUs
- - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
- - JDK-8211392: compiler/profiling/spectrapredefineclass_classloaders/Launcher.java times out in JDK12 CI
- - JDK-8211743: [AOT] crash in ScopeDesc::decode_body() when JVMTI walks AOT frames
- - JDK-8212154: [TESTBUG] CheckArchivedModuleApp fails with NPE when JVMCI is absent
- - JDK-8212167: JShell : Stack trace of exception has wrong line number
- - JDK-8212933: Thread-SMR: requesting a VM operation whilst holding a ThreadsListHandle can cause deadlocks
- - JDK-8212986: Make Visual Studio compiler check less strict
- - JDK-8213250: CDS archive creation aborts due to metaspace object allocation failure
- - JDK-8213516: jck test api/javax_accessibility/AccessibleState/fields.html fails intermittent
- - JDK-8213947: ARM32: failed check_simd should set UsePopCountInstruction to false
- - JDK-8214418: half-closed SSLEngine status may cause application dead loop
- - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
- - JDK-8214444: Wrong strncat limits in dfa.cpp
- - JDK-8214481: freetype path does not disable TrueType hinting with AA+FM hints
- - JDK-8214571: -Xdoclint of array serialField gives "error: array type not allowed here"
- - JDK-8214856: Errors with JSZip in web console after upgrade to 3.1.5
- - JDK-8214862: assert(proj != __null) at compile.cpp:3251
- - JDK-8215369: Jcstress pollute /var/tmp with temporary files.
- - JDK-8215551: Missing case label in nmethod::reloc_string_for()
- - JDK-8215555: TieredCompilation C2 threads can excessively block handshakes
- - JDK-8215711: Missing key_share extension for (EC)DHE key exchange should alert missing_extension
- - JDK-8216151: [Graal] Module jdk.internal.vm.compiler.management has not been granted accessClassInPackage.org.graalvm.compiler.debug
- - JDK-8216154: C4819 warnings at HotSpot sources on Windows
- - JDK-8216541: CompiledICHolders of VM locked unloaded nmethods are released too late
- - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
- - JDK-8217404: --with-jvm-features doesn't work when multiple features are explicitly disabled
- - JDK-8217447: Develop flag TraceICs is broken
- - JDK-8217606: LdapContext#reconnect always opens a new connection
- - JDK-8218807: Compilation database (compile_commands.json) may contain obsolete items
- - JDK-8219214: Infinite Loop in CodeSection::dump()
- - JDK-8219904: ClassCastException when calling FlightRecorderMXBean#getRecordings()
- - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
- - JDK-8221121: applications/microbenchmarks are encountering crashes in tier5
- - JDK-8221445: FastSysexMessage constructor crashes MIDI receiption thread
- - JDK-8221482: Initialize VMRegImpl::regName[] earlier to prevent assert during PrintStubCode
- - JDK-8221741: ClassCastException can happen when fontconfig.properties is used
- - JDK-8221823: Requested JDialog width is ignored
- - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
- - JDK-8223935: PIT: java/awt/font/WindowsIndicFonts.java fails on windows10
- - JDK-8224109: Text spaced incorrectly by drawString under rotation with fractional metric
- - JDK-8224632: testbug: java/awt/dnd/RemoveDropTargetCrashTest/RemoveDropTargetCrashTest.java fails on MacOS
- - JDK-8224793: os::die() does not honor CreateCoredumpOnCrash option
- - JDK-8224847: gc/stress/TestReclaimStringsLeaksMemory.java fails with reserved greater than expected
- - JDK-8224931: disable JAOTC invokedynamic support until 8223533 is fixed
- - JDK-8224997: ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException
- - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
- - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
- - JDK-8225126: Test SetBoundsPaintTest.html faild on Windows when desktop is scaled
- - JDK-8225325: Add tests for redefining a class' private method during resolution of the bootstrap specifier
- - JDK-8225622: [AOT] runtime/SharedArchiveFile/TestInterpreterMethodEntries.java crashed with AOTed java.base
- - JDK-8225653: Provide more information when hitting SIGILL from HaltNode
- - JDK-8225783: Incorrect use of binary operators on booleans in type.cpp
- - JDK-8225789: Empty method parameter type should generate ClassFormatError
- - JDK-8226198: use of & instead of && in LibraryCallKit::arraycopy_restore_alloc_state
- - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
- - JDK-8226653: [accessibility] Can edit text cell correctly, but Accessibility Tool reads nothing about editor
- - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
- - JDK-8226879: Memory leak in Type::hashcons
- - JDK-8227632: Incorrect PrintCompilation message: made not compilable on levels 0 1 2 3 4
- - JDK-8228407: JVM crashes with shared archive file mismatch
- - JDK-8228482: fix xlc16/xlclang comparison of distinct pointer types and string literal conversion warnings
- - JDK-8228757: Fail fast if the handshake type is unknown
- - JDK-8229158: make UseSwitchProfiling non-experimental or false by-default
- - JDK-8229421: The logic of java/net/ipv6tests/TcpTest.java is flawed
- - JDK-8229855: C2 fails with assert(false) failed: bad AD file
- - JDK-8230591: AArch64: Missing intrinsics for Math.ceil, floor, rint
- - JDK-8231118: ARM32: Math tests failures
- - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
- - JDK-8231243: [TESTBUG] CustomFont.java cannot find font file
- - JDK-8231438: [macOS] Dark mode for the desktop is not supported
- - JDK-8231550: C2: ShouldNotReachHere() in verify_strip_mined_scheduling
- - JDK-8231564: setMaximizedBounds is broken with large display scale and multiple monitors
- - JDK-8231572: Use -lobjc instead of -fobjc-link-runtime in libosxsecurity
- - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
- - JDK-8231671: Fix copyright headers in hotspot (missing comma after year)
- - JDK-8231720: Some perf regressions after 8225653
- - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
- - JDK-8231863: Crash if classpath is read from @argument file and the main gets option argument
- - JDK-8232080: jlink plugins for vendor information and run-time options
- - JDK-8232106: [x86] C2: SIGILL due to usage of SSSE3 instructions on processors which don't support it
- - JDK-8232134: Change to Visual Studio 2017 15.9.16 for building on Windows at Oracle
- - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
- - JDK-8232357: Compare version info of Santuario to legal notice
- - JDK-8232572: Add hooks for custom output dir in Bundles.gmk
- - JDK-8232634: Problem List ICMColorDataTest.java
- - JDK-8232748: Build static versions of certain JDK libraries
- - JDK-8232846: ProcessHandle.Info command with non-English shows question marks
- - JDK-8233033: C2 produces wrong result while unswitching a loop due to lost control dependencies
- - JDK-8233137: runtime/ErrorHandling/VeryEarlyAssertTest.java fails after 8232080
- - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
- - JDK-8233291: [TESTBUG] tools/jlink/plugins/VendorInfoPluginsTest.java fails with debug or non-server VMs
- - JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp
- - JDK-8233573: Toolkit.getScreenInsets(GraphicsConfiguration) may throw ClassCastException
- - JDK-8233608: Minimal build broken after JDK-8233494
- - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
- - JDK-8233696: [TESTBUG]Some jtreg tests fail when CAPS_LOCK is ON
- - JDK-8233707: systemScale.cpp could not compile with VS2019
- - JDK-8233801: GCMEmptyIv.java test fails on Solaris 11.4
- - JDK-8233880: Support compilers with multi-digit major version numbers
- - JDK-8233920: MethodHandles::tryFinally generates illegal bytecode for long/double return type
- - JDK-8234137: The "AutoTestOnTop.java" test may run external applications
- - JDK-8234146: compiler/jsr292/ContinuousCallSiteTargetChange.java times out on SPARC
- - JDK-8234184: [TESTBUG] java/awt/Mouse/EnterExitEvents/ModalDialogEnterExitEventsTest.java fails in Windows
- - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
- - JDK-8234332: [TESTBUG] java/awt/Focus/DisposedWindow/DisposeDialogNotActivateOwnerTest/DisposeDialogNotActivateOwnerTest.java fails on linux-x64 nightly
- - JDK-8234398: Replace ID2D1Factory::GetDesktopDpi with GetDeviceCaps
- - JDK-8234522: [macos] Crash with use of native file dialog
- - JDK-8234691: Potential double-free in ParallelSPCleanupTask constructor
- - JDK-8234696: tools/jlink/plugins/VendorInfoPluginsTest.java times out
- - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
- - JDK-8234728: Some security tests should support TLSv1.3
- - JDK-8234779: Provide idiom for declaring classes noncopyable
- - JDK-8234968: check calloc rv in libinstrument InvocationAdapter
- - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
- - JDK-8235183: Remove the "HACK CODE" in comment
- - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
- - JDK-8235311: Tag mismatch may alert bad_record_mac
- - JDK-8235332: TestInstanceCloneAsLoadsStores.java fails with -XX:+StressGCM
- - JDK-8235452: Strip mined loop verification fails with assert(is_OuterStripMinedLoop()) failed: invalid node class
- - JDK-8235584: UseProfiledLoopPredicate fails with assert(_phase->get_loop(c) == loop) failed: have to be in the same loop
- - JDK-8235620: Broken merge between JDK-8006406 and JDK-8003559
- - JDK-8235638: NPE in LWWindowPeer.getOnscreenGraphics()
- - JDK-8235686: Add more custom hooks in Bundles.gmk
- - JDK-8235739: Rare NPE at WComponentPeer.getGraphics()
- - JDK-8235762: JVM crash in SWPointer during C2 compilation
- - JDK-8235834: IBM-943 charset encoder needs updating
- - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
- - JDK-8235908: omit ThreadPriorityPolicy warning when value is set from image
- - JDK-8235984: C2: assert(out->in(PhiNode::Region) == head || out->in(PhiNode::Region) == slow_head) failed: phi must be either part of the slow or the fast loop
- - JDK-8236211: [Graal] compiler/graalunit/GraphTest.java is skipped in all testing
- - JDK-8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId
- - JDK-8236545: Compilation error in mach5 java/awt/FileDialog/MacOSGoToFolderCrash.java
- - JDK-8236700: Upgrading JSZip from v3.1.5 to v3.2.2
- - JDK-8236759: ShouldNotReachHere in PhaseIdealLoop::verify_strip_mined_scheduling
- - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
- - JDK-8236921: Add build target to produce a JDK image suitable for a Graal/SVM build
- - JDK-8236953: [macos] JavaFX SwingNode is not rendered on macOS
- - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
- - JDK-8237045: JVM uses excessive memory with -XX:+EnableJVMCI -XX:JVMCICounterSize=2147483648
- - JDK-8237055: [TESTBUG] compiler/c2/TestJumpTable.java fails with release VMs
- - JDK-8237086: assert(is_MachReturn()) running CTW with fix for JDK-8231291
- - JDK-8237192: Generate stripped/public pdbs on Windows for jdk images
- - JDK-8237396: JvmtiTagMap::weak_oops_do() should not trigger barriers
- - JDK-8237474: Default SSLEngine should create in server role
- - JDK-8237859: C2: Crash when loads float above range check
- - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
- - JDK-8237962: give better error output for invalid OCSP response intervals in CertPathValidator checks
- - JDK-8238190: [JVMCI] Fix single implementor speculation for diamond shapes.
- - JDK-8238356: CodeHeap::blob_count() overestimates the number of blobs
- - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
- - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
- - JDK-8238575: DragSourceEvent.getLocation() returns wrong value on HiDPI screens (Windows)
- - JDK-8238676: jni crashes on accessing it from process exit hook
- - JDK-8238721: Add failing client jtreg tests to the Problem List
- - JDK-8238738: AudioSystem.getMixerInfo() takes about 30 sec to report a gone audio device
- - JDK-8238756: C2: assert(((n) == __null || !VerifyIterativeGVN || !((n)->is_dead()))) failed: can not use dead node
- - JDK-8238765: PhaseCFG::schedule_pinned_nodes cannot handle precedence edges from unmatched CFG nodes correctly
- - JDK-8238898: Missing hash characters for header on license file
- - JDK-8238942: Rendering artifacts with LCD text and fractional metrics
- - JDK-8238985: [TESTBUG] The arrow image is blue instead of green
- - JDK-8239000: handle ContendedPaddingWidth in vm_version_ppc
- - JDK-8239055: Wrong implementation of VMState.hasListener
- - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
- - JDK-8239142: C2's UseUniqueSubclasses optimization is broken for array accesses
- - JDK-8239224: libproc_impl.c previous_thr may be used uninitialized warning
- - JDK-8239351: Give more meaningful InternalError messages in Deflater.c
- - JDK-8239365: ProcessBuilder test modifications for AIX execution
- - JDK-8239456: vtable stub generation: assert failure (code size estimate)
- - JDK-8239457: call ReleaseStringUTFChars before early returns in Java_sun_security_pkcs11_wrapper_PKCS11_connect
- - JDK-8239462: jdk.hotspot.agent misses some ReleaseStringUTFChars calls in case of early returns
- - JDK-8239557: [TESTBUG] VeryEarlyAssertTest.java validating "END." marker at lastline is not always true
- - JDK-8239787: AArch64: String.indexOf may incorrectly handle empty strings
- - JDK-8239792: Bump update version for OpenJDK: jdk-11.0.8
- - JDK-8239798: SSLSocket closes socket both socket endpoints on a SocketTimeoutException
- - JDK-8239819: XToolkit: Misread of screen information memory
- - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
- - JDK-8239893: Windows handle Leak when starting processes using ProcessBuilder
- - JDK-8239915: Zero VM crashes when handling dynamic constant
- - JDK-8239931: [win][x86] vtable stub generation: assert failure (code size estimate) follow-up
- - JDK-8239976: Put JDK-8239965 on the ProblemList.txt
- - JDK-8240073: Fix 'test-make' build target in 11u
- - JDK-8240197: Cannot start JVM when $JAVA_HOME includes CJK characters
- - JDK-8240202: A few client tests leave mouse buttons pressed
- - JDK-8240220: IdealLoopTree::dump_head predicate printing is broken
- - JDK-8240223: Use consistent predicate order in and with PhaseIdealLoop::find_predicate
- - JDK-8240227: Loop predicates should be copied to unswitched loops
- - JDK-8240286: [TESTBUG] Test command error in hotspot/jtreg/compiler/loopopts/superword/SumRedAbsNeg_Float.java
- - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- - JDK-8240529: CheckUnhandledOops breaks NULL check in Modules::define_module
- - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
- - JDK-8240603: Windows 32bit compile error after 8238676
- - JDK-8240629: argfiles parsing broken for argfiles with comment cross 4096 bytes chunk
- - JDK-8240711: TestJstatdPort.java failed due to "ExportException: Port already in use:"
- - JDK-8240786: [TESTBUG] The test java/awt/Window/GetScreenLocation/GetScreenLocationTest.java fails on HiDPI screen
- - JDK-8240824: enhance print_full_memory_info on Linux by THP related information
- - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
- - JDK-8240905: assert(mem == (Node*)1 || mem == mem2) failed: multiple Memories being matched at once?
- - JDK-8240972: macOS codesign fail on macOS 10.13.5 or older
- - JDK-8241445: Fix copyright in test/jdk/tools/launcher/ArgFileSyntax.java
- - JDK-8241458: [JVMCI] add mark value to expose CodeOffsets::Frame_Complete
- - JDK-8241464: [11u] Backport: make rehashing be a needed guaranteed safepoint cleanup action
- - JDK-8241556: Memory leak if -XX:CompileCommand is set
- - JDK-8241568: (fs) UserPrincipalLookupService.lookupXXX failure with IOE "Operation not permitted"
- - JDK-8241586: compiler/cpuflags/TestAESIntrinsicsOnUnsupportedConfig.java fails on aarch64
- - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
- - JDK-8241660: Add virtualization information output to hs_err file on macOS
- - JDK-8241808: [TESTBUG] The JDK-8039467 bug appeared on macOS
- - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
- - JDK-8241900: Loop unswitching may cause dependence on null check to be lost
- - JDK-8241948: enhance list of environment variables printed in hs_err file
- - JDK-8241996: on linux set full relro in the linker flags
- - JDK-8242108: Performance regression after fix for JDK-8229496
- - JDK-8242141: New System Properties to configure the TLS signature schemes
- - JDK-8242154: Backport parts of JDK-4947890 to OpenJDK 11u
- - JDK-8242174: [macos] The NestedModelessDialogTest test make the macOS unstable
- - JDK-8242239: [Graal] javax/management/generified/GenericTest.java fails: FAILED: queryMBeans sets same
- - JDK-8242294: JSSE Client does not throw SSLException when an alert occurs during handshaking
- - JDK-8242379: [TESTBUG] compiler/loopopts/TestLoopUnswitchingLostCastDependency.java fails with release VMs
- - JDK-8242470: Update Xerces to Version 2.12.1
- - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
- - JDK-8242541: Small charset issues (ISO8859-16, x-eucJP-Open, x-IBM834 and x-IBM949C)
- - JDK-8242626: enhance posix print_rlimit_info
- - JDK-8243059: Build fails when --with-vendor-name contains a comma
- - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
- - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
- - JDK-8244520: problemlist java/awt/font/Rotate/RotatedFontTest.java on linux
- - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
- - JDK-8244853: The static build of libextnet is missing the JNI_OnLoad_extnet function
- - JDK-8244951: Missing entitlements for hardened runtime
- - JDK-8245047: [PPC64] C2: ReverseBytes + Load always match to unordered Load (acquire semantics missing)
- - JDK-8245649: Revert 8245397 backport of 8230591
- - JDK-8246031: SSLSocket.getSession() doesn't close connection for timeout/ interrupts
- - JDK-8246613: Choose the default SecureRandom algo based on registration ordering
- - JDK-8248505: Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8244167: Removal of Comodo Root CA Certificate
-==================================================
-The following expired Comodo root CA certificate was removed from the `cacerts` keystore: +
-alias name "addtrustclass1ca [jdk]"
-
-Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
-
-JDK-8244166: Removal of DocuSign Root CA Certificate
-====================================================
-The following expired DocuSign root CA certificate was removed from the `cacerts` keystore: +
-alias name "keynectisrootca [jdk]"
-
-Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
-
-security-libs/javax.crypto:pkcs11:
-
-JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
-============================================================================================================================
-The SunPKCS11 security provider can now be initialized with NSS when
-FIPS-enabled external modules are configured in the Security Modules
-Database (NSSDB). Prior to this change, the SunPKCS11 provider would
-throw a RuntimeException with the message: "FIPS flag set for
-non-internal module" when such a library was configured for NSS in
-non-FIPS mode.
-
-This change allows the JDK to work properly with recent NSS releases
-in GNU/Linux operating systems when the system-wide FIPS policy is
-turned on.
-
-Further information can be found in JDK-8238555.
-
-security-libs/javax.net.ssl:
-
-JDK-8245077: Default SSLEngine Should Create in Server Role
-===========================================================
-In JDK 11 and later, `javax.net.ssl.SSLEngine` by default used client
-mode when handshaking. As a result, the set of default enabled
-protocols may differ to what is expected. `SSLEngine` would usually be
-used in server mode. From this JDK release onwards, `SSLEngine` will
-default to server mode. The
-`javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)` method may
-be used to configure the mode.
-
-JDK-8242147: New System Properties to Configure the TLS Signature Schemes
-=========================================================================
-
-Two new System Properties are added to customize the TLS signature
-schemes in JDK. `jdk.tls.client.SignatureSchemes` is added for TLS
-client side, and `jdk.tls.server.SignatureSchemes` is added for server
-side.
-
-Each System Property contains a comma-separated list of supported
-signature scheme names specifying the signature schemes that could be
-used for the TLS connections.
-
-The names are described in the "Signature Schemes" section of the
-*Java Security Standard Algorithm Names Specification*.
-
-New in release OpenJDK 11.0.7 (2020-04-14):
-===========================================
-Live versions of these release notes can be found at:
- * https://bitly.com/oj1107
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.7.txt
-
-* Security fixes
- - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- - JDK-8225603: Enhancement for big integers
- - JDK-8226346: Build better binary builders
- - JDK-8227467: Better class method invocations
- - JDK-8227542: Manifest improved jar headers
- - JDK-8229733: TLS message handling improvements
- - JDK-8231415, CVE-2020-2773: Better signatures in XML
- - JDK-8231785: Improved socket permissions
- - JDK-8232424, CVE-2020-2778: More constrained algorithms
- - JDK-8232581, CVE-2020-2767: Improve TLS verification
- - JDK-8233250: Better X11 rendering
- - JDK-8233410: Better Build Scripting
- - JDK-8234027: Better JCEKS key support
- - JDK-8234408, CVE-2020-2781: Improve TLS session handling
- - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- - JDK-8235274, CVE-2020-2805: Enhance typing of methods
- - JDK-8235691, CVE-2020-2816: Enhance TLS connectivity
- - JDK-8236201, CVE-2020-2830: Better Scanner conversions
- - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
-* Other changes
- - JDK-4919790: Errors in alert ssl message does not reflect the actual certificate status
- - JDK-4949105: Access Bridge lacks html tags parsing
- - JDK-7092821: java.security.Provider.getService() is synchronized and became scalability bottleneck
- - JDK-7143743: Potential memory leak with zip provider
- - JDK-8005819: Support cross-realm MSSFU
- - JDK-8042383: [TEST_BUG] Test javax/swing/plaf/basic/BasicMenuUI/4983388/bug4983388.java fails with shortcuts on menus do not work
- - JDK-8068184: Fix for JDK-8032832 caused a deadlock
- - JDK-8145845: [AOT] NullPointerException in compiler/whitebox/GetCodeHeapEntriesTest.java
- - JDK-8152988: [AOT] Update test batch definitions to include aot-ed java.base module mode into hs-comp testing
- - JDK-8160926: FLAGS_COMPILER_CHECK_ARGUMENTS doesn't handle cross-compilation
- - JDK-8163083: SocketListeningConnector does not allow invocations with port 0
- - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
- - JDK-8167276: jvmci/compilerToVM/MaterializeVirtualObjectTest.java fails with -XX:-EliminateAllocations
- - JDK-8169718: nsk/jdb/locals/locals002: ERROR: Cannot find boolVar with expected value: false
- - JDK-8176556: java/awt/dnd/ImageTransferTest/ImageTransferTest.java fails for JFIF
- - JDK-8178798: Two compiler/aot/verification/vmflags tests fail by timeout with UseAVX=3
- - JDK-8183107: PKCS11 regression regarding checkKeySize
- - JDK-8185005: Improve performance of ThreadMXBean.getThreadInfo(long ids[], int maxDepth)
- - JDK-8189633: Missing -Xcheck:jni checking for DeleteWeakGlobalRef
- - JDK-8189861: Refactor CacheFind
- - JDK-8193042: NativeLookup::lookup_critical_entry() should only load shared library once
- - JDK-8193596: java/net/DatagramPacket/ReuseBuf.java failed due to timeout
- - JDK-8194944: Regression automated test 'open/test/jdk/javax/swing/JInternalFrame/8145896/TestJInternalFrameMaximize.java' fails
- - JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails
- - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
- - JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
- - JDK-8198398: Test javax/swing/JColorChooser/Test6199676.java fails in mach5
- - JDK-8199072: Test javax/swing/GroupLayout/6613904/bug6613904.java is unstable
- - JDK-8200432: javadoc fails with ClassCastException on {@link byte[]}
- - JDK-8201349: build broken when configured with --with-zlib=bundled on gcc 7.3
- - JDK-8201355: Avoid native memory allocation in sun.security.mscapi.PRNG.generateSeed
- - JDK-8201513: nsk/jvmti/IterateThroughHeap/filter-* are broken
- - JDK-8203364: Some serviceability/sa/ tests intermittently fail with java.io.IOException: LingeredApp terminated with non-zero exit code 3
- - JDK-8203687: javax/net/ssl/compatibility/Compatibility.java supports TLS 1.3
- - JDK-8203904: javax/swing/JSplitPane/4816114/bug4816114.java: The divider location is wrong
- - JDK-8203911: Test runtime/modules/getModuleJNI/GetModule fails with -Xcheck:jni
- - JDK-8204525: [TESTBUG] runtime/NMT/MallocStressTest.java ran out of java heap
- - JDK-8204529: gc/TestAllocateHeapAtMultiple.java fail with Agent 7 timed out
- - JDK-8204551: Event descriptions are truncated in logs
- - JDK-8206963: [AOT] bug with multiple class loaders
- - JDK-8207367: 10 vmTestbase/nsk/jdi tests timed out when running with jtreg
- - JDK-8207832: serviceability/sa/ClhsdbCDSCore.java failed with "Couldn't find core file location"
- - JDK-8207938: At step6,Click Add button,case failed automatically.
- - JDK-8208157: requires.VMProps throws NPE for missing properties in "release" file
- - JDK-8208379: compiler/jvmci/events/JvmciNotifyInstallEventTest.java failed with "Got unexpected event count after 2nd install attempt: expected 9 to equal 2"
- - JDK-8208658: Make CDS archived heap regions usable even if compressed oop encoding has changed
- - JDK-8208715: Conversion of milliseconds to nanoseconds in UNIXProcess contains bug
- - JDK-8209361: [AOT] Unexpected number of references for JVMTI_HEAP_REFERENCE_CONSTANT_POOL [111-->111]: 0 (expected at least 1)
- - JDK-8209385: CDS runtime classpath checking is too strict when only classes from the system modules are archived
- - JDK-8209389: SIGSEGV in WalkOopAndArchiveClosure::do_oop_work.
- - JDK-8209418: Synchronize test/jdk/sanity/client/lib/jemmy with code-tools/jemmy/v2
- - JDK-8209494: Create a test for SwingSet InternalFrameDemo
- - JDK-8209499: Create test for SwingSet EditorPaneDemo
- - JDK-8209574: [AOT] breakpoint events are generated in different threads does not meet expected count
- - JDK-8209686: cleanup arguments to PhaseIdealLoop() constructor
- - JDK-8209789: Synchronize test/jdk/sanity/client/lib/jemmy with code-tools/jemmy/v2
- - JDK-8209802: Garbage collectors should register JFR types themselves to avoid build errors.
- - JDK-8209807: improve handling exception in requires.VMProps
- - JDK-8209817: stack is executable when building with Clang on Linux
- - JDK-8209824: Improve the code coverage for ThreadLocal
- - JDK-8209826: Undefined reference to os::write after JDK-8209657 (filemap.hpp cleanup)
- - JDK-8209850: Allow NamedThreads to use GlobalCounter critical sections
- - JDK-8209976: Improve iteration over non-JavaThreads
- - JDK-8209993: Create a test for SwingSet3 ToolTipDemo
- - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
- - JDK-8210052: Enable testing for all the available look and feels in SwingSet3 demo tests
- - JDK-8210055: Enable different look and feel tests in SwingSet3 demo tests
- - JDK-8210057: Enable different look and feels in SwingSet3 demo test InternalFrameDemoTest
- - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
- - JDK-8210220: [AOT] jdwp test cases are failing with error # ERROR: TEST FAILED: Cought IOException while receiving event packet
- - JDK-8210289: ArchivedKlassSubGraphInfoRecord is incomplete
- - JDK-8210459: Add support for generating compile_commands.json
- - JDK-8210476: sun/security/mscapi/PrngSlow.java fails with Still too slow
- - JDK-8210512: [Testbug] vmTestbase/nsk/jdi/ObjectReference/referringObjects/referringObjects002/referringObjects002.java fails with unexpected size of ClassLoaderReference.referringObjects
- - JDK-8210523: runtime/appcds/cacheObject/DifferentHeapSizes.java crash
- - JDK-8210632: Add key exchange algorithm to javax/net/ssl/TLSCommon/CipherSuite.java
- - JDK-8210699: Problem list tests which times out in Xcomp mode
- - JDK-8210793: [JVMCI] AllocateCompileIdTest.java failed to find DiagnosticCommand.class
- - JDK-8210910: Create test for FileChooserDemo
- - JDK-8210994: Create test for SwingSet3 FrameDemo
- - JDK-8211139: Increase timeout value in all tests under jdk/sanity/client/SwingSet/src
- - JDK-8211160: Handle different look and feels in JInternalFrameOperator
- - JDK-8211211: vmTestbase/metaspace/stressDictionary/StressDictionary.java timeout
- - JDK-8211322: Reduce the timeout of tooltip in SwingSet2DemoTest
- - JDK-8211443: Enable different look and feels in SwingSet3 demo test SplitPaneDemoTest
- - JDK-8211703: JInternalFrame : java.lang.AssertionError: cannot find the internal frame
- - JDK-8211781: re-building fails after changing Graal sources
- - JDK-8212897: Some improvements in the EditorPaneDemotest
- - JDK-8212903: [TestBug] Tests test/jdk/javax/swing/LookAndFeel/8145547/DemandGTK2.sh and DemandGTK3.sh fail on Ubuntu 18.04 LTS
- - JDK-8213009: Refactoring existing SunMSCAPI classes
- - JDK-8213010: Supporting keys created with certmgr.exe
- - JDK-8213168: Enable different look and feel tests in SwingSet3 demo test FileChooserDemoTest
- - JDK-8213348: jdk.internal.vm.compiler.management service providers missing in module descriptor
- - JDK-8213906: Update arm devkits with libXrandr headers
- - JDK-8213908: AssertionError in DeferredAttr at setOverloadKind
- - JDK-8214124: [TESTBUG] Bugs in runtime/NMT/MallocStressTest.java
- - JDK-8214344: C2: assert(con.basic_type() != T_ILLEGAL) failed: elembt=byte; loadbt=void; unsigned=0
- - JDK-8214345: infinite recursion while checking super class
- - JDK-8214471: Enable different look and feel tests in SwingSet3 demo test ToolTipDemoTest
- - JDK-8214534: Setting of THIS_FILE in the build is broken
- - JDK-8214557: Filter out VM flags which don't affect AOT code generation
- - JDK-8214578: [macos] Problem with backslashes on macOS/JIS keyboard: Java ignores system settings
- - JDK-8214840: runtime/NMT/MallocStressTest.java timed out
- - JDK-8214850: Rename vm_operations.?pp files to vmOperations.?pp files
- - JDK-8214904: Test8004741.java failed due to "Too few ThreadDeath hits; expected at least 6 but saw only 5"
- - JDK-8215322: add @file support to jaotc
- - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
- - JDK-8215396: JTabbedPane preferred size calculation is wrong for SCROLL_TAB_LAYOUT
- - JDK-8216180: [AOT] compiler/intrinsics/bigInteger/TestMulAdd.java crashed with AOT enabled
- - JDK-8216353: Use utility APIs introduced in org/netbeans/jemmy/util/LookAndFeel class in client sanity test cases
- - JDK-8216354: Syntax error in toolchain_windows.m4
- - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
- - JDK-8216535: tools/jimage/JImageExtractTest.java timed out
- - JDK-8217235: Create automated test for SwingSet ColorChooserDemoTest
- - JDK-8217297: Add support for multiple look and feel for SwingSet SliderDemoTest
- - JDK-8217338: [Containers] Improve systemd slice memory limit support
- - JDK-8217613: [AOT] TEST_OPTS_AOT_MODULES doesn't work on mac
- - JDK-8217634: RunTest documentation and usability update
- - JDK-8217717: ZGC: Broken oop map in C1 load barrier stub
- - JDK-8217728: Speed up incremental rerun of "make hotspot"
- - JDK-8218268: Javac treats Manifest Class-Path entries as Paths instead of URLs
- - JDK-8218662: Allow 204 responses with Content-Length:0
- - JDK-8218882: NET_Writev is declared, NET_WriteV is defined
- - JDK-8218889: Improperly use of the Optional API
- - JDK-8219205: JFR file without license header
- - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
- - JDK-8219723: javax/net/ssl/compatibility/Compatibility.java failed on some SNI cases
- - JDK-8220348: [ntintel] asserts about copying unaligned array
- - JDK-8220451: jdi/EventQueue/remove/remove004 failed due to "ERROR: thread2 is not alive"
- - JDK-8220456: jdi/EventQueue/remove_l/remove_l004 failed due to "TIMEOUT while waiting for event"
- - JDK-8220479: java/nio/channels/Selector/SelectWithConsumer.java failed at testTwoChannels()
- - JDK-8220613: java/util/Arrays/TimSortStackSize2.java times out with fastdebug build
- - JDK-8220688: [TESTBUG] runtime/NMT/MallocStressTest.java timed out
- - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
- - JDK-8221270: Duplicated synchronized keywords in SSLSocketImpl
- - JDK-8221312: test/jdk/sanity/client/SwingSet/src/ColorChooserDemoTest.java failed
- - JDK-8221851: Use of THIS_FILE in hotspot invalidates precompiled header on Linux/GCC
- - JDK-8221885: Add intermittent test in the JavaSound to the ProblemList
- - JDK-8222264: Windows incremental build is broken with JDK-8217728
- - JDK-8222391: javax/net/ssl/compatibility/Compatibility.java should be more flexible
- - JDK-8222448: java/lang/reflect/PublicMethods/PublicMethodsTest.java times out
- - JDK-8222519: ButtonDemoScreenshotTest fails randomly with "still state to be reached"
- - JDK-8222741: jdi/EventQueue/remove/remove004 fails due to VMDisconnectedException
- - JDK-8223003: SunMSCAPI keys are not cleaned up
- - JDK-8223063: Support CNG RSA keys
- - JDK-8223158: Docked MacBook cannot start any Java Swing applications
- - JDK-8223260: NamingManager should cache InitialContextFactory
- - JDK-8223464: Improve version string for Oracle CI builds
- - JDK-8223558: Java does not render Myanmar script correctly
- - JDK-8223627: jdk-13+20 bundle name contains null instead of ea
- - JDK-8223638: Replace wildcard address with loopback or local host in tests - part 6
- - JDK-8223678: Add Visual Studio Code workspace generation support (for native code)
- - JDK-8223727: com/sun/jndi/ldap/privconn/RunTest.java failed due to hang in LdapRequest.getReplyBer
- - JDK-8223769: Assert triggers with -XX:+StressReflectiveCode
- - JDK-8224187: Refactor arraycopy_prologue to allow ZGC read barriers on arraycopy
- - JDK-8224475: JTextPane does not show images in HTML rendering
- - JDK-8224673: Adjust permission for delayed starting of debugging
- - JDK-8224705: Tests that need to be problem-listed or have printer resources
- - JDK-8224778: test/jdk/demo/jfc/J2Ddemo/J2DdemoTest.java cannot find J2Ddemo.jar
- - JDK-8224821: java/awt/Focus/NoAutotransferToDisabledCompTest/NoAutotransferToDisabledCompTest.java fails linux-x64
- - JDK-8224830: test/jdk/java/awt/Focus/ModalExcludedWindowClickTest/ModalExcludedWindowClickTest.java fails on linux-x64
- - JDK-8224851: AArch64: fix warnings and errors with Clang and GCC 8.3
- - JDK-8224905: java/lang/ProcessBuilder/Basic.java#id1 failed with stream closed
- - JDK-8225007: java/awt/print/PrinterJob/LandscapeStackOverflow.java may hang
- - JDK-8225105: java/awt/Focus/ShowFrameCheckForegroundTest/ShowFrameCheckForegroundTest.java fails in Windows 10
- - JDK-8225117: java/math/BigInteger/SymmetricRangeTests.java fails with ParseException
- - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
- - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
- - JDK-8225144: [macos] In Aqua L&F backspace key does not delete when Shift is pressed
- - JDK-8225180: SignedObject with invalid Key not throwing the InvalidKeyException in Windows
- - JDK-8225182: JNI exception pending in DestroyXIMCallback of awt_InputMethod.c:1327
- - JDK-8225199: [Graal] compiler/jvmci/compilerToVM/IsMatureVsReprofileTest.java fails with -XX:CompileThresholdScaling=0.1
- - JDK-8225305: ProblemList java/lang/invoke/VarHandles tests
- - JDK-8225350: compiler/jvmci/compilerToVM/IsCompilableTest.java timed out
- - JDK-8225430: Replace wildcard address with loopback or local host in tests - part 14
- - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
- - JDK-8225487: giflib legal file is missing attribution for openbsd-reallocarray.c
- - JDK-8225567: Wrong file headers with 8202414 fix changeset
- - JDK-8225684: [AOT] vmTestbase/vm/oom/production/AlwaysOOMProduction tests fail with AOTed java.base
- - JDK-8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
- - JDK-8225797: OldObjectSample event creates unexpected amount of checkpoint data
- - JDK-8226381: ProblemList java/lang/reflect/PublicMethods/PublicMethodsTest.java
- - JDK-8226406: JVM fails to detect mismatched or corrupt CDS archive
- - JDK-8226608: Hide the onjcmd option from the help output
- - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- - JDK-8227112: exclude compiler/intrinsics/sha/sanity tests from AOT runs
- - JDK-8227324: Upgrade to freetype 2.10.1
- - JDK-8227528: TestAbortVMOnSafepointTimeout.java failed due to "RuntimeException: 'Safepoint sync time longer than' missing from stdout/stderr"
- - JDK-8227645: Some tests in serviceability/sa run with fixed -Xmx values and risk running out of memory
- - JDK-8227646: [TESTBUG] appcds/SharedArchiveConsistency timed out
- - JDK-8227662: freetype seeks to index at the end of the font data
- - JDK-8228479: Correct the format of ColorChooserDemoTest
- - JDK-8228613: java.security.Provider#getServices order is no longer deterministic
- - JDK-8228969: 2019-09-28 public suffix list update
- - JDK-8229236: CriticalJNINatives: dll handling should be done in native thread state
- - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
- - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
- - JDK-8229994: assert(false) failed: Bad graph detected in get_early_ctrl_for_expensive
- - JDK-8230004: jdk/internal/jimage/JImageOpenTest.java runs no test
- - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
- - JDK-8230390: Problemlist SA tests with AOT
- - JDK-8230400: Missing constant pool entry for a method in stacktrace
- - JDK-8230459: Test failed to resume JVMCI CompilerThread
- - JDK-8230480: check malloc/calloc results in java.desktop
- - JDK-8230597: Update GIFlib library to the 5.2.1
- - JDK-8230611: infinite loop in LogOutputList::wait_until_no_readers()
- - JDK-8230624: [TESTBUG] Problemlist JFR compiler/TestCodeSweeper.java
- - JDK-8230677: Should disable Escape Analysis if JVMTI capability can_get_owned_monitor_info was taken
- - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
- - JDK-8231025: Incorrect method tag offset for big endian platform
- - JDK-8231081: TestMetadataRetention fails due to missing symbol id
- - JDK-8231387: java.security.Provider.getService returns random result due to race condition with mutating methods in the same class
- - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
- - JDK-8231445: check ZALLOC return values in awt coding
- - JDK-8231507: Update Apache Santuario (XML Signature) to version 2.1.4
- - JDK-8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
- - JDK-8231753: use more Posix functionality in aix os::print_os_info
- - JDK-8231810: javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java fails intermittently with "java.lang.Exception: Unexpected EOF"
- - JDK-8232003: (fs) Files.write can leak file descriptor in the exception case
- - JDK-8232056: GetOwnedMonitorInfoWithEATest.java fails with ZGC: Heap too small
- - JDK-8232060: add some initializations using sigemptyset in os_aix.cpp
- - JDK-8232154: Update Mesa 3-D Headers to version 19.2.1
- - JDK-8232167: Visual Studio install found through --with-tools-dir value is discarded
- - JDK-8232170: FSInfo#getJarClassPath throws an exception not declared in its throws clause
- - JDK-8232200: [macos 10.15] Windows in fullscreen tests jumps around the screen
- - JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation
- - JDK-8232224: [TESTBUG] problemlist JFR TestLargeRootSet.java
- - JDK-8232370: Refactor some com.sun.jdi tests to enable IDE integration
- - JDK-8232433: [macos 10.15] java/awt/Window/LocationAtScreenCorner/LocationAtScreenCorner.java may fail
- - JDK-8232571: Add missing SIGINFO signal
- - JDK-8232692: [TESTBUG] compiler/aot/fingerprint/SelfChangedCDS.java fails when cds is disabled
- - JDK-8232713: Update BCEL version to 6.3.1 in license file
- - JDK-8232806: Introduce a system property to disable eager lambda initialization
- - JDK-8232834: RunTest sometimes fails to produce valid exitcode.txt
- - JDK-8232880: Update test documentation with additional settings for client UI tooltip tests
- - JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures.
- - JDK-8233018: Add a new test to verify that DatagramSocket is not interruptible
- - JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit
- - JDK-8233032: assert(in_bb(n)) failed: must be
- - JDK-8233078: fix minimal VM build on Linux ppc64(le)
- - JDK-8233328: fix minimal VM build on Linux s390x
- - JDK-8233383: Various minor fixes
- - JDK-8233466: aarch64: remove unnecessary load of mdo when profiling return and parameters type
- - JDK-8233491: Crash in AdapterHandlerLibrary::get_adapter with CDS due to code cache exhaustion
- - JDK-8233529: loopTransform.cpp:2984: Error: assert(p_f->Opcode() == Op_IfFalse) failed
- - JDK-8233548: Update CUP to v0.11b
- - JDK-8233649: Update ProblemList.txt to exclude failing headful tests on macos
- - JDK-8233656: assert(d->is_CFG() && n->is_CFG()) failed: must have CFG nodes
- - JDK-8233657: Intermittent NPE in Component.validate()
- - JDK-8234288: Turkey Time Zone returns incorrect time zone name
- - JDK-8234323: NULL-check return value of SurfaceData_InitOps on macosx
- - JDK-8234339: replace JLI_StrTok in java_md_solinux.c
- - JDK-8234340: Bump update version for OpenJDK: jdk-11.0.7
- - JDK-8234350: assert(mode == ControlAroundStripMined && (use == sfpt || !use->is_reachable_from_root())) failed: missed a node
- - JDK-8234386: [macos] NPE was thrown at expanding Choice from maximized frame
- - JDK-8234397: add OS uptime information to os::print_os_info output
- - JDK-8234423: Modifying ArrayList.subList().subList() resets modCount of subList
- - JDK-8234466: Class loading deadlock involving X509Factory#commitEvent()
- - JDK-8234501: remove obsolete NET_ReadV
- - JDK-8234525: enable link-time section-gc for linux s390x to remove unused code
- - JDK-8234610: MaxVectorSize set wrongly when UseAVX=3 is specified after JDK-8221092
- - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
- - JDK-8234723: javax/net/ssl/TLS tests support TLSv1.3
- - JDK-8234724: javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java supports TLSv1.3
- - JDK-8234741: enhance os::get_core_path on macOS
- - JDK-8234769: Duplicate attribution in freetype.md
- - JDK-8234786: Fix for JDK-8214578 breaks OS X 10.12 compatibility
- - JDK-8234809: set relro in linker flags when building with gcc
- - JDK-8234824: java/nio/channels/SocketChannel/AdaptSocket.java fails on Windows 10
- - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
- - JDK-8235288: AVX 512 instructions inadvertently used on Xeon for small vector width operations
- - JDK-8235325: build failure on Linux after 8235243
- - JDK-8235383: C1 compilation fails with -XX:+PrintIRDuringConstruction -XX:+Verbose
- - JDK-8235489: handle return values of sscanf calls in hotspot
- - JDK-8235509: Backport for JDK-8209657 Refactor filemap.hpp to simplify integration with Serviceability Agent.
- - JDK-8235510: java.util.zip.CRC32 performance drop after 8200067
- - JDK-8235563: [TESTBUG] appcds/CommandLineFlagComboNegative.java does not handle archive mapping failure
- - JDK-8235637: jhsdb jmap from OpenJDK 11.0.5 doesn't work if prelink is enabled
- - JDK-8235671: enhance print_rlimit_info in os_posix
- - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
- - JDK-8235904: Infinite loop when rendering huge lines
- - JDK-8235998: [c2] Memory leaks during tracing after '8224193: stringStream should not use Resource Area'.
- - JDK-8236039: JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3
- - JDK-8236140: assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it
- - JDK-8236179: C1 register allocation error with T_ADDRESS
- - JDK-8236488: Support for configure option --with-native-debug-symbols=internal is impossible on Windows
- - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
- - JDK-8236709: struct SwitchRange in HS violates C++ One Definition Rule
- - JDK-8236848: [JDK 11u] make run-test-tier1 fails after backport of JDK-8232834
- - JDK-8236873: Worker has a deadlock bug
- - JDK-8237217: Incorrect G1StringDedupEntry type used in StringDedupTable destructor
- - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
- - JDK-8237375: SimpleThresholdPolicy misses CounterDecay timestamp initialization
- - JDK-8237508: Simplify JarFile.isInitializing
- - JDK-8237540: Missing files in backport of JDK-8210910
- - JDK-8237541: Missing files in backport of JDK-8236528
- - JDK-8237600: Test SunJSSEFIPSInit fails on Ubuntu
- - JDK-8237819: s390x - remove unused pd_zero_to_words_large
- - JDK-8237869: exclude jtreg test security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java because of instabilities
- - JDK-8237879: make 4.3 breaks build
- - JDK-8237945: CTW: C2 compilation fails with assert(just_allocated_object(alloc_ctl) == ptr) failed: most recent allo
- - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
- - JDK-8238247: CTW runner should sweep nmethods more aggressively
- - JDK-8238366: CTW runner closes standard output on exit
- - JDK-8238438: SuperWord::co_locate_pack picks memory state of first instead of last load
- - JDK-8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION
- - JDK-8238534: Deep sign macOS bundles before bundle archive is being created
- - JDK-8238591: CTW: Split applications/ctw/modules/jdk_localedata.java
- - JDK-8238596: AVX enabled by default for Skylake even when unsupported
- - JDK-8238811: C2: assert(i >= req() || i == 0 || is_Region() || is_Phi()) with -XX:+VerifyGraphEdges
- - JDK-8239005: [TESTBUG] test/hotspot/jtreg/runtime/StackGuardPages/TestStackGuardPages.java: exeinvoke.c: must initialize static state before calling do_overflow()
- - JDK-8239466: Loss of precision in counter decay calculation in 11u backport of JDK-8237375
- - JDK-8239856: [ntintel] asserts about copying unaligned array element
- - JDK-8240724: [test] jdk11 downport of 8224475 misses binary file test/jdk/javax/swing/JTextPane/arrow.png
- - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
-
-Notes on individual issues:
-===========================
-
-security-libs/javax.xml.crypto:
-
-JDK-8239467: Apache Santuario Library Updated to Version 2.1.4
-==============================================================
-The Apache Santuario library has been upgraded to version 2.1.4. As a
-result, a new system property
-`com.sun.org.apache.xml.internal.security.parser.pool-size` has been
-introduced.
-
-This new system property sets the pool size of the internal
-`DocumentBuilder` cache used when processing XML Signatures. The
-function is equivalent to the
-`org.apache.xml.security.parser.pool-size` system property used in
-Apache Santuario and has the same default value of 20.
diff --git a/fips-11u-9087e80d0ab.patch b/fips-11u-9087e80d0ab.patch
deleted file mode 100644
index a396fb8..0000000
--- a/fips-11u-9087e80d0ab.patch
+++ /dev/null
@@ -1,1610 +0,0 @@
-diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
-index a73c0f38181..80710886ed8 100644
---- a/make/autoconf/libraries.m4
-+++ b/make/autoconf/libraries.m4
-@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
- LIB_SETUP_LIBFFI
- LIB_SETUP_BUNDLED_LIBS
- LIB_SETUP_MISC_LIBS
-+ LIB_SETUP_SYSCONF_LIBS
- LIB_SETUP_SOLARIS_STLPORT
- LIB_TESTS_SETUP_GRAALUNIT
-
-@@ -223,3 +224,62 @@ AC_DEFUN_ONCE([LIB_SETUP_SOLARIS_STLPORT],
- fi
- ])
-
-+################################################################################
-+# Setup system configuration libraries
-+################################################################################
-+AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS],
-+[
-+ ###############################################################################
-+ #
-+ # Check for the NSS library
-+ #
-+
-+ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
-+
-+ # default is not available
-+ DEFAULT_SYSCONF_NSS=no
-+
-+ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss],
-+ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])],
-+ [
-+ case "${enableval}" in
-+ yes)
-+ sysconf_nss=yes
-+ ;;
-+ *)
-+ sysconf_nss=no
-+ ;;
-+ esac
-+ ],
-+ [
-+ sysconf_nss=${DEFAULT_SYSCONF_NSS}
-+ ])
-+ AC_MSG_RESULT([$sysconf_nss])
-+
-+ USE_SYSCONF_NSS=false
-+ if test "x${sysconf_nss}" = "xyes"; then
-+ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no])
-+ if test "x${NSS_FOUND}" = "xyes"; then
-+ AC_MSG_CHECKING([for system FIPS support in NSS])
-+ saved_libs="${LIBS}"
-+ saved_cflags="${CFLAGS}"
-+ CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
-+ LIBS="${LIBS} ${NSS_LIBS}"
-+ AC_LANG_PUSH([C])
-+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <nss3/pk11pub.h>]],
-+ [[SECMOD_GetSystemFIPSEnabled()]])],
-+ [AC_MSG_RESULT([yes])],
-+ [AC_MSG_RESULT([no])
-+ AC_MSG_ERROR([System NSS FIPS detection unavailable])])
-+ AC_LANG_POP([C])
-+ CFLAGS="${saved_cflags}"
-+ LIBS="${saved_libs}"
-+ USE_SYSCONF_NSS=true
-+ else
-+ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API
-+ dnl in nss3/pk11pub.h.
-+ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.])
-+ fi
-+ fi
-+ AC_SUBST(USE_SYSCONF_NSS)
-+])
-diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
-index 0ae23b93167..a242acc1234 100644
---- a/make/autoconf/spec.gmk.in
-+++ b/make/autoconf/spec.gmk.in
-@@ -826,6 +826,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
- # Libraries
- #
-
-+USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
-+NSS_LIBS:=@NSS_LIBS@
-+NSS_CFLAGS:=@NSS_CFLAGS@
-+
- USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
- LCMS_CFLAGS:=@LCMS_CFLAGS@
- LCMS_LIBS:=@LCMS_LIBS@
-diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
-index a529768f39e..daf9c947172 100644
---- a/make/lib/Lib-java.base.gmk
-+++ b/make/lib/Lib-java.base.gmk
-@@ -178,6 +178,31 @@ ifeq ($(OPENJDK_TARGET_OS_TYPE), unix)
- endif
- endif
-
-+################################################################################
-+# Create the systemconf library
-+
-+LIBSYSTEMCONF_CFLAGS :=
-+LIBSYSTEMCONF_CXXFLAGS :=
-+
-+ifeq ($(USE_SYSCONF_NSS), true)
-+ LIBSYSTEMCONF_CFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
-+ LIBSYSTEMCONF_CXXFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
-+endif
-+
-+ifeq ($(OPENJDK_BUILD_OS), linux)
-+ $(eval $(call SetupJdkLibrary, BUILD_LIBSYSTEMCONF, \
-+ NAME := systemconf, \
-+ OPTIMIZATION := LOW, \
-+ CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \
-+ CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \
-+ LDFLAGS := $(LDFLAGS_JDKLIB) \
-+ $(call SET_SHARED_LIBRARY_ORIGIN), \
-+ LIBS_unix := $(LIBDL) $(NSS_LIBS), \
-+ ))
-+
-+ TARGETS += $(BUILD_LIBSYSTEMCONF)
-+endif
-+
- ################################################################################
- # Create the symbols file for static builds.
-
-diff --git a/make/nb_native/nbproject/configurations.xml b/make/nb_native/nbproject/configurations.xml
-index fb07d54c1f0..c5813e2b7aa 100644
---- a/make/nb_native/nbproject/configurations.xml
-+++ b/make/nb_native/nbproject/configurations.xml
-@@ -2950,6 +2950,9 @@
- <in>LinuxWatchService.c</in>
- </df>
- </df>
-+ <df name="libsystemconf">
-+ <in>systemconf.c</in>
-+ </df>
- </df>
- </df>
- <df name="macosx">
-@@ -29301,6 +29304,11 @@
- tool="0"
- flavor2="0">
- </item>
-+ <item path="../../src/java.base/linux/native/libsystemconf/systemconf.c"
-+ ex="false"
-+ tool="0"
-+ flavor2="0">
-+ </item>
- <item path="../../src/java.base/macosx/native/include/jni_md.h"
- ex="false"
- tool="3"
-diff --git a/make/scripts/compare_exceptions.sh.incl b/make/scripts/compare_exceptions.sh.incl
-index 6327040964d..6b3780123b6 100644
---- a/make/scripts/compare_exceptions.sh.incl
-+++ b/make/scripts/compare_exceptions.sh.incl
-@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "x86_64" ];
- ./lib/libsplashscreen.so
- ./lib/libsunec.so
- ./lib/libsunwjdga.so
-+ ./lib/libsystemconf.so
- ./lib/libunpack.so
- ./lib/libverify.so
- ./lib/libzip.so
-@@ -289,6 +290,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "sparcv9" ]
- ./lib/libsplashscreen.so
- ./lib/libsunec.so
- ./lib/libsunwjdga.so
-+ ./lib/libsystemconf.so
- ./lib/libunpack.so
- ./lib/libverify.so
- ./lib/libzip.so
-diff --git a/src/java.base/linux/native/libsystemconf/systemconf.c b/src/java.base/linux/native/libsystemconf/systemconf.c
-new file mode 100644
-index 00000000000..8dcb7d9073f
---- /dev/null
-+++ b/src/java.base/linux/native/libsystemconf/systemconf.c
-@@ -0,0 +1,224 @@
-+/*
-+ * Copyright (c) 2021, Red Hat, Inc.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+#include <jni.h>
-+#include <jni_util.h>
-+#include "jvm_md.h"
-+#include <stdio.h>
-+
-+#ifdef SYSCONF_NSS
-+#include <nss3/pk11pub.h>
-+#else
-+#include <dlfcn.h>
-+#endif //SYSCONF_NSS
-+
-+#include "java_security_SystemConfigurator.h"
-+
-+#define MSG_MAX_SIZE 256
-+#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
-+
-+typedef int (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE)(void);
-+
-+static SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE *getSystemFIPSEnabled;
-+static jmethodID debugPrintlnMethodID = NULL;
-+static jobject debugObj = NULL;
-+
-+static void dbgPrint(JNIEnv *env, const char* msg)
-+{
-+ jstring jMsg;
-+ if (debugObj != NULL) {
-+ jMsg = (*env)->NewStringUTF(env, msg);
-+ CHECK_NULL(jMsg);
-+ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
-+ }
-+}
-+
-+static void throwIOException(JNIEnv *env, const char *msg)
-+{
-+ jclass cls = (*env)->FindClass(env, "java/io/IOException");
-+ if (cls != 0)
-+ (*env)->ThrowNew(env, cls, msg);
-+}
-+
-+static void handle_msg(JNIEnv *env, const char* msg, int msg_bytes)
-+{
-+ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
-+ dbgPrint(env, msg);
-+ } else {
-+ dbgPrint(env, "systemconf: cannot render message");
-+ }
-+}
-+
-+// Only used when NSS is not linked at build time
-+#ifndef SYSCONF_NSS
-+
-+static void *nss_handle;
-+
-+static jboolean loadNSS(JNIEnv *env)
-+{
-+ char msg[MSG_MAX_SIZE];
-+ int msg_bytes;
-+ const char* errmsg;
-+
-+ nss_handle = dlopen(JNI_LIB_NAME("nss3"), RTLD_LAZY);
-+ if (nss_handle == NULL) {
-+ errmsg = dlerror();
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlopen: %s\n",
-+ errmsg);
-+ handle_msg(env, msg, msg_bytes);
-+ return JNI_FALSE;
-+ }
-+ dlerror(); /* Clear errors */
-+ getSystemFIPSEnabled = (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE*)dlsym(nss_handle, "SECMOD_GetSystemFIPSEnabled");
-+ if ((errmsg = dlerror()) != NULL) {
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlsym: %s\n",
-+ errmsg);
-+ handle_msg(env, msg, msg_bytes);
-+ return JNI_FALSE;
-+ }
-+ return JNI_TRUE;
-+}
-+
-+static void closeNSS(JNIEnv *env)
-+{
-+ char msg[MSG_MAX_SIZE];
-+ int msg_bytes;
-+ const char* errmsg;
-+
-+ if (dlclose(nss_handle) != 0) {
-+ errmsg = dlerror();
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "closeNSS: dlclose: %s\n",
-+ errmsg);
-+ handle_msg(env, msg, msg_bytes);
-+ }
-+}
-+
-+#endif
-+
-+/*
-+ * Class: java_security_SystemConfigurator
-+ * Method: JNI_OnLoad
-+ */
-+JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
-+{
-+ JNIEnv *env;
-+ jclass sysConfCls, debugCls;
-+ jfieldID sdebugFld;
-+
-+ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
-+ return JNI_EVERSION; /* JNI version not supported */
-+ }
-+
-+ sysConfCls = (*env)->FindClass(env,"java/security/SystemConfigurator");
-+ if (sysConfCls == NULL) {
-+ printf("libsystemconf: SystemConfigurator class not found\n");
-+ return JNI_ERR;
-+ }
-+ sdebugFld = (*env)->GetStaticFieldID(env, sysConfCls,
-+ "sdebug", "Lsun/security/util/Debug;");
-+ if (sdebugFld == NULL) {
-+ printf("libsystemconf: SystemConfigurator::sdebug field not found\n");
-+ return JNI_ERR;
-+ }
-+ debugObj = (*env)->GetStaticObjectField(env, sysConfCls, sdebugFld);
-+ if (debugObj != NULL) {
-+ debugCls = (*env)->FindClass(env,"sun/security/util/Debug");
-+ if (debugCls == NULL) {
-+ printf("libsystemconf: Debug class not found\n");
-+ return JNI_ERR;
-+ }
-+ debugPrintlnMethodID = (*env)->GetMethodID(env, debugCls,
-+ "println", "(Ljava/lang/String;)V");
-+ if (debugPrintlnMethodID == NULL) {
-+ printf("libsystemconf: Debug::println(String) method not found\n");
-+ return JNI_ERR;
-+ }
-+ debugObj = (*env)->NewGlobalRef(env, debugObj);
-+ }
-+
-+#ifdef SYSCONF_NSS
-+ getSystemFIPSEnabled = *SECMOD_GetSystemFIPSEnabled;
-+#else
-+ if (loadNSS(env) == JNI_FALSE) {
-+ dbgPrint(env, "libsystemconf: Failed to load NSS library.");
-+ }
-+#endif
-+
-+ return (*env)->GetVersion(env);
-+}
-+
-+/*
-+ * Class: java_security_SystemConfigurator
-+ * Method: JNI_OnUnload
-+ */
-+JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
-+{
-+ JNIEnv *env;
-+
-+ if (debugObj != NULL) {
-+ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
-+ return; /* Should not happen */
-+ }
-+#ifndef SYSCONF_NSS
-+ closeNSS(env);
-+#endif
-+ (*env)->DeleteGlobalRef(env, debugObj);
-+ }
-+}
-+
-+JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled
-+ (JNIEnv *env, jclass cls)
-+{
-+ int fips_enabled;
-+ char msg[MSG_MAX_SIZE];
-+ int msg_bytes;
-+
-+ if (getSystemFIPSEnabled != NULL) {
-+ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
-+ fips_enabled = (*getSystemFIPSEnabled)();
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
-+ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
-+ handle_msg(env, msg, msg_bytes);
-+ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
-+ } else {
-+ FILE *fe;
-+
-+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
-+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
-+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
-+ return JNI_FALSE;
-+ }
-+ fips_enabled = fgetc(fe);
-+ fclose(fe);
-+ if (fips_enabled == EOF) {
-+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
-+ return JNI_FALSE;
-+ }
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
-+ " read character is '%c'", fips_enabled);
-+ handle_msg(env, msg, msg_bytes);
-+ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
-+ }
-+}
-diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
-index b36510a376b..ad5182e1e7c 100644
---- a/src/java.base/share/classes/java/security/Security.java
-+++ b/src/java.base/share/classes/java/security/Security.java
-@@ -32,6 +32,7 @@ import java.net.URL;
-
- import jdk.internal.event.EventHelper;
- import jdk.internal.event.SecurityPropertyModificationEvent;
-+import jdk.internal.misc.JavaSecuritySystemConfiguratorAccess;
- import jdk.internal.misc.SharedSecrets;
- import jdk.internal.util.StaticProperty;
- import sun.security.util.Debug;
-@@ -47,12 +48,20 @@ import sun.security.jca.*;
- * implementation-specific location, which is typically the properties file
- * {@code conf/security/java.security} in the Java installation directory.
- *
-+ * <p>Additional default values of security properties are read from a
-+ * system-specific location, if available.</p>
-+ *
- * @author Benjamin Renaud
- * @since 1.1
- */
-
- public final class Security {
-
-+ private static final String SYS_PROP_SWITCH =
-+ "java.security.disableSystemPropertiesFile";
-+ private static final String SEC_PROP_SWITCH =
-+ "security.useSystemPropertiesFile";
-+
- /* Are we debugging? -- for developers */
- private static final Debug sdebug =
- Debug.getInstance("properties");
-@@ -67,6 +76,19 @@ public final class Security {
- }
-
- static {
-+ // Initialise here as used by code with system properties disabled
-+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
-+ new JavaSecuritySystemConfiguratorAccess() {
-+ @Override
-+ public boolean isSystemFipsEnabled() {
-+ return SystemConfigurator.isSystemFipsEnabled();
-+ }
-+ @Override
-+ public boolean isPlainKeySupportEnabled() {
-+ return SystemConfigurator.isPlainKeySupportEnabled();
-+ }
-+ });
-+
- // doPrivileged here because there are multiple
- // things in initialize that might require privs.
- // (the FileInputStream call and the File.exists call,
-@@ -83,6 +105,7 @@ public final class Security {
- props = new Properties();
- boolean loadedProps = false;
- boolean overrideAll = false;
-+ boolean systemSecPropsEnabled = false;
-
- // first load the system properties file
- // to determine the value of security.overridePropertiesFile
-@@ -98,6 +121,7 @@ public final class Security {
- if (sdebug != null) {
- sdebug.println("reading security properties file: " +
- propFile);
-+ sdebug.println(props.toString());
- }
- } catch (IOException e) {
- if (sdebug != null) {
-@@ -192,6 +216,61 @@ public final class Security {
- }
- }
-
-+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
-+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
-+ if (sdebug != null) {
-+ sdebug.println(SYS_PROP_SWITCH + "=" + sysUseProps);
-+ sdebug.println(SEC_PROP_SWITCH + "=" + secUseProps);
-+ }
-+ if (!sysUseProps && secUseProps) {
-+ systemSecPropsEnabled = SystemConfigurator.configureSysProps(props);
-+ if (!systemSecPropsEnabled) {
-+ if (sdebug != null) {
-+ sdebug.println("WARNING: System security properties could not be loaded.");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null) {
-+ sdebug.println("System security property support disabled by user.");
-+ }
-+ }
-+
-+ // FIPS support depends on the contents of java.security so
-+ // ensure it has loaded first
-+ if (loadedProps && systemSecPropsEnabled) {
-+ boolean shouldEnable;
-+ String sysProp = System.getProperty("com.redhat.fips");
-+ if (sysProp == null) {
-+ shouldEnable = true;
-+ if (sdebug != null) {
-+ sdebug.println("com.redhat.fips unset, using default value of true");
-+ }
-+ } else {
-+ shouldEnable = Boolean.valueOf(sysProp);
-+ if (sdebug != null) {
-+ sdebug.println("com.redhat.fips set, using its value " + shouldEnable);
-+ }
-+ }
-+ if (shouldEnable) {
-+ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
-+ if (sdebug != null) {
-+ if (fipsEnabled) {
-+ sdebug.println("FIPS mode support configured and enabled.");
-+ } else {
-+ sdebug.println("FIPS mode support disabled.");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null ) {
-+ sdebug.println("FIPS mode support disabled by user.");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null) {
-+ sdebug.println("WARNING: FIPS mode support can not be enabled without " +
-+ "system security properties being enabled.");
-+ }
-+ }
- }
-
- /*
-diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
-new file mode 100644
-index 00000000000..90f6dd2ebc0
---- /dev/null
-+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
-@@ -0,0 +1,248 @@
-+/*
-+ * Copyright (c) 2019, 2021, Red Hat, Inc.
-+ *
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+package java.security;
-+
-+import java.io.BufferedInputStream;
-+import java.io.FileInputStream;
-+import java.io.IOException;
-+
-+import java.util.Iterator;
-+import java.util.Map.Entry;
-+import java.util.Properties;
-+
-+import sun.security.util.Debug;
-+
-+/**
-+ * Internal class to align OpenJDK with global crypto-policies.
-+ * Called from java.security.Security class initialization,
-+ * during startup.
-+ *
-+ */
-+
-+final class SystemConfigurator {
-+
-+ private static final Debug sdebug =
-+ Debug.getInstance("properties");
-+
-+ private static final String CRYPTO_POLICIES_BASE_DIR =
-+ "/etc/crypto-policies";
-+
-+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
-+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
-+
-+ private static boolean systemFipsEnabled = false;
-+ private static boolean plainKeySupportEnabled = false;
-+
-+ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
-+
-+ private static native boolean getSystemFIPSEnabled()
-+ throws IOException;
-+
-+ static {
-+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
-+ public Void run() {
-+ System.loadLibrary(SYSTEMCONF_NATIVE_LIB);
-+ return null;
-+ }
-+ });
-+ }
-+
-+ /*
-+ * Invoked when java.security.Security class is initialized, if
-+ * java.security.disableSystemPropertiesFile property is not set and
-+ * security.useSystemPropertiesFile is true.
-+ */
-+ static boolean configureSysProps(Properties props) {
-+ boolean systemSecPropsLoaded = false;
-+
-+ try (BufferedInputStream bis =
-+ new BufferedInputStream(
-+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
-+ props.load(bis);
-+ systemSecPropsLoaded = true;
-+ if (sdebug != null) {
-+ sdebug.println("reading system security properties file " +
-+ CRYPTO_POLICIES_JAVA_CONFIG);
-+ sdebug.println(props.toString());
-+ }
-+ } catch (IOException e) {
-+ if (sdebug != null) {
-+ sdebug.println("unable to load security properties from " +
-+ CRYPTO_POLICIES_JAVA_CONFIG);
-+ e.printStackTrace();
-+ }
-+ }
-+ return systemSecPropsLoaded;
-+ }
-+
-+ /*
-+ * Invoked at the end of java.security.Security initialisation
-+ * if java.security properties have been loaded
-+ */
-+ static boolean configureFIPS(Properties props) {
-+ boolean loadedProps = false;
-+
-+ try {
-+ if (enableFips()) {
-+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
-+ // Remove all security providers
-+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
-+ while (i.hasNext()) {
-+ Entry<Object, Object> e = i.next();
-+ if (((String) e.getKey()).startsWith("security.provider")) {
-+ if (sdebug != null) { sdebug.println("Removing provider: " + e); }
-+ i.remove();
-+ }
-+ }
-+ // Add FIPS security providers
-+ String fipsProviderValue = null;
-+ for (int n = 1;
-+ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) {
-+ String fipsProviderKey = "security.provider." + n;
-+ if (sdebug != null) {
-+ sdebug.println("Adding provider " + n + ": " +
-+ fipsProviderKey + "=" + fipsProviderValue);
-+ }
-+ props.put(fipsProviderKey, fipsProviderValue);
-+ }
-+ // Add other security properties
-+ String keystoreTypeValue = (String) props.get("fips.keystore.type");
-+ if (keystoreTypeValue != null) {
-+ String nonFipsKeystoreType = props.getProperty("keystore.type");
-+ props.put("keystore.type", keystoreTypeValue);
-+ if (keystoreTypeValue.equals("PKCS11")) {
-+ // If keystore.type is PKCS11, javax.net.ssl.keyStore
-+ // must be "NONE". See JDK-8238264.
-+ System.setProperty("javax.net.ssl.keyStore", "NONE");
-+ }
-+ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
-+ // If no trustStoreType has been set, use the
-+ // previous keystore.type under FIPS mode. In
-+ // a default configuration, the Trust Store will
-+ // be 'cacerts' (JKS type).
-+ System.setProperty("javax.net.ssl.trustStoreType",
-+ nonFipsKeystoreType);
-+ }
-+ if (sdebug != null) {
-+ sdebug.println("FIPS mode default keystore.type = " +
-+ keystoreTypeValue);
-+ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
-+ System.getProperty("javax.net.ssl.keyStore", ""));
-+ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
-+ System.getProperty("javax.net.ssl.trustStoreType", ""));
-+ }
-+ }
-+ loadedProps = true;
-+ systemFipsEnabled = true;
-+ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport",
-+ "true");
-+ plainKeySupportEnabled = !"false".equals(plainKeySupport);
-+ if (sdebug != null) {
-+ if (plainKeySupportEnabled) {
-+ sdebug.println("FIPS support enabled with plain key support");
-+ } else {
-+ sdebug.println("FIPS support enabled without plain key support");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null) { sdebug.println("FIPS mode not detected"); }
-+ }
-+ } catch (Exception e) {
-+ if (sdebug != null) {
-+ sdebug.println("unable to load FIPS configuration");
-+ e.printStackTrace();
-+ }
-+ }
-+ return loadedProps;
-+ }
-+
-+ /**
-+ * Returns whether or not global system FIPS alignment is enabled.
-+ *
-+ * Value is always 'false' before java.security.Security class is
-+ * initialized.
-+ *
-+ * Call from out of this package through SharedSecrets:
-+ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ * .isSystemFipsEnabled();
-+ *
-+ * @return a boolean value indicating whether or not global
-+ * system FIPS alignment is enabled.
-+ */
-+ static boolean isSystemFipsEnabled() {
-+ return systemFipsEnabled;
-+ }
-+
-+ /**
-+ * Returns {@code true} if system FIPS alignment is enabled
-+ * and plain key support is allowed. Plain key support is
-+ * enabled by default but can be disabled with
-+ * {@code -Dcom.redhat.fips.plainKeySupport=false}.
-+ *
-+ * @return a boolean indicating whether plain key support
-+ * should be enabled.
-+ */
-+ static boolean isPlainKeySupportEnabled() {
-+ return plainKeySupportEnabled;
-+ }
-+
-+ /**
-+ * Determines whether FIPS mode should be enabled.
-+ *
-+ * OpenJDK FIPS mode will be enabled only if the system is in
-+ * FIPS mode.
-+ *
-+ * Calls to this method only occur if the system property
-+ * com.redhat.fips is not set to false.
-+ *
-+ * There are 2 possible ways in which OpenJDK detects that the system
-+ * is in FIPS mode: 1) if the NSS SECMOD_GetSystemFIPSEnabled API is
-+ * available at OpenJDK's built-time, it is called; 2) otherwise, the
-+ * /proc/sys/crypto/fips_enabled file is read.
-+ *
-+ * @return true if the system is in FIPS mode
-+ */
-+ private static boolean enableFips() throws Exception {
-+ if (sdebug != null) {
-+ sdebug.println("Calling getSystemFIPSEnabled (libsystemconf)...");
-+ }
-+ try {
-+ boolean fipsEnabled = getSystemFIPSEnabled();
-+ if (sdebug != null) {
-+ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) returned: "
-+ + fipsEnabled);
-+ }
-+ return fipsEnabled;
-+ } catch (IOException e) {
-+ if (sdebug != null) {
-+ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) failed:");
-+ sdebug.println(e.getMessage());
-+ }
-+ throw e;
-+ }
-+ }
-+}
-diff --git a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
-new file mode 100644
-index 00000000000..21bc6d0b591
---- /dev/null
-+++ b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
-@@ -0,0 +1,31 @@
-+/*
-+ * Copyright (c) 2020, Red Hat, Inc.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+package jdk.internal.misc;
-+
-+public interface JavaSecuritySystemConfiguratorAccess {
-+ boolean isSystemFipsEnabled();
-+ boolean isPlainKeySupportEnabled();
-+}
-diff --git a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-index 688ec9f0915..8489b940c43 100644
---- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-+++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-@@ -36,6 +36,7 @@ import java.io.FilePermission;
- import java.io.ObjectInputStream;
- import java.io.RandomAccessFile;
- import java.security.ProtectionDomain;
-+import java.security.Security;
- import java.security.Signature;
-
- /** A repository of "shared secrets", which are a mechanism for
-@@ -76,6 +77,7 @@ public class SharedSecrets {
- private static JavaIORandomAccessFileAccess javaIORandomAccessFileAccess;
- private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
- private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess;
-+ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
-
- public static JavaUtilJarAccess javaUtilJarAccess() {
- if (javaUtilJarAccess == null) {
-@@ -361,4 +363,15 @@ public class SharedSecrets {
- }
- return javaxCryptoSealedObjectAccess;
- }
-+
-+ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
-+ javaSecuritySystemConfiguratorAccess = jssca;
-+ }
-+
-+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
-+ if (javaSecuritySystemConfiguratorAccess == null) {
-+ unsafe.ensureClassInitialized(Security.class);
-+ }
-+ return javaSecuritySystemConfiguratorAccess;
-+ }
- }
-diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
-index 5460efcf8c5..f08dc2fafc5 100644
---- a/src/java.base/share/classes/module-info.java
-+++ b/src/java.base/share/classes/module-info.java
-@@ -182,6 +182,7 @@ module java.base {
- java.security.jgss,
- java.sql,
- java.xml,
-+ jdk.crypto.cryptoki,
- jdk.jartool,
- jdk.attach,
- jdk.charsets,
-diff --git a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-index ffee2c1603b..ff3d5e0e4ab 100644
---- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-+++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
-
- import javax.net.ssl.*;
-
-+import jdk.internal.misc.SharedSecrets;
-+
- abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
-
-+ private static final boolean plainKeySupportEnabled = SharedSecrets
-+ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
-+
- X509ExtendedKeyManager keyManager;
- boolean isInitialized;
-
-@@ -62,7 +67,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
- KeyStoreException, NoSuchAlgorithmException,
- UnrecoverableKeyException {
- if ((ks != null) && SunJSSE.isFIPS()) {
-- if (ks.getProvider() != SunJSSE.cryptoProvider) {
-+ if (ks.getProvider() != SunJSSE.cryptoProvider &&
-+ !plainKeySupportEnabled) {
- throw new KeyStoreException("FIPS mode: KeyStore must be "
- + "from provider " + SunJSSE.cryptoProvider.getName());
- }
-@@ -91,8 +97,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
- keyManager = new X509KeyManagerImpl(
- Collections.<Builder>emptyList());
- } else {
-- if (SunJSSE.isFIPS() &&
-- (ks.getProvider() != SunJSSE.cryptoProvider)) {
-+ if (SunJSSE.isFIPS() && (ks.getProvider() != SunJSSE.cryptoProvider)
-+ && !plainKeySupportEnabled) {
- throw new KeyStoreException(
- "FIPS mode: KeyStore must be " +
- "from provider " + SunJSSE.cryptoProvider.getName());
-diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-index de7da5c3379..5c3813dda7b 100644
---- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-@@ -31,6 +31,7 @@ import java.security.*;
- import java.security.cert.*;
- import java.util.*;
- import javax.net.ssl.*;
-+import jdk.internal.misc.SharedSecrets;
- import sun.security.action.GetPropertyAction;
- import sun.security.provider.certpath.AlgorithmChecker;
- import sun.security.validator.Validator;
-@@ -542,20 +543,38 @@ public abstract class SSLContextImpl extends SSLContextSpi {
-
- static {
- if (SunJSSE.isFIPS()) {
-- supportedProtocols = Arrays.asList(
-- ProtocolVersion.TLS13,
-- ProtocolVersion.TLS12,
-- ProtocolVersion.TLS11,
-- ProtocolVersion.TLS10
-- );
-+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ supportedProtocols = Arrays.asList(
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ );
-
-- serverDefaultProtocols = getAvailableProtocols(
-- new ProtocolVersion[] {
-- ProtocolVersion.TLS13,
-- ProtocolVersion.TLS12,
-- ProtocolVersion.TLS11,
-- ProtocolVersion.TLS10
-- });
-+ serverDefaultProtocols = getAvailableProtocols(
-+ new ProtocolVersion[] {
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ });
-+ } else {
-+ supportedProtocols = Arrays.asList(
-+ ProtocolVersion.TLS13,
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ );
-+
-+ serverDefaultProtocols = getAvailableProtocols(
-+ new ProtocolVersion[] {
-+ ProtocolVersion.TLS13,
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ });
-+ }
- } else {
- supportedProtocols = Arrays.asList(
- ProtocolVersion.TLS13,
-@@ -620,6 +639,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
-
- static ProtocolVersion[] getSupportedProtocols() {
- if (SunJSSE.isFIPS()) {
-+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ return new ProtocolVersion[] {
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ };
-+ }
- return new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
-@@ -949,6 +978,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
-
- static ProtocolVersion[] getProtocols() {
- if (SunJSSE.isFIPS()) {
-+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ return new ProtocolVersion[] {
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ };
-+ }
- return new ProtocolVersion[]{
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
-diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-index c50ba93ecfc..de2a91a478c 100644
---- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-@@ -27,6 +27,8 @@ package sun.security.ssl;
-
- import java.security.*;
- import java.util.*;
-+
-+import jdk.internal.misc.SharedSecrets;
- import sun.security.rsa.SunRsaSignEntries;
- import static sun.security.util.SecurityConstants.PROVIDER_VER;
- import static sun.security.provider.SunEntries.createAliases;
-@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
- "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
- ps("SSLContext", "TLSv1.2",
- "sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
-- ps("SSLContext", "TLSv1.3",
-- "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
-+ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ ps("SSLContext", "TLSv1.3",
-+ "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
-+ }
- ps("SSLContext", "TLS",
- "sun.security.ssl.SSLContextImpl$TLSContext",
- (isfips? null : createAliases("SSL")), null);
-diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
-index 097517926d1..474fe6f401f 100644
---- a/src/java.base/share/conf/security/java.security
-+++ b/src/java.base/share/conf/security/java.security
-@@ -85,6 +85,14 @@ security.provider.tbd=Apple
- security.provider.tbd=SunPKCS11
- #endif
-
-+#
-+# Security providers used when FIPS mode support is active
-+#
-+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
-+fips.provider.2=SUN
-+fips.provider.3=SunEC
-+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
-+
- #
- # A list of preferred providers for specific algorithms. These providers will
- # be searched for matching algorithms before the list of registered providers.
-@@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false
- #
- keystore.type=pkcs12
-
-+#
-+# Default keystore type used when global crypto-policies are set to FIPS.
-+#
-+fips.keystore.type=PKCS11
-+
- #
- # Controls compatibility mode for JKS and PKCS12 keystore types.
- #
-@@ -335,6 +348,13 @@ package.definition=sun.misc.,\
- #
- security.overridePropertiesFile=true
-
-+#
-+# Determines whether this properties file will be appended to
-+# using the system properties file stored at
-+# /etc/crypto-policies/back-ends/java.config
-+#
-+security.useSystemPropertiesFile=false
-+
- #
- # Determines the default key and trust manager factory algorithms for
- # the javax.net.ssl package.
-diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
-new file mode 100644
-index 00000000000..b848a1fd783
---- /dev/null
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
-@@ -0,0 +1,290 @@
-+/*
-+ * Copyright (c) 2021, Red Hat, Inc.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+package sun.security.pkcs11;
-+
-+import java.math.BigInteger;
-+import java.security.KeyFactory;
-+import java.security.Provider;
-+import java.security.Security;
-+import java.util.HashMap;
-+import java.util.Map;
-+import java.util.concurrent.locks.ReentrantLock;
-+
-+import javax.crypto.Cipher;
-+import javax.crypto.spec.DHPrivateKeySpec;
-+import javax.crypto.spec.IvParameterSpec;
-+
-+import sun.security.jca.JCAUtil;
-+import sun.security.pkcs11.TemplateManager;
-+import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
-+import sun.security.pkcs11.wrapper.CK_MECHANISM;
-+import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
-+import sun.security.pkcs11.wrapper.PKCS11Exception;
-+import sun.security.rsa.RSAUtil.KeyType;
-+import sun.security.util.Debug;
-+import sun.security.util.ECUtil;
-+
-+final class FIPSKeyImporter {
-+
-+ private static final Debug debug =
-+ Debug.getInstance("sunpkcs11");
-+
-+ private static P11Key importerKey = null;
-+ private static final ReentrantLock importerKeyLock = new ReentrantLock();
-+ private static CK_MECHANISM importerKeyMechanism = null;
-+ private static Cipher importerCipher = null;
-+
-+ private static Provider sunECProvider = null;
-+ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
-+
-+ private static KeyFactory DHKF = null;
-+ private static final ReentrantLock DHKFLock = new ReentrantLock();
-+
-+ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
-+ throws PKCS11Exception {
-+ long keyID = -1;
-+ Token token = sunPKCS11.getToken();
-+ if (debug != null) {
-+ debug.println("Private or Secret key will be imported in" +
-+ " system FIPS mode.");
-+ }
-+ if (importerKey == null) {
-+ importerKeyLock.lock();
-+ try {
-+ if (importerKey == null) {
-+ if (importerKeyMechanism == null) {
-+ // Importer Key creation has not been tried yet. Try it.
-+ createImporterKey(token);
-+ }
-+ if (importerKey == null || importerCipher == null) {
-+ if (debug != null) {
-+ debug.println("Importer Key could not be" +
-+ " generated.");
-+ }
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ if (debug != null) {
-+ debug.println("Importer Key successfully" +
-+ " generated.");
-+ }
-+ }
-+ } finally {
-+ importerKeyLock.unlock();
-+ }
-+ }
-+ long importerKeyID = importerKey.getKeyID();
-+ try {
-+ byte[] keyBytes = null;
-+ byte[] encKeyBytes = null;
-+ long keyClass = 0L;
-+ long keyType = 0L;
-+ Map<Long, CK_ATTRIBUTE> attrsMap = new HashMap<>();
-+ for (CK_ATTRIBUTE attr : attributes) {
-+ if (attr.type == CKA_CLASS) {
-+ keyClass = attr.getLong();
-+ } else if (attr.type == CKA_KEY_TYPE) {
-+ keyType = attr.getLong();
-+ }
-+ attrsMap.put(attr.type, attr);
-+ }
-+ BigInteger v = null;
-+ if (keyClass == CKO_PRIVATE_KEY) {
-+ if (keyType == CKK_RSA) {
-+ if (debug != null) {
-+ debug.println("Importing an RSA private key...");
-+ }
-+ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
-+ KeyType.RSA,
-+ null,
-+ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO
-+ ).getEncoded();
-+ } else if (keyType == CKK_DSA) {
-+ if (debug != null) {
-+ debug.println("Importing a DSA private key...");
-+ }
-+ keyBytes = new sun.security.provider.DSAPrivateKey(
-+ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO
-+ ).getEncoded();
-+ if (token.config.getNssNetscapeDbWorkaround() &&
-+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
-+ attrsMap.put(CKA_NETSCAPE_DB,
-+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
-+ }
-+ } else if (keyType == CKK_EC) {
-+ if (debug != null) {
-+ debug.println("Importing an EC private key...");
-+ }
-+ if (sunECProvider == null) {
-+ sunECProviderLock.lock();
-+ try {
-+ if (sunECProvider == null) {
-+ sunECProvider = Security.getProvider("SunEC");
-+ }
-+ } finally {
-+ sunECProviderLock.unlock();
-+ }
-+ }
-+ keyBytes = ECUtil.generateECPrivateKey(
-+ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ECUtil.getECParameterSpec(sunECProvider,
-+ attrsMap.get(CKA_EC_PARAMS).getByteArray()))
-+ .getEncoded();
-+ if (token.config.getNssNetscapeDbWorkaround() &&
-+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
-+ attrsMap.put(CKA_NETSCAPE_DB,
-+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
-+ }
-+ } else if (keyType == CKK_DH) {
-+ if (debug != null) {
-+ debug.println("Importing a Diffie-Hellman private key...");
-+ }
-+ if (DHKF == null) {
-+ DHKFLock.lock();
-+ try {
-+ if (DHKF == null) {
-+ DHKF = KeyFactory.getInstance(
-+ "DH", P11Util.getSunJceProvider());
-+ }
-+ } finally {
-+ DHKFLock.unlock();
-+ }
-+ }
-+ DHPrivateKeySpec spec = new DHPrivateKeySpec
-+ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO);
-+ keyBytes = DHKF.generatePrivate(spec).getEncoded();
-+ if (token.config.getNssNetscapeDbWorkaround() &&
-+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
-+ attrsMap.put(CKA_NETSCAPE_DB,
-+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
-+ }
-+ } else {
-+ if (debug != null) {
-+ debug.println("Unrecognized private key type.");
-+ }
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ } else if (keyClass == CKO_SECRET_KEY) {
-+ if (debug != null) {
-+ debug.println("Importing a secret key...");
-+ }
-+ keyBytes = attrsMap.get(CKA_VALUE).getByteArray();
-+ }
-+ if (keyBytes == null || keyBytes.length == 0) {
-+ if (debug != null) {
-+ debug.println("Private or secret key plain bytes could" +
-+ " not be obtained. Import failed.");
-+ }
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey,
-+ new IvParameterSpec((byte[])importerKeyMechanism.pParameter),
-+ null);
-+ attributes = new CK_ATTRIBUTE[attrsMap.size()];
-+ attrsMap.values().toArray(attributes);
-+ encKeyBytes = importerCipher.doFinal(keyBytes);
-+ attributes = token.getAttributes(TemplateManager.O_IMPORT,
-+ keyClass, keyType, attributes);
-+ keyID = token.p11.C_UnwrapKey(hSession,
-+ importerKeyMechanism, importerKeyID, encKeyBytes, attributes);
-+ if (debug != null) {
-+ debug.println("Imported key ID: " + keyID);
-+ }
-+ } catch (Throwable t) {
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ } finally {
-+ importerKey.releaseKeyID();
-+ }
-+ return Long.valueOf(keyID);
-+ }
-+
-+ private static void createImporterKey(Token token) {
-+ if (debug != null) {
-+ debug.println("Generating Importer Key...");
-+ }
-+ byte[] iv = new byte[16];
-+ JCAUtil.getSecureRandom().nextBytes(iv);
-+ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv);
-+ try {
-+ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE,
-+ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] {
-+ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
-+ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)});
-+ Session s = null;
-+ try {
-+ s = token.getObjSession();
-+ long keyID = token.p11.C_GenerateKey(
-+ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN),
-+ attributes);
-+ if (debug != null) {
-+ debug.println("Importer Key ID: " + keyID);
-+ }
-+ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES",
-+ 256 >> 3, null);
-+ } catch (PKCS11Exception e) {
-+ // best effort
-+ } finally {
-+ token.releaseSession(s);
-+ }
-+ if (importerKey != null) {
-+ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-+ }
-+ } catch (Throwable t) {
-+ // best effort
-+ importerKey = null;
-+ importerCipher = null;
-+ // importerKeyMechanism value is kept initialized to indicate that
-+ // Importer Key creation has been tried and failed.
-+ }
-+ }
-+}
-diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-index 099caac605f..977e5332bd1 100644
---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-@@ -26,6 +26,9 @@
- package sun.security.pkcs11;
-
- import java.io.*;
-+import java.lang.invoke.MethodHandle;
-+import java.lang.invoke.MethodHandles;
-+import java.lang.invoke.MethodType;
- import java.util.*;
-
- import java.security.*;
-@@ -43,6 +46,8 @@ import javax.security.auth.callback.PasswordCallback;
- import com.sun.crypto.provider.ChaCha20Poly1305Parameters;
-
- import jdk.internal.misc.InnocuousThread;
-+import jdk.internal.misc.SharedSecrets;
-+
- import sun.security.util.Debug;
- import sun.security.util.ResourcesMgr;
- import static sun.security.util.SecurityConstants.PROVIDER_VER;
-@@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
- */
- public final class SunPKCS11 extends AuthProvider {
-
-+ private static final boolean systemFipsEnabled = SharedSecrets
-+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
-+
-+ private static final boolean plainKeySupportEnabled = SharedSecrets
-+ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
-+
-+ private static final MethodHandle fipsImportKey;
-+ static {
-+ MethodHandle fipsImportKeyTmp = null;
-+ if (plainKeySupportEnabled) {
-+ try {
-+ fipsImportKeyTmp = MethodHandles.lookup().findStatic(
-+ FIPSKeyImporter.class, "importKey",
-+ MethodType.methodType(Long.class, SunPKCS11.class,
-+ long.class, CK_ATTRIBUTE[].class));
-+ } catch (Throwable t) {
-+ throw new SecurityException("FIPS key importer initialization" +
-+ " failed", t);
-+ }
-+ }
-+ fipsImportKey = fipsImportKeyTmp;
-+ }
-+
- private static final long serialVersionUID = -1354835039035306505L;
-
- static final Debug debug = Debug.getInstance("sunpkcs11");
-@@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider {
- // request multithreaded access first
- initArgs.flags = CKF_OS_LOCKING_OK;
- PKCS11 tmpPKCS11;
-+ MethodHandle fipsKeyImporter = null;
-+ if (plainKeySupportEnabled) {
-+ fipsKeyImporter = MethodHandles.insertArguments(
-+ fipsImportKey, 0, this);
-+ }
- try {
- tmpPKCS11 = PKCS11.getInstance(
- library, functionList, initArgs,
-- config.getOmitInitialize());
-+ config.getOmitInitialize(), fipsKeyImporter);
- } catch (PKCS11Exception e) {
- if (debug != null) {
- debug.println("Multi-threaded initialization failed: " + e);
-@@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider {
- initArgs.flags = 0;
- }
- tmpPKCS11 = PKCS11.getInstance(library,
-- functionList, initArgs, config.getOmitInitialize());
-+ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter);
- }
- p11 = tmpPKCS11;
-
-@@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider {
- if (nssModule != null) {
- nssModule.setProvider(this);
- }
-+ if (systemFipsEnabled) {
-+ // The NSS Software Token in FIPS 140-2 mode requires a user
-+ // login for most operations. See sftk_fipsCheck. The NSS DB
-+ // (/etc/pki/nssdb) PIN is empty.
-+ Session session = null;
-+ try {
-+ session = token.getOpSession();
-+ p11.C_Login(session.id(), CKU_USER, new char[] {});
-+ } catch (PKCS11Exception p11e) {
-+ if (debug != null) {
-+ debug.println("Error during token login: " +
-+ p11e.getMessage());
-+ }
-+ throw p11e;
-+ } finally {
-+ token.releaseSession(session);
-+ }
-+ }
- } catch (Exception e) {
- if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
- throw new UnsupportedOperationException
-diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-index 04a369f453c..f033fe47593 100644
---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
-
- import java.io.File;
- import java.io.IOException;
-+import java.lang.invoke.MethodHandle;
- import java.util.*;
-
- import java.security.AccessController;
-@@ -148,18 +149,41 @@ public class PKCS11 {
- this.pkcs11ModulePath = pkcs11ModulePath;
- }
-
-+ /*
-+ * Compatibility wrapper to allow this method to work as before
-+ * when FIPS mode support is not active.
-+ */
-+ public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
-+ String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
-+ boolean omitInitialize) throws IOException, PKCS11Exception {
-+ return getInstance(pkcs11ModulePath, functionList,
-+ pInitArgs, omitInitialize, null);
-+ }
-+
- public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
- String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
-- boolean omitInitialize) throws IOException, PKCS11Exception {
-+ boolean omitInitialize, MethodHandle fipsKeyImporter)
-+ throws IOException, PKCS11Exception {
- // we may only call C_Initialize once per native .so/.dll
- // so keep a cache using the (non-canonicalized!) path
- PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
- if (pkcs11 == null) {
-+ boolean nssFipsMode = fipsKeyImporter != null;
- if ((pInitArgs != null)
- && ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
-- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
-+ if (nssFipsMode) {
-+ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
-+ fipsKeyImporter);
-+ } else {
-+ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
-+ }
- } else {
-- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
-+ if (nssFipsMode) {
-+ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
-+ functionList, fipsKeyImporter);
-+ } else {
-+ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
-+ }
- }
- if (omitInitialize == false) {
- try {
-@@ -1909,4 +1933,69 @@ static class SynchronizedPKCS11 extends PKCS11 {
- super.C_GenerateRandom(hSession, randomData);
- }
- }
-+
-+// PKCS11 subclass that allows using plain private or secret keys in
-+// FIPS-configured NSS Software Tokens. Only used when System FIPS
-+// is enabled.
-+static class FIPSPKCS11 extends PKCS11 {
-+ private MethodHandle fipsKeyImporter;
-+ FIPSPKCS11(String pkcs11ModulePath, String functionListName,
-+ MethodHandle fipsKeyImporter) throws IOException {
-+ super(pkcs11ModulePath, functionListName);
-+ this.fipsKeyImporter = fipsKeyImporter;
-+ }
-+
-+ public synchronized long C_CreateObject(long hSession,
-+ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
-+ // Creating sensitive key objects from plain key material in a
-+ // FIPS-configured NSS Software Token is not allowed. We apply
-+ // a key-unwrapping scheme to achieve so.
-+ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
-+ try {
-+ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
-+ .longValue();
-+ } catch (Throwable t) {
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ }
-+ return super.C_CreateObject(hSession, pTemplate);
-+ }
-+}
-+
-+// FIPSPKCS11 synchronized counterpart.
-+static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 {
-+ private MethodHandle fipsKeyImporter;
-+ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName,
-+ MethodHandle fipsKeyImporter) throws IOException {
-+ super(pkcs11ModulePath, functionListName);
-+ this.fipsKeyImporter = fipsKeyImporter;
-+ }
-+
-+ public synchronized long C_CreateObject(long hSession,
-+ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
-+ // See FIPSPKCS11::C_CreateObject.
-+ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
-+ try {
-+ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
-+ .longValue();
-+ } catch (Throwable t) {
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ }
-+ return super.C_CreateObject(hSession, pTemplate);
-+ }
-+}
-+
-+private static class FIPSPKCS11Helper {
-+ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) {
-+ for (CK_ATTRIBUTE attr : pTemplate) {
-+ if (attr.type == CKA_CLASS &&
-+ (attr.getLong() == CKO_PRIVATE_KEY ||
-+ attr.getLong() == CKO_SECRET_KEY)) {
-+ return true;
-+ }
-+ }
-+ return false;
-+ }
-+}
- }
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
deleted file mode 100755
index 3bb5f87..0000000
--- a/generate_source_tarball.sh
+++ /dev/null
@@ -1,200 +0,0 @@
-#!/bin/bash
-# Generates the 'source tarball' for JDK projects.
-#
-# Example:
-# When used from local repo set REPO_ROOT pointing to file:// with your repo
-# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
-# If you want to use a local copy of patch GH001, set the path to it in the GH001 variable
-#
-# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=openjdk
-# REPO_NAME=jdk11u
-# VERSION=HEAD
-# or to eg prepare systemtap:
-# icedtea7's jstack and other tapsets
-# VERSION=6327cf1cea9e
-# REPO_NAME=icedtea7-2.6
-# PROJECT_NAME=release
-# OPENJDK_URL=http://icedtea.classpath.org/hg/
-# TO_COMPRESS="*/tapset"
-#
-# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
-
-# This script creates a single source tarball out of the repository
-# based on the given tag and removes code not allowed in fedora/rhel. For
-# consistency, the source tarball will always contain 'openjdk' as the top
-# level folder, name is created, based on parameter
-#
-
-if [ ! "x$GH001" = "x" ] ; then
- if [ ! -f "$GH001" ] ; then
- echo "You have specified GH001 as $GH001 but it does not exist. Exiting"
- exit 1
- fi
-fi
-
-if [ ! "x$GH003" = "x" ] ; then
- if [ ! -f "$GH003" ] ; then
- echo "You have specified GH003 as $GH003 but it does not exist. Exiting"
- exit 1
- fi
-fi
-
-set -e
-
-OPENJDK_URL_DEFAULT=https://github.com
-COMPRESSION_DEFAULT=xz
-# Corresponding IcedTea version
-ICEDTEA_VERSION=6.0
-
-if [ "x$1" = "xhelp" ] ; then
- echo -e "Behaviour may be specified by setting the following variables:\n"
- echo "VERSION - the version of the specified OpenJDK project"
- echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)"
- echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)"
- echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
- echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
- echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
- echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
- echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
- echo "GH001 - the path to the ECC code patch, GH001, to apply (optional; downloaded if unavailable)"
- echo "GH003 - the path to the ECC test patch, GH003, to apply (optional; downloaded if unavailable)"
- exit 1;
-fi
-
-
-if [ "x$VERSION" = "x" ] ; then
- echo "No VERSION specified"
- exit -2
-fi
-echo "Version: ${VERSION}"
-
-# REPO_NAME is only needed when we default on REPO_ROOT and FILE_NAME_ROOT
-if [ "x$FILE_NAME_ROOT" = "x" -o "x$REPO_ROOT" = "x" ] ; then
- if [ "x$PROJECT_NAME" = "x" ] ; then
- echo "No PROJECT_NAME specified"
- exit -1
- fi
- echo "Project name: ${PROJECT_NAME}"
- if [ "x$REPO_NAME" = "x" ] ; then
- echo "No REPO_NAME specified"
- exit -3
- fi
- echo "Repository name: ${REPO_NAME}"
-fi
-
-if [ "x$OPENJDK_URL" = "x" ] ; then
- OPENJDK_URL=${OPENJDK_URL_DEFAULT}
- echo "No OpenJDK URL specified; defaulting to ${OPENJDK_URL}"
-else
- echo "OpenJDK URL: ${OPENJDK_URL}"
-fi
-
-if [ "x$COMPRESSION" = "x" ] ; then
- # rhel 5 needs tar.gz
- COMPRESSION=${COMPRESSION_DEFAULT}
-fi
-echo "Creating a tar.${COMPRESSION} archive"
-
-if [ "x$FILE_NAME_ROOT" = "x" ] ; then
- FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
- echo "No file name root specified; default to ${FILE_NAME_ROOT}"
-fi
-if [ "x$REPO_ROOT" = "x" ] ; then
- REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
- echo "No repository root specified; default to ${REPO_ROOT}"
-fi;
-if [ "x$TO_COMPRESS" = "x" ] ; then
- TO_COMPRESS="openjdk"
- echo "No to be compressed targets specified, ; default to ${TO_COMPRESS}"
-fi;
-
-echo -e "Settings:"
-echo -e "\tVERSION: ${VERSION}"
-echo -e "\tPROJECT_NAME: ${PROJECT_NAME}"
-echo -e "\tREPO_NAME: ${REPO_NAME}"
-echo -e "\tOPENJDK_URL: ${OPENJDK_URL}"
-echo -e "\tCOMPRESSION: ${COMPRESSION}"
-echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
-echo -e "\tREPO_ROOT: ${REPO_ROOT}"
-echo -e "\tTO_COMPRESS: ${TO_COMPRESS}"
-echo -e "\tGH001: ${GH001}"
-echo -e "\tGH003: ${GH003}"
-
-if [ -d ${FILE_NAME_ROOT} ] ; then
- echo "exists exists exists exists exists exists exists "
- echo "reusing reusing reusing reusing reusing reusing "
- echo ${FILE_NAME_ROOT}
-else
- mkdir "${FILE_NAME_ROOT}"
- pushd "${FILE_NAME_ROOT}"
- echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
- git clone -b ${VERSION} ${REPO_ROOT} openjdk
- popd
-fi
-pushd "${FILE_NAME_ROOT}"
-# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
- if [ -d openjdk/test ] ; then
- echo "Removing langtools test case with non-Free license"
- rm -vf openjdk/test/langtools/tools/javadoc/api/basic/taglets/UnderlineTaglet.java
- fi
- if [ -d openjdk/src ]; then
- pushd openjdk
- echo "Removing EC source code we don't build"
- CRYPTO_PATH=src/jdk.crypto.ec/share/native/libsunec/impl
- rm -vf ${CRYPTO_PATH}/ec2.h
- rm -vf ${CRYPTO_PATH}/ec2_163.c
- rm -vf ${CRYPTO_PATH}/ec2_193.c
- rm -vf ${CRYPTO_PATH}/ec2_233.c
- rm -vf ${CRYPTO_PATH}/ec2_aff.c
- rm -vf ${CRYPTO_PATH}/ec2_mont.c
- rm -vf ${CRYPTO_PATH}/ecp_192.c
- rm -vf ${CRYPTO_PATH}/ecp_224.c
-
- echo "Syncing EC list with NSS"
- if [ "x$GH001" = "x" ] ; then
- # get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
- # Do not push it or publish it
- echo "GH001 not found. Downloading..."
- wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh001…
- echo "Applying ${PWD}/gh001-4curve.patch"
- git apply --stat --apply -v -p1 gh001-4curve.patch
- rm gh001-4curve.patch
- else
- echo "Applying ${GH001}"
- git apply --stat --apply -v -p1 $GH001
- fi;
- if [ "x$GH003" = "x" ] ; then
- # get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
- echo "GH003 not found. Downloading..."
- wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh003…
- echo "Applying ${PWD}/gh003-4curve.patch"
- git apply --stat --apply -v -p1 gh003-4curve.patch
- rm gh003-4curve.patch
- else
- echo "Applying ${GH003}"
- git apply --stat --apply -v -p1 $GH003
- fi;
- find . -name '*.orig' -exec rm -vf '{}' ';' || echo "No .orig files found. This is suspicious, but may happen."
- popd
- fi
-
- # Generate .src-rev so build has knowledge of the revision the tarball was created from
- mkdir build
- pushd build
- sh ${PWD}/../openjdk/configure
- make store-source-revision
- popd
- rm -rf build
-
- echo "Compressing remaining forest"
- if [ "X$COMPRESSION" = "Xxz" ] ; then
- SWITCH=cJf
- else
- SWITCH=czf
- fi
- TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
- tar --exclude-vcs -$SWITCH ${TARBALL_NAME} $TO_COMPRESS
- mv ${TARBALL_NAME} ..
-popd
-echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 4997423..3ba613f 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -21,12 +21,6 @@
%bcond_without release
# Enable static library builds by default.
%bcond_without staticlibs
-# Remove build artifacts by default
-%bcond_with artifacts
-# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
-%bcond_without fresh_libjvm
-# Build with system libraries
-%bcond_with system_libs
# Workaround for stripping of debug symbols from static libraries
%if %{with staticlibs}
@@ -36,28 +30,15 @@
%global include_staticlibs 0
%endif
-# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
-%if %{with fresh_libjvm}
-%global build_hotspot_first 1
-%else
-%global build_hotspot_first 0
-%endif
-
-%if %{with system_libs}
-%global system_libs 1
-%global link_type system
-%global freetype_lib %{nil}
-%else
-%global system_libs 0
-%global link_type bundled
+#placeholder - used in regexes, otherwise for no use in portables
%global freetype_lib |libfreetype[.]so.*
-%endif
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
%global _find_debuginfo_opts -g
+
# note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros
# also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch
# see the difference between global and define:
@@ -147,7 +128,7 @@
# Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches}
-# By default, we build a slowdebug build during main build on JIT architectures
+# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
%ifarch %{debug_arches}
%global include_debug_build 1
@@ -161,19 +142,8 @@
# On certain architectures, we compile the Shenandoah GC
%ifarch %{shenandoah_arches}
%global use_shenandoah_hotspot 1
-%global shenandoah_feature shenandoahgc
%else
%global use_shenandoah_hotspot 0
-%global shenandoah_feature -shenandoahgc
-%endif
-
-# On certain architectures, we compile the ZGC
-%ifarch %{zgc_arches}
-%global use_zgc_hotspot 1
-%global zgc_feature zgc
-%else
-%global use_zgc_hotspot 0
-%global zgc_feature -zgc
%endif
# By default, we build a fastdebug build during main build only on fastdebug architectures
@@ -209,16 +179,6 @@
%global staticlibs_loop %{nil}
%endif
-%if 0%{?flatpak}
-%global bootstrap_build false
-%else
-%ifarch %{bootstrap_arches}
-%global bootstrap_build true
-%else
-%global bootstrap_build false
-%endif
-%endif
-
%if %{include_staticlibs}
# Extra target for producing the static-libraries. Separate from
# other targets since this target is configured to use in-tree
@@ -232,29 +192,12 @@
# RPM JDK builds keep the debug symbols internal, to be later stripped by RPM
%global debug_symbols internal
-# unlike portables,the rpms have to use static_libs_target very dynamically
-%global bootstrap_targets images
-%global release_targets images docs-zip
-# No docs nor bootcycle for debug builds
-%global debug_targets images
-# Target to use to just build HotSpot
-%global hotspot_target hotspot
-
-# JDK to use for bootstrapping
-%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
-
-# Disable LTO as this causes build failures at the moment.
-# See RHBZ#1861401
-%define _lto_cflags %{nil}
-
-# Filter out flags from the optflags macro that cause problems with the OpenJDK build
-# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
-# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs)
-# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings
-# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++
-%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||')
-%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||')
-%global ourldflags %{__global_ldflags}
+# VM variant being built
+%ifarch %{zero_arches}
+%global vm_variant zero
+%else
+%global vm_variant server
+%endif
# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path
# the initialization must be here. Later the pkg-config have buggy behavior
@@ -331,19 +274,15 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
-%global updatever 18
+%global updatever 19
%global patchver 0
-# buildjdkver is usually same as %%{featurever},
-# but in time of bootstrap of next jdk, it is featurever-1,
-# and this it is better to change it here, on single place
-%global buildjdkver %{featurever}
# Add LTS designator for RHEL builds
%if 0%{?rhel}
%global lts_designator "LTS"
%global lts_designator_zip -%{lts_designator}
%else
- %global lts_designator ""
- %global lts_designator_zip ""
+ %global lts_designator ""
+ %global lts_designator_zip ""
%endif
# Define vendor information used by OpenJDK
@@ -369,17 +308,14 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
-# Define current Git revision for the FIPS support patches
-%global fipsver 9087e80d0ab
# Standard JPackage naming and versioning defines
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 10
+%global buildver 7
%global rpmrelease 1
-#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -393,6 +329,7 @@
%global priority %( printf '%08d' 1 )
%endif
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
+%global javaver %{featurever}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
@@ -400,19 +337,19 @@
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
-%global javaver %{featurever}
-
# Define milestone (EA for pre-releases, GA for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%if %{is_ga}
+%global build_type GA
%global ea_designator ""
%global ea_designator_zip ""
%global extraver %{nil}
%global eaprefix %{nil}
%else
+%global build_type EA
%global ea_designator ea
%global ea_designator_zip -%{ea_designator}
%global extraver .%{ea_designator}
@@ -425,9 +362,11 @@
# images directories from upstream build
%global jdkimage jdk
%global static_libs_image static-libs
-# output dir stub
-%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
-%define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}}
+# installation directory for static libraries
+%global static_libs_root lib/static
+%global static_libs_arch_dir %{static_libs_root}/linux-%{archinstall}
+%global static_libs_install_dir %{static_libs_arch_dir}/glibc
+
# we can copy the javadoc to not arched dir, or make it not noarch
%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}}
# main id and dir of this jdk
@@ -859,6 +798,7 @@ exit 0
%define files_jre_headless() %{expand:
%license %{_jvmdir}/%{sdkdir -- %{?1}}/legal
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
+%{_jvmdir}/%{sdkdir -- %{?1}}/NEWS
%dir %{_sysconfdir}/.java/.systemPrefs
%dir %{_sysconfdir}/.java
%dir %{_jvmdir}/%{sdkdir -- %{?1}}
@@ -894,9 +834,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libawt_headless.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libdt_socket.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfontmanager.so
-%if ! %{system_libs}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfreetype.so
-%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libinstrument.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2gss.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2pcsc.so
@@ -932,7 +870,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jfr/default.jfc
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jfr/profile.jfc
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1*
-%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1*
+#%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1* #TODO, resolve alt-java man page
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/pack200-%{uniquesuffix -- %{?1}}.1*
@@ -969,7 +907,7 @@ exit 0
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access
-# This is a config template, and thus not config-noreplace
+# This is a config template, thus not config-noreplace
%config %{etcjavadir -- %{?1}}/conf/management/jmxremote.password.template
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/management.properties
%config(noreplace) %{etcjavadir -- %{?1}}/conf/net.properties
@@ -1113,13 +1051,14 @@ exit 0
%define files_src() %{expand:
%license %{_jvmdir}/%{sdkdir -- %{?1}}/legal
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/src.zip
+%{_jvmdir}/%{sdkdir -- %{?1}}/full_sources
}
%define files_static_libs() %{expand:
-%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static
-%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}
-%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}/glibc
-%{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}/glibc/lib*.a
+%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_root}
+%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_arch_dir}
+%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_install_dir}
+%{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_install_dir}/lib*.a
}
%define files_javadoc() %{expand:
@@ -1159,7 +1098,8 @@ Requires: libXcomposite%{?_isa}
Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# for java-X-openjdk package's desktop binding
-%if 0%{?rhel} >= 8
+# Where recommendations are available, recommend Gtk+ for the Swing look and feel
+%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Recommends: gtk3%{?_isa}
%endif
@@ -1182,6 +1122,7 @@ Provides: jre%{?1} = %{epoch}:%{version}-%{release}
Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
+# Require zone-info data provided by tzdata-java sub-package
# 2022g required as of JDK-8297804
Requires: tzdata-java >= 2022g
# for support of kernel stream control
@@ -1204,8 +1145,9 @@ Requires: nss
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
Requires(postun): %{alternatives_requires}
-# for optional support of kernel stream control, card reader and printing bindings
-%if 0%{?rhel} >= 8
+# Where suggestions are available, recommend the sctp and pcsc libraries
+# for optional support of kernel stream control and card reader
+%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa}
%endif
@@ -1304,6 +1246,10 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
# Prevent brp-java-repack-jars from being run
%global __jar_repack 0
+%global portable_name %{name}-portable
+# the version must match, but sometmes we need to more precise, so including release
+%global portable_version %{version}-2
+
Name: java-%{javaver}-%{origin}
Version: %{newjavaver}.%{buildver}
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
@@ -1319,7 +1265,8 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
Epoch: 1
Summary: %{origin_nice} %{featurever} Runtime Environment
-%if 0%{?rhel} <= 8
+# Groups are only used up to RHEL 8 and on Fedora versions prior to F30
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1340,11 +1287,6 @@ Group: Development/Languages
License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib and ISC and FTL and RSA
URL: http://openjdk.java.net/
-
-# to regenerate source0 (jdk) run update_package.sh
-# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
-Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz
-
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x).
# Systemtap tapsets. Zipped up to keep it small.
@@ -1353,15 +1295,6 @@ Source8: tapsets-icedtea-%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea
Source9: jconsole.desktop.in
-# Release notes
-Source10: NEWS
-
-# nss configuration file
-Source11: nss.cfg.in
-
-# Removed libraries that we link instead
-Source12: remove-intree-libraries.sh
-
# Ensure we aren't using the limited crypto policy
Source13: TestCryptoLevel.java
@@ -1374,142 +1307,52 @@ Source15: TestSecurityProperties.java
# Ensure vendor settings are correct
Source16: CheckVendor.java
-# nss fips configuration file
-Source17: nss.fips.cfg.in
-
# Ensure translations are available for new timezones
Source18: TestTranslations.java
-############################################
-#
-# RPM/distribution specific patches
-#
-############################################
-
-# Ignore AWTError when assistive technologies are loaded
-Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
-# Restrict access to java-atk-wrapper classes
-Patch2: rh1648644-java_access_bridge_privileged_security.patch
-# NSS via SunPKCS11 Provider (disabled due to memory leak).
-Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
-# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
-Patch600: rh1750419-redhat_alt_java.patch
-# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
-Patch1003: rh1842572-rsa_default_for_keytool.patch
-
-# Crypto policy and FIPS support patches
-# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips
-# as follows: git diff %%{vcstag} src make > fips-11u-$(git show -s --format=%h HEAD).patch
-# Diff is limited to src and make subdirectories to exclude .github changes
-# Fixes currently included:
-# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
-# PR3695: Allow use of system crypto policy to be disabled by the user
-# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
-# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode
-# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
-# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
-# RH1929465: Improve system FIPS detection
-# RH1996182: Login to the NSS software token in FIPS mode
-# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
-# RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
-# RH2021263: Return in C code after having generated Java exception
-# RH2052819: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
-# RH2051605: Detect NSS at Runtime for FIPS detection
-# RH2052819: Fix FIPS reliance on crypto policies
-# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
-# RH2090378: Revert to disabling system security properties and FIPS mode support together
-Patch1001: fips-11u-%{fipsver}.patch
-
-#############################################
-#
-# Shenandoah specific patches
-#
-#############################################
-
-# Currently empty
-
-#############################################
-#
-# Upstreamable patches
-#
-# This section includes patches which need to
-# be reviewed & pushed to the current development
-# tree of OpenJDK.
-#############################################
+BuildRequires: %{portable_name}-sources >= %{portable_version}
-Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
-
-#############################################
-#
-# Backportable patches
-#
-# This section includes patches which are
-# present in the current development tree, but
-# need to be reviewed & pushed to the appropriate
-# updates tree of OpenJDK.
-#############################################
+%if %{include_normal_build}
+BuildRequires: %{portable_name} >= %{portable_version}
+BuildRequires: %{portable_name}-devel >= %{portable_version}
+%if %{include_staticlibs}
+BuildRequires: %{portable_name}-static-libs >= %{portable_version}
+%endif
+%endif
+%if %{include_fastdebug_build}
+BuildRequires: %{portable_name}-fastdebug >= %{portable_version}
+BuildRequires: %{portable_name}-devel-fastdebug >= %{portable_version}
+%if %{include_staticlibs}
+BuildRequires: %{portable_name}-static-libs-fastdebug >= %{portable_version}
+%endif
+%endif
+%if %{include_debug_build}
+BuildRequires: %{portable_name}-slowdebug >= %{portable_version}
+BuildRequires: %{portable_name}-devel-slowdebug >= %{portable_version}
+%if %{include_staticlibs}
+BuildRequires: %{portable_name}-static-libs-slowdebug >= %{portable_version}
+%endif
+%endif
-#############################################
-#
-# Patches appearing in 11.0.18
-#
-# This section includes patches which are present
-# in the listed OpenJDK 11u release and should be
-# able to be removed once that release is out
-# and used by this RPM.
-#############################################
-
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: alsa-lib-devel
-BuildRequires: binutils
-BuildRequires: cups-devel
BuildRequires: desktop-file-utils
# elfutils only are OK for build without AOT
BuildRequires: elfutils-devel
-BuildRequires: fontconfig-devel
-BuildRequires: gcc-c++
BuildRequires: gdb
-BuildRequires: libxslt
-BuildRequires: libX11-devel
-BuildRequires: libXi-devel
-BuildRequires: libXinerama-devel
-BuildRequires: libXrandr-devel
-BuildRequires: libXrender-devel
-BuildRequires: libXt-devel
-BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel
# Requirement for system security property test
BuildRequires: crypto-policies
BuildRequires: pkgconfig
-BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: unzip
BuildRequires: javapackages-filesystem
-BuildRequires: java-%{buildjdkver}-openjdk-devel
-# Zero-assembler build requirement
-%ifarch %{zero_arches}
-BuildRequires: libffi-devel
-%endif
-# 2022g required as of JDK-8297804
+# ?
BuildRequires: tzdata-java >= 2022g
-# Earlier versions have a bug in tree vectorization on PPC
-BuildRequires: gcc >= 4.8.3-8
%if %{with_systemtap}
BuildRequires: systemtap-sdt-devel
%endif
-BuildRequires: make
-%if %{system_libs}
-BuildRequires: freetype-devel
-BuildRequires: giflib-devel
-BuildRequires: harfbuzz-devel
-BuildRequires: lcms2-devel
-BuildRequires: libjpeg-devel
-BuildRequires: libpng-devel
-%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.12.1
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
@@ -1524,7 +1367,6 @@ Provides: bundled(libjpeg) = 6b
Provides: bundled(libpng) = 1.6.37
# We link statically against libstdc++ to increase portability
BuildRequires: libstdc++-static
-%endif
# this is always built, also during debug-only build
# when it is built in debug-only this package is just placeholder
@@ -1536,7 +1378,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_debug_build}
%package slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1549,7 +1391,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_fastdebug_build}
%package fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1562,7 +1404,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_normal_build}
%package headless
Summary: %{origin_nice} %{featurever} Headless Runtime Environment
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1575,7 +1417,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_debug_build}
%package headless-slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_headless_rpo -- %{debug_suffix_unquoted}}
@@ -1587,7 +1431,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_fastdebug_build}
%package headless-fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_headless_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1599,7 +1445,7 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_normal_build}
%package devel
Summary: %{origin_nice} %{featurever} Development Environment
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1612,7 +1458,7 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_debug_build}
%package devel-slowdebug
Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1626,7 +1472,9 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_fastdebug_build}
%package devel-fastdebug
Summary: %{origin_nice} %{featurever} Development Environment %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools
+%endif
%{java_devel_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1675,7 +1523,7 @@ The %{origin_nice} %{featurever} libraries for static linking.
%if %{include_normal_build}
%package jmods
Summary: JMods for %{origin_nice} %{featurever}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1688,7 +1536,7 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_debug_build}
%package jmods-slowdebug
Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1702,7 +1550,9 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_fastdebug_build}
%package jmods-fastdebug
Summary: JMods for %{origin_nice} %{featurever} %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools
+%endif
%{java_jmods_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1714,7 +1564,7 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_normal_build}
%package demo
Summary: %{origin_nice} %{featurever} Demos
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1727,7 +1577,7 @@ The %{origin_nice} %{featurever} demos.
%if %{include_debug_build}
%package demo-slowdebug
Summary: %{origin_nice} %{featurever} Demos %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1741,7 +1591,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_fastdebug_build}
%package demo-fastdebug
Summary: %{origin_nice} %{featurever} Demos %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_demo_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1753,7 +1605,7 @@ The %{origin_nice} %{featurever} demos.
%if %{include_normal_build}
%package src
Summary: %{origin_nice} %{featurever} Source Bundle
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1767,7 +1619,7 @@ class library source code for use by IDE indexers and debuggers.
%if %{include_debug_build}
%package src-slowdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1781,7 +1633,9 @@ The %{compatiblename}-src-slowdebug sub-package contains the complete %{origin_n
%if %{include_fastdebug_build}
%package src-fastdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_fastdebug}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_src_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1793,20 +1647,22 @@ The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_n
%if %{include_normal_build}
%package javadoc
Summary: %{origin_nice} %{featurever} API documentation
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem
-Obsoletes: javadoc-slowdebug < 1:11.0.3.7-4
+Obsoletes: javadoc-slowdebug < 1:13.0.0.33-1.rolling
%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{featurever} API documentation.
+%endif
+%if %{include_normal_build}
%package javadoc-zip
Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem
@@ -1820,16 +1676,8 @@ The %{origin_nice} %{featurever} API documentation compressed in a single archiv
%endif
%prep
-
echo "Preparing %{oj_vendor_version}"
-# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
-%if 0%{?stapinstall:1}
- echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
-%else
- %{error:Unrecognised architecture %{_target_cpu}}
-%endif
-
if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then
echo "include_normal_build is %{include_normal_build}"
else
@@ -1852,7 +1700,6 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{includ
echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go."
exit 14
fi
-%setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}`
if [ $prioritylength -ne 8 ] ; then
@@ -1860,26 +1707,28 @@ if [ $prioritylength -ne 8 ] ; then
exit 14
fi
-# OpenJDK patches
-
-%if %{system_libs}
-# Remove libraries that are linked by both static and dynamic builds
-sh %{SOURCE12} %{top_level_dir_name}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.sources.noarch.tar.xz
+%if %{include_normal_build}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.jdk.%{_arch}.tar.xz
+#tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.jre.%{_arch}.tar.xz
+%if %{include_staticlibs}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.static-libs.%{_arch}.tar.xz
+%endif
+%endif
+%if %{include_fastdebug_build}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.fastdebug.jdk.%{_arch}.tar.xz
+#tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.fastdebug.jre.%{_arch}.tar.xz
+%if %{include_staticlibs}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.fastdebug.static-libs.%{_arch}.tar.xz
+%endif
+%endif
+%if %{include_debug_build}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.slowdebug.jdk.%{_arch}.tar.xz
+#tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.slowdebug.jre.%{_arch}.tar.xz
+%if %{include_staticlibs}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.slowdebug.static-libs.%{_arch}.tar.xz
+%endif
%endif
-
-# Patch the JDK
-pushd %{top_level_dir_name}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-# Add crypto policy and FIPS support
-%patch1001 -p1
-# nss.cfg PKCS11 support; must come last as it also alters java.security
-%patch1000 -p1
-popd # openjdk
-
-%patch600
-%patch1003
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -1927,376 +1776,105 @@ for file in %{SOURCE9}; do
done
done
-# Setup nss.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
-
-# Setup nss.fips.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
-
%build
-# How many CPU's do we have?
-export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
-export NUM_PROC=${NUM_PROC:-1}
-%if 0%{?_smp_ncpus_max}
-# Honor %%_smp_ncpus_max
-[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max}
-%endif
-
-%ifarch s390x sparc64 alpha %{power64} %{aarch64}
-export ARCH_DATA_MODEL=64
-%endif
-%ifarch alpha
-export CFLAGS="$CFLAGS -mieee"
-%endif
-
-# We use ourcppflags because the OpenJDK build seems to
-# pass EXTRA_CFLAGS to the HotSpot C++ compiler...
-EXTRA_CFLAGS="%ourcppflags -Wno-error"
-EXTRA_CPP_FLAGS="%ourcppflags"
-
-%ifarch %{power64} ppc
-# fix rpmlint warnings
-EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
-%endif
-%ifarch %{ix86}
-# Align stack boundary on x86_32
-EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
-EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
-%endif
-# Fixes annocheck warnings in assembler files due to missing build notes
-EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
-export EXTRA_CFLAGS EXTRA_CPP_FLAGS EXTRA_ASFLAGS
-
-function buildjdk() {
- local outputdir=${1}
- local buildjdk=${2}
- local maketargets="${3}"
- local debuglevel=${4}
- local link_opt=${5}
-
- local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
- local top_dir_abs_build_path=$(pwd)/${outputdir}
-
- # This must be set using the global, so that the
- # static libraries still use a dynamic stdc++lib
- if [ "x%{link_type}" = "xbundled" ] ; then
- libc_link_opt="static";
- else
- libc_link_opt="dynamic";
- fi
-
- echo "Using output directory: ${outputdir}";
- echo "Checking build JDK ${buildjdk} is operational..."
- ${buildjdk}/bin/java -version
- echo "Using make targets: ${maketargets}"
- echo "Using debuglevel: ${debuglevel}"
- echo "Using link_opt: ${link_opt}"
- echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
-
- mkdir -p ${outputdir}
- pushd ${outputdir}
-
- # Note: zlib and freetype use %{link_type}
- # rather than ${link_opt} as the system versions
- # are always used in a system_libs build, even
- # for the static library build
- bash ${top_dir_abs_src_path}/configure \
-%ifarch %{zero_arches}
- --with-jvm-variants=zero \
-%endif
-%ifarch %{ppc64le}
- --with-jobs=1 \
-%endif
- --with-version-build=%{buildver} \
- --with-version-pre="%{ea_designator}" \
- --with-version-opt=%{lts_designator} \
- --with-vendor-version-string="%{oj_vendor_version}" \
- --with-vendor-name="%{oj_vendor}" \
- --with-vendor-url="%{oj_vendor_url}" \
- --with-vendor-bug-url="%{oj_vendor_bug_url}" \
- --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
- --with-boot-jdk=${buildjdk} \
- --with-debug-level=${debuglevel} \
- --with-native-debug-symbols="%{debug_symbols}" \
- --disable-sysconf-nss \
- --enable-unlimited-crypto \
- --with-zlib=%{link_type} \
- --with-freetype=%{link_type} \
- --with-libjpeg=${link_opt} \
- --with-giflib=${link_opt} \
- --with-libpng=${link_opt} \
- --with-lcms=${link_opt} \
- --with-harfbuzz=${link_opt} \
- --with-stdc++lib=${libc_link_opt} \
- --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
- --with-extra-cflags="$EXTRA_CFLAGS" \
- --with-extra-asflags="$EXTRA_ASFLAGS" \
- --with-extra-ldflags="%{ourldflags}" \
- --with-num-cores="$NUM_PROC" \
- --disable-javac-server \
- --with-jvm-features="%{shenandoah_feature},%{zgc_feature}" \
- --disable-warnings-as-errors
-
- cat spec.gmk
-
- make \
- JAVAC_FLAGS=-g \
- LOG=trace \
- WARNINGS_ARE_ERRORS="-Wno-error" \
- CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
- $maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
-
- popd
-}
+%install
function installjdk() {
- local outputdir=${1}
- local installdir=${2}
- local imagepath=${installdir}/images/%{jdkimage}
-
- echo "Installing build from ${outputdir} to ${installdir}..."
- mkdir -p ${installdir}
- echo "Installing images..."
- mv ${outputdir}/images ${installdir}
- if [ -d ${outputdir}/bundles ] ; then
- echo "Installing bundles...";
- mv ${outputdir}/bundles ${installdir} ;
- fi
- if [ -d ${outputdir}/docs ] ; then
- echo "Installing docs...";
- mv ${outputdir}/docs ${installdir} ;
- fi
-
-%if !%{with artifacts}
- echo "Removing output directory...";
- rm -rf ${outputdir}
-%endif
+ local imagepath=${1}
if [ -d ${imagepath} ] ; then
- # the build (erroneously) removes read permissions from some jars
- # this is a regression in OpenJDK 7 (our compiler):
- # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
- find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
-
- # Build screws up permissions on binaries
- # https://bugs.openjdk.java.net/browse/JDK-8173610
- find ${imagepath} -iname '*.so' -exec chmod +x {} \;
- find ${imagepath}/bin/ -exec chmod +x {} \;
-
- # Install nss.cfg right away as we will be using the JRE above
- install -m 644 nss.cfg ${imagepath}/conf/security/
-
- # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
- install -m 644 nss.fips.cfg ${imagepath}/conf/security/
-
- # Turn on system security properties
- sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
- ${imagepath}/conf/security/java.security
-
- # Use system-wide tzdata
- rm ${imagepath}/lib/tzdb.dat
- ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
-
- # Create fake alt-java as a placeholder for future alt-java
- pushd ${imagepath}
- # add alt-java man page
- echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
- cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
- popd
-
- # Print release information
- cat ${imagepath}/release
-
+ # the build (erroneously) removes read permissions from some jars
+ # this is a regression in OpenJDK 7 (our compiler):
+ # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
+ find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
+
+ # Build screws up permissions on binaries
+ # https://bugs.openjdk.java.net/browse/JDK-8173610
+ find ${imagepath} -iname '*.so' -exec chmod +x {} \;
+ find ${imagepath}/bin/ -exec chmod +x {} \;
+
+ # Install nss.cfg right away as we will be using the JRE above
+ #is already there from portables
+ # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
+ #is already there from portables
+
+ # Turn on system security properties
+ sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
+ ${imagepath}/conf/security/java.security
+
+ # Use system-wide tzdata
+ mv ${imagepath}/lib/tzdb.dat{,.upstream}
+ ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
+
+ # Rename OpenJDK cacerts database
+ mv ${imagepath}/lib/security/cacerts{,.upstream}
+ # Install cacerts symlink needed by some apps which hard-code the path
+ ln -sv /etc/pki/java/cacerts ${imagepath}/lib/security
+
+ # add alt-java man page
+ # alt-java man and bianry are here from portables. Or not?
fi
}
-%if %{build_hotspot_first}
- # Build a fresh libjvm.so first and use it to bootstrap
- cp -LR --preserve=mode,timestamps %{bootjdk} newboot
- systemjdk=$(pwd)/newboot
- buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
- mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server
-%else
- systemjdk=%{bootjdk}
-%endif
-
-for suffix in %{build_loop} ; do
-
- if [ "x$suffix" = "x" ] ; then
- debugbuild=release
- else
- # change --something to something
- debugbuild=`echo $suffix | sed "s/-//g"`
- fi
-
-
- for loop in %{main_suffix} %{staticlibs_loop} ; do
-
- builddir=%{buildoutputdir -- ${suffix}${loop}}
- bootbuilddir=boot${builddir}
- installdir=%{installoutputdir -- ${suffix}${loop}}
- bootinstalldir=boot${installdir}
-
- if test "x${loop}" = "x%{main_suffix}" ; then
- link_opt="%{link_type}"
-%if %{system_libs}
- # Copy the source tree so we can remove all in-tree libraries
- cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
- # Remove all libraries that are linked
- sh %{SOURCE12} %{top_level_dir_name} full
-%endif
- # Debug builds don't need same targets as release for
- # build speed-up. We also avoid bootstrapping these
- # slower builds.
- if echo $debugbuild | grep -q "debug" ; then
- maketargets="%{debug_targets}"
- run_bootstrap=false
- else
- maketargets="%{release_targets}"
- run_bootstrap=%{bootstrap_build}
- fi
- if ${run_bootstrap} ; then
- buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
- installjdk ${bootbuilddir} ${bootinstalldir}
- buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
- installjdk ${builddir} ${installdir}
- %{!?with_artifacts:rm -rf ${bootinstalldir}}
- else
- buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
- installjdk ${builddir} ${installdir}
- fi
-%if %{system_libs}
- # Restore original source tree we modified by removing full in-tree sources
- rm -rf %{top_level_dir_name}
- mv %{top_level_dir_name_backup} %{top_level_dir_name}
-%endif
- else
- # Use bundled libraries for building statically
- link_opt="bundled"
- # Static library cycle only builds the static libraries
- maketargets="%{static_libs_target}"
- # Always just do the one build for the static libraries
- buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
- installjdk ${builddir} ${installdir}
- fi
-
- done # end of main / staticlibs loop
-
-# build cycles
-done # end of release / debug cycle loop
-
-%check
-
-# We test debug first as it will give better diagnostics on a crash
-for suffix in %{build_loop} ; do
-
-top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
-%if %{include_staticlibs}
-top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}}
-%endif
-
-export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
-
-#check Shenandoah is enabled
-%if %{use_shenandoah_hotspot}
-$JAVA_HOME//bin/java -XX:+UseShenandoahGC -version
-%endif
-
-# Check unlimited policy has been used
-$JAVA_HOME/bin/javac -d . %{SOURCE13}
-$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel
+# Checks on debuginfo must be performed before the files are stripped
+# by the RPM installation stage
+function debugcheckjdk() {
+ local imagepath=${1}
-# Check ECC is working
-$JAVA_HOME/bin/javac -d . %{SOURCE14}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
-
-# Check system crypto (policy) is active and can be disabled
-# Test takes a single argument - true or false - to state whether system
-# security properties are enabled or not.
-$JAVA_HOME/bin/javac -d . %{SOURCE15}
-export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
-export SEC_DEBUG="-Djava.security.debug=properties"
-$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
-$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
-
-# Check java launcher has no SSB mitigation
-if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
-
-# Check alt-java launcher has SSB mitigation on supported architectures
-%ifarch %{ssbd_arches}
-nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
-%else
-if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
-%endif
-
-# Check correct vendor values have been set
-$JAVA_HOME/bin/javac -d . %{SOURCE16}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}"
-
-# Check translations are available for new timezones
-$JAVA_HOME/bin/javac -d . %{SOURCE18}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
-$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR
-
-%if %{include_staticlibs}
-# Check debug symbols in static libraries (smoke test)
-export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}
-readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
-readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
-%endif
-
-so_suffix="so"
-# Check debug symbols are present and can identify code
-find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
-do
- if [ -f "$lib" ] ; then
- echo "Testing $lib for debug symbols"
- # All these tests rely on RPM failing the build if the exit code of any set
- # of piped commands is non-zero.
-
- # Test for .debug_* sections in the shared object. This is the main test
- # Stripped objects will not contain these
- eu-readelf -S "$lib" | grep "] .debug_"
- test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2
-
- # Test FILE symbols. These will most likely be removed by anything that
- # manipulates symbol tables because it's generally useless. So a nice test
- # that nothing has messed with symbols
- old_IFS="$IFS"
- IFS=$'\n'
- for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
- do
- # We expect to see .cpp files, except for architectures like aarch64 and
- # s390 where we expect .o and .oS files
- echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
- done
- IFS="$old_IFS"
-
- # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking
- if [ "`basename $lib`" = "libjvm.so" ]; then
- eu-readelf -s "$lib" | \
- grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$"
- fi
-
- # Test that there are no .gnu_debuglink sections pointing to another
- # debuginfo file. There shouldn't be any debuginfo files, so the link makes
- # no sense either
- eu-readelf -S "$lib" | grep 'gnu'
- if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then
- echo "bad .gnu_debuglink section."
- eu-readelf -x .gnu_debuglink "$lib"
- false
- fi
- fi
-done
+ if [ -d ${imagepath} ] ; then
-# Make sure gdb can do a backtrace based on line numbers on libjvm.so
-# javaCalls.cpp:58 should map to:
-# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/…
-# Using line number 1 might cause build problems. See:
-# https://bugzilla.redhat.com/show_bug.cgi?id=1539664
-# https://bugzilla.redhat.com/show_bug.cgi?id=1538767
-gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
+ so_suffix="so"
+ # Check debug symbols are present and can identify code
+ find "${imagepath}" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
+ do
+ if [ -f "$lib" ] ; then
+ echo "Testing $lib for debug symbols"
+ # All these tests rely on RPM failing the build if the exit code of any set
+ # of piped commands is non-zero.
+
+ # Test for .debug_* sections in the shared object. This is the main test
+ # Stripped objects will not contain these
+ eu-readelf -S "$lib" | grep "] .debug_"
+ test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2
+
+ # Test FILE symbols. These will most likely be removed by anything that
+ # manipulates symbol tables because it's generally useless. So a nice test
+ # that nothing has messed with symbols
+ old_IFS="$IFS"
+ IFS=$'\n'
+ for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
+ do
+ # We expect to see .cpp files, except for architectures like aarch64 and
+ # s390 where we expect .o and .oS files
+ echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
+ done
+ IFS="$old_IFS"
+
+ # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking
+ if [ "`basename $lib`" = "libjvm.so" ]; then
+ eu-readelf -s "$lib" | \
+ grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$"
+ fi
+
+ # Test that there are no .gnu_debuglink sections pointing to another
+ # debuginfo file. There shouldn't be any debuginfo files, so the link makes
+ # no sense either
+ eu-readelf -S "$lib" | grep 'gnu'
+ if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then
+ echo "bad .gnu_debuglink section."
+ eu-readelf -x .gnu_debuglink "$lib"
+ false
+ fi
+ fi
+ done
+
+ # Make sure gdb can do a backtrace based on line numbers on libjvm.so
+ # javaCalls.cpp:58 should map to:
+ # http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/…
+ # Using line number 1 might cause build problems. See:
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1539664
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1538767
+ gdb -q "${imagepath}/bin/java" <<EOF | tee gdb.out
handle SIGSEGV pass nostop noprint
handle SIGILL pass nostop noprint
set breakpoint pending on
@@ -2308,39 +1886,72 @@ end
run -version
EOF
%ifarch %{gdb_arches}
-grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
+ grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif
-# Check src.zip has all sources. See RHBZ#1130490
-$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
-
-# Check class files include useful debugging information
-$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
-$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
-$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
-
-# Check generated class files include useful debugging information
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
+ fi
+}
-# build cycles check
-done
+for suffix in %{build_loop} ; do
+ if [ "x$suffix" = "x" ] ; then
+ debugbuild=""
+ else
+ # change -something to .something
+ debugbuild=`echo $suffix | sed "s/-/./g"`
+ fi
+ # Final setup on the untarred images
+ # TODO revisit. jre may be complety useless to unpack and process,
+ # as all the files are taken from JDK tarball ans put to packages manually.
+ # jre tarball may be usefull for checking integrity of jre and jre headless subpackages
+ #for jdkjre in jdk jre ; do
+ for jdkjre in jdk ; do
+ buildoutputdir=`ls -d %{compatiblename}*portable${debugbuild}.${jdkjre}*`
+ top_dir_abs_main_build_path=$(pwd)/${buildoutputdir}
+ installjdk ${top_dir_abs_main_build_path}
+ # Check debug symbols were built into the dynamic libraries
+ if [ $jdkjre == jdk ] ; then
+ #jdk only?
+ debugcheckjdk ${top_dir_abs_main_build_path}
+ fi
+ # Print release information
+ cat ${top_dir_abs_main_build_path}/release
+ done
+# build cycles
+done # end of release / debug cycle loop
-%install
STRIP_KEEP_SYMTAB=libjvm*
for suffix in %{build_loop} ; do
-
-top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
+ if [ "x$suffix" = "x" ] ; then
+ debugbuild=""
+ else
+ # change -something to .something
+ debugbuild=`echo $suffix | sed "s/-/./g"`
+ fi
+ buildoutputdir=`ls -d %{compatiblename}*portable${debugbuild}.jdk*`
+ top_dir_abs_main_build_path=$(pwd)/${buildoutputdir}
%if %{include_staticlibs}
-top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}}
+ top_dir_abs_staticlibs_build_path=`ls -d $top_dir_abs_main_build_path/lib/static/*/glibc/`
%endif
-jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage}
+ jdk_image=${top_dir_abs_main_build_path}
+ src_image=`echo ${top_dir_abs_main_build_path} | sed "s/portable.*.%{_arch}/portable.sources.noarch/"`
# Install the jdk
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
+
+# Install icons
+for s in 16 24 32 48 ; do
+ install -D -p -m 644 \
+ ${src_image}/openjdk/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \
+ $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png
+done
+
+
cp -a ${jdk_image} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
+cp -a ${src_image} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/full_sources
+# JDK11 specific, bianry file in sources
+rm -vf "$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/full_sources/openjdk/test/jdk/sun/management/jmxremote/bootstrap/solaris-sparcv9/launcher"
+
pushd ${jdk_image}
@@ -2348,24 +1959,17 @@ pushd ${jdk_image}
# Install systemtap support files
install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
# note, that uniquesuffix is in BUILD dir in this case
- cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
+ cp -a $RPM_BUILD_DIR/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
tapsetFiles=`ls *.stp`
popd
install -d -m 755 $RPM_BUILD_ROOT%{tapsetdir}
for name in $tapsetFiles ; do
targetName=`echo $name | sed "s/.stp/$suffix.stp/"`
- ln -sf %{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
+ ln -srvf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
done
%endif
- # Remove empty cacerts database
- rm -f $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security/cacerts
- # Install cacerts symlink needed by some apps which hard-code the path
- pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security
- ln -sf /etc/pki/java/cacerts .
- popd
-
# Install version-ed symlinks
pushd $RPM_BUILD_ROOT%{_jvmdir}
ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
@@ -2378,40 +1982,35 @@ pushd ${jdk_image}
# Convert man pages to UTF8 encoding
iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp
mv -f $manpage.tmp $manpage
- install -m 644 -p $manpage $RPM_BUILD_ROOT%{_mandir}/man1/$(basename \
- $manpage .1)-%{uniquesuffix -- $suffix}.1
+ install -m 644 -p $manpage $RPM_BUILD_ROOT%{_mandir}/man1/$(basename $manpage .1)-%{uniquesuffix -- $suffix}.1
done
# Remove man pages from jdk image
rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man
popd
+
# Install static libs artefacts
%if %{include_staticlibs}
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc
-cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \
- $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc
+mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
+cp -a ${top_dir_abs_staticlibs_build_path}/*.a $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
%endif
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
- cp -a ${top_dir_abs_main_build_path}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
- built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
- cp -a ${top_dir_abs_main_build_path}/bundles/${built_doc_archive} \
- $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip || ls -l ${top_dir_abs_main_build_path}/bundles/
+ install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
+ built_doc_archive=javadocs.zip
+ cp -a ${top_dir_abs_main_build_path}/${built_doc_archive} \
+ $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip || ls -l ${top_dir_abs_main_build_path}
+ pushd $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
+ unzip ${top_dir_abs_main_build_path}/${built_doc_archive}
+ popd
fi
# Install release notes
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
install -d -m 755 ${commondocdir}
-cp -a %{SOURCE10} ${commondocdir}
-
-# Install icons and menu entries
-for s in 16 24 32 48 ; do
- install -D -p -m 644 \
- %{top_level_dir_name}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \
- $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png
-done
+cp -a ${top_dir_abs_main_build_path}/NEWS ${commondocdir}
# Install desktop files
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
@@ -2425,8 +2024,7 @@ done
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/.java/.systemPrefs
# copy samples next to demos; samples are mostly js files
-cp -r %{top_level_dir_name}/src/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/
-
+cp -r ${src_image}/%{top_level_dir_name}/src/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/
# moving config files to /etc
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
@@ -2434,21 +2032,104 @@ mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/conf/ $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib/security $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}
- ln -s %{etcjavadir -- $suffix}/conf ./conf
+ ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/conf ./conf
popd
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib
- ln -s %{etcjavadir -- $suffix}/lib/security ./security
+ ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/lib/security ./security
popd
# end moving files to /etc
+#TODO this is done also i portables and in install jdk. But hard to say where the operation will hapen at the end
# stabilize permissions
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ;
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ;
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ;
+if [ "x$suffix" = "x" ] ; then
+ rm $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/javadocs.zip #is in subpackages, 1 renamed, 2nd unpacked
+fi
# end, dual install
done
+%check
+
+# We test debug first as it will give better diagnostics on a crash
+for suffix in %{build_loop} ; do
+
+# Tests in the check stage are performed on the installed image
+# rpmbuild operates as follows: build -> install -> test
+export JAVA_HOME=${RPM_BUILD_ROOT}%{_jvmdir}/%{sdkdir -- $suffix}
+
+#check Shenandoah is enabled
+%if %{use_shenandoah_hotspot}
+$JAVA_HOME/bin/java -XX:+UseShenandoahGC -version
+%endif
+
+# Check unlimited policy has been used
+$JAVA_HOME/bin/javac -d . %{SOURCE13}
+$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel
+
+# Check ECC is working
+$JAVA_HOME/bin/javac -d . %{SOURCE14}
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
+
+# Check system crypto (policy) is active and can be disabled
+# Test takes a single argument - true or false - to state whether system
+# security properties are enabled or not.
+$JAVA_HOME/bin/javac -d . %{SOURCE15}
+export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
+export SEC_DEBUG="-Djava.security.debug=properties"
+$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
+$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
+
+# Check java launcher has no SSB mitigation
+if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
+
+# Check alt-java launcher has SSB mitigation on supported architectures
+%ifarch %{ssbd_arches}
+nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
+%else
+if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
+%endif
+
+# Check correct vendor values have been set
+$JAVA_HOME/bin/javac -d . %{SOURCE16}
+#TODO skipped vendor check. It now points to PORTABLE version of jdk.
+#$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}"
+
+%if ! 0%{?flatpak}
+# Check translations are available for new timezones (during flatpak builds, the
+# tzdb.dat used by this test is not where the test expects it, so this is
+# disabled for flatpak builds)
+$JAVA_HOME/bin/javac -d . %{SOURCE18}
+#TODO doublecheck tzdata handling
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE || echo "TZDATA no longer can be synced with system, because we repack"
+$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR || echo "TZDATA no longer can be synced with system, because we repack"
+%endif
+
+%if %{include_staticlibs}
+# Check debug symbols in static libraries (smoke test)
+export STATIC_LIBS_HOME=${JAVA_HOME}/%{static_libs_install_dir}
+readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep w_remainder.c
+readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep e_remainder.c
+%endif
+
+# Check src.zip has all sources. See RHBZ#1130490
+$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
+
+# Check class files include useful debugging information
+$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
+$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
+$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
+
+# Check generated class files include useful debugging information
+$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
+$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
+$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
+
+# build cycles check
+done
+
%if %{include_normal_build}
# intentionally only for non-debug
%pretrans headless -p <lua>
@@ -2464,7 +2145,7 @@ local posix = require "posix"
if (os.getenv("debug") == "true") then
debug = true;
print("cjc: in spec debug is on")
-else
+else
debug = false;
end
@@ -2715,6 +2396,19 @@ end
%endif
%changelog
+* Sat Apr 29 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:11.0.19.0.7-1
+- updated to 17.0.7.0.7 underlying portables
+- requirign 17.0.7.0.7-2 due to news, and much more tuning
+- now untarring enforced version
+- repacked bits are now requested in exact version
+- repacked portables
+- using icons from source package
+- providing full sources via src package
+- requiring exact version.reelase of portables
+- todo, lost alt java manpage.. probably already in portables
+- TODO conslut this clean up - javdoc
+- todo, debuginfo
+
* Thu Jan 26 2023 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.18.0.10-1
- Update to jdk-11.0.18+10 (GA)
- Update release notes to 11.0.18+10
diff --git a/nss.cfg.in b/nss.cfg.in
deleted file mode 100644
index 377a39c..0000000
--- a/nss.cfg.in
+++ /dev/null
@@ -1,5 +0,0 @@
-name = NSS
-nssLibraryDirectory = @NSS_LIBDIR@
-nssDbMode = noDb
-attributes = compatibility
-handleStartupErrors = ignoreMultipleInitialisation
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
deleted file mode 100644
index 2d9ec35..0000000
--- a/nss.fips.cfg.in
+++ /dev/null
@@ -1,8 +0,0 @@
-name = NSS-FIPS
-nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = sql:/etc/pki/nssdb
-nssDbMode = readOnly
-nssModule = fips
-
-attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
-
diff --git a/openjdk_news.sh b/openjdk_news.sh
deleted file mode 100755
index 560b356..0000000
--- a/openjdk_news.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-
-# Copyright (C) 2022 Red Hat, Inc.
-# Written by Andrew John Hughes <gnu.andrew(a)redhat.com>, 2012-2022
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-OLD_RELEASE=$1
-NEW_RELEASE=$2
-SUBDIR=$3
-REPO=$4
-SCRIPT_DIR=$(dirname ${0})
-
-if test "x${SUBDIR}" = "x"; then
- echo "No subdirectory specified; using .";
- SUBDIR=".";
-fi
-
-if test "x$REPO" = "x"; then
- echo "No repository specified; using ${PWD}"
- REPO=${PWD}
-fi
-
-if test x${TMPDIR} = x; then
- TMPDIR=/tmp;
-fi
-
-echo "Repository: ${REPO}"
-
-if [ -e ${REPO}/.git ] ; then
- TYPE=git;
-elif [ -e ${REPO}/.hg ] ; then
- TYPE=hg;
-else
- echo "No Mercurial or Git repository detected.";
- exit 1;
-fi
-
-if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
- echo "ERROR: Need to specify old and new release";
- exit 2;
-fi
-
-echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
-rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
-for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
-do
- if test "x$TYPE" = "xhg"; then
- hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
- egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])# - JDK-\1#'| \
- sed 's#^[o:| ]*summary:\W*# - #' >> ${TMPDIR}/fixes2;
- hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
- egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})# - JDK-\1#' >> ${TMPDIR}/fixes3;
- else
- git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
- sed -r 's#^([0-9])# - JDK-\1#' >> ${TMPDIR}/fixes2;
- touch ${TMPDIR}/fixes3 ; # unused
- fi
-done
-
-sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
-rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
-
-echo "In ${TMPDIR}/fixes:"
-cat ${TMPDIR}/fixes
diff --git a/remove-intree-libraries.sh b/remove-intree-libraries.sh
deleted file mode 100644
index ee02f60..0000000
--- a/remove-intree-libraries.sh
+++ /dev/null
@@ -1,166 +0,0 @@
-#!/bin/sh
-
-# Arguments: <JDK TREE> <MINIMAL|FULL>
-TREE=${1}
-TYPE=${2}
-
-ZIP_SRC=src/java.base/share/native/libzip/zlib/
-FREETYPE_SRC=src/java.desktop/share/native/libfreetype/
-JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
-GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
-PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
-LCMS_SRC=src/java.desktop/share/native/liblcms/
-
-if test "x${TREE}" = "x"; then
- echo "$0 <JDK_TREE> (MINIMAL|FULL)";
- exit 1;
-fi
-
-if test "x${TYPE}" = "x"; then
- TYPE=minimal;
-fi
-
-if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
- echo "Type must be minimal or full";
- exit 2;
-fi
-
-echo "Removing in-tree libraries from ${TREE}"
-echo "Cleansing operation: ${TYPE}";
-
-cd ${TREE}
-
-echo "Removing built-in libs (they will be linked)"
-
-# On full runs, allow for zlib & freetype having already been deleted by minimal
-echo "Removing zlib"
-if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
- echo "${ZIP_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${ZIP_SRC}
-echo "Removing freetype"
-if [ "x${TYPE}" = "xminimal" -a ! -d ${FREETYPE_SRC} ]; then
- echo "${FREETYPE_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${FREETYPE_SRC}
-
-# Minimal is limited to just zlib and freetype so finish here
-if test "x${TYPE}" = "xminimal"; then
- echo "Finished.";
- exit 0;
-fi
-
-echo "Removing libjpeg"
-if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
- echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
- exit 1
-fi
-
-rm -vf ${JPEG_SRC}/jcomapi.c
-rm -vf ${JPEG_SRC}/jdapimin.c
-rm -vf ${JPEG_SRC}/jdapistd.c
-rm -vf ${JPEG_SRC}/jdcoefct.c
-rm -vf ${JPEG_SRC}/jdcolor.c
-rm -vf ${JPEG_SRC}/jdct.h
-rm -vf ${JPEG_SRC}/jddctmgr.c
-rm -vf ${JPEG_SRC}/jdhuff.c
-rm -vf ${JPEG_SRC}/jdhuff.h
-rm -vf ${JPEG_SRC}/jdinput.c
-rm -vf ${JPEG_SRC}/jdmainct.c
-rm -vf ${JPEG_SRC}/jdmarker.c
-rm -vf ${JPEG_SRC}/jdmaster.c
-rm -vf ${JPEG_SRC}/jdmerge.c
-rm -vf ${JPEG_SRC}/jdphuff.c
-rm -vf ${JPEG_SRC}/jdpostct.c
-rm -vf ${JPEG_SRC}/jdsample.c
-rm -vf ${JPEG_SRC}/jerror.c
-rm -vf ${JPEG_SRC}/jerror.h
-rm -vf ${JPEG_SRC}/jidctflt.c
-rm -vf ${JPEG_SRC}/jidctfst.c
-rm -vf ${JPEG_SRC}/jidctint.c
-rm -vf ${JPEG_SRC}/jidctred.c
-rm -vf ${JPEG_SRC}/jinclude.h
-rm -vf ${JPEG_SRC}/jmemmgr.c
-rm -vf ${JPEG_SRC}/jmemsys.h
-rm -vf ${JPEG_SRC}/jmemnobs.c
-rm -vf ${JPEG_SRC}/jmorecfg.h
-rm -vf ${JPEG_SRC}/jpegint.h
-rm -vf ${JPEG_SRC}/jpeglib.h
-rm -vf ${JPEG_SRC}/jquant1.c
-rm -vf ${JPEG_SRC}/jquant2.c
-rm -vf ${JPEG_SRC}/jutils.c
-rm -vf ${JPEG_SRC}/jcapimin.c
-rm -vf ${JPEG_SRC}/jcapistd.c
-rm -vf ${JPEG_SRC}/jccoefct.c
-rm -vf ${JPEG_SRC}/jccolor.c
-rm -vf ${JPEG_SRC}/jcdctmgr.c
-rm -vf ${JPEG_SRC}/jchuff.c
-rm -vf ${JPEG_SRC}/jchuff.h
-rm -vf ${JPEG_SRC}/jcinit.c
-rm -vf ${JPEG_SRC}/jconfig.h
-rm -vf ${JPEG_SRC}/jcmainct.c
-rm -vf ${JPEG_SRC}/jcmarker.c
-rm -vf ${JPEG_SRC}/jcmaster.c
-rm -vf ${JPEG_SRC}/jcparam.c
-rm -vf ${JPEG_SRC}/jcphuff.c
-rm -vf ${JPEG_SRC}/jcprepct.c
-rm -vf ${JPEG_SRC}/jcsample.c
-rm -vf ${JPEG_SRC}/jctrans.c
-rm -vf ${JPEG_SRC}/jdtrans.c
-rm -vf ${JPEG_SRC}/jfdctflt.c
-rm -vf ${JPEG_SRC}/jfdctfst.c
-rm -vf ${JPEG_SRC}/jfdctint.c
-rm -vf ${JPEG_SRC}/jversion.h
-rm -vf ${JPEG_SRC}/README
-
-echo "Removing giflib"
-if [ ! -d ${GIF_SRC} ]; then
- echo "${GIF_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${GIF_SRC}
-
-echo "Removing libpng"
-if [ ! -d ${PNG_SRC} ]; then
- echo "${PNG_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${PNG_SRC}
-
-echo "Removing lcms"
-if [ ! -d ${LCMS_SRC} ]; then
- echo "${LCMS_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -vf ${LCMS_SRC}/cmscam02.c
-rm -vf ${LCMS_SRC}/cmscgats.c
-rm -vf ${LCMS_SRC}/cmscnvrt.c
-rm -vf ${LCMS_SRC}/cmserr.c
-rm -vf ${LCMS_SRC}/cmsgamma.c
-rm -vf ${LCMS_SRC}/cmsgmt.c
-rm -vf ${LCMS_SRC}/cmshalf.c
-rm -vf ${LCMS_SRC}/cmsintrp.c
-rm -vf ${LCMS_SRC}/cmsio0.c
-rm -vf ${LCMS_SRC}/cmsio1.c
-rm -vf ${LCMS_SRC}/cmslut.c
-rm -vf ${LCMS_SRC}/cmsmd5.c
-rm -vf ${LCMS_SRC}/cmsmtrx.c
-rm -vf ${LCMS_SRC}/cmsnamed.c
-rm -vf ${LCMS_SRC}/cmsopt.c
-rm -vf ${LCMS_SRC}/cmspack.c
-rm -vf ${LCMS_SRC}/cmspcs.c
-rm -vf ${LCMS_SRC}/cmsplugin.c
-rm -vf ${LCMS_SRC}/cmsps2.c
-rm -vf ${LCMS_SRC}/cmssamp.c
-rm -vf ${LCMS_SRC}/cmssm.c
-rm -vf ${LCMS_SRC}/cmstypes.c
-rm -vf ${LCMS_SRC}/cmsvirt.c
-rm -vf ${LCMS_SRC}/cmswtpnt.c
-rm -vf ${LCMS_SRC}/cmsxform.c
-rm -vf ${LCMS_SRC}/lcms2.h
-rm -vf ${LCMS_SRC}/lcms2_internal.h
-rm -vf ${LCMS_SRC}/lcms2_plugin.h
-
-
diff --git a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
deleted file mode 100644
index a877506..0000000
--- a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java
---- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
-+++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
-@@ -883,9 +883,13 @@
- return null;
- }
- });
- if (!GraphicsEnvironment.isHeadless()) {
-- loadAssistiveTechnologies();
-+ try {
-+ loadAssistiveTechnologies();
-+ } catch (AWTError error) {
-+ // ignore silently
-+ }
- }
- }
- return toolkit;
- }
diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
deleted file mode 100644
index cd3329a..0000000
--- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
-index 474fe6f401f..7e94ae32023 100644
---- a/src/java.base/share/conf/security/java.security
-+++ b/src/java.base/share/conf/security/java.security
-@@ -84,6 +84,7 @@ security.provider.tbd=Apple
- #ifndef solaris
- security.provider.tbd=SunPKCS11
- #endif
-+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
-
- #
- # Security providers used when FIPS mode support is active
diff --git a/rh1648644-java_access_bridge_privileged_security.patch b/rh1648644-java_access_bridge_privileged_security.patch
deleted file mode 100644
index 53026ad..0000000
--- a/rh1648644-java_access_bridge_privileged_security.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- openjdk/src/java.base/share/conf/security/java.security
-+++ openjdk/src/java.base/share/conf/security/java.security
-@@ -304,6 +304,8 @@
- #
- package.access=sun.misc.,\
- sun.reflect.,\
-+ org.GNOME.Accessibility.,\
-+ org.GNOME.Bonobo.,\
-
- #
- # List of comma-separated packages that start with or equal this string
-@@ -316,6 +318,8 @@
- #
- package.definition=sun.misc.,\
- sun.reflect.,\
-+ org.GNOME.Accessibility.,\
-+ org.GNOME.Bonobo.,\
-
- #
- # Determines whether this properties file can be appended to
diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch
deleted file mode 100644
index e6355f2..0000000
--- a/rh1750419-redhat_alt_java.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
---- openjdk/make/launcher/Launcher-java.base.gmk Wed Nov 25 08:27:15 2020 +0100
-+++ openjdk/make/launcher/Launcher-java.base.gmk Tue Dec 01 12:29:30 2020 +0100
-@@ -41,6 +41,16 @@
- OPTIMIZATION := HIGH, \
- ))
-
-+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
-+$(eval $(call SetupBuildLauncher, alt-java, \
-+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
-+ LDFLAGS_solaris := -R$(OPENWIN_HOME)/lib$(OPENJDK_TARGET_CPU_ISADIR), \
-+ LIBS_windows := user32.lib comctl32.lib, \
-+ EXTRA_RC_FLAGS := $(JAVA_RC_FLAGS), \
-+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
-+ OPTIMIZATION := HIGH, \
-+))
-+
- ifeq ($(OPENJDK_TARGET_OS), windows)
- $(eval $(call SetupBuildLauncher, javaw, \
- CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
-
-diff -r 25e94aa812b2 src/share/bin/alt_main.h
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ openjdk/src/java.base/share/native/launcher/alt_main.h Tue Jun 02 17:15:28 2020 +0100
-@@ -0,0 +1,73 @@
-+/*
-+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+#ifdef REDHAT_ALT_JAVA
-+
-+#include <sys/prctl.h>
-+
-+
-+/* Per task speculation control */
-+#ifndef PR_GET_SPECULATION_CTRL
-+# define PR_GET_SPECULATION_CTRL 52
-+#endif
-+#ifndef PR_SET_SPECULATION_CTRL
-+# define PR_SET_SPECULATION_CTRL 53
-+#endif
-+/* Speculation control variants */
-+#ifndef PR_SPEC_STORE_BYPASS
-+# define PR_SPEC_STORE_BYPASS 0
-+#endif
-+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
-+
-+#ifndef PR_SPEC_NOT_AFFECTED
-+# define PR_SPEC_NOT_AFFECTED 0
-+#endif
-+#ifndef PR_SPEC_PRCTL
-+# define PR_SPEC_PRCTL (1UL << 0)
-+#endif
-+#ifndef PR_SPEC_ENABLE
-+# define PR_SPEC_ENABLE (1UL << 1)
-+#endif
-+#ifndef PR_SPEC_DISABLE
-+# define PR_SPEC_DISABLE (1UL << 2)
-+#endif
-+#ifndef PR_SPEC_FORCE_DISABLE
-+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
-+#endif
-+#ifndef PR_SPEC_DISABLE_NOEXEC
-+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
-+#endif
-+
-+static void set_speculation() __attribute__((constructor));
-+static void set_speculation() {
-+ if ( prctl(PR_SET_SPECULATION_CTRL,
-+ PR_SPEC_STORE_BYPASS,
-+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
-+ return;
-+ }
-+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
-+}
-+
-+#endif // REDHAT_ALT_JAVA
-diff -r 25e94aa812b2 src/share/bin/main.c
---- openjdk/src/java.base/share/native/launcher/main.c Wed Feb 05 12:20:36 2020 -0300
-+++ openjdk/src/java.base/share/native/launcher/main.c Tue Jun 02 17:15:28 2020 +0100
-@@ -34,6 +34,14 @@
- #include "jli_util.h"
- #include "jni.h"
-
-+#ifdef REDHAT_ALT_JAVA
-+#if defined(__linux__) && defined(__x86_64__)
-+#include "alt_main.h"
-+#else
-+#warning alt-java requested but SSB mitigation not available on this platform.
-+#endif
-+#endif
-+
- #ifdef _MSC_VER
- #if _MSC_VER > 1400 && _MSC_VER < 1600
-
diff --git a/rh1842572-rsa_default_for_keytool.patch b/rh1842572-rsa_default_for_keytool.patch
deleted file mode 100644
index 9f1dabc..0000000
--- a/rh1842572-rsa_default_for_keytool.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
---- openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java
-+++ openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
-@@ -1135,7 +1135,7 @@
- }
- } else if (command == GENKEYPAIR) {
- if (keyAlgName == null) {
-- keyAlgName = "DSA";
-+ keyAlgName = "RSA";
- }
- doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName);
- kssave = true;
diff --git a/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch b/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
deleted file mode 100644
index 1b706a1..0000000
--- a/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Remove uses of FAR in jpeg code
-
-Upstream libjpeg-trubo removed the (empty) FAR macro:
-http://sourceforge.net/p/libjpeg-turbo/code/1312/
-
-Adjust our code to not use the undefined FAR macro anymore.
-
-diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
---- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
-+++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
-@@ -1385,7 +1385,7 @@
- /* and fill it in */
- dst_ptr = icc_data;
- for (seq_no = first; seq_no < last; seq_no++) {
-- JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
-+ JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
- unsigned int length =
- icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN;
-
diff --git a/sources b/sources
index 5ea198a..3bbbb1b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz) = c946ec14e1fb4ec40269e0928734368a6d68712549ae450e346d53ab1ae553a280402c6c7e346c859a3e65ec83fc1adefbad733fe8d5e89f0b6d43314558a0b5
diff --git a/update_package.sh b/update_package.sh
deleted file mode 100644
index 9831993..0000000
--- a/update_package.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash -x
-# this file contains defaults for currently generated source tarballs
-
-set -e
-
-# OpenJDK from Shenandoah project
-export PROJECT_NAME="shenandoah"
-export REPO_NAME="jdk11"
-# warning, clonning without shenadnaoh prefix, you will clone pure jdk - thus without shenandaoh GC
-export VERSION="shenandoah-jdk-11.0.3+7"
-export COMPRESSION=xz
-# unset tapsets overrides
-export OPENJDK_URL=""
-export TO_COMPRESS=""
-# warning, filename and filenameroot creation is duplicated here from generate_source_tarball.sh
-export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
-FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
-
-if [ ! -f ${FILENAME} ] ; then
-echo "Generating ${FILENAME}"
- sh ./generate_source_tarball.sh
-else
- echo "exists exists exists exists exists exists exists "
- echo "reusing reusing reusing reusing reusing reusing "
- echo ${FILENAME}
-fi
-
-set +e
-
-major=`echo $REPO_NAME | sed 's/[a-zA-Z]*//g'`
-build=`echo $VERSION | sed 's/.*+//g'`
-name_helper=`echo $FILENAME | sed s/$major/'%{majorver}'/g `
-name_helper=`echo $name_helper | sed s/$build/'%{buildver}'/g `
-echo "align specfile acordingly:"
-echo " sed 's/^Source0:.*/Source0: $name_helper/' -i *.spec"
-echo " sed 's/^Source8:.*/Source8: $TAPSET/' -i *.spec"
-echo " sed 's/^%global buildver.*/%global buildver $build/' -i *.spec"
-echo " sed 's/Release:.*/Release: 1%{?dist}/' -i *.spec"
-echo "and maybe others...."
-echo "you should fedpkg/rhpkg new-sources $TAPSET $FILENAME"
-echo "you should fedpkg/rhpkg prep --arch XXXX on all architectures: x86_64 i386 i586 i686 ppc ppc64 ppc64le s390 s390x aarch64 armv7hl"
-
The package rpms/java-11-openjdk.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-11-openjdk.git/commit/?id=0180….
Change:
+%ifarch %{ssbd_arches}
Thanks.
Full change:
============
commit c59da7e972f3aa10c8e62e4ca8459b70c53a4b4a
Merge: fe878a8 3d2f837
Author: Jiri <jvanek(a)redhat.com>
Date: Sun Apr 30 10:52:44 2023 +0200
Merge branch 'f38' into f37
commit 3d2f8374c5c59132a06e3007ff54684157b26de8
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Apr 29 17:21:07 2023 +0200
Added tzdata.usptream and cacerts.upstream
diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 3ba613f..368af80 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -824,6 +824,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfont.properties.ja
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfontj2d.properties
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat
+%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat.upstream
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/jli
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jli/libjli.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jvm.cfg
@@ -886,6 +887,7 @@ exit 0
%dir %{etcjavadir -- %{?1}}/lib
%dir %{etcjavadir -- %{?1}}/lib/security
%{etcjavadir -- %{?1}}/lib/security/cacerts
+%{etcjavadir -- %{?1}}/lib/security/cacerts.upstream
%dir %{etcjavadir -- %{?1}}/conf
%dir %{etcjavadir -- %{?1}}/conf/management
%dir %{etcjavadir -- %{?1}}/conf/security
commit 0180d4e988f72c718785051bbb34a8f2ad567225
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Apr 29 16:39:42 2023 +0200
updated to 17.0.7.0.7 underlying portables
- requirign 17.0.7.0.7-2 due to news, and much more tuning
- now untarring enforced version
- repacked bits are now requested in exact version
- repacked portables
- using icons from source package
- providing full sources via src package
- requiring exact version.reelase of portables
- todo, lost alt java manpage.. probably already in portables
- TODO conslut this clean up - javdoc
- todo, debuginfo
diff --git a/NEWS b/NEWS
deleted file mode 100644
index e03d474..0000000
--- a/NEWS
+++ /dev/null
@@ -1,4303 +0,0 @@
-Key:
-
-JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
-CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-
-New in release OpenJDK 11.0.18 (2023-01-17):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk11018
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.18.html
-
-* CVEs
- - CVE-2023-21835
- - CVE-2023-21843
-* Security fixes
- - JDK-8286070: Improve UTF8 representation
- - JDK-8286496: Improve Thread labels
- - JDK-8287411: Enhance DTLS performance
- - JDK-8288516: Enhance font creation
- - JDK-8289350: Better media supports
- - JDK-8293554: Enhanced DH Key Exchanges
- - JDK-8293598: Enhance InetAddress address handling
- - JDK-8293717: Objective view of ObjectView
- - JDK-8293734: Improve BMP image handling
- - JDK-8293742: Better Banking of Sounds
- - JDK-8295687: Better BMP bounds
-* Other changes
- - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException
- - JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider
- - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
- - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
- - JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails
- - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed
- - JDK-8029633: Raw inner class constructor ref should not perform diamond inference
- - JDK-8030121: java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java fails
- - JDK-8079267: [TEST_BUG] Test java/awt/Frame/MiscUndecorated/RepaintTest.java fails
- - JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails
- - JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
- - JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/MultiresolutionIconTest.java
- - JDK-8172269: When checking the default behaviour for a scroll tab layout and checking the 'opaque' checkbox, the area behind tabs is not red.
- - JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout
- - JDK-8193942: Regression automated test '/open/test/jdk/javax/swing/JFrame/8175301/ScaledFrameBackgroundTest.java' fails
- - JDK-8194126: Regression automated Test '/open/test/jdk/javax/swing/JColorChooser/Test7194184.java' fails
- - JDK-8198343: Test java/awt/print/PrinterJob/TestPgfmtSetMPA.java may fail w/o printer
- - JDK-8199290: [TESTBUG] sun.hotspot.WhiteBox$WhiteBoxPermission is not copied
- - JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails
- - JDK-8206125: [windows] cannot pass relative path to --with-boot-jdk
- - JDK-8210047: some pages contain content outside of landmark region
- - JDK-8211002: test/jdk/java/lang/Math/PowTests.java skips testing for non-corner-case values
- - JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch
- - JDK-8213239: Configure cannot handle command overrides with arguments
- - JDK-8215571: jdb does not include jdk.* in the default class filter
- - JDK-8217032: Check pandoc capabilities in configure
- - JDK-8222091: Javadoc does not handle package annotations correctly on package-info.java
- - JDK-8222251: preflow visitor is not visiting lambda expressions
- - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
- - JDK-8227179: Test for new gc+metaspace=info output format
- - JDK-8227651: Tests fail with SSLProtocolException: Input record too big
- - JDK-8228672: [TESTBUG] gc/metaspace/TestSizeTransitions.java fails on 32-bit platforms
- - JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs
- - JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos
- - JDK-8233565: [TESTBUG] NullModalityDialogTest.java fails on MacOS
- - JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos
- - JDK-8239708: Split basics.m4 into basic.m4 and util.m4
- - JDK-8240281: Remove failing assertion code when selecting first memory state in SuperWord::co_locate_pack
- - JDK-8242468: VS2019 build missing vcruntime140_1.dll
- - JDK-8243565: some gc tests use 'test.java.opts' and not 'test.vm.opts'
- - JDK-8243568: serviceability/logging/TestLogRotation.java uses 'test.java.opts' and not 'test.vm.opts'
- - JDK-8244010: Simplify usages of ProcessTools.createJavaProcessBuilder in our tests
- - JDK-8244557: test/jdk/javax/swing/JTabbedPane/TestBackgroundScrollPolicy.java failed
- - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
- - JDK-8249694: java/lang/StringBuffer/HugeCapacity.java and j/l/StringBuilder/HugeCapacity.java tests shouldn't be @ignore-d
- - JDK-8253877: gc/g1/TestGCLogMessages.java fails - missing "Evacuation failure" message
- - JDK-8254874: ZGC: JNIHandleBlock verification failure in stack watermark processing
- - JDK-8254976: Re-enable swing jtreg tests which were broken due to samevm mode
- - JDK-8255439: System Tray icons get corrupted when Windows scaling changes
- - JDK-8256109: Create implementation for NSAccessibilityButton protocol
- - JDK-8257679: Improved unix compatibility layer in Windows build (winenv)
- - JDK-8257722: Improve "keytool -printcert -jarfile" output
- - JDK-8258005: JDK build fails with incorrect fixpath script
- - JDK-8259485: Document need for short paths when building on Windows
- - JDK-8260272: bash configure --prefix does not work after JDK-8257679
- - JDK-8261336: IGV: enhance default filters
- - JDK-8261445: Use memory_order_relaxed for os::random().
- - JDK-8261758: [TESTBUG] gc/g1/TestGCLogMessages.java fails if ergonomics detect too small InitialHeapSize
- - JDK-8263326: Remove ReceiverTypeData check from serviceability/sa/TestPrintMdo.java
- - JDK-8263871: On sem_destroy() failing we should assert
- - JDK-8264593: debug.cpp utilities should be available in product builds.
- - JDK-8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class
- - JDK-8266082: AssertionError in Annotate.fromAnnotations with -Xdoclint
- - JDK-8266967: debug.cpp utility find() should print Java Object fields.
- - JDK-8268361: Fix the infinite loop in next_line
- - JDK-8268860: Windows-Aarch64 build is failing in GitHub actions
- - JDK-8268893: jcmd to trim the glibc heap
- - JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs
- - JDK-8269873: serviceability/sa/Clhsdb tests are using a C2 specific VMStruct field
- - JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64
- - JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints
- - JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
- - JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12
- - JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction
- - JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java
- - JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ImageTypes.java & show test UI
- - JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS
- - JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java
- - JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
- - JDK-8274597: Some of the dnd tests time out and fail intermittently
- - JDK-8275170: Some jtreg sound tests should be marked with sound keyword
- - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
- - JDK-8276841: Add support for Visual Studio 2022
- - JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points
- - JDK-8277497: Last column cell in the JTable row is read as empty cell
- - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
- - JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"
- - JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore
- - JDK-8279695: [TESTBUG] modify compiler/loopopts/TestSkeletonPredicateNegation.java to run on C1 also
- - JDK-8280158: New test from JDK-8274736 failed with/without patch in JDK11u
- - JDK-8280550: SplittableRandom#nextDouble(double,double) can return result >= bound
- - JDK-8280863: Update build README to reflect that MSYS2 is supported
- - JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
- - JDK-8280948: Write a regression test for JDK-4659800
- - JDK-8280950: RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
- - JDK-8281183: RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
- - JDK-8281296: Create a regression test for JDK-4515999
- - JDK-8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted)
- - JDK-8282046: Create a regression test for JDK-8000326
- - JDK-8282276: Problem list failing two Robot Screen Capture tests
- - JDK-8282306: os::is_first_C_frame(frame*) crashes on invalid link access
- - JDK-8282345: handle latest VS2022 in abstract_vm_version
- - JDK-8282402: Create a regression test for JDK-4666101
- - JDK-8282640: Create a test for JDK-4740761
- - JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/LoadUnloadGC2.java fails intermittently with exit code 1
- - JDK-8282730: LdapLoginModule throw NPE from logout method after login failure
- - JDK-8282777: Create a Regression test for JDK-4515031
- - JDK-8282778: Create a regression test for JDK-4699544
- - JDK-8282857: Create a regression test for JDK-4702690
- - JDK-8282936: Write a regression test for JDK-4615365
- - JDK-8282937: Write a regression test for JDK-4820080
- - JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup
- - JDK-8283422: Create a new test for JDK-8254790
- - JDK-8284294: Create an automated regression test for RFE 4138746
- - JDK-8284358: Unreachable loop is not removed from C2 IR, leading to a broken graph
- - JDK-8284521: Write an automated regression test for RFE 4371575
- - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
- - JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X
- - JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation
- - JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
- - JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java
- - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
- - JDK-8285305: Create an automated test for JDK-4495286
- - JDK-8285373: Create an automated test for JDK-4702233
- - JDK-8285604: closed sun/java2d/GdiRendering/ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)"
- - JDK-8285617: Fix java/awt/print/PrinterJob/ImagePrinting/PrintARGBImage.java manual test
- - JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox
- - JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment
- - JDK-8285836: sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server"
- - JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/AttachReturnError.java fails on Alpine
- - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
- - JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray
- - JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/DropTargetInInternalFrameTest.html times out and fails in Windows
- - JDK-8286872: Refactor add/modify notification icon (TrayIcon)
- - JDK-8287076: Document.normalizeDocument() produces different results
- - JDK-8287091: aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn
- - JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path
- - JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative
- - JDK-8287724: Fix various issues with msys2
- - JDK-8287826: javax/accessibility/4702233/AccessiblePropertiesTest.java fails to compile
- - JDK-8287895: Some langtools tests fail on msys2
- - JDK-8287896: PropertiesTest.sh fail on msys2
- - JDK-8287902: UnreadableRB case in MissingResourceCauseTest is not working reliably on Windows
- - JDK-8287917: System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier
- - JDK-8288132: Update test artifacts in QuoVadis CA interop tests
- - JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces
- - JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable
- - JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding
- - JDK-8288599: com/sun/management/OperatingSystemMXBean/TestTotalSwap.java: Expected total swap size ... but getTotalSwapSpaceSize returned ...
- - JDK-8288985: P11TlsKeyMaterialGenerator should work with ChaCha20-Poly1305
- - JDK-8289043: C2: Vector constant materialization attempt
- - JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output
- - JDK-8290207: Missing notice in dom.md
- - JDK-8290209: jcup.md missing additional text
- - JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1
- - JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure
- - JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI"
- - JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize
- - JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses
- - JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*)
- - JDK-8291461: assert(false) failed: bad AD file
- - JDK-8292083: Detected container memory limit may exceed physical machine memory
- - JDK-8292158: AES-CTR cipher state corruption with AVX-512
- - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
- - JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update
- - JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free
- - JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures
- - JDK-8292887: Bump update version for OpenJDK: jdk-11.0.18
- - JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform
- - JDK-8293044: C1: Missing access check on non-accessible class
- - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
- - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
- - JDK-8293578: Duplicate ldc generated by javac
- - JDK-8293672: Update freetype md file
- - JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent
- - JDK-8293826: Closed test fails after JDK-8276108 on aarch64
- - JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening
- - JDK-8293834: Update CLDR data following tzdata 2022c update
- - JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
- - JDK-8294138: [11u] Revert change from JDK-8210962 in basic.m4
- - JDK-8294307: ISO 4217 Amendment 173 Update
- - JDK-8294357: (tz) Update Timezone Data to 2022d
- - JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode
- - JDK-8294740: Add cgroups keyword to TestDockerBasic.java
- - JDK-8295173: (tz) Update Timezone Data to 2022e
- - JDK-8295288: Some vm_flags tests associate with a wrong BugID
- - JDK-8295322: Tests for JDK-8271459 were not backported to 11u
- - JDK-8295429: Update harfbuzz md file
- - JDK-8295469: S390X: Optimized builds are broken
- - JDK-8295554: Move the "sizecalc.h" to the correct location
- - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
- - JDK-8295714: GHA ::set-output is deprecated and will be removed
- - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
- - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
- - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
- - JDK-8296108: (tz) Update Timezone Data to 2022f
- - JDK-8296239: ISO 4217 Amendment 174 Update
- - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
- - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
- - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
- - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
- - JDK-8296652: Restore windows aarch64 fixpath patch that was removed in 8239708
- - JDK-8296715: CLDR v42 update for tzdata 2022f
- - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
- - JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used
- - JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails again
- - JDK-8297241: Update sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java
- - JDK-8297481: Create a regression test for JDK-4424517
- - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
- - JDK-8297804: (tz) Update Timezone Data to 2022g
- - JDK-8298737: 8296772 backport to jdk11u caused build error on sparc
- - JDK-8299393: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18
- - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- - JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport
-
-Notes on individual issues:
-===========================
-
-client-libs/javax.imageio:
-
-JDK-8295687: Better BMP bounds
-==============================
-Loading a linked ICC profile within a BMP image is now disabled by
-default. To re-enable it, set the new system property
-`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
-replaces the old property,
-`sun.imageio.plugins.bmp.disableLinkedProfiles`.
-
-client-libs/javax.sound:
-
-JDK-8293742: Better Banking of Sounds
-=====================================
-Previously, the SoundbankReader implementation,
-`com.sun.media.sound.JARSoundbankReader`, would download a JAR
-soundbank from a URL. This behaviour is now disabled by default. To
-re-enable it, set the new system property `jdk.sound.jarsoundbank` to
-`true`.
-
-security-libs/javax.crypto:
-
-JDK-6782021: Windows KeyStore Updated to Include Access to the Local Machine Location
-=====================================================================================
-The Windows KeyStore support in the SunMSCAPI provider has been
-expanded to include access to the local machine location. The new
-keystore types are:
-
-* "Windows-MY-LOCALMACHINE"
-* "Windows-ROOT-LOCALMACHINE"
-
-The following keystore types were also added, allowing developers to
-make it clear they map to the current user:
-
-* "Windows-MY-CURRENTUSER" (same as "Windows-MY")
-* "Windows-ROOT-CURRENTUSER" (same as "Windows-ROOT")
-
-security-libs/java.security:
-
-JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
-==========================================================================================================
-Back in OpenJDK 9, JDK-8015081 changed the Set implementation used to
-hold principals and credentials so that it rejected null
-values. Attempts to call add(null), contains(null) or remove(null)
-were changed to throw a NullPointerException.
-
-However, the logout() methods in the LoginModule implementations
-within the JDK were not updated to check for null values, which may
-occur in the event of a failed login. As a result, a logout() call may
-throw a NullPointerException.
-
-The LoginModule implementations have now been updated with such checks
-and an implementation note added to the specification to suggest that
-the same change is made in third party modules. Developers of third
-party modules are advised to verify that their logout() method does not
-throw a NullPointerException.
-
-security-libs/javax.net.ssl:
-
-JDK-8287411: Enhance DTLS performance
-=====================================
-The JDK now exchanges DTLS cookies for all handshakes, new and
-resumed. The previous behaviour can be re-enabled by setting the new
-system property `jdk.tls.enableDtlsResumeCookie` to `false`.
-
-New in release OpenJDK 11.0.17 (2022-10-18):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk11017
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html
-
-* Security fixes
- - JDK-8282252: Improve BigInteger/Decimal validation
- - JDK-8285662: Better permission resolution
- - JDK-8286077, CVE-2022-21618: Wider MultiByte conversions
- - JDK-8286511: Improve macro allocation
- - JDK-8286519: Better memory handling
- - JDK-8286526, CVE-2022-21619: Improve NTLM support
- - JDK-8286533, CVE-2022-21626: Key X509 usages
- - JDK-8286910, CVE-2022-21624: Improve JNDI lookups
- - JDK-8286918, CVE-2022-21628: Better HttpServer service
- - JDK-8287446: Enhance icon presentations
- - JDK-8288508: Enhance ECDSA usage
- - JDK-8289366, CVE-2022-39399: Improve HTTP/2 client usage
- - JDK-8289853: Update HarfBuzz to 4.4.1
- - JDK-8290334: Update FreeType to 2.12.1
- - JDK-8293429: [11u] minor update in attribute style
-* Other changes
- - JDK-6606767: resexhausted00[34] fail assert(!thread->owns_locks(), "must release all locks when leaving VM")
- - JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7
- - JDK-7131823: bug in GIFImageReader
- - JDK-8017175: [TESTBUG] javax/swing/JPopupMenu/4634626/bug4634626.java sometimes failed on mac
- - JDK-8028265: Add legacy tz tests to OpenJDK
- - JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires
- - JDK-8139348: Deprecate 3DES and RC4 in Kerberos
- - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
- - JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption
- - JDK-8169468: NoResizeEventOnDMChangeTest.java fails because FS Window didn't receive all resizes!
- - JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad"
- - JDK-8183372: Refactor java/lang/Class shell tests to java
- - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names
- - JDK-8193462: Fix Filer handling of package-info initial elements
- - JDK-8203277: preflow visitor used during lambda attribution shouldn't visit class definitions inside the lambda body
- - JDK-8208471: nsk/jdb/unwatch/unwatch002/unwatch002.java fails with "Prompt is not received during 300200 milliseconds"
- - JDK-8209052: Low contrast in docs/api/constant-values.html
- - JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode
- - JDK-8210107: vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed)
- - JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure
- - JDK-8210960: Allow --with-boot-jdk-jvmargs to work during configure
- - JDK-8212904: JTextArea line wrapping incorrect when using UI scale
- - JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in some configs
- - JDK-8214078: (fs) SecureDirectoryStream not supported on arm32
- - JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount()
- - JDK-8215291: Broken links when generating from project without modules
- - JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java timed out
- - JDK-8217332: JTREG: Clean up, use generics instead of raw types
- - JDK-8218128: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003 and 004 use wrong path to test classes
- - JDK-8218413: make reconfigure ignores configure-time AUTOCONF environment variable
- - JDK-8219074: [TESTBUG] runtime/containers/docker/TestCPUAwareness.java typo of printing parameters (period should be shares)
- - JDK-8219149: ProcessTools.ProcessBuilder should print timing info for subprocesses
- - JDK-8220744: [TESTBUG] Move RedefineTests from runtime to serviceability
- - JDK-8221871: javadoc should not set role=region on <section> elements
- - JDK-8221907: make reconfigure breaks when configured with relative paths
- - JDK-8223543: [TESTBUG] Regression test java/awt/Graphics2D/DrawString/LCDTextSrcEa.java has issues
- - JDK-8223575: add subspace transitions to gc+metaspace=info log lines
- - JDK-8225122: Test AncestorResized.java fails when Windows desktop is scaled.
- - JDK-8226976: SessionTimeOutTests uses == operator for String value check
- - JDK-8230708: Hotspot fails to build on linux-sparc with gcc-9
- - JDK-8233712: Limit default tests jobs based on ulimit -u setting
- - JDK-8235870: C2 crashes in IdealLoopTree::est_loop_flow_merge_sz()
- - JDK-8236490: Compiler bug relating to @NonNull annotation
- - JDK-8236823: Ensure that API documentation uses minified libraries
- - JDK-8238196: tests that use SA Attach should not be allowed to run against signed binaries on Mac OS X 10.14.5 and later
- - JDK-8238203: Return value of GetUserDefaultUILanguage() should be handled as LANGID
- - JDK-8238268: Many SA tests are not running on OSX because they do not attempt to use sudo when available
- - JDK-8238586: [TESTBUG] vmTestbase/jit/tiered/Test.java failed when TieredCompilation is disabled
- - JDK-8239265: JFR: Test cleanup of jdk.jfr.api.consumer package
- - JDK-8239379: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java on OSX
- - JDK-8239423: jdk/jfr/jvm/TestJFRIntrinsic.java failed with -XX:-TieredCompilation
- - JDK-8239902: [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class
- - JDK-8240903: Add test to check that jmod hashes are reproducible
- - JDK-8242188: error in jtreg test jdk/jfr/api/consumer/TestRecordedFrame.java on linux-aarch64
- - JDK-8247546: Pattern matching does not skip correctly over supplementary characters
- - JDK-8247907: XMLDsig logging does not work
- - JDK-8247964: All log0() in com/sun/org/slf4j/internal/Logger.java should be private
- - JDK-8249623: test @ignore-d due to 7013634 should be returned back to execution
- - JDK-8251152: ARM32: jtreg c2 Test8202414 test crash
- - JDK-8251551: Use .md filename extension for README
- - JDK-8252145: Unify Info.plist files with correct version strings
- - JDK-8253829: Wrong length compared in SSPI bridge
- - JDK-8253916: ResourceExhausted/resexhausted001 crashes on Linux-x64
- - JDK-8254178: Remove .hgignore
- - JDK-8254318: Remove .hgtags
- - JDK-8255724: [XRender] the BlitRotateClippedArea test fails on Linux in the XR pipeline
- - JDK-8255729: com.sun.tools.javac.processing.JavacFiler.FilerOutputStream is inefficient
- - JDK-8257623: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted001/TestDescription.java shouldn't use timeout
- - JDK-8258946: Fix optimization-unstable code involving signed integer overflow
- - JDK-8261160: Add a deserialization JFR event
- - JDK-8262085: Hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux
- - JDK-8264400: (fs) WindowsFileStore equality depends on how the FileStore was constructed
- - JDK-8264792: The NumberFormat for locale sq_XK formats price incorrectly.
- - JDK-8265020: tests must be updated for new TestNG module name
- - JDK-8265100: (fs) WindowsFileStore.hashCode() should read cached hash code once
- - JDK-8265531: doc/building.md should mention homebrew install freetype
- - JDK-8266250: WebSocketTest and WebSocketProxyTest call assertEquals(List<byte[]>, List<byte[]>)
- - JDK-8266254: Update to use jtreg 6
- - JDK-8266460: java.io tests fail on null stream with upgraded jtreg/TestNG
- - JDK-8266461: tools/jmod/hashes/HashesTest.java fails: static @Test methods
- - JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups
- - JDK-8266675: Optimize IntHashTable for encapsulation and ease of use
- - JDK-8266774: System property values for stdout/err on Windows UTF-8
- - JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java
- - JDK-8267180: Typo in copyright header for HashesTest
- - JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation
- - JDK-8267880: Upgrade the default PKCS12 MAC algorithm
- - JDK-8268185: Update GitHub Actions for jtreg 6
- - JDK-8269039: Disable SHA-1 Signed JARs
- - JDK-8269517: compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges
- - JDK-8270090: C2: LCM may prioritize CheckCastPP nodes over projections
- - JDK-8270312: Error: Not a test or directory containing tests: java/awt/print/PrinterJob/XparColor.java
- - JDK-8271010: vmTestbase/gc/lock/malloc/malloclock04/TestDescription.java crashes intermittently
- - JDK-8271078: jdk/incubator/vector/Float128VectorTests.java failed a subtest
- - JDK-8271512: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java due to 8270326
- - JDK-8272352: Java launcher can not parse Chinese character when system locale is set to UTF-8
- - JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
- - JDK-8273526: Extend the OSContainer API pids controller with pids.current
- - JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
- - JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false]
- - JDK-8274687: JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend
- - JDK-8275008: gtest build failure due to stringop-overflow warning with gcc11
- - JDK-8275689: [TESTBUG] Use color tolerance only for XRender in BlitRotateClippedArea test
- - JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
- - JDK-8277893: Arraycopy stress tests
- - JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
- - JDK-8278344: sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output
- - JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"
- - JDK-8279032: compiler/loopopts/TestSkeletonPredicateNegation.java times out with -XX:TieredStopAtLevel < 4
- - JDK-8279385: [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java after 8278344
- - JDK-8279622: C2: miscompilation of map pattern as a vector reduction
- - JDK-8280913: Create a regression test for JRootPane.setDefaultButton() method
- - JDK-8281181: Do not use CPU Shares to compute active processor count
- - JDK-8281535: Create a regression test for JDK-4670051
- - JDK-8281569: Create tests for Frame.setMinimumSize() method
- - JDK-8281628: KeyAgreement : generateSecret intermittently not resetting
- - JDK-8281738: Create a regression test for checking the 'Space' key activation of focused Button
- - JDK-8281745: Create a regression test for JDK-4514331
- - JDK-8281988: Create a regression test for JDK-4618767
- - JDK-8282214: Upgrade JQuery to version 3.6.0
- - JDK-8282234: Create a regression test for JDK-4532513
- - JDK-8282280: Update Xerces to Version 2.12.2
- - JDK-8282343: Create a regression test for JDK-4518432
- - JDK-8282538: PKCS11 tests fail on CentOS Stream 9
- - JDK-8282548: Create a regression test for JDK-4330998
- - JDK-8282555: Missing memory edge when spilling MoveF2I, MoveD2L etc
- - JDK-8282789: Create a regression test for the JTree usecase of JDK-4618767
- - JDK-8282860: Write a regression test for JDK-4164779
- - JDK-8282933: Create a test for JDK-4529616
- - JDK-8282947: JFR: Dump on shutdown live-locks in some conditions
- - JDK-8283015: Create a test for JDK-4715496
- - JDK-8283017: GHA: Workflows break with update release versions
- - JDK-8283087: Create a test or JDK-4715503
- - JDK-8283245: Create a test for JDK-4670319
- - JDK-8283277: ISO 4217 Amendment 171 Update
- - JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
- - JDK-8283493: Create an automated regression test for RFE 4231298
- - JDK-8283507: Create a regression test for RFE 4287690
- - JDK-8283621: Write a regression test for CCC4400728
- - JDK-8283623: Create an automated regression test for JDK-4525475
- - JDK-8283624: Create an automated regression test for RFE-4390885
- - JDK-8283712: Create a manual test framework class
- - JDK-8283803: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintGlyphVectorTest.java and fix test
- - JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee
- - JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode
- - JDK-8284077: Create an automated test for JDK-4170173
- - JDK-8284367: JQuery UI upgrade from 1.12.1 to 1.13.1
- - JDK-8284535: Fix PrintLatinCJKTest.java test that is failing with Parse Exception
- - JDK-8284680: sun.font.FontConfigManager.getFontConfig() leaks charset
- - JDK-8284694: Avoid evaluating SSLAlgorithmConstraints twice
- - JDK-8284754: print more interesting env variables in hs_err and VM.info
- - JDK-8284758: [linux] improve print_container_info
- - JDK-8284882: SIGSEGV in Node::verify_edges due to compilation bailout
- - JDK-8284898: Enhance PassFailJFrame
- - JDK-8284944: assert(cnt++ < 40) failed: infinite cycle in loop optimization
- - JDK-8284950: CgroupV1 detection code should consider memory.swappiness
- - JDK-8284956: Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment
- - JDK-8285081: Improve XPath operators count accuracy
- - JDK-8285097: Duplicate XML keys in XPATHErrorResources.java and XSLTErrorResources.java
- - JDK-8285380: Fix typos in security
- - JDK-8285398: Cache the results of constraint checks
- - JDK-8285693: Create an automated test for JDK-4702199
- - JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
- - JDK-8285728: Alpine Linux build fails with busybox tar
- - JDK-8285820: C2: LCM prioritizes locally dependent CreateEx nodes over projections after 8270090
- - JDK-8286114: [test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java
- - JDK-8286177: C2: "failed: non-reduction loop contains reduction nodes" assert failure
- - JDK-8286211: Update PCSC-Lite for Suse Linux to 1.9.5
- - JDK-8286314: Trampoline not created for far runtime targets outside small CodeCache
- - JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled
- - JDK-8287017: Bump update version for OpenJDK: jdk-11.0.17
- - JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
- - JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
- - JDK-8287202: GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event
- - JDK-8287223: C1: Inlining attempt through MH::invokeBasic() with null receiver
- - JDK-8287336: GHA: Workflows break on patch versions
- - JDK-8287366: Improve test failure reporting in GHA
- - JDK-8287432: C2: assert(tn->in(0) != __null) failed: must have live top node
- - JDK-8287463: JFR: Disable TestDevNull.java on Windows
- - JDK-8287663: Add a regression test for JDK-8287073
- - JDK-8287672: jtreg test com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails intermittently in nightly run
- - JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
- - JDK-8288360: CI: ciInstanceKlass::implementor() is not consistent for well-known classes
- - JDK-8288467: remove memory_operand assert for spilled instructions
- - JDK-8288754: GCC 12 fails to build zReferenceProcessor.cpp
- - JDK-8288763: Pack200 extraction failure with invalid size
- - JDK-8288781: C1: LIR_OpVisitState::maxNumberOfOperands too small
- - JDK-8288865: [aarch64] LDR instructions must use legitimized addresses
- - JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041)
- - JDK-8289471: Issue in Initialization of keys in ErrorMsg.java and XPATHErrorResources.java
- - JDK-8289477: Memory corruption with CPU_ALLOC, CPU_FREE on muslc
- - JDK-8289486: Improve XSLT XPath operators count efficiency
- - JDK-8289549: ISO 4217 Amendment 172 Update
- - JDK-8289569: [test] java/lang/ProcessBuilder/Basic.java fails on Alpine/musl
- - JDK-8289799: Build warning in methodData.cpp memset zero-length parameter
- - JDK-8289856: [PPC64] SIGSEGV in C2Compiler::init_c2_runtime() after JDK-8289060
- - JDK-8290000: Bump macOS GitHub actions to macOS 11
- - JDK-8290004: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
- - JDK-8290198: Shenandoah: a few Shenandoah tests failure after JDK-8214799 11u backport
- - JDK-8290246: test fails "assert(init != __null) failed: initialization not found"
- - JDK-8290813: jdk/nashorn/api/scripting/test/ScriptObjectMirrorTest.java fails: assertEquals is ambiguous
- - JDK-8290886: [11u]: Backport of JDK-8266250 introduced test failures
- - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
- - JDK-8291713: assert(!phase->exceeding_node_budget()) failed: sanity after JDK-8223389
- - JDK-8291794: [11u] Corrections after backport of JDK-8212028
- - JDK-8292579: (tz) Update Timezone Data to 2022c
- - JDK-8292852: [11u] TestMemoryWithCgroupV1 fails after JDK-8292768
- - JDK-8295057: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.17
-
-Notes on individual issues:
-===========================
-
-core-libs/java.net:
-
-JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
-===========================================================================
-Two system properties have been added which control the keep alive
-behavior of HttpURLConnection in the case where the server does not
-specify a keep alive time. Two properties are defined for controlling
-connections to servers and proxies separately. They are:
-
-* `http.keepAlive.time.server`
-* `http.keepAlive.time.proxy`
-
-respectively. More information about them can be found on the
-Networking Properties page:
-https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html.
-
-JDK-8286918: Better HttpServer service
-======================================
-The HttpServer can be optionally configured with a maximum connection
-limit by setting the jdk.httpserver.maxConnections system property. A
-value of 0 or a negative integer is ignored and considered to
-represent no connection limit. In the case of a positive integer
-value, any newly accepted connections will be first checked against
-the current count of established connections and, if the configured
-limit has been reached, then the newly accepted connection will be
-closed immediately.
-
-hotspot/runtime:
-
-JDK-8281181: CPU Shares Ignored When Computing Active Processor Count
-=====================================================================
-Previous JDK releases used an incorrect interpretation of the Linux
-cgroups parameter "cpu.shares". This might cause the JVM to use fewer
-CPUs than available, leading to an under utilization of CPU resources
-when the JVM is used inside a container.
-
-Starting from this JDK release, by default, the JVM no longer
-considers "cpu.shares" when deciding the number of threads to be used
-by the various thread pools. The `-XX:+UseContainerCpuShares`
-command-line option can be used to revert to the previous
-behavior. This option is deprecated and may be removed in a future JDK
-release.
-
-security-libs/java.security:
-
-JDK-8269039: Disabled SHA-1 Signed JARs
-=======================================
-JARs signed with SHA-1 algorithms are now restricted by default and
-treated as if they were unsigned. This applies to the algorithms used
-to digest, sign, and optionally timestamp the JAR. It also applies to
-the signature and digest algorithms of the certificates in the
-certificate chain of the code signer and the Timestamp Authority, and
-any CRLs or OCSP responses that are used to verify if those
-certificates have been revoked. These restrictions also apply to
-signed JCE providers.
-
-To reduce the compatibility risk for JARs that have been previously
-timestamped, there is one exception to this policy:
-
-- Any JAR signed with SHA-1 algorithms and timestamped prior to
- January 01, 2019 will not be restricted.
-
-This exception may be removed in a future JDK release. To determine if
-your signed JARs are affected by this change, run:
-
-$ jarsigner -verify -verbose -certs`
-
-on the signed JAR, and look for instances of "SHA1" or "SHA-1" and
-"disabled" and a warning that the JAR will be treated as unsigned in
-the output.
-
-For example:
-
- Signed by "CN="Signer""
- Digest algorithm: SHA-1 (disabled)
- Signature algorithm: SHA1withRSA (disabled), 2048-bit key
-
- WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
-
- jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
-
-JARs affected by these new restrictions should be replaced or
-re-signed with stronger algorithms.
-
-Users can, *at their own risk*, remove these restrictions by modifying
-the `java.security` configuration file (or override it by using the
-`java.security.properties` system property) and removing "SHA1 usage
-SignedJAR & denyAfter 2019-01-01" from the
-`jdk.certpath.disabledAlgorithms` security property and "SHA1
-denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security
-property.
-
-JDK-8267880: Upgrade the default PKCS12 MAC algorithm
-=====================================================
-
-The default MAC algorithm used in a PKCS #12 keystore has been
-updated. The new algorithm is based on SHA-256 and is stronger than
-the old one based on SHA-1. See the security properties starting with
-`keystore.pkcs12` in the `java.security` file for detailed
-information.
-
-The new SHA-256 based MAC algorithms were introduced in the 11.0.12
-release. Keystores created using this newer, stronger, MAC algorithm
-cannot be opened in versions of OpenJDK 11 earlier than 11.0.12. A
-'java.security.NoSuchAlgorithmException' exception will be thrown in
-such circumstances.
-
-For compatibility, use the `keystore.pkcs12.legacy` system property,
-which will revert the algorithms to use the older, weaker
-algorithms. There is no value defined for this property.
-
-core-libs/java.io:serialization:
-
-JDK-8261160: JDK Flight Recorder Event for Deserialization
-==========================================================
-It is now possible to monitor deserialization of objects using JDK
-Flight Recorder (JFR). When JFR is enabled and the JFR configuration
-includes deserialization events, JFR will emit an event whenever the
-running program attempts to deserialize an object. The deserialization
-event is named `jdk.Deserialization`, and it is disabled by
-default. The deserialization event contains information that is used
-by the serialization filter mechanism; see the ObjectInputFilter API
-specification for details.
-
-Additionally, if a filter is enabled, the JFR event indicates whether
-the filter accepted or rejected deserialization of the object. For
-further information about how to use the JFR deserialization event,
-see the article "Monitoring Deserialization to Improve Application
-Security"
-(https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/).
-
-For reference information about using and configuring JFR, see the
-"JFR Runtime Guide"
-(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165)
-and "JFR Command Reference"
-(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0)
-sections of the JDK Mission Control documentation.
-
-security-libs/org.ietf.jgss:krb5:
-
-JDK-8139348: Deprecate 3DES and RC4 in Kerberos
-===============================================
-The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
-are now deprecated and disabled by default. Users can set
-`allow_weak_crypto = true` in the `krb5.conf` configuration file to
-re-enable them (along with other weak etypes including `des-cbc-crc`
-and `des-cbc-md5`) at their own risk. To disable a subset of the weak
-etypes, users can list preferred etypes explicitly in any of the
-`default_tkt_enctypes`, `default_tgs_enctypes`, or
-`permitted_enctypes` settings.
-
-New in release OpenJDK 11.0.16.1 (2022-08-12):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk110161
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.1.txt
-
-* Other changes
- - JDK-8292255: Bump update version for OpenJDK: jdk-11.0.16.1
- - JDK-8292260: [BACKOUT] JDK-8279219: [REDO] C2 crash when allocating array of size too large
-
-Notes on individual issues:
-===========================
-
-hotspot/compiler:
-
-JDK-8292396: C2 Compilation Errors Unpredictably Crashes JVM
-============================================================
-Fixes a regression in the C2 JIT compiler which caused the Java
-Runtime to crash unpredictably.
-
-New in release OpenJDK 11.0.16 (2022-07-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11016
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt
-
-* Security fixes
- - JDK-8277608: Address IP Addressing
- - JDK-8272243: Improve DER parsing
- - JDK-8272249: Better properties of loaded Properties
- - JDK-8281859, CVE-2022-21540: Improve class compilation
- - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations
- - JDK-8283190: Improve MIDI processing
- - JDK-8284370: Improve zlib usage
- - JDK-8285407, CVE-2022-34169: Improve Xalan supports
-* Other changes
- - JDK-6986863: ProfileDeferralMgr throwing ConcurrentModificationException
- - JDK-7124293: [macosx] VoiceOver reads percentages rather than the actual values for sliders.
- - JDK-7124301: [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements.
- - JDK-8133713: [macosx] Accessible JTables always reported as empty
- - JDK-8139046: Compiler Control: IGVPrintLevel directive should set PrintIdealGraph
- - JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn
- - JDK-8163498: Many long-running security libs tests
- - JDK-8166727: javac crashed: [jimage.dll+0x1942] ImageStrings::find+0x28
- - JDK-8169004: Fix redundant @requires tags in tests
- - JDK-8181571: printing to CUPS fails on mac sandbox app
- - JDK-8182404: remove jdk.testlibrary.JDKToolFinder and JDKToolLauncher
- - JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests
- - JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with java.net.ConnectException
- - JDK-8193682: Infinite loop in ZipOutputStream.close()
- - JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java fails with "expected 0 to equal 10"
- - JDK-8202886: [macos] Test java/awt/MenuBar/8007006/bug8007006.java fails on MacOS
- - JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java
- - JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld test
- - JDK-8206187: javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java fails with Port already in use
- - JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java
- - JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003 fails to start
- - JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after co-location
- - JDK-8208246: flags duplications in vmTestbase_vm_g1classunloading tests
- - JDK-8208249: TriggerUnloadingByFillingMetaspace generates garbage class names
- - JDK-8208697: vmTestbase/metaspace/stressHierarchy/stressHierarchy012/TestDescription.java fails with OutOfMemoryError: Metaspace
- - JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a different test
- - JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test
- - JDK-8209883: ZGC: Compile without C1 broken
- - JDK-8209920: runtime/logging/RedefineClasses.java fail with OOME with ZGC
- - JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread and XRun
- - JDK-8210039: move OSInfo to top level testlibrary
- - JDK-8210108: sun/tools/jstatd test build failures after JDK-8210022
- - JDK-8210112: remove jdk.testlibrary.ProcessTools
- - JDK-8210649: AssertionError @ jdk.compiler/com.sun.tools.javac.comp.Modules.enter(Modules.java:244)
- - JDK-8210732: remove jdk.testlibrary.Utils
- - JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader after JDK-6788458
- - JDK-8211822: Some tests fail after JDK-8210039
- - JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound
- - JDK-8212151: jdi/ExclusiveBind.java times out due to "bind failed: Address already in use" on Solaris-X64
- - JDK-8213440: Lingering INCLUDE_ALL_GCS in test_oopStorage_parperf.cpp
- - JDK-8214275: CondyRepeatFailedResolution asserts "Dynamic constant has no fixed basic type"
- - JDK-8214799: Add package declaration to each JTREG test case in the gc folder
- - JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges to enable MacOS tests on Mach5
- - JDK-8216137: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
- - JDK-8216265: [testbug] Introduce Platform.sharedLibraryPathVariableName() and adapt all tests.
- - JDK-8216366: Add rationale to PER_CPU_SHARES define
- - JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265
- - JDK-8217233: Update build settings for AIX/xlc
- - JDK-8217340: Compilation failed: tools/launcher/Test7029048.java
- - JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP docker containers
- - JDK-8218136: minor hotspot adjustments for xlclang++ from xlc16 on AIX
- - JDK-8218751: Do not store original classfiles inside the CDS archive
- - JDK-8218965: aix: support xlclang++ in the compiler detection
- - JDK-8220658: Improve the readability of container information in the error log
- - JDK-8220813: update hotspot tier1_gc tests depending on GC to use @requires vm.gc.X
- - JDK-8222799: java.beans.Introspector uses an obsolete methods cache
- - JDK-8222926: Shenandoah build fails with --with-jvm-features=-compiler1
- - JDK-8223143: Restructure/clean-up for 'loopexit_or_null()'.
- - JDK-8223363: Bad node estimate assertion failure
- - JDK-8223389: Shenandoah optimizations fail with assert(!phase->exceeding_node_budget())
- - JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp
- - JDK-8223502: Node estimate for loop unswitching is not correct: assert(delta <= 2 * required) failed: Bad node estimate
- - JDK-8224648: assert(!exceeding_node_budget()) failed: Too many NODES required! failure with ctw
- - JDK-8225475: Node budget asserts on x86_32/64
- - JDK-8227171: provide function names in native stack trace on aix with xlc16
- - JDK-8227389: Remove unsupported xlc16 compile options on aix
- - JDK-8229202: Docker reporting causes secondary crashes in error handling
- - JDK-8229210: [TESTBUG] Move gc stress tests from JFR directory tree to gc/stress
- - JDK-8229486: Replace wildcard address with loopback or local host in tests - part 21
- - JDK-8229499: Node budget assert in fuzzed test
- - JDK-8230305: Cgroups v2: Container awareness
- - JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target
- - JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
- - JDK-8231454: File lock in Windows on a loaded jar due to a leak in Introspector::getBeanInfo
- - JDK-8231489: GC watermark_0_1 failed due to "metaspace.gc.Fault: GC has happened too rare"
- - JDK-8231565: More node budget asserts in fuzzed tests
- - JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS
- - JDK-8234382: Test tools/javac/processing/model/testgetallmembers/Main.java using too small heap
- - JDK-8234605: C2 failed "assert(C->live_nodes() - live_at_begin <= 2 * _nodes_required) failed: Bad node estimate: actual = 208 >> request = 101"
- - JDK-8234608: [TESTBUG] Fix G1 redefineClasses tests and a memory leak
- - JDK-8235220: ClhsdbScanOops.java fails with sun.jvm.hotspot.types.WrongTypeException
- - JDK-8235385: Crash on aarch64 JDK due to long offset
- - JDK-8237479: 8230305 causes slowdebug build failure
- - JDK-8239559: Cgroups: Incorrect detection logic on some systems
- - JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
- - JDK-8240132: ProblemList com/sun/jdi/InvokeHangTest.java
- - JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
- - JDK-8240335: C2: assert(found_sfpt) failed: no node in loop that's not input to safepoint
- - JDK-8240734: ModuleHashes attribute not reproducible between builds
- - JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
- - JDK-8241707: introduce randomness k/w to hotspot test suite
- - JDK-8242310: use reproducible random in hotspot compiler tests
- - JDK-8242311: use reproducible random in hotspot runtime tests
- - JDK-8242312: use reproducible random in hotspot gc tests
- - JDK-8242313: use reproducible random in hotspot svc tests
- - JDK-8242538: java/security/SecureRandom/ThreadSafe.java failed on windows
- - JDK-8243429: use reproducible random in :vmTestbase_nsk_stress
- - JDK-8243666: ModuleHashes attribute generated for JMOD and JAR files depends on timestamps
- - JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
- - JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a test
- - JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
- - JDK-8245938: Remove unused print_stack(void) method from XToolkit.c
- - JDK-8246494: introduce vm.flagless at-requires property
- - JDK-8246741: NetworkInterface/UniqueMacAddressesTest: mac address uniqueness test failed
- - JDK-8247589: Implementation of Alpine Linux/x64 Port
- - JDK-8247591: Document Alpine Linux build steps in OpenJDK build guide
- - JDK-8247592: refactor test/jdk/tools/launcher/Test7029048.java
- - JDK-8247614: java/nio/channels/DatagramChannel/Connect.java timed out
- - JDK-8248876: LoadObject with bad base address created for exec file on linux
- - JDK-8249592: Robot.mouseMove moves cursor to incorrect location when display scale varies and Java runs in DPI Unaware mode
- - JDK-8252117: com/sun/jdi/BadHandshakeTest.java failed with "ConnectException: Connection refused: connect"
- - JDK-8252248: __SIGRTMAX is not declared in musl libc
- - JDK-8252250: isnanf is obsolete
- - JDK-8252359: HotSpot Not Identifying it is Running in a Container
- - JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
- - JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
- - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
- - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
- - JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
- - JDK-8253872: ArgumentHandler must use the same delimiters as in jvmti_tools.cpp
- - JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
- - JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
- - JDK-8254887: C2: assert(cl->trip_count() > 0) failed: peeling a fully unrolled loop
- - JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
- - JDK-8255266: Update Public Suffix List to 3c213aa
- - JDK-8255604: java/nio/channels/DatagramChannel/Connect.java fails with java.net.BindException: Cannot assign requested address: connect
- - JDK-8255787: Tag container tests that use cGroups with cgroups keyword
- - JDK-8256146: Cleanup test/jdk/java/nio/channels/DatagramChannel/Connect.java
- - JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version
- - JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
- - JDK-8258795: Update IANA Language Subtag Registry to Version 2021-05-11
- - JDK-8258956: Memory Leak in StringCoding on ThreadLocal resultCached StringCoding.Result
- - JDK-8259517: Incorrect test path in test cases
- - JDK-8260518: Change default -mmacosx-version-min to 10.12
- - JDK-8261169: Upgrade HarfBuzz to the latest 2.8.0
- - JDK-8262379: Add regression test for JDK-8257746
- - JDK-8263364: sun/net/www/http/KeepAliveStream/KeepAliveStreamCloseWithWrongContentLength.java wedged in getInputStream
- - JDK-8263718: unused-result warning happens at os_linux.cpp
- - JDK-8263856: Github Actions for macos/aarch64 cross-build
- - JDK-8264179: [TESTBUG] Some compiler tests fail when running without C2
- - JDK-8265261: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
- - JDK-8265297: javax/net/ssl/SSLSession/TestEnabledProtocols.java failed with "RuntimeException: java.net.SocketException: Connection reset"
- - JDK-8265343: Update Debian-based cross-compilation recipes
- - JDK-8266251: compiler.inlining.InlineAccessors shouldn't do testing in driver VM
- - JDK-8266318: Switch to macos prefix for macOS bundles
- - JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
- - JDK-8266545: 8261169 broke Harfbuzz build with gcc 7 and 8
- - JDK-8268773: Improvements related to: Failed to start thread - pthread_create failed (EAGAIN)
- - JDK-8269772: [macos-aarch64] test compilation failed with "SocketException: No buffer space available"
- - JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support
- - JDK-8270797: ShortECDSA.java test is not complete
- - JDK-8271055: Crash during deoptimization with "assert(bb->is_reachable()) failed: getting result from unreachable basicblock" with -XX:+VerifyStack
- - JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
- - JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
- - JDK-8272358: Some tests may fail when executed with other locales than the US
- - JDK-8272493: Suboptimal code generation around Preconditions.checkIndex intrinsic with AVX2
- - JDK-8272908: Missing coverage for certain classes in com.sun.org.apache.xml.internal.security
- - JDK-8272964: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
- - JDK-8273176: handle latest VS2019 in abstract_vm_version
- - JDK-8273655: content-types.properties files are missing some common types
- - JDK-8274171: java/nio/file/Files/probeContentType/Basic.java failed on "Content type" mismatches
- - JDK-8274233: Minor cleanup for ToolBox
- - JDK-8274735: javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image
- - JDK-8274751: Drag And Drop hangs on Windows
- - JDK-8275082: Update XML Security for Java to 2.3.0
- - JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions
- - JDK-8275337: C1: assert(false) failed: live_in set of first block must be empty
- - JDK-8276657: XSLT compiler tries to define a class with empty name
- - JDK-8276990: Memory leak in invoker.c fillInvokeRequest() during JDI operations
- - JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive
- - JDK-8277093: Vector should throw ClassNotFoundException for a missing class of an element
- - JDK-8277396: [TESTBUG] In DefaultButtonModelCrashTest.java, frame is accessed from main thread
- - JDK-8277422: tools/jar/JarEntryTime.java fails with modified time mismatch
- - JDK-8277922: Unable to click JCheckBox in JTable through Java Access Bridge
- - JDK-8278065: Refactor subclassAudits to use ClassValue
- - JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils.parseIdFromSameDocumentURI throws StringIndexOutOfBoundsException when calling substring method
- - JDK-8278346: java/nio/file/Files/probeContentType/Basic.java fails on Linux SLES15 machine
- - JDK-8278472: Invalid value set to CANDIDATEFORM structure
- - JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
- - JDK-8278851: Correct signer logic for jars signed with multiple digestalgs
- - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
- - JDK-8279219: [REDO] C2 crash when allocating array of size too large
- - JDK-8279356: Method linking fails with guarantee(mh->adapter() != NULL) failed: Adapter blob must already exist!
- - JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT
- - JDK-8279520: SPNEGO has not passed channel binding info into the underlying mechanism
- - JDK-8279529: ProblemList java/nio/channels/DatagramChannel/ManySourcesAndTargets.java on macosx-aarch64
- - JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
- - JDK-8279668: x86: AVX2 versions of vpxor should be asserted
- - JDK-8279837: C2: assert(is_Loop()) failed: invalid node class: Region
- - JDK-8279842: HTTPS Channel Binding support for Java GSS/Kerberos
- - JDK-8279958: Provide configure hints for Alpine/apk package managers
- - JDK-8280041: Retry loop issues in java.io.ClassCache
- - JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
- - JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest clang
- - JDK-8280684: JfrRecorderService failes with guarantee(num_written > 0) when no space left on device.
- - JDK-8280799: С2: assert(false) failed: cyclic dependency prevents range check elimination
- - JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD CPUs
- - JDK-8280964: [Linux aarch64] : drawImage dithers TYPE_BYTE_INDEXED images incorrectly
- - JDK-8281274: deal with ActiveProcessorCount in os::Linux::print_container_info
- - JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths
- - JDK-8281615: Deadlock caused by jdwp agent
- - JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after JDK-8280799
- - JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder
- - JDK-8282172: CompileBroker::log_metaspace_failure is called from non-Java/compiler threads
- - JDK-8282225: GHA: Allow one concurrent run per PR only
- - JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
- - JDK-8282293: Domain value for system property jdk.https.negotiate.cbt should be case-insensitive
- - JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic on x86
- - JDK-8282382: Report glibc malloc tunables in error reports
- - JDK-8282422: JTable.print() failed with UnsupportedCharsetException on AIX ko_KR locale
- - JDK-8282501: Bump update version for OpenJDK: jdk-11.0.16
- - JDK-8282583: Update BCEL md to include the copyright notice
- - JDK-8282588: [11] set harfbuzz compilation flag to -std=c++11
- - JDK-8282589: runtime/ErrorHandling/ErrorHandler.java fails on MacOS aarch64 in jdk 11
- - JDK-8282887: Potential memory leak in sun.util.locale.provider.HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
- - JDK-8283018: 11u GHA: Update GCC 9 minor versions
- - JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in fontpath.c
- - JDK-8283323: libharfbuzz optimization level results in extreme build times
- - JDK-8283350: (tz) Update Timezone Data to 2022a
- - JDK-8283408: Fix a C2 crash when filling arrays with unsafe
- - JDK-8283420: [AOT] Exclude TrackedFlagTest/NotTrackedFlagTest in 11u because of intermittent java.lang.AssertionError: duplicate classes for name Ljava/lang/Boolean;
- - JDK-8283424: compiler/loopopts/LoopUnswitchingBadNodeBudget.java fails with release VMs due to lack of -XX:+UnlockDiagnosticVMOptions
- - JDK-8283451: C2: assert(_base == Long) failed: Not a Long
- - JDK-8283469: Don't use memset to initialize members in FileMapInfo and fix memory leak
- - JDK-8283497: [windows] print TMP and TEMP in hs_err and VM.info
- - JDK-8283614: [11] Repair compiler versions handling after 8233787
- - JDK-8283641: Large value for CompileThresholdScaling causes assert
- - JDK-8283834: Unmappable character for US-ASCII encoding in TestPredicateInputBelowLoopPredicate
- - JDK-8284033: Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
- - JDK-8284094: Memory leak in invoker_completeInvokeRequest()
- - JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
- - JDK-8284369: TestFailedAllocationBadGraph fails with -XX:TieredStopAtLevel < 4
- - JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer
- - JDK-8284458: CodeHeapState::aggregate() leaks blob_name
- - JDK-8284507: GHA: Only check test results if testing was not skipped
- - JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
- - JDK-8284573: [11u] ProblemList TestBubbleUpRef.java and TestGCOldWithCMS.java because of 8272195
- - JDK-8284604: [11u] Update Boot JDK used in GHA to 11.0.14.1
- - JDK-8284620: CodeBuffer may leak _overflow_arena
- - JDK-8284622: Update versions of some Github Actions used in JDK workflow
- - JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
- - JDK-8285395: [JVMCI] [11u] Partial backport of JDK-8220623: InstalledCode
- - JDK-8285397: JNI exception pending in CUPSfuncs.c:250
- - JDK-8285445: cannot open file "NUL:"
- - JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
- - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java
- - JDK-8285591: [11] add signum checks in DSA.java engineVerify
- - JDK-8285686: Update FreeType to 2.12.0
- - JDK-8285720: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails to compile after backport of 8273655
- - JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with version from head
- - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head
- - JDK-8285828: runtime/execstack/TestCheckJDK.java fails with zipped debug symbols
- - JDK-8286013: Incorrect test configurations for compiler/stable/TestStableShort.java
- - JDK-8286198: [linux] Fix process-memory information
- - JDK-8286293: Tests ShortResponseBody and ShortResponseBodyWithRetry should use less resources
- - JDK-8286444: javac errors after JDK-8251329 are not helpful enough to find root cause
- - JDK-8286594: (zipfs) Mention paths with dot elements in ZipException and cleanups
- - JDK-8286630: [11] avoid -std=c++11 CXX harfbuzz buildflag on Windows
- - JDK-8286855: javac error on invalid jar should only print filename
- - JDK-8287109: Distrust.java failed with CertificateExpiredException
- - JDK-8287119: Add Distrust.java to ProblemList
- - JDK-8287362: FieldAccessWatch testcase failed on AIX platform
- - JDK-8287378: GHA: Update cygwin to fix issues in langtools tests on Windows
- - JDK-8287739: [11u] ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
-
-Notes on individual issues:
-===========================
-
-core-libs/java.io:serialization:
-
-JDK-8277157: Vector should throw ClassNotFoundException for a missing class of an element
-=========================================================================================
-`java.util.Vector` is updated to correctly report
-`ClassNotFoundException that occurs during deserialization using
-`java.io.ObjectInputStream.GetField.get(name, object)` when the class
-of an element of the Vector is not found. Without this fix, a
-`StreamCorruptedException` is thrown that does not provide information
-about the missing class.
-
-core-libs/java.net:
-
-JDK-8285240: HTTPS Channel Binding support for Java GSS/Kerberos
-================================================================
-Support has been added for TLS channel binding tokens for
-Negotiate/Kerberos authentication over HTTPS through
-javax.net.HttpsURLConnection.
-
-Channel binding tokens are increasingly required as an enhanced form
-of security which can mitigate certain kinds of socially engineered,
-man in the middle (MITM) attacks. They work by communicating from a
-client to a server the client's understanding of the binding between
-connection security (as represented by a TLS server cert) and higher
-level authentication credentials (such as a username and
-password). The server can then detect if the client has been fooled by
-a MITM and shutdown the session/connection.
-
-The feature is controlled through a new system property
-`jdk.https.negotiate.cbt` which is described fully at the following
-page:
-
-https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt
-
-core-libs/java.lang:
-
-JDK-8283137: Incorrect handling of quoted arguments in ProcessBuilder
-=====================================================================
-ProcessBuilder on Windows is restored to address a regression caused
-by JDK-8250568. Previously, an argument to ProcessBuilder that
-started with a double-quote and ended with a backslash followed by a
-double-quote was passed to a command incorrectly and may cause the
-command to fail. For example the argument `"C:\\Program Files\"`,
-would be seen by the command with extra double-quotes. This update
-restores the long standing behavior that does not treat the backslash
-before the final double-quote specially.
-
-core-libs/java.util.jar:
-
-JDK-8278386: Default JDK compressor will be closed when IOException is encountered
-==================================================================================
-`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods
-have been modified to close out the associated default JDK compressor
-before propagating a Throwable up the
-stack. `ZIPOutputStream.closeEntry()` method has been modified to
-close out the associated default JDK compressor before propagating an
-IOException, not of type ZipException, up the stack.
-
-core-libs/java.io:
-
-JDK-8285660: New System Property to Disable Windows Alternate Data Stream Support in java.io.File
-=================================================================================================
-The Windows implementation of `java.io.File` allows access to NTFS
-Alternate Data Streams (ADS) by default. Such streams have a structure
-like “filename:streamname”. A system property `jdk.io.File.enableADS`
-has been added to control this behavior. To disable ADS support in
-`java.io.File`, the system property `jdk.io.File.enableADS` should be
-set to `false` (case ignored). Stricter path checking however prevents
-the use of special devices such as `NUL:`
-
-New in release OpenJDK 11.0.15 (2022-04-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11015
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.15.txt
-
-* New features
- - JDK-8253795: Implementation of JEP 391: macOS/AArch64 Port
-* Security fixes
- - JDK-8269938: Enhance XML processing passes redux
- - JDK-8270504, CVE-2022-21426: Better XPath expression handling
- - JDK-8272255: Completely handle MIDI files
- - JDK-8272261: Improve JFR recording file processing
- - JDK-8272594: Better record of recordings
- - JDK-8274221: More definite BER encodings
- - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0
- - JDK-8275151, CVE-2022-21443: Improved Object Identification
- - JDK-8277227: Better identification of OIDs
- - JDK-8277672, CVE-2022-21434: Better invocation handler handling
- - JDK-8278356: Improve file creation
- - JDK-8278449: Improve keychain support
- - JDK-8278798: Improve supported intrinsic
- - JDK-8278805: Enhance BMP image loading
- - JDK-8278972, CVE-2022-21496: Improve URL supports
- - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo
-* Other changes
- - JDK-8065704: Set LC_ALL=C for all relevant commands in the build system
- - JDK-8177814: jdk/editpad is not in jdk TEST.groups
- - JDK-8186780: clang fastdebug assertion failure in os_linux_x86:os::verify_stack_alignment()
- - JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java and NonGregorianFormatTest fail intermittently
- - JDK-8193277: SimpleFileObject inconsistency between getName and getShortName
- - JDK-8199079: Test javax/swing/UIDefaults/6302464/bug6302464.java is unstable
- - JDK-8202142: jfr/event/io/TestInstrumentation is unstable
- - JDK-8207011: Remove uses of the register storage class specifier
- - JDK-8207793: [TESTBUG] runtime/Metaspace/FragmentMetaspace.java fails: heap needs to be increased
- - JDK-8208074: [TESTBUG] vmTestbase/nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption/TestDescription.java failed with NullPointerException
- - JDK-8210194: [TESTBUG] jvmti_FollowRefObjects.cpp missing initializer for member _jvmtiHeapCallbacks::heap_reference_callback
- - JDK-8210236: Prepare ciReceiverTypeData::translate_receiver_data_from for concurrent class unloading
- - JDK-8211170: AArch64: Warnings in C1 and template interpreter
- - JDK-8211333: AArch64: Fix another build failure after JDK-8211029
- - JDK-8214004: Missing space between compiler thread name and task info in hs_err
- - JDK-8214026: Canonicalized archive paths appearing in diagnostics
- - JDK-8214761: Bug in parallel Kahan summation implementation
- - JDK-8216969: ParseException thrown for certain months with russian locale
- - JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient
- - JDK-8220634: SymLinkArchiveTest should handle not being able to create symlinks
- - JDK-8222825: ARM32 SIGILL issue on single core CPU (not supported PLDW instruction)
- - JDK-8223142: Clean-up WS and CB.
- - JDK-8225559: assertion error at TransTypes.visitApply
- - JDK-8232533: G1 uses only a single thread for pretouching the java heap
- - JDK-8233827: Enable screenshots in the enhanced failure handler on Linux/macOS
- - JDK-8233986: ProblemList javax/swing/plaf/basic/BasicTextUI/8001470/bug8001470.java for windows-x64
- - JDK-8234930: Use MAP_JIT when allocating pages for code cache on macOS
- - JDK-8236210: javac generates wrong annotation for fields generated from record components
- - JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful
- - JDK-8237787: rewrite vmTestbase/vm/compiler/CodeCacheInfo* from shell to java
- - JDK-8237798: rewrite vmTestbase/jit/tiered from shell to java
- - JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/6318524/bug6318524.java never fails
- - JDK-8240904: Screen flashes on test failures when running tests from make
- - JDK-8241004: NMT tests fail on unaligned thread size with debug build
- - JDK-8241423: NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default
- - JDK-8247272: SA ELF file support has never worked for 64-bit causing address to symbol name mapping to fail
- - JDK-8247515: OSX pc_to_symbol() lookup does not work with core files
- - JDK-8249019: clean up FileInstaller $test.src $cwd in vmTestbase_vm_compiler tests
- - JDK-8250750: JDK-8247515 fix for OSX pc_to_symbol() lookup fails with some symbols
- - JDK-8251126: nsk.share.GoldChecker should read golden file from ${test.src}
- - JDK-8251127: clean up FileInstaller $test.src $cwd in remaining vmTestbase_vm_compiler tests
- - JDK-8251132: make main classes public in vmTestbase/jit tests
- - JDK-8251558: J2DBench should support shaped and translucent windows
- - JDK-8251998: remove usage of PropertyResolvingWrapper in vmTestbase/jit/t
- - JDK-8252005: narrow disabling of allowSmartActionArgs in vmTestbase
- - JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/TestDescription.java fails with "ERROR: DebuggeeSleepingThread: ThreadDeath lost"
- - JDK-8253816: Support macOS W^X
- - JDK-8253817: Support macOS Aarch64 ABI in Interpreter
- - JDK-8253818: Support macOS Aarch64 ABI for compiled wrappers
- - JDK-8253819: Implement os/cpu for macOS/AArch64
- - JDK-8253839: Update tests and JDK code for macOS/Aarch64
- - JDK-8254072: AArch64: Get rid of --disable-warnings-as-errors on Windows+ARM64 build
- - JDK-8254085: javax/swing/text/Caret/TestCaretPositionJTextPane.java failed with "RuntimeException: Wrong caret position"
- - JDK-8254827: JVMCI: Enable it for Windows+AArch64
- - JDK-8254940: AArch64: Cleanup non-product thread members
- - JDK-8254941: Implement Serviceability Agent for macOS/AArch64
- - JDK-8255035: Update BCEL to Version 6.5.0
- - JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale
- - JDK-8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider
- - JDK-8255776: Change build system for macOS/AArch64
- - JDK-8256154: Some TestNG tests require default constructors
- - JDK-8256321: Some "inactive" color profiles use the wrong profile class
- - JDK-8256373: [Windows/HiDPI] The Frame#setBounds does not work in a minimized state
- - JDK-8257467: [TESTBUG] -Wdeprecated-declarations is reported at sigset() in exesigtest.c
- - JDK-8257769: Cipher.getParameters() throws NPE for ChaCha20-Poly1305
- - JDK-8258554: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F
- - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream)
- - JDK-8261205: AssertionError: Cannot add metadata to an intersection type
- - JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt"
- - JDK-8262894: [macos_aarch64] SIGBUS in Assembler::ld_st2
- - JDK-8262896: [macos_aarch64] Crash in jni_fast_GetLongField
- - JDK-8262903: [macos_aarch64] Thread::current() called on detached thread
- - JDK-8263185: Mallinfo deprecated in glibc 2.33
- - JDK-8264650: Cross-compilation to macos/aarch64
- - JDK-8265150: AsyncGetCallTrace crashes on ResourceMark
- - JDK-8266168: -Wmaybe-uninitialized happens in check_code.c
- - JDK-8266170: -Wnonnull happens in classLoaderData.inline.hpp
- - JDK-8266171: -Warray-bounds happens in imageioJPEG.c
- - JDK-8266172: -Wstringop-overflow happens in vmError.cpp
- - JDK-8266173: -Wmaybe-uninitialized happens in jni_util.c
- - JDK-8266174: -Wmisleading-indentation happens in libmlib_image sources
- - JDK-8266176: -Wmaybe-uninitialized happens in libArrayIndexOutOfBoundsExceptionTest.c
- - JDK-8266187: Memory leak in appendBootClassPath()
- - JDK-8266421: Deadlock in Sound System
- - JDK-8266889: [macosx-aarch64] Crash with SIGBUS in MarkActivationClosure::do_code_blob during vmTestbase/nsk/jvmti/.../bi04t002 test run
- - JDK-8268014: Build failure on SUSE Linux Enterprise Server 11.4 (s390x) due to 'SYS_get_mempolicy' was not declared
- - JDK-8268542: serviceability/logging/TestFullNames.java tests only 1st test case
- - JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc
- - JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor
- - JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty
- - JDK-8272345: macos doesn't check `os::set_boot_path()` result
- - JDK-8272473: Parsing epoch seconds at a DST transition with a non-UTC parser is wrong
- - JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication
- - JDK-8273277: C2: Move conditional negation into rc_predicate
- - JDK-8273341: Update Siphash to version 1.0
- - JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/bug6302464.java fails on macOS12
- - JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict tests
- - JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests
- - JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java failure
- - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated
- - JDK-8273634: [TEST_BUG] Improve javax/swing/text/ParagraphView/6364882/bug6364882.java
- - JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F
- - JDK-8273682: Upgrade Jline to 3.20.0
- - JDK-8273704: DrawStringWithInfiniteXform.java failed : drawString with InfiniteXform transform takes long time
- - JDK-8273933: [TESTBUG] Test must run without preallocated exceptions
- - JDK-8274265: Suspicious string concatenation in logTestUtils.inline.hpp
- - JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed "assert(m != __null) failed: NULL mirror"
- - JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/bug6364882.java failures
- - JDK-8274523: java/lang/management/MemoryMXBean/MemoryTest.java test should handle Shenandoah
- - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake
- - JDK-8274658: ISO 4217 Amendment 170 Update
- - JDK-8274714: Incorrect verifier protected access error message
- - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily
- - JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler
- - JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected
- - JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime
- - JDK-8275610: C2: Object field load floats above its null check resulting in a segfault
- - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
- - JDK-8275703: System.loadLibrary fails on Big Sur for libraries hidden from filesystem
- - JDK-8275811: Incorrect instance to dispose
- - JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle rounding correctly
- - JDK-8276141: XPathFactory set/getProperty method
- - JDK-8276177: nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here"
- - JDK-8276314: [JVMCI] check alignment of call displacement during code installation
- - JDK-8276623: JDK-8275650 accidentally pushed "out" file
- - JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows
- - JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for
- - JDK-8277385: Zero: Enable CompactStrings support
- - JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last
- - JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop
- - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022
- - JDK-8277795: ldap connection timeout not honoured under contention
- - JDK-8277796: Bump update version for OpenJDK: jdk-11.0.15
- - JDK-8277992: Add fast jdk_svc subtests to jdk:tier3
- - JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx
- - JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx
- - JDK-8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux
- - JDK-8278309: [windows] use of uninitialized OSThread::_state
- - JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec
- - JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT
- - JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134
- - JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob
- - JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0
- - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler
- - JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers
- - JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest
- - JDK-8279379: GHA: Print tests that are in error
- - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition
- - JDK-8279702: [macosx] ignore xcodebuild warnings on M1
- - JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16
- - JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks
- - JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id"
- - JDK-8280155: [PPC64, s390] frame size checks are not yet correct
- - JDK-8280414: Memory leak in DefaultProxySelector
- - JDK-8280526: x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1}
- - JDK-8280786: Build failure on Solaris after 8262392
- - JDK-8280999: array_bounds should be array-bounds after 8278507
- - JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames
- - JDK-8281520: JFR: A wrong parameter is passed to the constructor of LeakKlassWriter
- - JDK-8281599: test/lib/jdk/test/lib/KnownOIDs.java is redundant since JDK-8268801
- - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972
- - JDK-8282372: [11] build issue on MacOS/aarch64 12.2.1 using Xcode 13.1: call to 'log2_intptr' is ambiguous
- - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character
- - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods
- - JDK-8283018: 11u GHA: Update GCC 9 minor versions
- - JDK-8283270: [11u] broken JRT_ENTRY_NO_ASYNC after Backport of JDK-8253795
- - JDK-8283778: 11u GHA: Fix GCC 9 ubuntu package names
- - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException
- - JDK-8284920: Incorrect Token type causes XPath expression to return empty result
-
-Notes on individual issues:
-===========================
-
-security-libs/javax.crypto:pkcs11:
-
-JDK-8275737: SunPKCS11 Provider Supports ChaCha20-Poly1305 Cipher and ChaCha20 KeyGenerator if Supported by PKCS11 Library
-==========================================================================================================================
-SunPKCS11 provider is enhanced to support the following crypto
-services and algorithms when the underlying PKCS11 library supports
-the corresponding PKCS#11 mechanisms:
-
-* ChaCha20 KeyGenerator <=> CKM_CHACHA20_KEY_GEN mechanism
-* ChaCha20-Poly1305 Cipher <=> CKM_CHACHA20_POLY1305 mechanism
-* ChaCha20-Poly1305 AlgorithmParameters <=> CKM_CHACHA20_POLY1305 mechanism
-* ChaCha20 SecretKeyFactory <=> CKM_CHACHA20_POLY1305 mechanism
-
-New in release OpenJDK 11.0.14.1 (2022-02-08):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk110141
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.1.txt
-
-* Other changes
- - JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient
- - JDK-8280786: Build failure on Solaris after 8262392
- - JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1
-
-New in release OpenJDK 11.0.14 (2022-01-18):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11014
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.txt
-
-* New features
- - JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
-* Security fixes
- - JDK-8217375: jarsigner breaks old signature with long lines in manifest
- - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
- - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
- - JDK-8268488: More valuable DerValues
- - JDK-8268494: Better inlining of inlined interfaces
- - JDK-8268512: More content for ContentInfo
- - JDK-8268795: Enhance digests of Jar files
- - JDK-8268801: Improve PKCS attribute handling
- - JDK-8268813, CVE-2022-21283: Better String matching
- - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
- - JDK-8269944: Better HTTP transport redux
- - JDK-8270386, CVE-2022-21291: Better verification of scan methods
- - JDK-8270392, CVE-2022-21293: Improve String constructions
- - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
- - JDK-8270492, CVE-2022-21282: Better resolution of URIs
- - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
- - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
- - JDK-8270952, CVE-2022-21277: Improve TIFF file handling
- - JDK-8271962: Better TrueType font loading
- - JDK-8271968: Better canonical naming
- - JDK-8271987: Manifest improved manifest entries
- - JDK-8272014, CVE-2022-21305: Better array indexing
- - JDK-8272026, CVE-2022-21340: Verify Jar Verification
- - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
- - JDK-8272272: Enhance jcmd communication
- - JDK-8272462: Enhance image handling
- - JDK-8273290: Enhance sound handling
- - JDK-8273756, CVE-2022-21360: Enhance BMP image support
- - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
- - JDK-8274096, CVE-2022-21366: Improve decoding of image files
- - JDK-8279541: Improve HarfBuzz
-* Other changes
- - JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.html fails
- - JDK-7105119: [TEST_BUG] [macosx] In test UIDefaults.toString() must be called with the invokeLater()
- - JDK-7151826: [TEST_BUG] [macosx] The test javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
- - JDK-7179006: [macosx] Print-to-file doesn't work: printing to the default printer instead
- - JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/bug4726194.java fails on MacOSX
- - JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong number of thread end events
- - JDK-8039261: [TEST_BUG]: There is not a minimal security level in Java Preferences and the TestApplet.html is blocked.
- - JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/AltTabCrashTest.java fails with exception
- - JDK-8075909: [TEST_BUG] The regression-swing case failed as it does not have the 'Open' button when select 'subdir' folder with NimbusLAF
- - JDK-8078219: Verify lack of @test tag in files in java/net test directory
- - JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails with "RuntimeException: Process terminated prematurely"
- - JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java timed out intermittently
- - JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails intermittently
- - JDK-8131745: java/lang/management/ThreadMXBean/AllThreadIds.java still fails intermittently
- - JDK-8136517: [macosx]Test java/awt/Focus/8073453/AWTFocusTransitionTest.java fails on MacOSX
- - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
- - JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/Test6541987.java fails
- - JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/bug4760494.java leaves key pressed
- - JDK-8159904: [TEST_BUG] Failure on solaris of java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
- - JDK-8163086: java/awt/Window/TranslucentJAppletTest/TranslucentJAppletTest.java fails
- - JDK-8165828: [TEST_BUG] The reg case:javax/swing/plaf/metal/MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look and Feel
- - JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not fired! on Windows
- - JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException: Default button is not pressed
- - JDK-8169959: javax/swing/JTable/6263446/bug6263446.java: Table should be editing
- - JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/7156657/bug7156657.java fails on OS X
- - JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails on Windows
- - JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java fails intermittently
- - JDK-8179880: Refactor javax/security shell tests to plain java tests
- - JDK-8180568: Refactor javax/crypto shell tests to plain java tests
- - JDK-8180569: Refactor sun/security/krb5/ shell tests to plain java tests
- - JDK-8180571: Refactor sun/security/pkcs11 shell tests to plain java tests and fix failures
- - JDK-8180573: Refactor sun/security/tools shell tests to plain java tests
- - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
- - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream
- - JDK-8195703: BasicJDWPConnectionTest.java: 'App exited unexpectedly with 2'
- - JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java fails
- - JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java fails
- - JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/NoEventsTest.java fails on Windows
- - JDK-8197811: Test java/awt/Choice/PopupPosTest/PopupPosTest.java fails on Windows
- - JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java fails on mac
- - JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java fails on mac
- - JDK-8198619: java/awt/Focus/FocusTraversalPolicy/ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java fails on mac
- - JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java fails on mac
- - JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/SubMenuShowTest/SubMenuShowTest.html fails on mac
- - JDK-8199138: Add RISC-V support to Zero
- - JDK-8199529: javax/swing/text/Utilities/8142966/SwingFontMetricsTest.java fails on windows
- - JDK-8201224: Make string buffer size dynamic in mlvmJvmtiUtils.c
- - JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/FollowReferences/followref003/TestDescription.java fails with "Location mismatch" errors
- - JDK-8204161: [TESTBUG] auto failed with the "Applet thread threw exception: java.lang.UnsupportedOperationException" exception
- - JDK-8206085: Refactor langtools/tools/javac/versions/Versions.java
- - JDK-8207936: TestZipFile failed with java.lang.AssertionError exception
- - JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
- - JDK-8209611: use C++ compiler for hotspot tests
- - JDK-8210182: Remove macros for C compilation from vmTestBase but non jvmti
- - JDK-8210198: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[A-F] tests
- - JDK-8210205: build fails on AIX in hotspot cpp tests (for example getstacktr001.cpp)
- - JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION on windows-x86
- - JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java back to tier1
- - JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[A-N] tests
- - JDK-8210392: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
- - JDK-8210395: Add doc to SecurityTools.java
- - JDK-8210429: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[G-Z] tests
- - JDK-8210481: Remove #ifdef cplusplus from vmTestbase
- - JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[N-R] tests
- - JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[R-U] tests
- - JDK-8210689: Remove the multi-line old C style for string literals
- - JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti/unit tests
- - JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
- - JDK-8210920: Native C++ tests are not using CXXFLAGS
- - JDK-8210984: [TESTBUG] hs203t003 fails with "# ERROR: hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti, thread)"
- - JDK-8211036: Remove the NSK_STUB macros from vmTestbase for non jvmti
- - JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[G-I]*
- - JDK-8211148: var in implicit lambdas shouldn't be accepted for source < 11
- - JDK-8211171: move JarUtils to top-level testlibrary
- - JDK-8211227: Inconsistent TLS protocol version in debug output
- - JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[A-G]*
- - JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
- - JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[I-S]*
- - JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[A-E]
- - JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[E-M]
- - JDK-8211905: Remove multiple casts for EM06 file
- - JDK-8211999: Window positioning bugs due to overlapping GraphicsDevice bounds (Windows/HiDPI)
- - JDK-8212082: Remove the NSK_CPP_STUB macros for remaining vmTestbase/jvmti/[sS]*
- - JDK-8212083: Handle remaining gc/lock native code and fix two strings
- - JDK-8212148: Remove remaining NSK_CPP_STUBs
- - JDK-8213110: Remove the use of applets in automatic tests
- - JDK-8213189: Make restricted headers in HTTP Client configurable and remove Date by default
- - JDK-8213263: fix legal headers in test/langtools
- - JDK-8213296: Fix legal headers in test/jdk/java/net
- - JDK-8213301: Fix legal headers in jdk logging tests
- - JDK-8213305: Fix legal headers in test/java/math
- - JDK-8213306: Fix legal headers in test/java/nio
- - JDK-8213328: Update test copyrights in test/java/util/zip and test/jdk/tools
- - JDK-8213330: Fix legal headers in i18n tests
- - JDK-8213707: [TEST] vmTestbase/nsk/stress/except/except011.java failed due to wrong class name
- - JDK-8214469: [macos] PIT: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails
- - JDK-8215410: Regression test for JDK-8214994
- - JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
- - JDK-8215624: Add parallel heap iteration for jmap –histo
- - JDK-8215889: assert(!_unloading) failed: This oop is not available to unloading class loader data with ZGC
- - JDK-8216318: The usage of Disposer in the java.awt.Robot can be deleted
- - JDK-8216417: cleanup of IPv6 scope-id handling
- - JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java failed with UnsupportedOperation exception
- - JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX
- - JDK-8217633: Configurable extensions with system properties
- - JDK-8217882: java/net/httpclient/MaxStreams.java failed once
- - JDK-8217903: java/net/httpclient/Response204.java fails with 404
- - JDK-8218483: Crash in "assert(_daemon_threads_count->get_value() > daemon_count) failed: thread count mismatch 5 : 5"
- - JDK-8219986: Change to Xcode 10.1 for building on Macosx at Oracle
- - JDK-8220575: Correctly format test URI's that contain a retrieved IPv6 address
- - JDK-8221259: New tests for java.net.Socket to exercise long standing behavior
- - JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails on MacOS + Solaris
- - JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/FocusTraversal.java fails on ubuntu
- - JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
- - JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed()) failed: Must invalidate if TypeFuncs differ
- - JDK-8223137: Rename predicate 'do_unroll_only()' to 'is_unroll_only()'.
- - JDK-8223138: Small clean-up in loop-tree support.
- - JDK-8223139: Rename mandatory policy-do routines.
- - JDK-8223140: Clean-up in 'ok_to_convert()'
- - JDK-8223141: Change (count) suffix _ct into _cnt.
- - JDK-8223400: Replace some enums with static const members in hotspot/runtime
- - JDK-8223658: Performance regression of XML.validation in 13-b19
- - JDK-8223923: C2: Missing interference with mismatched unsafe accesses
- - JDK-8224829: AsyncSSLSocketClose.java has timing issue
- - JDK-8225083: Remove Google certificate that is expiring in December 2021
- - JDK-8226514: Replace wildcard address with loopback or local host in tests - part 17
- - JDK-8226943: compile error in libfollowref003.cpp with XCode 10.2 on macosx
- - JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed due to "SSLException: An established connection was aborted by the software in your host machine"
- - JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java fails on Windows7
- - JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently positions text
- - JDK-8230019: [REDO] compiler/types/correctness/* tests fail with "assert(recv == __null || recv->is_klass()) failed: wrong type"
- - JDK-8230067: Add optional automatic retry when running jtreg tests
- - JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests may fail on some platforms
- - JDK-8231501: VM crash in MethodData::clean_extra_data(CleanExtraDataClosure*): fatal error: unexpected tag 99
- - JDK-8233403: Improve verbosity of some httpclient tests
- - JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
- - JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on MacOS
- - JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on MacOS
- - JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
- - JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
- - JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on macos
- - JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java is failing on macos
- - JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails on macos
- - JDK-8233562: [TESTBUG] Swing StyledEditorKit test bug4506788.java fails on MacOS
- - JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing
- - JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on MacoS
- - JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos
- - JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java fails on macos
- - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
- - JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails on macos
- - JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java fails on macos
- - JDK-8233637: [TESTBUG] Swing ActionListenerCalledTwiceTest.java fails on macos
- - JDK-8233638: [TESTBUG] Swing test ScreenMenuBarInputTwice.java fails on macos
- - JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails on macos
- - JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java fails on macos
- - JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on macos
- - JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is failing on macos
- - JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is failing on macos
- - JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture Recognition in all the platforms
- - JDK-8234823: java/net/Socket/Timeouts.java testcase testTimedConnect2() fails on Windows 10
- - JDK-8235784: java/lang/invoke/VarHandles/VarHandleTestByteArrayAsInt.java fails due to timeout with fastdebug bits
- - JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -Xcomp -XX:TieredStopAtLevel=1
- - JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60), cond_wait
- - JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT, when using proxy tunnel
- - JDK-8237354: Add option to jcmd to write a gzipped heap dump
- - JDK-8237589: Fix copyright header formatting
- - JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version
- - JDK-8239334: Tab Size does not work correctly in JTextArea with setLineWrap on
- - JDK-8239422: [TESTBUG] compiler/c1/TestPrintIRDuringConstruction.java failed when C1 is disabled
- - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
- - JDK-8240256: Better resource cleaning for SunPKCS11 Provider
- - JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test Server
- - JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/bug8020708.java fails in mach5 ubuntu system
- - JDK-8242793: Incorrect copyright header in ContinuousCallSiteTargetChange.java
- - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
- - JDK-8244292: Headful clients failing with --illegal-access=deny
- - JDK-8245147: Refactor and improve utility of test/langtools/tools/javac/versions/Versions.java
- - JDK-8245165: Update bug id for javax/swing/text/StyledEditorKit/4506788/bug4506788.java in ProblemList
- - JDK-8245665: Test WeakAlg.java should only make sure no warning for weak signature algorithms by keytool on root CA
- - JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails after 8241072 (multi-homed systems)
- - JDK-8246807: Incorrect copyright header in TimeZoneDatePermissionCheck.sh
- - JDK-8247403: JShell: No custom input (e.g. from GUI) possible with JavaShellToolBuilder
- - JDK-8247510: typo in IllegalHandshakeMessage
- - JDK-8248187: [TESTBUG] javax/swing/plaf/basic/BasicGraphicsUtils/8132119/bug8132119.java fails with String is not properly drawn
- - JDK-8248341: ProblemList java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java
- - JDK-8248500: AArch64: Remove the r18 dependency on Windows AArch64
- - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
- - JDK-8249195: Change to Xcode 11.3.1 for building on Macos at Oracle
- - JDK-8250521: Configure initial RTO to use minimal retry for loopback connections on Windows
- - JDK-8250810: Push missing parts of JDK-8248817
- - JDK-8250839: Improve test template SSLEngineTemplate with SSLContextTemplate
- - JDK-8250863: Build error with GCC 10 in NetworkInterface.c and k_standard.c
- - JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/gf08t001/TestDriver.java fails
- - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
- - JDK-8251377: [macos11] JTabbedPane selected tab text is barely legible
- - JDK-8251570: JDK-8215624 causes assert(worker_id < _n_workers) failed: Invalid worker_id
- - JDK-8251930: AArch64: Native types mismatch in hotspot
- - JDK-8252049: Native memory leak in ciMethodData ctor
- - JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x friendly
- - JDK-8252114: Windows-AArch64: Enable and test ZGC and ShenandoahGC
- - JDK-8253015: Aarch64: Move linux code out from generic CPU feature detection
- - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
- - JDK-8253497: Core Libs Terminology Refresh
- - JDK-8253682: The AppletInitialFocusTest1.java is unstable
- - JDK-8253763: ParallelObjectIterator should have virtual destructor
- - JDK-8253866: Security Libs Terminology Refresh
- - JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in "try throwing in GET_BODY"
- - JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java intermittently failing with TestServer: start exception: java.io.IOException: Invalid preface
- - JDK-8255264: Support for identifying the full range of IPv4 localhost addresses on Windows
- - JDK-8255716: AArch64: Regression: JVM crashes if manually offline a core
- - JDK-8255722: Create a new test for rotated blit
- - JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad
- - JDK-8256066: Tests use deprecated TestNG API that is no longer available in new versions
- - JDK-8256152: tests fail because of ambiguous method resolution
- - JDK-8256182: Update qemu-debootstrap cross-compilation recipe
- - JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/FullscreenWindowProps.java failed
- - JDK-8256202: Some tweaks for jarsigner tests PosixPermissionsTest and SymLinkTest
- - JDK-8256372: [macos] Unexpected symbol was displayed on JTextField with Monospaced font
- - JDK-8256956: RegisterImpl::max_slots_per_register is incorrect on AMD64
- - JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with InvalidPathException on windows
- - JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
- - JDK-8259237: Demo selection changes with left/right arrow key. No need to press space for selection.
- - JDK-8260571: Add PrintMetaspaceStatistics to print metaspace statistics upon VM exit
- - JDK-8260690: JConsole User Guide Link from the Help menu is not accessible by keyboard
- - JDK-8261036: Reduce classes loaded by CleanerFactory initialization
- - JDK-8261071: AArch64: Refactor interpreter native wrappers
- - JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch implementation
- - JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled
- - JDK-8261297: NMT: Final report should use scale 1
- - JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java fails because Reserved memory size is too big
- - JDK-8261916: gtest/GTestWrapper.java vmErrorTest.unimplemented1_vm_assert failed
- - JDK-8262438: sun/security/ssl/SSLLogger/LoggingFormatConsistency.java failed with "SocketException: Socket is closed"
- - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
- - JDK-8262844: (fs) FileStore.supportsFileAttributeView might return false negative in case of ext3
- - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
- - JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
- - JDK-8263303: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
- - JDK-8263362: Avoid division by 0 in java/awt/font/TextJustifier.java justify
- - JDK-8263773: Reenable German localization for builds at Oracle
- - JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java failed with "java.lang.RuntimeException: Wrong method"
- - JDK-8264526: javax/swing/text/html/parser/Parser/8078268/bug8078268.java timeout
- - JDK-8264824: java/net/Inet6Address/B6206527.java doesn't close ServerSocket properly
- - JDK-8265019: Update tests for additional TestNG test permissions
- - JDK-8265173: [test] divert spurious log output away from stream under test in ProcessBuilder Basic test
- - JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
- - JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java
- - JDK-8266579: Update test/jdk/java/lang/ProcessHandle/PermissionTest.java & test/jdk/java/sql/testng/util/TestPolicy.java
- - JDK-8266949: Check possibility to disable OperationTimedOut on Unix
- - JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg tests on many-core machines
- - JDK-8267256: Extend minimal retry for loopback connections on Windows to PlainSocketImpl
- - JDK-8267304: Bump global JTReg memory limit to 768m
- - JDK-8267652: c2 loop unrolling by 8 results in reading memory past array
- - JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected
- - JDK-8268093: Manual Testcase: "sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE
- - JDK-8268555: Update HttpClient tests that use ITestContext to jtreg 6+1
- - JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can be in outer loop or out of both loops only
- - JDK-8269034: AccessControlException for SunPKCS11 daemon threads
- - JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to accessClassAndFindClass
- - JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
- - JDK-8269656: The test test/langtools/tools/javac/versions/Versions.java has duplicate test cycles
- - JDK-8269768: JFR Terminology Refresh
- - JDK-8269951: [macos] Focus not painted in JButton when setBorderPainted(false) is invoked
- - JDK-8269984: [macos] JTabbedPane title looks like disabled
- - JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags
- - JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to run in all LaFs, including Aqua on macOS
- - JDK-8270216: [macOS] Update named used for Java run loop mode
- - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
- - JDK-8270290: NTLM authentication fails if HEAD request is used
- - JDK-8270317: Large Allocation in CipherSuite
- - JDK-8270344: Session resumption errors
- - JDK-8270517: Add Zero support for LoongArch
- - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
- - JDK-8270886: Crash in PhaseIdealLoop::verify_strip_mined_scheduling
- - JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with "lists don't have the same size expected"
- - JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
- - JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java
- - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
- - JDK-8271490: [ppc] [s390]: Crash in JavaThread::pd_get_top_frame_for_profiling
- - JDK-8271560: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java still fails due to "An established connection was aborted by the software in your host machine"
- - JDK-8271567: AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions
- - JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
- - JDK-8272181: Windows-AArch64:Backport fix of `Backtracing broken on PAC enabled systems`
- - JDK-8272316: Wrong Boot JDK help message in 11
- - JDK-8272318: Improve performance of HeapDumpAllTest
- - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
- - JDK-8272570: C2: crash in PhaseCFG::global_code_motion
- - JDK-8272574: C2: assert(false) failed: Bad graph detected in build_loop_late
- - JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182
- - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
- - JDK-8272720: Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit
- - JDK-8272783: Epsilon: Refactor tests to improve performance
- - JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed
- - JDK-8272828: Add correct licenses to jszip.md
- - JDK-8272836: Limit run time for java/lang/invoke/LFCaching tests
- - JDK-8272850: Drop zapping values in the Zap* option descriptions
- - JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
- - JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test groups
- - JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java fails by timeout
- - JDK-8273026: Slow LoginContext.login() on multi threading application
- - JDK-8273229: Update OS detection code to recognize Windows Server 2022
- - JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on Windows 32bit
- - JDK-8273308: PatternMatchTest.java fails on CI
- - JDK-8273314: Add tier4 test groups
- - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
- - JDK-8273358: macOS Monterey does not have the font Times needed by Serif
- - JDK-8273373: Zero: Cannot invoke JVM in primordial threads on Zero
- - JDK-8273498: compiler/c2/Test7179138_1.java timed out
- - JDK-8273541: Cleaner Thread creates with normal priority instead of MAX_PRIORITY - 2
- - JDK-8273547: [11u] [JVMCI] Partial module-info.java backport of JDK-8223332
- - JDK-8273606: Zero: SPARC64 build fails with si_band type mismatch
- - JDK-8273646: Add openssl from path variable also in to Default System Openssl Path in OpensslArtifactFetcher
- - JDK-8273671: Backport of 8260616 misses one JNF header inclusion removal
- - JDK-8273790: Potential cyclic dependencies between Gregorian and CalendarSystem
- - JDK-8273795: Zero SPARC64 debug builds fail due to missing interpreter fields
- - JDK-8273826: Correct Manifest file name and NPE checks
- - JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral
- - JDK-8273924: ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add()
- - JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file path contains '+' character
- - JDK-8273968: JCK javax_xml tests fail in CI
- - JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
- - JDK-8274083: Update testing docs to mention tiered testing
- - JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork is deprecated
- - JDK-8274326: [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m
- - JDK-8274329: Fix non-portable HotSpot code in MethodMatcher::parse_method_pattern
- - JDK-8274381: missing CAccessibility definitions in JNI code
- - JDK-8274407: (tz) Update Timezone Data to 2021c
- - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
- - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
- - JDK-8274522: java/lang/management/ManagementFactory/MXBeanException.java test fails with Shenandoah
- - JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with NoSuchElementException after JDK-8271287
- - JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently fails on weak memory model platform
- - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
- - JDK-8274840: Update OS detection code to recognize Windows 11
- - JDK-8274860: gcc 10.2.1 produces an uninitialized warning in sharedRuntimeTrig.cpp
- - JDK-8275051: Shenandoah: Correct ordering of requested gc cause and gc request flag
- - JDK-8275131: Exceptions after a touchpad gesture on macOS
- - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
- - JDK-8275766: (tz) Update Timezone Data to 2021e
- - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
- - JDK-8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance
- - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
- - JDK-8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32
- - JDK-8276201: Shenandoah: Race results degenerated GC to enter wrong entry point
- - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
- - JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
- - JDK-8276774: Cookie stored in CookieHandler not sent if user headers contain cookie
- - JDK-8276854: Windows GHA builds fail due to broken Cygwin
- - JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify output array sizes
- - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
- - JDK-8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint
- - JDK-8277815: Fix mistakes in legal header backports
-
-Notes on individual issues:
-===========================
-
-core-svc/tools:
-
-JDK-8250554: New Option Added to jcmd for Writing a gzipped Heap Dump
-=====================================================================
-A new integer option `gz` has been added to the `GC.heap_dump`
-diagnostic command. If it is specified, it will enable the gzip
-compression of the written heap dump. The supplied value is the
-compression level. It can range from 1 (fastest) to 9 (slowest, but
-best compression). The recommended level is 1.
-
-security-libs/javax.net.ssl:
-
-JDK-8260310: Configurable Extensions With System Properties
-===========================================================
-Two new system properties have been added. The system property,
-`jdk.tls.client.disableExtensions`, is used to disable TLS extensions
-used in the client. The system property,
-`jdk.tls.server.disableExtensions`, is used to disable TLS extensions
-used in the server. If an extension is disabled, it will be neither
-produced nor processed in the handshake messages.
-
-The property string is a list of comma separated standard TLS
-extension names, as registered in the IANA documentation (for example,
-server_name, status_request, and signature_algorithms_cert). Note that
-the extension names are case sensitive. Unknown, unsupported,
-misspelled and duplicated TLS extension name tokens will be ignored.
-
-Please note that the impact of blocking TLS extensions is
-complicated. For example, a TLS connection may not be able to be
-established if a mandatory extension is disabled. Please do not
-disable mandatory extensions, and do not use this feature unless you
-clearly understand the impact.
-
-security-libs/javax.crypto:pkcs11:
-
-JDK-8272907: New SunPKCS11 Configuration Properties
-===================================================
-The SunPKCS11 provider gains new provider configuration attributes to
-better control native resources usage. The SunPKCS11 provider consumes
-native resources in order to work with native PKCS11 libraries. To
-manage and better control the native resources, additional
-configuration attributes are added to control the frequency of
-clearing native references as well as whether to destroy the
-underlying PKCS11 Token after logout.
-
-The 3 new attributes for the SunPKCS11 provider configuration file
-are:
-
-1) `destroyTokenAfterLogout` (boolean, defaults to false)
-
-If set to true, when `java.security.AuthProvider.logout()` is called
-upon the SunPKCS11 provider instance, the underlying Token object will
-be destroyed and resources will be freed. This essentially renders the
-SunPKCS11 provider instance unusable after `logout()` calls. Note that
-a PKCS11 provider with this attribute set to `true` should not be
-added to the system provider list since the provider object is not
-usable after a `logout()` method call.
-
-2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds)
-
-This defines the frequency for clearing native references during busy
-periods (such as, how often should the cleaner thread processes the
-no-longer-needed native references in the queue to free up native
-memory). Note that the cleaner thread will switch to the
-'longInterval' frequency after 200 failed tries (such as, when no
-references are found in the queue).
-
-3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds)
-
-This defines the frequency for checking native reference during
-non-busy period (such as, how often should the cleaner thread check
-the queue for native references). Note that the cleaner thread will
-switch back to the 'shortInterval' value if native PKCS11 references
-for cleaning are detected.
-
-core-libs/java.nio:
-
-JDK-8271517: Zip File System Provider Throws ZipException when entry name element contains "." or "."
-=====================================================================================================
-The ZIP file system provider has been changed to reject existing ZIP
-files that contain entries with "." or ".." in name elements. ZIP
-files with these entries can not be used as a file system. Invoking
-the `java.nio.file.FileSystems.newFileSystem(...)` methods will throw
-`ZipException` if the ZIP file contains these entries.
-
-security-libs/java.security:
-
-JDK-8272535: Removed Google's GlobalSign Root Certificate
-=========================================================
-The following root certificate from Google has been removed from the
-`cacerts` keystore:
-
-Alias Name: globalsignr2ca [jdk]
-Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
-
-core-libs/java.time:
-
-JDK-8274857: Update Timezone Data to 2021c
-===========================================
-IANA Time Zone Database, on which JDK's Date/Time libraries are based,
-has been updated to version 2021c
-(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
-that with this update, some of the time zone rules prior to the year
-1970 have been modified according to the changes which were introduced
-with 2021b. For more detail, refer to the announcement of 2021b
-(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
-
-New in release OpenJDK 11.0.13 (2021-10-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11013
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt
-
-* Security fixes
- - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
- - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
- - JDK-8263314: Enhance XML Dsig modes
- - JDK-8265167, CVE-2021-35556: Richer Text Editors
- - JDK-8265574: Improve handling of sheets
- - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
- - JDK-8265776: Improve Stream handling for SSL
- - JDK-8266097, CVE-2021-35561: Better hashing support
- - JDK-8266103: Better specified spec values
- - JDK-8266109: More Resilient Classloading
- - JDK-8266115: More Manifest Jar Loading
- - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
- - JDK-8266689, CVE-2021-35567: More Constrained Delegation
- - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
- - JDK-8267712: Better LDAP reference processing
- - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
- - JDK-8267735, CVE-2021-35586: Better BMP support
- - JDK-8268193: Improve requests of certificates
- - JDK-8268199: Correct certificate requests
- - JDK-8268205: Enhance DTLS client handshake
- - JDK-8268506: More Manifest Digests
- - JDK-8269618, CVE-2021-35603: Better session identification
- - JDK-8269624: Enhance method selection support
- - JDK-8270398: Enhance canonicalization
- - JDK-8270404: Better canonicalization
-* Other changes
- - JDK-8024368: private methods are allocated vtable indices
- - JDK-8042902: Test java/net/Inet6Address/serialize/Inet6AddressSerializationTest.java fails intermittently
- - JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites
- - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
- - JDK-8158066: SourceDebugExtensionTest fails to rename file
- - JDK-8168304: Make all of DependencyContext_test available in product mode
- - JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java fails intermittently with BindException
- - JDK-8181313: SA: Remove libthread_db dependency on Linux
- - JDK-8193214: Incorrect annotations.without.processors warnings with JDK 9
- - JDK-8194230: jdk/internal/jrtfs/remote/RemoteRuntimeImageTest.java fails with java.lang.NullPointerException
- - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
- - JDK-8199931: java/net/MulticastSocket/UnreferencedMulticastSockets.java fails with "incorrect data received"
- - JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK version changes
- - JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java failed on Mac 10.13 with zh_CN and zh_TW locales.
- - JDK-8207316: java/nio/channels/spi/SelectorProvider/inheritedChannel/InheritedChannelTest.java failed
- - JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64
- - JDK-8208363: test/jdk/java/lang/Package/PackageFromManifest.java missing module dependencies declaration
- - JDK-8209380: ARM: cleanup maybe-uninitialized and reorder compiler warnings
- - JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh to plain java test
- - JDK-8209772: Refactor shell test java/util/ServiceLoader/basic/basic.sh to java
- - JDK-8209773: Refactor shell test javax/naming/module/basic.sh to java
- - JDK-8209832: Refactor jdk/internal/reflect/Reflection/GetCallerClassTest.sh to plain java test
- - JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh to plain java test
- - JDK-8210406: Refactor java.util.PluggableLocale:i18n shell tests to plain java tests
- - JDK-8210407: Refactor java.util.Calendar:i18n shell tests to plain java tests
- - JDK-8210495: compiler crashes because of illegal signature in otherwise legal code
- - JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time image layout
- - JDK-8210802: temp files left by tests in jdk/java/net/httpclient
- - JDK-8210819: Update the host name in CNameTest.java
- - JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain java test
- - JDK-8210934: Move sun/net/www/protocol/http/GetErrorStream.java to OpenJDK
- - JDK-8210959: JShell fails and exits when statement throws an exception whose message contains a '%'.
- - JDK-8211055: Provide print to a file (PDF) feature even when printer was not connected
- - JDK-8211092: test/jdk/sun/net/www/http/HttpClient/MultiThreadTest.java fails intermittently when cleaning up
- - JDK-8211296: Remove HotSpot deprecation warning suppression for Mac/clang
- - JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails with cleaning up
- - JDK-8212040: Compilation error due to wrong usage of NSPrintJobDispositionValue in mac10.12
- - JDK-8212695: Add explicit timeout to several HTTP Client tests
- - JDK-8212718: Refactor some annotation processor tests to better use collections
- - JDK-8213007: Update the link in test/jdk/sun/security/provider/SecureRandom/DrbgCavp.java
- - JDK-8213137: Remove static initialization of monitor/mutex instances
- - JDK-8213235: java/nio/channels/SocketChannel/AsyncCloseChannel.java fails with threads that didn't exit
- - JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests to plain java tests
- - JDK-8213576: Make test AsyncCloseChannel.java run in othervm
- - JDK-8213694: Test Timeout.java should run in othervm mode
- - JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/except/except002 and except003
- - JDK-8213922: fix ctw stand-alone build
- - JDK-8214195: Align stdout messages in test/jdk/java/math/BigInteger/PrimitiveConversionTests.java
- - JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java failed with incorrect jtreg tags order
- - JDK-8214937: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed due to unexpected expiration date
- - JDK-8216532: tools/launcher/Test7029048.java fails (Solaris)
- - JDK-8217825: Verify @AfterTest is used correctly in WebSocket tests
- - JDK-8218145: block_if_requested is not proper inlined due to size
- - JDK-8219417: bump jtreg requiredVersion to b14
- - JDK-8219552: bump jtreg requiredVersion to b14 in test/jdk/sanity/client/
- - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
- - JDK-8220445: Support for side by side MSVC Toolset versions
- - JDK-8221988: add possibility to build with Visual Studio 2019
- - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
- - JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use Dependencies::find_unique_concrete_method() for non-virtual methods
- - JDK-8224853: CDS address sanitizer errors
- - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
- - JDK-8225583: Examine the HttpResponse.BodySubscribers for null handling and multiple subscriptions
- - JDK-8225690: Multiple AttachListener threads can be created
- - JDK-8225790: Two NestedDialogs tests fail on Ubuntu
- - JDK-8226319: Add forgotten test/jdk/java/net/httpclient/BodySubscribersTest.java
- - JDK-8226533: JVMCI: findUniqueConcreteMethod should handle statically bindable methods directly
- - JDK-8226602: Test convenience reactive primitives from java.net.http with RS TCK
- - JDK-8226683: Remove review suggestion from fix to 8219804
- - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
- - JDK-8227766: CheckUnhandledOops is broken in MemAllocator
- - JDK-8227815: Minimal VM: set_state is not a member of AttachListener
- - JDK-8230674: Heap dumps should exclude dormant CDS archived objects of unloaded classes
- - JDK-8230808: Remove Access::equals()
- - JDK-8230841: Remove oopDesc::equals()
- - JDK-8231717: Improve performance of charset decoding when charset is always compactable
- - JDK-8232243: Wrong caret position in JTextPane on Windows with a screen resolution > 100%
- - JDK-8232782: Shenandoah: streamline post-LRB CAS barrier (aarch64)
- - JDK-8233790: Forward output from heap dumper to jcmd/jmap
- - JDK-8233989: Create an IPv4 version of java/net/MulticastSocket/SetLoopbackMode.java
- - JDK-8234510: Remove file seeking requirement for writing a heap dump
- - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file
- - JDK-8235216: typo in test filename
- - JDK-8235866: bump jtreg requiredVersion to 4.2b16
- - JDK-8236111: narrow allowSmartActionArgs disabling
- - JDK-8236413: AbstractConnectTimeout should tolerate both NoRouteToHostException and UnresolvedAddressException
- - JDK-8236671: NullPointerException in JKS keystore
- - JDK-8238930: problem list compiler/c2/Test8004741.java
- - JDK-8238943: switch to jtreg 5.0
- - JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS breaks QuietOption.java test
- - JDK-8240983: Incorrect copyright header in Apache Santuario 2.1.3 files
- - JDK-8241336: Some java.net tests failed with NoRouteToHostException on MacOS with special network configuration
- - JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler
- - JDK-8241768: git needs .gitattributes
- - JDK-8242882: opening jar file with large manifest might throw NegativeArraySizeException
- - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty"
- - JDK-8245134: test/lib/jdk/test/lib/security/KeyStoreUtils.java should allow to specify aliases
- - JDK-8246261: TCKLocalTime.java failed due to "AssertionError: expected [18:14:22] but found [18:14:23]"
- - JDK-8246387: switch to jtreg 5.1
- - JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed allocating blob
- - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
- - JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/TextLayout/ArabicDiacriticTest.java can leave frame open
- - JDK-8248403: AArch64: Remove uses of kernel integer types
- - JDK-8248414: AArch64: Remove uses of long and unsigned long ints
- - JDK-8248657: Windows: strengthening in ThreadCritical regarding memory model
- - JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread
- - JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC
- - JDK-8248671: AArch64: Remove unused variables
- - JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper
- - JDK-8248816: C1: Fix signature conflict in LIRGenerator::strength_reduce_multiply
- - JDK-8249095: tools/javac/launcher/SourceLauncherTest.java fails on Windows
- - JDK-8249548: backward focus traversal gets stuck in button group
- - JDK-8249773: Upgrade ReceiveISA.java test to be resilient to failure due to stray packets and interference
- - JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o bug-id
- - JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses @ignore w/o bug-id
- - JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses @ignore w/o bug-id
- - JDK-8250588: Shenandoah: LRB needs to save/restore fp registers for runtime call
- - JDK-8250824: AArch64: follow up for JDK-8248414
- - JDK-8251166: Add automated testcases for changes done in JDK-8214112
- - JDK-8251252: Add automated testcase for fix done in JDK-8214253
- - JDK-8251254: Add automated test for fix done in JDK-8218472
- - JDK-8251361: Potential race between Logger configuration and GCs in HttpURLConWithProxy test
- - JDK-8251549: Update docs on building for Git
- - JDK-8251945: SIGSEGV in PackageEntry::purge_qualified_exports()
- - JDK-8252194: Add automated test for fix done in JDK-8218469
- - JDK-8252648: Shenandoah: name gang tasks consistently
- - JDK-8252825: Add automated test for fix done in JDK-8218479
- - JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java fails intermittently with C1
- - JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially consistent
- - JDK-8253048: AArch64: When CallLeaf, no need to preserve callee-saved registers in caller
- - JDK-8253424: Add support for running pre-submit testing using GitHub Actions
- - JDK-8253631: Remove unimplemented CompileBroker methods after JEP-165
- - JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably
- - JDK-8253899: Make IsClassUnloadingEnabled signature match specification
- - JDK-8254024: Enhance native libs for AWT and Swing to work with GraalVM Native Image
- - JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command
- - JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow
- - JDK-8254175: Build no-pch configuration in debug mode for submit checks
- - JDK-8254244: Some code emitted by TemplateTable::branch is unused when running TieredCompilation
- - JDK-8254270: linux 32 bit build doesn't compile libjdwp/log_messages.c
- - JDK-8254282: Add Linux x86_32 builds to submit workflow
- - JDK-8254850: Update terminology in java.awt.GridBagLayout source code comments
- - JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
- - JDK-8255305: Add Linux x86_32 tier1 to submit workflow
- - JDK-8255352: Archive important test outputs in submit workflow
- - JDK-8255373: Submit workflow artifact name is always "test-results_.zip"
- - JDK-8255452: Doing GC during JVMTI MethodExit event posting breaks return oop
- - JDK-8255718: Zero: VM should know it runs in interpreter-only mode
- - JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F on Manjaro Linux
- - JDK-8255810: Zero: build fails without JVMTI
- - JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch
- - JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow
- - JDK-8256215: Shenandoah: re-organize saving/restoring machine state in assembler code
- - JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for x86_32 and lower -XX:+UseSSE
- - JDK-8256277: Github Action build on macOS should define OS and Xcode versions
- - JDK-8256354: Github Action build on Windows should define OS and MSVC versions
- - JDK-8256393: Github Actions build on Linux should define OS and GCC versions
- - JDK-8256414: add optimized build to submit workflow
- - JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing
- - JDK-8257056: Submit workflow should apt-get update to avoid package installation errors
- - JDK-8257148: Remove obsolete code in AWTView.m
- - JDK-8257497: Update keytool to create AKID from the SKID of the issuing certificate as specified by RFC 5280
- - JDK-8257620: Do not use objc_msgSend_stret to get macOS version
- - JDK-8257913: Add more known library locations to simplify Linux cross-compilation
- - JDK-8258703: Incorrect 512-bit vector registers restore on x86_32
- - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
- - JDK-8259535: ECDSA SignatureValue do not always have the specified length
- - JDK-8259679: GitHub actions should use MSVC 14.28
- - JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386"
- - JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386"
- - JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
- - JDK-8260923: Add more tests for SSLSocket input/output shutdown
- - JDK-8261072: AArch64: Fix MacroAssembler::get_thread convention
- - JDK-8261147: C2: Node is wrongly marked as reduction resulting in a wrong execution due to wrong vector instructions
- - JDK-8261238: NMT should not limit baselining by size threshold
- - JDK-8261496: Shenandoah: reconsider pacing updates memory ordering
- - JDK-8261652: Remove some dead comments from os_bsd_x86
- - JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync with the StackFrameStream
- - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
- - JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
- - JDK-8262392: Update Mesa 3-D Headers to version 21.0.3
- - JDK-8262409: sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions. SSL test failures caused by java failed with "Server reported the wrong exception"
- - JDK-8262470: Printed GlyphVector outline with low DPI has bad quality on Windows
- - JDK-8262862: Harden tests sun/security/x509/URICertStore/ExtensionsWithLDAP.java and krb5/canonicalize/Test.java
- - JDK-8263136: C4530 was reported from VS 2019 at access bridge
- - JDK-8263227: C2: inconsistent spilling due to dead nodes in exception block
- - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
- - JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X)
- - JDK-8263432: javac may report an invalid package/class clash on case insensitive filesystems
- - JDK-8263490: [macos] Crash occurs on JPasswordField with activated InputMethod
- - JDK-8263531: Remove unused buffer int
- - JDK-8263667: Avoid running GitHub actions on branches named pr/*
- - JDK-8263776: [JVMCI] add helper to perform Java upcalls
- - JDK-8264016: [JVMCI] add some thread local fields for use by JVMCI
- - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
- - JDK-8265132: C2 compilation fails with assert "missing precedence edge"
- - JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after fix for JDK-8264821
- - JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay description
- - JDK-8265756: AArch64: initialize memory allocated for locals according to Windows AArch64 stack page growth requirement in template interpreter
- - JDK-8265761: Font with missed font family name is not properly printed on Windows
- - JDK-8265773: incorrect jdeps message "jdk8internals" to describe a removed JDK internal API
- - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
- - JDK-8266018: Shenandoah: fix an incorrect assert
- - JDK-8266206: Build failure after JDK-8264752 with older GCCs
- - JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
- - JDK-8266288: assert root method not found in witnessed_reabstraction_in_supers is too strong
- - JDK-8266404: Fatal error report generated with -XX:+CrashOnOutOfMemoryError should not contain suggestion to submit a bug report
- - JDK-8266480: Implicit null check optimization does not update control of hoisted memory operation
- - JDK-8266615: C2 incorrectly folds subtype checks involving an interface array
- - JDK-8266642: Improve ResolvedMethodTable hash function
- - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
- - JDK-8266761: AssertionError in sun.net.httpserver.ServerImpl.responseCompleted
- - JDK-8266813: Shenandoah: Use shorter instruction sequence for checking if marking in progress
- - JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due to uninitialized BasicObjectLock::_displaced_header
- - JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use Metaspace with less classes
- - JDK-8267396: Avoid recording "pc" in unhandled oops detector for better performance
- - JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java test failed with assertion
- - JDK-8267424: CTW: C1 fails with "State must not be null"
- - JDK-8267459: Pasting Unicode characters into JShell does not work.
- - JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
- - JDK-8267666: Add option to jcmd GC.heap_dump to use existing file
- - JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13
- - JDK-8267751: (test) jtreg.SkippedException has no serial VersionUID
- - JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle min_jint correctly
- - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
- - JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
- - JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info.
- - JDK-8268347: C2: nested locks optimization may create unbalanced monitor enter/exit code
- - JDK-8268360: Missing check for infinite loop during node placement
- - JDK-8268362: [REDO] C2 crash when compile negative Arrays.copyOf length after loop
- - JDK-8268366: Incorrect calculation of has_fpu_registers in C1 linear scan
- - JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to missing null check
- - JDK-8268417: Add test from JDK-8268360
- - JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance
- - JDK-8268617: [11u REDO] - WebSocket over authenticating proxy fails with NPE
- - JDK-8268620: InfiniteLoopException test may fail on x86 platforms
- - JDK-8268635: Corrupt oop in ClassLoaderData
- - JDK-8268699: Shenandoah: Add test for JDK-8268127
- - JDK-8268771: javadoc -notimestamp option does not work on index.html
- - JDK-8268775: Password is being converted to String in AccessibleJPasswordField
- - JDK-8268776: Test `ADatagramSocket.java` missing /othervm from @run tag
- - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
- - JDK-8269304: Regression ~5% in 2005 in b27
- - JDK-8269415: [11u] Remove ea from DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u
- - JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient
- - JDK-8269529: javax/swing/reliability/HangDuringStaticInitialization.java fails in Windows debug build
- - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
- - JDK-8269614: [s390] Interpreter checks wrong bit for slow path instance allocation
- - JDK-8269650: Optimize gc-locker in [Get|Release]StringCritical for latin string
- - JDK-8269661: JNI_GetStringCritical does not lock char array
- - JDK-8269668: [aarch64] java.library.path not including /usr/lib64
- - JDK-8269763: The JEditorPane is blank after JDK-8265167
- - JDK-8269795: C2: Out of bounds array load floats above its range check in loop peeling resulting in SEGV
- - JDK-8269847: JDK-8269594 backport breaks 11u builds
- - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0
- - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
- - JDK-8269882: stack-use-after-scope in NewObjectA
- - JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
- - JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode
- - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
- - JDK-8270184: [TESTBUG] Add coverage for jvmci ResolvedJavaType.toJavaName() for lambdas
- - JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns incorrect type name for lambdas
- - JDK-8270556: Exclude security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA
- - JDK-8270893: IndexOutOfBoundsException while reading large TIFF file
- - JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies
- - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
- - JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
- - JDK-8272197: Update 11u GHA workflow with Shenandoah configurations
- - JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790
- - JDK-8272472: StackGuardPages test doesn't build with glibc 2.34
- - JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used
- - JDK-8272628: Problemlist gc/stress/gcbasher/TestGCBasherWithCMS.java for x86_32
- - JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848
- - JDK-8272772: Shenandoah: compiler/c2/aarch64/TestVolatilesShenandoah.java fails in 11u
- - JDK-8273939: Backport of 8248414 to JDK11 breaks MacroAssembler::adrp
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8271434: Removed IdenTrust Root Certificate
-===============================================
-The following root certificate from IdenTrust has been removed from
-the `cacerts` keystore:
-
-Alias Name: identrustdstx3 [jdk]
-Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
-
-JDK-8261922: Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280
-=====================================================================================================
-The `gencert` command of the `keytool` utility has been updated to
-create AKID from the SKID of the issuing certificate as specified by
-RFC 5280.
-
-security-libs/javax.net.ssl:
-
-JDK-8210799: ChaCha20 and Poly1305 TLS Cipher Suites
-====================================================
-New TLS cipher suites using the `ChaCha20-Poly1305` algorithm have
-been added to JSSE. These cipher suites are enabled by default. The
-TLS_CHACHA20_POLY1305_SHA256 cipher suite is available for TLS 1.3.
-The following cipher suites are available for TLS 1.2:
-
-* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
-
-Refer to the "Java Secure Socket Extension (JSSE) Reference Guide" for
-details on these new TLS cipher suites.
-
-JDK-8219551: Updated the Default Enabled Cipher Suites Preference
-=================================================================
-The preference of the default enabled cipher suites has been
-changed. The compatibility impact should be minimal. If needed,
-applications can customize the enabled cipher suites and the
-preference. For more details, refer to the SunJSSE provider
-documentation and the JSSE Reference Guide documentation.
-
-New in release OpenJDK 11.0.12 (2021-07-20):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11012
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.12.txt
-
-* Security fixes
- - JDK-8256157: Improve bytecode assembly
- - JDK-8256491: Better HTTP transport
- - JDK-8258432, CVE-2021-2341: Improve file transfers
- - JDK-8260453: Improve Font Bounding
- - JDK-8260960: Signs of jarsigner signing
- - JDK-8260967, CVE-2021-2369: Better jar file validation
- - JDK-8262380: Enhance XML processing passes
- - JDK-8262403: Enhanced data transfer
- - JDK-8262410: Enhanced rules for zones
- - JDK-8262477: Enhance String Conclusions
- - JDK-8262967: Improve Zip file support
- - JDK-8264066, CVE-2021-2388: Enhance compiler validation
- - JDK-8264079: Improve abstractions
- - JDK-8264460: Improve NTLM support
-* Other changes
- - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
- - JDK-7106851: Test should not use System.exit
- - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
- - JDK-8076190: Customizing the generation of a PKCS12 keystore
- - JDK-8153005: Upgrade the default PKCS12 encryption/MAC algorithms
- - JDK-8171303: sun/java2d/pipe/InterpolationQualityTest.java fails on Windows & Linux
- - JDK-8177068: incomplete classpath causes NPE in Flow
- - JDK-8185734: [Windows] Structured Exception Catcher missing around gtest execution
- - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
- - JDK-8190763: Class cast exception on (CompoundEdit) UndoableEditEvent.getEdit()
- - JDK-8195841: PNGImageReader.readNullTerminatedString() doesnt check for non-null terminated strings with length equal to maxLen
- - JDK-8196100: javax/swing/text/JTextComponent/5074573/bug5074573.java fails
- - JDK-8199646: JShell tests: jdk/jshell/FailOverDirectExecutionControlTest.java failed with java.lang.UnsupportedOperationException
- - JDK-8206925: Support the certificate_authorities extension
- - JDK-8207160: ClassReader::adjustMethodParams can potentially return null if the args list is empty
- - JDK-8207247: AARCH64: Enable Minimal and Client VM builds
- - JDK-8207404: MulticastSocket tests failing on AIX
- - JDK-8207779: Method::is_valid_method() compares 'this' with NULL
- - JDK-8208061: runtime/LoadClass/TestResize.java fails with "Load factor too high" when running in CDS mode.
- - JDK-8209459: TestSHA512MultiBlockIntrinsics failed on AArch64
- - JDK-8210443: Migrate Locale matching tests to JDK Repo.
- - JDK-8213231: ThreadSnapshot::_threadObj can become stale
- - JDK-8213483: ARM32: runtime/ErrorHandling/ShowRegistersOnAssertTest.java jtreg test fail
- - JDK-8213725: JShell NullPointerException due to class file with unexpected package
- - JDK-8213794: ARM32: disable TypeProfiling, CriticalJNINatives, Serviceablity tests for ARM32
- - JDK-8213845: ARM32: Interpreter doesn't call result handler after native calls
- - JDK-8214128: ARM32: wrong stack alignment on Deoptimization::unpack_frames
- - JDK-8214512: ARM32: Jtreg test compiler/c2/Test8062950.java fails on ARM
- - JDK-8214854: JDWP: Unforseen output truncation in logging
- - JDK-8214922: Add vectorization support for fmin/fmax
- - JDK-8215009: GCC 8 compilation error in libjli
- - JDK-8216184: CDS/appCDS tests failed on Windows due to long path to a classlist file
- - JDK-8216259: AArch64: Vectorize Adler32 intrinsics
- - JDK-8216314: SIGILL in CodeHeapState::print_names()
- - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
- - JDK-8217465: [REDO] - Optimize CodeHeap Analytics
- - JDK-8217561: X86: Add floating-point Math.min/max intrinsics
- - JDK-8217918: C2: -XX:+AggressiveUnboxing is broken
- - JDK-8218458: [TESTBUG] runtime/NMT/CheckForProperDetailStackTrace.java fails with Expected stack trace missing from output
- - JDK-8219142: Remove unused JIMAGE_ResourcePath
- - JDK-8219586: CodeHeap State Analytics processes dead nmethods
- - JDK-8220074: Clean up GCC 8.3 errors in LittleCMS
- - JDK-8220407: compiler/intrinsics/math/TestFpMinMaxIntrinsics.java timedout
- - JDK-8222302: [TESTBUG]test/hotspot/jtreg/compiler/intrinsics/sha/cli/TestUseSHAOptionOnUnsupportedCPU.java fails on any other CPU
- - JDK-8222412: AARCH64: multiple instructions encoding issues
- - JDK-8223020: aarch64: expand minI_rReg and maxI_rReg patterns into separate instructions
- - JDK-8223444: Improve CodeHeap Free Space Management
- - JDK-8223504: Improve performance of forall loops by better inlining of "iterator()" methods
- - JDK-8223667: ASAN build broken
- - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
- - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
- - JDK-8225438: javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java failed with Read timed out
- - JDK-8225756: [testbug] compiler/loopstripmining/CheckLoopStripMining.java sets too short a SafepointTimeoutDelay
- - JDK-8226374: Restrict TLS signature schemes and named groups
- - JDK-8226627: assert(t->singleton()) failed: must be a constant
- - JDK-8226721: Missing intrinsics for Math.ceil, floor, rint
- - JDK-8227080: (fs) Files.newInputStream(...).skip(n) is slow
- - JDK-8227222: vmTestbase/jit/FloatingPoint/gen_math/Loops04/Loops04.java failed XMM register should be 0-15
- - JDK-8227609: (fs) Files.newInputStream(...).skip(n) should allow skipping beyond file size
- - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
- - JDK-8231460: Performance issue (CodeHeap) with large free blocks
- - JDK-8231713: x86_32 build failures after JDK-8226721 (Missing intrinsics for Math.ceil, floor, rint)
- - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
- - JDK-8232084: HotSpot build failed with GCC 9.2.1
- - JDK-8232591: AArch64: Add missing match rules for smaddl, smsubl and smnegl
- - JDK-8233185: HttpServer.stop() blocks indefinitely when called on dispatch thread
- - JDK-8233787: Break cycle in vm_version* includes
- - JDK-8233948: AArch64: Incorrect mapping between OptoReg and VMReg for high 64 bits of Vector Register
- - JDK-8234355: Buffer overflow in jcmd GC.class_stats due to too many classes
- - JDK-8235368: Update BCEL to Version 6.4.1
- - JDK-8236859: WebSocket over authenticating proxy fails with NPE
- - JDK-8236992: AArch64: remove redundant load_klass in itable stub
- - JDK-8237743: test/langtools/jdk/jshell/FailOverExecutionControlTest.java fails No ExecutionControlProvider with name 'nonExistent' and parameter keys: []
- - JDK-8237804: sun/security/mscapi tests fail with "Key pair not generated, alias <nnnnnn> already exists"
- - JDK-8238175: CTW: Class.getDeclaredMethods fails with assert(k->is_subclass_of(SystemDictionary::Throwable_klass())) failed: invalid exception class
- - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
- - JDK-8238812: assert(false) failed: bad AD file
- - JDK-8239312: [macos] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java
- - JDK-8239386: handle ContendedPaddingWidth in vm_version_aarch64
- - JDK-8239536: Can't use `java.util.List` object after importing `java.awt.List`
- - JDK-8240487: Cleanup whitespace in .cc, .hh, .m, and .mm files
- - JDK-8240848: ArrayIndexOutOfBoundsException buf for TextCallbackHandler
- - JDK-8241082: Upgrade IANA Language Subtag Registry data to 03-16-2020 version
- - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
- - JDK-8241101: [s390] jtreg test failure after JDK-8238696: not conformant features string
- - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
- - JDK-8241372: Several test failures due to javax.net.ssl.SSLException: Connection reset
- - JDK-8241475: AArch64: Add missing support for PopCountVI node
- - JDK-8241829: Cleanup the code for PrinterJob on windows
- - JDK-8241960: The SHA3 message digests impl of SUN provider are not thread safe after cloned
- - JDK-8242010: Upgrade IANA Language Subtag Registry to Version 2020-04-01
- - JDK-8242429: Better implementation for sign extract
- - JDK-8242557: Add length limit for strings in PNGImageWriter
- - JDK-8242919: Paste locks up jshell
- - JDK-8243155: AArch64: Add support for SqrtVF
- - JDK-8243240: AArch64: Add support for MulVB
- - JDK-8243452: JFR: Could not create chunk in repository with over 200 recordings
- - JDK-8243559: Remove root certificates with 1024-bit keys
- - JDK-8243597: AArch64: Add support for integer vector abs
- - JDK-8244031: HttpClient should have more tests for HEAD requests
- - JDK-8244205: HTTP/2 tunnel connections through proxy may be reused regardless of which proxy is selected
- - JDK-8244847: Linux/PPC: runtime/CompressedOops/CompressedClassPointers: smallHeapTest fails
- - JDK-8245511: G1 adaptive IHOP does not account for reclamation of humongous objects by young GC
- - JDK-8246274: G1 old gen allocation tracking is not in a separate class
- - JDK-8247354: [aarch64] PopFrame causes assert(oopDesc::is_oop(obj)) failed: not an oop
- - JDK-8247408: IdealGraph bit check expression canonicalization
- - JDK-8247432: Update IANA Language Subtag Registry to Version 2020-09-29
- - JDK-8247438: JShell: When FailOverExecutionControlProvider fails the proximal cause is not shown
- - JDK-8247753: UIManager.getSytemLookAndFeelClassName() returns wrong value on Fedora 32
- - JDK-8248043: Need to eliminate excessive i2l conversions
- - JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
- - JDK-8248568: compiler/c2/TestBit.java failed: test missing from stdout/stderr
- - JDK-8248870: AARCH64: I2L/L2I conversions can be skipped for masked positive values
- - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
- - JDK-8249189: AARCH64: more L2I conversions can be skipped
- - JDK-8249719: MethodHandle performance suffers from bad ResolvedMethodTable hash function
- - JDK-8249875: GCC 10 warnings -Wtype-limits with JFR code
- - JDK-8250635: MethodArityHistogram should use Compile_lock in favour of fancy checks
- - JDK-8250876: Fix issues with cross-compile on macos
- - JDK-8251031: Some vmTestbase/nsk/monitoring/RuntimeMXBean tests fail with hostnames starting from digits
- - JDK-8251525: AARCH64: Faster Math.signum(fp)
- - JDK-8252259: AArch64: Adjust default value of FLOATPRESSURE
- - JDK-8252311: AArch64: save two words in itable lookup stub
- - JDK-8252779: compiler/graalunit/HotspotTest.java failed after 8251525
- - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
- - JDK-8253167: ARM32 builds fail after JDK-8247910
- - JDK-8253572: [windows] CDS archive may fail to open with long file names
- - JDK-8253923: C2 doesn't always run loop opts for compilations that include loops
- - JDK-8253948: Memory leak in ImageFileReader
- - JDK-8254631: Better support ALPN byte wire values in SunJSSE
- - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
- - JDK-8255086: Update the root locale display names
- - JDK-8255625: AArch64: Implement Base64.encodeBlock accelerator/intrinsic
- - JDK-8255763: C2: OSR miscompilation caused by invalid memory instruction placement
- - JDK-8255992: JFR EventWriter does not use first string from StringPool with id 0
- - JDK-8256037: [TESTBUG] com/sun/jndi/dns/ConfigTests/PortUnreachable.java fails due to the hard coded threshold is small
- - JDK-8256244: java/lang/ProcessHandle/PermissionTest.java fails with TestNG 7.1
- - JDK-8256287: [windows] add loop fuse to map_or_reserve_memory_aligned
- - JDK-8256523: Streamline Java SHA2 implementation
- - JDK-8257414: Drag n Drop target area is wrong on high DPI systems
- - JDK-8257569: Failure observed with JfrVirtualMemory::initialize
- - JDK-8257574: C2: "failed: parsing found no loops but there are some" assert failure
- - JDK-8257580: Bump update version for OpenJDK: jdk-11.0.12
- - JDK-8257604: JNI_ArgumentPusherVaArg leaks valist
- - JDK-8257621: JFR StringPool misses cached items across consecutive recordings
- - JDK-8257796: [TESTBUG] TestUseSHA512IntrinsicsOptionOnSupportedCPU.java fails on x86_32
- - JDK-8257822: C2 crashes with SIGFPE due to a division that floats above its zero check
- - JDK-8257828: SafeFetch may crash if invoked in non-JavaThreads
- - JDK-8257853: Remove dependencies on JNF's JNI utility functions in AWT and 2D code
- - JDK-8257858: [macOS]: Remove JNF dependency from libosxsecurity/KeystoreImpl.m
- - JDK-8257860: [macOS]: Remove JNF dependency from libosxkrb5/SCDynamicStoreConfig.m
- - JDK-8257988: Remove JNF dependency from libsaproc/MacosxDebuggerLocal.m
- - JDK-8258414: OldObjectSample events too expensive
- - JDK-8258505: [TESTBUG] TestDivZeroWithSplitIf.java fails due to missing UnlockDiagnosticVMOptions
- - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
- - JDK-8259061: C2: assert(found) failed: memory-writing node is not placed in its original loop or an ancestor of it
- - JDK-8259227: C2 crashes with SIGFPE due to a division that floats above its zero check
- - JDK-8259232: Bad JNI lookup during printing
- - JDK-8259276: C2: Empty expression stack when reexecuting tableswitch/lookupswitch instructions after deoptimization
- - JDK-8259343: [macOS] Update JNI error handling in Cocoa code.
- - JDK-8259585: Accessible actions do not work on mac os x
- - JDK-8259651: [macOS] Replace JNF_COCOA_ENTER/EXIT macros
- - JDK-8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl
- - JDK-8259710: Inlining trace leaks memory
- - JDK-8259729: Missed JNFInstanceOf -> IsInstanceOf conversion
- - JDK-8259777: Incorrect predication condition generated by ADLC
- - JDK-8259786: initialize last parameter of getpwuid_r
- - JDK-8259843: initialize dli_fname array before calling dll_address_to_library_name
- - JDK-8259869: [macOS] Remove desktop module dependencies on JNF Reference APIs
- - JDK-8259886: Improve SSL session cache performance and scalability
- - JDK-8259983: do not use uninitialized expand_ms value in G1CollectedHeap::expand_heap_after_young_collection
- - JDK-8260030: Improve stringStream buffer handling
- - JDK-8260236: better init AnnotationCollector _contended_group
- - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
- - JDK-8260284: C2: assert(_base == Int) failed: Not an Int
- - JDK-8260380: Upgrade to LittleCMS 2.12
- - JDK-8260420: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
- - JDK-8260426: awt debug_mem.c DMem_AllocateBlock might leak memory
- - JDK-8260432: allocateSpaceForGP in freetypeScaler.c might leak memory
- - JDK-8260616: Removing remaining JNF dependencies in the java.desktop module
- - JDK-8260653: Unreachable nodes keep speculative types alive
- - JDK-8260707: java/lang/instrument/PremainClass/InheritAgent0100.java times out
- - JDK-8260925: HttpsURLConnection does not work with other JSSE provider.
- - JDK-8260926: Trace resource exhausted events unconditionally
- - JDK-8261020: Wrong format parameter in create_emergency_chunk_path
- - JDK-8261027: AArch64: Support for LSE atomics C++ HotSpot code
- - JDK-8261167: print_process_memory_info add a close call after fopen
- - JDK-8261170: Upgrade to freetype 2.10.4
- - JDK-8261198: [macOS] Incorrect JNI parameters in number conversion in A11Y code
- - JDK-8261235: C1 compilation fails with assert(res->vreg_number() == index) failed: conversion check
- - JDK-8261261: The version extra fields needs to be overridable in jib-profiles.js
- - JDK-8261262: Kitchensink24HStress.java crashed with EXCEPTION_ACCESS_VIOLATION
- - JDK-8261354: SIGSEGV at MethodIteratorHost
- - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
- - JDK-8261397: try catch Method failing to work when dividing an integer by 0
- - JDK-8261422: Adjust problematic String.format calls in jdk/internal/util/Preconditions.java outOfBoundsMessage
- - JDK-8261447: MethodInvocationCounters frequently run into overflow
- - JDK-8261481: Cannot read Kerberos settings in dynamic store on macOS Big Sur
- - JDK-8261505: Test test/hotspot/jtreg/gc/parallel/TestDynShrinkHeap.java killed by Linux OOM Killer
- - JDK-8261601: free memory in early return in Java_sun_nio_ch_sctp_SctpChannelImpl_receive0
- - JDK-8261649: AArch64: Optimize LSE atomics in C++ code
- - JDK-8261730: C2 compilation fails with assert(store->find_edge(load) != -1) failed: missing precedence edge
- - JDK-8261752: Multiple GC test are missing memory requirements
- - JDK-8261791: (sctp) handleSendFailed in SctpChannelImpl.c potential leaks
- - JDK-8261812: C2 compilation fails with assert(!had_error) failed: bad dominance
- - JDK-8261914: IfNode::fold_compares_helper faces non-canonicalized bool when running JRuby JSON workload
- - JDK-8262093: java/util/concurrent/tck/JSR166TestCase.java failed "assert(false) failed: unexpected node"
- - JDK-8262110: DST starts from incorrect time in 2038
- - JDK-8262121: [11u] Redo 8244287: JFR: Methods samples have line number 0
- - JDK-8262163: Extend settings printout in jcmd VM.metaspace
- - JDK-8262295: C2: Out-of-Bounds Array Load from Clone Source
- - JDK-8262298: G1BarrierSetC2::step_over_gc_barrier fails with assert "bad barrier shape"
- - JDK-8262446: DragAndDrop hangs on Windows
- - JDK-8262461: handle wcstombsdmp return value correctly in unix awt_InputMethod.c
- - JDK-8262465: Very long compilation times and high memory consumption in C2 debug builds
- - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
- - JDK-8262739: String inflation C2 intrinsic prevents insertion of anti-dependencies
- - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
- - JDK-8262837: handle split_USE correctly
- - JDK-8262900: ToolBasicTest fails to access HTTP server it starts
- - JDK-8263260: [s390] Support latest hardware (z14 and z15)
- - JDK-8263311: Watch registry changes for remote printers update instead of polling
- - JDK-8263361: Incorrect arraycopy stub selected by C2 for SATB collectors
- - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
- - JDK-8263425: AArch64: two potential bugs in C1 LIRGenerator::generate_address()
- - JDK-8263448: CTW: fatal error: meet not symmetric
- - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
- - JDK-8263557: Possible NULL dereference in Arena::destruct_contents()
- - JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true
- - JDK-8263676: AArch64: one potential bug in C1 LIRGenerator::generate_address()
- - JDK-8263729: [test] divert spurious output away from stream under test in ProcessBuilder Basic test
- - JDK-8263846: Bad JNI lookup getFocusOwner in accessibility code on Mac OS X
- - JDK-8264047: Duplicate global variable 'jvm' in libjavajpeg and libawt
- - JDK-8264096: slowdebug jvm crashes when StrInflatedCopy match rule is not supported
- - JDK-8264151: ciMethod::ensure_method_data() should return false is loading resulted in empty state
- - JDK-8264173: [s390] Improve Hardware Feature Detection And Reporting
- - JDK-8264190: Harden TLS interop tests
- - JDK-8264223: CodeHeap::verify fails extra_hops assertion in fastdebug test
- - JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
- - JDK-8264360: Loop strip mining verification fails with "should be on the backedge"
- - JDK-8264626: C1 should be able to inline excluded methods
- - JDK-8264640: CMS ParScanClosure misses a barrier
- - JDK-8264786: [macos] All Swing/AWT apps cause Allow Notifications prompt to appear when app is launched
- - JDK-8264821: DirectIOTest fails on a system with large block size
- - JDK-8264848: [macos] libjvm.dylib linker warning due to macOS version mismatch
- - JDK-8264923: PNGImageWriter.write_zTXt throws Exception with a typo
- - JDK-8264958: C2 compilation fails with assert "n is later than its clone"
- - JDK-8265099: Revert backport to 11u of 8236859: WebSocket over authenticating proxy fails with NPE
- - JDK-8265154: vinserti128 operand mix up for KNL platforms
- - JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
- - JDK-8265417: Backport of JDK-8249672 breaks Solaris x86 build
- - JDK-8265421: java/lang/String/StringRepeat.java test is missing a memory requirement
- - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
- - JDK-8265537: x86 version string truncated after JDK-8249672 11u backport
- - JDK-8265666: Enable AIX build platform to make external debug symbols
- - JDK-8265677: CMS: CardTableBarrierSet::write_ref_array_work() lacks storestore barrier
- - JDK-8265690: Use the latest Ubuntu base image version in Docker testing
- - JDK-8265718: Build failure after JDK-8258414 11u backport
- - JDK-8265750: Fatal error in safepoint.cpp after backport of 8258414
- - JDK-8265784: [C2] Hoisting of DecodeN leaves MachTemp inputs behind
- - JDK-8265938: C2's conditional move optimization does not handle top Phi
- - JDK-8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified
- - JDK-8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
- - JDK-8266713: [AIX] Build failure after 11u backport of JDK-8247753
- - JDK-8266802: Shenandoah: Round up region size to page size unconditionally
- - JDK-8266892: avoid maybe-uninitialized gcc warnings on linux s390x
- - JDK-8266929: Unable to use algorithms from 3p providers
- - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
- - JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
- - JDK-8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u
- - JDK-8267641: [11u] 8227609 backport typo
- - JDK-8267721: Enable sun/security/pkcs11 tests for Amazon Linux 2 AArch64
- - JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8215293: Customizing PKCS12 keystore Generation
-===================================================
-New system and security properties have been added to enable users to
-customize the generation of PKCS #12 keystores. This includes
-algorithms and parameters for key protection, certificate protection,
-and MacData. The detailed explanation and possible values for these
-properties can be found in the "PKCS12 KeyStore properties" section of
-the `java.security` file.
-
-Also, support for the following SHA-2 based HmacPBE algorithms has
-been added to the SunJCE provider:
-
-* HmacPBESHA224
-* HmacPBESHA256
-* HmacPBESHA384
-* HmacPBESHA512
-* HmacPBESHA512/224
-* HmacPBESHA512/256
-
-JDK-8256902: Removed Root Certificates with 1024-bit Keys
-=========================================================
-The following root certificates with weak 1024-bit RSA public keys
-have been removed from the `cacerts` keystore:
-
-Alias Name: thawtepremiumserverca [jdk]
-Distinguished Name: EMAILADDRESS=premium-server(a)thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
-
-Alias Name: verisignclass2g2ca [jdk]
-Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
-
-Alias Name: verisignclass3ca [jdk]
-Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
-
-Alias Name: verisignclass3g2ca [jdk]
-Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
-
-Alias Name: verisigntsaca [jdk]
-Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
-
-JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
-=================================================================
-
-The following root certificate have been removed from the cacerts truststore:
-
-Alias Name: soneraclass2ca
-Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
-
-JDK-8242069: Upgraded the Default PKCS12 Encryption and MAC Algorithms
-======================================================================
-The default encryption and MAC algorithms used in a PKCS #12 keystore
-have been updated. The new algorithms are based on AES-256 and SHA-256
-and are stronger than the old algorithms that were based on RC2,
-DESede, and SHA-1. See the security properties starting with
-`keystore.pkcs12` in the `java.security` file for detailed
-information.
-
-For compatibility, a new system property named
-`keystore.pkcs12.legacy` is defined that will revert the algorithms to
-use the older, weaker algorithms. There is no value defined for this
-property.
-
-security-libs/javax.net.ssl:
-
-JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
-=========================================================================================
-Certain TLS ALPN values couldn't be properly read or written by the
-SunJSSE provider. This is due to the choice of Strings as the API
-interface and the undocumented internal use of the UTF-8 Character Set
-which converts characters larger than U+00007F (7-bit ASCII) into
-multi-byte arrays that may not be expected by a peer.
-
-ALPN values are now represented using the network byte representation
-expected by the peer, which should require no modification for
-standard 7-bit ASCII-based character Strings. However, SunJSSE now
-encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
-characters. This means applications that used characters above
-U+000007F that were previously encoded using UTF-8 may need to either
-be modified to perform the UTF-8 conversion, or set the Java security
-property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
-
-See the updated guide at
-https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
-for more information.
-
-JDK-8244460: Support for certificate_authorities Extension
-==========================================================
-The "certificate_authorities" extension is an optional extension
-introduced in TLS 1.3. It is used to indicate the certificate
-authorities (CAs) that an endpoint supports and should be used by the
-receiving endpoint to guide certificate selection.
-
-With this JDK release, the "certificate_authorities" extension is
-supported for TLS 1.3 in both the client and the server sides. This
-extension is always present for client certificate selection, while it
-is optional for server certificate selection.
-
-Applications can enable this extension for server certificate
-selection by setting the `jdk.tls.client.enableCAExtension` system
-property to `true`. The default value of the property is `false`.
-
-Note that if the client trusts more CAs than the size limit of the
-extension (less than 2^16 bytes), the extension is not enabled. Also,
-some server implementations do not allow handshake messages to exceed
-2^14 bytes. Consequently, there may be interoperability issues when
-`jdk.tls.client.enableCAExtension` is set to `true` and the client
-trusts more CAs than the server implementation limit.
-
-New in release OpenJDK 11.0.11 (2021-04-20):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11011
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt
-
-* Security fixes
- - JDK-8244473: Contextualize registration for JNDI
- - JDK-8244543: Enhanced handling of abstract classes
- - JDK-8249906, CVE-2021-2163: Enhance opening JARs
- - JDK-8250568, CVE-2021-2161: Less ambiguous processing
- - JDK-8253799: Make lists of normal filenames
- - JDK-8257001: Improve Http Client Support
-* Other changes
- - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
- - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
- - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
- - JDK-8168869: jdeps: localized messages don't use proper line breaks
- - JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID
- - JDK-8202343: Disable TLS 1.0 and 1.1
- - JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers
- - JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes
- - JDK-8210413: AArch64: Optimize div/rem by constant in C1
- - JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction
- - JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar
- - JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output
- - JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak
- - JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module
- - JDK-8212043: Add floating-point Math.min/max intrinsics
- - JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out
- - JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows
- - JDK-8213909: jdeps --print-module-deps should report missing dependences
- - JDK-8214180: Need better granularity for sleeping
- - JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file
- - JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable
- - JDK-8214741: docs/index.html has no title or copyright
- - JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043
- - JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails
- - JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown
- - JDK-8218550: Add test omitted from JDK-8212043
- - JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
- - JDK-8221995: AARCH64: problems with CAS instructions encoding
- - JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread
- - JDK-8222785: aarch64: add necessary masking for immediate shift counts
- - JDK-8223186: HotSpot compile warnings from GCC 9
- - JDK-8225773: jdeps --check produces NPE if there are missing module dependences
- - JDK-8225805: Java Access Bridge does not close the logger
- - JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props
- - JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line
- - JDK-8229474: Shenandoah: Cleanup CM::update_roots()
- - JDK-8232225: Rework the fix for JDK-8071483
- - JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant
- - JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain
- - JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system
- - JDK-8233912: aarch64: minor improvements of atomic operations
- - JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
- - JDK-8234742: Improve handshake logging
- - JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure
- - JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate
- - JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag
- - JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test
- - JDK-8237392: Shenandoah: Remove unreliable assertion
- - JDK-8237483: AArch64 C1 OopMap inserted twice fatal error
- - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
- - JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS)
- - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
- - JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent."
- - JDK-8240751: Shenandoah: fold ShenandoahTracer definition
- - JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found"
- - JDK-8241598: Upgrade JLine to 3.14.0
- - JDK-8241649: Optimize Character.toString
- - JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module
- - JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I
- - JDK-8242030: Wrong package declarations in jline classes after JDK-8241598
- - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
- - JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox
- - JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal
- - JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI
- - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
- - JDK-8244340: Handshake processing thread lacks yielding
- - JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file
- - JDK-8244683: A TSA server used by tests
- - JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant
- - JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused
- - JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent
- - JDK-8245512: CRC32 optimization using AVX512 instructions
- - JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos
- - JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel
- - JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683
- - JDK-8247200: assert((unsigned)fpargs < 32)
- - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn.
- - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
- - JDK-8248865: Document JNDI/LDAP timeout properties
- - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- - JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent
- - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
- - JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash
- - JDK-8249787: Make TestGCLocker more resilient with concurrent GCs
- - JDK-8249867: xml declaration is not followed by a newline
- - JDK-8250911: [windows] os::pd_map_memory() error detection broken
- - JDK-8251255: [linux] Add process-memory information to hs-err and VM.info
- - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
- - JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance
- - JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java
- - JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X
- - JDK-8253220: Epsilon: clean up unused code/declarations
- - JDK-8253274: The CycleDMImagetest brokes the system
- - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
- - JDK-8253368: TLS connection always receives close_notify exception
- - JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms
- - JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop()
- - JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
- - JDK-8253409: Double-rounding possibility in float fma
- - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
- - JDK-8253524: C2: Refactor code that clones predicates during loop unswitching
- - JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected
- - JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
- - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
- - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
- - JDK-8254104: MethodCounters must exist before nmethod is installed
- - JDK-8254734: "dead loop detected" assert failure with patch from 8223051
- - JDK-8254748: Bad Copyright header format after JDK-8212218
- - JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs
- - JDK-8255058: C1: assert(is_virtual()) failed: type check
- - JDK-8255351: Add detection for Graviton 2 CPUs
- - JDK-8255387: Japanese characters were printed upside down on AIX
- - JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity
- - JDK-8255544: Create a checked cast
- - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
- - JDK-8255681: print callstack in error case in runAWTLoopWithApp
- - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
- - JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls
- - JDK-8255845: Memory leak in imageFile.cpp
- - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
- - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
- - JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls
- - JDK-8256056: Deoptimization stub doesn't save vector registers on x86
- - JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers
- - JDK-8256187: [TEST_BUG] Automate bug4275046.java test
- - JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg
- - JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe
- - JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows
- - JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32
- - JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails
- - JDK-8256387: Unexpected result if patching an entire instruction on AArch64
- - JDK-8256421: Add 2 HARICA roots to cacerts truststore
- - JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory
- - JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners
- - JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2
- - JDK-8256633: Fix product build on Windows+Arm64
- - JDK-8256682: JDK-8202343 is incomplete
- - JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file
- - JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32
- - JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
- - JDK-8256807: C2: Not marking stores correctly as mismatched in string opts
- - JDK-8256810: Incremental rebuild broken on Macosx
- - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
- - JDK-8256888: Client manual test problem list update
- - JDK-8257083: Security infra test failures caused by JDK-8202343
- - JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11
- - JDK-8257423: [PPC64] Support -XX:-UseInlineCaches
- - JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on
- - JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset())
- - JDK-8257547: Handle multiple prereqs on the same line in deps files
- - JDK-8257561: Some code is not vectorized after 8251925 and 8250607
- - JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler
- - JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification
- - JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle
- - JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm
- - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
- - JDK-8257707: Fix incorrect format string in Http1HeaderParser
- - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
- - JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset()
- - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
- - JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime.
- - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
- - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
- - JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234
- - JDK-8258247: Couple of issues in fix for JDK-8249906
- - JDK-8258373: Update the text handling in the JPasswordField
- - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
- - JDK-8258419: RSA cipher buffer cleanup
- - JDK-8258471: "search codecache" clhsdb command does not work
- - JDK-8258534: Epsilon: clean up unused includes
- - JDK-8258805: Japanese characters not entered by mouse click on Windows 10
- - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
- - JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo
- - JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test
- - JDK-8259007: This test printed a blank page
- - JDK-8259049: Uninitialized variable after JDK-8257513
- - JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false
- - JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- - JDK-8259231: Epsilon: improve performance under contention during virtual space expansion
- - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
- - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days
- - JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
- - JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input
- - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
- - JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty
- - JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags
- - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
- - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543
- - JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value
- - JDK-8259707: LDAP channel binding does not work with StartTLS extension
- - JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction
- - JDK-8259849: Shenandoah: Rename store-val to IU-barrier
- - JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
- - JDK-8260029: aarch64: fix typo in verify_oop_array
- - JDK-8260308: Update LogCompilation junit to 4.13.1
- - JDK-8260338: Some fields in HaltNode is not cloned
- - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
- - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
- - JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive
- - JDK-8260497: Shenandoah: Improve SATB flushing
- - JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
- - JDK-8260632: Build failures after JDK-8253353
- - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
- - JDK-8261022: Fix incorrect result of Math.abs() with char type
- - JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x
- - JDK-8261183: Follow on to Make lists of normal filenames
- - JDK-8261209: isStandalone property: remove dependency on pretty-print
- - JDK-8261231: Windows IME was disabled after DnD operation
- - JDK-8261251: Shenandoah: Use object size for full GC humongous compaction
- - JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined
- - JDK-8261334: NMT: tuning statistic shows incorrect hash distribution
- - JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
- - JDK-8261522: [PPC64] AES intrinsics write beyond the destination array
- - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined
- - JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap
- - JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702
- - JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u
- - JDK-8261912: Code IfNode::fold_compares_helper more defensively
- - JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales
- - JDK-8262018: Wrong format in SAP copyright header of OsVersionTest
- - JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator
-
-Notes on individual issues:
-===========================
-
-core-libs/javax.naming:
-
-JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos
-===============================================================
-A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has
-been added to enable TLS Channel Binding data in LDAP authentication
-over SSL/TLS protocol to the Windows AD server. The only valid value
-at present is "tls-server-end-point", where channel binding data is
-created on the base of the TLS server certificate. See RFC-5929 [0]
-and the module description of the `java.naming` module for further
-details.
-
-[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt
-
-security-libs/java.security:
-
-JDK-8260597: Added 2 HARICA Root CA Certificates
-================================================
-The following root certificates have been added to the cacerts truststore:
-
-Alias Name: haricarootca2015
-Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
-
-Alias Name: haricaeccrootca2015
-Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
-
-security-libs/javax.net.ssl:
-
-JDK-8256490: Disable TLS 1.0 and 1.1
-====================================
-TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
-considered secure and have been superseded by more secure and modern
-versions (TLS 1.2 and 1.3).
-
-These versions have now been disabled by default. If you encounter
-issues, you can, at your own risk, re-enable the versions by removing
-"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
-security property in the `java.security` configuration file.
-
-tools:
-
-JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies
-======================================================================
-`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps`
-options have been enhanced as follows.
-
-1. By default, they perform transitive module dependence analysis on
-libraries on the class path and module path, both directly and
-indirectly, as required by the given input JAR files or
-classes. Previously, they only reported the modules required by the
-given input JAR files or classes. The `--no-recursive` option can be
-used to request non-transitive dependence analysis.
-
-2. By default, they flag any missing dependency, i.e. not found from
-class path and module path, as an error. The `--ignore-missing-deps`
-option can be used to suppress missing dependence errors. Note that a
-custom image is created with the list of modules output by jdeps when
-using the `--ignore-missing-deps` option for a non-modular
-application. Such an application, running on the custom image, might
-fail at runtime when missing dependence errors are suppressed.
-
-xml/jaxp:
-
-JDK-8249867 XML declaration is not followed by a newline
-========================================================
-
-The DOM Load and Save `LSSerializer` does not have an explicit control
-for whether or not the XML Declaration ends with a newline. In this
-release, a JDK implementation specific property
-`http://www.oracle.com/xml/jaxp/properties/isStandalone` and
-corresponding System property `jdk.xml.isStandalone` are added to
-control the addition of a newline and act independently without
-having to set the pretty-print property. This property can be used to
-reverse the incompatible change introduced in Java SE 7 Update 4 with
-an update of Xalan 2.7.1 where a newline is omitted when pretty-print
-is required.
-
-For details, please refer to the bug report and the java.xml module-summary.
-
-Usage:
-
-// to set the property, get an instance of LSSerializer and set it along with pretty-print
-LSSerializer ser = impl.createLSSerializer();
-ser.getDomConfig().setParameter("format-pretty-print", true);
-ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true);
-
-// to use the System property, set it before initializing a LSSerializer
-System.setProperty("jdk.xml.isStandalone", “true”);
-
-// to clear the property, place the line anywhere after the LSSerializer is initialized
-System.clearProperty("jdk.xml.isStandalone");
-
-New in release OpenJDK 11.0.10 (2021-01-19):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11010
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.10.txt
-
-* Security fixes
- - JDK-8247619: Improve Direct Buffering of Characters
-* Other changes
- - JDK-6722928: Support SSPI as a native GSS-API provider
- - JDK-7185258: [macosx] Deadlock in SunToolKit.realSync()
- - JDK-8152332: [macosx] JFileChooser cannot be serialized on Mac OS X
- - JDK-8161684: [testconf] Add VerifyOops' testing into compiler tiers
- - JDK-8171279: Support X25519 and X448 in TLS
- - JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load
- - JDK-8173658: JvmtiExport::post_class_unload() is broken for non-JavaThread initiators
- - JDK-8191006: hsdis disassembler plugin does not compile with binutils 2.29+
- - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
- - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
- - JDK-8200151: Add 8 JNDI tests to com/sun/jndi/dns/ConfigTests/
- - JDK-8208279: Add 8 JNDI tests to com/sun/jndi/dns/EnvTests/
- - JDK-8208483: Add 5 JNDI tests to com/sun/jndi/dns/FactoryTests/
- - JDK-8208542: Add 4 JNDI tests to com/sun/jndi/dns/ListTests/
- - JDK-8208665: Amend cross-compilation docs with qemu-debootstrap recipe
- - JDK-8210088: ProblemList gc/epsilon/TestMemoryMXBeans.java
- - JDK-8210339: Add 10 JNDI tests to com/sun/jndi/dns/FedTests/
- - JDK-8211450: UndetVar::dup is not copying the kind field to the duplicated instance
- - JDK-8212160: JVMTI agent crashes with "assert(_value != 0LL) failed: resolving NULL _value"
- - JDK-8212226: SurfaceManager throws "Invalid Image variant" for MultiResolutionImage (Windows)
- - JDK-8213400: Support choosing group name in keytool keypair generation
- - JDK-8213535: Windows HiDPI html lightweight tooltips are truncated
- - JDK-8213698: Improve devkit creation and add support for linux/ppc64/ppc64le/s390x
- - JDK-8214025: assert(t->singleton()) failed: must be a constant when ScavengeRootsInCode < 2
- - JDK-8214242: compiler/arguments/TestScavengeRootsInCode.java fails because of missing UnlockDiagnosticVMOptions
- - JDK-8214787: Zero builds fail with "undefined JavaThread::thread_state()"
- - JDK-8215583: Exclude runtime/handshake/HandshakeWalkSuspendExitTest.java
- - JDK-8216012: Infinite loop in RSA KeyPairGenerator
- - JDK-8216324: GetClassMethods is confused by the presence of default methods in super interfaces
- - JDK-8217429: WebSocket over authenticating proxy fails to send Upgrade headers
- - JDK-8217976: test/jdk/java/net/httpclient/websocket/WebSocketProxyTest.java fails intermittently
- - JDK-8218021: Have jarsigner preserve posix permission attributes
- - JDK-8218287: jshell tool: input behavior unstable after 12-ea+24 on Windows
- - JDK-8218851: JVM crash in custom classloader stress test, JDK 12 & 13
- - JDK-8220420: Cleanup c1_LinearScan
- - JDK-8222072: JVMTI GenerateEvents() sends CompiledMethodLoad events to wrong jvmtiEnv
- - JDK-8222286: Fix for JDK-8213419 is broken on s390
- - JDK-8222527: HttpClient doesn't send HOST header when tunelling HTTP/1.1 through http proxy
- - JDK-8222533: jtreg test jdk/internal/platform/cgroup/TestCgroupMetrics.java fails on SLES12.3 linux ppc64le machine
- - JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137
- - JDK-8224555: vmTestbase/nsk/jvmti/scenarios/contention/TC02/tc02t001/TestDescription.java failed
- - JDK-8224650: Add tests to support X25519 and X448 in TLS
- - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
- - JDK-8225329: -XX:+PrintBiasedLockingStatistics causes crash during initialization on Windows platforms
- - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
- - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
- - JDK-8227275: Within native OOM error handling, assertions may hang the process
- - JDK-8227647: [Graal] Test8009761.java fails due to "RuntimeException: static java.lang.Object compiler.uncommontrap.Test8009761.m3(boolean,boolean) not compiled"
- - JDK-8229495: SIGILL in C2 generated OSR compilation
- - JDK-8230910: libsspi_bridge does not build on Windows 32bit
- - JDK-8232114: JVM crashed at imjpapi.dll in native code
- - JDK-8234147: Avoid looking up standard charsets in core libraries
- - JDK-8234393: [macos] printing ignores printer tray
- - JDK-8234863: Increase default value of MaxInlineLevel
- - JDK-8235218: Minimal VM is broken after JDK-8173361
- - JDK-8235456: Minimal VM is broken after JDK-8212160
- - JDK-8235829: graal crashes with Zombie.java test
- - JDK-8236124: Minimal VM slowdebug build failed after JDK-8212160
- - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
- - JDK-8236944: The legVecZ operand should be limited to zmm0-zmm15 registers
- - JDK-8237186: Fix typo in copyright header of java/io/Reader/TransferTo.java
- - JDK-8237499: JFR: Include stack trace in the ThreadStart event
- - JDK-8237512: AArch64: aarch64TestHook leaks a BufferBlob
- - JDK-8237524: AArch64: String.compareTo() may return incorrect result
- - JDK-8237950: C2 compilation fails with "Live Node limit exceeded limit" during ConvI2L::Ideal optimization
- - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
- - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
- - JDK-8239477: jdk/jfr/jcmd/TestJcmdStartStopDefault.java fails -XX:+VerifyOops with "verify_oop: rsi: broken oop"
- - JDK-8239497: SEGV in EdgeUtils::field_name_symbol(Edge const&)
- - JDK-8239886: Minimal VM build fails after JDK-8237499
- - JDK-8240633: Memory leaks in the implementations of FileChooserUI
- - JDK-8240690: Race condition between EDT and BasicDirectoryModel.FilesLoader.run0()
- - JDK-8241234: Unify monitor enter/exit runtime entries.
- - JDK-8241311: Move some charset mapping tests from closed to open
- - JDK-8241797: Add some tests to the problem list
- - JDK-8242029: AArch64: skip G1 array copy pre-barrier if marking not active
- - JDK-8242335: Additional Tests for RSASSA-PSS
- - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
- - JDK-8242614: cleanup duplicated test ldap server in some com/sun/jndi/ldap/ tests
- - JDK-8242846: Bring back test/jdk/tools/jlink/plugins/OrderResourcesPluginTest.java
- - JDK-8243114: Implement montgomery{Multiply,Square}intrinsics on Windows
- - JDK-8243290: Improve diagnostic messages for class verification and redefinition failures
- - JDK-8243488: Add tests for set/get SendBufferSize and getReceiveBufferSize in DatagramSocket
- - JDK-8243549: sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java failed with Unsupported signature algorithm: DSA
- - JDK-8243617: compiler/onSpinWait/TestOnSpinWaitC1.java test uses wrong class
- - JDK-8243619: compiler/codecache/CheckSegmentedCodeCache.java test misses -version
- - JDK-8244142: some hotspot/runtime tests don't check exit code of forked JVM
- - JDK-8244278: Excessive code cache flushes and sweeps
- - JDK-8244282: test/hotspot/jtreg/compiler/intrinsics/Test8237524.java fails with --illegal-access=deny
- - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
- - JDK-8244819: hsdis does not compile with binutils 2.34+
- - JDK-8245051: c1 is broken if it is compiled by gcc without -fno-lifetime-dse
- - JDK-8245168: jlink should not be treated as a "small" tool
- - JDK-8245400: Upgrade to LittleCMS 2.11
- - JDK-8246381: VM crashes with "Current BasicObjectLock* below than low_mark"
- - JDK-8246434: Threads::print_on_error assumes that the heap has been set up
- - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
- - JDK-8247201: Print potential pointer value of readable stack memory in hs_err file
- - JDK-8247763: assert(outer->outcnt() == 2) failed: 'only phis' failure in LoopNode::verify_strip_mined()
- - JDK-8247867: Upgrade to freetype 2.10.2
- - JDK-8248190: Enable Power10 system and implement new byte-reverse instructions
- - JDK-8248226: TestCloneAccessStressGCM fails with -XX:-ReduceBulkZeroing
- - JDK-8248347: windows build broken by JDK-8243114
- - JDK-8248532: Every time I change keyboard language at my MacBook, Java crashes
- - JDK-8248552: C2 crashes with SIGFPE due to division by zero
- - JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled
- - JDK-8248745: Add jarsigner and keytool tests for restricted algorithms
- - JDK-8248791: sun/util/resources/cldr/TimeZoneNamesTest.java fails with -XX:-ReduceInitialCardMarks -XX:-ReduceBulkZeroing
- - JDK-8248845: AArch64: stack corruption after spilling vector register
- - JDK-8249176: Update GlobalSignR6CA test certificates
- - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
- - JDK-8249192: MonitorInfo stores raw oops across safepoints
- - JDK-8249602: C2: assert(cnt == _outcnt) failed: no insertions allowed
- - JDK-8249603: C1: assert(has_error == false) failed: register allocation invalid
- - JDK-8249605: C2: assert(no_dead_loop) failed: dead loop detected
- - JDK-8249607: C2: assert(!had_error) failed: bad dominance
- - JDK-8249608: Vector register used by C2 compiled method corrupted at safepoint
- - JDK-8249672: Include microcode revision in features_string on x86
- - JDK-8249748: gtest silently ignores bad jvm arguments
- - JDK-8249821: Separate libharfbuzz from libfontmanager
- - JDK-8250598: Hyper-V is detected in spite of running on host OS
- - JDK-8250605: Linux x86_32 builds fail after JDK-8249821
- - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
- - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
- - JDK-8250772: Test com/sun/jndi/ldap/NamingExceptionMessageTest.java fails intermittently with javax.naming.ServiceUnavailableException
- - JDK-8250825: C2 crashes with assert(field != __null) failed: missing field
- - JDK-8250894: Provide a configure option to build and run against the platform libharfbuzz
- - JDK-8250928: JFR: Improve hash algorithm for stack traces
- - JDK-8250968: Symlinks attributes not preserved when using jarsigner on zip files
- - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
- - JDK-8251118: BiasedLocking::preserve_marks should not have a HandleMark
- - JDK-8251189: com/sun/jndi/ldap/LdapDnsProviderTest.java failed due to timeout
- - JDK-8251257: NMT: jcmd VM.native_memory scale=1 crashes target VM
- - JDK-8251365: Build failure on AIX after 8250636
- - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
- - JDK-8251456: [TESTBUG] compiler/vectorization/TestVectorsNotSavedAtSafepoint.java failed OutOfMemoryError
- - JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed"
- - JDK-8251535: Partial peeling at unsigned test adds incorrect loop exit check
- - JDK-8251949: ZGC: Set explicit heap size for compiler/gcbarriers tests
- - JDK-8252090: JFR: StreamWriterHost::write_unbuffered() stucks in an infinite loop OpenJDK (build 13.0.1+9)
- - JDK-8252415: Bump update version for OpenJDK: jdk-11.0.10
- - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
- - JDK-8252497: Incorrect numeric currency code for ROL
- - JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option
- - JDK-8252679: Two windows specific FileDIalog tests may fail on some Windows_Server_2016_Standard
- - JDK-8252696: Loop unswitching may cause out of bound array load to be executed
- - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
- - JDK-8253219: Epsilon: clean up unnecessary includes
- - JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
- - JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify
- - JDK-8253269: The CheckCommonColors test should provide more info on failure
- - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
- - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
- - JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
- - JDK-8253791: Issue with useAppleColor check in CSystemColors.m
- - JDK-8254016: Test8237524 fails with -XX:-CompactStrings option
- - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
- - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
- - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
- - JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
- - JDK-8254185: Fix Code cache sweeper heuristics for JDK 11
- - JDK-8254190: [s390] interpreter misses exception check after calling monitorenter
- - JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics
- - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
- - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
- - JDK-8255050: Add pkcs11/KeyStore/ClientAuth.sh to Problem list
- - JDK-8255065: Zero: accessor_entry misses the IRIW case
- - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
- - JDK-8255269: Unsigned overflow in g1Policy.cpp
- - JDK-8255365: Problem list failing client manual tests
- - JDK-8255457: Shenandoah: cleanup ShenandoahMarkTask
- - JDK-8255466: C2 crashes at ciObject::get_oop() const+0x0
- - JDK-8255550: x86: Assembler::cmpq(Address dst, Register src) encoding is incorrect
- - JDK-8255603: Memory/Performance regression after JDK-8210985
- - JDK-8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
- - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
- - JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX
- - JDK-8256452: Integrate missing part of JDK-8232370 to 11u
- - JDK-8256483: [TESTBUG] serviceability/jvmti/GetClassMethods/libOverpassMethods.c fails to compile on gcc 4.4.x
- - JDK-8256557: libharfbuzz fails to link on gcc 4.4.x due to -Wl,-z,defs
- - JDK-8256618: Zero: Linux x86_32 build still fails
- - JDK-8256736: Zero: GTest tests fail with "unsuppported vm variant"
- - JDK-8256809: Annotation processing causes NPE during flow analysis
- - JDK-8257181: s390x builds are very noisy with gc-sections messages
- - JDK-8257242: [macOS] Java app crashes while switching input methods
- - JDK-8257545: SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport
- - JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
- - JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays
- - JDK-8258630: Add expiry exception for QuoVadis root certificate
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8213821: -groupname Option Added to keytool Key Pair Generation
-===================================================================
-A new `-groupname` option has been added to `keytool -genkeypair` so
-that a user can specify a named group when generating a key pair. For
-example, `keytool -genkeypair -keyalg EC -groupname secp384r1` will
-generate an EC key pair by using the `secp384r1` curve. Because there
-might be multiple curves with the same size, using the `-groupname`
-option is preferred over the `-keysize` option.
-
-JDK-8248263: jarsigner Preserves POSIX File Permission and symlink Attributes
-=============================================================================
-When signing a file that contains POSIX file permission or symlink
-attributes, `jarsigner` now preserves these attributes in the newly
-signed file but warns that these attributes are unsigned and not
-protected by the signature. The same warning is printed during the
-`jarsigner -verify` operation for such files.
-
-Note that the `jar` tool does not read/write these attributes. This
-change is more visible to tools like `unzip` where these attributes
-are preserved.
-
-security-libs/javax.net.ssl:
-
-JDK-8225764: Support for X25519 and X448 in TLS
-================================================
-
-The named elliptic curve groups `x25519` and `x448` are now available
-for JSSE key agreement in TLS versions 1.0 to 1.3, with `x25519` being
-the most preferred of the default enabled named groups. The default
-ordered list is now:
-
-* x25519
-* secp256r1
-* secp384r1
-* secp521r1
-* x448
-* secp256k1
-* ffdhe2048
-* ffdhe3072
-* ffdhe4096
-* ffdhe6144
-* ffdhe8192
-
-The default list can be overridden using the system property *`jdk.tls.namedGroups`*.
-
-security-libs/org.ietf.jgss:
-
-JDK-8214079: Added a Default Native GSS-API Library on Windows
-==============================================================
-A native GSS-API library has been added to JDK on the Windows
-platform. The library is client-side only and uses the default
-credentials. It will be loaded when the `sun.security.jgss.native`
-system property is set to "true". A user can still load a third-party
-native GSS-API library by setting the system property
-`sun.security.jgss.lib` to its path.
-
-New in release OpenJDK 11.0.9.1 (2020-10-20):
-=============================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk11091
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.1.txt
-
-* Regression fixes
- - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
-
-New in release OpenJDK 11.0.9 (2020-10-20):
-===========================================
-Live versions of these release notes can be found at:
- * https://bitly.com/openjdk1109
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt
-
-* Security fixes
- - JDK-8233624: Enhance JNI linkage
- - JDK-8236196: Improve string pooling
- - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
- - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
- - JDK-8237995, CVE-2020-14782: Enhance certificate processing
- - JDK-8240124: Better VM Interning
- - JDK-8241114, CVE-2020-14792: Better range handling
- - JDK-8242680, CVE-2020-14796: Improved URI Support
- - JDK-8242685, CVE-2020-14797: Better Path Validation
- - JDK-8242695, CVE-2020-14798: Enhanced buffer support
- - JDK-8243302: Advanced class supports
- - JDK-8244136, CVE-2020-14803: Improved Buffer supports
- - JDK-8244479: Further constrain certificates
- - JDK-8244955: Additional Fix for JDK-8240124
- - JDK-8245407: Enhance zoning of times
- - JDK-8245412: Better class definitions
- - JDK-8245417: Improve certificate chain handling
- - JDK-8248574: Improve jpeg processing
- - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
- - JDK-8253019: Enhanced JPEG decoding
-* Other changes
- - JDK-6532025: GIF reader throws misleading exception with truncated images
- - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
- - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
- - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
- - JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed
- - JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/CloseServerSocket.java fails intermittently with Address already in use
- - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
- - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
- - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
- - JDK-8193367: Annotated type variable bounds crash javac
- - JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset
- - JDK-8203026: java.rmi.NoSuchObjectException: no such object in table
- - JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called
- - JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass
- - JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout
- - JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java
- - JDK-8204963: javax.swing.border.TitledBorder has a memory leak
- - JDK-8204994: SA might fail to attach to process with "Windbg Error: WaitForEvent failed"
- - JDK-8205534: Remove SymbolTable dependency from serviceability agent
- - JDK-8206309: Tier1 SA tests fail
- - JDK-8208281: java/nio/channels/AsynchronousSocketChannel/Basic.java timed out
- - JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1
- - JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect
- - JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!
- - JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful
- - JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout
- - JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2
- - JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC
- - JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java
- - JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code
- - JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3
- - JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack
- - JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests
- - JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds
- - JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout
- - JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4
- - JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject
- - JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test
- - JDK-8211694: JShell: Redeclared variable should be reset
- - JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent
- - JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest
- - JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55
- - JDK-8212807: tools/jar/multiRelease/Basic.java times out
- - JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)
- - JDK-8213214: Set -Djava.io.tmpdir= when running tests
- - JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found
- - JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes
- - JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface
- - JDK-8214074: Ghash optimization using AVX instructions
- - JDK-8214491: Upgrade to JLine 3.9.0
- - JDK-8214797: TestJmapCoreMetaspace.java timed out
- - JDK-8215243: JShell tests failing intermitently with \"Problem cleaning up the following threads:\"
- - JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed
- - JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)
- - JDK-8215438: jshell tool: Ctrl-D causes EOF
- - JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows
- - JDK-8216974: HttpConnection not returned to the pool after 204 response
- - JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time
- - JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs
- - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
- - JDK-8221658: aarch64: add necessary predicate for ubfx patterns
- - JDK-8221759: Crash when completing \"java.io.File.path\"
- - JDK-8221918: runtime/SharedArchiveFile/serviceability/ReplaceCriticalClasses.java fails: Shared archive not found
- - JDK-8222074: Enhance auto vectorization for x86
- - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
- - JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command
- - JDK-8223688: JShell: crash on the instantiation of raw anonymous class
- - JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error
- - JDK-8223940: Private key not supported by chosen signature algorithm
- - JDK-8224184: jshell got IOException at exiting with AIX
- - JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc
- - JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException
- - JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions
- - JDK-8226536: Catch OOM from deopt that fails rematerializing objects
- - JDK-8226575: OperatingSystemMXBean should be made container aware
- - JDK-8226697: Several tests which need the @key headful keyword are missing it.
- - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
- - JDK-8227059: sun/security/tools/keytool/DefaultSignatureAlgorithm.java timed out
- - JDK-8227269: Slow class loading when running with JDWP
- - JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to "exitValue = 6"
- - JDK-8228448: Jconsole can't connect to itself
- - JDK-8228967: Trust/Key store and SSL context utilities for tests
- - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
- - JDK-8229815: Upgrade Jline to 3.12.1
- - JDK-8230000: some httpclients testng tests run zero test
- - JDK-8230002: javax/xml/jaxp/unittest/transform/SecureProcessingTest.java runs zero test
- - JDK-8230010: Remove jdk8037819/BasicTest1.java
- - JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter
- - JDK-8230402: Allocation of compile task fails with assert: "Leaking compilation tasks?"
- - JDK-8230767: FlightRecorderListener returns null recording
- - JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java
- - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
- - JDK-8231586: enlarge encoding space for OopMapValue offsets
- - JDK-8231953: Wrong assumption in assertion in oop::register_oop
- - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
- - JDK-8232083: Minimal VM is broken after JDK-8231586
- - JDK-8232161: Align some one-way conversion in MS950 charset with Windows
- - JDK-8232855: jshell missing word in /help help
- - JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration
- - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
- - JDK-8233386: Initialize NULL fields for unused decorations
- - JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result
- - JDK-8233686: XML transformer uses excessive amount of memory
- - JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions
- - JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment
- - JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose
- - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
- - JDK-8234058: runtime/CompressedOops/CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr
- - JDK-8234149: Several regression tests do not dispose Frame at end
- - JDK-8234347: "Turkey" meta time zone does not generate composed localized names
- - JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/bug6980209.java fails in linux nightly
- - JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC
- - JDK-8234541: C1 emits an empty message when it inlines successfully
- - JDK-8234687: change javap reporting on unknown attributes
- - JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11
- - JDK-8236548: Localized time zone name inconsistency between English and other locales
- - JDK-8236617: jtreg test containers/docker/TestMemoryAwareness.java fails after 8226575
- - JDK-8237182: Update copyright header for shenandoah and epsilon files
- - JDK-8237888: security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval
- - JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java
- - JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response
- - JDK-8238284: [macos] Zero VM build fails due to an obvious typo
- - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
- - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
- - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
- - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
- - JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code
- - JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), "should be non-static concrete method");
- - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
- - JDK-8240169: javadoc fails to link to non-modular api docs
- - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
- - JDK-8240360: NativeLibraryEvent has wrong library name on Linux
- - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
- - JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support
- - JDK-8241065: Shenandoah: remove leftover code after JDK-8231086
- - JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows
- - JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException
- - JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector
- - JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark
- - JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME
- - JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure
- - JDK-8241750: x86_32 build failure after JDK-8227269
- - JDK-8242184: CRL generation error with RSASSA-PSS
- - JDK-8242283: Can't start JVM when java home path includes non-ASCII character
- - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
- - JDK-8243029: Rewrite javax/net/ssl/compatibility/Compatibility.java with a flexible interop test framework
- - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
- - JDK-8243320: Add SSL root certificates to Oracle Root CA program
- - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
- - JDK-8243389: enhance os::pd_print_cpu_info on linux
- - JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment
- - JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp
- - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
- - JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)
- - JDK-8244087: 2020-04-24 public suffix list update
- - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
- - JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base
- - JDK-8244196: adjust output in os_linux
- - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
- - JDK-8244287: JFR: Methods samples have line number 0
- - JDK-8244703: "platform encoding not initialized" exceptions with debugger, JNI
- - JDK-8244719: CTW: C2 compilation fails with "assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it"
- - JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb
- - JDK-8244763: Update --release 8 symbol information after JSR 337 MR3
- - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
- - JDK-8245151: jarsigner should not raise duplicate warnings on verification
- - JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9
- - JDK-8245714: "Bad graph detected in build_loop_late" when loads are pinned on loop limit check uncommon branch
- - JDK-8245801: StressRecompilation triggers assert "redundunt OSR recompilation detected. memory leak in CodeCache!"
- - JDK-8245832: JDK build make-static-libs should build all JDK libraries
- - JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan
- - JDK-8245981: Upgrade to jQuery 3.5.1
- - JDK-8246027: Minimal fastdebug build broken after JDK-8245801
- - JDK-8246094: [macos] Sound Recording and playback is not working
- - JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode
- - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
- - JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError
- - JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN
- - JDK-8246330: Add TLS Tests for Legacy ECDSA curves
- - JDK-8246453: TestClone crashes with "all collected exceptions must come from the same place"
- - JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods
- - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
- - JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code
- - JDK-8247615: Initialize the bytes left for the heap sampler
- - JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand
- - JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'
- - JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg
- - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
- - JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield
- - JDK-8248348: Regression caused by the update to BCEL 6.0
- - JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1
- - JDK-8248495: [macos] zerovm is broken due to libffi headers location
- - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
- - JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows
- - JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650
- - JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows.
- - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
- - JDK-8249255: Build fails if source code in cygwin home dir
- - JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11
- - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
- - JDK-8249560: Shenandoah: Fix racy GC request handling
- - JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle
- - JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases
- - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
- - JDK-8250609: C2 crash in IfNode::fold_compares
- - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
- - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
- - JDK-8250787: Provider.put no longer registering aliases in FIPS env
- - JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM
- - JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk
- - JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds
- - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
- - JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure
- - JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
- - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
- - JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase
- - JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured"
- - JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility
- - JDK-8252258: [11u] JDK-8242154 changes the default vendor
- - JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011
- - JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11
- - JDK-8253283: [11u] Test build/translations/VerifyTranslations.java failing after JDK-8252258
- - JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes
-
-Notes on individual issues:
-===========================
-
-core-libs/java.nio.charsets:
-
-JDK-8240196: Modified the MS950 charset Encoder's Conversion Table
-==================================================================
-In this release, some of the one-way byte-to-char mappings have been
-aligned with the preferred mappings provided by the Unicode Consortium
-(https://unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WindowsBestFit/bestfit950.txt).
-
-core-libs/java.util:i18n:
-
-JDK-8238914: Localized Time Zone Name Inconsistency Between English and Other Locales
-=====================================================================================
-English time zone names provided by the CLDR locale provider are now
-correctly synthesized following the CLDR spec, rather than substituted
-from the COMPAT provider. For example, SHORT style names are no longer
-synthesized abbreviations of LONG style names, but instead produce GMT
-offset formats.
-
-core-svc/java.lang.management:
-
-JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
-============================================================================================
-When executing in a container, or other virtualized operating
-environment, the following `OperatingSystemMXBean` methods in this
-release return container specific information, if
-available. Otherwise, they return host specific data:
-
-* getFreePhysicalMemorySize()
-* getTotalPhysicalMemorySize()
-* getFreeSwapSpaceSize()
-* getTotalSwapSpaceSize()
-* getSystemCpuLoad()
-
-security-libs/java.security:
-
-JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
-========================================================================
-The Entrust root certificate has been added to the cacerts truststore:
-
-Alias Name: entrustrootcag4
-Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
-
-JDK-8250860: Added 3 SSL Corporation Root CA Certificates
-=========================================================
-The following root certificates have been added to the cacerts truststore for the SSL Corporation:
-
-Alias Name: sslrootrsaca
-Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-Alias Name: sslrootevrsaca
-Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-Alias Name: sslrooteccca
-Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
-
-JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
-===================================================================================
-Weak named curves are disabled by default by adding them to the
-following `disabledAlgorithms` security properties:
-
-* jdk.tls.disabledAlgorithms
-* jdk.certpath.disabledAlgorithms
-* jdk.jar.disabledAlgorithms
-
-Red Hat has always disabled many of the curves provided by upstream,
-so the only addition in this release is:
-
-* secp256k1
-
-The curves that remain enabled are:
-
-* secp256r1
-* secp384r1
-* secp521r1
-* X25519
-* X448
-
-When large numbers of weak named curves need to be disabled, adding
-individual named curves to each `disabledAlgorithms` property would be
-overwhelming. To relieve this, a new security property,
-`jdk.disabled.namedCurves`, is implemented that can list the named
-curves common to all of the `disabledAlgorithms` properties. To use
-the new property in the `disabledAlgorithms` properties, precede the
-full property name with the keyword `include`. Users can still add
-individual named curves to `disabledAlgorithms` properties separate
-from this new property. No other properties can be included in the
-`disabledAlgorithms` properties.
-
-To restore the named curves, remove the `include
-jdk.disabled.namedCurves` either from specific or from all
-`disabledAlgorithms` security properties. To restore one or more
-curves, remove the specific named curve(s) from the
-`jdk.disabled.namedCurves` property.
-
-JDK-8244286: Tools Warn If Weak Algorithms Are Used Before Restricting Them
-===========================================================================
-The `keytool` and `jarsigner` tools have been updated to warn users
-about weak cryptographic algorithms being used before they are
-disabled. In this release, the tools issue warnings for the SHA-1 hash
-algorithm and 1024-bit RSA/DSA keys.
-
-security-libs/javax.net.ssl:
-
-JDK-8242147: New System Properties to Configure the TLS Signature Schemes
-=========================================================================
-Two new system properties have been added to customize the TLS
-signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
-added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
-has been added for the server side.
-
-Each system property contains a comma-separated list of supported
-signature scheme names specifying the signature schemes that could be
-used for the TLS connections.
-
-The names are described in the "Signature Schemes" section of the
-*Java Security Standard Algorithm Names Specification*.
-
-security-libs/javax.security:
-
-JDK-8242059: Support for canonicalize in krb5.conf
-==================================================
-
-The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
-the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
-canonicalization is requested by clients in TGT requests to KDC
-services (AS protocol). Otherwise, and by default, it is not
-requested.
-
-The new default behavior is different from previous releases where
-name canonicalization was always requested by clients in TGT requests
-to KDC services (provided that support for RFC 6806[1] was not
-explicitly disabled with the *sun.security.krb5.disableReferrals*
-system or security properties).
-
-[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
-[1]: https://tools.ietf.org/html/rfc6806
-
-JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
-====================================================================
-Following JDK's update to tzdata2020b, the long-obsolete files
-pacificnew and systemv have been removed. As a result, the
-"US/Pacific-New" zone name declared in the pacificnew data file is no
-longer available for use.
-
-Information regarding the update can be viewed at
-https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
-
-New in release OpenJDK 11.0.8 (2020-07-14):
-===========================================
-Live versions of these release notes can be found at:
- * https://bitly.com/oj1108
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.8.txt
-
-* Security fixes
- - JDK-8230613: Better ASCII conversions
- - JDK-8231800: Better listing of arrays
- - JDK-8232014: Expand DTD support
- - JDK-8233234: Better Zip Naming
- - JDK-8233239, CVE-2020-14562: Enhance TIFF support
- - JDK-8233255: Better Swing Buttons
- - JDK-8234032: Improve basic calendar services
- - JDK-8234042: Better factory production of certificates
- - JDK-8234418: Better parsing with CertificateFactory
- - JDK-8234836: Improve serialization handling
- - JDK-8236191: Enhance OID processing
- - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling
- - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
- - JDK-8237592, CVE-2020-14577: Enhance certificate verification
- - JDK-8238002, CVE-2020-14581: Better matrix operations
- - JDK-8238013: Enhance String writing
- - JDK-8238804: Enhance key handling process
- - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
- - JDK-8238843: Enhanced font handing
- - JDK-8238920, CVE-2020-14583: Better Buffer support
- - JDK-8238925: Enhance WAV file playback
- - JDK-8240119, CVE-2020-14593: Less Affine Transformations
- - JDK-8240482: Improved WAV file playback
- - JDK-8241379: Update JCEKS support
- - JDK-8241522: Manifest improved jar headers redux
- - JDK-8242136, CVE-2020-14621: Better XML namespace handling
-* Other changes
- - JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created
- - JDK-7124307: JSpinner and changing value by mouse
- - JDK-8022574: remove HaltNode code after uncommon trap calls
- - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
- - JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown
- - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
- - JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo
- - JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly
- - JDK-8080353: JShell: Better error message on attempting to add default method
- - JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled
- - JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot
- - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
- - JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily
- - JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping
- - JDK-8175984: ICC_Profile has un-needed, not-empty finalize method
- - JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments
- - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
- - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
- - JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently
- - JDK-8191930: [Graal] emits unparseable XML into compile log
- - JDK-8193879: Java debugger hangs on method invocation
- - JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows
- - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
- - JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows
- - JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/WrongParentAfterRemoveMenu.java debug assert on Windows
- - JDK-8198339: Test javax/swing/border/Test6981576.java is unstable
- - JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801
- - JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740
- - JDK-8203672: JNI exception pending in PlainSocketImpl.c
- - JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398
- - JDK-8204834: Fix confusing "allocate" naming in OopStorage
- - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
- - JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure
- - JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
- - JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M
- - JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages
- - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
- - JDK-8209333: Socket reset issue for TLS 1.3 socket close
- - JDK-8209439: C2 library_call can potentially ignore Math.pow intrinsic or use null pointer
- - JDK-8209534: [TESTBUG]runtime/appcds/cacheObject/ArchivedModuleCompareTest.java fails with EnableJVMCI.
- - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
- - JDK-8210284: "assert((av & 0x00000001) == 0) failed: unsupported V8" on Solaris 11.4
- - JDK-8210303: VM_HandshakeAllThreads fails assert with "failed: blocked and not walkable"
- - JDK-8210515: [TESTBUG]CheckArchivedModuleApp.java needs to check if EnableJVMCI is set.
- - JDK-8210788: Javadoc for Thread.join(long, int) should specify that it waits forever when both arguments are zero
- - JDK-8211301: [macos] support full window content options
- - JDK-8211332: Space for stub routines (code_size2) is too small on new Skylake CPUs
- - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
- - JDK-8211392: compiler/profiling/spectrapredefineclass_classloaders/Launcher.java times out in JDK12 CI
- - JDK-8211743: [AOT] crash in ScopeDesc::decode_body() when JVMTI walks AOT frames
- - JDK-8212154: [TESTBUG] CheckArchivedModuleApp fails with NPE when JVMCI is absent
- - JDK-8212167: JShell : Stack trace of exception has wrong line number
- - JDK-8212933: Thread-SMR: requesting a VM operation whilst holding a ThreadsListHandle can cause deadlocks
- - JDK-8212986: Make Visual Studio compiler check less strict
- - JDK-8213250: CDS archive creation aborts due to metaspace object allocation failure
- - JDK-8213516: jck test api/javax_accessibility/AccessibleState/fields.html fails intermittent
- - JDK-8213947: ARM32: failed check_simd should set UsePopCountInstruction to false
- - JDK-8214418: half-closed SSLEngine status may cause application dead loop
- - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
- - JDK-8214444: Wrong strncat limits in dfa.cpp
- - JDK-8214481: freetype path does not disable TrueType hinting with AA+FM hints
- - JDK-8214571: -Xdoclint of array serialField gives "error: array type not allowed here"
- - JDK-8214856: Errors with JSZip in web console after upgrade to 3.1.5
- - JDK-8214862: assert(proj != __null) at compile.cpp:3251
- - JDK-8215369: Jcstress pollute /var/tmp with temporary files.
- - JDK-8215551: Missing case label in nmethod::reloc_string_for()
- - JDK-8215555: TieredCompilation C2 threads can excessively block handshakes
- - JDK-8215711: Missing key_share extension for (EC)DHE key exchange should alert missing_extension
- - JDK-8216151: [Graal] Module jdk.internal.vm.compiler.management has not been granted accessClassInPackage.org.graalvm.compiler.debug
- - JDK-8216154: C4819 warnings at HotSpot sources on Windows
- - JDK-8216541: CompiledICHolders of VM locked unloaded nmethods are released too late
- - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
- - JDK-8217404: --with-jvm-features doesn't work when multiple features are explicitly disabled
- - JDK-8217447: Develop flag TraceICs is broken
- - JDK-8217606: LdapContext#reconnect always opens a new connection
- - JDK-8218807: Compilation database (compile_commands.json) may contain obsolete items
- - JDK-8219214: Infinite Loop in CodeSection::dump()
- - JDK-8219904: ClassCastException when calling FlightRecorderMXBean#getRecordings()
- - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
- - JDK-8221121: applications/microbenchmarks are encountering crashes in tier5
- - JDK-8221445: FastSysexMessage constructor crashes MIDI receiption thread
- - JDK-8221482: Initialize VMRegImpl::regName[] earlier to prevent assert during PrintStubCode
- - JDK-8221741: ClassCastException can happen when fontconfig.properties is used
- - JDK-8221823: Requested JDialog width is ignored
- - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
- - JDK-8223935: PIT: java/awt/font/WindowsIndicFonts.java fails on windows10
- - JDK-8224109: Text spaced incorrectly by drawString under rotation with fractional metric
- - JDK-8224632: testbug: java/awt/dnd/RemoveDropTargetCrashTest/RemoveDropTargetCrashTest.java fails on MacOS
- - JDK-8224793: os::die() does not honor CreateCoredumpOnCrash option
- - JDK-8224847: gc/stress/TestReclaimStringsLeaksMemory.java fails with reserved greater than expected
- - JDK-8224931: disable JAOTC invokedynamic support until 8223533 is fixed
- - JDK-8224997: ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException
- - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
- - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
- - JDK-8225126: Test SetBoundsPaintTest.html faild on Windows when desktop is scaled
- - JDK-8225325: Add tests for redefining a class' private method during resolution of the bootstrap specifier
- - JDK-8225622: [AOT] runtime/SharedArchiveFile/TestInterpreterMethodEntries.java crashed with AOTed java.base
- - JDK-8225653: Provide more information when hitting SIGILL from HaltNode
- - JDK-8225783: Incorrect use of binary operators on booleans in type.cpp
- - JDK-8225789: Empty method parameter type should generate ClassFormatError
- - JDK-8226198: use of & instead of && in LibraryCallKit::arraycopy_restore_alloc_state
- - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
- - JDK-8226653: [accessibility] Can edit text cell correctly, but Accessibility Tool reads nothing about editor
- - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
- - JDK-8226879: Memory leak in Type::hashcons
- - JDK-8227632: Incorrect PrintCompilation message: made not compilable on levels 0 1 2 3 4
- - JDK-8228407: JVM crashes with shared archive file mismatch
- - JDK-8228482: fix xlc16/xlclang comparison of distinct pointer types and string literal conversion warnings
- - JDK-8228757: Fail fast if the handshake type is unknown
- - JDK-8229158: make UseSwitchProfiling non-experimental or false by-default
- - JDK-8229421: The logic of java/net/ipv6tests/TcpTest.java is flawed
- - JDK-8229855: C2 fails with assert(false) failed: bad AD file
- - JDK-8230591: AArch64: Missing intrinsics for Math.ceil, floor, rint
- - JDK-8231118: ARM32: Math tests failures
- - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
- - JDK-8231243: [TESTBUG] CustomFont.java cannot find font file
- - JDK-8231438: [macOS] Dark mode for the desktop is not supported
- - JDK-8231550: C2: ShouldNotReachHere() in verify_strip_mined_scheduling
- - JDK-8231564: setMaximizedBounds is broken with large display scale and multiple monitors
- - JDK-8231572: Use -lobjc instead of -fobjc-link-runtime in libosxsecurity
- - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
- - JDK-8231671: Fix copyright headers in hotspot (missing comma after year)
- - JDK-8231720: Some perf regressions after 8225653
- - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
- - JDK-8231863: Crash if classpath is read from @argument file and the main gets option argument
- - JDK-8232080: jlink plugins for vendor information and run-time options
- - JDK-8232106: [x86] C2: SIGILL due to usage of SSSE3 instructions on processors which don't support it
- - JDK-8232134: Change to Visual Studio 2017 15.9.16 for building on Windows at Oracle
- - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
- - JDK-8232357: Compare version info of Santuario to legal notice
- - JDK-8232572: Add hooks for custom output dir in Bundles.gmk
- - JDK-8232634: Problem List ICMColorDataTest.java
- - JDK-8232748: Build static versions of certain JDK libraries
- - JDK-8232846: ProcessHandle.Info command with non-English shows question marks
- - JDK-8233033: C2 produces wrong result while unswitching a loop due to lost control dependencies
- - JDK-8233137: runtime/ErrorHandling/VeryEarlyAssertTest.java fails after 8232080
- - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
- - JDK-8233291: [TESTBUG] tools/jlink/plugins/VendorInfoPluginsTest.java fails with debug or non-server VMs
- - JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp
- - JDK-8233573: Toolkit.getScreenInsets(GraphicsConfiguration) may throw ClassCastException
- - JDK-8233608: Minimal build broken after JDK-8233494
- - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
- - JDK-8233696: [TESTBUG]Some jtreg tests fail when CAPS_LOCK is ON
- - JDK-8233707: systemScale.cpp could not compile with VS2019
- - JDK-8233801: GCMEmptyIv.java test fails on Solaris 11.4
- - JDK-8233880: Support compilers with multi-digit major version numbers
- - JDK-8233920: MethodHandles::tryFinally generates illegal bytecode for long/double return type
- - JDK-8234137: The "AutoTestOnTop.java" test may run external applications
- - JDK-8234146: compiler/jsr292/ContinuousCallSiteTargetChange.java times out on SPARC
- - JDK-8234184: [TESTBUG] java/awt/Mouse/EnterExitEvents/ModalDialogEnterExitEventsTest.java fails in Windows
- - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
- - JDK-8234332: [TESTBUG] java/awt/Focus/DisposedWindow/DisposeDialogNotActivateOwnerTest/DisposeDialogNotActivateOwnerTest.java fails on linux-x64 nightly
- - JDK-8234398: Replace ID2D1Factory::GetDesktopDpi with GetDeviceCaps
- - JDK-8234522: [macos] Crash with use of native file dialog
- - JDK-8234691: Potential double-free in ParallelSPCleanupTask constructor
- - JDK-8234696: tools/jlink/plugins/VendorInfoPluginsTest.java times out
- - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
- - JDK-8234728: Some security tests should support TLSv1.3
- - JDK-8234779: Provide idiom for declaring classes noncopyable
- - JDK-8234968: check calloc rv in libinstrument InvocationAdapter
- - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
- - JDK-8235183: Remove the "HACK CODE" in comment
- - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
- - JDK-8235311: Tag mismatch may alert bad_record_mac
- - JDK-8235332: TestInstanceCloneAsLoadsStores.java fails with -XX:+StressGCM
- - JDK-8235452: Strip mined loop verification fails with assert(is_OuterStripMinedLoop()) failed: invalid node class
- - JDK-8235584: UseProfiledLoopPredicate fails with assert(_phase->get_loop(c) == loop) failed: have to be in the same loop
- - JDK-8235620: Broken merge between JDK-8006406 and JDK-8003559
- - JDK-8235638: NPE in LWWindowPeer.getOnscreenGraphics()
- - JDK-8235686: Add more custom hooks in Bundles.gmk
- - JDK-8235739: Rare NPE at WComponentPeer.getGraphics()
- - JDK-8235762: JVM crash in SWPointer during C2 compilation
- - JDK-8235834: IBM-943 charset encoder needs updating
- - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
- - JDK-8235908: omit ThreadPriorityPolicy warning when value is set from image
- - JDK-8235984: C2: assert(out->in(PhiNode::Region) == head || out->in(PhiNode::Region) == slow_head) failed: phi must be either part of the slow or the fast loop
- - JDK-8236211: [Graal] compiler/graalunit/GraphTest.java is skipped in all testing
- - JDK-8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId
- - JDK-8236545: Compilation error in mach5 java/awt/FileDialog/MacOSGoToFolderCrash.java
- - JDK-8236700: Upgrading JSZip from v3.1.5 to v3.2.2
- - JDK-8236759: ShouldNotReachHere in PhaseIdealLoop::verify_strip_mined_scheduling
- - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
- - JDK-8236921: Add build target to produce a JDK image suitable for a Graal/SVM build
- - JDK-8236953: [macos] JavaFX SwingNode is not rendered on macOS
- - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
- - JDK-8237045: JVM uses excessive memory with -XX:+EnableJVMCI -XX:JVMCICounterSize=2147483648
- - JDK-8237055: [TESTBUG] compiler/c2/TestJumpTable.java fails with release VMs
- - JDK-8237086: assert(is_MachReturn()) running CTW with fix for JDK-8231291
- - JDK-8237192: Generate stripped/public pdbs on Windows for jdk images
- - JDK-8237396: JvmtiTagMap::weak_oops_do() should not trigger barriers
- - JDK-8237474: Default SSLEngine should create in server role
- - JDK-8237859: C2: Crash when loads float above range check
- - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
- - JDK-8237962: give better error output for invalid OCSP response intervals in CertPathValidator checks
- - JDK-8238190: [JVMCI] Fix single implementor speculation for diamond shapes.
- - JDK-8238356: CodeHeap::blob_count() overestimates the number of blobs
- - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
- - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
- - JDK-8238575: DragSourceEvent.getLocation() returns wrong value on HiDPI screens (Windows)
- - JDK-8238676: jni crashes on accessing it from process exit hook
- - JDK-8238721: Add failing client jtreg tests to the Problem List
- - JDK-8238738: AudioSystem.getMixerInfo() takes about 30 sec to report a gone audio device
- - JDK-8238756: C2: assert(((n) == __null || !VerifyIterativeGVN || !((n)->is_dead()))) failed: can not use dead node
- - JDK-8238765: PhaseCFG::schedule_pinned_nodes cannot handle precedence edges from unmatched CFG nodes correctly
- - JDK-8238898: Missing hash characters for header on license file
- - JDK-8238942: Rendering artifacts with LCD text and fractional metrics
- - JDK-8238985: [TESTBUG] The arrow image is blue instead of green
- - JDK-8239000: handle ContendedPaddingWidth in vm_version_ppc
- - JDK-8239055: Wrong implementation of VMState.hasListener
- - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
- - JDK-8239142: C2's UseUniqueSubclasses optimization is broken for array accesses
- - JDK-8239224: libproc_impl.c previous_thr may be used uninitialized warning
- - JDK-8239351: Give more meaningful InternalError messages in Deflater.c
- - JDK-8239365: ProcessBuilder test modifications for AIX execution
- - JDK-8239456: vtable stub generation: assert failure (code size estimate)
- - JDK-8239457: call ReleaseStringUTFChars before early returns in Java_sun_security_pkcs11_wrapper_PKCS11_connect
- - JDK-8239462: jdk.hotspot.agent misses some ReleaseStringUTFChars calls in case of early returns
- - JDK-8239557: [TESTBUG] VeryEarlyAssertTest.java validating "END." marker at lastline is not always true
- - JDK-8239787: AArch64: String.indexOf may incorrectly handle empty strings
- - JDK-8239792: Bump update version for OpenJDK: jdk-11.0.8
- - JDK-8239798: SSLSocket closes socket both socket endpoints on a SocketTimeoutException
- - JDK-8239819: XToolkit: Misread of screen information memory
- - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
- - JDK-8239893: Windows handle Leak when starting processes using ProcessBuilder
- - JDK-8239915: Zero VM crashes when handling dynamic constant
- - JDK-8239931: [win][x86] vtable stub generation: assert failure (code size estimate) follow-up
- - JDK-8239976: Put JDK-8239965 on the ProblemList.txt
- - JDK-8240073: Fix 'test-make' build target in 11u
- - JDK-8240197: Cannot start JVM when $JAVA_HOME includes CJK characters
- - JDK-8240202: A few client tests leave mouse buttons pressed
- - JDK-8240220: IdealLoopTree::dump_head predicate printing is broken
- - JDK-8240223: Use consistent predicate order in and with PhaseIdealLoop::find_predicate
- - JDK-8240227: Loop predicates should be copied to unswitched loops
- - JDK-8240286: [TESTBUG] Test command error in hotspot/jtreg/compiler/loopopts/superword/SumRedAbsNeg_Float.java
- - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
- - JDK-8240529: CheckUnhandledOops breaks NULL check in Modules::define_module
- - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
- - JDK-8240603: Windows 32bit compile error after 8238676
- - JDK-8240629: argfiles parsing broken for argfiles with comment cross 4096 bytes chunk
- - JDK-8240711: TestJstatdPort.java failed due to "ExportException: Port already in use:"
- - JDK-8240786: [TESTBUG] The test java/awt/Window/GetScreenLocation/GetScreenLocationTest.java fails on HiDPI screen
- - JDK-8240824: enhance print_full_memory_info on Linux by THP related information
- - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
- - JDK-8240905: assert(mem == (Node*)1 || mem == mem2) failed: multiple Memories being matched at once?
- - JDK-8240972: macOS codesign fail on macOS 10.13.5 or older
- - JDK-8241445: Fix copyright in test/jdk/tools/launcher/ArgFileSyntax.java
- - JDK-8241458: [JVMCI] add mark value to expose CodeOffsets::Frame_Complete
- - JDK-8241464: [11u] Backport: make rehashing be a needed guaranteed safepoint cleanup action
- - JDK-8241556: Memory leak if -XX:CompileCommand is set
- - JDK-8241568: (fs) UserPrincipalLookupService.lookupXXX failure with IOE "Operation not permitted"
- - JDK-8241586: compiler/cpuflags/TestAESIntrinsicsOnUnsupportedConfig.java fails on aarch64
- - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
- - JDK-8241660: Add virtualization information output to hs_err file on macOS
- - JDK-8241808: [TESTBUG] The JDK-8039467 bug appeared on macOS
- - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
- - JDK-8241900: Loop unswitching may cause dependence on null check to be lost
- - JDK-8241948: enhance list of environment variables printed in hs_err file
- - JDK-8241996: on linux set full relro in the linker flags
- - JDK-8242108: Performance regression after fix for JDK-8229496
- - JDK-8242141: New System Properties to configure the TLS signature schemes
- - JDK-8242154: Backport parts of JDK-4947890 to OpenJDK 11u
- - JDK-8242174: [macos] The NestedModelessDialogTest test make the macOS unstable
- - JDK-8242239: [Graal] javax/management/generified/GenericTest.java fails: FAILED: queryMBeans sets same
- - JDK-8242294: JSSE Client does not throw SSLException when an alert occurs during handshaking
- - JDK-8242379: [TESTBUG] compiler/loopopts/TestLoopUnswitchingLostCastDependency.java fails with release VMs
- - JDK-8242470: Update Xerces to Version 2.12.1
- - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
- - JDK-8242541: Small charset issues (ISO8859-16, x-eucJP-Open, x-IBM834 and x-IBM949C)
- - JDK-8242626: enhance posix print_rlimit_info
- - JDK-8243059: Build fails when --with-vendor-name contains a comma
- - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
- - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
- - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
- - JDK-8244520: problemlist java/awt/font/Rotate/RotatedFontTest.java on linux
- - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
- - JDK-8244853: The static build of libextnet is missing the JNI_OnLoad_extnet function
- - JDK-8244951: Missing entitlements for hardened runtime
- - JDK-8245047: [PPC64] C2: ReverseBytes + Load always match to unordered Load (acquire semantics missing)
- - JDK-8245649: Revert 8245397 backport of 8230591
- - JDK-8246031: SSLSocket.getSession() doesn't close connection for timeout/ interrupts
- - JDK-8246613: Choose the default SecureRandom algo based on registration ordering
- - JDK-8248505: Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider
-
-Notes on individual issues:
-===========================
-
-security-libs/java.security:
-
-JDK-8244167: Removal of Comodo Root CA Certificate
-==================================================
-The following expired Comodo root CA certificate was removed from the `cacerts` keystore: +
-alias name "addtrustclass1ca [jdk]"
-
-Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
-
-JDK-8244166: Removal of DocuSign Root CA Certificate
-====================================================
-The following expired DocuSign root CA certificate was removed from the `cacerts` keystore: +
-alias name "keynectisrootca [jdk]"
-
-Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
-
-security-libs/javax.crypto:pkcs11:
-
-JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
-============================================================================================================================
-The SunPKCS11 security provider can now be initialized with NSS when
-FIPS-enabled external modules are configured in the Security Modules
-Database (NSSDB). Prior to this change, the SunPKCS11 provider would
-throw a RuntimeException with the message: "FIPS flag set for
-non-internal module" when such a library was configured for NSS in
-non-FIPS mode.
-
-This change allows the JDK to work properly with recent NSS releases
-in GNU/Linux operating systems when the system-wide FIPS policy is
-turned on.
-
-Further information can be found in JDK-8238555.
-
-security-libs/javax.net.ssl:
-
-JDK-8245077: Default SSLEngine Should Create in Server Role
-===========================================================
-In JDK 11 and later, `javax.net.ssl.SSLEngine` by default used client
-mode when handshaking. As a result, the set of default enabled
-protocols may differ to what is expected. `SSLEngine` would usually be
-used in server mode. From this JDK release onwards, `SSLEngine` will
-default to server mode. The
-`javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)` method may
-be used to configure the mode.
-
-JDK-8242147: New System Properties to Configure the TLS Signature Schemes
-=========================================================================
-
-Two new System Properties are added to customize the TLS signature
-schemes in JDK. `jdk.tls.client.SignatureSchemes` is added for TLS
-client side, and `jdk.tls.server.SignatureSchemes` is added for server
-side.
-
-Each System Property contains a comma-separated list of supported
-signature scheme names specifying the signature schemes that could be
-used for the TLS connections.
-
-The names are described in the "Signature Schemes" section of the
-*Java Security Standard Algorithm Names Specification*.
-
-New in release OpenJDK 11.0.7 (2020-04-14):
-===========================================
-Live versions of these release notes can be found at:
- * https://bitly.com/oj1107
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.7.txt
-
-* Security fixes
- - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
- - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
- - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
- - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
- - JDK-8225603: Enhancement for big integers
- - JDK-8226346: Build better binary builders
- - JDK-8227467: Better class method invocations
- - JDK-8227542: Manifest improved jar headers
- - JDK-8229733: TLS message handling improvements
- - JDK-8231415, CVE-2020-2773: Better signatures in XML
- - JDK-8231785: Improved socket permissions
- - JDK-8232424, CVE-2020-2778: More constrained algorithms
- - JDK-8232581, CVE-2020-2767: Improve TLS verification
- - JDK-8233250: Better X11 rendering
- - JDK-8233410: Better Build Scripting
- - JDK-8234027: Better JCEKS key support
- - JDK-8234408, CVE-2020-2781: Improve TLS session handling
- - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
- - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
- - JDK-8235274, CVE-2020-2805: Enhance typing of methods
- - JDK-8235691, CVE-2020-2816: Enhance TLS connectivity
- - JDK-8236201, CVE-2020-2830: Better Scanner conversions
- - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
-* Other changes
- - JDK-4919790: Errors in alert ssl message does not reflect the actual certificate status
- - JDK-4949105: Access Bridge lacks html tags parsing
- - JDK-7092821: java.security.Provider.getService() is synchronized and became scalability bottleneck
- - JDK-7143743: Potential memory leak with zip provider
- - JDK-8005819: Support cross-realm MSSFU
- - JDK-8042383: [TEST_BUG] Test javax/swing/plaf/basic/BasicMenuUI/4983388/bug4983388.java fails with shortcuts on menus do not work
- - JDK-8068184: Fix for JDK-8032832 caused a deadlock
- - JDK-8145845: [AOT] NullPointerException in compiler/whitebox/GetCodeHeapEntriesTest.java
- - JDK-8152988: [AOT] Update test batch definitions to include aot-ed java.base module mode into hs-comp testing
- - JDK-8160926: FLAGS_COMPILER_CHECK_ARGUMENTS doesn't handle cross-compilation
- - JDK-8163083: SocketListeningConnector does not allow invocations with port 0
- - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
- - JDK-8167276: jvmci/compilerToVM/MaterializeVirtualObjectTest.java fails with -XX:-EliminateAllocations
- - JDK-8169718: nsk/jdb/locals/locals002: ERROR: Cannot find boolVar with expected value: false
- - JDK-8176556: java/awt/dnd/ImageTransferTest/ImageTransferTest.java fails for JFIF
- - JDK-8178798: Two compiler/aot/verification/vmflags tests fail by timeout with UseAVX=3
- - JDK-8183107: PKCS11 regression regarding checkKeySize
- - JDK-8185005: Improve performance of ThreadMXBean.getThreadInfo(long ids[], int maxDepth)
- - JDK-8189633: Missing -Xcheck:jni checking for DeleteWeakGlobalRef
- - JDK-8189861: Refactor CacheFind
- - JDK-8193042: NativeLookup::lookup_critical_entry() should only load shared library once
- - JDK-8193596: java/net/DatagramPacket/ReuseBuf.java failed due to timeout
- - JDK-8194944: Regression automated test 'open/test/jdk/javax/swing/JInternalFrame/8145896/TestJInternalFrameMaximize.java' fails
- - JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails
- - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
- - JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
- - JDK-8198398: Test javax/swing/JColorChooser/Test6199676.java fails in mach5
- - JDK-8199072: Test javax/swing/GroupLayout/6613904/bug6613904.java is unstable
- - JDK-8200432: javadoc fails with ClassCastException on {@link byte[]}
- - JDK-8201349: build broken when configured with --with-zlib=bundled on gcc 7.3
- - JDK-8201355: Avoid native memory allocation in sun.security.mscapi.PRNG.generateSeed
- - JDK-8201513: nsk/jvmti/IterateThroughHeap/filter-* are broken
- - JDK-8203364: Some serviceability/sa/ tests intermittently fail with java.io.IOException: LingeredApp terminated with non-zero exit code 3
- - JDK-8203687: javax/net/ssl/compatibility/Compatibility.java supports TLS 1.3
- - JDK-8203904: javax/swing/JSplitPane/4816114/bug4816114.java: The divider location is wrong
- - JDK-8203911: Test runtime/modules/getModuleJNI/GetModule fails with -Xcheck:jni
- - JDK-8204525: [TESTBUG] runtime/NMT/MallocStressTest.java ran out of java heap
- - JDK-8204529: gc/TestAllocateHeapAtMultiple.java fail with Agent 7 timed out
- - JDK-8204551: Event descriptions are truncated in logs
- - JDK-8206963: [AOT] bug with multiple class loaders
- - JDK-8207367: 10 vmTestbase/nsk/jdi tests timed out when running with jtreg
- - JDK-8207832: serviceability/sa/ClhsdbCDSCore.java failed with "Couldn't find core file location"
- - JDK-8207938: At step6,Click Add button,case failed automatically.
- - JDK-8208157: requires.VMProps throws NPE for missing properties in "release" file
- - JDK-8208379: compiler/jvmci/events/JvmciNotifyInstallEventTest.java failed with "Got unexpected event count after 2nd install attempt: expected 9 to equal 2"
- - JDK-8208658: Make CDS archived heap regions usable even if compressed oop encoding has changed
- - JDK-8208715: Conversion of milliseconds to nanoseconds in UNIXProcess contains bug
- - JDK-8209361: [AOT] Unexpected number of references for JVMTI_HEAP_REFERENCE_CONSTANT_POOL [111-->111]: 0 (expected at least 1)
- - JDK-8209385: CDS runtime classpath checking is too strict when only classes from the system modules are archived
- - JDK-8209389: SIGSEGV in WalkOopAndArchiveClosure::do_oop_work.
- - JDK-8209418: Synchronize test/jdk/sanity/client/lib/jemmy with code-tools/jemmy/v2
- - JDK-8209494: Create a test for SwingSet InternalFrameDemo
- - JDK-8209499: Create test for SwingSet EditorPaneDemo
- - JDK-8209574: [AOT] breakpoint events are generated in different threads does not meet expected count
- - JDK-8209686: cleanup arguments to PhaseIdealLoop() constructor
- - JDK-8209789: Synchronize test/jdk/sanity/client/lib/jemmy with code-tools/jemmy/v2
- - JDK-8209802: Garbage collectors should register JFR types themselves to avoid build errors.
- - JDK-8209807: improve handling exception in requires.VMProps
- - JDK-8209817: stack is executable when building with Clang on Linux
- - JDK-8209824: Improve the code coverage for ThreadLocal
- - JDK-8209826: Undefined reference to os::write after JDK-8209657 (filemap.hpp cleanup)
- - JDK-8209850: Allow NamedThreads to use GlobalCounter critical sections
- - JDK-8209976: Improve iteration over non-JavaThreads
- - JDK-8209993: Create a test for SwingSet3 ToolTipDemo
- - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
- - JDK-8210052: Enable testing for all the available look and feels in SwingSet3 demo tests
- - JDK-8210055: Enable different look and feel tests in SwingSet3 demo tests
- - JDK-8210057: Enable different look and feels in SwingSet3 demo test InternalFrameDemoTest
- - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
- - JDK-8210220: [AOT] jdwp test cases are failing with error # ERROR: TEST FAILED: Cought IOException while receiving event packet
- - JDK-8210289: ArchivedKlassSubGraphInfoRecord is incomplete
- - JDK-8210459: Add support for generating compile_commands.json
- - JDK-8210476: sun/security/mscapi/PrngSlow.java fails with Still too slow
- - JDK-8210512: [Testbug] vmTestbase/nsk/jdi/ObjectReference/referringObjects/referringObjects002/referringObjects002.java fails with unexpected size of ClassLoaderReference.referringObjects
- - JDK-8210523: runtime/appcds/cacheObject/DifferentHeapSizes.java crash
- - JDK-8210632: Add key exchange algorithm to javax/net/ssl/TLSCommon/CipherSuite.java
- - JDK-8210699: Problem list tests which times out in Xcomp mode
- - JDK-8210793: [JVMCI] AllocateCompileIdTest.java failed to find DiagnosticCommand.class
- - JDK-8210910: Create test for FileChooserDemo
- - JDK-8210994: Create test for SwingSet3 FrameDemo
- - JDK-8211139: Increase timeout value in all tests under jdk/sanity/client/SwingSet/src
- - JDK-8211160: Handle different look and feels in JInternalFrameOperator
- - JDK-8211211: vmTestbase/metaspace/stressDictionary/StressDictionary.java timeout
- - JDK-8211322: Reduce the timeout of tooltip in SwingSet2DemoTest
- - JDK-8211443: Enable different look and feels in SwingSet3 demo test SplitPaneDemoTest
- - JDK-8211703: JInternalFrame : java.lang.AssertionError: cannot find the internal frame
- - JDK-8211781: re-building fails after changing Graal sources
- - JDK-8212897: Some improvements in the EditorPaneDemotest
- - JDK-8212903: [TestBug] Tests test/jdk/javax/swing/LookAndFeel/8145547/DemandGTK2.sh and DemandGTK3.sh fail on Ubuntu 18.04 LTS
- - JDK-8213009: Refactoring existing SunMSCAPI classes
- - JDK-8213010: Supporting keys created with certmgr.exe
- - JDK-8213168: Enable different look and feel tests in SwingSet3 demo test FileChooserDemoTest
- - JDK-8213348: jdk.internal.vm.compiler.management service providers missing in module descriptor
- - JDK-8213906: Update arm devkits with libXrandr headers
- - JDK-8213908: AssertionError in DeferredAttr at setOverloadKind
- - JDK-8214124: [TESTBUG] Bugs in runtime/NMT/MallocStressTest.java
- - JDK-8214344: C2: assert(con.basic_type() != T_ILLEGAL) failed: elembt=byte; loadbt=void; unsigned=0
- - JDK-8214345: infinite recursion while checking super class
- - JDK-8214471: Enable different look and feel tests in SwingSet3 demo test ToolTipDemoTest
- - JDK-8214534: Setting of THIS_FILE in the build is broken
- - JDK-8214557: Filter out VM flags which don't affect AOT code generation
- - JDK-8214578: [macos] Problem with backslashes on macOS/JIS keyboard: Java ignores system settings
- - JDK-8214840: runtime/NMT/MallocStressTest.java timed out
- - JDK-8214850: Rename vm_operations.?pp files to vmOperations.?pp files
- - JDK-8214904: Test8004741.java failed due to "Too few ThreadDeath hits; expected at least 6 but saw only 5"
- - JDK-8215322: add @file support to jaotc
- - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
- - JDK-8215396: JTabbedPane preferred size calculation is wrong for SCROLL_TAB_LAYOUT
- - JDK-8216180: [AOT] compiler/intrinsics/bigInteger/TestMulAdd.java crashed with AOT enabled
- - JDK-8216353: Use utility APIs introduced in org/netbeans/jemmy/util/LookAndFeel class in client sanity test cases
- - JDK-8216354: Syntax error in toolchain_windows.m4
- - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
- - JDK-8216535: tools/jimage/JImageExtractTest.java timed out
- - JDK-8217235: Create automated test for SwingSet ColorChooserDemoTest
- - JDK-8217297: Add support for multiple look and feel for SwingSet SliderDemoTest
- - JDK-8217338: [Containers] Improve systemd slice memory limit support
- - JDK-8217613: [AOT] TEST_OPTS_AOT_MODULES doesn't work on mac
- - JDK-8217634: RunTest documentation and usability update
- - JDK-8217717: ZGC: Broken oop map in C1 load barrier stub
- - JDK-8217728: Speed up incremental rerun of "make hotspot"
- - JDK-8218268: Javac treats Manifest Class-Path entries as Paths instead of URLs
- - JDK-8218662: Allow 204 responses with Content-Length:0
- - JDK-8218882: NET_Writev is declared, NET_WriteV is defined
- - JDK-8218889: Improperly use of the Optional API
- - JDK-8219205: JFR file without license header
- - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
- - JDK-8219723: javax/net/ssl/compatibility/Compatibility.java failed on some SNI cases
- - JDK-8220348: [ntintel] asserts about copying unaligned array
- - JDK-8220451: jdi/EventQueue/remove/remove004 failed due to "ERROR: thread2 is not alive"
- - JDK-8220456: jdi/EventQueue/remove_l/remove_l004 failed due to "TIMEOUT while waiting for event"
- - JDK-8220479: java/nio/channels/Selector/SelectWithConsumer.java failed at testTwoChannels()
- - JDK-8220613: java/util/Arrays/TimSortStackSize2.java times out with fastdebug build
- - JDK-8220688: [TESTBUG] runtime/NMT/MallocStressTest.java timed out
- - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
- - JDK-8221270: Duplicated synchronized keywords in SSLSocketImpl
- - JDK-8221312: test/jdk/sanity/client/SwingSet/src/ColorChooserDemoTest.java failed
- - JDK-8221851: Use of THIS_FILE in hotspot invalidates precompiled header on Linux/GCC
- - JDK-8221885: Add intermittent test in the JavaSound to the ProblemList
- - JDK-8222264: Windows incremental build is broken with JDK-8217728
- - JDK-8222391: javax/net/ssl/compatibility/Compatibility.java should be more flexible
- - JDK-8222448: java/lang/reflect/PublicMethods/PublicMethodsTest.java times out
- - JDK-8222519: ButtonDemoScreenshotTest fails randomly with "still state to be reached"
- - JDK-8222741: jdi/EventQueue/remove/remove004 fails due to VMDisconnectedException
- - JDK-8223003: SunMSCAPI keys are not cleaned up
- - JDK-8223063: Support CNG RSA keys
- - JDK-8223158: Docked MacBook cannot start any Java Swing applications
- - JDK-8223260: NamingManager should cache InitialContextFactory
- - JDK-8223464: Improve version string for Oracle CI builds
- - JDK-8223558: Java does not render Myanmar script correctly
- - JDK-8223627: jdk-13+20 bundle name contains null instead of ea
- - JDK-8223638: Replace wildcard address with loopback or local host in tests - part 6
- - JDK-8223678: Add Visual Studio Code workspace generation support (for native code)
- - JDK-8223727: com/sun/jndi/ldap/privconn/RunTest.java failed due to hang in LdapRequest.getReplyBer
- - JDK-8223769: Assert triggers with -XX:+StressReflectiveCode
- - JDK-8224187: Refactor arraycopy_prologue to allow ZGC read barriers on arraycopy
- - JDK-8224475: JTextPane does not show images in HTML rendering
- - JDK-8224673: Adjust permission for delayed starting of debugging
- - JDK-8224705: Tests that need to be problem-listed or have printer resources
- - JDK-8224778: test/jdk/demo/jfc/J2Ddemo/J2DdemoTest.java cannot find J2Ddemo.jar
- - JDK-8224821: java/awt/Focus/NoAutotransferToDisabledCompTest/NoAutotransferToDisabledCompTest.java fails linux-x64
- - JDK-8224830: test/jdk/java/awt/Focus/ModalExcludedWindowClickTest/ModalExcludedWindowClickTest.java fails on linux-x64
- - JDK-8224851: AArch64: fix warnings and errors with Clang and GCC 8.3
- - JDK-8224905: java/lang/ProcessBuilder/Basic.java#id1 failed with stream closed
- - JDK-8225007: java/awt/print/PrinterJob/LandscapeStackOverflow.java may hang
- - JDK-8225105: java/awt/Focus/ShowFrameCheckForegroundTest/ShowFrameCheckForegroundTest.java fails in Windows 10
- - JDK-8225117: java/math/BigInteger/SymmetricRangeTests.java fails with ParseException
- - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
- - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
- - JDK-8225144: [macos] In Aqua L&F backspace key does not delete when Shift is pressed
- - JDK-8225180: SignedObject with invalid Key not throwing the InvalidKeyException in Windows
- - JDK-8225182: JNI exception pending in DestroyXIMCallback of awt_InputMethod.c:1327
- - JDK-8225199: [Graal] compiler/jvmci/compilerToVM/IsMatureVsReprofileTest.java fails with -XX:CompileThresholdScaling=0.1
- - JDK-8225305: ProblemList java/lang/invoke/VarHandles tests
- - JDK-8225350: compiler/jvmci/compilerToVM/IsCompilableTest.java timed out
- - JDK-8225430: Replace wildcard address with loopback or local host in tests - part 14
- - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
- - JDK-8225487: giflib legal file is missing attribution for openbsd-reallocarray.c
- - JDK-8225567: Wrong file headers with 8202414 fix changeset
- - JDK-8225684: [AOT] vmTestbase/vm/oom/production/AlwaysOOMProduction tests fail with AOTed java.base
- - JDK-8225766: Curve in certificate should not affect signature scheme when using TLSv1.3
- - JDK-8225797: OldObjectSample event creates unexpected amount of checkpoint data
- - JDK-8226381: ProblemList java/lang/reflect/PublicMethods/PublicMethodsTest.java
- - JDK-8226406: JVM fails to detect mismatched or corrupt CDS archive
- - JDK-8226608: Hide the onjcmd option from the help output
- - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
- - JDK-8227112: exclude compiler/intrinsics/sha/sanity tests from AOT runs
- - JDK-8227324: Upgrade to freetype 2.10.1
- - JDK-8227528: TestAbortVMOnSafepointTimeout.java failed due to "RuntimeException: 'Safepoint sync time longer than' missing from stdout/stderr"
- - JDK-8227645: Some tests in serviceability/sa run with fixed -Xmx values and risk running out of memory
- - JDK-8227646: [TESTBUG] appcds/SharedArchiveConsistency timed out
- - JDK-8227662: freetype seeks to index at the end of the font data
- - JDK-8228479: Correct the format of ColorChooserDemoTest
- - JDK-8228613: java.security.Provider#getServices order is no longer deterministic
- - JDK-8228969: 2019-09-28 public suffix list update
- - JDK-8229236: CriticalJNINatives: dll handling should be done in native thread state
- - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
- - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
- - JDK-8229994: assert(false) failed: Bad graph detected in get_early_ctrl_for_expensive
- - JDK-8230004: jdk/internal/jimage/JImageOpenTest.java runs no test
- - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
- - JDK-8230390: Problemlist SA tests with AOT
- - JDK-8230400: Missing constant pool entry for a method in stacktrace
- - JDK-8230459: Test failed to resume JVMCI CompilerThread
- - JDK-8230480: check malloc/calloc results in java.desktop
- - JDK-8230597: Update GIFlib library to the 5.2.1
- - JDK-8230611: infinite loop in LogOutputList::wait_until_no_readers()
- - JDK-8230624: [TESTBUG] Problemlist JFR compiler/TestCodeSweeper.java
- - JDK-8230677: Should disable Escape Analysis if JVMTI capability can_get_owned_monitor_info was taken
- - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
- - JDK-8231025: Incorrect method tag offset for big endian platform
- - JDK-8231081: TestMetadataRetention fails due to missing symbol id
- - JDK-8231387: java.security.Provider.getService returns random result due to race condition with mutating methods in the same class
- - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
- - JDK-8231445: check ZALLOC return values in awt coding
- - JDK-8231507: Update Apache Santuario (XML Signature) to version 2.1.4
- - JDK-8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
- - JDK-8231753: use more Posix functionality in aix os::print_os_info
- - JDK-8231810: javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java fails intermittently with "java.lang.Exception: Unexpected EOF"
- - JDK-8232003: (fs) Files.write can leak file descriptor in the exception case
- - JDK-8232056: GetOwnedMonitorInfoWithEATest.java fails with ZGC: Heap too small
- - JDK-8232060: add some initializations using sigemptyset in os_aix.cpp
- - JDK-8232154: Update Mesa 3-D Headers to version 19.2.1
- - JDK-8232167: Visual Studio install found through --with-tools-dir value is discarded
- - JDK-8232170: FSInfo#getJarClassPath throws an exception not declared in its throws clause
- - JDK-8232200: [macos 10.15] Windows in fullscreen tests jumps around the screen
- - JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation
- - JDK-8232224: [TESTBUG] problemlist JFR TestLargeRootSet.java
- - JDK-8232370: Refactor some com.sun.jdi tests to enable IDE integration
- - JDK-8232433: [macos 10.15] java/awt/Window/LocationAtScreenCorner/LocationAtScreenCorner.java may fail
- - JDK-8232571: Add missing SIGINFO signal
- - JDK-8232692: [TESTBUG] compiler/aot/fingerprint/SelfChangedCDS.java fails when cds is disabled
- - JDK-8232713: Update BCEL version to 6.3.1 in license file
- - JDK-8232806: Introduce a system property to disable eager lambda initialization
- - JDK-8232834: RunTest sometimes fails to produce valid exitcode.txt
- - JDK-8232880: Update test documentation with additional settings for client UI tooltip tests
- - JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures.
- - JDK-8233018: Add a new test to verify that DatagramSocket is not interruptible
- - JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit
- - JDK-8233032: assert(in_bb(n)) failed: must be
- - JDK-8233078: fix minimal VM build on Linux ppc64(le)
- - JDK-8233328: fix minimal VM build on Linux s390x
- - JDK-8233383: Various minor fixes
- - JDK-8233466: aarch64: remove unnecessary load of mdo when profiling return and parameters type
- - JDK-8233491: Crash in AdapterHandlerLibrary::get_adapter with CDS due to code cache exhaustion
- - JDK-8233529: loopTransform.cpp:2984: Error: assert(p_f->Opcode() == Op_IfFalse) failed
- - JDK-8233548: Update CUP to v0.11b
- - JDK-8233649: Update ProblemList.txt to exclude failing headful tests on macos
- - JDK-8233656: assert(d->is_CFG() && n->is_CFG()) failed: must have CFG nodes
- - JDK-8233657: Intermittent NPE in Component.validate()
- - JDK-8234288: Turkey Time Zone returns incorrect time zone name
- - JDK-8234323: NULL-check return value of SurfaceData_InitOps on macosx
- - JDK-8234339: replace JLI_StrTok in java_md_solinux.c
- - JDK-8234340: Bump update version for OpenJDK: jdk-11.0.7
- - JDK-8234350: assert(mode == ControlAroundStripMined && (use == sfpt || !use->is_reachable_from_root())) failed: missed a node
- - JDK-8234386: [macos] NPE was thrown at expanding Choice from maximized frame
- - JDK-8234397: add OS uptime information to os::print_os_info output
- - JDK-8234423: Modifying ArrayList.subList().subList() resets modCount of subList
- - JDK-8234466: Class loading deadlock involving X509Factory#commitEvent()
- - JDK-8234501: remove obsolete NET_ReadV
- - JDK-8234525: enable link-time section-gc for linux s390x to remove unused code
- - JDK-8234610: MaxVectorSize set wrongly when UseAVX=3 is specified after JDK-8221092
- - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
- - JDK-8234723: javax/net/ssl/TLS tests support TLSv1.3
- - JDK-8234724: javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java supports TLSv1.3
- - JDK-8234741: enhance os::get_core_path on macOS
- - JDK-8234769: Duplicate attribution in freetype.md
- - JDK-8234786: Fix for JDK-8214578 breaks OS X 10.12 compatibility
- - JDK-8234809: set relro in linker flags when building with gcc
- - JDK-8234824: java/nio/channels/SocketChannel/AdaptSocket.java fails on Windows 10
- - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
- - JDK-8235288: AVX 512 instructions inadvertently used on Xeon for small vector width operations
- - JDK-8235325: build failure on Linux after 8235243
- - JDK-8235383: C1 compilation fails with -XX:+PrintIRDuringConstruction -XX:+Verbose
- - JDK-8235489: handle return values of sscanf calls in hotspot
- - JDK-8235509: Backport for JDK-8209657 Refactor filemap.hpp to simplify integration with Serviceability Agent.
- - JDK-8235510: java.util.zip.CRC32 performance drop after 8200067
- - JDK-8235563: [TESTBUG] appcds/CommandLineFlagComboNegative.java does not handle archive mapping failure
- - JDK-8235637: jhsdb jmap from OpenJDK 11.0.5 doesn't work if prelink is enabled
- - JDK-8235671: enhance print_rlimit_info in os_posix
- - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
- - JDK-8235904: Infinite loop when rendering huge lines
- - JDK-8235998: [c2] Memory leaks during tracing after '8224193: stringStream should not use Resource Area'.
- - JDK-8236039: JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3
- - JDK-8236140: assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it
- - JDK-8236179: C1 register allocation error with T_ADDRESS
- - JDK-8236488: Support for configure option --with-native-debug-symbols=internal is impossible on Windows
- - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
- - JDK-8236709: struct SwitchRange in HS violates C++ One Definition Rule
- - JDK-8236848: [JDK 11u] make run-test-tier1 fails after backport of JDK-8232834
- - JDK-8236873: Worker has a deadlock bug
- - JDK-8237217: Incorrect G1StringDedupEntry type used in StringDedupTable destructor
- - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
- - JDK-8237375: SimpleThresholdPolicy misses CounterDecay timestamp initialization
- - JDK-8237508: Simplify JarFile.isInitializing
- - JDK-8237540: Missing files in backport of JDK-8210910
- - JDK-8237541: Missing files in backport of JDK-8236528
- - JDK-8237600: Test SunJSSEFIPSInit fails on Ubuntu
- - JDK-8237819: s390x - remove unused pd_zero_to_words_large
- - JDK-8237869: exclude jtreg test security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java because of instabilities
- - JDK-8237879: make 4.3 breaks build
- - JDK-8237945: CTW: C2 compilation fails with assert(just_allocated_object(alloc_ctl) == ptr) failed: most recent allo
- - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
- - JDK-8238247: CTW runner should sweep nmethods more aggressively
- - JDK-8238366: CTW runner closes standard output on exit
- - JDK-8238438: SuperWord::co_locate_pack picks memory state of first instead of last load
- - JDK-8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION
- - JDK-8238534: Deep sign macOS bundles before bundle archive is being created
- - JDK-8238591: CTW: Split applications/ctw/modules/jdk_localedata.java
- - JDK-8238596: AVX enabled by default for Skylake even when unsupported
- - JDK-8238811: C2: assert(i >= req() || i == 0 || is_Region() || is_Phi()) with -XX:+VerifyGraphEdges
- - JDK-8239005: [TESTBUG] test/hotspot/jtreg/runtime/StackGuardPages/TestStackGuardPages.java: exeinvoke.c: must initialize static state before calling do_overflow()
- - JDK-8239466: Loss of precision in counter decay calculation in 11u backport of JDK-8237375
- - JDK-8239856: [ntintel] asserts about copying unaligned array element
- - JDK-8240724: [test] jdk11 downport of 8224475 misses binary file test/jdk/javax/swing/JTextPane/arrow.png
- - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
-
-Notes on individual issues:
-===========================
-
-security-libs/javax.xml.crypto:
-
-JDK-8239467: Apache Santuario Library Updated to Version 2.1.4
-==============================================================
-The Apache Santuario library has been upgraded to version 2.1.4. As a
-result, a new system property
-`com.sun.org.apache.xml.internal.security.parser.pool-size` has been
-introduced.
-
-This new system property sets the pool size of the internal
-`DocumentBuilder` cache used when processing XML Signatures. The
-function is equivalent to the
-`org.apache.xml.security.parser.pool-size` system property used in
-Apache Santuario and has the same default value of 20.
diff --git a/fips-11u-9087e80d0ab.patch b/fips-11u-9087e80d0ab.patch
deleted file mode 100644
index a396fb8..0000000
--- a/fips-11u-9087e80d0ab.patch
+++ /dev/null
@@ -1,1610 +0,0 @@
-diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
-index a73c0f38181..80710886ed8 100644
---- a/make/autoconf/libraries.m4
-+++ b/make/autoconf/libraries.m4
-@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
- LIB_SETUP_LIBFFI
- LIB_SETUP_BUNDLED_LIBS
- LIB_SETUP_MISC_LIBS
-+ LIB_SETUP_SYSCONF_LIBS
- LIB_SETUP_SOLARIS_STLPORT
- LIB_TESTS_SETUP_GRAALUNIT
-
-@@ -223,3 +224,62 @@ AC_DEFUN_ONCE([LIB_SETUP_SOLARIS_STLPORT],
- fi
- ])
-
-+################################################################################
-+# Setup system configuration libraries
-+################################################################################
-+AC_DEFUN_ONCE([LIB_SETUP_SYSCONF_LIBS],
-+[
-+ ###############################################################################
-+ #
-+ # Check for the NSS library
-+ #
-+
-+ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)])
-+
-+ # default is not available
-+ DEFAULT_SYSCONF_NSS=no
-+
-+ AC_ARG_ENABLE([sysconf-nss], [AS_HELP_STRING([--enable-sysconf-nss],
-+ [build the System Configurator (libsysconf) using the system NSS library if available @<:@disabled@:>@])],
-+ [
-+ case "${enableval}" in
-+ yes)
-+ sysconf_nss=yes
-+ ;;
-+ *)
-+ sysconf_nss=no
-+ ;;
-+ esac
-+ ],
-+ [
-+ sysconf_nss=${DEFAULT_SYSCONF_NSS}
-+ ])
-+ AC_MSG_RESULT([$sysconf_nss])
-+
-+ USE_SYSCONF_NSS=false
-+ if test "x${sysconf_nss}" = "xyes"; then
-+ PKG_CHECK_MODULES(NSS, nss >= 3.53, [NSS_FOUND=yes], [NSS_FOUND=no])
-+ if test "x${NSS_FOUND}" = "xyes"; then
-+ AC_MSG_CHECKING([for system FIPS support in NSS])
-+ saved_libs="${LIBS}"
-+ saved_cflags="${CFLAGS}"
-+ CFLAGS="${CFLAGS} ${NSS_CFLAGS}"
-+ LIBS="${LIBS} ${NSS_LIBS}"
-+ AC_LANG_PUSH([C])
-+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <nss3/pk11pub.h>]],
-+ [[SECMOD_GetSystemFIPSEnabled()]])],
-+ [AC_MSG_RESULT([yes])],
-+ [AC_MSG_RESULT([no])
-+ AC_MSG_ERROR([System NSS FIPS detection unavailable])])
-+ AC_LANG_POP([C])
-+ CFLAGS="${saved_cflags}"
-+ LIBS="${saved_libs}"
-+ USE_SYSCONF_NSS=true
-+ else
-+ dnl NSS 3.53 is the one that introduces the SECMOD_GetSystemFIPSEnabled API
-+ dnl in nss3/pk11pub.h.
-+ AC_MSG_ERROR([--enable-sysconf-nss specified, but NSS 3.53 or above not found.])
-+ fi
-+ fi
-+ AC_SUBST(USE_SYSCONF_NSS)
-+])
-diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
-index 0ae23b93167..a242acc1234 100644
---- a/make/autoconf/spec.gmk.in
-+++ b/make/autoconf/spec.gmk.in
-@@ -826,6 +826,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
- # Libraries
- #
-
-+USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@
-+NSS_LIBS:=@NSS_LIBS@
-+NSS_CFLAGS:=@NSS_CFLAGS@
-+
- USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@
- LCMS_CFLAGS:=@LCMS_CFLAGS@
- LCMS_LIBS:=@LCMS_LIBS@
-diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
-index a529768f39e..daf9c947172 100644
---- a/make/lib/Lib-java.base.gmk
-+++ b/make/lib/Lib-java.base.gmk
-@@ -178,6 +178,31 @@ ifeq ($(OPENJDK_TARGET_OS_TYPE), unix)
- endif
- endif
-
-+################################################################################
-+# Create the systemconf library
-+
-+LIBSYSTEMCONF_CFLAGS :=
-+LIBSYSTEMCONF_CXXFLAGS :=
-+
-+ifeq ($(USE_SYSCONF_NSS), true)
-+ LIBSYSTEMCONF_CFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
-+ LIBSYSTEMCONF_CXXFLAGS += $(NSS_CFLAGS) -DSYSCONF_NSS
-+endif
-+
-+ifeq ($(OPENJDK_BUILD_OS), linux)
-+ $(eval $(call SetupJdkLibrary, BUILD_LIBSYSTEMCONF, \
-+ NAME := systemconf, \
-+ OPTIMIZATION := LOW, \
-+ CFLAGS := $(CFLAGS_JDKLIB) $(LIBSYSTEMCONF_CFLAGS), \
-+ CXXFLAGS := $(CXXFLAGS_JDKLIB) $(LIBSYSTEMCONF_CXXFLAGS), \
-+ LDFLAGS := $(LDFLAGS_JDKLIB) \
-+ $(call SET_SHARED_LIBRARY_ORIGIN), \
-+ LIBS_unix := $(LIBDL) $(NSS_LIBS), \
-+ ))
-+
-+ TARGETS += $(BUILD_LIBSYSTEMCONF)
-+endif
-+
- ################################################################################
- # Create the symbols file for static builds.
-
-diff --git a/make/nb_native/nbproject/configurations.xml b/make/nb_native/nbproject/configurations.xml
-index fb07d54c1f0..c5813e2b7aa 100644
---- a/make/nb_native/nbproject/configurations.xml
-+++ b/make/nb_native/nbproject/configurations.xml
-@@ -2950,6 +2950,9 @@
- <in>LinuxWatchService.c</in>
- </df>
- </df>
-+ <df name="libsystemconf">
-+ <in>systemconf.c</in>
-+ </df>
- </df>
- </df>
- <df name="macosx">
-@@ -29301,6 +29304,11 @@
- tool="0"
- flavor2="0">
- </item>
-+ <item path="../../src/java.base/linux/native/libsystemconf/systemconf.c"
-+ ex="false"
-+ tool="0"
-+ flavor2="0">
-+ </item>
- <item path="../../src/java.base/macosx/native/include/jni_md.h"
- ex="false"
- tool="3"
-diff --git a/make/scripts/compare_exceptions.sh.incl b/make/scripts/compare_exceptions.sh.incl
-index 6327040964d..6b3780123b6 100644
---- a/make/scripts/compare_exceptions.sh.incl
-+++ b/make/scripts/compare_exceptions.sh.incl
-@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "x86_64" ];
- ./lib/libsplashscreen.so
- ./lib/libsunec.so
- ./lib/libsunwjdga.so
-+ ./lib/libsystemconf.so
- ./lib/libunpack.so
- ./lib/libverify.so
- ./lib/libzip.so
-@@ -289,6 +290,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "sparcv9" ]
- ./lib/libsplashscreen.so
- ./lib/libsunec.so
- ./lib/libsunwjdga.so
-+ ./lib/libsystemconf.so
- ./lib/libunpack.so
- ./lib/libverify.so
- ./lib/libzip.so
-diff --git a/src/java.base/linux/native/libsystemconf/systemconf.c b/src/java.base/linux/native/libsystemconf/systemconf.c
-new file mode 100644
-index 00000000000..8dcb7d9073f
---- /dev/null
-+++ b/src/java.base/linux/native/libsystemconf/systemconf.c
-@@ -0,0 +1,224 @@
-+/*
-+ * Copyright (c) 2021, Red Hat, Inc.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+#include <jni.h>
-+#include <jni_util.h>
-+#include "jvm_md.h"
-+#include <stdio.h>
-+
-+#ifdef SYSCONF_NSS
-+#include <nss3/pk11pub.h>
-+#else
-+#include <dlfcn.h>
-+#endif //SYSCONF_NSS
-+
-+#include "java_security_SystemConfigurator.h"
-+
-+#define MSG_MAX_SIZE 256
-+#define FIPS_ENABLED_PATH "/proc/sys/crypto/fips_enabled"
-+
-+typedef int (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE)(void);
-+
-+static SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE *getSystemFIPSEnabled;
-+static jmethodID debugPrintlnMethodID = NULL;
-+static jobject debugObj = NULL;
-+
-+static void dbgPrint(JNIEnv *env, const char* msg)
-+{
-+ jstring jMsg;
-+ if (debugObj != NULL) {
-+ jMsg = (*env)->NewStringUTF(env, msg);
-+ CHECK_NULL(jMsg);
-+ (*env)->CallVoidMethod(env, debugObj, debugPrintlnMethodID, jMsg);
-+ }
-+}
-+
-+static void throwIOException(JNIEnv *env, const char *msg)
-+{
-+ jclass cls = (*env)->FindClass(env, "java/io/IOException");
-+ if (cls != 0)
-+ (*env)->ThrowNew(env, cls, msg);
-+}
-+
-+static void handle_msg(JNIEnv *env, const char* msg, int msg_bytes)
-+{
-+ if (msg_bytes > 0 && msg_bytes < MSG_MAX_SIZE) {
-+ dbgPrint(env, msg);
-+ } else {
-+ dbgPrint(env, "systemconf: cannot render message");
-+ }
-+}
-+
-+// Only used when NSS is not linked at build time
-+#ifndef SYSCONF_NSS
-+
-+static void *nss_handle;
-+
-+static jboolean loadNSS(JNIEnv *env)
-+{
-+ char msg[MSG_MAX_SIZE];
-+ int msg_bytes;
-+ const char* errmsg;
-+
-+ nss_handle = dlopen(JNI_LIB_NAME("nss3"), RTLD_LAZY);
-+ if (nss_handle == NULL) {
-+ errmsg = dlerror();
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlopen: %s\n",
-+ errmsg);
-+ handle_msg(env, msg, msg_bytes);
-+ return JNI_FALSE;
-+ }
-+ dlerror(); /* Clear errors */
-+ getSystemFIPSEnabled = (SECMOD_GET_SYSTEM_FIPS_ENABLED_TYPE*)dlsym(nss_handle, "SECMOD_GetSystemFIPSEnabled");
-+ if ((errmsg = dlerror()) != NULL) {
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "loadNSS: dlsym: %s\n",
-+ errmsg);
-+ handle_msg(env, msg, msg_bytes);
-+ return JNI_FALSE;
-+ }
-+ return JNI_TRUE;
-+}
-+
-+static void closeNSS(JNIEnv *env)
-+{
-+ char msg[MSG_MAX_SIZE];
-+ int msg_bytes;
-+ const char* errmsg;
-+
-+ if (dlclose(nss_handle) != 0) {
-+ errmsg = dlerror();
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "closeNSS: dlclose: %s\n",
-+ errmsg);
-+ handle_msg(env, msg, msg_bytes);
-+ }
-+}
-+
-+#endif
-+
-+/*
-+ * Class: java_security_SystemConfigurator
-+ * Method: JNI_OnLoad
-+ */
-+JNIEXPORT jint JNICALL DEF_JNI_OnLoad(JavaVM *vm, void *reserved)
-+{
-+ JNIEnv *env;
-+ jclass sysConfCls, debugCls;
-+ jfieldID sdebugFld;
-+
-+ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
-+ return JNI_EVERSION; /* JNI version not supported */
-+ }
-+
-+ sysConfCls = (*env)->FindClass(env,"java/security/SystemConfigurator");
-+ if (sysConfCls == NULL) {
-+ printf("libsystemconf: SystemConfigurator class not found\n");
-+ return JNI_ERR;
-+ }
-+ sdebugFld = (*env)->GetStaticFieldID(env, sysConfCls,
-+ "sdebug", "Lsun/security/util/Debug;");
-+ if (sdebugFld == NULL) {
-+ printf("libsystemconf: SystemConfigurator::sdebug field not found\n");
-+ return JNI_ERR;
-+ }
-+ debugObj = (*env)->GetStaticObjectField(env, sysConfCls, sdebugFld);
-+ if (debugObj != NULL) {
-+ debugCls = (*env)->FindClass(env,"sun/security/util/Debug");
-+ if (debugCls == NULL) {
-+ printf("libsystemconf: Debug class not found\n");
-+ return JNI_ERR;
-+ }
-+ debugPrintlnMethodID = (*env)->GetMethodID(env, debugCls,
-+ "println", "(Ljava/lang/String;)V");
-+ if (debugPrintlnMethodID == NULL) {
-+ printf("libsystemconf: Debug::println(String) method not found\n");
-+ return JNI_ERR;
-+ }
-+ debugObj = (*env)->NewGlobalRef(env, debugObj);
-+ }
-+
-+#ifdef SYSCONF_NSS
-+ getSystemFIPSEnabled = *SECMOD_GetSystemFIPSEnabled;
-+#else
-+ if (loadNSS(env) == JNI_FALSE) {
-+ dbgPrint(env, "libsystemconf: Failed to load NSS library.");
-+ }
-+#endif
-+
-+ return (*env)->GetVersion(env);
-+}
-+
-+/*
-+ * Class: java_security_SystemConfigurator
-+ * Method: JNI_OnUnload
-+ */
-+JNIEXPORT void JNICALL DEF_JNI_OnUnload(JavaVM *vm, void *reserved)
-+{
-+ JNIEnv *env;
-+
-+ if (debugObj != NULL) {
-+ if ((*vm)->GetEnv(vm, (void**) &env, JNI_VERSION_1_2) != JNI_OK) {
-+ return; /* Should not happen */
-+ }
-+#ifndef SYSCONF_NSS
-+ closeNSS(env);
-+#endif
-+ (*env)->DeleteGlobalRef(env, debugObj);
-+ }
-+}
-+
-+JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEnabled
-+ (JNIEnv *env, jclass cls)
-+{
-+ int fips_enabled;
-+ char msg[MSG_MAX_SIZE];
-+ int msg_bytes;
-+
-+ if (getSystemFIPSEnabled != NULL) {
-+ dbgPrint(env, "getSystemFIPSEnabled: calling SECMOD_GetSystemFIPSEnabled");
-+ fips_enabled = (*getSystemFIPSEnabled)();
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
-+ " SECMOD_GetSystemFIPSEnabled returned 0x%x", fips_enabled);
-+ handle_msg(env, msg, msg_bytes);
-+ return (fips_enabled == 1 ? JNI_TRUE : JNI_FALSE);
-+ } else {
-+ FILE *fe;
-+
-+ dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
-+ if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
-+ throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
-+ return JNI_FALSE;
-+ }
-+ fips_enabled = fgetc(fe);
-+ fclose(fe);
-+ if (fips_enabled == EOF) {
-+ throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
-+ return JNI_FALSE;
-+ }
-+ msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
-+ " read character is '%c'", fips_enabled);
-+ handle_msg(env, msg, msg_bytes);
-+ return (fips_enabled == '1' ? JNI_TRUE : JNI_FALSE);
-+ }
-+}
-diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
-index b36510a376b..ad5182e1e7c 100644
---- a/src/java.base/share/classes/java/security/Security.java
-+++ b/src/java.base/share/classes/java/security/Security.java
-@@ -32,6 +32,7 @@ import java.net.URL;
-
- import jdk.internal.event.EventHelper;
- import jdk.internal.event.SecurityPropertyModificationEvent;
-+import jdk.internal.misc.JavaSecuritySystemConfiguratorAccess;
- import jdk.internal.misc.SharedSecrets;
- import jdk.internal.util.StaticProperty;
- import sun.security.util.Debug;
-@@ -47,12 +48,20 @@ import sun.security.jca.*;
- * implementation-specific location, which is typically the properties file
- * {@code conf/security/java.security} in the Java installation directory.
- *
-+ * <p>Additional default values of security properties are read from a
-+ * system-specific location, if available.</p>
-+ *
- * @author Benjamin Renaud
- * @since 1.1
- */
-
- public final class Security {
-
-+ private static final String SYS_PROP_SWITCH =
-+ "java.security.disableSystemPropertiesFile";
-+ private static final String SEC_PROP_SWITCH =
-+ "security.useSystemPropertiesFile";
-+
- /* Are we debugging? -- for developers */
- private static final Debug sdebug =
- Debug.getInstance("properties");
-@@ -67,6 +76,19 @@ public final class Security {
- }
-
- static {
-+ // Initialise here as used by code with system properties disabled
-+ SharedSecrets.setJavaSecuritySystemConfiguratorAccess(
-+ new JavaSecuritySystemConfiguratorAccess() {
-+ @Override
-+ public boolean isSystemFipsEnabled() {
-+ return SystemConfigurator.isSystemFipsEnabled();
-+ }
-+ @Override
-+ public boolean isPlainKeySupportEnabled() {
-+ return SystemConfigurator.isPlainKeySupportEnabled();
-+ }
-+ });
-+
- // doPrivileged here because there are multiple
- // things in initialize that might require privs.
- // (the FileInputStream call and the File.exists call,
-@@ -83,6 +105,7 @@ public final class Security {
- props = new Properties();
- boolean loadedProps = false;
- boolean overrideAll = false;
-+ boolean systemSecPropsEnabled = false;
-
- // first load the system properties file
- // to determine the value of security.overridePropertiesFile
-@@ -98,6 +121,7 @@ public final class Security {
- if (sdebug != null) {
- sdebug.println("reading security properties file: " +
- propFile);
-+ sdebug.println(props.toString());
- }
- } catch (IOException e) {
- if (sdebug != null) {
-@@ -192,6 +216,61 @@ public final class Security {
- }
- }
-
-+ boolean sysUseProps = Boolean.valueOf(System.getProperty(SYS_PROP_SWITCH, "false"));
-+ boolean secUseProps = Boolean.valueOf(props.getProperty(SEC_PROP_SWITCH));
-+ if (sdebug != null) {
-+ sdebug.println(SYS_PROP_SWITCH + "=" + sysUseProps);
-+ sdebug.println(SEC_PROP_SWITCH + "=" + secUseProps);
-+ }
-+ if (!sysUseProps && secUseProps) {
-+ systemSecPropsEnabled = SystemConfigurator.configureSysProps(props);
-+ if (!systemSecPropsEnabled) {
-+ if (sdebug != null) {
-+ sdebug.println("WARNING: System security properties could not be loaded.");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null) {
-+ sdebug.println("System security property support disabled by user.");
-+ }
-+ }
-+
-+ // FIPS support depends on the contents of java.security so
-+ // ensure it has loaded first
-+ if (loadedProps && systemSecPropsEnabled) {
-+ boolean shouldEnable;
-+ String sysProp = System.getProperty("com.redhat.fips");
-+ if (sysProp == null) {
-+ shouldEnable = true;
-+ if (sdebug != null) {
-+ sdebug.println("com.redhat.fips unset, using default value of true");
-+ }
-+ } else {
-+ shouldEnable = Boolean.valueOf(sysProp);
-+ if (sdebug != null) {
-+ sdebug.println("com.redhat.fips set, using its value " + shouldEnable);
-+ }
-+ }
-+ if (shouldEnable) {
-+ boolean fipsEnabled = SystemConfigurator.configureFIPS(props);
-+ if (sdebug != null) {
-+ if (fipsEnabled) {
-+ sdebug.println("FIPS mode support configured and enabled.");
-+ } else {
-+ sdebug.println("FIPS mode support disabled.");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null ) {
-+ sdebug.println("FIPS mode support disabled by user.");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null) {
-+ sdebug.println("WARNING: FIPS mode support can not be enabled without " +
-+ "system security properties being enabled.");
-+ }
-+ }
- }
-
- /*
-diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
-new file mode 100644
-index 00000000000..90f6dd2ebc0
---- /dev/null
-+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
-@@ -0,0 +1,248 @@
-+/*
-+ * Copyright (c) 2019, 2021, Red Hat, Inc.
-+ *
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+package java.security;
-+
-+import java.io.BufferedInputStream;
-+import java.io.FileInputStream;
-+import java.io.IOException;
-+
-+import java.util.Iterator;
-+import java.util.Map.Entry;
-+import java.util.Properties;
-+
-+import sun.security.util.Debug;
-+
-+/**
-+ * Internal class to align OpenJDK with global crypto-policies.
-+ * Called from java.security.Security class initialization,
-+ * during startup.
-+ *
-+ */
-+
-+final class SystemConfigurator {
-+
-+ private static final Debug sdebug =
-+ Debug.getInstance("properties");
-+
-+ private static final String CRYPTO_POLICIES_BASE_DIR =
-+ "/etc/crypto-policies";
-+
-+ private static final String CRYPTO_POLICIES_JAVA_CONFIG =
-+ CRYPTO_POLICIES_BASE_DIR + "/back-ends/java.config";
-+
-+ private static boolean systemFipsEnabled = false;
-+ private static boolean plainKeySupportEnabled = false;
-+
-+ private static final String SYSTEMCONF_NATIVE_LIB = "systemconf";
-+
-+ private static native boolean getSystemFIPSEnabled()
-+ throws IOException;
-+
-+ static {
-+ AccessController.doPrivileged(new PrivilegedAction<Void>() {
-+ public Void run() {
-+ System.loadLibrary(SYSTEMCONF_NATIVE_LIB);
-+ return null;
-+ }
-+ });
-+ }
-+
-+ /*
-+ * Invoked when java.security.Security class is initialized, if
-+ * java.security.disableSystemPropertiesFile property is not set and
-+ * security.useSystemPropertiesFile is true.
-+ */
-+ static boolean configureSysProps(Properties props) {
-+ boolean systemSecPropsLoaded = false;
-+
-+ try (BufferedInputStream bis =
-+ new BufferedInputStream(
-+ new FileInputStream(CRYPTO_POLICIES_JAVA_CONFIG))) {
-+ props.load(bis);
-+ systemSecPropsLoaded = true;
-+ if (sdebug != null) {
-+ sdebug.println("reading system security properties file " +
-+ CRYPTO_POLICIES_JAVA_CONFIG);
-+ sdebug.println(props.toString());
-+ }
-+ } catch (IOException e) {
-+ if (sdebug != null) {
-+ sdebug.println("unable to load security properties from " +
-+ CRYPTO_POLICIES_JAVA_CONFIG);
-+ e.printStackTrace();
-+ }
-+ }
-+ return systemSecPropsLoaded;
-+ }
-+
-+ /*
-+ * Invoked at the end of java.security.Security initialisation
-+ * if java.security properties have been loaded
-+ */
-+ static boolean configureFIPS(Properties props) {
-+ boolean loadedProps = false;
-+
-+ try {
-+ if (enableFips()) {
-+ if (sdebug != null) { sdebug.println("FIPS mode detected"); }
-+ // Remove all security providers
-+ Iterator<Entry<Object, Object>> i = props.entrySet().iterator();
-+ while (i.hasNext()) {
-+ Entry<Object, Object> e = i.next();
-+ if (((String) e.getKey()).startsWith("security.provider")) {
-+ if (sdebug != null) { sdebug.println("Removing provider: " + e); }
-+ i.remove();
-+ }
-+ }
-+ // Add FIPS security providers
-+ String fipsProviderValue = null;
-+ for (int n = 1;
-+ (fipsProviderValue = (String) props.get("fips.provider." + n)) != null; n++) {
-+ String fipsProviderKey = "security.provider." + n;
-+ if (sdebug != null) {
-+ sdebug.println("Adding provider " + n + ": " +
-+ fipsProviderKey + "=" + fipsProviderValue);
-+ }
-+ props.put(fipsProviderKey, fipsProviderValue);
-+ }
-+ // Add other security properties
-+ String keystoreTypeValue = (String) props.get("fips.keystore.type");
-+ if (keystoreTypeValue != null) {
-+ String nonFipsKeystoreType = props.getProperty("keystore.type");
-+ props.put("keystore.type", keystoreTypeValue);
-+ if (keystoreTypeValue.equals("PKCS11")) {
-+ // If keystore.type is PKCS11, javax.net.ssl.keyStore
-+ // must be "NONE". See JDK-8238264.
-+ System.setProperty("javax.net.ssl.keyStore", "NONE");
-+ }
-+ if (System.getProperty("javax.net.ssl.trustStoreType") == null) {
-+ // If no trustStoreType has been set, use the
-+ // previous keystore.type under FIPS mode. In
-+ // a default configuration, the Trust Store will
-+ // be 'cacerts' (JKS type).
-+ System.setProperty("javax.net.ssl.trustStoreType",
-+ nonFipsKeystoreType);
-+ }
-+ if (sdebug != null) {
-+ sdebug.println("FIPS mode default keystore.type = " +
-+ keystoreTypeValue);
-+ sdebug.println("FIPS mode javax.net.ssl.keyStore = " +
-+ System.getProperty("javax.net.ssl.keyStore", ""));
-+ sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " +
-+ System.getProperty("javax.net.ssl.trustStoreType", ""));
-+ }
-+ }
-+ loadedProps = true;
-+ systemFipsEnabled = true;
-+ String plainKeySupport = System.getProperty("com.redhat.fips.plainKeySupport",
-+ "true");
-+ plainKeySupportEnabled = !"false".equals(plainKeySupport);
-+ if (sdebug != null) {
-+ if (plainKeySupportEnabled) {
-+ sdebug.println("FIPS support enabled with plain key support");
-+ } else {
-+ sdebug.println("FIPS support enabled without plain key support");
-+ }
-+ }
-+ } else {
-+ if (sdebug != null) { sdebug.println("FIPS mode not detected"); }
-+ }
-+ } catch (Exception e) {
-+ if (sdebug != null) {
-+ sdebug.println("unable to load FIPS configuration");
-+ e.printStackTrace();
-+ }
-+ }
-+ return loadedProps;
-+ }
-+
-+ /**
-+ * Returns whether or not global system FIPS alignment is enabled.
-+ *
-+ * Value is always 'false' before java.security.Security class is
-+ * initialized.
-+ *
-+ * Call from out of this package through SharedSecrets:
-+ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ * .isSystemFipsEnabled();
-+ *
-+ * @return a boolean value indicating whether or not global
-+ * system FIPS alignment is enabled.
-+ */
-+ static boolean isSystemFipsEnabled() {
-+ return systemFipsEnabled;
-+ }
-+
-+ /**
-+ * Returns {@code true} if system FIPS alignment is enabled
-+ * and plain key support is allowed. Plain key support is
-+ * enabled by default but can be disabled with
-+ * {@code -Dcom.redhat.fips.plainKeySupport=false}.
-+ *
-+ * @return a boolean indicating whether plain key support
-+ * should be enabled.
-+ */
-+ static boolean isPlainKeySupportEnabled() {
-+ return plainKeySupportEnabled;
-+ }
-+
-+ /**
-+ * Determines whether FIPS mode should be enabled.
-+ *
-+ * OpenJDK FIPS mode will be enabled only if the system is in
-+ * FIPS mode.
-+ *
-+ * Calls to this method only occur if the system property
-+ * com.redhat.fips is not set to false.
-+ *
-+ * There are 2 possible ways in which OpenJDK detects that the system
-+ * is in FIPS mode: 1) if the NSS SECMOD_GetSystemFIPSEnabled API is
-+ * available at OpenJDK's built-time, it is called; 2) otherwise, the
-+ * /proc/sys/crypto/fips_enabled file is read.
-+ *
-+ * @return true if the system is in FIPS mode
-+ */
-+ private static boolean enableFips() throws Exception {
-+ if (sdebug != null) {
-+ sdebug.println("Calling getSystemFIPSEnabled (libsystemconf)...");
-+ }
-+ try {
-+ boolean fipsEnabled = getSystemFIPSEnabled();
-+ if (sdebug != null) {
-+ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) returned: "
-+ + fipsEnabled);
-+ }
-+ return fipsEnabled;
-+ } catch (IOException e) {
-+ if (sdebug != null) {
-+ sdebug.println("Call to getSystemFIPSEnabled (libsystemconf) failed:");
-+ sdebug.println(e.getMessage());
-+ }
-+ throw e;
-+ }
-+ }
-+}
-diff --git a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
-new file mode 100644
-index 00000000000..21bc6d0b591
---- /dev/null
-+++ b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
-@@ -0,0 +1,31 @@
-+/*
-+ * Copyright (c) 2020, Red Hat, Inc.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+package jdk.internal.misc;
-+
-+public interface JavaSecuritySystemConfiguratorAccess {
-+ boolean isSystemFipsEnabled();
-+ boolean isPlainKeySupportEnabled();
-+}
-diff --git a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-index 688ec9f0915..8489b940c43 100644
---- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-+++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
-@@ -36,6 +36,7 @@ import java.io.FilePermission;
- import java.io.ObjectInputStream;
- import java.io.RandomAccessFile;
- import java.security.ProtectionDomain;
-+import java.security.Security;
- import java.security.Signature;
-
- /** A repository of "shared secrets", which are a mechanism for
-@@ -76,6 +77,7 @@ public class SharedSecrets {
- private static JavaIORandomAccessFileAccess javaIORandomAccessFileAccess;
- private static JavaSecuritySignatureAccess javaSecuritySignatureAccess;
- private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess;
-+ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess;
-
- public static JavaUtilJarAccess javaUtilJarAccess() {
- if (javaUtilJarAccess == null) {
-@@ -361,4 +363,15 @@ public class SharedSecrets {
- }
- return javaxCryptoSealedObjectAccess;
- }
-+
-+ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) {
-+ javaSecuritySystemConfiguratorAccess = jssca;
-+ }
-+
-+ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
-+ if (javaSecuritySystemConfiguratorAccess == null) {
-+ unsafe.ensureClassInitialized(Security.class);
-+ }
-+ return javaSecuritySystemConfiguratorAccess;
-+ }
- }
-diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
-index 5460efcf8c5..f08dc2fafc5 100644
---- a/src/java.base/share/classes/module-info.java
-+++ b/src/java.base/share/classes/module-info.java
-@@ -182,6 +182,7 @@ module java.base {
- java.security.jgss,
- java.sql,
- java.xml,
-+ jdk.crypto.cryptoki,
- jdk.jartool,
- jdk.attach,
- jdk.charsets,
-diff --git a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-index ffee2c1603b..ff3d5e0e4ab 100644
---- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-+++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
-@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
-
- import javax.net.ssl.*;
-
-+import jdk.internal.misc.SharedSecrets;
-+
- abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
-
-+ private static final boolean plainKeySupportEnabled = SharedSecrets
-+ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
-+
- X509ExtendedKeyManager keyManager;
- boolean isInitialized;
-
-@@ -62,7 +67,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
- KeyStoreException, NoSuchAlgorithmException,
- UnrecoverableKeyException {
- if ((ks != null) && SunJSSE.isFIPS()) {
-- if (ks.getProvider() != SunJSSE.cryptoProvider) {
-+ if (ks.getProvider() != SunJSSE.cryptoProvider &&
-+ !plainKeySupportEnabled) {
- throw new KeyStoreException("FIPS mode: KeyStore must be "
- + "from provider " + SunJSSE.cryptoProvider.getName());
- }
-@@ -91,8 +97,8 @@ abstract class KeyManagerFactoryImpl extends KeyManagerFactorySpi {
- keyManager = new X509KeyManagerImpl(
- Collections.<Builder>emptyList());
- } else {
-- if (SunJSSE.isFIPS() &&
-- (ks.getProvider() != SunJSSE.cryptoProvider)) {
-+ if (SunJSSE.isFIPS() && (ks.getProvider() != SunJSSE.cryptoProvider)
-+ && !plainKeySupportEnabled) {
- throw new KeyStoreException(
- "FIPS mode: KeyStore must be " +
- "from provider " + SunJSSE.cryptoProvider.getName());
-diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-index de7da5c3379..5c3813dda7b 100644
---- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
-@@ -31,6 +31,7 @@ import java.security.*;
- import java.security.cert.*;
- import java.util.*;
- import javax.net.ssl.*;
-+import jdk.internal.misc.SharedSecrets;
- import sun.security.action.GetPropertyAction;
- import sun.security.provider.certpath.AlgorithmChecker;
- import sun.security.validator.Validator;
-@@ -542,20 +543,38 @@ public abstract class SSLContextImpl extends SSLContextSpi {
-
- static {
- if (SunJSSE.isFIPS()) {
-- supportedProtocols = Arrays.asList(
-- ProtocolVersion.TLS13,
-- ProtocolVersion.TLS12,
-- ProtocolVersion.TLS11,
-- ProtocolVersion.TLS10
-- );
-+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ supportedProtocols = Arrays.asList(
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ );
-
-- serverDefaultProtocols = getAvailableProtocols(
-- new ProtocolVersion[] {
-- ProtocolVersion.TLS13,
-- ProtocolVersion.TLS12,
-- ProtocolVersion.TLS11,
-- ProtocolVersion.TLS10
-- });
-+ serverDefaultProtocols = getAvailableProtocols(
-+ new ProtocolVersion[] {
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ });
-+ } else {
-+ supportedProtocols = Arrays.asList(
-+ ProtocolVersion.TLS13,
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ );
-+
-+ serverDefaultProtocols = getAvailableProtocols(
-+ new ProtocolVersion[] {
-+ ProtocolVersion.TLS13,
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ });
-+ }
- } else {
- supportedProtocols = Arrays.asList(
- ProtocolVersion.TLS13,
-@@ -620,6 +639,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
-
- static ProtocolVersion[] getSupportedProtocols() {
- if (SunJSSE.isFIPS()) {
-+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ return new ProtocolVersion[] {
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ };
-+ }
- return new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
-@@ -949,6 +978,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
-
- static ProtocolVersion[] getProtocols() {
- if (SunJSSE.isFIPS()) {
-+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ return new ProtocolVersion[] {
-+ ProtocolVersion.TLS12,
-+ ProtocolVersion.TLS11,
-+ ProtocolVersion.TLS10
-+ };
-+ }
- return new ProtocolVersion[]{
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
-diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-index c50ba93ecfc..de2a91a478c 100644
---- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
-@@ -27,6 +27,8 @@ package sun.security.ssl;
-
- import java.security.*;
- import java.util.*;
-+
-+import jdk.internal.misc.SharedSecrets;
- import sun.security.rsa.SunRsaSignEntries;
- import static sun.security.util.SecurityConstants.PROVIDER_VER;
- import static sun.security.provider.SunEntries.createAliases;
-@@ -195,8 +197,13 @@ public abstract class SunJSSE extends java.security.Provider {
- "sun.security.ssl.SSLContextImpl$TLS11Context", null, null);
- ps("SSLContext", "TLSv1.2",
- "sun.security.ssl.SSLContextImpl$TLS12Context", null, null);
-- ps("SSLContext", "TLSv1.3",
-- "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
-+ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
-+ .isSystemFipsEnabled()) {
-+ // RH1860986: TLSv1.3 key derivation not supported with
-+ // the Security Providers available in system FIPS mode.
-+ ps("SSLContext", "TLSv1.3",
-+ "sun.security.ssl.SSLContextImpl$TLS13Context", null, null);
-+ }
- ps("SSLContext", "TLS",
- "sun.security.ssl.SSLContextImpl$TLSContext",
- (isfips? null : createAliases("SSL")), null);
-diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
-index 097517926d1..474fe6f401f 100644
---- a/src/java.base/share/conf/security/java.security
-+++ b/src/java.base/share/conf/security/java.security
-@@ -85,6 +85,14 @@ security.provider.tbd=Apple
- security.provider.tbd=SunPKCS11
- #endif
-
-+#
-+# Security providers used when FIPS mode support is active
-+#
-+fips.provider.1=SunPKCS11 ${java.home}/conf/security/nss.fips.cfg
-+fips.provider.2=SUN
-+fips.provider.3=SunEC
-+fips.provider.4=com.sun.net.ssl.internal.ssl.Provider SunPKCS11-NSS-FIPS
-+
- #
- # A list of preferred providers for specific algorithms. These providers will
- # be searched for matching algorithms before the list of registered providers.
-@@ -298,6 +306,11 @@ policy.ignoreIdentityScope=false
- #
- keystore.type=pkcs12
-
-+#
-+# Default keystore type used when global crypto-policies are set to FIPS.
-+#
-+fips.keystore.type=PKCS11
-+
- #
- # Controls compatibility mode for JKS and PKCS12 keystore types.
- #
-@@ -335,6 +348,13 @@ package.definition=sun.misc.,\
- #
- security.overridePropertiesFile=true
-
-+#
-+# Determines whether this properties file will be appended to
-+# using the system properties file stored at
-+# /etc/crypto-policies/back-ends/java.config
-+#
-+security.useSystemPropertiesFile=false
-+
- #
- # Determines the default key and trust manager factory algorithms for
- # the javax.net.ssl package.
-diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
-new file mode 100644
-index 00000000000..b848a1fd783
---- /dev/null
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
-@@ -0,0 +1,290 @@
-+/*
-+ * Copyright (c) 2021, Red Hat, Inc.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+package sun.security.pkcs11;
-+
-+import java.math.BigInteger;
-+import java.security.KeyFactory;
-+import java.security.Provider;
-+import java.security.Security;
-+import java.util.HashMap;
-+import java.util.Map;
-+import java.util.concurrent.locks.ReentrantLock;
-+
-+import javax.crypto.Cipher;
-+import javax.crypto.spec.DHPrivateKeySpec;
-+import javax.crypto.spec.IvParameterSpec;
-+
-+import sun.security.jca.JCAUtil;
-+import sun.security.pkcs11.TemplateManager;
-+import sun.security.pkcs11.wrapper.CK_ATTRIBUTE;
-+import sun.security.pkcs11.wrapper.CK_MECHANISM;
-+import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
-+import sun.security.pkcs11.wrapper.PKCS11Exception;
-+import sun.security.rsa.RSAUtil.KeyType;
-+import sun.security.util.Debug;
-+import sun.security.util.ECUtil;
-+
-+final class FIPSKeyImporter {
-+
-+ private static final Debug debug =
-+ Debug.getInstance("sunpkcs11");
-+
-+ private static P11Key importerKey = null;
-+ private static final ReentrantLock importerKeyLock = new ReentrantLock();
-+ private static CK_MECHANISM importerKeyMechanism = null;
-+ private static Cipher importerCipher = null;
-+
-+ private static Provider sunECProvider = null;
-+ private static final ReentrantLock sunECProviderLock = new ReentrantLock();
-+
-+ private static KeyFactory DHKF = null;
-+ private static final ReentrantLock DHKFLock = new ReentrantLock();
-+
-+ static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes)
-+ throws PKCS11Exception {
-+ long keyID = -1;
-+ Token token = sunPKCS11.getToken();
-+ if (debug != null) {
-+ debug.println("Private or Secret key will be imported in" +
-+ " system FIPS mode.");
-+ }
-+ if (importerKey == null) {
-+ importerKeyLock.lock();
-+ try {
-+ if (importerKey == null) {
-+ if (importerKeyMechanism == null) {
-+ // Importer Key creation has not been tried yet. Try it.
-+ createImporterKey(token);
-+ }
-+ if (importerKey == null || importerCipher == null) {
-+ if (debug != null) {
-+ debug.println("Importer Key could not be" +
-+ " generated.");
-+ }
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ if (debug != null) {
-+ debug.println("Importer Key successfully" +
-+ " generated.");
-+ }
-+ }
-+ } finally {
-+ importerKeyLock.unlock();
-+ }
-+ }
-+ long importerKeyID = importerKey.getKeyID();
-+ try {
-+ byte[] keyBytes = null;
-+ byte[] encKeyBytes = null;
-+ long keyClass = 0L;
-+ long keyType = 0L;
-+ Map<Long, CK_ATTRIBUTE> attrsMap = new HashMap<>();
-+ for (CK_ATTRIBUTE attr : attributes) {
-+ if (attr.type == CKA_CLASS) {
-+ keyClass = attr.getLong();
-+ } else if (attr.type == CKA_KEY_TYPE) {
-+ keyType = attr.getLong();
-+ }
-+ attrsMap.put(attr.type, attr);
-+ }
-+ BigInteger v = null;
-+ if (keyClass == CKO_PRIVATE_KEY) {
-+ if (keyType == CKK_RSA) {
-+ if (debug != null) {
-+ debug.println("Importing an RSA private key...");
-+ }
-+ keyBytes = sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(
-+ KeyType.RSA,
-+ null,
-+ ((v = attrsMap.get(CKA_MODULUS).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PUBLIC_EXPONENT).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIVATE_EXPONENT).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME_1).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME_2).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_EXPONENT_1).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_EXPONENT_2).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_COEFFICIENT).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO
-+ ).getEncoded();
-+ } else if (keyType == CKK_DSA) {
-+ if (debug != null) {
-+ debug.println("Importing a DSA private key...");
-+ }
-+ keyBytes = new sun.security.provider.DSAPrivateKey(
-+ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_SUBPRIME).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO
-+ ).getEncoded();
-+ if (token.config.getNssNetscapeDbWorkaround() &&
-+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
-+ attrsMap.put(CKA_NETSCAPE_DB,
-+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
-+ }
-+ } else if (keyType == CKK_EC) {
-+ if (debug != null) {
-+ debug.println("Importing an EC private key...");
-+ }
-+ if (sunECProvider == null) {
-+ sunECProviderLock.lock();
-+ try {
-+ if (sunECProvider == null) {
-+ sunECProvider = Security.getProvider("SunEC");
-+ }
-+ } finally {
-+ sunECProviderLock.unlock();
-+ }
-+ }
-+ keyBytes = ECUtil.generateECPrivateKey(
-+ ((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ECUtil.getECParameterSpec(sunECProvider,
-+ attrsMap.get(CKA_EC_PARAMS).getByteArray()))
-+ .getEncoded();
-+ if (token.config.getNssNetscapeDbWorkaround() &&
-+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
-+ attrsMap.put(CKA_NETSCAPE_DB,
-+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
-+ }
-+ } else if (keyType == CKK_DH) {
-+ if (debug != null) {
-+ debug.println("Importing a Diffie-Hellman private key...");
-+ }
-+ if (DHKF == null) {
-+ DHKFLock.lock();
-+ try {
-+ if (DHKF == null) {
-+ DHKF = KeyFactory.getInstance(
-+ "DH", P11Util.getSunJceProvider());
-+ }
-+ } finally {
-+ DHKFLock.unlock();
-+ }
-+ }
-+ DHPrivateKeySpec spec = new DHPrivateKeySpec
-+ (((v = attrsMap.get(CKA_VALUE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_PRIME).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO,
-+ ((v = attrsMap.get(CKA_BASE).getBigInteger()) != null)
-+ ? v : BigInteger.ZERO);
-+ keyBytes = DHKF.generatePrivate(spec).getEncoded();
-+ if (token.config.getNssNetscapeDbWorkaround() &&
-+ attrsMap.get(CKA_NETSCAPE_DB) == null) {
-+ attrsMap.put(CKA_NETSCAPE_DB,
-+ new CK_ATTRIBUTE(CKA_NETSCAPE_DB, BigInteger.ZERO));
-+ }
-+ } else {
-+ if (debug != null) {
-+ debug.println("Unrecognized private key type.");
-+ }
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ } else if (keyClass == CKO_SECRET_KEY) {
-+ if (debug != null) {
-+ debug.println("Importing a secret key...");
-+ }
-+ keyBytes = attrsMap.get(CKA_VALUE).getByteArray();
-+ }
-+ if (keyBytes == null || keyBytes.length == 0) {
-+ if (debug != null) {
-+ debug.println("Private or secret key plain bytes could" +
-+ " not be obtained. Import failed.");
-+ }
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ importerCipher.init(Cipher.ENCRYPT_MODE, importerKey,
-+ new IvParameterSpec((byte[])importerKeyMechanism.pParameter),
-+ null);
-+ attributes = new CK_ATTRIBUTE[attrsMap.size()];
-+ attrsMap.values().toArray(attributes);
-+ encKeyBytes = importerCipher.doFinal(keyBytes);
-+ attributes = token.getAttributes(TemplateManager.O_IMPORT,
-+ keyClass, keyType, attributes);
-+ keyID = token.p11.C_UnwrapKey(hSession,
-+ importerKeyMechanism, importerKeyID, encKeyBytes, attributes);
-+ if (debug != null) {
-+ debug.println("Imported key ID: " + keyID);
-+ }
-+ } catch (Throwable t) {
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ } finally {
-+ importerKey.releaseKeyID();
-+ }
-+ return Long.valueOf(keyID);
-+ }
-+
-+ private static void createImporterKey(Token token) {
-+ if (debug != null) {
-+ debug.println("Generating Importer Key...");
-+ }
-+ byte[] iv = new byte[16];
-+ JCAUtil.getSecureRandom().nextBytes(iv);
-+ importerKeyMechanism = new CK_MECHANISM(CKM_AES_CBC_PAD, iv);
-+ try {
-+ CK_ATTRIBUTE[] attributes = token.getAttributes(TemplateManager.O_GENERATE,
-+ CKO_SECRET_KEY, CKK_AES, new CK_ATTRIBUTE[] {
-+ new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY),
-+ new CK_ATTRIBUTE(CKA_VALUE_LEN, 256 >> 3)});
-+ Session s = null;
-+ try {
-+ s = token.getObjSession();
-+ long keyID = token.p11.C_GenerateKey(
-+ s.id(), new CK_MECHANISM(CKM_AES_KEY_GEN),
-+ attributes);
-+ if (debug != null) {
-+ debug.println("Importer Key ID: " + keyID);
-+ }
-+ importerKey = (P11Key)P11Key.secretKey(s, keyID, "AES",
-+ 256 >> 3, null);
-+ } catch (PKCS11Exception e) {
-+ // best effort
-+ } finally {
-+ token.releaseSession(s);
-+ }
-+ if (importerKey != null) {
-+ importerCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-+ }
-+ } catch (Throwable t) {
-+ // best effort
-+ importerKey = null;
-+ importerCipher = null;
-+ // importerKeyMechanism value is kept initialized to indicate that
-+ // Importer Key creation has been tried and failed.
-+ }
-+ }
-+}
-diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-index 099caac605f..977e5332bd1 100644
---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-@@ -26,6 +26,9 @@
- package sun.security.pkcs11;
-
- import java.io.*;
-+import java.lang.invoke.MethodHandle;
-+import java.lang.invoke.MethodHandles;
-+import java.lang.invoke.MethodType;
- import java.util.*;
-
- import java.security.*;
-@@ -43,6 +46,8 @@ import javax.security.auth.callback.PasswordCallback;
- import com.sun.crypto.provider.ChaCha20Poly1305Parameters;
-
- import jdk.internal.misc.InnocuousThread;
-+import jdk.internal.misc.SharedSecrets;
-+
- import sun.security.util.Debug;
- import sun.security.util.ResourcesMgr;
- import static sun.security.util.SecurityConstants.PROVIDER_VER;
-@@ -60,6 +65,29 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
- */
- public final class SunPKCS11 extends AuthProvider {
-
-+ private static final boolean systemFipsEnabled = SharedSecrets
-+ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled();
-+
-+ private static final boolean plainKeySupportEnabled = SharedSecrets
-+ .getJavaSecuritySystemConfiguratorAccess().isPlainKeySupportEnabled();
-+
-+ private static final MethodHandle fipsImportKey;
-+ static {
-+ MethodHandle fipsImportKeyTmp = null;
-+ if (plainKeySupportEnabled) {
-+ try {
-+ fipsImportKeyTmp = MethodHandles.lookup().findStatic(
-+ FIPSKeyImporter.class, "importKey",
-+ MethodType.methodType(Long.class, SunPKCS11.class,
-+ long.class, CK_ATTRIBUTE[].class));
-+ } catch (Throwable t) {
-+ throw new SecurityException("FIPS key importer initialization" +
-+ " failed", t);
-+ }
-+ }
-+ fipsImportKey = fipsImportKeyTmp;
-+ }
-+
- private static final long serialVersionUID = -1354835039035306505L;
-
- static final Debug debug = Debug.getInstance("sunpkcs11");
-@@ -317,10 +345,15 @@ public final class SunPKCS11 extends AuthProvider {
- // request multithreaded access first
- initArgs.flags = CKF_OS_LOCKING_OK;
- PKCS11 tmpPKCS11;
-+ MethodHandle fipsKeyImporter = null;
-+ if (plainKeySupportEnabled) {
-+ fipsKeyImporter = MethodHandles.insertArguments(
-+ fipsImportKey, 0, this);
-+ }
- try {
- tmpPKCS11 = PKCS11.getInstance(
- library, functionList, initArgs,
-- config.getOmitInitialize());
-+ config.getOmitInitialize(), fipsKeyImporter);
- } catch (PKCS11Exception e) {
- if (debug != null) {
- debug.println("Multi-threaded initialization failed: " + e);
-@@ -336,7 +369,7 @@ public final class SunPKCS11 extends AuthProvider {
- initArgs.flags = 0;
- }
- tmpPKCS11 = PKCS11.getInstance(library,
-- functionList, initArgs, config.getOmitInitialize());
-+ functionList, initArgs, config.getOmitInitialize(), fipsKeyImporter);
- }
- p11 = tmpPKCS11;
-
-@@ -376,6 +409,24 @@ public final class SunPKCS11 extends AuthProvider {
- if (nssModule != null) {
- nssModule.setProvider(this);
- }
-+ if (systemFipsEnabled) {
-+ // The NSS Software Token in FIPS 140-2 mode requires a user
-+ // login for most operations. See sftk_fipsCheck. The NSS DB
-+ // (/etc/pki/nssdb) PIN is empty.
-+ Session session = null;
-+ try {
-+ session = token.getOpSession();
-+ p11.C_Login(session.id(), CKU_USER, new char[] {});
-+ } catch (PKCS11Exception p11e) {
-+ if (debug != null) {
-+ debug.println("Error during token login: " +
-+ p11e.getMessage());
-+ }
-+ throw p11e;
-+ } finally {
-+ token.releaseSession(session);
-+ }
-+ }
- } catch (Exception e) {
- if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
- throw new UnsupportedOperationException
-diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-index 04a369f453c..f033fe47593 100644
---- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
-@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;
-
- import java.io.File;
- import java.io.IOException;
-+import java.lang.invoke.MethodHandle;
- import java.util.*;
-
- import java.security.AccessController;
-@@ -148,18 +149,41 @@ public class PKCS11 {
- this.pkcs11ModulePath = pkcs11ModulePath;
- }
-
-+ /*
-+ * Compatibility wrapper to allow this method to work as before
-+ * when FIPS mode support is not active.
-+ */
-+ public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
-+ String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
-+ boolean omitInitialize) throws IOException, PKCS11Exception {
-+ return getInstance(pkcs11ModulePath, functionList,
-+ pInitArgs, omitInitialize, null);
-+ }
-+
- public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
- String functionList, CK_C_INITIALIZE_ARGS pInitArgs,
-- boolean omitInitialize) throws IOException, PKCS11Exception {
-+ boolean omitInitialize, MethodHandle fipsKeyImporter)
-+ throws IOException, PKCS11Exception {
- // we may only call C_Initialize once per native .so/.dll
- // so keep a cache using the (non-canonicalized!) path
- PKCS11 pkcs11 = moduleMap.get(pkcs11ModulePath);
- if (pkcs11 == null) {
-+ boolean nssFipsMode = fipsKeyImporter != null;
- if ((pInitArgs != null)
- && ((pInitArgs.flags & CKF_OS_LOCKING_OK) != 0)) {
-- pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
-+ if (nssFipsMode) {
-+ pkcs11 = new FIPSPKCS11(pkcs11ModulePath, functionList,
-+ fipsKeyImporter);
-+ } else {
-+ pkcs11 = new PKCS11(pkcs11ModulePath, functionList);
-+ }
- } else {
-- pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
-+ if (nssFipsMode) {
-+ pkcs11 = new SynchronizedFIPSPKCS11(pkcs11ModulePath,
-+ functionList, fipsKeyImporter);
-+ } else {
-+ pkcs11 = new SynchronizedPKCS11(pkcs11ModulePath, functionList);
-+ }
- }
- if (omitInitialize == false) {
- try {
-@@ -1909,4 +1933,69 @@ static class SynchronizedPKCS11 extends PKCS11 {
- super.C_GenerateRandom(hSession, randomData);
- }
- }
-+
-+// PKCS11 subclass that allows using plain private or secret keys in
-+// FIPS-configured NSS Software Tokens. Only used when System FIPS
-+// is enabled.
-+static class FIPSPKCS11 extends PKCS11 {
-+ private MethodHandle fipsKeyImporter;
-+ FIPSPKCS11(String pkcs11ModulePath, String functionListName,
-+ MethodHandle fipsKeyImporter) throws IOException {
-+ super(pkcs11ModulePath, functionListName);
-+ this.fipsKeyImporter = fipsKeyImporter;
-+ }
-+
-+ public synchronized long C_CreateObject(long hSession,
-+ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
-+ // Creating sensitive key objects from plain key material in a
-+ // FIPS-configured NSS Software Token is not allowed. We apply
-+ // a key-unwrapping scheme to achieve so.
-+ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
-+ try {
-+ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
-+ .longValue();
-+ } catch (Throwable t) {
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ }
-+ return super.C_CreateObject(hSession, pTemplate);
-+ }
-+}
-+
-+// FIPSPKCS11 synchronized counterpart.
-+static class SynchronizedFIPSPKCS11 extends SynchronizedPKCS11 {
-+ private MethodHandle fipsKeyImporter;
-+ SynchronizedFIPSPKCS11(String pkcs11ModulePath, String functionListName,
-+ MethodHandle fipsKeyImporter) throws IOException {
-+ super(pkcs11ModulePath, functionListName);
-+ this.fipsKeyImporter = fipsKeyImporter;
-+ }
-+
-+ public synchronized long C_CreateObject(long hSession,
-+ CK_ATTRIBUTE[] pTemplate) throws PKCS11Exception {
-+ // See FIPSPKCS11::C_CreateObject.
-+ if (FIPSPKCS11Helper.isSensitiveObject(pTemplate)) {
-+ try {
-+ return ((Long)fipsKeyImporter.invoke(hSession, pTemplate))
-+ .longValue();
-+ } catch (Throwable t) {
-+ throw new PKCS11Exception(CKR_GENERAL_ERROR);
-+ }
-+ }
-+ return super.C_CreateObject(hSession, pTemplate);
-+ }
-+}
-+
-+private static class FIPSPKCS11Helper {
-+ static boolean isSensitiveObject(CK_ATTRIBUTE[] pTemplate) {
-+ for (CK_ATTRIBUTE attr : pTemplate) {
-+ if (attr.type == CKA_CLASS &&
-+ (attr.getLong() == CKO_PRIVATE_KEY ||
-+ attr.getLong() == CKO_SECRET_KEY)) {
-+ return true;
-+ }
-+ }
-+ return false;
-+ }
-+}
- }
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
deleted file mode 100755
index 3bb5f87..0000000
--- a/generate_source_tarball.sh
+++ /dev/null
@@ -1,200 +0,0 @@
-#!/bin/bash
-# Generates the 'source tarball' for JDK projects.
-#
-# Example:
-# When used from local repo set REPO_ROOT pointing to file:// with your repo
-# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
-# If you want to use a local copy of patch GH001, set the path to it in the GH001 variable
-#
-# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
-# PROJECT_NAME=openjdk
-# REPO_NAME=jdk11u
-# VERSION=HEAD
-# or to eg prepare systemtap:
-# icedtea7's jstack and other tapsets
-# VERSION=6327cf1cea9e
-# REPO_NAME=icedtea7-2.6
-# PROJECT_NAME=release
-# OPENJDK_URL=http://icedtea.classpath.org/hg/
-# TO_COMPRESS="*/tapset"
-#
-# They are used to create correct name and are used in construction of sources url (unless REPO_ROOT is set)
-
-# This script creates a single source tarball out of the repository
-# based on the given tag and removes code not allowed in fedora/rhel. For
-# consistency, the source tarball will always contain 'openjdk' as the top
-# level folder, name is created, based on parameter
-#
-
-if [ ! "x$GH001" = "x" ] ; then
- if [ ! -f "$GH001" ] ; then
- echo "You have specified GH001 as $GH001 but it does not exist. Exiting"
- exit 1
- fi
-fi
-
-if [ ! "x$GH003" = "x" ] ; then
- if [ ! -f "$GH003" ] ; then
- echo "You have specified GH003 as $GH003 but it does not exist. Exiting"
- exit 1
- fi
-fi
-
-set -e
-
-OPENJDK_URL_DEFAULT=https://github.com
-COMPRESSION_DEFAULT=xz
-# Corresponding IcedTea version
-ICEDTEA_VERSION=6.0
-
-if [ "x$1" = "xhelp" ] ; then
- echo -e "Behaviour may be specified by setting the following variables:\n"
- echo "VERSION - the version of the specified OpenJDK project"
- echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)"
- echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)"
- echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})"
- echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})"
- echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
- echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
- echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
- echo "GH001 - the path to the ECC code patch, GH001, to apply (optional; downloaded if unavailable)"
- echo "GH003 - the path to the ECC test patch, GH003, to apply (optional; downloaded if unavailable)"
- exit 1;
-fi
-
-
-if [ "x$VERSION" = "x" ] ; then
- echo "No VERSION specified"
- exit -2
-fi
-echo "Version: ${VERSION}"
-
-# REPO_NAME is only needed when we default on REPO_ROOT and FILE_NAME_ROOT
-if [ "x$FILE_NAME_ROOT" = "x" -o "x$REPO_ROOT" = "x" ] ; then
- if [ "x$PROJECT_NAME" = "x" ] ; then
- echo "No PROJECT_NAME specified"
- exit -1
- fi
- echo "Project name: ${PROJECT_NAME}"
- if [ "x$REPO_NAME" = "x" ] ; then
- echo "No REPO_NAME specified"
- exit -3
- fi
- echo "Repository name: ${REPO_NAME}"
-fi
-
-if [ "x$OPENJDK_URL" = "x" ] ; then
- OPENJDK_URL=${OPENJDK_URL_DEFAULT}
- echo "No OpenJDK URL specified; defaulting to ${OPENJDK_URL}"
-else
- echo "OpenJDK URL: ${OPENJDK_URL}"
-fi
-
-if [ "x$COMPRESSION" = "x" ] ; then
- # rhel 5 needs tar.gz
- COMPRESSION=${COMPRESSION_DEFAULT}
-fi
-echo "Creating a tar.${COMPRESSION} archive"
-
-if [ "x$FILE_NAME_ROOT" = "x" ] ; then
- FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
- echo "No file name root specified; default to ${FILE_NAME_ROOT}"
-fi
-if [ "x$REPO_ROOT" = "x" ] ; then
- REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
- echo "No repository root specified; default to ${REPO_ROOT}"
-fi;
-if [ "x$TO_COMPRESS" = "x" ] ; then
- TO_COMPRESS="openjdk"
- echo "No to be compressed targets specified, ; default to ${TO_COMPRESS}"
-fi;
-
-echo -e "Settings:"
-echo -e "\tVERSION: ${VERSION}"
-echo -e "\tPROJECT_NAME: ${PROJECT_NAME}"
-echo -e "\tREPO_NAME: ${REPO_NAME}"
-echo -e "\tOPENJDK_URL: ${OPENJDK_URL}"
-echo -e "\tCOMPRESSION: ${COMPRESSION}"
-echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
-echo -e "\tREPO_ROOT: ${REPO_ROOT}"
-echo -e "\tTO_COMPRESS: ${TO_COMPRESS}"
-echo -e "\tGH001: ${GH001}"
-echo -e "\tGH003: ${GH003}"
-
-if [ -d ${FILE_NAME_ROOT} ] ; then
- echo "exists exists exists exists exists exists exists "
- echo "reusing reusing reusing reusing reusing reusing "
- echo ${FILE_NAME_ROOT}
-else
- mkdir "${FILE_NAME_ROOT}"
- pushd "${FILE_NAME_ROOT}"
- echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
- git clone -b ${VERSION} ${REPO_ROOT} openjdk
- popd
-fi
-pushd "${FILE_NAME_ROOT}"
-# UnderlineTaglet.java has a BSD license with a field-of-use restriction, making it non-Free
- if [ -d openjdk/test ] ; then
- echo "Removing langtools test case with non-Free license"
- rm -vf openjdk/test/langtools/tools/javadoc/api/basic/taglets/UnderlineTaglet.java
- fi
- if [ -d openjdk/src ]; then
- pushd openjdk
- echo "Removing EC source code we don't build"
- CRYPTO_PATH=src/jdk.crypto.ec/share/native/libsunec/impl
- rm -vf ${CRYPTO_PATH}/ec2.h
- rm -vf ${CRYPTO_PATH}/ec2_163.c
- rm -vf ${CRYPTO_PATH}/ec2_193.c
- rm -vf ${CRYPTO_PATH}/ec2_233.c
- rm -vf ${CRYPTO_PATH}/ec2_aff.c
- rm -vf ${CRYPTO_PATH}/ec2_mont.c
- rm -vf ${CRYPTO_PATH}/ecp_192.c
- rm -vf ${CRYPTO_PATH}/ecp_224.c
-
- echo "Syncing EC list with NSS"
- if [ "x$GH001" = "x" ] ; then
- # get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
- # Do not push it or publish it
- echo "GH001 not found. Downloading..."
- wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh001…
- echo "Applying ${PWD}/gh001-4curve.patch"
- git apply --stat --apply -v -p1 gh001-4curve.patch
- rm gh001-4curve.patch
- else
- echo "Applying ${GH001}"
- git apply --stat --apply -v -p1 $GH001
- fi;
- if [ "x$GH003" = "x" ] ; then
- # get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
- echo "GH003 not found. Downloading..."
- wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh003…
- echo "Applying ${PWD}/gh003-4curve.patch"
- git apply --stat --apply -v -p1 gh003-4curve.patch
- rm gh003-4curve.patch
- else
- echo "Applying ${GH003}"
- git apply --stat --apply -v -p1 $GH003
- fi;
- find . -name '*.orig' -exec rm -vf '{}' ';' || echo "No .orig files found. This is suspicious, but may happen."
- popd
- fi
-
- # Generate .src-rev so build has knowledge of the revision the tarball was created from
- mkdir build
- pushd build
- sh ${PWD}/../openjdk/configure
- make store-source-revision
- popd
- rm -rf build
-
- echo "Compressing remaining forest"
- if [ "X$COMPRESSION" = "Xxz" ] ; then
- SWITCH=cJf
- else
- SWITCH=czf
- fi
- TARBALL_NAME=${FILE_NAME_ROOT}-4curve.tar.${COMPRESSION}
- tar --exclude-vcs -$SWITCH ${TARBALL_NAME} $TO_COMPRESS
- mv ${TARBALL_NAME} ..
-popd
-echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 4997423..3ba613f 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -21,12 +21,6 @@
%bcond_without release
# Enable static library builds by default.
%bcond_without staticlibs
-# Remove build artifacts by default
-%bcond_with artifacts
-# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
-%bcond_without fresh_libjvm
-# Build with system libraries
-%bcond_with system_libs
# Workaround for stripping of debug symbols from static libraries
%if %{with staticlibs}
@@ -36,28 +30,15 @@
%global include_staticlibs 0
%endif
-# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
-%if %{with fresh_libjvm}
-%global build_hotspot_first 1
-%else
-%global build_hotspot_first 0
-%endif
-
-%if %{with system_libs}
-%global system_libs 1
-%global link_type system
-%global freetype_lib %{nil}
-%else
-%global system_libs 0
-%global link_type bundled
+#placeholder - used in regexes, otherwise for no use in portables
%global freetype_lib |libfreetype[.]so.*
-%endif
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
%global _find_debuginfo_opts -g
+
# note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros
# also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch
# see the difference between global and define:
@@ -147,7 +128,7 @@
# Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches}
-# By default, we build a slowdebug build during main build on JIT architectures
+# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
%ifarch %{debug_arches}
%global include_debug_build 1
@@ -161,19 +142,8 @@
# On certain architectures, we compile the Shenandoah GC
%ifarch %{shenandoah_arches}
%global use_shenandoah_hotspot 1
-%global shenandoah_feature shenandoahgc
%else
%global use_shenandoah_hotspot 0
-%global shenandoah_feature -shenandoahgc
-%endif
-
-# On certain architectures, we compile the ZGC
-%ifarch %{zgc_arches}
-%global use_zgc_hotspot 1
-%global zgc_feature zgc
-%else
-%global use_zgc_hotspot 0
-%global zgc_feature -zgc
%endif
# By default, we build a fastdebug build during main build only on fastdebug architectures
@@ -209,16 +179,6 @@
%global staticlibs_loop %{nil}
%endif
-%if 0%{?flatpak}
-%global bootstrap_build false
-%else
-%ifarch %{bootstrap_arches}
-%global bootstrap_build true
-%else
-%global bootstrap_build false
-%endif
-%endif
-
%if %{include_staticlibs}
# Extra target for producing the static-libraries. Separate from
# other targets since this target is configured to use in-tree
@@ -232,29 +192,12 @@
# RPM JDK builds keep the debug symbols internal, to be later stripped by RPM
%global debug_symbols internal
-# unlike portables,the rpms have to use static_libs_target very dynamically
-%global bootstrap_targets images
-%global release_targets images docs-zip
-# No docs nor bootcycle for debug builds
-%global debug_targets images
-# Target to use to just build HotSpot
-%global hotspot_target hotspot
-
-# JDK to use for bootstrapping
-%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
-
-# Disable LTO as this causes build failures at the moment.
-# See RHBZ#1861401
-%define _lto_cflags %{nil}
-
-# Filter out flags from the optflags macro that cause problems with the OpenJDK build
-# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
-# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs)
-# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings
-# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++
-%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||')
-%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||')
-%global ourldflags %{__global_ldflags}
+# VM variant being built
+%ifarch %{zero_arches}
+%global vm_variant zero
+%else
+%global vm_variant server
+%endif
# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path
# the initialization must be here. Later the pkg-config have buggy behavior
@@ -331,19 +274,15 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
-%global updatever 18
+%global updatever 19
%global patchver 0
-# buildjdkver is usually same as %%{featurever},
-# but in time of bootstrap of next jdk, it is featurever-1,
-# and this it is better to change it here, on single place
-%global buildjdkver %{featurever}
# Add LTS designator for RHEL builds
%if 0%{?rhel}
%global lts_designator "LTS"
%global lts_designator_zip -%{lts_designator}
%else
- %global lts_designator ""
- %global lts_designator_zip ""
+ %global lts_designator ""
+ %global lts_designator_zip ""
%endif
# Define vendor information used by OpenJDK
@@ -369,17 +308,14 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
-# Define current Git revision for the FIPS support patches
-%global fipsver 9087e80d0ab
# Standard JPackage naming and versioning defines
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 10
+%global buildver 7
%global rpmrelease 1
-#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -393,6 +329,7 @@
%global priority %( printf '%08d' 1 )
%endif
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
+%global javaver %{featurever}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn})
@@ -400,19 +337,19 @@
# The tag used to create the OpenJDK tarball
%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}
-%global javaver %{featurever}
-
# Define milestone (EA for pre-releases, GA for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%if %{is_ga}
+%global build_type GA
%global ea_designator ""
%global ea_designator_zip ""
%global extraver %{nil}
%global eaprefix %{nil}
%else
+%global build_type EA
%global ea_designator ea
%global ea_designator_zip -%{ea_designator}
%global extraver .%{ea_designator}
@@ -425,9 +362,11 @@
# images directories from upstream build
%global jdkimage jdk
%global static_libs_image static-libs
-# output dir stub
-%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
-%define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}}
+# installation directory for static libraries
+%global static_libs_root lib/static
+%global static_libs_arch_dir %{static_libs_root}/linux-%{archinstall}
+%global static_libs_install_dir %{static_libs_arch_dir}/glibc
+
# we can copy the javadoc to not arched dir, or make it not noarch
%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}}
# main id and dir of this jdk
@@ -859,6 +798,7 @@ exit 0
%define files_jre_headless() %{expand:
%license %{_jvmdir}/%{sdkdir -- %{?1}}/legal
%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS
+%{_jvmdir}/%{sdkdir -- %{?1}}/NEWS
%dir %{_sysconfdir}/.java/.systemPrefs
%dir %{_sysconfdir}/.java
%dir %{_jvmdir}/%{sdkdir -- %{?1}}
@@ -894,9 +834,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libawt_headless.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libdt_socket.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfontmanager.so
-%if ! %{system_libs}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libfreetype.so
-%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libinstrument.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2gss.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libj2pcsc.so
@@ -932,7 +870,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jfr/default.jfc
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jfr/profile.jfc
%{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1*
-%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1*
+#%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1* #TODO, resolve alt-java man page
%{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1*
%{_mandir}/man1/pack200-%{uniquesuffix -- %{?1}}.1*
@@ -969,7 +907,7 @@ exit 0
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access
-# This is a config template, and thus not config-noreplace
+# This is a config template, thus not config-noreplace
%config %{etcjavadir -- %{?1}}/conf/management/jmxremote.password.template
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/management.properties
%config(noreplace) %{etcjavadir -- %{?1}}/conf/net.properties
@@ -1113,13 +1051,14 @@ exit 0
%define files_src() %{expand:
%license %{_jvmdir}/%{sdkdir -- %{?1}}/legal
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/src.zip
+%{_jvmdir}/%{sdkdir -- %{?1}}/full_sources
}
%define files_static_libs() %{expand:
-%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static
-%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}
-%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}/glibc
-%{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}/glibc/lib*.a
+%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_root}
+%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_arch_dir}
+%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_install_dir}
+%{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_install_dir}/lib*.a
}
%define files_javadoc() %{expand:
@@ -1159,7 +1098,8 @@ Requires: libXcomposite%{?_isa}
Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# for java-X-openjdk package's desktop binding
-%if 0%{?rhel} >= 8
+# Where recommendations are available, recommend Gtk+ for the Swing look and feel
+%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Recommends: gtk3%{?_isa}
%endif
@@ -1182,6 +1122,7 @@ Provides: jre%{?1} = %{epoch}:%{version}-%{release}
Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
+# Require zone-info data provided by tzdata-java sub-package
# 2022g required as of JDK-8297804
Requires: tzdata-java >= 2022g
# for support of kernel stream control
@@ -1204,8 +1145,9 @@ Requires: nss
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
Requires(postun): %{alternatives_requires}
-# for optional support of kernel stream control, card reader and printing bindings
-%if 0%{?rhel} >= 8
+# Where suggestions are available, recommend the sctp and pcsc libraries
+# for optional support of kernel stream control and card reader
+%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Suggests: lksctp-tools%{?_isa}, pcsc-lite-devel%{?_isa}
%endif
@@ -1304,6 +1246,10 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
# Prevent brp-java-repack-jars from being run
%global __jar_repack 0
+%global portable_name %{name}-portable
+# the version must match, but sometmes we need to more precise, so including release
+%global portable_version %{version}-2
+
Name: java-%{javaver}-%{origin}
Version: %{newjavaver}.%{buildver}
Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
@@ -1319,7 +1265,8 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
Epoch: 1
Summary: %{origin_nice} %{featurever} Runtime Environment
-%if 0%{?rhel} <= 8
+# Groups are only used up to RHEL 8 and on Fedora versions prior to F30
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1340,11 +1287,6 @@ Group: Development/Languages
License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib and ISC and FTL and RSA
URL: http://openjdk.java.net/
-
-# to regenerate source0 (jdk) run update_package.sh
-# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
-Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz
-
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x).
# Systemtap tapsets. Zipped up to keep it small.
@@ -1353,15 +1295,6 @@ Source8: tapsets-icedtea-%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea
Source9: jconsole.desktop.in
-# Release notes
-Source10: NEWS
-
-# nss configuration file
-Source11: nss.cfg.in
-
-# Removed libraries that we link instead
-Source12: remove-intree-libraries.sh
-
# Ensure we aren't using the limited crypto policy
Source13: TestCryptoLevel.java
@@ -1374,142 +1307,52 @@ Source15: TestSecurityProperties.java
# Ensure vendor settings are correct
Source16: CheckVendor.java
-# nss fips configuration file
-Source17: nss.fips.cfg.in
-
# Ensure translations are available for new timezones
Source18: TestTranslations.java
-############################################
-#
-# RPM/distribution specific patches
-#
-############################################
-
-# Ignore AWTError when assistive technologies are loaded
-Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
-# Restrict access to java-atk-wrapper classes
-Patch2: rh1648644-java_access_bridge_privileged_security.patch
-# NSS via SunPKCS11 Provider (disabled due to memory leak).
-Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
-# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
-Patch600: rh1750419-redhat_alt_java.patch
-# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
-Patch1003: rh1842572-rsa_default_for_keytool.patch
-
-# Crypto policy and FIPS support patches
-# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips
-# as follows: git diff %%{vcstag} src make > fips-11u-$(git show -s --format=%h HEAD).patch
-# Diff is limited to src and make subdirectories to exclude .github changes
-# Fixes currently included:
-# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
-# PR3695: Allow use of system crypto policy to be disabled by the user
-# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
-# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode
-# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
-# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
-# RH1929465: Improve system FIPS detection
-# RH1996182: Login to the NSS software token in FIPS mode
-# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
-# RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
-# RH2021263: Return in C code after having generated Java exception
-# RH2052819: Improve Security initialisation, now FIPS support no longer relies on crypto policy support
-# RH2051605: Detect NSS at Runtime for FIPS detection
-# RH2052819: Fix FIPS reliance on crypto policies
-# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
-# RH2090378: Revert to disabling system security properties and FIPS mode support together
-Patch1001: fips-11u-%{fipsver}.patch
-
-#############################################
-#
-# Shenandoah specific patches
-#
-#############################################
-
-# Currently empty
-
-#############################################
-#
-# Upstreamable patches
-#
-# This section includes patches which need to
-# be reviewed & pushed to the current development
-# tree of OpenJDK.
-#############################################
+BuildRequires: %{portable_name}-sources >= %{portable_version}
-Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
-
-#############################################
-#
-# Backportable patches
-#
-# This section includes patches which are
-# present in the current development tree, but
-# need to be reviewed & pushed to the appropriate
-# updates tree of OpenJDK.
-#############################################
+%if %{include_normal_build}
+BuildRequires: %{portable_name} >= %{portable_version}
+BuildRequires: %{portable_name}-devel >= %{portable_version}
+%if %{include_staticlibs}
+BuildRequires: %{portable_name}-static-libs >= %{portable_version}
+%endif
+%endif
+%if %{include_fastdebug_build}
+BuildRequires: %{portable_name}-fastdebug >= %{portable_version}
+BuildRequires: %{portable_name}-devel-fastdebug >= %{portable_version}
+%if %{include_staticlibs}
+BuildRequires: %{portable_name}-static-libs-fastdebug >= %{portable_version}
+%endif
+%endif
+%if %{include_debug_build}
+BuildRequires: %{portable_name}-slowdebug >= %{portable_version}
+BuildRequires: %{portable_name}-devel-slowdebug >= %{portable_version}
+%if %{include_staticlibs}
+BuildRequires: %{portable_name}-static-libs-slowdebug >= %{portable_version}
+%endif
+%endif
-#############################################
-#
-# Patches appearing in 11.0.18
-#
-# This section includes patches which are present
-# in the listed OpenJDK 11u release and should be
-# able to be removed once that release is out
-# and used by this RPM.
-#############################################
-
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: alsa-lib-devel
-BuildRequires: binutils
-BuildRequires: cups-devel
BuildRequires: desktop-file-utils
# elfutils only are OK for build without AOT
BuildRequires: elfutils-devel
-BuildRequires: fontconfig-devel
-BuildRequires: gcc-c++
BuildRequires: gdb
-BuildRequires: libxslt
-BuildRequires: libX11-devel
-BuildRequires: libXi-devel
-BuildRequires: libXinerama-devel
-BuildRequires: libXrandr-devel
-BuildRequires: libXrender-devel
-BuildRequires: libXt-devel
-BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel
# Requirement for system security property test
BuildRequires: crypto-policies
BuildRequires: pkgconfig
-BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: unzip
BuildRequires: javapackages-filesystem
-BuildRequires: java-%{buildjdkver}-openjdk-devel
-# Zero-assembler build requirement
-%ifarch %{zero_arches}
-BuildRequires: libffi-devel
-%endif
-# 2022g required as of JDK-8297804
+# ?
BuildRequires: tzdata-java >= 2022g
-# Earlier versions have a bug in tree vectorization on PPC
-BuildRequires: gcc >= 4.8.3-8
%if %{with_systemtap}
BuildRequires: systemtap-sdt-devel
%endif
-BuildRequires: make
-%if %{system_libs}
-BuildRequires: freetype-devel
-BuildRequires: giflib-devel
-BuildRequires: harfbuzz-devel
-BuildRequires: lcms2-devel
-BuildRequires: libjpeg-devel
-BuildRequires: libpng-devel
-%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.12.1
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
@@ -1524,7 +1367,6 @@ Provides: bundled(libjpeg) = 6b
Provides: bundled(libpng) = 1.6.37
# We link statically against libstdc++ to increase portability
BuildRequires: libstdc++-static
-%endif
# this is always built, also during debug-only build
# when it is built in debug-only this package is just placeholder
@@ -1536,7 +1378,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_debug_build}
%package slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1549,7 +1391,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_fastdebug_build}
%package fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1562,7 +1404,7 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_normal_build}
%package headless
Summary: %{origin_nice} %{featurever} Headless Runtime Environment
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1575,7 +1417,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_debug_build}
%package headless-slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_headless_rpo -- %{debug_suffix_unquoted}}
@@ -1587,7 +1431,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_fastdebug_build}
%package headless-fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_headless_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1599,7 +1445,7 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_normal_build}
%package devel
Summary: %{origin_nice} %{featurever} Development Environment
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1612,7 +1458,7 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_debug_build}
%package devel-slowdebug
Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1626,7 +1472,9 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_fastdebug_build}
%package devel-fastdebug
Summary: %{origin_nice} %{featurever} Development Environment %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools
+%endif
%{java_devel_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1675,7 +1523,7 @@ The %{origin_nice} %{featurever} libraries for static linking.
%if %{include_normal_build}
%package jmods
Summary: JMods for %{origin_nice} %{featurever}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1688,7 +1536,7 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_debug_build}
%package jmods-slowdebug
Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1702,7 +1550,9 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_fastdebug_build}
%package jmods-fastdebug
Summary: JMods for %{origin_nice} %{featurever} %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools
+%endif
%{java_jmods_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1714,7 +1564,7 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_normal_build}
%package demo
Summary: %{origin_nice} %{featurever} Demos
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1727,7 +1577,7 @@ The %{origin_nice} %{featurever} demos.
%if %{include_debug_build}
%package demo-slowdebug
Summary: %{origin_nice} %{featurever} Demos %{debug_on}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1741,7 +1591,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_fastdebug_build}
%package demo-fastdebug
Summary: %{origin_nice} %{featurever} Demos %{fastdebug_on}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_demo_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1753,7 +1605,7 @@ The %{origin_nice} %{featurever} demos.
%if %{include_normal_build}
%package src
Summary: %{origin_nice} %{featurever} Source Bundle
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1767,7 +1619,7 @@ class library source code for use by IDE indexers and debuggers.
%if %{include_debug_build}
%package src-slowdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
@@ -1781,7 +1633,9 @@ The %{compatiblename}-src-slowdebug sub-package contains the complete %{origin_n
%if %{include_fastdebug_build}
%package src-fastdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_fastdebug}
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
+%endif
%{java_src_rpo -- %{fastdebug_suffix_unquoted}}
@@ -1793,20 +1647,22 @@ The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_n
%if %{include_normal_build}
%package javadoc
Summary: %{origin_nice} %{featurever} API documentation
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem
-Obsoletes: javadoc-slowdebug < 1:11.0.3.7-4
+Obsoletes: javadoc-slowdebug < 1:13.0.0.33-1.rolling
%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{featurever} API documentation.
+%endif
+%if %{include_normal_build}
%package javadoc-zip
Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
-%if 0%{?rhel} <= 8
+%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem
@@ -1820,16 +1676,8 @@ The %{origin_nice} %{featurever} API documentation compressed in a single archiv
%endif
%prep
-
echo "Preparing %{oj_vendor_version}"
-# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
-%if 0%{?stapinstall:1}
- echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
-%else
- %{error:Unrecognised architecture %{_target_cpu}}
-%endif
-
if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then
echo "include_normal_build is %{include_normal_build}"
else
@@ -1852,7 +1700,6 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{includ
echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go."
exit 14
fi
-%setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}`
if [ $prioritylength -ne 8 ] ; then
@@ -1860,26 +1707,28 @@ if [ $prioritylength -ne 8 ] ; then
exit 14
fi
-# OpenJDK patches
-
-%if %{system_libs}
-# Remove libraries that are linked by both static and dynamic builds
-sh %{SOURCE12} %{top_level_dir_name}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.sources.noarch.tar.xz
+%if %{include_normal_build}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.jdk.%{_arch}.tar.xz
+#tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.jre.%{_arch}.tar.xz
+%if %{include_staticlibs}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.static-libs.%{_arch}.tar.xz
+%endif
+%endif
+%if %{include_fastdebug_build}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.fastdebug.jdk.%{_arch}.tar.xz
+#tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.fastdebug.jre.%{_arch}.tar.xz
+%if %{include_staticlibs}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.fastdebug.static-libs.%{_arch}.tar.xz
+%endif
+%endif
+%if %{include_debug_build}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.slowdebug.jdk.%{_arch}.tar.xz
+#tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.slowdebug.jre.%{_arch}.tar.xz
+%if %{include_staticlibs}
+tar -xf %{_jvmdir}/%{compatiblename}*%{version}*portable.slowdebug.static-libs.%{_arch}.tar.xz
+%endif
%endif
-
-# Patch the JDK
-pushd %{top_level_dir_name}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-# Add crypto policy and FIPS support
-%patch1001 -p1
-# nss.cfg PKCS11 support; must come last as it also alters java.security
-%patch1000 -p1
-popd # openjdk
-
-%patch600
-%patch1003
# Extract systemtap tapsets
%if %{with_systemtap}
@@ -1927,376 +1776,105 @@ for file in %{SOURCE9}; do
done
done
-# Setup nss.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
-
-# Setup nss.fips.cfg
-sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
-
%build
-# How many CPU's do we have?
-export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
-export NUM_PROC=${NUM_PROC:-1}
-%if 0%{?_smp_ncpus_max}
-# Honor %%_smp_ncpus_max
-[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max}
-%endif
-
-%ifarch s390x sparc64 alpha %{power64} %{aarch64}
-export ARCH_DATA_MODEL=64
-%endif
-%ifarch alpha
-export CFLAGS="$CFLAGS -mieee"
-%endif
-
-# We use ourcppflags because the OpenJDK build seems to
-# pass EXTRA_CFLAGS to the HotSpot C++ compiler...
-EXTRA_CFLAGS="%ourcppflags -Wno-error"
-EXTRA_CPP_FLAGS="%ourcppflags"
-
-%ifarch %{power64} ppc
-# fix rpmlint warnings
-EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
-%endif
-%ifarch %{ix86}
-# Align stack boundary on x86_32
-EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
-EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
-%endif
-# Fixes annocheck warnings in assembler files due to missing build notes
-EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
-export EXTRA_CFLAGS EXTRA_CPP_FLAGS EXTRA_ASFLAGS
-
-function buildjdk() {
- local outputdir=${1}
- local buildjdk=${2}
- local maketargets="${3}"
- local debuglevel=${4}
- local link_opt=${5}
-
- local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
- local top_dir_abs_build_path=$(pwd)/${outputdir}
-
- # This must be set using the global, so that the
- # static libraries still use a dynamic stdc++lib
- if [ "x%{link_type}" = "xbundled" ] ; then
- libc_link_opt="static";
- else
- libc_link_opt="dynamic";
- fi
-
- echo "Using output directory: ${outputdir}";
- echo "Checking build JDK ${buildjdk} is operational..."
- ${buildjdk}/bin/java -version
- echo "Using make targets: ${maketargets}"
- echo "Using debuglevel: ${debuglevel}"
- echo "Using link_opt: ${link_opt}"
- echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
-
- mkdir -p ${outputdir}
- pushd ${outputdir}
-
- # Note: zlib and freetype use %{link_type}
- # rather than ${link_opt} as the system versions
- # are always used in a system_libs build, even
- # for the static library build
- bash ${top_dir_abs_src_path}/configure \
-%ifarch %{zero_arches}
- --with-jvm-variants=zero \
-%endif
-%ifarch %{ppc64le}
- --with-jobs=1 \
-%endif
- --with-version-build=%{buildver} \
- --with-version-pre="%{ea_designator}" \
- --with-version-opt=%{lts_designator} \
- --with-vendor-version-string="%{oj_vendor_version}" \
- --with-vendor-name="%{oj_vendor}" \
- --with-vendor-url="%{oj_vendor_url}" \
- --with-vendor-bug-url="%{oj_vendor_bug_url}" \
- --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
- --with-boot-jdk=${buildjdk} \
- --with-debug-level=${debuglevel} \
- --with-native-debug-symbols="%{debug_symbols}" \
- --disable-sysconf-nss \
- --enable-unlimited-crypto \
- --with-zlib=%{link_type} \
- --with-freetype=%{link_type} \
- --with-libjpeg=${link_opt} \
- --with-giflib=${link_opt} \
- --with-libpng=${link_opt} \
- --with-lcms=${link_opt} \
- --with-harfbuzz=${link_opt} \
- --with-stdc++lib=${libc_link_opt} \
- --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
- --with-extra-cflags="$EXTRA_CFLAGS" \
- --with-extra-asflags="$EXTRA_ASFLAGS" \
- --with-extra-ldflags="%{ourldflags}" \
- --with-num-cores="$NUM_PROC" \
- --disable-javac-server \
- --with-jvm-features="%{shenandoah_feature},%{zgc_feature}" \
- --disable-warnings-as-errors
-
- cat spec.gmk
-
- make \
- JAVAC_FLAGS=-g \
- LOG=trace \
- WARNINGS_ARE_ERRORS="-Wno-error" \
- CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
- $maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
-
- popd
-}
+%install
function installjdk() {
- local outputdir=${1}
- local installdir=${2}
- local imagepath=${installdir}/images/%{jdkimage}
-
- echo "Installing build from ${outputdir} to ${installdir}..."
- mkdir -p ${installdir}
- echo "Installing images..."
- mv ${outputdir}/images ${installdir}
- if [ -d ${outputdir}/bundles ] ; then
- echo "Installing bundles...";
- mv ${outputdir}/bundles ${installdir} ;
- fi
- if [ -d ${outputdir}/docs ] ; then
- echo "Installing docs...";
- mv ${outputdir}/docs ${installdir} ;
- fi
-
-%if !%{with artifacts}
- echo "Removing output directory...";
- rm -rf ${outputdir}
-%endif
+ local imagepath=${1}
if [ -d ${imagepath} ] ; then
- # the build (erroneously) removes read permissions from some jars
- # this is a regression in OpenJDK 7 (our compiler):
- # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
- find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
-
- # Build screws up permissions on binaries
- # https://bugs.openjdk.java.net/browse/JDK-8173610
- find ${imagepath} -iname '*.so' -exec chmod +x {} \;
- find ${imagepath}/bin/ -exec chmod +x {} \;
-
- # Install nss.cfg right away as we will be using the JRE above
- install -m 644 nss.cfg ${imagepath}/conf/security/
-
- # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
- install -m 644 nss.fips.cfg ${imagepath}/conf/security/
-
- # Turn on system security properties
- sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
- ${imagepath}/conf/security/java.security
-
- # Use system-wide tzdata
- rm ${imagepath}/lib/tzdb.dat
- ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
-
- # Create fake alt-java as a placeholder for future alt-java
- pushd ${imagepath}
- # add alt-java man page
- echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
- cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
- popd
-
- # Print release information
- cat ${imagepath}/release
-
+ # the build (erroneously) removes read permissions from some jars
+ # this is a regression in OpenJDK 7 (our compiler):
+ # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
+ find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
+
+ # Build screws up permissions on binaries
+ # https://bugs.openjdk.java.net/browse/JDK-8173610
+ find ${imagepath} -iname '*.so' -exec chmod +x {} \;
+ find ${imagepath}/bin/ -exec chmod +x {} \;
+
+ # Install nss.cfg right away as we will be using the JRE above
+ #is already there from portables
+ # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
+ #is already there from portables
+
+ # Turn on system security properties
+ sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
+ ${imagepath}/conf/security/java.security
+
+ # Use system-wide tzdata
+ mv ${imagepath}/lib/tzdb.dat{,.upstream}
+ ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
+
+ # Rename OpenJDK cacerts database
+ mv ${imagepath}/lib/security/cacerts{,.upstream}
+ # Install cacerts symlink needed by some apps which hard-code the path
+ ln -sv /etc/pki/java/cacerts ${imagepath}/lib/security
+
+ # add alt-java man page
+ # alt-java man and bianry are here from portables. Or not?
fi
}
-%if %{build_hotspot_first}
- # Build a fresh libjvm.so first and use it to bootstrap
- cp -LR --preserve=mode,timestamps %{bootjdk} newboot
- systemjdk=$(pwd)/newboot
- buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
- mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server
-%else
- systemjdk=%{bootjdk}
-%endif
-
-for suffix in %{build_loop} ; do
-
- if [ "x$suffix" = "x" ] ; then
- debugbuild=release
- else
- # change --something to something
- debugbuild=`echo $suffix | sed "s/-//g"`
- fi
-
-
- for loop in %{main_suffix} %{staticlibs_loop} ; do
-
- builddir=%{buildoutputdir -- ${suffix}${loop}}
- bootbuilddir=boot${builddir}
- installdir=%{installoutputdir -- ${suffix}${loop}}
- bootinstalldir=boot${installdir}
-
- if test "x${loop}" = "x%{main_suffix}" ; then
- link_opt="%{link_type}"
-%if %{system_libs}
- # Copy the source tree so we can remove all in-tree libraries
- cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
- # Remove all libraries that are linked
- sh %{SOURCE12} %{top_level_dir_name} full
-%endif
- # Debug builds don't need same targets as release for
- # build speed-up. We also avoid bootstrapping these
- # slower builds.
- if echo $debugbuild | grep -q "debug" ; then
- maketargets="%{debug_targets}"
- run_bootstrap=false
- else
- maketargets="%{release_targets}"
- run_bootstrap=%{bootstrap_build}
- fi
- if ${run_bootstrap} ; then
- buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
- installjdk ${bootbuilddir} ${bootinstalldir}
- buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
- installjdk ${builddir} ${installdir}
- %{!?with_artifacts:rm -rf ${bootinstalldir}}
- else
- buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
- installjdk ${builddir} ${installdir}
- fi
-%if %{system_libs}
- # Restore original source tree we modified by removing full in-tree sources
- rm -rf %{top_level_dir_name}
- mv %{top_level_dir_name_backup} %{top_level_dir_name}
-%endif
- else
- # Use bundled libraries for building statically
- link_opt="bundled"
- # Static library cycle only builds the static libraries
- maketargets="%{static_libs_target}"
- # Always just do the one build for the static libraries
- buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
- installjdk ${builddir} ${installdir}
- fi
-
- done # end of main / staticlibs loop
-
-# build cycles
-done # end of release / debug cycle loop
-
-%check
-
-# We test debug first as it will give better diagnostics on a crash
-for suffix in %{build_loop} ; do
-
-top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
-%if %{include_staticlibs}
-top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}}
-%endif
-
-export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
-
-#check Shenandoah is enabled
-%if %{use_shenandoah_hotspot}
-$JAVA_HOME//bin/java -XX:+UseShenandoahGC -version
-%endif
-
-# Check unlimited policy has been used
-$JAVA_HOME/bin/javac -d . %{SOURCE13}
-$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel
+# Checks on debuginfo must be performed before the files are stripped
+# by the RPM installation stage
+function debugcheckjdk() {
+ local imagepath=${1}
-# Check ECC is working
-$JAVA_HOME/bin/javac -d . %{SOURCE14}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
-
-# Check system crypto (policy) is active and can be disabled
-# Test takes a single argument - true or false - to state whether system
-# security properties are enabled or not.
-$JAVA_HOME/bin/javac -d . %{SOURCE15}
-export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
-export SEC_DEBUG="-Djava.security.debug=properties"
-$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
-$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
-
-# Check java launcher has no SSB mitigation
-if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
-
-# Check alt-java launcher has SSB mitigation on supported architectures
-%ifarch %{ssbd_arches}
-nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
-%else
-if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
-%endif
-
-# Check correct vendor values have been set
-$JAVA_HOME/bin/javac -d . %{SOURCE16}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}"
-
-# Check translations are available for new timezones
-$JAVA_HOME/bin/javac -d . %{SOURCE18}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
-$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR
-
-%if %{include_staticlibs}
-# Check debug symbols in static libraries (smoke test)
-export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}
-readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
-readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
-%endif
-
-so_suffix="so"
-# Check debug symbols are present and can identify code
-find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
-do
- if [ -f "$lib" ] ; then
- echo "Testing $lib for debug symbols"
- # All these tests rely on RPM failing the build if the exit code of any set
- # of piped commands is non-zero.
-
- # Test for .debug_* sections in the shared object. This is the main test
- # Stripped objects will not contain these
- eu-readelf -S "$lib" | grep "] .debug_"
- test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2
-
- # Test FILE symbols. These will most likely be removed by anything that
- # manipulates symbol tables because it's generally useless. So a nice test
- # that nothing has messed with symbols
- old_IFS="$IFS"
- IFS=$'\n'
- for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
- do
- # We expect to see .cpp files, except for architectures like aarch64 and
- # s390 where we expect .o and .oS files
- echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
- done
- IFS="$old_IFS"
-
- # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking
- if [ "`basename $lib`" = "libjvm.so" ]; then
- eu-readelf -s "$lib" | \
- grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$"
- fi
-
- # Test that there are no .gnu_debuglink sections pointing to another
- # debuginfo file. There shouldn't be any debuginfo files, so the link makes
- # no sense either
- eu-readelf -S "$lib" | grep 'gnu'
- if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then
- echo "bad .gnu_debuglink section."
- eu-readelf -x .gnu_debuglink "$lib"
- false
- fi
- fi
-done
+ if [ -d ${imagepath} ] ; then
-# Make sure gdb can do a backtrace based on line numbers on libjvm.so
-# javaCalls.cpp:58 should map to:
-# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/…
-# Using line number 1 might cause build problems. See:
-# https://bugzilla.redhat.com/show_bug.cgi?id=1539664
-# https://bugzilla.redhat.com/show_bug.cgi?id=1538767
-gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
+ so_suffix="so"
+ # Check debug symbols are present and can identify code
+ find "${imagepath}" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
+ do
+ if [ -f "$lib" ] ; then
+ echo "Testing $lib for debug symbols"
+ # All these tests rely on RPM failing the build if the exit code of any set
+ # of piped commands is non-zero.
+
+ # Test for .debug_* sections in the shared object. This is the main test
+ # Stripped objects will not contain these
+ eu-readelf -S "$lib" | grep "] .debug_"
+ test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2
+
+ # Test FILE symbols. These will most likely be removed by anything that
+ # manipulates symbol tables because it's generally useless. So a nice test
+ # that nothing has messed with symbols
+ old_IFS="$IFS"
+ IFS=$'\n'
+ for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
+ do
+ # We expect to see .cpp files, except for architectures like aarch64 and
+ # s390 where we expect .o and .oS files
+ echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
+ done
+ IFS="$old_IFS"
+
+ # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking
+ if [ "`basename $lib`" = "libjvm.so" ]; then
+ eu-readelf -s "$lib" | \
+ grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$"
+ fi
+
+ # Test that there are no .gnu_debuglink sections pointing to another
+ # debuginfo file. There shouldn't be any debuginfo files, so the link makes
+ # no sense either
+ eu-readelf -S "$lib" | grep 'gnu'
+ if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then
+ echo "bad .gnu_debuglink section."
+ eu-readelf -x .gnu_debuglink "$lib"
+ false
+ fi
+ fi
+ done
+
+ # Make sure gdb can do a backtrace based on line numbers on libjvm.so
+ # javaCalls.cpp:58 should map to:
+ # http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/…
+ # Using line number 1 might cause build problems. See:
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1539664
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1538767
+ gdb -q "${imagepath}/bin/java" <<EOF | tee gdb.out
handle SIGSEGV pass nostop noprint
handle SIGILL pass nostop noprint
set breakpoint pending on
@@ -2308,39 +1886,72 @@ end
run -version
EOF
%ifarch %{gdb_arches}
-grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
+ grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif
-# Check src.zip has all sources. See RHBZ#1130490
-$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
-
-# Check class files include useful debugging information
-$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
-$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
-$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
-
-# Check generated class files include useful debugging information
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
-$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
+ fi
+}
-# build cycles check
-done
+for suffix in %{build_loop} ; do
+ if [ "x$suffix" = "x" ] ; then
+ debugbuild=""
+ else
+ # change -something to .something
+ debugbuild=`echo $suffix | sed "s/-/./g"`
+ fi
+ # Final setup on the untarred images
+ # TODO revisit. jre may be complety useless to unpack and process,
+ # as all the files are taken from JDK tarball ans put to packages manually.
+ # jre tarball may be usefull for checking integrity of jre and jre headless subpackages
+ #for jdkjre in jdk jre ; do
+ for jdkjre in jdk ; do
+ buildoutputdir=`ls -d %{compatiblename}*portable${debugbuild}.${jdkjre}*`
+ top_dir_abs_main_build_path=$(pwd)/${buildoutputdir}
+ installjdk ${top_dir_abs_main_build_path}
+ # Check debug symbols were built into the dynamic libraries
+ if [ $jdkjre == jdk ] ; then
+ #jdk only?
+ debugcheckjdk ${top_dir_abs_main_build_path}
+ fi
+ # Print release information
+ cat ${top_dir_abs_main_build_path}/release
+ done
+# build cycles
+done # end of release / debug cycle loop
-%install
STRIP_KEEP_SYMTAB=libjvm*
for suffix in %{build_loop} ; do
-
-top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
+ if [ "x$suffix" = "x" ] ; then
+ debugbuild=""
+ else
+ # change -something to .something
+ debugbuild=`echo $suffix | sed "s/-/./g"`
+ fi
+ buildoutputdir=`ls -d %{compatiblename}*portable${debugbuild}.jdk*`
+ top_dir_abs_main_build_path=$(pwd)/${buildoutputdir}
%if %{include_staticlibs}
-top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}}
+ top_dir_abs_staticlibs_build_path=`ls -d $top_dir_abs_main_build_path/lib/static/*/glibc/`
%endif
-jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage}
+ jdk_image=${top_dir_abs_main_build_path}
+ src_image=`echo ${top_dir_abs_main_build_path} | sed "s/portable.*.%{_arch}/portable.sources.noarch/"`
# Install the jdk
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
+
+# Install icons
+for s in 16 24 32 48 ; do
+ install -D -p -m 644 \
+ ${src_image}/openjdk/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \
+ $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png
+done
+
+
cp -a ${jdk_image} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
+cp -a ${src_image} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/full_sources
+# JDK11 specific, bianry file in sources
+rm -vf "$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/full_sources/openjdk/test/jdk/sun/management/jmxremote/bootstrap/solaris-sparcv9/launcher"
+
pushd ${jdk_image}
@@ -2348,24 +1959,17 @@ pushd ${jdk_image}
# Install systemtap support files
install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
# note, that uniquesuffix is in BUILD dir in this case
- cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
+ cp -a $RPM_BUILD_DIR/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
tapsetFiles=`ls *.stp`
popd
install -d -m 755 $RPM_BUILD_ROOT%{tapsetdir}
for name in $tapsetFiles ; do
targetName=`echo $name | sed "s/.stp/$suffix.stp/"`
- ln -sf %{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
+ ln -srvf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
done
%endif
- # Remove empty cacerts database
- rm -f $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security/cacerts
- # Install cacerts symlink needed by some apps which hard-code the path
- pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security
- ln -sf /etc/pki/java/cacerts .
- popd
-
# Install version-ed symlinks
pushd $RPM_BUILD_ROOT%{_jvmdir}
ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
@@ -2378,40 +1982,35 @@ pushd ${jdk_image}
# Convert man pages to UTF8 encoding
iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp
mv -f $manpage.tmp $manpage
- install -m 644 -p $manpage $RPM_BUILD_ROOT%{_mandir}/man1/$(basename \
- $manpage .1)-%{uniquesuffix -- $suffix}.1
+ install -m 644 -p $manpage $RPM_BUILD_ROOT%{_mandir}/man1/$(basename $manpage .1)-%{uniquesuffix -- $suffix}.1
done
# Remove man pages from jdk image
rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man
popd
+
# Install static libs artefacts
%if %{include_staticlibs}
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc
-cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \
- $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc
+mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
+cp -a ${top_dir_abs_staticlibs_build_path}/*.a $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
%endif
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
- cp -a ${top_dir_abs_main_build_path}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
- built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
- cp -a ${top_dir_abs_main_build_path}/bundles/${built_doc_archive} \
- $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip || ls -l ${top_dir_abs_main_build_path}/bundles/
+ install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
+ built_doc_archive=javadocs.zip
+ cp -a ${top_dir_abs_main_build_path}/${built_doc_archive} \
+ $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip || ls -l ${top_dir_abs_main_build_path}
+ pushd $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
+ unzip ${top_dir_abs_main_build_path}/${built_doc_archive}
+ popd
fi
# Install release notes
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
install -d -m 755 ${commondocdir}
-cp -a %{SOURCE10} ${commondocdir}
-
-# Install icons and menu entries
-for s in 16 24 32 48 ; do
- install -D -p -m 644 \
- %{top_level_dir_name}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \
- $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png
-done
+cp -a ${top_dir_abs_main_build_path}/NEWS ${commondocdir}
# Install desktop files
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
@@ -2425,8 +2024,7 @@ done
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/.java/.systemPrefs
# copy samples next to demos; samples are mostly js files
-cp -r %{top_level_dir_name}/src/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/
-
+cp -r ${src_image}/%{top_level_dir_name}/src/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/
# moving config files to /etc
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
@@ -2434,21 +2032,104 @@ mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/conf/ $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib/security $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}
- ln -s %{etcjavadir -- $suffix}/conf ./conf
+ ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/conf ./conf
popd
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib
- ln -s %{etcjavadir -- $suffix}/lib/security ./security
+ ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/lib/security ./security
popd
# end moving files to /etc
+#TODO this is done also i portables and in install jdk. But hard to say where the operation will hapen at the end
# stabilize permissions
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ;
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ;
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ;
+if [ "x$suffix" = "x" ] ; then
+ rm $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/javadocs.zip #is in subpackages, 1 renamed, 2nd unpacked
+fi
# end, dual install
done
+%check
+
+# We test debug first as it will give better diagnostics on a crash
+for suffix in %{build_loop} ; do
+
+# Tests in the check stage are performed on the installed image
+# rpmbuild operates as follows: build -> install -> test
+export JAVA_HOME=${RPM_BUILD_ROOT}%{_jvmdir}/%{sdkdir -- $suffix}
+
+#check Shenandoah is enabled
+%if %{use_shenandoah_hotspot}
+$JAVA_HOME/bin/java -XX:+UseShenandoahGC -version
+%endif
+
+# Check unlimited policy has been used
+$JAVA_HOME/bin/javac -d . %{SOURCE13}
+$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel
+
+# Check ECC is working
+$JAVA_HOME/bin/javac -d . %{SOURCE14}
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
+
+# Check system crypto (policy) is active and can be disabled
+# Test takes a single argument - true or false - to state whether system
+# security properties are enabled or not.
+$JAVA_HOME/bin/javac -d . %{SOURCE15}
+export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
+export SEC_DEBUG="-Djava.security.debug=properties"
+$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
+$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
+
+# Check java launcher has no SSB mitigation
+if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
+
+# Check alt-java launcher has SSB mitigation on supported architectures
+%ifarch %{ssbd_arches}
+nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
+%else
+if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
+%endif
+
+# Check correct vendor values have been set
+$JAVA_HOME/bin/javac -d . %{SOURCE16}
+#TODO skipped vendor check. It now points to PORTABLE version of jdk.
+#$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}"
+
+%if ! 0%{?flatpak}
+# Check translations are available for new timezones (during flatpak builds, the
+# tzdb.dat used by this test is not where the test expects it, so this is
+# disabled for flatpak builds)
+$JAVA_HOME/bin/javac -d . %{SOURCE18}
+#TODO doublecheck tzdata handling
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE || echo "TZDATA no longer can be synced with system, because we repack"
+$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR || echo "TZDATA no longer can be synced with system, because we repack"
+%endif
+
+%if %{include_staticlibs}
+# Check debug symbols in static libraries (smoke test)
+export STATIC_LIBS_HOME=${JAVA_HOME}/%{static_libs_install_dir}
+readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep w_remainder.c
+readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep e_remainder.c
+%endif
+
+# Check src.zip has all sources. See RHBZ#1130490
+$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
+
+# Check class files include useful debugging information
+$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
+$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
+$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
+
+# Check generated class files include useful debugging information
+$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
+$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
+$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
+
+# build cycles check
+done
+
%if %{include_normal_build}
# intentionally only for non-debug
%pretrans headless -p <lua>
@@ -2464,7 +2145,7 @@ local posix = require "posix"
if (os.getenv("debug") == "true") then
debug = true;
print("cjc: in spec debug is on")
-else
+else
debug = false;
end
@@ -2715,6 +2396,19 @@ end
%endif
%changelog
+* Sat Apr 29 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:11.0.19.0.7-1
+- updated to 17.0.7.0.7 underlying portables
+- requirign 17.0.7.0.7-2 due to news, and much more tuning
+- now untarring enforced version
+- repacked bits are now requested in exact version
+- repacked portables
+- using icons from source package
+- providing full sources via src package
+- requiring exact version.reelase of portables
+- todo, lost alt java manpage.. probably already in portables
+- TODO conslut this clean up - javdoc
+- todo, debuginfo
+
* Thu Jan 26 2023 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.18.0.10-1
- Update to jdk-11.0.18+10 (GA)
- Update release notes to 11.0.18+10
diff --git a/nss.cfg.in b/nss.cfg.in
deleted file mode 100644
index 377a39c..0000000
--- a/nss.cfg.in
+++ /dev/null
@@ -1,5 +0,0 @@
-name = NSS
-nssLibraryDirectory = @NSS_LIBDIR@
-nssDbMode = noDb
-attributes = compatibility
-handleStartupErrors = ignoreMultipleInitialisation
diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in
deleted file mode 100644
index 2d9ec35..0000000
--- a/nss.fips.cfg.in
+++ /dev/null
@@ -1,8 +0,0 @@
-name = NSS-FIPS
-nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = sql:/etc/pki/nssdb
-nssDbMode = readOnly
-nssModule = fips
-
-attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true }
-
diff --git a/openjdk_news.sh b/openjdk_news.sh
deleted file mode 100755
index 560b356..0000000
--- a/openjdk_news.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-
-# Copyright (C) 2022 Red Hat, Inc.
-# Written by Andrew John Hughes <gnu.andrew(a)redhat.com>, 2012-2022
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU Affero General Public License as
-# published by the Free Software Foundation, either version 3 of the
-# License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU Affero General Public License for more details.
-#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-OLD_RELEASE=$1
-NEW_RELEASE=$2
-SUBDIR=$3
-REPO=$4
-SCRIPT_DIR=$(dirname ${0})
-
-if test "x${SUBDIR}" = "x"; then
- echo "No subdirectory specified; using .";
- SUBDIR=".";
-fi
-
-if test "x$REPO" = "x"; then
- echo "No repository specified; using ${PWD}"
- REPO=${PWD}
-fi
-
-if test x${TMPDIR} = x; then
- TMPDIR=/tmp;
-fi
-
-echo "Repository: ${REPO}"
-
-if [ -e ${REPO}/.git ] ; then
- TYPE=git;
-elif [ -e ${REPO}/.hg ] ; then
- TYPE=hg;
-else
- echo "No Mercurial or Git repository detected.";
- exit 1;
-fi
-
-if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
- echo "ERROR: Need to specify old and new release";
- exit 2;
-fi
-
-echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
-rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
-for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
-do
- if test "x$TYPE" = "xhg"; then
- hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
- egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])# - JDK-\1#'| \
- sed 's#^[o:| ]*summary:\W*# - #' >> ${TMPDIR}/fixes2;
- hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
- egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})# - JDK-\1#' >> ${TMPDIR}/fixes3;
- else
- git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
- sed -r 's#^([0-9])# - JDK-\1#' >> ${TMPDIR}/fixes2;
- touch ${TMPDIR}/fixes3 ; # unused
- fi
-done
-
-sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
-rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
-
-echo "In ${TMPDIR}/fixes:"
-cat ${TMPDIR}/fixes
diff --git a/remove-intree-libraries.sh b/remove-intree-libraries.sh
deleted file mode 100644
index ee02f60..0000000
--- a/remove-intree-libraries.sh
+++ /dev/null
@@ -1,166 +0,0 @@
-#!/bin/sh
-
-# Arguments: <JDK TREE> <MINIMAL|FULL>
-TREE=${1}
-TYPE=${2}
-
-ZIP_SRC=src/java.base/share/native/libzip/zlib/
-FREETYPE_SRC=src/java.desktop/share/native/libfreetype/
-JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
-GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
-PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
-LCMS_SRC=src/java.desktop/share/native/liblcms/
-
-if test "x${TREE}" = "x"; then
- echo "$0 <JDK_TREE> (MINIMAL|FULL)";
- exit 1;
-fi
-
-if test "x${TYPE}" = "x"; then
- TYPE=minimal;
-fi
-
-if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
- echo "Type must be minimal or full";
- exit 2;
-fi
-
-echo "Removing in-tree libraries from ${TREE}"
-echo "Cleansing operation: ${TYPE}";
-
-cd ${TREE}
-
-echo "Removing built-in libs (they will be linked)"
-
-# On full runs, allow for zlib & freetype having already been deleted by minimal
-echo "Removing zlib"
-if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
- echo "${ZIP_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${ZIP_SRC}
-echo "Removing freetype"
-if [ "x${TYPE}" = "xminimal" -a ! -d ${FREETYPE_SRC} ]; then
- echo "${FREETYPE_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${FREETYPE_SRC}
-
-# Minimal is limited to just zlib and freetype so finish here
-if test "x${TYPE}" = "xminimal"; then
- echo "Finished.";
- exit 0;
-fi
-
-echo "Removing libjpeg"
-if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
- echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
- exit 1
-fi
-
-rm -vf ${JPEG_SRC}/jcomapi.c
-rm -vf ${JPEG_SRC}/jdapimin.c
-rm -vf ${JPEG_SRC}/jdapistd.c
-rm -vf ${JPEG_SRC}/jdcoefct.c
-rm -vf ${JPEG_SRC}/jdcolor.c
-rm -vf ${JPEG_SRC}/jdct.h
-rm -vf ${JPEG_SRC}/jddctmgr.c
-rm -vf ${JPEG_SRC}/jdhuff.c
-rm -vf ${JPEG_SRC}/jdhuff.h
-rm -vf ${JPEG_SRC}/jdinput.c
-rm -vf ${JPEG_SRC}/jdmainct.c
-rm -vf ${JPEG_SRC}/jdmarker.c
-rm -vf ${JPEG_SRC}/jdmaster.c
-rm -vf ${JPEG_SRC}/jdmerge.c
-rm -vf ${JPEG_SRC}/jdphuff.c
-rm -vf ${JPEG_SRC}/jdpostct.c
-rm -vf ${JPEG_SRC}/jdsample.c
-rm -vf ${JPEG_SRC}/jerror.c
-rm -vf ${JPEG_SRC}/jerror.h
-rm -vf ${JPEG_SRC}/jidctflt.c
-rm -vf ${JPEG_SRC}/jidctfst.c
-rm -vf ${JPEG_SRC}/jidctint.c
-rm -vf ${JPEG_SRC}/jidctred.c
-rm -vf ${JPEG_SRC}/jinclude.h
-rm -vf ${JPEG_SRC}/jmemmgr.c
-rm -vf ${JPEG_SRC}/jmemsys.h
-rm -vf ${JPEG_SRC}/jmemnobs.c
-rm -vf ${JPEG_SRC}/jmorecfg.h
-rm -vf ${JPEG_SRC}/jpegint.h
-rm -vf ${JPEG_SRC}/jpeglib.h
-rm -vf ${JPEG_SRC}/jquant1.c
-rm -vf ${JPEG_SRC}/jquant2.c
-rm -vf ${JPEG_SRC}/jutils.c
-rm -vf ${JPEG_SRC}/jcapimin.c
-rm -vf ${JPEG_SRC}/jcapistd.c
-rm -vf ${JPEG_SRC}/jccoefct.c
-rm -vf ${JPEG_SRC}/jccolor.c
-rm -vf ${JPEG_SRC}/jcdctmgr.c
-rm -vf ${JPEG_SRC}/jchuff.c
-rm -vf ${JPEG_SRC}/jchuff.h
-rm -vf ${JPEG_SRC}/jcinit.c
-rm -vf ${JPEG_SRC}/jconfig.h
-rm -vf ${JPEG_SRC}/jcmainct.c
-rm -vf ${JPEG_SRC}/jcmarker.c
-rm -vf ${JPEG_SRC}/jcmaster.c
-rm -vf ${JPEG_SRC}/jcparam.c
-rm -vf ${JPEG_SRC}/jcphuff.c
-rm -vf ${JPEG_SRC}/jcprepct.c
-rm -vf ${JPEG_SRC}/jcsample.c
-rm -vf ${JPEG_SRC}/jctrans.c
-rm -vf ${JPEG_SRC}/jdtrans.c
-rm -vf ${JPEG_SRC}/jfdctflt.c
-rm -vf ${JPEG_SRC}/jfdctfst.c
-rm -vf ${JPEG_SRC}/jfdctint.c
-rm -vf ${JPEG_SRC}/jversion.h
-rm -vf ${JPEG_SRC}/README
-
-echo "Removing giflib"
-if [ ! -d ${GIF_SRC} ]; then
- echo "${GIF_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${GIF_SRC}
-
-echo "Removing libpng"
-if [ ! -d ${PNG_SRC} ]; then
- echo "${PNG_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -rvf ${PNG_SRC}
-
-echo "Removing lcms"
-if [ ! -d ${LCMS_SRC} ]; then
- echo "${LCMS_SRC} does not exist. Refusing to proceed."
- exit 1
-fi
-rm -vf ${LCMS_SRC}/cmscam02.c
-rm -vf ${LCMS_SRC}/cmscgats.c
-rm -vf ${LCMS_SRC}/cmscnvrt.c
-rm -vf ${LCMS_SRC}/cmserr.c
-rm -vf ${LCMS_SRC}/cmsgamma.c
-rm -vf ${LCMS_SRC}/cmsgmt.c
-rm -vf ${LCMS_SRC}/cmshalf.c
-rm -vf ${LCMS_SRC}/cmsintrp.c
-rm -vf ${LCMS_SRC}/cmsio0.c
-rm -vf ${LCMS_SRC}/cmsio1.c
-rm -vf ${LCMS_SRC}/cmslut.c
-rm -vf ${LCMS_SRC}/cmsmd5.c
-rm -vf ${LCMS_SRC}/cmsmtrx.c
-rm -vf ${LCMS_SRC}/cmsnamed.c
-rm -vf ${LCMS_SRC}/cmsopt.c
-rm -vf ${LCMS_SRC}/cmspack.c
-rm -vf ${LCMS_SRC}/cmspcs.c
-rm -vf ${LCMS_SRC}/cmsplugin.c
-rm -vf ${LCMS_SRC}/cmsps2.c
-rm -vf ${LCMS_SRC}/cmssamp.c
-rm -vf ${LCMS_SRC}/cmssm.c
-rm -vf ${LCMS_SRC}/cmstypes.c
-rm -vf ${LCMS_SRC}/cmsvirt.c
-rm -vf ${LCMS_SRC}/cmswtpnt.c
-rm -vf ${LCMS_SRC}/cmsxform.c
-rm -vf ${LCMS_SRC}/lcms2.h
-rm -vf ${LCMS_SRC}/lcms2_internal.h
-rm -vf ${LCMS_SRC}/lcms2_plugin.h
-
-
diff --git a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
deleted file mode 100644
index a877506..0000000
--- a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff -uNr openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java jdk8/jdk/src/java.desktop/share/classes/java/awt/Toolkit.java
---- openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
-+++ openjdk/src/java.desktop/share/classes/java/awt/Toolkit.java
-@@ -883,9 +883,13 @@
- return null;
- }
- });
- if (!GraphicsEnvironment.isHeadless()) {
-- loadAssistiveTechnologies();
-+ try {
-+ loadAssistiveTechnologies();
-+ } catch (AWTError error) {
-+ // ignore silently
-+ }
- }
- }
- return toolkit;
- }
diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
deleted file mode 100644
index cd3329a..0000000
--- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
-index 474fe6f401f..7e94ae32023 100644
---- a/src/java.base/share/conf/security/java.security
-+++ b/src/java.base/share/conf/security/java.security
-@@ -84,6 +84,7 @@ security.provider.tbd=Apple
- #ifndef solaris
- security.provider.tbd=SunPKCS11
- #endif
-+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg
-
- #
- # Security providers used when FIPS mode support is active
diff --git a/rh1648644-java_access_bridge_privileged_security.patch b/rh1648644-java_access_bridge_privileged_security.patch
deleted file mode 100644
index 53026ad..0000000
--- a/rh1648644-java_access_bridge_privileged_security.patch
+++ /dev/null
@@ -1,20 +0,0 @@
---- openjdk/src/java.base/share/conf/security/java.security
-+++ openjdk/src/java.base/share/conf/security/java.security
-@@ -304,6 +304,8 @@
- #
- package.access=sun.misc.,\
- sun.reflect.,\
-+ org.GNOME.Accessibility.,\
-+ org.GNOME.Bonobo.,\
-
- #
- # List of comma-separated packages that start with or equal this string
-@@ -316,6 +318,8 @@
- #
- package.definition=sun.misc.,\
- sun.reflect.,\
-+ org.GNOME.Accessibility.,\
-+ org.GNOME.Bonobo.,\
-
- #
- # Determines whether this properties file can be appended to
diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch
deleted file mode 100644
index e6355f2..0000000
--- a/rh1750419-redhat_alt_java.patch
+++ /dev/null
@@ -1,116 +0,0 @@
-diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
---- openjdk/make/launcher/Launcher-java.base.gmk Wed Nov 25 08:27:15 2020 +0100
-+++ openjdk/make/launcher/Launcher-java.base.gmk Tue Dec 01 12:29:30 2020 +0100
-@@ -41,6 +41,16 @@
- OPTIMIZATION := HIGH, \
- ))
-
-+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
-+$(eval $(call SetupBuildLauncher, alt-java, \
-+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
-+ LDFLAGS_solaris := -R$(OPENWIN_HOME)/lib$(OPENJDK_TARGET_CPU_ISADIR), \
-+ LIBS_windows := user32.lib comctl32.lib, \
-+ EXTRA_RC_FLAGS := $(JAVA_RC_FLAGS), \
-+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
-+ OPTIMIZATION := HIGH, \
-+))
-+
- ifeq ($(OPENJDK_TARGET_OS), windows)
- $(eval $(call SetupBuildLauncher, javaw, \
- CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
-
-diff -r 25e94aa812b2 src/share/bin/alt_main.h
---- /dev/null Thu Jan 01 00:00:00 1970 +0000
-+++ openjdk/src/java.base/share/native/launcher/alt_main.h Tue Jun 02 17:15:28 2020 +0100
-@@ -0,0 +1,73 @@
-+/*
-+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation. Oracle designates this
-+ * particular file as subject to the "Classpath" exception as provided
-+ * by Oracle in the LICENSE file that accompanied this code.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+#ifdef REDHAT_ALT_JAVA
-+
-+#include <sys/prctl.h>
-+
-+
-+/* Per task speculation control */
-+#ifndef PR_GET_SPECULATION_CTRL
-+# define PR_GET_SPECULATION_CTRL 52
-+#endif
-+#ifndef PR_SET_SPECULATION_CTRL
-+# define PR_SET_SPECULATION_CTRL 53
-+#endif
-+/* Speculation control variants */
-+#ifndef PR_SPEC_STORE_BYPASS
-+# define PR_SPEC_STORE_BYPASS 0
-+#endif
-+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
-+
-+#ifndef PR_SPEC_NOT_AFFECTED
-+# define PR_SPEC_NOT_AFFECTED 0
-+#endif
-+#ifndef PR_SPEC_PRCTL
-+# define PR_SPEC_PRCTL (1UL << 0)
-+#endif
-+#ifndef PR_SPEC_ENABLE
-+# define PR_SPEC_ENABLE (1UL << 1)
-+#endif
-+#ifndef PR_SPEC_DISABLE
-+# define PR_SPEC_DISABLE (1UL << 2)
-+#endif
-+#ifndef PR_SPEC_FORCE_DISABLE
-+# define PR_SPEC_FORCE_DISABLE (1UL << 3)
-+#endif
-+#ifndef PR_SPEC_DISABLE_NOEXEC
-+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4)
-+#endif
-+
-+static void set_speculation() __attribute__((constructor));
-+static void set_speculation() {
-+ if ( prctl(PR_SET_SPECULATION_CTRL,
-+ PR_SPEC_STORE_BYPASS,
-+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
-+ return;
-+ }
-+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
-+}
-+
-+#endif // REDHAT_ALT_JAVA
-diff -r 25e94aa812b2 src/share/bin/main.c
---- openjdk/src/java.base/share/native/launcher/main.c Wed Feb 05 12:20:36 2020 -0300
-+++ openjdk/src/java.base/share/native/launcher/main.c Tue Jun 02 17:15:28 2020 +0100
-@@ -34,6 +34,14 @@
- #include "jli_util.h"
- #include "jni.h"
-
-+#ifdef REDHAT_ALT_JAVA
-+#if defined(__linux__) && defined(__x86_64__)
-+#include "alt_main.h"
-+#else
-+#warning alt-java requested but SSB mitigation not available on this platform.
-+#endif
-+#endif
-+
- #ifdef _MSC_VER
- #if _MSC_VER > 1400 && _MSC_VER < 1600
-
diff --git a/rh1842572-rsa_default_for_keytool.patch b/rh1842572-rsa_default_for_keytool.patch
deleted file mode 100644
index 9f1dabc..0000000
--- a/rh1842572-rsa_default_for_keytool.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
---- openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java
-+++ openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
-@@ -1135,7 +1135,7 @@
- }
- } else if (command == GENKEYPAIR) {
- if (keyAlgName == null) {
-- keyAlgName = "DSA";
-+ keyAlgName = "RSA";
- }
- doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName);
- kssave = true;
diff --git a/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch b/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
deleted file mode 100644
index 1b706a1..0000000
--- a/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Remove uses of FAR in jpeg code
-
-Upstream libjpeg-trubo removed the (empty) FAR macro:
-http://sourceforge.net/p/libjpeg-turbo/code/1312/
-
-Adjust our code to not use the undefined FAR macro anymore.
-
-diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
---- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
-+++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
-@@ -1385,7 +1385,7 @@
- /* and fill it in */
- dst_ptr = icc_data;
- for (seq_no = first; seq_no < last; seq_no++) {
-- JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
-+ JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN;
- unsigned int length =
- icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN;
-
diff --git a/sources b/sources
index 5ea198a..3bbbb1b 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz) = c946ec14e1fb4ec40269e0928734368a6d68712549ae450e346d53ab1ae553a280402c6c7e346c859a3e65ec83fc1adefbad733fe8d5e89f0b6d43314558a0b5
diff --git a/update_package.sh b/update_package.sh
deleted file mode 100644
index 9831993..0000000
--- a/update_package.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash -x
-# this file contains defaults for currently generated source tarballs
-
-set -e
-
-# OpenJDK from Shenandoah project
-export PROJECT_NAME="shenandoah"
-export REPO_NAME="jdk11"
-# warning, clonning without shenadnaoh prefix, you will clone pure jdk - thus without shenandaoh GC
-export VERSION="shenandoah-jdk-11.0.3+7"
-export COMPRESSION=xz
-# unset tapsets overrides
-export OPENJDK_URL=""
-export TO_COMPRESS=""
-# warning, filename and filenameroot creation is duplicated here from generate_source_tarball.sh
-export FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION}
-FILENAME=${FILE_NAME_ROOT}.tar.${COMPRESSION}
-
-if [ ! -f ${FILENAME} ] ; then
-echo "Generating ${FILENAME}"
- sh ./generate_source_tarball.sh
-else
- echo "exists exists exists exists exists exists exists "
- echo "reusing reusing reusing reusing reusing reusing "
- echo ${FILENAME}
-fi
-
-set +e
-
-major=`echo $REPO_NAME | sed 's/[a-zA-Z]*//g'`
-build=`echo $VERSION | sed 's/.*+//g'`
-name_helper=`echo $FILENAME | sed s/$major/'%{majorver}'/g `
-name_helper=`echo $name_helper | sed s/$build/'%{buildver}'/g `
-echo "align specfile acordingly:"
-echo " sed 's/^Source0:.*/Source0: $name_helper/' -i *.spec"
-echo " sed 's/^Source8:.*/Source8: $TAPSET/' -i *.spec"
-echo " sed 's/^%global buildver.*/%global buildver $build/' -i *.spec"
-echo " sed 's/Release:.*/Release: 1%{?dist}/' -i *.spec"
-echo "and maybe others...."
-echo "you should fedpkg/rhpkg new-sources $TAPSET $FILENAME"
-echo "you should fedpkg/rhpkg prep --arch XXXX on all architectures: x86_64 i386 i586 i686 ppc ppc64 ppc64le s390 s390x aarch64 armv7hl"
-
The package rpms/java-11-openjdk.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/java-11-openjdk.git/commit/?id=0180….
Change:
+%ifarch %{ssbd_arches}
Thanks.
Full change:
============
commit 3d2f8374c5c59132a06e3007ff54684157b26de8
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Apr 29 17:21:07 2023 +0200
Added tzdata.usptream and cacerts.upstream
diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 3ba613f..368af80 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -824,6 +824,7 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfont.properties.ja
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfontj2d.properties
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat
+%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat.upstream
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/jli
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jli/libjli.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jvm.cfg
@@ -886,6 +887,7 @@ exit 0
%dir %{etcjavadir -- %{?1}}/lib
%dir %{etcjavadir -- %{?1}}/lib/security
%{etcjavadir -- %{?1}}/lib/security/cacerts
+%{etcjavadir -- %{?1}}/lib/security/cacerts.upstream
%dir %{etcjavadir -- %{?1}}/conf
%dir %{etcjavadir -- %{?1}}/conf/management
%dir %{etcjavadir -- %{?1}}/conf/security
commit 0180d4e988f72c718785051bbb34a8f2ad567225
Author: Jiri <jvanek(a)redhat.com>
Date: Sat Apr 29 16:39:42 2023 +0200
updated to 17.0.7.0.7 underlying portables
- requirign 17.0.7.0.7-2 due to news, and much more tuning
- now untarring enforced version
- repacked bits are now requested in exact version
- repacked portables
- using icons from source package
- providing full sources via src package
- requiring exact version.reelase of portables
- todo, lost alt java manpage.. probably already in portables
- TODO conslut this clean up - javdoc
- todo, debuginfo
diff --git a/NEWS b/NEWS
deleted file mode 100644
index e03d474..0000000
--- a/NEWS
+++ /dev/null
@@ -1,4303 +0,0 @@
-Key:
-
-JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
-CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
-
-New in release OpenJDK 11.0.18 (2023-01-17):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk11018
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.18.html
-
-* CVEs
- - CVE-2023-21835
- - CVE-2023-21843
-* Security fixes
- - JDK-8286070: Improve UTF8 representation
- - JDK-8286496: Improve Thread labels
- - JDK-8287411: Enhance DTLS performance
- - JDK-8288516: Enhance font creation
- - JDK-8289350: Better media supports
- - JDK-8293554: Enhanced DH Key Exchanges
- - JDK-8293598: Enhance InetAddress address handling
- - JDK-8293717: Objective view of ObjectView
- - JDK-8293734: Improve BMP image handling
- - JDK-8293742: Better Banking of Sounds
- - JDK-8295687: Better BMP bounds
-* Other changes
- - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException
- - JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider
- - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
- - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
- - JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails
- - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed
- - JDK-8029633: Raw inner class constructor ref should not perform diamond inference
- - JDK-8030121: java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java fails
- - JDK-8079267: [TEST_BUG] Test java/awt/Frame/MiscUndecorated/RepaintTest.java fails
- - JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails
- - JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java
- - JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/MultiresolutionIconTest.java
- - JDK-8172269: When checking the default behaviour for a scroll tab layout and checking the 'opaque' checkbox, the area behind tabs is not red.
- - JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout
- - JDK-8193942: Regression automated test '/open/test/jdk/javax/swing/JFrame/8175301/ScaledFrameBackgroundTest.java' fails
- - JDK-8194126: Regression automated Test '/open/test/jdk/javax/swing/JColorChooser/Test7194184.java' fails
- - JDK-8198343: Test java/awt/print/PrinterJob/TestPgfmtSetMPA.java may fail w/o printer
- - JDK-8199290: [TESTBUG] sun.hotspot.WhiteBox$WhiteBoxPermission is not copied
- - JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails
- - JDK-8206125: [windows] cannot pass relative path to --with-boot-jdk
- - JDK-8210047: some pages contain content outside of landmark region
- - JDK-8211002: test/jdk/java/lang/Math/PowTests.java skips testing for non-corner-case values
- - JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch
- - JDK-8213239: Configure cannot handle command overrides with arguments
- - JDK-8215571: jdb does not include jdk.* in the default class filter
- - JDK-8217032: Check pandoc capabilities in configure
- - JDK-8222091: Javadoc does not handle package annotations correctly on package-info.java
- - JDK-8222251: preflow visitor is not visiting lambda expressions
- - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
- - JDK-8227179: Test for new gc+metaspace=info output format
- - JDK-8227651: Tests fail with SSLProtocolException: Input record too big
- - JDK-8228672: [TESTBUG] gc/metaspace/TestSizeTransitions.java fails on 32-bit platforms
- - JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs
- - JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos
- - JDK-8233565: [TESTBUG] NullModalityDialogTest.java fails on MacOS
- - JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos
- - JDK-8239708: Split basics.m4 into basic.m4 and util.m4
- - JDK-8240281: Remove failing assertion code when selecting first memory state in SuperWord::co_locate_pack
- - JDK-8242468: VS2019 build missing vcruntime140_1.dll
- - JDK-8243565: some gc tests use 'test.java.opts' and not 'test.vm.opts'
- - JDK-8243568: serviceability/logging/TestLogRotation.java uses 'test.java.opts' and not 'test.vm.opts'
- - JDK-8244010: Simplify usages of ProcessTools.createJavaProcessBuilder in our tests
- - JDK-8244557: test/jdk/javax/swing/JTabbedPane/TestBackgroundScrollPolicy.java failed
- - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
- - JDK-8249694: java/lang/StringBuffer/HugeCapacity.java and j/l/StringBuilder/HugeCapacity.java tests shouldn't be @ignore-d
- - JDK-8253877: gc/g1/TestGCLogMessages.java fails - missing "Evacuation failure" message
- - JDK-8254874: ZGC: JNIHandleBlock verification failure in stack watermark processing
- - JDK-8254976: Re-enable swing jtreg tests which were broken due to samevm mode
- - JDK-8255439: System Tray icons get corrupted when Windows scaling changes
- - JDK-8256109: Create implementation for NSAccessibilityButton protocol
- - JDK-8257679: Improved unix compatibility layer in Windows build (winenv)
- - JDK-8257722: Improve "keytool -printcert -jarfile" output
- - JDK-8258005: JDK build fails with incorrect fixpath script
- - JDK-8259485: Document need for short paths when building on Windows
- - JDK-8260272: bash configure --prefix does not work after JDK-8257679
- - JDK-8261336: IGV: enhance default filters
- - JDK-8261445: Use memory_order_relaxed for os::random().
- - JDK-8261758: [TESTBUG] gc/g1/TestGCLogMessages.java fails if ergonomics detect too small InitialHeapSize
- - JDK-8263326: Remove ReceiverTypeData check from serviceability/sa/TestPrintMdo.java
- - JDK-8263871: On sem_destroy() failing we should assert
- - JDK-8264593: debug.cpp utilities should be available in product builds.
- - JDK-8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class
- - JDK-8266082: AssertionError in Annotate.fromAnnotations with -Xdoclint
- - JDK-8266967: debug.cpp utility find() should print Java Object fields.
- - JDK-8268361: Fix the infinite loop in next_line
- - JDK-8268860: Windows-Aarch64 build is failing in GitHub actions
- - JDK-8268893: jcmd to trim the glibc heap
- - JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs
- - JDK-8269873: serviceability/sa/Clhsdb tests are using a C2 specific VMStruct field
- - JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64
- - JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints
- - JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368
- - JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12
- - JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction
- - JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java
- - JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ImageTypes.java & show test UI
- - JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS
- - JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java
- - JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening
- - JDK-8274597: Some of the dnd tests time out and fail intermittently
- - JDK-8275170: Some jtreg sound tests should be marked with sound keyword
- - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
- - JDK-8276841: Add support for Visual Studio 2022
- - JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points
- - JDK-8277497: Last column cell in the JTable row is read as empty cell
- - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
- - JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch"
- - JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore
- - JDK-8279695: [TESTBUG] modify compiler/loopopts/TestSkeletonPredicateNegation.java to run on C1 also
- - JDK-8280158: New test from JDK-8274736 failed with/without patch in JDK11u
- - JDK-8280550: SplittableRandom#nextDouble(double,double) can return result >= bound
- - JDK-8280863: Update build README to reflect that MSYS2 is supported
- - JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR
- - JDK-8280948: Write a regression test for JDK-4659800
- - JDK-8280950: RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix
- - JDK-8281183: RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950
- - JDK-8281296: Create a regression test for JDK-4515999
- - JDK-8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted)
- - JDK-8282046: Create a regression test for JDK-8000326
- - JDK-8282276: Problem list failing two Robot Screen Capture tests
- - JDK-8282306: os::is_first_C_frame(frame*) crashes on invalid link access
- - JDK-8282345: handle latest VS2022 in abstract_vm_version
- - JDK-8282402: Create a regression test for JDK-4666101
- - JDK-8282640: Create a test for JDK-4740761
- - JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/LoadUnloadGC2.java fails intermittently with exit code 1
- - JDK-8282730: LdapLoginModule throw NPE from logout method after login failure
- - JDK-8282777: Create a Regression test for JDK-4515031
- - JDK-8282778: Create a regression test for JDK-4699544
- - JDK-8282857: Create a regression test for JDK-4702690
- - JDK-8282936: Write a regression test for JDK-4615365
- - JDK-8282937: Write a regression test for JDK-4820080
- - JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup
- - JDK-8283422: Create a new test for JDK-8254790
- - JDK-8284294: Create an automated regression test for RFE 4138746
- - JDK-8284358: Unreachable loop is not removed from C2 IR, leading to a broken graph
- - JDK-8284521: Write an automated regression test for RFE 4371575
- - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
- - JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X
- - JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation
- - JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
- - JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java
- - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
- - JDK-8285305: Create an automated test for JDK-4495286
- - JDK-8285373: Create an automated test for JDK-4702233
- - JDK-8285604: closed sun/java2d/GdiRendering/ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)"
- - JDK-8285617: Fix java/awt/print/PrinterJob/ImagePrinting/PrintARGBImage.java manual test
- - JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox
- - JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment
- - JDK-8285836: sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server"
- - JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/AttachReturnError.java fails on Alpine
- - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
- - JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray
- - JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/DropTargetInInternalFrameTest.html times out and fails in Windows
- - JDK-8286872: Refactor add/modify notification icon (TrayIcon)
- - JDK-8287076: Document.normalizeDocument() produces different results
- - JDK-8287091: aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn
- - JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path
- - JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative
- - JDK-8287724: Fix various issues with msys2
- - JDK-8287826: javax/accessibility/4702233/AccessiblePropertiesTest.java fails to compile
- - JDK-8287895: Some langtools tests fail on msys2
- - JDK-8287896: PropertiesTest.sh fail on msys2
- - JDK-8287902: UnreadableRB case in MissingResourceCauseTest is not working reliably on Windows
- - JDK-8287917: System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier
- - JDK-8288132: Update test artifacts in QuoVadis CA interop tests
- - JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces
- - JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable
- - JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding
- - JDK-8288599: com/sun/management/OperatingSystemMXBean/TestTotalSwap.java: Expected total swap size ... but getTotalSwapSpaceSize returned ...
- - JDK-8288985: P11TlsKeyMaterialGenerator should work with ChaCha20-Poly1305
- - JDK-8289043: C2: Vector constant materialization attempt
- - JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output
- - JDK-8290207: Missing notice in dom.md
- - JDK-8290209: jcup.md missing additional text
- - JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1
- - JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure
- - JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI"
- - JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize
- - JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses
- - JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*)
- - JDK-8291461: assert(false) failed: bad AD file
- - JDK-8292083: Detected container memory limit may exceed physical machine memory
- - JDK-8292158: AES-CTR cipher state corruption with AVX-512
- - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
- - JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update
- - JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free
- - JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures
- - JDK-8292887: Bump update version for OpenJDK: jdk-11.0.18
- - JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform
- - JDK-8293044: C1: Missing access check on non-accessible class
- - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
- - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
- - JDK-8293578: Duplicate ldc generated by javac
- - JDK-8293672: Update freetype md file
- - JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent
- - JDK-8293826: Closed test fails after JDK-8276108 on aarch64
- - JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening
- - JDK-8293834: Update CLDR data following tzdata 2022c update
- - JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
- - JDK-8294138: [11u] Revert change from JDK-8210962 in basic.m4
- - JDK-8294307: ISO 4217 Amendment 173 Update
- - JDK-8294357: (tz) Update Timezone Data to 2022d
- - JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode
- - JDK-8294740: Add cgroups keyword to TestDockerBasic.java
- - JDK-8295173: (tz) Update Timezone Data to 2022e
- - JDK-8295288: Some vm_flags tests associate with a wrong BugID
- - JDK-8295322: Tests for JDK-8271459 were not backported to 11u
- - JDK-8295429: Update harfbuzz md file
- - JDK-8295469: S390X: Optimized builds are broken
- - JDK-8295554: Move the "sizecalc.h" to the correct location
- - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
- - JDK-8295714: GHA ::set-output is deprecated and will be removed
- - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error
- - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor
- - JDK-8295952: Problemlist existing compiler/rtm tests also on x86
- - JDK-8296108: (tz) Update Timezone Data to 2022f
- - JDK-8296239: ISO 4217 Amendment 174 Update
- - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
- - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
- - JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
- - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
- - JDK-8296652: Restore windows aarch64 fixpath patch that was removed in 8239708
- - JDK-8296715: CLDR v42 update for tzdata 2022f
- - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
- - JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used
- - JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails again
- - JDK-8297241: Update sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java
- - JDK-8297481: Create a regression test for JDK-4424517
- - JDK-8297656: AArch64: Enable AES/GCM Intrinsics
- - JDK-8297804: (tz) Update Timezone Data to 2022g
- - JDK-8298737: 8296772 backport to jdk11u caused build error on sparc
- - JDK-8299393: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18
- - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- - JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport
-
-Notes on individual issues:
-===========================
-
-client-libs/javax.imageio:
-
-JDK-8295687: Better BMP bounds
-==============================
-Loading a linked ICC profile within a BMP image is now disabled by
-default. To re-enable it, set the new system property
-`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
-replaces the old property,
-`sun.imageio.plugins.bmp.disableLinkedProfiles`.
-
-client-libs/javax.sound:
-
-JDK-8293742: Better Banking of Sounds
-=====================================
-Previously, the SoundbankReader implementation,
-`com.sun.media.sound.JARSoundbankReader`, would download a JAR
-soundbank from a URL. This behaviour is now disabled by default. To
-re-enable it, set the new system property `jdk.sound.jarsoundbank` to
-`true`.
-
-security-libs/javax.crypto:
-
-JDK-6782021: Windows KeyStore Updated to Include Access to the Local Machine Location
-=====================================================================================
-The Windows KeyStore support in the SunMSCAPI provider has been
-expanded to include access to the local machine location. The new
-keystore types are:
-
-* "Windows-MY-LOCALMACHINE"
-* "Windows-ROOT-LOCALMACHINE"
-
-The following keystore types were also added, allowing developers to
-make it clear they map to the current user:
-
-* "Windows-MY-CURRENTUSER" (same as "Windows-MY")
-* "Windows-ROOT-CURRENTUSER" (same as "Windows-ROOT")
-
-security-libs/java.security:
-
-JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set
-==========================================================================================================
-Back in OpenJDK 9, JDK-8015081 changed the Set implementation used to
-hold principals and credentials so that it rejected null
-values. Attempts to call add(null), contains(null) or remove(null)
-were changed to throw a NullPointerException.
-
-However, the logout() methods in the LoginModule implementations
-within the JDK were not updated to check for null values, which may
-occur in the event of a failed login. As a result, a logout() call may
-throw a NullPointerException.
-
-The LoginModule implementations have now been updated with such checks
-and an implementation note added to the specification to suggest that
-the same change is made in third party modules. Developers of third
-party modules are advised to verify that their logout() method does not
-throw a NullPointerException.
-
-security-libs/javax.net.ssl:
-
-JDK-8287411: Enhance DTLS performance
-=====================================
-The JDK now exchanges DTLS cookies for all handshakes, new and
-resumed. The previous behaviour can be re-enabled by setting the new
-system property `jdk.tls.enableDtlsResumeCookie` to `false`.
-
-New in release OpenJDK 11.0.17 (2022-10-18):
-=============================================
-Live versions of these release notes can be found at:
- * https://bit.ly/openjdk11017
- * https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html
-
-* Security fixes
- - JDK-8282252: Improve BigInteger/Decimal validation
- - JDK-8285662: Better permission resolution
- - JDK-8286077, CVE-2022-21618: Wider MultiByte conversions
- - JDK-8286511: Improve macro allocation
- - JDK-8286519: Better memory handling
- - JDK-8286526, CVE-2022-21619: Improve NTLM support
- - JDK-8286533, CVE-2022-21626: Key X509 usages
- - JDK-8286910, CVE-2022-21624: Improve JNDI lookups
- - JDK-8286918, CVE-2022-21628: Better HttpServer service
- - JDK-8287446: Enhance icon presentations
- - JDK-8288508: Enhance ECDSA usage
- - JDK-8289366, CVE-2022-39399: Improve HTTP/2 client usage
- - JDK-8289853: Update HarfBuzz to 4.4.1
- - JDK-8290334: Update FreeType to 2.12.1
- - JDK-8293429: [11u] minor update in attribute style
-* Other changes
- - JDK-6606767: resexhausted00[34] fail assert(!thread->owns_locks(), "must release all locks when leaving VM")
- - JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7
- - JDK-7131823: bug in GIFImageReader
- - JDK-8017175: [TESTBUG] javax/swing/JPopupMenu/4634626/bug4634626.java sometimes failed on mac
- - JDK-8028265: Add legacy tz tests to OpenJDK
- - JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires
- - JDK-8139348: Deprecate 3DES and RC4 in Kerberos
- - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
- - JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption
- - JDK-8169468: NoResizeEventOnDMChangeTest.java fails because FS Window didn't receive all resizes!
- - JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad"
- - JDK-8183372: Refactor java/lang/Class shell tests to java
- - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names
- - JDK-8193462: Fix Filer handling of package-info initial elements
- - JDK-8203277: preflow visitor used during lambda attribution shouldn't visit class definitions inside the lambda body
- - JDK-8208471: nsk/jdb/unwatch/unwatch002/unwatch002.java fails with "Prompt is not received during 300200 milliseconds"
- - JDK-8209052: Low contrast in docs/api/constant-values.html
- - JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode
- - JDK-8210107: vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed)
- - JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure
- - JDK-8210960: Allow --with-boot-jdk-jvmargs to work during configure
- - JDK-8212904: JTextArea line wrapping incorrect when using UI scale
- - JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in some configs
- - JDK-8214078: (fs) SecureDirectoryStream not supported on arm32
- - JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount()
- - JDK-8215291: Broken links when generating from project without modules
- - JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java timed out
- - JDK-8217332: JTREG: Clean up, use generics instead of raw types
- - JDK-8218128: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003 and 004 use wrong path to test classes
- - JDK-8218413: make reconfigure ignores configure-time AUTOCONF environment variable
- - JDK-8219074: [TESTBUG] runtime/containers/docker/TestCPUAwareness.java typo of printing parameters (period should be shares)
- - JDK-8219149: ProcessTools.ProcessBuilder should print timing info for subprocesses
- - JDK-8220744: [TESTBUG] Move RedefineTests from runtime to serviceability
- - JDK-8221871: javadoc should not set role=region on <section> elements
- - JDK-8221907: make reconfigure breaks when configured with relative paths
- - JDK-8223543: [TESTBUG] Regression test java/awt/Graphics2D/DrawString/LCDTextSrcEa.java has issues
- - JDK-8223575: add subspace transitions to gc+metaspace=info log lines
- - JDK-8225122: Test AncestorResized.java fails when Windows desktop is scaled.
- - JDK-8226976: SessionTimeOutTests uses == operator for String value check
- - JDK-8230708: Hotspot fails to build on linux-sparc with gcc-9
- - JDK-8233712: Limit default tests jobs based on ulimit -u setting
- - JDK-8235870: C2 crashes in IdealLoopTree::est_loop_flow_merge_sz()
- - JDK-8236490: Compiler bug relating to @NonNull annotation
- - JDK-8236823: Ensure that API documentation uses minified libraries
- - JDK-8238196: tests that use SA Attach should not be allowed to run against signed binaries on Mac OS X 10.14.5 and later
- - JDK-8238203: Return value of GetUserDefaultUILanguage() should be handled as LANGID
- - JDK-8238268: Many SA tests are not running on OSX because they do not attempt to use sudo when available
- - JDK-8238586: [TESTBUG] vmTestbase/jit/tiered/Test.java failed when TieredCompilation is disabled
- - JDK-8239265: JFR: Test cleanup of jdk.jfr.api.consumer package
- - JDK-8239379: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java on OSX
- - JDK-8239423: jdk/jfr/jvm/TestJFRIntrinsic.java failed with -XX:-TieredCompilation
- - JDK-8239902: [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class
- - JDK-8240903: Add test to check that jmod hashes are reproducible
- - JDK-8242188: error in jtreg test jdk/jfr/api/consumer/TestRecordedFrame.java on linux-aarch64
- - JDK-8247546: Pattern matching does not skip correctly over supplementary characters
- - JDK-8247907: XMLDsig logging does not work
- - JDK-8247964: All log0() in com/sun/org/slf4j/internal/Logger.java should be private
- - JDK-8249623: test @ignore-d due to 7013634 should be returned back to execution
- - JDK-8251152: ARM32: jtreg c2 Test8202414 test crash
- - JDK-8251551: Use .md filename extension for README
- - JDK-8252145: Unify Info.plist files with correct version strings
- - JDK-8253829: Wrong length compared in SSPI bridge
- - JDK-8253916: ResourceExhausted/resexhausted001 crashes on Linux-x64
- - JDK-8254178: Remove .hgignore
- - JDK-8254318: Remove .hgtags
- - JDK-8255724: [XRender] the BlitRotateClippedArea test fails on Linux in the XR pipeline
- - JDK-8255729: com.sun.tools.javac.processing.JavacFiler.FilerOutputStream is inefficient
- - JDK-8257623: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted001/TestDescription.java shouldn't use timeout
- - JDK-8258946: Fix optimization-unstable code involving signed integer overflow
- - JDK-8261160: Add a deserialization JFR event
- - JDK-8262085: Hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux
- - JDK-8264400: (fs) WindowsFileStore equality depends on how the FileStore was constructed
- - JDK-8264792: The NumberFormat for locale sq_XK formats price incorrectly.
- - JDK-8265020: tests must be updated for new TestNG module name
- - JDK-8265100: (fs) WindowsFileStore.hashCode() should read cached hash code once
- - JDK-8265531: doc/building.md should mention homebrew install freetype
- - JDK-8266250: WebSocketTest and WebSocketProxyTest call assertEquals(List<byte[]>, List<byte[]>)
- - JDK-8266254: Update to use jtreg 6
- - JDK-8266460: java.io tests fail on null stream with upgraded jtreg/TestNG
- - JDK-8266461: tools/jmod/hashes/HashesTest.java fails: static @Test methods
- - JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups
- - JDK-8266675: Optimize IntHashTable for encapsulation and ease of use
- - JDK-8266774: System property values for stdout/err on Windows UTF-8
- - JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java
- - JDK-8267180: Typo in copyright header for HashesTest
- - JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation
- - JDK-8267880: Upgrade the default PKCS12 MAC algorithm
- - JDK-8268185: Update GitHub Actions for jtreg 6
- - JDK-8269039: Disable SHA-1 Signed JARs
- - JDK-8269517: compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges
- - JDK-8270090: C2: LCM may prioritize CheckCastPP nodes over projections
- - JDK-8270312: Error: Not a test or directory containing tests: java/awt/print/PrinterJob/XparColor.java
- - JDK-8271010: vmTestbase/gc/lock/malloc/malloclock04/TestDescription.java crashes intermittently
- - JDK-8271078: jdk/incubator/vector/Float128VectorTests.java failed a subtest
- - JDK-8271512: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java due to 8270326
- - JDK-8272352: Java launcher can not parse Chinese character when system locale is set to UTF-8
- - JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
- - JDK-8273526: Extend the OSContainer API pids controller with pids.current
- - JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
- - JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false]
- - JDK-8274687: JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend
- - JDK-8275008: gtest build failure due to stringop-overflow warning with gcc11
- - JDK-8275689: [TESTBUG] Use color tolerance only for XRender in BlitRotateClippedArea test
- - JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
- - JDK-8277893: Arraycopy stress tests
- - JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
- - JDK-8278344: sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output
- - JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"
- - JDK-8279032: compiler/loopopts/TestSkeletonPredicateNegation.java times out with -XX:TieredStopAtLevel < 4
- - JDK-8279385: [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java after 8278344
- - JDK-8279622: C2: miscompilation of map pattern as a vector reduction
- - JDK-8280913: Create a regression test for JRootPane.setDefaultButton() method
- - JDK-8281181: Do not use CPU Shares to compute active processor count
- - JDK-8281535: