Update to shenandoah-jdk8u352-b07 (EA)

Update release notes for shenandoah-8u352-b07.
Switch to EA mode for 8u352 pre-release builds.
Rebase FIPS patch against 8u352-b07
This commit is contained in:
Andrew Hughes 2022-10-12 01:56:31 +01:00
parent 4892a89d43
commit b057a1dd37
5 changed files with 167 additions and 14 deletions

1
.gitignore vendored
View File

@ -258,3 +258,4 @@
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b06-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u342-b07-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u345-b01-4curve.tar.xz
/openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b07-4curve.tar.xz

146
NEWS
View File

@ -3,6 +3,152 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u352 (2022-10-18):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u352
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u352.txt
* Other changes
- JDK-7131823: bug in GIFImageReader
- JDK-7186258: InetAddress$Cache should replace currentTimeMillis with nanoTime for more precise and accurate
- JDK-8028265: Add legacy tz tests to OpenJDK
- JDK-8039955: [TESTBUG] jdk/lambda/LambdaTranslationTest1 - java.lang.AssertionError: expected [d:1234.000000] but found [d:1234,000000]
- JDK-8049228: Improve multithreaded scalability of InetAddress cache
- JDK-8071507: (ref) Clear phantom reference as soft and weak references do
- JDK-8087283: Add support for the XML Signature here() function to the JDK XPath implementation
- JDK-8130895: Test javax/swing/system/6799345/TestShutdown.java fails on Solaris11 Sparcv9
- JDK-8136354: [TEST_BUG] Test java/awt/image/RescaleOp/RescaleAlphaTest.java with Bad action for script
- JDK-8139668: Generate README-build.html from markdown
- JDK-8143847: Remove REF_CLEANER reference category
- JDK-8150669: C1 intrinsic for Class.isPrimitive
- JDK-8155742: [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows
- JDK-8173339: AArch64: Fix minimum stack size computations
- JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load
- JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing
- JDK-8178832: (ref) jdk.lang.ref.disableClearBeforeEnqueue property is ignored
- JDK-8183107: PKCS11 regression regarding checkKeySize
- JDK-8193780: (ref) Remove the undocumented "jdk.lang.ref.disableClearBeforeEnqueue" system property
- JDK-8194873: right ALT key hotkeys no longer work in Swing components
- JDK-8201793: (ref) Reference object should not support cloning
- JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount()
- JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures.
- JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit
- JDK-8235218: Minimal VM is broken after JDK-8173361
- JDK-8235385: Crash on aarch64 JDK due to long offset
- JDK-8245263: Enable TLSv1.3 by default on JDK 8u for Client roles
- JDK-8254178: Remove .hgignore
- JDK-8254318: Remove .hgtags
- JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version
- JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
- JDK-8280963: Incorrect PrintFlags formatting on Windows
- JDK-8282538: PKCS11 tests fail on CentOS Stream 9
- JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee
- JDK-8285400: Add '@apiNote' to the APIs defined in Java SE 8 MR 3
- JDK-8285497: Add system property for Java SE specification maintenance version
- JDK-8287132: Retire Runtime.runFinalizersOnExit so that it always throws UOE
- JDK-8287508: The tests added to jdk-8 by 8235385 are to be ported to jdk-11
- JDK-8287521: Bump update version of OpenJDK: 8u352
- JDK-8288763: Pack200 extraction failure with invalid size
- JDK-8288865: [aarch64] LDR instructions must use legitimized addresses
- JDK-8290000: Bump macOS GitHub actions to macOS 11
- JDK-8292579: (tz) Update Timezone Data to 2022c
- JDK-8292688: Support Security properties in security.testlibrary.Proc
Notes on individual issues:
===========================
core-libs/java.lang:
JDK-8201793: (ref) Reference object should not support cloning
==============================================================
`java.lang.ref.Reference::clone` method always throws
`CloneNotSupportedException`. `Reference` objects cannot be
meaningfully cloned. To create a new Reference object, call the
constructor to create a `Reference` object with the same referent and
reference queue instead.
JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing
===============================================================================================
`java.lang.ref.Reference.enqueue` method clears the reference object
before it is added to the registered queue. When the `enqueue` method
is called, the reference object is cleared and `get()` method will
return null in OpenJDK 8u352.
Typically when a reference object is enqueued, it is expected that the
reference object is cleared explicitly via the `clear` method to avoid
memory leak because its referent is no longer referenced. In other
words the `get` method is expected not to be called in common cases
once the `enqueue`method is called. In the case when the `get` method
from an enqueued reference object and existing code attempts to access
members of the referent, `NullPointerException` may be thrown. Such
code will need to be updated.
JDK-8071507: (ref) Clear phantom reference as soft and weak references do
=========================================================================
This enhancement changes phantom references to be automatically
cleared by the garbage collector as soft and weak references.
An object becomes phantom reachable after it has been finalized. This
change may cause the phantom reachable objects to be GC'ed earlier -
previously the referent is kept alive until PhantomReference objects
are GC'ed or cleared by the application. This potential behavioral
change might only impact existing code that would depend on
PhantomReference being enqueued rather than when the referent be freed
from the heap.
security-libs/javax.net.ssl:
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
================================================================
The TLSv1.3 implementation is now enabled by default for client roles
in 8u352. It has been enabled by default for server roles since 8u272.
Note that TLS 1.3 is not directly compatible with previous
versions. Enabling it on the client may introduce compatibility issues
on either the server or the client side. Here are some more details on
potential compatibility issues that you should be aware of:
* TLS 1.3 uses a half-close policy, while TLS 1.2 and prior versions
use a duplex-close policy. For applications that depend on the
duplex-close policy, there may be compatibility issues when
upgrading to TLS 1.3.
* The signature_algorithms_cert extension requires that pre-defined
signature algorithms are used for certificate authentication. In
practice, however, an application may use non-supported signature
algorithms.
* The DSA signature algorithm is not supported in TLS 1.3. If a server
is configured to only use DSA certificates, it cannot upgrade to TLS
1.3.
* The supported cipher suites for TLS 1.3 are not the same as TLS 1.2
and prior versions. If an application hard-codes cipher suites which
are no longer supported, it may not be able to use TLS 1.3 without
modifying the application code.
* The TLS 1.3 session resumption and key update behaviors are
different from TLS 1.2 and prior versions. The compatibility should
be minimal, but it could be a risk if an application depends on the
handshake details of the TLS protocols.
The TLS 1.3 protocol can be disabled by using the jdk.tls.client.protocols
system property:
java -Djdk.tls.client.protocols="TLSv1.2" ...
Alternatively, an application can explicitly set the enabled protocols
with the javax.net.ssl APIs e.g.
sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"});
or:
SSLParameters params = sslSocket.getSSLParameters();
params.setProtocols(new String[] {"TLSv1.2"});
slsSocket.setSSLParameters(params);
New in release OpenJDK 8u345 (2022-08-01):
===========================================
Live versions of these release notes can be found at:

View File

@ -11,7 +11,7 @@ index 151e5a109f8..a8761b500e0 100644
LIB_SETUP_ON_WINDOWS
diff --git a/common/autoconf/generated-configure.sh b/common/autoconf/generated-configure.sh
index e77ce854dc5..ec6e9b27ca5 100644
index 71fabf4dbb3..17f4f50673d 100644
--- a/common/autoconf/generated-configure.sh
+++ b/common/autoconf/generated-configure.sh
@@ -651,6 +651,9 @@ LLVM_CONFIG
@ -124,7 +124,7 @@ index e77ce854dc5..ec6e9b27ca5 100644
#
# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
@@ -49290,6 +49351,157 @@ fi
@@ -49304,6 +49365,157 @@ fi
LIBS="$save_LIBS"
@ -1532,7 +1532,7 @@ index ffee2c1603b..98119479823 100644
"FIPS mode: KeyStore must be " +
"from provider " + SunJSSE.cryptoProvider.getName());
diff --git a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
index cd0e9e98df9..fba760187c0 100644
index 820e10164fc..6fe2c29389f 100644
--- a/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -31,6 +31,7 @@ import java.security.*;
@ -1627,8 +1627,8 @@ index cd0e9e98df9..fba760187c0 100644
+ };
+ }
return new ProtocolVersion[]{
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
ProtocolVersion.TLS11,
diff --git a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java b/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
index 2845dc37938..52337a7b6cf 100644
--- a/jdk/src/share/classes/sun/security/ssl/SunJSSE.java
@ -1659,7 +1659,7 @@ index 2845dc37938..52337a7b6cf 100644
"sun.security.ssl.SSLContextImpl$TLSContext");
if (isfips == false) {
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
index d3d64b3facd..bfe0c593adb 100644
index 7a93d4e6b59..681a24b905d 100644
--- a/jdk/src/share/lib/security/java.security-aix
+++ b/jdk/src/share/lib/security/java.security-aix
@@ -287,6 +287,13 @@ package.definition=sun.,\
@ -1677,7 +1677,7 @@ index d3d64b3facd..bfe0c593adb 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
index db610d4bfbb..9d1c8fe8a8e 100644
index 145a84f94cf..789c19a8cba 100644
--- a/jdk/src/share/lib/security/java.security-linux
+++ b/jdk/src/share/lib/security/java.security-linux
@@ -75,6 +75,14 @@ security.provider.7=com.sun.security.sasl.Provider
@ -1722,7 +1722,7 @@ index db610d4bfbb..9d1c8fe8a8e 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
index a919ba3d5cd..19047c61097 100644
index 35fa140d7a5..d4da666af3b 100644
--- a/jdk/src/share/lib/security/java.security-macosx
+++ b/jdk/src/share/lib/security/java.security-macosx
@@ -290,6 +290,13 @@ package.definition=sun.,\
@ -1740,7 +1740,7 @@ index a919ba3d5cd..19047c61097 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
index 86265ba5fb6..7eda556ae13 100644
index f79ba37ddb9..300132384a1 100644
--- a/jdk/src/share/lib/security/java.security-solaris
+++ b/jdk/src/share/lib/security/java.security-solaris
@@ -288,6 +288,13 @@ package.definition=sun.,\
@ -1758,7 +1758,7 @@ index 86265ba5fb6..7eda556ae13 100644
# Determines the default key and trust manager factory algorithms for
# the javax.net.ssl package.
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
index 9b4bda23cbe..dfa1a669aa9 100644
index d70503ce95f..64db5a5cd1e 100644
--- a/jdk/src/share/lib/security/java.security-windows
+++ b/jdk/src/share/lib/security/java.security-windows
@@ -290,6 +290,13 @@ package.definition=sun.,\

View File

@ -317,7 +317,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 3.15.0
# Define current Git revision for the FIPS support patches
%global fipsver 8e8bbf0ff74
%global fipsver 6d1aade0648
# Standard JPackage naming and versioning defines
%global origin openjdk
@ -347,7 +347,7 @@
# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there.
%global shenandoah_project openjdk
%global shenandoah_repo shenandoah-jdk8u
%global openjdk_revision jdk8u345-b01
%global openjdk_revision jdk8u352-b07
%global shenandoah_revision shenandoah-%{openjdk_revision}
# Define old aarch64/jdk8u tree variables for compatibility
%global project %{shenandoah_project}
@ -363,12 +363,12 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 2
%global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%global is_ga 0
%if %{is_ga}
%global milestone fcs
%global milestone_version %{nil}
@ -2878,6 +2878,12 @@ cjc.mainProgram(args)
%endif
%changelog
* Wed Oct 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.352.b07-0.1.ea
- Update to shenandoah-jdk8u352-b07 (EA)
- Update release notes for shenandoah-8u352-b07.
- Switch to EA mode for 8u352 pre-release builds.
- Rebase FIPS patch against 8u352-b07
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.345.b01-2
- Switch to static builds, reducing system dependencies and making build more portable

View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-3.15.0.tar.xz) = c752a197cb3d812d50c35e11e4722772be40096c81d2a57933e0d9b8a3c708b9c157b8108a4e33a06ca7bb81648170994408c75d6f69d5ff12785d0c31009671
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u345-b01-4curve.tar.xz) = 6fa848faa201a01516c8bc616e0cb980fc012c6f54493138fdd38962c8d706382567467b380eaa34a52ffae3657a13f3f136163c1185f38dc0b5dc0e2151f49d
SHA512 (openjdk-shenandoah-jdk8u-shenandoah-jdk8u352-b07-4curve.tar.xz) = 9525cdd009037328e061965c751fae7fb61887d87efadfbc8b361aeee74a3cbb0bc2405f0bd33d3c943862a2eab5d30576e071063a87ec326b1781d29e7974ea