diff --git a/SOURCES/NEWS b/SOURCES/NEWS deleted file mode 100644 index 33e4199..0000000 --- a/SOURCES/NEWS +++ /dev/null @@ -1,2404 +0,0 @@ -Key: - -JDK-X - https://bugs.openjdk.java.net/browse/JDK-X -CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY - -New in release OpenJDK 8u372 (2023-04-18): -=========================================== -Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u372 - -* CVEs - - CVE-2023-21930 - - CVE-2023-21937 - - CVE-2023-21938 - - CVE-2023-21939 - - CVE-2023-21954 - - CVE-2023-21967 - - CVE-2023-21968 -* Security fixes - - JDK-8287404: Improve ping times - - JDK-8288436: Improve Xalan supports - - JDK-8294474: Better AES support - - JDK-8295304: Runtime support improvements - - JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation - - JDK-8296676, JDK-8296622: Improve String platform support - - JDK-8296684: Improve String platform support - - JDK-8296692: Improve String platform support - - JDK-8296700: Improve String platform support - - JDK-8296832: Improve Swing platform support - - JDK-8297371: Improve UTF8 representation redux - - JDK-8298191: Enhance object reclamation process - - JDK-8298310: Enhance TLS session negotiation - - JDK-8298667: Improved path handling - - JDK-8299129: Enhance NameService lookups -* New features - - JDK-8230305: Cgroups v2: Container awareness -* Other changes - - JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html - - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows - - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails - - JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be - - JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation - - JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java - - JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows - - JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled - - JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB - - JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error - - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing - - JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu - - JDK-8156579: Two JavaBeans tests failed - - JDK-8156581: Cleanup of ProblemList.txt - - JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail - - JDK-8177560: @headful key can be removed from the tests for JavaSound - - JDK-8196196: Headful tests should not be run in headless mode - - JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails - - JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp - - JDK-8203485: [freetype] text rotated on 180 degrees is too narrow - - JDK-8205959: Do not restart close if errno is EINTR - - JDK-8216366: Add rationale to PER_CPU_SHARES define - - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails - - JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes) - - JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12 - - JDK-8229202: Docker reporting causes secondary crashes in error handling - - JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy - - JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation - - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos - - JDK-8234484: Add ability to configure third port for remote JMX - - JDK-8237479: 8230305 causes slowdebug build failure - - JDK-8239559: Cgroups: Incorrect detection logic on some systems - - JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot - - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual - - JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111 - - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873 - - JDK-8242468: VS2019 build missing vcruntime140_1.dll - - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails - - JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java - - JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible) - - JDK-8245654: Add Certigna Root CA - - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows - - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked - - JDK-8252359: HotSpot Not Identifying it is Running in a Container - - JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota - - JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist - - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high - - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly - - JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems - - JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code - - JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection - - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards - - JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes - - JDK-8257620: Do not use objc_msgSend_stret to get macOS version - - JDK-8262379: Add regression test for JDK-8257746 - - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec - - JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics - - JDK-8270317: Large Allocation in CipherSuite - - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked - - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11 - - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc - - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10 - - JDK-8280048: Missing comma in copyright header - - JDK-8282398: EndingDotHostname.java test fails because SSL cert expired - - JDK-8282511: Use fixed certificate validation date in SSLExampleCert template - - JDK-8282947: JFR: Dump on shutdown live-locks in some conditions - - JDK-8283277: ISO 4217 Amendment 171 Update - - JDK-8283606: Tests may fail with zh locale on MacOS - - JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124 - - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox - - JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem - - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist - - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 - - JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller - - JDK-8287109: Distrust.java failed with CertificateExpiredException - - JDK-8287463: JFR: Disable TestDevNull.java on Windows - - JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete - - JDK-8289549: ISO 4217 Amendment 172 Update - - JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun - - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u - - JDK-8292083: Detected container memory limit may exceed physical machine memory - - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory - - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present - - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts - - JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings - - JDK-8294307: ISO 4217 Amendment 173 Update - - JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features - - JDK-8295322: Tests for JDK-8271459 were not backported to 11u - - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 - - JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process - - JDK-8296239: ISO 4217 Amendment 174 Update - - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing - - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException - - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent - - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 - - JDK-8297329: [8u] hotspot needs to recognise VS2019 - - JDK-8297739: Bump update version of OpenJDK: 8u372 - - JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's - - JDK-8298027: Remove SCCS id's from awt jtreg tests - - JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u - - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR - - JDK-8299445: EndingDotHostname.java fails because of compilation errors - - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java - - JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u - - JDK-8299804: Fix non-portable code in hotspot shell tests in 8u - - JDK-8300014: Some backports placed the tests in the wrong location - - JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems - - JDK-8301122: [8u] Fix unreliable vs2010 download link - - JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper - - JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig - - JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport - - JDK-8301550: [8u] Enable additional linux build testing in GitHub - - JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors - - JDK-8301760: Fix possible leak in SpNegoContext dispose - - JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391 - - JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391 - - JDK-8304053: Revert os specific stubs for SystemMetrics - - JDK-8305113: (tz) Update Timezone Data to 2023c - -Notes on individual issues: -=========================== - -hotspot: -core-libs: - -JDK-8305562: Cgroups v2: Container awareness -============================================ -The HotSpot runtime code as well as the core libraries code in the JDK -has been updated in order to detect a cgroup v2 host system when -running OpenJDK within a Linux container. - -Since the 8u202 release of OpenJDK, the container detection code -recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later -releases, both versions of the underlying cgroups pseudo filesystem -will be detected and corresponding container limits applied to the -OpenJDK runtime. - -Without this enhancement, OpenJDK would not apply container resource -limits when running on a cgroup v2 Linux host system, but would use -the underlying hosts' resource limits instead. - -client-libs/javax.swing: - -JDK-8296832: Improve Swing platform support -=========================================== -Earlier OpenJDK releases would always render HTML object tags embedded in -Swing HTML components. With this release, rendering only occurs when the -new system property "swing.html.object" is set to true. By default, it -is set to false. - -core-svc/javax.management: - -JDK-8234484: Added Ability to Configure Third Port for Remote JMX -================================================================= -A local access port can now be configured for JMX connections by -setting the property `com.sun.management.jmxremote.local.port`. This -local port was previously selected at random, which could lead to port -collisions. The property works in the same way as the existing -properties for configuring the remote access port -(`com.sun.management.jmxremote.port`) and the RMI port -(`com.sun.management.jmxremote.rmi.port`) - -security-libs/java.security: - -JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate -========================================================== -The following root certificate has been added to the cacerts truststore: - -Name: Certigna (Dhimyotis) -Alias Name: certignarootca -Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR - -New in release OpenJDK 8u362 (2023-01-17): -=========================================== -Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u362 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u362.html - -* CVEs - - CVE-2023-21830 - - CVE-2023-21843 -* Security fixes - - JDK-8285021: Improve CORBA communication - - JDK-8286496: Improve Thread labels - - JDK-8288516: Enhance font creation - - JDK-8289350: Better media supports - - JDK-8293554: Enhanced DH Key Exchanges - - JDK-8293598: Enhance InetAddress address handling - - JDK-8293717: Objective view of ObjectView - - JDK-8293734: Improve BMP image handling - - JDK-8293742: Better Banking of Sounds - - JDK-8295687: Better BMP bounds -* Other changes - - JDK-6885993: Named Thread: introduce print() and print_on(outputStream* st) methods - - JDK-7124218: [TEST_BUG] [macosx] Space should select cell in the JTable - - JDK-8054066: com/sun/jdi/DoubleAgentTest.java fails with timeout - - JDK-8067941: [TESTBUG] Fix tests for OS with 64K page size. - - JDK-8071530: Update OS detection code to reflect Windows 10 version change - - JDK-8073464: GC workers do not have thread names - - JDK-8079255: [TEST_BUG] [macosx] Test closed/java/awt/Robot/RobotWheelTest/RobotWheelTest fails for Mac only - - JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails - - JDK-8148005: One byte may be corrupted by get_datetime_string() - - JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java - - JDK-8159720: Failure of C2 compilation with tiered prevents some C1 compilations - - JDK-8195607: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 - - JDK-8197859: VS2017 Complains about UINTPTR_MAX definition in globalDefinitions_VisCPP.hpp - - JDK-8206456: [TESTBUG] docker jtreg tests fail on systems without cpuset.effective_cpus / cpuset.effective_mems - - JDK-8221529: [TESTBUG] Docker tests use old/deprecated image on AArch64 - - JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137 - - JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS - - JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows - - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn - - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() - - JDK-8265527: tools/javac/diags/CheckExamples.java fails after JDK-8078024 8u backport - - JDK-8269039: Disable SHA-1 Signed JARs - - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0 - - JDK-8270344: Session resumption errors - - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity - - JDK-8273176: handle latest VS2019 in abstract_vm_version - - JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening - - JDK-8274840: Update OS detection code to recognize Windows 11 - - JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled - - JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR - - JDK-8283277: ISO 4217 Amendment 171 Update - - JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode - - JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer - - JDK-8284622: Update versions of some Github Actions used in JDK workflow - - JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled - - JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041) - - JDK-8289549: ISO 4217 Amendment 172 Update - - JDK-8292762: Remove .jcheck directories from jdk8u subcomponents - - JDK-8293181: Bump update version of OpenJDK: 8u362 - - JDK-8293461: Add a test for JDK-8290832 - - JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening - - JDK-8294307: ISO 4217 Amendment 173 Update - - JDK-8294357: (tz) Update Timezone Data to 2022d - - JDK-8294863: Enable partial tier1 testing in GHA for JDK8 - - JDK-8295164: JDK 8 jdi tests should not use tasklist command on Windows - - JDK-8295173: (tz) Update Timezone Data to 2022e - - JDK-8295288: Some vm_flags tests associate with a wrong BugID - - JDK-8295714: GHA ::set-output is deprecated and will be removed - - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error - - JDK-8295915: Problemlist compiler/rtm failures specific to 8u - - JDK-8295950: Enable langtools/tier1 in GHA for 8u - - JDK-8296108: (tz) Update Timezone Data to 2022f - - JDK-8296239: ISO 4217 Amendment 174 Update - - JDK-8296555: Enable hotspot/tier1 for 64-bit builds in GHA for 8u - - JDK-8296715: CLDR v42 update for tzdata 2022f - - JDK-8296959: Fix hotspot shell tests of 8u on multilib systems - - JDK-8297141: Fix hotspot/test/runtime/SharedArchiveFile/DefaultUseWithClient.java for 8u - - JDK-8297804: (tz) Update Timezone Data to 2022g - - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR - - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java - - JDK-8300178: JDK-8286496 causes build failure on older GCC - - JDK-8300225: JDK-8288516 causes build failure on Windows + VS2010 - -Notes on individual issues: -=========================== - -client-libs/javax.imageio: - -JDK-8295687: Better BMP bounds -============================== -Loading a linked ICC profile within a BMP image is now disabled by -default. To re-enable it, set the new system property -`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property -replaces the old property, -`sun.imageio.plugins.bmp.disableLinkedProfiles`. - -client-libs/javax.sound: - -JDK-8293742: Better Banking of Sounds -===================================== -Previously, the SoundbankReader implementation, -`com.sun.media.sound.JARSoundbankReader`, would download a JAR -soundbank from a URL. This behaviour is now disabled by default. To -re-enable it, set the new system property `jdk.sound.jarsoundbank` to -`true`. - -hotspot/runtime: - -JDK-8274840: Release Now Recognises Windows 11 -============================================== -This release now correctly sets the `os.name` property to `Windows -11`, as would be expected. - -other-libs/corba:idl: - -JDK-8285021: Improve CORBA communication -======================================== -The JDK's CORBA implementation now refuses by default to deserialize -objects, unless they have the "IOR:" prefix. The previous behaviour -can be re-enabled by setting the new property -`com.sun.CORBA.ORBAllowDeserializeObject` to `true`. - -security-libs/java.security: - -JDK-8269039: Disabled SHA-1 Signed JARs -======================================= -JARs signed with SHA-1 algorithms are now restricted by default and -treated as if they were unsigned. This applies to the algorithms used -to digest, sign, and optionally timestamp the JAR. It also applies to -the signature and digest algorithms of the certificates in the -certificate chain of the code signer and the Timestamp Authority, and -any CRLs or OCSP responses that are used to verify if those -certificates have been revoked. These restrictions also apply to -signed JCE providers. - -To reduce the compatibility risk for JARs that have been previously -timestamped, there is one exception to this policy: - -- Any JAR signed with SHA-1 algorithms and timestamped prior to - January 01, 2019 will not be restricted. - -This exception may be removed in a future JDK release. To determine if -your signed JARs are affected by this change, run: - -$ jarsigner -verify -verbose -certs` - -on the signed JAR, and look for instances of "SHA1" or "SHA-1" and -"disabled" and a warning that the JAR will be treated as unsigned in -the output. - -For example: - - Signed by "CN="Signer"" - Digest algorithm: SHA-1 (disabled) - Signature algorithm: SHA1withRSA (disabled), 2048-bit key - - WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property: - - jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01 - -JARs affected by these new restrictions should be replaced or -re-signed with stronger algorithms. - -Users can, *at their own risk*, remove these restrictions by modifying -the `java.security` configuration file (or override it by using the -`java.security.properties` system property) and removing "SHA1 usage -SignedJAR & denyAfter 2019-01-01" from the -`jdk.certpath.disabledAlgorithms` security property and "SHA1 -denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security -property. - -New in release OpenJDK 8u352 (2022-10-18): -=========================================== -Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u352 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u352.txt - -* Security fixes - - JDK-8282252: Improve BigInteger/Decimal validation - - JDK-8285662: Better permission resolution - - JDK-8286511: Improve macro allocation - - JDK-8286519: Better memory handling - - JDK-8286526, CVE-2022-21619: Improve NTLM support - - JDK-8286533, CVE-2022-21626: Key X509 usages - - JDK-8286910, CVE-2022-21624: Improve JNDI lookups - - JDK-8286918, CVE-2022-21628: Better HttpServer service - - JDK-8288508: Enhance ECDSA usage -* Other changes - - JDK-7131823: bug in GIFImageReader - - JDK-7186258: InetAddress$Cache should replace currentTimeMillis with nanoTime for more precise and accurate - - JDK-8028265: Add legacy tz tests to OpenJDK - - JDK-8039955: [TESTBUG] jdk/lambda/LambdaTranslationTest1 - java.lang.AssertionError: expected [d:1234.000000] but found [d:1234,000000] - - JDK-8049228: Improve multithreaded scalability of InetAddress cache - - JDK-8071507: (ref) Clear phantom reference as soft and weak references do - - JDK-8087283: Add support for the XML Signature here() function to the JDK XPath implementation - - JDK-8130895: Test javax/swing/system/6799345/TestShutdown.java fails on Solaris11 Sparcv9 - - JDK-8136354: [TEST_BUG] Test java/awt/image/RescaleOp/RescaleAlphaTest.java with Bad action for script - - JDK-8139668: Generate README-build.html from markdown - - JDK-8143847: Remove REF_CLEANER reference category - - JDK-8147862: Null check too late in sun.net.httpserver.ServerImpl - - JDK-8150669: C1 intrinsic for Class.isPrimitive - - JDK-8155742: [Windows] robot.keyPress(KeyEvent.VK_ALT_GRAPH) throws java.lang.IllegalArgumentException in windows - - JDK-8173339: AArch64: Fix minimum stack size computations - - JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load - - JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing - - JDK-8178832: (ref) jdk.lang.ref.disableClearBeforeEnqueue property is ignored - - JDK-8183107: PKCS11 regression regarding checkKeySize - - JDK-8193780: (ref) Remove the undocumented "jdk.lang.ref.disableClearBeforeEnqueue" system property - - JDK-8194873: right ALT key hotkeys no longer work in Swing components - - JDK-8201793: (ref) Reference object should not support cloning - - JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount() - - JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures. - - JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit - - JDK-8235218: Minimal VM is broken after JDK-8173361 - - JDK-8235385: Crash on aarch64 JDK due to long offset - - JDK-8245263: Enable TLSv1.3 by default on JDK 8u for Client roles - - JDK-8254178: Remove .hgignore - - JDK-8254318: Remove .hgtags - - JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version - - JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*) - - JDK-8280963: Incorrect PrintFlags formatting on Windows - - JDK-8282538: PKCS11 tests fail on CentOS Stream 9 - - JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee - - JDK-8285400: Add '@apiNote' to the APIs defined in Java SE 8 MR 3 - - JDK-8285497: Add system property for Java SE specification maintenance version - - JDK-8287132: Retire Runtime.runFinalizersOnExit so that it always throws UOE - - JDK-8287508: The tests added to jdk-8 by 8235385 are to be ported to jdk-11 - - JDK-8287521: Bump update version of OpenJDK: 8u352 - - JDK-8288763: Pack200 extraction failure with invalid size - - JDK-8288865: [aarch64] LDR instructions must use legitimized addresses - - JDK-8290000: Bump macOS GitHub actions to macOS 11 - - JDK-8292579: (tz) Update Timezone Data to 2022c - - JDK-8292688: Support Security properties in security.testlibrary.Proc - -Notes on individual issues: -=========================== - -core-libs/java.lang: - -JDK-8201793: (ref) Reference object should not support cloning -============================================================== -`java.lang.ref.Reference::clone` method always throws -`CloneNotSupportedException`. `Reference` objects cannot be -meaningfully cloned. To create a new Reference object, call the -constructor to create a `Reference` object with the same referent and -reference queue instead. - -JDK-8175797: (ref) Reference::enqueue method should clear the reference object before enqueuing -=============================================================================================== -`java.lang.ref.Reference.enqueue` method clears the reference object -before it is added to the registered queue. When the `enqueue` method -is called, the reference object is cleared and `get()` method will -return null in OpenJDK 8u352. - -Typically when a reference object is enqueued, it is expected that the -reference object is cleared explicitly via the `clear` method to avoid -memory leak because its referent is no longer referenced. In other -words the `get` method is expected not to be called in common cases -once the `enqueue`method is called. In the case when the `get` method -from an enqueued reference object and existing code attempts to access -members of the referent, `NullPointerException` may be thrown. Such -code will need to be updated. - -JDK-8071507: (ref) Clear phantom reference as soft and weak references do -========================================================================= -This enhancement changes phantom references to be automatically -cleared by the garbage collector as soft and weak references. - -An object becomes phantom reachable after it has been finalized. This -change may cause the phantom reachable objects to be GC'ed earlier - -previously the referent is kept alive until PhantomReference objects -are GC'ed or cleared by the application. This potential behavioral -change might only impact existing code that would depend on -PhantomReference being enqueued rather than when the referent be freed -from the heap. - -core-libs/java.net: - -JDK-8286918: Better HttpServer service -====================================== -The HttpServer can be optionally configured with a maximum connection -limit by setting the jdk.httpserver.maxConnections system property. A -value of 0 or a negative integer is ignored and considered to -represent no connection limit. In the case of a positive integer -value, any newly accepted connections will be first checked against -the current count of established connections and, if the configured -limit has been reached, then the newly accepted connection will be -closed immediately. - -security-libs/javax.net.ssl: - -JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles -================================================================ -The TLSv1.3 implementation is now enabled by default for client roles -in 8u352. It has been enabled by default for server roles since 8u272. - -Note that TLS 1.3 is not directly compatible with previous -versions. Enabling it on the client may introduce compatibility issues -on either the server or the client side. Here are some more details on -potential compatibility issues that you should be aware of: - -* TLS 1.3 uses a half-close policy, while TLS 1.2 and prior versions - use a duplex-close policy. For applications that depend on the - duplex-close policy, there may be compatibility issues when - upgrading to TLS 1.3. - -* The signature_algorithms_cert extension requires that pre-defined - signature algorithms are used for certificate authentication. In - practice, however, an application may use non-supported signature - algorithms. - -* The DSA signature algorithm is not supported in TLS 1.3. If a server - is configured to only use DSA certificates, it cannot upgrade to TLS - 1.3. - -* The supported cipher suites for TLS 1.3 are not the same as TLS 1.2 - and prior versions. If an application hard-codes cipher suites which - are no longer supported, it may not be able to use TLS 1.3 without - modifying the application code. - -* The TLS 1.3 session resumption and key update behaviors are - different from TLS 1.2 and prior versions. The compatibility should - be minimal, but it could be a risk if an application depends on the - handshake details of the TLS protocols. - -The TLS 1.3 protocol can be disabled by using the jdk.tls.client.protocols -system property: - -java -Djdk.tls.client.protocols="TLSv1.2" ... - -Alternatively, an application can explicitly set the enabled protocols -with the javax.net.ssl APIs e.g. - -sslSocket.setEnabledProtocols(new String[] {"TLSv1.2"}); - -or: - -SSLParameters params = sslSocket.getSSLParameters(); -params.setProtocols(new String[] {"TLSv1.2"}); -sslSocket.setSSLParameters(params); - -New in release OpenJDK 8u345 (2022-08-01): -=========================================== -Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u345 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u345.txt - -* Other changes - - JDK-8290832: It is no longer possible to change "user.dir" in the JDK8 - - JDK-8291568: Bump update version of OpenJDK: 8u345 - -Notes on individual issues: -=========================== - -core-libs/java.io: - -JDK-8290832: It is no longer possible to change "user.dir" in the JDK8 -====================================================================== -A change, JDK-8194154, was introduced in the 8u342 release of OpenJDK -causing the JDK to ignore attempts to set the `user.dir` property. -While this change is suitable for a major release (it was originally -introduced in the initial release of OpenJDK 11), changing the -behaviour of such a property in an update release creates -compatibility issues in software that relies on the behaviour in prior -versions of OpenJDK 8. As a result, we have reverted this change in -8u345. - -New in release OpenJDK 8u342 (2022-07-19): -=========================================== -Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u342 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt - -* Security fixes - - JDK-8272243: Improve DER parsing - - JDK-8272249: Better properties of loaded Properties - - JDK-8277608: Address IP Addressing - - JDK-8281859, CVE-2022-21540: Improve class compilation - - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations - - JDK-8283190: Improve MIDI processing - - JDK-8284370: Improve zlib usage - - JDK-8285407, CVE-2022-34169: Improve Xalan supports -* Other changes - - JDK-8031567: Better model for storing source revision information - - JDK-8076190: Customizing the generation of a PKCS12 keystore - - JDK-8129572: Cleanup usage of getResourceAsStream in jaxp - - JDK-8132256: jaxp: Investigate removal of com/sun/org/apache/bcel/internal/util/ClassPath.java - - JDK-8168926: C2: Bytecode escape analyzer crashes due to stack overflow - - JDK-8170385: JDK-8031567 broke source bundles - - JDK-8170392: JDK-8031567 broke builds from source bundles - - JDK-8170530: bash configure output contains a typo in a suggested library name - - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream - - JDK-8194154: System property user.dir should not be changed - - JDK-8202142: jfr/event/io/TestInstrumentation is unstable - - JDK-8209771: jdk.test.lib.Utils::runAndCheckException error - - JDK-8221988: add possibility to build with Visual Studio 2019 - - JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp - - JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target - - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file - - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty" - - JDK-8248876: LoadObject with bad base address created for exec file on linux - - JDK-8253424: Add support for running pre-submit testing using GitHub Actions - - JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably - - JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command - - JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow - - JDK-8254175: Build no-pch configuration in debug mode for submit checks - - JDK-8254282: Add Linux x86_32 builds to submit workflow - - JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale - - JDK-8255305: Add Linux x86_32 tier1 to submit workflow - - JDK-8255352: Archive important test outputs in submit workflow - - JDK-8255373: Submit workflow artifact name is always "test-results_.zip" - - JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch - - JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow - - JDK-8256277: Github Action build on macOS should define OS and Xcode versions - - JDK-8256354: Github Action build on Windows should define OS and MSVC versions - - JDK-8256393: Github Actions build on Linux should define OS and GCC versions - - JDK-8256414: add optimized build to submit workflow - - JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing - - JDK-8257056: Submit workflow should apt-get update to avoid package installation errors - - JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386" - - JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386" - - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream) - - JDK-8263667: Avoid running GitHub actions on branches named pr/* - - JDK-8266187: Memory leak in appendBootClassPath() - - JDK-8274658: ISO 4217 Amendment 170 Update - - JDK-8274751: Drag And Drop hangs on Windows - - JDK-8278138: OpenJDK8 fails to start on Windows 8.1 after upgrading compiler to VS2017 - - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition - - JDK-8281814: Debuginfo.diz contains redundant build path after backport JDK-8025936 - - JDK-8282225: GHA: Allow one concurrent run per PR only - - JDK-8282458: Update .jcheck/conf file for 8u move to git - - JDK-8282552: Bump update version of OpenJDK: 8u342 - - JDK-8283350: (tz) Update Timezone Data to 2022a - - JDK-8284620: CodeBuffer may leak _overflow_arena - - JDK-8284772: 8u GHA: Use GCC Major Version Dependencies Only - - JDK-8285445: cannot open file "NUL:" - - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java - - JDK-8285591: [11] add signum checks in DSA.java engineVerify - - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head - - JDK-8286989: Build failure on macOS after 8281814 - - JDK-8287537: 8u JDK-8284620 backport broke AArch64 build - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8215293: Customizing PKCS12 keystore Generation -=================================================== -New system and security properties have been added to enable users to -customize the generation of PKCS #12 keystores. This includes -algorithms and parameters for key protection, certificate protection, -and MacData. The detailed explanation and possible values for these -properties can be found in the "PKCS12 KeyStore properties" section of -the `java.security` file. - -Also, support for the following SHA-2 based HmacPBE algorithms has -been added to the SunJCE provider: - -* HmacPBESHA224 -* HmacPBESHA256 -* HmacPBESHA384 -* HmacPBESHA512 -* HmacPBESHA512/224 -* HmacPBESHA512/256 - -core-libs/java.io: - -JDK-8285660: Enable Windows Alternate Data Streams by default -============================================================= -The Windows implementation of `java.io.File` has been changed so that -strict validity checks are **not** performed by default on file -paths. This includes allowing colons (':') in the path other than only -immediately after a single drive letter. It also allows paths that -represent NTFS Alternate Data Streams (ADS), such as -"filename:streamname". This restores the default behavior of -`java.io.File` to what it was prior to the April 2022 CPU in which -strict validity checks were not performed by default on file paths on -Windows. To re-enable strict path checking in `java.io.File`, the -system property `jdk.io.File.enableADS` should be set to `false` (case -ignored). This might be preferable, for example, if Windows special -device paths such as `NUL:` are *not* used. - -New in release OpenJDK 8u332 (2022-04-22): -=========================================== -Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u332 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt - -* Security fixes - - JDK-8269938: Enhance XML processing passes redux - - JDK-8270504, CVE-2022-21426: Better XPath expression handling - - JDK-8272255: Completely handle MIDI files - - JDK-8272261: Improve JFR recording file processing - - JDK-8272594: Better record of recordings - - JDK-8274221: More definite BER encodings - - JDK-8275151, CVE-2022-21443: Improved Object Identification - - JDK-8277227: Better identification of OIDs - - JDK-8277672, CVE-2022-21434: Better invocation handler handling - - JDK-8278008, CVE-2022-21476: Improve Santuario processing - - JDK-8278356: Improve file creation - - JDK-8278449: Improve keychain support - - JDK-8278805: Enhance BMP image loading - - JDK-8278972, CVE-2022-21496: Improve URL supports - - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo -* Other changes - - JDK-8033980: Xerces Update: datatype XMLGregorianCalendarImpl and DurationImpl - - JDK-8035437: Xerces Update: xml/serialize/DOMSerializerImpl - - JDK-8035577: Xerces Update: impl/xpath/regex/RangeToken.java - - JDK-8037259: xerces update: xpointer update - - JDK-8041523: Xerces Update: Serializer improvements from Xalan - - JDK-8141508: java.lang.invoke.LambdaConversionException: Invalid receiver type - - JDK-8162572: Update License Header for all JAXP sources - - JDK-8167014: jdeps: Missing message: warn.skipped.entry - - JDK-8198411: [TEST_BUG] Two java2d tests are unstable in mach5 - - JDK-8202822: Add .git to .hgignore - - JDK-8205540: test/hotspot/jtreg/vmTestbase/nsk/jdb/trace/trace001/trace001.java fails with Debuggee did not exit after 15 commands - - JDK-8209178: Proxied HttpsURLConnection doesn't send BODY when retrying POST request - - JDK-8210283: Support git as an SCM alternative in the build - - JDK-8218682: [TEST_BUG] DashOffset fails in mach5 - - JDK-8225690: Multiple AttachListener threads can be created - - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134" - - JDK-8227815: Minimal VM: set_state is not a member of AttachListener - - JDK-8240633: Memory leaks in the implementations of FileChooserUI - - JDK-8241768: git needs .gitattributes - - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn - - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens - - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node - - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems - - JDK-8270290: NTLM authentication fails if HEAD request is used - - JDK-8273229: Update OS detection code to recognize Windows Server 2022 - - JDK-8273341: Update Siphash to version 1.0 - - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated - - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake - - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE - - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022 - - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler - - JDK-8280060: The sun/rmi/server/Activation.java class use Thread.dumpStack() - - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972 - - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character - - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException - - JDK-8284920: Incorrect Token type causes XPath expression to return empty result - - JDK-8284936: Fix Java 7 bootstrap breakage due to use of Arrays.stream -* Shenandoah - - JDK-8260632: Build failures after JDK-8253353 - - JDK-8282458: Update .jcheck/conf file for sh-jdk8u move to git - -New in release OpenJDK 8u322 (2022-01-18): -=========================================== -Live versions of these release notes can be found at: - * https://bit.ly/openjdk8u322 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt - -* Security fixes - - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization - - JDK-8268488: More valuable DerValues - - JDK-8268494: Better inlining of inlined interfaces - - JDK-8268512: More content for ContentInfo - - JDK-8268795: Enhance digests of Jar files - - JDK-8268801: Improve PKCS attribute handling - - JDK-8268813, CVE-2022-21283: Better String matching - - JDK-8269151: Better construction of EncryptedPrivateKeyInfo - - JDK-8269944: Better HTTP transport redux - - JDK-8270392, CVE-2022-21293: Improve String constructions - - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps - - JDK-8270492, CVE-2022-21282: Better resolution of URIs - - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management - - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities - - JDK-8271962: Better TrueType font loading - - JDK-8271968: Better canonical naming - - JDK-8271987: Manifest improved manifest entries - - JDK-8272014, CVE-2022-21305: Better array indexing - - JDK-8272026, CVE-2022-21340: Verify Jar Verification - - JDK-8272236, CVE-2022-21341: Improve serial forms for transport - - JDK-8272272: Enhance jcmd communication - - JDK-8272462: Enhance image handling - - JDK-8273290: Enhance sound handling - - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering - - JDK-8273756, CVE-2022-21360: Enhance BMP image support - - JDK-8273838, CVE-2022-21365: Enhanced BMP processing -* Other changes - - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken - - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03 - - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108 - - JDK-8041928: MouseEvent.getModifiersEx gives wrong result - - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402 - - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) - - JDK-8048021: Remove @version tag in jaxp repo - - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage - - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java - - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile - - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS - - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure - - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade - - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank - - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated - - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind - - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator - - JDK-8148915: Intermittent failures of bug6400879.java - - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism - - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black - - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests - - JDK-8182036: Load from initializing arraycopy uses wrong memory state - - JDK-8183369: RFC unconformity of HttpURLConnection with proxy - - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check" - - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll - - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar - - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride - - JDK-8190793: Httpserver does not detect truncated request body - - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail - - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit - - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing - - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs - - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021 - - JDK-8225083: Remove Google certificate that is expiring in December 2021 - - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread - - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software - - JDK-8231438: [macOS] Dark mode for the desktop is not supported - - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina - - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail - - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails - - JDK-8236897: Fix the copyright header for pkcs11gcm2.h - - JDK-8237499: JFR: Include stack trace in the ThreadStart event - - JDK-8239886: Minimal VM build fails after JDK-8237499 - - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0 - - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" - - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions - - JDK-8273308: PatternMatchTest.java fails on CI - - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817 - - JDK-8273826: Correct Manifest file name and NPE checks - - JDK-8273968: JCK javax_xml tests fail in CI - - JDK-8274407: (tz) Update Timezone Data to 2021c - - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b - - JDK-8274468: TimeZoneTest.java fails with tzdata2021b - - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused - - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST - - JDK-8275766: (tz) Update Timezone Data to 2021e - - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e - - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766 - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8271434: Removed IdenTrust Root Certificate -=============================================== -The following root certificate from IdenTrust has been removed from -the `cacerts` keystore: - -Alias Name: identrustdstx3 [jdk] -Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co. - -JDK-8272535: Removed Google's GlobalSign Root Certificate -========================================================= -The following root certificate from Google has been removed from the -`cacerts` keystore: - -Alias Name: globalsignr2ca [jdk] -Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 - -core-libs/java.time: - -JDK-8274857: Update Timezone Data to 2021c -=========================================== -IANA Time Zone Database, on which JDK's Date/Time libraries are based, -has been updated to version 2021c -(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note -that with this update, some of the time zone rules prior to the year -1970 have been modified according to the changes which were introduced -with 2021b. For more detail, refer to the announcement of 2021b -(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html) - -New in release OpenJDK 8u312 (2021-10-19): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk8u312 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt - -* Security fixes - - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0 - - JDK-8161016: Strange behavior of URLConnection with proxy - - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - - JDK-8263314: Enhance XML Dsig modes - - JDK-8265167, CVE-2021-35556: Richer Text Editors - - JDK-8265574: Improve handling of sheets - - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - - JDK-8265776: Improve Stream handling for SSL - - JDK-8266097, CVE-2021-35561: Better hashing support - - JDK-8266103: Better specified spec values - - JDK-8266109: More Resilient Classloading - - JDK-8266115: More Manifest Jar Loading - - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - - JDK-8266689, CVE-2021-35567: More Constrained Delegation - - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - - JDK-8267712: Better LDAP reference processing - - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - - JDK-8267735, CVE-2021-35586: Better BMP support - - JDK-8268193: Improve requests of certificates - - JDK-8268199: Correct certificate requests - - JDK-8268506: More Manifest Digests - - JDK-8269618, CVE-2021-35603: Better session identification - - JDK-8269624: Enhance method selection support - - JDK-8270398: Enhance canonicalization - - JDK-8270404: Better canonicalization -* Other changes - - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit - - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection - - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline - - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime - - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private - - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails - - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated - - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser - - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed - - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently - - JDK-8065215: Print warning summary at end of configure - - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object - - JDK-8079891: Store configure log in $BUILD/configure.log - - JDK-8080082: configure fails if you create an empty directory and then run configure from it - - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing - - JDK-8131062: aarch64: add support for GHASH acceleration - - JDK-8134869: AARCH64: GHASH intrinsic is not optimal - - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address - - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get - - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream - - JDK-8166673: The new implementation of Robot.waitForIdle() may hang - - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders - - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class - - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails - - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore - - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error - - JDK-8214418: half-closed SSLEngine status may cause application dead loop - - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11 - - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr - - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail - - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4 - - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces - - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7 - - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers - - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print - - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) - - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files - - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available - - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken. - - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test - - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space" - - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames() - - JDK-8263311: Watch registry changes for remote printers update instead of polling - - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers" - - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M - - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode - - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container - - JDK-8265978: make test should look for more locations when searching for exit code - - JDK-8266206: Build failure after JDK-8264752 with older GCCs - - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836 - - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server - - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark - - JDK-8269763: The JEditorPane is blank after JDK-8265167 - - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport - - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers - - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short - - JDK-8269882: stack-use-after-scope in NewObjectA - - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891 - - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup - - JDK-8271466: StackGap test fails on aarch64 due to "-m64" - - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon - - JDK-8272214: [8u] Build failure after backport of JDK-8248901 - - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013 -* Shenandoah - - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array - - Re-cast JNI critical strings patch to be Shenandoah-specific - -Notes on individual issues: -=========================== - -core-libs/java.net: - -JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found -================================================================================ -The behavior of HttpURLConnection when using a ProxySelector has been -modified with this JDK release. HttpURLConnection used to fall back to -a DIRECT connection attempt if the configured proxy(s) failed to make -a connection. This release introduces a change whereby no DIRECT -connection will be attempted in such a scenario. Instead, the -HttpURLConnection.connect() method will fail and throw an IOException -which occurred from the last proxy tested. - -security-libs/javax.net.ssl: - -JDK-8219551: Updated the Default Enabled Cipher Suites Preference -================================================================= -The preference of the default enabled cipher suites has been -changed. The compatibility impact should be minimal. If needed, -applications can customize the enabled cipher suites and the -preference. For more details, refer to the SunJSSE provider -documentation and the JSSE Reference Guide documentation. - -New in release OpenJDK 8u302 (2021-07-20): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk8u302 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt - -* Security fixes - - JDK-8256157: Improve bytecode assembly - - JDK-8256491: Better HTTP transport - - JDK-8258432, CVE-2021-2341: Improve file transfers - - JDK-8260453: Improve Font Bounding - - JDK-8260960: Signs of jarsigner signing - - JDK-8260967, CVE-2021-2369: Better jar file validation - - JDK-8262380: Enhance XML processing passes - - JDK-8262403: Enhanced data transfer - - JDK-8262410: Enhanced rules for zones - - JDK-8262477: Enhance String Conclusions - - JDK-8262967: Improve Zip file support - - JDK-8264066, CVE-2021-2388: Enhance compiler validation - - JDK-8264079: Improve abstractions - - JDK-8264460: Improve NTLM support -* Other changes - - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream - - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome - - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file - - JDK-7106851: Test should not use System.exit - - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler - - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails - - JDK-8030123: java/beans/Introspector/Test8027648.java fails - - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java - - JDK-8033289: clang: clean up unused function warning - - JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11 - - JDK-8034857: gcc warnings compiling src/solaris/native/sun/management - - JDK-8035000: clean up ActivationLibrary.DestroyThread - - JDK-8035054: JarFacade.c should not include ctype.h - - JDK-8035287: gcc warnings compiling various libraries files - - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions - - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries - - JDK-8042891: Format issues embedded in macros for two g1 source files - - JDK-8043264: hsdis library not picked up correctly on expected paths - - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang - - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh - - JDK-8055754: filemap.cpp does not compile with clang - - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError - - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT - - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm - - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize - - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137 - - JDK-8074835: Resolve disabled warnings for libj2gss - - JDK-8074836: Resolve disabled warnings for libosxkrb5 - - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction - - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3 - - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel - - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX - - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header - - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java - - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java - - JDK-8132148: G1 hs_err region dump legend out of sync with region values - - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded - - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported - - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel - - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw - - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1 - - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently - - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java - - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME - - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME - - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file - - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000) - - JDK-8178403: DirectAudio in JavaSound may hang and leak - - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-'' - - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently - - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large - - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size" - - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error - - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails - - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM - - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined - - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016 - - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys - - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out" - - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max - - JDK-8206925: Support the certificate_authorities extension - - JDK-8209996: [PPC64] Fix JFR profiling - - JDK-8214345: infinite recursion while checking super class - - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types() - - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking - - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021 - - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails - - JDK-8228757: Fail fast if the handshake type is unknown - - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp - - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE - - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns - - JDK-8231949: [PPC64, s390]: Make async profiling more reliable - - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() - - JDK-8239053: [8u] clean up undefined-var-template warnings - - JDK-8239400: [8u] clean up undefined-var-template warnings - - JDK-8241649: Optimize Character.toString - - JDK-8241829: Cleanup the code for PrinterJob on windows - - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled - - JDK-8243559: Remove root certificates with 1024-bit keys - - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node - - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable - - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList - - JDK-8250876: Fix issues with cross-compile on macos - - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows - - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209) - - JDK-8254631: Better support ALPN byte wire values in SunJSSE - - JDK-8255086: Update the root locale display names - - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too - - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources - - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect - - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks - - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test - - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 - - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region - - JDK-8258419: RSA cipher buffer cleanup - - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation - - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues - - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region" - - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect - - JDK-8259886: Improve SSL session cache performance and scalability - - JDK-8260029: aarch64: fix typo in verify_oop_array - - JDK-8260236: better init AnnotationCollector _contended_group - - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized - - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2 - - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end - - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding - - JDK-8261867: Backport relevant test changes & additions from JDK-8130125 - - JDK-8262110: DST starts from incorrect time in 2038 - - JDK-8262446: DragAndDrop hangs on Windows - - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack - - JDK-8262730: Enable jdk8u MacOS external debug symbols - - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external - - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395 - - JDK-8263504: Some OutputMachOpcodes fields are uninitialized - - JDK-8263600: change rmidRunning to a simple lookup - - JDK-8264509: jdk8u MacOS zipped debug symbols won't build - - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type - - JDK-8264640: CMS ParScanClosure misses a barrier - - JDK-8264816: Weak handles leak causes GC to take longer - - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod - - JDK-8265666: Enable AIX build platform to make external debug symbols - - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u - - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u - - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant) - - JDK-8266723: JFR periodic events are causing extra allocations - - JDK-8266929: Unable to use algorithms from 3p providers - - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash - - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM - - JDK-8267545: [8u] Enable Xcode 12 builds on macOS - - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode - - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457 - - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow - - JDK-8269468: JDK-8269388 breaks the build on older GCCs - - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS -* Shenandoah - - [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState - - [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp - - [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous - - [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode - - [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1 - - [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally - - [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC - - [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size - - [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127 - - Shenandoah: Process weak roots during class unloading cycle - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8256902: Removed Root Certificates with 1024-bit Keys -========================================================= -The following root certificates with weak 1024-bit RSA public keys -have been removed from the `cacerts` keystore: - -Alias Name: thawtepremiumserverca [jdk] -Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA - -Alias Name: verisignclass2g2ca [jdk] -Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US - -Alias Name: verisignclass3ca [jdk] -Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US - -Alias Name: verisignclass3g2ca [jdk] -Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US - -Alias Name: verisigntsaca [jdk] -Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA - -JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate -================================================================= - -The following root certificate have been removed from the cacerts truststore: - -Alias Name: soneraclass2ca -Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI - -security-libs/javax.net.ssl: - -JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values -========================================================================================= -Certain TLS ALPN values couldn't be properly read or written by the -SunJSSE provider. This is due to the choice of Strings as the API -interface and the undocumented internal use of the UTF-8 Character Set -which converts characters larger than U+00007F (7-bit ASCII) into -multi-byte arrays that may not be expected by a peer. - -ALPN values are now represented using the network byte representation -expected by the peer, which should require no modification for -standard 7-bit ASCII-based character Strings. However, SunJSSE now -encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1 -characters. This means applications that used characters above -U+000007F that were previously encoded using UTF-8 may need to either -be modified to perform the UTF-8 conversion, or set the Java security -property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior. - -See the updated guide at -https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html -for more information. - -JDK-8244460: Support for certificate_authorities Extension -========================================================== -The "certificate_authorities" extension is an optional extension -introduced in TLS 1.3. It is used to indicate the certificate -authorities (CAs) that an endpoint supports and should be used by the -receiving endpoint to guide certificate selection. - -With this JDK release, the "certificate_authorities" extension is -supported for TLS 1.3 in both the client and the server sides. This -extension is always present for client certificate selection, while it -is optional for server certificate selection. - -Applications can enable this extension for server certificate -selection by setting the `jdk.tls.client.enableCAExtension` system -property to `true`. The default value of the property is `false`. - -Note that if the client trusts more CAs than the size limit of the -extension (less than 2^16 bytes), the extension is not enabled. Also, -some server implementations do not allow handshake messages to exceed -2^14 bytes. Consequently, there may be interoperability issues when -`jdk.tls.client.enableCAExtension` is set to `true` and the client -trusts more CAs than the server implementation limit. - -New in release OpenJDK 8u292 (2021-04-20): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk8u292 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt - -* Security fixes - - JDK-8227467: Better class method invocations - - JDK-8244473: Contextualize registration for JNDI - - JDK-8244543: Enhanced handling of abstract classes - - JDK-8249906, CVE-2021-2163: Enhance opening JARs - - JDK-8250568, CVE-2021-2161: Less ambiguous processing - - JDK-8253799: Make lists of normal filenames -* Other changes - - JDK-6345095: regression test EmptyClipRenderingTest fails - - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println - - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop - - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled - - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed - - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7 - - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found - - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently - - JDK-8035166: Remove dependency on EC classes from pkcs11 provider - - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error - - JDK-8038723: Openup some PrinterJob tests - - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X - - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton - - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS - - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported - - JDK-8078450: Implement consistent process for quarantine of tests - - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException - - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid - - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment - - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms - - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256 - - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error - - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output - - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address - - JDK-8160217: JavaSound should clean up resources better - - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods - - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node - - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63 - - JDK-8172404: Tools should warn if weak algorithms are used before restricting them - - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key" - - JDK-8191915: JCK tests produce incorrect results with C2 - - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode - - JDK-8202343: Disable TLS 1.0 and 1.1 - - JDK-8209333: Socket reset issue for TLS 1.3 socket close - - JDK-8211301: [macos] support full window content options - - JDK-8211339: NPE during SSL handshake caused by HostnameChecker - - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy - - JDK-8217338: [Containers] Improve systemd slice memory limit support - - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl - - JDK-8221408: Windows 32bit build build errors/warnings in hotspot - - JDK-8223186: HotSpot compile warnings from GCC 9 - - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14 - - JDK-8225805: Java Access Bridge does not close the logger - - JDK-8226899: Problemlist compiler/rtm tests - - JDK-8227642: [TESTBUG] Make docker tests podman compatible - - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642 - - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage - - JDK-8230388: Problemlist additional compiler/rtm tests - - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR - - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3 - - JDK-8234728: Some security tests should support TLSv1.3 - - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions - - JDK-8235311: Tag mismatch may alert bad_record_mac - - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property. - - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory - - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read - - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code. - - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1 - - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE" - - JDK-8242141: New System Properties to configure the TLS signature schemes - - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 - - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit - - JDK-8249183: JVM crash in "AwtFrame::WmSize" method - - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel - - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows - - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets - - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities - - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray - - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows - - JDK-8253368: TLS connection always receives close_notify exception - - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities - - JDK-8253932: SSL debug log prints incorrect caller info - - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations - - JDK-8255880: UI of Swing components is not redrawn after their internal state changed - - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem - - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java - - JDK-8256421: Add 2 HARICA roots to cacerts truststore - - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed - - JDK-8258079: Eliminate ParNew's use of klass_or_null() - - JDK-8256682: JDK-8202343 is incomplete - - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines - - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575 - - JDK-8258247: Couple of issues in fix for JDK-8249906 - - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() - - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes - - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures - - JDK-8258933: G1 needs klass_or_null_acquire - - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f - - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will - - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548 - - JDK-8259428: AlgorithmId.getEncodedParams() should return copy - - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport - - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS - - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a - - JDK-8260930: AARCH64: Invalid value passed to critical JNI function - - JDK-8261183: Follow on to Make lists of normal filenames - - JDK-8261231: Windows IME was disabled after DnD operation - - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017 - - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory - - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently - - JDK-8263008: AARCH64: Add debug info for libsaproc.so - - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS) -* Shenandoah - - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01. - - Revert differences against upstream 8u - - [backport] 8202976: Add C1 lea patching support for x86 - - [backport] 8221507: Implement JFR Events for Shenandoah - - [backport] 8224573: Fix windows build after JDK-8221507 - - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs - - [backport] 8229474: Shenandoah: Cleanup CM::update_roots() - - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs) - - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2 - - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots - - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB - - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes - - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64 - - [backport] 8233574: Shenandoah: build is broken without jfr - - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint - - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx" - - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type - - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength() - - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition - - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier - - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition - - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks - - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape" - - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U - - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option - - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues() - - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads - - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask - - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback - - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test - - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false - - Fix register allocation for thread register is 32bit LRB - - Fix Shenandoah bindings in ADLC formssel - - Shenandoah: Backed out weak roots cleaning during full gc - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8260597: Added 2 HARICA Root CA Certificates -================================================ - -The following root certificates have been added to the cacerts truststore: - -Alias Name: haricarootca2015 -Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - -Alias Name: haricaeccrootca2015 -Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - -JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default -=================================================================================== -Weak named curves are disabled by default by adding them to the -following `disabledAlgorithms` security properties: - -* jdk.tls.disabledAlgorithms -* jdk.certpath.disabledAlgorithms -* jdk.jar.disabledAlgorithms - -Red Hat has always disabled many of the curves provided by upstream, -so the only addition in this release is: - -* secp256k1 - -The curves that remain enabled are: - -* secp256r1 -* secp384r1 -* secp521r1 -* X25519 -* X448 - -When large numbers of weak named curves need to be disabled, adding -individual named curves to each `disabledAlgorithms` property would be -overwhelming. To relieve this, a new security property, -`jdk.disabled.namedCurves`, is implemented that can list the named -curves common to all of the `disabledAlgorithms` properties. To use -the new property in the `disabledAlgorithms` properties, precede the -full property name with the keyword `include`. Users can still add -individual named curves to `disabledAlgorithms` properties separate -from this new property. No other properties can be included in the -`disabledAlgorithms` properties. - -To restore the named curves, remove the `include -jdk.disabled.namedCurves` either from specific or from all -`disabledAlgorithms` security properties. To restore one or more -curves, remove the specific named curve(s) from the -`jdk.disabled.namedCurves` property. - -JDK-8244286: Tools Warn If Weak Algorithms Are Used -=================================================== -The `keytool` and `jarsigner` tools have been updated to warn users -when weak cryptographic algorithms are used in keys, certificates, and -signed JARs before they are disabled. The weak algorithms are set in -the `jdk.security.legacyAlgorithms` security property in the -`java.security` configuration file. In this release, the tools issue -warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys. - -security-libs/javax.net.ssl: - -JDK-8256490: Disable TLS 1.0 and 1.1 -==================================== -TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer -considered secure and have been superseded by more secure and modern -versions (TLS 1.2 and 1.3). - -These versions have now been disabled by default. If you encounter -issues, you can, at your own risk, re-enable the versions by removing -"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` -security property in the `java.security` configuration file. - -JDK-8242147: New System Properties to Configure the TLS Signature Schemes -========================================================================= -Two new system properties have been added to customize the TLS -signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been -added for the TLS client side, and `jdk.tls.server.SignatureSchemes` -has been added for the server side. - -Each system property contains a comma-separated list of supported -signature scheme names specifying the signature schemes that could be -used for the TLS connections. - -The names are described in the "Signature Schemes" section of the -*Java Security Standard Algorithm Names Specification*. - -tools/javac: - -JDK-8177368: Several incorporation steps are silently failing when an error should be reported -============================================================================================== -Reporting previously silent errors found during incorporation, JLS -8§18.3, was supposed to be a clean-up with performance only -implications. But consider the test case: - -import java.util.Arrays; -import java.util.List; - -class Klass { - public static List> foo(List... lists) { - return foo(Arrays.asList(lists)); - } - - public static List> foo(List> lists) { - return null; - } -} - -This code was not accepted before the patch for [1], but after this -patch the compiler is accepting it. Accepting this code is the right -behavior as not reporting incorporation errors was a bug in the -compiler. While determining the applicability of method: -List> foo(List> lists) for which -we have the constraints: b <: Object t <: List t<:Object -List <: t first, inference variable b is selected for -instantiation: b = CAP1 of ? extends A so this implies that: t <: -List t<: Object List <: t - -Now all the bounds are checked for consistency. While checking if -List is a subtype of List -a bound error is reported. Before the compiler was just swallowing -it. As now the error is reported while inference variable b is being -instantiated, the bound set is rolled back to it's initial state, 'b' -is instantiated to Object, and with this instantiation the constraint -set is solvable, the method is applicable, it's the only applicable -one and the code is accepted as correct. The compiler behavior in this -case is defined at JLS 8 §18.4 - -This fix has source compatibility impact, right now code that wasn't -being accepted is now being accepted by the javac compiler. Currently -there are no reports of any other kind of incompatibility. - -[1] https://bugs.openjdk.java.net/browse/JDK-8078024 - -New in release OpenJDK 8u282 (2021-01-19): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk8u282 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt - -* Security fixes - - JDK-8247619: Improve Direct Buffering of Characters -* Other changes - - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux - - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation - - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails - - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup - - JDK-8030350: Enable additional compiler warnings for GCC - - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows - - JDK-8036122: Fix warning 'format not a string literal' - - JDK-8039279: Move awt tests to openjdk repository - - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk - - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository - - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree - - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m - - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests - - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk - - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository - - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository - - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests - - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository - - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 - - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK - - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 - - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK - - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 - - JDK-8051440: move tests about maximizing undecorated to OpenJDK - - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null! - - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 - - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3) - - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK - - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 - - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 - - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 - - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK - - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk - - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9 - - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10 - - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails - - JDK-8062808: Turn on the -Wreturn-type warning - - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 - - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 - - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing - - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases - - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease - - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() - - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel - - JDK-8068275: Some tests failed after JDK-8063104 - - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once - - JDK-8074807: Fix some tests unnecessary using internal API - - JDK-8076315: move 4 manual functional swing tests to regression suite - - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT - - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows - - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful - - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent - - JDK-8148916: Mark bug6400879.java as intermittently failing - - JDK-8148983: Fix extra comma in changes for JDK-8148916 - - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants - - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic - - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails - - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits - - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java - - JDK-8165808: Add release barriers when allocating objects with concurrent collection - - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java - - JDK-8166583: Add oopDesc::klass_or_null_acquire() - - JDK-8166663: Simplify oops_on_card_seq_iterate_careful - - JDK-8166862: CMS needs klass_or_null_acquire - - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X - - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp - - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event - - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument - - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8 - - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 - - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out - - JDK-8207766: [testbug] Adapt tests for Aix. - - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation - - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash - - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior - - JDK-8217362: Emergency dump does not work when disk=false is set - - JDK-8217766: Container Support doesn't work for some Join Controllers combinations - - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3 - - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable - - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp - - JDK-8220657: JFR.dump does not work when filename is set - - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562 - - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing - - JDK-8221710: [TESTBUG] more configurable parameters for docker testing - - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable - - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM - - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs - - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100 - - JDK-8229868: Update Apache Santuario TPRM version - - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread - - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes - - JDK-8232114: JVM crashed at imjpapi.dll in native code - - JDK-8233548: Update CUP to v0.11b - - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area - - JDK-8234339: replace JLI_StrTok in java_md_solinux.c - - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes - - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test - - JDK-8242335: Additional Tests for RSASSA-PSS - - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker - - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in - - JDK-8245400: Upgrade to LittleCMS 2.11 - - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 - - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention - - JDK-8249176: Update GlobalSignR6CA test certificates - - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior - - JDK-8250636: iso8601_time returns incorrect offset part on MacOS - - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY - - JDK-8250928: JFR: Improve hash algorithm for stack traces - - JDK-8251365: Build failure on AIX after 8250636 - - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java - - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers - - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE - - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries - - JDK-8252497: Incorrect numeric currency code for ROL - - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent - - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed - - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal - - JDK-8253036: Support building the Zero assembler port on AArch64 - - JDK-8253284: Zero OrderAccess barrier mappings are incorrect - - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip - - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly - - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion - - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate - - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp - - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp - - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails - - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c - - JDK-8255003: Build failures on Solaris - - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d - - JDK-8255269: Unsigned overflow in g1Policy.cpp - - JDK-8255603: Memory/Performance regression after JDK-8210985 - - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized - - JDK-8256618: Zero: Linux x86_32 build still fails - - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap - - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder - - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace - - JDK-8258630: Add expiry exception for QuoVadis root certificate -* AArch64 port - - Fix AArch64 build failure after JDK-8062808 backport -* Shenandoah - - Fix racy update of code roots - -Notes on individual issues: -=========================== - -security-libs/javax.xml.crypto: - -JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3 -=========================================================================== -The XML Signature implementation in the `java.xml.crypto` module has -been updated to version 2.1.3 of Apache Santuario. New features -include: - -* Added support for embedding elliptic curve public keys in the - KeyValue element - -New in release OpenJDK 8u275 (2020-11-05): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk8u275 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt - -* Regression fixes - - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate" - - JDK-8223940: Private key not supported by chosen signature algorithm - - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding - - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) - -New in release OpenJDK 8u272 (2020-10-20): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk8u272 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt - -* New features - - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 -* Security fixes - - JDK-8233624: Enhance JNI linkage - - JDK-8236196: Improve string pooling - - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class - - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - - JDK-8237995, CVE-2020-14782: Enhance certificate processing - - JDK-8240124: Better VM Interning - - JDK-8241114, CVE-2020-14792: Better range handling - - JDK-8242680, CVE-2020-14796: Improved URI Support - - JDK-8242685, CVE-2020-14797: Better Path Validation - - JDK-8242695, CVE-2020-14798: Enhanced buffer support - - JDK-8243302: Advanced class supports - - JDK-8244136, CVE-2020-14803: Improved Buffer supports - - JDK-8244479: Further constrain certificates - - JDK-8244955: Additional Fix for JDK-8240124 - - JDK-8245407: Enhance zoning of times - - JDK-8245412: Better class definitions - - JDK-8245417: Improve certificate chain handling - - JDK-8248574: Improve jpeg processing - - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit - - JDK-8253019: Enhanced JPEG decoding -* Other changes - - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes - - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java - - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times - - JDK-8025886: replace [[ and == bash extensions in regtest - - JDK-8026236: Add PrimeTest for BigInteger - - JDK-8031625: javadoc problems referencing inner class constructors - - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals - - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c - - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails - - JDK-8046274: Removing dependency on jakarta-regexp - - JDK-8048933: -XX:+TraceExceptions output should include the message - - JDK-8057003: Large reference arrays cause extremely long synchronization times - - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler - - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double - - JDK-8062947: Fix exception message to correctly represent LDAP connection failure - - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds - - JDK-8075774: Small readability and performance improvements for zipfs - - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails - - JDK-8078334: Mark regression tests using randomness - - JDK-8078880: Mark a few more intermittently failuring security-libs - - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support - - JDK-8132206: move ScanTest.java into OpenJDK - - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API - - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java - - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh - - JDK-8144539: Update PKCS11 tests to run with security manager - - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8 - - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape - - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent - - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect - - JDK-8151788: NullPointerException from ntlm.Client.type3 - - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently - - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings - - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout - - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public - - JDK-8154313: Generated javadoc scattered all over the place - - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization - - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider - - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working - - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k - - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files - - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite - - JDK-8166148: Fix for JDK-8165936 broke solaris builds - - JDK-8167300: Scheduling failures during gcm should be fatal - - JDK-8167615: Opensource unit/regression tests for JavaSound - - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed - - JDK-8169925: PKCS #11 Cryptographic Token Interface license - - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java - - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled - - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 - - JDK-8177628: Opensource unit/regression tests for ImageIO - - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java - - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java - - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh - - JDK-8184762: ZapStackSegments should use optimized memset - - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. - - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied - - JDK-8193137: Nashorn crashes when given an empty script file - - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak - - JDK-8194298: Add support for per Socket configuration of TCP keepalive - - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error - - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails - - JDK-8201633: Problems with AES-GCM native acceleration - - JDK-8203357: Container Metrics - - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts - - JDK-8210147: adjust some WSAGetLastError usages in windows network coding - - JDK-8211049: Second parameter of "initialize" method is not used - - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean - - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions - - JDK-8214862: assert(proj != __null) at compile.cpp:3251 - - JDK-8216283: Allow shorter method sampling interval than 10 ms - - JDK-8217606: LdapContext#reconnect always opens a new connection - - JDK-8217647: JFR: recordings on 32-bit systems unreadable - - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 - - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 - - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero - - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly - - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound - - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 - - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file - - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs - - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified - - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp - - JDK-8224217: RecordingInfo should use textual representation of path - - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) - - JDK-8226575: OperatingSystemMXBean should be made container aware - - JDK-8226697: Several tests which need the @key headful keyword are missing it. - - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous - - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM - - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow - - JDK-8230303: JDB hangs when running monitor command - - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG - - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo - - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate - - JDK-8233097: Fontmetrics for large Fonts has zero width - - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name - - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion - - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version - - JDK-8235325: build failure on Linux after 8235243 - - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink - - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages - - JDK-8237951: CTW: C2 compilation fails with "malformed control flow" - - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary - - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10 - - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10 - - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10 - - JDK-8238898: Missing hash characters for header on license file - - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD - - JDK-8239819: XToolkit: Misread of screen information memory - - JDK-8240295: hs_err elapsed time in seconds is not accurate enough - - JDK-8240676: Meet not symmetric failure when running lucene on jdk8 - - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one - - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash - - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array - - JDK-8243138: Enhance BaseLdapServer to support starttls extended request - - JDK-8243320: Add SSL root certificates to Oracle Root CA program - - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program - - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions - - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 - - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor - - JDK-8245467: Remove 8u TLSv1.2 implementation files - - JDK-8245469: Remove DTLS protocol implementation - - JDK-8245470: Fix JDK8 compatibility issues - - JDK-8245471: Revert JDK-8148188 - - JDK-8245472: Backport JDK-8038893 to JDK8 - - JDK-8245473: OCSP stapling support - - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 - - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default - - JDK-8245477: Adjust TLS tests location - - JDK-8245653: Remove 8u TLS tests - - JDK-8245681: Add TLSv1.3 regression test from 11.0.7 - - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ - - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR - - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release - - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport - - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read - - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase - - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public - - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior - - JDK-8250546: Expect changed behaviour reported in JDK-8249846 - - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics - - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java - - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update - - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher - - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false - - JDK-8251341: Minimal Java specification change - - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u - - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds - - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled - - JDK-8252573: 8u: Windows build failed after 8222079 backport - - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed - - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 - - JDK-8254937: Revert JDK-8148854 for 8u272 - -Notes on individual issues: -=========================== - -core-svc/java.lang.management: - -JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data -============================================================================================ -When executing in a container, or other virtualized operating -environment, the following `OperatingSystemMXBean` methods in this -release return container specific information, if -available. Otherwise, they return host specific data: - -* getFreePhysicalMemorySize() -* getTotalPhysicalMemorySize() -* getFreeSwapSpaceSize() -* getTotalSwapSpaceSize() -* getSystemCpuLoad() - -security-libs/java.security: - -JDK-8250756: Added Entrust Root Certification Authority - G4 certificate -======================================================================== -The Entrust root certificate has been added to the cacerts truststore: - -Alias Name: entrustrootcag4 -Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - -JDK-8250860: Added 3 SSL Corporation Root CA Certificates -========================================================= -The following root certificates have been added to the cacerts truststore for the SSL Corporation: - -Alias Name: sslrootrsaca -Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US - -Alias Name: sslrootevrsaca -Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US - -Alias Name: sslrooteccca -Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US - -security-libs/javax.crypto:pkcs11: - -JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40 -======================================================================= -The SunPKCS11 provider has been updated with support for PKCS#11 -v2.40. This version adds support for more algorithms such as the -AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message -digests, and RSASSA-PSS signatures when the corresponding PKCS11 -mechanisms are supported by the underlying PKCS11 library. - -security-libs/javax.security: - -JDK-8242059: Support for canonicalize in krb5.conf -================================================== -The 'canonicalize' flag in the [krb5.conf file][0] is now supported by -the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name -canonicalization is requested by clients in TGT requests to KDC -services (AS protocol). Otherwise, and by default, it is not -requested. - -The new default behavior is different from previous releases where -name canonicalization was always requested by clients in TGT requests -to KDC services (provided that support for RFC 6806[1] was not -explicitly disabled with the *sun.security.krb5.disableReferrals* -system or security properties). - -[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html -[1]: https://tools.ietf.org/html/rfc6806 - -security-libs/javax.xml.crypto: - -JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1 -===================================================================== -The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario. - -New features include: - -1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified -in RFC 6931. -2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and -RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931. - -JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format -============================================================================================================ -The upgrade to the Apache Santuario libraries (see above) introduced -an issue where XML signature using Base64 encoding resulted in -appending ` ` or ` ` to the encoded output. This behavioural -change was made in the Apache Santuario codebase to comply with RFC -2045. The Santuario team has adopted a position of keeping their -libraries compliant with RFC 2045. - -Earlier versions of OpenJDK 8 using the legacy encoder returns encoded -data in a format without ` ` or ` `. - -Therefore a new system property, specific to the 8 update stream, -`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made -available to fall back to the legacy Base64 encoded format. - -Users can set this flag in one of two ways: - -1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true - -2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true") - -This new system property is disabled by default. It has no effect on -default behaviour nor when -`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property -is set. - -Later JDK family versions will only support the recommended property: - -`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` - -JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b -==================================================================== -Following JDK's update to tzdata2020b, the long-obsolete files -pacificnew and systemv have been removed. As a result, the -"US/Pacific-New" zone name declared in the pacificnew data file is no -longer available for use. - -Information regarding the update can be viewed at -https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html - -New in release OpenJDK 8u265 (2020-07-27): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk8u265 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt - -* Bug fixes - - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior - - JDK-8250546: Expect changed behaviour reported in JDK-8249846 - -New in release OpenJDK 8u262 (2020-07-14): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/oj8u262 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt - -* New features - - JDK-8223147: JFR Backport -* Security fixes - - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) - - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() - - JDK-8230613: Better ASCII conversions - - JDK-8231800: Better listing of arrays - - JDK-8232014: Expand DTD support - - JDK-8233255: Better Swing Buttons - - JDK-8234032: Improve basic calendar services - - JDK-8234042: Better factory production of certificates - - JDK-8234418: Better parsing with CertificateFactory - - JDK-8234836: Improve serialization handling - - JDK-8236191: Enhance OID processing - - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - - JDK-8237592, CVE-2020-14577: Enhance certificate verification - - JDK-8238002, CVE-2020-14581: Better matrix operations - - JDK-8238804: Enhance key handling process - - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - - JDK-8238843: Enhanced font handing - - JDK-8238920, CVE-2020-14583: Better Buffer support - - JDK-8238925: Enhance WAV file playback - - JDK-8240119, CVE-2020-14593: Less Affine Transformations - - JDK-8240482: Improved WAV file playback - - JDK-8241379: Update JCEKS support - - JDK-8241522: Manifest improved jar headers redux - - JDK-8242136, CVE-2020-14621: Better XML namespace handling -* Other changes - - JDK-4949105: Access Bridge lacks html tags parsing - - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode - - JDK-8003209: JFR events for network utilization - - JDK-8030680: 292 cleanup from default method code assessment - - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently - - JDK-8037866: Replace the Fun class in tests with lambdas - - JDK-8041626: Shutdown tracing event - - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree - - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null - - JDK-8076475: Misuses of strncpy/strncat - - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset - - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp - - JDK-8146612: C2: Precedence edges specification violated - - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering - - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates - - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format - - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded" - - JDK-8165675: Trace event for thread park has incorrect unit for timeout - - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM - - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java - - JDK-8176182: 4 security tests are not run - - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method - - JDK-8178910: Problemlist sample tests - - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds - - JDK-8183925: Decouple crash protection from watcher thread - - JDK-8191393: Random crashes during cfree+0x1c - - JDK-8195817: JFR.stop should require name of recording - - JDK-8195818: JFR.start should increase autogenerated name by one - - JDK-8195819: Remove recording=x from jcmd JFR.check output - - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE - - JDK-8199712: Flight Recorder - - JDK-8202578: Revisit location for class unload events - - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events - - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) - - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant - - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording - - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 - - JDK-8203929: Limit amount of data for JFR.dump - - JDK-8205516: JFR tool - - JDK-8207392: [PPC64] Implement JFR profiling - - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it - - JDK-8209960: -Xlog:jfr* doesn't work with the JFR - - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() - - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 - - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch - - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events - - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions - - JDK-8213421: Line number information for execution samples always 0 - - JDK-8213617: JFR should record the PID of the recorded process - - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. - - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests - - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test - - JDK-8213966: The ZGC JFR events should be marked as experimental - - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds - - JDK-8214750: Unnecessary

tags in jfr classes - - JDK-8214896: JFR Tool left files behind - - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError - - JDK-8214925: JFR tool fails to execute - - JDK-8215175: Inconsistencies in JFR event metadata - - JDK-8215237: jdk.jfr.Recording javadoc does not compile - - JDK-8215284: Reduce noise induced by periodic task getFileSize() - - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) - - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails - - JDK-8215771: The jfr tool should pretty print reference chains - - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly - - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() - - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp - - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps - - JDK-8216578: Remove unused/obsolete method in JFR code - - JDK-8216995: Clean up JFR command line processing - - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT - - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent - - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly - - JDK-8220293: Deadlock in JFR string pool - - JDK-8223689: Add JFR Thread Sampling Support - - JDK-8223690: Add JFR BiasedLock Event Support - - JDK-8223691: Add JFR G1 Region Type Change Event Support - - JDK-8223692: Add JFR G1 Heap Summary Event Support - - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant - - JDK-8224475: JTextPane does not show images in HTML rendering - - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 - - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 - - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. - - JDK-8226779: [TESTBUG] Test JFR API from Java agent - - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory - - JDK-8227269: Slow class loading when running with JDWP - - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant" - - JDK-8229366: JFR backport allows unchecked writing to memory - - JDK-8229401: Fix JFR code cache test failures - - JDK-8229708: JFR backport code does not initialize - - JDK-8229873: 8229401 broke jdk8u-jfr-incubator - - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions - - JDK-8229899: Make java.io.File.isInvalid() less racy - - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows - - JDK-8230597: Update GIFlib library to the 5.2.1 - - JDK-8230707: JFR related tests are failing - - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return - - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false - - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return - - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout - - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 - - JDK-8231995: two jtreg tests failed after 8229366 is fixed - - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing - - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file - - JDK-8233880: Support compilers with multi-digit major version numbers - - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info - - JDK-8236008: Some backup files were accidentally left in the hotspot tree - - JDK-8236074: Missed package-info - - JDK-8236174: Should update javadoc since tags - - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing - - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport - - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 - - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB - - JDK-8238589: Necessary code cleanup in JFR for JDK8u - - JDK-8238590: Enable JFR by default during compilation in 8u - - JDK-8239055: Wrong implementation of VMState.hasListener - - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair - - JDK-8239479: minimal1 and zero builds are failing - - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed - - JDK-8239867: correct over use of INCLUDE_JFR macro - - JDK-8240375: Disable JFR by default for July 2020 release - - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges - - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled - - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set - - JDK-8241750: x86_32 build failure after JDK-8227269 - - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) - - JDK-8242788: Non-PCH build is broken after JDK-8191393 - - JDK-8242883: Incomplete backport of JDK-8078268: backport test part - - JDK-8243059: Build fails when --with-vendor-name contains a comma - - JDK-8243474: [TESTBUG] removed three tests of 0 bytes - - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 - - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in - - JDK-8244461: [JDK 8u] Build fails with glibc 2.32 - - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result - - JDK-8244777: ClassLoaderStats VM Op uses constant hash value - - JDK-8244843: JapanEraNameCompatTest fails - - JDK-8245167: Top package in method profiling shows null in JMC - - JDK-8246223: Windows build fails after JDK-8227269 - - JDK-8246703: [TESTBUG] Add test for JDK-8233197 - - JDK-8248399: Build installs jfr binary when JFR is disabled - - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package - -Notes on individual issues: -=========================== - -hotspot/jfr: - -JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u -========================================================= - -OpenJDK 8u now contains the backport of JEP 328: Flight Recorder -(https://openjdk.java.net/jeps/328) from later versions of OpenJDK. - -JFR is a low-overhead framework to collect and provide data helpful to -troubleshoot the performance of the OpenJDK runtime and of Java -applications. It consists of a new API to define custom events under -the jdk.jfr namespace and a JMX interface to interact with the -framework. The recording can also be initiated with the application -startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces -the +XX:EnableTracing feature introduced in JEP 167, providing a more -efficient way to retrieve the same information. For compatibility -reasons, +XX:EnableTracing is still accepted, however no data will be -printed. - -While JFR is not built by default upstream, it is included in Red Hat -binaries for supported architectures (x86_64, AArch64 & PowerPC 64) - -hotspot/runtime: - -JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording -========================================================================================= - -JFR will be disabled with a warning message if it is enabled during -CDS dumping. The user will see the following warning message: - -OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping - -if JFR is enabled during CDS dumping such as in the following command -line: - -$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true - -security-libs/java.security: - -JDK-8244167: Removal of Comodo Root CA Certificate -================================================== - -The following expired Comodo root CA certificate was removed from the -`cacerts` keystore: + alias name "addtrustclass1ca [jdk]" - -Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE - -JDK-8244166: Removal of DocuSign Root CA Certificate -==================================================== - -The following expired DocuSign root CA certificate was removed from - the `cacerts` keystore: + alias name "keynectisrootca [jdk]" - -Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR - -security-libs/javax.crypto:pkcs11: - -JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database -============================================================================================================================ - -The SunPKCS11 security provider can now be initialized with NSS when -FIPS-enabled external modules are configured in the Security Modules -Database (NSSDB). Prior to this change, the SunPKCS11 provider would -throw a RuntimeException with the message: "FIPS flag set for -non-internal module" when such a library was configured for NSS in -non-FIPS mode. - -This change allows the JDK to work properly with recent NSS releases -on GNU/Linux operating systems when the system-wide FIPS policy is -turned on. - -Further information can be found in JDK-8238555. - -New in release OpenJDK 8u252 (2020-04-14): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/oj8u252 - * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt - -* Security fixes - - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - - JDK-8225603: Enhancement for big integers - - JDK-8227542: Manifest improved jar headers - - JDK-8231415, CVE-2020-2773: Better signatures in XML - - JDK-8233250: Better X11 rendering - - JDK-8233410: Better Build Scripting - - JDK-8234027: Better JCEKS key support - - JDK-8234408, CVE-2020-2781: Improve TLS session handling - - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - - JDK-8235274, CVE-2020-2805: Enhance typing of methods - - JDK-8236201, CVE-2020-2830: Better Scanner conversions - - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap -* Other changes - - JDK-8005819: Support cross-realm MSSFU - - JDK-8022263: use same Clang warnings on BSD as on Linux - - JDK-8038631: Create wrapper for awt.Robot with additional functionality - - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid - - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests - - JDK-8068184: Fix for JDK-8032832 caused a deadlock - - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature - - JDK-8132130: some docs cleanup - - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit - - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal - - JDK-8144446: Automate the Marlin crash test - - JDK-8144526: Remove Marlin logging use of deleted internal API - - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats - - JDK-8144654: Improve Marlin logging - - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins - - JDK-8166976: TestCipherPBECons has wrong @run line - - JDK-8167409: Invalid value passed to critical JNI function - - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant - - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT - - JDK-8191227: issues with unsafe handle resolution - - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider - - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object - - JDK-8215756: Memory leaks in the AWT on macOS - - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win) - - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread - - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions - - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test - - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test - - JDK-8229022: BufferedReader performance can be improved by using StringBuilder - - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC - - JDK-8229872: (fs) Increase buffer size used with getmntent - - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception - - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type - - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 - - JDK-8235904: Infinite loop when rendering huge lines - - JDK-8236179: C1 register allocation error with T_ADDRESS - - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read - - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call - - JDK-8241296: Segfault in JNIHandleBlock::oops_do() - - JDK-8241307: Marlin renderer should not be the default in 8u252 - -Notes on individual issues: -=========================== - -hotspot/svc: - -JDK-8174881: Binary format for HPROF updated -============================================ - -When dumping the heap in binary format, HPROF format 1.0.2 is always -used now. Previously, format 1.0.1 was used for heaps smaller than -2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the -serviceability agent. - -security-libs/java.security: - -JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature -==================================================================================== - -The SunRsaSign and SunJCE providers have been enhanced with support -for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS -signature and OAEP using FIPS 180-4 digest algorithms. New -constructors and methods have been added to relevant JCA/JCE classes -under the `java.security.spec` and `javax.crypto.spec` packages for -supporting additional RSASSA-PSS parameters. - -security-libs/javax.crypto: - -JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI -============================================================ - -The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider. - -security-libs/javax.security: - -JDK-8227564: Allow SASL Mechanisms to Be Restricted -=================================================== - -A security property named `jdk.sasl.disabledMechanisms` has been added -that can be used to disable SASL mechanisms. Any disabled mechanism -will be ignored if it is specified in the `mechanisms` argument of -`Sasl.createSaslClient` or the `mechanism` argument of -`Sasl.createSaslServer`. The default value for this security property -is empty, which means that no mechanisms are disabled out-of-the-box. diff --git a/SOURCES/README.md b/SOURCES/README.md index 61b3b69..f7d6f74 100644 --- a/SOURCES/README.md +++ b/SOURCES/README.md @@ -1,8 +1,34 @@ -Package of LTS OpenJDK 8 -OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages. +OpenJDK 8 is a Long-Term Support (LTS) release of the Java platform. -JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives. +For a list of major changes in OpenJDK 8 (java-1.8.0-openjdk), see the +upstream release page: https://openjdk.org/projects/jdk8/features -See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html -See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf +# Rebuilding the OpenJDK package +The OpenJDK packages are now created from a single build which is then +packaged for different major versions of Red Hat Enterprise Linux +(RHEL). This allows the OpenJDK team to focus their efforts on the +development and testing of this single build, rather than having +multiple builds which only differ by the platform they were built on. + +This does make rebuilding the package slightly more complicated than a +normal package. Modifications should be made to the +`java-1.8.0-openjdk-portable.specfile` file, which can be found with +this README file in the source RPM or installed in the documentation +tree by the `java-1.8.0-openjdk-headless` RPM. + +Once the modified `java-1.8.0-openjdk-portable` RPMs are built, they +should be installed and will produce a number of tarballs in the +`/usr/lib/jvm` directory. The `java-1.8.0-openjdk` RPMs can then be +built, which will use these tarballs to create the usual RPMs found in +RHEL. The `java-1.8.0-openjdk-portable` RPMs can be uninstalled once +the desired final RPMs are produced. + +Note that the `java-1.8.0-openjdk.spec` file has a hard requirement on +the exact version of java-1.8.0-openjdk-portable to use, so this will +need to be modified if the version or rpmrelease values are changed in +`java-1.8.0-openjdk-portable.specfile`. + +To reduce the number of RPMs involved, the `fastdebug` and `slowdebug` +builds may be disabled using `--without fastdebug` and `--without +slowdebug`. diff --git a/SOURCES/java-1.8.0-openjdk-portable.specfile b/SOURCES/java-1.8.0-openjdk-portable.specfile new file mode 100644 index 0000000..9197600 --- /dev/null +++ b/SOURCES/java-1.8.0-openjdk-portable.specfile @@ -0,0 +1,2388 @@ +# RPM conditionals so as to be able to dynamically produce +# slowdebug/release builds. See: +# http://rpm.org/user_doc/conditional_builds.html +# +# Examples: +# +# Produce release, fastdebug *and* slowdebug builds on x86_64 (default): +# $ rpmbuild -ba java-1.8.0-openjdk.spec +# +# Produce only release builds (no debug builds) on x86_64: +# $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug --without fastdebug +# +# Only produce a release build on x86_64: +# $ rhpkg mockbuild --without slowdebug --without fastdebug +# +# Enable fastdebug builds by default on relevant arches. +%bcond_without fastdebug +# Enable slowdebug builds by default on relevant arches. +%bcond_without slowdebug +# Enable release builds by default on relevant arches. +%bcond_without release +# Remove build artifacts by default +%bcond_with artifacts +# Build a fresh libjvm.so for use in a copy of the bootstrap JDK +%bcond_without fresh_libjvm +# Build with system libraries +%bcond_with system_libs + +# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so +%if %{with fresh_libjvm} +%global build_hotspot_first 1 +%else +%global build_hotspot_first 0 +%endif + +%if %{with system_libs} +%global system_libs 1 +%global link_type system +%global jpeg_lib |libjavajpeg[.]so.* +%else +%global system_libs 0 +%global link_type bundled +%global jpeg_lib |libjpeg[.]so.* +%endif + +# Turn off the debug package as we just produce a bunch of tarballs +%define debug_package %{nil} + +# note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros +# also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch +# see the difference between global and define: +# See https://github.com/rpm-software-management/rpm/issues/127 to comments at "pmatilai commented on Aug 18, 2017" +# (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192) +%global debug_suffix_unquoted -slowdebug +%global fastdebug_suffix_unquoted -fastdebug +# quoted one for shell operations +%global debug_suffix "%{debug_suffix_unquoted}" +%global fastdebug_suffix "%{fastdebug_suffix_unquoted}" +%global normal_suffix "" + +%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. +%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. +%global debug_on unoptimised with full debugging on +%global fastdebug_on optimised with full debugging on +%global for_fastdebug for packages with debugging on and optimisation +%global for_debug for packages with debugging on and no optimisation + +%if %{with release} +%global include_normal_build 1 +%else +%global include_normal_build 0 +%endif + +%if %{include_normal_build} +%global normal_build %{normal_suffix} +%else +%global normal_build %{nil} +%endif + +%global aarch64 aarch64 arm64 armv8 +# we need to distinguish between big and little endian PPC64 +%global ppc64le ppc64le +%global ppc64be ppc64 ppc64p7 +# Set of architectures which support multiple ABIs +%global multilib_arches %{power64} sparc64 x86_64 +# Set of architectures for which we build slowdebug builds +%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} +# Set of architectures for which we build fastdebug builds +%global fastdebug_arches x86_64 ppc64le aarch64 +# Set of architectures with a Just-In-Time (JIT) compiler +%global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64 +# Set of architectures which use the Zero assembler port (!jit_arches) +%global zero_arches %{arm} ppc s390 s390x +# Set of architectures which run a full bootstrap cycle +%global bootstrap_arches %{jit_arches} %{zero_arches} +# Set of architectures which support SystemTap tapsets +%global systemtap_arches %{jit_arches} +# Set of architectures which support the serviceability agent +%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} +# Set of architectures which support class data sharing +# See https://bugzilla.redhat.com/show_bug.cgi?id=513605 +# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT +%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} +# Set of architectures which support Java Flight Recorder (JFR) +%global jfr_arches %{jit_arches} +# Set of architectures for which alt-java has SSB mitigation +%global ssbd_arches x86_64 +# Set of architectures where we verify backtraces with gdb +%global gdb_arches %{jit_arches} %{zero_arches} + +# By default, we build a debug build during main build on JIT architectures +%if %{with slowdebug} +%ifarch %{debug_arches} +%global include_debug_build 1 +%else +%global include_debug_build 0 +%endif +%else +%global include_debug_build 0 +%endif + +# By default, we build a fastdebug build during main build only on fastdebug architectures +%if %{with fastdebug} +%ifarch %{fastdebug_arches} +%global include_fastdebug_build 1 +%else +%global include_fastdebug_build 0 +%endif +%else +%global include_fastdebug_build 0 +%endif + +%if %{include_debug_build} +%global slowdebug_build %{debug_suffix} +%else +%global slowdebug_build %{nil} +%endif + +%if %{include_fastdebug_build} +%global fastdebug_build %{fastdebug_suffix} +%else +%global fastdebug_build %{nil} +%endif + +# If you disable all builds, then the build fails +# Build and test slowdebug first as it provides the best diagnostics +%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} + +%if 0%{?flatpak} +%global bootstrap_build false +%else +%ifarch %{bootstrap_arches} +%global bootstrap_build true +%else +%global bootstrap_build false +%endif +%endif + +%global bootstrap_targets images +%global release_targets images docs-zip +# No docs nor bootcycle for debug builds +%global debug_targets images +# Target to use to just build HotSpot +%global hotspot_target hotspot + +# JDK to use for bootstrapping +# Use OpenJDK 7 where available (on RHEL) to avoid +# having to use the rhel-7.x-java-unsafe-candidate hack +%if ! 0%{?fedora} && 0%{?rhel} <= 7 +%global buildjdkver 1.7.0 +%else +%global buildjdkver 1.8.0 +%endif +%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk + +# Filter out flags from the optflags macro that cause problems with the OpenJDK build +# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 +# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) +# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings +# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++ +%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||') +%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||') +%global ourldflags %{__global_ldflags} + +# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path +# the initialization must be here. Later the pkg-config have buggy behavior +# looks like openjdk RPM specific bug +# Always set this so the nss.cfg file is not broken +%global NSS_LIBDIR %(pkg-config --variable=libdir nss) +%global NSS_LIBS %(pkg-config --libs nss) +%global NSS_CFLAGS %(pkg-config --cflags nss-softokn) +# see https://bugzilla.redhat.com/show_bug.cgi?id=1332456 +%global NSSSOFTOKN_BUILDTIME_NUMBER %(pkg-config --modversion nss-softokn || : ) +%global NSS_BUILDTIME_NUMBER %(pkg-config --modversion nss || : ) +# this is workaround for processing of requires during srpm creation +%global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi) +%global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi) + +# In some cases, the arch used by the JDK does +# not match _arch. +# Also, in some cases, the machine name used by SystemTap +# does not match that given by _target_cpu +%ifarch x86_64 +%global archinstall amd64 +%global stapinstall x86_64 +%endif +%ifarch ppc +%global archinstall ppc +%global stapinstall powerpc +%endif +%ifarch %{ppc64be} +%global archinstall ppc64 +%global stapinstall powerpc +%endif +%ifarch %{ppc64le} +%global archinstall ppc64le +%global stapinstall powerpc +%endif +%ifarch %{ix86} +%global archinstall i386 +%global stapinstall i386 +%endif +%ifarch ia64 +%global archinstall ia64 +%global stapinstall ia64 +%endif +%ifarch s390 +%global archinstall s390 +%global stapinstall s390 +%endif +%ifarch s390x +%global archinstall s390x +%global stapinstall s390 +%endif +%ifarch %{arm} +%global archinstall arm +%global stapinstall arm +%endif +%ifarch %{aarch64} +%global archinstall aarch64 +%global stapinstall arm64 +%endif +# 32 bit sparc, optimized for v9 +%ifarch sparcv9 +%global archinstall sparc +%global stapinstall %{_target_cpu} +%endif +# 64 bit sparc +%ifarch sparc64 +%global archinstall sparcv9 +%global stapinstall %{_target_cpu} +%endif +# Need to support noarch for srpm build +%ifarch noarch +%global archinstall %{nil} +%global stapinstall %{nil} +%endif + +# Always off in portables +%ifarch %{systemtap_arches} +%global with_systemtap 0 +%else +%global with_systemtap 0 +%endif + +# New Version-String scheme-style defines +%global majorver 8 + +# Standard JPackage naming and versioning defines +%global origin openjdk +%global origin_nice OpenJDK +%global top_level_dir_name %{origin} + +# Settings for local security configuration +%global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} +%global cacerts_file /etc/pki/java/cacerts + +# Define vendor information used by OpenJDK +%global oj_vendor Red Hat, Inc. +%global oj_vendor_url "https://www.redhat.com/" +# Define what url should JVM offer in case of a crash report +# order may be important, epel may have rhel declared +%if 0%{?epel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{component}&version=epel%{epel} +%else +%if 0%{?fedora} +# Does not work for rawhide, keeps the version field empty +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} +%else +%if 0%{?rhel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component} +%else +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi +%endif +%endif +%endif + +# note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. +%global shenandoah_project openjdk +%global shenandoah_repo shenandoah-jdk8u +%global openjdk_revision jdk8u372-b07 +%global shenandoah_revision shenandoah-%{openjdk_revision} +# Define old aarch64/jdk8u tree variables for compatibility +%global project %{shenandoah_project} +%global repo %{shenandoah_repo} +%global revision %{shenandoah_revision} +# Define IcedTea version used for SystemTap tapsets and desktop file +%global icedteaver 3.15.0 +# Define current Git revision for the FIPS support patches +%global fipsver 6d1aade0648 +# Define current Git revision for the cacerts patch +%global cacertsver 8139f2361c2 + +# e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 +%global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) +# eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) +%global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) +# eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 +%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) +# eg jdk8u60-b27 -> b27 +%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) +%global rpmrelease 2 +# Define milestone (EA for pre-releases, GA ("fcs") for releases) +# Release will be (where N is usually a number starting at 1): +# - 0.N%%{?extraver}%%{?dist} for EA releases, +# - N%%{?extraver}{?dist} for GA releases +%global is_ga 1 +%if %{is_ga} +%global milestone fcs +%global milestone_version %{nil} +%global extraver %{nil} +%global eaprefix %{nil} +%else +%global milestone ea +%global milestone_version "-ea" +%global extraver .%{milestone} +%global eaprefix 0. +%endif +# priority must be 7 digits in total. The expression is workarounding tip +%global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999}) + +%global javaver 1.%{majorver}.0 + +# parametrized macros are order-sensitive +%global compatiblename %{name} +%global fullversion %{compatiblename}-%{version}-%{release} +# images stub +%global jdkimage j2sdk-image +%global jreimage j2re-image +# output dir stub +%define buildoutputdir() %{expand:build/jdk8.build%{?1}} +%define installoutputdir() %{expand:install/jdk8.install%{?1}} +%define packageoutputdir() %{expand:packages/jdk8.packages%{?1}} +# we can copy the javadoc to not arched dir, or make it not noarch +%define uniquejavadocdir() %{expand:%{fullversion}%{?1}} +# main id and dir of this jdk +%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} +%define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jre;g") +%define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable%{1}.jdk;g") +%define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz} +%define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz} +%define jreportablename() %{expand:%{jreportablenameimpl -- %%{1}}} +%define jdkportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} +%define docportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.docs;g") +%define docportablearchive() %{docportablename}.tar.xz +%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el%{rhel}\\(_[0-9]\\)*;portable.misc;g") +%define miscportablearchive() %{miscportablename}.tar.xz + +# Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349. +# See also https://bugzilla.redhat.com/show_bug.cgi?id=1590796 +# as to why some libraries *cannot* be excluded. In particular, +# these are: +# libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so +%global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*%{jpeg_lib}|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.* +%global __provides_exclude ^(%{_privatelibs})$ +%global __requires_exclude ^(%{_privatelibs})$ + +# Standard JPackage directories and symbolic links. +%global sdkdir() %{expand:%{uniquesuffix %%1}} +%global jrelnk() %{expand:jre-%{javaver}-%{origin}-%{version}-%{release}.%{_arch}%1} + +%global jredir() %{expand:%{sdkdir %%1}/jre} +%global sdkbindir() %{expand:%{_jvmdir}/%{sdkdir %%1}/bin} +%global jrebindir() %{expand:%{_jvmdir}/%{jredir %%1}/bin} +%global alt_java_name alt-java +%global jvmjardir() %{expand:%{_jvmjardir}/%{uniquesuffix %%1}} + +%global rpm_state_dir %{_localstatedir}/lib/rpm-state/ + +# For flatpack builds hard-code /usr/sbin/alternatives, +# otherwise use %%{_sbindir} relative path. +%if 0%{?flatpak} +%global alternatives_requires /usr/sbin/alternatives +%else +%global alternatives_requires %{_sbindir}/alternatives +%endif + +%if %{with_systemtap} +# Where to install systemtap tapset (links) +# We would like these to be in a package specific sub-dir, +# but currently systemtap doesn't support that, so we have to +# use the root tapset dir for now. To distinguish between 64 +# and 32 bit architectures we place the tapsets under the arch +# specific dir (note that systemtap will only pickup the tapset +# for the primary arch for now). Systemtap uses the machine name +# aka target_cpu as architecture specific directory name. +%global tapsetroot /usr/share/systemtap +%global tapsetdirttapset %{tapsetroot}/tapset/ +%global tapsetdir %{tapsetdirttapset}/%{stapinstall} +%endif + +# Prevent brp-java-repack-jars from being run. +%global __jar_repack 0 + +# portables have grown out of its component, moving back to java-x-vendor +# this expression, when declared as global, filled component with java-x-vendor portable +%define component %(echo %{name} | sed "s;-portable;;g") + +Name: java-%{javaver}-%{origin}-portable +Version: %{javaver}.%{updatever}.%{buildver} +Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} +# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons +# and this change was brought into RHEL-4. java-1.5.0-ibm packages +# also included the epoch in their virtual provides. This created a +# situation where in-the-wild java-1.5.0-ibm packages provided "java = +# 1:1.5.0". In RPM terms, "1.6.0 < 1:1.5.0" since 1.6.0 is +# interpreted as 0:1.6.0. So the "java >= 1.6.0" requirement would be +# satisfied by the 1:1.5.0 packages. Thus we need to set the epoch in +# JDK package >= 1.6.0 to 1, and packages referring to JDK virtual +# provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". + +Epoch: 1 +Summary: %{origin_nice} %{majorver} Runtime Environment portable edition +Group: Development/Languages + +# HotSpot code is licensed under GPLv2 +# JDK library code is licensed under GPLv2 with the Classpath exception +# The Apache license is used in code taken from Apache projects (primarily JAXP & JAXWS) +# DOM levels 2 & 3 and the XML digital signature schemas are licensed under the W3C Software License +# The JSR166 concurrency code is in the public domain +# The BSD and MIT licenses are used for a number of third-party libraries (see THIRD_PARTY_README) +# The OpenJDK source tree includes the JPEG library (IJG), zlib & libpng (zlib), giflib and LCMS (MIT) +# The test code includes copies of NSS under the Mozilla Public License v2.0 +# The PCSClite headers are under a BSD with advertising license +# The elliptic curve cryptography (ECC) source code is licensed under the LGPLv2.1 or any later version +License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib +URL: http://openjdk.java.net/ + +# Shenandoah HotSpot +# aarch64-port/jdk8u-shenandoah contains an integration forest of +# OpenJDK 8u, the aarch64 port and Shenandoah +# To regenerate, use: +# VERSION=%%{shenandoah_revision} +# FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} +# REPO_ROOT= generate_source_tarball.sh +# where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} +Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz + +# Custom README for -src subpackage +Source2: README.md + +# Release notes +Source7: NEWS + +# Use 'icedtea_sync.sh' to update the following +# They are based on code contained in the IcedTea project (3.x). +# Systemtap tapsets. Zipped up to keep it small. +# Disabled in portables +#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz + +# Desktop files. Adapted from IcedTea +# Disabled in portables +#Source9: jconsole.desktop.in +#Source10: policytool.desktop.in + +# nss configuration file +Source11: nss.cfg.in + +# Removed libraries that we link instead +Source12: remove-intree-libraries.sh + +# Ensure we aren't using the limited crypto policy +Source13: TestCryptoLevel.java + +# Ensure ECDSA is working +Source14: TestECDSA.java + +# Verify system crypto (policy) can be disabled via a property +Source15: TestSecurityProperties.java + +# Ensure vendor settings are correct +Source16: CheckVendor.java + +# nss fips configuration file +Source17: nss.fips.cfg.in + +# Ensure translations are available for new timezones +Source18: TestTranslations.java + +# Disabled in portables +#Source20: repackReproduciblePolycies.sh + +# New versions of config files with aarch64 support. This is not upstream yet. +Source100: config.guess +Source101: config.sub + +############################################ +# +# RPM/distribution specific patches +# +# This section includes patches specific to +# Fedora/RHEL which can not be upstreamed +# either in their current form or at all. +############################################ + +# Accessibility patches +# Ignore AWTError when assistive technologies are loaded +Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch +# Turn on AssumeMP by default on RHEL systems +Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch +# RH1648249: Add PKCS11 provider to java.security +Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1582504-rsa_default_for_keytool.patch + +# Crypto policy and FIPS support patches +# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk8u/tree/fips +# as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch +# Diff is limited to src and make subdirectories to exclude .github changes +# Fixes currently included: +# PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy +# PR3655: Allow use of system crypto policy to be disabled by the user +# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider +# RH1760838: No ciphersuites available for SSLSocket in FIPS mode +# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available +# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess +# RH1929465: Improve system FIPS detection +# RH1996182: Login to the NSS software token in FIPS mode +# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false +# RH2021263: Resolve outstanding FIPS issues +# RH2052819: Fix FIPS reliance on crypto policies +# RH2052829: Detect NSS at Runtime for FIPS detection +# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +# RH2090378: Revert to disabling system security properties and FIPS mode support together +Patch1001: fips-8u-%{fipsver}.patch + +############################################# +# +# Upstreamable patches +# +# This section includes patches which need to +# be reviewed & pushed to the current development +# tree of OpenJDK. +############################################# +# PR2737: Allow multiple initialization of PKCS11 libraries +Patch5: pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch +# Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions +Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch +# RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings +Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch +# PR3083, RH1346460: Regression in SSL debug output without an ECC provider +Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch +# PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) +# PR3575, RH1567204: System cacerts database handling should not affect jssecacerts +# RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds +# Must be applied after the FIPS patch as it also changes java.security +# Patch is generated from the cacerts tree at https://github.com/rh-openjdk/jdk8u/tree/cacerts +# as follows: git diff fips > pr2888-rh2055274-support_system_cacerts-$(git show -s --format=%h HEAD).patch +Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch +Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) +Patch600: rh1750419-redhat_alt_java.patch +# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build +Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch + +############################################# +# +# Arch-specific upstreamable patches +# +# This section includes patches which need to +# be reviewed & pushed upstream and are specific +# to certain architectures. This usually means the +# current OpenJDK development branch, but may also +# include other trees e.g. for the AArch64 port for +# OpenJDK 8u. +############################################# +# s390: PR3593: Use "%z" for size_t on s390 as size_t != intptr_t +Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch +# x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) +Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch +# S390 ambiguous log2_intptr calls +Patch107: s390-8214206_fix.patch + +############################################# +# +# Patches which need backporting to 8u +# +# This section includes patches which have +# been pushed upstream to the latest OpenJDK +# development tree, but need to be backported +# to OpenJDK 8u. +############################################# +# S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary +# This fixes printf warnings that lead to build failure with -Werror=format-security from optflags +Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch +# PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code +Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch +# 8143245, PR3548: Zero build requires disabled warnings +Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch +# s390: JDK-8203030, Type fixing for s390 +Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch +# 8035341: Allow using a system installed libpng +Patch202: jdk8035341-allow_using_system_installed_libpng.patch +# 8042159: Allow using a system-installed lcms2 +Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch +Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch +# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 +Patch581: jdk8257794-remove_broken_assert.patch +# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files +Patch12: jdk8186464-rh1433262-zip64_failure.patch + +############################################# +# +# Patches appearing in 8u382 +# +# This section includes patches which are present +# in the listed OpenJDK 8u release and should be +# able to be removed once that release is out +# and used by this RPM. +############################################# +# JDK-8271199, RH2175317: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key +Patch2001: jdk8271199-rh2175317-custom_pkcs11_provider_support.patch + +############################################# +# +# Patches ineligible for 8u +# +# This section includes patches which are present +# upstream, but ineligible for upstream 8u backport. +############################################# +# 8043805: Allow using a system-installed libjpeg +Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch + +############################################# +# +# Shenandoah fixes +# +# This section includes patches which are +# specific to the Shenandoah garbage collector +# and should be upstreamed to the appropriate +# trees. +############################################# + +############################################# +# +# Non-OpenJDK fixes +# +# This section includes patches to code other +# that from OpenJDK. +############################################# + +############################################# +# +# Dependencies +# +############################################# +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: alsa-lib-devel +BuildRequires: binutils +BuildRequires: cups-devel +BuildRequires: desktop-file-utils +# elfutils only are OK for build without AOT +BuildRequires: elfutils-devel +BuildRequires: file +BuildRequires: fontconfig-devel +BuildRequires: freetype-devel +BuildRequires: gcc-c++ +BuildRequires: gdb +BuildRequires: libxslt +BuildRequires: libX11-devel +BuildRequires: libXext-devel +BuildRequires: libXi-devel +BuildRequires: libXinerama-devel +BuildRequires: libXrender-devel +BuildRequires: libXt-devel +BuildRequires: libXtst-devel +# Requirement for setting up nss.cfg and nss.fips.cfg +BuildRequires: nss-devel +# Commented out for portable RHEL7 doesn't have this +# Requirement for system security property test +#BuildRequires: crypto-policies +BuildRequires: pkgconfig +BuildRequires: xorg-x11-proto-devel +BuildRequires: zip +BuildRequires: tar +BuildRequires: unzip +# Require a boot JDK which doesn't fail due to RH1482244 +BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 +# Zero-assembler build requirement +%ifarch %{zero_arches} +BuildRequires: libffi-devel +%endif +# 2023c required as of JDK-8305113 +BuildRequires: tzdata-java >= 2023c +# Earlier versions have a bug in tree vectorization on PPC +BuildRequires: gcc >= 4.8.3-8 + +# cacerts build requirement. +BuildRequires: ca-certificates +%if %{with_systemtap} +BuildRequires: systemtap-sdt-devel +%endif + +%if %{system_libs} +BuildRequires: giflib-devel +BuildRequires: lcms2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +%else +# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h +Provides: bundled(giflib) = 5.2.1 +# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h +Provides: bundled(lcms2) = 2.10.0 +# Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h +Provides: bundled(libjpeg) = 6b +# Version in jdk/src/share/native/sun/awt/libpng/png.h +Provides: bundled(libpng) = 1.6.37 +# We link statically against libstdc++ to increase portability +BuildRequires: libstdc++-static +%endif + +%description +The %{origin_nice} %{majorver} runtime environment - portable edition + +%if %{include_normal_build} +%package devel +Summary: %{origin_nice} %{majorver} Development Environment portable edition +Group: Development/Tools +%description devel +The %{origin_nice} %{majorver} development tools - portable edition +%endif + +%if %{include_debug_build} +%package slowdebug +Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{debug_on} +Group: Development/Languages +%description slowdebug +The %{origin_nice} %{majorver} runtime environment - portable edition +%{debug_warning} + +%package devel-slowdebug +Summary: %{origin_nice} %{majorver} Development Environment portable edition %{debug_on} +Group: Development/Tools +%description devel-slowdebug +The %{origin_nice} %{majorver} development tools - portable edition +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package fastdebug +Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{fastdebug_on} +Group: Development/Languages +%description fastdebug +The %{origin_nice} %{majorver} runtime environment - portable edition +%{fastdebug_warning} + +%package devel-fastdebug +Summary: %{origin_nice} %{majorver} Development Environment portable edition %{fastdebug_on} +Group: Development/Tools +%description devel-fastdebug +The %{origin_nice} %{majorver} development tools - portable edition +%{fastdebug_warning} +%endif + +%if %{include_normal_build} +%package unstripped +Summary: The %{origin_nice} %{majorver} runtime environment, unstripped. +Group: Development/Languages +%description unstripped +The %{origin_nice} %{majorver} runtime environment, unstripped. +%endif + +%package docs +Summary: %{origin_nice} %{majorver} API documentation +Group: Development/Languages +%description docs +The %{origin_nice} %{majorver} API documentation. + +%package misc +Summary: %{origin_nice} %{majorver} miscellany +Group: Development/Languages +%description misc +The %{origin_nice} %{majorver} miscellany. + +%prep +if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then + echo "include_normal_build is %{include_normal_build}" +else + echo "include_normal_build is %{include_normal_build}, that is invalid. Use 1 for yes or 0 for no" + exit 11 +fi +if [ %{include_debug_build} -eq 0 -o %{include_debug_build} -eq 1 ] ; then + echo "include_debug_build is %{include_debug_build}" +else + echo "include_debug_build is %{include_debug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 12 +fi +if [ %{include_fastdebug_build} -eq 0 -o %{include_fastdebug_build} -eq 1 ] ; then + echo "include_fastdebug_build is %{include_fastdebug_build}" +else + echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 13 +fi +if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then + echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go." + exit 14 +fi + +echo "Update version: %{updatever}" +echo "Build number: %{buildver}" +echo "Milestone: %{milestone}" +%setup -q -c -n %{uniquesuffix ""} -T -a 0 +# https://bugzilla.redhat.com/show_bug.cgi?id=1189084 +prioritylength=`expr length %{priority}` +if [ $prioritylength -ne 7 ] ; then + echo "priority must be 7 digits in total, violated" + exit 14 +fi +# For old patches +ln -s %{top_level_dir_name} jdk8 + +cp %{SOURCE2} . + +# replace outdated configure guess script +# +# the configure macro will do this too, but it also passes a few flags not +# supported by openjdk configure script +cp %{SOURCE100} %{top_level_dir_name}/common/autoconf/build-aux/ +cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ + +# OpenJDK patches + +%if %{system_libs} +# Remove libraries that are linked +sh %{SOURCE12} +%endif + +# Do not enable them with system_libs, they do not work properly with bundled option +# System library fixes +%if %{system_libs} +%patch201 +%patch202 +%patch203 +%patch204 +%endif + +%patch1 +%patch5 + +# s390 build fixes +%patch102 +%patch103 +%patch107 + +# AArch64 fixes + +# x86 fixes +%patch105 + +# Upstreamable fixes +%patch502 +%patch512 +%patch523 +%patch528 +%patch571 +%patch574 +%patch112 +%patch581 +%patch541 +%patch12 + +pushd %{top_level_dir_name} +# Add crypto policy and FIPS support +%patch1001 -p1 +# nss.cfg PKCS11 support; must come last as it also alters java.security +%patch1000 -p1 +# system cacerts support +%patch539 -p1 +# 8u382 fix +%patch2001 -p1 +popd + +# RPM-only fixes +%patch600 +%patch1003 + +# RHEL-only patches +%if ! 0%{?fedora} && 0%{?rhel} <= 7 +%patch534 +%endif + +# Shenandoah patches + +# Extract systemtap tapsets +%if %{with_systemtap} +tar --strip-components=1 -x -I xz -f %{SOURCE8} +%if %{include_debug_build} +cp -r tapset tapset%{debug_suffix} +%endif +%if %{include_fastdebug_build} +cp -r tapset tapset%{fastdebug_suffix} +%endif + + +for suffix in %{build_loop} ; do + for file in "tapset"$suffix/*.in; do + OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` + sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1 +# TODO find out which architectures other than i686 have a client vm +%ifarch %{ix86} + sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE +%else + sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE +%endif + sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE + sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE + sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE + done +done +# systemtap tapsets ends +%endif + +# Prepare desktop files +# Portables do not have desktop integration + +# Setup nss.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg + +# Setup nss.fips.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg + +# Setup security policy +#Commented because NA to portable +#sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %{security_file} + +%build + +# How many CPU's do we have? +export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) +export NUM_PROC=${NUM_PROC:-1} +%if 0%{?_smp_ncpus_max} +# Honor %%_smp_ncpus_max +[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} +%endif + +%ifarch s390x sparc64 alpha %{power64} %{aarch64} +export ARCH_DATA_MODEL=64 +%endif +%ifarch alpha +export CFLAGS="$CFLAGS -mieee" +%endif + +# We use ourcppflags because the OpenJDK build seems to +# pass EXTRA_CFLAGS to the HotSpot C++ compiler... +EXTRA_CFLAGS="%ourcppflags -Wno-error" +EXTRA_CPP_FLAGS="%ourcppflags" +%ifarch %{power64} ppc +EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-tree-vectorize" +# fix rpmlint warnings +EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" +%endif +EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" +export EXTRA_CFLAGS EXTRA_ASFLAGS + +(cd %{top_level_dir_name}/common/autoconf + bash ./autogen.sh +) + +function buildjdk() { + local outputdir=${1} + local buildjdk=${2} + local maketargets="${3}" + local debuglevel=${4} + local link_opt=${5} + local debug_symbols=${6} + + local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} + # Variable used in hs_err hook on build failures + local top_builddir_abs_path=$(pwd)/${outputdir} + + echo "Using output directory: ${outputdir}"; + + if [ "x${link_opt}" = "xbundled" ] ; then + libc_link_opt="static"; + else + libc_link_opt="dynamic"; + fi + + echo "Checking build JDK ${buildjdk} is operational..." + ${buildjdk}/bin/java -version + echo "Using make targets: ${maketargets}" + echo "Using debuglevel: ${debuglevel}" + echo "Using link_opt: ${link_opt}" + echo "Using debug_symbols: ${debug_symbols}" + echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" + + mkdir -p ${outputdir} + pushd ${outputdir} + + bash ${top_srcdir_abs_path}/configure \ +%ifarch %{jfr_arches} + --enable-jfr \ +%else + --disable-jfr \ +%endif +%ifarch %{zero_arches} + --with-jvm-variants=zero \ +%endif + --with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \ + --with-native-debug-symbols=${debug_symbols} \ + --with-milestone=%{milestone} \ + --with-update-version=%{updatever} \ + --with-build-number=%{buildver} \ + --with-vendor-name="%{oj_vendor}" \ + --with-vendor-url="%{oj_vendor_url}" \ + --with-vendor-bug-url="%{oj_vendor_bug_url}" \ + --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ + --with-boot-jdk=${buildjdk} \ + --with-debug-level=${debuglevel} \ + --disable-sysconf-nss \ + --enable-unlimited-crypto \ + --with-zlib=${link_opt} \ + --with-giflib=${link_opt} \ +%if %{with system_libs} + --with-libjpeg=${link_opt} \ + --with-libpng=${link_opt} \ + --with-lcms=${link_opt} \ +%endif + --with-stdc++lib=${libc_link_opt} \ + --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ + --with-extra-cflags="$EXTRA_CFLAGS" \ + --with-extra-asflags="$EXTRA_ASFLAGS" \ + --with-extra-ldflags="%{ourldflags}" \ + --with-num-cores="$NUM_PROC" + + cat spec.gmk + cat hotspot-spec.gmk + + make \ + JAVAC_FLAGS=-g \ + LOG=trace \ + SCTP_WERROR= \ + ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) + + popd +} + +function installjdk() { + local outputdir=${1} + local installdir=${2} + local jdkimagepath=${installdir}/images/%{jdkimage} + local jreimagepath=${installdir}/images/%{jreimage} + + echo "Installing build from ${outputdir} to ${installdir}..." + mkdir -p ${installdir} + echo "Installing images..." + mv ${outputdir}/images ${installdir} + if [ -d ${outputdir}/bundles ] ; then + echo "Installing bundles..."; + mv ${outputdir}/bundles ${installdir} ; + fi + # On 8u, docs ends up at the top-level, not in images + if [ -d ${outputdir}/docs ] ; then + echo "Installing docs..."; + mv ${outputdir}/docs ${installdir} ; + fi + +%if !%{with artifacts} + echo "Removing output directory..."; + rm -rf ${outputdir} +%endif + + for imagepath in ${jdkimagepath} ${jreimagepath} ; do + + if [ -d ${imagepath} ] ; then + # the build (erroneously) removes read permissions from some jars + # this is a regression in OpenJDK 7 (our compiler): + # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 + find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; + + # Build screws up permissions on binaries + # https://bugs.openjdk.java.net/browse/JDK-8173610 + find ${imagepath} -iname '*.so' -exec chmod +x {} \; + find ${imagepath}/bin/ -exec chmod +x {} \; + + # Install local files which are distributed with the JDK + install -m 644 %{SOURCE7} ${imagepath} + + # Create fake alt-java as a placeholder for future alt-java + pushd ${imagepath} + # add alt-java man page + echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 + cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 + popd + + # Print release information + cat ${imagepath}/release + fi + done + + # Handle these outside the loop as install path differs between JDK and JRE image + install -m 644 nss.cfg ${jdkimagepath}/jre/lib/security/ + install -m 644 nss.cfg ${jreimagepath}/lib/security/ + # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) + install -m 644 nss.fips.cfg ${jdkimagepath}/jre/lib/security/ + install -m 644 nss.fips.cfg ${jreimagepath}/lib/security/ +} + +function genchecksum() { + local checkedfile=${1} + + checkdir=$(dirname ${1}) + checkfile=$(basename ${1}) + + echo "Generating checksum for ${checkfile} in ${checkdir}..." + pushd ${checkdir} + sha256sum ${checkfile} > ${checkfile}.sha256sum + sha256sum --check ${checkfile}.sha256sum + popd +} + +function packagejdk() { + local imagesdir=$(pwd)/${1}/images + local docdir=$(pwd)/${1}/docs + local bundledir=$(pwd)/${1}/bundles + local packagesdir=$(pwd)/${2} + local srcdir=$(pwd)/%{top_level_dir_name} + + echo "Packaging build from ${imagesdir} to ${packagesdir}..." + mkdir -p ${packagesdir} + pushd ${imagesdir} + + if [ "x$suffix" = "x" ] ; then + nameSuffix="" + else + nameSuffix=`echo "$suffix"| sed s/-/./` + fi + + jdkname=%{jdkportablename -- "$nameSuffix"} + jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} + jrename=%{jreportablename -- "$nameSuffix"} + jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} + debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"} + debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"} + unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"} + # We only use docs for the release build + docname=%{docportablename} + docarchive=${packagesdir}/%{docportablearchive} + built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip + # These are from the source tree so no debug variants + miscname=%{miscportablename} + miscarchive=${packagesdir}/%{miscportablearchive} + + # Rename directories for packaging + mv %{jdkimage} ${jdkname} + mv %{jreimage} ${jrename} + + # Release images have external debug symbols + if [ "x$suffix" = "x" ] ; then + # Keep the unstripped version for consumption by RHEL RPMs + tar -cJf ${unstrippedarchive} ${jdkname} + genchecksum ${unstrippedarchive} + + # Strip the files + for file in $(find ${jdkname} ${jrename} -type f) ; do + if file ${file} | grep -q 'ELF'; then + noextfile=${file/.so/}; + objcopy --only-keep-debug ${file} ${noextfile}.debuginfo; + objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file}; + strip -g ${file}; + fi + done + + tar -cJf ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo) + genchecksum ${debugjdkarchive} + tar -cJf ${debugjrearchive} $(find ${jrename} -name \*.debuginfo) + genchecksum ${debugjrearchive} + + mkdir ${docname} + mv ${docdir} ${docname} + mv ${bundledir}/${built_doc_archive} ${docname} + tar -cJf ${docarchive} ${docname} + genchecksum ${docarchive} + + mkdir ${miscname} + for s in 16 24 32 48 ; do + cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname} + done + tar -cJf ${miscarchive} ${miscname} + genchecksum ${miscarchive} + fi + + tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname} + genchecksum ${jdkarchive} + + tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename} + genchecksum ${jrearchive} + + # Revert directory renaming so testing will run + # TODO: testing should run on the packaged JDK + mv ${jdkname} %{jdkimage} + mv ${jrename} %{jreimage} + + popd #images +} + +%if %{build_hotspot_first} + # Build a fresh libjvm.so first and use it to bootstrap + cp -LR --preserve=mode,timestamps %{bootjdk} newboot + systemjdk=$(pwd)/newboot + buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" "internal" + mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server +%else + systemjdk=%{bootjdk} +%endif + +for suffix in %{build_loop} ; do + + if [ "x$suffix" = "x" ] ; then + debugbuild=release + else + # change --something to something + debugbuild=`echo $suffix | sed "s/-//g"` + fi + # We build with internal debug symbols and do + # our own stripping for one version of the + # release build + debug_symbols=internal + + builddir=%{buildoutputdir -- ${suffix}} + bootbuilddir=boot${builddir} + installdir=%{installoutputdir -- ${suffix}} + bootinstalldir=boot${installdir} + packagesdir=%{packageoutputdir -- ${suffix}} + + link_opt="%{link_type}" +%if %{system_libs} + # Copy the source tree so we can remove all in-tree libraries + cp -a %{top_level_dir_name} %{top_level_dir_name_backup} + # Remove all libraries that are linked + sh %{SOURCE12} %{top_level_dir_name} full +%endif + # Debug builds don't need same targets as release for + # build speed-up. We also avoid bootstrapping these + # slower builds. + if echo $debugbuild | grep -q "debug" ; then + maketargets="%{debug_targets}" + run_bootstrap=false + else + maketargets="%{release_targets}" + run_bootstrap=%{bootstrap_build} + fi + if ${run_bootstrap} ; then + buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${bootbuilddir} ${bootinstalldir} + buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${builddir} ${installdir} + %{!?with_artifacts:rm -rf ${bootinstalldir}} + else + buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${builddir} ${installdir} + fi + packagejdk ${installdir} ${packagesdir} + +%if %{system_libs} + # Restore original source tree we modified by removing full in-tree sources + rm -rf %{top_level_dir_name} + mv %{top_level_dir_name_backup} %{top_level_dir_name} +%endif + +# build cycles +done + +%check + +# We test debug first as it will give better diagnostics on a crash +for suffix in %{build_loop} ; do + +export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} + +# Check unlimited policy has been used +$JAVA_HOME/bin/javac -d . %{SOURCE13} +$JAVA_HOME/bin/java TestCryptoLevel + +# Check ECC is working +$JAVA_HOME/bin/javac -d . %{SOURCE14} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + +# Check system crypto (policy) is active and can be disabled +# Test takes a single argument - true or false - to state whether system +# security properties are enabled or not. +$JAVA_HOME/bin/javac -d . %{SOURCE15} +export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") +export SEC_DEBUG="-Djava.security.debug=properties" +# Portable specific: set false whereas its true for upstream +$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false +$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false + +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} + +# Check java launcher has no SSB mitigation +if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi + +# Check alt-java launcher has SSB mitigation on supported architectures +%ifarch %{ssbd_arches} +nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation +%else +if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi +%endif + +# Check translations are available for new timezones +$JAVA_HOME/bin/javac -d . %{SOURCE18} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE + +# Release builds strip the debug symbols into external .debuginfo files +if [ "x$suffix" = "x" ] ; then + so_suffix="debuginfo" +else + so_suffix="so" +fi + +# Check debug symbols are present and can identify code +find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib +do + if [ -f "$lib" ] ; then + echo "Testing $lib for debug symbols" + # All these tests rely on RPM failing the build if the exit code of any set + # of piped commands is non-zero. + + # Test for .debug_* sections in the shared object. This is the main test + # Stripped objects will not contain these + eu-readelf -S "$lib" | grep "] .debug_" + test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 + + # Test FILE symbols. These will most likely be removed by anything that + # manipulates symbol tables because it's generally useless. So a nice test + # that nothing has messed with symbols + old_IFS="$IFS" + IFS=$'\n' + for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") + do + # We expect to see .cpp files, except for architectures like aarch64 and + # s390 where we expect .o and .oS files + echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$" + done + IFS="$old_IFS" + + # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking + if [ "`basename $lib`" = "libjvm.so" ]; then + eu-readelf -s "$lib" | \ + grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" + fi + + # Test that there are no .gnu_debuglink sections pointing to another + # debuginfo file. There shouldn't be any debuginfo files, so the link makes + # no sense either + eu-readelf -S "$lib" | grep 'gnu' + if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then + echo "bad .gnu_debuglink section." + eu-readelf -x .gnu_debuglink "$lib" + false + fi + fi +done + +# Make sure gdb can do a backtrace based on line numbers on libjvm.so +# javaCalls.cpp:58 should map to: +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# Using line number 1 might cause build problems. See: +# https://bugzilla.redhat.com/show_bug.cgi?id=1539664 +# https://bugzilla.redhat.com/show_bug.cgi?id=1538767 +gdb -q "$JAVA_HOME/bin/java" < - 1:1.8.0.372.b07-2 +- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8 +- Fix debug symbols flag to newboot and package naming +- Disable debug_package as we only produce tarballs +- Drop redundant removal of empty RPM_BUILD_ROOT + +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-1 +- Update to shenandoah-jdk8u372-b07 (GA) +- Update release notes for shenandoah-8u372-b07. +- Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 +- Reintroduce jconsole-plugin.patch from RHEL 9 +- Update generate_tarball.sh to add support for passing a boot JDK to the configure run +- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace +- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs +- Drop JDK-8275535/RH2053256 patch which is now upstream +- Include JDK-8271199 backport early ahead of 8u382 (RH2175317) +- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** +- Resolves: rhbz#2185182 +- Resolves: rhbz#2175317 + +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.362.b09-2 +- Reintroduce generate_source_tarball.sh from RHEL 9 + +* Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-1 +- Update to shenandoah-jdk8u352-b09 (GA) +- Update release notes for shenandoah-8u352-b09. +- Sync system cacerts support with RHEL 9, disabling using -Dsecurity.systemCACerts= +- Update cacerts patch to fix OPENJDK-1433 SecurityManager issue + +* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-4 +- Build with internal debuginfo as in RHEL and then create a stripped variant ourselves for the portable release build +- Restore compiler flags to those used in RHEL +- Remove 8u portable only debug check using nm -aCl which takes a very long time and seems to be duplicated by other checks +- Add docs & icons to the portable output +- Make sure generated checksums work and don't include full path +- The docs directory is a top-level directory on OpenJDK 8, so needs to be moved to the install directory separately + +* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-3 +- Separate JDK packaging into a separate function +- Use variables to make it clearer what is going on +- Use a package output directory as we do for building and installing + +* Mon Feb 27 2023 Andrew Hughes - 1:1.8.0.362.b08-2 +- Adapt the portable build to use the same system library handling as RHEL builds + +* Fri Jan 13 2023 Andrew Hughes - 1:1.8.0.362.b08-1 +- Update to shenandoah-jdk8u352-b08 (GA) +- Update release notes for shenandoah-8u352-b08. +- Fix broken links and missing release notes in older releases. +- Drop JDK-8195607/PR3776/RH1760437 now this is upstream +- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 +- Drop tzdata patches for 2022d & 2022e (JDK-8294357 & JDK-8295173) which are now upstream +- Update TestTranslations.java to test the new America/Ciudad_Juarez zone +- Drop RH1163501 patch which is not upstream or in 11, 17 & 19 packages and seems obsolete + - Patch was broken by inclusion of "JDK-8293554: Enhanced DH Key Exchanges" + - Patch was added for a specific corner case of a 4096-bit DH key on a Fedora host that no longer exists + - Fedora now appears to be using RSA and the JDK now supports ECC in preference to large DH keys +- Resolves: rhbz#2160111 + +* Fri Oct 14 2022 Andrew Hughes - 1:1.8.0.352.b08-1 +- Update to shenandoah-jdk8u352-b08 (GA) +- Update release notes for shenandoah-8u352-b08. +- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 +- Add test to ensure timezones can be translated +- Rebase FIPS patch against 8u352-b07 +- * This tarball is embargoed until 2022-10-18 @ 1pm PT. * +- Resolves: rhbz#2133695 + +* Mon Aug 29 2022 Jayashree Huttanagoudar - 1:1.8.0.345.b01-2 +- Added some previously missing piece related to flatpack builds in portable spec +- The change went into upstream branch in 8u292-b10(GA) itself + +* Mon Aug 29 2022 Stephan Bergmann - 1:1.8.0.345.b01-2 +- Disable copy-jdk-configs for Flatpak builds +- Fix flatpak builds by exempting them from bootstrap +- Resolves: rhbz#2102727 + +* Wed Aug 03 2022 Andrew Hughes - 1:1.8.0.345.b01-1 +- Update to shenandoah-jdk8u345-b01 (GA) +- Update release notes for 8u345-b01. +- Resolves: rhbz#2112405 + +* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b07-1 +- Update to shenandoah-jdk8u342-b07 (GA) +- Update release notes for shenandoah-8u342-b07. +- Print release file during build, which should now include a correct SOURCE value from .src-rev +- Include script to generate bug list for release notes +- Update tzdata requirement to 2022a to match JDK-8283350 +- Rebase JDK-8186464 patch so it applies after JDK-8190753 +- Switch to GA mode for final release. +- This tarball is embargoed until 2022-07-19 @ 1pm PT. +- Resolves: rhbz#2106502 + +* Sun Jul 17 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-5 +- System security properties are disabled by default on portable. +- Commented out lines which are not applicable for portable. +- Commented out BR for crypto-policies for portable + +* Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-5 +- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository +- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +- * RH2090378: Revert to disabling system security properties and FIPS mode support together +- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch +- Rebase PR2888/RH2055274 cacerts patch so it applies after the current FIPS patch +- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk +- Enable system security properties in the RPM (now disabled by default in the FIPS repo) +- Improve security properties test to check both enabled and disabled behaviour +- Run security properties test with property debugging on +- Explicitly require crypto-policies during build and runtime for system security properties +- Resolves: rhbz#2097152 +- Resolves: rhbz#2100675 + +* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-4 +- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode +- Resolves: rhbz#2102435 + +* Thu May 19 2022 Jiri Vanek - 1:1.8.0.332.b09-3 +- to pass aqa: +- removed copy system tzdb in favour of in-tree +- removed Patch3: rh1648644-java_access_bridge_privileged_security.patch +- This is not intended to release untill we decide proper steps + +* Wed May 11 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-2 +- Add some missing chunk in %check from upstream spec. + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b09-1 +- Update to shenandoah-jdk8u332-b09 (GA) +- Update release notes for 8u332-b09. +- Switch to GA mode for final release. +- This tarball is embargoed until 2022-04-19 @ 1pm PT. +- Resolves: rhbz#2073422 + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.2.ea +- Allow the default keystore to be configured using security.systemCACerts +- Use of the property can now be disabled using -Djava.security.disableSystemCACerts=true +- Commented out the configuration line for RHEL which is NA for portable. +- Resolves: rhbz#2055274 + +* Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.1.ea +- Update to shenandoah-jdk8u332-b06 (EA) +- Update release notes for shenandoah-8u332-b06. +- Minor corrections to previous changelog entry. +- Resolves: rhbz#2047536 + +* Sun Apr 17 2022 Andrew Hughes - 1:1.8.0.332.b01-0.1.ea +- Update to shenandoah-jdk8u332-b01 (EA) +- Update release notes for shenandoah-8u332-b01. +- Switch to EA mode. +- Remove JDK-8279077 patch now upstream. +- Related: rhbz#2047536 + +* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-10 +- Add JDK-8275535 patch to fix LDAP authentication issue. +- Resolves: rhbz#2053285 + +* Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-9 +- Detect NSS at runtime for FIPS detection +- Resolves: rhbz#2052828 + +* Mon Feb 21 2022 Andrew Hughes - 1:1.8.0.322.b06-8 +- Refactor build functions so we can build just HotSpot without any attempt at installation. +- Introduce architecture restriction logic for the gdb test. (RH2041970) +- Pass compiler flags to the ADLC build (JDK-8281098) +- Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 +- Explicitly list JIT architectures rather than relying on those with slowdebug builds +- Disable the serviceability agent on Zero architectures even when the architecture itself is supported +- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds +- Sync minor placement differences with Fedora & RHEL 9 +- Resolves: rhbz#2022815 + +* Mon Jan 31 2022 Andrew Hughes - 1:1.8.0.322.b06-7 +- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. +- Related: rhbz#2022815 + +* Fri Jan 28 2022 Andrew Hughes - 1:1.8.0.322.b06-6 +- Reduce disk footprint by removing build artifacts by default. +- Related: rhbz#1999937 + +* Thu Jan 27 2022 Jayashree Huttanagoudar - 1:1.8.0.322.b06-5 +- Add some diagnostic messages to buildjdk() +- Add missing chmod instructions to buildjdk() + +* Thu Jan 27 2022 Andrew Hughes - 1:1.8.0.322.b06-5 +- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. +- Resolves: rhbz#1966233 + +* Tue Jan 25 2022 Andrew Hughes - 1:1.8.0.322.b06-4 +- Install nss.cfg and nss.fips.cfg into portable images. +- Consistently make use of jdkimage and jreimage variables. + +* Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-3 +- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent + +* Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-2 +- Fix FIPS issues in native code and with initialisation of java.security.Security +- Related: rhbz#2039366 + +* Fri Jan 21 2022 Andrew Hughes - 1:1.8.0.322.b06-1 +- Update to aarch64-shenandoah-jdk8u322-b06 (EA) +- Update release notes for 8u322-b06. +- Switch to GA mode for final release. +- Resolves: rhbz#2039366 + +* Thu Jan 20 2022 Andrew Hughes - 1:1.8.0.322.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b05 (EA) +- Update release notes for 8u322-b05. +- Require tzdata 2021e as of JDK-8275766. +- Update tarball generation script to use git following shenandoah-jdk8u's move to github +- Resolves: rhbz#2022815 + +* Tue Jan 18 2022 Andrew Hughes - 1:1.8.0.322.b04-0.2.ea +- Add backport of JDK-8279077 to fix crash on ppc64 +- Resolves: rhbz#2030399 + +* Mon Jan 10 2022 Andrew Hughes - 1:1.8.0.322.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b04 (EA) +- Update release notes for 8u322-b04. +- Require tzdata 2021c as of JDK-8274407. +- Related: rhbz#2022815 + +* Fri Jan 07 2022 Andrew Hughes - 1:1.8.0.322.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b03 (EA) +- Update release notes for 8u322-b03. +- Related: rhbz#2022815 + +* Fri Dec 17 2021 Andrew Hughes - 1:1.8.0.322.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b02 (EA) +- Update release notes for 8u322-b02. +- Related: rhbz#2022815 + +* Tue Dec 14 2021 Andrew Hughes - 1:1.8.0.322.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u322-b01 (EA) +- Update release notes for 8u322-b01. +- Switch to EA mode. +- Related: rhbz#2022815 + +* Tue Dec 14 2021 Jayashree Huttanagoudar - 1:1.8.0.322.b01-0.1.ea +- Typo correction to the previous commit for restructuring the build. + +* Mon Dec 06 2021 Severin Gehwolf - 1:1.8.0.312.b07-5 +- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy + secmod.db file as part of nss +- Resolves: rhbz#2023532 + +* Mon Nov 22 2021 Jayashree Huttanagoudar - 1:1.8.0.312.b07-4 +- Fixed warnings for bogus date and macro expansion in comment line. + +* Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-3 +- added and enabled nss.cfg (source11: nss.cfg.in + patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch) +- added and enabled fips patches and nss.fips.cfg +- added and enabled source15: TestSecurityProperties.java test +- enabled patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch +- enabled patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch +- source17: nss.fips.cfg.in,patch1001: rh1655466-global_crypto_and_fips.patch + patch1001: rh1655466-global_crypto_and_fips.patch + patch1002: rh1818909-fips_default_keystore_type.patch patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch + patch1005: rh1915071-always_initialise_configurator_access.patch patch1006: rh1929465-improve_system_FIPS_detection-root.patch + patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch + patch1008: rh1996182-login_to_nss_software_token.patch patch1011: rh1991003-enable_fips_keys_import.patch + patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch +- Disable FIPS mode detection using NSS in favour of using /proc/sys/crypto/fips_enabled for now, so we don't link against NSS +-- effectively disabled Patch1008: rh1929465-improve_system_FIPS_detection.patch by settng --enable-sysconf-nss to --disable-sysconf-nss +-- the enable-sysconf-nss was bringing in hard depndence on nss. Without nss, even in non fips, jvm had not even started +- introduced ssbd_arches to have properly tested alt-java +-- added forgotten test for alt-java +- removed bad redeclaration of fastdebug_arches +- made TestECDSA non fatal, started to fail. Locally passed. TODO, fix + +* Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-2 +- cacerts symlink is resolved before passed to configure +- https://issues.redhat.com/browse/OPENJDK-487 + +* Fri Oct 15 2021 Andrew Hughes - 1:1.8.0.312.b07-1 +- Update to aarch64-shenandoah-jdk8u312-b07 (EA) +- Update release notes for 8u312-b07. +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-10-19 @ 1pm PT. +- Resolves: rhbz#2011826 + +* Mon Oct 04 2021 Jiri Vanek - 1:1.8.0.302.b08-2 +- fixed bugzilla component. It was pointing to java-x-vendor-portable due to recent rename + +* Mon Aug 16 2021 Jiri Vanek - 1:1.8.0.302.b08-1 +- renamed to java-1.8.0-openjdk-portable +- adapted pacakges to not contain double portbale in name + +* Fri Jul 16 2021 Andrew Hughes - 1:1.8.0.302.b08-0 +- Update to aarch64-shenandoah-jdk8u302-b08 (EA) +- Update release notes for 8u302-b08. +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-07-20 @ 1pm PT. +- added forgotten patch107 s390-8214206_fix.patch + +* Thu Jul 01 2021 Jiri Vanek - 1:1.8.0.302.b03-0.1.ea +- returned two wrongly removed patches +- returned and applied patch541 rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +- returned and applied patch12 jdk8186464-rh1433262-zip64_failure.patch + +* Sun Jun 27 2021 Andrew Hughes - 1:1.8.0.302.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u302-b03 (EA) +- Update release notes for 8u302-b03. +- Resolves: rhbz#1967812 + +* Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b10-1 +- Add CVE numbers. +- Require tzdata 2021a due to JDK-8260356 +- Resolves: rhbz#1938201 + +* Thu Apr 08 2021 Andrew Hughes - 1:1.8.0.292.b10-0 +- Update to aarch64-shenandoah-jdk8u292-b10 (GA) +- Update release notes for 8u292-b10. +- This tarball is embargoed until 2021-04-20 @ 1pm PT. +- Resolves: rhbz#1938201 + +* Thu Apr 08 2021 Stephan Bergmann - 1:1.8.0.292.b10-0 +- Hardcode /usr/sbin/alternatives for Flatpak builds +- Resolves: rhbz#1967813 + +* Tue Mar 30 2021 Andrew Hughes - 1:1.8.0.292.b09-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b09 (EA) +- Update release notes for 8u292-b09. +- Resolves: rhbz#1938081 + +* Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b08-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b08 (EA) +- Update release notes for 8u292-b08. +- Resolves: rhbz#1938081 + +* Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b07 (EA) +- Update release notes for 8u292-b07. +- Resolves: rhbz#1938081 + +* Mon Mar 22 2021 Andrew Hughes - 1:1.8.0.292.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b06 (EA) +- Update release notes for 8u292-b06. +- Require tzdata 2020f due to JDK-8259048 +- Resolves: rhbz#1938081 + +* Mon Mar 15 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b05-0.1.ea +- Remove patch s390-8214206_fix.patch as portable is not built for s390. + +* Mon Mar 15 2021 Andrew Hughes - 1:1.8.0.292.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA). +- Update release notes for 8u292-b05-shenandoah-merge-2021-03-11. + +* Mon Mar 08 2021 Andrew Hughes - 1:1.8.0.292.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b05 (EA) +- Update release notes for 8u292-b05. + +* Fri Mar 05 2021 Andrew Hughes - 1:1.8.0.292.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b04 (EA) +- Update release notes for 8u292-b04. + +* Thu Mar 04 2021 Andrew Hughes - 1:1.8.0.292.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b03 (EA) +- Update release notes for 8u292-b03. + +* Tue Mar 02 2021 Andrew Hughes - 1:1.8.0.292.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b02 (EA) +- Update release notes for 8u292-b02. + +* Fri Feb 12 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b01-0.0.ea +- Update tzdata-java from 2020b to 2021a + +* Fri Feb 12 2021 Andrew Hughes - 1:1.8.0.292.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u292-b01 (EA) +- Update release notes for 8u292-b01. +- Switch to EA mode. + +* Thu Feb 4 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-4 +- Changes to generate sha256sum for each linux-portable build artifacts inside RPM + +* Mon Jan 25 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-3 +- Cleanup package summary for fastdebug and slowdebug. +- Resolves: rhbz#1908963 + +* Mon Jan 25 2021 Andrew Hughes - 1:1.8.0.282.b08-2 +- Cleanup package descriptions and version number placement. +- Resolves: rhbz#1908963 + +* Mon Jan 18 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-1 +- Fix to address the extra src.zip bundled inside jdk tarball. + +* Sat Jan 16 2021 Andrew Hughes - 1:1.8.0.282.b08-0 +- Update to aarch64-shenandoah-jdk8u282-b08 (GA) +- Update release notes for 8u282-b08. +- This tarball is embargoed until 2021-01-19 @ 1pm PT. +- Resolves: rhbz#1908963 + +* Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b07 (EA) +- Update release notes for 8u282-b07. +- Fix placement issue in release notes, caught by comparing with vanilla version. +- Resolves: rhbz#1903904 + +* Wed Jan 13 2021 Andrew Hughes - 1:1.8.0.282.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b06 (EA) +- Update release notes for 8u282-b06. +- Resolves: rhbz#1903903 + +* Mon Jan 11 2021 Andrew Hughes - 1:1.8.0.282.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b05 (EA) +- Update release notes for 8u282-b05 and make some minor corrections. +- Resolves: rhbz#1903903 + +* Fri Jan 08 2021 Jiri Vanek - 1:1.8.0.282.b04-0.1.ea +- added patch600, rh1750419-redhat_alt_java.patch +- Replaced alt-java palceholder by real pathced alt-java +- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch +- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +- both suprassed by new patch +- Resolves: rhbz#1750419 + +* Wed Jan 06 2021 Andrew Hughes - 1:1.8.0.282.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b04 (EA) +- Update release notes for 8u282-b04. +- Remove upstreamed patch PR3519 +- Resolves: rhbz#1903903 + +* Sat Jan 02 2021 Andrew Hughes - 1:1.8.0.282.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b03 (EA) +- Update release notes for 8u282-b03. +- Resolves: rhbz#1903903 + +* Wed Dec 23 2020 Andrew Hughes - 1:1.8.0.282.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b02 (EA) +- Resolves: rhbz#1903903 + +* Tue Dec 22 2020 Jayashree Huttanagoudar - 1:1.8.0.282.b01-0.0.ea +- Remove upstreamed JDK-8252395 & JDK-8252975. + +* Tue Dec 22 2020 Andrew Hughes - 1:1.8.0.282.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u282-b01 (EA) +- Update release notes for 8u282-b01. +- Switch to EA mode. +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Remove PR3601, covered upstream by JDK-8062808. +- Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727. +- Resolves: rhbz#1903903 + +* Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-3 +- Included patch to handle '--without fastdebug' option to mockbuild + +* Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-2 +- Align fastdebug/slowdebug changes with upstream rhel-8.4.0 spec + +* Tue Dec 01 2020 Jiri Vanek - 1:1.8.0.275.b01-1 +- added br of listdc++-static +- removed patch998 rh1649731-allow_to_build_on_rhel6_with_stdcpplib_autotools_2_63.patch +- removed patch999 gcc-4.4.7-x86-32-siphash64.patch +- initial on-el7 build (more tuning expected) + +* Fri Nov 06 2020 Andrew Hughes - 1:1.8.0.275.b01-0 +- Update to aarch64-shenandoah-jdk8u275-b01 (GA) +- Update release notes for 8u275. +- Resolves: rhbz#1895062 + +* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-3 +- Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour" +- Resolves: rhbz#1876665 + +* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-2 +- Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 +- Resolves: rhbz#1876665 + +* Tue Oct 20 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b10-1 +- Added patch to apply tzdata 2020b + +* Sat Oct 17 2020 Andrew Hughes - 1:1.8.0.272.b10-0 +- Update to aarch64-shenandoah-jdk8u272-b10. +- Switch to GA mode for final release. +- Update release notes for 8u272 release. +- Add backport of JDK-8254177 to update to tzdata 2020b +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Delay tzdata 2020b dependency until tzdata update has shipped. +- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 +- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 +- This tarball is embargoed until 2020-10-20 @ 1pm PT. +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Andrew Hughes - 1:1.8.0.272.b09-0.1.ea +- Include a test in the RPM to check the build has the correct vendor information. +- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. +- Improve quoting of vendor name +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Jiri Vanek - 1:1.8.0.272.b09-0.1.ea +- Set vendor property and vendor URLs +- Made URLs to be preconfigured by OS +- Resolves: rhbz#1876665 + +* Wed Oct 14 2020 Andrew Hughes - 1:1.8.0.272.b09-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b09 (EA). +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b08-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b08 (EA). +- Resolves: rhbz#1876665 + +* Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b07-0.5.ea +- Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR +- Resolves: rhbz#1876665 + +* Wed Sep 23 2020 Andrew Hughes - 1:1.8.0.272.b07-0.4.ea +- Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes. +- Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch. + +* Wed Sep 23 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.3.ea +- Placed upstream patches JDK-8252395 and JDK-8252975 under separate section +- So that these patches can be dropped easily once they are available in 8u282 GA release + +* Thu Sep 17 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.2.ea +- Added upstream patches for JDK-8252395 and JDK-8252975 +- JDK-8252395: To ensure debuginfo files get properly copied to the images directory +- JDK-8252975: Is to fix the build failure due to JDK-8252395 + +* Tue Sep 08 2020 Andrew Hughes - 1:1.8.0.272.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b07. + +* Thu Sep 03 2020 Andrew Hughes - 1:1.8.0.272.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b06. + +* Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea +- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 + +* Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. + +* Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea +- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 + +* Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b05. +- Fix context in JDK-8186464/RH1433262 patch, following JDK-8078334 @randomness tag addition. + +* Wed Aug 19 2020 Andrew Hughes - 1:1.8.0.272.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b04. + +* Mon Aug 17 2020 Andrew Hughes - 1:1.8.0.272.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b03. + +* Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea +- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. + +* Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b02. +- Remove JDK-8154313 backport now applied upstream. + +* Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea +- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. + +* Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u272-b01. +- Switch to EA mode. +- Remove ZipConstants change from JDK-8186464 backport, now provided upstream by JDK-8075774 + +* Mon Jul 27 2020 Andrew Hughes - 1:1.8.0.265.b01-0 +- Update to aarch64-shenandoah-jdk8u265-b01. +- Update release notes for 8u265 release. +- Resolves: rhbz#1860453 + +* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 +- Introduce jfr_arches for architectures which support JFR. +- Resolves: rhbz#1838811 + +* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 +- Update to aarch64-shenandoah-jdk8u262-b10. +- Switch to GA mode for final release. +- Update release notes for 8u262 release. +- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. +- Split JDK-8042159 patch into per-repo patches as upstream. +- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk +- Resolves: rhbz#1838811 + +* Sat Jul 11 2020 Andrew Hughes - 1:1.8.0.262.b09-0.3.ea +- Restructure the build so a minimal initial build is then used for the final build (with docs) +- This reduces pressure on the system JDK and ensures the JDK being built can do a full build +- Resolves: rhbz#1838811 + +* Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea +- Sync alt-java support with java-11-openjdk version. +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Jiri Vanek - 1:1.8.0.262.b09-0.2.ea +- Created copy of java as alt-java and adapted alternatives and man pages +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b09. +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b08-0.3.ea +- Update to aarch64-shenandoah-jdk8u262-b08. +- Resolves: rhbz#1838811 + +* Tue Jul 07 2020 Andrew Hughes - 1:1.8.0.262.b07-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. +- Resolves: rhbz#1838811 + +* Fri Jul 03 2020 Andrew Hughes - 1:1.8.0.262.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b07. +- Require tzdata 2020a so system tzdata matches resource updates in b07 +- Resolves: rhbz#1838811 + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b06. +- Resolves: rhbz#1838811 + +* Mon Jun 08 2020 Jayashree Huttanagoudar - 1:1.8.0.262.b05-0.4.ea +- Removed patch jdk8243541-rh1838229-tzdata2020a.patch +- Portabel builds use upstream tzddb.dat, and we expect it to be synced with jdk code + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.4.ea +- Backport JDK-8186464 so ZIP64 archives < 4GB can be read. +- Resolves: rhbz#1433262 + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.3.ea +- Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. +- Resolves: rhbz#1838811 + +* Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.2.ea +- Backport JDK-8243541 & require tzdata 2020a as latest tzdata package needs resource updates +- Resolves: rhbz#1838229 + +* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b05. +- Remove backports of JDK-8227269 & JDK-8241750 included upstream in 8u262-b05. +- Resolves: rhbz#1838811 + +* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b04. +- Resolves: rhbz#1838811 + +* Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b03-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. +- Resolves: rhbz#1838811 + +* Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b03. +- Resolves: rhbz#1838811 + +* Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b02-0.2.ea +- Enable JFR in our builds, ahead of upstream default. +- Only enable JFR for JIT builds, as it is not supported with Zero. +- Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. +- Resolves: rhbz#1838811 + +* Wed Jun 03 2020 Andrew Hughes - 1:1.8.0.262.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b02. +- Resolves: rhbz#1838811 + +* Sun May 24 2020 Andrew Hughes - 1:1.8.0.262.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b01. +- Switch to EA mode. +- Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR + +* Sat May 23 2020 Andrew John Hughes - 1:1.8.0.252.b09-4 +- Add backports of JDK-8227269 & JDK-8241750 to resolve slow class loading with JDWP enabled. +- Resolves: rhbz#1751985 + +* Tue Apr 14 2020 Andrew Hughes - 1:1.8.0.252.b09-2 +- Add release notes. +- Resolves: rhbz#1810557 + +* Sun Apr 12 2020 Andrew Hughes - 1:1.8.0.252.b09-1 +- Make use of --with-extra-asflags introduced in jdk8u252-b01. +- Resolves: rhbz#1810557 + +* Mon Apr 06 2020 Andrew Hughes - 1:1.8.0.252.b09-0 +- Update to aarch64-shenandoah-jdk8u252-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1810557 + +* Fri Mar 27 2020 Andrew Hughes - 1:1.8.0.252.b08-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b08. +- Resolves: rhbz#1810557 + +* Tue Mar 24 2020 Andrew Hughes - 1:1.8.0.252.b07-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b07. +- Resolves: rhbz#1810557 + +* Mon Mar 16 2020 Andrew Hughes - 1:1.8.0.252.b06-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b06. +- Resolves: rhbz#1810557 + +* Fri Feb 28 2020 Andrew Hughes - 1:1.8.0.252.b05-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b05. +- Resolves: rhbz#1810557 + +* Mon Feb 24 2020 Andrew Hughes - 1:1.8.0.252.b04-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b04. +- Resolves: rhbz#1810557 + +* Wed Feb 19 2020 Andrew Hughes - 1:1.8.0.252.b03-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b03. +- Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 +- Resolves: rhbz#1810557 + +* Tue Feb 04 2020 Andrew Hughes - 1:1.8.0.252.b02-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b02. +- Resolves: rhbz#1810557 + +* Mon Jan 27 2020 Andrew Hughes - 1:1.8.0.252.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u252-b01. +- Switch to EA mode. +- Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change +- Resolves: rhbz#1810557 + +* Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-3 +- get rid of openjdkportable in favour of el + +* Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-2 +- renamed static to more accurate portable + +* Wed Jan 15 2020 Jiri Vanek - 1:1.8.0.242.b08-1 +- sync with rhel 8.1 + +* Tue Oct 15 2019 Jiri Vanek - 1:1.8.0.232.b09-0 +- Update to aarch64-shenandoah-jdk8u232-b09. +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. + +* Mon Oct 07 2019 Jiri Vanek - 1:1.8.0.232.b01-0.0.ea +- Update to aarch64-shenandoah-jdk8u232-b01. +- Switch to EA mode. +- Drop JDK-8210761/RH1632174 as now upstream. +- Drop JDK-8223219 as now upstream. + +* Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-4 +- for release, build debugsymbols to special archive + +* Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-3 +- filtered out -g from extra flags + +* Thu Jul 11 2019 Andrew Hughes - 1:1.8.0.222.b10-1 +- Update to aarch64-shenandoah-jdk8u222-b10. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 +- Use normal_suffix for Javadoc zip filename to copy, as there is is no debug version. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 +- Provide Javadoc debug subpackages for now, but populate them from the normal build. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-1 +- Update to aarch64-shenandoah-jdk8u222-b09. +- Switch to GA mode for final release. +- Resolves: rhbz#1724452 + +* Tue Jul 02 2019 Andrew Hughes - 1:1.8.0.222.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u222-b08. +- Adjust PR3083/RH134640 to apply after JDK-8182999 +- Resolves: rhbz#1724452 + +* Tue Jul 02 2019 Severin Gehwolf - 1:1.8.0.222.b07-0.3.ea +- Include 'ea' designator in Release when appropriate. +- Resolves: rhbz#1724452 + +* Wed Jun 26 2019 Severin Gehwolf - 1:1.8.0.222.b07-2 +- Don't produce javadoc/javadoc-zip sub packages for the debug variant build. +- Don't perform a bootcycle build for the debug variant build. +- Resolves: rhbz#1724452 + +* Tue Jun 25 2019 Andrew Hughes - 1:1.8.0.222.b07-1 +- Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13. +- Resolves: rhbz#1724452 + +* Fri Jun 14 2019 Andrew Hughes - 1:1.8.0.222.b06-1 +- Update to aarch64-shenandoah-jdk8u222-b06. +- Resolves: rhbz#1724452 + +* Thu Jun 06 2019 Andrew Hughes - 1:1.8.0.222.b05-1 +- Update to aarch64-shenandoah-jdk8u222-b05. +- Resolves: rhbz#1724452 + +* Sat May 25 2019 Andrew Hughes - 1:1.8.0.222.b04-1 +- Update to aarch64-shenandoah-jdk8u222-b04. +- Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream. +- Resolves: rhbz#1705328 + +* Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 +- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. +- Drop unused use_shenandoah_hotspot variable. +- Resolves: rhbz#1705328 + +* Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 +- Update to aarch64-shenandoah-jdk8u222-b03. +- Set milestone to "ea" as this is not the final release. +- Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u. +- Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes. +- Resolves: rhbz#1705328 + +* Mon May 13 2019 Andrew Hughes - 1:1.8.0.222.b02-1 +- Update to aarch64-shenandoah-jdk8u222-b02. +- Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100). +- Resolves: rhbz#1705328 + +* Thu May 02 2019 Andrew Hughes - 1:1.8.0.222.b01-1 +- Update to aarch64-shenandoah-jdk8u222-b01. +- Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575. +- Drop 8171000, 8197546 & PR3634 as applied upstream. +- Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp +- Resolves: rhbz#1705328 + +* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-1 +- Update to aarch64-shenandoah-jdk8u212-b04. +- Resolves: rhbz#1693468 + +* Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b03-0 +- Update to aarch64-shenandoah-jdk8u212-b03. +- Resolves: rhbz#1693468 + +* Tue Apr 09 2019 Andrew Hughes - 1:1.8.0.212.b02-0 +- Update to aarch64-shenandoah-jdk8u212-b02. +- Remove patches included upstream + - JDK-8197429/PR3546/RH153662{2,3} + - JDK-8184309/PR3596 +- Re-generate patches + - JDK-8203030 +- Add casts to resolve s390 ambiguity in calls to log2_intptr +- Resolves: rhbz#1693468 + +* Sun Apr 07 2019 Andrew Hughes - 1:1.8.0.202.b08-0 +- Update to aarch64-shenandoah-jdk8u202-b08. +- Remove patches included upstream + - JDK-8211387/PR3559 + - JDK-8073139/PR1758/RH1191652 + - JDK-8044235 + - JDK-8131048/PR3574/RH1498936 + - JDK-8164920/PR3574/RH1498936 +- Resolves: rhbz#1693468 + +* Thu Apr 04 2019 Andrew Hughes - 1:1.8.0.201.b13-0 +- Update to aarch64-shenandoah-jdk8u201-b13. +- Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream. +- Resolves: rhbz#1693468 + +* Tue Apr 02 2019 Severin Gehwolf - 1:1.8.0.201.b09-3 +- Update patch for RH1566890. + - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to + rh1566890-CVE_2018_3639-speculative_store_bypass.patch + - Added dependent patch, + rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +- Resolves: rhbz#1693468 + +* Tue Mar 12 2019 Jiri Vanek - 1:1.8.0.201.b09-2 +- name adapted to current tag + +* Thu Feb 28 2019 Jiri Vanek jvanek@redhat.com - 1:1.8.0.201.b09-2 +- Replaced pcsc-lite-devel (which is in optional channel) with pcsc-lite-libs. +- added rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch to make jdk work with pcsc + +* Tue Feb 26 2019 Jiri Vanek - 1:1.8.0.201.b09-0 +- cripled rpms original specto roduce only portable build +- Resolves: rhbz#1661577 diff --git a/SOURCES/repackReproduciblePolycies.sh b/SOURCES/repackReproduciblePolycies.sh index f356bd3..351e7a9 100644 --- a/SOURCES/repackReproduciblePolycies.sh +++ b/SOURCES/repackReproduciblePolycies.sh @@ -17,7 +17,7 @@ fi d=`mktemp -d` NW=$d/$f pushd $d - jar xf $ORIG + unzip $ORIG cat $M # sed -i "s/Created-By.*/Created-By: 1.7.0/g" $M sed -i "s/Created-By.*/Created-By: $2/g" $M diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index 725bac0..01d03d6 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -123,6 +123,8 @@ %global ssbd_arches x86_64 # Set of architectures where we verify backtraces with gdb %global gdb_arches %{jit_arches} %{zero_arches} +# Set of architectures for which we have a portable build +%global portable_build_arches %{aarch64} %{ix86} %{power64} s390x x86_64 # By default, we build a debug build during main build on JIT architectures %if %{with slowdebug} @@ -189,6 +191,9 @@ %endif %global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk +# debugedit tool for rewriting ELF file paths +%global debugedit %{_rpmconfigdir}/debugedit + # Filter out flags from the optflags macro that cause problems with the OpenJDK build # We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 # We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) @@ -334,7 +339,12 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 1 +%global rpmrelease 4 +# Settings used by the portable build +%global portablerelease 2 +%global portablesuffix el8 +%global portablebuilddir /builddir/build/BUILD + # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -359,10 +369,7 @@ # parametrized macros are order-sensitive %global compatiblename %{name} %global fullversion %{compatiblename}-%{version}-%{release} -# images stub -%global jdkimage j2sdk-image # output dir stub -%define buildoutputdir() %{expand:build/jdk8.build%{?1}} %define installoutputdir() %{expand:install/jdk8.install%{?1}} # we can copy the javadoc to not arched dir, or make it not noarch %define uniquejavadocdir() %{expand:%{fullversion}%{?1}} @@ -794,6 +801,8 @@ exit 0 %license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE %license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README %doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS +%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/README.md +%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/java-1.%{majorver}.0-openjdk-portable.specfile %dir %{_jvmdir}/%{sdkdir -- %{?1}} %{_jvmdir}/%{jrelnk -- %{?1}} %dir %{_jvmdir}/%{jredir -- %{?1}}/lib/security @@ -1068,25 +1077,24 @@ exit 0 %define files_demo() %{expand: %defattr(-,root,root,-) -%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +%license %{installoutputdir -- %{?1}}/jre/LICENSE } %define files_src() %{expand: %defattr(-,root,root,-) -%doc README.md %{_jvmdir}/%{sdkdir -- %{?1}}/src.zip } %define files_javadoc() %{expand: %defattr(-,root,root,-) %doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}} -%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +%license %{installoutputdir -- %{?1}}/jre/LICENSE } %define files_javadoc_zip() %{expand: %defattr(-,root,root,-) %doc %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip -%license %{installoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE +%license %{installoutputdir -- %{?1}}/jre/LICENSE } %define files_accessibility() %{expand: @@ -1289,12 +1297,6 @@ URL: http://openjdk.java.net/ # where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz -# Custom README for -src subpackage -Source2: README.md - -# Release notes -Source7: NEWS - # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (3.x). # Systemtap tapsets. Zipped up to keep it small. @@ -1328,12 +1330,23 @@ Source17: nss.fips.cfg.in # Ensure translations are available for new timezones Source18: TestTranslations.java -Source20: repackReproduciblePolycies.sh +Source21: repackReproduciblePolycies.sh # New versions of config files with aarch64 support. This is not upstream yet. Source100: config.guess Source101: config.sub +# Include portable spec and instructions on how to rebuild +Source19: README.md +Source20: java-1.%{majorver}.0-openjdk-portable.specfile + +# Setup variables to reference correct sources +%global releasezip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.unstripped.jdk.%{_arch}.tar.xz +%global docszip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.docs.%{_arch}.tar.xz +%global misczip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.misc.%{_arch}.tar.xz +%global slowdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.slowdebug.jdk.%{_arch}.tar.xz +%global fastdebugzip %{_jvmdir}/%{name}-portable-%{version}-%{portablerelease}.portable.fastdebug.jdk.%{_arch}.tar.xz + ############################################ # # RPM/distribution specific patches @@ -1344,7 +1357,7 @@ Source101: config.sub ############################################ # Accessibility patches -# Ignore AWTError when assistive technologies are loaded +# Ignore AWTError when assistive technologies are loaded Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Restrict access to java-atk-wrapper classes Patch3: rh1648644-java_access_bridge_privileged_security.patch @@ -1521,8 +1534,19 @@ BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel BuildRequires: zip BuildRequires: unzip -# Require a boot JDK which doesn't fail due to RH1482244 -BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 +# For definitions and macros like jvmdir +BuildRequires: javapackages-filesystem +%if %{include_normal_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +%if %{include_fastdebug_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +%if %{include_debug_build} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +BuildRequires: java-1.%{majorver}.0-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-1.%{majorver}.0-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} # Zero-assembler build requirement %ifarch %{zero_arches} BuildRequires: libffi-devel @@ -1550,8 +1574,6 @@ Provides: bundled(lcms2) = 2.10.0 Provides: bundled(libjpeg) = 6b # Version in jdk/src/share/native/sun/awt/libpng/png.h Provides: bundled(libpng) = 1.6.37 -# We link statically against libstdc++ to increase portability -BuildRequires: libstdc++-static %endif # this is always built, also during debug-only build @@ -1831,8 +1853,6 @@ fi # For old patches ln -s %{top_level_dir_name} jdk8 -cp %{SOURCE2} . - # replace outdated configure guess script # # the configure macro will do this too, but it also passes a few flags not @@ -1959,237 +1979,73 @@ sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %build -# How many CPU's do we have? -export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) -export NUM_PROC=${NUM_PROC:-1} -%if 0%{?_smp_ncpus_max} -# Honor %%_smp_ncpus_max -[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} -%endif +function customisejdk() { + local imagepath=${1} -%ifarch s390x sparc64 alpha %{power64} %{aarch64} -export ARCH_DATA_MODEL=64 -%endif -%ifarch alpha -export CFLAGS="$CFLAGS -mieee" -%endif + if [ -d ${imagepath} ] ; then + # Turn on system security properties + sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ + ${imagepath}/jre/lib/security/java.security -# We use ourcppflags because the OpenJDK build seems to -# pass EXTRA_CFLAGS to the HotSpot C++ compiler... -EXTRA_CFLAGS="%ourcppflags -Wno-error" -EXTRA_CPP_FLAGS="%ourcppflags" - -%ifarch %{power64} ppc -# fix rpmlint warnings -EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" -%endif -EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" -export EXTRA_CFLAGS EXTRA_ASFLAGS - -(cd %{top_level_dir_name}/common/autoconf - bash ./autogen.sh -) - -function buildjdk() { - local outputdir=${1} - local buildjdk=${2} - local maketargets="${3}" - local debuglevel=${4} - local link_opt=${5} - - local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} - # Variable used in hs_err hook on build failures - local top_builddir_abs_path=$(pwd)/${outputdir} - - echo "Using output directory: ${outputdir}"; - - if [ "x${link_opt}" = "xbundled" ] ; then - libc_link_opt="static"; - else - libc_link_opt="dynamic"; - fi - - echo "Checking build JDK ${buildjdk} is operational..." - ${buildjdk}/bin/java -version - echo "Using make targets: ${maketargets}" - echo "Using debuglevel: ${debuglevel}" - echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" - - mkdir -p ${outputdir} - pushd ${outputdir} - - bash ${top_srcdir_abs_path}/configure \ -%ifarch %{jfr_arches} - --enable-jfr \ -%else - --disable-jfr \ -%endif -%ifarch %{zero_arches} - --with-jvm-variants=zero \ -%endif - --with-native-debug-symbols=internal \ - --with-milestone=%{milestone} \ - --with-update-version=%{updatever} \ - --with-build-number=%{buildver} \ - --with-vendor-name="%{oj_vendor}" \ - --with-vendor-url="%{oj_vendor_url}" \ - --with-vendor-bug-url="%{oj_vendor_bug_url}" \ - --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ - --with-boot-jdk=${buildjdk} \ - --with-debug-level=${debuglevel} \ - --disable-sysconf-nss \ - --enable-unlimited-crypto \ - --with-zlib=${link_opt} \ - --with-giflib=${link_opt} \ -%if %{with system_libs} - --with-libjpeg=${link_opt} \ - --with-libpng=${link_opt} \ - --with-lcms=${link_opt} \ -%endif - --with-stdc++lib=${libc_link_opt} \ - --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ - --with-extra-cflags="$EXTRA_CFLAGS" \ - --with-extra-asflags="$EXTRA_ASFLAGS" \ - --with-extra-ldflags="%{ourldflags}" \ - --with-num-cores="$NUM_PROC" - - cat spec.gmk - cat hotspot-spec.gmk - - make \ - JAVAC_FLAGS=-g \ - LOG=trace \ - SCTP_WERROR= \ - ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) - - popd -} - -function installjdk() { - local outputdir=${1} - local installdir=${2} - local imagepath=${installdir}/images/%{jdkimage} - - echo "Installing build from ${outputdir} to ${installdir}..." - mkdir -p ${installdir} - echo "Installing images..." - mv ${outputdir}/images ${installdir} - if [ -d ${outputdir}/bundles ] ; then - echo "Installing bundles..."; - mv ${outputdir}/bundles ${installdir} ; - fi - if [ -d ${outputdir}/docs ] ; then - echo "Installing docs..."; - mv ${outputdir}/docs ${installdir} ; - fi - -%if !%{with artifacts} - echo "Removing output directory..."; - rm -rf ${outputdir} -%endif - - if [ -d ${imagepath} ] ; then - # the build (erroneously) removes read permissions from some jars - # this is a regression in OpenJDK 7 (our compiler): - # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 - find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; - chmod ugo+r ${imagepath}/lib/ct.sym - - # remove redundant *diz and *debuginfo files - find ${imagepath} -iname '*.diz' -exec rm -v {} \; - find ${imagepath} -iname '*.debuginfo' -exec rm -v {} \; - - # Build screws up permissions on binaries - # https://bugs.openjdk.java.net/browse/JDK-8173610 - find ${imagepath} -iname '*.so' -exec chmod +x {} \; - find ${imagepath}/bin/ -exec chmod +x {} \; - - # Install nss.cfg right away as we will be using the JRE above - install -m 644 nss.cfg ${imagepath}/jre/lib/security/ - - # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) - install -m 644 nss.fips.cfg ${imagepath}/jre/lib/security/ - - # Turn on system security properties - sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ - ${imagepath}/jre/lib/security/java.security - - # Use system-wide tzdata - mv ${imagepath}/jre/lib/tzdb.dat{,.upstream} - ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/jre/lib/tzdb.dat - - # Rename OpenJDK cacerts database - mv ${imagepath}/jre/lib/security/cacerts{,.upstream} - # Install cacerts symlink needed by some apps which hard-code the path - ln -sv %{cacerts_file} ${imagepath}/jre/lib/security - - # add alt-java man page - pushd ${imagepath} - echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 - cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 - popd - - # Print release information - cat ${imagepath}/release + # Use system-wide tzdata + mv ${imagepath}/jre/lib/tzdb.dat{,.upstream} + ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/jre/lib/tzdb.dat + # Rename OpenJDK cacerts database + mv ${imagepath}/jre/lib/security/cacerts{,.upstream} + # Install cacerts symlink needed by some apps which hard-code the path + ln -sv %{cacerts_file} ${imagepath}/jre/lib/security fi } -%if %{build_hotspot_first} - # Build a fresh libjvm.so first and use it to bootstrap - cp -LR --preserve=mode,timestamps %{bootjdk} newboot - systemjdk=$(pwd)/newboot - buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" - mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server -%else - systemjdk=%{bootjdk} -%endif - for suffix in %{build_loop} ; do -if [ "x$suffix" = "x" ] ; then - debugbuild=release -else - # change --something to something - debugbuild=`echo $suffix | sed "s/-//g"` -fi -builddir=%{buildoutputdir -- $suffix} -bootbuilddir=boot${builddir} -installdir=%{installoutputdir -- $suffix} -bootinstalldir=boot${installdir} -link_opt="%{link_type}" + if [ "x$suffix" = "x" ] ; then + jdkzip=%{releasezip} + elif [ "x$suffix" = "x%{fastdebug_suffix_unquoted}" ] ; then + jdkzip=%{fastdebugzip} + else # slowdebug + jdkzip=%{slowdebugzip} + debugbuild=release + fi -# Debug builds don't need same targets as release for -# build speed-up. We also avoid bootstrapping these -# slower builds. -if echo $debugbuild | grep -q "debug" ; then - maketargets="%{debug_targets}" - run_bootstrap=false -else - maketargets="%{release_targets}" - run_bootstrap=%{bootstrap_build} -fi + installdir=%{installoutputdir -- ${suffix}} -if ${run_bootstrap} ; then - buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} - installjdk ${bootbuilddir} ${bootinstalldir} - buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} - installjdk ${builddir} ${installdir} - %{!?with_artifacts:rm -rf ${bootinstalldir}} -else - buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} - installjdk ${builddir} ${installdir} -fi + # TODO: should verify checksums when using packages from buildroot + tar -xJf ${jdkzip} + mkdir -p $(dirname ${installdir}) + mv %{name}* ${installdir} + # Fix build paths in ELF files so it looks like we built them + portablenvr="%{name}-portable-%{version}-%{portablerelease}.%{portablesuffix}.%{_arch}" + for file in $(find ${installdir} -type f) ; do + if file ${file} | grep -q 'ELF'; then + %{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file} + fi + done + + # Final setup on the main image + customisejdk ${installdir} + + # Print release information + cat ${installdir}/release # build cycles done +docdir=%{installoutputdir -- "-docs"} +tar -xJf %{docszip} +mv %{name}*.docs.* ${docdir} + +miscdir=%{installoutputdir -- "-misc"} +tar -xJf %{misczip} +mv %{name}*.misc.* ${miscdir} + %check # We test debug first as it will give better diagnostics on a crash for suffix in %{build_loop} ; do -export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} +export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix} # Check unlimited policy has been used $JAVA_HOME/bin/javac -d . %{SOURCE13} @@ -2208,10 +2064,6 @@ export SEC_DEBUG="-Djava.security.debug=properties" $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false -# Check correct vendor values have been set -$JAVA_HOME/bin/javac -d . %{SOURCE16} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} - # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi @@ -2222,6 +2074,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi %endif +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} + # Check translations are available for new timezones $JAVA_HOME/bin/javac -d . %{SOURCE18} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE @@ -2272,7 +2128,7 @@ done # Make sure gdb can do a backtrace based on line numbers on libjvm.so # javaCalls.cpp:58 should map to: -# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 # Using line number 1 might cause build problems. See: # https://bugzilla.redhat.com/show_bug.cgi?id=1539664 # https://bugzilla.redhat.com/show_bug.cgi?id=1538767 @@ -2293,7 +2149,7 @@ grep 'JavaCallWrapper::JavaCallWrapper' gdb.out %endif # Check src.zip has all sources. See RHBZ#1130490 -jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe' +unzip -l $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe' # Check class files include useful debugging information $JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from" @@ -2313,12 +2169,23 @@ STRIP_KEEP_SYMTAB=libjvm* for suffix in %{build_loop} ; do -# Install the jdk -pushd %{installoutputdir -- $suffix}/images/%{jdkimage} + # Should match same definitions in build section + jdk_image=%{installoutputdir -- $suffix} + docdir=$(pwd)/%{installoutputdir -- "-docs"} + miscdir=%{installoutputdir -- "-misc"} -# Install jsa directories so we can owe them -mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/ -mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/client/ + # Install release notes and rebuild instructions + commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} + install -d -m 755 ${commondocdir} + mv ${jdk_image}/NEWS ${commondocdir} + cp -a %{SOURCE19} %{SOURCE20} ${commondocdir} + + # Install the jdk + pushd ${jdk_image} + + # Install jsa directories so we can owe them + mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/server/ + mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/client/ # Install main files. install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} @@ -2363,7 +2230,7 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien # Install demos and samples. cp -a demo $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} mkdir -p sample/rmi - if [ ! -e sample/rmi/java-rmi.cgi ] ; then + if [ ! -e sample/rmi/java-rmi.cgi ] ; then # hack to allow --short-circuit on install mv bin/java-rmi.cgi sample/rmi fi @@ -2374,20 +2241,15 @@ popd if ! echo $suffix | grep -q "debug" ; then # Install Javadoc documentation install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} - cp -a %{installoutputdir -- $suffix}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} + cp -a ${docdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip - cp -a %{installoutputdir -- $suffix}/bundles/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip + cp -a ${docdir}/$built_doc_archive $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip fi -# Install release notes -commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} -install -d -m 755 ${commondocdir} -cp -a %{SOURCE7} ${commondocdir} - # Install icons and menu entries for s in 16 24 32 48 ; do install -D -p -m 644 \ - %{top_level_dir_name}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png \ + ${miscdir}/java-icon${s}.png \ $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png done @@ -2444,7 +2306,7 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ popd -bash %{SOURCE20} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver} +bash %{SOURCE21} $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix} %{javaver} # https://bugzilla.redhat.com/show_bug.cgi?id=1183793 touch -t 201401010000 $RPM_BUILD_ROOT/%{_jvmdir}/%{jredir -- $suffix}/lib/security/java.security @@ -2457,11 +2319,11 @@ for file in lib/security/cacerts lib/security/policy/unlimited/US_export_policy. done # stabilize permissions -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "ASSEMBLY_EXCEPTION" -exec chmod 644 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "LICENSE" -exec chmod 644 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "THIRD_PARTY_README" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "ASSEMBLY_EXCEPTION" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "LICENSE" -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "THIRD_PARTY_README" -exec chmod 644 {} \; ; # end, dual install done @@ -2481,7 +2343,7 @@ local posix = require "posix" if (os.getenv("debug") == "true") then debug = true; print("cjc: in spec debug is on") -else +else debug = false; end @@ -2695,7 +2557,18 @@ cjc.mainProgram(args) %endif %changelog -* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-1 +* Thu Apr 27 2023 Andrew Hughes - 1:1.8.0.372.b07-4 +- Include the java-1.8.0-openjdk-portable.spec file with instructions on how to rebuild. +- Remove duplicate use of README.md inside the *-src package (it is no longer about sources) +- Related: rhbz#2189328 + +* Thu Apr 27 2023 Andrew Hughes - 1:1.8.0.372.b07-3 +- Revert "Restore native build for x86 as there is no portable build" +- Retain portable_build-arches with x86-32 added for reference +- Remove NEWS. +- Related: rhbz#2189328 + +* Tue Apr 18 2023 Andrew Hughes - 1:1.8.0.372.b07-2 - Update to shenandoah-jdk8u372-b07 (GA) - Update release notes for shenandoah-8u372-b07. - Require tzdata 2023c due to inclusion of JDK-8305113 in 8u372-b07 @@ -2704,16 +2577,24 @@ cjc.mainProgram(args) - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Drop JDK-8275535/RH2053256 patch which is now upstream - Include JDK-8271199 backport early ahead of 8u382 (RH2175317) +- Drop hack for difference in local and portable build version +- Replace local copies of JDK portable binaries with build dependencies - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 +- Resolves: rhbz#2189328 -* Tue Jan 24 2023 Andrew Hughes - 1:1.8.0.362.b09-2 +* Tue Feb 28 2023 Andrew Hughes - 1:1.8.0.362.b09-4 +- On portable architectures, replace build section with extraction of existing builds from portables +- Rewrite ELF files so the source file path is correct and debugsources can be assembled +- Resolves: rhbz#2150203 + +* Tue Jan 24 2023 Andrew Hughes - 1:1.8.0.362.b09-3 - Update cacerts patch to fix OPENJDK-1433 SecurityManager issue - Update to shenandoah-jdk8u352-b09 (GA) - Update release notes for shenandoah-8u352-b09. -- Resolves: rhbz#2163595 +- Resolves: rhbz#2162715 -* Fri Jan 13 2023 Andrew Hughes - 1:1.8.0.362.b08-2 +* Fri Jan 13 2023 Andrew Hughes - 1:1.8.0.362.b08-3 - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Fix broken links and missing release notes in older releases. @@ -2723,30 +2604,41 @@ cjc.mainProgram(args) - Fedora now appears to be using RSA and the JDK now supports ECC in preference to large DH keys - Resolves: rhbz#2160111 -* Wed Jan 11 2023 Andrew Hughes - 1:1.8.0.362.b07-0.2.ea +* Wed Jan 11 2023 Andrew Hughes - 1:1.8.0.362.b07-0.3.ea - Update to shenandoah-jdk8u362-b07 (EA) - Update release notes for shenandoah-8u362-b07. -- Switch to EA mode for 8u362 pre-release builds. -- Drop JDK-8195607/PR3776/RH1760437 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Drop tzdata patches for 2022d & 2022e (JDK-8294357 & JDK-8295173) which are now upstream - Update TestTranslations.java to test the new America/Ciudad_Juarez zone - Drop JDK-8255559/RH2124390 patch which is now upstream -- Resolves: rhbz#2159910 +- Resolves: rhbz#2150193 + +* Tue Jan 10 2023 Andrew Hughes - 1:1.8.0.362.b01-0.3.ea +- Update to shenandoah-jdk8u362-b01 (EA) +- Update release notes for shenandoah-8u362-b01. +- Switch to EA mode for 8u362 pre-release builds. +- Drop JDK-8195607/PR3776/RH1760437 now this is upstream +- Related: rhbz#2150193 * Thu Nov 10 2022 Andrew Hughes - 1:1.8.0.352.b08-3 - Add backport of JDK-8255559 to fix file descriptor leak in XML code -- Resolves: rhbz#2139705 +- Resolves: rhbz#2124390 -* Sun Oct 16 2022 Andrew Hughes - 1:1.8.0.352.b08-2 +* Wed Oct 19 2022 Andrew Hughes - 1:1.8.0.352.b08-2 - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. -- Rebase FIPS patch against 8u352-b07 +- Switch to GA mode for final release. - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated -- * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 +* Wed Oct 12 2022 Andrew Hughes - 1:1.8.0.352.b07-0.2.ea +- Update to shenandoah-jdk8u352-b07 (EA) +- Update release notes for shenandoah-8u352-b07. +- Switch to EA mode for 8u352 pre-release builds. +- Rebase FIPS patch against 8u352-b07 +- Resolves: rhbz#2130612 + * Tue Aug 30 2022 Andrew Hughes - 1:1.8.0.345.b01-5 - Switch to static builds, reducing system dependencies and making build more portable - Resolves: rhbz#2048542 @@ -3219,7 +3111,7 @@ cjc.mainProgram(args) - Resolves: rhbz#1903904 * Fri Nov 27 2020 Jiri Vanek - 1:1.8.0.275.b01-3 -- added patch600, rh1750419-redhat_alt_java.patch +- added patch600, rh1750419-redhat_alt_java.patch - Replaced alt-java palceholder by real pathced alt-java - remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch - remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch @@ -4461,7 +4353,7 @@ cjc.mainProgram(args) * Thu Nov 03 2016 jvanek - 1:1.8.0.111-2.b16 - added dont-add-unnecessary-debug-links.patch @@ -4532,7 +4424,7 @@ renamed: jdk8-archivedJavadoc.patch -> jdk8154313-generated_javadoc_scattered_al - added patch519, jdwpCrash.abrt.patch to fix trasnportation error * Fri May 13 2016 jvanek - 1:1.8.0.91-6.b14 -- Enable weak reference discovery in ShenandoahMarkCompact. Otherwise we never process any weak references in full-gc. +- Enable weak reference discovery in ShenandoahMarkCompact. Otherwise we never process any weak references in full-gc. * Tue May 03 2016 jvanek - 1:1.8.0.91-5.b14 - Restricted to depend on exactly same version of nss as used for build