Compare commits
No commits in common. "c8" and "c9-bootstrap" have entirely different histories.
c8
...
c9-bootstr
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/shenandoah8u432-b06.tar.xz
|
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
af2d3b85c48ecc8c22188ac687e6160658ef6aca SOURCES/shenandoah8u432-b06.tar.xz
|
3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||||
|
898
SOURCES/NEWS
898
SOURCES/NEWS
@ -3,889 +3,6 @@ Key:
|
|||||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||||
|
|
||||||
New in release OpenJDK 8u432 (2024-10-15):
|
|
||||||
===========================================
|
|
||||||
Live versions of these release notes can be found at:
|
|
||||||
* https://bit.ly/openjdk8u432
|
|
||||||
|
|
||||||
* CVEs
|
|
||||||
- CVE-2024-21208
|
|
||||||
- CVE-2024-21210
|
|
||||||
- CVE-2024-21217
|
|
||||||
- CVE-2024-21235
|
|
||||||
* Security fixes
|
|
||||||
- JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
|
|
||||||
- JDK-8313626, JDK-8307769: C2 crash due to unexpected exception control flow
|
|
||||||
- JDK-8328286: Enhance HTTP client
|
|
||||||
- JDK-8328544: Improve handling of vectorization
|
|
||||||
- JDK-8328726: Better Kerberos support
|
|
||||||
- JDK-8331446: Improve deserialization support
|
|
||||||
- JDK-8332644: Improve graph optimizations
|
|
||||||
- JDK-8335713: Enhance vectorization analysis
|
|
||||||
* Other changes
|
|
||||||
- JDK-4660158: TTY: NumberFormatException while trying to set values by 'set' command
|
|
||||||
- JDK-6544871: java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows.
|
|
||||||
- JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails
|
|
||||||
- JDK-8021775: compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50"
|
|
||||||
- JDK-8030204: com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found
|
|
||||||
- JDK-8030795: java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option
|
|
||||||
- JDK-8035395: sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use
|
|
||||||
- JDK-8075511: Enable -Woverloaded-virtual C++ warning for HotSpot build
|
|
||||||
- JDK-8137329: [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging"
|
|
||||||
- JDK-8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials
|
|
||||||
- JDK-8152207: Perform array bound checks while getting a length of bytecode instructions
|
|
||||||
- JDK-8193682: Infinite loop in ZipOutputStream.close()
|
|
||||||
- JDK-8196770: Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java
|
|
||||||
- JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
|
|
||||||
- JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp
|
|
||||||
- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
|
|
||||||
- JDK-8251188: Update LDAP tests not to use wildcard addresses
|
|
||||||
- JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
|
|
||||||
- JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
|
|
||||||
- JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
|
|
||||||
- JDK-8279164: Disable TLS_ECDH_* cipher suites
|
|
||||||
- JDK-8281096: Flags introduced by configure script are not passed to ADLC build
|
|
||||||
- JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
|
|
||||||
- JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors
|
|
||||||
- JDK-8299677: Formatter.format might take a long time to format an integer or floating-point
|
|
||||||
- JDK-8305400: ISO 4217 Amendment 175 Update
|
|
||||||
- JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none"
|
|
||||||
- JDK-8307779: Relax the java.awt.Robot specification
|
|
||||||
- JDK-8309138: Fix container tests for jdks with symlinked conf dir
|
|
||||||
- JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
|
|
||||||
- JDK-8315117: Update Zlib Data Compression Library to Version 1.3
|
|
||||||
- JDK-8315863: [GHA] Update checkout action to use v4
|
|
||||||
- JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes
|
|
||||||
- JDK-8318039: GHA: Bump macOS and Xcode versions
|
|
||||||
- JDK-8318951: Additional negative value check in JPEG decoding
|
|
||||||
- JDK-8320964: sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese
|
|
||||||
- JDK-8321480: ISO 4217 Amendment 176 Update
|
|
||||||
- JDK-8324632: Update Zlib Data Compression Library to Version 1.3.1
|
|
||||||
- JDK-8324723: GHA: Upgrade some actions to avoid deprecated Node 16
|
|
||||||
- JDK-8326351: Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1
|
|
||||||
- JDK-8326521: JFR: CompilerPhase event test fails on windows 32 bit
|
|
||||||
- JDK-8326529: JFR: Test for CompilerCompile events fails due to time out
|
|
||||||
- JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
|
|
||||||
- JDK-8330415: Update system property for Java SE specification maintenance version
|
|
||||||
- JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye
|
|
||||||
- JDK-8333126: Bump update version of OpenJDK: 8u432
|
|
||||||
- JDK-8333669: [8u] GHA: Dead VS2010 download link
|
|
||||||
- JDK-8333724: Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1
|
|
||||||
- JDK-8334653: ISO 4217 Amendment 177 Update
|
|
||||||
- JDK-8334905: [8u] The test java/awt/Mixing/AWT_Mixing/JButtonOverlapping.java started to fail after 8159690
|
|
||||||
- JDK-8335851: [8u] Test JMXStartStopTest.java fails after JDK-8334415
|
|
||||||
- JDK-8335894: [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir
|
|
||||||
- JDK-8336928: GHA: Bundle artifacts removal broken
|
|
||||||
- JDK-8337110: [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory
|
|
||||||
- JDK-8337312: [8u] Windows x86 VS2010 build broken by JDK-8320097
|
|
||||||
- JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
|
|
||||||
- JDK-8338144: [8u] Remove duplicate license files
|
|
||||||
- JDK-8341057: Add 2 SSL.com TLS roots
|
|
||||||
- JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
|
|
||||||
|
|
||||||
Notes on individual issues:
|
|
||||||
===========================
|
|
||||||
|
|
||||||
security-libs/javax.net.ssl:
|
|
||||||
|
|
||||||
JDK-8279164: Disable TLS_ECDH_* cipher suites
|
|
||||||
=============================================
|
|
||||||
The TLS_ECDH cipher suites do not preserve forward secrecy and are
|
|
||||||
rarely used in practice. With this release, they are disabled by
|
|
||||||
adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in
|
|
||||||
the `java.security` configuration file. Attempts to use these suites
|
|
||||||
with this release will result in a `SSLHandshakeException` being
|
|
||||||
thrown. Note that ECDH cipher suites which use RC4 were already
|
|
||||||
disabled prior to this change.
|
|
||||||
|
|
||||||
Users can, *at their own risk*, remove this restriction by modifying
|
|
||||||
the `java.security` configuration file (or override it by using the
|
|
||||||
`java.security.properties` system property) so "ECDH" is no longer
|
|
||||||
listed in the `jdk.tls.disabledAlgorithms` security property.
|
|
||||||
|
|
||||||
This change has no effect on TLS_ECDHE cipher suites, which remain
|
|
||||||
enabled by default.
|
|
||||||
|
|
||||||
JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
|
|
||||||
JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
|
|
||||||
====================================================================================================
|
|
||||||
In accordance with similar plans recently announced by Google and
|
|
||||||
Mozilla, the JDK will not trust Transport Layer Security (TLS)
|
|
||||||
certificates issued after the 11th of November 2024 which are anchored
|
|
||||||
by Entrust root certificates. This includes certificates branded as
|
|
||||||
AffirmTrust, which are managed by Entrust.
|
|
||||||
|
|
||||||
Certificates issued on or before November 11th, 2024 will continue to
|
|
||||||
be trusted until they expire.
|
|
||||||
|
|
||||||
If a server's certificate chain is anchored by an affected
|
|
||||||
certificate, attempts to negotiate a TLS session will fail with an
|
|
||||||
Exception that indicates the trust anchor is not trusted. For example,
|
|
||||||
|
|
||||||
"TLS server certificate issued after 2024-11-11 and anchored by a
|
|
||||||
distrusted legacy Entrust root CA: CN=Entrust.net Certification
|
|
||||||
Authority (2048), OU=(c) 1999 Entrust.net Limited,
|
|
||||||
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
|
|
||||||
O=Entrust.net"
|
|
||||||
|
|
||||||
To check whether a certificate in a JDK keystore is affected by this
|
|
||||||
change, you can the `keytool` utility:
|
|
||||||
|
|
||||||
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
|
|
||||||
|
|
||||||
If any of the certificates in the chain are affected by this change,
|
|
||||||
then you will need to update the certificate or contact the
|
|
||||||
organisation responsible for managing the certificate.
|
|
||||||
|
|
||||||
These restrictions apply to the following Entrust root certificates
|
|
||||||
included in the JDK:
|
|
||||||
|
|
||||||
Alias name: entrustevca [jdk]
|
|
||||||
CN=Entrust Root Certification Authority
|
|
||||||
OU=(c) 2006 Entrust, Inc.
|
|
||||||
OU=www.entrust.net/CPS is incorporated by reference
|
|
||||||
O=Entrust, Inc.
|
|
||||||
C=US
|
|
||||||
SHA256: 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C
|
|
||||||
|
|
||||||
Alias name: entrustrootcaec1 [jdk]
|
|
||||||
CN=Entrust Root Certification Authority - EC1
|
|
||||||
OU=(c) 2012 Entrust, Inc. - for authorized use only
|
|
||||||
OU=See www.entrust.net/legal-terms
|
|
||||||
O=Entrust, Inc.
|
|
||||||
C=US
|
|
||||||
SHA256: 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
|
|
||||||
|
|
||||||
Alias name: entrustrootcag2 [jdk]
|
|
||||||
CN=Entrust Root Certification Authority - G2
|
|
||||||
OU=(c) 2009 Entrust, Inc. - for authorized use only
|
|
||||||
OU=See www.entrust.net/legal-terms
|
|
||||||
O=Entrust, Inc.
|
|
||||||
C=US
|
|
||||||
SHA256: 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
|
|
||||||
|
|
||||||
Alias name: entrustrootcag4 [jdk]
|
|
||||||
CN=Entrust Root Certification Authority - G4
|
|
||||||
OU=(c) 2015 Entrust, Inc. - for authorized use only
|
|
||||||
OU=See www.entrust.net/legal-terms
|
|
||||||
O=Entrust, Inc.
|
|
||||||
C=US
|
|
||||||
SHA256: DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
|
|
||||||
|
|
||||||
Alias name: entrust2048ca [jdk]
|
|
||||||
CN=Entrust.net Certification Authority (2048)
|
|
||||||
OU=(c) 1999 Entrust.net Limited
|
|
||||||
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
|
|
||||||
O=Entrust.net
|
|
||||||
SHA256: 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77
|
|
||||||
|
|
||||||
Alias name: affirmtrustcommercialca [jdk]
|
|
||||||
CN=AffirmTrust Commercial
|
|
||||||
O=AffirmTrust
|
|
||||||
C=US
|
|
||||||
SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7
|
|
||||||
|
|
||||||
Alias name: affirmtrustnetworkingca [jdk]
|
|
||||||
CN=AffirmTrust Networking
|
|
||||||
O=AffirmTrust
|
|
||||||
C=US
|
|
||||||
SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B
|
|
||||||
|
|
||||||
Alias name: affirmtrustpremiumca [jdk]
|
|
||||||
CN=AffirmTrust Premium
|
|
||||||
O=AffirmTrust
|
|
||||||
C=US
|
|
||||||
SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A
|
|
||||||
|
|
||||||
Alias name: affirmtrustpremiumeccca [jdk]
|
|
||||||
CN=AffirmTrust Premium ECC
|
|
||||||
O=AffirmTrust
|
|
||||||
C=US
|
|
||||||
SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23
|
|
||||||
|
|
||||||
Users can, *at their own risk*, remove this restriction by modifying
|
|
||||||
the `java.security` configuration file (or override it by using the
|
|
||||||
`java.security.properties` system property) so "ENTRUST_TLS" is no
|
|
||||||
longer listed in the `jdk.security.caDistrustPolicies` security
|
|
||||||
property.
|
|
||||||
|
|
||||||
security-libs/java.security:
|
|
||||||
|
|
||||||
JDK-8341057: Add 2 SSL.com TLS roots
|
|
||||||
====================================
|
|
||||||
The following root certificates have been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: SSL.com
|
|
||||||
Alias Name: ssltlsrootecc2022
|
|
||||||
Distinguished Name: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
|
|
||||||
|
|
||||||
Name: SSL.com
|
|
||||||
Alias Name: ssltlsrootrsa2022
|
|
||||||
Distinguished Name: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
|
|
||||||
|
|
||||||
client-libs:
|
|
||||||
|
|
||||||
JDK-8307779: Relax the java.awt.Robot specification
|
|
||||||
===================================================
|
|
||||||
This release of OpenJDK 8 updates to the latest maintenance release of
|
|
||||||
the Java 8 specification. This relaxes the specification of three
|
|
||||||
methods in the `java.awt.Robot` class - `mouseMove(int,int)`,
|
|
||||||
`getPixelColor(int,int)` and `createScreenCapture(Rectangle)` - to
|
|
||||||
allow these methods to fail when the desktop environment does not
|
|
||||||
permit moving the mouse pointer or capturing screen content.
|
|
||||||
|
|
||||||
core-libs/javax.naming:
|
|
||||||
|
|
||||||
JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
|
|
||||||
===============================================================================================================================
|
|
||||||
With this OpenJDK release, the JDK implementation of the LDAP provider
|
|
||||||
no longer supports the deserialisation of Java objects by
|
|
||||||
default. This is achieved by the system property
|
|
||||||
`com.sun.jndi.ldap.object.trustSerialData` being set to `false` by
|
|
||||||
default.
|
|
||||||
|
|
||||||
Note that this release also increases the scope of the
|
|
||||||
`com.sun.jndi.ldap.object.trustSerialData` to cover the reconstruction
|
|
||||||
of RMI remote objects from the `javaRemoteLocation` LDAP attribute.
|
|
||||||
|
|
||||||
The result of this change is that transparent deserialisation of Java
|
|
||||||
objects will require an explicit opt-in. Applications that wish to
|
|
||||||
reconstruct Java objects and RMI stubs from LDAP attributes will need
|
|
||||||
to set the `com.sun.jndi.ldap.object.trustSerialData` to `true`.
|
|
||||||
|
|
||||||
core-libs/java.net:
|
|
||||||
|
|
||||||
JDK-8328286: Enhance HTTP client
|
|
||||||
================================
|
|
||||||
This OpenJDK release limits the maximum header field size accepted by
|
|
||||||
the HTTP client within the JDK for all supported versions of the HTTP
|
|
||||||
protocol. The header field size is computed as the sum of the size of
|
|
||||||
the uncompressed header name, the size of the uncompressed header
|
|
||||||
value and a overhead of 32 bytes for each field section line. If a
|
|
||||||
peer sends a field section that exceeds this limit, a
|
|
||||||
`java.net.ProtocolException` will be raised.
|
|
||||||
|
|
||||||
This release also introduces a new system property,
|
|
||||||
`jdk.http.maxHeaderSize`. This property can be used to alter the
|
|
||||||
maximum header field size (in bytes) or disable it by setting the
|
|
||||||
value to zero or a negative value. The default value is 393,216 bytes
|
|
||||||
or 384kB.
|
|
||||||
|
|
||||||
core-libs/java.util.jar:
|
|
||||||
|
|
||||||
JDK-8193682: Infinite loop in ZipOutputStream.close()
|
|
||||||
=====================================================
|
|
||||||
In previous releases, the `DeflaterOutputStream.close()`,
|
|
||||||
`GZIPOutputStream.finish()` and `ZipOutputStream.closeEntry()` methods
|
|
||||||
did not close the associated default JDK compressor when an exception
|
|
||||||
was thrown during closure. With this release, the default compressor
|
|
||||||
is closed before propogating the Throwable up the stack. In the case
|
|
||||||
of `ZipOutputStream`, this only happens when the exception is not a
|
|
||||||
`ZipException`.
|
|
||||||
|
|
||||||
New in release OpenJDK 8u422 (2024-07-16):
|
|
||||||
===========================================
|
|
||||||
Live versions of these release notes can be found at:
|
|
||||||
* https://bit.ly/openjdk8u422
|
|
||||||
|
|
||||||
* CVEs
|
|
||||||
- CVE-2024-21131
|
|
||||||
- CVE-2024-21138
|
|
||||||
- CVE-2024-21140
|
|
||||||
- CVE-2024-21144
|
|
||||||
- CVE-2024-21145
|
|
||||||
- CVE-2024-21147
|
|
||||||
* Security fixes
|
|
||||||
- JDK-8314794: Improve UTF8 String supports
|
|
||||||
- JDK-8319859: Better symbol storage
|
|
||||||
- JDK-8320097: Improve Image transformations
|
|
||||||
- JDK-8320548: Improved loop handling
|
|
||||||
- JDK-8322106: Enhance Pack 200 loading
|
|
||||||
- JDK-8323231: Improve array management
|
|
||||||
- JDK-8323390: Enhance mask blit functionality
|
|
||||||
- JDK-8324559: Improve 2D image handling
|
|
||||||
- JDK-8325600: Better symbol storage
|
|
||||||
* Other changes
|
|
||||||
- JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105
|
|
||||||
- JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings
|
|
||||||
- JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/bug7123767.java: number of checked graphics configurations should be limited
|
|
||||||
- JDK-8159690: [TESTBUG] Mark headful tests with @key headful.
|
|
||||||
- JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
|
|
||||||
- JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails
|
|
||||||
- JDK-8205407: [windows, vs<2017] C4800 after 8203197
|
|
||||||
- JDK-8235834: IBM-943 charset encoder needs updating
|
|
||||||
- JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly"
|
|
||||||
- JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
|
|
||||||
- JDK-8256152: tests fail because of ambiguous method resolution
|
|
||||||
- JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
|
|
||||||
- JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
|
|
||||||
- JDK-8268916: Tests for AffirmTrust roots
|
|
||||||
- JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
|
|
||||||
- JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
|
|
||||||
- JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
|
|
||||||
- JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
|
|
||||||
- JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
|
|
||||||
- JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL
|
|
||||||
- JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM
|
|
||||||
- JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074
|
|
||||||
- JDK-8315020: The macro definition for LoongArch64 zero build is not accurate.
|
|
||||||
- JDK-8316138: Add GlobalSign 2 TLS root certificates
|
|
||||||
- JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows
|
|
||||||
- JDK-8320005: Allow loading of shared objects with .a extension on AIX
|
|
||||||
- JDK-8324185: [8u] Accept Xcode 12+ builds on macOS
|
|
||||||
- JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
|
|
||||||
- JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test
|
|
||||||
- JDK-8326686: Bump update version of OpenJDK: 8u422
|
|
||||||
- JDK-8327440: Fix "bad source file" error during beaninfo generation
|
|
||||||
- JDK-8328809: [8u] Problem list some CA tests
|
|
||||||
- JDK-8328825: Google CAInterop test failures
|
|
||||||
- JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary
|
|
||||||
- JDK-8331791: [8u] AIX build break from JDK-8320005 backport
|
|
||||||
- JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test
|
|
||||||
- JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes
|
|
||||||
|
|
||||||
Notes on individual issues:
|
|
||||||
===========================
|
|
||||||
|
|
||||||
core-libs/java.net:
|
|
||||||
|
|
||||||
JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
|
|
||||||
===========================================================================
|
|
||||||
Two system properties have been added which control the keep alive
|
|
||||||
behavior of HttpURLConnection in the case where the server does not
|
|
||||||
specify a keep alive time. These are:
|
|
||||||
|
|
||||||
* `http.keepAlive.time.server`
|
|
||||||
* `http.keepAlive.time.proxy`
|
|
||||||
|
|
||||||
which control the number of seconds before an idle connection to a
|
|
||||||
server or proxy will be closed, respectively. If the server or proxy
|
|
||||||
specifies a keep alive time in a "Keep-Alive" response header, this
|
|
||||||
will take precedence over the values of these properties.
|
|
||||||
|
|
||||||
security-libs/java.security:
|
|
||||||
|
|
||||||
JDK-8316138: Add GlobalSign 2 TLS root certificates
|
|
||||||
===================================================
|
|
||||||
The following root certificates have been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: GlobalSign
|
|
||||||
Alias Name: globalsignr46
|
|
||||||
Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
|
|
||||||
|
|
||||||
Name: GlobalSign
|
|
||||||
Alias Name: globalsigne46
|
|
||||||
Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
|
|
||||||
|
|
||||||
New in release OpenJDK 8u412 (2024-04-16):
|
|
||||||
===========================================
|
|
||||||
Live versions of these release notes can be found at:
|
|
||||||
* https://bit.ly/openjdk8u412
|
|
||||||
|
|
||||||
* CVEs
|
|
||||||
- CVE-2024-21011
|
|
||||||
- CVE-2024-21085
|
|
||||||
- CVE-2024-21068
|
|
||||||
- CVE-2024-21094
|
|
||||||
* Security fixes
|
|
||||||
- JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
|
|
||||||
- JDK-8318340: Improve RSA key implementations
|
|
||||||
- JDK-8319851: Improve exception logging
|
|
||||||
- JDK-8322114: Improve Pack 200 handling
|
|
||||||
- JDK-8322122: Enhance generation of addresses
|
|
||||||
* Other changes
|
|
||||||
- JDK-8011180: Delete obsolete scripts
|
|
||||||
- JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build
|
|
||||||
- JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios
|
|
||||||
- JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X
|
|
||||||
- JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows
|
|
||||||
- JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388)
|
|
||||||
- JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache
|
|
||||||
- JDK-8168518: rcache interop with krb5-1.15
|
|
||||||
- JDK-8183503: Update hotspot tests to allow for unique test classes directory
|
|
||||||
- JDK-8186095: upgrade to jtreg 4.2 b08
|
|
||||||
- JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH
|
|
||||||
- JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
|
|
||||||
- JDK-8208655: use JTreg skipped status in hotspot tests
|
|
||||||
- JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1
|
|
||||||
- JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile
|
|
||||||
- JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system
|
|
||||||
- JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
|
|
||||||
- JDK-8224768: Test ActalisCA.java fails
|
|
||||||
- JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
|
|
||||||
- JDK-8251551: Use .md filename extension for README
|
|
||||||
- JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
|
|
||||||
- JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
|
|
||||||
- JDK-8270517: Add Zero support for LoongArch
|
|
||||||
- JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
|
|
||||||
- JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
|
|
||||||
- JDK-8288132: Update test artifacts in QuoVadis CA interop tests
|
|
||||||
- JDK-8297955: LDAP CertStore should use LdapName and not String for DNs
|
|
||||||
- JDK-8301310: The SendRawSysexMessage test may cause a JVM crash
|
|
||||||
- JDK-8308592: Framework for CA interoperability testing
|
|
||||||
- JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955
|
|
||||||
- JDK-8315042: NPE in PKCS7.parseOldSignedData
|
|
||||||
- JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set
|
|
||||||
- JDK-8320713: Bump update version of OpenJDK: 8u412
|
|
||||||
- JDK-8321060: [8u] hotspot needs to recognise VS2022
|
|
||||||
- JDK-8321408: Add Certainly roots R1 and E1
|
|
||||||
- JDK-8322725: (tz) Update Timezone Data to 2023d
|
|
||||||
- JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray
|
|
||||||
- JDK-8323202: [8u] Remove get_source.sh and hgforest.sh
|
|
||||||
- JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed
|
|
||||||
- JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'"
|
|
||||||
- JDK-8324530: Build error with gcc 10
|
|
||||||
- JDK-8325150: (tz) Update Timezone Data to 2024a
|
|
||||||
|
|
||||||
Notes on individual issues:
|
|
||||||
===========================
|
|
||||||
|
|
||||||
security-libs/org.ietf.jgss:krb5:
|
|
||||||
|
|
||||||
JDK-8168518: rcache interop with krb5-1.15
|
|
||||||
==========================================
|
|
||||||
The hash algorithm used in the Kerberos 5 replay cache file (rcache)
|
|
||||||
has been changed from MD5 to SHA256. This is the same algorithm used
|
|
||||||
by MIT krb5-1.15 and is interoperable with earlier releases of MIT
|
|
||||||
krb5.
|
|
||||||
|
|
||||||
The MD5 algorithm can still be used by setting the new
|
|
||||||
jdk.krb5.rcache.useMD5 property to 'true':
|
|
||||||
|
|
||||||
java -Djdk.krb5.rcache.useMD5=true ...
|
|
||||||
|
|
||||||
This is useful where either the system has a coarse clock and has to
|
|
||||||
depend on hash values in replay attack detection, or interoperability
|
|
||||||
with the rcache files in older versions of OpenJDK is required.
|
|
||||||
|
|
||||||
client-libs/java.awt:
|
|
||||||
|
|
||||||
JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops
|
|
||||||
=======================================================================
|
|
||||||
The java.awt.SystemTray API is used to interact with the system's
|
|
||||||
desktop taskbar to provide notifications and may include an icon
|
|
||||||
representing an application. The GNOME desktop's support for taskbar
|
|
||||||
icons has not worked properly for several years, due to a platform
|
|
||||||
bug. This bug, in turn, affects the JDK's SystemTray support on GNOME
|
|
||||||
desktops.
|
|
||||||
|
|
||||||
Therefore, in accordance with the SystemTray API specification,
|
|
||||||
java.awt.SystemTray.isSupported() will now return false on systems
|
|
||||||
that exhibit this bug, which is assumed to be those running a version
|
|
||||||
of GNOME Shell below 45.
|
|
||||||
|
|
||||||
The impact of this change is likely to be minimal, as users of the
|
|
||||||
SystemTray API should already be able to handle isSupported()
|
|
||||||
returning false and the system tray on such platforms has already been
|
|
||||||
unsupported for a number of years for all applications.
|
|
||||||
|
|
||||||
security-libs/java.security:
|
|
||||||
|
|
||||||
JDK-8321408: Added Certainly R1 and E1 Root Certificates
|
|
||||||
========================================================
|
|
||||||
The following root certificate has been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: Certainly
|
|
||||||
Alias Name: certainlyrootr1
|
|
||||||
Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US
|
|
||||||
|
|
||||||
Name: Certainly
|
|
||||||
Alias Name: certainlyroote1
|
|
||||||
Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US
|
|
||||||
|
|
||||||
New in release OpenJDK 8u402 (2024-01-16):
|
|
||||||
===========================================
|
|
||||||
Live versions of these release notes can be found at:
|
|
||||||
* https://bit.ly/openjdk8u402
|
|
||||||
|
|
||||||
* CVEs
|
|
||||||
- CVE-2024-20918
|
|
||||||
- CVE-2024-20919
|
|
||||||
- CVE-2024-20921
|
|
||||||
- CVE-2024-20926
|
|
||||||
- CVE-2024-20945
|
|
||||||
- CVE-2024-20952
|
|
||||||
* Security fixes
|
|
||||||
- JDK-8308204: Enhanced certificate processing
|
|
||||||
- JDK-8314284: Enhance Nashorn performance
|
|
||||||
- JDK-8314295: Enhance verification of verifier
|
|
||||||
- JDK-8314307: Improve loop handling
|
|
||||||
- JDK-8314468: Improve Compiler loops
|
|
||||||
- JDK-8316976: Improve signature handling
|
|
||||||
- JDK-8317547: Enhance TLS connection support
|
|
||||||
* Other changes
|
|
||||||
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
|
|
||||||
- JDK-8029995: accept yes/no for boolean krb5.conf settings
|
|
||||||
- JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix.
|
|
||||||
- JDK-8176509: Use pandoc for converting build readme to html
|
|
||||||
- JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
|
|
||||||
- JDK-8207404: MulticastSocket tests failing on AIX
|
|
||||||
- JDK-8212677: X11 default visual support for IM status window on VNC
|
|
||||||
- JDK-8239365: ProcessBuilder test modifications for AIX execution
|
|
||||||
- JDK-8271838: AmazonCA.java interop test fails
|
|
||||||
- JDK-8285398: Cache the results of constraint checks
|
|
||||||
- JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
|
|
||||||
- JDK-8302017: Allocate BadPaddingException only if it will be thrown
|
|
||||||
- JDK-8305329: [8u] Unify test libraries into single test library - step 1
|
|
||||||
- JDK-8307837: [8u] Check step in GHA should also print errors
|
|
||||||
- JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
|
|
||||||
- JDK-8311813: C1: Uninitialized PhiResolver::_loop field
|
|
||||||
- JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
|
||||||
- JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException
|
|
||||||
- JDK-8315280: Bump update version of OpenJDK: 8u402
|
|
||||||
- JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher
|
|
||||||
- JDK-8317291: Missing null check for nmethod::is_native_method()
|
|
||||||
- JDK-8317373: Add Telia Root CA v2
|
|
||||||
- JDK-8317374: Add Let's Encrypt ISRG Root X2
|
|
||||||
- JDK-8318759: Add four DigiCert root certificates
|
|
||||||
- JDK-8319187: Add three eMudhra emSign roots
|
|
||||||
- JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero
|
|
||||||
- JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly
|
|
||||||
|
|
||||||
Notes on individual issues:
|
|
||||||
===========================
|
|
||||||
|
|
||||||
security-libs/org.ietf.jgss:krb5:
|
|
||||||
|
|
||||||
JDK-8029995: accept yes/no for boolean krb5.conf settings
|
|
||||||
=========================================================
|
|
||||||
The krb5.conf configuration file now also accepts "yes" and "no", as
|
|
||||||
alternatives to the existing "true" and "false" support, when using
|
|
||||||
settings that take boolean values.
|
|
||||||
|
|
||||||
security-libs/java.security:
|
|
||||||
|
|
||||||
JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
|
||||||
===============================================================================================================================
|
|
||||||
A maximum signature file size property, jdk.jar.maxSignatureFileSize,
|
|
||||||
was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a
|
|
||||||
default of 8MB. This default proved to be too small for some JAR
|
|
||||||
files. This release, 8u402, increases it to 16MB.
|
|
||||||
|
|
||||||
JDK-8317374: Added ISRG Root X2 CA Certificate from Let's Encrypt
|
|
||||||
=================================================================
|
|
||||||
The following root certificate has been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: Let's Encrypt
|
|
||||||
Alias Name: letsencryptisrgx2
|
|
||||||
Distinguished Name: CN=ISRG Root X2, O=Internet Security Research Group, C=US
|
|
||||||
|
|
||||||
JDK-8318759: Added Four Root Certificates from DigiCert, Inc.
|
|
||||||
=============================================================
|
|
||||||
The following root certificates have been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: DigiCert, Inc.
|
|
||||||
Alias Name: digicertcseccrootg5
|
|
||||||
Distinguished Name: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
|
|
||||||
|
|
||||||
Name: DigiCert, Inc.
|
|
||||||
Alias Name: digicertcsrsarootg5
|
|
||||||
Distinguished Name: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
|
|
||||||
|
|
||||||
Name: DigiCert, Inc.
|
|
||||||
Alias Name: digicerttlseccrootg5
|
|
||||||
Distinguished Name: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
|
|
||||||
|
|
||||||
Name: DigiCert, Inc.
|
|
||||||
Alias Name: digicerttlsrsarootg5
|
|
||||||
Distinguished Name: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
|
|
||||||
|
|
||||||
JDK-8319187: Added Three Root Certificates from eMudhra Technologies Limited
|
|
||||||
============================================================================
|
|
||||||
The following root certificates have been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: eMudhra Technologies Limited
|
|
||||||
Alias Name: emsignrootcag1
|
|
||||||
Distinguished Name: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
|
||||||
|
|
||||||
Name: eMudhra Technologies Limited
|
|
||||||
Alias Name: emsigneccrootcag3
|
|
||||||
Distinguished Name: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
|
||||||
|
|
||||||
Name: eMudhra Technologies Limited
|
|
||||||
Alias Name: emsignrootcag2
|
|
||||||
Distinguished Name: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
|
||||||
|
|
||||||
JDK-8317373: Added Telia Root CA v2 Certificate
|
|
||||||
===============================================
|
|
||||||
The following root certificate has been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: Telia Root CA v2
|
|
||||||
Alias Name: teliarootcav2
|
|
||||||
Distinguished Name: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI ```
|
|
||||||
|
|
||||||
New in release OpenJDK 8u392 (2023-10-17):
|
|
||||||
===========================================
|
|
||||||
Live versions of these release notes can be found at:
|
|
||||||
* https://bit.ly/openjdk8u392
|
|
||||||
|
|
||||||
* CVEs
|
|
||||||
- CVE-2023-22067
|
|
||||||
- CVE-2023-22081
|
|
||||||
* Security fixes
|
|
||||||
- JDK-8286503, JDK-8312367: Enhance security classes
|
|
||||||
- JDK-8297856: Improve handling of Bidi characters
|
|
||||||
- JDK-8303384: Improved communication in CORBA
|
|
||||||
- JDK-8305815, JDK-8307278: Update Libpng to 1.6.39
|
|
||||||
- JDK-8309966: Enhanced TLS connections
|
|
||||||
* Other changes
|
|
||||||
- JDK-6722928: Provide a default native GSS-API library on Windows
|
|
||||||
- JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java
|
|
||||||
- JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal
|
|
||||||
- JDK-8139348: Deprecate 3DES and RC4 in Kerberos
|
|
||||||
- JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
|
|
||||||
- JDK-8200468: Port the native GSS-API bridge to Windows
|
|
||||||
- JDK-8202952: C2: Unexpected dead nodes after matching
|
|
||||||
- JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
|
|
||||||
- JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update
|
|
||||||
- JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to
|
|
||||||
- JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
|
|
||||||
- JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
|
|
||||||
- JDK-8232225: Rework the fix for JDK-8071483
|
|
||||||
- JDK-8242330: Arrays should be cloned in several JAAS Callback classes
|
|
||||||
- JDK-8253269: The CheckCommonColors test should provide more info on failure
|
|
||||||
- JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
|
|
||||||
- JDK-8284910: Buffer clean in PasswordCallback
|
|
||||||
- JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
|
|
||||||
- JDK-8287663: Add a regression test for JDK-8287073
|
|
||||||
- JDK-8295685: Update Libpng to 1.6.38
|
|
||||||
- JDK-8295894: Remove SECOM certificate that is expiring in September 2023
|
|
||||||
- JDK-8308788: [8u] Remove duplicate HaricaCA.java test
|
|
||||||
- JDK-8309122: Bump update version of OpenJDK: 8u392
|
|
||||||
- JDK-8309143: [8u] fix archiving inconsistencies in GHA
|
|
||||||
- JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms
|
|
||||||
- JDK-8314960: Add Certigna Root CA - 2
|
|
||||||
- JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack()
|
|
||||||
- JDK-8317040: Exclude cleaner test failing on older releases
|
|
||||||
|
|
||||||
Notes on individual issues:
|
|
||||||
===========================
|
|
||||||
|
|
||||||
other-libs/corba:idl:
|
|
||||||
|
|
||||||
JDK-8303384: Improved communication in CORBA
|
|
||||||
============================================
|
|
||||||
The JDK's CORBA implementation now provides the option to limit
|
|
||||||
serialisation in stub objects to those with the "IOR:" prefix. For
|
|
||||||
ORB constrained stub classes:
|
|
||||||
|
|
||||||
* _DynArrayStub
|
|
||||||
* _DynEnumStub
|
|
||||||
* _DynFixedStub
|
|
||||||
* _DynSequenceStub
|
|
||||||
* _DynStructStub
|
|
||||||
* _DynUnionStub
|
|
||||||
* _DynValueStub
|
|
||||||
* _DynAnyStub
|
|
||||||
* _DynAnyFactoryStub
|
|
||||||
|
|
||||||
this is enabled by default and may be disabled by setting the system
|
|
||||||
property org.omg.DynamicAny.disableIORCheck to 'true'.
|
|
||||||
|
|
||||||
For remote service stub classes:
|
|
||||||
|
|
||||||
* _NamingContextStub
|
|
||||||
* _BindingIteratorStub
|
|
||||||
* _NamingContextExtStub
|
|
||||||
* _ServantActivatorStub
|
|
||||||
* _ServantLocatorStub
|
|
||||||
* _ServerManagerStub
|
|
||||||
* _ActivatorStub
|
|
||||||
* _RepositoryStub
|
|
||||||
* _InitialNameServiceStub
|
|
||||||
* _LocatorStub
|
|
||||||
* _ServerStub
|
|
||||||
|
|
||||||
it is disabled by default and may be enabled by setting the system
|
|
||||||
property org.omg.CORBA.IDL.Stubs.enableIORCheck to 'true'.
|
|
||||||
|
|
||||||
security-libs/org.ietf.jgss:
|
|
||||||
|
|
||||||
JDK-6722928: Added a Default Native GSS-API Library on Windows
|
|
||||||
==============================================================
|
|
||||||
|
|
||||||
A native GSS-API library named `sspi_bridge.dll` has been added to the
|
|
||||||
JDK on the Windows platform. As with native GSS-API library provision
|
|
||||||
on other operating systems, it will only be loaded when the
|
|
||||||
`sun.security.jgss.native` system property is set to "true". A user
|
|
||||||
can still load a third-party native GSS-API library instead by setting
|
|
||||||
the `sun.security.jgss.lib` system property to the appropriate path.
|
|
||||||
|
|
||||||
The library is client-side only and uses the default credentials.
|
|
||||||
Native GSS support automatically uses cached credentials from the
|
|
||||||
underlying operating system, so the
|
|
||||||
`javax.security.auth.useSubjectCredsOnly` system property should be
|
|
||||||
set to false.
|
|
||||||
|
|
||||||
The `com.sun.security.auth.module.Krb5LoginModule` does not call
|
|
||||||
native JGSS and so its use in your JAAS config should be avoided.
|
|
||||||
|
|
||||||
security-libs/org.ietf.jgss:krb5:
|
|
||||||
|
|
||||||
JDK-8139348: Deprecate 3DES and RC4 in Kerberos
|
|
||||||
===============================================
|
|
||||||
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
|
|
||||||
are now deprecated and disabled by default. To re-enable them, you
|
|
||||||
can either enable all weak crypto (which also includes `des-cbc-crc`
|
|
||||||
and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the
|
|
||||||
`krb5.conf` configuration file or explicitly list all the preferred
|
|
||||||
encryption types using the `default_tkt_enctypes`,
|
|
||||||
`default_tgs_enctypes`, or `permitted_enctypes` settings.
|
|
||||||
|
|
||||||
security-libs/java.security:
|
|
||||||
|
|
||||||
JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate
|
|
||||||
==================================================================
|
|
||||||
The following root certificate from SECOM Trust System has been
|
|
||||||
removed from the `cacerts` keystore:
|
|
||||||
|
|
||||||
Alias Name: secomscrootca1 [jdk]
|
|
||||||
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
|
|
||||||
|
|
||||||
JDK-8314960: Added Certigna Root CA Certificate
|
|
||||||
===============================================
|
|
||||||
The following root certificate has been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: Certigna (Dhimyotis)
|
|
||||||
Alias Name: certignarootca
|
|
||||||
Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
|
|
||||||
|
|
||||||
security-libs/javax.security:
|
|
||||||
|
|
||||||
JDK-8242330: Arrays should be cloned in several JAAS Callback classes
|
|
||||||
=====================================================================
|
|
||||||
In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays
|
|
||||||
were not cloned when passed into a constructor or returned. This
|
|
||||||
allowed an external program to get access to the internal fields of
|
|
||||||
these classes. The classes have been updated to return cloned arrays.
|
|
||||||
|
|
||||||
New in release OpenJDK 8u382 (2023-07-18):
|
|
||||||
===========================================
|
|
||||||
Live versions of these release notes can be found at:
|
|
||||||
* https://bit.ly/openjdk8u382
|
|
||||||
|
|
||||||
* CVEs
|
|
||||||
- CVE-2023-22045
|
|
||||||
- CVE-2023-22049
|
|
||||||
* Security fixes
|
|
||||||
- JDK-8298676: Enhanced Look and Feel
|
|
||||||
- JDK-8300596: Enhance Jar Signature validation
|
|
||||||
- JDK-8304468: Better array usages
|
|
||||||
- JDK-8305312: Enhanced path handling
|
|
||||||
* Other changes
|
|
||||||
- JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace
|
|
||||||
- JDK-8151460: Metaspace counters can have inconsistent values
|
|
||||||
- JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
|
|
||||||
- JDK-8185736: missing default exception handler in calls to rethrow_Stub
|
|
||||||
- JDK-8186801: Add regression test to test mapping based charsets (generated at build time)
|
|
||||||
- JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
|
|
||||||
- JDK-8241311: Move some charset mapping tests from closed to open
|
|
||||||
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
|
|
||||||
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
|
|
||||||
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
|
||||||
- JDK-8276841: Add support for Visual Studio 2022
|
|
||||||
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
|
|
||||||
- JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
|
|
||||||
- JDK-8282345: handle latest VS2022 in abstract_vm_version
|
|
||||||
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
|
|
||||||
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
|
|
||||||
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
|
|
||||||
- JDK-8293232: Fix race condition in pkcs11 SessionManager
|
|
||||||
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
|
|
||||||
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
|
|
||||||
- JDK-8298108: Add a regression test for JDK-8297684
|
|
||||||
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
|
|
||||||
- JDK-8301119: Support for GB18030-2022
|
|
||||||
- JDK-8301400: Allow additional characters for GB18030-2022 support
|
|
||||||
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
|
|
||||||
- JDK-8303028: Update system property for Java SE specification maintenance version
|
|
||||||
- JDK-8303462: Bump update version of OpenJDK: 8u382
|
|
||||||
- JDK-8304760: Add 2 Microsoft TLS roots
|
|
||||||
- JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
|
|
||||||
- JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
|
||||||
- JDK-8305975: Add TWCA Global Root CA
|
|
||||||
- JDK-8307134: Add GTS root CAs
|
|
||||||
- JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8
|
|
||||||
- JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow
|
|
||||||
- JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119
|
|
||||||
|
|
||||||
Notes on individual issues:
|
|
||||||
===========================
|
|
||||||
|
|
||||||
core-libs/java.lang:
|
|
||||||
|
|
||||||
JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
|
||||||
===========================================================================
|
|
||||||
In order to support "Implementation Level 2" of the GB18030-2022
|
|
||||||
standard, the JDK must be able to use characters from the CJK Unified
|
|
||||||
Ideographs Extension E block of Unicode 8.0. The addition of these
|
|
||||||
characters forms Maintenance Release 5 of the Java SE 8 specification,
|
|
||||||
which is implemented in this release of OpenJDK via the addition of a
|
|
||||||
new UnicodeBlock instance,
|
|
||||||
Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E.
|
|
||||||
|
|
||||||
core-libs/java.util.jar:
|
|
||||||
|
|
||||||
8300596: Enhance Jar Signature validation
|
|
||||||
=========================================
|
|
||||||
A System property "jdk.jar.maxSignatureFileSize" is introduced to
|
|
||||||
configure the maximum number of bytes allowed for the
|
|
||||||
signature-related files in a JAR file during verification. The default
|
|
||||||
value is 8000000 bytes (8 MB).
|
|
||||||
|
|
||||||
security-libs/java.security:
|
|
||||||
|
|
||||||
JDK-8307134: Added 4 GTS Root CA Certificates
|
|
||||||
=============================================
|
|
||||||
The following root certificates have been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: Google Trust Services LLC
|
|
||||||
Alias Name: gtsrootcar1
|
|
||||||
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US
|
|
||||||
|
|
||||||
Name: Google Trust Services LLC
|
|
||||||
Alias Name: gtsrootcar2
|
|
||||||
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US
|
|
||||||
|
|
||||||
Name: Google Trust Services LLC
|
|
||||||
Alias Name: gtsrootcar3
|
|
||||||
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US
|
|
||||||
|
|
||||||
Name: Google Trust Services LLC
|
|
||||||
Alias Name: gtsrootcar4
|
|
||||||
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US
|
|
||||||
|
|
||||||
JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
|
|
||||||
=====================================================================
|
|
||||||
The following root certificates has been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: Microsoft Corporation
|
|
||||||
Alias Name: microsoftecc2017
|
|
||||||
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
|
||||||
|
|
||||||
Name: Microsoft Corporation
|
|
||||||
Alias Name: microsoftrsa2017
|
|
||||||
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
|
||||||
|
|
||||||
JDK-8305975: Added TWCA Root CA Certificate
|
|
||||||
===========================================
|
|
||||||
The following root certificate has been added to the cacerts
|
|
||||||
truststore:
|
|
||||||
|
|
||||||
Name: TWCA
|
|
||||||
Alias Name: twcaglobalrootca
|
|
||||||
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
|
|
||||||
|
|
||||||
New in release OpenJDK 8u372 (2023-04-18):
|
New in release OpenJDK 8u372 (2023-04-18):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
@ -1380,6 +497,19 @@ the current count of established connections and, if the configured
|
|||||||
limit has been reached, then the newly accepted connection will be
|
limit has been reached, then the newly accepted connection will be
|
||||||
closed immediately.
|
closed immediately.
|
||||||
|
|
||||||
|
core-libs/java.net:
|
||||||
|
|
||||||
|
JDK-8286918: Better HttpServer service
|
||||||
|
======================================
|
||||||
|
The HttpServer can be optionally configured with a maximum connection
|
||||||
|
limit by setting the jdk.httpserver.maxConnections system property. A
|
||||||
|
value of 0 or a negative integer is ignored and considered to
|
||||||
|
represent no connection limit. In the case of a positive integer
|
||||||
|
value, any newly accepted connections will be first checked against
|
||||||
|
the current count of established connections and, if the configured
|
||||||
|
limit has been reached, then the newly accepted connection will be
|
||||||
|
closed immediately.
|
||||||
|
|
||||||
security-libs/javax.net.ssl:
|
security-libs/javax.net.ssl:
|
||||||
|
|
||||||
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
|
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
|
||||||
@ -1577,7 +707,7 @@ device paths such as `NUL:` are *not* used.
|
|||||||
New in release OpenJDK 8u332 (2022-04-22):
|
New in release OpenJDK 8u332 (2022-04-22):
|
||||||
===========================================
|
===========================================
|
||||||
Live versions of these release notes can be found at:
|
Live versions of these release notes can be found at:
|
||||||
* https://bitly.com/openjdk8u332
|
* https://bit.ly/openjdk8u332
|
||||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
|
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
|
||||||
|
|
||||||
* Security fixes
|
* Security fixes
|
||||||
|
File diff suppressed because it is too large
Load Diff
131
SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh
Normal file
131
SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh
Normal file
@ -0,0 +1,131 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
ZIP_SRC=openjdk/jdk/src/share/native/java/util/zip/zlib
|
||||||
|
JPEG_SRC=openjdk/jdk/src/share/native/sun/awt/image/jpeg
|
||||||
|
GIF_SRC=openjdk/jdk/src/share/native/sun/awt/giflib
|
||||||
|
PNG_SRC=openjdk/jdk/src/share/native/sun/awt/libpng
|
||||||
|
LCMS_SRC=openjdk/jdk/src/share/native/sun/java2d/cmm/lcms
|
||||||
|
|
||||||
|
echo "Removing built-in libs (they will be linked)"
|
||||||
|
|
||||||
|
echo "Removing zlib"
|
||||||
|
if [ ! -d ${ZIP_SRC} ]; then
|
||||||
|
echo "${ZIP_SRC} does not exist. Refusing to proceed."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
rm -rvf ${ZIP_SRC}
|
||||||
|
|
||||||
|
echo "Removing libjpeg"
|
||||||
|
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
|
||||||
|
echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm -vf ${JPEG_SRC}/jcomapi.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdapimin.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdapistd.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdcoefct.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdcolor.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdct.h
|
||||||
|
rm -vf ${JPEG_SRC}/jddctmgr.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdhuff.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdhuff.h
|
||||||
|
rm -vf ${JPEG_SRC}/jdinput.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdmainct.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdmarker.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdmaster.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdmerge.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdphuff.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdpostct.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdsample.c
|
||||||
|
rm -vf ${JPEG_SRC}/jerror.c
|
||||||
|
rm -vf ${JPEG_SRC}/jerror.h
|
||||||
|
rm -vf ${JPEG_SRC}/jidctflt.c
|
||||||
|
rm -vf ${JPEG_SRC}/jidctfst.c
|
||||||
|
rm -vf ${JPEG_SRC}/jidctint.c
|
||||||
|
rm -vf ${JPEG_SRC}/jidctred.c
|
||||||
|
rm -vf ${JPEG_SRC}/jinclude.h
|
||||||
|
rm -vf ${JPEG_SRC}/jmemmgr.c
|
||||||
|
rm -vf ${JPEG_SRC}/jmemsys.h
|
||||||
|
rm -vf ${JPEG_SRC}/jmemnobs.c
|
||||||
|
rm -vf ${JPEG_SRC}/jmorecfg.h
|
||||||
|
rm -vf ${JPEG_SRC}/jpegint.h
|
||||||
|
rm -vf ${JPEG_SRC}/jpeglib.h
|
||||||
|
rm -vf ${JPEG_SRC}/jquant1.c
|
||||||
|
rm -vf ${JPEG_SRC}/jquant2.c
|
||||||
|
rm -vf ${JPEG_SRC}/jutils.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcapimin.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcapistd.c
|
||||||
|
rm -vf ${JPEG_SRC}/jccoefct.c
|
||||||
|
rm -vf ${JPEG_SRC}/jccolor.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcdctmgr.c
|
||||||
|
rm -vf ${JPEG_SRC}/jchuff.c
|
||||||
|
rm -vf ${JPEG_SRC}/jchuff.h
|
||||||
|
rm -vf ${JPEG_SRC}/jcinit.c
|
||||||
|
rm -vf ${JPEG_SRC}/jconfig.h
|
||||||
|
rm -vf ${JPEG_SRC}/jcmainct.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcmarker.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcmaster.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcparam.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcphuff.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcprepct.c
|
||||||
|
rm -vf ${JPEG_SRC}/jcsample.c
|
||||||
|
rm -vf ${JPEG_SRC}/jctrans.c
|
||||||
|
rm -vf ${JPEG_SRC}/jdtrans.c
|
||||||
|
rm -vf ${JPEG_SRC}/jfdctflt.c
|
||||||
|
rm -vf ${JPEG_SRC}/jfdctfst.c
|
||||||
|
rm -vf ${JPEG_SRC}/jfdctint.c
|
||||||
|
rm -vf ${JPEG_SRC}/jversion.h
|
||||||
|
rm -vf ${JPEG_SRC}/README
|
||||||
|
|
||||||
|
echo "Removing giflib"
|
||||||
|
if [ ! -d ${GIF_SRC} ]; then
|
||||||
|
echo "${GIF_SRC} does not exist. Refusing to proceed."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
rm -rvf ${GIF_SRC}
|
||||||
|
|
||||||
|
echo "Removing libpng"
|
||||||
|
if [ ! -d ${PNG_SRC} ]; then
|
||||||
|
echo "${PNG_SRC} does not exist. Refusing to proceed."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
rm -rvf ${PNG_SRC}
|
||||||
|
|
||||||
|
echo "Removing lcms"
|
||||||
|
if [ ! -d ${LCMS_SRC} ]; then
|
||||||
|
echo "${LCMS_SRC} does not exist. Refusing to proceed."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
# temporary change to move bundled LCMS
|
||||||
|
if [ ! true ]; then
|
||||||
|
rm -vf ${LCMS_SRC}/cmsalpha.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmscam02.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmscgats.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmscnvrt.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmserr.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsgamma.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsgmt.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmshalf.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsintrp.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsio0.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsio1.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmslut.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsmd5.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsmtrx.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsnamed.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsopt.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmspack.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmspcs.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsplugin.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsps2.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmssamp.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmssm.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmstypes.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsvirt.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmswtpnt.c
|
||||||
|
rm -vf ${LCMS_SRC}/cmsxform.c
|
||||||
|
rm -vf ${LCMS_SRC}/lcms2.h
|
||||||
|
rm -vf ${LCMS_SRC}/lcms2_internal.h
|
||||||
|
rm -vf ${LCMS_SRC}/lcms2_plugin.h
|
||||||
|
fi
|
@ -7,11 +7,10 @@
|
|||||||
PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
|
PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
|
||||||
Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
|
Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
|
||||||
|
|
||||||
diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4
|
diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
|
||||||
index 113bf367e2..bed030e8d1 100644
|
--- openjdk.orig///common/autoconf/flags.m4
|
||||||
--- a/common/autoconf/flags.m4
|
+++ openjdk///common/autoconf/flags.m4
|
||||||
+++ b/common/autoconf/flags.m4
|
@@ -402,6 +402,21 @@
|
||||||
@@ -451,6 +451,21 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_JDK],
|
|
||||||
AC_SUBST($2CXXSTD_CXXFLAG)
|
AC_SUBST($2CXXSTD_CXXFLAG)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -23,7 +22,7 @@ index 113bf367e2..bed030e8d1 100644
|
|||||||
+ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned.
|
+ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned.
|
||||||
+ # While waiting for a better solution, the current workaround is to use -mstackrealign
|
+ # While waiting for a better solution, the current workaround is to use -mstackrealign
|
||||||
+ # This is also required on Linux systems which use libraries compiled with SSE instructions
|
+ # This is also required on Linux systems which use libraries compiled with SSE instructions
|
||||||
+ REALIGN_CFLAG="-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4"
|
+ REALIGN_CFLAG="-mstackrealign"
|
||||||
+ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
|
+ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
|
||||||
+ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
|
+ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
|
||||||
+ )
|
+ )
|
||||||
@ -33,32 +32,23 @@ index 113bf367e2..bed030e8d1 100644
|
|||||||
if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then
|
if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then
|
||||||
AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags])
|
AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags])
|
||||||
fi
|
fi
|
||||||
diff --git a/common/autoconf/hotspot-spec.gmk.in b/common/autoconf/hotspot-spec.gmk.in
|
diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/autoconf/hotspot-spec.gmk.in
|
||||||
index 3f86751d2b..f8a271383f 100644
|
--- openjdk.orig///common/autoconf/hotspot-spec.gmk.in
|
||||||
--- a/common/autoconf/hotspot-spec.gmk.in
|
+++ openjdk///common/autoconf/hotspot-spec.gmk.in
|
||||||
+++ b/common/autoconf/hotspot-spec.gmk.in
|
@@ -112,7 +112,8 @@
|
||||||
@@ -114,13 +114,14 @@ RC:=@HOTSPOT_RC@
|
RC:=@HOTSPOT_RC@
|
||||||
# Retain EXTRA_{CFLAGS,CXXFLAGS,LDFLAGS,ASFLAGS} for the target flags to
|
|
||||||
# maintain compatibility with the existing Makefiles
|
EXTRA_CFLAGS=@LEGACY_EXTRA_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
|
||||||
EXTRA_CFLAGS=@LEGACY_TARGET_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
|
|
||||||
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
|
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
|
||||||
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \
|
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \
|
||||||
+ $(REALIGN_CFLAG)
|
+ $(REALIGN_CFLAG)
|
||||||
EXTRA_CXXFLAGS=@LEGACY_TARGET_CXXFLAGS@
|
EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@
|
||||||
EXTRA_LDFLAGS=@LEGACY_TARGET_LDFLAGS@
|
EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@
|
||||||
EXTRA_ASFLAGS=@LEGACY_TARGET_ASFLAGS@
|
EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@
|
||||||
# Define an equivalent set for the host flags (i.e. without sysroot options)
|
diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in
|
||||||
HOST_CFLAGS=@LEGACY_HOST_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
|
--- openjdk.orig///common/autoconf/spec.gmk.in
|
||||||
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
|
+++ openjdk///common/autoconf/spec.gmk.in
|
||||||
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
|
@@ -366,6 +366,7 @@
|
||||||
HOST_CXXFLAGS=@LEGACY_HOST_CXXFLAGS@
|
|
||||||
HOST_LDFLAGS=@LEGACY_HOST_LDFLAGS@
|
|
||||||
HOST_ASFLAGS=@LEGACY_HOST_ASFLAGS@
|
|
||||||
diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in
|
|
||||||
index 9573bb2cbd..fe7efc130c 100644
|
|
||||||
--- a/common/autoconf/spec.gmk.in
|
|
||||||
+++ b/common/autoconf/spec.gmk.in
|
|
||||||
@@ -366,6 +366,7 @@ CXXFLAGS_JDKEXE:=@CXXFLAGS_JDKEXE@
|
|
||||||
|
|
||||||
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
|
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
|
||||||
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@
|
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@
|
||||||
|
12
SOURCES/jdk8218811-perfMemory_linux.patch
Normal file
12
SOURCES/jdk8218811-perfMemory_linux.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
diff --git openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||||
|
--- openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||||
|
+++ openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||||
|
@@ -878,7 +878,7 @@
|
||||||
|
|
||||||
|
// open the file
|
||||||
|
int result;
|
||||||
|
- RESTARTABLE(::open(filename, oflags), result);
|
||||||
|
+ RESTARTABLE(::open(filename, oflags, 0), result);
|
||||||
|
if (result == OS_ERR) {
|
||||||
|
if (errno == ENOENT) {
|
||||||
|
THROW_MSG_(vmSymbols::java_lang_IllegalArgumentException(),
|
@ -0,0 +1,167 @@
|
|||||||
|
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
|
||||||
|
Author: Alexey Bakhtin <abakhtin@openjdk.org>
|
||||||
|
Date: Tue Apr 4 10:29:11 2023 +0000
|
||||||
|
|
||||||
|
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||||
|
|
||||||
|
Reviewed-by: andrew, mbalao
|
||||||
|
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
|
||||||
|
|
||||||
|
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||||
|
index a79e97d7c74..5378446b97b 100644
|
||||||
|
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||||
|
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||||
|
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
@Override
|
||||||
|
protected void engineInitVerify(PublicKey publicKey)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
- if (!(publicKey instanceof RSAPublicKey)) {
|
||||||
|
+ if (publicKey instanceof RSAPublicKey) {
|
||||||
|
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
|
||||||
|
+ isPublicKeyValid(rsaPubKey);
|
||||||
|
+ this.pubKey = rsaPubKey;
|
||||||
|
+ this.privKey = null;
|
||||||
|
+ resetDigest();
|
||||||
|
+ } else {
|
||||||
|
throw new InvalidKeyException("key must be RSAPublicKey");
|
||||||
|
}
|
||||||
|
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
|
||||||
|
- this.privKey = null;
|
||||||
|
- resetDigest();
|
||||||
|
}
|
||||||
|
|
||||||
|
// initialize for signing. See JCA doc
|
||||||
|
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
@Override
|
||||||
|
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
|
||||||
|
throws InvalidKeyException {
|
||||||
|
- if (!(privateKey instanceof RSAPrivateKey)) {
|
||||||
|
+ if (privateKey instanceof RSAPrivateKey) {
|
||||||
|
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
|
||||||
|
+ isPrivateKeyValid(rsaPrivateKey);
|
||||||
|
+ this.privKey = rsaPrivateKey;
|
||||||
|
+ this.pubKey = null;
|
||||||
|
+ this.random =
|
||||||
|
+ (random == null ? JCAUtil.getSecureRandom() : random);
|
||||||
|
+ resetDigest();
|
||||||
|
+ } else {
|
||||||
|
throw new InvalidKeyException("key must be RSAPrivateKey");
|
||||||
|
}
|
||||||
|
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
|
||||||
|
- this.pubKey = null;
|
||||||
|
- this.random =
|
||||||
|
- (random == null? JCAUtil.getSecureRandom() : random);
|
||||||
|
- resetDigest();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Validate the specified RSAPrivateKey
|
||||||
|
+ */
|
||||||
|
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
|
||||||
|
+ try {
|
||||||
|
+ if (prKey instanceof RSAPrivateCrtKey) {
|
||||||
|
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
|
||||||
|
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
|
||||||
|
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||||
|
+ crtKey.getModulus().bitLength(),
|
||||||
|
+ crtKey.getPublicExponent());
|
||||||
|
+ } else {
|
||||||
|
+ throw new InvalidKeyException(
|
||||||
|
+ "Some of the CRT-specific components are not available");
|
||||||
|
+ }
|
||||||
|
+ } else {
|
||||||
|
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||||
|
+ prKey.getModulus().bitLength(),
|
||||||
|
+ null);
|
||||||
|
+ }
|
||||||
|
+ } catch (InvalidKeyException ikEx) {
|
||||||
|
+ throw ikEx;
|
||||||
|
+ } catch (Exception e) {
|
||||||
|
+ throw new InvalidKeyException(
|
||||||
|
+ "Can not access private key components", e);
|
||||||
|
+ }
|
||||||
|
+ isValid(prKey);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /**
|
||||||
|
+ * Validate the specified RSAPublicKey
|
||||||
|
+ */
|
||||||
|
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
|
||||||
|
+ try {
|
||||||
|
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||||
|
+ pKey.getModulus().bitLength(),
|
||||||
|
+ pKey.getPublicExponent());
|
||||||
|
+ } catch (InvalidKeyException ikEx) {
|
||||||
|
+ throw ikEx;
|
||||||
|
+ } catch (Exception e) {
|
||||||
|
+ throw new InvalidKeyException(
|
||||||
|
+ "Can not access public key components", e);
|
||||||
|
+ }
|
||||||
|
+ isValid(pKey);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Validate the specified RSAKey and its associated parameters against
|
||||||
|
* internal signature parameters.
|
||||||
|
*/
|
||||||
|
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||||
|
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||||
|
try {
|
||||||
|
AlgorithmParameterSpec keyParams = rsaKey.getParams();
|
||||||
|
// validate key parameters
|
||||||
|
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||||
|
}
|
||||||
|
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
|
||||||
|
}
|
||||||
|
- return rsaKey;
|
||||||
|
} catch (SignatureException e) {
|
||||||
|
throw new InvalidKeyException(e);
|
||||||
|
}
|
||||||
|
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||||
|
index 6b219937981..b3c1fae9672 100644
|
||||||
|
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||||
|
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||||
|
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
|
||||||
|
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
|
||||||
|
// check all CRT-specific components are available, if any one
|
||||||
|
// missing, return a non-CRT key instead
|
||||||
|
- if ((key.getPublicExponent().signum() == 0) ||
|
||||||
|
- (key.getPrimeExponentP().signum() == 0) ||
|
||||||
|
- (key.getPrimeExponentQ().signum() == 0) ||
|
||||||
|
- (key.getPrimeP().signum() == 0) ||
|
||||||
|
- (key.getPrimeQ().signum() == 0) ||
|
||||||
|
- (key.getCrtCoefficient().signum() == 0)) {
|
||||||
|
+ if (checkComponents(key)) {
|
||||||
|
+ return key;
|
||||||
|
+ } else {
|
||||||
|
return new RSAPrivateKeyImpl(
|
||||||
|
key.algid,
|
||||||
|
key.getModulus(),
|
||||||
|
- key.getPrivateExponent()
|
||||||
|
- );
|
||||||
|
- } else {
|
||||||
|
- return key;
|
||||||
|
+ key.getPrivateExponent());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /**
|
||||||
|
+ * Validate if all CRT-specific components are available.
|
||||||
|
+ */
|
||||||
|
+ static boolean checkComponents(RSAPrivateCrtKey key) {
|
||||||
|
+ return !((key.getPublicExponent().signum() == 0) ||
|
||||||
|
+ (key.getPrimeExponentP().signum() == 0) ||
|
||||||
|
+ (key.getPrimeExponentQ().signum() == 0) ||
|
||||||
|
+ (key.getPrimeP().signum() == 0) ||
|
||||||
|
+ (key.getPrimeQ().signum() == 0) ||
|
||||||
|
+ (key.getCrtCoefficient().signum() == 0));
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/**
|
||||||
|
* Generate a new key from the specified type and components.
|
||||||
|
* Returns a CRT key if possible and a non-CRT key otherwise.
|
67
SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
Normal file
67
SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
# HG changeset patch
|
||||||
|
# User Andrew John Hughes <gnu_andrew@member.fsf.org>
|
||||||
|
# Date 1620365804 -3600
|
||||||
|
# Fri May 07 06:36:44 2021 +0100
|
||||||
|
# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8
|
||||||
|
# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b
|
||||||
|
PR3836: Extra compiler flags not passed to adlc build
|
||||||
|
|
||||||
|
diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make
|
||||||
|
--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make
|
||||||
|
+++ openjdk/hotspot/make/aix/makefiles/adlc.make
|
||||||
|
@@ -69,6 +69,11 @@
|
||||||
|
CFLAGS_WARN = -w
|
||||||
|
CFLAGS += $(CFLAGS_WARN)
|
||||||
|
|
||||||
|
+# Extra flags from gnumake's invocation or environment
|
||||||
|
+CFLAGS += $(EXTRA_CFLAGS)
|
||||||
|
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
|
||||||
|
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||||
|
+
|
||||||
|
OBJECTNAMES = \
|
||||||
|
adlparse.o \
|
||||||
|
archDesc.o \
|
||||||
|
diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make
|
||||||
|
--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make
|
||||||
|
+++ openjdk/hotspot/make/bsd/makefiles/adlc.make
|
||||||
|
@@ -71,6 +71,11 @@
|
||||||
|
endif
|
||||||
|
CFLAGS += $(CFLAGS_WARN)
|
||||||
|
|
||||||
|
+# Extra flags from gnumake's invocation or environment
|
||||||
|
+CFLAGS += $(EXTRA_CFLAGS)
|
||||||
|
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
|
||||||
|
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||||
|
+
|
||||||
|
OBJECTNAMES = \
|
||||||
|
adlparse.o \
|
||||||
|
archDesc.o \
|
||||||
|
diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make
|
||||||
|
--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make
|
||||||
|
+++ openjdk/hotspot/make/linux/makefiles/adlc.make
|
||||||
|
@@ -69,6 +69,11 @@
|
||||||
|
CFLAGS_WARN = $(WARNINGS_ARE_ERRORS)
|
||||||
|
CFLAGS += $(CFLAGS_WARN)
|
||||||
|
|
||||||
|
+# Extra flags from gnumake's invocation or environment
|
||||||
|
+CFLAGS += $(EXTRA_CFLAGS)
|
||||||
|
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
|
||||||
|
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||||
|
+
|
||||||
|
OBJECTNAMES = \
|
||||||
|
adlparse.o \
|
||||||
|
archDesc.o \
|
||||||
|
diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make
|
||||||
|
--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make
|
||||||
|
+++ openjdk/hotspot/make/solaris/makefiles/adlc.make
|
||||||
|
@@ -85,6 +85,10 @@
|
||||||
|
endif
|
||||||
|
CFLAGS += $(CFLAGS_WARN)
|
||||||
|
|
||||||
|
+# Extra flags from gnumake's invocation or environment
|
||||||
|
+CFLAGS += $(EXTRA_CFLAGS)
|
||||||
|
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||||
|
+
|
||||||
|
ifeq ("${Platform_compiler}", "sparcWorks")
|
||||||
|
# Enable the following CFLAGS addition if you need to compare the
|
||||||
|
# built ELF objects.
|
File diff suppressed because it is too large
Load Diff
@ -7,11 +7,10 @@
|
|||||||
8074839: Resolve disabled warnings for libunpack and the unpack200 binary
|
8074839: Resolve disabled warnings for libunpack and the unpack200 binary
|
||||||
Reviewed-by: dholmes, ksrini
|
Reviewed-by: dholmes, ksrini
|
||||||
|
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||||
index bdaf95a2f6a..60c5b4f2a69 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
@@ -63,7 +63,7 @@
|
||||||
@@ -63,7 +63,7 @@ struct bytes {
|
|
||||||
bytes res;
|
bytes res;
|
||||||
res.ptr = ptr + beg;
|
res.ptr = ptr + beg;
|
||||||
res.len = end - beg;
|
res.len = end - beg;
|
||||||
@ -20,11 +19,10 @@ index bdaf95a2f6a..60c5b4f2a69 100644
|
|||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
// building C strings inside byte buffers:
|
// building C strings inside byte buffers:
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||||
index 5fbc7261fb3..4c002e779d8 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
@@ -292,7 +292,7 @@
|
||||||
@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject
|
|
||||||
|
|
||||||
if (uPtr->aborting()) {
|
if (uPtr->aborting()) {
|
||||||
THROW_IOE(uPtr->get_abort_message());
|
THROW_IOE(uPtr->get_abort_message());
|
||||||
@ -33,16 +31,16 @@ index 5fbc7261fb3..4c002e779d8 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
// We have fetched all the files.
|
// We have fetched all the files.
|
||||||
@@ -312,7 +312,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
|
@@ -310,7 +310,7 @@
|
||||||
// There's no need to create a new unpacker here if we don't already have one
|
JNIEXPORT jlong JNICALL
|
||||||
// just to immediatly free it afterwards.
|
Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
|
||||||
unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true);
|
unpacker* uPtr = get_unpacker(env, pObj, false);
|
||||||
- CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
|
- CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
|
||||||
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0);
|
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0);
|
||||||
size_t consumed = uPtr->input_consumed();
|
size_t consumed = uPtr->input_consumed();
|
||||||
// free_unpacker() will set the unpacker field on 'pObj' to null
|
|
||||||
free_unpacker(env, pObj, uPtr);
|
free_unpacker(env, pObj, uPtr);
|
||||||
@@ -323,6 +323,7 @@ JNIEXPORT jboolean JNICALL
|
return consumed;
|
||||||
|
@@ -320,6 +320,7 @@
|
||||||
Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj,
|
Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj,
|
||||||
jstring pProp, jstring pValue) {
|
jstring pProp, jstring pValue) {
|
||||||
unpacker* uPtr = get_unpacker(env, pObj);
|
unpacker* uPtr = get_unpacker(env, pObj);
|
||||||
@ -50,11 +48,10 @@ index 5fbc7261fb3..4c002e779d8 100644
|
|||||||
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
|
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
|
||||||
CHECK_EXCEPTION_RETURN_VALUE(prop, false);
|
CHECK_EXCEPTION_RETURN_VALUE(prop, false);
|
||||||
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
|
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||||
index 6fbc43a18ae..722c8baaff0 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
@@ -142,31 +142,28 @@
|
||||||
@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) {
|
|
||||||
return progname;
|
return progname;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -104,11 +101,10 @@ index 6fbc43a18ae..722c8baaff0 100644
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||||
index a585535c513..8df3fade499 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
@@ -222,9 +222,9 @@
|
||||||
@@ -225,9 +225,9 @@ struct entry {
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef PRODUCT
|
#ifdef PRODUCT
|
||||||
@ -120,7 +116,7 @@ index a585535c513..8df3fade499 100644
|
|||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
@@ -719,13 +719,13 @@ void unpacker::read_file_header() {
|
@@ -715,13 +715,13 @@
|
||||||
// Now we can size the whole archive.
|
// Now we can size the whole archive.
|
||||||
// Read everything else into a mega-buffer.
|
// Read everything else into a mega-buffer.
|
||||||
rp = hdr.rp;
|
rp = hdr.rp;
|
||||||
@ -138,7 +134,7 @@ index a585535c513..8df3fade499 100644
|
|||||||
abort("EOF reading fixed input buffer");
|
abort("EOF reading fixed input buffer");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -739,7 +739,7 @@ void unpacker::read_file_header() {
|
@@ -735,7 +735,7 @@
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
|
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
|
||||||
@ -147,7 +143,7 @@ index a585535c513..8df3fade499 100644
|
|||||||
CHECK;
|
CHECK;
|
||||||
assert(input.limit()[0] == 0);
|
assert(input.limit()[0] == 0);
|
||||||
// Move all the bytes we read initially into the real buffer.
|
// Move all the bytes we read initially into the real buffer.
|
||||||
@@ -962,13 +962,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) {
|
@@ -958,13 +958,13 @@
|
||||||
nentries = next_entry;
|
nentries = next_entry;
|
||||||
|
|
||||||
// place a limit on future CP growth:
|
// place a limit on future CP growth:
|
||||||
@ -163,7 +159,18 @@ index a585535c513..8df3fade499 100644
|
|||||||
|
|
||||||
// Note that this CP does not include "empty" entries
|
// Note that this CP does not include "empty" entries
|
||||||
// for longs and doubles. Those are introduced when
|
// for longs and doubles. Those are introduced when
|
||||||
@@ -3694,21 +3694,22 @@ void cpool::computeOutputIndexes() {
|
@@ -982,8 +982,9 @@
|
||||||
|
}
|
||||||
|
|
||||||
|
// Initialize *all* our entries once
|
||||||
|
- for (int i = 0 ; i < maxentries ; i++)
|
||||||
|
+ for (uint i = 0 ; i < maxentries ; i++) {
|
||||||
|
entries[i].outputIndex = REQUESTED_NONE;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
initGroupIndexes();
|
||||||
|
// Initialize hashTab to a generous power-of-two size.
|
||||||
|
@@ -3677,21 +3678,22 @@
|
||||||
|
|
||||||
unpacker* debug_u;
|
unpacker* debug_u;
|
||||||
|
|
||||||
@ -190,7 +197,7 @@ index a585535c513..8df3fade499 100644
|
|||||||
case CONSTANT_Signature:
|
case CONSTANT_Signature:
|
||||||
if (value.b.ptr == null)
|
if (value.b.ptr == null)
|
||||||
return ref(0)->string();
|
return ref(0)->string();
|
||||||
@@ -3728,26 +3729,28 @@ char* entry::string() {
|
@@ -3711,26 +3713,28 @@
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
if (nrefs == 0) {
|
if (nrefs == 0) {
|
||||||
@ -228,11 +235,10 @@ index a585535c513..8df3fade499 100644
|
|||||||
}
|
}
|
||||||
|
|
||||||
void print_cp_entries(int beg, int end) {
|
void print_cp_entries(int beg, int end) {
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||||
index 4ec595333c4..aad0c971ef2 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
@@ -209,7 +209,7 @@
|
||||||
@@ -209,7 +209,7 @@ struct unpacker {
|
|
||||||
byte* rp; // read pointer (< rplimit <= input.limit())
|
byte* rp; // read pointer (< rplimit <= input.limit())
|
||||||
byte* rplimit; // how much of the input block has been read?
|
byte* rplimit; // how much of the input block has been read?
|
||||||
julong bytes_read;
|
julong bytes_read;
|
||||||
@ -241,11 +247,10 @@ index 4ec595333c4..aad0c971ef2 100644
|
|||||||
|
|
||||||
// callback to read at least one byte, up to available input
|
// callback to read at least one byte, up to available input
|
||||||
typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen);
|
typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen);
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||||
index da39a589545..1281d8b25c8 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
@@ -81,7 +81,7 @@
|
||||||
@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger
|
|
||||||
int assert_failed(const char* p) {
|
int assert_failed(const char* p) {
|
||||||
char message[1<<12];
|
char message[1<<12];
|
||||||
sprintf(message, "@assert failed: %s\n", p);
|
sprintf(message, "@assert failed: %s\n", p);
|
||||||
@ -254,11 +259,10 @@ index da39a589545..1281d8b25c8 100644
|
|||||||
breakpoint();
|
breakpoint();
|
||||||
unpack_abort(message);
|
unpack_abort(message);
|
||||||
return 0;
|
return 0;
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||||
index f58c94956c0..343da3e183b 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
@@ -84,7 +84,7 @@
|
||||||
@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) {
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Write data to the ZIP output stream.
|
// Write data to the ZIP output stream.
|
||||||
@ -267,7 +271,7 @@ index f58c94956c0..343da3e183b 100644
|
|||||||
while (len > 0) {
|
while (len > 0) {
|
||||||
int rc = (int)fwrite(buff, 1, len, jarfp);
|
int rc = (int)fwrite(buff, 1, len, jarfp);
|
||||||
if (rc <= 0) {
|
if (rc <= 0) {
|
||||||
@@ -323,12 +323,12 @@ void jar::write_central_directory() {
|
@@ -323,12 +323,12 @@
|
||||||
// Total number of disks (int)
|
// Total number of disks (int)
|
||||||
header64[36] = (ushort)SWAP_BYTES(1);
|
header64[36] = (ushort)SWAP_BYTES(1);
|
||||||
header64[37] = 0;
|
header64[37] = 0;
|
||||||
@ -282,11 +286,10 @@ index f58c94956c0..343da3e183b 100644
|
|||||||
|
|
||||||
PRINTCR((2, "writing zip comment\n"));
|
PRINTCR((2, "writing zip comment\n"));
|
||||||
// Write the comment.
|
// Write the comment.
|
||||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||||
index 14ffc9d65bd..9877f6f68ca 100644
|
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
@@ -68,8 +68,8 @@
|
||||||
@@ -68,8 +68,8 @@ struct jar {
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Private Methods
|
// Private Methods
|
||||||
|
@ -16,7 +16,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenan
|
|||||||
Atomic::add(val, &_sum);
|
Atomic::add(val, &_sum);
|
||||||
|
|
||||||
- int mag = log2_intptr(val) + 1;
|
- int mag = log2_intptr(val) + 1;
|
||||||
+ int mag = log2_long(val) + 1;
|
+ int mag = log2_intptr((uintptr_t)val) + 1;
|
||||||
|
|
||||||
// Defensively saturate for product bits:
|
// Defensively saturate for product bits:
|
||||||
if (mag < 0) {
|
if (mag < 0) {
|
||||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user