Compare commits
No commits in common. "c8" and "c9-bootstrap" have entirely different histories.
c8
...
c9-bootstr
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/shenandoah8u432-b06.tar.xz
|
||||
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
af2d3b85c48ecc8c22188ac687e6160658ef6aca SOURCES/shenandoah8u432-b06.tar.xz
|
||||
3f015b60e085b0e1f0fd9ea13abf775a890c2b1b SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u372-b07-4curve.tar.xz
|
||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
898
SOURCES/NEWS
898
SOURCES/NEWS
@ -3,889 +3,6 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 8u432 (2024-10-15):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u432
|
||||
|
||||
* CVEs
|
||||
- CVE-2024-21208
|
||||
- CVE-2024-21210
|
||||
- CVE-2024-21217
|
||||
- CVE-2024-21235
|
||||
* Security fixes
|
||||
- JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
|
||||
- JDK-8313626, JDK-8307769: C2 crash due to unexpected exception control flow
|
||||
- JDK-8328286: Enhance HTTP client
|
||||
- JDK-8328544: Improve handling of vectorization
|
||||
- JDK-8328726: Better Kerberos support
|
||||
- JDK-8331446: Improve deserialization support
|
||||
- JDK-8332644: Improve graph optimizations
|
||||
- JDK-8335713: Enhance vectorization analysis
|
||||
* Other changes
|
||||
- JDK-4660158: TTY: NumberFormatException while trying to set values by 'set' command
|
||||
- JDK-6544871: java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows.
|
||||
- JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails
|
||||
- JDK-8021775: compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50"
|
||||
- JDK-8030204: com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found
|
||||
- JDK-8030795: java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option
|
||||
- JDK-8035395: sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use
|
||||
- JDK-8075511: Enable -Woverloaded-virtual C++ warning for HotSpot build
|
||||
- JDK-8137329: [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging"
|
||||
- JDK-8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials
|
||||
- JDK-8152207: Perform array bound checks while getting a length of bytecode instructions
|
||||
- JDK-8193682: Infinite loop in ZipOutputStream.close()
|
||||
- JDK-8196770: Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java
|
||||
- JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
|
||||
- JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp
|
||||
- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
|
||||
- JDK-8251188: Update LDAP tests not to use wildcard addresses
|
||||
- JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
|
||||
- JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
|
||||
- JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
|
||||
- JDK-8279164: Disable TLS_ECDH_* cipher suites
|
||||
- JDK-8281096: Flags introduced by configure script are not passed to ADLC build
|
||||
- JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
|
||||
- JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors
|
||||
- JDK-8299677: Formatter.format might take a long time to format an integer or floating-point
|
||||
- JDK-8305400: ISO 4217 Amendment 175 Update
|
||||
- JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none"
|
||||
- JDK-8307779: Relax the java.awt.Robot specification
|
||||
- JDK-8309138: Fix container tests for jdks with symlinked conf dir
|
||||
- JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
|
||||
- JDK-8315117: Update Zlib Data Compression Library to Version 1.3
|
||||
- JDK-8315863: [GHA] Update checkout action to use v4
|
||||
- JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes
|
||||
- JDK-8318039: GHA: Bump macOS and Xcode versions
|
||||
- JDK-8318951: Additional negative value check in JPEG decoding
|
||||
- JDK-8320964: sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese
|
||||
- JDK-8321480: ISO 4217 Amendment 176 Update
|
||||
- JDK-8324632: Update Zlib Data Compression Library to Version 1.3.1
|
||||
- JDK-8324723: GHA: Upgrade some actions to avoid deprecated Node 16
|
||||
- JDK-8326351: Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1
|
||||
- JDK-8326521: JFR: CompilerPhase event test fails on windows 32 bit
|
||||
- JDK-8326529: JFR: Test for CompilerCompile events fails due to time out
|
||||
- JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
|
||||
- JDK-8330415: Update system property for Java SE specification maintenance version
|
||||
- JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye
|
||||
- JDK-8333126: Bump update version of OpenJDK: 8u432
|
||||
- JDK-8333669: [8u] GHA: Dead VS2010 download link
|
||||
- JDK-8333724: Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1
|
||||
- JDK-8334653: ISO 4217 Amendment 177 Update
|
||||
- JDK-8334905: [8u] The test java/awt/Mixing/AWT_Mixing/JButtonOverlapping.java started to fail after 8159690
|
||||
- JDK-8335851: [8u] Test JMXStartStopTest.java fails after JDK-8334415
|
||||
- JDK-8335894: [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir
|
||||
- JDK-8336928: GHA: Bundle artifacts removal broken
|
||||
- JDK-8337110: [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory
|
||||
- JDK-8337312: [8u] Windows x86 VS2010 build broken by JDK-8320097
|
||||
- JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
|
||||
- JDK-8338144: [8u] Remove duplicate license files
|
||||
- JDK-8341057: Add 2 SSL.com TLS roots
|
||||
- JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/javax.net.ssl:
|
||||
|
||||
JDK-8279164: Disable TLS_ECDH_* cipher suites
|
||||
=============================================
|
||||
The TLS_ECDH cipher suites do not preserve forward secrecy and are
|
||||
rarely used in practice. With this release, they are disabled by
|
||||
adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in
|
||||
the `java.security` configuration file. Attempts to use these suites
|
||||
with this release will result in a `SSLHandshakeException` being
|
||||
thrown. Note that ECDH cipher suites which use RC4 were already
|
||||
disabled prior to this change.
|
||||
|
||||
Users can, *at their own risk*, remove this restriction by modifying
|
||||
the `java.security` configuration file (or override it by using the
|
||||
`java.security.properties` system property) so "ECDH" is no longer
|
||||
listed in the `jdk.tls.disabledAlgorithms` security property.
|
||||
|
||||
This change has no effect on TLS_ECDHE cipher suites, which remain
|
||||
enabled by default.
|
||||
|
||||
JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
|
||||
JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
|
||||
====================================================================================================
|
||||
In accordance with similar plans recently announced by Google and
|
||||
Mozilla, the JDK will not trust Transport Layer Security (TLS)
|
||||
certificates issued after the 11th of November 2024 which are anchored
|
||||
by Entrust root certificates. This includes certificates branded as
|
||||
AffirmTrust, which are managed by Entrust.
|
||||
|
||||
Certificates issued on or before November 11th, 2024 will continue to
|
||||
be trusted until they expire.
|
||||
|
||||
If a server's certificate chain is anchored by an affected
|
||||
certificate, attempts to negotiate a TLS session will fail with an
|
||||
Exception that indicates the trust anchor is not trusted. For example,
|
||||
|
||||
"TLS server certificate issued after 2024-11-11 and anchored by a
|
||||
distrusted legacy Entrust root CA: CN=Entrust.net Certification
|
||||
Authority (2048), OU=(c) 1999 Entrust.net Limited,
|
||||
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
|
||||
O=Entrust.net"
|
||||
|
||||
To check whether a certificate in a JDK keystore is affected by this
|
||||
change, you can the `keytool` utility:
|
||||
|
||||
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
|
||||
|
||||
If any of the certificates in the chain are affected by this change,
|
||||
then you will need to update the certificate or contact the
|
||||
organisation responsible for managing the certificate.
|
||||
|
||||
These restrictions apply to the following Entrust root certificates
|
||||
included in the JDK:
|
||||
|
||||
Alias name: entrustevca [jdk]
|
||||
CN=Entrust Root Certification Authority
|
||||
OU=(c) 2006 Entrust, Inc.
|
||||
OU=www.entrust.net/CPS is incorporated by reference
|
||||
O=Entrust, Inc.
|
||||
C=US
|
||||
SHA256: 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C
|
||||
|
||||
Alias name: entrustrootcaec1 [jdk]
|
||||
CN=Entrust Root Certification Authority - EC1
|
||||
OU=(c) 2012 Entrust, Inc. - for authorized use only
|
||||
OU=See www.entrust.net/legal-terms
|
||||
O=Entrust, Inc.
|
||||
C=US
|
||||
SHA256: 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
|
||||
|
||||
Alias name: entrustrootcag2 [jdk]
|
||||
CN=Entrust Root Certification Authority - G2
|
||||
OU=(c) 2009 Entrust, Inc. - for authorized use only
|
||||
OU=See www.entrust.net/legal-terms
|
||||
O=Entrust, Inc.
|
||||
C=US
|
||||
SHA256: 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
|
||||
|
||||
Alias name: entrustrootcag4 [jdk]
|
||||
CN=Entrust Root Certification Authority - G4
|
||||
OU=(c) 2015 Entrust, Inc. - for authorized use only
|
||||
OU=See www.entrust.net/legal-terms
|
||||
O=Entrust, Inc.
|
||||
C=US
|
||||
SHA256: DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
|
||||
|
||||
Alias name: entrust2048ca [jdk]
|
||||
CN=Entrust.net Certification Authority (2048)
|
||||
OU=(c) 1999 Entrust.net Limited
|
||||
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
|
||||
O=Entrust.net
|
||||
SHA256: 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77
|
||||
|
||||
Alias name: affirmtrustcommercialca [jdk]
|
||||
CN=AffirmTrust Commercial
|
||||
O=AffirmTrust
|
||||
C=US
|
||||
SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7
|
||||
|
||||
Alias name: affirmtrustnetworkingca [jdk]
|
||||
CN=AffirmTrust Networking
|
||||
O=AffirmTrust
|
||||
C=US
|
||||
SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B
|
||||
|
||||
Alias name: affirmtrustpremiumca [jdk]
|
||||
CN=AffirmTrust Premium
|
||||
O=AffirmTrust
|
||||
C=US
|
||||
SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A
|
||||
|
||||
Alias name: affirmtrustpremiumeccca [jdk]
|
||||
CN=AffirmTrust Premium ECC
|
||||
O=AffirmTrust
|
||||
C=US
|
||||
SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23
|
||||
|
||||
Users can, *at their own risk*, remove this restriction by modifying
|
||||
the `java.security` configuration file (or override it by using the
|
||||
`java.security.properties` system property) so "ENTRUST_TLS" is no
|
||||
longer listed in the `jdk.security.caDistrustPolicies` security
|
||||
property.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8341057: Add 2 SSL.com TLS roots
|
||||
====================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: SSL.com
|
||||
Alias Name: ssltlsrootecc2022
|
||||
Distinguished Name: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
|
||||
|
||||
Name: SSL.com
|
||||
Alias Name: ssltlsrootrsa2022
|
||||
Distinguished Name: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
|
||||
|
||||
client-libs:
|
||||
|
||||
JDK-8307779: Relax the java.awt.Robot specification
|
||||
===================================================
|
||||
This release of OpenJDK 8 updates to the latest maintenance release of
|
||||
the Java 8 specification. This relaxes the specification of three
|
||||
methods in the `java.awt.Robot` class - `mouseMove(int,int)`,
|
||||
`getPixelColor(int,int)` and `createScreenCapture(Rectangle)` - to
|
||||
allow these methods to fail when the desktop environment does not
|
||||
permit moving the mouse pointer or capturing screen content.
|
||||
|
||||
core-libs/javax.naming:
|
||||
|
||||
JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
|
||||
===============================================================================================================================
|
||||
With this OpenJDK release, the JDK implementation of the LDAP provider
|
||||
no longer supports the deserialisation of Java objects by
|
||||
default. This is achieved by the system property
|
||||
`com.sun.jndi.ldap.object.trustSerialData` being set to `false` by
|
||||
default.
|
||||
|
||||
Note that this release also increases the scope of the
|
||||
`com.sun.jndi.ldap.object.trustSerialData` to cover the reconstruction
|
||||
of RMI remote objects from the `javaRemoteLocation` LDAP attribute.
|
||||
|
||||
The result of this change is that transparent deserialisation of Java
|
||||
objects will require an explicit opt-in. Applications that wish to
|
||||
reconstruct Java objects and RMI stubs from LDAP attributes will need
|
||||
to set the `com.sun.jndi.ldap.object.trustSerialData` to `true`.
|
||||
|
||||
core-libs/java.net:
|
||||
|
||||
JDK-8328286: Enhance HTTP client
|
||||
================================
|
||||
This OpenJDK release limits the maximum header field size accepted by
|
||||
the HTTP client within the JDK for all supported versions of the HTTP
|
||||
protocol. The header field size is computed as the sum of the size of
|
||||
the uncompressed header name, the size of the uncompressed header
|
||||
value and a overhead of 32 bytes for each field section line. If a
|
||||
peer sends a field section that exceeds this limit, a
|
||||
`java.net.ProtocolException` will be raised.
|
||||
|
||||
This release also introduces a new system property,
|
||||
`jdk.http.maxHeaderSize`. This property can be used to alter the
|
||||
maximum header field size (in bytes) or disable it by setting the
|
||||
value to zero or a negative value. The default value is 393,216 bytes
|
||||
or 384kB.
|
||||
|
||||
core-libs/java.util.jar:
|
||||
|
||||
JDK-8193682: Infinite loop in ZipOutputStream.close()
|
||||
=====================================================
|
||||
In previous releases, the `DeflaterOutputStream.close()`,
|
||||
`GZIPOutputStream.finish()` and `ZipOutputStream.closeEntry()` methods
|
||||
did not close the associated default JDK compressor when an exception
|
||||
was thrown during closure. With this release, the default compressor
|
||||
is closed before propogating the Throwable up the stack. In the case
|
||||
of `ZipOutputStream`, this only happens when the exception is not a
|
||||
`ZipException`.
|
||||
|
||||
New in release OpenJDK 8u422 (2024-07-16):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u422
|
||||
|
||||
* CVEs
|
||||
- CVE-2024-21131
|
||||
- CVE-2024-21138
|
||||
- CVE-2024-21140
|
||||
- CVE-2024-21144
|
||||
- CVE-2024-21145
|
||||
- CVE-2024-21147
|
||||
* Security fixes
|
||||
- JDK-8314794: Improve UTF8 String supports
|
||||
- JDK-8319859: Better symbol storage
|
||||
- JDK-8320097: Improve Image transformations
|
||||
- JDK-8320548: Improved loop handling
|
||||
- JDK-8322106: Enhance Pack 200 loading
|
||||
- JDK-8323231: Improve array management
|
||||
- JDK-8323390: Enhance mask blit functionality
|
||||
- JDK-8324559: Improve 2D image handling
|
||||
- JDK-8325600: Better symbol storage
|
||||
* Other changes
|
||||
- JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105
|
||||
- JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings
|
||||
- JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/bug7123767.java: number of checked graphics configurations should be limited
|
||||
- JDK-8159690: [TESTBUG] Mark headful tests with @key headful.
|
||||
- JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
|
||||
- JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails
|
||||
- JDK-8205407: [windows, vs<2017] C4800 after 8203197
|
||||
- JDK-8235834: IBM-943 charset encoder needs updating
|
||||
- JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly"
|
||||
- JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
|
||||
- JDK-8256152: tests fail because of ambiguous method resolution
|
||||
- JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
|
||||
- JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
|
||||
- JDK-8268916: Tests for AffirmTrust roots
|
||||
- JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
|
||||
- JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
|
||||
- JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
|
||||
- JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
|
||||
- JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
|
||||
- JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL
|
||||
- JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM
|
||||
- JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074
|
||||
- JDK-8315020: The macro definition for LoongArch64 zero build is not accurate.
|
||||
- JDK-8316138: Add GlobalSign 2 TLS root certificates
|
||||
- JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows
|
||||
- JDK-8320005: Allow loading of shared objects with .a extension on AIX
|
||||
- JDK-8324185: [8u] Accept Xcode 12+ builds on macOS
|
||||
- JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
|
||||
- JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test
|
||||
- JDK-8326686: Bump update version of OpenJDK: 8u422
|
||||
- JDK-8327440: Fix "bad source file" error during beaninfo generation
|
||||
- JDK-8328809: [8u] Problem list some CA tests
|
||||
- JDK-8328825: Google CAInterop test failures
|
||||
- JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary
|
||||
- JDK-8331791: [8u] AIX build break from JDK-8320005 backport
|
||||
- JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test
|
||||
- JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-libs/java.net:
|
||||
|
||||
JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
|
||||
===========================================================================
|
||||
Two system properties have been added which control the keep alive
|
||||
behavior of HttpURLConnection in the case where the server does not
|
||||
specify a keep alive time. These are:
|
||||
|
||||
* `http.keepAlive.time.server`
|
||||
* `http.keepAlive.time.proxy`
|
||||
|
||||
which control the number of seconds before an idle connection to a
|
||||
server or proxy will be closed, respectively. If the server or proxy
|
||||
specifies a keep alive time in a "Keep-Alive" response header, this
|
||||
will take precedence over the values of these properties.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8316138: Add GlobalSign 2 TLS root certificates
|
||||
===================================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: GlobalSign
|
||||
Alias Name: globalsignr46
|
||||
Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
|
||||
|
||||
Name: GlobalSign
|
||||
Alias Name: globalsigne46
|
||||
Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
|
||||
|
||||
New in release OpenJDK 8u412 (2024-04-16):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u412
|
||||
|
||||
* CVEs
|
||||
- CVE-2024-21011
|
||||
- CVE-2024-21085
|
||||
- CVE-2024-21068
|
||||
- CVE-2024-21094
|
||||
* Security fixes
|
||||
- JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
|
||||
- JDK-8318340: Improve RSA key implementations
|
||||
- JDK-8319851: Improve exception logging
|
||||
- JDK-8322114: Improve Pack 200 handling
|
||||
- JDK-8322122: Enhance generation of addresses
|
||||
* Other changes
|
||||
- JDK-8011180: Delete obsolete scripts
|
||||
- JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build
|
||||
- JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios
|
||||
- JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X
|
||||
- JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows
|
||||
- JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388)
|
||||
- JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache
|
||||
- JDK-8168518: rcache interop with krb5-1.15
|
||||
- JDK-8183503: Update hotspot tests to allow for unique test classes directory
|
||||
- JDK-8186095: upgrade to jtreg 4.2 b08
|
||||
- JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH
|
||||
- JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
|
||||
- JDK-8208655: use JTreg skipped status in hotspot tests
|
||||
- JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1
|
||||
- JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile
|
||||
- JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system
|
||||
- JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
|
||||
- JDK-8224768: Test ActalisCA.java fails
|
||||
- JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
|
||||
- JDK-8251551: Use .md filename extension for README
|
||||
- JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
|
||||
- JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
|
||||
- JDK-8270517: Add Zero support for LoongArch
|
||||
- JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
|
||||
- JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
|
||||
- JDK-8288132: Update test artifacts in QuoVadis CA interop tests
|
||||
- JDK-8297955: LDAP CertStore should use LdapName and not String for DNs
|
||||
- JDK-8301310: The SendRawSysexMessage test may cause a JVM crash
|
||||
- JDK-8308592: Framework for CA interoperability testing
|
||||
- JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955
|
||||
- JDK-8315042: NPE in PKCS7.parseOldSignedData
|
||||
- JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set
|
||||
- JDK-8320713: Bump update version of OpenJDK: 8u412
|
||||
- JDK-8321060: [8u] hotspot needs to recognise VS2022
|
||||
- JDK-8321408: Add Certainly roots R1 and E1
|
||||
- JDK-8322725: (tz) Update Timezone Data to 2023d
|
||||
- JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray
|
||||
- JDK-8323202: [8u] Remove get_source.sh and hgforest.sh
|
||||
- JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed
|
||||
- JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'"
|
||||
- JDK-8324530: Build error with gcc 10
|
||||
- JDK-8325150: (tz) Update Timezone Data to 2024a
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/org.ietf.jgss:krb5:
|
||||
|
||||
JDK-8168518: rcache interop with krb5-1.15
|
||||
==========================================
|
||||
The hash algorithm used in the Kerberos 5 replay cache file (rcache)
|
||||
has been changed from MD5 to SHA256. This is the same algorithm used
|
||||
by MIT krb5-1.15 and is interoperable with earlier releases of MIT
|
||||
krb5.
|
||||
|
||||
The MD5 algorithm can still be used by setting the new
|
||||
jdk.krb5.rcache.useMD5 property to 'true':
|
||||
|
||||
java -Djdk.krb5.rcache.useMD5=true ...
|
||||
|
||||
This is useful where either the system has a coarse clock and has to
|
||||
depend on hash values in replay attack detection, or interoperability
|
||||
with the rcache files in older versions of OpenJDK is required.
|
||||
|
||||
client-libs/java.awt:
|
||||
|
||||
JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops
|
||||
=======================================================================
|
||||
The java.awt.SystemTray API is used to interact with the system's
|
||||
desktop taskbar to provide notifications and may include an icon
|
||||
representing an application. The GNOME desktop's support for taskbar
|
||||
icons has not worked properly for several years, due to a platform
|
||||
bug. This bug, in turn, affects the JDK's SystemTray support on GNOME
|
||||
desktops.
|
||||
|
||||
Therefore, in accordance with the SystemTray API specification,
|
||||
java.awt.SystemTray.isSupported() will now return false on systems
|
||||
that exhibit this bug, which is assumed to be those running a version
|
||||
of GNOME Shell below 45.
|
||||
|
||||
The impact of this change is likely to be minimal, as users of the
|
||||
SystemTray API should already be able to handle isSupported()
|
||||
returning false and the system tray on such platforms has already been
|
||||
unsupported for a number of years for all applications.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8321408: Added Certainly R1 and E1 Root Certificates
|
||||
========================================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Certainly
|
||||
Alias Name: certainlyrootr1
|
||||
Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US
|
||||
|
||||
Name: Certainly
|
||||
Alias Name: certainlyroote1
|
||||
Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US
|
||||
|
||||
New in release OpenJDK 8u402 (2024-01-16):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u402
|
||||
|
||||
* CVEs
|
||||
- CVE-2024-20918
|
||||
- CVE-2024-20919
|
||||
- CVE-2024-20921
|
||||
- CVE-2024-20926
|
||||
- CVE-2024-20945
|
||||
- CVE-2024-20952
|
||||
* Security fixes
|
||||
- JDK-8308204: Enhanced certificate processing
|
||||
- JDK-8314284: Enhance Nashorn performance
|
||||
- JDK-8314295: Enhance verification of verifier
|
||||
- JDK-8314307: Improve loop handling
|
||||
- JDK-8314468: Improve Compiler loops
|
||||
- JDK-8316976: Improve signature handling
|
||||
- JDK-8317547: Enhance TLS connection support
|
||||
* Other changes
|
||||
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
|
||||
- JDK-8029995: accept yes/no for boolean krb5.conf settings
|
||||
- JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix.
|
||||
- JDK-8176509: Use pandoc for converting build readme to html
|
||||
- JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
|
||||
- JDK-8207404: MulticastSocket tests failing on AIX
|
||||
- JDK-8212677: X11 default visual support for IM status window on VNC
|
||||
- JDK-8239365: ProcessBuilder test modifications for AIX execution
|
||||
- JDK-8271838: AmazonCA.java interop test fails
|
||||
- JDK-8285398: Cache the results of constraint checks
|
||||
- JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
|
||||
- JDK-8302017: Allocate BadPaddingException only if it will be thrown
|
||||
- JDK-8305329: [8u] Unify test libraries into single test library - step 1
|
||||
- JDK-8307837: [8u] Check step in GHA should also print errors
|
||||
- JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
|
||||
- JDK-8311813: C1: Uninitialized PhiResolver::_loop field
|
||||
- JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
||||
- JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException
|
||||
- JDK-8315280: Bump update version of OpenJDK: 8u402
|
||||
- JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher
|
||||
- JDK-8317291: Missing null check for nmethod::is_native_method()
|
||||
- JDK-8317373: Add Telia Root CA v2
|
||||
- JDK-8317374: Add Let's Encrypt ISRG Root X2
|
||||
- JDK-8318759: Add four DigiCert root certificates
|
||||
- JDK-8319187: Add three eMudhra emSign roots
|
||||
- JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero
|
||||
- JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/org.ietf.jgss:krb5:
|
||||
|
||||
JDK-8029995: accept yes/no for boolean krb5.conf settings
|
||||
=========================================================
|
||||
The krb5.conf configuration file now also accepts "yes" and "no", as
|
||||
alternatives to the existing "true" and "false" support, when using
|
||||
settings that take boolean values.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
||||
===============================================================================================================================
|
||||
A maximum signature file size property, jdk.jar.maxSignatureFileSize,
|
||||
was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a
|
||||
default of 8MB. This default proved to be too small for some JAR
|
||||
files. This release, 8u402, increases it to 16MB.
|
||||
|
||||
JDK-8317374: Added ISRG Root X2 CA Certificate from Let's Encrypt
|
||||
=================================================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Let's Encrypt
|
||||
Alias Name: letsencryptisrgx2
|
||||
Distinguished Name: CN=ISRG Root X2, O=Internet Security Research Group, C=US
|
||||
|
||||
JDK-8318759: Added Four Root Certificates from DigiCert, Inc.
|
||||
=============================================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicertcseccrootg5
|
||||
Distinguished Name: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicertcsrsarootg5
|
||||
Distinguished Name: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicerttlseccrootg5
|
||||
Distinguished Name: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicerttlsrsarootg5
|
||||
Distinguished Name: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
JDK-8319187: Added Three Root Certificates from eMudhra Technologies Limited
|
||||
============================================================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: eMudhra Technologies Limited
|
||||
Alias Name: emsignrootcag1
|
||||
Distinguished Name: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
||||
|
||||
Name: eMudhra Technologies Limited
|
||||
Alias Name: emsigneccrootcag3
|
||||
Distinguished Name: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
||||
|
||||
Name: eMudhra Technologies Limited
|
||||
Alias Name: emsignrootcag2
|
||||
Distinguished Name: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
||||
|
||||
JDK-8317373: Added Telia Root CA v2 Certificate
|
||||
===============================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Telia Root CA v2
|
||||
Alias Name: teliarootcav2
|
||||
Distinguished Name: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI ```
|
||||
|
||||
New in release OpenJDK 8u392 (2023-10-17):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u392
|
||||
|
||||
* CVEs
|
||||
- CVE-2023-22067
|
||||
- CVE-2023-22081
|
||||
* Security fixes
|
||||
- JDK-8286503, JDK-8312367: Enhance security classes
|
||||
- JDK-8297856: Improve handling of Bidi characters
|
||||
- JDK-8303384: Improved communication in CORBA
|
||||
- JDK-8305815, JDK-8307278: Update Libpng to 1.6.39
|
||||
- JDK-8309966: Enhanced TLS connections
|
||||
* Other changes
|
||||
- JDK-6722928: Provide a default native GSS-API library on Windows
|
||||
- JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java
|
||||
- JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal
|
||||
- JDK-8139348: Deprecate 3DES and RC4 in Kerberos
|
||||
- JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
|
||||
- JDK-8200468: Port the native GSS-API bridge to Windows
|
||||
- JDK-8202952: C2: Unexpected dead nodes after matching
|
||||
- JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
|
||||
- JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update
|
||||
- JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to
|
||||
- JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
|
||||
- JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
|
||||
- JDK-8232225: Rework the fix for JDK-8071483
|
||||
- JDK-8242330: Arrays should be cloned in several JAAS Callback classes
|
||||
- JDK-8253269: The CheckCommonColors test should provide more info on failure
|
||||
- JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
|
||||
- JDK-8284910: Buffer clean in PasswordCallback
|
||||
- JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
|
||||
- JDK-8287663: Add a regression test for JDK-8287073
|
||||
- JDK-8295685: Update Libpng to 1.6.38
|
||||
- JDK-8295894: Remove SECOM certificate that is expiring in September 2023
|
||||
- JDK-8308788: [8u] Remove duplicate HaricaCA.java test
|
||||
- JDK-8309122: Bump update version of OpenJDK: 8u392
|
||||
- JDK-8309143: [8u] fix archiving inconsistencies in GHA
|
||||
- JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms
|
||||
- JDK-8314960: Add Certigna Root CA - 2
|
||||
- JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack()
|
||||
- JDK-8317040: Exclude cleaner test failing on older releases
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
other-libs/corba:idl:
|
||||
|
||||
JDK-8303384: Improved communication in CORBA
|
||||
============================================
|
||||
The JDK's CORBA implementation now provides the option to limit
|
||||
serialisation in stub objects to those with the "IOR:" prefix. For
|
||||
ORB constrained stub classes:
|
||||
|
||||
* _DynArrayStub
|
||||
* _DynEnumStub
|
||||
* _DynFixedStub
|
||||
* _DynSequenceStub
|
||||
* _DynStructStub
|
||||
* _DynUnionStub
|
||||
* _DynValueStub
|
||||
* _DynAnyStub
|
||||
* _DynAnyFactoryStub
|
||||
|
||||
this is enabled by default and may be disabled by setting the system
|
||||
property org.omg.DynamicAny.disableIORCheck to 'true'.
|
||||
|
||||
For remote service stub classes:
|
||||
|
||||
* _NamingContextStub
|
||||
* _BindingIteratorStub
|
||||
* _NamingContextExtStub
|
||||
* _ServantActivatorStub
|
||||
* _ServantLocatorStub
|
||||
* _ServerManagerStub
|
||||
* _ActivatorStub
|
||||
* _RepositoryStub
|
||||
* _InitialNameServiceStub
|
||||
* _LocatorStub
|
||||
* _ServerStub
|
||||
|
||||
it is disabled by default and may be enabled by setting the system
|
||||
property org.omg.CORBA.IDL.Stubs.enableIORCheck to 'true'.
|
||||
|
||||
security-libs/org.ietf.jgss:
|
||||
|
||||
JDK-6722928: Added a Default Native GSS-API Library on Windows
|
||||
==============================================================
|
||||
|
||||
A native GSS-API library named `sspi_bridge.dll` has been added to the
|
||||
JDK on the Windows platform. As with native GSS-API library provision
|
||||
on other operating systems, it will only be loaded when the
|
||||
`sun.security.jgss.native` system property is set to "true". A user
|
||||
can still load a third-party native GSS-API library instead by setting
|
||||
the `sun.security.jgss.lib` system property to the appropriate path.
|
||||
|
||||
The library is client-side only and uses the default credentials.
|
||||
Native GSS support automatically uses cached credentials from the
|
||||
underlying operating system, so the
|
||||
`javax.security.auth.useSubjectCredsOnly` system property should be
|
||||
set to false.
|
||||
|
||||
The `com.sun.security.auth.module.Krb5LoginModule` does not call
|
||||
native JGSS and so its use in your JAAS config should be avoided.
|
||||
|
||||
security-libs/org.ietf.jgss:krb5:
|
||||
|
||||
JDK-8139348: Deprecate 3DES and RC4 in Kerberos
|
||||
===============================================
|
||||
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
|
||||
are now deprecated and disabled by default. To re-enable them, you
|
||||
can either enable all weak crypto (which also includes `des-cbc-crc`
|
||||
and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the
|
||||
`krb5.conf` configuration file or explicitly list all the preferred
|
||||
encryption types using the `default_tkt_enctypes`,
|
||||
`default_tgs_enctypes`, or `permitted_enctypes` settings.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate
|
||||
==================================================================
|
||||
The following root certificate from SECOM Trust System has been
|
||||
removed from the `cacerts` keystore:
|
||||
|
||||
Alias Name: secomscrootca1 [jdk]
|
||||
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
|
||||
|
||||
JDK-8314960: Added Certigna Root CA Certificate
|
||||
===============================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Certigna (Dhimyotis)
|
||||
Alias Name: certignarootca
|
||||
Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
|
||||
|
||||
security-libs/javax.security:
|
||||
|
||||
JDK-8242330: Arrays should be cloned in several JAAS Callback classes
|
||||
=====================================================================
|
||||
In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays
|
||||
were not cloned when passed into a constructor or returned. This
|
||||
allowed an external program to get access to the internal fields of
|
||||
these classes. The classes have been updated to return cloned arrays.
|
||||
|
||||
New in release OpenJDK 8u382 (2023-07-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u382
|
||||
|
||||
* CVEs
|
||||
- CVE-2023-22045
|
||||
- CVE-2023-22049
|
||||
* Security fixes
|
||||
- JDK-8298676: Enhanced Look and Feel
|
||||
- JDK-8300596: Enhance Jar Signature validation
|
||||
- JDK-8304468: Better array usages
|
||||
- JDK-8305312: Enhanced path handling
|
||||
* Other changes
|
||||
- JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace
|
||||
- JDK-8151460: Metaspace counters can have inconsistent values
|
||||
- JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
|
||||
- JDK-8185736: missing default exception handler in calls to rethrow_Stub
|
||||
- JDK-8186801: Add regression test to test mapping based charsets (generated at build time)
|
||||
- JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
|
||||
- JDK-8241311: Move some charset mapping tests from closed to open
|
||||
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
|
||||
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
|
||||
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
- JDK-8276841: Add support for Visual Studio 2022
|
||||
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
|
||||
- JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
|
||||
- JDK-8282345: handle latest VS2022 in abstract_vm_version
|
||||
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
|
||||
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
|
||||
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
|
||||
- JDK-8293232: Fix race condition in pkcs11 SessionManager
|
||||
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
|
||||
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
|
||||
- JDK-8298108: Add a regression test for JDK-8297684
|
||||
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
|
||||
- JDK-8301119: Support for GB18030-2022
|
||||
- JDK-8301400: Allow additional characters for GB18030-2022 support
|
||||
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
|
||||
- JDK-8303028: Update system property for Java SE specification maintenance version
|
||||
- JDK-8303462: Bump update version of OpenJDK: 8u382
|
||||
- JDK-8304760: Add 2 Microsoft TLS roots
|
||||
- JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
|
||||
- JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
||||
- JDK-8305975: Add TWCA Global Root CA
|
||||
- JDK-8307134: Add GTS root CAs
|
||||
- JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8
|
||||
- JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow
|
||||
- JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-libs/java.lang:
|
||||
|
||||
JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
||||
===========================================================================
|
||||
In order to support "Implementation Level 2" of the GB18030-2022
|
||||
standard, the JDK must be able to use characters from the CJK Unified
|
||||
Ideographs Extension E block of Unicode 8.0. The addition of these
|
||||
characters forms Maintenance Release 5 of the Java SE 8 specification,
|
||||
which is implemented in this release of OpenJDK via the addition of a
|
||||
new UnicodeBlock instance,
|
||||
Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E.
|
||||
|
||||
core-libs/java.util.jar:
|
||||
|
||||
8300596: Enhance Jar Signature validation
|
||||
=========================================
|
||||
A System property "jdk.jar.maxSignatureFileSize" is introduced to
|
||||
configure the maximum number of bytes allowed for the
|
||||
signature-related files in a JAR file during verification. The default
|
||||
value is 8000000 bytes (8 MB).
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8307134: Added 4 GTS Root CA Certificates
|
||||
=============================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar1
|
||||
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar2
|
||||
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar3
|
||||
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar4
|
||||
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US
|
||||
|
||||
JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
|
||||
=====================================================================
|
||||
The following root certificates has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Microsoft Corporation
|
||||
Alias Name: microsoftecc2017
|
||||
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
||||
|
||||
Name: Microsoft Corporation
|
||||
Alias Name: microsoftrsa2017
|
||||
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
||||
|
||||
JDK-8305975: Added TWCA Root CA Certificate
|
||||
===========================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: TWCA
|
||||
Alias Name: twcaglobalrootca
|
||||
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
|
||||
|
||||
New in release OpenJDK 8u372 (2023-04-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
@ -1380,6 +497,19 @@ the current count of established connections and, if the configured
|
||||
limit has been reached, then the newly accepted connection will be
|
||||
closed immediately.
|
||||
|
||||
core-libs/java.net:
|
||||
|
||||
JDK-8286918: Better HttpServer service
|
||||
======================================
|
||||
The HttpServer can be optionally configured with a maximum connection
|
||||
limit by setting the jdk.httpserver.maxConnections system property. A
|
||||
value of 0 or a negative integer is ignored and considered to
|
||||
represent no connection limit. In the case of a positive integer
|
||||
value, any newly accepted connections will be first checked against
|
||||
the current count of established connections and, if the configured
|
||||
limit has been reached, then the newly accepted connection will be
|
||||
closed immediately.
|
||||
|
||||
security-libs/javax.net.ssl:
|
||||
|
||||
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
|
||||
@ -1577,7 +707,7 @@ device paths such as `NUL:` are *not* used.
|
||||
New in release OpenJDK 8u332 (2022-04-22):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk8u332
|
||||
* https://bit.ly/openjdk8u332
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
|
||||
|
||||
* Security fixes
|
||||
|
File diff suppressed because it is too large
Load Diff
131
SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh
Normal file
131
SOURCES/java-1.8.0-openjdk-remove-intree-libraries.sh
Normal file
@ -0,0 +1,131 @@
|
||||
#!/bin/sh
|
||||
|
||||
ZIP_SRC=openjdk/jdk/src/share/native/java/util/zip/zlib
|
||||
JPEG_SRC=openjdk/jdk/src/share/native/sun/awt/image/jpeg
|
||||
GIF_SRC=openjdk/jdk/src/share/native/sun/awt/giflib
|
||||
PNG_SRC=openjdk/jdk/src/share/native/sun/awt/libpng
|
||||
LCMS_SRC=openjdk/jdk/src/share/native/sun/java2d/cmm/lcms
|
||||
|
||||
echo "Removing built-in libs (they will be linked)"
|
||||
|
||||
echo "Removing zlib"
|
||||
if [ ! -d ${ZIP_SRC} ]; then
|
||||
echo "${ZIP_SRC} does not exist. Refusing to proceed."
|
||||
exit 1
|
||||
fi
|
||||
rm -rvf ${ZIP_SRC}
|
||||
|
||||
echo "Removing libjpeg"
|
||||
if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
|
||||
echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
rm -vf ${JPEG_SRC}/jcomapi.c
|
||||
rm -vf ${JPEG_SRC}/jdapimin.c
|
||||
rm -vf ${JPEG_SRC}/jdapistd.c
|
||||
rm -vf ${JPEG_SRC}/jdcoefct.c
|
||||
rm -vf ${JPEG_SRC}/jdcolor.c
|
||||
rm -vf ${JPEG_SRC}/jdct.h
|
||||
rm -vf ${JPEG_SRC}/jddctmgr.c
|
||||
rm -vf ${JPEG_SRC}/jdhuff.c
|
||||
rm -vf ${JPEG_SRC}/jdhuff.h
|
||||
rm -vf ${JPEG_SRC}/jdinput.c
|
||||
rm -vf ${JPEG_SRC}/jdmainct.c
|
||||
rm -vf ${JPEG_SRC}/jdmarker.c
|
||||
rm -vf ${JPEG_SRC}/jdmaster.c
|
||||
rm -vf ${JPEG_SRC}/jdmerge.c
|
||||
rm -vf ${JPEG_SRC}/jdphuff.c
|
||||
rm -vf ${JPEG_SRC}/jdpostct.c
|
||||
rm -vf ${JPEG_SRC}/jdsample.c
|
||||
rm -vf ${JPEG_SRC}/jerror.c
|
||||
rm -vf ${JPEG_SRC}/jerror.h
|
||||
rm -vf ${JPEG_SRC}/jidctflt.c
|
||||
rm -vf ${JPEG_SRC}/jidctfst.c
|
||||
rm -vf ${JPEG_SRC}/jidctint.c
|
||||
rm -vf ${JPEG_SRC}/jidctred.c
|
||||
rm -vf ${JPEG_SRC}/jinclude.h
|
||||
rm -vf ${JPEG_SRC}/jmemmgr.c
|
||||
rm -vf ${JPEG_SRC}/jmemsys.h
|
||||
rm -vf ${JPEG_SRC}/jmemnobs.c
|
||||
rm -vf ${JPEG_SRC}/jmorecfg.h
|
||||
rm -vf ${JPEG_SRC}/jpegint.h
|
||||
rm -vf ${JPEG_SRC}/jpeglib.h
|
||||
rm -vf ${JPEG_SRC}/jquant1.c
|
||||
rm -vf ${JPEG_SRC}/jquant2.c
|
||||
rm -vf ${JPEG_SRC}/jutils.c
|
||||
rm -vf ${JPEG_SRC}/jcapimin.c
|
||||
rm -vf ${JPEG_SRC}/jcapistd.c
|
||||
rm -vf ${JPEG_SRC}/jccoefct.c
|
||||
rm -vf ${JPEG_SRC}/jccolor.c
|
||||
rm -vf ${JPEG_SRC}/jcdctmgr.c
|
||||
rm -vf ${JPEG_SRC}/jchuff.c
|
||||
rm -vf ${JPEG_SRC}/jchuff.h
|
||||
rm -vf ${JPEG_SRC}/jcinit.c
|
||||
rm -vf ${JPEG_SRC}/jconfig.h
|
||||
rm -vf ${JPEG_SRC}/jcmainct.c
|
||||
rm -vf ${JPEG_SRC}/jcmarker.c
|
||||
rm -vf ${JPEG_SRC}/jcmaster.c
|
||||
rm -vf ${JPEG_SRC}/jcparam.c
|
||||
rm -vf ${JPEG_SRC}/jcphuff.c
|
||||
rm -vf ${JPEG_SRC}/jcprepct.c
|
||||
rm -vf ${JPEG_SRC}/jcsample.c
|
||||
rm -vf ${JPEG_SRC}/jctrans.c
|
||||
rm -vf ${JPEG_SRC}/jdtrans.c
|
||||
rm -vf ${JPEG_SRC}/jfdctflt.c
|
||||
rm -vf ${JPEG_SRC}/jfdctfst.c
|
||||
rm -vf ${JPEG_SRC}/jfdctint.c
|
||||
rm -vf ${JPEG_SRC}/jversion.h
|
||||
rm -vf ${JPEG_SRC}/README
|
||||
|
||||
echo "Removing giflib"
|
||||
if [ ! -d ${GIF_SRC} ]; then
|
||||
echo "${GIF_SRC} does not exist. Refusing to proceed."
|
||||
exit 1
|
||||
fi
|
||||
rm -rvf ${GIF_SRC}
|
||||
|
||||
echo "Removing libpng"
|
||||
if [ ! -d ${PNG_SRC} ]; then
|
||||
echo "${PNG_SRC} does not exist. Refusing to proceed."
|
||||
exit 1
|
||||
fi
|
||||
rm -rvf ${PNG_SRC}
|
||||
|
||||
echo "Removing lcms"
|
||||
if [ ! -d ${LCMS_SRC} ]; then
|
||||
echo "${LCMS_SRC} does not exist. Refusing to proceed."
|
||||
exit 1
|
||||
fi
|
||||
# temporary change to move bundled LCMS
|
||||
if [ ! true ]; then
|
||||
rm -vf ${LCMS_SRC}/cmsalpha.c
|
||||
rm -vf ${LCMS_SRC}/cmscam02.c
|
||||
rm -vf ${LCMS_SRC}/cmscgats.c
|
||||
rm -vf ${LCMS_SRC}/cmscnvrt.c
|
||||
rm -vf ${LCMS_SRC}/cmserr.c
|
||||
rm -vf ${LCMS_SRC}/cmsgamma.c
|
||||
rm -vf ${LCMS_SRC}/cmsgmt.c
|
||||
rm -vf ${LCMS_SRC}/cmshalf.c
|
||||
rm -vf ${LCMS_SRC}/cmsintrp.c
|
||||
rm -vf ${LCMS_SRC}/cmsio0.c
|
||||
rm -vf ${LCMS_SRC}/cmsio1.c
|
||||
rm -vf ${LCMS_SRC}/cmslut.c
|
||||
rm -vf ${LCMS_SRC}/cmsmd5.c
|
||||
rm -vf ${LCMS_SRC}/cmsmtrx.c
|
||||
rm -vf ${LCMS_SRC}/cmsnamed.c
|
||||
rm -vf ${LCMS_SRC}/cmsopt.c
|
||||
rm -vf ${LCMS_SRC}/cmspack.c
|
||||
rm -vf ${LCMS_SRC}/cmspcs.c
|
||||
rm -vf ${LCMS_SRC}/cmsplugin.c
|
||||
rm -vf ${LCMS_SRC}/cmsps2.c
|
||||
rm -vf ${LCMS_SRC}/cmssamp.c
|
||||
rm -vf ${LCMS_SRC}/cmssm.c
|
||||
rm -vf ${LCMS_SRC}/cmstypes.c
|
||||
rm -vf ${LCMS_SRC}/cmsvirt.c
|
||||
rm -vf ${LCMS_SRC}/cmswtpnt.c
|
||||
rm -vf ${LCMS_SRC}/cmsxform.c
|
||||
rm -vf ${LCMS_SRC}/lcms2.h
|
||||
rm -vf ${LCMS_SRC}/lcms2_internal.h
|
||||
rm -vf ${LCMS_SRC}/lcms2_plugin.h
|
||||
fi
|
@ -7,11 +7,10 @@
|
||||
PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
|
||||
Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
|
||||
|
||||
diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4
|
||||
index 113bf367e2..bed030e8d1 100644
|
||||
--- a/common/autoconf/flags.m4
|
||||
+++ b/common/autoconf/flags.m4
|
||||
@@ -451,6 +451,21 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_JDK],
|
||||
diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
|
||||
--- openjdk.orig///common/autoconf/flags.m4
|
||||
+++ openjdk///common/autoconf/flags.m4
|
||||
@@ -402,6 +402,21 @@
|
||||
AC_SUBST($2CXXSTD_CXXFLAG)
|
||||
fi
|
||||
|
||||
@ -23,7 +22,7 @@ index 113bf367e2..bed030e8d1 100644
|
||||
+ # On 32-bit MacOSX the OS requires C-entry points to be 16 byte aligned.
|
||||
+ # While waiting for a better solution, the current workaround is to use -mstackrealign
|
||||
+ # This is also required on Linux systems which use libraries compiled with SSE instructions
|
||||
+ REALIGN_CFLAG="-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4"
|
||||
+ REALIGN_CFLAG="-mstackrealign"
|
||||
+ FLAGS_COMPILER_CHECK_ARGUMENTS([$REALIGN_CFLAG -Werror], [],
|
||||
+ AC_MSG_ERROR([The selected compiler $CXX does not support -mstackrealign! Try to put another compiler in the path.])
|
||||
+ )
|
||||
@ -33,32 +32,23 @@ index 113bf367e2..bed030e8d1 100644
|
||||
if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then
|
||||
AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags])
|
||||
fi
|
||||
diff --git a/common/autoconf/hotspot-spec.gmk.in b/common/autoconf/hotspot-spec.gmk.in
|
||||
index 3f86751d2b..f8a271383f 100644
|
||||
--- a/common/autoconf/hotspot-spec.gmk.in
|
||||
+++ b/common/autoconf/hotspot-spec.gmk.in
|
||||
@@ -114,13 +114,14 @@ RC:=@HOTSPOT_RC@
|
||||
# Retain EXTRA_{CFLAGS,CXXFLAGS,LDFLAGS,ASFLAGS} for the target flags to
|
||||
# maintain compatibility with the existing Makefiles
|
||||
EXTRA_CFLAGS=@LEGACY_TARGET_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
|
||||
diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/autoconf/hotspot-spec.gmk.in
|
||||
--- openjdk.orig///common/autoconf/hotspot-spec.gmk.in
|
||||
+++ openjdk///common/autoconf/hotspot-spec.gmk.in
|
||||
@@ -112,7 +112,8 @@
|
||||
RC:=@HOTSPOT_RC@
|
||||
|
||||
EXTRA_CFLAGS=@LEGACY_EXTRA_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
|
||||
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
|
||||
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \
|
||||
+ $(REALIGN_CFLAG)
|
||||
EXTRA_CXXFLAGS=@LEGACY_TARGET_CXXFLAGS@
|
||||
EXTRA_LDFLAGS=@LEGACY_TARGET_LDFLAGS@
|
||||
EXTRA_ASFLAGS=@LEGACY_TARGET_ASFLAGS@
|
||||
# Define an equivalent set for the host flags (i.e. without sysroot options)
|
||||
HOST_CFLAGS=@LEGACY_HOST_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
|
||||
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
|
||||
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
|
||||
HOST_CXXFLAGS=@LEGACY_HOST_CXXFLAGS@
|
||||
HOST_LDFLAGS=@LEGACY_HOST_LDFLAGS@
|
||||
HOST_ASFLAGS=@LEGACY_HOST_ASFLAGS@
|
||||
diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in
|
||||
index 9573bb2cbd..fe7efc130c 100644
|
||||
--- a/common/autoconf/spec.gmk.in
|
||||
+++ b/common/autoconf/spec.gmk.in
|
||||
@@ -366,6 +366,7 @@ CXXFLAGS_JDKEXE:=@CXXFLAGS_JDKEXE@
|
||||
EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@
|
||||
EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@
|
||||
EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@
|
||||
diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in
|
||||
--- openjdk.orig///common/autoconf/spec.gmk.in
|
||||
+++ openjdk///common/autoconf/spec.gmk.in
|
||||
@@ -366,6 +366,7 @@
|
||||
|
||||
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
|
||||
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@
|
||||
|
12
SOURCES/jdk8218811-perfMemory_linux.patch
Normal file
12
SOURCES/jdk8218811-perfMemory_linux.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||
--- openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||
+++ openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||
@@ -878,7 +878,7 @@
|
||||
|
||||
// open the file
|
||||
int result;
|
||||
- RESTARTABLE(::open(filename, oflags), result);
|
||||
+ RESTARTABLE(::open(filename, oflags, 0), result);
|
||||
if (result == OS_ERR) {
|
||||
if (errno == ENOENT) {
|
||||
THROW_MSG_(vmSymbols::java_lang_IllegalArgumentException(),
|
@ -0,0 +1,167 @@
|
||||
commit d41618f34f1d2f5416ec3c035f33dcb15cf5ab99
|
||||
Author: Alexey Bakhtin <abakhtin@openjdk.org>
|
||||
Date: Tue Apr 4 10:29:11 2023 +0000
|
||||
|
||||
8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
|
||||
Reviewed-by: andrew, mbalao
|
||||
Backport-of: f6232982b91cb2314e96ddbde3984836a810a556
|
||||
|
||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
index a79e97d7c74..5378446b97b 100644
|
||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPSSSignature.java
|
||||
@@ -127,12 +127,15 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
@Override
|
||||
protected void engineInitVerify(PublicKey publicKey)
|
||||
throws InvalidKeyException {
|
||||
- if (!(publicKey instanceof RSAPublicKey)) {
|
||||
+ if (publicKey instanceof RSAPublicKey) {
|
||||
+ RSAPublicKey rsaPubKey = (RSAPublicKey)publicKey;
|
||||
+ isPublicKeyValid(rsaPubKey);
|
||||
+ this.pubKey = rsaPubKey;
|
||||
+ this.privKey = null;
|
||||
+ resetDigest();
|
||||
+ } else {
|
||||
throw new InvalidKeyException("key must be RSAPublicKey");
|
||||
}
|
||||
- this.pubKey = (RSAPublicKey) isValid((RSAKey)publicKey);
|
||||
- this.privKey = null;
|
||||
- resetDigest();
|
||||
}
|
||||
|
||||
// initialize for signing. See JCA doc
|
||||
@@ -146,14 +149,17 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
@Override
|
||||
protected void engineInitSign(PrivateKey privateKey, SecureRandom random)
|
||||
throws InvalidKeyException {
|
||||
- if (!(privateKey instanceof RSAPrivateKey)) {
|
||||
+ if (privateKey instanceof RSAPrivateKey) {
|
||||
+ RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)privateKey;
|
||||
+ isPrivateKeyValid(rsaPrivateKey);
|
||||
+ this.privKey = rsaPrivateKey;
|
||||
+ this.pubKey = null;
|
||||
+ this.random =
|
||||
+ (random == null ? JCAUtil.getSecureRandom() : random);
|
||||
+ resetDigest();
|
||||
+ } else {
|
||||
throw new InvalidKeyException("key must be RSAPrivateKey");
|
||||
}
|
||||
- this.privKey = (RSAPrivateKey) isValid((RSAKey)privateKey);
|
||||
- this.pubKey = null;
|
||||
- this.random =
|
||||
- (random == null? JCAUtil.getSecureRandom() : random);
|
||||
- resetDigest();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -205,11 +211,57 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Validate the specified RSAPrivateKey
|
||||
+ */
|
||||
+ private void isPrivateKeyValid(RSAPrivateKey prKey) throws InvalidKeyException {
|
||||
+ try {
|
||||
+ if (prKey instanceof RSAPrivateCrtKey) {
|
||||
+ RSAPrivateCrtKey crtKey = (RSAPrivateCrtKey)prKey;
|
||||
+ if (RSAPrivateCrtKeyImpl.checkComponents(crtKey)) {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ crtKey.getModulus().bitLength(),
|
||||
+ crtKey.getPublicExponent());
|
||||
+ } else {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Some of the CRT-specific components are not available");
|
||||
+ }
|
||||
+ } else {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ prKey.getModulus().bitLength(),
|
||||
+ null);
|
||||
+ }
|
||||
+ } catch (InvalidKeyException ikEx) {
|
||||
+ throw ikEx;
|
||||
+ } catch (Exception e) {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Can not access private key components", e);
|
||||
+ }
|
||||
+ isValid(prKey);
|
||||
+ }
|
||||
+
|
||||
+ /**
|
||||
+ * Validate the specified RSAPublicKey
|
||||
+ */
|
||||
+ private void isPublicKeyValid(RSAPublicKey pKey) throws InvalidKeyException {
|
||||
+ try {
|
||||
+ RSAKeyFactory.checkRSAProviderKeyLengths(
|
||||
+ pKey.getModulus().bitLength(),
|
||||
+ pKey.getPublicExponent());
|
||||
+ } catch (InvalidKeyException ikEx) {
|
||||
+ throw ikEx;
|
||||
+ } catch (Exception e) {
|
||||
+ throw new InvalidKeyException(
|
||||
+ "Can not access public key components", e);
|
||||
+ }
|
||||
+ isValid(pKey);
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Validate the specified RSAKey and its associated parameters against
|
||||
* internal signature parameters.
|
||||
*/
|
||||
- private RSAKey isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||
+ private void isValid(RSAKey rsaKey) throws InvalidKeyException {
|
||||
try {
|
||||
AlgorithmParameterSpec keyParams = rsaKey.getParams();
|
||||
// validate key parameters
|
||||
@@ -227,7 +279,6 @@ public class RSAPSSSignature extends SignatureSpi {
|
||||
}
|
||||
checkKeyLength(rsaKey, hLen, this.sigParams.getSaltLength());
|
||||
}
|
||||
- return rsaKey;
|
||||
} catch (SignatureException e) {
|
||||
throw new InvalidKeyException(e);
|
||||
}
|
||||
diff --git a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
index 6b219937981..b3c1fae9672 100644
|
||||
--- a/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
+++ b/jdk/src/share/classes/sun/security/rsa/RSAPrivateCrtKeyImpl.java
|
||||
@@ -80,22 +80,28 @@ public final class RSAPrivateCrtKeyImpl
|
||||
RSAPrivateCrtKeyImpl key = new RSAPrivateCrtKeyImpl(encoded);
|
||||
// check all CRT-specific components are available, if any one
|
||||
// missing, return a non-CRT key instead
|
||||
- if ((key.getPublicExponent().signum() == 0) ||
|
||||
- (key.getPrimeExponentP().signum() == 0) ||
|
||||
- (key.getPrimeExponentQ().signum() == 0) ||
|
||||
- (key.getPrimeP().signum() == 0) ||
|
||||
- (key.getPrimeQ().signum() == 0) ||
|
||||
- (key.getCrtCoefficient().signum() == 0)) {
|
||||
+ if (checkComponents(key)) {
|
||||
+ return key;
|
||||
+ } else {
|
||||
return new RSAPrivateKeyImpl(
|
||||
key.algid,
|
||||
key.getModulus(),
|
||||
- key.getPrivateExponent()
|
||||
- );
|
||||
- } else {
|
||||
- return key;
|
||||
+ key.getPrivateExponent());
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Validate if all CRT-specific components are available.
|
||||
+ */
|
||||
+ static boolean checkComponents(RSAPrivateCrtKey key) {
|
||||
+ return !((key.getPublicExponent().signum() == 0) ||
|
||||
+ (key.getPrimeExponentP().signum() == 0) ||
|
||||
+ (key.getPrimeExponentQ().signum() == 0) ||
|
||||
+ (key.getPrimeP().signum() == 0) ||
|
||||
+ (key.getPrimeQ().signum() == 0) ||
|
||||
+ (key.getCrtCoefficient().signum() == 0));
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Generate a new key from the specified type and components.
|
||||
* Returns a CRT key if possible and a non-CRT key otherwise.
|
67
SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
Normal file
67
SOURCES/jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
Normal file
@ -0,0 +1,67 @@
|
||||
# HG changeset patch
|
||||
# User Andrew John Hughes <gnu_andrew@member.fsf.org>
|
||||
# Date 1620365804 -3600
|
||||
# Fri May 07 06:36:44 2021 +0100
|
||||
# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8
|
||||
# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b
|
||||
PR3836: Extra compiler flags not passed to adlc build
|
||||
|
||||
diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make
|
||||
--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make
|
||||
+++ openjdk/hotspot/make/aix/makefiles/adlc.make
|
||||
@@ -69,6 +69,11 @@
|
||||
CFLAGS_WARN = -w
|
||||
CFLAGS += $(CFLAGS_WARN)
|
||||
|
||||
+# Extra flags from gnumake's invocation or environment
|
||||
+CFLAGS += $(EXTRA_CFLAGS)
|
||||
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
|
||||
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||
+
|
||||
OBJECTNAMES = \
|
||||
adlparse.o \
|
||||
archDesc.o \
|
||||
diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make
|
||||
--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make
|
||||
+++ openjdk/hotspot/make/bsd/makefiles/adlc.make
|
||||
@@ -71,6 +71,11 @@
|
||||
endif
|
||||
CFLAGS += $(CFLAGS_WARN)
|
||||
|
||||
+# Extra flags from gnumake's invocation or environment
|
||||
+CFLAGS += $(EXTRA_CFLAGS)
|
||||
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
|
||||
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||
+
|
||||
OBJECTNAMES = \
|
||||
adlparse.o \
|
||||
archDesc.o \
|
||||
diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make
|
||||
--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make
|
||||
+++ openjdk/hotspot/make/linux/makefiles/adlc.make
|
||||
@@ -69,6 +69,11 @@
|
||||
CFLAGS_WARN = $(WARNINGS_ARE_ERRORS)
|
||||
CFLAGS += $(CFLAGS_WARN)
|
||||
|
||||
+# Extra flags from gnumake's invocation or environment
|
||||
+CFLAGS += $(EXTRA_CFLAGS)
|
||||
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
|
||||
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||
+
|
||||
OBJECTNAMES = \
|
||||
adlparse.o \
|
||||
archDesc.o \
|
||||
diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make
|
||||
--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make
|
||||
+++ openjdk/hotspot/make/solaris/makefiles/adlc.make
|
||||
@@ -85,6 +85,10 @@
|
||||
endif
|
||||
CFLAGS += $(CFLAGS_WARN)
|
||||
|
||||
+# Extra flags from gnumake's invocation or environment
|
||||
+CFLAGS += $(EXTRA_CFLAGS)
|
||||
+ASFLAGS += $(EXTRA_ASFLAGS)
|
||||
+
|
||||
ifeq ("${Platform_compiler}", "sparcWorks")
|
||||
# Enable the following CFLAGS addition if you need to compare the
|
||||
# built ELF objects.
|
File diff suppressed because it is too large
Load Diff
@ -7,11 +7,10 @@
|
||||
8074839: Resolve disabled warnings for libunpack and the unpack200 binary
|
||||
Reviewed-by: dholmes, ksrini
|
||||
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
index bdaf95a2f6a..60c5b4f2a69 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
@@ -63,7 +63,7 @@ struct bytes {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
@@ -63,7 +63,7 @@
|
||||
bytes res;
|
||||
res.ptr = ptr + beg;
|
||||
res.len = end - beg;
|
||||
@ -20,11 +19,10 @@ index bdaf95a2f6a..60c5b4f2a69 100644
|
||||
return res;
|
||||
}
|
||||
// building C strings inside byte buffers:
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
index 5fbc7261fb3..4c002e779d8 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
@@ -292,7 +292,7 @@
|
||||
|
||||
if (uPtr->aborting()) {
|
||||
THROW_IOE(uPtr->get_abort_message());
|
||||
@ -33,16 +31,16 @@ index 5fbc7261fb3..4c002e779d8 100644
|
||||
}
|
||||
|
||||
// We have fetched all the files.
|
||||
@@ -312,7 +312,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
|
||||
// There's no need to create a new unpacker here if we don't already have one
|
||||
// just to immediatly free it afterwards.
|
||||
unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true);
|
||||
@@ -310,7 +310,7 @@
|
||||
JNIEXPORT jlong JNICALL
|
||||
Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
|
||||
unpacker* uPtr = get_unpacker(env, pObj, false);
|
||||
- CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
|
||||
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0);
|
||||
size_t consumed = uPtr->input_consumed();
|
||||
// free_unpacker() will set the unpacker field on 'pObj' to null
|
||||
free_unpacker(env, pObj, uPtr);
|
||||
@@ -323,6 +323,7 @@ JNIEXPORT jboolean JNICALL
|
||||
return consumed;
|
||||
@@ -320,6 +320,7 @@
|
||||
Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj,
|
||||
jstring pProp, jstring pValue) {
|
||||
unpacker* uPtr = get_unpacker(env, pObj);
|
||||
@ -50,11 +48,10 @@ index 5fbc7261fb3..4c002e779d8 100644
|
||||
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
|
||||
CHECK_EXCEPTION_RETURN_VALUE(prop, false);
|
||||
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
index 6fbc43a18ae..722c8baaff0 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
@@ -142,31 +142,28 @@
|
||||
return progname;
|
||||
}
|
||||
|
||||
@ -104,11 +101,10 @@ index 6fbc43a18ae..722c8baaff0 100644
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
index a585535c513..8df3fade499 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
@@ -225,9 +225,9 @@ struct entry {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
@@ -222,9 +222,9 @@
|
||||
}
|
||||
|
||||
#ifdef PRODUCT
|
||||
@ -120,7 +116,7 @@ index a585535c513..8df3fade499 100644
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -719,13 +719,13 @@ void unpacker::read_file_header() {
|
||||
@@ -715,13 +715,13 @@
|
||||
// Now we can size the whole archive.
|
||||
// Read everything else into a mega-buffer.
|
||||
rp = hdr.rp;
|
||||
@ -138,7 +134,7 @@ index a585535c513..8df3fade499 100644
|
||||
abort("EOF reading fixed input buffer");
|
||||
return;
|
||||
}
|
||||
@@ -739,7 +739,7 @@ void unpacker::read_file_header() {
|
||||
@@ -735,7 +735,7 @@
|
||||
return;
|
||||
}
|
||||
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
|
||||
@ -147,7 +143,7 @@ index a585535c513..8df3fade499 100644
|
||||
CHECK;
|
||||
assert(input.limit()[0] == 0);
|
||||
// Move all the bytes we read initially into the real buffer.
|
||||
@@ -962,13 +962,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) {
|
||||
@@ -958,13 +958,13 @@
|
||||
nentries = next_entry;
|
||||
|
||||
// place a limit on future CP growth:
|
||||
@ -163,7 +159,18 @@ index a585535c513..8df3fade499 100644
|
||||
|
||||
// Note that this CP does not include "empty" entries
|
||||
// for longs and doubles. Those are introduced when
|
||||
@@ -3694,21 +3694,22 @@ void cpool::computeOutputIndexes() {
|
||||
@@ -982,8 +982,9 @@
|
||||
}
|
||||
|
||||
// Initialize *all* our entries once
|
||||
- for (int i = 0 ; i < maxentries ; i++)
|
||||
+ for (uint i = 0 ; i < maxentries ; i++) {
|
||||
entries[i].outputIndex = REQUESTED_NONE;
|
||||
+ }
|
||||
|
||||
initGroupIndexes();
|
||||
// Initialize hashTab to a generous power-of-two size.
|
||||
@@ -3677,21 +3678,22 @@
|
||||
|
||||
unpacker* debug_u;
|
||||
|
||||
@ -190,7 +197,7 @@ index a585535c513..8df3fade499 100644
|
||||
case CONSTANT_Signature:
|
||||
if (value.b.ptr == null)
|
||||
return ref(0)->string();
|
||||
@@ -3728,26 +3729,28 @@ char* entry::string() {
|
||||
@@ -3711,26 +3713,28 @@
|
||||
break;
|
||||
default:
|
||||
if (nrefs == 0) {
|
||||
@ -228,11 +235,10 @@ index a585535c513..8df3fade499 100644
|
||||
}
|
||||
|
||||
void print_cp_entries(int beg, int end) {
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
index 4ec595333c4..aad0c971ef2 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
@@ -209,7 +209,7 @@ struct unpacker {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
@@ -209,7 +209,7 @@
|
||||
byte* rp; // read pointer (< rplimit <= input.limit())
|
||||
byte* rplimit; // how much of the input block has been read?
|
||||
julong bytes_read;
|
||||
@ -241,11 +247,10 @@ index 4ec595333c4..aad0c971ef2 100644
|
||||
|
||||
// callback to read at least one byte, up to available input
|
||||
typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen);
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
index da39a589545..1281d8b25c8 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
@@ -81,7 +81,7 @@
|
||||
int assert_failed(const char* p) {
|
||||
char message[1<<12];
|
||||
sprintf(message, "@assert failed: %s\n", p);
|
||||
@ -254,11 +259,10 @@ index da39a589545..1281d8b25c8 100644
|
||||
breakpoint();
|
||||
unpack_abort(message);
|
||||
return 0;
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
index f58c94956c0..343da3e183b 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
@@ -84,7 +84,7 @@
|
||||
}
|
||||
|
||||
// Write data to the ZIP output stream.
|
||||
@ -267,7 +271,7 @@ index f58c94956c0..343da3e183b 100644
|
||||
while (len > 0) {
|
||||
int rc = (int)fwrite(buff, 1, len, jarfp);
|
||||
if (rc <= 0) {
|
||||
@@ -323,12 +323,12 @@ void jar::write_central_directory() {
|
||||
@@ -323,12 +323,12 @@
|
||||
// Total number of disks (int)
|
||||
header64[36] = (ushort)SWAP_BYTES(1);
|
||||
header64[37] = 0;
|
||||
@ -282,11 +286,10 @@ index f58c94956c0..343da3e183b 100644
|
||||
|
||||
PRINTCR((2, "writing zip comment\n"));
|
||||
// Write the comment.
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
index 14ffc9d65bd..9877f6f68ca 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
@@ -68,8 +68,8 @@ struct jar {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
@@ -68,8 +68,8 @@
|
||||
}
|
||||
|
||||
// Private Methods
|
||||
|
@ -16,7 +16,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenan
|
||||
Atomic::add(val, &_sum);
|
||||
|
||||
- int mag = log2_intptr(val) + 1;
|
||||
+ int mag = log2_long(val) + 1;
|
||||
+ int mag = log2_intptr((uintptr_t)val) + 1;
|
||||
|
||||
// Defensively saturate for product bits:
|
||||
if (mag < 0) {
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user