Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/shenandoah8u422-b05.tar.xz
|
||||
SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
e2828a59a56b737f58f33dc21f654e92bdfc085e SOURCES/shenandoah8u422-b05.tar.xz
|
||||
71e5a111b66d7a8e4234d35117e0fd663d39f9ce SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u362-b08-4curve.tar.xz
|
||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
823
SOURCES/NEWS
823
SOURCES/NEWS
@ -3,812 +3,6 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 8u422 (2024-07-16):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u422
|
||||
|
||||
* CVEs
|
||||
- CVE-2024-21131
|
||||
- CVE-2024-21138
|
||||
- CVE-2024-21140
|
||||
- CVE-2024-21144
|
||||
- CVE-2024-21145
|
||||
- CVE-2024-21147
|
||||
* Security fixes
|
||||
- JDK-8314794: Improve UTF8 String supports
|
||||
- JDK-8319859: Better symbol storage
|
||||
- JDK-8320097: Improve Image transformations
|
||||
- JDK-8320548: Improved loop handling
|
||||
- JDK-8322106: Enhance Pack 200 loading
|
||||
- JDK-8323231: Improve array management
|
||||
- JDK-8323390: Enhance mask blit functionality
|
||||
- JDK-8324559: Improve 2D image handling
|
||||
- JDK-8325600: Better symbol storage
|
||||
* Other changes
|
||||
- JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105
|
||||
- JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings
|
||||
- JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/bug7123767.java: number of checked graphics configurations should be limited
|
||||
- JDK-8159690: [TESTBUG] Mark headful tests with @key headful.
|
||||
- JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
|
||||
- JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails
|
||||
- JDK-8205407: [windows, vs<2017] C4800 after 8203197
|
||||
- JDK-8235834: IBM-943 charset encoder needs updating
|
||||
- JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly"
|
||||
- JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
|
||||
- JDK-8256152: tests fail because of ambiguous method resolution
|
||||
- JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
|
||||
- JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
|
||||
- JDK-8268916: Tests for AffirmTrust roots
|
||||
- JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
|
||||
- JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
|
||||
- JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
|
||||
- JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
|
||||
- JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
|
||||
- JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL
|
||||
- JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM
|
||||
- JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074
|
||||
- JDK-8315020: The macro definition for LoongArch64 zero build is not accurate.
|
||||
- JDK-8316138: Add GlobalSign 2 TLS root certificates
|
||||
- JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows
|
||||
- JDK-8320005: Allow loading of shared objects with .a extension on AIX
|
||||
- JDK-8324185: [8u] Accept Xcode 12+ builds on macOS
|
||||
- JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
|
||||
- JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test
|
||||
- JDK-8326686: Bump update version of OpenJDK: 8u422
|
||||
- JDK-8327440: Fix "bad source file" error during beaninfo generation
|
||||
- JDK-8328809: [8u] Problem list some CA tests
|
||||
- JDK-8328825: Google CAInterop test failures
|
||||
- JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary
|
||||
- JDK-8331791: [8u] AIX build break from JDK-8320005 backport
|
||||
- JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test
|
||||
- JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-libs/java.net:
|
||||
|
||||
JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
|
||||
===========================================================================
|
||||
Two system properties have been added which control the keep alive
|
||||
behavior of HttpURLConnection in the case where the server does not
|
||||
specify a keep alive time. These are:
|
||||
|
||||
* `http.keepAlive.time.server`
|
||||
* `http.keepAlive.time.proxy`
|
||||
|
||||
which control the number of seconds before an idle connection to a
|
||||
server or proxy will be closed, respectively. If the server or proxy
|
||||
specifies a keep alive time in a "Keep-Alive" response header, this
|
||||
will take precedence over the values of these properties.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8316138: Add GlobalSign 2 TLS root certificates
|
||||
===================================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: GlobalSign
|
||||
Alias Name: globalsignr46
|
||||
Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
|
||||
|
||||
Name: GlobalSign
|
||||
Alias Name: globalsigne46
|
||||
Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
|
||||
|
||||
New in release OpenJDK 8u412 (2024-04-16):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u412
|
||||
|
||||
* CVEs
|
||||
- CVE-2024-21011
|
||||
- CVE-2024-21085
|
||||
- CVE-2024-21068
|
||||
- CVE-2024-21094
|
||||
* Security fixes
|
||||
- JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
|
||||
- JDK-8318340: Improve RSA key implementations
|
||||
- JDK-8319851: Improve exception logging
|
||||
- JDK-8322114: Improve Pack 200 handling
|
||||
- JDK-8322122: Enhance generation of addresses
|
||||
* Other changes
|
||||
- JDK-8011180: Delete obsolete scripts
|
||||
- JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build
|
||||
- JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios
|
||||
- JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X
|
||||
- JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows
|
||||
- JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388)
|
||||
- JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache
|
||||
- JDK-8168518: rcache interop with krb5-1.15
|
||||
- JDK-8183503: Update hotspot tests to allow for unique test classes directory
|
||||
- JDK-8186095: upgrade to jtreg 4.2 b08
|
||||
- JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH
|
||||
- JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
|
||||
- JDK-8208655: use JTreg skipped status in hotspot tests
|
||||
- JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1
|
||||
- JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile
|
||||
- JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system
|
||||
- JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
|
||||
- JDK-8224768: Test ActalisCA.java fails
|
||||
- JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
|
||||
- JDK-8251551: Use .md filename extension for README
|
||||
- JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
|
||||
- JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
|
||||
- JDK-8270517: Add Zero support for LoongArch
|
||||
- JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
|
||||
- JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
|
||||
- JDK-8288132: Update test artifacts in QuoVadis CA interop tests
|
||||
- JDK-8297955: LDAP CertStore should use LdapName and not String for DNs
|
||||
- JDK-8301310: The SendRawSysexMessage test may cause a JVM crash
|
||||
- JDK-8308592: Framework for CA interoperability testing
|
||||
- JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955
|
||||
- JDK-8315042: NPE in PKCS7.parseOldSignedData
|
||||
- JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set
|
||||
- JDK-8320713: Bump update version of OpenJDK: 8u412
|
||||
- JDK-8321060: [8u] hotspot needs to recognise VS2022
|
||||
- JDK-8321408: Add Certainly roots R1 and E1
|
||||
- JDK-8322725: (tz) Update Timezone Data to 2023d
|
||||
- JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray
|
||||
- JDK-8323202: [8u] Remove get_source.sh and hgforest.sh
|
||||
- JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed
|
||||
- JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'"
|
||||
- JDK-8324530: Build error with gcc 10
|
||||
- JDK-8325150: (tz) Update Timezone Data to 2024a
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/org.ietf.jgss:krb5:
|
||||
|
||||
JDK-8168518: rcache interop with krb5-1.15
|
||||
==========================================
|
||||
The hash algorithm used in the Kerberos 5 replay cache file (rcache)
|
||||
has been changed from MD5 to SHA256. This is the same algorithm used
|
||||
by MIT krb5-1.15 and is interoperable with earlier releases of MIT
|
||||
krb5.
|
||||
|
||||
The MD5 algorithm can still be used by setting the new
|
||||
jdk.krb5.rcache.useMD5 property to 'true':
|
||||
|
||||
java -Djdk.krb5.rcache.useMD5=true ...
|
||||
|
||||
This is useful where either the system has a coarse clock and has to
|
||||
depend on hash values in replay attack detection, or interoperability
|
||||
with the rcache files in older versions of OpenJDK is required.
|
||||
|
||||
client-libs/java.awt:
|
||||
|
||||
JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops
|
||||
=======================================================================
|
||||
The java.awt.SystemTray API is used to interact with the system's
|
||||
desktop taskbar to provide notifications and may include an icon
|
||||
representing an application. The GNOME desktop's support for taskbar
|
||||
icons has not worked properly for several years, due to a platform
|
||||
bug. This bug, in turn, affects the JDK's SystemTray support on GNOME
|
||||
desktops.
|
||||
|
||||
Therefore, in accordance with the SystemTray API specification,
|
||||
java.awt.SystemTray.isSupported() will now return false on systems
|
||||
that exhibit this bug, which is assumed to be those running a version
|
||||
of GNOME Shell below 45.
|
||||
|
||||
The impact of this change is likely to be minimal, as users of the
|
||||
SystemTray API should already be able to handle isSupported()
|
||||
returning false and the system tray on such platforms has already been
|
||||
unsupported for a number of years for all applications.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8321408: Added Certainly R1 and E1 Root Certificates
|
||||
========================================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Certainly
|
||||
Alias Name: certainlyrootr1
|
||||
Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US
|
||||
|
||||
Name: Certainly
|
||||
Alias Name: certainlyroote1
|
||||
Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US
|
||||
|
||||
New in release OpenJDK 8u402 (2024-01-16):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u402
|
||||
|
||||
* CVEs
|
||||
- CVE-2024-20918
|
||||
- CVE-2024-20919
|
||||
- CVE-2024-20921
|
||||
- CVE-2024-20926
|
||||
- CVE-2024-20945
|
||||
- CVE-2024-20952
|
||||
* Security fixes
|
||||
- JDK-8308204: Enhanced certificate processing
|
||||
- JDK-8314284: Enhance Nashorn performance
|
||||
- JDK-8314295: Enhance verification of verifier
|
||||
- JDK-8314307: Improve loop handling
|
||||
- JDK-8314468: Improve Compiler loops
|
||||
- JDK-8316976: Improve signature handling
|
||||
- JDK-8317547: Enhance TLS connection support
|
||||
* Other changes
|
||||
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
|
||||
- JDK-8029995: accept yes/no for boolean krb5.conf settings
|
||||
- JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix.
|
||||
- JDK-8176509: Use pandoc for converting build readme to html
|
||||
- JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
|
||||
- JDK-8207404: MulticastSocket tests failing on AIX
|
||||
- JDK-8212677: X11 default visual support for IM status window on VNC
|
||||
- JDK-8239365: ProcessBuilder test modifications for AIX execution
|
||||
- JDK-8271838: AmazonCA.java interop test fails
|
||||
- JDK-8285398: Cache the results of constraint checks
|
||||
- JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
|
||||
- JDK-8302017: Allocate BadPaddingException only if it will be thrown
|
||||
- JDK-8305329: [8u] Unify test libraries into single test library - step 1
|
||||
- JDK-8307837: [8u] Check step in GHA should also print errors
|
||||
- JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
|
||||
- JDK-8311813: C1: Uninitialized PhiResolver::_loop field
|
||||
- JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
||||
- JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException
|
||||
- JDK-8315280: Bump update version of OpenJDK: 8u402
|
||||
- JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher
|
||||
- JDK-8317291: Missing null check for nmethod::is_native_method()
|
||||
- JDK-8317373: Add Telia Root CA v2
|
||||
- JDK-8317374: Add Let's Encrypt ISRG Root X2
|
||||
- JDK-8318759: Add four DigiCert root certificates
|
||||
- JDK-8319187: Add three eMudhra emSign roots
|
||||
- JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero
|
||||
- JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/org.ietf.jgss:krb5:
|
||||
|
||||
JDK-8029995: accept yes/no for boolean krb5.conf settings
|
||||
=========================================================
|
||||
The krb5.conf configuration file now also accepts "yes" and "no", as
|
||||
alternatives to the existing "true" and "false" support, when using
|
||||
settings that take boolean values.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
|
||||
===============================================================================================================================
|
||||
A maximum signature file size property, jdk.jar.maxSignatureFileSize,
|
||||
was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a
|
||||
default of 8MB. This default proved to be too small for some JAR
|
||||
files. This release, 8u402, increases it to 16MB.
|
||||
|
||||
JDK-8317374: Added ISRG Root X2 CA Certificate from Let's Encrypt
|
||||
=================================================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Let's Encrypt
|
||||
Alias Name: letsencryptisrgx2
|
||||
Distinguished Name: CN=ISRG Root X2, O=Internet Security Research Group, C=US
|
||||
|
||||
JDK-8318759: Added Four Root Certificates from DigiCert, Inc.
|
||||
=============================================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicertcseccrootg5
|
||||
Distinguished Name: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicertcsrsarootg5
|
||||
Distinguished Name: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicerttlseccrootg5
|
||||
Distinguished Name: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
Name: DigiCert, Inc.
|
||||
Alias Name: digicerttlsrsarootg5
|
||||
Distinguished Name: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
|
||||
|
||||
JDK-8319187: Added Three Root Certificates from eMudhra Technologies Limited
|
||||
============================================================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: eMudhra Technologies Limited
|
||||
Alias Name: emsignrootcag1
|
||||
Distinguished Name: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
||||
|
||||
Name: eMudhra Technologies Limited
|
||||
Alias Name: emsigneccrootcag3
|
||||
Distinguished Name: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
||||
|
||||
Name: eMudhra Technologies Limited
|
||||
Alias Name: emsignrootcag2
|
||||
Distinguished Name: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
|
||||
|
||||
JDK-8317373: Added Telia Root CA v2 Certificate
|
||||
===============================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Telia Root CA v2
|
||||
Alias Name: teliarootcav2
|
||||
Distinguished Name: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI ```
|
||||
|
||||
New in release OpenJDK 8u392 (2023-10-17):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u392
|
||||
|
||||
* CVEs
|
||||
- CVE-2023-22067
|
||||
- CVE-2023-22081
|
||||
* Security fixes
|
||||
- JDK-8286503, JDK-8312367: Enhance security classes
|
||||
- JDK-8297856: Improve handling of Bidi characters
|
||||
- JDK-8303384: Improved communication in CORBA
|
||||
- JDK-8305815, JDK-8307278: Update Libpng to 1.6.39
|
||||
- JDK-8309966: Enhanced TLS connections
|
||||
* Other changes
|
||||
- JDK-6722928: Provide a default native GSS-API library on Windows
|
||||
- JDK-8040887: [TESTBUG] Remove test/runtime/6925573/SortMethodsTest.java
|
||||
- JDK-8042726: [TESTBUG] TEST.groups file was not updated after runtime/6925573/SortMethodsTest.java removal
|
||||
- JDK-8139348: Deprecate 3DES and RC4 in Kerberos
|
||||
- JDK-8173072: zipfs fails to handle incorrect info-zip "extended timestamp extra field"
|
||||
- JDK-8200468: Port the native GSS-API bridge to Windows
|
||||
- JDK-8202952: C2: Unexpected dead nodes after matching
|
||||
- JDK-8205399: Set node color on pinned HashMap.TreeNode deletion
|
||||
- JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update
|
||||
- JDK-8214046: [macosx] Undecorated Frame does not Iconify when set to
|
||||
- JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
|
||||
- JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
|
||||
- JDK-8232225: Rework the fix for JDK-8071483
|
||||
- JDK-8242330: Arrays should be cloned in several JAAS Callback classes
|
||||
- JDK-8253269: The CheckCommonColors test should provide more info on failure
|
||||
- JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
|
||||
- JDK-8284910: Buffer clean in PasswordCallback
|
||||
- JDK-8287073: NPE from CgroupV2Subsystem.getInstance()
|
||||
- JDK-8287663: Add a regression test for JDK-8287073
|
||||
- JDK-8295685: Update Libpng to 1.6.38
|
||||
- JDK-8295894: Remove SECOM certificate that is expiring in September 2023
|
||||
- JDK-8308788: [8u] Remove duplicate HaricaCA.java test
|
||||
- JDK-8309122: Bump update version of OpenJDK: 8u392
|
||||
- JDK-8309143: [8u] fix archiving inconsistencies in GHA
|
||||
- JDK-8310026: [8u] make java_lang_String::hash_code consistent across platforms
|
||||
- JDK-8314960: Add Certigna Root CA - 2
|
||||
- JDK-8315135: Memory leak in the native implementation of Pack200.Unpacker.unpack()
|
||||
- JDK-8317040: Exclude cleaner test failing on older releases
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
other-libs/corba:idl:
|
||||
|
||||
JDK-8303384: Improved communication in CORBA
|
||||
============================================
|
||||
The JDK's CORBA implementation now provides the option to limit
|
||||
serialisation in stub objects to those with the "IOR:" prefix. For
|
||||
ORB constrained stub classes:
|
||||
|
||||
* _DynArrayStub
|
||||
* _DynEnumStub
|
||||
* _DynFixedStub
|
||||
* _DynSequenceStub
|
||||
* _DynStructStub
|
||||
* _DynUnionStub
|
||||
* _DynValueStub
|
||||
* _DynAnyStub
|
||||
* _DynAnyFactoryStub
|
||||
|
||||
this is enabled by default and may be disabled by setting the system
|
||||
property org.omg.DynamicAny.disableIORCheck to 'true'.
|
||||
|
||||
For remote service stub classes:
|
||||
|
||||
* _NamingContextStub
|
||||
* _BindingIteratorStub
|
||||
* _NamingContextExtStub
|
||||
* _ServantActivatorStub
|
||||
* _ServantLocatorStub
|
||||
* _ServerManagerStub
|
||||
* _ActivatorStub
|
||||
* _RepositoryStub
|
||||
* _InitialNameServiceStub
|
||||
* _LocatorStub
|
||||
* _ServerStub
|
||||
|
||||
it is disabled by default and may be enabled by setting the system
|
||||
property org.omg.CORBA.IDL.Stubs.enableIORCheck to 'true'.
|
||||
|
||||
security-libs/org.ietf.jgss:
|
||||
|
||||
JDK-6722928: Added a Default Native GSS-API Library on Windows
|
||||
==============================================================
|
||||
|
||||
A native GSS-API library named `sspi_bridge.dll` has been added to the
|
||||
JDK on the Windows platform. As with native GSS-API library provision
|
||||
on other operating systems, it will only be loaded when the
|
||||
`sun.security.jgss.native` system property is set to "true". A user
|
||||
can still load a third-party native GSS-API library instead by setting
|
||||
the `sun.security.jgss.lib` system property to the appropriate path.
|
||||
|
||||
The library is client-side only and uses the default credentials.
|
||||
Native GSS support automatically uses cached credentials from the
|
||||
underlying operating system, so the
|
||||
`javax.security.auth.useSubjectCredsOnly` system property should be
|
||||
set to false.
|
||||
|
||||
The `com.sun.security.auth.module.Krb5LoginModule` does not call
|
||||
native JGSS and so its use in your JAAS config should be avoided.
|
||||
|
||||
security-libs/org.ietf.jgss:krb5:
|
||||
|
||||
JDK-8139348: Deprecate 3DES and RC4 in Kerberos
|
||||
===============================================
|
||||
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
|
||||
are now deprecated and disabled by default. To re-enable them, you
|
||||
can either enable all weak crypto (which also includes `des-cbc-crc`
|
||||
and `des-cbc-md5`) by setting `allow_weak_crypto = true` in the
|
||||
`krb5.conf` configuration file or explicitly list all the preferred
|
||||
encryption types using the `default_tkt_enctypes`,
|
||||
`default_tgs_enctypes`, or `permitted_enctypes` settings.
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8295894: Removed SECOM Trust System's RootCA1 Root Certificate
|
||||
==================================================================
|
||||
The following root certificate from SECOM Trust System has been
|
||||
removed from the `cacerts` keystore:
|
||||
|
||||
Alias Name: secomscrootca1 [jdk]
|
||||
Distinguished Name: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
|
||||
|
||||
JDK-8314960: Added Certigna Root CA Certificate
|
||||
===============================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Certigna (Dhimyotis)
|
||||
Alias Name: certignarootca
|
||||
Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR
|
||||
|
||||
security-libs/javax.security:
|
||||
|
||||
JDK-8242330: Arrays should be cloned in several JAAS Callback classes
|
||||
=====================================================================
|
||||
In the JAAS classes, ChoiceCallback and ConfirmationCallback, arrays
|
||||
were not cloned when passed into a constructor or returned. This
|
||||
allowed an external program to get access to the internal fields of
|
||||
these classes. The classes have been updated to return cloned arrays.
|
||||
|
||||
New in release OpenJDK 8u382 (2023-07-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u382
|
||||
|
||||
* CVEs
|
||||
- CVE-2023-22045
|
||||
- CVE-2023-22049
|
||||
* Security fixes
|
||||
- JDK-8298676: Enhanced Look and Feel
|
||||
- JDK-8300596: Enhance Jar Signature validation
|
||||
- JDK-8304468: Better array usages
|
||||
- JDK-8305312: Enhanced path handling
|
||||
* Other changes
|
||||
- JDK-8072678: Wrong exception messages in java.awt.color.ICC_ColorSpace
|
||||
- JDK-8151460: Metaspace counters can have inconsistent values
|
||||
- JDK-8152432: Implement setting jtreg @requires properties vm.flavor, vm.bits, vm.compMode
|
||||
- JDK-8185736: missing default exception handler in calls to rethrow_Stub
|
||||
- JDK-8186801: Add regression test to test mapping based charsets (generated at build time)
|
||||
- JDK-8215105: java/awt/Robot/HiDPIScreenCapture/ScreenCaptureTest.java: Wrong Pixel Color
|
||||
- JDK-8241311: Move some charset mapping tests from closed to open
|
||||
- JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
|
||||
- JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
|
||||
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
|
||||
- JDK-8276841: Add support for Visual Studio 2022
|
||||
- JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode
|
||||
- JDK-8278851: Correct signer logic for jars signed with multiple digest algorithms
|
||||
- JDK-8282345: handle latest VS2022 in abstract_vm_version
|
||||
- JDK-8282600: SSLSocketImpl should not use user_canceled workaround when not necessary
|
||||
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
|
||||
- JDK-8289301: P11Cipher should not throw out of bounds exception during padding
|
||||
- JDK-8293232: Fix race condition in pkcs11 SessionManager
|
||||
- JDK-8293815: P11PSSSignature.engineUpdate should not print debug messages during normal operation
|
||||
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
|
||||
- JDK-8298108: Add a regression test for JDK-8297684
|
||||
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
|
||||
- JDK-8301119: Support for GB18030-2022
|
||||
- JDK-8301400: Allow additional characters for GB18030-2022 support
|
||||
- JDK-8302791: Add specific ClassLoader object to Proxy IllegalArgumentException message
|
||||
- JDK-8303028: Update system property for Java SE specification maintenance version
|
||||
- JDK-8303462: Bump update version of OpenJDK: 8u382
|
||||
- JDK-8304760: Add 2 Microsoft TLS roots
|
||||
- JDK-8305165: [8u] ServiceThread::nmethods_do is not called to keep nmethods from being zombied while in the queue
|
||||
- JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
||||
- JDK-8305975: Add TWCA Global Root CA
|
||||
- JDK-8307134: Add GTS root CAs
|
||||
- JDK-8307310: Backport the tests for JDK-8058969 and JDK-8039271 to the OpenJDK8
|
||||
- JDK-8307531: [aarch64] JDK8 single-step debugging is extremely slow
|
||||
- JDK-8310947: gb18030-2000 not selectable with LANG=zh_CN.GB18030 after JDK-8301119
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-libs/java.lang:
|
||||
|
||||
JDK-8305681: Allow additional characters for GB18030-2022 (Level 2) support
|
||||
===========================================================================
|
||||
In order to support "Implementation Level 2" of the GB18030-2022
|
||||
standard, the JDK must be able to use characters from the CJK Unified
|
||||
Ideographs Extension E block of Unicode 8.0. The addition of these
|
||||
characters forms Maintenance Release 5 of the Java SE 8 specification,
|
||||
which is implemented in this release of OpenJDK via the addition of a
|
||||
new UnicodeBlock instance,
|
||||
Character.CJK_UNIFIED_IDEOGRAPHS_EXTENSION_E.
|
||||
|
||||
core-libs/java.util.jar:
|
||||
|
||||
8300596: Enhance Jar Signature validation
|
||||
=========================================
|
||||
A System property "jdk.jar.maxSignatureFileSize" is introduced to
|
||||
configure the maximum number of bytes allowed for the
|
||||
signature-related files in a JAR file during verification. The default
|
||||
value is 8000000 bytes (8 MB).
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8307134: Added 4 GTS Root CA Certificates
|
||||
=============================================
|
||||
The following root certificates have been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar1
|
||||
Distinguished Name: CN=GTS Root R1, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar2
|
||||
Distinguished Name: CN=GTS Root R2, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar3
|
||||
Distinguished Name: CN=GTS Root R3, O=Google Trust Services LLC, C=US
|
||||
|
||||
Name: Google Trust Services LLC
|
||||
Alias Name: gtsrootcar4
|
||||
Distinguished Name: CN=GTS Root R4, O=Google Trust Services LLC, C=US
|
||||
|
||||
JDK-8304760: Added Microsoft Corporation's 2 TLS Root CA Certificates
|
||||
=====================================================================
|
||||
The following root certificates has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: Microsoft Corporation
|
||||
Alias Name: microsoftecc2017
|
||||
Distinguished Name: CN=Microsoft ECC Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
||||
|
||||
Name: Microsoft Corporation
|
||||
Alias Name: microsoftrsa2017
|
||||
Distinguished Name: CN=Microsoft RSA Root Certificate Authority 2017, O=Microsoft Corporation, C=US
|
||||
|
||||
JDK-8305975: Added TWCA Root CA Certificate
|
||||
===========================================
|
||||
The following root certificate has been added to the cacerts
|
||||
truststore:
|
||||
|
||||
Name: TWCA
|
||||
Alias Name: twcaglobalrootca
|
||||
Distinguished Name: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW
|
||||
|
||||
New in release OpenJDK 8u372 (2023-04-18):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bit.ly/openjdk8u372
|
||||
|
||||
* CVEs
|
||||
- CVE-2023-21930
|
||||
- CVE-2023-21937
|
||||
- CVE-2023-21938
|
||||
- CVE-2023-21939
|
||||
- CVE-2023-21954
|
||||
- CVE-2023-21967
|
||||
- CVE-2023-21968
|
||||
* Security fixes
|
||||
- JDK-8287404: Improve ping times
|
||||
- JDK-8288436: Improve Xalan supports
|
||||
- JDK-8294474: Better AES support
|
||||
- JDK-8295304: Runtime support improvements
|
||||
- JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation
|
||||
- JDK-8296676, JDK-8296622: Improve String platform support
|
||||
- JDK-8296684: Improve String platform support
|
||||
- JDK-8296692: Improve String platform support
|
||||
- JDK-8296700: Improve String platform support
|
||||
- JDK-8296832: Improve Swing platform support
|
||||
- JDK-8297371: Improve UTF8 representation redux
|
||||
- JDK-8298191: Enhance object reclamation process
|
||||
- JDK-8298310: Enhance TLS session negotiation
|
||||
- JDK-8298667: Improved path handling
|
||||
- JDK-8299129: Enhance NameService lookups
|
||||
* New features
|
||||
- JDK-8230305: Cgroups v2: Container awareness
|
||||
* Other changes
|
||||
- JDK-6734341: REGTEST fails: SelectionAutoscrollTest.html
|
||||
- JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows
|
||||
- JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails
|
||||
- JDK-7124238: [macosx] Font in BasicHTML document is bigger than it should be
|
||||
- JDK-7124381: DragSourceListener.dragDropEnd() never been called on completion of dnd operation
|
||||
- JDK-8039888: [TEST_BUG] keyboard garbage after javax/swing/plaf/windows/WindowsRootPaneUI/WrongAltProcessing/WrongAltProcessing.java
|
||||
- JDK-8042098: [TESTBUG] Test sun/java2d/AcceleratedXORModeTest.java fails on Windows
|
||||
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
|
||||
- JDK-8072770: [TESTBUG] Some Introspector tests fail with a Java heap bigger than 4GB
|
||||
- JDK-8075964: Test java/awt/Mouse/TitleBarDoubleClick/TitleBarDoubleClick.html fails intermittently with timeout error
|
||||
- JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
|
||||
- JDK-8142540: [TEST_BUG] Test sun/awt/dnd/8024061/bug8024061.java fails on ubuntu
|
||||
- JDK-8156579: Two JavaBeans tests failed
|
||||
- JDK-8156581: Cleanup of ProblemList.txt
|
||||
- JDK-8159135: [PIT] javax/swing/JMenuItem/8152981/MenuItemIconTest.java always fail
|
||||
- JDK-8177560: @headful key can be removed from the tests for JavaSound
|
||||
- JDK-8196196: Headful tests should not be run in headless mode
|
||||
- JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails
|
||||
- JDK-8197408: Bad pointer comparison and small cleanup in os_linux.cpp
|
||||
- JDK-8203485: [freetype] text rotated on 180 degrees is too narrow
|
||||
- JDK-8205959: Do not restart close if errno is EINTR
|
||||
- JDK-8216366: Add rationale to PER_CPU_SHARES define
|
||||
- JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails
|
||||
- JDK-8228585: jdk/internal/platform/cgroup/TestCgroupMetrics.java - NumberFormatException because of large long values (memory limit_in_bytes)
|
||||
- JDK-8229182: [TESTBUG] runtime/containers/docker/TestMemoryAwareness.java test fails on SLES12
|
||||
- JDK-8229202: Docker reporting causes secondary crashes in error handling
|
||||
- JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
|
||||
- JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation
|
||||
- JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
|
||||
- JDK-8234484: Add ability to configure third port for remote JMX
|
||||
- JDK-8237479: 8230305 causes slowdebug build failure
|
||||
- JDK-8239559: Cgroups: Incorrect detection logic on some systems
|
||||
- JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
|
||||
- JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
|
||||
- JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
|
||||
- JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
|
||||
- JDK-8242468: VS2019 build missing vcruntime140_1.dll
|
||||
- JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
|
||||
- JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
|
||||
- JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
|
||||
- JDK-8245654: Add Certigna Root CA
|
||||
- JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows
|
||||
- JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
|
||||
- JDK-8252359: HotSpot Not Identifying it is Running in a Container
|
||||
- JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
|
||||
- JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
|
||||
- JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
|
||||
- JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
|
||||
- JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
|
||||
- JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
|
||||
- JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
|
||||
- JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
|
||||
- JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
|
||||
- JDK-8257620: Do not use objc_msgSend_stret to get macOS version
|
||||
- JDK-8262379: Add regression test for JDK-8257746
|
||||
- JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
|
||||
- JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
|
||||
- JDK-8270317: Large Allocation in CipherSuite
|
||||
- JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked
|
||||
- JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11
|
||||
- JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
|
||||
- JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
|
||||
- JDK-8280048: Missing comma in copyright header
|
||||
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
|
||||
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
|
||||
- JDK-8282947: JFR: Dump on shutdown live-locks in some conditions
|
||||
- JDK-8283277: ISO 4217 Amendment 171 Update
|
||||
- JDK-8283606: Tests may fail with zh locale on MacOS
|
||||
- JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
|
||||
- JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox
|
||||
- JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
|
||||
- JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist
|
||||
- JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3
|
||||
- JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller
|
||||
- JDK-8287109: Distrust.java failed with CertificateExpiredException
|
||||
- JDK-8287463: JFR: Disable TestDevNull.java on Windows
|
||||
- JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete
|
||||
- JDK-8289549: ISO 4217 Amendment 172 Update
|
||||
- JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun
|
||||
- JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u
|
||||
- JDK-8292083: Detected container memory limit may exceed physical machine memory
|
||||
- JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory
|
||||
- JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present
|
||||
- JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts
|
||||
- JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
|
||||
- JDK-8294307: ISO 4217 Amendment 173 Update
|
||||
- JDK-8294767: 8u contains two copies of test/../FileUtils.java, one uses JDK9+ features
|
||||
- JDK-8295322: Tests for JDK-8271459 were not backported to 11u
|
||||
- JDK-8295952: Problemlist existing compiler/rtm tests also on x86
|
||||
- JDK-8295982: Failure in sun/security/tools/keytool/WeakAlg.java - ks: The process cannot access the file because it is being used by another process
|
||||
- JDK-8296239: ISO 4217 Amendment 174 Update
|
||||
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
|
||||
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
|
||||
- JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
|
||||
- JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2
|
||||
- JDK-8297329: [8u] hotspot needs to recognise VS2019
|
||||
- JDK-8297739: Bump update version of OpenJDK: 8u372
|
||||
- JDK-8297996: [8u] generated images are broken due to renaming of MSVC runtime DLL's
|
||||
- JDK-8298027: Remove SCCS id's from awt jtreg tests
|
||||
- JDK-8298307: Enable hotspot/tier1 for 32-bit builds in GHA for 8u
|
||||
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||
- JDK-8299445: EndingDotHostname.java fails because of compilation errors
|
||||
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||
- JDK-8299548: Fix hotspot/test/runtime/Metaspace/MaxMetaspaceSizeTest.java in 8u
|
||||
- JDK-8299804: Fix non-portable code in hotspot shell tests in 8u
|
||||
- JDK-8300014: Some backports placed the tests in the wrong location
|
||||
- JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
|
||||
- JDK-8301122: [8u] Fix unreliable vs2010 download link
|
||||
- JDK-8301143: [TESTBUG] jfr/event/sampling/TestNative was backported to JDK8u without proper native wrapper
|
||||
- JDK-8301246: NPE in FcFontManager.getDefaultPlatformFont() on Linux without installed fontconfig
|
||||
- JDK-8301332: [8u] Fix writing of test files after the cgroups v2 backport
|
||||
- JDK-8301550: [8u] Enable additional linux build testing in GitHub
|
||||
- JDK-8301620: [8u] some shell tests are passed but have unexpected operator errors
|
||||
- JDK-8301760: Fix possible leak in SpNegoContext dispose
|
||||
- JDK-8303408: [AIX] Broken jdk8u build after JDK-8266391
|
||||
- JDK-8303828: [Solaris] Broken jdk8u build after JDK-8266391
|
||||
- JDK-8304053: Revert os specific stubs for SystemMetrics
|
||||
- JDK-8305113: (tz) Update Timezone Data to 2023c
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
hotspot:
|
||||
core-libs:
|
||||
|
||||
JDK-8305562: Cgroups v2: Container awareness
|
||||
============================================
|
||||
The HotSpot runtime code as well as the core libraries code in the JDK
|
||||
has been updated in order to detect a cgroup v2 host system when
|
||||
running OpenJDK within a Linux container.
|
||||
|
||||
Since the 8u202 release of OpenJDK, the container detection code
|
||||
recognized cgroup v1 (legacy) host Linux systems. With 8u372 and later
|
||||
releases, both versions of the underlying cgroups pseudo filesystem
|
||||
will be detected and corresponding container limits applied to the
|
||||
OpenJDK runtime.
|
||||
|
||||
Without this enhancement, OpenJDK would not apply container resource
|
||||
limits when running on a cgroup v2 Linux host system, but would use
|
||||
the underlying hosts' resource limits instead.
|
||||
|
||||
client-libs/javax.swing:
|
||||
|
||||
JDK-8296832: Improve Swing platform support
|
||||
===========================================
|
||||
Earlier OpenJDK releases would always render HTML object tags embedded in
|
||||
Swing HTML components. With this release, rendering only occurs when the
|
||||
new system property "swing.html.object" is set to true. By default, it
|
||||
is set to false.
|
||||
|
||||
core-svc/javax.management:
|
||||
|
||||
JDK-8234484: Added Ability to Configure Third Port for Remote JMX
|
||||
=================================================================
|
||||
A local access port can now be configured for JMX connections by
|
||||
setting the property `com.sun.management.jmxremote.local.port`. This
|
||||
local port was previously selected at random, which could lead to port
|
||||
collisions. The property works in the same way as the existing
|
||||
properties for configuring the remote access port
|
||||
(`com.sun.management.jmxremote.port`) and the RMI port
|
||||
(`com.sun.management.jmxremote.rmi.port`)
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
|
||||
==========================================================
|
||||
The following root certificate has been added to the cacerts truststore:
|
||||
|
||||
Name: Certigna (Dhimyotis)
|
||||
Alias Name: certignarootca
|
||||
Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
|
||||
|
||||
New in release OpenJDK 8u362 (2023-01-17):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
@ -890,8 +84,6 @@ Live versions of these release notes can be found at:
|
||||
- JDK-8297804: (tz) Update Timezone Data to 2022g
|
||||
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
|
||||
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
|
||||
- JDK-8300178: JDK-8286496 causes build failure on older GCC
|
||||
- JDK-8300225: JDK-8288516 causes build failure on Windows + VS2010
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
@ -1099,6 +291,19 @@ the current count of established connections and, if the configured
|
||||
limit has been reached, then the newly accepted connection will be
|
||||
closed immediately.
|
||||
|
||||
core-libs/java.net:
|
||||
|
||||
JDK-8286918: Better HttpServer service
|
||||
======================================
|
||||
The HttpServer can be optionally configured with a maximum connection
|
||||
limit by setting the jdk.httpserver.maxConnections system property. A
|
||||
value of 0 or a negative integer is ignored and considered to
|
||||
represent no connection limit. In the case of a positive integer
|
||||
value, any newly accepted connections will be first checked against
|
||||
the current count of established connections and, if the configured
|
||||
limit has been reached, then the newly accepted connection will be
|
||||
closed immediately.
|
||||
|
||||
security-libs/javax.net.ssl:
|
||||
|
||||
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
|
||||
@ -1296,7 +501,7 @@ device paths such as `NUL:` are *not* used.
|
||||
New in release OpenJDK 8u332 (2022-04-22):
|
||||
===========================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk8u332
|
||||
* https://bit.ly/openjdk8u332
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
|
||||
|
||||
* Security fixes
|
||||
|
@ -1,34 +1,8 @@
|
||||
OpenJDK 8 is a Long-Term Support (LTS) release of the Java platform.
|
||||
Package of LTS OpenJDK 8
|
||||
OpenJDK have release cadence of 6 months. but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbore them. Currently it is build on openJDK 10. LTSs (next is 11) will go as separate packages.
|
||||
|
||||
For a list of major changes in OpenJDK 8 (java-1.8.0-openjdk), see the
|
||||
upstream release page: https://openjdk.org/projects/jdk8/features
|
||||
JDK8 is last LTS release of Java platform. It is bringing many cool improvements - http://openjdk.java.net/projects/jdk/8/ and is landing to your RHEL. Where it will be maintained for several years. You will always be allowed to install Used LTSs in build root, and alongside via alternatives.
|
||||
|
||||
# Rebuilding the OpenJDK package
|
||||
See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
|
||||
See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf
|
||||
|
||||
The OpenJDK packages are now created from a single build which is then
|
||||
packaged for different major versions of Red Hat Enterprise Linux
|
||||
(RHEL). This allows the OpenJDK team to focus their efforts on the
|
||||
development and testing of this single build, rather than having
|
||||
multiple builds which only differ by the platform they were built on.
|
||||
|
||||
This does make rebuilding the package slightly more complicated than a
|
||||
normal package. Modifications should be made to the
|
||||
`java-1.8.0-openjdk-portable.specfile` file, which can be found with
|
||||
this README file in the source RPM or installed in the documentation
|
||||
tree by the `java-1.8.0-openjdk-headless` RPM.
|
||||
|
||||
Once the modified `java-1.8.0-openjdk-portable` RPMs are built, they
|
||||
should be installed and will produce a number of tarballs in the
|
||||
`/usr/lib/jvm` directory. The `java-1.8.0-openjdk` RPMs can then be
|
||||
built, which will use these tarballs to create the usual RPMs found in
|
||||
RHEL. The `java-1.8.0-openjdk-portable` RPMs can be uninstalled once
|
||||
the desired final RPMs are produced.
|
||||
|
||||
Note that the `java-1.8.0-openjdk.spec` file has a hard requirement on
|
||||
the exact version of java-1.8.0-openjdk-portable to use, so this will
|
||||
need to be modified if the version or rpmrelease values are changed in
|
||||
`java-1.8.0-openjdk-portable.specfile`.
|
||||
|
||||
To reduce the number of RPMs involved, the `fastdebug` and `slowdebug`
|
||||
builds may be disabled using `--without fastdebug` and `--without
|
||||
slowdebug`.
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,286 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User sherman
|
||||
# Date 1505950914 25200
|
||||
# Wed Sep 20 16:41:54 2017 -0700
|
||||
# Node ID 723486922bfe4c17e3f5c067ce5e97229842fbcd
|
||||
# Parent c8ac05bbe47771b3dafa2e7fc9a95d86d68d7c07
|
||||
8186464: ZipFile cannot read some InfoZip ZIP64 zip files
|
||||
Reviewed-by: martin
|
||||
|
||||
diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
|
||||
index 26e2a5bf9e9..2630c118817 100644
|
||||
--- openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
|
||||
+++ openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
|
||||
@@ -92,6 +92,7 @@ public class ZipFileSystem extends FileSystem {
|
||||
private final boolean createNew; // create a new zip if not exists
|
||||
private static final boolean isWindows =
|
||||
System.getProperty("os.name").startsWith("Windows");
|
||||
+ private final boolean forceEnd64;
|
||||
|
||||
// a threshold, in bytes, to decide whether to create a temp file
|
||||
// for outputstream of a zip entry
|
||||
@@ -112,12 +113,13 @@ public class ZipFileSystem extends FileSystem {
|
||||
if (this.defaultDir.charAt(0) != '/')
|
||||
throw new IllegalArgumentException("default dir should be absolute");
|
||||
|
||||
+ this.forceEnd64 = "true".equals(env.get("forceZIP64End"));
|
||||
this.provider = provider;
|
||||
this.zfpath = zfpath;
|
||||
if (Files.notExists(zfpath)) {
|
||||
if (createNew) {
|
||||
try (OutputStream os = Files.newOutputStream(zfpath, CREATE_NEW, WRITE)) {
|
||||
- new END().write(os, 0);
|
||||
+ new END().write(os, 0, forceEnd64);
|
||||
}
|
||||
} else {
|
||||
throw new FileSystemNotFoundException(zfpath.toString());
|
||||
@@ -1014,28 +1016,36 @@ public class ZipFileSystem extends FileSystem {
|
||||
end.cenoff = ENDOFF(buf);
|
||||
end.comlen = ENDCOM(buf);
|
||||
end.endpos = pos + i;
|
||||
- if (end.cenlen == ZIP64_MINVAL ||
|
||||
- end.cenoff == ZIP64_MINVAL ||
|
||||
- end.centot == ZIP64_MINVAL32)
|
||||
- {
|
||||
- // need to find the zip64 end;
|
||||
- byte[] loc64 = new byte[ZIP64_LOCHDR];
|
||||
- if (readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR)
|
||||
- != loc64.length) {
|
||||
- return end;
|
||||
- }
|
||||
- long end64pos = ZIP64_LOCOFF(loc64);
|
||||
- byte[] end64buf = new byte[ZIP64_ENDHDR];
|
||||
- if (readFullyAt(end64buf, 0, end64buf.length, end64pos)
|
||||
- != end64buf.length) {
|
||||
- return end;
|
||||
- }
|
||||
- // end64 found, re-calcualte everything.
|
||||
- end.cenlen = ZIP64_ENDSIZ(end64buf);
|
||||
- end.cenoff = ZIP64_ENDOFF(end64buf);
|
||||
- end.centot = (int)ZIP64_ENDTOT(end64buf); // assume total < 2g
|
||||
- end.endpos = end64pos;
|
||||
+ // try if there is zip64 end;
|
||||
+ byte[] loc64 = new byte[ZIP64_LOCHDR];
|
||||
+ if (end.endpos < ZIP64_LOCHDR ||
|
||||
+ readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR)
|
||||
+ != loc64.length ||
|
||||
+ !locator64SigAt(loc64, 0)) {
|
||||
+ return end;
|
||||
+ }
|
||||
+ long end64pos = ZIP64_LOCOFF(loc64);
|
||||
+ byte[] end64buf = new byte[ZIP64_ENDHDR];
|
||||
+ if (readFullyAt(end64buf, 0, end64buf.length, end64pos)
|
||||
+ != end64buf.length ||
|
||||
+ !end64SigAt(end64buf, 0)) {
|
||||
+ return end;
|
||||
+ }
|
||||
+ // end64 found,
|
||||
+ long cenlen64 = ZIP64_ENDSIZ(end64buf);
|
||||
+ long cenoff64 = ZIP64_ENDOFF(end64buf);
|
||||
+ long centot64 = ZIP64_ENDTOT(end64buf);
|
||||
+ // double-check
|
||||
+ if (cenlen64 != end.cenlen && end.cenlen != ZIP64_MINVAL ||
|
||||
+ cenoff64 != end.cenoff && end.cenoff != ZIP64_MINVAL ||
|
||||
+ centot64 != end.centot && end.centot != ZIP64_MINVAL32) {
|
||||
+ return end;
|
||||
}
|
||||
+ // to use the end64 values
|
||||
+ end.cenlen = cenlen64;
|
||||
+ end.cenoff = cenoff64;
|
||||
+ end.centot = (int)centot64; // assume total < 2g
|
||||
+ end.endpos = end64pos;
|
||||
return end;
|
||||
}
|
||||
}
|
||||
@@ -1201,7 +1211,7 @@ public class ZipFileSystem extends FileSystem {
|
||||
|
||||
// sync the zip file system, if there is any udpate
|
||||
private void sync() throws IOException {
|
||||
- //System.out.printf("->sync(%s) starting....!%n", toString());
|
||||
+ // System.out.printf("->sync(%s) starting....!%n", toString());
|
||||
// check ex-closer
|
||||
if (!exChClosers.isEmpty()) {
|
||||
for (ExChannelCloser ecc : exChClosers) {
|
||||
@@ -1292,7 +1302,7 @@ public class ZipFileSystem extends FileSystem {
|
||||
}
|
||||
end.centot = elist.size();
|
||||
end.cenlen = written - end.cenoff;
|
||||
- end.write(os, written);
|
||||
+ end.write(os, written, forceEnd64);
|
||||
}
|
||||
if (!streams.isEmpty()) {
|
||||
//
|
||||
@@ -1849,8 +1859,8 @@ public class ZipFileSystem extends FileSystem {
|
||||
long endpos;
|
||||
int disktot;
|
||||
|
||||
- void write(OutputStream os, long offset) throws IOException {
|
||||
- boolean hasZip64 = false;
|
||||
+ void write(OutputStream os, long offset, boolean forceEnd64) throws IOException {
|
||||
+ boolean hasZip64 = forceEnd64; // false;
|
||||
long xlen = cenlen;
|
||||
long xoff = cenoff;
|
||||
if (xlen >= ZIP64_MINVAL) {
|
||||
@@ -1875,8 +1885,8 @@ public class ZipFileSystem extends FileSystem {
|
||||
writeShort(os, 45); // version needed to extract
|
||||
writeInt(os, 0); // number of this disk
|
||||
writeInt(os, 0); // central directory start disk
|
||||
- writeLong(os, centot); // number of directory entires on disk
|
||||
- writeLong(os, centot); // number of directory entires
|
||||
+ writeLong(os, centot); // number of directory entries on disk
|
||||
+ writeLong(os, centot); // number of directory entries
|
||||
writeLong(os, cenlen); // length of central directory
|
||||
writeLong(os, cenoff); // offset of central directory
|
||||
|
||||
diff --git openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c
|
||||
index 5fd6fea049d..858e5814e92 100644
|
||||
--- openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c
|
||||
+++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c
|
||||
@@ -385,6 +385,9 @@ findEND64(jzfile *zip, void *end64buf, jlong endpos)
|
||||
{
|
||||
char loc64[ZIP64_LOCHDR];
|
||||
jlong end64pos;
|
||||
+ if (endpos < ZIP64_LOCHDR) {
|
||||
+ return -1;
|
||||
+ }
|
||||
if (readFullyAt(zip->zfd, loc64, ZIP64_LOCHDR, endpos - ZIP64_LOCHDR) == -1) {
|
||||
return -1; // end64 locator not found
|
||||
}
|
||||
@@ -567,6 +570,7 @@ readCEN(jzfile *zip, jint knownTotal)
|
||||
{
|
||||
/* Following are unsigned 32-bit */
|
||||
jlong endpos, end64pos, cenpos, cenlen, cenoff;
|
||||
+ jlong cenlen64, cenoff64, centot64;
|
||||
/* Following are unsigned 16-bit */
|
||||
jint total, tablelen, i, j;
|
||||
unsigned char *cenbuf = NULL;
|
||||
@@ -594,13 +598,20 @@ readCEN(jzfile *zip, jint knownTotal)
|
||||
cenlen = ENDSIZ(endbuf);
|
||||
cenoff = ENDOFF(endbuf);
|
||||
total = ENDTOT(endbuf);
|
||||
- if (cenlen == ZIP64_MAGICVAL || cenoff == ZIP64_MAGICVAL ||
|
||||
- total == ZIP64_MAGICCOUNT) {
|
||||
- unsigned char end64buf[ZIP64_ENDHDR];
|
||||
- if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) {
|
||||
- cenlen = ZIP64_ENDSIZ(end64buf);
|
||||
- cenoff = ZIP64_ENDOFF(end64buf);
|
||||
- total = (jint)ZIP64_ENDTOT(end64buf);
|
||||
+ unsigned char end64buf[ZIP64_ENDHDR];
|
||||
+ if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) {
|
||||
+ // end64 candidate found,
|
||||
+ cenlen64 = ZIP64_ENDSIZ(end64buf);
|
||||
+ cenoff64 = ZIP64_ENDOFF(end64buf);
|
||||
+ centot64 = ZIP64_ENDTOT(end64buf);
|
||||
+ // double-check
|
||||
+ if ((cenlen64 == cenlen || cenlen == ZIP64_MAGICVAL) &&
|
||||
+ (cenoff64 == cenoff || cenoff == ZIP64_MAGICVAL) &&
|
||||
+ (centot64 == total || total == ZIP64_MAGICCOUNT)) {
|
||||
+ // to use the end64 values
|
||||
+ cenlen = cenlen64;
|
||||
+ cenoff = cenoff64;
|
||||
+ total = (jint)centot64;
|
||||
endpos = end64pos;
|
||||
endhdrlen = ZIP64_ENDHDR;
|
||||
}
|
||||
diff --git openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java
|
||||
index ffe8a8ed712..9b380003893 100644
|
||||
--- openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java
|
||||
+++ openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java
|
||||
@@ -22,7 +22,7 @@
|
||||
*/
|
||||
|
||||
/* @test
|
||||
- * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993
|
||||
+ * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 8186464
|
||||
* @summary Make sure we can read a zip file.
|
||||
@key randomness
|
||||
* @run main/othervm ReadZip
|
||||
@@ -31,12 +31,24 @@
|
||||
*/
|
||||
|
||||
import java.io.*;
|
||||
+import java.net.URI;
|
||||
import java.nio.file.Files;
|
||||
+import java.nio.file.FileSystem;
|
||||
+import java.nio.file.FileSystems;
|
||||
+import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.nio.file.StandardCopyOption;
|
||||
import java.nio.file.StandardOpenOption;
|
||||
+import java.util.Collections;
|
||||
+import java.util.HashMap;
|
||||
+import java.util.List;
|
||||
+import java.util.Map;
|
||||
import java.util.zip.*;
|
||||
|
||||
+import sun.misc.IOUtils;
|
||||
+
|
||||
+import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||
+
|
||||
public class ReadZip {
|
||||
private static void unreached (Object o)
|
||||
throws Exception
|
||||
@@ -144,8 +156,6 @@ public class ReadZip {
|
||||
newZip.delete();
|
||||
}
|
||||
|
||||
-
|
||||
-
|
||||
// Throw a FNF exception when read a non-existing zip file
|
||||
try { unreached (new ZipFile(
|
||||
new File(System.getProperty("test.src", "."),
|
||||
@@ -153,5 +163,54 @@ public class ReadZip {
|
||||
+ String.valueOf(new java.util.Random().nextInt())
|
||||
+ ".zip")));
|
||||
} catch (FileNotFoundException fnfe) {}
|
||||
+
|
||||
+ // read a zip file with ZIP64 end
|
||||
+ Path path = Paths.get(System.getProperty("test.dir", ""), "end64.zip");
|
||||
+ try {
|
||||
+ URI uri = URI.create("jar:" + path.toUri());
|
||||
+ Map<String, Object> env = new HashMap<>();
|
||||
+ env.put("create", "true");
|
||||
+ env.put("forceZIP64End", "true");
|
||||
+ try (FileSystem fs = FileSystems.newFileSystem(uri, env)) {
|
||||
+ Files.write(fs.getPath("hello"), "hello".getBytes());
|
||||
+ }
|
||||
+ try (ZipFile zf = new ZipFile(path.toFile())) {
|
||||
+ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("hello"))),
|
||||
+ US_ASCII)))
|
||||
+ throw new RuntimeException("zipfile: read entry failed");
|
||||
+ } catch (IOException x) {
|
||||
+ throw new RuntimeException("zipfile: zip64 end failed");
|
||||
+ }
|
||||
+ try (FileSystem fs = FileSystems.newFileSystem(uri, Collections.emptyMap())) {
|
||||
+ if (!"hello".equals(new String(Files.readAllBytes(fs.getPath("hello")))))
|
||||
+ throw new RuntimeException("zipfs: read entry failed");
|
||||
+ } catch (IOException x) {
|
||||
+ throw new RuntimeException("zipfile: zip64 end failed");
|
||||
+ }
|
||||
+ } finally {
|
||||
+ Files.deleteIfExists(path);
|
||||
+ }
|
||||
+
|
||||
+ // read a zip file created via "echo hello | zip dst.zip -", which uses
|
||||
+ // ZIP64 end record
|
||||
+ if (Files.notExists(Paths.get("/usr/bin/zip")))
|
||||
+ return;
|
||||
+ try {
|
||||
+ Process zip = new ProcessBuilder("zip", path.toString().toString(), "-").start();
|
||||
+ OutputStream os = zip.getOutputStream();
|
||||
+ os.write("hello".getBytes(US_ASCII));
|
||||
+ os.close();
|
||||
+ zip.waitFor();
|
||||
+ if (zip.exitValue() == 0 && Files.exists(path)) {
|
||||
+ try (ZipFile zf = new ZipFile(path.toFile())) {
|
||||
+ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("-"))))))
|
||||
+ throw new RuntimeException("zipfile: read entry failed");
|
||||
+ } catch (IOException x) {
|
||||
+ throw new RuntimeException("zipfile: zip64 end failed");
|
||||
+ }
|
||||
+ }
|
||||
+ } finally {
|
||||
+ Files.deleteIfExists(path);
|
||||
+ }
|
||||
}
|
||||
}
|
12
SOURCES/jdk8218811-perfMemory_linux.patch
Normal file
12
SOURCES/jdk8218811-perfMemory_linux.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --git openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||
--- openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||
+++ openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
|
||||
@@ -878,7 +878,7 @@
|
||||
|
||||
// open the file
|
||||
int result;
|
||||
- RESTARTABLE(::open(filename, oflags), result);
|
||||
+ RESTARTABLE(::open(filename, oflags, 0), result);
|
||||
if (result == OS_ERR) {
|
||||
if (errno == ENOENT) {
|
||||
THROW_MSG_(vmSymbols::java_lang_IllegalArgumentException(),
|
26
SOURCES/jdk8275535-rh2053256-ldap_auth.patch
Normal file
26
SOURCES/jdk8275535-rh2053256-ldap_auth.patch
Normal file
@ -0,0 +1,26 @@
|
||||
diff --git openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
index cf4becb7db..4ab2ac0a31 100644
|
||||
--- openjdk.orig/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
+++ openjdk/jdk/src/share/classes/com/sun/jndi/ldap/LdapCtxFactory.java
|
||||
@@ -189,6 +189,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
ctx = getLdapCtxFromUrl(
|
||||
r.getDomainName(), url, new LdapURL(u), env);
|
||||
return ctx;
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different endpoint to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
// try the next element
|
||||
lastException = e;
|
||||
@@ -241,6 +245,10 @@ final public class LdapCtxFactory implements ObjectFactory, InitialContextFactor
|
||||
for (String u : urls) {
|
||||
try {
|
||||
return getUsingURL(u, env);
|
||||
+ } catch (AuthenticationException e) {
|
||||
+ // do not retry on a different URL to avoid blocking
|
||||
+ // the user if authentication credentials are wrong.
|
||||
+ throw e;
|
||||
} catch (NamingException e) {
|
||||
ex = e;
|
||||
}
|
@ -7,11 +7,10 @@
|
||||
8074839: Resolve disabled warnings for libunpack and the unpack200 binary
|
||||
Reviewed-by: dholmes, ksrini
|
||||
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
index bdaf95a2f6a..60c5b4f2a69 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
@@ -63,7 +63,7 @@ struct bytes {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
|
||||
@@ -63,7 +63,7 @@
|
||||
bytes res;
|
||||
res.ptr = ptr + beg;
|
||||
res.len = end - beg;
|
||||
@ -20,11 +19,10 @@ index bdaf95a2f6a..60c5b4f2a69 100644
|
||||
return res;
|
||||
}
|
||||
// building C strings inside byte buffers:
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
index 5fbc7261fb3..4c002e779d8 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
|
||||
@@ -292,7 +292,7 @@
|
||||
|
||||
if (uPtr->aborting()) {
|
||||
THROW_IOE(uPtr->get_abort_message());
|
||||
@ -33,16 +31,16 @@ index 5fbc7261fb3..4c002e779d8 100644
|
||||
}
|
||||
|
||||
// We have fetched all the files.
|
||||
@@ -312,7 +312,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
|
||||
// There's no need to create a new unpacker here if we don't already have one
|
||||
// just to immediatly free it afterwards.
|
||||
unpacker* uPtr = get_unpacker(env, pObj, /* noCreate= */ true);
|
||||
@@ -310,7 +310,7 @@
|
||||
JNIEXPORT jlong JNICALL
|
||||
Java_com_sun_java_util_jar_pack_NativeUnpack_finish(JNIEnv *env, jobject pObj) {
|
||||
unpacker* uPtr = get_unpacker(env, pObj, false);
|
||||
- CHECK_EXCEPTION_RETURN_VALUE(uPtr, NULL);
|
||||
+ CHECK_EXCEPTION_RETURN_VALUE(uPtr, 0);
|
||||
size_t consumed = uPtr->input_consumed();
|
||||
// free_unpacker() will set the unpacker field on 'pObj' to null
|
||||
free_unpacker(env, pObj, uPtr);
|
||||
@@ -323,6 +323,7 @@ JNIEXPORT jboolean JNICALL
|
||||
return consumed;
|
||||
@@ -320,6 +320,7 @@
|
||||
Java_com_sun_java_util_jar_pack_NativeUnpack_setOption(JNIEnv *env, jobject pObj,
|
||||
jstring pProp, jstring pValue) {
|
||||
unpacker* uPtr = get_unpacker(env, pObj);
|
||||
@ -50,11 +48,10 @@ index 5fbc7261fb3..4c002e779d8 100644
|
||||
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
|
||||
CHECK_EXCEPTION_RETURN_VALUE(prop, false);
|
||||
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
index 6fbc43a18ae..722c8baaff0 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
|
||||
@@ -142,31 +142,28 @@
|
||||
return progname;
|
||||
}
|
||||
|
||||
@ -104,11 +101,10 @@ index 6fbc43a18ae..722c8baaff0 100644
|
||||
}
|
||||
}
|
||||
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
index a585535c513..8df3fade499 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
@@ -225,9 +225,9 @@ struct entry {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
|
||||
@@ -222,9 +222,9 @@
|
||||
}
|
||||
|
||||
#ifdef PRODUCT
|
||||
@ -120,7 +116,7 @@ index a585535c513..8df3fade499 100644
|
||||
#endif
|
||||
};
|
||||
|
||||
@@ -719,13 +719,13 @@ void unpacker::read_file_header() {
|
||||
@@ -715,13 +715,13 @@
|
||||
// Now we can size the whole archive.
|
||||
// Read everything else into a mega-buffer.
|
||||
rp = hdr.rp;
|
||||
@ -138,7 +134,7 @@ index a585535c513..8df3fade499 100644
|
||||
abort("EOF reading fixed input buffer");
|
||||
return;
|
||||
}
|
||||
@@ -739,7 +739,7 @@ void unpacker::read_file_header() {
|
||||
@@ -735,7 +735,7 @@
|
||||
return;
|
||||
}
|
||||
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
|
||||
@ -147,7 +143,7 @@ index a585535c513..8df3fade499 100644
|
||||
CHECK;
|
||||
assert(input.limit()[0] == 0);
|
||||
// Move all the bytes we read initially into the real buffer.
|
||||
@@ -962,13 +962,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) {
|
||||
@@ -958,13 +958,13 @@
|
||||
nentries = next_entry;
|
||||
|
||||
// place a limit on future CP growth:
|
||||
@ -163,7 +159,18 @@ index a585535c513..8df3fade499 100644
|
||||
|
||||
// Note that this CP does not include "empty" entries
|
||||
// for longs and doubles. Those are introduced when
|
||||
@@ -3694,21 +3694,22 @@ void cpool::computeOutputIndexes() {
|
||||
@@ -982,8 +982,9 @@
|
||||
}
|
||||
|
||||
// Initialize *all* our entries once
|
||||
- for (int i = 0 ; i < maxentries ; i++)
|
||||
+ for (uint i = 0 ; i < maxentries ; i++) {
|
||||
entries[i].outputIndex = REQUESTED_NONE;
|
||||
+ }
|
||||
|
||||
initGroupIndexes();
|
||||
// Initialize hashTab to a generous power-of-two size.
|
||||
@@ -3677,21 +3678,22 @@
|
||||
|
||||
unpacker* debug_u;
|
||||
|
||||
@ -190,7 +197,7 @@ index a585535c513..8df3fade499 100644
|
||||
case CONSTANT_Signature:
|
||||
if (value.b.ptr == null)
|
||||
return ref(0)->string();
|
||||
@@ -3728,26 +3729,28 @@ char* entry::string() {
|
||||
@@ -3711,26 +3713,28 @@
|
||||
break;
|
||||
default:
|
||||
if (nrefs == 0) {
|
||||
@ -228,11 +235,10 @@ index a585535c513..8df3fade499 100644
|
||||
}
|
||||
|
||||
void print_cp_entries(int beg, int end) {
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
index 4ec595333c4..aad0c971ef2 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
@@ -209,7 +209,7 @@ struct unpacker {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
|
||||
@@ -209,7 +209,7 @@
|
||||
byte* rp; // read pointer (< rplimit <= input.limit())
|
||||
byte* rplimit; // how much of the input block has been read?
|
||||
julong bytes_read;
|
||||
@ -241,11 +247,10 @@ index 4ec595333c4..aad0c971ef2 100644
|
||||
|
||||
// callback to read at least one byte, up to available input
|
||||
typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen);
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
index da39a589545..1281d8b25c8 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
|
||||
@@ -81,7 +81,7 @@
|
||||
int assert_failed(const char* p) {
|
||||
char message[1<<12];
|
||||
sprintf(message, "@assert failed: %s\n", p);
|
||||
@ -254,11 +259,10 @@ index da39a589545..1281d8b25c8 100644
|
||||
breakpoint();
|
||||
unpack_abort(message);
|
||||
return 0;
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
index f58c94956c0..343da3e183b 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
|
||||
@@ -84,7 +84,7 @@
|
||||
}
|
||||
|
||||
// Write data to the ZIP output stream.
|
||||
@ -267,7 +271,7 @@ index f58c94956c0..343da3e183b 100644
|
||||
while (len > 0) {
|
||||
int rc = (int)fwrite(buff, 1, len, jarfp);
|
||||
if (rc <= 0) {
|
||||
@@ -323,12 +323,12 @@ void jar::write_central_directory() {
|
||||
@@ -323,12 +323,12 @@
|
||||
// Total number of disks (int)
|
||||
header64[36] = (ushort)SWAP_BYTES(1);
|
||||
header64[37] = 0;
|
||||
@ -282,11 +286,10 @@ index f58c94956c0..343da3e183b 100644
|
||||
|
||||
PRINTCR((2, "writing zip comment\n"));
|
||||
// Write the comment.
|
||||
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
index 14ffc9d65bd..9877f6f68ca 100644
|
||||
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
@@ -68,8 +68,8 @@ struct jar {
|
||||
diff --git openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
--- openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
+++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
|
||||
@@ -68,8 +68,8 @@
|
||||
}
|
||||
|
||||
// Private Methods
|
||||
|
@ -1,5 +1,5 @@
|
||||
diff --git a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||
index e7b4763db53..0005e56f528 100644
|
||||
index e7b4763db53..e8ec8467e6a 100644
|
||||
--- a/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||
+++ b/jdk/src/share/classes/sun/security/ssl/TrustStoreManager.java
|
||||
@@ -31,6 +31,7 @@ import java.security.*;
|
||||
@ -19,17 +19,16 @@ index e7b4763db53..0005e56f528 100644
|
||||
*/
|
||||
private static final class TrustStoreDescriptor {
|
||||
private static final String fileSep = File.separator;
|
||||
@@ -76,7 +77,8 @@ final class TrustStoreManager {
|
||||
@@ -76,7 +77,7 @@ final class TrustStoreManager {
|
||||
GetPropertyAction.privilegedGetProperty("java.home") +
|
||||
fileSep + "lib" + fileSep + "security";
|
||||
private static final String defaultStore =
|
||||
- defaultStorePath + fileSep + "cacerts";
|
||||
+ AccessController.doPrivileged((PrivilegedAction<String>) () ->
|
||||
+ KeyStoreUtil.getCacertsKeyStorePath());
|
||||
+ KeyStoreUtil.getCacertsKeyStoreFile().getPath();
|
||||
private static final String jsseDefaultStore =
|
||||
defaultStorePath + fileSep + "jssecacerts";
|
||||
|
||||
@@ -139,6 +141,10 @@ final class TrustStoreManager {
|
||||
@@ -139,6 +140,10 @@ final class TrustStoreManager {
|
||||
String storePropPassword = System.getProperty(
|
||||
"javax.net.ssl.trustStorePassword", "");
|
||||
|
||||
@ -40,56 +39,117 @@ index e7b4763db53..0005e56f528 100644
|
||||
String temporaryName = "";
|
||||
File temporaryFile = null;
|
||||
long temporaryTime = 0L;
|
||||
@@ -160,7 +166,7 @@ final class TrustStoreManager {
|
||||
@@ -146,21 +151,22 @@ final class TrustStoreManager {
|
||||
String[] fileNames =
|
||||
new String[] {storePropName, defaultStore};
|
||||
for (String fileName : fileNames) {
|
||||
- File f = new File(fileName);
|
||||
- if (f.isFile() && f.canRead()) {
|
||||
- temporaryName = fileName;;
|
||||
- temporaryFile = f;
|
||||
- temporaryTime = f.lastModified();
|
||||
-
|
||||
- break;
|
||||
- }
|
||||
-
|
||||
- // Not break, the file is inaccessible.
|
||||
- if (SSLLogger.isOn &&
|
||||
+ if (fileName != null && !"".equals(fileName)) {
|
||||
+ File f = new File(fileName);
|
||||
+ if (f.isFile() && f.canRead()) {
|
||||
+ temporaryName = fileName;;
|
||||
+ temporaryFile = f;
|
||||
+ temporaryTime = f.lastModified();
|
||||
+
|
||||
+ break;
|
||||
+ }
|
||||
+ // Not break, the file is inaccessible.
|
||||
+ if (SSLLogger.isOn &&
|
||||
SSLLogger.isOn("trustmanager")) {
|
||||
SSLLogger.fine(
|
||||
"Inaccessible trust store: " +
|
||||
- SSLLogger.fine(
|
||||
- "Inaccessible trust store: " +
|
||||
- storePropName);
|
||||
+ fileName);
|
||||
+ SSLLogger.fine(
|
||||
+ "Inaccessible trust store: " +
|
||||
+ fileName);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
} else {
|
||||
diff --git a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||
index fcc77786da1..3a4388964cc 100644
|
||||
index fcc77786da1..f554f83a8b4 100644
|
||||
--- a/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||
+++ b/jdk/src/share/classes/sun/security/tools/KeyStoreUtil.java
|
||||
@@ -41,6 +41,8 @@ import java.text.Collator;
|
||||
import java.util.Locale;
|
||||
import java.util.ResourceBundle;
|
||||
@@ -33,7 +33,10 @@ import java.io.InputStreamReader;
|
||||
|
||||
+import sun.security.util.SecurityProperties;
|
||||
+
|
||||
/**
|
||||
* <p> This class provides several utilities to <code>KeyStore</code>.
|
||||
*
|
||||
@@ -54,6 +56,8 @@ public class KeyStoreUtil {
|
||||
import java.net.URL;
|
||||
|
||||
+import java.security.AccessController;
|
||||
import java.security.KeyStore;
|
||||
+import java.security.PrivilegedAction;
|
||||
+import java.security.Security;
|
||||
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.text.Collator;
|
||||
@@ -54,6 +57,33 @@ public class KeyStoreUtil {
|
||||
|
||||
private static final String JKS = "jks";
|
||||
|
||||
+ private static final String SYSTEM_CA_CERTS_PROP = "security.systemCACerts";
|
||||
+ private static final String PROP_NAME = "security.systemCACerts";
|
||||
+
|
||||
+ /**
|
||||
+ * Returns the value of the security property propName, which can be overridden
|
||||
+ * by a system property of the same name
|
||||
+ *
|
||||
+ * @param propName the name of the system or security property
|
||||
+ * @return the value of the system or security property
|
||||
+ */
|
||||
+ @SuppressWarnings("removal")
|
||||
+ public static String privilegedGetOverridable(String propName) {
|
||||
+ if (System.getSecurityManager() == null) {
|
||||
+ return getOverridableProperty(propName);
|
||||
+ } else {
|
||||
+ return AccessController.doPrivileged((PrivilegedAction<String>) () -> getOverridableProperty(propName));
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ private static String getOverridableProperty(String propName) {
|
||||
+ String val = System.getProperty(propName);
|
||||
+ if (val == null) {
|
||||
+ return Security.getProperty(propName);
|
||||
+ } else {
|
||||
+ return val;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
* Returns true if the certificate is self-signed, false otherwise.
|
||||
*/
|
||||
@@ -96,16 +100,30 @@ public class KeyStoreUtil {
|
||||
@@ -96,20 +126,38 @@ public class KeyStoreUtil {
|
||||
}
|
||||
}
|
||||
|
||||
+ /**
|
||||
+ * Returns the path to the cacerts DB
|
||||
+ */
|
||||
+ public static String getCacertsKeyStorePath()
|
||||
+ public static File getCacertsKeyStoreFile()
|
||||
+ {
|
||||
+ // Check system DB first, preferring system property over security one
|
||||
+ String systemDB = SecurityProperties
|
||||
+ .privilegedGetOverridable(SYSTEM_CA_CERTS_PROP);
|
||||
+ if (systemDB != null && !"".equals(systemDB) &&
|
||||
+ (new File(systemDB)).isFile()) {
|
||||
+ return systemDB;
|
||||
+ }
|
||||
+ String sep = File.separator;
|
||||
+ return System.getProperty("java.home") + sep
|
||||
+ + "lib" + sep + "security" + sep + "cacerts";
|
||||
+ File file = null;
|
||||
+ /* Check system cacerts DB first, preferring system property over security property */
|
||||
+ String systemDB = privilegedGetOverridable(PROP_NAME);
|
||||
+ if (systemDB != null && !"".equals(systemDB)) {
|
||||
+ file = new File(systemDB);
|
||||
+ }
|
||||
+ if (file == null || !file.exists()) {
|
||||
+ file = new File(System.getProperty("java.home") + sep
|
||||
+ + "lib" + sep + "security" + sep
|
||||
+ + "cacerts");
|
||||
+ }
|
||||
+ if (file.exists()) {
|
||||
+ return file;
|
||||
+ }
|
||||
+ return null;
|
||||
+ }
|
||||
+
|
||||
/**
|
||||
@ -102,21 +162,27 @@ index fcc77786da1..3a4388964cc 100644
|
||||
- File file = new File(System.getProperty("java.home") + sep
|
||||
- + "lib" + sep + "security" + sep
|
||||
- + "cacerts");
|
||||
+ File file = new File(getCacertsKeyStorePath());
|
||||
if (!file.exists()) {
|
||||
return null;
|
||||
}
|
||||
- if (!file.exists()) {
|
||||
- return null;
|
||||
- }
|
||||
KeyStore caks = null;
|
||||
+ File file = getCacertsKeyStoreFile();
|
||||
+ if (file == null) { return null; }
|
||||
try (FileInputStream fis = new FileInputStream(file)) {
|
||||
caks = KeyStore.getInstance(JKS);
|
||||
caks.load(fis, null);
|
||||
diff --git a/jdk/src/share/lib/security/java.security-aix b/jdk/src/share/lib/security/java.security-aix
|
||||
index 681a24b905d..ecb8bc43a6c 100644
|
||||
index bfe0c593adb..093bc09bf95 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-aix
|
||||
+++ b/jdk/src/share/lib/security/java.security-aix
|
||||
@@ -294,6 +294,12 @@ security.overridePropertiesFile=true
|
||||
@@ -294,6 +294,13 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using an empty value
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -124,16 +190,17 @@ index 681a24b905d..ecb8bc43a6c 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-linux b/jdk/src/share/lib/security/java.security-linux
|
||||
index 789c19a8cba..2546fdec9b2 100644
|
||||
index 9d1c8fe8a8e..16c9281cc1f 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-linux
|
||||
+++ b/jdk/src/share/lib/security/java.security-linux
|
||||
@@ -307,6 +307,12 @@ security.overridePropertiesFile=true
|
||||
@@ -307,6 +307,13 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using an empty value
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -141,16 +208,17 @@ index 789c19a8cba..2546fdec9b2 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-macosx b/jdk/src/share/lib/security/java.security-macosx
|
||||
index d4da666af3b..1a20027c02b 100644
|
||||
index 19047c61097..43e034cdeaf 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-macosx
|
||||
+++ b/jdk/src/share/lib/security/java.security-macosx
|
||||
@@ -297,6 +297,12 @@ security.overridePropertiesFile=true
|
||||
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using an empty value
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -158,16 +226,17 @@ index d4da666af3b..1a20027c02b 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-solaris b/jdk/src/share/lib/security/java.security-solaris
|
||||
index 300132384a1..6299e0a3c7b 100644
|
||||
index 7eda556ae13..325937e97fb 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-solaris
|
||||
+++ b/jdk/src/share/lib/security/java.security-solaris
|
||||
@@ -295,6 +295,12 @@ security.overridePropertiesFile=true
|
||||
@@ -295,6 +295,13 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using an empty value
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
||||
@ -175,16 +244,17 @@ index 300132384a1..6299e0a3c7b 100644
|
||||
# Determines the default key and trust manager factory algorithms for
|
||||
# the javax.net.ssl package.
|
||||
diff --git a/jdk/src/share/lib/security/java.security-windows b/jdk/src/share/lib/security/java.security-windows
|
||||
index 64db5a5cd1e..823994f3466 100644
|
||||
index dfa1a669aa9..92ef777e065 100644
|
||||
--- a/jdk/src/share/lib/security/java.security-windows
|
||||
+++ b/jdk/src/share/lib/security/java.security-windows
|
||||
@@ -297,6 +297,12 @@ security.overridePropertiesFile=true
|
||||
@@ -297,6 +297,13 @@ security.overridePropertiesFile=true
|
||||
#
|
||||
security.useSystemPropertiesFile=false
|
||||
|
||||
+#
|
||||
+# Specifies the system certificate store
|
||||
+# This property may be disabled using an empty value
|
||||
+# This property may be disabled using
|
||||
+# -Djava.security.disableSystemCACerts=true
|
||||
+#
|
||||
+security.systemCACerts=${java.home}/lib/security/cacerts
|
||||
+
|
@ -17,7 +17,7 @@ fi
|
||||
d=`mktemp -d`
|
||||
NW=$d/$f
|
||||
pushd $d
|
||||
unzip $ORIG
|
||||
jar xf $ORIG
|
||||
cat $M
|
||||
# sed -i "s/Created-By.*/Created-By: 1.7.0/g" $M
|
||||
sed -i "s/Created-By.*/Created-By: $2/g" $M
|
@ -1,16 +0,0 @@
|
||||
diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java
|
||||
--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500
|
||||
+++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500
|
||||
@@ -883,7 +883,11 @@
|
||||
return null;
|
||||
}
|
||||
});
|
||||
- loadAssistiveTechnologies();
|
||||
+ try {
|
||||
+ loadAssistiveTechnologies();
|
||||
+ } catch ( AWTError error) {
|
||||
+ // ignore silently
|
||||
+ }
|
||||
}
|
||||
return toolkit;
|
||||
}
|
@ -1,13 +0,0 @@
|
||||
--- openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100
|
||||
+++ openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100
|
||||
@@ -48,8 +48,8 @@
|
||||
|
||||
private final static String PROP_NAME = "sun.security.smartcardio.library";
|
||||
|
||||
- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so";
|
||||
- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
|
||||
+ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
|
||||
+ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
|
||||
private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
|
||||
|
||||
PlatformPCSC() {
|
@ -16,7 +16,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenan
|
||||
Atomic::add(val, &_sum);
|
||||
|
||||
- int mag = log2_intptr(val) + 1;
|
||||
+ int mag = log2_long(val) + 1;
|
||||
+ int mag = log2_intptr((uintptr_t)val) + 1;
|
||||
|
||||
// Defensively saturate for product bits:
|
||||
if (mag < 0) {
|
||||
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user