Compare commits

..

No commits in common. "c8" and "imports/c9/java-1.8.0-openjdk-1.8.0.392.b08-3.el9" have entirely different histories.

17 changed files with 1423 additions and 5288 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/shenandoah8u432-b06.tar.xz SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz
SOURCES/tapsets-icedtea-3.15.0.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -1,2 +1,2 @@
af2d3b85c48ecc8c22188ac687e6160658ef6aca SOURCES/shenandoah8u432-b06.tar.xz 2ca27b0d535c9dcf71679cad14be5660d0554f82 SOURCES/openjdk-shenandoah-jdk8u-shenandoah-jdk8u392-b08.tar.xz
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -3,624 +3,6 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 8u432 (2024-10-15):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u432
* CVEs
- CVE-2024-21208
- CVE-2024-21210
- CVE-2024-21217
- CVE-2024-21235
* Security fixes
- JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
- JDK-8313626, JDK-8307769: C2 crash due to unexpected exception control flow
- JDK-8328286: Enhance HTTP client
- JDK-8328544: Improve handling of vectorization
- JDK-8328726: Better Kerberos support
- JDK-8331446: Improve deserialization support
- JDK-8332644: Improve graph optimizations
- JDK-8335713: Enhance vectorization analysis
* Other changes
- JDK-4660158: TTY: NumberFormatException while trying to set values by 'set' command
- JDK-6544871: java/awt/event/KeyEvent/KeyTyped/CtrlASCII.html fails from jdk b09 on windows.
- JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails
- JDK-8021775: compiler/8009761/Test8009761.java "Failed: init recursive calls: 51. After deopt 50"
- JDK-8030204: com/sun/jdi/JdbExprTest.sh: Required output "Can\\'t convert 2147483648 to int" not found
- JDK-8030795: java/nio/file/Files/probeContentType/ForceLoad.java failing with ServiceConfigurationError without jtreg -agentvm option
- JDK-8035395: sun/management/jmxremote/startstop/JMXStartStopTest.java fails intermittently: Port already in use
- JDK-8075511: Enable -Woverloaded-virtual C++ warning for HotSpot build
- JDK-8137329: [windows] Build broken on VS2010 after "8046148: JEP 158: Unified JVM Logging"
- JDK-8145919: sun/management/jmxremote/bootstrap/RmiSslBootstrapTest failed with Connection failed for no credentials
- JDK-8152207: Perform array bound checks while getting a length of bytecode instructions
- JDK-8193682: Infinite loop in ZipOutputStream.close()
- JDK-8196770: Add JNDI test com/sun/jndi/ldap/blits/AddTests/AddNewEntry.java
- JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
- JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp
- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
- JDK-8251188: Update LDAP tests not to use wildcard addresses
- JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
- JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
- JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
- JDK-8279164: Disable TLS_ECDH_* cipher suites
- JDK-8281096: Flags introduced by configure script are not passed to ADLC build
- JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown"
- JDK-8298887: On the latest macOS+XCode the Robot API may report wrong colors
- JDK-8299677: Formatter.format might take a long time to format an integer or floating-point
- JDK-8305400: ISO 4217 Amendment 175 Update
- JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none"
- JDK-8307779: Relax the java.awt.Robot specification
- JDK-8309138: Fix container tests for jdks with symlinked conf dir
- JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
- JDK-8315117: Update Zlib Data Compression Library to Version 1.3
- JDK-8315863: [GHA] Update checkout action to use v4
- JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes
- JDK-8318039: GHA: Bump macOS and Xcode versions
- JDK-8318951: Additional negative value check in JPEG decoding
- JDK-8320964: sun/tools/native2ascii/Native2AsciiTests.sh fails on Japanese
- JDK-8321480: ISO 4217 Amendment 176 Update
- JDK-8324632: Update Zlib Data Compression Library to Version 1.3.1
- JDK-8324723: GHA: Upgrade some actions to avoid deprecated Node 16
- JDK-8326351: Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1
- JDK-8326521: JFR: CompilerPhase event test fails on windows 32 bit
- JDK-8326529: JFR: Test for CompilerCompile events fails due to time out
- JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
- JDK-8330415: Update system property for Java SE specification maintenance version
- JDK-8331730: [8u] GHA: update sysroot for cross builds to Debian bullseye
- JDK-8333126: Bump update version of OpenJDK: 8u432
- JDK-8333669: [8u] GHA: Dead VS2010 download link
- JDK-8333724: Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1
- JDK-8334653: ISO 4217 Amendment 177 Update
- JDK-8334905: [8u] The test java/awt/Mixing/AWT_Mixing/JButtonOverlapping.java started to fail after 8159690
- JDK-8335851: [8u] Test JMXStartStopTest.java fails after JDK-8334415
- JDK-8335894: [8u] Fix SupplementalJapaneseEraTest.java for jdks with symlinked conf dir
- JDK-8336928: GHA: Bundle artifacts removal broken
- JDK-8337110: [8u] TestNoEagerReclaimOfHumongousRegions.java should be in gc/g1 directory
- JDK-8337312: [8u] Windows x86 VS2010 build broken by JDK-8320097
- JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
- JDK-8338144: [8u] Remove duplicate license files
- JDK-8341057: Add 2 SSL.com TLS roots
- JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
Notes on individual issues:
===========================
security-libs/javax.net.ssl:
JDK-8279164: Disable TLS_ECDH_* cipher suites
=============================================
The TLS_ECDH cipher suites do not preserve forward secrecy and are
rarely used in practice. With this release, they are disabled by
adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in
the `java.security` configuration file. Attempts to use these suites
with this release will result in a `SSLHandshakeException` being
thrown. Note that ECDH cipher suites which use RC4 were already
disabled prior to this change.
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so "ECDH" is no longer
listed in the `jdk.tls.disabledAlgorithms` security property.
This change has no effect on TLS_ECDHE cipher suites, which remain
enabled by default.
JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs
JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
====================================================================================================
In accordance with similar plans recently announced by Google and
Mozilla, the JDK will not trust Transport Layer Security (TLS)
certificates issued after the 11th of November 2024 which are anchored
by Entrust root certificates. This includes certificates branded as
AffirmTrust, which are managed by Entrust.
Certificates issued on or before November 11th, 2024 will continue to
be trusted until they expire.
If a server's certificate chain is anchored by an affected
certificate, attempts to negotiate a TLS session will fail with an
Exception that indicates the trust anchor is not trusted. For example,
"TLS server certificate issued after 2024-11-11 and anchored by a
distrusted legacy Entrust root CA: CN=Entrust.net Certification
Authority (2048), OU=(c) 1999 Entrust.net Limited,
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),
O=Entrust.net"
To check whether a certificate in a JDK keystore is affected by this
change, you can the `keytool` utility:
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
If any of the certificates in the chain are affected by this change,
then you will need to update the certificate or contact the
organisation responsible for managing the certificate.
These restrictions apply to the following Entrust root certificates
included in the JDK:
Alias name: entrustevca [jdk]
CN=Entrust Root Certification Authority
OU=(c) 2006 Entrust, Inc.
OU=www.entrust.net/CPS is incorporated by reference
O=Entrust, Inc.
C=US
SHA256: 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C
Alias name: entrustrootcaec1 [jdk]
CN=Entrust Root Certification Authority - EC1
OU=(c) 2012 Entrust, Inc. - for authorized use only
OU=See www.entrust.net/legal-terms
O=Entrust, Inc.
C=US
SHA256: 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5
Alias name: entrustrootcag2 [jdk]
CN=Entrust Root Certification Authority - G2
OU=(c) 2009 Entrust, Inc. - for authorized use only
OU=See www.entrust.net/legal-terms
O=Entrust, Inc.
C=US
SHA256: 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39
Alias name: entrustrootcag4 [jdk]
CN=Entrust Root Certification Authority - G4
OU=(c) 2015 Entrust, Inc. - for authorized use only
OU=See www.entrust.net/legal-terms
O=Entrust, Inc.
C=US
SHA256: DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88
Alias name: entrust2048ca [jdk]
CN=Entrust.net Certification Authority (2048)
OU=(c) 1999 Entrust.net Limited
OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)
O=Entrust.net
SHA256: 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77
Alias name: affirmtrustcommercialca [jdk]
CN=AffirmTrust Commercial
O=AffirmTrust
C=US
SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7
Alias name: affirmtrustnetworkingca [jdk]
CN=AffirmTrust Networking
O=AffirmTrust
C=US
SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B
Alias name: affirmtrustpremiumca [jdk]
CN=AffirmTrust Premium
O=AffirmTrust
C=US
SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A
Alias name: affirmtrustpremiumeccca [jdk]
CN=AffirmTrust Premium ECC
O=AffirmTrust
C=US
SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so "ENTRUST_TLS" is no
longer listed in the `jdk.security.caDistrustPolicies` security
property.
security-libs/java.security:
JDK-8341057: Add 2 SSL.com TLS roots
====================================
The following root certificates have been added to the cacerts
truststore:
Name: SSL.com
Alias Name: ssltlsrootecc2022
Distinguished Name: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US
Name: SSL.com
Alias Name: ssltlsrootrsa2022
Distinguished Name: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US
client-libs:
JDK-8307779: Relax the java.awt.Robot specification
===================================================
This release of OpenJDK 8 updates to the latest maintenance release of
the Java 8 specification. This relaxes the specification of three
methods in the `java.awt.Robot` class - `mouseMove(int,int)`,
`getPixelColor(int,int)` and `createScreenCapture(Rectangle)` - to
allow these methods to fail when the desktop environment does not
permit moving the mouse pointer or capturing screen content.
core-libs/javax.naming:
JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property
===============================================================================================================================
With this OpenJDK release, the JDK implementation of the LDAP provider
no longer supports the deserialisation of Java objects by
default. This is achieved by the system property
`com.sun.jndi.ldap.object.trustSerialData` being set to `false` by
default.
Note that this release also increases the scope of the
`com.sun.jndi.ldap.object.trustSerialData` to cover the reconstruction
of RMI remote objects from the `javaRemoteLocation` LDAP attribute.
The result of this change is that transparent deserialisation of Java
objects will require an explicit opt-in. Applications that wish to
reconstruct Java objects and RMI stubs from LDAP attributes will need
to set the `com.sun.jndi.ldap.object.trustSerialData` to `true`.
core-libs/java.net:
JDK-8328286: Enhance HTTP client
================================
This OpenJDK release limits the maximum header field size accepted by
the HTTP client within the JDK for all supported versions of the HTTP
protocol. The header field size is computed as the sum of the size of
the uncompressed header name, the size of the uncompressed header
value and a overhead of 32 bytes for each field section line. If a
peer sends a field section that exceeds this limit, a
`java.net.ProtocolException` will be raised.
This release also introduces a new system property,
`jdk.http.maxHeaderSize`. This property can be used to alter the
maximum header field size (in bytes) or disable it by setting the
value to zero or a negative value. The default value is 393,216 bytes
or 384kB.
core-libs/java.util.jar:
JDK-8193682: Infinite loop in ZipOutputStream.close()
=====================================================
In previous releases, the `DeflaterOutputStream.close()`,
`GZIPOutputStream.finish()` and `ZipOutputStream.closeEntry()` methods
did not close the associated default JDK compressor when an exception
was thrown during closure. With this release, the default compressor
is closed before propogating the Throwable up the stack. In the case
of `ZipOutputStream`, this only happens when the exception is not a
`ZipException`.
New in release OpenJDK 8u422 (2024-07-16):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u422
* CVEs
- CVE-2024-21131
- CVE-2024-21138
- CVE-2024-21140
- CVE-2024-21144
- CVE-2024-21145
- CVE-2024-21147
* Security fixes
- JDK-8314794: Improve UTF8 String supports
- JDK-8319859: Better symbol storage
- JDK-8320097: Improve Image transformations
- JDK-8320548: Improved loop handling
- JDK-8322106: Enhance Pack 200 loading
- JDK-8323231: Improve array management
- JDK-8323390: Enhance mask blit functionality
- JDK-8324559: Improve 2D image handling
- JDK-8325600: Better symbol storage
* Other changes
- JDK-8025439: [TEST BUG] [macosx] PrintServiceLookup.lookupPrintServices doesn't work properly since jdk8b105
- JDK-8069389: CompilerOracle prefix wildcarding is broken for long strings
- JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/bug7123767.java: number of checked graphics configurations should be limited
- JDK-8159690: [TESTBUG] Mark headful tests with @key headful.
- JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
- JDK-8203691: [TESTBUG] Test /runtime/containers/cgroup/PlainRead.java fails
- JDK-8205407: [windows, vs<2017] C4800 after 8203197
- JDK-8235834: IBM-943 charset encoder needs updating
- JDK-8239965: XMLEncoder/Test4625418.java fails due to "Error: Cp943 - can't read properly"
- JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
- JDK-8256152: tests fail because of ambiguous method resolution
- JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
- JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
- JDK-8268916: Tests for AffirmTrust roots
- JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
- JDK-8291226: Create Test Cases to cover scenarios for JDK-8278067
- JDK-8291637: HttpClient default keep alive timeout not followed if server sends invalid value
- JDK-8291638: Keep-Alive timeout of 0 should close connection immediately
- JDK-8293562: KeepAliveCache Blocks Threads while Closing Connections
- JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL
- JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM
- JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074
- JDK-8315020: The macro definition for LoongArch64 zero build is not accurate.
- JDK-8316138: Add GlobalSign 2 TLS root certificates
- JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows
- JDK-8320005: Allow loading of shared objects with .a extension on AIX
- JDK-8324185: [8u] Accept Xcode 12+ builds on macOS
- JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing
- JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test
- JDK-8326686: Bump update version of OpenJDK: 8u422
- JDK-8327440: Fix "bad source file" error during beaninfo generation
- JDK-8328809: [8u] Problem list some CA tests
- JDK-8328825: Google CAInterop test failures
- JDK-8329544: [8u] sun/security/krb5/auto/ReplayCacheTestProc.java cannot find the testlibrary
- JDK-8331791: [8u] AIX build break from JDK-8320005 backport
- JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test
- JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3 ::Identity signature fixes
Notes on individual issues:
===========================
core-libs/java.net:
JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
===========================================================================
Two system properties have been added which control the keep alive
behavior of HttpURLConnection in the case where the server does not
specify a keep alive time. These are:
* `http.keepAlive.time.server`
* `http.keepAlive.time.proxy`
which control the number of seconds before an idle connection to a
server or proxy will be closed, respectively. If the server or proxy
specifies a keep alive time in a "Keep-Alive" response header, this
will take precedence over the values of these properties.
security-libs/java.security:
JDK-8316138: Add GlobalSign 2 TLS root certificates
===================================================
The following root certificates have been added to the cacerts
truststore:
Name: GlobalSign
Alias Name: globalsignr46
Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE
Name: GlobalSign
Alias Name: globalsigne46
Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE
New in release OpenJDK 8u412 (2024-04-16):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u412
* CVEs
- CVE-2024-21011
- CVE-2024-21085
- CVE-2024-21068
- CVE-2024-21094
* Security fixes
- JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array"
- JDK-8318340: Improve RSA key implementations
- JDK-8319851: Improve exception logging
- JDK-8322114: Improve Pack 200 handling
- JDK-8322122: Enhance generation of addresses
* Other changes
- JDK-8011180: Delete obsolete scripts
- JDK-8016451: Scary messages emitted by build.tools.generatenimbus.PainterGenerator during build
- JDK-8021961: setAlwaysOnTop doesn't behave correctly in Linux/Solaris under certain scenarios
- JDK-8023735: [TESTBUG][macosx] runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X
- JDK-8074860: Structured Exception Catcher missing around CreateJavaVM on Windows
- JDK-8079441: Intermittent failures on Windows with "Unexpected exit from test [exit code: 1080890248]" (0x406d1388)
- JDK-8155590: Dubious collection management in sun.net.www.http.KeepAliveCache
- JDK-8168518: rcache interop with krb5-1.15
- JDK-8183503: Update hotspot tests to allow for unique test classes directory
- JDK-8186095: upgrade to jtreg 4.2 b08
- JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH
- JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
- JDK-8208655: use JTreg skipped status in hotspot tests
- JDK-8208701: Fix for JDK-8208655 causes test failures in CI tier1
- JDK-8208706: compiler/tiered/ConstantGettersTransitionsTest.java fails to compile
- JDK-8213410: UseCompressedOops requirement check fails fails on 32-bit system
- JDK-8222323: ChildAlwaysOnTopTest.java fails with "RuntimeException: Failed to unset alwaysOnTop"
- JDK-8224768: Test ActalisCA.java fails
- JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
- JDK-8251551: Use .md filename extension for README
- JDK-8268678: LetsEncryptCA.java test fails as Lets Encrypt Authority X3 is retired
- JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error
- JDK-8270517: Add Zero support for LoongArch
- JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
- JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
- JDK-8288132: Update test artifacts in QuoVadis CA interop tests
- JDK-8297955: LDAP CertStore should use LdapName and not String for DNs
- JDK-8301310: The SendRawSysexMessage test may cause a JVM crash
- JDK-8308592: Framework for CA interoperability testing
- JDK-8312126: NullPointerException in CertStore.getCRLs after 8297955
- JDK-8315042: NPE in PKCS7.parseOldSignedData
- JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test set
- JDK-8320713: Bump update version of OpenJDK: 8u412
- JDK-8321060: [8u] hotspot needs to recognise VS2022
- JDK-8321408: Add Certainly roots R1 and E1
- JDK-8322725: (tz) Update Timezone Data to 2023d
- JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray
- JDK-8323202: [8u] Remove get_source.sh and hgforest.sh
- JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed
- JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'"
- JDK-8324530: Build error with gcc 10
- JDK-8325150: (tz) Update Timezone Data to 2024a
Notes on individual issues:
===========================
security-libs/org.ietf.jgss:krb5:
JDK-8168518: rcache interop with krb5-1.15
==========================================
The hash algorithm used in the Kerberos 5 replay cache file (rcache)
has been changed from MD5 to SHA256. This is the same algorithm used
by MIT krb5-1.15 and is interoperable with earlier releases of MIT
krb5.
The MD5 algorithm can still be used by setting the new
jdk.krb5.rcache.useMD5 property to 'true':
java -Djdk.krb5.rcache.useMD5=true ...
This is useful where either the system has a coarse clock and has to
depend on hash values in replay attack detection, or interoperability
with the rcache files in older versions of OpenJDK is required.
client-libs/java.awt:
JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops
=======================================================================
The java.awt.SystemTray API is used to interact with the system's
desktop taskbar to provide notifications and may include an icon
representing an application. The GNOME desktop's support for taskbar
icons has not worked properly for several years, due to a platform
bug. This bug, in turn, affects the JDK's SystemTray support on GNOME
desktops.
Therefore, in accordance with the SystemTray API specification,
java.awt.SystemTray.isSupported() will now return false on systems
that exhibit this bug, which is assumed to be those running a version
of GNOME Shell below 45.
The impact of this change is likely to be minimal, as users of the
SystemTray API should already be able to handle isSupported()
returning false and the system tray on such platforms has already been
unsupported for a number of years for all applications.
security-libs/java.security:
JDK-8321408: Added Certainly R1 and E1 Root Certificates
========================================================
The following root certificate has been added to the cacerts
truststore:
Name: Certainly
Alias Name: certainlyrootr1
Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US
Name: Certainly
Alias Name: certainlyroote1
Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US
New in release OpenJDK 8u402 (2024-01-16):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk8u402
* CVEs
- CVE-2024-20918
- CVE-2024-20919
- CVE-2024-20921
- CVE-2024-20926
- CVE-2024-20945
- CVE-2024-20952
* Security fixes
- JDK-8308204: Enhanced certificate processing
- JDK-8314284: Enhance Nashorn performance
- JDK-8314295: Enhance verification of verifier
- JDK-8314307: Improve loop handling
- JDK-8314468: Improve Compiler loops
- JDK-8316976: Improve signature handling
- JDK-8317547: Enhance TLS connection support
* Other changes
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
- JDK-8029995: accept yes/no for boolean krb5.conf settings
- JDK-8159156: [TESTBUG] ReserveMemory test is not useful on Aix.
- JDK-8176509: Use pandoc for converting build readme to html
- JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value
- JDK-8207404: MulticastSocket tests failing on AIX
- JDK-8212677: X11 default visual support for IM status window on VNC
- JDK-8239365: ProcessBuilder test modifications for AIX execution
- JDK-8271838: AmazonCA.java interop test fails
- JDK-8285398: Cache the results of constraint checks
- JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
- JDK-8302017: Allocate BadPaddingException only if it will be thrown
- JDK-8305329: [8u] Unify test libraries into single test library - step 1
- JDK-8307837: [8u] Check step in GHA should also print errors
- JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails
- JDK-8311813: C1: Uninitialized PhiResolver::_loop field
- JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
- JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException
- JDK-8315280: Bump update version of OpenJDK: 8u402
- JDK-8315506: C99 compatibility issue in LinuxNativeDispatcher
- JDK-8317291: Missing null check for nmethod::is_native_method()
- JDK-8317373: Add Telia Root CA v2
- JDK-8317374: Add Let's Encrypt ISRG Root X2
- JDK-8318759: Add four DigiCert root certificates
- JDK-8319187: Add three eMudhra emSign roots
- JDK-8319405: [s390] [jdk8] Increase javac default stack size for s390x zero
- JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly
Notes on individual issues:
===========================
security-libs/org.ietf.jgss:krb5:
JDK-8029995: accept yes/no for boolean krb5.conf settings
=========================================================
The krb5.conf configuration file now also accepts "yes" and "no", as
alternatives to the existing "true" and "false" support, when using
settings that take boolean values.
security-libs/java.security:
JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
===============================================================================================================================
A maximum signature file size property, jdk.jar.maxSignatureFileSize,
was introduced in the 8u382 release of OpenJDK by JDK-8300596, with a
default of 8MB. This default proved to be too small for some JAR
files. This release, 8u402, increases it to 16MB.
JDK-8317374: Added ISRG Root X2 CA Certificate from Let's Encrypt
=================================================================
The following root certificate has been added to the cacerts
truststore:
Name: Let's Encrypt
Alias Name: letsencryptisrgx2
Distinguished Name: CN=ISRG Root X2, O=Internet Security Research Group, C=US
JDK-8318759: Added Four Root Certificates from DigiCert, Inc.
=============================================================
The following root certificates have been added to the cacerts
truststore:
Name: DigiCert, Inc.
Alias Name: digicertcseccrootg5
Distinguished Name: CN=DigiCert CS ECC P384 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicertcsrsarootg5
Distinguished Name: CN=DigiCert CS RSA4096 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicerttlseccrootg5
Distinguished Name: CN=DigiCert TLS ECC P384 Root G5, O="DigiCert, Inc.", C=US
Name: DigiCert, Inc.
Alias Name: digicerttlsrsarootg5
Distinguished Name: CN=DigiCert TLS RSA4096 Root G5, O="DigiCert, Inc.", C=US
JDK-8319187: Added Three Root Certificates from eMudhra Technologies Limited
============================================================================
The following root certificates have been added to the cacerts
truststore:
Name: eMudhra Technologies Limited
Alias Name: emsignrootcag1
Distinguished Name: CN=emSign Root CA - G1, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
Name: eMudhra Technologies Limited
Alias Name: emsigneccrootcag3
Distinguished Name: CN=emSign ECC Root CA - G3, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
Name: eMudhra Technologies Limited
Alias Name: emsignrootcag2
Distinguished Name: CN=emSign Root CA - G2, O=eMudhra Technologies Limited, OU=emSign PKI, C=IN
JDK-8317373: Added Telia Root CA v2 Certificate
===============================================
The following root certificate has been added to the cacerts
truststore:
Name: Telia Root CA v2
Alias Name: teliarootcav2
Distinguished Name: CN=Telia Root CA v2, O=Telia Finland Oyj, C=FI ```
New in release OpenJDK 8u392 (2023-10-17): New in release OpenJDK 8u392 (2023-10-17):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:
@ -670,8 +52,8 @@ Notes on individual issues:
other-libs/corba:idl: other-libs/corba:idl:
JDK-8303384: Improved communication in CORBA 8303384: Improved communication in CORBA
============================================ ========================================
The JDK's CORBA implementation now provides the option to limit The JDK's CORBA implementation now provides the option to limit
serialisation in stub objects to those with the "IOR:" prefix. For serialisation in stub objects to those with the "IOR:" prefix. For
ORB constrained stub classes: ORB constrained stub classes:
@ -1380,6 +762,19 @@ the current count of established connections and, if the configured
limit has been reached, then the newly accepted connection will be limit has been reached, then the newly accepted connection will be
closed immediately. closed immediately.
core-libs/java.net:
JDK-8286918: Better HttpServer service
======================================
The HttpServer can be optionally configured with a maximum connection
limit by setting the jdk.httpserver.maxConnections system property. A
value of 0 or a negative integer is ignored and considered to
represent no connection limit. In the case of a positive integer
value, any newly accepted connections will be first checked against
the current count of established connections and, if the configured
limit has been reached, then the newly accepted connection will be
closed immediately.
security-libs/javax.net.ssl: security-libs/javax.net.ssl:
JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles JDK-8282859: Enable TLSv1.3 by Default on JDK 8 for Client Roles
@ -1577,7 +972,7 @@ device paths such as `NUL:` are *not* used.
New in release OpenJDK 8u332 (2022-04-22): New in release OpenJDK 8u332 (2022-04-22):
=========================================== ===========================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:
* https://bitly.com/openjdk8u332 * https://bit.ly/openjdk8u332
* https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u332.txt
* Security fixes * Security fixes

View File

@ -107,8 +107,6 @@
%global ssbd_arches x86_64 %global ssbd_arches x86_64
# Set of architectures where we verify backtraces with gdb # Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches} %global gdb_arches %{jit_arches} %{zero_arches}
# Architecture on which we run Java only tests
%global jdk_test_arch x86_64
# By default, we build a debug build during main build on JIT architectures # By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug} %if %{with slowdebug}
@ -269,8 +267,8 @@
# Define version of OpenJDK 8 used # Define version of OpenJDK 8 used
%global project openjdk %global project openjdk
%global repo shenandoah-jdk8u %global repo shenandoah-jdk8u
%global openjdk_revision 8u432-b06 %global openjdk_revision jdk8u392-b08
%global shenandoah_revision shenandoah%{openjdk_revision} %global shenandoah_revision shenandoah-%{openjdk_revision}
# Define IcedTea version used for SystemTap tapsets and desktop file # Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 3.15.0 %global icedteaver 3.15.0
# Define current Git revision for the FIPS support patches # Define current Git revision for the FIPS support patches
@ -429,14 +427,14 @@ License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv
URL: http://openjdk.java.net/ URL: http://openjdk.java.net/
# Shenandoah HotSpot # Shenandoah HotSpot
# openjdk/shenandoah-jdk8u contains an integration forest of # aarch64-port/jdk8u-shenandoah contains an integration forest of
# OpenJDK 8u and the Shenandoah garbage collector # OpenJDK 8u, the aarch64 port and Shenandoah
# To regenerate, use: # To regenerate, use:
# VERSION=%%{shenandoah_revision} # VERSION=%%{shenandoah_revision}
# FILE_NAME_ROOT=${VERSION} # FILE_NAME_ROOT=%%{project}-%%{repo}-${VERSION}
# REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh # REPO_ROOT=<path to checked-out repository> generate_source_tarball.sh
# where the source is obtained from http://github.com/%%{project}/%%{repo} # where the source is obtained from http://github.com/%%{project}/%%{repo}
Source0: %{shenandoah_revision}.tar.xz Source0: %{project}-%{repo}-%{shenandoah_revision}.tar.xz
# Custom README for -src subpackage # Custom README for -src subpackage
Source2: README.md Source2: README.md
@ -447,11 +445,12 @@ Source7: NEWS
# Use 'icedtea_sync.sh' to update the following # Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (3.x). # They are based on code contained in the IcedTea project (3.x).
# Systemtap tapsets. Zipped up to keep it small. # Systemtap tapsets. Zipped up to keep it small.
Source8: tapsets-icedtea-%{icedteaver}.tar.xz Source8: tapsets-icedtea-%%{icedteaver}.tar.xz
# Desktop files. Adapted from IcedTea # Desktop files. Adapted from IcedTea
Source9: jconsole.desktop.in # Disabled in portables
Source10: policytool.desktop.in #Source9: jconsole.desktop.in
#Source10: policytool.desktop.in
# nss configuration file # nss configuration file
Source11: nss.cfg.in Source11: nss.cfg.in
@ -477,6 +476,9 @@ Source17: nss.fips.cfg.in
# Ensure translations are available for new timezones # Ensure translations are available for new timezones
Source18: TestTranslations.java Source18: TestTranslations.java
# Disabled in portables
#Source20: repackReproduciblePolycies.sh
# New versions of config files with aarch64 support. This is not upstream yet. # New versions of config files with aarch64 support. This is not upstream yet.
Source100: config.guess Source100: config.guess
Source101: config.sub Source101: config.sub
@ -547,6 +549,8 @@ Patch539: pr2888-rh2055274-support_system_cacerts-%{cacertsver}.patch
Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) # RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
Patch600: rh1750419-redhat_alt_java.patch Patch600: rh1750419-redhat_alt_java.patch
# JDK-8281098, PR3836: Extra compiler flags not passed to adlc build
Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch
############################################# #############################################
# #
@ -593,8 +597,8 @@ Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch
Patch581: jdk8257794-remove_broken_assert.patch Patch581: jdk8257794-remove_broken_assert.patch
# JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files # JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files
Patch12: jdk8186464-rh1433262-zip64_failure.patch Patch12: jdk8186464-rh1433262-zip64_failure.patch
# JDK-8328999, RH2251025 - Update GIFlib to 5.2.2 (PR#571) # JDK-8312489, OJ2095: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar
Patch13: jdk8328999-update_giflib_5.2.2.patch Patch2000: jdk8312489-max_sig_default_increase.patch
############################################# #############################################
# #
@ -643,8 +647,6 @@ BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: alsa-lib-devel BuildRequires: alsa-lib-devel
BuildRequires: binutils BuildRequires: binutils
# cacerts build requirement.
BuildRequires: ca-certificates
BuildRequires: cups-devel BuildRequires: cups-devel
BuildRequires: desktop-file-utils BuildRequires: desktop-file-utils
# elfutils only are OK for build without AOT # elfutils only are OK for build without AOT
@ -652,13 +654,8 @@ BuildRequires: elfutils-devel
BuildRequires: file BuildRequires: file
BuildRequires: fontconfig-devel BuildRequires: fontconfig-devel
BuildRequires: freetype-devel BuildRequires: freetype-devel
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gdb BuildRequires: gdb
BuildRequires: make
# Require a boot JDK which doesn't fail due to RH1482244
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
BuildRequires: libxslt BuildRequires: libxslt
BuildRequires: libX11-devel BuildRequires: libX11-devel
BuildRequires: libXext-devel BuildRequires: libXext-devel
@ -669,17 +666,27 @@ BuildRequires: libXt-devel
BuildRequires: libXtst-devel BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg # Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel BuildRequires: nss-devel
# Commented out for portable RHEL7 doesn't have this
# Requirement for system security property test
#BuildRequires: crypto-policies
BuildRequires: pkgconfig BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
BuildRequires: tar BuildRequires: tar
BuildRequires: unzip BuildRequires: unzip
BuildRequires: zip # Require a boot JDK which doesn't fail due to RH1482244
BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3
# Zero-assembler build requirement # Zero-assembler build requirement
%ifarch %{zero_arches} %ifarch %{zero_arches}
BuildRequires: libffi-devel BuildRequires: libffi-devel
%endif %endif
# 2023c required as of JDK-8305113
BuildRequires: tzdata-java >= 2023c
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
# cacerts build requirement.
BuildRequires: ca-certificates
%if %{with_systemtap} %if %{with_systemtap}
BuildRequires: systemtap-sdt-devel BuildRequires: systemtap-sdt-devel
%endif %endif
@ -689,18 +696,17 @@ BuildRequires: giflib-devel
BuildRequires: lcms2-devel BuildRequires: lcms2-devel
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
BuildRequires: libpng-devel BuildRequires: libpng-devel
BuildRequires: zlib-devel
%else %else
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
Provides: bundled(zlib) = 1.2.13
# Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h # Version in jdk/src/share/native/sun/awt/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2 Provides: bundled(giflib) = 5.2.1
# Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h # Version in jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
Provides: bundled(lcms2) = 2.11.0 Provides: bundled(lcms2) = 2.10.0
# Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h # Version in jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b Provides: bundled(libjpeg) = 6b
# Version in jdk/src/share/native/sun/awt/libpng/png.h # Version in jdk/src/share/native/sun/awt/libpng/png.h
Provides: bundled(libpng) = 1.6.39 Provides: bundled(libpng) = 1.6.39
# Version in jdk/src/share/native/java/util/zip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
# We link statically against libstdc++ to increase portability # We link statically against libstdc++ to increase portability
BuildRequires: libstdc++-static BuildRequires: libstdc++-static
%endif %endif
@ -795,9 +801,6 @@ fi
echo "Update version: %{updatever}" echo "Update version: %{updatever}"
echo "Build number: %{buildver}" echo "Build number: %{buildver}"
echo "Milestone: %{milestone}" echo "Milestone: %{milestone}"
%ifnarch %{ix86}
export XZ_OPT="-T0"
%endif
%setup -q -c -n %{uniquesuffix ""} -T -a 0 %setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}` prioritylength=`expr length %{priority}`
@ -820,20 +823,6 @@ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/
# OpenJDK patches # OpenJDK patches
# This syntax is deprecated:
# %patchN [...]
# and should be replaced with:
# %patch -PN [...]
# For example:
# %patch1001 -p1
# becomes:
# %patch -P1001 -p1
# The replacement format suggested by recent (circa Fedora 38) RPM
# deprecation messages:
# %patch N [...]
# is not backward-compatible with prior (circa RHEL-8) versions of
# rpmbuild.
%if %{system_libs} %if %{system_libs}
# Remove libraries that are linked # Remove libraries that are linked
sh %{SOURCE12} sh %{SOURCE12}
@ -842,64 +831,62 @@ sh %{SOURCE12}
# Do not enable them with system_libs, they do not work properly with bundled option # Do not enable them with system_libs, they do not work properly with bundled option
# System library fixes # System library fixes
%if %{system_libs} %if %{system_libs}
%patch -P201 %patch201
%patch -P202 %patch202
%patch -P203 %patch203
%patch -P204 %patch204
%endif %endif
%patch -P1 %patch1
%patch -P5 %patch5
# s390 build fixes # s390 build fixes
%patch -P102 %patch102
%patch -P103 %patch103
%patch -P107 %patch107
# AArch64 fixes # AArch64 fixes
# x86 fixes # x86 fixes
pushd %{top_level_dir_name} %patch105
%patch -P105 -p1
popd
# Upstreamable fixes # Upstreamable fixes
%patch -P512 %patch502
%patch -P523 %patch512
%patch -P528 %patch523
%patch -P571 %patch528
%patch -P574 %patch571
%patch -P581 %patch574
%patch -P541 %patch112
%patch -P12 %patch581
pushd %{top_level_dir_name} %patch541
%patch -P502 -p1 %patch12
%patch -P13 -p1
popd
pushd %{top_level_dir_name} pushd %{top_level_dir_name}
# Add crypto policy and FIPS support # Add crypto policy and FIPS support
%patch -P1001 -p1 %patch1001 -p1
# nss.cfg PKCS11 support; must come last as it also alters java.security # nss.cfg PKCS11 support; must come last as it also alters java.security
%patch -P1000 -p1 %patch1000 -p1
# system cacerts support # system cacerts support
%patch -P539 -p1 %patch539 -p1
# JDK-8312489 backport, proposed for 8u402: https://github.com/openjdk/jdk8u-dev/pull/381
%patch2000 -p1
popd popd
# RPM-only fixes # RPM-only fixes
%patch -P600 %patch600
%patch -P1003 %patch1003
# RHEL-only patches # RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7 %if ! 0%{?fedora} && 0%{?rhel} <= 7
%patch -P534 %patch534
%endif %endif
# Shenandoah patches # Shenandoah patches
# Extract systemtap tapsets # Extract systemtap tapsets
%if %{with_systemtap} %if %{with_systemtap}
tar --strip-components=1 -x -I 'xz -T0' -f %{SOURCE8} tar --strip-components=1 -x -I xz -f %{SOURCE8}
%if %{include_debug_build} %if %{include_debug_build}
cp -r tapset tapset%{debug_suffix} cp -r tapset tapset%{debug_suffix}
%endif %endif
@ -938,9 +925,6 @@ export NUM_PROC=${NUM_PROC:-1}
# Honor %%_smp_ncpus_max # Honor %%_smp_ncpus_max
[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} [ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max}
%endif %endif
%ifnarch %{ix86}
export XZ_OPT="-T0"
%endif
%ifarch s390x sparc64 alpha %{power64} %{aarch64} %ifarch s390x sparc64 alpha %{power64} %{aarch64}
export ARCH_DATA_MODEL=64 export ARCH_DATA_MODEL=64
@ -1036,10 +1020,10 @@ function buildjdk() {
cat hotspot-spec.gmk cat hotspot-spec.gmk
make \ make \
JAVAC_FLAGS=-g \ JAVAC_FLAGS=-g \
LOG=trace \ LOG=trace \
SCTP_WERROR= \ SCTP_WERROR= \
${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false )
popd popd
} }
@ -1119,20 +1103,12 @@ function genchecksum() {
} }
function packagejdk() { function packagejdk() {
# Reusing OPENJDK_UPSTREAM_TAG_EPOCH for the modification times of all
# files in the portable tarballs eliminates one source of variability
# across RPM rebuilds.
VERSION_FILE="$(pwd)"/"%{top_level_dir_name}"/common/autoconf/version-numbers
OPENJDK_UPSTREAM_TAG_EPOCH="$(stat --format=%Y "${VERSION_FILE}")"
local imagesdir=$(pwd)/${1}/images local imagesdir=$(pwd)/${1}/images
local docdir=$(pwd)/${1}/docs local docdir=$(pwd)/${1}/docs
local bundledir=$(pwd)/${1}/bundles local bundledir=$(pwd)/${1}/bundles
local packagesdir=$(pwd)/${2} local packagesdir=$(pwd)/${2}
local srcdir=$(pwd)/%{top_level_dir_name} local srcdir=$(pwd)/%{top_level_dir_name}
local tapsetdir=$(pwd)/tapset local tapsetdir=$(pwd)/tapset
local tar_time="$(date --utc --iso-8601=seconds --date=@"${OPENJDK_UPSTREAM_TAG_EPOCH}")"
local tar_opts="--mtime=${tar_time} --sort=name -cJf"
echo "Packaging build from ${imagesdir} to ${packagesdir}..." echo "Packaging build from ${imagesdir} to ${packagesdir}..."
mkdir -p ${packagesdir} mkdir -p ${packagesdir}
@ -1148,6 +1124,16 @@ function packagejdk() {
jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}
jrename=%{jreportablename -- "$nameSuffix"} jrename=%{jreportablename -- "$nameSuffix"}
jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
# We only use docs for the release build
docname=%{docportablename}
docarchive=${packagesdir}/%{docportablearchive}
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip
# These are from the source tree so no debug variants
miscname=%{miscportablename}
miscarchive=${packagesdir}/%{miscportablearchive}
# Rename directories for packaging # Rename directories for packaging
mv %{jdkimage} ${jdkname} mv %{jdkimage} ${jdkname}
@ -1155,19 +1141,8 @@ function packagejdk() {
# Release images have external debug symbols # Release images have external debug symbols
if [ "x$suffix" = "x" ] ; then if [ "x$suffix" = "x" ] ; then
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
# We only use docs for the release build
docname=%{docportablename}
docarchive=${packagesdir}/%{docportablearchive}
built_doc_archive=jdk-%{javaver}_%{updatever}%{milestone_version}$suffix-%{buildver}-docs.zip
# These are from the source tree so no debug variants
miscname=%{miscportablename}
miscarchive=${packagesdir}/%{miscportablearchive}
# Keep the unstripped version for consumption by RHEL RPMs # Keep the unstripped version for consumption by RHEL RPMs
tar ${tar_opts} ${unstrippedarchive} ${jdkname} tar -cJf ${unstrippedarchive} ${jdkname}
genchecksum ${unstrippedarchive} genchecksum ${unstrippedarchive}
# Strip the files # Strip the files
@ -1180,32 +1155,32 @@ function packagejdk() {
fi fi
done done
tar ${tar_opts} ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo) tar -cJf ${debugjdkarchive} $(find ${jdkname} -name \*.debuginfo)
genchecksum ${debugjdkarchive} genchecksum ${debugjdkarchive}
tar ${tar_opts} ${debugjrearchive} $(find ${jdkname} -name \*.debuginfo) tar -cJf ${debugjrearchive} $(find ${jrename} -name \*.debuginfo)
genchecksum ${debugjrearchive} genchecksum ${debugjrearchive}
mkdir ${docname} mkdir ${docname}
mv ${docdir} ${docname} mv ${docdir} ${docname}
mv ${bundledir}/${built_doc_archive} ${docname} mv ${bundledir}/${built_doc_archive} ${docname}
tar ${tar_opts} ${docarchive} ${docname} tar -cJf ${docarchive} ${docname}
genchecksum ${docarchive} genchecksum ${docarchive}
mkdir ${miscname} mkdir ${miscname}
for s in 16 24 32 48 ; do for s in 16 24 32 48 ; do
cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname} cp -av ${srcdir}/jdk/src/solaris/classes/sun/awt/X11/java-icon${s}.png ${miscname}
done done
%if %{with_systemtap} %if %{with_systemtap}
cp -a ${tapsetdir}* ${miscname} cp -a ${tapsetdir}* ${miscname}
%endif %endif
tar ${tar_opts} ${miscarchive} ${miscname} tar -cJf ${miscarchive} ${miscname}
genchecksum ${miscarchive} genchecksum ${miscarchive}
fi fi
tar ${tar_opts} ${jdkarchive} --exclude='**.debuginfo' ${jdkname} tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname}
genchecksum ${jdkarchive} genchecksum ${jdkarchive}
tar ${tar_opts} ${jrearchive} --exclude='**.debuginfo' ${jrename} tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename}
genchecksum ${jrearchive} genchecksum ${jrearchive}
# Revert directory renaming so testing will run # Revert directory renaming so testing will run
@ -1290,54 +1265,27 @@ for suffix in %{build_loop} ; do
export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage}
# Only test on one architecture (the fastest) for Java only tests # Check unlimited policy has been used
%ifarch %{jdk_test_arch} $JAVA_HOME/bin/javac -d . %{SOURCE13}
$JAVA_HOME/bin/java TestCryptoLevel
# Check unlimited policy has been used # Check ECC is working
$JAVA_HOME/bin/javac -d . %{SOURCE13} $JAVA_HOME/bin/javac -d . %{SOURCE14}
$JAVA_HOME/bin/java TestCryptoLevel $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check ECC is working # Check system crypto (policy) is active and can be disabled
$JAVA_HOME/bin/javac -d . %{SOURCE14} # Test takes a single argument - true or false - to state whether system
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") # security properties are enabled or not.
$JAVA_HOME/bin/javac -d . %{SOURCE15}
export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
export SEC_DEBUG="-Djava.security.debug=properties"
# Portable specific: set false whereas its true for upstream
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
# Check system crypto (policy) is active and can be disabled # Check correct vendor values have been set
# Test takes a single argument - true or false - to state whether system $JAVA_HOME/bin/javac -d . %{SOURCE16}
# security properties are enabled or not. $JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Portable specific: default is false
$JAVA_HOME/bin/javac -d . %{SOURCE15}
export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
export SEC_DEBUG="-Djava.security.debug=properties"
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
# Check translations are available for new timezones
$JAVA_HOME/bin/javac -d . %{SOURCE18}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
# Check src.zip has all sources. See RHBZ#1130490
unzip -l $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
# Check class files include useful debugging information
$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
# Check generated class files include useful debugging information
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
%else
# Just run a basic java -version test on other architectures
$JAVA_HOME/bin/java -version
%endif
# Check java launcher has no SSB mitigation # Check java launcher has no SSB mitigation
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
@ -1349,6 +1297,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
%endif %endif
# Check translations are available for new timezones
$JAVA_HOME/bin/javac -d . %{SOURCE18}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE
# Release builds strip the debug symbols into external .debuginfo files # Release builds strip the debug symbols into external .debuginfo files
if [ "x$suffix" = "x" ] ; then if [ "x$suffix" = "x" ] ; then
so_suffix="debuginfo" so_suffix="debuginfo"
@ -1422,6 +1374,19 @@ EOF
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif %endif
# Check src.zip has all sources. See RHBZ#1130490
jar -tf $JAVA_HOME/src.zip | grep 'sun.misc.Unsafe'
# Check class files include useful debugging information
$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable
# Check generated class files include useful debugging information
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from"
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable
$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable
# build cycles check # build cycles check
done done
@ -1437,9 +1402,12 @@ for suffix in %{build_loop} ; do
nameSuffix=`echo "$suffix"| sed s/-/./` nameSuffix=`echo "$suffix"| sed s/-/./`
fi fi
# These definitions should match those in packagejdk # These definitions should match those in installjdk
jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}
jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"}
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
mkdir -p $RPM_BUILD_ROOT%{_jvmdir} mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
@ -1449,33 +1417,32 @@ for suffix in %{build_loop} ; do
mv ${jrearchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${jrearchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
if [ "x$suffix" = "x" ] ; then if [ "x$suffix" = "x" ] ; then
# These definitions should match those in packagejdk
debugjdkarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"}
debugjrearchive=${packagesdir}/%{jreportablearchive -- "${nameSuffix}.debuginfo"}
unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"}
docarchive=${packagesdir}/%{docportablearchive}
miscarchive=${packagesdir}/%{miscportablearchive}
mv ${debugjdkarchive} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${debugjdkarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${debugjdkarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${debugjdkarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${debugjrearchive} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${debugjrearchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${debugjrearchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${debugjrearchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${unstrippedarchive} $RPM_BUILD_ROOT%{_jvmdir}/ mv ${unstrippedarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${unstrippedarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ mv ${unstrippedarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
fi fi
done done
# These definitions should match those in installjdk
# Install outside the loop as there are no debug variants
docarchive=${packagesdir}/%{docportablearchive}
miscarchive=${packagesdir}/%{miscportablearchive}
mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/
mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/
# To show sha in the build log # To show sha in the build log
for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do
ls -l $file ; ls -l $file ;
cat $file ; cat $file ;
done done
%if %{include_normal_build} %if %{include_normal_build}
%files %files
@ -1484,36 +1451,23 @@ done
%{_jvmdir}/%{jreportablearchive -- .debuginfo} %{_jvmdir}/%{jreportablearchive -- .debuginfo}
%{_jvmdir}/%{jreportablearchive -- %%{nil}}.sha256sum %{_jvmdir}/%{jreportablearchive -- %%{nil}}.sha256sum
%{_jvmdir}/%{jreportablearchive -- .debuginfo}.sha256sum %{_jvmdir}/%{jreportablearchive -- .debuginfo}.sha256sum
%else %else
%files %files
# placeholder # placeholder
%endif %endif
%if %{include_normal_build} %if %{include_normal_build}
%files devel %files devel
%{_jvmdir}/%{jdkportablearchive -- %%{nil}} %{_jvmdir}/%{jdkportablearchive -- %%{nil}}
%{_jvmdir}/%{jdkportablearchive -- .debuginfo} %{_jvmdir}/%{jdkportablearchive -- .debuginfo}
%{_jvmdir}/%{jdkportablearchive -- %%{nil}}.sha256sum %{_jvmdir}/%{jdkportablearchive -- %%{nil}}.sha256sum
%{_jvmdir}/%{jdkportablearchive -- .debuginfo}.sha256sum %{_jvmdir}/%{jdkportablearchive -- .debuginfo}.sha256sum
%endif
%files unstripped %files unstripped
%{_jvmdir}/%{jdkportablearchive -- .unstripped} %{_jvmdir}/%{jdkportablearchive -- .unstripped}
%{_jvmdir}/%{jdkportablearchive -- .unstripped}.sha256sum %{_jvmdir}/%{jdkportablearchive -- .unstripped}.sha256sum
%files docs
%{_jvmdir}/%{docportablearchive}
%{_jvmdir}/%{docportablearchive}.sha256sum
%files misc
%{_jvmdir}/%{miscportablearchive}
%{_jvmdir}/%{miscportablearchive}.sha256sum
%endif
%if %{include_debug_build} %if %{include_debug_build}
%files slowdebug %files slowdebug
@ -1523,7 +1477,6 @@ done
%files devel-slowdebug %files devel-slowdebug
%{_jvmdir}/%{jdkportablearchive -- .slowdebug} %{_jvmdir}/%{jdkportablearchive -- .slowdebug}
%{_jvmdir}/%{jdkportablearchive -- .slowdebug}.sha256sum %{_jvmdir}/%{jdkportablearchive -- .slowdebug}.sha256sum
%endif %endif
%if %{include_fastdebug_build} %if %{include_fastdebug_build}
@ -1538,150 +1491,15 @@ done
%endif %endif
%files docs
%{_jvmdir}/%{docportablearchive}
%{_jvmdir}/%{docportablearchive}.sha256sum
%files misc
%{_jvmdir}/%{miscportablearchive}
%{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog %changelog
* Fri Oct 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.432.b06-1
- Update to shenandoah-jdk8u432-b06 (GA)
- Update release notes for shenandoah-8u432-b06.
- Switch to GA mode.
- ** This tarball is embargoed until 2024-10-15 @ 1pm PT. **
* Thu Oct 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.432.b05-0.1.ea
- Update to shenandoah-jdk8u432-b05 (EA)
- Update release notes for shenandoah-8u432-b05.
- Switch to EA mode.
- Drop JDK-828109{6,7,8}/PR3836 patch following integration of upstream version
- Regenerate JDK-8199936/PR3533 patch following JDK-828109{6,7,8} integration
- Bump version of bundled zlib to 1.3.1 following JDK-8324632
- Add build dependency on make
- Reorganise build dependencies to retain alphabetical order for unconditional deps
- Include backport of JDK-8328999 to update giflib to 5.2.2
- Bump version of bundled giflib to 5.2.2 following JDK-8328999
- Add build scripts to repository to ease remembering all CentOS & RHEL targets and options
- Resolves: OPENJDK-3348
* Wed Jul 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.422.b05-1.1
- Update to shenandoah-jdk8u422-b05 (GA)
- Update release notes for shenandoah-8u422-b05.
- Rebase PR2462 patch following patched hunk being removed by JDK-8322106
- Switch to GA mode.
- Limit Java only tests to one architecture using jdk_test_arch
- Remove unused policy repacking script repackReproduciblePolycies.sh
- Sync README.md with RHEL 8
- Add missing build dependency on zlib-devel
- Update LCMS version to match JDK-8245400
- Move unstripped, misc and doc tarball handling into normal build / no suffix blocks
- Drop unneeded tzdata-java build dependency following 11d4d3308dd3334acae563101c007be9db017b83
- ** This tarball is embargoed until 2024-07-16 @ 1pm PT. **
- Resolves: OPENJDK-3183
- Resolves: OPENJDK-3187
- Resolves: OPENJDK-3193
* Tue Jul 09 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.422.b01-0.1.ea
- Update to shenandoah-jdk8u422-b01 (EA)
- Update release notes for shenandoah-8u422-b01.
- Switch to EA mode.
* Wed Apr 10 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b08-2
- Add CVEs to release notes
* Mon Apr 08 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b08-1
- Update to shenandoah-jdk8u412-b08 (GA)
- Update release notes for shenandoah-8u412-b08.
- Complete release note for Certainly roots
- Switch to GA mode.
- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
* Fri Apr 05 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b07-0.1.ea
- Update to shenandoah-jdk8u412-b07 (EA)
- Update release notes for shenandoah-8u412-b07.
- Require tzdata 2024a due to upstream inclusion of JDK-8322725
* Fri Mar 29 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b01-0.2.ea
- Move to upstream tag style (shenandoah8ux-by) in preparation for eventually moving back to official sources
- generate_source_tarball.sh: Rename JCONSOLE_JS_PATCH{,_DEFAULT} to JCONSOLE_PATCH{,_DEFAULT} for brevity
- generate_source_tarball.sh: Adapt OPENJDK_LATEST logic to work with 8u Shenandoah fork
- generate_source_tarball.sh: Adapt version logic to work with 8u
- generate_source_tarball.sh: Add quoting for SCRIPT_DIR and JCONSOLE_PATCH (SC2086)
- generate_source_tarball.sh: Update examples in header for clarity
- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
- icedtea_sync.sh: Reinstate from rhel-8.8.0 branch
- Move maintenance scripts to a scripts subdirectory
- icedtea_sync.sh: Update with a VCS mode that retrieves sources from a Mercurial repository
- jconsole.desktop.in: Restored by running icedtea_sync.sh
- policytool.desktop.in: Likewise.
- Restore IcedTea sources correctly in spec file
- discover_trees.sh: Set compile-command and indentation instructions for Emacs
- discover_trees.sh: shellcheck: Do not use -o (SC2166)
- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: Add authorship
- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
- Remove pointless empty file generate_singlerepo_source_tarball.sh
- Remove pointless empty file update_main_sources.sh
- generate_source_tarball.sh: Handle an existing checkout
- generate_source_tarball.sh: Sync indentation with java-21-openjdk version
- generate_source_tarball.sh: Support using a subdirectory via TO_COMPRESS
* Fri Mar 29 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:1.8.0.412.b01-0.2.ea
- generate_source_tarball.sh: Add WITH_TEMP environment variable
- generate_source_tarball.sh: Multithread xz on all available cores
- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable
- generate_source_tarball.sh: Update comment about tarball naming
- generate_source_tarball.sh: Reformat comment header
- generate_source_tarball.sh: Reformat and update help output
- generate_source_tarball.sh: Do a shallow clone, for speed
- generate_source_tarball.sh: Eliminate some removal prompting
- generate_source_tarball.sh: Make tarball reproducible
- generate_source_tarball.sh: Prefix temporary directory with temp-
- generate_source_tarball.sh: Remove temporary directory exit conditions
- generate_source_tarball.sh: Set compile-command in Emacs
- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT
- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks
- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)
- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)
- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)
- Use backward-compatible patch syntax
- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST
- generate_source_tarball.sh: Remove trailing period in echo
- generate_source_tarball.sh: Use long-style argument to grep
- generate_source_tarball.sh: Add license
- generate_source_tarball.sh: Add indentation instructions for Emacs
* Fri Mar 22 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b01-0.1.ea
- Introduce tar_opts to avoid repetition of lengthy tar creation options
- Normalise whitespace
- Turn off xz multi-threading on i686 as it fails with an out of memory error
* Fri Mar 22 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:1.8.0.412.b01-0.1.ea
- Invoke xz in multi-threaded mode
- Make portable tarball modification times reproducible
* Thu Mar 21 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.412.b01-0.1.ea
- Update to shenandoah-jdk8u412-b01 (EA)
- Update release notes for shenandoah-8u412-b01.
- Switch to EA mode.
* Thu Jan 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.402.b06-0.1.ea
- Update to shenandoah-jdk8u402-b06 (GA)
- Update release notes for shenandoah-8u402-b06.
- Drop local copy of JDK-8312489 which is now included upstream
- Switch to GA mode.
- ** This tarball is embargoed until 2024-01-16 @ 1pm PT. **
* Tue Dec 05 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.402.b01-0.1.ea
- Update to shenandoah-jdk8u402-b01 (EA)
- Update release notes for shenandoah-8u402-b01.
- Switch to EA mode.
- Sync NEWS with vanilla branch version.
* Wed Oct 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b08-1 * Wed Oct 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.392.b08-1
- Update to shenandoah-jdk8u392-b08 (GA) - Update to shenandoah-jdk8u392-b08 (GA)
- Update release notes for shenandoah-8u392-b08. - Update release notes for shenandoah-8u392-b08.

View File

@ -1,286 +0,0 @@
# HG changeset patch
# User sherman
# Date 1505950914 25200
# Wed Sep 20 16:41:54 2017 -0700
# Node ID 723486922bfe4c17e3f5c067ce5e97229842fbcd
# Parent c8ac05bbe47771b3dafa2e7fc9a95d86d68d7c07
8186464: ZipFile cannot read some InfoZip ZIP64 zip files
Reviewed-by: martin
diff --git openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
index 26e2a5bf9e9..2630c118817 100644
--- openjdk.orig/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
+++ openjdk/jdk/src/share/demo/nio/zipfs/src/com/sun/nio/zipfs/ZipFileSystem.java
@@ -92,6 +92,7 @@ public class ZipFileSystem extends FileSystem {
private final boolean createNew; // create a new zip if not exists
private static final boolean isWindows =
System.getProperty("os.name").startsWith("Windows");
+ private final boolean forceEnd64;
// a threshold, in bytes, to decide whether to create a temp file
// for outputstream of a zip entry
@@ -112,12 +113,13 @@ public class ZipFileSystem extends FileSystem {
if (this.defaultDir.charAt(0) != '/')
throw new IllegalArgumentException("default dir should be absolute");
+ this.forceEnd64 = "true".equals(env.get("forceZIP64End"));
this.provider = provider;
this.zfpath = zfpath;
if (Files.notExists(zfpath)) {
if (createNew) {
try (OutputStream os = Files.newOutputStream(zfpath, CREATE_NEW, WRITE)) {
- new END().write(os, 0);
+ new END().write(os, 0, forceEnd64);
}
} else {
throw new FileSystemNotFoundException(zfpath.toString());
@@ -1014,28 +1016,36 @@ public class ZipFileSystem extends FileSystem {
end.cenoff = ENDOFF(buf);
end.comlen = ENDCOM(buf);
end.endpos = pos + i;
- if (end.cenlen == ZIP64_MINVAL ||
- end.cenoff == ZIP64_MINVAL ||
- end.centot == ZIP64_MINVAL32)
- {
- // need to find the zip64 end;
- byte[] loc64 = new byte[ZIP64_LOCHDR];
- if (readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR)
- != loc64.length) {
- return end;
- }
- long end64pos = ZIP64_LOCOFF(loc64);
- byte[] end64buf = new byte[ZIP64_ENDHDR];
- if (readFullyAt(end64buf, 0, end64buf.length, end64pos)
- != end64buf.length) {
- return end;
- }
- // end64 found, re-calcualte everything.
- end.cenlen = ZIP64_ENDSIZ(end64buf);
- end.cenoff = ZIP64_ENDOFF(end64buf);
- end.centot = (int)ZIP64_ENDTOT(end64buf); // assume total < 2g
- end.endpos = end64pos;
+ // try if there is zip64 end;
+ byte[] loc64 = new byte[ZIP64_LOCHDR];
+ if (end.endpos < ZIP64_LOCHDR ||
+ readFullyAt(loc64, 0, loc64.length, end.endpos - ZIP64_LOCHDR)
+ != loc64.length ||
+ !locator64SigAt(loc64, 0)) {
+ return end;
+ }
+ long end64pos = ZIP64_LOCOFF(loc64);
+ byte[] end64buf = new byte[ZIP64_ENDHDR];
+ if (readFullyAt(end64buf, 0, end64buf.length, end64pos)
+ != end64buf.length ||
+ !end64SigAt(end64buf, 0)) {
+ return end;
+ }
+ // end64 found,
+ long cenlen64 = ZIP64_ENDSIZ(end64buf);
+ long cenoff64 = ZIP64_ENDOFF(end64buf);
+ long centot64 = ZIP64_ENDTOT(end64buf);
+ // double-check
+ if (cenlen64 != end.cenlen && end.cenlen != ZIP64_MINVAL ||
+ cenoff64 != end.cenoff && end.cenoff != ZIP64_MINVAL ||
+ centot64 != end.centot && end.centot != ZIP64_MINVAL32) {
+ return end;
}
+ // to use the end64 values
+ end.cenlen = cenlen64;
+ end.cenoff = cenoff64;
+ end.centot = (int)centot64; // assume total < 2g
+ end.endpos = end64pos;
return end;
}
}
@@ -1201,7 +1211,7 @@ public class ZipFileSystem extends FileSystem {
// sync the zip file system, if there is any udpate
private void sync() throws IOException {
- //System.out.printf("->sync(%s) starting....!%n", toString());
+ // System.out.printf("->sync(%s) starting....!%n", toString());
// check ex-closer
if (!exChClosers.isEmpty()) {
for (ExChannelCloser ecc : exChClosers) {
@@ -1292,7 +1302,7 @@ public class ZipFileSystem extends FileSystem {
}
end.centot = elist.size();
end.cenlen = written - end.cenoff;
- end.write(os, written);
+ end.write(os, written, forceEnd64);
}
if (!streams.isEmpty()) {
//
@@ -1849,8 +1859,8 @@ public class ZipFileSystem extends FileSystem {
long endpos;
int disktot;
- void write(OutputStream os, long offset) throws IOException {
- boolean hasZip64 = false;
+ void write(OutputStream os, long offset, boolean forceEnd64) throws IOException {
+ boolean hasZip64 = forceEnd64; // false;
long xlen = cenlen;
long xoff = cenoff;
if (xlen >= ZIP64_MINVAL) {
@@ -1875,8 +1885,8 @@ public class ZipFileSystem extends FileSystem {
writeShort(os, 45); // version needed to extract
writeInt(os, 0); // number of this disk
writeInt(os, 0); // central directory start disk
- writeLong(os, centot); // number of directory entires on disk
- writeLong(os, centot); // number of directory entires
+ writeLong(os, centot); // number of directory entries on disk
+ writeLong(os, centot); // number of directory entries
writeLong(os, cenlen); // length of central directory
writeLong(os, cenoff); // offset of central directory
diff --git openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c openjdk/jdk/src/share/native/java/util/zip/zip_util.c
index 5fd6fea049d..858e5814e92 100644
--- openjdk.orig/jdk/src/share/native/java/util/zip/zip_util.c
+++ openjdk/jdk/src/share/native/java/util/zip/zip_util.c
@@ -385,6 +385,9 @@ findEND64(jzfile *zip, void *end64buf, jlong endpos)
{
char loc64[ZIP64_LOCHDR];
jlong end64pos;
+ if (endpos < ZIP64_LOCHDR) {
+ return -1;
+ }
if (readFullyAt(zip->zfd, loc64, ZIP64_LOCHDR, endpos - ZIP64_LOCHDR) == -1) {
return -1; // end64 locator not found
}
@@ -567,6 +570,7 @@ readCEN(jzfile *zip, jint knownTotal)
{
/* Following are unsigned 32-bit */
jlong endpos, end64pos, cenpos, cenlen, cenoff;
+ jlong cenlen64, cenoff64, centot64;
/* Following are unsigned 16-bit */
jint total, tablelen, i, j;
unsigned char *cenbuf = NULL;
@@ -594,13 +598,20 @@ readCEN(jzfile *zip, jint knownTotal)
cenlen = ENDSIZ(endbuf);
cenoff = ENDOFF(endbuf);
total = ENDTOT(endbuf);
- if (cenlen == ZIP64_MAGICVAL || cenoff == ZIP64_MAGICVAL ||
- total == ZIP64_MAGICCOUNT) {
- unsigned char end64buf[ZIP64_ENDHDR];
- if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) {
- cenlen = ZIP64_ENDSIZ(end64buf);
- cenoff = ZIP64_ENDOFF(end64buf);
- total = (jint)ZIP64_ENDTOT(end64buf);
+ unsigned char end64buf[ZIP64_ENDHDR];
+ if ((end64pos = findEND64(zip, end64buf, endpos)) != -1) {
+ // end64 candidate found,
+ cenlen64 = ZIP64_ENDSIZ(end64buf);
+ cenoff64 = ZIP64_ENDOFF(end64buf);
+ centot64 = ZIP64_ENDTOT(end64buf);
+ // double-check
+ if ((cenlen64 == cenlen || cenlen == ZIP64_MAGICVAL) &&
+ (cenoff64 == cenoff || cenoff == ZIP64_MAGICVAL) &&
+ (centot64 == total || total == ZIP64_MAGICCOUNT)) {
+ // to use the end64 values
+ cenlen = cenlen64;
+ cenoff = cenoff64;
+ total = (jint)centot64;
endpos = end64pos;
endhdrlen = ZIP64_ENDHDR;
}
diff --git openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java
index ffe8a8ed712..9b380003893 100644
--- openjdk.orig/jdk/test/java/util/zip/ZipFile/ReadZip.java
+++ openjdk/jdk/test/java/util/zip/ZipFile/ReadZip.java
@@ -22,7 +22,7 @@
*/
/* @test
- * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993
+ * @bug 4241361 4842702 4985614 6646605 5032358 6923692 6233323 8144977 8184993 8186464
* @summary Make sure we can read a zip file.
@key randomness
* @run main/othervm ReadZip
@@ -31,12 +31,24 @@
*/
import java.io.*;
+import java.net.URI;
import java.nio.file.Files;
+import java.nio.file.FileSystem;
+import java.nio.file.FileSystems;
+import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import java.util.zip.*;
+import sun.misc.IOUtils;
+
+import static java.nio.charset.StandardCharsets.US_ASCII;
+
public class ReadZip {
private static void unreached (Object o)
throws Exception
@@ -144,8 +156,6 @@ public class ReadZip {
newZip.delete();
}
-
-
// Throw a FNF exception when read a non-existing zip file
try { unreached (new ZipFile(
new File(System.getProperty("test.src", "."),
@@ -153,5 +163,54 @@ public class ReadZip {
+ String.valueOf(new java.util.Random().nextInt())
+ ".zip")));
} catch (FileNotFoundException fnfe) {}
+
+ // read a zip file with ZIP64 end
+ Path path = Paths.get(System.getProperty("test.dir", ""), "end64.zip");
+ try {
+ URI uri = URI.create("jar:" + path.toUri());
+ Map<String, Object> env = new HashMap<>();
+ env.put("create", "true");
+ env.put("forceZIP64End", "true");
+ try (FileSystem fs = FileSystems.newFileSystem(uri, env)) {
+ Files.write(fs.getPath("hello"), "hello".getBytes());
+ }
+ try (ZipFile zf = new ZipFile(path.toFile())) {
+ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("hello"))),
+ US_ASCII)))
+ throw new RuntimeException("zipfile: read entry failed");
+ } catch (IOException x) {
+ throw new RuntimeException("zipfile: zip64 end failed");
+ }
+ try (FileSystem fs = FileSystems.newFileSystem(uri, Collections.emptyMap())) {
+ if (!"hello".equals(new String(Files.readAllBytes(fs.getPath("hello")))))
+ throw new RuntimeException("zipfs: read entry failed");
+ } catch (IOException x) {
+ throw new RuntimeException("zipfile: zip64 end failed");
+ }
+ } finally {
+ Files.deleteIfExists(path);
+ }
+
+ // read a zip file created via "echo hello | zip dst.zip -", which uses
+ // ZIP64 end record
+ if (Files.notExists(Paths.get("/usr/bin/zip")))
+ return;
+ try {
+ Process zip = new ProcessBuilder("zip", path.toString().toString(), "-").start();
+ OutputStream os = zip.getOutputStream();
+ os.write("hello".getBytes(US_ASCII));
+ os.close();
+ zip.waitFor();
+ if (zip.exitValue() == 0 && Files.exists(path)) {
+ try (ZipFile zf = new ZipFile(path.toFile())) {
+ if (!"hello".equals(new String(IOUtils.readAllBytes(zf.getInputStream(new ZipEntry("-"))))))
+ throw new RuntimeException("zipfile: read entry failed");
+ } catch (IOException x) {
+ throw new RuntimeException("zipfile: zip64 end failed");
+ }
+ }
+ } finally {
+ Files.deleteIfExists(path);
+ }
}
}

View File

@ -7,11 +7,10 @@
PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations
Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X Summary: Enable -mstackrealign on x86 Linux as well as x86 Mac OS X
diff --git a/common/autoconf/flags.m4 b/common/autoconf/flags.m4 diff --git openjdk.orig///common/autoconf/flags.m4 openjdk///common/autoconf/flags.m4
index 113bf367e2..bed030e8d1 100644 --- openjdk.orig///common/autoconf/flags.m4
--- a/common/autoconf/flags.m4 +++ openjdk///common/autoconf/flags.m4
+++ b/common/autoconf/flags.m4 @@ -402,6 +402,21 @@
@@ -451,6 +451,21 @@ AC_DEFUN_ONCE([FLAGS_SETUP_COMPILER_FLAGS_FOR_JDK],
AC_SUBST($2CXXSTD_CXXFLAG) AC_SUBST($2CXXSTD_CXXFLAG)
fi fi
@ -33,32 +32,23 @@ index 113bf367e2..bed030e8d1 100644
if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then if test "x$CFLAGS" != "x${ADDED_CFLAGS}"; then
AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags]) AC_MSG_WARN([Ignoring CFLAGS($CFLAGS) found in environment. Use --with-extra-cflags])
fi fi
diff --git a/common/autoconf/hotspot-spec.gmk.in b/common/autoconf/hotspot-spec.gmk.in diff --git openjdk.orig///common/autoconf/hotspot-spec.gmk.in openjdk///common/autoconf/hotspot-spec.gmk.in
index 3f86751d2b..f8a271383f 100644 --- openjdk.orig///common/autoconf/hotspot-spec.gmk.in
--- a/common/autoconf/hotspot-spec.gmk.in +++ openjdk///common/autoconf/hotspot-spec.gmk.in
+++ b/common/autoconf/hotspot-spec.gmk.in @@ -112,7 +112,8 @@
@@ -114,13 +114,14 @@ RC:=@HOTSPOT_RC@ RC:=@HOTSPOT_RC@
# Retain EXTRA_{CFLAGS,CXXFLAGS,LDFLAGS,ASFLAGS} for the target flags to
# maintain compatibility with the existing Makefiles EXTRA_CFLAGS=@LEGACY_EXTRA_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \
EXTRA_CFLAGS=@LEGACY_TARGET_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \ - $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) + $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) \ + $(REALIGN_CFLAG)
+ $(REALIGN_CFLAG) EXTRA_CXXFLAGS=@LEGACY_EXTRA_CXXFLAGS@
EXTRA_CXXFLAGS=@LEGACY_TARGET_CXXFLAGS@ EXTRA_LDFLAGS=@LEGACY_EXTRA_LDFLAGS@
EXTRA_LDFLAGS=@LEGACY_TARGET_LDFLAGS@ EXTRA_ASFLAGS=@LEGACY_EXTRA_ASFLAGS@
EXTRA_ASFLAGS=@LEGACY_TARGET_ASFLAGS@ diff --git openjdk.orig///common/autoconf/spec.gmk.in openjdk///common/autoconf/spec.gmk.in
# Define an equivalent set for the host flags (i.e. without sysroot options) --- openjdk.orig///common/autoconf/spec.gmk.in
HOST_CFLAGS=@LEGACY_HOST_CFLAGS@ $(NO_DELETE_NULL_POINTER_CHECKS_CFLAG) \ +++ openjdk///common/autoconf/spec.gmk.in
- $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG) @@ -366,6 +366,7 @@
+ $(NO_LIFETIME_DSE_CFLAG) $(CXXSTD_CXXFLAG)
HOST_CXXFLAGS=@LEGACY_HOST_CXXFLAGS@
HOST_LDFLAGS=@LEGACY_HOST_LDFLAGS@
HOST_ASFLAGS=@LEGACY_HOST_ASFLAGS@
diff --git a/common/autoconf/spec.gmk.in b/common/autoconf/spec.gmk.in
index 9573bb2cbd..fe7efc130c 100644
--- a/common/autoconf/spec.gmk.in
+++ b/common/autoconf/spec.gmk.in
@@ -366,6 +366,7 @@ CXXFLAGS_JDKEXE:=@CXXFLAGS_JDKEXE@
NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@ NO_DELETE_NULL_POINTER_CHECKS_CFLAG=@NO_DELETE_NULL_POINTER_CHECKS_CFLAG@
NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@ NO_LIFETIME_DSE_CFLAG=@NO_LIFETIME_DSE_CFLAG@

View File

@ -0,0 +1,12 @@
diff --git openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
--- openjdk.orig/hotspot/src/os/linux/vm/perfMemory_linux.cpp
+++ openjdk/hotspot/src/os/linux/vm/perfMemory_linux.cpp
@@ -878,7 +878,7 @@
// open the file
int result;
- RESTARTABLE(::open(filename, oflags), result);
+ RESTARTABLE(::open(filename, oflags, 0), result);
if (result == OS_ERR) {
if (errno == ENOENT) {
THROW_MSG_(vmSymbols::java_lang_IllegalArgumentException(),

View File

@ -0,0 +1,67 @@
# HG changeset patch
# User Andrew John Hughes <gnu_andrew@member.fsf.org>
# Date 1620365804 -3600
# Fri May 07 06:36:44 2021 +0100
# Node ID 39b62f35eca823b4c9a98bc1dc0cb9acb87360f8
# Parent 723b59ed1afe878c5cd35f080399c8ceec4f776b
PR3836: Extra compiler flags not passed to adlc build
diff --git openjdk.orig/hotspot/make/aix/makefiles/adlc.make openjdk/hotspot/make/aix/makefiles/adlc.make
--- openjdk.orig/hotspot/make/aix/makefiles/adlc.make
+++ openjdk/hotspot/make/aix/makefiles/adlc.make
@@ -69,6 +69,11 @@
CFLAGS_WARN = -w
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/bsd/makefiles/adlc.make openjdk/hotspot/make/bsd/makefiles/adlc.make
--- openjdk.orig/hotspot/make/bsd/makefiles/adlc.make
+++ openjdk/hotspot/make/bsd/makefiles/adlc.make
@@ -71,6 +71,11 @@
endif
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/linux/makefiles/adlc.make openjdk/hotspot/make/linux/makefiles/adlc.make
--- openjdk.orig/hotspot/make/linux/makefiles/adlc.make
+++ openjdk/hotspot/make/linux/makefiles/adlc.make
@@ -69,6 +69,11 @@
CFLAGS_WARN = $(WARNINGS_ARE_ERRORS)
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+LFLAGS += $(EXTRA_CFLAGS) $(EXTRA_LDFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
OBJECTNAMES = \
adlparse.o \
archDesc.o \
diff --git openjdk.orig/hotspot/make/solaris/makefiles/adlc.make openjdk/hotspot/make/solaris/makefiles/adlc.make
--- openjdk.orig/hotspot/make/solaris/makefiles/adlc.make
+++ openjdk/hotspot/make/solaris/makefiles/adlc.make
@@ -85,6 +85,10 @@
endif
CFLAGS += $(CFLAGS_WARN)
+# Extra flags from gnumake's invocation or environment
+CFLAGS += $(EXTRA_CFLAGS)
+ASFLAGS += $(EXTRA_ASFLAGS)
+
ifeq ("${Platform_compiler}", "sparcWorks")
# Enable the following CFLAGS addition if you need to compare the
# built ELF objects.

View File

@ -0,0 +1,48 @@
commit c38a36f124a7eb28920cc367cb01b67d973a55c0
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Wed Oct 11 01:42:03 2023 +0100
Backport e47a84f23dd2608c6f5748093eefe301fb5bf750
diff --git a/jdk/src/share/classes/java/util/jar/JarFile.java b/jdk/src/share/classes/java/util/jar/JarFile.java
index a26dcc4a1c7..ac2e1c9d6a8 100644
--- a/jdk/src/share/classes/java/util/jar/JarFile.java
+++ b/jdk/src/share/classes/java/util/jar/JarFile.java
@@ -436,7 +436,9 @@ class JarFile extends ZipFile {
throw new IOException("Unsupported size: " + uncompressedSize +
" for JarEntry " + ze.getName() +
". Allowed max size: " +
- SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes");
+ SignatureFileVerifier.MAX_SIG_FILE_SIZE + " bytes. " +
+ "You can use the jdk.jar.maxSignatureFileSize " +
+ "system property to increase the default value.");
}
int len = (int)uncompressedSize;
byte[] b = IOUtils.readAllBytes(is);
diff --git a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
index c335e964f63..afdfa406b92 100644
--- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
+++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
@@ -855,16 +855,16 @@ public class SignatureFileVerifier {
* the maximum allowed number of bytes for the signature-related files
* in a JAR file.
*/
- Integer tmp = AccessController.doPrivileged(new GetIntegerAction(
- "jdk.jar.maxSignatureFileSize", 8000000));
+ int tmp = AccessController.doPrivileged(new GetIntegerAction(
+ "jdk.jar.maxSignatureFileSize", 16000000));
if (tmp < 0 || tmp > MAX_ARRAY_SIZE) {
if (debug != null) {
- debug.println("Default signature file size 8000000 bytes " +
- "is used as the specified size for the " +
- "jdk.jar.maxSignatureFileSize system property " +
+ debug.println("The default signature file size of 16000000 bytes " +
+ "will be used for the jdk.jar.maxSignatureFileSize " +
+ "system property since the specified value " +
"is out of range: " + tmp);
}
- tmp = 8000000;
+ tmp = 16000000;
}
return tmp;
}

File diff suppressed because it is too large Load Diff

View File

@ -7,10 +7,10 @@
8074839: Resolve disabled warnings for libunpack and the unpack200 binary 8074839: Resolve disabled warnings for libunpack and the unpack200 binary
Reviewed-by: dholmes, ksrini Reviewed-by: dholmes, ksrini
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
index bdaf95a2f6a..60c5b4f2a69 100644 index bdaf95a2f6a..60c5b4f2a69 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/bytes.h
@@ -63,7 +63,7 @@ struct bytes { @@ -63,7 +63,7 @@ struct bytes {
bytes res; bytes res;
res.ptr = ptr + beg; res.ptr = ptr + beg;
@ -20,10 +20,10 @@ index bdaf95a2f6a..60c5b4f2a69 100644
return res; return res;
} }
// building C strings inside byte buffers: // building C strings inside byte buffers:
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
index 5fbc7261fb3..4c002e779d8 100644 index 5fbc7261fb3..4c002e779d8 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/jni.cpp
@@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject @@ -292,7 +292,7 @@ Java_com_sun_java_util_jar_pack_NativeUnpack_getUnusedInput(JNIEnv *env, jobject
if (uPtr->aborting()) { if (uPtr->aborting()) {
@ -50,10 +50,10 @@ index 5fbc7261fb3..4c002e779d8 100644
const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE); const char* prop = env->GetStringUTFChars(pProp, JNI_FALSE);
CHECK_EXCEPTION_RETURN_VALUE(prop, false); CHECK_EXCEPTION_RETURN_VALUE(prop, false);
const char* value = env->GetStringUTFChars(pValue, JNI_FALSE); const char* value = env->GetStringUTFChars(pValue, JNI_FALSE);
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
index 6fbc43a18ae..722c8baaff0 100644 index 6fbc43a18ae..722c8baaff0 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/main.cpp
@@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) { @@ -142,31 +142,28 @@ static const char* nbasename(const char* progname) {
return progname; return progname;
} }
@ -104,10 +104,10 @@ index 6fbc43a18ae..722c8baaff0 100644
} }
} }
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
index a585535c513..8df3fade499 100644 index 56f391b1e87..f0a25f8cd20 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.cpp
@@ -225,9 +225,9 @@ struct entry { @@ -225,9 +225,9 @@ struct entry {
} }
@ -120,7 +120,7 @@ index a585535c513..8df3fade499 100644
#endif #endif
}; };
@@ -719,13 +719,13 @@ void unpacker::read_file_header() { @@ -718,13 +718,13 @@ void unpacker::read_file_header() {
// Now we can size the whole archive. // Now we can size the whole archive.
// Read everything else into a mega-buffer. // Read everything else into a mega-buffer.
rp = hdr.rp; rp = hdr.rp;
@ -138,7 +138,7 @@ index a585535c513..8df3fade499 100644
abort("EOF reading fixed input buffer"); abort("EOF reading fixed input buffer");
return; return;
} }
@@ -739,7 +739,7 @@ void unpacker::read_file_header() { @@ -738,7 +738,7 @@ void unpacker::read_file_header() {
return; return;
} }
input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)), input.set(U_NEW(byte, add_size(header_size_0, archive_size, C_SLOP)),
@ -147,7 +147,7 @@ index a585535c513..8df3fade499 100644
CHECK; CHECK;
assert(input.limit()[0] == 0); assert(input.limit()[0] == 0);
// Move all the bytes we read initially into the real buffer. // Move all the bytes we read initially into the real buffer.
@@ -962,13 +962,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) { @@ -961,13 +961,13 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) {
nentries = next_entry; nentries = next_entry;
// place a limit on future CP growth: // place a limit on future CP growth:
@ -163,7 +163,18 @@ index a585535c513..8df3fade499 100644
// Note that this CP does not include "empty" entries // Note that this CP does not include "empty" entries
// for longs and doubles. Those are introduced when // for longs and doubles. Those are introduced when
@@ -3694,21 +3694,22 @@ void cpool::computeOutputIndexes() { @@ -985,8 +985,9 @@ void cpool::init(unpacker* u_, int counts[CONSTANT_Limit]) {
}
// Initialize *all* our entries once
- for (int i = 0 ; i < maxentries ; i++)
+ for (uint i = 0 ; i < maxentries ; i++) {
entries[i].outputIndex = REQUESTED_NONE;
+ }
initGroupIndexes();
// Initialize hashTab to a generous power-of-two size.
@@ -3681,21 +3682,22 @@ void cpool::computeOutputIndexes() {
unpacker* debug_u; unpacker* debug_u;
@ -190,7 +201,7 @@ index a585535c513..8df3fade499 100644
case CONSTANT_Signature: case CONSTANT_Signature:
if (value.b.ptr == null) if (value.b.ptr == null)
return ref(0)->string(); return ref(0)->string();
@@ -3728,26 +3729,28 @@ char* entry::string() { @@ -3715,26 +3717,28 @@ char* entry::string() {
break; break;
default: default:
if (nrefs == 0) { if (nrefs == 0) {
@ -228,10 +239,10 @@ index a585535c513..8df3fade499 100644
} }
void print_cp_entries(int beg, int end) { void print_cp_entries(int beg, int end) {
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
index 4ec595333c4..aad0c971ef2 100644 index cec7a88b24e..ed5f3336a59 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/unpack.h
@@ -209,7 +209,7 @@ struct unpacker { @@ -209,7 +209,7 @@ struct unpacker {
byte* rp; // read pointer (< rplimit <= input.limit()) byte* rp; // read pointer (< rplimit <= input.limit())
byte* rplimit; // how much of the input block has been read? byte* rplimit; // how much of the input block has been read?
@ -241,10 +252,10 @@ index 4ec595333c4..aad0c971ef2 100644
// callback to read at least one byte, up to available input // callback to read at least one byte, up to available input
typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen); typedef jlong (*read_input_fn_t)(unpacker* self, void* buf, jlong minlen, jlong maxlen);
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
index da39a589545..1281d8b25c8 100644 index e5197e1a3f1..40a10055ea5 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/utils.cpp
@@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger @@ -81,7 +81,7 @@ void breakpoint() { } // hook for debugger
int assert_failed(const char* p) { int assert_failed(const char* p) {
char message[1<<12]; char message[1<<12];
@ -254,10 +265,10 @@ index da39a589545..1281d8b25c8 100644
breakpoint(); breakpoint();
unpack_abort(message); unpack_abort(message);
return 0; return 0;
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
index f58c94956c0..343da3e183b 100644 index f58c94956c0..343da3e183b 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.cpp
@@ -84,7 +84,7 @@ void jar::init(unpacker* u_) { @@ -84,7 +84,7 @@ void jar::init(unpacker* u_) {
} }
@ -282,10 +293,10 @@ index f58c94956c0..343da3e183b 100644
PRINTCR((2, "writing zip comment\n")); PRINTCR((2, "writing zip comment\n"));
// Write the comment. // Write the comment.
diff --git a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h diff --git openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
index 14ffc9d65bd..9877f6f68ca 100644 index 14ffc9d65bd..9877f6f68ca 100644
--- a/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h --- openjdk.orig/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
+++ b/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h +++ openjdk/jdk/src/share/native/com/sun/java/util/jar/pack/zip.h
@@ -68,8 +68,8 @@ struct jar { @@ -68,8 +68,8 @@ struct jar {
} }

View File

@ -1,16 +0,0 @@
diff -uNr openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java jdk8/jdk/src/share/classes/java/awt/Toolkit.java
--- openjdk-orig/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 11:59:47.000000000 -0500
+++ jdk8/jdk/src/share/classes/java/awt/Toolkit.java 2009-01-23 12:05:20.000000000 -0500
@@ -883,7 +883,11 @@
return null;
}
});
- loadAssistiveTechnologies();
+ try {
+ loadAssistiveTechnologies();
+ } catch ( AWTError error) {
+ // ignore silently
+ }
}
return toolkit;
}

View File

@ -1,13 +0,0 @@
--- openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:12.038189968 +0100
+++ openjdk/jdk/src/solaris/classes/sun/security/smartcardio/PlatformPCSC.java 2013-03-01 10:48:11.913188505 +0100
@@ -48,8 +48,8 @@
private final static String PROP_NAME = "sun.security.smartcardio.library";
- private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so";
- private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
+ private final static String LIB1 = "/usr/$LIBISA/libpcsclite.so.1";
+ private final static String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1";
private final static String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
PlatformPCSC() {

View File

@ -16,7 +16,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenan
Atomic::add(val, &_sum); Atomic::add(val, &_sum);
- int mag = log2_intptr(val) + 1; - int mag = log2_intptr(val) + 1;
+ int mag = log2_long(val) + 1; + int mag = log2_intptr((uintptr_t)val) + 1;
// Defensively saturate for product bits: // Defensively saturate for product bits:
if (mag < 0) { if (mag < 0) {

File diff suppressed because it is too large Load Diff