Update to jdk-11.0.12.0+6
Update release notes to 11.0.12.0+6 Correct bug ID JDK-8264846 to intended ID of JDK-8264848 Switch to EA mode for 11.0.12 pre-release builds. Update ECC patch following JDK-8226374 (bug ID yet to be confirmed) Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. Remove restriction on disabling product build, as debug packages no longer have javadoc packages. Resolves: rhbz#1967815
This commit is contained in:
parent
51b93a0a4a
commit
16c1b3ca09
5
.gitignore
vendored
5
.gitignore
vendored
@ -86,3 +86,8 @@
|
||||
/jdk-updates-jdk11u-jdk-11.0.11+6-4curve.tar.xz
|
||||
/jdk-updates-jdk11u-jdk-11.0.11+7-4curve.tar.xz
|
||||
/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
|
||||
/jdk-updates-jdk11u-jdk-11.0.12+1-4curve.tar.xz
|
||||
/jdk-updates-jdk11u-jdk-11.0.12+2-4curve.tar.xz
|
||||
/jdk-updates-jdk11u-jdk-11.0.12+3-4curve.tar.xz
|
||||
/jdk-updates-jdk11u-jdk-11.0.12+4-4curve.tar.xz
|
||||
/jdk-updates-jdk11u-jdk-11.0.12+6-4curve.tar.xz
|
||||
|
393
NEWS
393
NEWS
@ -3,6 +3,399 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 11.0.12 (2021-07-20):
|
||||
=============================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk11012
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.12.txt
|
||||
|
||||
* Other changes
|
||||
- JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
|
||||
- JDK-7106851: Test should not use System.exit
|
||||
- JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
|
||||
- JDK-8076190: Customizing the generation of a PKCS12 keystore
|
||||
- JDK-8153005: Upgrade the default PKCS12 encryption/MAC algorithms
|
||||
- JDK-8171303: sun/java2d/pipe/InterpolationQualityTest.java fails on Windows & Linux
|
||||
- JDK-8177068: incomplete classpath causes NPE in Flow
|
||||
- JDK-8185734: [Windows] Structured Exception Catcher missing around gtest execution
|
||||
- JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
|
||||
- JDK-8190763: Class cast exception on (CompoundEdit) UndoableEditEvent.getEdit()
|
||||
- JDK-8195841: PNGImageReader.readNullTerminatedString() doesnt check for non-null terminated strings with length equal to maxLen
|
||||
- JDK-8196100: javax/swing/text/JTextComponent/5074573/bug5074573.java fails
|
||||
- JDK-8199646: JShell tests: jdk/jshell/FailOverDirectExecutionControlTest.java failed with java.lang.UnsupportedOperationException
|
||||
- JDK-8206925: Support the certificate_authorities extension
|
||||
- JDK-8207160: ClassReader::adjustMethodParams can potentially return null if the args list is empty
|
||||
- JDK-8207247: AARCH64: Enable Minimal and Client VM builds
|
||||
- JDK-8207404: MulticastSocket tests failing on AIX
|
||||
- JDK-8207779: Method::is_valid_method() compares 'this' with NULL
|
||||
- JDK-8208061: runtime/LoadClass/TestResize.java fails with "Load factor too high" when running in CDS mode.
|
||||
- JDK-8209459: TestSHA512MultiBlockIntrinsics failed on AArch64
|
||||
- JDK-8210443: Migrate Locale matching tests to JDK Repo.
|
||||
- JDK-8213231: ThreadSnapshot::_threadObj can become stale
|
||||
- JDK-8213483: ARM32: runtime/ErrorHandling/ShowRegistersOnAssertTest.java jtreg test fail
|
||||
- JDK-8213725: JShell NullPointerException due to class file with unexpected package
|
||||
- JDK-8213794: ARM32: disable TypeProfiling, CriticalJNINatives, Serviceablity tests for ARM32
|
||||
- JDK-8213845: ARM32: Interpreter doesn't call result handler after native calls
|
||||
- JDK-8214128: ARM32: wrong stack alignment on Deoptimization::unpack_frames
|
||||
- JDK-8214512: ARM32: Jtreg test compiler/c2/Test8062950.java fails on ARM
|
||||
- JDK-8214854: JDWP: Unforseen output truncation in logging
|
||||
- JDK-8214922: Add vectorization support for fmin/fmax
|
||||
- JDK-8215009: GCC 8 compilation error in libjli
|
||||
- JDK-8216184: CDS/appCDS tests failed on Windows due to long path to a classlist file
|
||||
- JDK-8216259: AArch64: Vectorize Adler32 intrinsics
|
||||
- JDK-8216314: SIGILL in CodeHeapState::print_names()
|
||||
- JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
|
||||
- JDK-8217465: [REDO] - Optimize CodeHeap Analytics
|
||||
- JDK-8217561: X86: Add floating-point Math.min/max intrinsics
|
||||
- JDK-8217918: C2: -XX:+AggressiveUnboxing is broken
|
||||
- JDK-8218458: [TESTBUG] runtime/NMT/CheckForProperDetailStackTrace.java fails with Expected stack trace missing from output
|
||||
- JDK-8219142: Remove unused JIMAGE_ResourcePath
|
||||
- JDK-8219586: CodeHeap State Analytics processes dead nmethods
|
||||
- JDK-8220074: Clean up GCC 8.3 errors in LittleCMS
|
||||
- JDK-8220407: compiler/intrinsics/math/TestFpMinMaxIntrinsics.java timedout
|
||||
- JDK-8222302: [TESTBUG]test/hotspot/jtreg/compiler/intrinsics/sha/cli/TestUseSHAOptionOnUnsupportedCPU.java fails on any other CPU
|
||||
- JDK-8222412: AARCH64: multiple instructions encoding issues
|
||||
- JDK-8223020: aarch64: expand minI_rReg and maxI_rReg patterns into separate instructions
|
||||
- JDK-8223444: Improve CodeHeap Free Space Management
|
||||
- JDK-8223504: Improve performance of forall loops by better inlining of "iterator()" methods
|
||||
- JDK-8223667: ASAN build broken
|
||||
- JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
|
||||
- JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
|
||||
- JDK-8225438: javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java failed with Read timed out
|
||||
- JDK-8225756: [testbug] compiler/loopstripmining/CheckLoopStripMining.java sets too short a SafepointTimeoutDelay
|
||||
- JDK-8226374: Restrict TLS signature schemes and named groups
|
||||
- JDK-8226627: assert(t->singleton()) failed: must be a constant
|
||||
- JDK-8226721: Missing intrinsics for Math.ceil, floor, rint
|
||||
- JDK-8227080: (fs) Files.newInputStream(...).skip(n) is slow
|
||||
- JDK-8227222: vmTestbase/jit/FloatingPoint/gen_math/Loops04/Loops04.java failed XMM register should be 0-15
|
||||
- JDK-8227609: (fs) Files.newInputStream(...).skip(n) should allow skipping beyond file size
|
||||
- JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
|
||||
- JDK-8231460: Performance issue (CodeHeap) with large free blocks
|
||||
- JDK-8231713: x86_32 build failures after JDK-8226721 (Missing intrinsics for Math.ceil, floor, rint)
|
||||
- JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
|
||||
- JDK-8232084: HotSpot build failed with GCC 9.2.1
|
||||
- JDK-8232591: AArch64: Add missing match rules for smaddl, smsubl and smnegl
|
||||
- JDK-8233185: HttpServer.stop() blocks indefinitely when called on dispatch thread
|
||||
- JDK-8233787: Break cycle in vm_version* includes
|
||||
- JDK-8233948: AArch64: Incorrect mapping between OptoReg and VMReg for high 64 bits of Vector Register
|
||||
- JDK-8234355: Buffer overflow in jcmd GC.class_stats due to too many classes
|
||||
- JDK-8235368: Update BCEL to Version 6.4.1
|
||||
- JDK-8236859: WebSocket over authenticating proxy fails with NPE
|
||||
- JDK-8236992: AArch64: remove redundant load_klass in itable stub
|
||||
- JDK-8237743: test/langtools/jdk/jshell/FailOverExecutionControlTest.java fails No ExecutionControlProvider with name 'nonExistent' and parameter keys: []
|
||||
- JDK-8237804: sun/security/mscapi tests fail with "Key pair not generated, alias <nnnnnn> already exists"
|
||||
- JDK-8238175: CTW: Class.getDeclaredMethods fails with assert(k->is_subclass_of(SystemDictionary::Throwable_klass())) failed: invalid exception class
|
||||
- JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
|
||||
- JDK-8238812: assert(false) failed: bad AD file
|
||||
- JDK-8239312: [macos] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java
|
||||
- JDK-8239386: handle ContendedPaddingWidth in vm_version_aarch64
|
||||
- JDK-8239536: Can't use `java.util.List` object after importing `java.awt.List`
|
||||
- JDK-8240487: Cleanup whitespace in .cc, .hh, .m, and .mm files
|
||||
- JDK-8240848: ArrayIndexOutOfBoundsException buf for TextCallbackHandler
|
||||
- JDK-8241082: Upgrade IANA Language Subtag Registry data to 03-16-2020 version
|
||||
- JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
|
||||
- JDK-8241101: [s390] jtreg test failure after JDK-8238696: not conformant features string
|
||||
- JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
|
||||
- JDK-8241372: Several test failures due to javax.net.ssl.SSLException: Connection reset
|
||||
- JDK-8241475: AArch64: Add missing support for PopCountVI node
|
||||
- JDK-8241829: Cleanup the code for PrinterJob on windows
|
||||
- JDK-8241960: The SHA3 message digests impl of SUN provider are not thread safe after cloned
|
||||
- JDK-8242010: Upgrade IANA Language Subtag Registry to Version 2020-04-01
|
||||
- JDK-8242429: Better implementation for sign extract
|
||||
- JDK-8242557: Add length limit for strings in PNGImageWriter
|
||||
- JDK-8242919: Paste locks up jshell
|
||||
- JDK-8243155: AArch64: Add support for SqrtVF
|
||||
- JDK-8243240: AArch64: Add support for MulVB
|
||||
- JDK-8243452: JFR: Could not create chunk in repository with over 200 recordings
|
||||
- JDK-8243559: Remove root certificates with 1024-bit keys
|
||||
- JDK-8243597: AArch64: Add support for integer vector abs
|
||||
- JDK-8244031: HttpClient should have more tests for HEAD requests
|
||||
- JDK-8244205: HTTP/2 tunnel connections through proxy may be reused regardless of which proxy is selected
|
||||
- JDK-8244847: Linux/PPC: runtime/CompressedOops/CompressedClassPointers: smallHeapTest fails
|
||||
- JDK-8245511: G1 adaptive IHOP does not account for reclamation of humongous objects by young GC
|
||||
- JDK-8246274: G1 old gen allocation tracking is not in a separate class
|
||||
- JDK-8247354: [aarch64] PopFrame causes assert(oopDesc::is_oop(obj)) failed: not an oop
|
||||
- JDK-8247408: IdealGraph bit check expression canonicalization
|
||||
- JDK-8247432: Update IANA Language Subtag Registry to Version 2020-09-29
|
||||
- JDK-8247438: JShell: When FailOverExecutionControlProvider fails the proximal cause is not shown
|
||||
- JDK-8247753: UIManager.getSytemLookAndFeelClassName() returns wrong value on Fedora 32
|
||||
- JDK-8248043: Need to eliminate excessive i2l conversions
|
||||
- JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
|
||||
- JDK-8248568: compiler/c2/TestBit.java failed: test missing from stdout/stderr
|
||||
- JDK-8248870: AARCH64: I2L/L2I conversions can be skipped for masked positive values
|
||||
- JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
|
||||
- JDK-8249189: AARCH64: more L2I conversions can be skipped
|
||||
- JDK-8249719: MethodHandle performance suffers from bad ResolvedMethodTable hash function
|
||||
- JDK-8249875: GCC 10 warnings -Wtype-limits with JFR code
|
||||
- JDK-8250635: MethodArityHistogram should use Compile_lock in favour of fancy checks
|
||||
- JDK-8250876: Fix issues with cross-compile on macos
|
||||
- JDK-8251031: Some vmTestbase/nsk/monitoring/RuntimeMXBean tests fail with hostnames starting from digits
|
||||
- JDK-8251525: AARCH64: Faster Math.signum(fp)
|
||||
- JDK-8252259: AArch64: Adjust default value of FLOATPRESSURE
|
||||
- JDK-8252311: AArch64: save two words in itable lookup stub
|
||||
- JDK-8252779: compiler/graalunit/HotspotTest.java failed after 8251525
|
||||
- JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
|
||||
- JDK-8253167: ARM32 builds fail after JDK-8247910
|
||||
- JDK-8253572: [windows] CDS archive may fail to open with long file names
|
||||
- JDK-8253923: C2 doesn't always run loop opts for compilations that include loops
|
||||
- JDK-8253948: Memory leak in ImageFileReader
|
||||
- JDK-8254631: Better support ALPN byte wire values in SunJSSE
|
||||
- JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
|
||||
- JDK-8255086: Update the root locale display names
|
||||
- JDK-8255625: AArch64: Implement Base64.encodeBlock accelerator/intrinsic
|
||||
- JDK-8255763: C2: OSR miscompilation caused by invalid memory instruction placement
|
||||
- JDK-8255992: JFR EventWriter does not use first string from StringPool with id 0
|
||||
- JDK-8256037: [TESTBUG] com/sun/jndi/dns/ConfigTests/PortUnreachable.java fails due to the hard coded threshold is small
|
||||
- JDK-8256244: java/lang/ProcessHandle/PermissionTest.java fails with TestNG 7.1
|
||||
- JDK-8256287: [windows] add loop fuse to map_or_reserve_memory_aligned
|
||||
- JDK-8256523: Streamline Java SHA2 implementation
|
||||
- JDK-8257414: Drag n Drop target area is wrong on high DPI systems
|
||||
- JDK-8257569: Failure observed with JfrVirtualMemory::initialize
|
||||
- JDK-8257574: C2: "failed: parsing found no loops but there are some" assert failure
|
||||
- JDK-8257580: Bump update version for OpenJDK: jdk-11.0.12
|
||||
- JDK-8257604: JNI_ArgumentPusherVaArg leaks valist
|
||||
- JDK-8257621: JFR StringPool misses cached items across consecutive recordings
|
||||
- JDK-8257796: [TESTBUG] TestUseSHA512IntrinsicsOptionOnSupportedCPU.java fails on x86_32
|
||||
- JDK-8257822: C2 crashes with SIGFPE due to a division that floats above its zero check
|
||||
- JDK-8257828: SafeFetch may crash if invoked in non-JavaThreads
|
||||
- JDK-8257853: Remove dependencies on JNF's JNI utility functions in AWT and 2D code
|
||||
- JDK-8257858: [macOS]: Remove JNF dependency from libosxsecurity/KeystoreImpl.m
|
||||
- JDK-8257860: [macOS]: Remove JNF dependency from libosxkrb5/SCDynamicStoreConfig.m
|
||||
- JDK-8257988: Remove JNF dependency from libsaproc/MacosxDebuggerLocal.m
|
||||
- JDK-8258414: OldObjectSample events too expensive
|
||||
- JDK-8258505: [TESTBUG] TestDivZeroWithSplitIf.java fails due to missing UnlockDiagnosticVMOptions
|
||||
- JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
|
||||
- JDK-8259061: C2: assert(found) failed: memory-writing node is not placed in its original loop or an ancestor of it
|
||||
- JDK-8259227: C2 crashes with SIGFPE due to a division that floats above its zero check
|
||||
- JDK-8259232: Bad JNI lookup during printing
|
||||
- JDK-8259276: C2: Empty expression stack when reexecuting tableswitch/lookupswitch instructions after deoptimization
|
||||
- JDK-8259343: [macOS] Update JNI error handling in Cocoa code.
|
||||
- JDK-8259585: Accessible actions do not work on mac os x
|
||||
- JDK-8259651: [macOS] Replace JNF_COCOA_ENTER/EXIT macros
|
||||
- JDK-8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl
|
||||
- JDK-8259710: Inlining trace leaks memory
|
||||
- JDK-8259729: Missed JNFInstanceOf -> IsInstanceOf conversion
|
||||
- JDK-8259777: Incorrect predication condition generated by ADLC
|
||||
- JDK-8259786: initialize last parameter of getpwuid_r
|
||||
- JDK-8259843: initialize dli_fname array before calling dll_address_to_library_name
|
||||
- JDK-8259869: [macOS] Remove desktop module dependencies on JNF Reference APIs
|
||||
- JDK-8259886: Improve SSL session cache performance and scalability
|
||||
- JDK-8259983: do not use uninitialized expand_ms value in G1CollectedHeap::expand_heap_after_young_collection
|
||||
- JDK-8260030: Improve stringStream buffer handling
|
||||
- JDK-8260236: better init AnnotationCollector _contended_group
|
||||
- JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
|
||||
- JDK-8260284: C2: assert(_base == Int) failed: Not an Int
|
||||
- JDK-8260380: Upgrade to LittleCMS 2.12
|
||||
- JDK-8260420: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
|
||||
- JDK-8260426: awt debug_mem.c DMem_AllocateBlock might leak memory
|
||||
- JDK-8260432: allocateSpaceForGP in freetypeScaler.c might leak memory
|
||||
- JDK-8260616: Removing remaining JNF dependencies in the java.desktop module
|
||||
- JDK-8260653: Unreachable nodes keep speculative types alive
|
||||
- JDK-8260707: java/lang/instrument/PremainClass/InheritAgent0100.java times out
|
||||
- JDK-8260925: HttpsURLConnection does not work with other JSSE provider.
|
||||
- JDK-8260926: Trace resource exhausted events unconditionally
|
||||
- JDK-8261020: Wrong format parameter in create_emergency_chunk_path
|
||||
- JDK-8261027: AArch64: Support for LSE atomics C++ HotSpot code
|
||||
- JDK-8261167: print_process_memory_info add a close call after fopen
|
||||
- JDK-8261170: Upgrade to freetype 2.10.4
|
||||
- JDK-8261198: [macOS] Incorrect JNI parameters in number conversion in A11Y code
|
||||
- JDK-8261235: C1 compilation fails with assert(res->vreg_number() == index) failed: conversion check
|
||||
- JDK-8261261: The version extra fields needs to be overridable in jib-profiles.js
|
||||
- JDK-8261262: Kitchensink24HStress.java crashed with EXCEPTION_ACCESS_VIOLATION
|
||||
- JDK-8261354: SIGSEGV at MethodIteratorHost
|
||||
- JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
|
||||
- JDK-8261397: try catch Method failing to work when dividing an integer by 0
|
||||
- JDK-8261422: Adjust problematic String.format calls in jdk/internal/util/Preconditions.java outOfBoundsMessage
|
||||
- JDK-8261447: MethodInvocationCounters frequently run into overflow
|
||||
- JDK-8261481: Cannot read Kerberos settings in dynamic store on macOS Big Sur
|
||||
- JDK-8261505: Test test/hotspot/jtreg/gc/parallel/TestDynShrinkHeap.java killed by Linux OOM Killer
|
||||
- JDK-8261601: free memory in early return in Java_sun_nio_ch_sctp_SctpChannelImpl_receive0
|
||||
- JDK-8261649: AArch64: Optimize LSE atomics in C++ code
|
||||
- JDK-8261730: C2 compilation fails with assert(store->find_edge(load) != -1) failed: missing precedence edge
|
||||
- JDK-8261752: Multiple GC test are missing memory requirements
|
||||
- JDK-8261791: (sctp) handleSendFailed in SctpChannelImpl.c potential leaks
|
||||
- JDK-8261812: C2 compilation fails with assert(!had_error) failed: bad dominance
|
||||
- JDK-8261914: IfNode::fold_compares_helper faces non-canonicalized bool when running JRuby JSON workload
|
||||
- JDK-8262093: java/util/concurrent/tck/JSR166TestCase.java failed "assert(false) failed: unexpected node"
|
||||
- JDK-8262110: DST starts from incorrect time in 2038
|
||||
- JDK-8262121: [11u] Redo 8244287: JFR: Methods samples have line number 0
|
||||
- JDK-8262163: Extend settings printout in jcmd VM.metaspace
|
||||
- JDK-8262295: C2: Out-of-Bounds Array Load from Clone Source
|
||||
- JDK-8262298: G1BarrierSetC2::step_over_gc_barrier fails with assert "bad barrier shape"
|
||||
- JDK-8262446: DragAndDrop hangs on Windows
|
||||
- JDK-8262461: handle wcstombsdmp return value correctly in unix awt_InputMethod.c
|
||||
- JDK-8262465: Very long compilation times and high memory consumption in C2 debug builds
|
||||
- JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
|
||||
- JDK-8262739: String inflation C2 intrinsic prevents insertion of anti-dependencies
|
||||
- JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
|
||||
- JDK-8262837: handle split_USE correctly
|
||||
- JDK-8262900: ToolBasicTest fails to access HTTP server it starts
|
||||
- JDK-8263260: [s390] Support latest hardware (z14 and z15)
|
||||
- JDK-8263311: Watch registry changes for remote printers update instead of polling
|
||||
- JDK-8263361: Incorrect arraycopy stub selected by C2 for SATB collectors
|
||||
- JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
|
||||
- JDK-8263425: AArch64: two potential bugs in C1 LIRGenerator::generate_address()
|
||||
- JDK-8263448: CTW: fatal error: meet not symmetric
|
||||
- JDK-8263504: Some OutputMachOpcodes fields are uninitialized
|
||||
- JDK-8263557: Possible NULL dereference in Arena::destruct_contents()
|
||||
- JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true
|
||||
- JDK-8263676: AArch64: one potential bug in C1 LIRGenerator::generate_address()
|
||||
- JDK-8263729: [test] divert spurious output away from stream under test in ProcessBuilder Basic test
|
||||
- JDK-8263846: Bad JNI lookup getFocusOwner in accessibility code on Mac OS X
|
||||
- JDK-8264047: Duplicate global variable 'jvm' in libjavajpeg and libawt
|
||||
- JDK-8264096: slowdebug jvm crashes when StrInflatedCopy match rule is not supported
|
||||
- JDK-8264151: ciMethod::ensure_method_data() should return false is loading resulted in empty state
|
||||
- JDK-8264173: [s390] Improve Hardware Feature Detection And Reporting
|
||||
- JDK-8264190: Harden TLS interop tests
|
||||
- JDK-8264223: CodeHeap::verify fails extra_hops assertion in fastdebug test
|
||||
- JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
|
||||
- JDK-8264360: Loop strip mining verification fails with "should be on the backedge"
|
||||
- JDK-8264626: C1 should be able to inline excluded methods
|
||||
- JDK-8264640: CMS ParScanClosure misses a barrier
|
||||
- JDK-8264786: [macos] All Swing/AWT apps cause Allow Notifications prompt to appear when app is launched
|
||||
- JDK-8264821: DirectIOTest fails on a system with large block size
|
||||
- JDK-8264848: [macos] libjvm.dylib linker warning due to macOS version mismatch
|
||||
- JDK-8264923: PNGImageWriter.write_zTXt throws Exception with a typo
|
||||
- JDK-8264958: C2 compilation fails with assert "n is later than its clone"
|
||||
- JDK-8265099: Revert backport to 11u of 8236859: WebSocket over authenticating proxy fails with NPE
|
||||
- JDK-8265154: vinserti128 operand mix up for KNL platforms
|
||||
- JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
|
||||
- JDK-8265417: Backport of JDK-8249672 breaks Solaris x86 build
|
||||
- JDK-8265421: java/lang/String/StringRepeat.java test is missing a memory requirement
|
||||
- JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
|
||||
- JDK-8265537: x86 version string truncated after JDK-8249672 11u backport
|
||||
- JDK-8265666: Enable AIX build platform to make external debug symbols
|
||||
- JDK-8265677: CMS: CardTableBarrierSet::write_ref_array_work() lacks storestore barrier
|
||||
- JDK-8265690: Use the latest Ubuntu base image version in Docker testing
|
||||
- JDK-8265718: Build failure after JDK-8258414 11u backport
|
||||
- JDK-8265750: Fatal error in safepoint.cpp after backport of 8258414
|
||||
- JDK-8265784: [C2] Hoisting of DecodeN leaves MachTemp inputs behind
|
||||
- JDK-8265938: C2's conditional move optimization does not handle top Phi
|
||||
- JDK-8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified
|
||||
- JDK-8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
|
||||
- JDK-8266713: [AIX] Build failure after 11u backport of JDK-8247753
|
||||
- JDK-8266802: Shenandoah: Round up region size to page size unconditionally
|
||||
- JDK-8266892: avoid maybe-uninitialized gcc warnings on linux s390x
|
||||
- JDK-8266929: Unable to use algorithms from 3p providers
|
||||
- JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
|
||||
- JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
|
||||
- JDK-8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u
|
||||
- JDK-8267641: [11u] 8227609 backport typo
|
||||
- JDK-8267721: Enable sun/security/pkcs11 tests for Amazon Linux 2 AArch64
|
||||
- JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8215293: Customizing PKCS12 keystore Generation
|
||||
===================================================
|
||||
New system and security properties have been added to enable users to
|
||||
customize the generation of PKCS #12 keystores. This includes
|
||||
algorithms and parameters for key protection, certificate protection,
|
||||
and MacData. The detailed explanation and possible values for these
|
||||
properties can be found in the "PKCS12 KeyStore properties" section of
|
||||
the `java.security` file.
|
||||
|
||||
Also, support for the following SHA-2 based HmacPBE algorithms has
|
||||
been added to the SunJCE provider:
|
||||
|
||||
* HmacPBESHA224
|
||||
* HmacPBESHA256
|
||||
* HmacPBESHA384
|
||||
* HmacPBESHA512
|
||||
* HmacPBESHA512/224
|
||||
* HmacPBESHA512/256
|
||||
|
||||
JDK-8256902: Removed Root Certificates with 1024-bit Keys
|
||||
=========================================================
|
||||
The following root certificates with weak 1024-bit RSA public keys
|
||||
have been removed from the `cacerts` keystore:
|
||||
|
||||
Alias Name: thawtepremiumserverca [jdk]
|
||||
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
|
||||
|
||||
Alias Name: verisignclass2g2ca [jdk]
|
||||
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
|
||||
|
||||
Alias Name: verisignclass3ca [jdk]
|
||||
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
|
||||
|
||||
Alias Name: verisignclass3g2ca [jdk]
|
||||
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
|
||||
|
||||
Alias Name: verisigntsaca [jdk]
|
||||
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
|
||||
|
||||
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
|
||||
=================================================================
|
||||
|
||||
The following root certificate have been removed from the cacerts truststore:
|
||||
|
||||
Alias Name: soneraclass2ca
|
||||
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
|
||||
|
||||
JDK-8242069: Upgraded the Default PKCS12 Encryption and MAC Algorithms
|
||||
======================================================================
|
||||
The default encryption and MAC algorithms used in a PKCS #12 keystore
|
||||
have been updated. The new algorithms are based on AES-256 and SHA-256
|
||||
and are stronger than the old algorithms that were based on RC2,
|
||||
DESede, and SHA-1. See the security properties starting with
|
||||
`keystore.pkcs12` in the `java.security` file for detailed
|
||||
information.
|
||||
|
||||
For compatibility, a new system property named
|
||||
`keystore.pkcs12.legacy` is defined that will revert the algorithms to
|
||||
use the older, weaker algorithms. There is no value defined for this
|
||||
property.
|
||||
|
||||
security-libs/javax.net.ssl:
|
||||
|
||||
JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
|
||||
=========================================================================================
|
||||
Certain TLS ALPN values couldn't be properly read or written by the
|
||||
SunJSSE provider. This is due to the choice of Strings as the API
|
||||
interface and the undocumented internal use of the UTF-8 Character Set
|
||||
which converts characters larger than U+00007F (7-bit ASCII) into
|
||||
multi-byte arrays that may not be expected by a peer.
|
||||
|
||||
ALPN values are now represented using the network byte representation
|
||||
expected by the peer, which should require no modification for
|
||||
standard 7-bit ASCII-based character Strings. However, SunJSSE now
|
||||
encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
|
||||
characters. This means applications that used characters above
|
||||
U+000007F that were previously encoded using UTF-8 may need to either
|
||||
be modified to perform the UTF-8 conversion, or set the Java security
|
||||
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
|
||||
|
||||
See the updated guide at
|
||||
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
|
||||
for more information.
|
||||
|
||||
JDK-8244460: Support for certificate_authorities Extension
|
||||
==========================================================
|
||||
The "certificate_authorities" extension is an optional extension
|
||||
introduced in TLS 1.3. It is used to indicate the certificate
|
||||
authorities (CAs) that an endpoint supports and should be used by the
|
||||
receiving endpoint to guide certificate selection.
|
||||
|
||||
With this JDK release, the "certificate_authorities" extension is
|
||||
supported for TLS 1.3 in both the client and the server sides. This
|
||||
extension is always present for client certificate selection, while it
|
||||
is optional for server certificate selection.
|
||||
|
||||
Applications can enable this extension for server certificate
|
||||
selection by setting the `jdk.tls.client.enableCAExtension` system
|
||||
property to `true`. The default value of the property is `false`.
|
||||
|
||||
Note that if the client trusts more CAs than the size limit of the
|
||||
extension (less than 2^16 bytes), the extension is not enabled. Also,
|
||||
some server implementations do not allow handshake messages to exceed
|
||||
2^14 bytes. Consequently, there may be interoperability issues when
|
||||
`jdk.tls.client.enableCAExtension` is set to `true` and the client
|
||||
trusts more CAs than the server implementation limit.
|
||||
|
||||
New in release OpenJDK 11.0.11 (2021-04-20):
|
||||
=============================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
@ -4,7 +4,7 @@
|
||||
# Example:
|
||||
# When used from local repo set REPO_ROOT pointing to file:// with your repo
|
||||
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
|
||||
# If you want to use a local copy of patch PR3818, set the path to it in the PR3818 variable
|
||||
# If you want to use a local copy of patch PRTBC01, set the path to it in the PRTBC01 variable
|
||||
#
|
||||
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
|
||||
# PROJECT_NAME=jdk
|
||||
@ -26,9 +26,9 @@
|
||||
# level folder, name is created, based on parameter
|
||||
#
|
||||
|
||||
if [ ! "x$PR3818" = "x" ] ; then
|
||||
if [ ! -f "$PR3818" ] ; then
|
||||
echo "You have specified PR3818 as $PR3818 but it does not exist. Exiting"
|
||||
if [ ! "x$PRTBC01" = "x" ] ; then
|
||||
if [ ! -f "$PRTBC01" ] ; then
|
||||
echo "You have specified PRTBC01 as $PRTBC01 but it does not exist. Exiting"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
@ -48,7 +48,7 @@ if [ "x$1" = "xhelp" ] ; then
|
||||
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
|
||||
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
|
||||
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
|
||||
echo "PR3818 - the path to the PR3818 patch to apply (optional; downloaded if unavailable)"
|
||||
echo "PRTBC01 - the path to the PRTBC01 patch to apply (optional; downloaded if unavailable)"
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
@ -126,17 +126,17 @@ pushd "${FILE_NAME_ROOT}"
|
||||
rm -vf ${CRYPTO_PATH}/ecp_224.c
|
||||
|
||||
echo "Syncing EC list with NSS"
|
||||
if [ "x$PR3818" = "x" ] ; then
|
||||
# get pr3818.patch (from http://icedtea.classpath.org/hg/icedtea11) from most correct tag
|
||||
if [ "x$PRTBC01" = "x" ] ; then
|
||||
# get prTBC01.patch (from http://icedtea.classpath.org/hg/icedtea11) from most correct tag
|
||||
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3751)
|
||||
echo "PR3818 not found. Downloading..."
|
||||
wget http://icedtea.classpath.org/hg/icedtea11/raw-file/tip/patches/pr3818-4curve.patch
|
||||
echo "Applying ${PWD}/pr3818.patch"
|
||||
patch -Np1 < pr3818.patch
|
||||
rm pr3818.patch
|
||||
echo "PRTBC01 not found. Downloading..."
|
||||
wget http://icedtea.classpath.org/hg/icedtea11/raw-file/tip/patches/prtbc01-4curve.patch
|
||||
echo "Applying ${PWD}/prTBC01.patch"
|
||||
patch -Np1 < prtbc01.patch
|
||||
rm prtbc01.patch
|
||||
else
|
||||
echo "Applying ${PR3818}"
|
||||
patch -Np1 < $PR3818
|
||||
echo "Applying ${PRTBC01}"
|
||||
patch -Np1 < $PRTBC01
|
||||
fi;
|
||||
find . -name '*.orig' -exec rm -vf '{}' ';'
|
||||
popd
|
||||
|
@ -176,10 +176,8 @@
|
||||
%endif
|
||||
|
||||
# If you disable both builds, then the build fails
|
||||
# Note that the debug build requires the normal build for docs
|
||||
%global build_loop %{normal_build} %{fastdebug_build} %{slowdebug_build}
|
||||
# Test slowdebug first as it provides the best diagnostics
|
||||
%global rev_build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
|
||||
# Build and test slowdebug first as it provides the best diagnostics
|
||||
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
|
||||
|
||||
%if %{include_staticlibs}
|
||||
%global staticlibs_loop %{staticlibs_suffix}
|
||||
@ -297,7 +295,7 @@
|
||||
# New Version-String scheme-style defines
|
||||
%global featurever 11
|
||||
%global interimver 0
|
||||
%global updatever 11
|
||||
%global updatever 12
|
||||
%global patchver 0
|
||||
# If you bump featurever, you must bump also vendor_version_string
|
||||
# Used via new version scheme. JDK 11 was
|
||||
@ -344,8 +342,8 @@
|
||||
%global origin_nice OpenJDK
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 9
|
||||
%global rpmrelease 2
|
||||
%global buildver 6
|
||||
%global rpmrelease 0
|
||||
#%%global tagsuffix ""
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
@ -374,7 +372,7 @@
|
||||
# Release will be (where N is usually a number starting at 1):
|
||||
# - 0.N%%{?extraver}%%{?dist} for EA releases,
|
||||
# - N%%{?extraver}{?dist} for GA releases
|
||||
%global is_ga 1
|
||||
%global is_ga 0
|
||||
%if %{is_ga}
|
||||
%global ea_designator ""
|
||||
%global ea_designator_zip ""
|
||||
@ -1589,10 +1587,6 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{includ
|
||||
echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go."
|
||||
exit 14
|
||||
fi
|
||||
if [ %{include_normal_build} -eq 0 ] ; then
|
||||
echo "You have disabled the normal build, but this is required to provide docs for the debug build."
|
||||
exit 15
|
||||
fi
|
||||
%setup -q -c -n %{uniquesuffix ""} -T -a 0
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
|
||||
prioritylength=`expr length %{priority}`
|
||||
@ -1832,7 +1826,7 @@ done # end of release / debug cycle loop
|
||||
%check
|
||||
|
||||
# We test debug first as it will give better diagnostics on a crash
|
||||
for suffix in %{rev_build_loop} ; do
|
||||
for suffix in %{build_loop} ; do
|
||||
|
||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
||||
%if %{include_staticlibs}
|
||||
@ -2313,6 +2307,16 @@ require "copy_jdk_configs.lua"
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jul 20 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.6-0.0.ea
|
||||
- Update to jdk-11.0.12.0+6
|
||||
- Update release notes to 11.0.12.0+6
|
||||
- Correct bug ID JDK-8264846 to intended ID of JDK-8264848
|
||||
- Switch to EA mode for 11.0.12 pre-release builds.
|
||||
- Update ECC patch following JDK-8226374 (bug ID yet to be confirmed)
|
||||
- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
|
||||
- Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
|
||||
- Resolves: rhbz#1967815
|
||||
|
||||
* Tue Jul 20 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-2
|
||||
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
|
||||
- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
|
||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
|
||||
SHA512 (jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz) = 92aee670c98e14505434e7e7a92bcf0c06a322442aec5b6656df53131b53e85e389123c17926a2cd3f85b0ead7acef87d9abd70a88d7f09d7e8848d01d00f961
|
||||
SHA512 (jdk-updates-jdk11u-jdk-11.0.12+6-4curve.tar.xz) = c5dc3101d0315b9cd5407f26142c121b0889aa931772212f717ae2c6de3c5071f16cc7b98728993384e3c9d74126c06d532af911429dd7b5baebe52a8e65d015
|
||||
|
Loading…
Reference in New Issue
Block a user