rpms/java-11-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to jdk-11.0.17+1

Browse Source 
Update release notes to 11.0.17+1
Switch to EA mode for 11.0.17 pre-release builds.
Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
Bump FreeType bundled version to 2.12.1 following JDK-8290334

Related: rhbz#2130619
This commit is contained in:
Andrew Hughes 2022-09-30 21:58:49 +01:00
parent 039e53d5a7
commit 202005cfbc
4 changed files with 326 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -107,3 +107,4 @@
/openjdk-jdk11u-jdk-11.0.16+7-4curve.tar.xz
/openjdk-jdk11u-jdk-11.0.16+8-4curve.tar.xz
/openjdk-jdk11u-jdk-11.0.16.1+1-4curve.tar.xz
/openjdk-jdk11u-jdk-11.0.17+1-4curve.tar.xz

310
NEWS
View File

@ -3,6 +3,316 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 11.0.17 (2022-10-18):
=============================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk11017
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html
* Other changes
- JDK-6606767: resexhausted00[34] fail assert(!thread->owns_locks(), "must release all locks when leaving VM")
- JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7
- JDK-8017175: [TESTBUG] javax/swing/JPopupMenu/4634626/bug4634626.java sometimes failed on mac
- JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires
- JDK-8139348: Deprecate 3DES and RC4 in Kerberos
- JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java
- JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption
- JDK-8169468: NoResizeEventOnDMChangeTest.java fails because FS Window didn't receive all resizes!
- JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad"
- JDK-8183372: Refactor java/lang/Class shell tests to java
- JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names
- JDK-8193462: Fix Filer handling of package-info initial elements
- JDK-8203277: preflow visitor used during lambda attribution shouldn't visit class definitions inside the lambda body
- JDK-8208471: nsk/jdb/unwatch/unwatch002/unwatch002.java fails with "Prompt is not received during 300200 milliseconds"
- JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode
- JDK-8210107: vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed)
- JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure
- JDK-8210960: Allow --with-boot-jdk-jvmargs to work during configure
- JDK-8212904: JTextArea line wrapping incorrect when using UI scale
- JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in some configs
- JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount()
- JDK-8215291: Broken links when generating from project without modules
- JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java timed out
- JDK-8217332: JTREG: Clean up, use generics instead of raw types
- JDK-8218128: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003 and 004 use wrong path to test classes
- JDK-8219074: [TESTBUG] runtime/containers/docker/TestCPUAwareness.java typo of printing parameters (period should be shares)
- JDK-8219149: ProcessTools.ProcessBuilder should print timing info for subprocesses
- JDK-8220744: [TESTBUG] Move RedefineTests from runtime to serviceability
- JDK-8223575: add subspace transitions to gc+metaspace=info log lines
- JDK-8225122: Test AncestorResized.java fails when Windows desktop is scaled.
- JDK-8226976: SessionTimeOutTests uses == operator for String value check
- JDK-8235870: C2 crashes in IdealLoopTree::est_loop_flow_merge_sz()
- JDK-8236490: Compiler bug relating to @NonNull annotation
- JDK-8236823: Ensure that API documentation uses minified libraries
- JDK-8238196: tests that use SA Attach should not be allowed to run against signed binaries on Mac OS X 10.14.5 and later
- JDK-8238203: Return value of GetUserDefaultUILanguage() should be handled as LANGID
- JDK-8238268: Many SA tests are not running on OSX because they do not attempt to use sudo when available
- JDK-8239379: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java on OSX
- JDK-8239902: [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class
- JDK-8240903: Add test to check that jmod hashes are reproducible
- JDK-8247907: XMLDsig logging does not work
- JDK-8247964: All log0() in com/sun/org/slf4j/internal/Logger.java should be private
- JDK-8249623: test @ignore-d due to 7013634 should be returned back to execution
- JDK-8251551: Use .md filename extension for README
- JDK-8253829: Wrong length compared in SSPI bridge
- JDK-8253916: ResourceExhausted/resexhausted001 crashes on Linux-x64
- JDK-8254178: Remove .hgignore
- JDK-8254318: Remove .hgtags
- JDK-8255724: [XRender] the BlitRotateClippedArea test fails on Linux in the XR pipeline
- JDK-8255729: com.sun.tools.javac.processing.JavacFiler.FilerOutputStream is inefficient
- JDK-8257623: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted001/TestDescription.java shouldn't use timeout
- JDK-8258946: Fix optimization-unstable code involving signed integer overflow
- JDK-8261160: Add a deserialization JFR event
- JDK-8262085: Hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux
- JDK-8264400: (fs) WindowsFileStore equality depends on how the FileStore was constructed
- JDK-8264792: The NumberFormat for locale sq_XK formats price incorrectly.
- JDK-8265020: tests must be updated for new TestNG module name
- JDK-8265100: (fs) WindowsFileStore.hashCode() should read cached hash code once
- JDK-8265531: doc/building.md should mention homebrew install freetype
- JDK-8266250: WebSocketTest and WebSocketProxyTest call assertEquals(List<byte[]>, List<byte[]>)
- JDK-8266254: Update to use jtreg 6
- JDK-8266460: java.io tests fail on null stream with upgraded jtreg/TestNG
- JDK-8266461: tools/jmod/hashes/HashesTest.java fails: static @Test methods
- JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups
- JDK-8266675: Optimize IntHashTable for encapsulation and ease of use
- JDK-8266774: System property values for stdout/err on Windows UTF-8
- JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java
- JDK-8267180: Typo in copyright header for HashesTest
- JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation
- JDK-8267880: Upgrade the default PKCS12 MAC algorithm
- JDK-8268185: Update GitHub Actions for jtreg 6
- JDK-8269039: Disable SHA-1 Signed JARs
- JDK-8269517: compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges
- JDK-8270090: C2: LCM may prioritize CheckCastPP nodes over projections
- JDK-8270312: Error: Not a test or directory containing tests: java/awt/print/PrinterJob/XparColor.java
- JDK-8271010: vmTestbase/gc/lock/malloc/malloclock04/TestDescription.java crashes intermittently
- JDK-8271078: jdk/incubator/vector/Float128VectorTests.java failed a subtest
- JDK-8271512: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java due to 8270326
- JDK-8272352: Java launcher can not parse Chinese character when system locale is set to UTF-8
- JDK-8272398: Update DockerTestUtils.buildJdkDockerImage()
- JDK-8273526: Extend the OSContainer API pids controller with pids.current
- JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root
- JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false]
- JDK-8274687: JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend
- JDK-8275689: [TESTBUG] Use color tolerance only for XRender in BlitRotateClippedArea test
- JDK-8277893: Arraycopy stress tests
- JDK-8278067: Make HttpURLConnection default keep alive timeout configurable
- JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"
- JDK-8279622: C2: miscompilation of map pattern as a vector reduction
- JDK-8280913: Create a regression test for JRootPane.setDefaultButton() method
- JDK-8281181: Do not use CPU Shares to compute active processor count
- JDK-8281535: Create a regression test for JDK-4670051
- JDK-8281569: Create tests for Frame.setMinimumSize() method
- JDK-8281628: KeyAgreement : generateSecret intermittently not resetting
- JDK-8281738: Create a regression test for checking the 'Space' key activation of focused Button
- JDK-8281745: Create a regression test for JDK-4514331
- JDK-8281988: Create a regression test for JDK-4618767
- JDK-8282214: Upgrade JQuery to version 3.6.0
- JDK-8282234: Create a regression test for JDK-4532513
- JDK-8282280: Update Xerces to Version 2.12.2
- JDK-8282343: Create a regression test for JDK-4518432
- JDK-8282538: PKCS11 tests fail on CentOS Stream 9
- JDK-8282548: Create a regression test for JDK-4330998
- JDK-8282555: Missing memory edge when spilling MoveF2I, MoveD2L etc
- JDK-8282789: Create a regression test for the JTree usecase of JDK-4618767
- JDK-8282860: Write a regression test for JDK-4164779
- JDK-8282933: Create a test for JDK-4529616
- JDK-8283015: Create a test for JDK-4715496
- JDK-8283017: GHA: Workflows break with update release versions
- JDK-8283087: Create a test or JDK-4715503
- JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int)
- JDK-8283493: Create an automated regression test for RFE 4231298
- JDK-8283507: Create a regression test for RFE 4287690
- JDK-8283621: Write a regression test for CCC4400728
- JDK-8283623: Create an automated regression test for JDK-4525475
- JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee
- JDK-8284367: JQuery UI upgrade from 1.12.1 to 1.13.1
- JDK-8284680: sun.font.FontConfigManager.getFontConfig() leaks charset
- JDK-8284694: Avoid evaluating SSLAlgorithmConstraints twice
- JDK-8284754: print more interesting env variables in hs_err and VM.info
- JDK-8284758: [linux] improve print_container_info
- JDK-8284882: SIGSEGV in Node::verify_edges due to compilation bailout
- JDK-8284944: assert(cnt++ < 40) failed: infinite cycle in loop optimization
- JDK-8284956: Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment
- JDK-8285081: Improve XPath operators count accuracy
- JDK-8285097: Duplicate XML keys in XPATHErrorResources.java and XSLTErrorResources.java
- JDK-8285380: Fix typos in security
- JDK-8285398: Cache the results of constraint checks
- JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null
- JDK-8285728: Alpine Linux build fails with busybox tar
- JDK-8285820: C2: LCM prioritizes locally dependent CreateEx nodes over projections after 8270090
- JDK-8286114: [test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java
- JDK-8286177: C2: "failed: non-reduction loop contains reduction nodes" assert failure
- JDK-8286211: Update PCSC-Lite for Suse Linux to 1.9.5
- JDK-8286314: Trampoline not created for far runtime targets outside small CodeCache
- JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled
- JDK-8287017: Bump update version for OpenJDK: jdk-11.0.17
- JDK-8287202: GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event
- JDK-8287223: C1: Inlining attempt through MH::invokeBasic() with null receiver
- JDK-8287336: GHA: Workflows break on patch versions
- JDK-8287366: Improve test failure reporting in GHA
- JDK-8287432: C2: assert(tn->in(0) != __null) failed: must have live top node
- JDK-8287672: jtreg test com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails intermittently in nightly run
- JDK-8288360: CI: ciInstanceKlass::implementor() is not consistent for well-known classes
- JDK-8288467: remove memory_operand assert for spilled instructions
- JDK-8288754: GCC 12 fails to build zReferenceProcessor.cpp
- JDK-8288763: Pack200 extraction failure with invalid size
- JDK-8288865: [aarch64] LDR instructions must use legitimized addresses
- JDK-8289477: Memory corruption with CPU_ALLOC, CPU_FREE on muslc
- JDK-8289486: Improve XSLT XPath operators count efficiency
- JDK-8289799: Build warning in methodData.cpp memset zero-length parameter
- JDK-8289853: Update HarfBuzz to 4.4.1
- JDK-8289856: [PPC64] SIGSEGV in C2Compiler::init_c2_runtime() after JDK-8289060
- JDK-8290004: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC
- JDK-8290198: Shenandoah: a few Shenandoah tests failure after JDK-8214799 11u backport
- JDK-8290246: test fails "assert(init != __null) failed: initialization not found"
- JDK-8290334: Update FreeType to 2.12.1
- JDK-8290813: jdk/nashorn/api/scripting/test/ScriptObjectMirrorTest.java fails: assertEquals is ambiguous
- JDK-8290886: [11u]: Backport of JDK-8266250 introduced test failures
Notes on individual issues:
===========================
core-libs/java.net:
JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable
===========================================================================
Two system properties have been added which control the keep alive
behavior of HttpURLConnection in the case where the server does not
specify a keep alive time. Two properties are defined for controlling
connections to servers and proxies separately. They are:
* `http.keepAlive.time.server`
* `http.keepAlive.time.proxy`
respectively. More information about them can be found on the
Networking Properties page:
https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html.
hotspot/runtime:
JDK-8281181: CPU Shares Ignored When Computing Active Processor Count
=====================================================================
Previous JDK releases used an incorrect interpretation of the Linux
cgroups parameter "cpu.shares". This might cause the JVM to use fewer
CPUs than available, leading to an under utilization of CPU resources
when the JVM is used inside a container.
Starting from this JDK release, by default, the JVM no longer
considers "cpu.shares" when deciding the number of threads to be used
by the various thread pools. The `-XX:+UseContainerCpuShares`
command-line option can be used to revert to the previous
behavior. This option is deprecated and may be removed in a future JDK
release.
security-libs/java.security:
JDK-8269039: Disabled SHA-1 Signed JARs
=======================================
JARs signed with SHA-1 algorithms are now restricted by default and
treated as if they were unsigned. This applies to the algorithms used
to digest, sign, and optionally timestamp the JAR. It also applies to
the signature and digest algorithms of the certificates in the
certificate chain of the code signer and the Timestamp Authority, and
any CRLs or OCSP responses that are used to verify if those
certificates have been revoked. These restrictions also apply to
signed JCE providers.
To reduce the compatibility risk for JARs that have been previously
timestamped, there is one exception to this policy:
- Any JAR signed with SHA-1 algorithms and timestamped prior to
January 01, 2019 will not be restricted.
This exception may be removed in a future JDK release. To determine if
your signed JARs are affected by this change, run:
$ jarsigner -verify -verbose -certs`
on the signed JAR, and look for instances of "SHA1" or "SHA-1" and
"disabled" and a warning that the JAR will be treated as unsigned in
the output.
For example:
Signed by "CN="Signer""
Digest algorithm: SHA-1 (disabled)
Signature algorithm: SHA1withRSA (disabled), 2048-bit key
WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01
JARs affected by these new restrictions should be replaced or
re-signed with stronger algorithms.
Users can, *at their own risk*, remove these restrictions by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) and removing "SHA1 usage
SignedJAR & denyAfter 2019-01-01" from the
`jdk.certpath.disabledAlgorithms` security property and "SHA1
denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security
property.
JDK-8267880: Upgrade the default PKCS12 MAC algorithm
=====================================================
The default MAC algorithm used in a PKCS #12 keystore has been
updated. The new algorithm is based on SHA-256 and is stronger than
the old one based on SHA-1. See the security properties starting with
`keystore.pkcs12` in the `java.security` file for detailed
information.
The new SHA-256 based MAC algorithms were introduced in the 11.0.12
release. Keystores created using this newer, stronger, MAC algorithm
cannot be opened in versions of OpenJDK 11 earlier than 11.0.12. A
'java.security.NoSuchAlgorithmException' exception will be thrown in
such circumstances.
For compatibility, use the `keystore.pkcs12.legacy` system property,
which will revert the algorithms to use the older, weaker
algorithms. There is no value defined for this property.
core-libs/java.io:serialization:
JDK-8261160: JDK Flight Recorder Event for Deserialization
==========================================================
It is now possible to monitor deserialization of objects using JDK
Flight Recorder (JFR). When JFR is enabled and the JFR configuration
includes deserialization events, JFR will emit an event whenever the
running program attempts to deserialize an object. The deserialization
event is named `jdk.Deserialization`, and it is disabled by
default. The deserialization event contains information that is used
by the serialization filter mechanism; see the ObjectInputFilter API
specification for details.
Additionally, if a filter is enabled, the JFR event indicates whether
the filter accepted or rejected deserialization of the object. For
further information about how to use the JFR deserialization event,
see the article "Monitoring Deserialization to Improve Application
Security"
(https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/).
For reference information about using and configuring JFR, see the
"JFR Runtime Guide"
(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165)
and "JFR Command Reference"
(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0)
sections of the JDK Mission Control documentation.
security-libs/org.ietf.jgss:krb5:
JDK-8139348: Deprecate 3DES and RC4 in Kerberos
===============================================
The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes)
are now deprecated and disabled by default. Users can set
`allow_weak_crypto = true` in the `krb5.conf` configuration file to
re-enable them (along with other weak etypes including `des-cbc-crc`
and `des-cbc-md5`) at their own risk. To disable a subset of the weak
etypes, users can list preferred etypes explicitly in any of the
`default_tkt_enctypes`, `default_tgs_enctypes`, or
`permitted_enctypes` settings.
New in release OpenJDK 11.0.16.1 (2022-08-12):
=============================================
Live versions of these release notes can be found at:

20
java-11-openjdk.spec
View File

@ -331,8 +331,8 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
%global updatever 16
%global patchver 1
%global updatever 17
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
# and this it is better to change it here, on single place
@ -378,7 +378,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 1
%global rpmrelease 3
%global rpmrelease 2
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@ -406,7 +406,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%global is_ga 0
%if %{is_ga}
%global ea_designator ""
%global ea_designator_zip ""
@ -1477,11 +1477,11 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.12.0
Provides: bundled(freetype) = 2.12.1
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 2.8.0
Provides: bundled(harfbuzz) = 4.4.1
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.12.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
@ -2652,6 +2652,14 @@ require "copy_jdk_configs.lua"
%endif
%changelog
* Tue Sep 06 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.17.0.1-0.2.ea
- Update to jdk-11.0.17+1
- Update release notes to 11.0.17+1
- Switch to EA mode for 11.0.17 pre-release builds.
- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
- Bump FreeType bundled version to 2.12.1 following JDK-8290334
- Related: rhbz#2130619
* Tue Aug 30 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.16.1.1-3
- Switch to static builds, reducing system dependencies and making build more portable
- Resolves: rhbz#2121275

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-jdk11u-jdk-11.0.16.1+1-4curve.tar.xz) = 346abd3e59183394d9177e3ec5b43394f0e0a77d01d7458df32358324d6a6411194c7bf69e1b5d1d6e0fa354e5eb2d05fee50c64d7c958b61dac8d9d7ec34d38
SHA512 (openjdk-jdk11u-jdk-11.0.17+1-4curve.tar.xz) = 533793f9a2f0990de89d2e5cdf318316a8d3ab761a1dc85e9cf0e168af112b4aaae37e614b86cf792beb907539c13832530689a1fdfa6a4e6432df2260f3c8b0