import java-11-openjdk-11.0.19.0.7-1.el8_7

This commit is contained in:
CentOS Sources 2023-04-20 01:52:37 +00:00 committed by Stepan Oksanichenko
parent cbb22857da
commit 298c232f10
8 changed files with 1583 additions and 86 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz
SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

View File

@ -1,2 +1,2 @@
65abc412a085af5ba08c019cf6d0e7e44cfe94eb SOURCES/openjdk-jdk11u-jdk-11.0.18+10-4curve.tar.xz
aa30c8827f7ced0a1fa9a9c226884f7c79101e86 SOURCES/openjdk-jdk11u-jdk-11.0.19+7-4curve.tar.xz
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

View File

@ -3,6 +3,287 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 11.0.19 (2023-04-18):
=============================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk11019
* CVEs
- CVE-2023-21930
- CVE-2023-21937
- CVE-2023-21938
- CVE-2023-21939
- CVE-2023-21954
- CVE-2023-21967
- CVE-2023-21968
* Security fixes
- JDK-8287404: Improve ping times
- JDK-8288436: Improve Xalan supports
- JDK-8294474: Better AES support
- JDK-8295304: Runtime support improvements
- JDK-8296676, JDK-8296622: Improve String platform support
- JDK-8296684: Improve String platform support
- JDK-8296692: Improve String platform support
- JDK-8296832: Improve Swing platform support
- JDK-8297371: Improve UTF8 representation redux
- JDK-8298191: Enhance object reclamation process
- JDK-8298310: Enhance TLS session negotiation
- JDK-8298667: Improved path handling
- JDK-8299129: Enhance NameService lookups
* Other changes
- JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion
- JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails
- JDK-8035787: SourcePositions are wrong for Strings concatenated with '+' operator
- JDK-8065097: [macosx] javax/swing/Popup/TaskbarPositionTest.java fails because Popup is one pixel off
- JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled
- JDK-8129315: java/net/Socket/LingerTest.java and java/net/Socket/ShutdownBoth.java timeout intermittently
- JDK-8144030: [macosx] test java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again)
- JDK-8170705: sun/net/www/protocol/http/StackTraceTest.java fails intermittently with Invalid Http response
- JDK-8171405: java/net/URLConnection/ResendPostBody.java failed with "Error while cleaning up threads after test"
- JDK-8179317: [TESTBUG] rewrite runtime shell tests in java
- JDK-8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols
- JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails
- JDK-8195057: java/util/concurrent/CountDownLatch/Basic.java failed w/ Xcomp
- JDK-8195716: BootstrapLoggerTest : Executor still alive
- JDK-8202621: bad test with broken links needs to be updated
- JDK-8207248: Reduce incidence of compiler.warn.source.no.bootclasspath in javac tests
- JDK-8208077: File.listRoots performance degradation
- JDK-8209023: fix 2 compiler tests to avoid JDK-8208690
- JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update
- JDK-8209774: Refactor shell test javax/xml/jaxp/common/8035437/run.sh to java
- JDK-8209935: Test to cover CodeSource.getCodeSigners()
- JDK-8210373: Deadlock in libj2gss.so when loading "j2gss" and "net" libraries in parallel.
- JDK-8212165: JGSS: Fix cut/paste error in NativeUtil.c
- JDK-8212216: JGSS: Fix leak in exception cases in getJavaOID()
- JDK-8213130: Update ProblemList after verification of jtreg tests in Win 7
- JDK-8213265: fix missing newlines at end of files
- JDK-8213932: [TESTBUG] assertEquals is invoked with the arguments in the wrong order
- JDK-8214445: [test] java/net/URL/HandlerLoop has illegal reflective access
- JDK-8215372: test/jdk/java/nio/file/DirectoryStream/Basic.java not correct when using a glob
- JDK-8215759: [test] java/math/BigInteger/ModPow.java can throw an ArithmeticException
- JDK-8217353: java/util/logging/LogManager/Configuration/updateConfiguration/HandlersOnComplexResetUpdate.java fails with Unexpected reference: java.lang.ref.WeakReference
- JDK-8217730: Split up MakeBase.gmk
- JDK-8218133: sun/net/www/protocol/http/ProtocolRedirect.java failed with "java.net.ConnectException"
- JDK-8218431: Improved platform checking in makefiles
- JDK-8218460: Test generation scripts do not invoke stream preprocessor correctly
- JDK-8221098: Run java/net/URL/HandlerLoop.java in othervm mode
- JDK-8221168: java/util/concurrent/CountDownLatch/Basic.java fails
- JDK-8221351: Crash in KlassFactory::check_shared_class_file_load_hook
- JDK-8221621: FindTests.gmk cannot handle "=" in TEST.groups comments
- JDK-8222430: Add tests for ElementKind predicates
- JDK-8223463: Replace wildcard address with loopback or local host in tests - part 2
- JDK-8223716: sun/net/www/http/HttpClient/MultiThreadTest.java should be more resilient to unexpected traffic
- JDK-8223736: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java fails due to wrong number of MonitorContendedEntered events
- JDK-8224024: java/util/concurrent/BlockingQueue/DrainToFails.java testBounded fails intermittently
- JDK-8225648: [TESTBUG] java/lang/annotation/loaderLeak/Main.java fails with -Xcomp
- JDK-8226595: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java still fails due to wrong number of MonitorContendedEntered events
- JDK-8226917: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java fails on jvmti->InterruptThread (JVMTI_ERROR_THREAD_NOT_ALIVE)
- JDK-8227422: sun/net/www/protocol/file/DirPermissionDenied.java failed on Windows 2016 because DirPermissionDenied directory has no read permission
- JDK-8230374: maxOutputSize, instead of javatest.maxOutputSize, should be used in TEST.properties
- JDK-8230731: SA tests fail with "Windbg Error: ReadVirtual failed"
- JDK-8231595: [TEST] develop a test case for SuspendThreadList including current thread
- JDK-8233462: serviceability/tmtools/jstat tests times out with -Xcomp
- JDK-8235448: code cleanup in SSLContextImpl.java
- JDK-8238936: The crash in XRobotPeer when the custom GraphicsDevice is used
- JDK-8241293: CompressedClassSpaceSizeInJmapHeap.java time out after 8 minutes
- JDK-8241806: The sun/awt/shell/FileSystemViewMemoryLeak.java is unstable
- JDK-8244592: Start supporting SOURCE_DATE_EPOCH
- JDK-8245245: WebSocket can lose the URL encoding of URI query parameters
- JDK-8245654: Add Certigna Root CA
- JDK-8247741: Test test/hotspot/jtreg/runtime/7162488/TestUnrecognizedVmOption.java fails when -XX:+IgnoreUnrecognizedVMOptions is set
- JDK-8248306: gc/stress/gclocker/TestExcessGCLockerCollections.java does not compile
- JDK-8249691: jdk/lambda/vm/StrictfpDefault.java file can be removed
- JDK-8252401: Introduce Utils.TEST_NATIVE_PATH
- JDK-8252532: use Utils.TEST_NATIVE_PATH instead of System.getProperty("test.nativepath")
- JDK-8252715: Problem list java/awt/event/KeyEvent/KeyTyped/CtrlASCII.java on Linux
- JDK-8254267: javax/xml/crypto/dsig/LogParameters.java failed with "RuntimeException: Unexpected log output:"
- JDK-8255710: Opensource unit/regression tests for CMM
- JDK-8256110: Create implementation for NSAccessibilityStepper protocol
- JDK-8256111: Create implementation for NSAccessibilityStaticText protocol
- JDK-8256126: Create implementation for NSAccessibilityImage protocol peer
- JDK-8256240: Reproducible builds should turn on the "deterministic" flag for Visual Studio
- JDK-8256934: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
- JDK-8257928: Test image build failure with clang-10 due to -Wmisleading-indentation
- JDK-8258005: JDK build fails with incorrect fixpath script
- JDK-8259265: Refactor UncaughtExceptions shell test as java test.
- JDK-8259267: Refactor LoaderLeak shell test as java test.
- JDK-8260576: Typo in compiler/runtime/safepoints/TestRegisterRestoring.java
- JDK-8261270: MakeMethodNotCompilableTest fails with -XX:TieredStopAtLevel={1,2,3}
- JDK-8261279: sun/util/resources/cldr/TimeZoneNamesTest.java timed out
- JDK-8261350: Create implementation for NSAccessibilityCheckBox protocol peer
- JDK-8261351: Create implementation for NSAccessibilityRadioButton protocol
- JDK-8261352: Create implementation for component peer for all the components who should be ignored in a11y interactions
- JDK-8262060: compiler/whitebox/BlockingCompilation.java timed out
- JDK-8264200: java/nio/channels/DatagramChannel/SRTest.java fails intermittently
- JDK-8264299: Create implementation of native accessibility peer for ScrollPane and ScrollBar Java Accessibility roles
- JDK-8264512: jdk/test/jdk/java/util/prefs/ExportNode.java relies on default platform encoding
- JDK-8266974: duplicate property key in java.sql.rowset resource bundle
- JDK-8267038: Update IANA Language Subtag Registry to Version 2022-03-02
- JDK-8270609: [TESTBUG] java/awt/print/Dialog/DialogCopies.java does not show instruction
- JDK-8271323: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -XX:TieredStopAtLevel=1
- JDK-8271506: Add ResourceHashtable support for deleting selected entries
- JDK-8272985: Reference discovery is confused about atomicity and degree of parallelism
- JDK-8273497: building.md should link to both md and html
- JDK-8273806: compiler/cpuflags/TestSSE4Disabled.java should test for CPU feature explicitly
- JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails due to wrong data size with TieredStopAtLevel=2,3
- JDK-8274939: Incorrect size of the pixel storage is used by the robot on macOS
- JDK-8277346: ProblemList 7 serviceability/sa tests on macosx-x64
- JDK-8277351: ProblemList runtime/jni/checked/TestPrimitiveArrayCriticalWithBadParam.java on macosx-x64
- JDK-8279614: The left line of the TitledBorder is not painted on 150 scale factor
- JDK-8279662: serviceability/sa/ClhsdbScanOops.java can fail due to unexpected GC
- JDK-8279941: sun/security/pkcs11/Signature/TestDSAKeyLength.java fails when NSS version detection fails
- JDK-8280048: Missing comma in copyright header
- JDK-8280391: NMT: Correct NMT tag on CollectedHeap
- JDK-8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
- JDK-8280896: java/nio/file/Files/probeContentType/Basic.java fails on Windows 11
- JDK-8281262: Windows builds in different directories are not fully reproducible
- JDK-8282036: Change java/util/zip/ZipFile/DeleteTempJar.java to stop HttpServer cleanly in case of exceptions
- JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX
- JDK-8282398: EndingDotHostname.java test fails because SSL cert expired
- JDK-8282511: Use fixed certificate validation date in SSLExampleCert template
- JDK-8282958: Rendering Issues with Borders on Windows High-DPI systems
- JDK-8283606: Tests may fail with zh locale on MacOS
- JDK-8283717: vmTestbase/nsk/jdi/ThreadStartEvent/thread/thread001 failed due to SocketTimeoutException
- JDK-8283719: java/util/logging/CheckZombieLockTest.java failing intermittently
- JDK-8283870: jdeprscan --help causes an exception when the locale is ja, zh_CN or de
- JDK-8284023: java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
- JDK-8284165: Add pid to process reaper thread name
- JDK-8285093: Introduce UTIL_ARG_WITH
- JDK-8285399: JNI exception pending in awt_GraphicsEnv.c:1432
- JDK-8285690: CloneableReference subtest should not throw CloneNotSupportedException
- JDK-8285755: JDK-8285093 changed the default for --with-output-sync
- JDK-8285835: SIGSEGV in PhaseIdealLoop::build_loop_late_post_work
- JDK-8285919: Remove debug printout from JDK-8285093
- JDK-8286030: Avoid JVM crash when containers share the same /tmp dir
- JDK-8286800: Assert in PhaseIdealLoop::dump_real_LCA is too strong
- JDK-8286962: java/net/httpclient/ServerCloseTest.java failed once with ConnectException
- JDK-8287011: Improve container information
- JDK-8287180: Update IANA Language Subtag Registry to Version 2022-08-08
- JDK-8287906: Rewrite of GitHub Actions (GHA) sanity tests
- JDK-8288332: Tier1 validate-source fails after 8279614
- JDK-8288499: Restore cancel-in-progress in GHA
- JDK-8289562: Change bugs.java.com and bugreport.java.com URL's to https
- JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun
- JDK-8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension
- JDK-8290899: java/lang/String/StringRepeat.java test requests too much heap on windows x86
- JDK-8290920: sspi_bridge.dll not built if BUILD_CRYPTO is false
- JDK-8290964: C2 compilation fails with assert "non-reduction loop contains reduction nodes"
- JDK-8292863: assert(_print_inlining_stream->size() > 0) failed: missing inlining msg
- JDK-8292877: java/util/concurrent/atomic/Serial.java uses {Double,Long}Accumulator incorrectly
- JDK-8293550: Optionally add get-task-allow entitlement to macos binaries
- JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings
- JDK-8293996: C2: fix and simplify IdealLoopTree::do_remove_empty_loop
- JDK-8294378: URLPermission constructor exception when using tr locale
- JDK-8294580: frame::interpreter_frame_print_on() crashes if free BasicObjectLock exists in frame
- JDK-8294705: Disable an assertion in test/jdk/java/util/DoubleStreamSums/CompensatedSums.java
- JDK-8294947: Use 64bit atomics in patch_verified_entry on x86_64
- JDK-8295116: C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead
- JDK-8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals"
- JDK-8295405: Add cause in a couple of IllegalArgumentException and InvalidParameterException shown by sun/security/pkcs11 tests
- JDK-8295412: support latest VS2022 MSC_VER in abstract_vm_version.cpp
- JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13
- JDK-8295685: Update Libpng to 1.6.38
- JDK-8295774: Write a test to verify List sends ItemEvent/ActionEvent
- JDK-8295777: java/net/httpclient/ConnectExceptionTest.java should not rely on system resolver
- JDK-8295788: C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node"
- JDK-8296239: ISO 4217 Amendment 174 Update
- JDK-8296611: Problemlist several sun/security tests until JDK-8295343 is resolved
- JDK-8296619: Upgrade jQuery to 3.6.1
- JDK-8296675: Exclude linux-aarch64 in NSS tests
- JDK-8296878: Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters
- JDK-8296904: Improve handling of macos xcode toolchain
- JDK-8296912: C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1
- JDK-8296924: C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address
- JDK-8297088: Update LCMS to 2.14
- JDK-8297257: Bump update version for OpenJDK: jdk-11.0.19
- JDK-8297264: C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top
- JDK-8297480: GetPrimitiveArrayCritical in imageioJPEG misses result - NULL check
- JDK-8297489: Modify TextAreaTextEventTest.java as to verify the content change of TextComponent sends TextEvent
- JDK-8297569: URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378
- JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication
- JDK-8297963: Partially fix string expansion issues in UTIL_DEFUN_NAMED and related macros
- JDK-8298027: Remove SCCS id's from awt jtreg tests
- JDK-8298073: gc/metaspace/CompressedClassSpaceSizeInJmapHeap.java causes test task timeout on macosx
- JDK-8298093: improve cleanup and error handling of awt_parseColorModel in awt_parseImage.c
- JDK-8298108: Add a regression test for JDK-8297684
- JDK-8298129: Let checkpoint event sizes grow beyond u4 limit
- JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows
- JDK-8298459: Fix msys2 linking and handling out of tree build directory for source zip creation
- JDK-8298527: Cygwin's uname -m returns different string than before
- JDK-8298588: WebSockets: HandshakeUrlEncodingTest unnecessarily depends on a response body
- JDK-8299194: CustomTzIDCheckDST.java may fail at future date
- JDK-8299296: Write a test to verify the components selection sends ItemEvent
- JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR
- JDK-8299445: EndingDotHostname.java fails because of compilation errors
- JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java
- JDK-8299520: TestPrintXML.java output error messages in case compare fails
- JDK-8299596: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.19
- JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport
- JDK-8299789: Compilation of gtest causes build to fail if runtime libraries are in different dirs
- JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems
- JDK-8300424: [11u] Chunk lost in backport of 8297569
- JDK-8300642: [17u,11u] Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev
- JDK-8300742: jstat's CGCT is 5 percent higher than the pause time in -Xlog:gc.
- JDK-8300773: Address the inconsistency between the constant array and pool size
- JDK-8301397: [11u, 17u] Bump jtreg to fix issue with build JDK 11.0.18
- JDK-8301760: Fix possible leak in SpNegoContext dispose
- JDK-8301842: JFR: increase checkpoint event size for stacktrace and string pool
- JDK-8302000: [11u] A subtle race condition during jdk11u build
- JDK-8302657: [11u] Add missing '(' in makefile after backport of 8218431
- JDK-8302694: [11u] Update GHA Boot JDK to 11.0.18
- JDK-8302903: [11u] Add modified test snippet after backport of JDK-8221871
- JDK-8303075: [11u] Add CompileClassWithDebugTest to ProblemList for 8303074
- JDK-8304389: [11u] Crash on Windows in C2 compiled code after 8248238 and 8218431
Notes on individual issues:
===========================
security-libs/javax.net.ssl:
JDK-8190492: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols
============================================================================
SSLv2Hello and SSLv3 are versions of the SSL protocol that have not
been considered secure for some time and are already disabled by
default. They have been superseded by the more secure and modern TLS
protocol, and users are recommended to switch to TLS 1.2 or 1.3.
With this release, SSLv2Hello and SSLv3 are now also removed from the
list of default enabled protocols. This means that, even if SSLv3 is
removed from the `jdk.tls.disabledAlgorithms` security property, it
will still not be returned by the following methods:
* SSLServerSocket.getEnabledProtocols()
* SSLEngine.getEnabledProtocols()
* SSLParameters.getProtocols()
To enable SSLv3, it is now necessary to use the
`jdk.tls.client.protocols` or `jdk.tls.server.protocols` system
properties on the command line, or call one of the following methods
to enable them programatically:
* SSLSocket.setEnabledProtocols()
* SSLServerSocket.setEnabledProtocols()
* SSLEngine.setEnabledProtocols()
security-libs/java.security:
JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate
==========================================================
The following root certificate has been added to the cacerts truststore:
Name: Certigna (Dhimyotis)
Alias Name: certignarootca
Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR
core-libs/java.io:
JDK-8208077: File::listRoots Changed To Return All Available Drives On Windows
==============================================================================
The `java.io.File.listRoots()` method on Windows systems filtered out disk
drives that could not be accessed or did not have media loaded. The
use of this filtering led to observable performance issues. This release
now returns all available disk drives, unfiltered.
New in release OpenJDK 11.0.18 (2023-01-17):
=============================================
Live versions of these release notes can be found at:
@ -224,7 +505,7 @@ Live versions of these release notes can be found at:
- JDK-8296239: ISO 4217 Amendment 174 Update
- JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing
- JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException
- JDK-8296496: Overzealous check in sizecalc.h prevents large memory allocation
- JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation
- JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent
- JDK-8296652: Restore windows aarch64 fixpath patch that was removed in 8239708
- JDK-8296715: CLDR v42 update for tzdata 2022f
@ -244,6 +525,16 @@ Live versions of these release notes can be found at:
Notes on individual issues:
===========================
client-libs/javax.imageio:
JDK-8295687: Better BMP bounds
==============================
Loading a linked ICC profile within a BMP image is now disabled by
default. To re-enable it, set the new system property
`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property
replaces the old property,
`sun.imageio.plugins.bmp.disableLinkedProfiles`.
client-libs/javax.sound:
JDK-8293742: Better Banking of Sounds

View File

@ -1,5 +1,5 @@
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
index a73c0f38181..80710886ed8 100644
index 16e906bdc6..1a352e5a32 100644
--- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4
@@ -101,6 +101,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
@ -74,10 +74,10 @@ index a73c0f38181..80710886ed8 100644
+ AC_SUBST(USE_SYSCONF_NSS)
+])
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
index 0ae23b93167..a242acc1234 100644
index 3787b12600..dab108a82b 100644
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
@@ -826,6 +826,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
@@ -848,6 +848,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@
# Libraries
#
@ -89,10 +89,10 @@ index 0ae23b93167..a242acc1234 100644
LCMS_CFLAGS:=@LCMS_CFLAGS@
LCMS_LIBS:=@LCMS_LIBS@
diff --git a/make/lib/Lib-java.base.gmk b/make/lib/Lib-java.base.gmk
index a529768f39e..daf9c947172 100644
index 4cd656a086..e1fc94b5b4 100644
--- a/make/lib/Lib-java.base.gmk
+++ b/make/lib/Lib-java.base.gmk
@@ -178,6 +178,31 @@ ifeq ($(OPENJDK_TARGET_OS_TYPE), unix)
@@ -178,6 +178,31 @@ ifeq ($(call isTargetOsType, unix), true)
endif
endif
@ -125,7 +125,7 @@ index a529768f39e..daf9c947172 100644
# Create the symbols file for static builds.
diff --git a/make/nb_native/nbproject/configurations.xml b/make/nb_native/nbproject/configurations.xml
index fb07d54c1f0..c5813e2b7aa 100644
index fb07d54c1f..c5813e2b7a 100644
--- a/make/nb_native/nbproject/configurations.xml
+++ b/make/nb_native/nbproject/configurations.xml
@@ -2950,6 +2950,9 @@
@ -151,7 +151,7 @@ index fb07d54c1f0..c5813e2b7aa 100644
ex="false"
tool="3"
diff --git a/make/scripts/compare_exceptions.sh.incl b/make/scripts/compare_exceptions.sh.incl
index 6327040964d..6b3780123b6 100644
index 6327040964..6b3780123b 100644
--- a/make/scripts/compare_exceptions.sh.incl
+++ b/make/scripts/compare_exceptions.sh.incl
@@ -179,6 +179,7 @@ if [ "$OPENJDK_TARGET_OS" = "solaris" ] && [ "$OPENJDK_TARGET_CPU" = "x86_64" ];
@ -172,7 +172,7 @@ index 6327040964d..6b3780123b6 100644
./lib/libzip.so
diff --git a/src/java.base/linux/native/libsystemconf/systemconf.c b/src/java.base/linux/native/libsystemconf/systemconf.c
new file mode 100644
index 00000000000..8dcb7d9073f
index 0000000000..8dcb7d9073
--- /dev/null
+++ b/src/java.base/linux/native/libsystemconf/systemconf.c
@@ -0,0 +1,224 @@
@ -401,7 +401,7 @@ index 00000000000..8dcb7d9073f
+ }
+}
diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
index b36510a376b..ad5182e1e7c 100644
index b36510a376..ad5182e1e7 100644
--- a/src/java.base/share/classes/java/security/Security.java
+++ b/src/java.base/share/classes/java/security/Security.java
@@ -32,6 +32,7 @@ import java.net.URL;
@ -533,7 +533,7 @@ index b36510a376b..ad5182e1e7c 100644
/*
diff --git a/src/java.base/share/classes/java/security/SystemConfigurator.java b/src/java.base/share/classes/java/security/SystemConfigurator.java
new file mode 100644
index 00000000000..90f6dd2ebc0
index 0000000000..90f6dd2ebc
--- /dev/null
+++ b/src/java.base/share/classes/java/security/SystemConfigurator.java
@@ -0,0 +1,248 @@
@ -787,7 +787,7 @@ index 00000000000..90f6dd2ebc0
+}
diff --git a/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
new file mode 100644
index 00000000000..21bc6d0b591
index 0000000000..21bc6d0b59
--- /dev/null
+++ b/src/java.base/share/classes/jdk/internal/misc/JavaSecuritySystemConfiguratorAccess.java
@@ -0,0 +1,31 @@
@ -823,7 +823,7 @@ index 00000000000..21bc6d0b591
+ boolean isPlainKeySupportEnabled();
+}
diff --git a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
index 688ec9f0915..8489b940c43 100644
index 688ec9f091..8489b940c4 100644
--- a/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+++ b/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
@@ -36,6 +36,7 @@ import java.io.FilePermission;
@ -859,7 +859,7 @@ index 688ec9f0915..8489b940c43 100644
+ }
}
diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
index 5460efcf8c5..f08dc2fafc5 100644
index 7351627db3..859591890d 100644
--- a/src/java.base/share/classes/module-info.java
+++ b/src/java.base/share/classes/module-info.java
@@ -182,6 +182,7 @@ module java.base {
@ -871,7 +871,7 @@ index 5460efcf8c5..f08dc2fafc5 100644
jdk.attach,
jdk.charsets,
diff --git a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
index ffee2c1603b..ff3d5e0e4ab 100644
index ffee2c1603..ff3d5e0e4a 100644
--- a/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/KeyManagerFactoryImpl.java
@@ -33,8 +33,13 @@ import java.security.KeyStore.*;
@ -910,7 +910,7 @@ index ffee2c1603b..ff3d5e0e4ab 100644
"FIPS mode: KeyStore must be " +
"from provider " + SunJSSE.cryptoProvider.getName());
diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
index de7da5c3379..5c3813dda7b 100644
index e06b2a588c..315a2ce370 100644
--- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java
@@ -31,6 +31,7 @@ import java.security.*;
@ -931,6 +931,14 @@ index de7da5c3379..5c3813dda7b 100644
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- );
-
- serverDefaultProtocols = getAvailableProtocols(
- new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- });
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
@ -940,14 +948,7 @@ index de7da5c3379..5c3813dda7b 100644
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ );
- serverDefaultProtocols = getAvailableProtocols(
- new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- });
+
+ serverDefaultProtocols = getAvailableProtocols(
+ new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
@ -973,42 +974,68 @@ index de7da5c3379..5c3813dda7b 100644
} else {
supportedProtocols = Arrays.asList(
ProtocolVersion.TLS13,
@@ -620,6 +639,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
static ProtocolVersion[] getSupportedProtocols() {
@@ -910,12 +929,23 @@ public abstract class SSLContextImpl extends SSLContextSpi {
if (client) {
// default client protocols
if (SunJSSE.isFIPS()) {
- candidates = new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- };
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ return new ProtocolVersion[] {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ } else {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ }
return new ProtocolVersion[] {
} else {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
@@ -949,6 +978,16 @@ public abstract class SSLContextImpl extends SSLContextSpi {
static ProtocolVersion[] getProtocols() {
@@ -927,12 +957,23 @@ public abstract class SSLContextImpl extends SSLContextSpi {
} else {
// default server protocols
if (SunJSSE.isFIPS()) {
- candidates = new ProtocolVersion[] {
- ProtocolVersion.TLS13,
- ProtocolVersion.TLS12,
- ProtocolVersion.TLS11,
- ProtocolVersion.TLS10
- };
+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess()
+ .isSystemFipsEnabled()) {
+ // RH1860986: TLSv1.3 key derivation not supported with
+ // the Security Providers available in system FIPS mode.
+ return new ProtocolVersion[] {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ } else {
+ candidates = new ProtocolVersion[] {
+ ProtocolVersion.TLS13,
+ ProtocolVersion.TLS12,
+ ProtocolVersion.TLS11,
+ ProtocolVersion.TLS10
+ };
+ }
return new ProtocolVersion[]{
} else {
candidates = new ProtocolVersion[] {
ProtocolVersion.TLS13,
ProtocolVersion.TLS12,
diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
index c50ba93ecfc..de2a91a478c 100644
index c50ba93ecf..de2a91a478 100644
--- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java
@@ -27,6 +27,8 @@ package sun.security.ssl;
@ -1037,7 +1064,7 @@ index c50ba93ecfc..de2a91a478c 100644
"sun.security.ssl.SSLContextImpl$TLSContext",
(isfips? null : createAliases("SSL")), null);
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 097517926d1..474fe6f401f 100644
index 9af64321c4..957cd78a55 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -85,6 +85,14 @@ security.provider.tbd=Apple
@ -1083,7 +1110,7 @@ index 097517926d1..474fe6f401f 100644
# the javax.net.ssl package.
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
new file mode 100644
index 00000000000..b848a1fd783
index 0000000000..b848a1fd78
--- /dev/null
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java
@@ -0,0 +1,290 @@
@ -1378,7 +1405,7 @@ index 00000000000..b848a1fd783
+ }
+}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index 099caac605f..977e5332bd1 100644
index cf7cd19b68..69cda46f85 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
@ -1482,7 +1509,7 @@ index 099caac605f..977e5332bd1 100644
if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) {
throw new UnsupportedOperationException
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
index 04a369f453c..f033fe47593 100644
index 04a369f453..f033fe4759 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
@@ -49,6 +49,7 @@ package sun.security.pkcs11.wrapper;

View File

@ -0,0 +1,55 @@
commit b4caafe16f14983e303b7f1fdf3090e5c513ebd8
Author: Andrew John Hughes <andrew@openjdk.org>
Date: Thu Apr 13 15:37:20 2023 +0000
8274864: Remove Amman/Cairo hacks in ZoneInfoFile
Backport-of: ec199072c5867624d66840238cc8828e16ae8da7
diff --git a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
index 1dc82561f2..a51490767d 100644
--- a/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
+++ b/src/java.base/share/classes/sun/util/calendar/ZoneInfoFile.java
@@ -607,34 +607,6 @@ public final class ZoneInfoFile {
params[8] = endRule.secondOfDay * 1000;
params[9] = toSTZTime[endRule.timeDefinition];
dstSavings = (startRule.offsetAfter - startRule.offsetBefore) * 1000;
-
- // Note: known mismatching -> Asia/Amman
- // ZoneInfo : startDayOfWeek=5 <= Thursday
- // startTime=86400000 <= 24 hours
- // This: startDayOfWeek=6
- // startTime=0
- // Similar workaround needs to be applied to Africa/Cairo and
- // its endDayOfWeek and endTime
- // Below is the workarounds, it probably slows down everyone a little
- if (params[2] == 6 && params[3] == 0 &&
- (zoneId.equals("Asia/Amman"))) {
- params[2] = 5;
- params[3] = 86400000;
- }
- // Additional check for startDayOfWeek=6 and starTime=86400000
- // is needed for Asia/Amman;
- if (params[2] == 7 && params[3] == 0 &&
- (zoneId.equals("Asia/Amman"))) {
- params[2] = 6; // Friday
- params[3] = 86400000; // 24h
- }
- //endDayOfWeek and endTime workaround
- if (params[7] == 6 && params[8] == 0 &&
- (zoneId.equals("Africa/Cairo"))) {
- params[7] = 5;
- params[8] = 86400000;
- }
-
} else if (nTrans > 0) { // only do this if there is something in table already
if (lastyear < LASTYEAR) {
// ZoneInfo has an ending entry for 2037
@@ -907,7 +879,6 @@ public final class ZoneInfoFile {
this.dow = dowByte == 0 ? -1 : dowByte;
this.secondOfDay = timeByte == 31 ? in.readInt() : timeByte * 3600;
this.timeDefinition = (data & (3 << 12)) >>> 12;
-
this.standardOffset = stdByte == 255 ? in.readInt() : (stdByte - 128) * 900;
this.offsetBefore = beforeByte == 3 ? in.readInt() : standardOffset + beforeByte * 1800;
this.offsetAfter = afterByte == 3 ? in.readInt() : standardOffset + afterByte * 1800;

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,8 @@
diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
--- openjdk/make/launcher/Launcher-java.base.gmk Wed Nov 25 08:27:15 2020 +0100
+++ openjdk/make/launcher/Launcher-java.base.gmk Tue Dec 01 12:29:30 2020 +0100
@@ -41,6 +41,16 @@
diff --git openjdk.orig/make/launcher/Launcher-java.base.gmk openjdk/make/launcher/Launcher-java.base.gmk
index a8990dd0ef..320fec6e51 100644
--- openjdk.orig/make/launcher/Launcher-java.base.gmk
+++ openjdk/make/launcher/Launcher-java.base.gmk
@@ -41,6 +41,16 @@ $(eval $(call SetupBuildLauncher, java, \
OPTIMIZATION := HIGH, \
))
@ -15,13 +16,14 @@ diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
+ OPTIMIZATION := HIGH, \
+))
+
ifeq ($(OPENJDK_TARGET_OS), windows)
ifeq ($(call isTargetOs, windows), true)
$(eval $(call SetupBuildLauncher, javaw, \
CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
diff -r 25e94aa812b2 src/share/bin/alt_main.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ openjdk/src/java.base/share/native/launcher/alt_main.h Tue Jun 02 17:15:28 2020 +0100
diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h
new file mode 100644
index 0000000000..697df2898a
--- /dev/null
+++ openjdk/src/java.base/share/native/launcher/alt_main.h
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
@ -96,9 +98,10 @@ diff -r 25e94aa812b2 src/share/bin/alt_main.h
+}
+
+#endif // REDHAT_ALT_JAVA
diff -r 25e94aa812b2 src/share/bin/main.c
--- openjdk/src/java.base/share/native/launcher/main.c Wed Feb 05 12:20:36 2020 -0300
+++ openjdk/src/java.base/share/native/launcher/main.c Tue Jun 02 17:15:28 2020 +0100
diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c
index b734fe2ba7..79dc830765 100644
--- openjdk.orig/src/java.base/share/native/launcher/main.c
+++ openjdk/src/java.base/share/native/launcher/main.c
@@ -34,6 +34,14 @@
#include "jli_util.h"
#include "jni.h"

View File

@ -331,7 +331,7 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
%global updatever 18
%global updatever 19
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
@ -370,15 +370,15 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver 9087e80d0ab
%global fipsver b34fb09a5c
# Standard JPackage naming and versioning defines
%global origin openjdk
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 10
%global rpmrelease 2
%global buildver 7
%global rpmrelease 1
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@ -1360,7 +1360,7 @@ Patch1003: rh1842572-rsa_default_for_keytool.patch
# Crypto policy and FIPS support patches
# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips
# as follows: git diff %%{vcstag} src make > fips-11u-$(git show -s --format=%h HEAD).patch
# as follows: git diff %%{vcstag} src make test > fips-11u-$(git show -s --format=%h HEAD).patch
# Diff is limited to src and make subdirectories to exclude .github changes
# Fixes currently included:
# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
@ -1412,13 +1412,17 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
#############################################
#
# Patches appearing in 11.0.18
# Patches appearing in 11.0.20
#
# This section includes patches which are present
# in the listed OpenJDK 11u release and should be
# able to be removed once that release is out
# and used by this RPM.
#############################################
# JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
Patch2002: jdk8274864-remove_amman_cairo_hacks.patch
# JDK-8305113: (tz) Update Timezone Data to 2023c
Patch2003: jdk8305113-tzdata2023c.patch
BuildRequires: autoconf
BuildRequires: automake
@ -1453,8 +1457,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
# 2022g required as of JDK-8297804
BuildRequires: tzdata-java >= 2022g
# 2023c required as of JDK-8305113
BuildRequires: tzdata-java >= 2023c
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@ -1837,6 +1841,9 @@ pushd %{top_level_dir_name}
%patch1001 -p1
# nss.cfg PKCS11 support; must come last as it also alters java.security
%patch1000 -p1
# tzdata update
%patch2002 -p1
%patch2003 -p1
popd # openjdk
%patch600
@ -2676,7 +2683,23 @@ end
%endif
%changelog
* Wed Jan 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.18.0.10-1
* Fri Apr 14 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.19.0.7-1
- Update to jdk-11.0.19.0+7
- Update release notes to 11.0.19.0+7
- Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113
- Update generate_tarball.sh to add support for passing a boot JDK to the configure run
- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace
- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs
- Rebase FIPS support against 11.0.19+6
- Rebase RH1750419 alt-java patch against 11.0.19+6
- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. **
- Resolves: rhbz#2185182
* Fri Jan 13 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.18.0.10-3
- Add missing release note for JDK-8295687
- Resolves: rhbz#2160111
* Wed Jan 11 2023 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.18.0.10-2
- Update to jdk-11.0.18+10 (GA)
- Update release notes to 11.0.18+10
- Switch to GA mode for release