import java-11-openjdk-11.0.11.0.9-0.el8_3

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz
-SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
+SOURCES/tapsets-icedtea-3.15.0.tar.xz

.java-11-openjdk.metadata

@@ -1,2 +1,2 @@
-8fb81cb2ae37ec04bfc0e3651257a9f9756786a6 SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz
-c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
+a339f6e108c16a23c47504565b602a6fc395bf2e SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
+7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

SOURCES/NEWS

@@ -3,6 +3,337 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
+New in release OpenJDK 11.0.11 (2021-04-20):
+=============================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk11011
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt
+
+* Security fixes
+  - JDK-8244473: Contextualize registration for JNDI
+  - JDK-8244543: Enhanced handling of abstract classes
+  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
+  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
+  - JDK-8253799: Make lists of normal filenames
+  - JDK-8257001: Improve Http Client Support
+* Other changes
+  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
+  - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
+  - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
+  - JDK-8168869: jdeps: localized messages don't use proper line breaks
+  - JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID
+  - JDK-8202343: Disable TLS 1.0 and 1.1
+  - JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers
+  - JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes
+  - JDK-8210413: AArch64: Optimize div/rem by constant in C1
+  - JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction
+  - JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar
+  - JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output
+  - JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak
+  - JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module
+  - JDK-8212043: Add floating-point Math.min/max intrinsics
+  - JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out
+  - JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows
+  - JDK-8213909: jdeps --print-module-deps should report missing dependences
+  - JDK-8214180: Need better granularity for sleeping
+  - JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file
+  - JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable
+  - JDK-8214741: docs/index.html has no title or copyright
+  - JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043
+  - JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails
+  - JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown
+  - JDK-8218550: Add test omitted from JDK-8212043
+  - JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
+  - JDK-8221995: AARCH64: problems with CAS instructions encoding
+  - JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread
+  - JDK-8222785: aarch64: add necessary masking for immediate shift counts
+  - JDK-8223186: HotSpot compile warnings from GCC 9
+  - JDK-8225773: jdeps --check produces NPE if there are missing module dependences
+  - JDK-8225805: Java Access Bridge does not close the logger
+  - JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props
+  - JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line
+  - JDK-8229474: Shenandoah: Cleanup CM::update_roots()
+  - JDK-8232225: Rework the fix for JDK-8071483
+  - JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant
+  - JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain
+  - JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system
+  - JDK-8233912: aarch64: minor improvements of atomic operations
+  - JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
+  - JDK-8234742: Improve handshake logging
+  - JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure
+  - JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate
+  - JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag
+  - JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test
+  - JDK-8237392: Shenandoah: Remove unreliable assertion
+  - JDK-8237483: AArch64 C1 OopMap inserted twice fatal error
+  - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
+  - JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS)
+  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
+  - JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent."
+  - JDK-8240751: Shenandoah: fold ShenandoahTracer definition
+  - JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found"
+  - JDK-8241598: Upgrade JLine to 3.14.0
+  - JDK-8241649: Optimize Character.toString
+  - JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module
+  - JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I
+  - JDK-8242030: Wrong package declarations in jline classes after JDK-8241598
+  - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
+  - JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox
+  - JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal
+  - JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI
+  - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
+  - JDK-8244340: Handshake processing thread lacks yielding
+  - JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file
+  - JDK-8244683: A TSA server used by tests
+  - JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant
+  - JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused
+  - JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent
+  - JDK-8245512: CRC32 optimization using AVX512 instructions
+  - JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos
+  - JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel
+  - JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683
+  - JDK-8247200: assert((unsigned)fpargs < 32)
+  - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn.
+  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
+  - JDK-8248865: Document JNDI/LDAP timeout properties
+  - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
+  - JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent
+  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
+  - JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash
+  - JDK-8249787: Make TestGCLocker more resilient with concurrent GCs
+  - JDK-8249867: xml declaration is not followed by a newline
+  - JDK-8250911: [windows] os::pd_map_memory() error detection broken
+  - JDK-8251255: [linux] Add process-memory information to hs-err and VM.info
+  - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
+  - JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance
+  - JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java
+  - JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X
+  - JDK-8253220: Epsilon: clean up unused code/declarations
+  - JDK-8253274: The CycleDMImagetest brokes the system
+  - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
+  - JDK-8253368: TLS connection always receives close_notify exception
+  - JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms
+  - JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop()
+  - JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
+  - JDK-8253409: Double-rounding possibility in float fma
+  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
+  - JDK-8253524: C2: Refactor code that clones predicates during loop unswitching
+  - JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected
+  - JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
+  - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
+  - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
+  - JDK-8254104: MethodCounters must exist before nmethod is installed
+  - JDK-8254734: "dead loop detected" assert failure with patch from 8223051
+  - JDK-8254748: Bad Copyright header format after JDK-8212218
+  - JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs
+  - JDK-8255058: C1: assert(is_virtual()) failed: type check
+  - JDK-8255351: Add detection for Graviton 2 CPUs
+  - JDK-8255387: Japanese characters were printed upside down on AIX
+  - JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity
+  - JDK-8255544: Create a checked cast
+  - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
+  - JDK-8255681: print callstack in error case in runAWTLoopWithApp
+  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
+  - JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls
+  - JDK-8255845: Memory leak in imageFile.cpp
+  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
+  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
+  - JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls
+  - JDK-8256056: Deoptimization stub doesn't save vector registers on x86
+  - JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers
+  - JDK-8256187: [TEST_BUG] Automate bug4275046.java test
+  - JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg
+  - JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe
+  - JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows
+  - JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32
+  - JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails
+  - JDK-8256387: Unexpected result if patching an entire instruction on AArch64
+  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
+  - JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory
+  - JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners
+  - JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2
+  - JDK-8256633: Fix product build on Windows+Arm64
+  - JDK-8256682: JDK-8202343 is incomplete
+  - JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file
+  - JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32
+  - JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
+  - JDK-8256807: C2: Not marking stores correctly as mismatched in string opts
+  - JDK-8256810: Incremental rebuild broken on Macosx
+  - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
+  - JDK-8256888: Client manual test problem list update
+  - JDK-8257083: Security infra test failures caused by JDK-8202343
+  - JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11
+  - JDK-8257423: [PPC64] Support -XX:-UseInlineCaches
+  - JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on
+  - JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset())
+  - JDK-8257547: Handle multiple prereqs on the same line in deps files
+  - JDK-8257561: Some code is not vectorized after 8251925 and 8250607
+  - JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler
+  - JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification
+  - JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle
+  - JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm
+  - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
+  - JDK-8257707: Fix incorrect format string in Http1HeaderParser
+  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
+  - JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset()
+  - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
+  - JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime.
+  - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
+  - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
+  - JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234
+  - JDK-8258247: Couple of issues in fix for JDK-8249906
+  - JDK-8258373: Update the text handling in the JPasswordField
+  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
+  - JDK-8258419: RSA cipher buffer cleanup
+  - JDK-8258471: "search codecache" clhsdb command does not work
+  - JDK-8258534: Epsilon: clean up unused includes
+  - JDK-8258805: Japanese characters not entered by mouse click on Windows 10
+  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
+  - JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo
+  - JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test
+  - JDK-8259007: This test printed a blank page
+  - JDK-8259049: Uninitialized variable after JDK-8257513
+  - JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false
+  - JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
+  - JDK-8259231: Epsilon: improve performance under contention during virtual space expansion
+  - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
+  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days
+  - JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
+  - JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input
+  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
+  - JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty
+  - JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags
+  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
+  - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543
+  - JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value
+  - JDK-8259707: LDAP channel binding does not work with StartTLS extension
+  - JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction
+  - JDK-8259849: Shenandoah: Rename store-val to IU-barrier
+  - JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
+  - JDK-8260029: aarch64: fix typo in verify_oop_array
+  - JDK-8260308: Update LogCompilation junit to 4.13.1
+  - JDK-8260338: Some fields in HaltNode is not cloned
+  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
+  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
+  - JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive
+  - JDK-8260497: Shenandoah: Improve SATB flushing
+  - JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
+  - JDK-8260632: Build failures after JDK-8253353
+  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
+  - JDK-8261022: Fix incorrect result of Math.abs() with char type
+  - JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x
+  - JDK-8261183: Follow on to Make lists of normal filenames
+  - JDK-8261209: isStandalone property: remove dependency on pretty-print
+  - JDK-8261231: Windows IME was disabled after DnD operation
+  - JDK-8261251: Shenandoah: Use object size for full GC humongous compaction
+  - JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined
+  - JDK-8261334: NMT: tuning statistic shows incorrect hash distribution
+  - JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
+  - JDK-8261522: [PPC64] AES intrinsics write beyond the destination array
+  - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined
+  - JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap
+  - JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702
+  - JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u
+  - JDK-8261912: Code IfNode::fold_compares_helper more defensively
+  - JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales
+  - JDK-8262018: Wrong format in SAP copyright header of OsVersionTest
+  - JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator
+
+Notes on individual issues:
+===========================
+
+core-libs/javax.naming:
+
+JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos
+===============================================================
+A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has
+been added to enable TLS Channel Binding data in LDAP authentication
+over SSL/TLS protocol to the Windows AD server.  The only valid value
+at present is "tls-server-end-point", where channel binding data is
+created on the base of the TLS server certificate. See RFC-5929 [0]
+and the module description of the `java.naming` module for further
+details.
+
+[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt
+
+security-libs/java.security:
+
+JDK-8260597: Added 2 HARICA Root CA Certificates
+================================================
+The following root certificates have been added to the cacerts truststore:
+
+Alias Name: haricarootca2015
+Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+
+Alias Name: haricaeccrootca2015
+Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+
+security-libs/javax.net.ssl:
+
+JDK-8256490: Disable TLS 1.0 and 1.1
+====================================
+TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
+considered secure and have been superseded by more secure and modern
+versions (TLS 1.2 and 1.3).
+
+These versions have now been disabled by default. If you encounter
+issues, you can, at your own risk, re-enable the versions by removing
+"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
+security property in the `java.security` configuration file.
+
+tools:
+
+JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies
+======================================================================
+`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps`
+options have been enhanced as follows.
+
+1. By default, they perform transitive module dependence analysis on
+libraries on the class path and module path, both directly and
+indirectly, as required by the given input JAR files or
+classes. Previously, they only reported the modules required by the
+given input JAR files or classes.  The `--no-recursive` option can be
+used to request non-transitive dependence analysis.
+
+2. By default, they flag any missing dependency, i.e. not found from
+class path and module path, as an error.  The `--ignore-missing-deps`
+option can be used to suppress missing dependence errors. Note that a
+custom image is created with the list of modules output by jdeps when
+using the `--ignore-missing-deps` option for a non-modular
+application. Such an application, running on the custom image, might
+fail at runtime when missing dependence errors are suppressed.
+
+xml/jaxp:
+
+JDK-8249867 XML declaration is not followed by a newline
+========================================================
+
+The DOM Load and Save `LSSerializer` does not have an explicit control
+for whether or not the XML Declaration ends with a newline. In this
+release, a JDK implementation specific property
+`http://www.oracle.com/xml/jaxp/properties/isStandalone` and
+corresponding System property `jdk.xml.isStandalone` are added to
+control the addition of a newline and act independently without
+having to set the pretty-print property. This property can be used to
+reverse the incompatible change introduced in Java SE 7 Update 4 with
+an update of Xalan 2.7.1 where a newline is omitted when pretty-print
+is required.
+
+For details, please refer to the bug report and the java.xml module-summary.
+
+Usage:
+
+// to set the property, get an instance of LSSerializer and set it along with pretty-print
+LSSerializer ser = impl.createLSSerializer();
+ser.getDomConfig().setParameter("format-pretty-print", true);
+ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true);
+
+// to use the System property, set it before initializing a LSSerializer
+System.setProperty("jdk.xml.isStandalone", “true”);
+
+// to clear the property, place the line anywhere after the LSSerializer is initialized
+System.clearProperty("jdk.xml.isStandalone");
+
 New in release OpenJDK 11.0.10 (2021-01-19):
 =============================================
 Live versions of these release notes can be found at:

SOURCES/rh1868740-cryptoki_access_to_sunjce.patch

@@ -1,12 +0,0 @@
-diff -r eba0f976c468 -r 1fceafb49be5 src/java.base/share/classes/module-info.java
---- openjdk/src/java.base/share/classes/module-info.java	Thu Jul 30 15:05:22 2020 +0200
-+++ openjdk/src/java.base/share/classes/module-info.java	Thu Aug 13 15:17:59 2020 +0200
-@@ -132,6 +132,8 @@
-     // additional qualified exports may be inserted at build time
-     // see make/gensrc/GenModuleInfo.gmk
- 
-+    exports com.sun.crypto.provider to
-+        jdk.crypto.cryptoki;
-     exports com.sun.security.ntlm to
-         java.security.sasl;
-     exports jdk.internal to

SOURCES/rh1868754-pkcs11_cancel_on_failure.patch

@@ -1,21 +0,0 @@
-diff -r e10f558e1df5 openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
---- openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Aug 31 16:12:32 2020 +0100
-+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java	Mon Aug 31 15:17:50 2020 -0300
-@@ -628,7 +628,7 @@
-                 throw (ShortBufferException)
-                         (new ShortBufferException().initCause(e));
-             }
--            reset(false);
-+            reset(true);
-             throw new ProviderException("update() failed", e);
-         }
-     }
-@@ -746,7 +746,7 @@
-                 throw (ShortBufferException)
-                         (new ShortBufferException().initCause(e));
-             }
--            reset(false);
-+            reset(true);
-             throw new ProviderException("update() failed", e);
-         }
-     }

SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch

@@ -1,60 +0,0 @@
-# HG changeset patch
-# User Zdenek Zambersky <zzambers@redhat.com>
-# Date 1601403587 -7200
-#      Tue Sep 29 20:19:47 2020 +0200
-# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
-# Parent  d484fdfcc7d5c21812de8a0712236d077b0f2dde
-Fixed default policy for jdk.crypto.cryptoki
-
-diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
---- openjdk.orig/src/java.base/share/lib/security/default.policy	Wed Sep 02 07:36:15 2020 +0200
-+++ openjdk/src/java.base/share/lib/security/default.policy	Tue Sep 29 20:19:47 2020 +0200
-@@ -124,6 +124,8 @@
- grant codeBase "jrt:/jdk.crypto.cryptoki" {
-     permission java.lang.RuntimePermission
-                    "accessClassInPackage.sun.security.*";
-+    permission java.lang.RuntimePermission
-+                   "accessClassInPackage.com.sun.crypto.provider";
-     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
-     permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
-     permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
-# HG changeset patch
-# User Zdenek Zambersky <zzambers@redhat.com>
-# Date 1601419086 -7200
-#      Wed Sep 30 00:38:06 2020 +0200
-# Node ID 02c8b154f728be3dd06239a98519d654e2127186
-# Parent  f77ac813eee61b2e9616b2d71a2c5372d0cbd158
-P11Util: Create provider in priviledged block
-
-diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
---- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Tue Sep 29 20:19:47 2020 +0200
-+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Wed Sep 30 00:38:06 2020 +0200
-@@ -87,14 +87,20 @@
-         }
-         p = Security.getProvider(providerName);
-         if (p == null) {
--            try {
--                @SuppressWarnings("deprecation")
--                Object o = Class.forName(className).newInstance();
--                p = (Provider)o;
--            } catch (Exception e) {
--                throw new ProviderException
--                        ("Could not find provider " + providerName, e);
--            }
-+            p = AccessController.doPrivileged(
-+                new PrivilegedAction<Provider>() {
-+                    public Provider run() {
-+                        try {
-+                            @SuppressWarnings("deprecation")
-+                            Object o = Class.forName(className).newInstance();
-+                            return (Provider) o;
-+                        } catch (Exception e) {
-+                            throw new ProviderException
-+                                ("Could not find provider " + providerName, e);
-+                        }
-+                    }
-+                }
-+            );
-         }
-         return p;
-     }

SPECS/java-11-openjdk.spec

@@ -156,6 +156,8 @@
 %else
 %global include_fastdebug_build 0
 %endif
+%else
+%global include_fastdebug_build 0
 %endif
 
 %if %{include_debug_build}
@@ -289,7 +291,7 @@
 # New Version-String scheme-style defines
 %global featurever 11
 %global interimver 0
-%global updatever 10
+%global updatever 11
 %global patchver 0
 # If you bump featurever, you must bump also vendor_version_string
 # Used via new version scheme. JDK 11 was
@@ -310,7 +312,7 @@
 
 # Define vendor information used by OpenJDK
 %global oj_vendor Red Hat, Inc.
-%global oj_vendor_url "https://www.redhat.com/"
+%global oj_vendor_url https://www.redhat.com/
 # Define what url should JVM offer in case of a crash report
 # order may be important, epel may have rhel declared
 %if 0%{?epel}
@@ -329,7 +331,7 @@
 %endif
 
 # Define IcedTea version used for SystemTap tapsets and desktop file
-%global icedteaver      6.0.0pre00-c848b93a8598
+%global icedteaver      3.15.0
 
 # Standard JPackage naming and versioning defines
 %global origin          openjdk
@@ -337,7 +339,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        9
-%global rpmrelease      8
+%global rpmrelease      0
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@@ -426,14 +428,6 @@
 
 %global rpm_state_dir %{_localstatedir}/lib/rpm-state/
 
-# For flatpack builds hard-code /usr/sbin/alternatives,
-# otherwise use %%{_sbindir} relative path.
-%if 0%{?flatpak}
-%global alternatives_requires /usr/sbin/alternatives
-%else
-%global alternatives_requires %{_sbindir}/alternatives
-%endif
-
 %if %{with_systemtap}
 # Where to install systemtap tapset (links)
 # We would like these to be in a package specific sub-dir,
@@ -1005,8 +999,8 @@ Requires: ca-certificates
 # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
 Requires: javapackages-filesystem
 # Require zone-info data provided by tzdata-java sub-package
-# 2020b required as of JDK-8254177 in October CPU
-Requires: tzdata-java >= 2020b
+# 2021a required as of JDK-8260356 in April 2021 CPU
+Requires: tzdata-java >= 2021a
 # for support of kernel stream control
 # libsctp.so.1 is being `dlopen`ed on demand
 Requires: lksctp-tools%{?_isa}
@@ -1020,11 +1014,11 @@ Requires: cups-libs
 # for FIPS PKCS11 provider
 Requires: nss
 # Post requires alternatives to install tool alternatives
-Requires(post):   %{alternatives_requires}
+Requires(post):   %{_sbindir}/alternatives
 # in version 1.7 and higher for --family switch
 Requires(post):   chkconfig >= 1.7
 # Postun requires alternatives to uninstall tool alternatives
-Requires(postun): %{alternatives_requires}
+Requires(postun): %{_sbindir}/alternatives
 # in version 1.7 and higher for --family switch
 Requires(postun):   chkconfig >= 1.7
 # for optional support of kernel stream control, card reader and printing bindings
@@ -1050,11 +1044,11 @@ Provides: java-headless%{?1} = %{epoch}:%{version}-%{release}
 Requires:         %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
 OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
 # Post requires alternatives to install tool alternatives
-Requires(post):   %{alternatives_requires}
+Requires(post):   %{_sbindir}/alternatives
 # in version 1.7 and higher for --family switch
 Requires(post):   chkconfig >= 1.7
 # Postun requires alternatives to uninstall tool alternatives
-Requires(postun): %{alternatives_requires}
+Requires(postun): %{_sbindir}/alternatives
 # in version 1.7 and higher for --family switch
 Requires(postun):   chkconfig >= 1.7
 
@@ -1103,11 +1097,11 @@ Provides: java-demo%{?1} = %{epoch}:%{version}-%{release}
 %define java_javadoc_rpo() %{expand:
 OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
 # Post requires alternatives to install javadoc alternative
-Requires(post):   %{alternatives_requires}
+Requires(post):   %{_sbindir}/alternatives
 # in version 1.7 and higher for --family switch
 Requires(post):   chkconfig >= 1.7
 # Postun requires alternatives to uninstall javadoc alternative
-Requires(postun): %{alternatives_requires}
+Requires(postun): %{_sbindir}/alternatives
 # in version 1.7 and higher for --family switch
 Requires(postun):   chkconfig >= 1.7
 
@@ -1173,7 +1167,7 @@ URL:      http://openjdk.java.net/
 Source0: jdk-updates-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz
 
 # Use 'icedtea_sync.sh' to update the following
-# They are based on code contained in the IcedTea project (6.x).
+# They are based on code contained in the IcedTea project (3.x).
 # Systemtap tapsets. Zipped up to keep it small.
 Source8: tapsets-icedtea-%{icedteaver}.tar.xz
 
@@ -1213,7 +1207,7 @@ Patch1:    rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
 Patch2:    rh1648644-java_access_bridge_privileged_security.patch
 # NSS via SunPKCS11 Provider (disabled due to memory leak).
 Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
-# enable build of speculative store bypass hardened alt-java
+# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
 Patch600: rh1750419-redhat_alt_java.patch
 # RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
 Patch1003: rh1842572-rsa_default_for_keytool.patch
@@ -1225,10 +1219,6 @@ Patch1001: rh1655466-global_crypto_and_fips.patch
 Patch1002: rh1818909-fips_default_keystore_type.patch
 # RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
 Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
-# RH1868740: FIPS: IllegalAccessException by pkcs11 provider
-Patch1005: rh1868740-cryptoki_access_to_sunjce.patch
-# RH1883849: FIPS: IllegalAccessException by pkcs11 provider with security manager on
-Patch1006: rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch
 # RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
 Patch1007: rh1915071-always_initialise_configurator_access.patch
 
@@ -1254,8 +1244,6 @@ Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
 Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
 # PR3695: Allow use of system crypto policy to be disabled by the user
 Patch7: pr3695-toggle_system_crypto_policy.patch
-# RH1868754: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer
-Patch11: rh1868754-pkcs11_cancel_on_failure.patch
 
 #############################################
 #
@@ -1304,8 +1292,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
 %ifnarch %{jit_arches}
 BuildRequires: libffi-devel
 %endif
-# 2020b required as of JDK-8254177 in October CPU
-BuildRequires: tzdata-java >= 2020b
+# 2021a required as of JDK-8260356 in April 2021 CPU
+BuildRequires: tzdata-java >= 2021a
 # Earlier versions have a bug in tree vectorization on PPC
 BuildRequires: gcc >= 4.8.3-8
 
@@ -1633,7 +1621,6 @@ pushd %{top_level_dir_name}
 %patch3 -p1
 %patch4 -p1
 %patch7 -p1
-%patch11 -p1
 popd # openjdk
 
 %patch1000
@@ -1642,8 +1629,6 @@ popd # openjdk
 %patch1002
 %patch1003
 %patch1004
-%patch1005
-%patch1006
 %patch1007
 
 # Extract systemtap tapsets
@@ -1661,12 +1646,11 @@ for suffix in %{build_loop} ; do
   for file in "tapset"$suffix/*.in; do
     OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
     sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1
-    sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2
 # TODO find out which architectures other than i686 have a client vm
 %ifarch %{ix86}
-    sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE
+    sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
 %else
-    sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE
+    sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
 %endif
     sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
     sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
@@ -1878,7 +1862,7 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
 
 # Check correct vendor values have been set
 $JAVA_HOME/bin/javac -d . %{SOURCE16}
-$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}"
 
 # Check java launcher has no SSB mitigation
 if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
@@ -2350,57 +2334,65 @@ end
 %endif
 
 %changelog
-* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-8
+* Thu Apr 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-0
+- Update to jdk-11.0.11.0+9
+- Update release notes to 11.0.11.0+9
+- Require tzdata 2020f to match upstream change JDK-8259048
+- Require tzdata 2021a to match upstream change JDK-8260356
+- Remove RH1868754 patch as this is now resolved upstream by JDK-8258833
+- Remove RH1868740 & RH1883849 patches as these are now resolved by JDK-8259319
+- This tarball is embargoed until 2021-04-20 @ 1pm PT.
+- Resolves: rhbz#1938201
+
+* Thu Apr 15 2021 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:11.0.11.0.9-0
+- Fix issue where CheckVendor.java test erroneously passes when it should fail.
+- Add proper quoting so '&' is not treated as a special character by the shell.
+- Fixed not-including fastdebug build in case of --without fastdebug
+- Resolves: rhbz#1938201
+
+* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-5
 - Perform static library build on a separate source tree with bundled image libraries
 - Make static library build optional
 - Based on initial work by Severin Gehwolf
 - Resolves: rhbz#1930513
 
-* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-7
-- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps)
-- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
-- Resolves: rhbz#1814915
-
-* Mon Feb 22 2021 Stephan Bergmann <sbergman@redhat.com> - 1:11.0.10.0.9-6
-- Hardcode /usr/sbin/alternatives for Flatpak builds
-- Resolves: rhbz#1930370
-
-* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-5
+* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-4
 - Fix accidental use of $ instead of % for variable reference.
 - Resolves: rhbz#1908972
 
-* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-4
+* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-3
 - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs.
 - Resolves: rhbz#1915071
 
-* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-3
+* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-2
 - Fix debug and fastdebug descriptions to emphasise the difference is optimisation or no optimisation.
 - Resolves: rhbz#1908972
 
-* Sun Jan 17 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.10.0.9-3
+* Sun Jan 17 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.10.0.9-2
 - Removed lib-style provides for fastdebug_suffix_unquoted
 - Fixed missing condition for fastdebug packages being counted as debug ones
 - Fix typo in variable
 - Resolves: rhbz#1908972
 
-* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-2
+* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-1
 - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
 - Resolves: rhbz#1894083
 
-* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-1
+* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-0
 - Update to jdk-11.0.10.0+9
 - Update release notes to 11.0.10.0+9
 - Switch to GA mode for final release.
+- This tarball is embargoed until 2021-01-19 @ 1pm PT.
 - Resolves: rhbz#1908972
 
-* Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.1.ea
+* Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.0.ea
 - Update to jdk-11.0.10.0+8
 - Update release notes to 11.0.10.0+8.
 - Update tarball generation script to use PR3818 which handles JDK-8171279 changes
 - Drop JDK-8250861 as applied upstream.
 - Resolves: rhbz#1903908
 
-* Tue Jan 12 2021 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.1.ea
+* Tue Jan 12 2021 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.0.ea
 - Update to jdk-11.0.10.0+1
 - Update release notes to 11.0.10.0+1
 - Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
@@ -2414,47 +2406,41 @@ end
 - Adjust RH1842572 patch due to context change from JDK-8213400
 - Resolves: rhbz#1903908
 
-* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-9
+* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-6
 - Introduced ssbd_arches to denote architectures with SSBD mitigation (currently only x86_64)
 - Introduced nm-based check to verify alt-java on ssbd_arches is patched, and no other alt-java or java binaries are patched
 - RH1750419 patch amended to emit a warning on architectures where alt-java is the same as java
 - Resolves: rhbz#1784116
 
-* Tue Dec 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-9
+* Tue Dec 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-6
 - Redefined linux -> __linux__ and __x86_64 -> __x86_64__ in RH1750419 patch
 - Resolves: rhbz#1784116
 
-* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-8
+* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-5
 - Update release notes for 11.0.9.1 release.
 - Resolves: rhbz#1895274
 
-* Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-7
-- removed patch6, rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch
-- added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch
-- no longer copying of java->alt-java as it is created by  patch600
+* Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-4
+- Removed patch6: rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch
+- Added patch600: rh1750419-redhat_alt_java.patch, surpassing removed patch
+- No longer copy java->alt-java as it is created by patch600
 - Resolves: rhbz#1784116
 
-* Wed Nov 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-6
+* Wed Nov 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-3
 - Fix typo of build_doc_archive/built_doc_archive
 - Resolves: rhbz#1895274
 
-* Wed Nov 04 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-5
+* Wed Nov 04 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-3
 - Update to jdk-11.0.9.1+1
 - RPM version stays at 11.0.9.11 so as to not break upgrade path.
 - Adds a single patch for JDK-8250861.
 - Resolves: rhbz#1895274
 
-* Thu Oct 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-4
+* Thu Oct 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-3
 - Move all license files to NVR-specific JVM directory.
 - This bad placement was killing parallel installability and thus having a bad impact on leapp, if used.
 - Resolves: rhbz#1889481
 
-* Tue Oct 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-3
-- Bump release number to build on RHEL 8.4.0 branch.
-- Resolves: rhbz#1876665
-- Resolves: rhbz#1889497
-- Resolves: rhbz#1883849
-
 * Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-2
 - Add backport of JDK-8236512 to correct use of killSession
 - Resolves: rhbz#1889497
@@ -2477,13 +2463,13 @@ end
 
 * Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.3.ea
 - Improve quoting of vendor name
-- Resolves: rhbz#1876665
+- Resolves: rhbz#1883849
 
 * Wed Oct 14 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.10-0.3.ea
 - Set vendor property and vendor URLs
 - Made URLs to be preconfigured by OS
 - Moved vendor_version_string to a better place
-- Resolves: rhbz#1876665
+- Resolves: rhbz#1883849
 
 * Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.2.ea
 - Add patch to allow the PKCS11 provider access to the SunJCE provider with the security manager enabled