import java-11-openjdk-11.0.11.0.9-0.el8_3

This commit is contained in:
CentOS Sources 2021-04-20 17:35:34 -04:00 committed by Andrew Lukoshko
parent f9e0e6d6c8
commit 373bb3e8d3
7 changed files with 394 additions and 170 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -1,2 +1,2 @@
8fb81cb2ae37ec04bfc0e3651257a9f9756786a6 SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz a339f6e108c16a23c47504565b602a6fc395bf2e SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz

View File

@ -3,6 +3,337 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 11.0.11 (2021-04-20):
=============================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk11011
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt
* Security fixes
- JDK-8244473: Contextualize registration for JNDI
- JDK-8244543: Enhanced handling of abstract classes
- JDK-8249906, CVE-2021-2163: Enhance opening JARs
- JDK-8250568, CVE-2021-2161: Less ambiguous processing
- JDK-8253799: Make lists of normal filenames
- JDK-8257001: Improve Http Client Support
* Other changes
- JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
- JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
- JDK-8168869: jdeps: localized messages don't use proper line breaks
- JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID
- JDK-8202343: Disable TLS 1.0 and 1.1
- JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers
- JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes
- JDK-8210413: AArch64: Optimize div/rem by constant in C1
- JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction
- JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar
- JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output
- JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak
- JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module
- JDK-8212043: Add floating-point Math.min/max intrinsics
- JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out
- JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows
- JDK-8213909: jdeps --print-module-deps should report missing dependences
- JDK-8214180: Need better granularity for sleeping
- JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file
- JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable
- JDK-8214741: docs/index.html has no title or copyright
- JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043
- JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails
- JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown
- JDK-8218550: Add test omitted from JDK-8212043
- JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
- JDK-8221995: AARCH64: problems with CAS instructions encoding
- JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread
- JDK-8222785: aarch64: add necessary masking for immediate shift counts
- JDK-8223186: HotSpot compile warnings from GCC 9
- JDK-8225773: jdeps --check produces NPE if there are missing module dependences
- JDK-8225805: Java Access Bridge does not close the logger
- JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props
- JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line
- JDK-8229474: Shenandoah: Cleanup CM::update_roots()
- JDK-8232225: Rework the fix for JDK-8071483
- JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant
- JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain
- JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system
- JDK-8233912: aarch64: minor improvements of atomic operations
- JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
- JDK-8234742: Improve handshake logging
- JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure
- JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate
- JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag
- JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test
- JDK-8237392: Shenandoah: Remove unreliable assertion
- JDK-8237483: AArch64 C1 OopMap inserted twice fatal error
- JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
- JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS)
- JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
- JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent."
- JDK-8240751: Shenandoah: fold ShenandoahTracer definition
- JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found"
- JDK-8241598: Upgrade JLine to 3.14.0
- JDK-8241649: Optimize Character.toString
- JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module
- JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I
- JDK-8242030: Wrong package declarations in jline classes after JDK-8241598
- JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
- JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox
- JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal
- JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI
- JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
- JDK-8244340: Handshake processing thread lacks yielding
- JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file
- JDK-8244683: A TSA server used by tests
- JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant
- JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused
- JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent
- JDK-8245512: CRC32 optimization using AVX512 instructions
- JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos
- JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel
- JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683
- JDK-8247200: assert((unsigned)fpargs < 32)
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn.
- JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
- JDK-8248865: Document JNDI/LDAP timeout properties
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
- JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent
- JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
- JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash
- JDK-8249787: Make TestGCLocker more resilient with concurrent GCs
- JDK-8249867: xml declaration is not followed by a newline
- JDK-8250911: [windows] os::pd_map_memory() error detection broken
- JDK-8251255: [linux] Add process-memory information to hs-err and VM.info
- JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
- JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance
- JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java
- JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X
- JDK-8253220: Epsilon: clean up unused code/declarations
- JDK-8253274: The CycleDMImagetest brokes the system
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
- JDK-8253368: TLS connection always receives close_notify exception
- JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms
- JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop()
- JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
- JDK-8253409: Double-rounding possibility in float fma
- JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
- JDK-8253524: C2: Refactor code that clones predicates during loop unswitching
- JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected
- JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
- JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
- JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
- JDK-8254104: MethodCounters must exist before nmethod is installed
- JDK-8254734: "dead loop detected" assert failure with patch from 8223051
- JDK-8254748: Bad Copyright header format after JDK-8212218
- JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs
- JDK-8255058: C1: assert(is_virtual()) failed: type check
- JDK-8255351: Add detection for Graviton 2 CPUs
- JDK-8255387: Japanese characters were printed upside down on AIX
- JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity
- JDK-8255544: Create a checked cast
- JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
- JDK-8255681: print callstack in error case in runAWTLoopWithApp
- JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
- JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls
- JDK-8255845: Memory leak in imageFile.cpp
- JDK-8255880: UI of Swing components is not redrawn after their internal state changed
- JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
- JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls
- JDK-8256056: Deoptimization stub doesn't save vector registers on x86
- JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers
- JDK-8256187: [TEST_BUG] Automate bug4275046.java test
- JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg
- JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe
- JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows
- JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32
- JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails
- JDK-8256387: Unexpected result if patching an entire instruction on AArch64
- JDK-8256421: Add 2 HARICA roots to cacerts truststore
- JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory
- JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners
- JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2
- JDK-8256633: Fix product build on Windows+Arm64
- JDK-8256682: JDK-8202343 is incomplete
- JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file
- JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32
- JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
- JDK-8256807: C2: Not marking stores correctly as mismatched in string opts
- JDK-8256810: Incremental rebuild broken on Macosx
- JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
- JDK-8256888: Client manual test problem list update
- JDK-8257083: Security infra test failures caused by JDK-8202343
- JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11
- JDK-8257423: [PPC64] Support -XX:-UseInlineCaches
- JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on
- JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset())
- JDK-8257547: Handle multiple prereqs on the same line in deps files
- JDK-8257561: Some code is not vectorized after 8251925 and 8250607
- JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler
- JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification
- JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle
- JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm
- JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
- JDK-8257707: Fix incorrect format string in Http1HeaderParser
- JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
- JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset()
- JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
- JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime.
- JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
- JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
- JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234
- JDK-8258247: Couple of issues in fix for JDK-8249906
- JDK-8258373: Update the text handling in the JPasswordField
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
- JDK-8258419: RSA cipher buffer cleanup
- JDK-8258471: "search codecache" clhsdb command does not work
- JDK-8258534: Epsilon: clean up unused includes
- JDK-8258805: Japanese characters not entered by mouse click on Windows 10
- JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
- JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo
- JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test
- JDK-8259007: This test printed a blank page
- JDK-8259049: Uninitialized variable after JDK-8257513
- JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false
- JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
- JDK-8259231: Epsilon: improve performance under contention during virtual space expansion
- JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days
- JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
- JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input
- JDK-8259428: AlgorithmId.getEncodedParams() should return copy
- JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty
- JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags
- JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
- JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543
- JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value
- JDK-8259707: LDAP channel binding does not work with StartTLS extension
- JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction
- JDK-8259849: Shenandoah: Rename store-val to IU-barrier
- JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
- JDK-8260029: aarch64: fix typo in verify_oop_array
- JDK-8260308: Update LogCompilation junit to 4.13.1
- JDK-8260338: Some fields in HaltNode is not cloned
- JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
- JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
- JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive
- JDK-8260497: Shenandoah: Improve SATB flushing
- JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
- JDK-8260632: Build failures after JDK-8253353
- JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
- JDK-8261022: Fix incorrect result of Math.abs() with char type
- JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x
- JDK-8261183: Follow on to Make lists of normal filenames
- JDK-8261209: isStandalone property: remove dependency on pretty-print
- JDK-8261231: Windows IME was disabled after DnD operation
- JDK-8261251: Shenandoah: Use object size for full GC humongous compaction
- JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined
- JDK-8261334: NMT: tuning statistic shows incorrect hash distribution
- JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
- JDK-8261522: [PPC64] AES intrinsics write beyond the destination array
- JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined
- JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap
- JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702
- JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u
- JDK-8261912: Code IfNode::fold_compares_helper more defensively
- JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales
- JDK-8262018: Wrong format in SAP copyright header of OsVersionTest
- JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator
Notes on individual issues:
===========================
core-libs/javax.naming:
JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos
===============================================================
A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has
been added to enable TLS Channel Binding data in LDAP authentication
over SSL/TLS protocol to the Windows AD server. The only valid value
at present is "tls-server-end-point", where channel binding data is
created on the base of the TLS server certificate. See RFC-5929 [0]
and the module description of the `java.naming` module for further
details.
[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt
security-libs/java.security:
JDK-8260597: Added 2 HARICA Root CA Certificates
================================================
The following root certificates have been added to the cacerts truststore:
Alias Name: haricarootca2015
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
Alias Name: haricaeccrootca2015
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
security-libs/javax.net.ssl:
JDK-8256490: Disable TLS 1.0 and 1.1
====================================
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
considered secure and have been superseded by more secure and modern
versions (TLS 1.2 and 1.3).
These versions have now been disabled by default. If you encounter
issues, you can, at your own risk, re-enable the versions by removing
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
security property in the `java.security` configuration file.
tools:
JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies
======================================================================
`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps`
options have been enhanced as follows.
1. By default, they perform transitive module dependence analysis on
libraries on the class path and module path, both directly and
indirectly, as required by the given input JAR files or
classes. Previously, they only reported the modules required by the
given input JAR files or classes. The `--no-recursive` option can be
used to request non-transitive dependence analysis.
2. By default, they flag any missing dependency, i.e. not found from
class path and module path, as an error. The `--ignore-missing-deps`
option can be used to suppress missing dependence errors. Note that a
custom image is created with the list of modules output by jdeps when
using the `--ignore-missing-deps` option for a non-modular
application. Such an application, running on the custom image, might
fail at runtime when missing dependence errors are suppressed.
xml/jaxp:
JDK-8249867 XML declaration is not followed by a newline
========================================================
The DOM Load and Save `LSSerializer` does not have an explicit control
for whether or not the XML Declaration ends with a newline. In this
release, a JDK implementation specific property
`http://www.oracle.com/xml/jaxp/properties/isStandalone` and
corresponding System property `jdk.xml.isStandalone` are added to
control the addition of a newline and act independently without
having to set the pretty-print property. This property can be used to
reverse the incompatible change introduced in Java SE 7 Update 4 with
an update of Xalan 2.7.1 where a newline is omitted when pretty-print
is required.
For details, please refer to the bug report and the java.xml module-summary.
Usage:
// to set the property, get an instance of LSSerializer and set it along with pretty-print
LSSerializer ser = impl.createLSSerializer();
ser.getDomConfig().setParameter("format-pretty-print", true);
ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true);
// to use the System property, set it before initializing a LSSerializer
System.setProperty("jdk.xml.isStandalone", “true”);
// to clear the property, place the line anywhere after the LSSerializer is initialized
System.clearProperty("jdk.xml.isStandalone");
New in release OpenJDK 11.0.10 (2021-01-19): New in release OpenJDK 11.0.10 (2021-01-19):
============================================= =============================================
Live versions of these release notes can be found at: Live versions of these release notes can be found at:

View File

@ -1,12 +0,0 @@
diff -r eba0f976c468 -r 1fceafb49be5 src/java.base/share/classes/module-info.java
--- openjdk/src/java.base/share/classes/module-info.java Thu Jul 30 15:05:22 2020 +0200
+++ openjdk/src/java.base/share/classes/module-info.java Thu Aug 13 15:17:59 2020 +0200
@@ -132,6 +132,8 @@
// additional qualified exports may be inserted at build time
// see make/gensrc/GenModuleInfo.gmk
+ exports com.sun.crypto.provider to
+ jdk.crypto.cryptoki;
exports com.sun.security.ntlm to
java.security.sasl;
exports jdk.internal to

View File

@ -1,21 +0,0 @@
diff -r e10f558e1df5 openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
--- openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 16:12:32 2020 +0100
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:17:50 2020 -0300
@@ -628,7 +628,7 @@
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
- reset(false);
+ reset(true);
throw new ProviderException("update() failed", e);
}
}
@@ -746,7 +746,7 @@
throw (ShortBufferException)
(new ShortBufferException().initCause(e));
}
- reset(false);
+ reset(true);
throw new ProviderException("update() failed", e);
}
}

View File

@ -1,60 +0,0 @@
# HG changeset patch
# User Zdenek Zambersky <zzambers@redhat.com>
# Date 1601403587 -7200
# Tue Sep 29 20:19:47 2020 +0200
# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
# Parent d484fdfcc7d5c21812de8a0712236d077b0f2dde
Fixed default policy for jdk.crypto.cryptoki
diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
--- openjdk.orig/src/java.base/share/lib/security/default.policy Wed Sep 02 07:36:15 2020 +0200
+++ openjdk/src/java.base/share/lib/security/default.policy Tue Sep 29 20:19:47 2020 +0200
@@ -124,6 +124,8 @@
grant codeBase "jrt:/jdk.crypto.cryptoki" {
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.com.sun.crypto.provider";
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
# HG changeset patch
# User Zdenek Zambersky <zzambers@redhat.com>
# Date 1601419086 -7200
# Wed Sep 30 00:38:06 2020 +0200
# Node ID 02c8b154f728be3dd06239a98519d654e2127186
# Parent f77ac813eee61b2e9616b2d71a2c5372d0cbd158
P11Util: Create provider in priviledged block
diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Tue Sep 29 20:19:47 2020 +0200
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Wed Sep 30 00:38:06 2020 +0200
@@ -87,14 +87,20 @@
}
p = Security.getProvider(providerName);
if (p == null) {
- try {
- @SuppressWarnings("deprecation")
- Object o = Class.forName(className).newInstance();
- p = (Provider)o;
- } catch (Exception e) {
- throw new ProviderException
- ("Could not find provider " + providerName, e);
- }
+ p = AccessController.doPrivileged(
+ new PrivilegedAction<Provider>() {
+ public Provider run() {
+ try {
+ @SuppressWarnings("deprecation")
+ Object o = Class.forName(className).newInstance();
+ return (Provider) o;
+ } catch (Exception e) {
+ throw new ProviderException
+ ("Could not find provider " + providerName, e);
+ }
+ }
+ }
+ );
}
return p;
}

View File

@ -156,6 +156,8 @@
%else %else
%global include_fastdebug_build 0 %global include_fastdebug_build 0
%endif %endif
%else
%global include_fastdebug_build 0
%endif %endif
%if %{include_debug_build} %if %{include_debug_build}
@ -289,7 +291,7 @@
# New Version-String scheme-style defines # New Version-String scheme-style defines
%global featurever 11 %global featurever 11
%global interimver 0 %global interimver 0
%global updatever 10 %global updatever 11
%global patchver 0 %global patchver 0
# If you bump featurever, you must bump also vendor_version_string # If you bump featurever, you must bump also vendor_version_string
# Used via new version scheme. JDK 11 was # Used via new version scheme. JDK 11 was
@ -310,7 +312,7 @@
# Define vendor information used by OpenJDK # Define vendor information used by OpenJDK
%global oj_vendor Red Hat, Inc. %global oj_vendor Red Hat, Inc.
%global oj_vendor_url "https://www.redhat.com/" %global oj_vendor_url https://www.redhat.com/
# Define what url should JVM offer in case of a crash report # Define what url should JVM offer in case of a crash report
# order may be important, epel may have rhel declared # order may be important, epel may have rhel declared
%if 0%{?epel} %if 0%{?epel}
@ -329,7 +331,7 @@
%endif %endif
# Define IcedTea version used for SystemTap tapsets and desktop file # Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598 %global icedteaver 3.15.0
# Standard JPackage naming and versioning defines # Standard JPackage naming and versioning defines
%global origin openjdk %global origin openjdk
@ -337,7 +339,7 @@
%global top_level_dir_name %{origin} %global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup %global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 9 %global buildver 9
%global rpmrelease 8 %global rpmrelease 0
#%%global tagsuffix %%{nil} #%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk %if %is_system_jdk
@ -426,14 +428,6 @@
%global rpm_state_dir %{_localstatedir}/lib/rpm-state/ %global rpm_state_dir %{_localstatedir}/lib/rpm-state/
# For flatpack builds hard-code /usr/sbin/alternatives,
# otherwise use %%{_sbindir} relative path.
%if 0%{?flatpak}
%global alternatives_requires /usr/sbin/alternatives
%else
%global alternatives_requires %{_sbindir}/alternatives
%endif
%if %{with_systemtap} %if %{with_systemtap}
# Where to install systemtap tapset (links) # Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir, # We would like these to be in a package specific sub-dir,
@ -1005,8 +999,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package # Require zone-info data provided by tzdata-java sub-package
# 2020b required as of JDK-8254177 in October CPU # 2021a required as of JDK-8260356 in April 2021 CPU
Requires: tzdata-java >= 2020b Requires: tzdata-java >= 2021a
# for support of kernel stream control # for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand # libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa} Requires: lksctp-tools%{?_isa}
@ -1020,11 +1014,11 @@ Requires: cups-libs
# for FIPS PKCS11 provider # for FIPS PKCS11 provider
Requires: nss Requires: nss
# Post requires alternatives to install tool alternatives # Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires} Requires(post): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch # in version 1.7 and higher for --family switch
Requires(post): chkconfig >= 1.7 Requires(post): chkconfig >= 1.7
# Postun requires alternatives to uninstall tool alternatives # Postun requires alternatives to uninstall tool alternatives
Requires(postun): %{alternatives_requires} Requires(postun): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch # in version 1.7 and higher for --family switch
Requires(postun): chkconfig >= 1.7 Requires(postun): chkconfig >= 1.7
# for optional support of kernel stream control, card reader and printing bindings # for optional support of kernel stream control, card reader and printing bindings
@ -1050,11 +1044,11 @@ Provides: java-headless%{?1} = %{epoch}:%{version}-%{release}
Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# Post requires alternatives to install tool alternatives # Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires} Requires(post): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch # in version 1.7 and higher for --family switch
Requires(post): chkconfig >= 1.7 Requires(post): chkconfig >= 1.7
# Postun requires alternatives to uninstall tool alternatives # Postun requires alternatives to uninstall tool alternatives
Requires(postun): %{alternatives_requires} Requires(postun): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch # in version 1.7 and higher for --family switch
Requires(postun): chkconfig >= 1.7 Requires(postun): chkconfig >= 1.7
@ -1103,11 +1097,11 @@ Provides: java-demo%{?1} = %{epoch}:%{version}-%{release}
%define java_javadoc_rpo() %{expand: %define java_javadoc_rpo() %{expand:
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# Post requires alternatives to install javadoc alternative # Post requires alternatives to install javadoc alternative
Requires(post): %{alternatives_requires} Requires(post): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch # in version 1.7 and higher for --family switch
Requires(post): chkconfig >= 1.7 Requires(post): chkconfig >= 1.7
# Postun requires alternatives to uninstall javadoc alternative # Postun requires alternatives to uninstall javadoc alternative
Requires(postun): %{alternatives_requires} Requires(postun): %{_sbindir}/alternatives
# in version 1.7 and higher for --family switch # in version 1.7 and higher for --family switch
Requires(postun): chkconfig >= 1.7 Requires(postun): chkconfig >= 1.7
@ -1173,7 +1167,7 @@ URL: http://openjdk.java.net/
Source0: jdk-updates-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz Source0: jdk-updates-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz
# Use 'icedtea_sync.sh' to update the following # Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x). # They are based on code contained in the IcedTea project (3.x).
# Systemtap tapsets. Zipped up to keep it small. # Systemtap tapsets. Zipped up to keep it small.
Source8: tapsets-icedtea-%{icedteaver}.tar.xz Source8: tapsets-icedtea-%{icedteaver}.tar.xz
@ -1213,7 +1207,7 @@ Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
Patch2: rh1648644-java_access_bridge_privileged_security.patch Patch2: rh1648644-java_access_bridge_privileged_security.patch
# NSS via SunPKCS11 Provider (disabled due to memory leak). # NSS via SunPKCS11 Provider (disabled due to memory leak).
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
# enable build of speculative store bypass hardened alt-java # RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
Patch600: rh1750419-redhat_alt_java.patch Patch600: rh1750419-redhat_alt_java.patch
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY # RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
Patch1003: rh1842572-rsa_default_for_keytool.patch Patch1003: rh1842572-rsa_default_for_keytool.patch
@ -1225,10 +1219,6 @@ Patch1001: rh1655466-global_crypto_and_fips.patch
Patch1002: rh1818909-fips_default_keystore_type.patch Patch1002: rh1818909-fips_default_keystore_type.patch
# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available # RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
# RH1868740: FIPS: IllegalAccessException by pkcs11 provider
Patch1005: rh1868740-cryptoki_access_to_sunjce.patch
# RH1883849: FIPS: IllegalAccessException by pkcs11 provider with security manager on
Patch1006: rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch
# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess # RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
Patch1007: rh1915071-always_initialise_configurator_access.patch Patch1007: rh1915071-always_initialise_configurator_access.patch
@ -1254,8 +1244,6 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# PR3695: Allow use of system crypto policy to be disabled by the user # PR3695: Allow use of system crypto policy to be disabled by the user
Patch7: pr3695-toggle_system_crypto_policy.patch Patch7: pr3695-toggle_system_crypto_policy.patch
# RH1868754: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer
Patch11: rh1868754-pkcs11_cancel_on_failure.patch
############################################# #############################################
# #
@ -1304,8 +1292,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
%ifnarch %{jit_arches} %ifnarch %{jit_arches}
BuildRequires: libffi-devel BuildRequires: libffi-devel
%endif %endif
# 2020b required as of JDK-8254177 in October CPU # 2021a required as of JDK-8260356 in April 2021 CPU
BuildRequires: tzdata-java >= 2020b BuildRequires: tzdata-java >= 2021a
# Earlier versions have a bug in tree vectorization on PPC # Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8 BuildRequires: gcc >= 4.8.3-8
@ -1633,7 +1621,6 @@ pushd %{top_level_dir_name}
%patch3 -p1 %patch3 -p1
%patch4 -p1 %patch4 -p1
%patch7 -p1 %patch7 -p1
%patch11 -p1
popd # openjdk popd # openjdk
%patch1000 %patch1000
@ -1642,8 +1629,6 @@ popd # openjdk
%patch1002 %patch1002
%patch1003 %patch1003
%patch1004 %patch1004
%patch1005
%patch1006
%patch1007 %patch1007
# Extract systemtap tapsets # Extract systemtap tapsets
@ -1661,12 +1646,11 @@ for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do for file in "tapset"$suffix/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1 sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1
sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2
# TODO find out which architectures other than i686 have a client vm # TODO find out which architectures other than i686 have a client vm
%ifarch %{ix86} %ifarch %{ix86}
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
%else %else
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
%endif %endif
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
@ -1878,7 +1862,7 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check correct vendor values have been set # Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16} $JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}"
# Check java launcher has no SSB mitigation # Check java launcher has no SSB mitigation
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
@ -2350,57 +2334,65 @@ end
%endif %endif
%changelog %changelog
* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-8 * Thu Apr 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-0
- Update to jdk-11.0.11.0+9
- Update release notes to 11.0.11.0+9
- Require tzdata 2020f to match upstream change JDK-8259048
- Require tzdata 2021a to match upstream change JDK-8260356
- Remove RH1868754 patch as this is now resolved upstream by JDK-8258833
- Remove RH1868740 & RH1883849 patches as these are now resolved by JDK-8259319
- This tarball is embargoed until 2021-04-20 @ 1pm PT.
- Resolves: rhbz#1938201
* Thu Apr 15 2021 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:11.0.11.0.9-0
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the shell.
- Fixed not-including fastdebug build in case of --without fastdebug
- Resolves: rhbz#1938201
* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-5
- Perform static library build on a separate source tree with bundled image libraries - Perform static library build on a separate source tree with bundled image libraries
- Make static library build optional - Make static library build optional
- Based on initial work by Severin Gehwolf - Based on initial work by Severin Gehwolf
- Resolves: rhbz#1930513 - Resolves: rhbz#1930513
* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-7 * Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-4
- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps)
- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
- Resolves: rhbz#1814915
* Mon Feb 22 2021 Stephan Bergmann <sbergman@redhat.com> - 1:11.0.10.0.9-6
- Hardcode /usr/sbin/alternatives for Flatpak builds
- Resolves: rhbz#1930370
* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-5
- Fix accidental use of $ instead of % for variable reference. - Fix accidental use of $ instead of % for variable reference.
- Resolves: rhbz#1908972 - Resolves: rhbz#1908972
* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-4 * Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-3
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs. - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs.
- Resolves: rhbz#1915071 - Resolves: rhbz#1915071
* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-3 * Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-2
- Fix debug and fastdebug descriptions to emphasise the difference is optimisation or no optimisation. - Fix debug and fastdebug descriptions to emphasise the difference is optimisation or no optimisation.
- Resolves: rhbz#1908972 - Resolves: rhbz#1908972
* Sun Jan 17 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.10.0.9-3 * Sun Jan 17 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.10.0.9-2
- Removed lib-style provides for fastdebug_suffix_unquoted - Removed lib-style provides for fastdebug_suffix_unquoted
- Fixed missing condition for fastdebug packages being counted as debug ones - Fixed missing condition for fastdebug packages being counted as debug ones
- Fix typo in variable - Fix typo in variable
- Resolves: rhbz#1908972 - Resolves: rhbz#1908972
* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-2 * Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-1
- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
- Resolves: rhbz#1894083 - Resolves: rhbz#1894083
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-1 * Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-0
- Update to jdk-11.0.10.0+9 - Update to jdk-11.0.10.0+9
- Update release notes to 11.0.10.0+9 - Update release notes to 11.0.10.0+9
- Switch to GA mode for final release. - Switch to GA mode for final release.
- This tarball is embargoed until 2021-01-19 @ 1pm PT.
- Resolves: rhbz#1908972 - Resolves: rhbz#1908972
* Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.1.ea * Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.0.ea
- Update to jdk-11.0.10.0+8 - Update to jdk-11.0.10.0+8
- Update release notes to 11.0.10.0+8. - Update release notes to 11.0.10.0+8.
- Update tarball generation script to use PR3818 which handles JDK-8171279 changes - Update tarball generation script to use PR3818 which handles JDK-8171279 changes
- Drop JDK-8250861 as applied upstream. - Drop JDK-8250861 as applied upstream.
- Resolves: rhbz#1903908 - Resolves: rhbz#1903908
* Tue Jan 12 2021 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.1.ea * Tue Jan 12 2021 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.0.ea
- Update to jdk-11.0.10.0+1 - Update to jdk-11.0.10.0+1
- Update release notes to 11.0.10.0+1 - Update release notes to 11.0.10.0+1
- Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly. - Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
@ -2414,47 +2406,41 @@ end
- Adjust RH1842572 patch due to context change from JDK-8213400 - Adjust RH1842572 patch due to context change from JDK-8213400
- Resolves: rhbz#1903908 - Resolves: rhbz#1903908
* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-9 * Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-6
- Introduced ssbd_arches to denote architectures with SSBD mitigation (currently only x86_64) - Introduced ssbd_arches to denote architectures with SSBD mitigation (currently only x86_64)
- Introduced nm-based check to verify alt-java on ssbd_arches is patched, and no other alt-java or java binaries are patched - Introduced nm-based check to verify alt-java on ssbd_arches is patched, and no other alt-java or java binaries are patched
- RH1750419 patch amended to emit a warning on architectures where alt-java is the same as java - RH1750419 patch amended to emit a warning on architectures where alt-java is the same as java
- Resolves: rhbz#1784116 - Resolves: rhbz#1784116
* Tue Dec 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-9 * Tue Dec 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-6
- Redefined linux -> __linux__ and __x86_64 -> __x86_64__ in RH1750419 patch - Redefined linux -> __linux__ and __x86_64 -> __x86_64__ in RH1750419 patch
- Resolves: rhbz#1784116 - Resolves: rhbz#1784116
* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-8 * Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-5
- Update release notes for 11.0.9.1 release. - Update release notes for 11.0.9.1 release.
- Resolves: rhbz#1895274 - Resolves: rhbz#1895274
* Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-7 * Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-4
- removed patch6, rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch - Removed patch6: rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch
- added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch - Added patch600: rh1750419-redhat_alt_java.patch, surpassing removed patch
- no longer copying of java->alt-java as it is created by patch600 - No longer copy java->alt-java as it is created by patch600
- Resolves: rhbz#1784116 - Resolves: rhbz#1784116
* Wed Nov 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-6 * Wed Nov 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-3
- Fix typo of build_doc_archive/built_doc_archive - Fix typo of build_doc_archive/built_doc_archive
- Resolves: rhbz#1895274 - Resolves: rhbz#1895274
* Wed Nov 04 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-5 * Wed Nov 04 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-3
- Update to jdk-11.0.9.1+1 - Update to jdk-11.0.9.1+1
- RPM version stays at 11.0.9.11 so as to not break upgrade path. - RPM version stays at 11.0.9.11 so as to not break upgrade path.
- Adds a single patch for JDK-8250861. - Adds a single patch for JDK-8250861.
- Resolves: rhbz#1895274 - Resolves: rhbz#1895274
* Thu Oct 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-4 * Thu Oct 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-3
- Move all license files to NVR-specific JVM directory. - Move all license files to NVR-specific JVM directory.
- This bad placement was killing parallel installability and thus having a bad impact on leapp, if used. - This bad placement was killing parallel installability and thus having a bad impact on leapp, if used.
- Resolves: rhbz#1889481 - Resolves: rhbz#1889481
* Tue Oct 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-3
- Bump release number to build on RHEL 8.4.0 branch.
- Resolves: rhbz#1876665
- Resolves: rhbz#1889497
- Resolves: rhbz#1883849
* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-2 * Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-2
- Add backport of JDK-8236512 to correct use of killSession - Add backport of JDK-8236512 to correct use of killSession
- Resolves: rhbz#1889497 - Resolves: rhbz#1889497
@ -2477,13 +2463,13 @@ end
* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.3.ea * Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.3.ea
- Improve quoting of vendor name - Improve quoting of vendor name
- Resolves: rhbz#1876665 - Resolves: rhbz#1883849
* Wed Oct 14 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.10-0.3.ea * Wed Oct 14 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.10-0.3.ea
- Set vendor property and vendor URLs - Set vendor property and vendor URLs
- Made URLs to be preconfigured by OS - Made URLs to be preconfigured by OS
- Moved vendor_version_string to a better place - Moved vendor_version_string to a better place
- Resolves: rhbz#1876665 - Resolves: rhbz#1883849
* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.2.ea * Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.2.ea
- Add patch to allow the PKCS11 provider access to the SunJCE provider with the security manager enabled - Add patch to allow the PKCS11 provider access to the SunJCE provider with the security manager enabled