import java-11-openjdk-11.0.11.0.9-0.el8_3
This commit is contained in:
parent
f9e0e6d6c8
commit
373bb3e8d3
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
|
||||
SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
@ -1,2 +1,2 @@
|
||||
8fb81cb2ae37ec04bfc0e3651257a9f9756786a6 SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz
|
||||
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
|
||||
a339f6e108c16a23c47504565b602a6fc395bf2e SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz
|
||||
7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz
|
||||
|
331
SOURCES/NEWS
331
SOURCES/NEWS
@ -3,6 +3,337 @@ Key:
|
||||
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
|
||||
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
|
||||
|
||||
New in release OpenJDK 11.0.11 (2021-04-20):
|
||||
=============================================
|
||||
Live versions of these release notes can be found at:
|
||||
* https://bitly.com/openjdk11011
|
||||
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt
|
||||
|
||||
* Security fixes
|
||||
- JDK-8244473: Contextualize registration for JNDI
|
||||
- JDK-8244543: Enhanced handling of abstract classes
|
||||
- JDK-8249906, CVE-2021-2163: Enhance opening JARs
|
||||
- JDK-8250568, CVE-2021-2161: Less ambiguous processing
|
||||
- JDK-8253799: Make lists of normal filenames
|
||||
- JDK-8257001: Improve Http Client Support
|
||||
* Other changes
|
||||
- JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
|
||||
- JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
|
||||
- JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
|
||||
- JDK-8168869: jdeps: localized messages don't use proper line breaks
|
||||
- JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID
|
||||
- JDK-8202343: Disable TLS 1.0 and 1.1
|
||||
- JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers
|
||||
- JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes
|
||||
- JDK-8210413: AArch64: Optimize div/rem by constant in C1
|
||||
- JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction
|
||||
- JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar
|
||||
- JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output
|
||||
- JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak
|
||||
- JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module
|
||||
- JDK-8212043: Add floating-point Math.min/max intrinsics
|
||||
- JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out
|
||||
- JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows
|
||||
- JDK-8213909: jdeps --print-module-deps should report missing dependences
|
||||
- JDK-8214180: Need better granularity for sleeping
|
||||
- JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file
|
||||
- JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable
|
||||
- JDK-8214741: docs/index.html has no title or copyright
|
||||
- JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043
|
||||
- JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails
|
||||
- JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown
|
||||
- JDK-8218550: Add test omitted from JDK-8212043
|
||||
- JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
|
||||
- JDK-8221995: AARCH64: problems with CAS instructions encoding
|
||||
- JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread
|
||||
- JDK-8222785: aarch64: add necessary masking for immediate shift counts
|
||||
- JDK-8223186: HotSpot compile warnings from GCC 9
|
||||
- JDK-8225773: jdeps --check produces NPE if there are missing module dependences
|
||||
- JDK-8225805: Java Access Bridge does not close the logger
|
||||
- JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props
|
||||
- JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line
|
||||
- JDK-8229474: Shenandoah: Cleanup CM::update_roots()
|
||||
- JDK-8232225: Rework the fix for JDK-8071483
|
||||
- JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant
|
||||
- JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain
|
||||
- JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system
|
||||
- JDK-8233912: aarch64: minor improvements of atomic operations
|
||||
- JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
|
||||
- JDK-8234742: Improve handshake logging
|
||||
- JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure
|
||||
- JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate
|
||||
- JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag
|
||||
- JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test
|
||||
- JDK-8237392: Shenandoah: Remove unreliable assertion
|
||||
- JDK-8237483: AArch64 C1 OopMap inserted twice fatal error
|
||||
- JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
|
||||
- JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS)
|
||||
- JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
|
||||
- JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent."
|
||||
- JDK-8240751: Shenandoah: fold ShenandoahTracer definition
|
||||
- JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found"
|
||||
- JDK-8241598: Upgrade JLine to 3.14.0
|
||||
- JDK-8241649: Optimize Character.toString
|
||||
- JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module
|
||||
- JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I
|
||||
- JDK-8242030: Wrong package declarations in jline classes after JDK-8241598
|
||||
- JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
|
||||
- JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox
|
||||
- JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal
|
||||
- JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI
|
||||
- JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
|
||||
- JDK-8244340: Handshake processing thread lacks yielding
|
||||
- JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file
|
||||
- JDK-8244683: A TSA server used by tests
|
||||
- JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant
|
||||
- JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused
|
||||
- JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent
|
||||
- JDK-8245512: CRC32 optimization using AVX512 instructions
|
||||
- JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos
|
||||
- JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel
|
||||
- JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683
|
||||
- JDK-8247200: assert((unsigned)fpargs < 32)
|
||||
- JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn.
|
||||
- JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
|
||||
- JDK-8248865: Document JNDI/LDAP timeout properties
|
||||
- JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
|
||||
- JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent
|
||||
- JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
|
||||
- JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash
|
||||
- JDK-8249787: Make TestGCLocker more resilient with concurrent GCs
|
||||
- JDK-8249867: xml declaration is not followed by a newline
|
||||
- JDK-8250911: [windows] os::pd_map_memory() error detection broken
|
||||
- JDK-8251255: [linux] Add process-memory information to hs-err and VM.info
|
||||
- JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
|
||||
- JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance
|
||||
- JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java
|
||||
- JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X
|
||||
- JDK-8253220: Epsilon: clean up unused code/declarations
|
||||
- JDK-8253274: The CycleDMImagetest brokes the system
|
||||
- JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
|
||||
- JDK-8253368: TLS connection always receives close_notify exception
|
||||
- JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms
|
||||
- JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop()
|
||||
- JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
|
||||
- JDK-8253409: Double-rounding possibility in float fma
|
||||
- JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
|
||||
- JDK-8253524: C2: Refactor code that clones predicates during loop unswitching
|
||||
- JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected
|
||||
- JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
|
||||
- JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
|
||||
- JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
|
||||
- JDK-8254104: MethodCounters must exist before nmethod is installed
|
||||
- JDK-8254734: "dead loop detected" assert failure with patch from 8223051
|
||||
- JDK-8254748: Bad Copyright header format after JDK-8212218
|
||||
- JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs
|
||||
- JDK-8255058: C1: assert(is_virtual()) failed: type check
|
||||
- JDK-8255351: Add detection for Graviton 2 CPUs
|
||||
- JDK-8255387: Japanese characters were printed upside down on AIX
|
||||
- JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity
|
||||
- JDK-8255544: Create a checked cast
|
||||
- JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
|
||||
- JDK-8255681: print callstack in error case in runAWTLoopWithApp
|
||||
- JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
|
||||
- JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls
|
||||
- JDK-8255845: Memory leak in imageFile.cpp
|
||||
- JDK-8255880: UI of Swing components is not redrawn after their internal state changed
|
||||
- JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
|
||||
- JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls
|
||||
- JDK-8256056: Deoptimization stub doesn't save vector registers on x86
|
||||
- JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers
|
||||
- JDK-8256187: [TEST_BUG] Automate bug4275046.java test
|
||||
- JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg
|
||||
- JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe
|
||||
- JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows
|
||||
- JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32
|
||||
- JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails
|
||||
- JDK-8256387: Unexpected result if patching an entire instruction on AArch64
|
||||
- JDK-8256421: Add 2 HARICA roots to cacerts truststore
|
||||
- JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory
|
||||
- JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners
|
||||
- JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2
|
||||
- JDK-8256633: Fix product build on Windows+Arm64
|
||||
- JDK-8256682: JDK-8202343 is incomplete
|
||||
- JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file
|
||||
- JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32
|
||||
- JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
|
||||
- JDK-8256807: C2: Not marking stores correctly as mismatched in string opts
|
||||
- JDK-8256810: Incremental rebuild broken on Macosx
|
||||
- JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
|
||||
- JDK-8256888: Client manual test problem list update
|
||||
- JDK-8257083: Security infra test failures caused by JDK-8202343
|
||||
- JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11
|
||||
- JDK-8257423: [PPC64] Support -XX:-UseInlineCaches
|
||||
- JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on
|
||||
- JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset())
|
||||
- JDK-8257547: Handle multiple prereqs on the same line in deps files
|
||||
- JDK-8257561: Some code is not vectorized after 8251925 and 8250607
|
||||
- JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler
|
||||
- JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification
|
||||
- JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle
|
||||
- JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm
|
||||
- JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
|
||||
- JDK-8257707: Fix incorrect format string in Http1HeaderParser
|
||||
- JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
|
||||
- JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset()
|
||||
- JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
|
||||
- JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime.
|
||||
- JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
|
||||
- JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
|
||||
- JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234
|
||||
- JDK-8258247: Couple of issues in fix for JDK-8249906
|
||||
- JDK-8258373: Update the text handling in the JPasswordField
|
||||
- JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
|
||||
- JDK-8258419: RSA cipher buffer cleanup
|
||||
- JDK-8258471: "search codecache" clhsdb command does not work
|
||||
- JDK-8258534: Epsilon: clean up unused includes
|
||||
- JDK-8258805: Japanese characters not entered by mouse click on Windows 10
|
||||
- JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
|
||||
- JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo
|
||||
- JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test
|
||||
- JDK-8259007: This test printed a blank page
|
||||
- JDK-8259049: Uninitialized variable after JDK-8257513
|
||||
- JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false
|
||||
- JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
|
||||
- JDK-8259231: Epsilon: improve performance under contention during virtual space expansion
|
||||
- JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
|
||||
- JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days
|
||||
- JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
|
||||
- JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input
|
||||
- JDK-8259428: AlgorithmId.getEncodedParams() should return copy
|
||||
- JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty
|
||||
- JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags
|
||||
- JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
|
||||
- JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543
|
||||
- JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value
|
||||
- JDK-8259707: LDAP channel binding does not work with StartTLS extension
|
||||
- JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction
|
||||
- JDK-8259849: Shenandoah: Rename store-val to IU-barrier
|
||||
- JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
|
||||
- JDK-8260029: aarch64: fix typo in verify_oop_array
|
||||
- JDK-8260308: Update LogCompilation junit to 4.13.1
|
||||
- JDK-8260338: Some fields in HaltNode is not cloned
|
||||
- JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
|
||||
- JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
|
||||
- JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive
|
||||
- JDK-8260497: Shenandoah: Improve SATB flushing
|
||||
- JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
|
||||
- JDK-8260632: Build failures after JDK-8253353
|
||||
- JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
|
||||
- JDK-8261022: Fix incorrect result of Math.abs() with char type
|
||||
- JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x
|
||||
- JDK-8261183: Follow on to Make lists of normal filenames
|
||||
- JDK-8261209: isStandalone property: remove dependency on pretty-print
|
||||
- JDK-8261231: Windows IME was disabled after DnD operation
|
||||
- JDK-8261251: Shenandoah: Use object size for full GC humongous compaction
|
||||
- JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined
|
||||
- JDK-8261334: NMT: tuning statistic shows incorrect hash distribution
|
||||
- JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
|
||||
- JDK-8261522: [PPC64] AES intrinsics write beyond the destination array
|
||||
- JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined
|
||||
- JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap
|
||||
- JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702
|
||||
- JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u
|
||||
- JDK-8261912: Code IfNode::fold_compares_helper more defensively
|
||||
- JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales
|
||||
- JDK-8262018: Wrong format in SAP copyright header of OsVersionTest
|
||||
- JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator
|
||||
|
||||
Notes on individual issues:
|
||||
===========================
|
||||
|
||||
core-libs/javax.naming:
|
||||
|
||||
JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos
|
||||
===============================================================
|
||||
A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has
|
||||
been added to enable TLS Channel Binding data in LDAP authentication
|
||||
over SSL/TLS protocol to the Windows AD server. The only valid value
|
||||
at present is "tls-server-end-point", where channel binding data is
|
||||
created on the base of the TLS server certificate. See RFC-5929 [0]
|
||||
and the module description of the `java.naming` module for further
|
||||
details.
|
||||
|
||||
[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt
|
||||
|
||||
security-libs/java.security:
|
||||
|
||||
JDK-8260597: Added 2 HARICA Root CA Certificates
|
||||
================================================
|
||||
The following root certificates have been added to the cacerts truststore:
|
||||
|
||||
Alias Name: haricarootca2015
|
||||
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
|
||||
|
||||
Alias Name: haricaeccrootca2015
|
||||
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
|
||||
|
||||
security-libs/javax.net.ssl:
|
||||
|
||||
JDK-8256490: Disable TLS 1.0 and 1.1
|
||||
====================================
|
||||
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
|
||||
considered secure and have been superseded by more secure and modern
|
||||
versions (TLS 1.2 and 1.3).
|
||||
|
||||
These versions have now been disabled by default. If you encounter
|
||||
issues, you can, at your own risk, re-enable the versions by removing
|
||||
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
|
||||
security property in the `java.security` configuration file.
|
||||
|
||||
tools:
|
||||
|
||||
JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies
|
||||
======================================================================
|
||||
`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps`
|
||||
options have been enhanced as follows.
|
||||
|
||||
1. By default, they perform transitive module dependence analysis on
|
||||
libraries on the class path and module path, both directly and
|
||||
indirectly, as required by the given input JAR files or
|
||||
classes. Previously, they only reported the modules required by the
|
||||
given input JAR files or classes. The `--no-recursive` option can be
|
||||
used to request non-transitive dependence analysis.
|
||||
|
||||
2. By default, they flag any missing dependency, i.e. not found from
|
||||
class path and module path, as an error. The `--ignore-missing-deps`
|
||||
option can be used to suppress missing dependence errors. Note that a
|
||||
custom image is created with the list of modules output by jdeps when
|
||||
using the `--ignore-missing-deps` option for a non-modular
|
||||
application. Such an application, running on the custom image, might
|
||||
fail at runtime when missing dependence errors are suppressed.
|
||||
|
||||
xml/jaxp:
|
||||
|
||||
JDK-8249867 XML declaration is not followed by a newline
|
||||
========================================================
|
||||
|
||||
The DOM Load and Save `LSSerializer` does not have an explicit control
|
||||
for whether or not the XML Declaration ends with a newline. In this
|
||||
release, a JDK implementation specific property
|
||||
`http://www.oracle.com/xml/jaxp/properties/isStandalone` and
|
||||
corresponding System property `jdk.xml.isStandalone` are added to
|
||||
control the addition of a newline and act independently without
|
||||
having to set the pretty-print property. This property can be used to
|
||||
reverse the incompatible change introduced in Java SE 7 Update 4 with
|
||||
an update of Xalan 2.7.1 where a newline is omitted when pretty-print
|
||||
is required.
|
||||
|
||||
For details, please refer to the bug report and the java.xml module-summary.
|
||||
|
||||
Usage:
|
||||
|
||||
// to set the property, get an instance of LSSerializer and set it along with pretty-print
|
||||
LSSerializer ser = impl.createLSSerializer();
|
||||
ser.getDomConfig().setParameter("format-pretty-print", true);
|
||||
ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true);
|
||||
|
||||
// to use the System property, set it before initializing a LSSerializer
|
||||
System.setProperty("jdk.xml.isStandalone", “true”);
|
||||
|
||||
// to clear the property, place the line anywhere after the LSSerializer is initialized
|
||||
System.clearProperty("jdk.xml.isStandalone");
|
||||
|
||||
New in release OpenJDK 11.0.10 (2021-01-19):
|
||||
=============================================
|
||||
Live versions of these release notes can be found at:
|
||||
|
@ -1,12 +0,0 @@
|
||||
diff -r eba0f976c468 -r 1fceafb49be5 src/java.base/share/classes/module-info.java
|
||||
--- openjdk/src/java.base/share/classes/module-info.java Thu Jul 30 15:05:22 2020 +0200
|
||||
+++ openjdk/src/java.base/share/classes/module-info.java Thu Aug 13 15:17:59 2020 +0200
|
||||
@@ -132,6 +132,8 @@
|
||||
// additional qualified exports may be inserted at build time
|
||||
// see make/gensrc/GenModuleInfo.gmk
|
||||
|
||||
+ exports com.sun.crypto.provider to
|
||||
+ jdk.crypto.cryptoki;
|
||||
exports com.sun.security.ntlm to
|
||||
java.security.sasl;
|
||||
exports jdk.internal to
|
@ -1,21 +0,0 @@
|
||||
diff -r e10f558e1df5 openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java
|
||||
--- openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 16:12:32 2020 +0100
|
||||
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:17:50 2020 -0300
|
||||
@@ -628,7 +628,7 @@
|
||||
throw (ShortBufferException)
|
||||
(new ShortBufferException().initCause(e));
|
||||
}
|
||||
- reset(false);
|
||||
+ reset(true);
|
||||
throw new ProviderException("update() failed", e);
|
||||
}
|
||||
}
|
||||
@@ -746,7 +746,7 @@
|
||||
throw (ShortBufferException)
|
||||
(new ShortBufferException().initCause(e));
|
||||
}
|
||||
- reset(false);
|
||||
+ reset(true);
|
||||
throw new ProviderException("update() failed", e);
|
||||
}
|
||||
}
|
@ -1,60 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User Zdenek Zambersky <zzambers@redhat.com>
|
||||
# Date 1601403587 -7200
|
||||
# Tue Sep 29 20:19:47 2020 +0200
|
||||
# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
|
||||
# Parent d484fdfcc7d5c21812de8a0712236d077b0f2dde
|
||||
Fixed default policy for jdk.crypto.cryptoki
|
||||
|
||||
diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
|
||||
--- openjdk.orig/src/java.base/share/lib/security/default.policy Wed Sep 02 07:36:15 2020 +0200
|
||||
+++ openjdk/src/java.base/share/lib/security/default.policy Tue Sep 29 20:19:47 2020 +0200
|
||||
@@ -124,6 +124,8 @@
|
||||
grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
||||
permission java.lang.RuntimePermission
|
||||
"accessClassInPackage.sun.security.*";
|
||||
+ permission java.lang.RuntimePermission
|
||||
+ "accessClassInPackage.com.sun.crypto.provider";
|
||||
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
|
||||
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
|
||||
permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
|
||||
# HG changeset patch
|
||||
# User Zdenek Zambersky <zzambers@redhat.com>
|
||||
# Date 1601419086 -7200
|
||||
# Wed Sep 30 00:38:06 2020 +0200
|
||||
# Node ID 02c8b154f728be3dd06239a98519d654e2127186
|
||||
# Parent f77ac813eee61b2e9616b2d71a2c5372d0cbd158
|
||||
P11Util: Create provider in priviledged block
|
||||
|
||||
diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
|
||||
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Tue Sep 29 20:19:47 2020 +0200
|
||||
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Wed Sep 30 00:38:06 2020 +0200
|
||||
@@ -87,14 +87,20 @@
|
||||
}
|
||||
p = Security.getProvider(providerName);
|
||||
if (p == null) {
|
||||
- try {
|
||||
- @SuppressWarnings("deprecation")
|
||||
- Object o = Class.forName(className).newInstance();
|
||||
- p = (Provider)o;
|
||||
- } catch (Exception e) {
|
||||
- throw new ProviderException
|
||||
- ("Could not find provider " + providerName, e);
|
||||
- }
|
||||
+ p = AccessController.doPrivileged(
|
||||
+ new PrivilegedAction<Provider>() {
|
||||
+ public Provider run() {
|
||||
+ try {
|
||||
+ @SuppressWarnings("deprecation")
|
||||
+ Object o = Class.forName(className).newInstance();
|
||||
+ return (Provider) o;
|
||||
+ } catch (Exception e) {
|
||||
+ throw new ProviderException
|
||||
+ ("Could not find provider " + providerName, e);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ );
|
||||
}
|
||||
return p;
|
||||
}
|
@ -156,6 +156,8 @@
|
||||
%else
|
||||
%global include_fastdebug_build 0
|
||||
%endif
|
||||
%else
|
||||
%global include_fastdebug_build 0
|
||||
%endif
|
||||
|
||||
%if %{include_debug_build}
|
||||
@ -289,7 +291,7 @@
|
||||
# New Version-String scheme-style defines
|
||||
%global featurever 11
|
||||
%global interimver 0
|
||||
%global updatever 10
|
||||
%global updatever 11
|
||||
%global patchver 0
|
||||
# If you bump featurever, you must bump also vendor_version_string
|
||||
# Used via new version scheme. JDK 11 was
|
||||
@ -310,7 +312,7 @@
|
||||
|
||||
# Define vendor information used by OpenJDK
|
||||
%global oj_vendor Red Hat, Inc.
|
||||
%global oj_vendor_url "https://www.redhat.com/"
|
||||
%global oj_vendor_url https://www.redhat.com/
|
||||
# Define what url should JVM offer in case of a crash report
|
||||
# order may be important, epel may have rhel declared
|
||||
%if 0%{?epel}
|
||||
@ -329,7 +331,7 @@
|
||||
%endif
|
||||
|
||||
# Define IcedTea version used for SystemTap tapsets and desktop file
|
||||
%global icedteaver 6.0.0pre00-c848b93a8598
|
||||
%global icedteaver 3.15.0
|
||||
|
||||
# Standard JPackage naming and versioning defines
|
||||
%global origin openjdk
|
||||
@ -337,7 +339,7 @@
|
||||
%global top_level_dir_name %{origin}
|
||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||
%global buildver 9
|
||||
%global rpmrelease 8
|
||||
%global rpmrelease 0
|
||||
#%%global tagsuffix %%{nil}
|
||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||
%if %is_system_jdk
|
||||
@ -426,14 +428,6 @@
|
||||
|
||||
%global rpm_state_dir %{_localstatedir}/lib/rpm-state/
|
||||
|
||||
# For flatpack builds hard-code /usr/sbin/alternatives,
|
||||
# otherwise use %%{_sbindir} relative path.
|
||||
%if 0%{?flatpak}
|
||||
%global alternatives_requires /usr/sbin/alternatives
|
||||
%else
|
||||
%global alternatives_requires %{_sbindir}/alternatives
|
||||
%endif
|
||||
|
||||
%if %{with_systemtap}
|
||||
# Where to install systemtap tapset (links)
|
||||
# We would like these to be in a package specific sub-dir,
|
||||
@ -1005,8 +999,8 @@ Requires: ca-certificates
|
||||
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
|
||||
Requires: javapackages-filesystem
|
||||
# Require zone-info data provided by tzdata-java sub-package
|
||||
# 2020b required as of JDK-8254177 in October CPU
|
||||
Requires: tzdata-java >= 2020b
|
||||
# 2021a required as of JDK-8260356 in April 2021 CPU
|
||||
Requires: tzdata-java >= 2021a
|
||||
# for support of kernel stream control
|
||||
# libsctp.so.1 is being `dlopen`ed on demand
|
||||
Requires: lksctp-tools%{?_isa}
|
||||
@ -1020,11 +1014,11 @@ Requires: cups-libs
|
||||
# for FIPS PKCS11 provider
|
||||
Requires: nss
|
||||
# Post requires alternatives to install tool alternatives
|
||||
Requires(post): %{alternatives_requires}
|
||||
Requires(post): %{_sbindir}/alternatives
|
||||
# in version 1.7 and higher for --family switch
|
||||
Requires(post): chkconfig >= 1.7
|
||||
# Postun requires alternatives to uninstall tool alternatives
|
||||
Requires(postun): %{alternatives_requires}
|
||||
Requires(postun): %{_sbindir}/alternatives
|
||||
# in version 1.7 and higher for --family switch
|
||||
Requires(postun): chkconfig >= 1.7
|
||||
# for optional support of kernel stream control, card reader and printing bindings
|
||||
@ -1050,11 +1044,11 @@ Provides: java-headless%{?1} = %{epoch}:%{version}-%{release}
|
||||
Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
# Post requires alternatives to install tool alternatives
|
||||
Requires(post): %{alternatives_requires}
|
||||
Requires(post): %{_sbindir}/alternatives
|
||||
# in version 1.7 and higher for --family switch
|
||||
Requires(post): chkconfig >= 1.7
|
||||
# Postun requires alternatives to uninstall tool alternatives
|
||||
Requires(postun): %{alternatives_requires}
|
||||
Requires(postun): %{_sbindir}/alternatives
|
||||
# in version 1.7 and higher for --family switch
|
||||
Requires(postun): chkconfig >= 1.7
|
||||
|
||||
@ -1103,11 +1097,11 @@ Provides: java-demo%{?1} = %{epoch}:%{version}-%{release}
|
||||
%define java_javadoc_rpo() %{expand:
|
||||
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
# Post requires alternatives to install javadoc alternative
|
||||
Requires(post): %{alternatives_requires}
|
||||
Requires(post): %{_sbindir}/alternatives
|
||||
# in version 1.7 and higher for --family switch
|
||||
Requires(post): chkconfig >= 1.7
|
||||
# Postun requires alternatives to uninstall javadoc alternative
|
||||
Requires(postun): %{alternatives_requires}
|
||||
Requires(postun): %{_sbindir}/alternatives
|
||||
# in version 1.7 and higher for --family switch
|
||||
Requires(postun): chkconfig >= 1.7
|
||||
|
||||
@ -1173,7 +1167,7 @@ URL: http://openjdk.java.net/
|
||||
Source0: jdk-updates-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz
|
||||
|
||||
# Use 'icedtea_sync.sh' to update the following
|
||||
# They are based on code contained in the IcedTea project (6.x).
|
||||
# They are based on code contained in the IcedTea project (3.x).
|
||||
# Systemtap tapsets. Zipped up to keep it small.
|
||||
Source8: tapsets-icedtea-%{icedteaver}.tar.xz
|
||||
|
||||
@ -1213,7 +1207,7 @@ Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
|
||||
Patch2: rh1648644-java_access_bridge_privileged_security.patch
|
||||
# NSS via SunPKCS11 Provider (disabled due to memory leak).
|
||||
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
|
||||
# enable build of speculative store bypass hardened alt-java
|
||||
# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
|
||||
Patch600: rh1750419-redhat_alt_java.patch
|
||||
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
|
||||
Patch1003: rh1842572-rsa_default_for_keytool.patch
|
||||
@ -1225,10 +1219,6 @@ Patch1001: rh1655466-global_crypto_and_fips.patch
|
||||
Patch1002: rh1818909-fips_default_keystore_type.patch
|
||||
# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
|
||||
Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch
|
||||
# RH1868740: FIPS: IllegalAccessException by pkcs11 provider
|
||||
Patch1005: rh1868740-cryptoki_access_to_sunjce.patch
|
||||
# RH1883849: FIPS: IllegalAccessException by pkcs11 provider with security manager on
|
||||
Patch1006: rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch
|
||||
# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
|
||||
Patch1007: rh1915071-always_initialise_configurator_access.patch
|
||||
|
||||
@ -1254,8 +1244,6 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1
|
||||
Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
|
||||
# PR3695: Allow use of system crypto policy to be disabled by the user
|
||||
Patch7: pr3695-toggle_system_crypto_policy.patch
|
||||
# RH1868754: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer
|
||||
Patch11: rh1868754-pkcs11_cancel_on_failure.patch
|
||||
|
||||
#############################################
|
||||
#
|
||||
@ -1304,8 +1292,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
|
||||
%ifnarch %{jit_arches}
|
||||
BuildRequires: libffi-devel
|
||||
%endif
|
||||
# 2020b required as of JDK-8254177 in October CPU
|
||||
BuildRequires: tzdata-java >= 2020b
|
||||
# 2021a required as of JDK-8260356 in April 2021 CPU
|
||||
BuildRequires: tzdata-java >= 2021a
|
||||
# Earlier versions have a bug in tree vectorization on PPC
|
||||
BuildRequires: gcc >= 4.8.3-8
|
||||
|
||||
@ -1633,7 +1621,6 @@ pushd %{top_level_dir_name}
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch7 -p1
|
||||
%patch11 -p1
|
||||
popd # openjdk
|
||||
|
||||
%patch1000
|
||||
@ -1642,8 +1629,6 @@ popd # openjdk
|
||||
%patch1002
|
||||
%patch1003
|
||||
%patch1004
|
||||
%patch1005
|
||||
%patch1006
|
||||
%patch1007
|
||||
|
||||
# Extract systemtap tapsets
|
||||
@ -1661,12 +1646,11 @@ for suffix in %{build_loop} ; do
|
||||
for file in "tapset"$suffix/*.in; do
|
||||
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
|
||||
sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1
|
||||
sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2
|
||||
# TODO find out which architectures other than i686 have a client vm
|
||||
%ifarch %{ix86}
|
||||
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE
|
||||
sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.1 > $OUTPUT_FILE
|
||||
%else
|
||||
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE
|
||||
sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE
|
||||
%endif
|
||||
sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE
|
||||
sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE
|
||||
@ -1878,7 +1862,7 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
|
||||
|
||||
# Check correct vendor values have been set
|
||||
$JAVA_HOME/bin/javac -d . %{SOURCE16}
|
||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url}
|
||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}"
|
||||
|
||||
# Check java launcher has no SSB mitigation
|
||||
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
|
||||
@ -2350,57 +2334,65 @@ end
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-8
|
||||
* Thu Apr 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-0
|
||||
- Update to jdk-11.0.11.0+9
|
||||
- Update release notes to 11.0.11.0+9
|
||||
- Require tzdata 2020f to match upstream change JDK-8259048
|
||||
- Require tzdata 2021a to match upstream change JDK-8260356
|
||||
- Remove RH1868754 patch as this is now resolved upstream by JDK-8258833
|
||||
- Remove RH1868740 & RH1883849 patches as these are now resolved by JDK-8259319
|
||||
- This tarball is embargoed until 2021-04-20 @ 1pm PT.
|
||||
- Resolves: rhbz#1938201
|
||||
|
||||
* Thu Apr 15 2021 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:11.0.11.0.9-0
|
||||
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
|
||||
- Add proper quoting so '&' is not treated as a special character by the shell.
|
||||
- Fixed not-including fastdebug build in case of --without fastdebug
|
||||
- Resolves: rhbz#1938201
|
||||
|
||||
* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-5
|
||||
- Perform static library build on a separate source tree with bundled image libraries
|
||||
- Make static library build optional
|
||||
- Based on initial work by Severin Gehwolf
|
||||
- Resolves: rhbz#1930513
|
||||
|
||||
* Mon Feb 22 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-7
|
||||
- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps)
|
||||
- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository
|
||||
- Resolves: rhbz#1814915
|
||||
|
||||
* Mon Feb 22 2021 Stephan Bergmann <sbergman@redhat.com> - 1:11.0.10.0.9-6
|
||||
- Hardcode /usr/sbin/alternatives for Flatpak builds
|
||||
- Resolves: rhbz#1930370
|
||||
|
||||
* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-5
|
||||
* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-4
|
||||
- Fix accidental use of $ instead of % for variable reference.
|
||||
- Resolves: rhbz#1908972
|
||||
|
||||
* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-4
|
||||
* Mon Jan 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-3
|
||||
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs.
|
||||
- Resolves: rhbz#1915071
|
||||
|
||||
* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-3
|
||||
* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-2
|
||||
- Fix debug and fastdebug descriptions to emphasise the difference is optimisation or no optimisation.
|
||||
- Resolves: rhbz#1908972
|
||||
|
||||
* Sun Jan 17 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.10.0.9-3
|
||||
* Sun Jan 17 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.10.0.9-2
|
||||
- Removed lib-style provides for fastdebug_suffix_unquoted
|
||||
- Fixed missing condition for fastdebug packages being counted as debug ones
|
||||
- Fix typo in variable
|
||||
- Resolves: rhbz#1908972
|
||||
|
||||
* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-2
|
||||
* Sun Jan 17 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-1
|
||||
- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
|
||||
- Resolves: rhbz#1894083
|
||||
|
||||
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-1
|
||||
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-0
|
||||
- Update to jdk-11.0.10.0+9
|
||||
- Update release notes to 11.0.10.0+9
|
||||
- Switch to GA mode for final release.
|
||||
- This tarball is embargoed until 2021-01-19 @ 1pm PT.
|
||||
- Resolves: rhbz#1908972
|
||||
|
||||
* Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.1.ea
|
||||
* Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.0.ea
|
||||
- Update to jdk-11.0.10.0+8
|
||||
- Update release notes to 11.0.10.0+8.
|
||||
- Update tarball generation script to use PR3818 which handles JDK-8171279 changes
|
||||
- Drop JDK-8250861 as applied upstream.
|
||||
- Resolves: rhbz#1903908
|
||||
|
||||
* Tue Jan 12 2021 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.1.ea
|
||||
* Tue Jan 12 2021 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.0.ea
|
||||
- Update to jdk-11.0.10.0+1
|
||||
- Update release notes to 11.0.10.0+1
|
||||
- Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
|
||||
@ -2414,47 +2406,41 @@ end
|
||||
- Adjust RH1842572 patch due to context change from JDK-8213400
|
||||
- Resolves: rhbz#1903908
|
||||
|
||||
* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-9
|
||||
* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-6
|
||||
- Introduced ssbd_arches to denote architectures with SSBD mitigation (currently only x86_64)
|
||||
- Introduced nm-based check to verify alt-java on ssbd_arches is patched, and no other alt-java or java binaries are patched
|
||||
- RH1750419 patch amended to emit a warning on architectures where alt-java is the same as java
|
||||
- Resolves: rhbz#1784116
|
||||
|
||||
* Tue Dec 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-9
|
||||
* Tue Dec 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-6
|
||||
- Redefined linux -> __linux__ and __x86_64 -> __x86_64__ in RH1750419 patch
|
||||
- Resolves: rhbz#1784116
|
||||
|
||||
* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-8
|
||||
* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-5
|
||||
- Update release notes for 11.0.9.1 release.
|
||||
- Resolves: rhbz#1895274
|
||||
|
||||
* Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-7
|
||||
- removed patch6, rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch
|
||||
- added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch
|
||||
- no longer copying of java->alt-java as it is created by patch600
|
||||
* Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-4
|
||||
- Removed patch6: rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch
|
||||
- Added patch600: rh1750419-redhat_alt_java.patch, surpassing removed patch
|
||||
- No longer copy java->alt-java as it is created by patch600
|
||||
- Resolves: rhbz#1784116
|
||||
|
||||
* Wed Nov 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-6
|
||||
* Wed Nov 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-3
|
||||
- Fix typo of build_doc_archive/built_doc_archive
|
||||
- Resolves: rhbz#1895274
|
||||
|
||||
* Wed Nov 04 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-5
|
||||
* Wed Nov 04 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-3
|
||||
- Update to jdk-11.0.9.1+1
|
||||
- RPM version stays at 11.0.9.11 so as to not break upgrade path.
|
||||
- Adds a single patch for JDK-8250861.
|
||||
- Resolves: rhbz#1895274
|
||||
|
||||
* Thu Oct 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-4
|
||||
* Thu Oct 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-3
|
||||
- Move all license files to NVR-specific JVM directory.
|
||||
- This bad placement was killing parallel installability and thus having a bad impact on leapp, if used.
|
||||
- Resolves: rhbz#1889481
|
||||
|
||||
* Tue Oct 27 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-3
|
||||
- Bump release number to build on RHEL 8.4.0 branch.
|
||||
- Resolves: rhbz#1876665
|
||||
- Resolves: rhbz#1889497
|
||||
- Resolves: rhbz#1883849
|
||||
|
||||
* Wed Oct 21 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-2
|
||||
- Add backport of JDK-8236512 to correct use of killSession
|
||||
- Resolves: rhbz#1889497
|
||||
@ -2477,13 +2463,13 @@ end
|
||||
|
||||
* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.3.ea
|
||||
- Improve quoting of vendor name
|
||||
- Resolves: rhbz#1876665
|
||||
- Resolves: rhbz#1883849
|
||||
|
||||
* Wed Oct 14 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.10-0.3.ea
|
||||
- Set vendor property and vendor URLs
|
||||
- Made URLs to be preconfigured by OS
|
||||
- Moved vendor_version_string to a better place
|
||||
- Resolves: rhbz#1876665
|
||||
- Resolves: rhbz#1883849
|
||||
|
||||
* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.2.ea
|
||||
- Add patch to allow the PKCS11 provider access to the SunJCE provider with the security manager enabled
|
||||
|
Loading…
Reference in New Issue
Block a user