rpms
/
java-11-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to jdk-11.0.16+7 

Update release notes to 11.0.16+7
Switch to EA mode for 11.0.16 pre-release builds.
Use same tarball naming style as java-17-openjdk and java-latest-openjdk
Drop JDK-8257794 patch now upstreamed
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Use "git apply" with patches in the tarball script to allow binary diffs
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350
Make use of the vendor version string to store our version & release rather than an upstream release date
Explicitly require crypto-policies during build and runtime for system security properties
Add additional patch during tarball generation to align tests with ECC changes

Resolves: rhbz#2083325
This commit is contained in:
Andrew Hughes 2022-07-17 00:09:04 +01:00
parent 409bcec3d8
commit 524bc89b41
8 changed files with 525 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -104,3 +104,4 @@
/jdk-updates-jdk11u-jdk-11.0.15+8-4curve.tar.xz
/jdk-updates-jdk11u-jdk-11.0.15+9-4curve.tar.xz
/jdk-updates-jdk11u-jdk-11.0.15+10-4curve.tar.xz
/openjdk-jdk11u-jdk-11.0.16+7-4curve.tar.xz

18
CheckVendor.java
View File

@ -21,8 +21,8 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
public class CheckVendor {
public static void main(String[] args) {
if (args.length < 3) {
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL>");
if (args.length < 4) {
System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL> <VENDOR-VERSION-STRING>");
System.exit(1);
}
@ -32,6 +32,8 @@ public class CheckVendor {
String expectedVendorURL = args[1];
String vendorBugURL = System.getProperty("java.vendor.url.bug");
String expectedVendorBugURL = args[2];
String vendorVersionString = System.getProperty("java.vendor.version");
String expectedVendorVersionString = args[3];
if (!expectedVendor.equals(vendor)) {
System.err.printf("Invalid vendor %s, expected %s\n",
@ -46,12 +48,18 @@ public class CheckVendor {
}
if (!expectedVendorBugURL.equals(vendorBugURL)) {
System.err.printf("Invalid vendor bug URL%s, expected %s\n",
System.err.printf("Invalid vendor bug URL %s, expected %s\n",
vendorBugURL, expectedVendorBugURL);
System.exit(4);
}
System.err.printf("Vendor information verified as %s, %s, %s\n",
vendor, vendorURL, vendorBugURL);
if (!expectedVendorVersionString.equals(vendorVersionString)) {
System.err.printf("Invalid vendor version string %s, expected %s\n",
vendorVersionString, expectedVendorVersionString);
System.exit(5);
}
System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
vendor, vendorURL, vendorBugURL, vendorVersionString);
}
}

346
NEWS
View File

@ -3,6 +3,352 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 11.0.16 (2022-07-19):
=============================================
Live versions of these release notes can be found at:
* https://bitly.com/openjdk11016
* https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt
* Other changes
- JDK-6986863: ProfileDeferralMgr throwing ConcurrentModificationException
- JDK-7124293: [macosx] VoiceOver reads percentages rather than the actual values for sliders.
- JDK-7124301: [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements.
- JDK-8133713: [macosx] Accessible JTables always reported as empty
- JDK-8139046: Compiler Control: IGVPrintLevel directive should set PrintIdealGraph
- JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn
- JDK-8163498: Many long-running security libs tests
- JDK-8166727: javac crashed: [jimage.dll+0x1942] ImageStrings::find+0x28
- JDK-8169004: Fix redundant @requires tags in tests
- JDK-8181571: printing to CUPS fails on mac sandbox app
- JDK-8182404: remove jdk.testlibrary.JDKToolFinder and JDKToolLauncher
- JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests
- JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with java.net.ConnectException
- JDK-8193682: Infinite loop in ZipOutputStream.close()
- JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java fails with "expected 0 to equal 10"
- JDK-8202886: [macos] Test java/awt/MenuBar/8007006/bug8007006.java fails on MacOS
- JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java
- JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld test
- JDK-8206187: javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java fails with Port already in use
- JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java
- JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003 fails to start
- JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after co-location
- JDK-8208246: flags duplications in vmTestbase_vm_g1classunloading tests
- JDK-8208249: TriggerUnloadingByFillingMetaspace generates garbage class names
- JDK-8208697: vmTestbase/metaspace/stressHierarchy/stressHierarchy012/TestDescription.java fails with OutOfMemoryError: Metaspace
- JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a different test
- JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test
- JDK-8209883: ZGC: Compile without C1 broken
- JDK-8209920: runtime/logging/RedefineClasses.java fail with OOME with ZGC
- JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread and XRun
- JDK-8210039: move OSInfo to top level testlibrary
- JDK-8210108: sun/tools/jstatd test build failures after JDK-8210022
- JDK-8210112: remove jdk.testlibrary.ProcessTools
- JDK-8210649: AssertionError @ jdk.compiler/com.sun.tools.javac.comp.Modules.enter(Modules.java:244)
- JDK-8210732: remove jdk.testlibrary.Utils
- JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader after JDK-6788458
- JDK-8211822: Some tests fail after JDK-8210039
- JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound
- JDK-8212151: jdi/ExclusiveBind.java times out due to "bind failed: Address already in use" on Solaris-X64
- JDK-8213440: Lingering INCLUDE_ALL_GCS in test_oopStorage_parperf.cpp
- JDK-8214275: CondyRepeatFailedResolution asserts "Dynamic constant has no fixed basic type"
- JDK-8214799: Add package declaration to each JTREG test case in the gc folder
- JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges to enable MacOS tests on Mach5
- JDK-8216137: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
- JDK-8216265: [testbug] Introduce Platform.sharedLibraryPathVariableName() and adapt all tests.
- JDK-8216366: Add rationale to PER_CPU_SHARES define
- JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265
- JDK-8217233: Update build settings for AIX/xlc
- JDK-8217340: Compilation failed: tools/launcher/Test7029048.java
- JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP docker containers
- JDK-8218136: minor hotspot adjustments for xlclang++ from xlc16 on AIX
- JDK-8218751: Do not store original classfiles inside the CDS archive
- JDK-8218965: aix: support xlclang++ in the compiler detection
- JDK-8220658: Improve the readability of container information in the error log
- JDK-8220813: update hotspot tier1_gc tests depending on GC to use @requires vm.gc.X
- JDK-8222799: java.beans.Introspector uses an obsolete methods cache
- JDK-8222926: Shenandoah build fails with --with-jvm-features=-compiler1
- JDK-8223143: Restructure/clean-up for 'loopexit_or_null()'.
- JDK-8223363: Bad node estimate assertion failure
- JDK-8223389: Shenandoah optimizations fail with assert(!phase->exceeding_node_budget())
- JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp
- JDK-8223502: Node estimate for loop unswitching is not correct: assert(delta <= 2 * required) failed: Bad node estimate
- JDK-8224648: assert(!exceeding_node_budget()) failed: Too many NODES required! failure with ctw
- JDK-8225475: Node budget asserts on x86_32/64
- JDK-8227171: provide function names in native stack trace on aix with xlc16
- JDK-8227389: Remove unsupported xlc16 compile options on aix
- JDK-8229202: Docker reporting causes secondary crashes in error handling
- JDK-8229210: [TESTBUG] Move gc stress tests from JFR directory tree to gc/stress
- JDK-8229486: Replace wildcard address with loopback or local host in tests - part 21
- JDK-8229499: Node budget assert in fuzzed test
- JDK-8230305: Cgroups v2: Container awareness
- JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target
- JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy
- JDK-8231454: File lock in Windows on a loaded jar due to a leak in Introspector::getBeanInfo
- JDK-8231489: GC watermark_0_1 failed due to "metaspace.gc.Fault: GC has happened too rare"
- JDK-8231565: More node budget asserts in fuzzed tests
- JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS
- JDK-8234382: Test tools/javac/processing/model/testgetallmembers/Main.java using too small heap
- JDK-8234605: C2 failed "assert(C->live_nodes() - live_at_begin <= 2 * _nodes_required) failed: Bad node estimate: actual = 208 >> request = 101"
- JDK-8234608: [TESTBUG] Fix G1 redefineClasses tests and a memory leak
- JDK-8235220: ClhsdbScanOops.java fails with sun.jvm.hotspot.types.WrongTypeException
- JDK-8235385: Crash on aarch64 JDK due to long offset
- JDK-8237479: 8230305 causes slowdebug build failure
- JDK-8239559: Cgroups: Incorrect detection logic on some systems
- JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot
- JDK-8240132: ProblemList com/sun/jdi/InvokeHangTest.java
- JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111
- JDK-8240335: C2: assert(found_sfpt) failed: no node in loop that's not input to safepoint
- JDK-8240734: ModuleHashes attribute not reproducible between builds
- JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
- JDK-8241707: introduce randomness k/w to hotspot test suite
- JDK-8242310: use reproducible random in hotspot compiler tests
- JDK-8242311: use reproducible random in hotspot runtime tests
- JDK-8242312: use reproducible random in hotspot gc tests
- JDK-8242313: use reproducible random in hotspot svc tests
- JDK-8242538: java/security/SecureRandom/ThreadSafe.java failed on windows
- JDK-8243429: use reproducible random in :vmTestbase_nsk_stress
- JDK-8243666: ModuleHashes attribute generated for JMOD and JAR files depends on timestamps
- JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java
- JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a test
- JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible)
- JDK-8245938: Remove unused print_stack(void) method from XToolkit.c
- JDK-8246494: introduce vm.flagless at-requires property
- JDK-8246741: NetworkInterface/UniqueMacAddressesTest: mac address uniqueness test failed
- JDK-8247589: Implementation of Alpine Linux/x64 Port
- JDK-8247591: Document Alpine Linux build steps in OpenJDK build guide
- JDK-8247592: refactor test/jdk/tools/launcher/Test7029048.java
- JDK-8247614: java/nio/channels/DatagramChannel/Connect.java timed out
- JDK-8248876: LoadObject with bad base address created for exec file on linux
- JDK-8249592: Robot.mouseMove moves cursor to incorrect location when display scale varies and Java runs in DPI Unaware mode
- JDK-8252117: com/sun/jdi/BadHandshakeTest.java failed with "ConnectException: Connection refused: connect"
- JDK-8252248: __SIGRTMAX is not declared in musl libc
- JDK-8252250: isnanf is obsolete
- JDK-8252359: HotSpot Not Identifying it is Running in a Container
- JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
- JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist
- JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high
- JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly
- JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems
- JDK-8253872: ArgumentHandler must use the same delimiters as in jvmti_tools.cpp
- JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code
- JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection
- JDK-8254887: C2: assert(cl->trip_count() > 0) failed: peeling a fully unrolled loop
- JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes
- JDK-8255266: Update Public Suffix List to 3c213aa
- JDK-8255604: java/nio/channels/DatagramChannel/Connect.java fails with java.net.BindException: Cannot assign requested address: connect
- JDK-8255787: Tag container tests that use cGroups with cgroups keyword
- JDK-8256146: Cleanup test/jdk/java/nio/channels/DatagramChannel/Connect.java
- JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version
- JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
- JDK-8258795: Update IANA Language Subtag Registry to Version 2021-05-11
- JDK-8258956: Memory Leak in StringCoding on ThreadLocal resultCached StringCoding.Result
- JDK-8259517: Incorrect test path in test cases
- JDK-8260518: Change default -mmacosx-version-min to 10.12
- JDK-8261169: Upgrade HarfBuzz to the latest 2.8.0
- JDK-8262379: Add regression test for JDK-8257746
- JDK-8263364: sun/net/www/http/KeepAliveStream/KeepAliveStreamCloseWithWrongContentLength.java wedged in getInputStream
- JDK-8263718: unused-result warning happens at os_linux.cpp
- JDK-8263856: Github Actions for macos/aarch64 cross-build
- JDK-8264179: [TESTBUG] Some compiler tests fail when running without C2
- JDK-8265261: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
- JDK-8265297: javax/net/ssl/SSLSession/TestEnabledProtocols.java failed with "RuntimeException: java.net.SocketException: Connection reset"
- JDK-8265343: Update Debian-based cross-compilation recipes
- JDK-8266251: compiler.inlining.InlineAccessors shouldn't do testing in driver VM
- JDK-8266318: Switch to macos prefix for macOS bundles
- JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics
- JDK-8266545: 8261169 broke Harfbuzz build with gcc 7 and 8
- JDK-8268773: Improvements related to: Failed to start thread - pthread_create failed (EAGAIN)
- JDK-8269772: [macos-aarch64] test compilation failed with "SocketException: No buffer space available"
- JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support
- JDK-8270797: ShortECDSA.java test is not complete
- JDK-8271055: Crash during deoptimization with "assert(bb->is_reachable()) failed: getting result from unreachable basicblock" with -XX:+VerifyStack
- JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key
- JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories
- JDK-8272358: Some tests may fail when executed with other locales than the US
- JDK-8272493: Suboptimal code generation around Preconditions.checkIndex intrinsic with AVX2
- JDK-8272908: Missing coverage for certain classes in com.sun.org.apache.xml.internal.security
- JDK-8272964: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
- JDK-8273176: handle latest VS2019 in abstract_vm_version
- JDK-8273655: content-types.properties files are missing some common types
- JDK-8274171: java/nio/file/Files/probeContentType/Basic.java failed on "Content type" mismatches
- JDK-8274233: Minor cleanup for ToolBox
- JDK-8274735: javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image
- JDK-8274751: Drag And Drop hangs on Windows
- JDK-8275082: Update XML Security for Java to 2.3.0
- JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions
- JDK-8275337: C1: assert(false) failed: live_in set of first block must be empty
- JDK-8276657: XSLT compiler tries to define a class with empty name
- JDK-8276990: Memory leak in invoker.c fillInvokeRequest() during JDI operations
- JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive
- JDK-8277093: Vector should throw ClassNotFoundException for a missing class of an element
- JDK-8277396: [TESTBUG] In DefaultButtonModelCrashTest.java, frame is accessed from main thread
- JDK-8277422: tools/jar/JarEntryTime.java fails with modified time mismatch
- JDK-8277922: Unable to click JCheckBox in JTable through Java Access Bridge
- JDK-8278065: Refactor subclassAudits to use ClassValue
- JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils.parseIdFromSameDocumentURI throws StringIndexOutOfBoundsException when calling substring method
- JDK-8278346: java/nio/file/Files/probeContentType/Basic.java fails on Linux SLES15 machine
- JDK-8278472: Invalid value set to CANDIDATEFORM structure
- JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
- JDK-8278851: Correct signer logic for jars signed with multiple digestalgs
- JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10
- JDK-8279219: [REDO] C2 crash when allocating array of size too large
- JDK-8279356: Method linking fails with guarantee(mh->adapter() != NULL) failed: Adapter blob must already exist!
- JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT
- JDK-8279520: SPNEGO has not passed channel binding info into the underlying mechanism
- JDK-8279529: ProblemList java/nio/channels/DatagramChannel/ManySourcesAndTargets.java on macosx-aarch64
- JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
- JDK-8279668: x86: AVX2 versions of vpxor should be asserted
- JDK-8279837: C2: assert(is_Loop()) failed: invalid node class: Region
- JDK-8279842: HTTPS Channel Binding support for Java GSS/Kerberos
- JDK-8279958: Provide configure hints for Alpine/apk package managers
- JDK-8280041: Retry loop issues in java.io.ClassCache
- JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492
- JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest clang
- JDK-8280684: JfrRecorderService failes with guarantee(num_written > 0) when no space left on device.
- JDK-8280799: С2: assert(false) failed: cyclic dependency prevents range check elimination
- JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD CPUs
- JDK-8280964: [Linux aarch64] : drawImage dithers TYPE_BYTE_INDEXED images incorrectly
- JDK-8281274: deal with ActiveProcessorCount in os::Linux::print_container_info
- JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths
- JDK-8281615: Deadlock caused by jdwp agent
- JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after JDK-8280799
- JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder
- JDK-8282172: CompileBroker::log_metaspace_failure is called from non-Java/compiler threads
- JDK-8282225: GHA: Allow one concurrent run per PR only
- JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
- JDK-8282293: Domain value for system property jdk.https.negotiate.cbt should be case-insensitive
- JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic on x86
- JDK-8282382: Report glibc malloc tunables in error reports
- JDK-8282422: JTable.print() failed with UnsupportedCharsetException on AIX ko_KR locale
- JDK-8282501: Bump update version for OpenJDK: jdk-11.0.16
- JDK-8282583: Update BCEL md to include the copyright notice
- JDK-8282588: [11] set harfbuzz compilation flag to -std=c++11
- JDK-8282589: runtime/ErrorHandling/ErrorHandler.java fails on MacOS aarch64 in jdk 11
- JDK-8282887: Potential memory leak in sun.util.locale.provider.HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
- JDK-8283018: 11u GHA: Update GCC 9 minor versions
- JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in fontpath.c
- JDK-8283323: libharfbuzz optimization level results in extreme build times
- JDK-8283350: (tz) Update Timezone Data to 2022a
- JDK-8283408: Fix a C2 crash when filling arrays with unsafe
- JDK-8283420: [AOT] Exclude TrackedFlagTest/NotTrackedFlagTest in 11u because of intermittent java.lang.AssertionError: duplicate classes for name Ljava/lang/Boolean;
- JDK-8283424: compiler/loopopts/LoopUnswitchingBadNodeBudget.java fails with release VMs due to lack of -XX:+UnlockDiagnosticVMOptions
- JDK-8283451: C2: assert(_base == Long) failed: Not a Long
- JDK-8283469: Don't use memset to initialize members in FileMapInfo and fix memory leak
- JDK-8283497: [windows] print TMP and TEMP in hs_err and VM.info
- JDK-8283614: [11] Repair compiler versions handling after 8233787
- JDK-8283641: Large value for CompileThresholdScaling causes assert
- JDK-8283834: Unmappable character for US-ASCII encoding in TestPredicateInputBelowLoopPredicate
- JDK-8284033: Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
- JDK-8284094: Memory leak in invoker_completeInvokeRequest()
- JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124
- JDK-8284369: TestFailedAllocationBadGraph fails with -XX:TieredStopAtLevel < 4
- JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer
- JDK-8284458: CodeHeapState::aggregate() leaks blob_name
- JDK-8284507: GHA: Only check test results if testing was not skipped
- JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
- JDK-8284573: [11u] ProblemList TestBubbleUpRef.java and TestGCOldWithCMS.java because of 8272195
- JDK-8284604: [11u] Update Boot JDK used in GHA to 11.0.14.1
- JDK-8284620: CodeBuffer may leak _overflow_arena
- JDK-8284622: Update versions of some Github Actions used in JDK workflow
- JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem
- JDK-8284920: Incorrect Token type causes XPath expression to return empty result
- JDK-8285395: [JVMCI] [11u] Partial backport of JDK-8220623: InstalledCode
- JDK-8285397: JNI exception pending in CUPSfuncs.c:250
- JDK-8285445: cannot open file "NUL:"
- JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
- JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java
- JDK-8285591: [11] add signum checks in DSA.java engineVerify
- JDK-8285686: Update FreeType to 2.12.0
- JDK-8285720: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails to compile after backport of 8273655
- JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with version from head
- JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head
- JDK-8285828: runtime/execstack/TestCheckJDK.java fails with zipped debug symbols
- JDK-8286013: Incorrect test configurations for compiler/stable/TestStableShort.java
- JDK-8286198: [linux] Fix process-memory information
- JDK-8286293: Tests ShortResponseBody and ShortResponseBodyWithRetry should use less resources
- JDK-8286444: javac errors after JDK-8251329 are not helpful enough to find root cause
- JDK-8286594: (zipfs) Mention paths with dot elements in ZipException and cleanups
- JDK-8286630: [11] avoid -std=c++11 CXX harfbuzz buildflag on Windows
- JDK-8286855: javac error on invalid jar should only print filename
- JDK-8287109: Distrust.java failed with CertificateExpiredException
- JDK-8287119: Add Distrust.java to ProblemList
- JDK-8287362: FieldAccessWatch testcase failed on AIX platform
- JDK-8287378: GHA: Update cygwin to fix issues in langtools tests on Windows
- JDK-8287739: [11u] ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
Notes on individual issues:
===========================
core-libs/java.io:serialization:
JDK-8277157: Vector should throw ClassNotFoundException for a missing class of an element
=========================================================================================
`java.util.Vector` is updated to correctly report
`ClassNotFoundException that occurs during deserialization using
`java.io.ObjectInputStream.GetField.get(name, object)` when the class
of an element of the Vector is not found. Without this fix, a
`StreamCorruptedException` is thrown that does not provide information
about the missing class.
core-libs/java.net:
JDK-8285240: HTTPS Channel Binding support for Java GSS/Kerberos
================================================================
Support has been added for TLS channel binding tokens for
Negotiate/Kerberos authentication over HTTPS through
javax.net.HttpsURLConnection.
Channel binding tokens are increasingly required as an enhanced form
of security which can mitigate certain kinds of socially engineered,
man in the middle (MITM) attacks. They work by communicating from a
client to a server the client's understanding of the binding between
connection security (as represented by a TLS server cert) and higher
level authentication credentials (such as a username and
password). The server can then detect if the client has been fooled by
a MITM and shutdown the session/connection.
The feature is controlled through a new system property
`jdk.https.negotiate.cbt` which is described fully at the following
page:
https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt
core-libs/java.lang:
JDK-8283137: Incorrect handling of quoted arguments in ProcessBuilder
=====================================================================
ProcessBuilder on Windows is restored to address a regression caused
by JDK-8250568. Previously, an argument to ProcessBuilder that
started with a double-quote and ended with a backslash followed by a
double-quote was passed to a command incorrectly and may cause the
command to fail. For example the argument `"C:\\Program Files\"`,
would be seen by the command with extra double-quotes. This update
restores the long standing behavior that does not treat the backslash
before the final double-quote specially.
core-libs/java.util.jar:
JDK-8278386: Default JDK compressor will be closed when IOException is encountered
==================================================================================
`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods
have been modified to close out the associated default JDK compressor
before propagating a Throwable up the
stack. `ZIPOutputStream.closeEntry()` method has been modified to
close out the associated default JDK compressor before propagating an
IOException, not of type ZipException, up the stack.
core-libs/java.io:
JDK-8285660: New System Property to Disable Windows Alternate Data Stream Support in java.io.File
=================================================================================================
The Windows implementation of `java.io.File` allows access to NTFS
Alternate Data Streams (ADS) by default. Such streams have a structure
like “filename:streamname”. A system property `jdk.io.File.enableADS`
has been added to control this behavior. To disable ADS support in
`java.io.File`, the system property `jdk.io.File.enableADS` should be
set to `false` (case ignored). Stricter path checking however prevents
the use of special devices such as `NUL:`
New in release OpenJDK 11.0.15 (2022-04-19):
=============================================
Live versions of these release notes can be found at:

66
generate_source_tarball.sh
View File

@ -4,7 +4,7 @@
# Example:
# When used from local repo set REPO_ROOT pointing to file:// with your repo
# If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL
# If you want to use a local copy of patch PRTBC01, set the path to it in the PRTBC01 variable
# If you want to use a local copy of patch GH001, set the path to it in the GH001 variable
#
# In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg:
# PROJECT_NAME=openjdk
@ -26,9 +26,16 @@
# level folder, name is created, based on parameter
#
if [ ! "x$PRTBC01" = "x" ] ; then
if [ ! -f "$PRTBC01" ] ; then
echo "You have specified PRTBC01 as $PRTBC01 but it does not exist. Exiting"
if [ ! "x$GH001" = "x" ] ; then
if [ ! -f "$GH001" ] ; then
echo "You have specified GH001 as $GH001 but it does not exist. Exiting"
exit 1
fi
fi
if [ ! "x$GH003" = "x" ] ; then
if [ ! -f "$GH003" ] ; then
echo "You have specified GH003 as $GH003 but it does not exist. Exiting"
exit 1
fi
fi
@ -37,6 +44,8 @@ set -e
OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
# Corresponding IcedTea version
ICEDTEA_VERSION=6.0
if [ "x$1" = "xhelp" ] ; then
echo -e "Behaviour may be specified by setting the following variables:\n"
@ -48,7 +57,8 @@ if [ "x$1" = "xhelp" ] ; then
echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)"
echo "REPO_ROOT - the location of the Mercurial repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)"
echo "TO_COMPRESS - what part of clone to pack (default is openjdk)"
echo "PRTBC01 - the path to the PRTBC01 patch to apply (optional; downloaded if unavailable)"
echo "GH001 - the path to the ECC code patch, GH001, to apply (optional; downloaded if unavailable)"
echo "GH003 - the path to the ECC test patch, GH003, to apply (optional; downloaded if unavailable)"
exit 1;
fi
@ -108,7 +118,8 @@ echo -e "\tCOMPRESSION: ${COMPRESSION}"
echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
echo -e "\tREPO_ROOT: ${REPO_ROOT}"
echo -e "\tTO_COMPRESS: ${TO_COMPRESS}"
echo -e "\tPRTBC01: ${PRTBC01}"
echo -e "\tGH001: ${GH001}"
echo -e "\tGH003: ${GH003}"
if [ -d ${FILE_NAME_ROOT} ] ; then
echo "exists exists exists exists exists exists exists "
@ -141,22 +152,41 @@ pushd "${FILE_NAME_ROOT}"
rm -vf ${CRYPTO_PATH}/ecp_224.c
echo "Syncing EC list with NSS"
if [ "x$PRTBC01" = "x" ] ; then
# get prTBC01.patch (from http://icedtea.classpath.org/hg/icedtea11) from most correct tag
# Do not push it or publish it (see http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3751)
echo "PRTBC01 not found. Downloading..."
wget http://icedtea.classpath.org/hg/icedtea11/raw-file/tip/patches/prtbc01-4curve.patch
echo "Applying ${PWD}/prTBC01.patch"
patch -Np1 < prtbc01.patch
rm prtbc01.patch
if [ "x$GH001" = "x" ] ; then
# get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
# Do not push it or publish it
echo "GH001 not found. Downloading..."
wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh001-4curve.patch
echo "Applying ${PWD}/gh001-4curve.patch"
git apply --stat --apply -v -p1 gh001-4curve.patch
rm gh001-4curve.patch
else
echo "Applying ${PRTBC01}"
patch -Np1 < $PRTBC01
echo "Applying ${GH001}"
git apply --stat --apply -v -p1 $GH001
fi;
find . -name '*.orig' -exec rm -vf '{}' ';'
if [ "x$GH003" = "x" ] ; then
# get gh001-4curve.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
echo "GH003 not found. Downloading..."
wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/gh003-4curve.patch
echo "Applying ${PWD}/gh003-4curve.patch"
git apply --stat --apply -v -p1 gh003-4curve.patch
rm gh003-4curve.patch
else
echo "Applying ${GH003}"
git apply --stat --apply -v -p1 $GH003
fi;
find . -name '*.orig' -exec rm -vf '{}' ';' || echo "No .orig files found. This is suspicious, but may happen."
popd
fi
# Generate .src-rev so build has knowledge of the revision the tarball was created from
mkdir build
pushd build
sh ${PWD}/../openjdk/configure
make store-source-revision
popd
rm -rf build
echo "Compressing remaining forest"
if [ "X$COMPRESSION" = "Xxz" ] ; then
SWITCH=cJf
@ -168,5 +198,3 @@ pushd "${FILE_NAME_ROOT}"
mv ${TARBALL_NAME} ..
popd
echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."

60
java-11-openjdk.spec
View File

@ -319,12 +319,8 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
%global updatever 15
%global updatever 16
%global patchver 0
# If you bump featurever, you must bump also vendor_version_string
# Used via new version scheme. JDK 11 was
# GA'ed in September 2018 => 18.9
%global vendor_version_string 18.9
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
# and this it is better to change it here, on single place
@ -357,6 +353,7 @@
%endif
%endif
%endif
%global oj_vendor_version (Red_Hat-%{version}-%{release})
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
@ -368,8 +365,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 10
%global rpmrelease 4
%global buildver 7
%global rpmrelease 1
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@ -397,7 +394,7 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
%global is_ga 1
%global is_ga 0
%if %{is_ga}
%global ea_designator ""
%global ea_designator_zip ""
@ -1132,8 +1129,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
# 2021e required as of JDK-8275766 in January 2022 CPU
Requires: tzdata-java >= 2021e
# 2022a required as of JDK-8283350 in 11.0.16
Requires: tzdata-java >= 2022a
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@ -1146,6 +1143,8 @@ OrderWithRequires: copy-jdk-configs
%endif
# for printing support
Requires: cups-libs
# for system security properties
Requires: crypto-policies
# for FIPS PKCS11 provider
Requires: nss
# Post requires alternatives to install tool alternatives
@ -1291,7 +1290,7 @@ URL: http://openjdk.java.net/
# to regenerate source0 (jdk) run update_package.sh
# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
Source0: jdk-updates-jdk%{featurever}u-%{vcstag}-4curve.tar.xz
Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz
# Use 'icedtea_sync.sh' to update the following
# They are based on code contained in the IcedTea project (6.x).
@ -1395,8 +1394,6 @@ Patch8: jdk8275535-rh2053256-ldap_auth.patch
# need to be reviewed & pushed to the appropriate
# updates tree of OpenJDK.
#############################################
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch101: jdk8257794-remove_broken_assert.patch
#############################################
#
@ -1435,6 +1432,8 @@ BuildRequires: libXt-devel
BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel
# Requirement for system security property test
BuildRequires: crypto-policies
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@ -1445,8 +1444,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
# 2021e required as of JDK-8275766 in January 2022 CPU
BuildRequires: tzdata-java >= 2021e
# 2022a required as of JDK-8283350 in 11.0.16
BuildRequires: tzdata-java >= 2022a
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@ -1750,6 +1749,8 @@ The %{origin_nice} %{featurever} API documentation compressed in a single archiv
%prep
echo "Preparing %{oj_vendor_version}"
# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
%if 0%{?stapinstall:1}
echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
@ -1802,8 +1803,6 @@ pushd %{top_level_dir_name}
%patch1000 -p1
popd # openjdk
%patch101
%patch600
%patch1003
@ -1926,7 +1925,7 @@ function buildjdk() {
--with-version-build=%{buildver} \
--with-version-pre="%{ea_designator}" \
--with-version-opt=%{lts_designator} \
--with-vendor-version-string="%{vendor_version_string}" \
--with-vendor-version-string="%{oj_vendor_version}" \
--with-vendor-name="%{oj_vendor}" \
--with-vendor-url="%{oj_vendor_url}" \
--with-vendor-bug-url="%{oj_vendor_bug_url}" \
@ -2018,6 +2017,10 @@ function installjdk() {
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd
# Print release information
cat ${imagepath}/release
fi
}
@ -2129,7 +2132,7 @@ $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=tru
# Check correct vendor values have been set
$JAVA_HOME/bin/javac -d . %{SOURCE16}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}"
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}"
# Check java launcher has no SSB mitigation
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
@ -2589,6 +2592,25 @@ require "copy_jdk_configs.lua"
%endif
%changelog
* Sat Jul 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.16.0.7-0.1.ea
- Update to jdk-11.0.16+7
- Update release notes to 11.0.16+7
- Switch to EA mode for 11.0.16 pre-release builds.
- Use same tarball naming style as java-17-openjdk and java-latest-openjdk
- Drop JDK-8257794 patch now upstreamed
- Print release file during build, which should now include a correct SOURCE value from .src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Use "git apply" with patches in the tarball script to allow binary diffs
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
- Make use of the vendor version string to store our version & release rather than an upstream release date
- Explicitly require crypto-policies during build and runtime for system security properties
- Resolves: rhbz#2083325
* Thu Jul 14 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.16.0.7-0.1.ea
- Add additional patch during tarball generation to align tests with ECC changes
- Related: rhbz#2083325
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.15.0.10-4
- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage

12
jdk8257794-remove_broken_assert.patch
View File

@ -1,12 +0,0 @@
diff --git openjdk.orig/src/hotspot/share/interpreter/bytecodeInterpreter.cpp openjdk/src/hotspot/share/interpreter/bytecodeInterpreter.cpp
index d18d70b5f9..30ab380e40 100644
--- openjdk.orig/src/hotspot/share/interpreter/bytecodeInterpreter.cpp
+++ openjdk/src/hotspot/share/interpreter/bytecodeInterpreter.cpp
@@ -481,7 +481,6 @@ BytecodeInterpreter::run(interpreterState istate) {
#ifdef ASSERT
if (istate->_msg != initialize) {
assert(labs(istate->_stack_base - istate->_stack_limit) == (istate->_method->max_stack() + 1), "bad stack limit");
- IA32_ONLY(assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1, "wrong"));
}
// Verify linkages.
interpreterState l = istate;

76
openjdk_news.sh Executable file
View File

@ -0,0 +1,76 @@
#!/bin/bash
# Copyright (C) 2022 Red Hat, Inc.
# Written by Andrew John Hughes <gnu.andrew@redhat.com>, 2012-2022
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
OLD_RELEASE=$1
NEW_RELEASE=$2
SUBDIR=$3
REPO=$4
SCRIPT_DIR=$(dirname ${0})
if test "x${SUBDIR}" = "x"; then
echo "No subdirectory specified; using .";
SUBDIR=".";
fi
if test "x$REPO" = "x"; then
echo "No repository specified; using ${PWD}"
REPO=${PWD}
fi
if test x${TMPDIR} = x; then
TMPDIR=/tmp;
fi
echo "Repository: ${REPO}"
if [ -e ${REPO}/.git ] ; then
TYPE=git;
elif [ -e ${REPO}/.hg ] ; then
TYPE=hg;
else
echo "No Mercurial or Git repository detected.";
exit 1;
fi
if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
echo "ERROR: Need to specify old and new release";
exit 2;
fi
echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
do
if test "x$TYPE" = "xhg"; then
hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])# - JDK-\1#'| \
sed 's#^[o:| ]*summary:\W*# - #' >> ${TMPDIR}/fixes2;
hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})# - JDK-\1#' >> ${TMPDIR}/fixes3;
else
git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
sed -r 's#^([0-9])# - JDK-\1#' >> ${TMPDIR}/fixes2;
touch ${TMPDIR}/fixes3 ; # unused
fi
done
sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
echo "In ${TMPDIR}/fixes:"
cat ${TMPDIR}/fixes

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (jdk-updates-jdk11u-jdk-11.0.15+10-4curve.tar.xz) = c38e8273d2b6a038e409c4ac301c45b24efcf44086c7d674c13cb983b7a825e569de7e64404cbdfdbe475c65286d62a8fe7f29b478638a81c09058e6d61eba40
SHA512 (openjdk-jdk11u-jdk-11.0.16+7-4curve.tar.xz) = a7cb722c123da2e599f24a6c54b94c9934776cd2a5c3a7b303497e08a51f8e95a71ae9f0d9a0e32c263a5b385b7701c5a9d77229d98552366b5ec34179b7f0bc