import java-11-openjdk-11.0.14.0.9-2.el8_5

.gitignore

@@ -1,2 +1,2 @@
-SOURCES/jdk-updates-jdk11u-jdk-11.0.13+8-4curve.tar.xz
+SOURCES/jdk-updates-jdk11u-jdk-11.0.14+9-4curve.tar.xz
 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

.java-11-openjdk.metadata

@@ -1,2 +1,2 @@
-e36bde565834fe738fd222d419cfedc23ab80cee SOURCES/jdk-updates-jdk11u-jdk-11.0.13+8-4curve.tar.xz
+f8da9d387162a2354eb36d9bdb6d540e84321422 SOURCES/jdk-updates-jdk11u-jdk-11.0.14+9-4curve.tar.xz
 c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

SOURCES/NEWS

@@ -3,6 +3,509 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
+New in release OpenJDK 11.0.14 (2022-01-18):
+=============================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk11014
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.txt
+
+* New features
+  - JDK-8248238: Implementation: JEP 388: Windows AArch64 Support
+* Security fixes
+  - JDK-8217375: jarsigner breaks old signature with long lines in manifest
+  - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside
+  - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
+  - JDK-8268488: More valuable DerValues
+  - JDK-8268494: Better inlining of inlined interfaces
+  - JDK-8268512: More content for ContentInfo
+  - JDK-8268795: Enhance digests of Jar files
+  - JDK-8268801: Improve PKCS attribute handling
+  - JDK-8268813, CVE-2022-21283: Better String matching
+  - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
+  - JDK-8269944: Better HTTP transport redux
+  - JDK-8270386, CVE-2022-21291: Better verification of scan methods
+  - JDK-8270392, CVE-2022-21293: Improve String constructions
+  - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
+  - JDK-8270492, CVE-2022-21282: Better resolution of URIs
+  - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
+  - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
+  - JDK-8270952, CVE-2022-21277: Improve TIFF file handling
+  - JDK-8271962: Better TrueType font loading
+  - JDK-8271968: Better canonical naming
+  - JDK-8271987: Manifest improved manifest entries
+  - JDK-8272014, CVE-2022-21305: Better array indexing
+  - JDK-8272026, CVE-2022-21340: Verify Jar Verification
+  - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
+  - JDK-8272272: Enhance jcmd communication
+  - JDK-8272462: Enhance image handling
+  - JDK-8273290: Enhance sound handling
+  - JDK-8273756, CVE-2022-21360: Enhance BMP image support
+  - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
+  - JDK-8274096, CVE-2022-21366: Improve decoding of image files
+  - JDK-8279541: Improve HarfBuzz
+* Other changes
+  - JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.html fails
+  - JDK-7105119: [TEST_BUG] [macosx] In test UIDefaults.toString() must be called with the invokeLater()
+  - JDK-7151826: [TEST_BUG] [macosx] The test javax/swing/JPopupMenu/4966112/bug4966112.java not for mac
+  - JDK-7179006: [macosx] Print-to-file doesn't work: printing to the default printer instead
+  - JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/bug4726194.java fails on MacOSX
+  - JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003  Wrong number of thread end events
+  - JDK-8039261: [TEST_BUG]: There is not a minimal security level in Java Preferences and the TestApplet.html is blocked.
+  - JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/AltTabCrashTest.java fails with exception
+  - JDK-8075909: [TEST_BUG] The regression-swing case failed as it does not have the 'Open' button when select 'subdir' folder with NimbusLAF
+  - JDK-8078219: Verify lack of @test tag in files in java/net test directory
+  - JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails with "RuntimeException: Process terminated prematurely"
+  - JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java timed out intermittently
+  - JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails intermittently
+  - JDK-8131745: java/lang/management/ThreadMXBean/AllThreadIds.java still fails intermittently
+  - JDK-8136517: [macosx]Test  java/awt/Focus/8073453/AWTFocusTransitionTest.java fails on MacOSX
+  - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing
+  - JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/Test6541987.java fails
+  - JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/bug4760494.java leaves key pressed
+  - JDK-8159904: [TEST_BUG] Failure on solaris of java/awt/Window/MultiWindowApp/MultiWindowAppTest.java
+  - JDK-8163086: java/awt/Window/TranslucentJAppletTest/TranslucentJAppletTest.java fails
+  - JDK-8165828: [TEST_BUG] The reg case:javax/swing/plaf/metal/MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look and Feel
+  - JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not fired! on Windows
+  - JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException: Default button is not pressed
+  - JDK-8169959: javax/swing/JTable/6263446/bug6263446.java: Table should be editing
+  - JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/7156657/bug7156657.java fails on OS X
+  - JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails on Windows
+  - JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java fails intermittently
+  - JDK-8179880: Refactor javax/security shell tests to plain java tests
+  - JDK-8180568: Refactor javax/crypto shell tests to plain java tests
+  - JDK-8180569: Refactor sun/security/krb5/ shell tests to plain java tests
+  - JDK-8180571: Refactor sun/security/pkcs11 shell tests to plain java tests and fix failures
+  - JDK-8180573: Refactor sun/security/tools shell tests to plain java tests
+  - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
+  - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream
+  - JDK-8195703: BasicJDWPConnectionTest.java: 'App exited unexpectedly with 2'
+  - JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java fails
+  - JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java fails
+  - JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/NoEventsTest.java fails on Windows
+  - JDK-8197811: Test java/awt/Choice/PopupPosTest/PopupPosTest.java fails on Windows
+  - JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java fails on mac
+  - JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java fails on mac
+  - JDK-8198619: java/awt/Focus/FocusTraversalPolicy/ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java fails on mac
+  - JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java fails on mac
+  - JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/SubMenuShowTest/SubMenuShowTest.html fails on mac
+  - JDK-8199138: Add RISC-V support to Zero
+  - JDK-8199529: javax/swing/text/Utilities/8142966/SwingFontMetricsTest.java fails on windows
+  - JDK-8201224: Make string buffer size dynamic in mlvmJvmtiUtils.c
+  - JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/FollowReferences/followref003/TestDescription.java fails with "Location mismatch" errors
+  - JDK-8204161: [TESTBUG] auto failed with the "Applet thread threw exception: java.lang.UnsupportedOperationException" exception
+  - JDK-8206085: Refactor langtools/tools/javac/versions/Versions.java
+  - JDK-8207936: TestZipFile failed with java.lang.AssertionError exception
+  - JDK-8208242: Add @requires to vmTestbase/gc/g1 tests
+  - JDK-8209611: use C++ compiler for hotspot tests
+  - JDK-8210182: Remove macros for C compilation from vmTestBase but non jvmti
+  - JDK-8210198: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[A-F] tests
+  - JDK-8210205: build fails on AIX in hotspot cpp tests (for example getstacktr001.cpp)
+  - JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION on windows-x86
+  - JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java back to tier1
+  - JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[A-N] tests
+  - JDK-8210392: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
+  - JDK-8210395: Add doc to SecurityTools.java
+  - JDK-8210429: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[G-Z] tests
+  - JDK-8210481: Remove #ifdef cplusplus from vmTestbase
+  - JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[N-R] tests
+  - JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[R-U] tests
+  - JDK-8210689: Remove the multi-line old C style for string literals
+  - JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti/unit tests
+  - JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665
+  - JDK-8210920: Native C++ tests are not using CXXFLAGS
+  - JDK-8210984: [TESTBUG] hs203t003 fails with "# ERROR: hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti, thread)"
+  - JDK-8211036: Remove the NSK_STUB macros from vmTestbase for non jvmti
+  - JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[G-I]*
+  - JDK-8211148: var in implicit lambdas shouldn't be accepted for source < 11
+  - JDK-8211171: move JarUtils to top-level testlibrary
+  - JDK-8211227: Inconsistent TLS protocol version in debug output
+  - JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[A-G]*
+  - JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp
+  - JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[I-S]*
+  - JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[A-E]
+  - JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[E-M]
+  - JDK-8211905: Remove multiple casts for EM06 file
+  - JDK-8211999: Window positioning bugs due to overlapping GraphicsDevice bounds (Windows/HiDPI)
+  - JDK-8212082: Remove the NSK_CPP_STUB macros for remaining vmTestbase/jvmti/[sS]*
+  - JDK-8212083: Handle remaining gc/lock native code and fix two strings
+  - JDK-8212148: Remove remaining NSK_CPP_STUBs
+  - JDK-8213110: Remove the use of applets in automatic tests
+  - JDK-8213189: Make restricted headers in HTTP Client configurable and remove Date by default
+  - JDK-8213263: fix legal headers in test/langtools
+  - JDK-8213296: Fix legal headers in test/jdk/java/net
+  - JDK-8213301: Fix legal headers in jdk logging tests
+  - JDK-8213305: Fix legal headers in test/java/math
+  - JDK-8213306: Fix legal headers in test/java/nio
+  - JDK-8213328: Update test copyrights in test/java/util/zip and test/jdk/tools
+  - JDK-8213330: Fix legal headers in i18n tests
+  - JDK-8213707: [TEST] vmTestbase/nsk/stress/except/except011.java failed due to wrong class name
+  - JDK-8214469: [macos] PIT: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails
+  - JDK-8215410: Regression test for JDK-8214994
+  - JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher
+  - JDK-8215624: Add parallel heap iteration for jmap –histo
+  - JDK-8215889: assert(!_unloading) failed: This oop is not available to unloading class loader data with ZGC
+  - JDK-8216318: The usage of Disposer in the java.awt.Robot can be deleted
+  - JDK-8216417: cleanup of IPv6 scope-id handling
+  - JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java failed with UnsupportedOperation exception
+  - JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX
+  - JDK-8217633: Configurable extensions with system properties
+  - JDK-8217882: java/net/httpclient/MaxStreams.java failed once
+  - JDK-8217903: java/net/httpclient/Response204.java fails with 404
+  - JDK-8218483: Crash in "assert(_daemon_threads_count->get_value() > daemon_count) failed: thread count mismatch 5 : 5"
+  - JDK-8219986: Change to Xcode 10.1 for building on Macosx at Oracle
+  - JDK-8220575: Correctly format test URI's that contain a retrieved IPv6 address
+  - JDK-8221259: New tests for java.net.Socket to exercise long standing behavior
+  - JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails on MacOS + Solaris
+  - JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/FocusTraversal.java fails on ubuntu
+  - JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04
+  - JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed()) failed: Must invalidate if TypeFuncs differ
+  - JDK-8223137: Rename predicate 'do_unroll_only()' to 'is_unroll_only()'.
+  - JDK-8223138: Small clean-up in loop-tree support.
+  - JDK-8223139: Rename mandatory policy-do routines.
+  - JDK-8223140: Clean-up in 'ok_to_convert()'
+  - JDK-8223141: Change (count) suffix _ct into _cnt.
+  - JDK-8223400: Replace some enums with static const members in hotspot/runtime
+  - JDK-8223658: Performance regression of XML.validation in 13-b19
+  - JDK-8223923: C2: Missing interference with mismatched unsafe accesses
+  - JDK-8224829: AsyncSSLSocketClose.java has timing issue
+  - JDK-8225083: Remove Google certificate that is expiring in December 2021
+  - JDK-8226514: Replace wildcard address with loopback or local host in tests - part 17
+  - JDK-8226943: compile error in libfollowref003.cpp  with XCode 10.2 on macosx
+  - JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed due to "SSLException: An established connection was aborted by the software in your host machine"
+  - JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java fails on Windows7
+  - JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently positions text
+  - JDK-8230019: [REDO] compiler/types/correctness/* tests fail with "assert(recv == __null || recv->is_klass()) failed: wrong type"
+  - JDK-8230067: Add optional automatic retry when running jtreg tests
+  - JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests may fail on some platforms
+  - JDK-8231501: VM crash in MethodData::clean_extra_data(CleanExtraDataClosure*):  fatal error: unexpected tag 99
+  - JDK-8233403: Improve verbosity of some httpclient tests
+  - JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS
+  - JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on MacOS
+  - JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on MacOS
+  - JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS
+  - JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS
+  - JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on macos
+  - JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java  is failing on macos
+  - JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails on macos
+  - JDK-8233562: [TESTBUG] Swing StyledEditorKit test bug4506788.java fails on MacOS
+  - JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing
+  - JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on MacoS
+  - JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos
+  - JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java fails on macos
+  - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos
+  - JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails on macos
+  - JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java fails on macos
+  - JDK-8233637: [TESTBUG] Swing ActionListenerCalledTwiceTest.java fails on macos
+  - JDK-8233638: [TESTBUG] Swing test ScreenMenuBarInputTwice.java fails on macos
+  - JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails on macos
+  - JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java  fails on macos
+  - JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on macos
+  - JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is failing on macos
+  - JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is failing on macos
+  - JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture Recognition in all the platforms
+  - JDK-8234823: java/net/Socket/Timeouts.java testcase testTimedConnect2() fails on Windows 10
+  - JDK-8235784: java/lang/invoke/VarHandles/VarHandleTestByteArrayAsInt.java fails due to timeout with fastdebug bits
+  - JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -Xcomp -XX:TieredStopAtLevel=1
+  - JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60), cond_wait
+  - JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT, when using proxy tunnel
+  - JDK-8237354: Add option to jcmd to write a gzipped heap dump
+  - JDK-8237589: Fix copyright header formatting
+  - JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version
+  - JDK-8239334: Tab Size does not work correctly in JTextArea with setLineWrap on
+  - JDK-8239422: [TESTBUG] compiler/c1/TestPrintIRDuringConstruction.java failed when C1 is disabled
+  - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual
+  - JDK-8240256: Better resource cleaning for SunPKCS11 Provider
+  - JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test Server
+  - JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/bug8020708.java fails in mach5 ubuntu system
+  - JDK-8242793: Incorrect copyright header in ContinuousCallSiteTargetChange.java
+  - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails
+  - JDK-8244292: Headful clients failing with --illegal-access=deny
+  - JDK-8245147: Refactor and improve utility of test/langtools/tools/javac/versions/Versions.java
+  - JDK-8245165: Update bug id for javax/swing/text/StyledEditorKit/4506788/bug4506788.java in ProblemList
+  - JDK-8245665: Test WeakAlg.java should only make sure no warning for weak signature algorithms by keytool on root CA
+  - JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails after 8241072 (multi-homed systems)
+  - JDK-8246807: Incorrect copyright header in TimeZoneDatePermissionCheck.sh
+  - JDK-8247403: JShell: No custom input (e.g. from GUI) possible with JavaShellToolBuilder
+  - JDK-8247510: typo in IllegalHandshakeMessage
+  - JDK-8248187: [TESTBUG] javax/swing/plaf/basic/BasicGraphicsUtils/8132119/bug8132119.java fails with String is not properly drawn
+  - JDK-8248341: ProblemList java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java
+  - JDK-8248500: AArch64: Remove the r18 dependency on Windows AArch64
+  - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked
+  - JDK-8249195: Change to Xcode 11.3.1 for building on Macos at Oracle
+  - JDK-8250521: Configure initial RTO to use minimal retry for loopback connections on Windows
+  - JDK-8250810: Push missing parts of JDK-8248817
+  - JDK-8250839: Improve test template SSLEngineTemplate with SSLContextTemplate
+  - JDK-8250863: Build error with GCC 10 in NetworkInterface.c and k_standard.c
+  - JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/gf08t001/TestDriver.java fails
+  - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits
+  - JDK-8251377: [macos11] JTabbedPane selected tab text is barely legible
+  - JDK-8251570: JDK-8215624 causes assert(worker_id < _n_workers) failed: Invalid worker_id
+  - JDK-8251930: AArch64: Native types mismatch in hotspot
+  - JDK-8252049: Native memory leak in ciMethodData ctor
+  - JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x friendly
+  - JDK-8252114: Windows-AArch64: Enable and test ZGC and ShenandoahGC
+  - JDK-8253015: Aarch64: Move linux code out from generic CPU feature detection
+  - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens
+  - JDK-8253497: Core Libs Terminology Refresh
+  - JDK-8253682: The AppletInitialFocusTest1.java is unstable
+  - JDK-8253763: ParallelObjectIterator should have virtual destructor
+  - JDK-8253866: Security Libs Terminology Refresh
+  - JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in "try throwing in GET_BODY"
+  - JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java intermittently failing with TestServer: start exception: java.io.IOException: Invalid preface
+  - JDK-8255264: Support for identifying the full range of IPv4 localhost addresses on Windows
+  - JDK-8255716: AArch64: Regression: JVM crashes if manually offline a core
+  - JDK-8255722: Create a new test for rotated blit
+  - JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad
+  - JDK-8256066: Tests use deprecated TestNG API that is no longer available in new versions
+  - JDK-8256152: tests fail because of ambiguous method resolution
+  - JDK-8256182: Update qemu-debootstrap cross-compilation recipe
+  - JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/FullscreenWindowProps.java failed
+  - JDK-8256202: Some tweaks for jarsigner tests PosixPermissionsTest and SymLinkTest
+  - JDK-8256372: [macos] Unexpected symbol was displayed on JTextField with Monospaced font
+  - JDK-8256956: RegisterImpl::max_slots_per_register is incorrect on AMD64
+  - JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with InvalidPathException on windows
+  - JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3
+  - JDK-8259237: Demo selection changes with left/right arrow key. No need to press space for selection.
+  - JDK-8260571: Add PrintMetaspaceStatistics to print metaspace statistics upon VM exit
+  - JDK-8260690: JConsole User Guide Link from the Help menu is not accessible by keyboard
+  - JDK-8261036: Reduce classes loaded by CleanerFactory initialization
+  - JDK-8261071: AArch64: Refactor interpreter native wrappers
+  - JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch implementation
+  - JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled
+  - JDK-8261297: NMT: Final report should use scale 1
+  - JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java fails because Reserved memory size is too big
+  - JDK-8261916: gtest/GTestWrapper.java vmErrorTest.unimplemented1_vm_assert failed
+  - JDK-8262438: sun/security/ssl/SSLLogger/LoggingFormatConsistency.java failed with "SocketException: Socket is closed"
+  - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
+  - JDK-8262844: (fs) FileStore.supportsFileAttributeView might return false negative in case of ext3
+  - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert
+  - JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp
+  - JDK-8263303: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
+  - JDK-8263362: Avoid division by 0 in  java/awt/font/TextJustifier.java justify
+  - JDK-8263773: Reenable German localization for builds at Oracle
+  - JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java failed with "java.lang.RuntimeException: Wrong method"
+  - JDK-8264526: javax/swing/text/html/parser/Parser/8078268/bug8078268.java timeout
+  - JDK-8264824: java/net/Inet6Address/B6206527.java doesn't close ServerSocket properly
+  - JDK-8265019: Update tests for additional TestNG test permissions
+  - JDK-8265173: [test] divert spurious log output away from stream under test in ProcessBuilder Basic test
+  - JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0
+  - JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java
+  - JDK-8266579: Update test/jdk/java/lang/ProcessHandle/PermissionTest.java & test/jdk/java/sql/testng/util/TestPolicy.java
+  - JDK-8266949: Check possibility to disable OperationTimedOut on Unix
+  - JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg tests on many-core machines
+  - JDK-8267256: Extend minimal retry for loopback connections on Windows to PlainSocketImpl
+  - JDK-8267304: Bump global JTReg memory limit to 768m
+  - JDK-8267652: c2 loop unrolling by 8 results in reading memory past array
+  - JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected
+  - JDK-8268093: Manual Testcase: "sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE
+  - JDK-8268555: Update HttpClient tests that use ITestContext to jtreg 6+1
+  - JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can be in outer loop or out of both loops only
+  - JDK-8269034: AccessControlException for SunPKCS11 daemon threads
+  - JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to accessClassAndFindClass
+  - JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events
+  - JDK-8269656: The test test/langtools/tools/javac/versions/Versions.java has duplicate test cycles
+  - JDK-8269768: JFR Terminology Refresh
+  - JDK-8269951: [macos] Focus not painted in JButton when  setBorderPainted(false) is invoked
+  - JDK-8269984: [macos] JTabbedPane title looks like  disabled
+  - JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags
+  - JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to run in all LaFs, including Aqua on macOS
+  - JDK-8270216: [macOS] Update named used for Java run loop mode
+  - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java  OCSP response error
+  - JDK-8270290: NTLM authentication fails if HEAD request is used
+  - JDK-8270317: Large Allocation in CipherSuite
+  - JDK-8270344: Session resumption errors
+  - JDK-8270517: Add Zero support for LoongArch
+  - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
+  - JDK-8270886: Crash in PhaseIdealLoop::verify_strip_mined_scheduling
+  - JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with "lists don't have the same size expected"
+  - JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop
+  - JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java
+  - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity
+  - JDK-8271490: [ppc] [s390]: Crash in JavaThread::pd_get_top_frame_for_profiling
+  - JDK-8271560: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java still fails due to "An established connection was aborted by the software in your host machine"
+  - JDK-8271567: AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions
+  - JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1
+  - JDK-8272181: Windows-AArch64:Backport fix of `Backtracing broken on PAC enabled systems`
+  - JDK-8272316: Wrong Boot JDK help message in 11
+  - JDK-8272318: Improve performance of HeapDumpAllTest
+  - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
+  - JDK-8272570: C2: crash in PhaseCFG::global_code_motion
+  - JDK-8272574: C2: assert(false) failed: Bad graph detected in build_loop_late
+  - JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182
+  - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled
+  - JDK-8272720: Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit
+  - JDK-8272783: Epsilon: Refactor tests to improve performance
+  - JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed
+  - JDK-8272828: Add correct licenses to jszip.md
+  - JDK-8272836: Limit run time for java/lang/invoke/LFCaching tests
+  - JDK-8272850: Drop zapping values in the Zap* option descriptions
+  - JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14
+  - JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test groups
+  - JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java fails by timeout
+  - JDK-8273026: Slow LoginContext.login() on multi threading application
+  - JDK-8273229: Update OS detection code to recognize Windows Server 2022
+  - JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on Windows 32bit
+  - JDK-8273308: PatternMatchTest.java fails on CI
+  - JDK-8273314: Add tier4 test groups
+  - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
+  - JDK-8273358: macOS Monterey does not have the font Times needed by Serif
+  - JDK-8273373: Zero: Cannot invoke JVM in primordial threads on Zero
+  - JDK-8273498: compiler/c2/Test7179138_1.java timed out
+  - JDK-8273541: Cleaner Thread creates with normal priority instead of MAX_PRIORITY - 2
+  - JDK-8273547: [11u] [JVMCI] Partial module-info.java backport of JDK-8223332
+  - JDK-8273606: Zero: SPARC64 build fails with si_band type mismatch
+  - JDK-8273646: Add openssl from path variable also in to Default System Openssl Path in OpensslArtifactFetcher
+  - JDK-8273671: Backport of 8260616 misses one JNF header inclusion removal
+  - JDK-8273790: Potential cyclic dependencies between Gregorian and CalendarSystem
+  - JDK-8273795: Zero SPARC64 debug builds fail due to missing interpreter fields
+  - JDK-8273826: Correct Manifest file name and NPE checks
+  - JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral
+  - JDK-8273924: ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add()
+  - JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file path contains '+' character
+  - JDK-8273968: JCK javax_xml tests fail in CI
+  - JDK-8274056: JavaAccessibilityUtilities leaks JNI objects
+  - JDK-8274083: Update testing docs to mention tiered testing
+  - JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork is deprecated
+  - JDK-8274326: [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m
+  - JDK-8274329: Fix non-portable HotSpot code in MethodMatcher::parse_method_pattern
+  - JDK-8274381: missing CAccessibility definitions in JNI code
+  - JDK-8274407: (tz) Update Timezone Data to 2021c
+  - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
+  - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
+  - JDK-8274522: java/lang/management/ManagementFactory/MXBeanException.java test fails with Shenandoah
+  - JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with NoSuchElementException after JDK-8271287
+  - JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently fails on weak memory model platform
+  - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
+  - JDK-8274840: Update OS detection code to recognize Windows 11
+  - JDK-8274860: gcc 10.2.1 produces an uninitialized warning in sharedRuntimeTrig.cpp
+  - JDK-8275051: Shenandoah: Correct ordering of requested gc cause and gc request flag
+  - JDK-8275131: Exceptions after a touchpad gesture on macOS
+  - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc
+  - JDK-8275766: (tz) Update Timezone Data to 2021e
+  - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
+  - JDK-8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance
+  - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test
+  - JDK-8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32
+  - JDK-8276201: Shenandoah: Race results degenerated GC to enter wrong entry point
+  - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
+  - JDK-8276550: Use SHA256 hash in build.tools.depend.Depend
+  - JDK-8276774: Cookie stored in CookieHandler not sent if user headers contain cookie
+  - JDK-8276854: Windows GHA builds fail due to broken Cygwin
+  - JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify output array sizes
+  - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE
+  - JDK-8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint
+  - JDK-8277815: Fix mistakes in legal header backports
+
+Notes on individual issues:
+===========================
+
+core-svc/tools:
+
+JDK-8250554: New Option Added to jcmd for Writing a gzipped Heap Dump
+=====================================================================
+A new integer option `gz` has been added to the `GC.heap_dump`
+diagnostic command. If it is specified, it will enable the gzip
+compression of the written heap dump. The supplied value is the
+compression level. It can range from 1 (fastest) to 9 (slowest, but
+best compression). The recommended level is 1.
+
+security-libs/javax.net.ssl:
+
+JDK-8260310: Configurable Extensions With System Properties
+===========================================================
+Two new system properties have been added. The system property,
+`jdk.tls.client.disableExtensions`, is used to disable TLS extensions
+used in the client. The system property,
+`jdk.tls.server.disableExtensions`, is used to disable TLS extensions
+used in the server. If an extension is disabled, it will be neither
+produced nor processed in the handshake messages.
+
+The property string is a list of comma separated standard TLS
+extension names, as registered in the IANA documentation (for example,
+server_name, status_request, and signature_algorithms_cert). Note that
+the extension names are case sensitive. Unknown, unsupported,
+misspelled and duplicated TLS extension name tokens will be ignored.
+
+Please note that the impact of blocking TLS extensions is
+complicated. For example, a TLS connection may not be able to be
+established if a mandatory extension is disabled. Please do not
+disable mandatory extensions, and do not use this feature unless you
+clearly understand the impact.
+
+security-libs/javax.crypto:pkcs11:
+
+JDK-8272907: New SunPKCS11 Configuration Properties
+===================================================
+The SunPKCS11 provider gains new provider configuration attributes to
+better control native resources usage. The SunPKCS11 provider consumes
+native resources in order to work with native PKCS11 libraries. To
+manage and better control the native resources, additional
+configuration attributes are added to control the frequency of
+clearing native references as well as whether to destroy the
+underlying PKCS11 Token after logout.
+
+The 3 new attributes for the SunPKCS11 provider configuration file
+are:
+
+1) `destroyTokenAfterLogout` (boolean, defaults to false)
+
+If set to true, when `java.security.AuthProvider.logout()` is called
+upon the SunPKCS11 provider instance, the underlying Token object will
+be destroyed and resources will be freed. This essentially renders the
+SunPKCS11 provider instance unusable after `logout()` calls. Note that
+a PKCS11 provider with this attribute set to `true` should not be
+added to the system provider list since the provider object is not
+usable after a `logout()` method call.
+
+2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds)
+
+This defines the frequency for clearing native references during busy
+periods (such as, how often should the cleaner thread processes the
+no-longer-needed native references in the queue to free up native
+memory). Note that the cleaner thread will switch to the
+'longInterval' frequency after 200 failed tries (such as, when no
+references are found in the queue).
+
+3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds)
+
+This defines the frequency for checking native reference during
+non-busy period (such as, how often should the cleaner thread check
+the queue for native references). Note that the cleaner thread will
+switch back to the 'shortInterval' value if native PKCS11 references
+for cleaning are detected.
+
+core-libs/java.nio:
+
+JDK-8271517: Zip File System Provider Throws ZipException when entry name element contains "." or "."
+=====================================================================================================
+The ZIP file system provider has been changed to reject existing ZIP
+files that contain entries with "." or ".." in name elements. ZIP
+files with these entries can not be used as a file system. Invoking
+the `java.nio.file.FileSystems.newFileSystem(...)` methods will throw
+`ZipException` if the ZIP file contains these entries.
+
+security-libs/java.security:
+
+JDK-8272535: Removed Google's GlobalSign Root Certificate
+=========================================================
+The following root certificate from Google has been removed from the
+`cacerts` keystore:
+
+Alias Name: globalsignr2ca [jdk]
+Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
+
+core-libs/java.time:
+
+JDK-8274857:  Update Timezone Data to 2021c
+===========================================
+IANA Time Zone Database, on which JDK's Date/Time libraries are based,
+has been updated to version 2021c
+(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
+that with this update, some of the time zone rules prior to the year
+1970 have been modified according to the changes which were introduced
+with 2021b. For more detail, refer to the announcement of 2021b
+(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
+
 New in release OpenJDK 11.0.13 (2021-10-19):
 =============================================
 Live versions of these release notes can be found at:

SOURCES/rh1996182-extend_security_policy.patch

@@ -1,18 +0,0 @@
-commit 598fe421216b0a437fa36ee91a29966599867aa3
-Author: Andrew Hughes <gnu.andrew@redhat.com>
-Date:   Mon Aug 30 16:12:52 2021 +0100
-
-    RH1996182: Extend default security policy to allow SunPKCS11 access to jdk.internal.misc
-
-diff --git openjdk.orig/src/java.base/share/lib/security/default.policy openjdk/src/java.base/share/lib/security/default.policy
-index ab59a334cd..5db744ff17 100644
---- openjdk.orig/src/java.base/share/lib/security/default.policy
-+++ openjdk/src/java.base/share/lib/security/default.policy
-@@ -124,6 +124,7 @@ grant codeBase "jrt:/jdk.crypto.ec" {
- grant codeBase "jrt:/jdk.crypto.cryptoki" {
-     permission java.lang.RuntimePermission
-                    "accessClassInPackage.com.sun.crypto.provider";
-+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
-     permission java.lang.RuntimePermission
-                    "accessClassInPackage.sun.security.*";
-     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";

SOURCES/rh1996182-login_to_nss_software_token.patch

@@ -5,7 +5,7 @@ Date:   Fri Aug 27 19:42:07 2021 +0100
     RH1996182: Login to the NSS Software Token in FIPS Mode
 
 diff --git openjdk.orig/src/java.base/share/classes/module-info.java openjdk/src/java.base/share/classes/module-info.java
-index 0cf61732d7..2cd851587c 100644
+index 5460efcf8c..f08dc2fafc 100644
 --- openjdk.orig/src/java.base/share/classes/module-info.java
 +++ openjdk/src/java.base/share/classes/module-info.java
 @@ -182,6 +182,7 @@ module java.base {
@@ -17,19 +17,19 @@ index 0cf61732d7..2cd851587c 100644
          jdk.attach,
          jdk.charsets,
 diff --git openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-index b00b738b85..1eca1f8f0a 100644
+index 5e227f4531..164de8ff08 100644
 --- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
 +++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
-@@ -42,6 +42,8 @@ import javax.security.auth.callback.ConfirmationCallback;
+@@ -41,6 +41,8 @@ import javax.security.auth.callback.CallbackHandler;
  import javax.security.auth.callback.PasswordCallback;
- import javax.security.auth.callback.TextOutputCallback;
  
+ import jdk.internal.misc.InnocuousThread;
 +import jdk.internal.misc.SharedSecrets;
 +
  import sun.security.util.Debug;
  import sun.security.util.ResourcesMgr;
  import static sun.security.util.SecurityConstants.PROVIDER_VER;
-@@ -59,6 +61,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+@@ -58,6 +60,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
   */
  public final class SunPKCS11 extends AuthProvider {
  
@@ -39,7 +39,7 @@ index b00b738b85..1eca1f8f0a 100644
      private static final long serialVersionUID = -1354835039035306505L;
  
      static final Debug debug = Debug.getInstance("sunpkcs11");
-@@ -373,6 +378,24 @@ public final class SunPKCS11 extends AuthProvider {
+@@ -374,6 +379,24 @@ public final class SunPKCS11 extends AuthProvider {
              if (nssModule != null) {
                  nssModule.setProvider(this);
              }

SOURCES/rh2021263-fips_ensure_security_initialised.patch

@@ -0,0 +1,28 @@
+commit 8a8452b9ae862755210a9a2f4e34b1aa3ec7343d
+Author: Andrew Hughes <gnu.andrew@redhat.com>
+Date:   Tue Jan 18 02:00:55 2022 +0000
+
+    RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
+
+diff --git openjdk.orig/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java openjdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+index 2ec51d57806..8489b940c43 100644
+--- openjdk.orig/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
++++ openjdk/src/java.base/share/classes/jdk/internal/misc/SharedSecrets.java
+@@ -36,6 +36,7 @@ import java.io.FilePermission;
+ import java.io.ObjectInputStream;
+ import java.io.RandomAccessFile;
+ import java.security.ProtectionDomain;
++import java.security.Security;
+ import java.security.Signature;
+ 
+ /** A repository of "shared secrets", which are a mechanism for
+@@ -368,6 +369,9 @@ public class SharedSecrets {
+     }
+ 
+     public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
++        if (javaSecuritySystemConfiguratorAccess == null) {
++            unsafe.ensureClassInitialized(Security.class);
++        }
+         return javaSecuritySystemConfiguratorAccess;
+     }
+ }

SOURCES/rh2021263-fips_missing_native_returns.patch

@@ -0,0 +1,24 @@
+commit 1b5bd349bdfa7b9627ea58d819bc250a55112de2
+Author: Fridrich Strba <fstrba@suse.com>
+Date:   Mon Jan 17 19:44:03 2022 +0000
+
+    RH2021263: Return in C code after having generated Java exception
+
+diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+index 6f4656bfcb6..34d0ff0ce91 100644
+--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
++++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
+@@ -131,11 +131,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
+     dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
+     if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
+         throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
++        return JNI_FALSE;
+     }
+     fips_enabled = fgetc(fe);
+     fclose(fe);
+     if (fips_enabled == EOF) {
+         throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
++        return JNI_FALSE;
+     }
+     msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
+             " read character is '%c'", fips_enabled);

SPECS/java-11-openjdk.spec

@@ -185,9 +185,9 @@
 %endif
 
 %ifarch %{bootstrap_arches}
-%global bootstrap_build 1
+%global bootstrap_build true
 %else
-%global bootstrap_build 1
+%global bootstrap_build false
 %endif
 
 %if %{include_staticlibs}
@@ -297,7 +297,7 @@
 # New Version-String scheme-style defines
 %global featurever 11
 %global interimver 0
-%global updatever 13
+%global updatever 14
 %global patchver 0
 # If you bump featurever, you must bump also vendor_version_string
 # Used via new version scheme. JDK 11 was
@@ -344,8 +344,8 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver        8
-%global rpmrelease      4
+%global buildver        9
+%global rpmrelease      2
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@@ -394,8 +394,8 @@
 %global jdkimage                jdk
 %global static_libs_image       static-libs
 # output dir stub
-%define buildoutputdir() %{expand:build/jdk11.build%{?1}}
-%define installoutputdir() %{expand:install/jdk11.install%{?1}}
+%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
+%define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}}
 # we can copy the javadoc to not arched dir, or make it not noarch
 %define uniquejavadocdir()    %{expand:%{fullversion}.%{_arch}%{?1}}
 # main id and dir of this jdk
@@ -410,7 +410,7 @@
 %if %is_system_jdk
 %global __provides_exclude ^(%{_privatelibs})$
 %global __requires_exclude ^(%{_privatelibs})$
-# Never generate lib-style provides/requires for slowdebug packages
+# Never generate lib-style provides/requires for any debug packages
 %global __provides_exclude_from ^.*/%{uniquesuffix -- %{debug_suffix_unquoted}}/.*$
 %global __requires_exclude_from ^.*/%{uniquesuffix -- %{debug_suffix_unquoted}}/.*$
 %global __provides_exclude_from ^.*/%{uniquesuffix -- %{fastdebug_suffix_unquoted}}/.*$
@@ -795,7 +795,7 @@ exit 0
 %dir %{etcjavadir -- %{?1}}/conf/security/policy/limited
 %dir %{etcjavadir -- %{?1}}/conf/security/policy/unlimited
 %config(noreplace) %{etcjavadir -- %{?1}}/lib/security/default.policy
-%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/blacklisted.certs
+%config(noreplace) %{etcjavadir -- %{?1}}/lib/security/blocked.certs
 %config(noreplace) %{etcjavadir -- %{?1}}/lib/security/public_suffix_list.dat
 %config(noreplace) %{etcjavadir -- %{?1}}/conf/security/policy/limited/exempt_local.policy
 %config(noreplace) %{etcjavadir -- %{?1}}/conf/security/policy/limited/default_local.policy
@@ -1236,9 +1236,11 @@ Patch1007: rh1915071-always_initialise_configurator_access.patch
 Patch1008: rh1929465-improve_system_FIPS_detection.patch
 # RH1996182: Login to the NSS software token in FIPS mode
 Patch1009: rh1996182-login_to_nss_software_token.patch
-Patch1010: rh1996182-extend_security_policy.patch
 # RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
 Patch1011: rh1991003-enable_fips_keys_import.patch
+# RH2021263: Resolve outstanding FIPS issues
+Patch1014: rh2021263-fips_ensure_security_initialised.patch
+Patch1015: rh2021263-fips_missing_native_returns.patch
 
 #############################################
 #
@@ -1673,8 +1675,9 @@ popd # openjdk
 %patch1007
 %patch1008
 %patch1009
-%patch1010
 %patch1011
+%patch1014
+%patch1015
 
 # Extract systemtap tapsets
 %if %{with_systemtap}
@@ -1902,18 +1905,22 @@ for suffix in %{build_loop} ; do
       # Use system libraries
       link_opt="system"
       # Debug builds don't need same targets as release for
-      # build speed-up
-      maketargets="%{release_targets}"
+      # build speed-up. We also avoid bootstrapping these
+      # slower builds.
       if echo $debugbuild | grep -q "debug" ; then
         maketargets="%{debug_targets}"
+        run_bootstrap=false
+      else
+        maketargets="%{release_targets}"
+        run_bootstrap=%{bootstrap_build}
       fi
-%if %{bootstrap_build}
+      if ${run_bootstrap} ; then
          buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
          buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
          %{!?with_artifacts:rm -rf ${bootinstalldir}}
-%else
+      else
         buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
-%endif
+      fi
       # Restore original source tree we modified by removing full in-tree sources
       rm -rf %{top_level_dir_name}
       mv %{top_level_dir_name_backup} %{top_level_dir_name}
@@ -2450,6 +2457,31 @@ end
 %endif
 
 %changelog
+* Tue Jan 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-2
+- Fix FIPS issues in native code and with initialisation of java.security.Security
+- Related: rhbz#2039366
+
+* Mon Jan 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-1
+- Update to jdk-11.0.14.0+9
+- Update release notes to 11.0.14.0+9
+- Switch to GA mode for final release.
+- This tarball is embargoed until 2022-01-18 @ 1pm PT.
+- Resolves: rhbz#2039366
+
+* Fri Jan 14 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.8-0.1.ea
+- Update to jdk-11.0.14.0+8
+- Update release notes to 11.0.14.0+8
+- Switch to EA mode for 11.0.14 pre-release builds.
+- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
+- Rename blacklisted.certs to blocked.certs following JDK-8253866
+- Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034
+- Related: rhbz#2039366
+
+* Wed Dec 01 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.0.8-0.1.ea
+- Replaced hardcoded 11 by featurever where appropriate
+- Fixed comment of `for slowdebug` to correct `any debug`
+- Related: rhbz#2039366
+
 * Sun Nov 07 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-4
 - Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
 - Resolves: rhbz#2014212