From c74881f135d3ffc72b6588d5cf98d05be7e2de2f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 16 May 2023 09:16:52 +0000 Subject: [PATCH] import java-11-openjdk-11.0.19.0.7-4.el8 --- SOURCES/NEWS | 4584 ----------------- SOURCES/README.md | 39 + SOURCES/java-11-openjdk-portable.specfile | 2473 +++++++++ .../jdk8242332-rh2108712-sha3-sunpkcs11.patch | 2731 ++++++++++ ...va_access_bridge_privileged_security.patch | 20 - SPECS/java-11-openjdk.spec | 478 +- 6 files changed, 5408 insertions(+), 4917 deletions(-) delete mode 100644 SOURCES/NEWS create mode 100644 SOURCES/README.md create mode 100644 SOURCES/java-11-openjdk-portable.specfile create mode 100644 SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch delete mode 100644 SOURCES/rh1648644-java_access_bridge_privileged_security.patch diff --git a/SOURCES/NEWS b/SOURCES/NEWS deleted file mode 100644 index 0b617ad..0000000 --- a/SOURCES/NEWS +++ /dev/null @@ -1,4584 +0,0 @@ -Key: - -JDK-X - https://bugs.openjdk.java.net/browse/JDK-X -CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY - -New in release OpenJDK 11.0.19 (2023-04-18): -============================================= -Live versions of these release notes can be found at: - * https://bit.ly/openjdk11019 - -* CVEs - - CVE-2023-21930 - - CVE-2023-21937 - - CVE-2023-21938 - - CVE-2023-21939 - - CVE-2023-21954 - - CVE-2023-21967 - - CVE-2023-21968 -* Security fixes - - JDK-8287404: Improve ping times - - JDK-8288436: Improve Xalan supports - - JDK-8294474: Better AES support - - JDK-8295304: Runtime support improvements - - JDK-8296676, JDK-8296622: Improve String platform support - - JDK-8296684: Improve String platform support - - JDK-8296692: Improve String platform support - - JDK-8296832: Improve Swing platform support - - JDK-8297371: Improve UTF8 representation redux - - JDK-8298191: Enhance object reclamation process - - JDK-8298310: Enhance TLS session negotiation - - JDK-8298667: Improved path handling - - JDK-8299129: Enhance NameService lookups -* Other changes - - JDK-6528710: sRGB-ColorSpace to sRGB-ColorSpace Conversion - - JDK-7188098: TEST_BUG: closed/javax/sound/midi/Synthesizer/Receiver/bug6186488.java fails - - JDK-8035787: SourcePositions are wrong for Strings concatenated with '+' operator - - JDK-8065097: [macosx] javax/swing/Popup/TaskbarPositionTest.java fails because Popup is one pixel off - - JDK-8065422: Trailing dot in hostname causes TLS handshake to fail with SNI disabled - - JDK-8129315: java/net/Socket/LingerTest.java and java/net/Socket/ShutdownBoth.java timeout intermittently - - JDK-8144030: [macosx] test java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java fails (again) - - JDK-8170705: sun/net/www/protocol/http/StackTraceTest.java fails intermittently with Invalid Http response - - JDK-8171405: java/net/URLConnection/ResendPostBody.java failed with "Error while cleaning up threads after test" - - JDK-8179317: [TESTBUG] rewrite runtime shell tests in java - - JDK-8190492: Remove SSLv2Hello and SSLv3 from default enabled TLS protocols - - JDK-8192931: Regression test java/awt/font/TextLayout/CombiningPerf.java fails - - JDK-8195057: java/util/concurrent/CountDownLatch/Basic.java failed w/ Xcomp - - JDK-8195716: BootstrapLoggerTest : Executor still alive - - JDK-8202621: bad test with broken links needs to be updated - - JDK-8207248: Reduce incidence of compiler.warn.source.no.bootclasspath in javac tests - - JDK-8208077: File.listRoots performance degradation - - JDK-8209023: fix 2 compiler tests to avoid JDK-8208690 - - JDK-8209115: adjust libsplashscreen linux ppc64le builds for easier libpng update - - JDK-8209774: Refactor shell test javax/xml/jaxp/common/8035437/run.sh to java - - JDK-8209935: Test to cover CodeSource.getCodeSigners() - - JDK-8210373: Deadlock in libj2gss.so when loading "j2gss" and "net" libraries in parallel. - - JDK-8212165: JGSS: Fix cut/paste error in NativeUtil.c - - JDK-8212216: JGSS: Fix leak in exception cases in getJavaOID() - - JDK-8213130: Update ProblemList after verification of jtreg tests in Win 7 - - JDK-8213265: fix missing newlines at end of files - - JDK-8213932: [TESTBUG] assertEquals is invoked with the arguments in the wrong order - - JDK-8214445: [test] java/net/URL/HandlerLoop has illegal reflective access - - JDK-8215372: test/jdk/java/nio/file/DirectoryStream/Basic.java not correct when using a glob - - JDK-8215759: [test] java/math/BigInteger/ModPow.java can throw an ArithmeticException - - JDK-8217353: java/util/logging/LogManager/Configuration/updateConfiguration/HandlersOnComplexResetUpdate.java fails with Unexpected reference: java.lang.ref.WeakReference - - JDK-8217730: Split up MakeBase.gmk - - JDK-8218133: sun/net/www/protocol/http/ProtocolRedirect.java failed with "java.net.ConnectException" - - JDK-8218431: Improved platform checking in makefiles - - JDK-8218460: Test generation scripts do not invoke stream preprocessor correctly - - JDK-8221098: Run java/net/URL/HandlerLoop.java in othervm mode - - JDK-8221168: java/util/concurrent/CountDownLatch/Basic.java fails - - JDK-8221351: Crash in KlassFactory::check_shared_class_file_load_hook - - JDK-8221621: FindTests.gmk cannot handle "=" in TEST.groups comments - - JDK-8222430: Add tests for ElementKind predicates - - JDK-8223463: Replace wildcard address with loopback or local host in tests - part 2 - - JDK-8223716: sun/net/www/http/HttpClient/MultiThreadTest.java should be more resilient to unexpected traffic - - JDK-8223736: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java fails due to wrong number of MonitorContendedEntered events - - JDK-8224024: java/util/concurrent/BlockingQueue/DrainToFails.java testBounded fails intermittently - - JDK-8225648: [TESTBUG] java/lang/annotation/loaderLeak/Main.java fails with -Xcomp - - JDK-8226595: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java still fails due to wrong number of MonitorContendedEntered events - - JDK-8226917: jvmti/scenarios/contention/TC04/tc04t001/TestDescription.java fails on jvmti->InterruptThread (JVMTI_ERROR_THREAD_NOT_ALIVE) - - JDK-8227422: sun/net/www/protocol/file/DirPermissionDenied.java failed on Windows 2016 because DirPermissionDenied directory has no read permission - - JDK-8230374: maxOutputSize, instead of javatest.maxOutputSize, should be used in TEST.properties - - JDK-8230731: SA tests fail with "Windbg Error: ReadVirtual failed" - - JDK-8231595: [TEST] develop a test case for SuspendThreadList including current thread - - JDK-8233462: serviceability/tmtools/jstat tests times out with -Xcomp - - JDK-8235448: code cleanup in SSLContextImpl.java - - JDK-8238936: The crash in XRobotPeer when the custom GraphicsDevice is used - - JDK-8241293: CompressedClassSpaceSizeInJmapHeap.java time out after 8 minutes - - JDK-8241806: The sun/awt/shell/FileSystemViewMemoryLeak.java is unstable - - JDK-8244592: Start supporting SOURCE_DATE_EPOCH - - JDK-8245245: WebSocket can lose the URL encoding of URI query parameters - - JDK-8245654: Add Certigna Root CA - - JDK-8247741: Test test/hotspot/jtreg/runtime/7162488/TestUnrecognizedVmOption.java fails when -XX:+IgnoreUnrecognizedVMOptions is set - - JDK-8248306: gc/stress/gclocker/TestExcessGCLockerCollections.java does not compile - - JDK-8249691: jdk/lambda/vm/StrictfpDefault.java file can be removed - - JDK-8252401: Introduce Utils.TEST_NATIVE_PATH - - JDK-8252532: use Utils.TEST_NATIVE_PATH instead of System.getProperty("test.nativepath") - - JDK-8252715: Problem list java/awt/event/KeyEvent/KeyTyped/CtrlASCII.java on Linux - - JDK-8254267: javax/xml/crypto/dsig/LogParameters.java failed with "RuntimeException: Unexpected log output:" - - JDK-8255710: Opensource unit/regression tests for CMM - - JDK-8256110: Create implementation for NSAccessibilityStepper protocol - - JDK-8256111: Create implementation for NSAccessibilityStaticText protocol - - JDK-8256126: Create implementation for NSAccessibilityImage protocol peer - - JDK-8256240: Reproducible builds should turn on the "deterministic" flag for Visual Studio - - JDK-8256934: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit - - JDK-8257928: Test image build failure with clang-10 due to -Wmisleading-indentation - - JDK-8258005: JDK build fails with incorrect fixpath script - - JDK-8259265: Refactor UncaughtExceptions shell test as java test. - - JDK-8259267: Refactor LoaderLeak shell test as java test. - - JDK-8260576: Typo in compiler/runtime/safepoints/TestRegisterRestoring.java - - JDK-8261270: MakeMethodNotCompilableTest fails with -XX:TieredStopAtLevel={1,2,3} - - JDK-8261279: sun/util/resources/cldr/TimeZoneNamesTest.java timed out - - JDK-8261350: Create implementation for NSAccessibilityCheckBox protocol peer - - JDK-8261351: Create implementation for NSAccessibilityRadioButton protocol - - JDK-8261352: Create implementation for component peer for all the components who should be ignored in a11y interactions - - JDK-8262060: compiler/whitebox/BlockingCompilation.java timed out - - JDK-8264200: java/nio/channels/DatagramChannel/SRTest.java fails intermittently - - JDK-8264299: Create implementation of native accessibility peer for ScrollPane and ScrollBar Java Accessibility roles - - JDK-8264512: jdk/test/jdk/java/util/prefs/ExportNode.java relies on default platform encoding - - JDK-8266974: duplicate property key in java.sql.rowset resource bundle - - JDK-8267038: Update IANA Language Subtag Registry to Version 2022-03-02 - - JDK-8270609: [TESTBUG] java/awt/print/Dialog/DialogCopies.java does not show instruction - - JDK-8271323: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -XX:TieredStopAtLevel=1 - - JDK-8271506: Add ResourceHashtable support for deleting selected entries - - JDK-8272985: Reference discovery is confused about atomicity and degree of parallelism - - JDK-8273497: building.md should link to both md and html - - JDK-8273806: compiler/cpuflags/TestSSE4Disabled.java should test for CPU feature explicitly - - JDK-8273895: compiler/ciReplay/TestVMNoCompLevel.java fails due to wrong data size with TieredStopAtLevel=2,3 - - JDK-8274939: Incorrect size of the pixel storage is used by the robot on macOS - - JDK-8277346: ProblemList 7 serviceability/sa tests on macosx-x64 - - JDK-8277351: ProblemList runtime/jni/checked/TestPrimitiveArrayCriticalWithBadParam.java on macosx-x64 - - JDK-8279614: The left line of the TitledBorder is not painted on 150 scale factor - - JDK-8279662: serviceability/sa/ClhsdbScanOops.java can fail due to unexpected GC - - JDK-8279941: sun/security/pkcs11/Signature/TestDSAKeyLength.java fails when NSS version detection fails - - JDK-8280048: Missing comma in copyright header - - JDK-8280391: NMT: Correct NMT tag on CollectedHeap - - JDK-8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized - - JDK-8280896: java/nio/file/Files/probeContentType/Basic.java fails on Windows 11 - - JDK-8281262: Windows builds in different directories are not fully reproducible - - JDK-8282036: Change java/util/zip/ZipFile/DeleteTempJar.java to stop HttpServer cleanly in case of exceptions - - JDK-8282219: jdk/java/lang/ProcessBuilder/Basic.java fails on AIX - - JDK-8282398: EndingDotHostname.java test fails because SSL cert expired - - JDK-8282511: Use fixed certificate validation date in SSLExampleCert template - - JDK-8282958: Rendering Issues with Borders on Windows High-DPI systems - - JDK-8283606: Tests may fail with zh locale on MacOS - - JDK-8283717: vmTestbase/nsk/jdi/ThreadStartEvent/thread/thread001 failed due to SocketTimeoutException - - JDK-8283719: java/util/logging/CheckZombieLockTest.java failing intermittently - - JDK-8283870: jdeprscan --help causes an exception when the locale is ja, zh_CN or de - - JDK-8284023: java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo - - JDK-8284165: Add pid to process reaper thread name - - JDK-8285093: Introduce UTIL_ARG_WITH - - JDK-8285399: JNI exception pending in awt_GraphicsEnv.c:1432 - - JDK-8285690: CloneableReference subtest should not throw CloneNotSupportedException - - JDK-8285755: JDK-8285093 changed the default for --with-output-sync - - JDK-8285835: SIGSEGV in PhaseIdealLoop::build_loop_late_post_work - - JDK-8285919: Remove debug printout from JDK-8285093 - - JDK-8286030: Avoid JVM crash when containers share the same /tmp dir - - JDK-8286800: Assert in PhaseIdealLoop::dump_real_LCA is too strong - - JDK-8286962: java/net/httpclient/ServerCloseTest.java failed once with ConnectException - - JDK-8287011: Improve container information - - JDK-8287180: Update IANA Language Subtag Registry to Version 2022-08-08 - - JDK-8287906: Rewrite of GitHub Actions (GHA) sanity tests - - JDK-8288332: Tier1 validate-source fails after 8279614 - - JDK-8288499: Restore cancel-in-progress in GHA - - JDK-8289562: Change bugs.java.com and bugreport.java.com URL's to https - - JDK-8289695: [TESTBUG] TestMemoryAwareness.java fails on cgroups v2 and crun - - JDK-8290197: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails on some systems for the ".rar" extension - - JDK-8290899: java/lang/String/StringRepeat.java test requests too much heap on windows x86 - - JDK-8290920: sspi_bridge.dll not built if BUILD_CRYPTO is false - - JDK-8290964: C2 compilation fails with assert "non-reduction loop contains reduction nodes" - - JDK-8292863: assert(_print_inlining_stream->size() > 0) failed: missing inlining msg - - JDK-8292877: java/util/concurrent/atomic/Serial.java uses {Double,Long}Accumulator incorrectly - - JDK-8293550: Optionally add get-task-allow entitlement to macos binaries - - JDK-8293767: AWT test TestSinhalaChar.java has old SCCS markings - - JDK-8293996: C2: fix and simplify IdealLoopTree::do_remove_empty_loop - - JDK-8294378: URLPermission constructor exception when using tr locale - - JDK-8294580: frame::interpreter_frame_print_on() crashes if free BasicObjectLock exists in frame - - JDK-8294705: Disable an assertion in test/jdk/java/util/DoubleStreamSums/CompensatedSums.java - - JDK-8294947: Use 64bit atomics in patch_verified_entry on x86_64 - - JDK-8295116: C2: assert(dead->outcnt() == 0 && !dead->is_top()) failed: node must be dead - - JDK-8295211: Fix autoconf 2.71 warning "AC_CHECK_HEADERS: you should use literals" - - JDK-8295405: Add cause in a couple of IllegalArgumentException and InvalidParameterException shown by sun/security/pkcs11 tests - - JDK-8295412: support latest VS2022 MSC_VER in abstract_vm_version.cpp - - JDK-8295530: Update Zlib Data Compression Library to Version 1.2.13 - - JDK-8295685: Update Libpng to 1.6.38 - - JDK-8295774: Write a test to verify List sends ItemEvent/ActionEvent - - JDK-8295777: java/net/httpclient/ConnectExceptionTest.java should not rely on system resolver - - JDK-8295788: C2 compilation hits "assert((mode == ControlAroundStripMined && use == sfpt) || !use->is_reachable_from_root()) failed: missed a node" - - JDK-8296239: ISO 4217 Amendment 174 Update - - JDK-8296611: Problemlist several sun/security tests until JDK-8295343 is resolved - - JDK-8296619: Upgrade jQuery to 3.6.1 - - JDK-8296675: Exclude linux-aarch64 in NSS tests - - JDK-8296878: Document Filter attached to JPasswordField and setText("") is not cleared instead inserted characters replaced with unicode null characters - - JDK-8296904: Improve handling of macos xcode toolchain - - JDK-8296912: C2: CreateExNode::Identity fails with assert(i < _max) failed: oob: i=1, _max=1 - - JDK-8296924: C2: assert(is_valid_AArch64_address(dest.target())) failed: bad address - - JDK-8297088: Update LCMS to 2.14 - - JDK-8297257: Bump update version for OpenJDK: jdk-11.0.19 - - JDK-8297264: C2: Cast node is not processed again in CCP and keeps a wrong too narrow type which is later replaced by top - - JDK-8297480: GetPrimitiveArrayCritical in imageioJPEG misses result - NULL check - - JDK-8297489: Modify TextAreaTextEventTest.java as to verify the content change of TextComponent sends TextEvent - - JDK-8297569: URLPermission constructor throws IllegalArgumentException: Invalid characters in hostname after JDK-8294378 - - JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication - - JDK-8297963: Partially fix string expansion issues in UTIL_DEFUN_NAMED and related macros - - JDK-8298027: Remove SCCS id's from awt jtreg tests - - JDK-8298073: gc/metaspace/CompressedClassSpaceSizeInJmapHeap.java causes test task timeout on macosx - - JDK-8298093: improve cleanup and error handling of awt_parseColorModel in awt_parseImage.c - - JDK-8298108: Add a regression test for JDK-8297684 - - JDK-8298129: Let checkpoint event sizes grow beyond u4 limit - - JDK-8298271: java/security/SignedJar/spi-calendar-provider/TestSPISigned.java failing on Windows - - JDK-8298459: Fix msys2 linking and handling out of tree build directory for source zip creation - - JDK-8298527: Cygwin's uname -m returns different string than before - - JDK-8298588: WebSockets: HandshakeUrlEncodingTest unnecessarily depends on a response body - - JDK-8299194: CustomTzIDCheckDST.java may fail at future date - - JDK-8299296: Write a test to verify the components selection sends ItemEvent - - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR - - JDK-8299445: EndingDotHostname.java fails because of compilation errors - - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java - - JDK-8299520: TestPrintXML.java output error messages in case compare fails - - JDK-8299596: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.19 - - JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport - - JDK-8299789: Compilation of gtest causes build to fail if runtime libraries are in different dirs - - JDK-8300119: CgroupMetrics.getTotalMemorySize0() can report invalid results on 32 bit systems - - JDK-8300424: [11u] Chunk lost in backport of 8297569 - - JDK-8300642: [17u,11u] Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev - - JDK-8300742: jstat's CGCT is 5 percent higher than the pause time in -Xlog:gc. - - JDK-8300773: Address the inconsistency between the constant array and pool size - - JDK-8301397: [11u, 17u] Bump jtreg to fix issue with build JDK 11.0.18 - - JDK-8301760: Fix possible leak in SpNegoContext dispose - - JDK-8301842: JFR: increase checkpoint event size for stacktrace and string pool - - JDK-8302000: [11u] A subtle race condition during jdk11u build - - JDK-8302657: [11u] Add missing '(' in makefile after backport of 8218431 - - JDK-8302694: [11u] Update GHA Boot JDK to 11.0.18 - - JDK-8302903: [11u] Add modified test snippet after backport of JDK-8221871 - - JDK-8303075: [11u] Add CompileClassWithDebugTest to ProblemList for 8303074 - - JDK-8304389: [11u] Crash on Windows in C2 compiled code after 8248238 and 8218431 - -Notes on individual issues: -=========================== - -security-libs/javax.net.ssl: - -JDK-8190492: Removed SSLv2Hello and SSLv3 From Default Enabled TLS Protocols -============================================================================ -SSLv2Hello and SSLv3 are versions of the SSL protocol that have not -been considered secure for some time and are already disabled by -default. They have been superseded by the more secure and modern TLS -protocol, and users are recommended to switch to TLS 1.2 or 1.3. - -With this release, SSLv2Hello and SSLv3 are now also removed from the -list of default enabled protocols. This means that, even if SSLv3 is -removed from the `jdk.tls.disabledAlgorithms` security property, it -will still not be returned by the following methods: - -* SSLServerSocket.getEnabledProtocols() -* SSLEngine.getEnabledProtocols() -* SSLParameters.getProtocols() - -To enable SSLv3, it is now necessary to use the -`jdk.tls.client.protocols` or `jdk.tls.server.protocols` system -properties on the command line, or call one of the following methods -to enable them programatically: - -* SSLSocket.setEnabledProtocols() -* SSLServerSocket.setEnabledProtocols() -* SSLEngine.setEnabledProtocols() - -security-libs/java.security: - -JDK-8245654: Added Certigna(Dhimyotis) Root CA Certificate -========================================================== -The following root certificate has been added to the cacerts truststore: - -Name: Certigna (Dhimyotis) -Alias Name: certignarootca -Distinguished Name: CN=Certigna, O=Dhimyotis, C=FR - -core-libs/java.io: - -JDK-8208077: File::listRoots Changed To Return All Available Drives On Windows -============================================================================== -The `java.io.File.listRoots()` method on Windows systems filtered out disk -drives that could not be accessed or did not have media loaded. The -use of this filtering led to observable performance issues. This release -now returns all available disk drives, unfiltered. - -New in release OpenJDK 11.0.18 (2023-01-17): -============================================= -Live versions of these release notes can be found at: - * https://bit.ly/openjdk11018 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.18.html - -* CVEs - - CVE-2023-21835 - - CVE-2023-21843 -* Security fixes - - JDK-8286070: Improve UTF8 representation - - JDK-8286496: Improve Thread labels - - JDK-8287411: Enhance DTLS performance - - JDK-8288516: Enhance font creation - - JDK-8289350: Better media supports - - JDK-8293554: Enhanced DH Key Exchanges - - JDK-8293598: Enhance InetAddress address handling - - JDK-8293717: Objective view of ObjectView - - JDK-8293734: Improve BMP image handling - - JDK-8293742: Better Banking of Sounds - - JDK-8295687: Better BMP bounds -* Other changes - - JDK-4819544: SwingSet2 JTable Demo throws NullPointerException - - JDK-6782021: It is not possible to read local computer certificates with the SunMSCAPI provider - - JDK-6829250: Reg test: java/awt/Toolkit/ScreenInsetsTest/ScreenInsetsTest.java fails in Windows - - JDK-7001973: java/awt/Graphics2D/CopyAreaOOB.java fails - - JDK-8022403: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails - - JDK-8028998: [TEST_BUG] [macosx] java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java failed - - JDK-8029633: Raw inner class constructor ref should not perform diamond inference - - JDK-8030121: java/awt/dnd/MissingDragExitEventTest/MissingDragExitEventTest.java fails - - JDK-8079267: [TEST_BUG] Test java/awt/Frame/MiscUndecorated/RepaintTest.java fails - - JDK-8129827: [TEST_BUG] Test java/awt/Robot/RobotWheelTest/RobotWheelTest.java fails - - JDK-8159599: [TEST_BUG] java/awt/Modal/ModalInternalFrameTest/ModalInternalFrameTest.java - - JDK-8169187: [macosx] Aqua: java/awt/image/multiresolution/MultiresolutionIconTest.java - - JDK-8172269: When checking the default behaviour for a scroll tab layout and checking the 'opaque' checkbox, the area behind tabs is not red. - - JDK-8178698: javax/sound/midi/Sequencer/MetaCallback.java failed with timeout - - JDK-8193942: Regression automated test '/open/test/jdk/javax/swing/JFrame/8175301/ScaledFrameBackgroundTest.java' fails - - JDK-8194126: Regression automated Test '/open/test/jdk/javax/swing/JColorChooser/Test7194184.java' fails - - JDK-8198343: Test java/awt/print/PrinterJob/TestPgfmtSetMPA.java may fail w/o printer - - JDK-8199290: [TESTBUG] sun.hotspot.WhiteBox$WhiteBoxPermission is not copied - - JDK-8202836: [macosx] test java/awt/Graphics/TextAAHintsTest.java fails - - JDK-8206125: [windows] cannot pass relative path to --with-boot-jdk - - JDK-8210047: some pages contain content outside of landmark region - - JDK-8211002: test/jdk/java/lang/Math/PowTests.java skips testing for non-corner-case values - - JDK-8212096: javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java failed intermittently due to SSLException: Tag mismatch - - JDK-8213239: Configure cannot handle command overrides with arguments - - JDK-8215571: jdb does not include jdk.* in the default class filter - - JDK-8217032: Check pandoc capabilities in configure - - JDK-8222091: Javadoc does not handle package annotations correctly on package-info.java - - JDK-8222251: preflow visitor is not visiting lambda expressions - - JDK-8226236: win32: gc/metaspace/TestCapacityUntilGCWrapAround.java fails - - JDK-8227179: Test for new gc+metaspace=info output format - - JDK-8227651: Tests fail with SSLProtocolException: Input record too big - - JDK-8228672: [TESTBUG] gc/metaspace/TestSizeTransitions.java fails on 32-bit platforms - - JDK-8233557: [TESTBUG] DoubleClickTitleBarTest.java fails on macOs - - JDK-8233558: [TESTBUG] WindowOwnedByEmbeddedFrameTest.java fails on macos - - JDK-8233565: [TESTBUG] NullModalityDialogTest.java fails on MacOS - - JDK-8233648: [TESTBUG] DefaultMenuBarTest.java failing on macos - - JDK-8239708: Split basics.m4 into basic.m4 and util.m4 - - JDK-8240281: Remove failing assertion code when selecting first memory state in SuperWord::co_locate_pack - - JDK-8242468: VS2019 build missing vcruntime140_1.dll - - JDK-8243565: some gc tests use 'test.java.opts' and not 'test.vm.opts' - - JDK-8243568: serviceability/logging/TestLogRotation.java uses 'test.java.opts' and not 'test.vm.opts' - - JDK-8244010: Simplify usages of ProcessTools.createJavaProcessBuilder in our tests - - JDK-8244557: test/jdk/javax/swing/JTabbedPane/TestBackgroundScrollPolicy.java failed - - JDK-8247676: vcruntime140_1.dll is not needed on 32-bit Windows - - JDK-8249694: java/lang/StringBuffer/HugeCapacity.java and j/l/StringBuilder/HugeCapacity.java tests shouldn't be @ignore-d - - JDK-8253877: gc/g1/TestGCLogMessages.java fails - missing "Evacuation failure" message - - JDK-8254874: ZGC: JNIHandleBlock verification failure in stack watermark processing - - JDK-8254976: Re-enable swing jtreg tests which were broken due to samevm mode - - JDK-8255439: System Tray icons get corrupted when Windows scaling changes - - JDK-8256109: Create implementation for NSAccessibilityButton protocol - - JDK-8257679: Improved unix compatibility layer in Windows build (winenv) - - JDK-8257722: Improve "keytool -printcert -jarfile" output - - JDK-8258005: JDK build fails with incorrect fixpath script - - JDK-8259485: Document need for short paths when building on Windows - - JDK-8260272: bash configure --prefix does not work after JDK-8257679 - - JDK-8261336: IGV: enhance default filters - - JDK-8261445: Use memory_order_relaxed for os::random(). - - JDK-8261758: [TESTBUG] gc/g1/TestGCLogMessages.java fails if ergonomics detect too small InitialHeapSize - - JDK-8263326: Remove ReceiverTypeData check from serviceability/sa/TestPrintMdo.java - - JDK-8263871: On sem_destroy() failing we should assert - - JDK-8264593: debug.cpp utilities should be available in product builds. - - JDK-8264666: Change implementation of safeAdd/safeMult in the LCMSImageLayout class - - JDK-8266082: AssertionError in Annotate.fromAnnotations with -Xdoclint - - JDK-8266967: debug.cpp utility find() should print Java Object fields. - - JDK-8268361: Fix the infinite loop in next_line - - JDK-8268860: Windows-Aarch64 build is failing in GitHub actions - - JDK-8268893: jcmd to trim the glibc heap - - JDK-8269029: compiler/codegen/TestCharVect2.java fails for client VMs - - JDK-8269873: serviceability/sa/Clhsdb tests are using a C2 specific VMStruct field - - JDK-8272123: Problem list 4 jtreg tests which regularly fail on macos-aarch64 - - JDK-8273236: keytool does not accurately warn about algorithms that are disabled but have additional constraints - - JDK-8273553: sun.security.ssl.SSLEngineImpl.closeInbound also has similar error of JDK-8253368 - - JDK-8273578: javax/swing/JMenu/4515762/bug4515762.java fails on macOS 12 - - JDK-8273685: Remove jtreg tag manual=yesno for java/awt/Graphics/LCDTextAndGraphicsState.java & show test instruction - - JDK-8274029: Remove jtreg tag manual=yesno for java/awt/print/Dialog/DialogOrient.java - - JDK-8274032: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/ImagePrinting/ImageTypes.java & show test UI - - JDK-8274296: Update or Problem List tests which may fail with uiScale=2 on macOS - - JDK-8274456: Remove jtreg tag manual=yesno java/awt/print/PrinterJob/PageDialogTest.java - - JDK-8274563: jfr/event/oldobject/TestClassLoaderLeak.java fails when GC cycles are not happening - - JDK-8274597: Some of the dnd tests time out and fail intermittently - - JDK-8275170: Some jtreg sound tests should be marked with sound keyword - - JDK-8275535: Retrying a failed authentication on multiple LDAP servers can lead to users blocked - - JDK-8276841: Add support for Visual Studio 2022 - - JDK-8277159: Fix java/nio/file/FileStore/Basic.java test by ignoring /run/user/* mount points - - JDK-8277497: Last column cell in the JTable row is read as empty cell - - JDK-8277881: Missing SessionID in TLS1.3 resumption in compatibility mode - - JDK-8277970: Test jdk/sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java fails with "tag mismatch" - - JDK-8279066: entries.remove(entry) is useless in PKCS12KeyStore - - JDK-8279695: [TESTBUG] modify compiler/loopopts/TestSkeletonPredicateNegation.java to run on C1 also - - JDK-8280158: New test from JDK-8274736 failed with/without patch in JDK11u - - JDK-8280550: SplittableRandom#nextDouble(double,double) can return result >= bound - - JDK-8280863: Update build README to reflect that MSYS2 is supported - - JDK-8280890: Cannot use '-Djava.system.class.loader' with class loader in signed JAR - - JDK-8280948: Write a regression test for JDK-4659800 - - JDK-8280950: RandomGenerator:NextDouble() default behavior non conformant after JDK-8280550 fix - - JDK-8281183: RandomGenerator:NextDouble() default behavior partially fixed by JDK-8280950 - - JDK-8281296: Create a regression test for JDK-4515999 - - JDK-8281297: TestStressG1Humongous fails with guarantee(is_range_uncommitted) - - JDK-8282046: Create a regression test for JDK-8000326 - - JDK-8282276: Problem list failing two Robot Screen Capture tests - - JDK-8282306: os::is_first_C_frame(frame*) crashes on invalid link access - - JDK-8282345: handle latest VS2022 in abstract_vm_version - - JDK-8282402: Create a regression test for JDK-4666101 - - JDK-8282640: Create a test for JDK-4740761 - - JDK-8282642: vmTestbase/gc/gctests/LoadUnloadGC2/LoadUnloadGC2.java fails intermittently with exit code 1 - - JDK-8282730: LdapLoginModule throw NPE from logout method after login failure - - JDK-8282777: Create a Regression test for JDK-4515031 - - JDK-8282778: Create a regression test for JDK-4699544 - - JDK-8282857: Create a regression test for JDK-4702690 - - JDK-8282936: Write a regression test for JDK-4615365 - - JDK-8282937: Write a regression test for JDK-4820080 - - JDK-8283199: Linux os::cpu_microcode_revision() stalls cold startup - - JDK-8283422: Create a new test for JDK-8254790 - - JDK-8284294: Create an automated regression test for RFE 4138746 - - JDK-8284358: Unreachable loop is not removed from C2 IR, leading to a broken graph - - JDK-8284521: Write an automated regression test for RFE 4371575 - - JDK-8284690: [macos] VoiceOver : Getting java.lang.IllegalArgumentException: Invalid location on Editable JComboBox - - JDK-8284732: FFI_GO_CLOSURES macro not defined but required for zero build on Mac OS X - - JDK-8284752: Zero does not build on Mac OS X due to missing os::current_thread_enable_wx implementation - - JDK-8284771: java/util/zip/CloseInflaterDeflaterTest.java failed with "AssertionError: Expected IOException to be thrown, but nothing was thrown" - - JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java - - JDK-8284977: MetricsTesterCgroupV2.getLongValueEntryFromFile fails when named value doesn't exist - - JDK-8285305: Create an automated test for JDK-4495286 - - JDK-8285373: Create an automated test for JDK-4702233 - - JDK-8285604: closed sun/java2d/GdiRendering/ClipShapeRendering.java failed with "Incorrect color ffeeeeee instead of ff0000ff in pixel (100, 100)" - - JDK-8285617: Fix java/awt/print/PrinterJob/ImagePrinting/PrintARGBImage.java manual test - - JDK-8285698: Create a test to check the focus stealing of JPopupMenu from JComboBox - - JDK-8285794: AsyncGetCallTrace might acquire a lock via JavaThread::thread_from_jni_environment - - JDK-8285836: sun/net/www/http/KeepAliveCache/KeepAliveProperty.java failed with "RuntimeException: Failed in server" - - JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/AttachReturnError.java fails on Alpine - - JDK-8286624: Regression Test CoordinateTruncationBug.java fails on OL8.3 - - JDK-8286663: Resolve IDE warnings in WTrayIconPeer and SystemTray - - JDK-8286772: java/awt/dnd/DropTargetInInternalFrameTest/DropTargetInInternalFrameTest.html times out and fails in Windows - - JDK-8286872: Refactor add/modify notification icon (TrayIcon) - - JDK-8287076: Document.normalizeDocument() produces different results - - JDK-8287091: aarch64 : guarantee(val < (1ULL << nbits)) failed: Field too big for insn - - JDK-8287425: Remove unnecessary register push for MacroAssembler::check_klass_subtype_slow_path - - JDK-8287609: macOS: SIGSEGV at [CoreFoundation] CFArrayGetCount / sun.font.CFont.getTableBytesNative - - JDK-8287724: Fix various issues with msys2 - - JDK-8287826: javax/accessibility/4702233/AccessiblePropertiesTest.java fails to compile - - JDK-8287895: Some langtools tests fail on msys2 - - JDK-8287896: PropertiesTest.sh fail on msys2 - - JDK-8287902: UnreadableRB case in MissingResourceCauseTest is not working reliably on Windows - - JDK-8287917: System.loadLibrary does not work on Big Sur if JDK is built with macOS SDK 10.15 and earlier - - JDK-8288132: Update test artifacts in QuoVadis CA interop tests - - JDK-8288302: Shenandoah: SIGSEGV in vm maybe related to jit compiling xerces - - JDK-8288377: [REDO] DST not applying properly with zone id offset set with TZ env variable - - JDK-8288445: AArch64: C2 compilation fails with guarantee(!true || (true && (shift != 0))) failed: impossible encoding - - JDK-8288599: com/sun/management/OperatingSystemMXBean/TestTotalSwap.java: Expected total swap size ... but getTotalSwapSpaceSize returned ... - - JDK-8288985: P11TlsKeyMaterialGenerator should work with ChaCha20-Poly1305 - - JDK-8289043: C2: Vector constant materialization attempt - - JDK-8289146: containers/docker/TestMemoryWithCgroupV1.java fails on linux ppc64le machine with missing Memory and Swap Limit output - - JDK-8290207: Missing notice in dom.md - - JDK-8290209: jcup.md missing additional text - - JDK-8290451: Incorrect result when switching to C2 OSR compilation from C1 - - JDK-8290529: C2: assert(BoolTest(btest).is_canonical()) failure - - JDK-8290705: StringConcat::validate_mem_flow asserts with "unexpected user: StoreI" - - JDK-8290711: assert(false) failed: infinite loop in PhaseIterGVN::optimize - - JDK-8290781: Segfault at PhaseIdealLoop::clone_loop_handle_data_uses - - JDK-8291459: JVM crash with GenerateOopMap::error_work(char const*, __va_list_tag*) - - JDK-8291461: assert(false) failed: bad AD file - - JDK-8292083: Detected container memory limit may exceed physical machine memory - - JDK-8292158: AES-CTR cipher state corruption with AVX-512 - - JDK-8292541: [Metrics] Reported memory limit may exceed physical machine memory - - JDK-8292682: Code change of JDK-8282730 not updated to reflect CSR update - - JDK-8292778: EncodingSupport_md.c convertUtf8ToPlatformString wrong placing of free - - JDK-8292866: Java_sun_awt_shell_Win32ShellFolder2_getLinkLocation check MultiByteToWideChar return value for failures - - JDK-8292887: Bump update version for OpenJDK: jdk-11.0.18 - - JDK-8292899: CustomTzIDCheckDST.java testcase failed on AIX platform - - JDK-8293044: C1: Missing access check on non-accessible class - - JDK-8293472: Incorrect container resource limit detection if manual cgroup fs mounts present - - JDK-8293540: [Metrics] Incorrectly detected resource limits with additional cgroup fs mounts - - JDK-8293578: Duplicate ldc generated by javac - - JDK-8293672: Update freetype md file - - JDK-8293816: CI: ciBytecodeStream::get_klass() is not consistent - - JDK-8293826: Closed test fails after JDK-8276108 on aarch64 - - JDK-8293828: JFR: jfr/event/oldobject/TestClassLoaderLeak.java still fails when GC cycles are not happening - - JDK-8293834: Update CLDR data following tzdata 2022c update - - JDK-8293998: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC - - JDK-8294138: [11u] Revert change from JDK-8210962 in basic.m4 - - JDK-8294307: ISO 4217 Amendment 173 Update - - JDK-8294357: (tz) Update Timezone Data to 2022d - - JDK-8294578: [PPC64] C2: Missing is_oop information when using disjoint compressed oops mode - - JDK-8294740: Add cgroups keyword to TestDockerBasic.java - - JDK-8295173: (tz) Update Timezone Data to 2022e - - JDK-8295288: Some vm_flags tests associate with a wrong BugID - - JDK-8295322: Tests for JDK-8271459 were not backported to 11u - - JDK-8295429: Update harfbuzz md file - - JDK-8295469: S390X: Optimized builds are broken - - JDK-8295554: Move the "sizecalc.h" to the correct location - - JDK-8295641: Fix DEFAULT_PROMOTED_VERSION_PRE=ea for -dev - - JDK-8295714: GHA ::set-output is deprecated and will be removed - - JDK-8295723: security/infra/wycheproof/RunWycheproof.java fails with Assertion Error - - JDK-8295872: [PPC64] JfrGetCallTrace: Need pc == nullptr check before frame constructor - - JDK-8295952: Problemlist existing compiler/rtm tests also on x86 - - JDK-8296108: (tz) Update Timezone Data to 2022f - - JDK-8296239: ISO 4217 Amendment 174 Update - - JDK-8296480: java/security/cert/pkix/policyChanges/TestPolicy.java is failing - - JDK-8296485: BuildEEBasicConstraints.java test fails with SunCertPathBuilderException - - JDK-8296496, JDK-8292652: Overzealous check in sizecalc.h prevents large memory allocation - - JDK-8296632: Write a test to verify the content change of TextArea sends TextEvent - - JDK-8296652: Restore windows aarch64 fixpath patch that was removed in 8239708 - - JDK-8296715: CLDR v42 update for tzdata 2022f - - JDK-8296957: One more cast in SAFE_SIZE_NEW_ARRAY2 - - JDK-8297147: UnexpectedSourceImageSize test times out on slow machines when fastdebug is used - - JDK-8297153: sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java fails again - - JDK-8297241: Update sun/java2d/DirectX/OnScreenRenderingResizeTest/OnScreenRenderingResizeTest.java - - JDK-8297481: Create a regression test for JDK-4424517 - - JDK-8297656: AArch64: Enable AES/GCM Intrinsics - - JDK-8297804: (tz) Update Timezone Data to 2022g - - JDK-8298737: 8296772 backport to jdk11u caused build error on sparc - - JDK-8299393: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.18 - - JDK-8299439: java/text/Format/NumberFormat/CurrencyFormat.java fails for hr_HR - - JDK-8299483: ProblemList java/text/Format/NumberFormat/CurrencyFormat.java - - JDK-8299616: [11u] Bootcycle build fails after JDK-8257679 backport - -Notes on individual issues: -=========================== - -client-libs/javax.imageio: - -JDK-8295687: Better BMP bounds -============================== -Loading a linked ICC profile within a BMP image is now disabled by -default. To re-enable it, set the new system property -`sun.imageio.bmp.enabledLinkedProfiles` to `true`. This new property -replaces the old property, -`sun.imageio.plugins.bmp.disableLinkedProfiles`. - -client-libs/javax.sound: - -JDK-8293742: Better Banking of Sounds -===================================== -Previously, the SoundbankReader implementation, -`com.sun.media.sound.JARSoundbankReader`, would download a JAR -soundbank from a URL. This behaviour is now disabled by default. To -re-enable it, set the new system property `jdk.sound.jarsoundbank` to -`true`. - -security-libs/javax.crypto: - -JDK-6782021: Windows KeyStore Updated to Include Access to the Local Machine Location -===================================================================================== -The Windows KeyStore support in the SunMSCAPI provider has been -expanded to include access to the local machine location. The new -keystore types are: - -* "Windows-MY-LOCALMACHINE" -* "Windows-ROOT-LOCALMACHINE" - -The following keystore types were also added, allowing developers to -make it clear they map to the current user: - -* "Windows-MY-CURRENTUSER" (same as "Windows-MY") -* "Windows-ROOT-CURRENTUSER" (same as "Windows-ROOT") - -security-libs/java.security: - -JDK-8282730: New Implementation Note for LoginModule on Removing Null from a Principals or Credentials Set -========================================================================================================== -Back in OpenJDK 9, JDK-8015081 changed the Set implementation used to -hold principals and credentials so that it rejected null -values. Attempts to call add(null), contains(null) or remove(null) -were changed to throw a NullPointerException. - -However, the logout() methods in the LoginModule implementations -within the JDK were not updated to check for null values, which may -occur in the event of a failed login. As a result, a logout() call may -throw a NullPointerException. - -The LoginModule implementations have now been updated with such checks -and an implementation note added to the specification to suggest that -the same change is made in third party modules. Developers of third -party modules are advised to verify that their logout() method does not -throw a NullPointerException. - -security-libs/javax.net.ssl: - -JDK-8287411: Enhance DTLS performance -===================================== -The JDK now exchanges DTLS cookies for all handshakes, new and -resumed. The previous behaviour can be re-enabled by setting the new -system property `jdk.tls.enableDtlsResumeCookie` to `false`. - -New in release OpenJDK 11.0.17 (2022-10-18): -============================================= -Live versions of these release notes can be found at: - * https://bit.ly/openjdk11017 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html - -* Security fixes - - JDK-8282252: Improve BigInteger/Decimal validation - - JDK-8285662: Better permission resolution - - JDK-8286077, CVE-2022-21618: Wider MultiByte conversions - - JDK-8286511: Improve macro allocation - - JDK-8286519: Better memory handling - - JDK-8286526, CVE-2022-21619: Improve NTLM support - - JDK-8286533, CVE-2022-21626: Key X509 usages - - JDK-8286910, CVE-2022-21624: Improve JNDI lookups - - JDK-8286918, CVE-2022-21628: Better HttpServer service - - JDK-8287446: Enhance icon presentations - - JDK-8288508: Enhance ECDSA usage - - JDK-8289366, CVE-2022-39399: Improve HTTP/2 client usage - - JDK-8289853: Update HarfBuzz to 4.4.1 - - JDK-8290334: Update FreeType to 2.12.1 - - JDK-8293429: [11u] minor update in attribute style -* Other changes - - JDK-6606767: resexhausted00[34] fail assert(!thread->owns_locks(), "must release all locks when leaving VM") - - JDK-6854300: [TEST_BUG] java/awt/event/MouseEvent/SpuriousExitEnter/SpuriousExitEnter_3.java fails in jdk6u14 & jdk7 - - JDK-7131823: bug in GIFImageReader - - JDK-8017175: [TESTBUG] javax/swing/JPopupMenu/4634626/bug4634626.java sometimes failed on mac - - JDK-8028265: Add legacy tz tests to OpenJDK - - JDK-8069343: Improve gc/g1/TestHumongousCodeCacheRoots.java to use jtreg @requires - - JDK-8139348: Deprecate 3DES and RC4 in Kerberos - - JDK-8159694: HiDPI, Unity, java/awt/dnd/DropTargetEnterExitTest/MissedDragExitTest.java - - JDK-8164804: sun/security/ssl/SSLSocketImpl/CloseSocket.java makes not reliable time assumption - - JDK-8169468: NoResizeEventOnDMChangeTest.java fails because FS Window didn't receive all resizes! - - JDK-8172065: javax/swing/JTree/4908142/bug4908142.java The selected index should be "aad" - - JDK-8183372: Refactor java/lang/Class shell tests to java - - JDK-8186143: keytool -ext option doesn't accept wildcards for DNS subject alternative names - - JDK-8193462: Fix Filer handling of package-info initial elements - - JDK-8203277: preflow visitor used during lambda attribution shouldn't visit class definitions inside the lambda body - - JDK-8208471: nsk/jdb/unwatch/unwatch002/unwatch002.java fails with "Prompt is not received during 300200 milliseconds" - - JDK-8209052: Low contrast in docs/api/constant-values.html - - JDK-8209736: runtime/RedefineTests/ModifyAnonymous.java fails with NullPointerException when running in CDS mode - - JDK-8210107: vmTestbase/nsk/stress/network tests fail with Cannot assign requested address (Bind failed) - - JDK-8210722: JAXP Tests: CatalogSupport2 and CatalogSupport3 generate incorrect messages upon failure - - JDK-8210960: Allow --with-boot-jdk-jvmargs to work during configure - - JDK-8212904: JTextArea line wrapping incorrect when using UI scale - - JDK-8213695: gc/TestAllocateHeapAtMultiple.java is slow in some configs - - JDK-8214078: (fs) SecureDirectoryStream not supported on arm32 - - JDK-8214427: probable bug in logic of ConcurrentHashMap.addCount() - - JDK-8215291: Broken links when generating from project without modules - - JDK-8217170: gc/arguments/TestUseCompressedOopsErgo.java timed out - - JDK-8217332: JTREG: Clean up, use generics instead of raw types - - JDK-8218128: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003 and 004 use wrong path to test classes - - JDK-8218413: make reconfigure ignores configure-time AUTOCONF environment variable - - JDK-8219074: [TESTBUG] runtime/containers/docker/TestCPUAwareness.java typo of printing parameters (period should be shares) - - JDK-8219149: ProcessTools.ProcessBuilder should print timing info for subprocesses - - JDK-8220744: [TESTBUG] Move RedefineTests from runtime to serviceability - - JDK-8221871: javadoc should not set role=region on
elements - - JDK-8221907: make reconfigure breaks when configured with relative paths - - JDK-8223543: [TESTBUG] Regression test java/awt/Graphics2D/DrawString/LCDTextSrcEa.java has issues - - JDK-8223575: add subspace transitions to gc+metaspace=info log lines - - JDK-8225122: Test AncestorResized.java fails when Windows desktop is scaled. - - JDK-8226976: SessionTimeOutTests uses == operator for String value check - - JDK-8230708: Hotspot fails to build on linux-sparc with gcc-9 - - JDK-8233712: Limit default tests jobs based on ulimit -u setting - - JDK-8235870: C2 crashes in IdealLoopTree::est_loop_flow_merge_sz() - - JDK-8236490: Compiler bug relating to @NonNull annotation - - JDK-8236823: Ensure that API documentation uses minified libraries - - JDK-8238196: tests that use SA Attach should not be allowed to run against signed binaries on Mac OS X 10.14.5 and later - - JDK-8238203: Return value of GetUserDefaultUILanguage() should be handled as LANGID - - JDK-8238268: Many SA tests are not running on OSX because they do not attempt to use sudo when available - - JDK-8238586: [TESTBUG] vmTestbase/jit/tiered/Test.java failed when TieredCompilation is disabled - - JDK-8239265: JFR: Test cleanup of jdk.jfr.api.consumer package - - JDK-8239379: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java on OSX - - JDK-8239423: jdk/jfr/jvm/TestJFRIntrinsic.java failed with -XX:-TieredCompilation - - JDK-8239902: [macos] Remove direct usage of JSlider, JProgressBar classes in CAccessible class - - JDK-8240903: Add test to check that jmod hashes are reproducible - - JDK-8242188: error in jtreg test jdk/jfr/api/consumer/TestRecordedFrame.java on linux-aarch64 - - JDK-8247546: Pattern matching does not skip correctly over supplementary characters - - JDK-8247907: XMLDsig logging does not work - - JDK-8247964: All log0() in com/sun/org/slf4j/internal/Logger.java should be private - - JDK-8249623: test @ignore-d due to 7013634 should be returned back to execution - - JDK-8251152: ARM32: jtreg c2 Test8202414 test crash - - JDK-8251551: Use .md filename extension for README - - JDK-8252145: Unify Info.plist files with correct version strings - - JDK-8253829: Wrong length compared in SSPI bridge - - JDK-8253916: ResourceExhausted/resexhausted001 crashes on Linux-x64 - - JDK-8254178: Remove .hgignore - - JDK-8254318: Remove .hgtags - - JDK-8255724: [XRender] the BlitRotateClippedArea test fails on Linux in the XR pipeline - - JDK-8255729: com.sun.tools.javac.processing.JavacFiler.FilerOutputStream is inefficient - - JDK-8257623: vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted001/TestDescription.java shouldn't use timeout - - JDK-8258946: Fix optimization-unstable code involving signed integer overflow - - JDK-8261160: Add a deserialization JFR event - - JDK-8262085: Hovering Metal HTML Tooltips in different windows cause IllegalArgExc on Linux - - JDK-8264400: (fs) WindowsFileStore equality depends on how the FileStore was constructed - - JDK-8264792: The NumberFormat for locale sq_XK formats price incorrectly. - - JDK-8265020: tests must be updated for new TestNG module name - - JDK-8265100: (fs) WindowsFileStore.hashCode() should read cached hash code once - - JDK-8265531: doc/building.md should mention homebrew install freetype - - JDK-8266250: WebSocketTest and WebSocketProxyTest call assertEquals(List, List) - - JDK-8266254: Update to use jtreg 6 - - JDK-8266460: java.io tests fail on null stream with upgraded jtreg/TestNG - - JDK-8266461: tools/jmod/hashes/HashesTest.java fails: static @Test methods - - JDK-8266490: Extend the OSContainer API to support the pids controller of cgroups - - JDK-8266675: Optimize IntHashTable for encapsulation and ease of use - - JDK-8266774: System property values for stdout/err on Windows UTF-8 - - JDK-8266881: Enable debug log for SSLEngineExplorerMatchedSNI.java - - JDK-8267180: Typo in copyright header for HashesTest - - JDK-8267271: Fix gc/arguments/TestNewRatioFlag.java expectedNewSize calculation - - JDK-8267880: Upgrade the default PKCS12 MAC algorithm - - JDK-8268185: Update GitHub Actions for jtreg 6 - - JDK-8269039: Disable SHA-1 Signed JARs - - JDK-8269517: compiler/loopopts/TestPartialPeelingSinkNodes.java crashes with -XX:+VerifyGraphEdges - - JDK-8270090: C2: LCM may prioritize CheckCastPP nodes over projections - - JDK-8270312: Error: Not a test or directory containing tests: java/awt/print/PrinterJob/XparColor.java - - JDK-8271010: vmTestbase/gc/lock/malloc/malloclock04/TestDescription.java crashes intermittently - - JDK-8271078: jdk/incubator/vector/Float128VectorTests.java failed a subtest - - JDK-8271512: ProblemList serviceability/sa/sadebugd/DebugdConnectTest.java due to 8270326 - - JDK-8272352: Java launcher can not parse Chinese character when system locale is set to UTF-8 - - JDK-8272398: Update DockerTestUtils.buildJdkDockerImage() - - JDK-8273526: Extend the OSContainer API pids controller with pids.current - - JDK-8274506: TestPids.java and TestPidsLimit.java fail with podman run as root - - JDK-8274517: java/util/DoubleStreamSums/CompensatedSums.java fails with expected [true] but found [false] - - JDK-8274687: JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend - - JDK-8275008: gtest build failure due to stringop-overflow warning with gcc11 - - JDK-8275689: [TESTBUG] Use color tolerance only for XRender in BlitRotateClippedArea test - - JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled - - JDK-8277893: Arraycopy stress tests - - JDK-8278067: Make HttpURLConnection default keep alive timeout configurable - - JDK-8278344: sun/security/pkcs12/KeytoolOpensslInteropTest.java test fails because of different openssl output - - JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null" - - JDK-8279032: compiler/loopopts/TestSkeletonPredicateNegation.java times out with -XX:TieredStopAtLevel < 4 - - JDK-8279385: [test] Adjust sun/security/pkcs12/KeytoolOpensslInteropTest.java after 8278344 - - JDK-8279622: C2: miscompilation of map pattern as a vector reduction - - JDK-8280913: Create a regression test for JRootPane.setDefaultButton() method - - JDK-8281181: Do not use CPU Shares to compute active processor count - - JDK-8281535: Create a regression test for JDK-4670051 - - JDK-8281569: Create tests for Frame.setMinimumSize() method - - JDK-8281628: KeyAgreement : generateSecret intermittently not resetting - - JDK-8281738: Create a regression test for checking the 'Space' key activation of focused Button - - JDK-8281745: Create a regression test for JDK-4514331 - - JDK-8281988: Create a regression test for JDK-4618767 - - JDK-8282214: Upgrade JQuery to version 3.6.0 - - JDK-8282234: Create a regression test for JDK-4532513 - - JDK-8282280: Update Xerces to Version 2.12.2 - - JDK-8282343: Create a regression test for JDK-4518432 - - JDK-8282538: PKCS11 tests fail on CentOS Stream 9 - - JDK-8282548: Create a regression test for JDK-4330998 - - JDK-8282555: Missing memory edge when spilling MoveF2I, MoveD2L etc - - JDK-8282789: Create a regression test for the JTree usecase of JDK-4618767 - - JDK-8282860: Write a regression test for JDK-4164779 - - JDK-8282933: Create a test for JDK-4529616 - - JDK-8282947: JFR: Dump on shutdown live-locks in some conditions - - JDK-8283015: Create a test for JDK-4715496 - - JDK-8283017: GHA: Workflows break with update release versions - - JDK-8283087: Create a test or JDK-4715503 - - JDK-8283245: Create a test for JDK-4670319 - - JDK-8283277: ISO 4217 Amendment 171 Update - - JDK-8283441: C2: segmentation fault in ciMethodBlocks::make_block_at(int) - - JDK-8283493: Create an automated regression test for RFE 4231298 - - JDK-8283507: Create a regression test for RFE 4287690 - - JDK-8283621: Write a regression test for CCC4400728 - - JDK-8283623: Create an automated regression test for JDK-4525475 - - JDK-8283624: Create an automated regression test for RFE-4390885 - - JDK-8283712: Create a manual test framework class - - JDK-8283803: Remove jtreg tag manual=yesno for java/awt/print/PrinterJob/PrintGlyphVectorTest.java and fix test - - JDK-8283849: AsyncGetCallTrace may crash JVM on guarantee - - JDK-8283903: GetContainerCpuLoad does not return the correct result in share mode - - JDK-8284077: Create an automated test for JDK-4170173 - - JDK-8284367: JQuery UI upgrade from 1.12.1 to 1.13.1 - - JDK-8284535: Fix PrintLatinCJKTest.java test that is failing with Parse Exception - - JDK-8284680: sun.font.FontConfigManager.getFontConfig() leaks charset - - JDK-8284694: Avoid evaluating SSLAlgorithmConstraints twice - - JDK-8284754: print more interesting env variables in hs_err and VM.info - - JDK-8284758: [linux] improve print_container_info - - JDK-8284882: SIGSEGV in Node::verify_edges due to compilation bailout - - JDK-8284898: Enhance PassFailJFrame - - JDK-8284944: assert(cnt++ < 40) failed: infinite cycle in loop optimization - - JDK-8284950: CgroupV1 detection code should consider memory.swappiness - - JDK-8284956: Potential leak awtImageData/color_data when initializes X11GraphicsEnvironment - - JDK-8285081: Improve XPath operators count accuracy - - JDK-8285097: Duplicate XML keys in XPATHErrorResources.java and XSLTErrorResources.java - - JDK-8285380: Fix typos in security - - JDK-8285398: Cache the results of constraint checks - - JDK-8285693: Create an automated test for JDK-4702199 - - JDK-8285696: AlgorithmConstraints:permits not throwing IllegalArgumentException when 'alg' is null - - JDK-8285728: Alpine Linux build fails with busybox tar - - JDK-8285820: C2: LCM prioritizes locally dependent CreateEx nodes over projections after 8270090 - - JDK-8286114: [test] show real exception in bomb call in sun/rmi/runtime/Log/checkLogging/CheckLogging.java - - JDK-8286177: C2: "failed: non-reduction loop contains reduction nodes" assert failure - - JDK-8286211: Update PCSC-Lite for Suse Linux to 1.9.5 - - JDK-8286314: Trampoline not created for far runtime targets outside small CodeCache - - JDK-8286582: Build fails on macos aarch64 when using --with-zlib=bundled - - JDK-8287017: Bump update version for OpenJDK: jdk-11.0.17 - - JDK-8287073: NPE from CgroupV2Subsystem.getInstance() - - JDK-8287107: CgroupSubsystemFactory.setCgroupV2Path asserts with freezer controller - - JDK-8287202: GHA: Add macOS aarch64 to the list of default platforms for workflow_dispatch event - - JDK-8287223: C1: Inlining attempt through MH::invokeBasic() with null receiver - - JDK-8287336: GHA: Workflows break on patch versions - - JDK-8287366: Improve test failure reporting in GHA - - JDK-8287432: C2: assert(tn->in(0) != __null) failed: must have live top node - - JDK-8287463: JFR: Disable TestDevNull.java on Windows - - JDK-8287663: Add a regression test for JDK-8287073 - - JDK-8287672: jtreg test com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails intermittently in nightly run - - JDK-8287741: Fix of JDK-8287107 (unused cgv1 freezer controller) was incomplete - - JDK-8288360: CI: ciInstanceKlass::implementor() is not consistent for well-known classes - - JDK-8288467: remove memory_operand assert for spilled instructions - - JDK-8288754: GCC 12 fails to build zReferenceProcessor.cpp - - JDK-8288763: Pack200 extraction failure with invalid size - - JDK-8288781: C1: LIR_OpVisitState::maxNumberOfOperands too small - - JDK-8288865: [aarch64] LDR instructions must use legitimized addresses - - JDK-8288928: Incorrect GPL header in pnglibconf.h (backport of JDK-8185041) - - JDK-8289471: Issue in Initialization of keys in ErrorMsg.java and XPATHErrorResources.java - - JDK-8289477: Memory corruption with CPU_ALLOC, CPU_FREE on muslc - - JDK-8289486: Improve XSLT XPath operators count efficiency - - JDK-8289549: ISO 4217 Amendment 172 Update - - JDK-8289569: [test] java/lang/ProcessBuilder/Basic.java fails on Alpine/musl - - JDK-8289799: Build warning in methodData.cpp memset zero-length parameter - - JDK-8289856: [PPC64] SIGSEGV in C2Compiler::init_c2_runtime() after JDK-8289060 - - JDK-8290000: Bump macOS GitHub actions to macOS 11 - - JDK-8290004: [PPC64] JfrGetCallTrace: assert(_pc != nullptr) failed: must have PC - - JDK-8290198: Shenandoah: a few Shenandoah tests failure after JDK-8214799 11u backport - - JDK-8290246: test fails "assert(init != __null) failed: initialization not found" - - JDK-8290813: jdk/nashorn/api/scripting/test/ScriptObjectMirrorTest.java fails: assertEquals is ambiguous - - JDK-8290886: [11u]: Backport of JDK-8266250 introduced test failures - - JDK-8291570: [TESTBUG] Part of JDK-8250984 absent from 11u - - JDK-8291713: assert(!phase->exceeding_node_budget()) failed: sanity after JDK-8223389 - - JDK-8291794: [11u] Corrections after backport of JDK-8212028 - - JDK-8292579: (tz) Update Timezone Data to 2022c - - JDK-8292852: [11u] TestMemoryWithCgroupV1 fails after JDK-8292768 - - JDK-8295057: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.17 - -Notes on individual issues: -=========================== - -core-libs/java.net: - -JDK-8278067: Make HttpURLConnection Default Keep Alive Timeout Configurable -=========================================================================== -Two system properties have been added which control the keep alive -behavior of HttpURLConnection in the case where the server does not -specify a keep alive time. Two properties are defined for controlling -connections to servers and proxies separately. They are: - -* `http.keepAlive.time.server` -* `http.keepAlive.time.proxy` - -respectively. More information about them can be found on the -Networking Properties page: -https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html. - -JDK-8286918: Better HttpServer service -====================================== -The HttpServer can be optionally configured with a maximum connection -limit by setting the jdk.httpserver.maxConnections system property. A -value of 0 or a negative integer is ignored and considered to -represent no connection limit. In the case of a positive integer -value, any newly accepted connections will be first checked against -the current count of established connections and, if the configured -limit has been reached, then the newly accepted connection will be -closed immediately. - -hotspot/runtime: - -JDK-8281181: CPU Shares Ignored When Computing Active Processor Count -===================================================================== -Previous JDK releases used an incorrect interpretation of the Linux -cgroups parameter "cpu.shares". This might cause the JVM to use fewer -CPUs than available, leading to an under utilization of CPU resources -when the JVM is used inside a container. - -Starting from this JDK release, by default, the JVM no longer -considers "cpu.shares" when deciding the number of threads to be used -by the various thread pools. The `-XX:+UseContainerCpuShares` -command-line option can be used to revert to the previous -behavior. This option is deprecated and may be removed in a future JDK -release. - -security-libs/java.security: - -JDK-8269039: Disabled SHA-1 Signed JARs -======================================= -JARs signed with SHA-1 algorithms are now restricted by default and -treated as if they were unsigned. This applies to the algorithms used -to digest, sign, and optionally timestamp the JAR. It also applies to -the signature and digest algorithms of the certificates in the -certificate chain of the code signer and the Timestamp Authority, and -any CRLs or OCSP responses that are used to verify if those -certificates have been revoked. These restrictions also apply to -signed JCE providers. - -To reduce the compatibility risk for JARs that have been previously -timestamped, there is one exception to this policy: - -- Any JAR signed with SHA-1 algorithms and timestamped prior to - January 01, 2019 will not be restricted. - -This exception may be removed in a future JDK release. To determine if -your signed JARs are affected by this change, run: - -$ jarsigner -verify -verbose -certs` - -on the signed JAR, and look for instances of "SHA1" or "SHA-1" and -"disabled" and a warning that the JAR will be treated as unsigned in -the output. - -For example: - - Signed by "CN="Signer"" - Digest algorithm: SHA-1 (disabled) - Signature algorithm: SHA1withRSA (disabled), 2048-bit key - - WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property: - - jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024, SHA1 denyAfter 2019-01-01 - -JARs affected by these new restrictions should be replaced or -re-signed with stronger algorithms. - -Users can, *at their own risk*, remove these restrictions by modifying -the `java.security` configuration file (or override it by using the -`java.security.properties` system property) and removing "SHA1 usage -SignedJAR & denyAfter 2019-01-01" from the -`jdk.certpath.disabledAlgorithms` security property and "SHA1 -denyAfter 2019-01-01" from the `jdk.jar.disabledAlgorithms` security -property. - -JDK-8267880: Upgrade the default PKCS12 MAC algorithm -===================================================== - -The default MAC algorithm used in a PKCS #12 keystore has been -updated. The new algorithm is based on SHA-256 and is stronger than -the old one based on SHA-1. See the security properties starting with -`keystore.pkcs12` in the `java.security` file for detailed -information. - -The new SHA-256 based MAC algorithms were introduced in the 11.0.12 -release. Keystores created using this newer, stronger, MAC algorithm -cannot be opened in versions of OpenJDK 11 earlier than 11.0.12. A -'java.security.NoSuchAlgorithmException' exception will be thrown in -such circumstances. - -For compatibility, use the `keystore.pkcs12.legacy` system property, -which will revert the algorithms to use the older, weaker -algorithms. There is no value defined for this property. - -core-libs/java.io:serialization: - -JDK-8261160: JDK Flight Recorder Event for Deserialization -========================================================== -It is now possible to monitor deserialization of objects using JDK -Flight Recorder (JFR). When JFR is enabled and the JFR configuration -includes deserialization events, JFR will emit an event whenever the -running program attempts to deserialize an object. The deserialization -event is named `jdk.Deserialization`, and it is disabled by -default. The deserialization event contains information that is used -by the serialization filter mechanism; see the ObjectInputFilter API -specification for details. - -Additionally, if a filter is enabled, the JFR event indicates whether -the filter accepted or rejected deserialization of the object. For -further information about how to use the JFR deserialization event, -see the article "Monitoring Deserialization to Improve Application -Security" -(https://inside.java/2021/03/02/monitoring-deserialization-activity-in-the-jdk/). - -For reference information about using and configuring JFR, see the -"JFR Runtime Guide" -(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-runtime-guide/preface_jfrrt.htm#JFRRT165) -and "JFR Command Reference" -(https://docs.oracle.com/javacomponents/jmc-5-5/jfr-command-reference/command-line-options.htm#JFRCR-GUID-FE61CA60-E1DF-460E-A8E0-F4FF5D58A7A0) -sections of the JDK Mission Control documentation. - -security-libs/org.ietf.jgss:krb5: - -JDK-8139348: Deprecate 3DES and RC4 in Kerberos -=============================================== -The `des3-hmac-sha1` and `rc4-hmac` Kerberos encryption types (etypes) -are now deprecated and disabled by default. Users can set -`allow_weak_crypto = true` in the `krb5.conf` configuration file to -re-enable them (along with other weak etypes including `des-cbc-crc` -and `des-cbc-md5`) at their own risk. To disable a subset of the weak -etypes, users can list preferred etypes explicitly in any of the -`default_tkt_enctypes`, `default_tgs_enctypes`, or -`permitted_enctypes` settings. - -New in release OpenJDK 11.0.16.1 (2022-08-12): -============================================= -Live versions of these release notes can be found at: - * https://bit.ly/openjdk110161 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.1.txt - -* Other changes - - JDK-8292255: Bump update version for OpenJDK: jdk-11.0.16.1 - - JDK-8292260: [BACKOUT] JDK-8279219: [REDO] C2 crash when allocating array of size too large - -Notes on individual issues: -=========================== - -hotspot/compiler: - -JDK-8292396: C2 Compilation Errors Unpredictably Crashes JVM -============================================================ -Fixes a regression in the C2 JIT compiler which caused the Java -Runtime to crash unpredictably. - -New in release OpenJDK 11.0.16 (2022-07-19): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11016 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt - -* Security fixes - - JDK-8277608: Address IP Addressing - - JDK-8272243: Improve DER parsing - - JDK-8272249: Better properties of loaded Properties - - JDK-8281859, CVE-2022-21540: Improve class compilation - - JDK-8281866, CVE-2022-21541: Enhance MethodHandle invocations - - JDK-8283190: Improve MIDI processing - - JDK-8284370: Improve zlib usage - - JDK-8285407, CVE-2022-34169: Improve Xalan supports -* Other changes - - JDK-6986863: ProfileDeferralMgr throwing ConcurrentModificationException - - JDK-7124293: [macosx] VoiceOver reads percentages rather than the actual values for sliders. - - JDK-7124301: [macosx] When in a tab group if you arrow between tabs there are no VoiceOver announcements. - - JDK-8133713: [macosx] Accessible JTables always reported as empty - - JDK-8139046: Compiler Control: IGVPrintLevel directive should set PrintIdealGraph - - JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn - - JDK-8163498: Many long-running security libs tests - - JDK-8166727: javac crashed: [jimage.dll+0x1942] ImageStrings::find+0x28 - - JDK-8169004: Fix redundant @requires tags in tests - - JDK-8181571: printing to CUPS fails on mac sandbox app - - JDK-8182404: remove jdk.testlibrary.JDKToolFinder and JDKToolLauncher - - JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests - - JDK-8192057: com/sun/jdi/BadHandshakeTest.java fails with java.net.ConnectException - - JDK-8193682: Infinite loop in ZipOutputStream.close() - - JDK-8199874: [TESTBUG] runtime/Thread/ThreadPriorities.java fails with "expected 0 to equal 10" - - JDK-8202886: [macos] Test java/awt/MenuBar/8007006/bug8007006.java fails on MacOS - - JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java - - JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld test - - JDK-8206187: javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java fails with Port already in use - - JDK-8206330: Revisit com/sun/jdi/RedefineCrossEvent.java - - JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003 fails to start - - JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after co-location - - JDK-8208246: flags duplications in vmTestbase_vm_g1classunloading tests - - JDK-8208249: TriggerUnloadingByFillingMetaspace generates garbage class names - - JDK-8208697: vmTestbase/metaspace/stressHierarchy/stressHierarchy012/TestDescription.java fails with OutOfMemoryError: Metaspace - - JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a different test - - JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test - - JDK-8209883: ZGC: Compile without C1 broken - - JDK-8209920: runtime/logging/RedefineClasses.java fail with OOME with ZGC - - JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread and XRun - - JDK-8210039: move OSInfo to top level testlibrary - - JDK-8210108: sun/tools/jstatd test build failures after JDK-8210022 - - JDK-8210112: remove jdk.testlibrary.ProcessTools - - JDK-8210649: AssertionError @ jdk.compiler/com.sun.tools.javac.comp.Modules.enter(Modules.java:244) - - JDK-8210732: remove jdk.testlibrary.Utils - - JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader after JDK-6788458 - - JDK-8211822: Some tests fail after JDK-8210039 - - JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound - - JDK-8212151: jdi/ExclusiveBind.java times out due to "bind failed: Address already in use" on Solaris-X64 - - JDK-8213440: Lingering INCLUDE_ALL_GCS in test_oopStorage_parperf.cpp - - JDK-8214275: CondyRepeatFailedResolution asserts "Dynamic constant has no fixed basic type" - - JDK-8214799: Add package declaration to each JTREG test case in the gc folder - - JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges to enable MacOS tests on Mach5 - - JDK-8216137: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit - - JDK-8216265: [testbug] Introduce Platform.sharedLibraryPathVariableName() and adapt all tests. - - JDK-8216366: Add rationale to PER_CPU_SHARES define - - JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265 - - JDK-8217233: Update build settings for AIX/xlc - - JDK-8217340: Compilation failed: tools/launcher/Test7029048.java - - JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP docker containers - - JDK-8218136: minor hotspot adjustments for xlclang++ from xlc16 on AIX - - JDK-8218751: Do not store original classfiles inside the CDS archive - - JDK-8218965: aix: support xlclang++ in the compiler detection - - JDK-8220658: Improve the readability of container information in the error log - - JDK-8220813: update hotspot tier1_gc tests depending on GC to use @requires vm.gc.X - - JDK-8222799: java.beans.Introspector uses an obsolete methods cache - - JDK-8222926: Shenandoah build fails with --with-jvm-features=-compiler1 - - JDK-8223143: Restructure/clean-up for 'loopexit_or_null()'. - - JDK-8223363: Bad node estimate assertion failure - - JDK-8223389: Shenandoah optimizations fail with assert(!phase->exceeding_node_budget()) - - JDK-8223396: [TESTBUG] several jfr tests do not clean up files created in /tmp - - JDK-8223502: Node estimate for loop unswitching is not correct: assert(delta <= 2 * required) failed: Bad node estimate - - JDK-8224648: assert(!exceeding_node_budget()) failed: Too many NODES required! failure with ctw - - JDK-8225475: Node budget asserts on x86_32/64 - - JDK-8227171: provide function names in native stack trace on aix with xlc16 - - JDK-8227389: Remove unsupported xlc16 compile options on aix - - JDK-8229202: Docker reporting causes secondary crashes in error handling - - JDK-8229210: [TESTBUG] Move gc stress tests from JFR directory tree to gc/stress - - JDK-8229486: Replace wildcard address with loopback or local host in tests - part 21 - - JDK-8229499: Node budget assert in fuzzed test - - JDK-8230305: Cgroups v2: Container awareness - - JDK-8230865: [TESTBUG] jdk/jfr/event/io/EvilInstrument.java fails at-run shell MakeJAR.sh target - - JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to recognize unified hierarchy - - JDK-8231454: File lock in Windows on a loaded jar due to a leak in Introspector::getBeanInfo - - JDK-8231489: GC watermark_0_1 failed due to "metaspace.gc.Fault: GC has happened too rare" - - JDK-8231565: More node budget asserts in fuzzed tests - - JDK-8233551: [TESTBUG] SelectEditTableCell.java fails on MacOS - - JDK-8234382: Test tools/javac/processing/model/testgetallmembers/Main.java using too small heap - - JDK-8234605: C2 failed "assert(C->live_nodes() - live_at_begin <= 2 * _nodes_required) failed: Bad node estimate: actual = 208 >> request = 101" - - JDK-8234608: [TESTBUG] Fix G1 redefineClasses tests and a memory leak - - JDK-8235220: ClhsdbScanOops.java fails with sun.jvm.hotspot.types.WrongTypeException - - JDK-8235385: Crash on aarch64 JDK due to long offset - - JDK-8237479: 8230305 causes slowdebug build failure - - JDK-8239559: Cgroups: Incorrect detection logic on some systems - - JDK-8239785: Cgroups: Incorrect detection logic on old systems in hotspot - - JDK-8240132: ProblemList com/sun/jdi/InvokeHangTest.java - - JDK-8240189: [TESTBUG] Some cgroup tests are failing after JDK-8231111 - - JDK-8240335: C2: assert(found_sfpt) failed: no node in loop that's not input to safepoint - - JDK-8240734: ModuleHashes attribute not reproducible between builds - - JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled - - JDK-8241707: introduce randomness k/w to hotspot test suite - - JDK-8242310: use reproducible random in hotspot compiler tests - - JDK-8242311: use reproducible random in hotspot runtime tests - - JDK-8242312: use reproducible random in hotspot gc tests - - JDK-8242313: use reproducible random in hotspot svc tests - - JDK-8242538: java/security/SecureRandom/ThreadSafe.java failed on windows - - JDK-8243429: use reproducible random in :vmTestbase_nsk_stress - - JDK-8243666: ModuleHashes attribute generated for JMOD and JAR files depends on timestamps - - JDK-8244500: jtreg test error in test/hotspot/jtreg/containers/docker/TestMemoryAwareness.java - - JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a test - - JDK-8245543: Cgroups: Incorrect detection logic on some systems (still reproducible) - - JDK-8245938: Remove unused print_stack(void) method from XToolkit.c - - JDK-8246494: introduce vm.flagless at-requires property - - JDK-8246741: NetworkInterface/UniqueMacAddressesTest: mac address uniqueness test failed - - JDK-8247589: Implementation of Alpine Linux/x64 Port - - JDK-8247591: Document Alpine Linux build steps in OpenJDK build guide - - JDK-8247592: refactor test/jdk/tools/launcher/Test7029048.java - - JDK-8247614: java/nio/channels/DatagramChannel/Connect.java timed out - - JDK-8248876: LoadObject with bad base address created for exec file on linux - - JDK-8249592: Robot.mouseMove moves cursor to incorrect location when display scale varies and Java runs in DPI Unaware mode - - JDK-8252117: com/sun/jdi/BadHandshakeTest.java failed with "ConnectException: Connection refused: connect" - - JDK-8252248: __SIGRTMAX is not declared in musl libc - - JDK-8252250: isnanf is obsolete - - JDK-8252359: HotSpot Not Identifying it is Running in a Container - - JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota - - JDK-8253435: Cgroup: 'stomping of _mount_path' crash if manually mounted cpusets exist - - JDK-8253714: [cgroups v2] Soft memory limit incorrectly using memory.high - - JDK-8253727: [cgroups v2] Memory and swap limits reported incorrectly - - JDK-8253797: [cgroups v2] Account for the fact that swap accounting is disabled on some systems - - JDK-8253872: ArgumentHandler must use the same delimiters as in jvmti_tools.cpp - - JDK-8253939: [TESTBUG] Increase coverage of the cgroups detection code - - JDK-8254001: [Metrics] Enhance parsing of cgroup interface files for version detection - - JDK-8254887: C2: assert(cl->trip_count() > 0) failed: peeling a fully unrolled loop - - JDK-8254997: Remove unimplemented OSContainer::read_memory_limit_in_bytes - - JDK-8255266: Update Public Suffix List to 3c213aa - - JDK-8255604: java/nio/channels/DatagramChannel/Connect.java fails with java.net.BindException: Cannot assign requested address: connect - - JDK-8255787: Tag container tests that use cGroups with cgroups keyword - - JDK-8256146: Cleanup test/jdk/java/nio/channels/DatagramChannel/Connect.java - - JDK-8256722: handle VC++:1927 VS2019 in abstract_vm_version - - JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 - - JDK-8258795: Update IANA Language Subtag Registry to Version 2021-05-11 - - JDK-8258956: Memory Leak in StringCoding on ThreadLocal resultCached StringCoding.Result - - JDK-8259517: Incorrect test path in test cases - - JDK-8260518: Change default -mmacosx-version-min to 10.12 - - JDK-8261169: Upgrade HarfBuzz to the latest 2.8.0 - - JDK-8262379: Add regression test for JDK-8257746 - - JDK-8263364: sun/net/www/http/KeepAliveStream/KeepAliveStreamCloseWithWrongContentLength.java wedged in getInputStream - - JDK-8263718: unused-result warning happens at os_linux.cpp - - JDK-8263856: Github Actions for macos/aarch64 cross-build - - JDK-8264179: [TESTBUG] Some compiler tests fail when running without C2 - - JDK-8265261: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted - - JDK-8265297: javax/net/ssl/SSLSession/TestEnabledProtocols.java failed with "RuntimeException: java.net.SocketException: Connection reset" - - JDK-8265343: Update Debian-based cross-compilation recipes - - JDK-8266251: compiler.inlining.InlineAccessors shouldn't do testing in driver VM - - JDK-8266318: Switch to macos prefix for macOS bundles - - JDK-8266391: Replace use of reflection in jdk.internal.platform.Metrics - - JDK-8266545: 8261169 broke Harfbuzz build with gcc 7 and 8 - - JDK-8268773: Improvements related to: Failed to start thread - pthread_create failed (EAGAIN) - - JDK-8269772: [macos-aarch64] test compilation failed with "SocketException: No buffer space available" - - JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support - - JDK-8270797: ShortECDSA.java test is not complete - - JDK-8271055: Crash during deoptimization with "assert(bb->is_reachable()) failed: getting result from unreachable basicblock" with -XX:+VerifyStack - - JDK-8271199: Mutual TLS handshake fails signing client certificate with custom sensitive PKCS11 key - - JDK-8272167: AbsPathsInImage.java should skip *.dSYM directories - - JDK-8272358: Some tests may fail when executed with other locales than the US - - JDK-8272493: Suboptimal code generation around Preconditions.checkIndex intrinsic with AVX2 - - JDK-8272908: Missing coverage for certain classes in com.sun.org.apache.xml.internal.security - - JDK-8272964: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted - - JDK-8273176: handle latest VS2019 in abstract_vm_version - - JDK-8273655: content-types.properties files are missing some common types - - JDK-8274171: java/nio/file/Files/probeContentType/Basic.java failed on "Content type" mismatches - - JDK-8274233: Minor cleanup for ToolBox - - JDK-8274735: javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image - - JDK-8274751: Drag And Drop hangs on Windows - - JDK-8275082: Update XML Security for Java to 2.3.0 - - JDK-8275330: C2: assert(n->is_Root() || n->is_Region() || n->is_Phi() || n->is_MachMerge() || def_block->dominates(block)) failed: uses must be dominated by definitions - - JDK-8275337: C1: assert(false) failed: live_in set of first block must be empty - - JDK-8276657: XSLT compiler tries to define a class with empty name - - JDK-8276990: Memory leak in invoker.c fillInvokeRequest() during JDI operations - - JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive - - JDK-8277093: Vector should throw ClassNotFoundException for a missing class of an element - - JDK-8277396: [TESTBUG] In DefaultButtonModelCrashTest.java, frame is accessed from main thread - - JDK-8277422: tools/jar/JarEntryTime.java fails with modified time mismatch - - JDK-8277922: Unable to click JCheckBox in JTable through Java Access Bridge - - JDK-8278065: Refactor subclassAudits to use ClassValue - - JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils.parseIdFromSameDocumentURI throws StringIndexOutOfBoundsException when calling substring method - - JDK-8278346: java/nio/file/Files/probeContentType/Basic.java fails on Linux SLES15 machine - - JDK-8278472: Invalid value set to CANDIDATEFORM structure - - JDK-8278794: Infinite loop in DeflaterOutputStream.finish() - - JDK-8278851: Correct signer logic for jars signed with multiple digestalgs - - JDK-8278951: containers/cgroup/PlainRead.java fails on Ubuntu 21.10 - - JDK-8279219: [REDO] C2 crash when allocating array of size too large - - JDK-8279356: Method linking fails with guarantee(mh->adapter() != NULL) failed: Adapter blob must already exist! - - JDK-8279505: Update documentation for RETRY_COUNT and REPEAT_COUNT - - JDK-8279520: SPNEGO has not passed channel binding info into the underlying mechanism - - JDK-8279529: ProblemList java/nio/channels/DatagramChannel/ManySourcesAndTargets.java on macosx-aarch64 - - JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java - - JDK-8279668: x86: AVX2 versions of vpxor should be asserted - - JDK-8279837: C2: assert(is_Loop()) failed: invalid node class: Region - - JDK-8279842: HTTPS Channel Binding support for Java GSS/Kerberos - - JDK-8279958: Provide configure hints for Alpine/apk package managers - - JDK-8280041: Retry loop issues in java.io.ClassCache - - JDK-8280373: Update Xalan serializer / SystemIDResolver to align with JDK-8270492 - - JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest clang - - JDK-8280684: JfrRecorderService failes with guarantee(num_written > 0) when no space left on device. - - JDK-8280799: С2: assert(false) failed: cyclic dependency prevents range check elimination - - JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD CPUs - - JDK-8280964: [Linux aarch64] : drawImage dithers TYPE_BYTE_INDEXED images incorrectly - - JDK-8281274: deal with ActiveProcessorCount in os::Linux::print_container_info - - JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths - - JDK-8281615: Deadlock caused by jdwp agent - - JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after JDK-8280799 - - JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder - - JDK-8282172: CompileBroker::log_metaspace_failure is called from non-Java/compiler threads - - JDK-8282225: GHA: Allow one concurrent run per PR only - - JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers - - JDK-8282293: Domain value for system property jdk.https.negotiate.cbt should be case-insensitive - - JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic on x86 - - JDK-8282382: Report glibc malloc tunables in error reports - - JDK-8282422: JTable.print() failed with UnsupportedCharsetException on AIX ko_KR locale - - JDK-8282501: Bump update version for OpenJDK: jdk-11.0.16 - - JDK-8282583: Update BCEL md to include the copyright notice - - JDK-8282588: [11] set harfbuzz compilation flag to -std=c++11 - - JDK-8282589: runtime/ErrorHandling/ErrorHandler.java fails on MacOS aarch64 in jdk 11 - - JDK-8282887: Potential memory leak in sun.util.locale.provider.HostLocaleProviderAdapterImpl.getNumberPattern() on Windows - - JDK-8283018: 11u GHA: Update GCC 9 minor versions - - JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in fontpath.c - - JDK-8283323: libharfbuzz optimization level results in extreme build times - - JDK-8283350: (tz) Update Timezone Data to 2022a - - JDK-8283408: Fix a C2 crash when filling arrays with unsafe - - JDK-8283420: [AOT] Exclude TrackedFlagTest/NotTrackedFlagTest in 11u because of intermittent java.lang.AssertionError: duplicate classes for name Ljava/lang/Boolean; - - JDK-8283424: compiler/loopopts/LoopUnswitchingBadNodeBudget.java fails with release VMs due to lack of -XX:+UnlockDiagnosticVMOptions - - JDK-8283451: C2: assert(_base == Long) failed: Not a Long - - JDK-8283469: Don't use memset to initialize members in FileMapInfo and fix memory leak - - JDK-8283497: [windows] print TMP and TEMP in hs_err and VM.info - - JDK-8283614: [11] Repair compiler versions handling after 8233787 - - JDK-8283641: Large value for CompileThresholdScaling causes assert - - JDK-8283834: Unmappable character for US-ASCII encoding in TestPredicateInputBelowLoopPredicate - - JDK-8284033: Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c - - JDK-8284094: Memory leak in invoker_completeInvokeRequest() - - JDK-8284102: [TESTBUG] [11u] Retroactively add regression test for JDK-8272124 - - JDK-8284369: TestFailedAllocationBadGraph fails with -XX:TieredStopAtLevel < 4 - - JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer - - JDK-8284458: CodeHeapState::aggregate() leaks blob_name - - JDK-8284507: GHA: Only check test results if testing was not skipped - - JDK-8284549: JFR: FieldTable leaks FieldInfoTable member - - JDK-8284573: [11u] ProblemList TestBubbleUpRef.java and TestGCOldWithCMS.java because of 8272195 - - JDK-8284604: [11u] Update Boot JDK used in GHA to 11.0.14.1 - - JDK-8284620: CodeBuffer may leak _overflow_arena - - JDK-8284622: Update versions of some Github Actions used in JDK workflow - - JDK-8284756: [11u] Remove unused isUseContainerSupport in CgroupV1Subsystem - - JDK-8285395: [JVMCI] [11u] Partial backport of JDK-8220623: InstalledCode - - JDK-8285397: JNI exception pending in CUPSfuncs.c:250 - - JDK-8285445: cannot open file "NUL:" - - JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4 - - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java - - JDK-8285591: [11] add signum checks in DSA.java engineVerify - - JDK-8285686: Update FreeType to 2.12.0 - - JDK-8285720: test/jdk/java/nio/file/Files/probeContentType/Basic.java fails to compile after backport of 8273655 - - JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with version from head - - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head - - JDK-8285828: runtime/execstack/TestCheckJDK.java fails with zipped debug symbols - - JDK-8286013: Incorrect test configurations for compiler/stable/TestStableShort.java - - JDK-8286198: [linux] Fix process-memory information - - JDK-8286293: Tests ShortResponseBody and ShortResponseBodyWithRetry should use less resources - - JDK-8286444: javac errors after JDK-8251329 are not helpful enough to find root cause - - JDK-8286594: (zipfs) Mention paths with dot elements in ZipException and cleanups - - JDK-8286630: [11] avoid -std=c++11 CXX harfbuzz buildflag on Windows - - JDK-8286855: javac error on invalid jar should only print filename - - JDK-8287109: Distrust.java failed with CertificateExpiredException - - JDK-8287119: Add Distrust.java to ProblemList - - JDK-8287362: FieldAccessWatch testcase failed on AIX platform - - JDK-8287378: GHA: Update cygwin to fix issues in langtools tests on Windows - - JDK-8287739: [11u] ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java - -Notes on individual issues: -=========================== - -core-libs/java.io:serialization: - -JDK-8277157: Vector should throw ClassNotFoundException for a missing class of an element -========================================================================================= -`java.util.Vector` is updated to correctly report -`ClassNotFoundException that occurs during deserialization using -`java.io.ObjectInputStream.GetField.get(name, object)` when the class -of an element of the Vector is not found. Without this fix, a -`StreamCorruptedException` is thrown that does not provide information -about the missing class. - -core-libs/java.net: - -JDK-8285240: HTTPS Channel Binding support for Java GSS/Kerberos -================================================================ -Support has been added for TLS channel binding tokens for -Negotiate/Kerberos authentication over HTTPS through -javax.net.HttpsURLConnection. - -Channel binding tokens are increasingly required as an enhanced form -of security which can mitigate certain kinds of socially engineered, -man in the middle (MITM) attacks. They work by communicating from a -client to a server the client's understanding of the binding between -connection security (as represented by a TLS server cert) and higher -level authentication credentials (such as a username and -password). The server can then detect if the client has been fooled by -a MITM and shutdown the session/connection. - -The feature is controlled through a new system property -`jdk.https.negotiate.cbt` which is described fully at the following -page: - -https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt - -core-libs/java.lang: - -JDK-8283137: Incorrect handling of quoted arguments in ProcessBuilder -===================================================================== -ProcessBuilder on Windows is restored to address a regression caused -by JDK-8250568. Previously, an argument to ProcessBuilder that -started with a double-quote and ended with a backslash followed by a -double-quote was passed to a command incorrectly and may cause the -command to fail. For example the argument `"C:\\Program Files\"`, -would be seen by the command with extra double-quotes. This update -restores the long standing behavior that does not treat the backslash -before the final double-quote specially. - -core-libs/java.util.jar: - -JDK-8278386: Default JDK compressor will be closed when IOException is encountered -================================================================================== -`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods -have been modified to close out the associated default JDK compressor -before propagating a Throwable up the -stack. `ZIPOutputStream.closeEntry()` method has been modified to -close out the associated default JDK compressor before propagating an -IOException, not of type ZipException, up the stack. - -core-libs/java.io: - -JDK-8285660: New System Property to Disable Windows Alternate Data Stream Support in java.io.File -================================================================================================= -The Windows implementation of `java.io.File` allows access to NTFS -Alternate Data Streams (ADS) by default. Such streams have a structure -like “filename:streamname”. A system property `jdk.io.File.enableADS` -has been added to control this behavior. To disable ADS support in -`java.io.File`, the system property `jdk.io.File.enableADS` should be -set to `false` (case ignored). Stricter path checking however prevents -the use of special devices such as `NUL:` - -New in release OpenJDK 11.0.15 (2022-04-19): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11015 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.15.txt - -* New features - - JDK-8253795: Implementation of JEP 391: macOS/AArch64 Port -* Security fixes - - JDK-8269938: Enhance XML processing passes redux - - JDK-8270504, CVE-2022-21426: Better XPath expression handling - - JDK-8272255: Completely handle MIDI files - - JDK-8272261: Improve JFR recording file processing - - JDK-8272594: Better record of recordings - - JDK-8274221: More definite BER encodings - - JDK-8275082, JDK-8278008, CVE-2022-21476: Update XML Security for Java to 2.3.0 - - JDK-8275151, CVE-2022-21443: Improved Object Identification - - JDK-8277227: Better identification of OIDs - - JDK-8277672, CVE-2022-21434: Better invocation handler handling - - JDK-8278356: Improve file creation - - JDK-8278449: Improve keychain support - - JDK-8278798: Improve supported intrinsic - - JDK-8278805: Enhance BMP image loading - - JDK-8278972, CVE-2022-21496: Improve URL supports - - JDK-8281388: Change wrapping of EncryptedPrivateKeyInfo -* Other changes - - JDK-8065704: Set LC_ALL=C for all relevant commands in the build system - - JDK-8177814: jdk/editpad is not in jdk TEST.groups - - JDK-8186780: clang fastdebug assertion failure in os_linux_x86:os::verify_stack_alignment() - - JDK-8190748: java/text/Format/DateFormat/DateFormatTest.java and NonGregorianFormatTest fail intermittently - - JDK-8193277: SimpleFileObject inconsistency between getName and getShortName - - JDK-8199079: Test javax/swing/UIDefaults/6302464/bug6302464.java is unstable - - JDK-8202142: jfr/event/io/TestInstrumentation is unstable - - JDK-8207011: Remove uses of the register storage class specifier - - JDK-8207793: [TESTBUG] runtime/Metaspace/FragmentMetaspace.java fails: heap needs to be increased - - JDK-8208074: [TESTBUG] vmTestbase/nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption/TestDescription.java failed with NullPointerException - - JDK-8210194: [TESTBUG] jvmti_FollowRefObjects.cpp missing initializer for member _jvmtiHeapCallbacks::heap_reference_callback - - JDK-8210236: Prepare ciReceiverTypeData::translate_receiver_data_from for concurrent class unloading - - JDK-8211170: AArch64: Warnings in C1 and template interpreter - - JDK-8211333: AArch64: Fix another build failure after JDK-8211029 - - JDK-8214004: Missing space between compiler thread name and task info in hs_err - - JDK-8214026: Canonicalized archive paths appearing in diagnostics - - JDK-8214761: Bug in parallel Kahan summation implementation - - JDK-8216969: ParseException thrown for certain months with russian locale - - JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient - - JDK-8220634: SymLinkArchiveTest should handle not being able to create symlinks - - JDK-8222825: ARM32 SIGILL issue on single core CPU (not supported PLDW instruction) - - JDK-8223142: Clean-up WS and CB. - - JDK-8225559: assertion error at TransTypes.visitApply - - JDK-8232533: G1 uses only a single thread for pretouching the java heap - - JDK-8233827: Enable screenshots in the enhanced failure handler on Linux/macOS - - JDK-8233986: ProblemList javax/swing/plaf/basic/BasicTextUI/8001470/bug8001470.java for windows-x64 - - JDK-8234930: Use MAP_JIT when allocating pages for code cache on macOS - - JDK-8236210: javac generates wrong annotation for fields generated from record components - - JDK-8236505: Mark jdk/editpad/EditPadTest.java as @headful - - JDK-8237787: rewrite vmTestbase/vm/compiler/CodeCacheInfo* from shell to java - - JDK-8237798: rewrite vmTestbase/jit/tiered from shell to java - - JDK-8239502: [TEST_BUG] Test javax/swing/text/FlowView/6318524/bug6318524.java never fails - - JDK-8240904: Screen flashes on test failures when running tests from make - - JDK-8241004: NMT tests fail on unaligned thread size with debug build - - JDK-8241423: NUMA APIs fail to work in dockers due to dependent syscalls are disabled by default - - JDK-8247272: SA ELF file support has never worked for 64-bit causing address to symbol name mapping to fail - - JDK-8247515: OSX pc_to_symbol() lookup does not work with core files - - JDK-8249019: clean up FileInstaller $test.src $cwd in vmTestbase_vm_compiler tests - - JDK-8250750: JDK-8247515 fix for OSX pc_to_symbol() lookup fails with some symbols - - JDK-8251126: nsk.share.GoldChecker should read golden file from ${test.src} - - JDK-8251127: clean up FileInstaller $test.src $cwd in remaining vmTestbase_vm_compiler tests - - JDK-8251132: make main classes public in vmTestbase/jit tests - - JDK-8251558: J2DBench should support shaped and translucent windows - - JDK-8251998: remove usage of PropertyResolvingWrapper in vmTestbase/jit/t - - JDK-8252005: narrow disabling of allowSmartActionArgs in vmTestbase - - JDK-8253197: vmTestbase/nsk/jvmti/StopThread/stopthrd007/TestDescription.java fails with "ERROR: DebuggeeSleepingThread: ThreadDeath lost" - - JDK-8253816: Support macOS W^X - - JDK-8253817: Support macOS Aarch64 ABI in Interpreter - - JDK-8253818: Support macOS Aarch64 ABI for compiled wrappers - - JDK-8253819: Implement os/cpu for macOS/AArch64 - - JDK-8253839: Update tests and JDK code for macOS/Aarch64 - - JDK-8254072: AArch64: Get rid of --disable-warnings-as-errors on Windows+ARM64 build - - JDK-8254085: javax/swing/text/Caret/TestCaretPositionJTextPane.java failed with "RuntimeException: Wrong caret position" - - JDK-8254827: JVMCI: Enable it for Windows+AArch64 - - JDK-8254940: AArch64: Cleanup non-product thread members - - JDK-8254941: Implement Serviceability Agent for macOS/AArch64 - - JDK-8255035: Update BCEL to Version 6.5.0 - - JDK-8255239: The timezone of the hs_err_pid log file is corrupted in Japanese locale - - JDK-8255410: Add ChaCha20 and Poly1305 support to SunPKCS11 provider - - JDK-8255776: Change build system for macOS/AArch64 - - JDK-8256154: Some TestNG tests require default constructors - - JDK-8256321: Some "inactive" color profiles use the wrong profile class - - JDK-8256373: [Windows/HiDPI] The Frame#setBounds does not work in a minimized state - - JDK-8257467: [TESTBUG] -Wdeprecated-declarations is reported at sigset() in exesigtest.c - - JDK-8257769: Cipher.getParameters() throws NPE for ChaCha20-Poly1305 - - JDK-8258554: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F - - JDK-8261107: ArrayIndexOutOfBoundsException in the ICC_Profile.getInstance(InputStream) - - JDK-8261205: AssertionError: Cannot add metadata to an intersection type - - JDK-8262134: compiler/uncommontrap/TestDeoptOOM.java failed with "guarantee(false) failed: wrong number of expression stack elements during deopt" - - JDK-8262894: [macos_aarch64] SIGBUS in Assembler::ld_st2 - - JDK-8262896: [macos_aarch64] Crash in jni_fast_GetLongField - - JDK-8262903: [macos_aarch64] Thread::current() called on detached thread - - JDK-8263185: Mallinfo deprecated in glibc 2.33 - - JDK-8264650: Cross-compilation to macos/aarch64 - - JDK-8265150: AsyncGetCallTrace crashes on ResourceMark - - JDK-8266168: -Wmaybe-uninitialized happens in check_code.c - - JDK-8266170: -Wnonnull happens in classLoaderData.inline.hpp - - JDK-8266171: -Warray-bounds happens in imageioJPEG.c - - JDK-8266172: -Wstringop-overflow happens in vmError.cpp - - JDK-8266173: -Wmaybe-uninitialized happens in jni_util.c - - JDK-8266174: -Wmisleading-indentation happens in libmlib_image sources - - JDK-8266176: -Wmaybe-uninitialized happens in libArrayIndexOutOfBoundsExceptionTest.c - - JDK-8266187: Memory leak in appendBootClassPath() - - JDK-8266421: Deadlock in Sound System - - JDK-8266889: [macosx-aarch64] Crash with SIGBUS in MarkActivationClosure::do_code_blob during vmTestbase/nsk/jvmti/.../bi04t002 test run - - JDK-8268014: Build failure on SUSE Linux Enterprise Server 11.4 (s390x) due to 'SYS_get_mempolicy' was not declared - - JDK-8268542: serviceability/logging/TestFullNames.java tests only 1st test case - - JDK-8268882: C2: assert(n->outcnt() != 0 || C->top() == n || n->is_Proj()) failed: No dead instructions after post-alloc - - JDK-8270874: JFrame paint artifacts when dragged from standard monitor to HiDPI monitor - - JDK-8271202: C1: assert(false) failed: live_in set of first block must be empty - - JDK-8272345: macos doesn't check `os::set_boot_path()` result - - JDK-8272473: Parsing epoch seconds at a DST transition with a non-UTC parser is wrong - - JDK-8272541: Incorrect overflow test in Toom-Cook branch of BigInteger multiplication - - JDK-8273277: C2: Move conditional negation into rc_predicate - - JDK-8273341: Update Siphash to version 1.0 - - JDK-8273366: [testbug] javax/swing/UIDefaults/6302464/bug6302464.java fails on macOS12 - - JDK-8273433: Enable parallelism in vmTestbase_nsk_sysdict tests - - JDK-8273438: Enable parallelism in vmTestbase/metaspace/stressHierarchy tests - - JDK-8273514: java/util/DoubleStreamSums/CompensatedSums.java failure - - JDK-8273575: memory leak in appendBootClassPath(), paths must be deallocated - - JDK-8273634: [TEST_BUG] Improve javax/swing/text/ParagraphView/6364882/bug6364882.java - - JDK-8273638: javax/swing/JTable/4235420/bug4235420.java fails in GTK L&F - - JDK-8273682: Upgrade Jline to 3.20.0 - - JDK-8273704: DrawStringWithInfiniteXform.java failed : drawString with InfiniteXform transform takes long time - - JDK-8273933: [TESTBUG] Test must run without preallocated exceptions - - JDK-8274265: Suspicious string concatenation in logTestUtils.inline.hpp - - JDK-8274338: com/sun/jdi/RedefineCrossEvent.java failed "assert(m != __null) failed: NULL mirror" - - JDK-8274465: Fix javax/swing/text/ParagraphView/6364882/bug6364882.java failures - - JDK-8274523: java/lang/management/MemoryMXBean/MemoryTest.java test should handle Shenandoah - - JDK-8274524: SSLSocket.close() hangs if it is called during the ssl handshake - - JDK-8274658: ISO 4217 Amendment 170 Update - - JDK-8274714: Incorrect verifier protected access error message - - JDK-8274736: Concurrent read/close of SSLSockets causes SSLSessions to be invalidated unnecessarily - - JDK-8274795: AArch64: avoid spilling and restoring r18 in macro assembler - - JDK-8275326: C2: assert(no_dead_loop) failed: dead loop detected - - JDK-8275536: Add test to check that File::lastModified returns same time stamp as Files.getLastModifiedTime - - JDK-8275610: C2: Object field load floats above its null check resulting in a segfault - - JDK-8275650: Problemlist java/io/File/createTempFile/SpecialTempFile.java for Windows 11 - - JDK-8275703: System.loadLibrary fails on Big Sur for libraries hidden from filesystem - - JDK-8275811: Incorrect instance to dispose - - JDK-8276105: C2: Conv(D|F)2(I|L)Nodes::Ideal should handle rounding correctly - - JDK-8276141: XPathFactory set/getProperty method - - JDK-8276177: nsk/jvmti/RedefineClasses/StressRedefineWithoutBytecodeCorruption failed with "assert(def_ik->is_being_redefined()) failed: should be being redefined to get here" - - JDK-8276314: [JVMCI] check alignment of call displacement during code installation - - JDK-8276623: JDK-8275650 accidentally pushed "out" file - - JDK-8277328: jdk/jshell/CommandCompletionTest.java failures on Windows - - JDK-8277342: vmTestbase/nsk/stress/strace/strace004.java fails with SIGSEGV in InstanceKlass::jni_id_for - - JDK-8277385: Zero: Enable CompactStrings support - - JDK-8277441: CompileQueue::add fails with assert(_last->next() == __null) failed: not last - - JDK-8277447: Hotspot C1 compiler crashes on Kotlin suspend fun with loop - - JDK-8277488: Add expiry exception for Digicert (geotrustglobalca) expiring in May 2022 - - JDK-8277795: ldap connection timeout not honoured under contention - - JDK-8277796: Bump update version for OpenJDK: jdk-11.0.15 - - JDK-8277992: Add fast jdk_svc subtests to jdk:tier3 - - JDK-8278115: gc/stress/gclocker/TestGCLockerWithSerial.java has duplicate -Xmx - - JDK-8278116: runtime/modules/LoadUnloadModuleStress.java has duplicate -Xmx - - JDK-8278172: java/nio/channels/FileChannel/BlockDeviceSize.java should only run on Linux - - JDK-8278309: [windows] use of uninitialized OSThread::_state - - JDK-8278381: [GCC 11] Address::make_raw() does not initialize rspec - - JDK-8278384: Bytecodes::result_type() for arraylength returns T_VOID instead of T_INT - - JDK-8278758: runtime/BootstrapMethod/BSMCalledTwice.java fails with release VMs after JDK-8262134 - - JDK-8278871: [JVMCI] assert((uint)reason < 2* _trap_hist_limit) failed: oob - - JDK-8279076: C2: Bad AD file when matching SqrtF with UseSSE=0 - - JDK-8279077: JFR crashes on Linux ppc due to missing crash protector in signal handler - - JDK-8279225: [arm32] C1 longs comparison operation destroys argument registers - - JDK-8279300: [arm32] SIGILL when running GetObjectSizeIntrinsicsTest - - JDK-8279379: GHA: Print tests that are in error - - JDK-8279669: test/jdk/com/sun/jdi/TestScaffold.java uses wrong condition - - JDK-8279702: [macosx] ignore xcodebuild warnings on M1 - - JDK-8279833: Loop optimization issue in String.encodeUTF8_UTF16 - - JDK-8279924: [PPC64, s390] implement frame::is_interpreted_frame_valid checks - - JDK-8279998: PPC64 debug builds fail with "untested: RangeCheckStub: predicate_failed_trap_id" - - JDK-8280155: [PPC64, s390] frame size checks are not yet correct - - JDK-8280414: Memory leak in DefaultProxySelector - - JDK-8280526: x86_32 Math.sqrt performance regression with -XX:UseSSE={0,1} - - JDK-8280786: Build failure on Solaris after 8262392 - - JDK-8280999: array_bounds should be array-bounds after 8278507 - - JDK-8281061: [s390] JFR runs into assertions while validating interpreter frames - - JDK-8281520: JFR: A wrong parameter is passed to the constructor of LeakKlassWriter - - JDK-8281599: test/lib/jdk/test/lib/KnownOIDs.java is redundant since JDK-8268801 - - JDK-8282300: Throws NamingException instead of InvalidNameException after JDK-8278972 - - JDK-8282372: [11] build issue on MacOS/aarch64 12.2.1 using Xcode 13.1: call to 'log2_intptr' is ambiguous - - JDK-8282397: createTempFile method of java.io.File is failing when called with suffix of spaces character - - JDK-8282761: XPathFactoryImpl remove setProperty and getProperty methods - - JDK-8283018: 11u GHA: Update GCC 9 minor versions - - JDK-8283270: [11u] broken JRT_ENTRY_NO_ASYNC after Backport of JDK-8253795 - - JDK-8283778: 11u GHA: Fix GCC 9 ubuntu package names - - JDK-8284548: Invalid XPath expression causes StringIndexOutOfBoundsException - - JDK-8284920: Incorrect Token type causes XPath expression to return empty result - -Notes on individual issues: -=========================== - -security-libs/javax.crypto:pkcs11: - -JDK-8275737: SunPKCS11 Provider Supports ChaCha20-Poly1305 Cipher and ChaCha20 KeyGenerator if Supported by PKCS11 Library -========================================================================================================================== -SunPKCS11 provider is enhanced to support the following crypto -services and algorithms when the underlying PKCS11 library supports -the corresponding PKCS#11 mechanisms: - -* ChaCha20 KeyGenerator <=> CKM_CHACHA20_KEY_GEN mechanism -* ChaCha20-Poly1305 Cipher <=> CKM_CHACHA20_POLY1305 mechanism -* ChaCha20-Poly1305 AlgorithmParameters <=> CKM_CHACHA20_POLY1305 mechanism -* ChaCha20 SecretKeyFactory <=> CKM_CHACHA20_POLY1305 mechanism - -New in release OpenJDK 11.0.14.1 (2022-02-08): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk110141 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.1.txt - -* Other changes - - JDK-8218546: Unable to connect to https://google.com using java.net.HttpClient - - JDK-8280786: Build failure on Solaris after 8262392 - - JDK-8281324: Bump update version for OpenJDK: jdk-11.0.14.1 - -New in release OpenJDK 11.0.14 (2022-01-18): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11014 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.14.txt - -* New features - - JDK-8248238: Implementation: JEP 388: Windows AArch64 Support -* Security fixes - - JDK-8217375: jarsigner breaks old signature with long lines in manifest - - JDK-8251329: (zipfs) Files.walkFileTree walks infinitely if zip has dir named "." inside - - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization - - JDK-8268488: More valuable DerValues - - JDK-8268494: Better inlining of inlined interfaces - - JDK-8268512: More content for ContentInfo - - JDK-8268795: Enhance digests of Jar files - - JDK-8268801: Improve PKCS attribute handling - - JDK-8268813, CVE-2022-21283: Better String matching - - JDK-8269151: Better construction of EncryptedPrivateKeyInfo - - JDK-8269944: Better HTTP transport redux - - JDK-8270386, CVE-2022-21291: Better verification of scan methods - - JDK-8270392, CVE-2022-21293: Improve String constructions - - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps - - JDK-8270492, CVE-2022-21282: Better resolution of URIs - - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management - - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities - - JDK-8270952, CVE-2022-21277: Improve TIFF file handling - - JDK-8271962: Better TrueType font loading - - JDK-8271968: Better canonical naming - - JDK-8271987: Manifest improved manifest entries - - JDK-8272014, CVE-2022-21305: Better array indexing - - JDK-8272026, CVE-2022-21340: Verify Jar Verification - - JDK-8272236, CVE-2022-21341: Improve serial forms for transport - - JDK-8272272: Enhance jcmd communication - - JDK-8272462: Enhance image handling - - JDK-8273290: Enhance sound handling - - JDK-8273756, CVE-2022-21360: Enhance BMP image support - - JDK-8273838, CVE-2022-21365: Enhanced BMP processing - - JDK-8274096, CVE-2022-21366: Improve decoding of image files - - JDK-8279541: Improve HarfBuzz -* Other changes - - JDK-6849922: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.html fails - - JDK-7105119: [TEST_BUG] [macosx] In test UIDefaults.toString() must be called with the invokeLater() - - JDK-7151826: [TEST_BUG] [macosx] The test javax/swing/JPopupMenu/4966112/bug4966112.java not for mac - - JDK-7179006: [macosx] Print-to-file doesn't work: printing to the default printer instead - - JDK-8015602: [macosx] Test javax/swing/SpringLayout/4726194/bug4726194.java fails on MacOSX - - JDK-8034084: nsk.nsk/jvmti/ThreadStart/threadstart003 Wrong number of thread end events - - JDK-8039261: [TEST_BUG]: There is not a minimal security level in Java Preferences and the TestApplet.html is blocked. - - JDK-8047218: [TEST_BUG] java/awt/FullScreen/AltTabCrashTest/AltTabCrashTest.java fails with exception - - JDK-8075909: [TEST_BUG] The regression-swing case failed as it does not have the 'Open' button when select 'subdir' folder with NimbusLAF - - JDK-8078219: Verify lack of @test tag in files in java/net test directory - - JDK-8080569: java/lang/ProcessBuilder/DestroyTest.java fails with "RuntimeException: Process terminated prematurely" - - JDK-8081652: [TESTBUG] java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java timed out intermittently - - JDK-8129310: java/net/Socket/asyncClose/AsyncClose.java fails intermittently - - JDK-8131745: java/lang/management/ThreadMXBean/AllThreadIds.java still fails intermittently - - JDK-8136517: [macosx]Test java/awt/Focus/8073453/AWTFocusTransitionTest.java fails on MacOSX - - JDK-8137101: [TEST_BUG] javax/swing/plaf/basic/BasicHTML/4251579/bug4251579.java failure due to timing - - JDK-8143021: [TEST_BUG] Test javax/swing/JColorChooser/Test6541987.java fails - - JDK-8159597: [TEST_BUG] closed/javax/swing/JPopupMenu/4760494/bug4760494.java leaves key pressed - - JDK-8159904: [TEST_BUG] Failure on solaris of java/awt/Window/MultiWindowApp/MultiWindowAppTest.java - - JDK-8163086: java/awt/Window/TranslucentJAppletTest/TranslucentJAppletTest.java fails - - JDK-8165828: [TEST_BUG] The reg case:javax/swing/plaf/metal/MetalIcons/MetalHiDPIIconsTest.java failed as No Metal Look and Feel - - JDK-8169953: JComboBox/8057893: ComboBoxEdited event is not fired! on Windows - - JDK-8169954: JFileChooser/8021253: java.lang.RuntimeException: Default button is not pressed - - JDK-8169959: javax/swing/JTable/6263446/bug6263446.java: Table should be editing - - JDK-8171381: [TEST_BUG] [macos] javax/swing/JPopupMenu/7156657/bug7156657.java fails on OS X - - JDK-8171998: javax/swing/JMenu/4692443/bug4692443.java fails on Windows - - JDK-8174819: java/nio/file/WatchService/LotsOfEvents.java fails intermittently - - JDK-8179880: Refactor javax/security shell tests to plain java tests - - JDK-8180568: Refactor javax/crypto shell tests to plain java tests - - JDK-8180569: Refactor sun/security/krb5/ shell tests to plain java tests - - JDK-8180571: Refactor sun/security/pkcs11 shell tests to plain java tests and fix failures - - JDK-8180573: Refactor sun/security/tools shell tests to plain java tests - - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar - - JDK-8190753: (zipfs): Accessing a large entry (> 2^31 bytes) leads to a negative initial size for ByteArrayOutputStream - - JDK-8195703: BasicJDWPConnectionTest.java: 'App exited unexpectedly with 2' - - JDK-8196096: javax/swing/JPopupMenu/6580930/bug6580930.java fails - - JDK-8197560: test javax/swing/JTree/8003400/Test8003400.java fails - - JDK-8197800: Test java/awt/Focus/NonFocusableWindowTest/NoEventsTest.java fails on Windows - - JDK-8197811: Test java/awt/Choice/PopupPosTest/PopupPosTest.java fails on Windows - - JDK-8198616: java/awt/Focus/6378278/InputVerifierTest.java fails on mac - - JDK-8198617: java/awt/Focus/6382144/EndlessLoopTest.java fails on mac - - JDK-8198619: java/awt/Focus/FocusTraversalPolicy/ButtonGroupLayoutTraversal/ButtonGroupLayoutTraversalTest.java fails on mac - - JDK-8198623: java/awt/KeyboardFocusmanager/TypeAhead/EnqueueWithDialogButtonTest/EnqueueWithDialogButtonTest.java fails on mac - - JDK-8198624: java/awt/KeyboardFocusmanager/TypeAhead/SubMenuShowTest/SubMenuShowTest.html fails on mac - - JDK-8199138: Add RISC-V support to Zero - - JDK-8199529: javax/swing/text/Utilities/8142966/SwingFontMetricsTest.java fails on windows - - JDK-8201224: Make string buffer size dynamic in mlvmJvmtiUtils.c - - JDK-8202342: [Graal] fromTonga/nsk/jvmti/unit/FollowReferences/followref003/TestDescription.java fails with "Location mismatch" errors - - JDK-8204161: [TESTBUG] auto failed with the "Applet thread threw exception: java.lang.UnsupportedOperationException" exception - - JDK-8206085: Refactor langtools/tools/javac/versions/Versions.java - - JDK-8207936: TestZipFile failed with java.lang.AssertionError exception - - JDK-8208242: Add @requires to vmTestbase/gc/g1 tests - - JDK-8209611: use C++ compiler for hotspot tests - - JDK-8210182: Remove macros for C compilation from vmTestBase but non jvmti - - JDK-8210198: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[A-F] tests - - JDK-8210205: build fails on AIX in hotspot cpp tests (for example getstacktr001.cpp) - - JDK-8210242: [TESTBUG] vmTestbase/nsk/stress/jni/jnistress001.java crashes with EXCEPTION_ACCESS_VIOLATION on windows-x86 - - JDK-8210353: Move java/util/Arrays/TimSortStackSize2.java back to tier1 - - JDK-8210385: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[A-N] tests - - JDK-8210392: assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit - - JDK-8210395: Add doc to SecurityTools.java - - JDK-8210429: Clean up JNI_ENV_ARG for vmTestbase/jvmti/Get[G-Z] tests - - JDK-8210481: Remove #ifdef cplusplus from vmTestbase - - JDK-8210593: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[N-R] tests - - JDK-8210665: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti[R-U] tests - - JDK-8210689: Remove the multi-line old C style for string literals - - JDK-8210700: Clean up JNI_ENV_ARG and factorize the macros for vmTestbase/jvmti/unit tests - - JDK-8210726: Fix up a few minor nits forgotten by JDK-8210665 - - JDK-8210920: Native C++ tests are not using CXXFLAGS - - JDK-8210984: [TESTBUG] hs203t003 fails with "# ERROR: hs203t003.cpp, 218: NSK_CPP_STUB2 ( ResumeThread, jvmti, thread)" - - JDK-8211036: Remove the NSK_STUB macros from vmTestbase for non jvmti - - JDK-8211131: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[G-I]* - - JDK-8211148: var in implicit lambdas shouldn't be accepted for source < 11 - - JDK-8211171: move JarUtils to top-level testlibrary - - JDK-8211227: Inconsistent TLS protocol version in debug output - - JDK-8211261: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[A-G]* - - JDK-8211432: [REDO] Handle JNIGlobalRefLocker.cpp - - JDK-8211782: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/[I-S]* - - JDK-8211801: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[A-E] - - JDK-8211899: Remove the NSK_CPP_STUB macros from vmTestbase for jvmti/scenarios/[E-M] - - JDK-8211905: Remove multiple casts for EM06 file - - JDK-8211999: Window positioning bugs due to overlapping GraphicsDevice bounds (Windows/HiDPI) - - JDK-8212082: Remove the NSK_CPP_STUB macros for remaining vmTestbase/jvmti/[sS]* - - JDK-8212083: Handle remaining gc/lock native code and fix two strings - - JDK-8212148: Remove remaining NSK_CPP_STUBs - - JDK-8213110: Remove the use of applets in automatic tests - - JDK-8213189: Make restricted headers in HTTP Client configurable and remove Date by default - - JDK-8213263: fix legal headers in test/langtools - - JDK-8213296: Fix legal headers in test/jdk/java/net - - JDK-8213301: Fix legal headers in jdk logging tests - - JDK-8213305: Fix legal headers in test/java/math - - JDK-8213306: Fix legal headers in test/java/nio - - JDK-8213328: Update test copyrights in test/java/util/zip and test/jdk/tools - - JDK-8213330: Fix legal headers in i18n tests - - JDK-8213707: [TEST] vmTestbase/nsk/stress/except/except011.java failed due to wrong class name - - JDK-8214469: [macos] PIT: java/awt/Choice/ChoiceKeyEventReaction/ChoiceKeyEventReaction.java fails - - JDK-8215410: Regression test for JDK-8214994 - - JDK-8215568: Refactor SA clhsdb tests to use ClhsdbLauncher - - JDK-8215624: Add parallel heap iteration for jmap –histo - - JDK-8215889: assert(!_unloading) failed: This oop is not available to unloading class loader data with ZGC - - JDK-8216318: The usage of Disposer in the java.awt.Robot can be deleted - - JDK-8216417: cleanup of IPv6 scope-id handling - - JDK-8217377: javax/swing/JPopupMenu/6583251/bug6583251.java failed with UnsupportedOperation exception - - JDK-8217438: Adapt tools//launcher/Test7029048.java for AIX - - JDK-8217633: Configurable extensions with system properties - - JDK-8217882: java/net/httpclient/MaxStreams.java failed once - - JDK-8217903: java/net/httpclient/Response204.java fails with 404 - - JDK-8218483: Crash in "assert(_daemon_threads_count->get_value() > daemon_count) failed: thread count mismatch 5 : 5" - - JDK-8219986: Change to Xcode 10.1 for building on Macosx at Oracle - - JDK-8220575: Correctly format test URI's that contain a retrieved IPv6 address - - JDK-8221259: New tests for java.net.Socket to exercise long standing behavior - - JDK-8221305: java/awt/FontMetrics/MaxAdvanceIsMax.java fails on MacOS + Solaris - - JDK-8221902: PIT: javax/swing/JRadioButton/FocusTraversal/FocusTraversal.java fails on ubuntu - - JDK-8221903: PIT: javax/swing/RepaintManager/IconifyTest/IconifyTest.java fails on ubuntu18.04 - - JDK-8222446: assert(C->env()->system_dictionary_modification_counter_changed()) failed: Must invalidate if TypeFuncs differ - - JDK-8223137: Rename predicate 'do_unroll_only()' to 'is_unroll_only()'. - - JDK-8223138: Small clean-up in loop-tree support. - - JDK-8223139: Rename mandatory policy-do routines. - - JDK-8223140: Clean-up in 'ok_to_convert()' - - JDK-8223141: Change (count) suffix _ct into _cnt. - - JDK-8223400: Replace some enums with static const members in hotspot/runtime - - JDK-8223658: Performance regression of XML.validation in 13-b19 - - JDK-8223923: C2: Missing interference with mismatched unsafe accesses - - JDK-8224829: AsyncSSLSocketClose.java has timing issue - - JDK-8225083: Remove Google certificate that is expiring in December 2021 - - JDK-8226514: Replace wildcard address with loopback or local host in tests - part 17 - - JDK-8226943: compile error in libfollowref003.cpp with XCode 10.2 on macosx - - JDK-8228442: DHKeyExchange/LegacyDHEKeyExchange.java failed due to "SSLException: An established connection was aborted by the software in your host machine" - - JDK-8228508: [TESTBUG] java/net/httpclient/SmokeTest.java fails on Windows7 - - JDK-8229935: [TEST_BUG]: bug8132119.java inconsistently positions text - - JDK-8230019: [REDO] compiler/types/correctness/* tests fail with "assert(recv == __null || recv->is_klass()) failed: wrong type" - - JDK-8230067: Add optional automatic retry when running jtreg tests - - JDK-8230228: [TESTBUG] Several runtime/ErrorHandling tests may fail on some platforms - - JDK-8231501: VM crash in MethodData::clean_extra_data(CleanExtraDataClosure*): fatal error: unexpected tag 99 - - JDK-8233403: Improve verbosity of some httpclient tests - - JDK-8233550: [TESTBUG] JTree tests fail regularly on MacOS - - JDK-8233552: [TESTBUG] JTable Test bug7068740.java fails on MacOS - - JDK-8233553: [TESTBUG] JSpinner test bug4973721.java fails on MacOS - - JDK-8233555: [TESTBUG] JRadioButton tests failing on MacoS - - JDK-8233556: [TESTBUG] JPopupMenu tests fail on MacOS - - JDK-8233559: [TESTBUG] TestNimbusOverride.java is failing on macos - - JDK-8233560: [TESTBUG] ToolTipManager/Test6256140.java is failing on macos - - JDK-8233561: [TESTBUG] Swing text test bug8014863.java fails on macos - - JDK-8233562: [TESTBUG] Swing StyledEditorKit test bug4506788.java fails on MacOS - - JDK-8233564: [TESTBUG] MouseComboBoxTest.java is failing - - JDK-8233566: [TESTBUG] KeyboardFocusManager tests failing on MacoS - - JDK-8233567: [TESTBUG] FocusSubRequestTest.java fails on macos - - JDK-8233569: [TESTBUG] JTextComponent test bug6361367.java fails on macos - - JDK-8233570: [TESTBUG] HTMLEditorKit test bug5043626.java is failing on macos - - JDK-8233634: [TESTBUG] Swing text test bug4278839.java fails on macos - - JDK-8233635: [TESTBUG] ProgressMonitorEscapeKeyPress.java fails on macos - - JDK-8233637: [TESTBUG] Swing ActionListenerCalledTwiceTest.java fails on macos - - JDK-8233638: [TESTBUG] Swing test ScreenMenuBarInputTwice.java fails on macos - - JDK-8233641: [TESTBUG] JMenuItem test bug4171437.java fails on macos - - JDK-8233642: [TESTBUG] JMenuBar test bug 4750590.java fails on macos - - JDK-8233643: [TESTBUG] JMenu test bug4515762.java fails on macos - - JDK-8233644: [TESTBUG] JInternalFrame test bug8020708.java is failing on macos - - JDK-8233647: [TESTBUG] JColorChooser/Test8051548.java is failing on macos - - JDK-8234802: [TESTBUG] Test Right Mouse Button Drag Gesture Recognition in all the platforms - - JDK-8234823: java/net/Socket/Timeouts.java testcase testTimedConnect2() fails on Windows 10 - - JDK-8235784: java/lang/invoke/VarHandles/VarHandleTestByteArrayAsInt.java fails due to timeout with fastdebug bits - - JDK-8236042: [TESTBUG] serviceability/sa/ClhsdbCDSCore.java fails with -Xcomp -XX:TieredStopAtLevel=1 - - JDK-8236177: assert(status == 0) failed: error ETIMEDOUT(60), cond_wait - - JDK-8236596: HttpClient leaves HTTP/2 sockets in CLOSE_WAIT, when using proxy tunnel - - JDK-8237354: Add option to jcmd to write a gzipped heap dump - - JDK-8237589: Fix copyright header formatting - - JDK-8238677: java/net/httpclient/ssltest/CertificateTest.java should not specify TLS version - - JDK-8239334: Tab Size does not work correctly in JTextArea with setLineWrap on - - JDK-8239422: [TESTBUG] compiler/c1/TestPrintIRDuringConstruction.java failed when C1 is disabled - - JDK-8239827: The test OpenByUNCPathNameTest.java should be changed to be manual - - JDK-8240256: Better resource cleaning for SunPKCS11 Provider - - JDK-8242044: Add basic HTTP/1.1 support to the HTTP/2 Test Server - - JDK-8242526: PIT: javax/swing/JInternalFrame/8020708/bug8020708.java fails in mach5 ubuntu system - - JDK-8242793: Incorrect copyright header in ContinuousCallSiteTargetChange.java - - JDK-8243543: jtreg test security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java fails - - JDK-8244292: Headful clients failing with --illegal-access=deny - - JDK-8245147: Refactor and improve utility of test/langtools/tools/javac/versions/Versions.java - - JDK-8245165: Update bug id for javax/swing/text/StyledEditorKit/4506788/bug4506788.java in ProblemList - - JDK-8245665: Test WeakAlg.java should only make sure no warning for weak signature algorithms by keytool on root CA - - JDK-8246114: java/net/MulticastSocket/Promiscuous.java fails after 8241072 (multi-homed systems) - - JDK-8246807: Incorrect copyright header in TimeZoneDatePermissionCheck.sh - - JDK-8247403: JShell: No custom input (e.g. from GUI) possible with JavaShellToolBuilder - - JDK-8247510: typo in IllegalHandshakeMessage - - JDK-8248187: [TESTBUG] javax/swing/plaf/basic/BasicGraphicsUtils/8132119/bug8132119.java fails with String is not properly drawn - - JDK-8248341: ProblemList java/lang/management/ThreadMXBean/ThreadMXBeanStateTest.java - - JDK-8248500: AArch64: Remove the r18 dependency on Windows AArch64 - - JDK-8248899: security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java fails, Certificate has been revoked - - JDK-8249195: Change to Xcode 11.3.1 for building on Macos at Oracle - - JDK-8250521: Configure initial RTO to use minimal retry for loopback connections on Windows - - JDK-8250810: Push missing parts of JDK-8248817 - - JDK-8250839: Improve test template SSLEngineTemplate with SSLContextTemplate - - JDK-8250863: Build error with GCC 10 in NetworkInterface.c and k_standard.c - - JDK-8250888: nsk/jvmti/scenarios/general_functions/GF08/gf08t001/TestDriver.java fails - - JDK-8251155: HostIdentifier fails to canonicalize hostnames starting with digits - - JDK-8251377: [macos11] JTabbedPane selected tab text is barely legible - - JDK-8251570: JDK-8215624 causes assert(worker_id < _n_workers) failed: Invalid worker_id - - JDK-8251930: AArch64: Native types mismatch in hotspot - - JDK-8252049: Native memory leak in ciMethodData ctor - - JDK-8252051: Make mlvmJvmtiUtils strncpy uses GCC 10.x friendly - - JDK-8252114: Windows-AArch64: Enable and test ZGC and ShenandoahGC - - JDK-8253015: Aarch64: Move linux code out from generic CPU feature detection - - JDK-8253147: The javax/swing/JPopupMenu/7154841/bug7154841.java fail on big screens - - JDK-8253497: Core Libs Terminology Refresh - - JDK-8253682: The AppletInitialFocusTest1.java is unstable - - JDK-8253763: ParallelObjectIterator should have virtual destructor - - JDK-8253866: Security Libs Terminology Refresh - - JDK-8254802: ThrowingPushPromisesAsStringCustom.java fails in "try throwing in GET_BODY" - - JDK-8255227: java/net/httpclient/FlowAdapterPublisherTest.java intermittently failing with TestServer: start exception: java.io.IOException: Invalid preface - - JDK-8255264: Support for identifying the full range of IPv4 localhost addresses on Windows - - JDK-8255716: AArch64: Regression: JVM crashes if manually offline a core - - JDK-8255722: Create a new test for rotated blit - - JDK-8256009: Remove src/hotspot/share/adlc/Test/i486.ad - - JDK-8256066: Tests use deprecated TestNG API that is no longer available in new versions - - JDK-8256152: tests fail because of ambiguous method resolution - - JDK-8256182: Update qemu-debootstrap cross-compilation recipe - - JDK-8256201: java/awt/FullScreen/FullscreenWindowProps/FullscreenWindowProps.java failed - - JDK-8256202: Some tweaks for jarsigner tests PosixPermissionsTest and SymLinkTest - - JDK-8256372: [macos] Unexpected symbol was displayed on JTextField with Monospaced font - - JDK-8256956: RegisterImpl::max_slots_per_register is incorrect on AMD64 - - JDK-8258457: testlibrary_tests/ctw/JarDirTest.java fails with InvalidPathException on windows - - JDK-8258855: Two tests sun/security/krb5/auto/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java failed on OL8.3 - - JDK-8259237: Demo selection changes with left/right arrow key. No need to press space for selection. - - JDK-8260571: Add PrintMetaspaceStatistics to print metaspace statistics upon VM exit - - JDK-8260690: JConsole User Guide Link from the Help menu is not accessible by keyboard - - JDK-8261036: Reduce classes loaded by CleanerFactory initialization - - JDK-8261071: AArch64: Refactor interpreter native wrappers - - JDK-8261075: Create stubRoutines.inline.hpp with SafeFetch implementation - - JDK-8261236: C2: ClhsdbJstackXcompStress test fails when StressGCM is enabled - - JDK-8261297: NMT: Final report should use scale 1 - - JDK-8261661: gc/stress/TestReclaimStringsLeaksMemory.java fails because Reserved memory size is too big - - JDK-8261916: gtest/GTestWrapper.java vmErrorTest.unimplemented1_vm_assert failed - - JDK-8262438: sun/security/ssl/SSLLogger/LoggingFormatConsistency.java failed with "SocketException: Socket is closed" - - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print" - - JDK-8262844: (fs) FileStore.supportsFileAttributeView might return false negative in case of ext3 - - JDK-8263059: security/infra/java/security/cert/CertPathValidator/certification/ComodoCA.java fails due to revoked cert - - JDK-8263068: Rename safefetch.hpp to safefetch.inline.hpp - - JDK-8263303: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint - - JDK-8263362: Avoid division by 0 in java/awt/font/TextJustifier.java justify - - JDK-8263773: Reenable German localization for builds at Oracle - - JDK-8263897: compiler/c2/aarch64/TestVolatilesSerial.java failed with "java.lang.RuntimeException: Wrong method" - - JDK-8264526: javax/swing/text/html/parser/Parser/8078268/bug8078268.java timeout - - JDK-8264824: java/net/Inet6Address/B6206527.java doesn't close ServerSocket properly - - JDK-8265019: Update tests for additional TestNG test permissions - - JDK-8265173: [test] divert spurious log output away from stream under test in ProcessBuilder Basic test - - JDK-8265524: Upgrading JSZip from v3.2.2 to v3.6.0 - - JDK-8266182: Automate manual steps listed in the test jdk/sun/security/pkcs12/ParamsTest.java - - JDK-8266579: Update test/jdk/java/lang/ProcessHandle/PermissionTest.java & test/jdk/java/sql/testng/util/TestPolicy.java - - JDK-8266949: Check possibility to disable OperationTimedOut on Unix - - JDK-8267246: -XX:MaxRAMPercentage=0 is unreasonable for jtreg tests on many-core machines - - JDK-8267256: Extend minimal retry for loopback connections on Windows to PlainSocketImpl - - JDK-8267304: Bump global JTReg memory limit to 768m - - JDK-8267652: c2 loop unrolling by 8 results in reading memory past array - - JDK-8268019: C2: assert(no_dead_loop) failed: dead loop detected - - JDK-8268093: Manual Testcase: "sun/security/krb5/config/native/TestDynamicStore.java" Fails with NPE - - JDK-8268555: Update HttpClient tests that use ITestContext to jtreg 6+1 - - JDK-8268672: C2: assert(!loop->is_member(u_loop)) failed: can be in outer loop or out of both loops only - - JDK-8269034: AccessControlException for SunPKCS11 daemon threads - - JDK-8269426: Rename test/jdk/java/lang/invoke/t8150782 to accessClassAndFindClass - - JDK-8269574: C2: Avoid redundant uncommon traps in GraphKit::builtin_throw() for JVMTI exception events - - JDK-8269656: The test test/langtools/tools/javac/versions/Versions.java has duplicate test cycles - - JDK-8269768: JFR Terminology Refresh - - JDK-8269951: [macos] Focus not painted in JButton when setBorderPainted(false) is invoked - - JDK-8269984: [macos] JTabbedPane title looks like disabled - - JDK-8269993: [Test]: java/net/httpclient/DigestEchoClientSSL.java contains redundant @run tags - - JDK-8270116: Expand ButtonGroupLayoutTraversalTest.java to run in all LaFs, including Aqua on macOS - - JDK-8270216: [macOS] Update named used for Java run loop mode - - JDK-8270280: security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA.java OCSP response error - - JDK-8270290: NTLM authentication fails if HEAD request is used - - JDK-8270317: Large Allocation in CipherSuite - - JDK-8270344: Session resumption errors - - JDK-8270517: Add Zero support for LoongArch - - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS - - JDK-8270886: Crash in PhaseIdealLoop::verify_strip_mined_scheduling - - JDK-8271287: jdk/jshell/CommandCompletionTest.java fails with "lists don't have the same size expected" - - JDK-8271340: Crash PhaseIdealLoop::clone_outer_loop - - JDK-8271341: Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2 assert failure with Test7179138_1.java - - JDK-8271459: C2: Missing NegativeArraySizeException when creating StringBuilder with negative capacity - - JDK-8271490: [ppc] [s390]: Crash in JavaThread::pd_get_top_frame_for_profiling - - JDK-8271560: sun/security/ssl/DHKeyExchange/LegacyDHEKeyExchange.java still fails due to "An established connection was aborted by the software in your host machine" - - JDK-8271567: AArch64: AES Galois CounterMode (GCM) interleaved implementation using vector instructions - - JDK-8272180: Upgrade JSZip from v3.6.0 to v3.7.1 - - JDK-8272181: Windows-AArch64:Backport fix of `Backtracing broken on PAC enabled systems` - - JDK-8272316: Wrong Boot JDK help message in 11 - - JDK-8272318: Improve performance of HeapDumpAllTest - - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions - - JDK-8272570: C2: crash in PhaseCFG::global_code_motion - - JDK-8272574: C2: assert(false) failed: Bad graph detected in build_loop_late - - JDK-8272581: sun/security/pkcs11/Provider/MultipleLogins.sh fails after JDK-8266182 - - JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/security/cert/CertPathValidator/certification/BuypassCA.java no longer needs ocspEnabled - - JDK-8272720: Fix the implementation of loop unrolling heuristic with LoopPercentProfileLimit - - JDK-8272783: Epsilon: Refactor tests to improve performance - - JDK-8272806: [macOS] "Apple AWT Internal Exception" when input method is changed - - JDK-8272828: Add correct licenses to jszip.md - - JDK-8272836: Limit run time for java/lang/invoke/LFCaching tests - - JDK-8272850: Drop zapping values in the Zap* option descriptions - - JDK-8272902: Bump update version for OpenJDK: jdk-11.0.14 - - JDK-8272914: Create hotspot:tier2 and hotspot:tier3 test groups - - JDK-8272966: test/jdk/java/awt/Robot/FlushCurrentEvent.java fails by timeout - - JDK-8273026: Slow LoginContext.login() on multi threading application - - JDK-8273229: Update OS detection code to recognize Windows Server 2022 - - JDK-8273235: tools/launcher/HelpFlagsTest.java Fails on Windows 32bit - - JDK-8273308: PatternMatchTest.java fails on CI - - JDK-8273314: Add tier4 test groups - - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817 - - JDK-8273358: macOS Monterey does not have the font Times needed by Serif - - JDK-8273373: Zero: Cannot invoke JVM in primordial threads on Zero - - JDK-8273498: compiler/c2/Test7179138_1.java timed out - - JDK-8273541: Cleaner Thread creates with normal priority instead of MAX_PRIORITY - 2 - - JDK-8273547: [11u] [JVMCI] Partial module-info.java backport of JDK-8223332 - - JDK-8273606: Zero: SPARC64 build fails with si_band type mismatch - - JDK-8273646: Add openssl from path variable also in to Default System Openssl Path in OpensslArtifactFetcher - - JDK-8273671: Backport of 8260616 misses one JNF header inclusion removal - - JDK-8273790: Potential cyclic dependencies between Gregorian and CalendarSystem - - JDK-8273795: Zero SPARC64 debug builds fail due to missing interpreter fields - - JDK-8273826: Correct Manifest file name and NPE checks - - JDK-8273894: ConcurrentModificationException raised every time ReferralsCache drops referral - - JDK-8273924: ArrayIndexOutOfBoundsException thrown in java.util.JapaneseImperialCalendar.add() - - JDK-8273961: jdk/nio/zipfs/ZipFSTester.java fails if file path contains '+' character - - JDK-8273968: JCK javax_xml tests fail in CI - - JDK-8274056: JavaAccessibilityUtilities leaks JNI objects - - JDK-8274083: Update testing docs to mention tiered testing - - JDK-8274293: Build failure on macOS with Xcode 13.0 as vfork is deprecated - - JDK-8274326: [macos] Ensure initialisation of sun/lwawt/macosx/CAccessibility in JavaComponentAccessibility.m - - JDK-8274329: Fix non-portable HotSpot code in MethodMatcher::parse_method_pattern - - JDK-8274381: missing CAccessibility definitions in JNI code - - JDK-8274407: (tz) Update Timezone Data to 2021c - - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b - - JDK-8274468: TimeZoneTest.java fails with tzdata2021b - - JDK-8274522: java/lang/management/ManagementFactory/MXBeanException.java test fails with Shenandoah - - JDK-8274642: jdk/jshell/CommandCompletionTest.java fails with NoSuchElementException after JDK-8271287 - - JDK-8274773: [TESTBUG] UnsafeIntrinsicsTest intermittently fails on weak memory model platform - - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST - - JDK-8274840: Update OS detection code to recognize Windows 11 - - JDK-8274860: gcc 10.2.1 produces an uninitialized warning in sharedRuntimeTrig.cpp - - JDK-8275051: Shenandoah: Correct ordering of requested gc cause and gc request flag - - JDK-8275131: Exceptions after a touchpad gesture on macOS - - JDK-8275713: TestDockerMemoryMetrics test fails on recent runc - - JDK-8275766: (tz) Update Timezone Data to 2021e - - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e - - JDK-8276066: Reset LoopPercentProfileLimit for x86 due to suboptimal performance - - JDK-8276139: TestJpsHostName.java not reliable, better to expand HostIdentifierCreate.java test - - JDK-8276157: C2: Compiler stack overflow during escape analysis on Linux x86_32 - - JDK-8276201: Shenandoah: Race results degenerated GC to enter wrong entry point - - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766 - - JDK-8276550: Use SHA256 hash in build.tools.depend.Depend - - JDK-8276774: Cookie stored in CookieHandler not sent if user headers contain cookie - - JDK-8276854: Windows GHA builds fail due to broken Cygwin - - JDK-8277029: JMM GetDiagnosticXXXInfo APIs should verify output array sizes - - JDK-8277224: sun.security.pkcs.PKCS9Attributes.toString() throws NPE - - JDK-8277529: SIGSEGV in C2 CompilerThread Node::rematerialize() compiling Packet::readUnsignedTrint - - JDK-8277815: Fix mistakes in legal header backports - -Notes on individual issues: -=========================== - -core-svc/tools: - -JDK-8250554: New Option Added to jcmd for Writing a gzipped Heap Dump -===================================================================== -A new integer option `gz` has been added to the `GC.heap_dump` -diagnostic command. If it is specified, it will enable the gzip -compression of the written heap dump. The supplied value is the -compression level. It can range from 1 (fastest) to 9 (slowest, but -best compression). The recommended level is 1. - -security-libs/javax.net.ssl: - -JDK-8260310: Configurable Extensions With System Properties -=========================================================== -Two new system properties have been added. The system property, -`jdk.tls.client.disableExtensions`, is used to disable TLS extensions -used in the client. The system property, -`jdk.tls.server.disableExtensions`, is used to disable TLS extensions -used in the server. If an extension is disabled, it will be neither -produced nor processed in the handshake messages. - -The property string is a list of comma separated standard TLS -extension names, as registered in the IANA documentation (for example, -server_name, status_request, and signature_algorithms_cert). Note that -the extension names are case sensitive. Unknown, unsupported, -misspelled and duplicated TLS extension name tokens will be ignored. - -Please note that the impact of blocking TLS extensions is -complicated. For example, a TLS connection may not be able to be -established if a mandatory extension is disabled. Please do not -disable mandatory extensions, and do not use this feature unless you -clearly understand the impact. - -security-libs/javax.crypto:pkcs11: - -JDK-8272907: New SunPKCS11 Configuration Properties -=================================================== -The SunPKCS11 provider gains new provider configuration attributes to -better control native resources usage. The SunPKCS11 provider consumes -native resources in order to work with native PKCS11 libraries. To -manage and better control the native resources, additional -configuration attributes are added to control the frequency of -clearing native references as well as whether to destroy the -underlying PKCS11 Token after logout. - -The 3 new attributes for the SunPKCS11 provider configuration file -are: - -1) `destroyTokenAfterLogout` (boolean, defaults to false) - -If set to true, when `java.security.AuthProvider.logout()` is called -upon the SunPKCS11 provider instance, the underlying Token object will -be destroyed and resources will be freed. This essentially renders the -SunPKCS11 provider instance unusable after `logout()` calls. Note that -a PKCS11 provider with this attribute set to `true` should not be -added to the system provider list since the provider object is not -usable after a `logout()` method call. - -2) `cleaner.shortInterval` (integer, defaults to 2000, in milliseconds) - -This defines the frequency for clearing native references during busy -periods (such as, how often should the cleaner thread processes the -no-longer-needed native references in the queue to free up native -memory). Note that the cleaner thread will switch to the -'longInterval' frequency after 200 failed tries (such as, when no -references are found in the queue). - -3) `cleaner.longInterval` (integer, defaults to 60000, in milliseconds) - -This defines the frequency for checking native reference during -non-busy period (such as, how often should the cleaner thread check -the queue for native references). Note that the cleaner thread will -switch back to the 'shortInterval' value if native PKCS11 references -for cleaning are detected. - -core-libs/java.nio: - -JDK-8271517: Zip File System Provider Throws ZipException when entry name element contains "." or "." -===================================================================================================== -The ZIP file system provider has been changed to reject existing ZIP -files that contain entries with "." or ".." in name elements. ZIP -files with these entries can not be used as a file system. Invoking -the `java.nio.file.FileSystems.newFileSystem(...)` methods will throw -`ZipException` if the ZIP file contains these entries. - -security-libs/java.security: - -JDK-8272535: Removed Google's GlobalSign Root Certificate -========================================================= -The following root certificate from Google has been removed from the -`cacerts` keystore: - -Alias Name: globalsignr2ca [jdk] -Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 - -core-libs/java.time: - -JDK-8274857: Update Timezone Data to 2021c -=========================================== -IANA Time Zone Database, on which JDK's Date/Time libraries are based, -has been updated to version 2021c -(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note -that with this update, some of the time zone rules prior to the year -1970 have been modified according to the changes which were introduced -with 2021b. For more detail, refer to the announcement of 2021b -(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html) - -New in release OpenJDK 11.0.13 (2021-10-19): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11013 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt - -* Security fixes - - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference - - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close - - JDK-8263314: Enhance XML Dsig modes - - JDK-8265167, CVE-2021-35556: Richer Text Editors - - JDK-8265574: Improve handling of sheets - - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit - - JDK-8265776: Improve Stream handling for SSL - - JDK-8266097, CVE-2021-35561: Better hashing support - - JDK-8266103: Better specified spec values - - JDK-8266109: More Resilient Classloading - - JDK-8266115: More Manifest Jar Loading - - JDK-8266137, CVE-2021-35564: Improve Keystore integrity - - JDK-8266689, CVE-2021-35567: More Constrained Delegation - - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic - - JDK-8267712: Better LDAP reference processing - - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking - - JDK-8267735, CVE-2021-35586: Better BMP support - - JDK-8268193: Improve requests of certificates - - JDK-8268199: Correct certificate requests - - JDK-8268205: Enhance DTLS client handshake - - JDK-8268506: More Manifest Digests - - JDK-8269618, CVE-2021-35603: Better session identification - - JDK-8269624: Enhance method selection support - - JDK-8270398: Enhance canonicalization - - JDK-8270404: Better canonicalization -* Other changes - - JDK-8024368: private methods are allocated vtable indices - - JDK-8042902: Test java/net/Inet6Address/serialize/Inet6AddressSerializationTest.java fails intermittently - - JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites - - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream - - JDK-8158066: SourceDebugExtensionTest fails to rename file - - JDK-8168304: Make all of DependencyContext_test available in product mode - - JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java fails intermittently with BindException - - JDK-8181313: SA: Remove libthread_db dependency on Linux - - JDK-8193214: Incorrect annotations.without.processors warnings with JDK 9 - - JDK-8194230: jdk/internal/jrtfs/remote/RemoteRuntimeImageTest.java fails with java.lang.NullPointerException - - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails - - JDK-8199931: java/net/MulticastSocket/UnreferencedMulticastSockets.java fails with "incorrect data received" - - JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK version changes - - JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java failed on Mac 10.13 with zh_CN and zh_TW locales. - - JDK-8207316: java/nio/channels/spi/SelectorProvider/inheritedChannel/InheritedChannelTest.java failed - - JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64 - - JDK-8208363: test/jdk/java/lang/Package/PackageFromManifest.java missing module dependencies declaration - - JDK-8209380: ARM: cleanup maybe-uninitialized and reorder compiler warnings - - JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh to plain java test - - JDK-8209772: Refactor shell test java/util/ServiceLoader/basic/basic.sh to java - - JDK-8209773: Refactor shell test javax/naming/module/basic.sh to java - - JDK-8209832: Refactor jdk/internal/reflect/Reflection/GetCallerClassTest.sh to plain java test - - JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh to plain java test - - JDK-8210406: Refactor java.util.PluggableLocale:i18n shell tests to plain java tests - - JDK-8210407: Refactor java.util.Calendar:i18n shell tests to plain java tests - - JDK-8210495: compiler crashes because of illegal signature in otherwise legal code - - JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time image layout - - JDK-8210802: temp files left by tests in jdk/java/net/httpclient - - JDK-8210819: Update the host name in CNameTest.java - - JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain java test - - JDK-8210934: Move sun/net/www/protocol/http/GetErrorStream.java to OpenJDK - - JDK-8210959: JShell fails and exits when statement throws an exception whose message contains a '%'. - - JDK-8211055: Provide print to a file (PDF) feature even when printer was not connected - - JDK-8211092: test/jdk/sun/net/www/http/HttpClient/MultiThreadTest.java fails intermittently when cleaning up - - JDK-8211296: Remove HotSpot deprecation warning suppression for Mac/clang - - JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails with cleaning up - - JDK-8212040: Compilation error due to wrong usage of NSPrintJobDispositionValue in mac10.12 - - JDK-8212695: Add explicit timeout to several HTTP Client tests - - JDK-8212718: Refactor some annotation processor tests to better use collections - - JDK-8213007: Update the link in test/jdk/sun/security/provider/SecureRandom/DrbgCavp.java - - JDK-8213137: Remove static initialization of monitor/mutex instances - - JDK-8213235: java/nio/channels/SocketChannel/AsyncCloseChannel.java fails with threads that didn't exit - - JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests to plain java tests - - JDK-8213576: Make test AsyncCloseChannel.java run in othervm - - JDK-8213694: Test Timeout.java should run in othervm mode - - JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/except/except002 and except003 - - JDK-8213922: fix ctw stand-alone build - - JDK-8214195: Align stdout messages in test/jdk/java/math/BigInteger/PrimitiveConversionTests.java - - JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java failed with incorrect jtreg tags order - - JDK-8214937: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed due to unexpected expiration date - - JDK-8216532: tools/launcher/Test7029048.java fails (Solaris) - - JDK-8217825: Verify @AfterTest is used correctly in WebSocket tests - - JDK-8218145: block_if_requested is not proper inlined due to size - - JDK-8219417: bump jtreg requiredVersion to b14 - - JDK-8219552: bump jtreg requiredVersion to b14 in test/jdk/sanity/client/ - - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException - - JDK-8220445: Support for side by side MSVC Toolset versions - - JDK-8221988: add possibility to build with Visual Studio 2019 - - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail - - JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use Dependencies::find_unique_concrete_method() for non-virtual methods - - JDK-8224853: CDS address sanitizer errors - - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021 - - JDK-8225583: Examine the HttpResponse.BodySubscribers for null handling and multiple subscriptions - - JDK-8225690: Multiple AttachListener threads can be created - - JDK-8225790: Two NestedDialogs tests fail on Ubuntu - - JDK-8226319: Add forgotten test/jdk/java/net/httpclient/BodySubscribersTest.java - - JDK-8226533: JVMCI: findUniqueConcreteMethod should handle statically bindable methods directly - - JDK-8226602: Test convenience reactive primitives from java.net.http with RS TCK - - JDK-8226683: Remove review suggestion from fix to 8219804 - - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134" - - JDK-8227766: CheckUnhandledOops is broken in MemAllocator - - JDK-8227815: Minimal VM: set_state is not a member of AttachListener - - JDK-8230674: Heap dumps should exclude dormant CDS archived objects of unloaded classes - - JDK-8230808: Remove Access::equals() - - JDK-8230841: Remove oopDesc::equals() - - JDK-8231717: Improve performance of charset decoding when charset is always compactable - - JDK-8232243: Wrong caret position in JTextPane on Windows with a screen resolution > 100% - - JDK-8232782: Shenandoah: streamline post-LRB CAS barrier (aarch64) - - JDK-8233790: Forward output from heap dumper to jcmd/jmap - - JDK-8233989: Create an IPv4 version of java/net/MulticastSocket/SetLoopbackMode.java - - JDK-8234510: Remove file seeking requirement for writing a heap dump - - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file - - JDK-8235216: typo in test filename - - JDK-8235866: bump jtreg requiredVersion to 4.2b16 - - JDK-8236111: narrow allowSmartActionArgs disabling - - JDK-8236413: AbstractConnectTimeout should tolerate both NoRouteToHostException and UnresolvedAddressException - - JDK-8236671: NullPointerException in JKS keystore - - JDK-8238930: problem list compiler/c2/Test8004741.java - - JDK-8238943: switch to jtreg 5.0 - - JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS breaks QuietOption.java test - - JDK-8240983: Incorrect copyright header in Apache Santuario 2.1.3 files - - JDK-8241336: Some java.net tests failed with NoRouteToHostException on MacOS with special network configuration - - JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler - - JDK-8241768: git needs .gitattributes - - JDK-8242882: opening jar file with large manifest might throw NegativeArraySizeException - - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty" - - JDK-8245134: test/lib/jdk/test/lib/security/KeyStoreUtils.java should allow to specify aliases - - JDK-8246261: TCKLocalTime.java failed due to "AssertionError: expected [18:14:22] but found [18:14:23]" - - JDK-8246387: switch to jtreg 5.1 - - JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed allocating blob - - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available - - JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/TextLayout/ArabicDiacriticTest.java can leave frame open - - JDK-8248403: AArch64: Remove uses of kernel integer types - - JDK-8248414: AArch64: Remove uses of long and unsigned long ints - - JDK-8248657: Windows: strengthening in ThreadCritical regarding memory model - - JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread - - JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC - - JDK-8248671: AArch64: Remove unused variables - - JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper - - JDK-8248816: C1: Fix signature conflict in LIRGenerator::strength_reduce_multiply - - JDK-8249095: tools/javac/launcher/SourceLauncherTest.java fails on Windows - - JDK-8249548: backward focus traversal gets stuck in button group - - JDK-8249773: Upgrade ReceiveISA.java test to be resilient to failure due to stray packets and interference - - JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o bug-id - - JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses @ignore w/o bug-id - - JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses @ignore w/o bug-id - - JDK-8250588: Shenandoah: LRB needs to save/restore fp registers for runtime call - - JDK-8250824: AArch64: follow up for JDK-8248414 - - JDK-8251166: Add automated testcases for changes done in JDK-8214112 - - JDK-8251252: Add automated testcase for fix done in JDK-8214253 - - JDK-8251254: Add automated test for fix done in JDK-8218472 - - JDK-8251361: Potential race between Logger configuration and GCs in HttpURLConWithProxy test - - JDK-8251549: Update docs on building for Git - - JDK-8251945: SIGSEGV in PackageEntry::purge_qualified_exports() - - JDK-8252194: Add automated test for fix done in JDK-8218469 - - JDK-8252648: Shenandoah: name gang tasks consistently - - JDK-8252825: Add automated test for fix done in JDK-8218479 - - JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java fails intermittently with C1 - - JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially consistent - - JDK-8253048: AArch64: When CallLeaf, no need to preserve callee-saved registers in caller - - JDK-8253424: Add support for running pre-submit testing using GitHub Actions - - JDK-8253631: Remove unimplemented CompileBroker methods after JEP-165 - - JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably - - JDK-8253899: Make IsClassUnloadingEnabled signature match specification - - JDK-8254024: Enhance native libs for AWT and Swing to work with GraalVM Native Image - - JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command - - JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow - - JDK-8254175: Build no-pch configuration in debug mode for submit checks - - JDK-8254244: Some code emitted by TemplateTable::branch is unused when running TieredCompilation - - JDK-8254270: linux 32 bit build doesn't compile libjdwp/log_messages.c - - JDK-8254282: Add Linux x86_32 builds to submit workflow - - JDK-8254850: Update terminology in java.awt.GridBagLayout source code comments - - JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1 - - JDK-8255305: Add Linux x86_32 tier1 to submit workflow - - JDK-8255352: Archive important test outputs in submit workflow - - JDK-8255373: Submit workflow artifact name is always "test-results_.zip" - - JDK-8255452: Doing GC during JVMTI MethodExit event posting breaks return oop - - JDK-8255718: Zero: VM should know it runs in interpreter-only mode - - JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F on Manjaro Linux - - JDK-8255810: Zero: build fails without JVMTI - - JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch - - JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow - - JDK-8256215: Shenandoah: re-organize saving/restoring machine state in assembler code - - JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for x86_32 and lower -XX:+UseSSE - - JDK-8256277: Github Action build on macOS should define OS and Xcode versions - - JDK-8256354: Github Action build on Windows should define OS and MSVC versions - - JDK-8256393: Github Actions build on Linux should define OS and GCC versions - - JDK-8256414: add optimized build to submit workflow - - JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing - - JDK-8257056: Submit workflow should apt-get update to avoid package installation errors - - JDK-8257148: Remove obsolete code in AWTView.m - - JDK-8257497: Update keytool to create AKID from the SKID of the issuing certificate as specified by RFC 5280 - - JDK-8257620: Do not use objc_msgSend_stret to get macOS version - - JDK-8257913: Add more known library locations to simplify Linux cross-compilation - - JDK-8258703: Incorrect 512-bit vector registers restore on x86_32 - - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test - - JDK-8259535: ECDSA SignatureValue do not always have the specified length - - JDK-8259679: GitHub actions should use MSVC 14.28 - - JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386" - - JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386" - - JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*) - - JDK-8260923: Add more tests for SSLSocket input/output shutdown - - JDK-8261072: AArch64: Fix MacroAssembler::get_thread convention - - JDK-8261147: C2: Node is wrongly marked as reduction resulting in a wrong execution due to wrong vector instructions - - JDK-8261238: NMT should not limit baselining by size threshold - - JDK-8261496: Shenandoah: reconsider pacing updates memory ordering - - JDK-8261652: Remove some dead comments from os_bsd_x86 - - JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync with the StackFrameStream - - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space" - - JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info. - - JDK-8262392: Update Mesa 3-D Headers to version 21.0.3 - - JDK-8262409: sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions. SSL test failures caused by java failed with "Server reported the wrong exception" - - JDK-8262470: Printed GlyphVector outline with low DPI has bad quality on Windows - - JDK-8262862: Harden tests sun/security/x509/URICertStore/ExtensionsWithLDAP.java and krb5/canonicalize/Test.java - - JDK-8263136: C4530 was reported from VS 2019 at access bridge - - JDK-8263227: C2: inconsistent spilling due to dead nodes in exception block - - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers" - - JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X) - - JDK-8263432: javac may report an invalid package/class clash on case insensitive filesystems - - JDK-8263490: [macos] Crash occurs on JPasswordField with activated InputMethod - - JDK-8263531: Remove unused buffer int - - JDK-8263667: Avoid running GitHub actions on branches named pr/* - - JDK-8263776: [JVMCI] add helper to perform Java upcalls - - JDK-8264016: [JVMCI] add some thread local fields for use by JVMCI - - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M - - JDK-8265132: C2 compilation fails with assert "missing precedence edge" - - JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after fix for JDK-8264821 - - JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay description - - JDK-8265756: AArch64: initialize memory allocated for locals according to Windows AArch64 stack page growth requirement in template interpreter - - JDK-8265761: Font with missed font family name is not properly printed on Windows - - JDK-8265773: incorrect jdeps message "jdk8internals" to describe a removed JDK internal API - - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container - - JDK-8266018: Shenandoah: fix an incorrect assert - - JDK-8266206: Build failure after JDK-8264752 with older GCCs - - JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5 - - JDK-8266288: assert root method not found in witnessed_reabstraction_in_supers is too strong - - JDK-8266404: Fatal error report generated with -XX:+CrashOnOutOfMemoryError should not contain suggestion to submit a bug report - - JDK-8266480: Implicit null check optimization does not update control of hoisted memory operation - - JDK-8266615: C2 incorrectly folds subtype checks involving an interface array - - JDK-8266642: Improve ResolvedMethodTable hash function - - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems - - JDK-8266761: AssertionError in sun.net.httpserver.ServerImpl.responseCompleted - - JDK-8266813: Shenandoah: Use shorter instruction sequence for checking if marking in progress - - JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due to uninitialized BasicObjectLock::_displaced_header - - JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use Metaspace with less classes - - JDK-8267396: Avoid recording "pc" in unhandled oops detector for better performance - - JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java test failed with assertion - - JDK-8267424: CTW: C1 fails with "State must not be null" - - JDK-8267459: Pasting Unicode characters into JShell does not work. - - JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type - - JDK-8267666: Add option to jcmd GC.heap_dump to use existing file - - JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13 - - JDK-8267751: (test) jtreg.SkippedException has no serial VersionUID - - JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle min_jint correctly - - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836 - - JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size - - JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info. - - JDK-8268347: C2: nested locks optimization may create unbalanced monitor enter/exit code - - JDK-8268360: Missing check for infinite loop during node placement - - JDK-8268362: [REDO] C2 crash when compile negative Arrays.copyOf length after loop - - JDK-8268366: Incorrect calculation of has_fpu_registers in C1 linear scan - - JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to missing null check - - JDK-8268417: Add test from JDK-8268360 - - JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance - - JDK-8268617: [11u REDO] - WebSocket over authenticating proxy fails with NPE - - JDK-8268620: InfiniteLoopException test may fail on x86 platforms - - JDK-8268635: Corrupt oop in ClassLoaderData - - JDK-8268699: Shenandoah: Add test for JDK-8268127 - - JDK-8268771: javadoc -notimestamp option does not work on index.html - - JDK-8268775: Password is being converted to String in AccessibleJPasswordField - - JDK-8268776: Test `ADatagramSocket.java` missing /othervm from @run tag - - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server - - JDK-8269304: Regression ~5% in 2005 in b27 - - JDK-8269415: [11u] Remove ea from DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u - - JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient - - JDK-8269529: javax/swing/reliability/HangDuringStaticInitialization.java fails in Windows debug build - - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark - - JDK-8269614: [s390] Interpreter checks wrong bit for slow path instance allocation - - JDK-8269650: Optimize gc-locker in [Get|Release]StringCritical for latin string - - JDK-8269661: JNI_GetStringCritical does not lock char array - - JDK-8269668: [aarch64] java.library.path not including /usr/lib64 - - JDK-8269763: The JEditorPane is blank after JDK-8265167 - - JDK-8269795: C2: Out of bounds array load floats above its range check in loop peeling resulting in SEGV - - JDK-8269847: JDK-8269594 backport breaks 11u builds - - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0 - - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers - - JDK-8269882: stack-use-after-scope in NewObjectA - - JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status - - JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode - - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup - - JDK-8270184: [TESTBUG] Add coverage for jvmci ResolvedJavaType.toJavaName() for lambdas - - JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns incorrect type name for lambdas - - JDK-8270556: Exclude security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA - - JDK-8270893: IndexOutOfBoundsException while reading large TIFF file - - JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies - - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon - - JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj - - JDK-8272197: Update 11u GHA workflow with Shenandoah configurations - - JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790 - - JDK-8272472: StackGuardPages test doesn't build with glibc 2.34 - - JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used - - JDK-8272628: Problemlist gc/stress/gcbasher/TestGCBasherWithCMS.java for x86_32 - - JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848 - - JDK-8272772: Shenandoah: compiler/c2/aarch64/TestVolatilesShenandoah.java fails in 11u - - JDK-8273939: Backport of 8248414 to JDK11 breaks MacroAssembler::adrp - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8271434: Removed IdenTrust Root Certificate -=============================================== -The following root certificate from IdenTrust has been removed from -the `cacerts` keystore: - -Alias Name: identrustdstx3 [jdk] -Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co. - -JDK-8261922: Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280 -===================================================================================================== -The `gencert` command of the `keytool` utility has been updated to -create AKID from the SKID of the issuing certificate as specified by -RFC 5280. - -security-libs/javax.net.ssl: - -JDK-8210799: ChaCha20 and Poly1305 TLS Cipher Suites -==================================================== -New TLS cipher suites using the `ChaCha20-Poly1305` algorithm have -been added to JSSE. These cipher suites are enabled by default. The -TLS_CHACHA20_POLY1305_SHA256 cipher suite is available for TLS 1.3. -The following cipher suites are available for TLS 1.2: - -* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 -* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - -Refer to the "Java Secure Socket Extension (JSSE) Reference Guide" for -details on these new TLS cipher suites. - -JDK-8219551: Updated the Default Enabled Cipher Suites Preference -================================================================= -The preference of the default enabled cipher suites has been -changed. The compatibility impact should be minimal. If needed, -applications can customize the enabled cipher suites and the -preference. For more details, refer to the SunJSSE provider -documentation and the JSSE Reference Guide documentation. - -New in release OpenJDK 11.0.12 (2021-07-20): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11012 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.12.txt - -* Security fixes - - JDK-8256157: Improve bytecode assembly - - JDK-8256491: Better HTTP transport - - JDK-8258432, CVE-2021-2341: Improve file transfers - - JDK-8260453: Improve Font Bounding - - JDK-8260960: Signs of jarsigner signing - - JDK-8260967, CVE-2021-2369: Better jar file validation - - JDK-8262380: Enhance XML processing passes - - JDK-8262403: Enhanced data transfer - - JDK-8262410: Enhanced rules for zones - - JDK-8262477: Enhance String Conclusions - - JDK-8262967: Improve Zip file support - - JDK-8264066, CVE-2021-2388: Enhance compiler validation - - JDK-8264079: Improve abstractions - - JDK-8264460: Improve NTLM support -* Other changes - - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit - - JDK-7106851: Test should not use System.exit - - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137 - - JDK-8076190: Customizing the generation of a PKCS12 keystore - - JDK-8153005: Upgrade the default PKCS12 encryption/MAC algorithms - - JDK-8171303: sun/java2d/pipe/InterpolationQualityTest.java fails on Windows & Linux - - JDK-8177068: incomplete classpath causes NPE in Flow - - JDK-8185734: [Windows] Structured Exception Catcher missing around gtest execution - - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll - - JDK-8190763: Class cast exception on (CompoundEdit) UndoableEditEvent.getEdit() - - JDK-8195841: PNGImageReader.readNullTerminatedString() doesnt check for non-null terminated strings with length equal to maxLen - - JDK-8196100: javax/swing/text/JTextComponent/5074573/bug5074573.java fails - - JDK-8199646: JShell tests: jdk/jshell/FailOverDirectExecutionControlTest.java failed with java.lang.UnsupportedOperationException - - JDK-8206925: Support the certificate_authorities extension - - JDK-8207160: ClassReader::adjustMethodParams can potentially return null if the args list is empty - - JDK-8207247: AARCH64: Enable Minimal and Client VM builds - - JDK-8207404: MulticastSocket tests failing on AIX - - JDK-8207779: Method::is_valid_method() compares 'this' with NULL - - JDK-8208061: runtime/LoadClass/TestResize.java fails with "Load factor too high" when running in CDS mode. - - JDK-8209459: TestSHA512MultiBlockIntrinsics failed on AArch64 - - JDK-8210443: Migrate Locale matching tests to JDK Repo. - - JDK-8213231: ThreadSnapshot::_threadObj can become stale - - JDK-8213483: ARM32: runtime/ErrorHandling/ShowRegistersOnAssertTest.java jtreg test fail - - JDK-8213725: JShell NullPointerException due to class file with unexpected package - - JDK-8213794: ARM32: disable TypeProfiling, CriticalJNINatives, Serviceablity tests for ARM32 - - JDK-8213845: ARM32: Interpreter doesn't call result handler after native calls - - JDK-8214128: ARM32: wrong stack alignment on Deoptimization::unpack_frames - - JDK-8214512: ARM32: Jtreg test compiler/c2/Test8062950.java fails on ARM - - JDK-8214854: JDWP: Unforseen output truncation in logging - - JDK-8214922: Add vectorization support for fmin/fmax - - JDK-8215009: GCC 8 compilation error in libjli - - JDK-8216184: CDS/appCDS tests failed on Windows due to long path to a classlist file - - JDK-8216259: AArch64: Vectorize Adler32 intrinsics - - JDK-8216314: SIGILL in CodeHeapState::print_names() - - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking - - JDK-8217465: [REDO] - Optimize CodeHeap Analytics - - JDK-8217561: X86: Add floating-point Math.min/max intrinsics - - JDK-8217918: C2: -XX:+AggressiveUnboxing is broken - - JDK-8218458: [TESTBUG] runtime/NMT/CheckForProperDetailStackTrace.java fails with Expected stack trace missing from output - - JDK-8219142: Remove unused JIMAGE_ResourcePath - - JDK-8219586: CodeHeap State Analytics processes dead nmethods - - JDK-8220074: Clean up GCC 8.3 errors in LittleCMS - - JDK-8220407: compiler/intrinsics/math/TestFpMinMaxIntrinsics.java timedout - - JDK-8222302: [TESTBUG]test/hotspot/jtreg/compiler/intrinsics/sha/cli/TestUseSHAOptionOnUnsupportedCPU.java fails on any other CPU - - JDK-8222412: AARCH64: multiple instructions encoding issues - - JDK-8223020: aarch64: expand minI_rReg and maxI_rReg patterns into separate instructions - - JDK-8223444: Improve CodeHeap Free Space Management - - JDK-8223504: Improve performance of forall loops by better inlining of "iterator()" methods - - JDK-8223667: ASAN build broken - - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021 - - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails - - JDK-8225438: javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java failed with Read timed out - - JDK-8225756: [testbug] compiler/loopstripmining/CheckLoopStripMining.java sets too short a SafepointTimeoutDelay - - JDK-8226374: Restrict TLS signature schemes and named groups - - JDK-8226627: assert(t->singleton()) failed: must be a constant - - JDK-8226721: Missing intrinsics for Math.ceil, floor, rint - - JDK-8227080: (fs) Files.newInputStream(...).skip(n) is slow - - JDK-8227222: vmTestbase/jit/FloatingPoint/gen_math/Loops04/Loops04.java failed XMM register should be 0-15 - - JDK-8227609: (fs) Files.newInputStream(...).skip(n) should allow skipping beyond file size - - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp - - JDK-8231460: Performance issue (CodeHeap) with large free blocks - - JDK-8231713: x86_32 build failures after JDK-8226721 (Missing intrinsics for Math.ceil, floor, rint) - - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns - - JDK-8232084: HotSpot build failed with GCC 9.2.1 - - JDK-8232591: AArch64: Add missing match rules for smaddl, smsubl and smnegl - - JDK-8233185: HttpServer.stop() blocks indefinitely when called on dispatch thread - - JDK-8233787: Break cycle in vm_version* includes - - JDK-8233948: AArch64: Incorrect mapping between OptoReg and VMReg for high 64 bits of Vector Register - - JDK-8234355: Buffer overflow in jcmd GC.class_stats due to too many classes - - JDK-8235368: Update BCEL to Version 6.4.1 - - JDK-8236859: WebSocket over authenticating proxy fails with NPE - - JDK-8236992: AArch64: remove redundant load_klass in itable stub - - JDK-8237743: test/langtools/jdk/jshell/FailOverExecutionControlTest.java fails No ExecutionControlProvider with name 'nonExistent' and parameter keys: [] - - JDK-8237804: sun/security/mscapi tests fail with "Key pair not generated, alias already exists" - - JDK-8238175: CTW: Class.getDeclaredMethods fails with assert(k->is_subclass_of(SystemDictionary::Throwable_klass())) failed: invalid exception class - - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers - - JDK-8238812: assert(false) failed: bad AD file - - JDK-8239312: [macos] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java - - JDK-8239386: handle ContendedPaddingWidth in vm_version_aarch64 - - JDK-8239536: Can't use `java.util.List` object after importing `java.awt.List` - - JDK-8240487: Cleanup whitespace in .cc, .hh, .m, and .mm files - - JDK-8240848: ArrayIndexOutOfBoundsException buf for TextCallbackHandler - - JDK-8241082: Upgrade IANA Language Subtag Registry data to 03-16-2020 version - - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873 - - JDK-8241101: [s390] jtreg test failure after JDK-8238696: not conformant features string - - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93) - - JDK-8241372: Several test failures due to javax.net.ssl.SSLException: Connection reset - - JDK-8241475: AArch64: Add missing support for PopCountVI node - - JDK-8241829: Cleanup the code for PrinterJob on windows - - JDK-8241960: The SHA3 message digests impl of SUN provider are not thread safe after cloned - - JDK-8242010: Upgrade IANA Language Subtag Registry to Version 2020-04-01 - - JDK-8242429: Better implementation for sign extract - - JDK-8242557: Add length limit for strings in PNGImageWriter - - JDK-8242919: Paste locks up jshell - - JDK-8243155: AArch64: Add support for SqrtVF - - JDK-8243240: AArch64: Add support for MulVB - - JDK-8243452: JFR: Could not create chunk in repository with over 200 recordings - - JDK-8243559: Remove root certificates with 1024-bit keys - - JDK-8243597: AArch64: Add support for integer vector abs - - JDK-8244031: HttpClient should have more tests for HEAD requests - - JDK-8244205: HTTP/2 tunnel connections through proxy may be reused regardless of which proxy is selected - - JDK-8244847: Linux/PPC: runtime/CompressedOops/CompressedClassPointers: smallHeapTest fails - - JDK-8245511: G1 adaptive IHOP does not account for reclamation of humongous objects by young GC - - JDK-8246274: G1 old gen allocation tracking is not in a separate class - - JDK-8247354: [aarch64] PopFrame causes assert(oopDesc::is_oop(obj)) failed: not an oop - - JDK-8247408: IdealGraph bit check expression canonicalization - - JDK-8247432: Update IANA Language Subtag Registry to Version 2020-09-29 - - JDK-8247438: JShell: When FailOverExecutionControlProvider fails the proximal cause is not shown - - JDK-8247753: UIManager.getSytemLookAndFeelClassName() returns wrong value on Fedora 32 - - JDK-8248043: Need to eliminate excessive i2l conversions - - JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted - - JDK-8248568: compiler/c2/TestBit.java failed: test missing from stdout/stderr - - JDK-8248870: AARCH64: I2L/L2I conversions can be skipped for masked positive values - - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable - - JDK-8249189: AARCH64: more L2I conversions can be skipped - - JDK-8249719: MethodHandle performance suffers from bad ResolvedMethodTable hash function - - JDK-8249875: GCC 10 warnings -Wtype-limits with JFR code - - JDK-8250635: MethodArityHistogram should use Compile_lock in favour of fancy checks - - JDK-8250876: Fix issues with cross-compile on macos - - JDK-8251031: Some vmTestbase/nsk/monitoring/RuntimeMXBean tests fail with hostnames starting from digits - - JDK-8251525: AARCH64: Faster Math.signum(fp) - - JDK-8252259: AArch64: Adjust default value of FLOATPRESSURE - - JDK-8252311: AArch64: save two words in itable lookup stub - - JDK-8252779: compiler/graalunit/HotspotTest.java failed after 8251525 - - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows - - JDK-8253167: ARM32 builds fail after JDK-8247910 - - JDK-8253572: [windows] CDS archive may fail to open with long file names - - JDK-8253923: C2 doesn't always run loop opts for compilations that include loops - - JDK-8253948: Memory leak in ImageFileReader - - JDK-8254631: Better support ALPN byte wire values in SunJSSE - - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards - - JDK-8255086: Update the root locale display names - - JDK-8255625: AArch64: Implement Base64.encodeBlock accelerator/intrinsic - - JDK-8255763: C2: OSR miscompilation caused by invalid memory instruction placement - - JDK-8255992: JFR EventWriter does not use first string from StringPool with id 0 - - JDK-8256037: [TESTBUG] com/sun/jndi/dns/ConfigTests/PortUnreachable.java fails due to the hard coded threshold is small - - JDK-8256244: java/lang/ProcessHandle/PermissionTest.java fails with TestNG 7.1 - - JDK-8256287: [windows] add loop fuse to map_or_reserve_memory_aligned - - JDK-8256523: Streamline Java SHA2 implementation - - JDK-8257414: Drag n Drop target area is wrong on high DPI systems - - JDK-8257569: Failure observed with JfrVirtualMemory::initialize - - JDK-8257574: C2: "failed: parsing found no loops but there are some" assert failure - - JDK-8257580: Bump update version for OpenJDK: jdk-11.0.12 - - JDK-8257604: JNI_ArgumentPusherVaArg leaks valist - - JDK-8257621: JFR StringPool misses cached items across consecutive recordings - - JDK-8257796: [TESTBUG] TestUseSHA512IntrinsicsOptionOnSupportedCPU.java fails on x86_32 - - JDK-8257822: C2 crashes with SIGFPE due to a division that floats above its zero check - - JDK-8257828: SafeFetch may crash if invoked in non-JavaThreads - - JDK-8257853: Remove dependencies on JNF's JNI utility functions in AWT and 2D code - - JDK-8257858: [macOS]: Remove JNF dependency from libosxsecurity/KeystoreImpl.m - - JDK-8257860: [macOS]: Remove JNF dependency from libosxkrb5/SCDynamicStoreConfig.m - - JDK-8257988: Remove JNF dependency from libsaproc/MacosxDebuggerLocal.m - - JDK-8258414: OldObjectSample events too expensive - - JDK-8258505: [TESTBUG] TestDivZeroWithSplitIf.java fails due to missing UnlockDiagnosticVMOptions - - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues - - JDK-8259061: C2: assert(found) failed: memory-writing node is not placed in its original loop or an ancestor of it - - JDK-8259227: C2 crashes with SIGFPE due to a division that floats above its zero check - - JDK-8259232: Bad JNI lookup during printing - - JDK-8259276: C2: Empty expression stack when reexecuting tableswitch/lookupswitch instructions after deoptimization - - JDK-8259343: [macOS] Update JNI error handling in Cocoa code. - - JDK-8259585: Accessible actions do not work on mac os x - - JDK-8259651: [macOS] Replace JNF_COCOA_ENTER/EXIT macros - - JDK-8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl - - JDK-8259710: Inlining trace leaks memory - - JDK-8259729: Missed JNFInstanceOf -> IsInstanceOf conversion - - JDK-8259777: Incorrect predication condition generated by ADLC - - JDK-8259786: initialize last parameter of getpwuid_r - - JDK-8259843: initialize dli_fname array before calling dll_address_to_library_name - - JDK-8259869: [macOS] Remove desktop module dependencies on JNF Reference APIs - - JDK-8259886: Improve SSL session cache performance and scalability - - JDK-8259983: do not use uninitialized expand_ms value in G1CollectedHeap::expand_heap_after_young_collection - - JDK-8260030: Improve stringStream buffer handling - - JDK-8260236: better init AnnotationCollector _contended_group - - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized - - JDK-8260284: C2: assert(_base == Int) failed: Not an Int - - JDK-8260380: Upgrade to LittleCMS 2.12 - - JDK-8260420: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint - - JDK-8260426: awt debug_mem.c DMem_AllocateBlock might leak memory - - JDK-8260432: allocateSpaceForGP in freetypeScaler.c might leak memory - - JDK-8260616: Removing remaining JNF dependencies in the java.desktop module - - JDK-8260653: Unreachable nodes keep speculative types alive - - JDK-8260707: java/lang/instrument/PremainClass/InheritAgent0100.java times out - - JDK-8260925: HttpsURLConnection does not work with other JSSE provider. - - JDK-8260926: Trace resource exhausted events unconditionally - - JDK-8261020: Wrong format parameter in create_emergency_chunk_path - - JDK-8261027: AArch64: Support for LSE atomics C++ HotSpot code - - JDK-8261167: print_process_memory_info add a close call after fopen - - JDK-8261170: Upgrade to freetype 2.10.4 - - JDK-8261198: [macOS] Incorrect JNI parameters in number conversion in A11Y code - - JDK-8261235: C1 compilation fails with assert(res->vreg_number() == index) failed: conversion check - - JDK-8261261: The version extra fields needs to be overridable in jib-profiles.js - - JDK-8261262: Kitchensink24HStress.java crashed with EXCEPTION_ACCESS_VIOLATION - - JDK-8261354: SIGSEGV at MethodIteratorHost - - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding - - JDK-8261397: try catch Method failing to work when dividing an integer by 0 - - JDK-8261422: Adjust problematic String.format calls in jdk/internal/util/Preconditions.java outOfBoundsMessage - - JDK-8261447: MethodInvocationCounters frequently run into overflow - - JDK-8261481: Cannot read Kerberos settings in dynamic store on macOS Big Sur - - JDK-8261505: Test test/hotspot/jtreg/gc/parallel/TestDynShrinkHeap.java killed by Linux OOM Killer - - JDK-8261601: free memory in early return in Java_sun_nio_ch_sctp_SctpChannelImpl_receive0 - - JDK-8261649: AArch64: Optimize LSE atomics in C++ code - - JDK-8261730: C2 compilation fails with assert(store->find_edge(load) != -1) failed: missing precedence edge - - JDK-8261752: Multiple GC test are missing memory requirements - - JDK-8261791: (sctp) handleSendFailed in SctpChannelImpl.c potential leaks - - JDK-8261812: C2 compilation fails with assert(!had_error) failed: bad dominance - - JDK-8261914: IfNode::fold_compares_helper faces non-canonicalized bool when running JRuby JSON workload - - JDK-8262093: java/util/concurrent/tck/JSR166TestCase.java failed "assert(false) failed: unexpected node" - - JDK-8262110: DST starts from incorrect time in 2038 - - JDK-8262121: [11u] Redo 8244287: JFR: Methods samples have line number 0 - - JDK-8262163: Extend settings printout in jcmd VM.metaspace - - JDK-8262295: C2: Out-of-Bounds Array Load from Clone Source - - JDK-8262298: G1BarrierSetC2::step_over_gc_barrier fails with assert "bad barrier shape" - - JDK-8262446: DragAndDrop hangs on Windows - - JDK-8262461: handle wcstombsdmp return value correctly in unix awt_InputMethod.c - - JDK-8262465: Very long compilation times and high memory consumption in C2 debug builds - - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack - - JDK-8262739: String inflation C2 intrinsic prevents insertion of anti-dependencies - - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames() - - JDK-8262837: handle split_USE correctly - - JDK-8262900: ToolBasicTest fails to access HTTP server it starts - - JDK-8263260: [s390] Support latest hardware (z14 and z15) - - JDK-8263311: Watch registry changes for remote printers update instead of polling - - JDK-8263361: Incorrect arraycopy stub selected by C2 for SATB collectors - - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec - - JDK-8263425: AArch64: two potential bugs in C1 LIRGenerator::generate_address() - - JDK-8263448: CTW: fatal error: meet not symmetric - - JDK-8263504: Some OutputMachOpcodes fields are uninitialized - - JDK-8263557: Possible NULL dereference in Arena::destruct_contents() - - JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true - - JDK-8263676: AArch64: one potential bug in C1 LIRGenerator::generate_address() - - JDK-8263729: [test] divert spurious output away from stream under test in ProcessBuilder Basic test - - JDK-8263846: Bad JNI lookup getFocusOwner in accessibility code on Mac OS X - - JDK-8264047: Duplicate global variable 'jvm' in libjavajpeg and libawt - - JDK-8264096: slowdebug jvm crashes when StrInflatedCopy match rule is not supported - - JDK-8264151: ciMethod::ensure_method_data() should return false is loading resulted in empty state - - JDK-8264173: [s390] Improve Hardware Feature Detection And Reporting - - JDK-8264190: Harden TLS interop tests - - JDK-8264223: CodeHeap::verify fails extra_hops assertion in fastdebug test - - JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java - - JDK-8264360: Loop strip mining verification fails with "should be on the backedge" - - JDK-8264626: C1 should be able to inline excluded methods - - JDK-8264640: CMS ParScanClosure misses a barrier - - JDK-8264786: [macos] All Swing/AWT apps cause Allow Notifications prompt to appear when app is launched - - JDK-8264821: DirectIOTest fails on a system with large block size - - JDK-8264848: [macos] libjvm.dylib linker warning due to macOS version mismatch - - JDK-8264923: PNGImageWriter.write_zTXt throws Exception with a typo - - JDK-8264958: C2 compilation fails with assert "n is later than its clone" - - JDK-8265099: Revert backport to 11u of 8236859: WebSocket over authenticating proxy fails with NPE - - JDK-8265154: vinserti128 operand mix up for KNL platforms - - JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1 - - JDK-8265417: Backport of JDK-8249672 breaks Solaris x86 build - - JDK-8265421: java/lang/String/StringRepeat.java test is missing a memory requirement - - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod - - JDK-8265537: x86 version string truncated after JDK-8249672 11u backport - - JDK-8265666: Enable AIX build platform to make external debug symbols - - JDK-8265677: CMS: CardTableBarrierSet::write_ref_array_work() lacks storestore barrier - - JDK-8265690: Use the latest Ubuntu base image version in Docker testing - - JDK-8265718: Build failure after JDK-8258414 11u backport - - JDK-8265750: Fatal error in safepoint.cpp after backport of 8258414 - - JDK-8265784: [C2] Hoisting of DecodeN leaves MachTemp inputs behind - - JDK-8265938: C2's conditional move optimization does not handle top Phi - - JDK-8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified - - JDK-8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long" - - JDK-8266713: [AIX] Build failure after 11u backport of JDK-8247753 - - JDK-8266802: Shenandoah: Round up region size to page size unconditionally - - JDK-8266892: avoid maybe-uninitialized gcc warnings on linux s390x - - JDK-8266929: Unable to use algorithms from 3p providers - - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash - - JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC - - JDK-8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u - - JDK-8267641: [11u] 8227609 backport typo - - JDK-8267721: Enable sun/security/pkcs11 tests for Amazon Linux 2 AArch64 - - JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8215293: Customizing PKCS12 keystore Generation -=================================================== -New system and security properties have been added to enable users to -customize the generation of PKCS #12 keystores. This includes -algorithms and parameters for key protection, certificate protection, -and MacData. The detailed explanation and possible values for these -properties can be found in the "PKCS12 KeyStore properties" section of -the `java.security` file. - -Also, support for the following SHA-2 based HmacPBE algorithms has -been added to the SunJCE provider: - -* HmacPBESHA224 -* HmacPBESHA256 -* HmacPBESHA384 -* HmacPBESHA512 -* HmacPBESHA512/224 -* HmacPBESHA512/256 - -JDK-8256902: Removed Root Certificates with 1024-bit Keys -========================================================= -The following root certificates with weak 1024-bit RSA public keys -have been removed from the `cacerts` keystore: - -Alias Name: thawtepremiumserverca [jdk] -Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA - -Alias Name: verisignclass2g2ca [jdk] -Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US - -Alias Name: verisignclass3ca [jdk] -Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US - -Alias Name: verisignclass3g2ca [jdk] -Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US - -Alias Name: verisigntsaca [jdk] -Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA - -JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate -================================================================= - -The following root certificate have been removed from the cacerts truststore: - -Alias Name: soneraclass2ca -Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI - -JDK-8242069: Upgraded the Default PKCS12 Encryption and MAC Algorithms -====================================================================== -The default encryption and MAC algorithms used in a PKCS #12 keystore -have been updated. The new algorithms are based on AES-256 and SHA-256 -and are stronger than the old algorithms that were based on RC2, -DESede, and SHA-1. See the security properties starting with -`keystore.pkcs12` in the `java.security` file for detailed -information. - -For compatibility, a new system property named -`keystore.pkcs12.legacy` is defined that will revert the algorithms to -use the older, weaker algorithms. There is no value defined for this -property. - -security-libs/javax.net.ssl: - -JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values -========================================================================================= -Certain TLS ALPN values couldn't be properly read or written by the -SunJSSE provider. This is due to the choice of Strings as the API -interface and the undocumented internal use of the UTF-8 Character Set -which converts characters larger than U+00007F (7-bit ASCII) into -multi-byte arrays that may not be expected by a peer. - -ALPN values are now represented using the network byte representation -expected by the peer, which should require no modification for -standard 7-bit ASCII-based character Strings. However, SunJSSE now -encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1 -characters. This means applications that used characters above -U+000007F that were previously encoded using UTF-8 may need to either -be modified to perform the UTF-8 conversion, or set the Java security -property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior. - -See the updated guide at -https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html -for more information. - -JDK-8244460: Support for certificate_authorities Extension -========================================================== -The "certificate_authorities" extension is an optional extension -introduced in TLS 1.3. It is used to indicate the certificate -authorities (CAs) that an endpoint supports and should be used by the -receiving endpoint to guide certificate selection. - -With this JDK release, the "certificate_authorities" extension is -supported for TLS 1.3 in both the client and the server sides. This -extension is always present for client certificate selection, while it -is optional for server certificate selection. - -Applications can enable this extension for server certificate -selection by setting the `jdk.tls.client.enableCAExtension` system -property to `true`. The default value of the property is `false`. - -Note that if the client trusts more CAs than the size limit of the -extension (less than 2^16 bytes), the extension is not enabled. Also, -some server implementations do not allow handshake messages to exceed -2^14 bytes. Consequently, there may be interoperability issues when -`jdk.tls.client.enableCAExtension` is set to `true` and the client -trusts more CAs than the server implementation limit. - -New in release OpenJDK 11.0.11 (2021-04-20): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11011 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt - -* Security fixes - - JDK-8244473: Contextualize registration for JNDI - - JDK-8244543: Enhanced handling of abstract classes - - JDK-8249906, CVE-2021-2163: Enhance opening JARs - - JDK-8250568, CVE-2021-2161: Less ambiguous processing - - JDK-8253799: Make lists of normal filenames - - JDK-8257001: Improve Http Client Support -* Other changes - - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled - - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection - - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing - - JDK-8168869: jdeps: localized messages don't use proper line breaks - - JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID - - JDK-8202343: Disable TLS 1.0 and 1.1 - - JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers - - JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes - - JDK-8210413: AArch64: Optimize div/rem by constant in C1 - - JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction - - JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar - - JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output - - JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak - - JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module - - JDK-8212043: Add floating-point Math.min/max intrinsics - - JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out - - JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows - - JDK-8213909: jdeps --print-module-deps should report missing dependences - - JDK-8214180: Need better granularity for sleeping - - JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file - - JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable - - JDK-8214741: docs/index.html has no title or copyright - - JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043 - - JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails - - JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown - - JDK-8218550: Add test omitted from JDK-8212043 - - JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event - - JDK-8221995: AARCH64: problems with CAS instructions encoding - - JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread - - JDK-8222785: aarch64: add necessary masking for immediate shift counts - - JDK-8223186: HotSpot compile warnings from GCC 9 - - JDK-8225773: jdeps --check produces NPE if there are missing module dependences - - JDK-8225805: Java Access Bridge does not close the logger - - JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props - - JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line - - JDK-8229474: Shenandoah: Cleanup CM::update_roots() - - JDK-8232225: Rework the fix for JDK-8071483 - - JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant - - JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain - - JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system - - JDK-8233912: aarch64: minor improvements of atomic operations - - JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier - - JDK-8234742: Improve handshake logging - - JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure - - JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate - - JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag - - JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test - - JDK-8237392: Shenandoah: Remove unreliable assertion - - JDK-8237483: AArch64 C1 OopMap inserted twice fatal error - - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7 - - JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS) - - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1 - - JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent." - - JDK-8240751: Shenandoah: fold ShenandoahTracer definition - - JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found" - - JDK-8241598: Upgrade JLine to 3.14.0 - - JDK-8241649: Optimize Character.toString - - JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module - - JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I - - JDK-8242030: Wrong package declarations in jline classes after JDK-8241598 - - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled - - JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox - - JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal - - JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI - - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files - - JDK-8244340: Handshake processing thread lacks yielding - - JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file - - JDK-8244683: A TSA server used by tests - - JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant - - JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused - - JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent - - JDK-8245512: CRC32 optimization using AVX512 instructions - - JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos - - JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel - - JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683 - - JDK-8247200: assert((unsigned)fpargs < 32) - - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn. - - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit - - JDK-8248865: Document JNDI/LDAP timeout properties - - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken. - - JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent - - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows - - JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash - - JDK-8249787: Make TestGCLocker more resilient with concurrent GCs - - JDK-8249867: xml declaration is not followed by a newline - - JDK-8250911: [windows] os::pd_map_memory() error detection broken - - JDK-8251255: [linux] Add process-memory information to hs-err and VM.info - - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier - - JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance - - JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java - - JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X - - JDK-8253220: Epsilon: clean up unused code/declarations - - JDK-8253274: The CycleDMImagetest brokes the system - - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node - - JDK-8253368: TLS connection always receives close_notify exception - - JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms - - JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop() - - JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit - - JDK-8253409: Double-rounding possibility in float fma - - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities - - JDK-8253524: C2: Refactor code that clones predicates during loop unswitching - - JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected - - JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed - - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn - - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*) - - JDK-8254104: MethodCounters must exist before nmethod is installed - - JDK-8254734: "dead loop detected" assert failure with patch from 8223051 - - JDK-8254748: Bad Copyright header format after JDK-8212218 - - JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs - - JDK-8255058: C1: assert(is_virtual()) failed: type check - - JDK-8255351: Add detection for Graviton 2 CPUs - - JDK-8255387: Japanese characters were printed upside down on AIX - - JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity - - JDK-8255544: Create a checked cast - - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() - - JDK-8255681: print callstack in error case in runAWTLoopWithApp - - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too - - JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls - - JDK-8255845: Memory leak in imageFile.cpp - - JDK-8255880: UI of Swing components is not redrawn after their internal state changed - - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem - - JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls - - JDK-8256056: Deoptimization stub doesn't save vector registers on x86 - - JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers - - JDK-8256187: [TEST_BUG] Automate bug4275046.java test - - JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg - - JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe - - JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows - - JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32 - - JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails - - JDK-8256387: Unexpected result if patching an entire instruction on AArch64 - - JDK-8256421: Add 2 HARICA roots to cacerts truststore - - JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory - - JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners - - JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2 - - JDK-8256633: Fix product build on Windows+Arm64 - - JDK-8256682: JDK-8202343 is incomplete - - JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file - - JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32 - - JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test - - JDK-8256807: C2: Not marking stores correctly as mismatched in string opts - - JDK-8256810: Incremental rebuild broken on Macosx - - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources - - JDK-8256888: Client manual test problem list update - - JDK-8257083: Security infra test failures caused by JDK-8202343 - - JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11 - - JDK-8257423: [PPC64] Support -XX:-UseInlineCaches - - JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on - - JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset()) - - JDK-8257547: Handle multiple prereqs on the same line in deps files - - JDK-8257561: Some code is not vectorized after 8251925 and 8250607 - - JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler - - JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification - - JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle - - JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm - - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks - - JDK-8257707: Fix incorrect format string in Http1HeaderParser - - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines - - JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset() - - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test - - JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime. - - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 - - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region - - JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234 - - JDK-8258247: Couple of issues in fix for JDK-8249906 - - JDK-8258373: Update the text handling in the JPasswordField - - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() - - JDK-8258419: RSA cipher buffer cleanup - - JDK-8258471: "search codecache" clhsdb command does not work - - JDK-8258534: Epsilon: clean up unused includes - - JDK-8258805: Japanese characters not entered by mouse click on Windows 10 - - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures - - JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo - - JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test - - JDK-8259007: This test printed a blank page - - JDK-8259049: Uninitialized variable after JDK-8257513 - - JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false - - JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState - - JDK-8259231: Epsilon: improve performance under contention during virtual space expansion - - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region" - - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days - - JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes - - JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input - - JDK-8259428: AlgorithmId.getEncodedParams() should return copy - - JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty - - JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags - - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect - - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543 - - JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value - - JDK-8259707: LDAP channel binding does not work with StartTLS extension - - JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction - - JDK-8259849: Shenandoah: Rename store-val to IU-barrier - - JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp - - JDK-8260029: aarch64: fix typo in verify_oop_array - - JDK-8260308: Update LogCompilation junit to 4.13.1 - - JDK-8260338: Some fields in HaltNode is not cloned - - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS - - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a - - JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive - - JDK-8260497: Shenandoah: Improve SATB flushing - - JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict - - JDK-8260632: Build failures after JDK-8253353 - - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end - - JDK-8261022: Fix incorrect result of Math.abs() with char type - - JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x - - JDK-8261183: Follow on to Make lists of normal filenames - - JDK-8261209: isStandalone property: remove dependency on pretty-print - - JDK-8261231: Windows IME was disabled after DnD operation - - JDK-8261251: Shenandoah: Use object size for full GC humongous compaction - - JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined - - JDK-8261334: NMT: tuning statistic shows incorrect hash distribution - - JDK-8261413: Shenandoah: Disable class-unloading in I-U mode - - JDK-8261522: [PPC64] AES intrinsics write beyond the destination array - - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined - - JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap - - JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702 - - JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u - - JDK-8261912: Code IfNode::fold_compares_helper more defensively - - JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales - - JDK-8262018: Wrong format in SAP copyright header of OsVersionTest - - JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator - -Notes on individual issues: -=========================== - -core-libs/javax.naming: - -JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos -=============================================================== -A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has -been added to enable TLS Channel Binding data in LDAP authentication -over SSL/TLS protocol to the Windows AD server. The only valid value -at present is "tls-server-end-point", where channel binding data is -created on the base of the TLS server certificate. See RFC-5929 [0] -and the module description of the `java.naming` module for further -details. - -[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt - -security-libs/java.security: - -JDK-8260597: Added 2 HARICA Root CA Certificates -================================================ -The following root certificates have been added to the cacerts truststore: - -Alias Name: haricarootca2015 -Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - -Alias Name: haricaeccrootca2015 -Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - -security-libs/javax.net.ssl: - -JDK-8256490: Disable TLS 1.0 and 1.1 -==================================== -TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer -considered secure and have been superseded by more secure and modern -versions (TLS 1.2 and 1.3). - -These versions have now been disabled by default. If you encounter -issues, you can, at your own risk, re-enable the versions by removing -"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` -security property in the `java.security` configuration file. - -tools: - -JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies -====================================================================== -`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps` -options have been enhanced as follows. - -1. By default, they perform transitive module dependence analysis on -libraries on the class path and module path, both directly and -indirectly, as required by the given input JAR files or -classes. Previously, they only reported the modules required by the -given input JAR files or classes. The `--no-recursive` option can be -used to request non-transitive dependence analysis. - -2. By default, they flag any missing dependency, i.e. not found from -class path and module path, as an error. The `--ignore-missing-deps` -option can be used to suppress missing dependence errors. Note that a -custom image is created with the list of modules output by jdeps when -using the `--ignore-missing-deps` option for a non-modular -application. Such an application, running on the custom image, might -fail at runtime when missing dependence errors are suppressed. - -xml/jaxp: - -JDK-8249867 XML declaration is not followed by a newline -======================================================== - -The DOM Load and Save `LSSerializer` does not have an explicit control -for whether or not the XML Declaration ends with a newline. In this -release, a JDK implementation specific property -`http://www.oracle.com/xml/jaxp/properties/isStandalone` and -corresponding System property `jdk.xml.isStandalone` are added to -control the addition of a newline and act independently without -having to set the pretty-print property. This property can be used to -reverse the incompatible change introduced in Java SE 7 Update 4 with -an update of Xalan 2.7.1 where a newline is omitted when pretty-print -is required. - -For details, please refer to the bug report and the java.xml module-summary. - -Usage: - -// to set the property, get an instance of LSSerializer and set it along with pretty-print -LSSerializer ser = impl.createLSSerializer(); -ser.getDomConfig().setParameter("format-pretty-print", true); -ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true); - -// to use the System property, set it before initializing a LSSerializer -System.setProperty("jdk.xml.isStandalone", “true”); - -// to clear the property, place the line anywhere after the LSSerializer is initialized -System.clearProperty("jdk.xml.isStandalone"); - -New in release OpenJDK 11.0.10 (2021-01-19): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11010 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.10.txt - -* Security fixes - - JDK-8247619: Improve Direct Buffering of Characters -* Other changes - - JDK-6722928: Support SSPI as a native GSS-API provider - - JDK-7185258: [macosx] Deadlock in SunToolKit.realSync() - - JDK-8152332: [macosx] JFileChooser cannot be serialized on Mac OS X - - JDK-8161684: [testconf] Add VerifyOops' testing into compiler tiers - - JDK-8171279: Support X25519 and X448 in TLS - - JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load - - JDK-8173658: JvmtiExport::post_class_unload() is broken for non-JavaThread initiators - - JDK-8191006: hsdis disassembler plugin does not compile with binutils 2.29+ - - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8 - - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode - - JDK-8200151: Add 8 JNDI tests to com/sun/jndi/dns/ConfigTests/ - - JDK-8208279: Add 8 JNDI tests to com/sun/jndi/dns/EnvTests/ - - JDK-8208483: Add 5 JNDI tests to com/sun/jndi/dns/FactoryTests/ - - JDK-8208542: Add 4 JNDI tests to com/sun/jndi/dns/ListTests/ - - JDK-8208665: Amend cross-compilation docs with qemu-debootstrap recipe - - JDK-8210088: ProblemList gc/epsilon/TestMemoryMXBeans.java - - JDK-8210339: Add 10 JNDI tests to com/sun/jndi/dns/FedTests/ - - JDK-8211450: UndetVar::dup is not copying the kind field to the duplicated instance - - JDK-8212160: JVMTI agent crashes with "assert(_value != 0LL) failed: resolving NULL _value" - - JDK-8212226: SurfaceManager throws "Invalid Image variant" for MultiResolutionImage (Windows) - - JDK-8213400: Support choosing group name in keytool keypair generation - - JDK-8213535: Windows HiDPI html lightweight tooltips are truncated - - JDK-8213698: Improve devkit creation and add support for linux/ppc64/ppc64le/s390x - - JDK-8214025: assert(t->singleton()) failed: must be a constant when ScavengeRootsInCode < 2 - - JDK-8214242: compiler/arguments/TestScavengeRootsInCode.java fails because of missing UnlockDiagnosticVMOptions - - JDK-8214787: Zero builds fail with "undefined JavaThread::thread_state()" - - JDK-8215583: Exclude runtime/handshake/HandshakeWalkSuspendExitTest.java - - JDK-8216012: Infinite loop in RSA KeyPairGenerator - - JDK-8216324: GetClassMethods is confused by the presence of default methods in super interfaces - - JDK-8217429: WebSocket over authenticating proxy fails to send Upgrade headers - - JDK-8217976: test/jdk/java/net/httpclient/websocket/WebSocketProxyTest.java fails intermittently - - JDK-8218021: Have jarsigner preserve posix permission attributes - - JDK-8218287: jshell tool: input behavior unstable after 12-ea+24 on Windows - - JDK-8218851: JVM crash in custom classloader stress test, JDK 12 & 13 - - JDK-8220420: Cleanup c1_LinearScan - - JDK-8222072: JVMTI GenerateEvents() sends CompiledMethodLoad events to wrong jvmtiEnv - - JDK-8222286: Fix for JDK-8213419 is broken on s390 - - JDK-8222527: HttpClient doesn't send HOST header when tunelling HTTP/1.1 through http proxy - - JDK-8222533: jtreg test jdk/internal/platform/cgroup/TestCgroupMetrics.java fails on SLES12.3 linux ppc64le machine - - JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137 - - JDK-8224555: vmTestbase/nsk/jvmti/scenarios/contention/TC02/tc02t001/TestDescription.java failed - - JDK-8224650: Add tests to support X25519 and X448 in TLS - - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs - - JDK-8225329: -XX:+PrintBiasedLockingStatistics causes crash during initialization on Windows platforms - - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors - - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100 - - JDK-8227275: Within native OOM error handling, assertions may hang the process - - JDK-8227647: [Graal] Test8009761.java fails due to "RuntimeException: static java.lang.Object compiler.uncommontrap.Test8009761.m3(boolean,boolean) not compiled" - - JDK-8229495: SIGILL in C2 generated OSR compilation - - JDK-8230910: libsspi_bridge does not build on Windows 32bit - - JDK-8232114: JVM crashed at imjpapi.dll in native code - - JDK-8234147: Avoid looking up standard charsets in core libraries - - JDK-8234393: [macos] printing ignores printer tray - - JDK-8234863: Increase default value of MaxInlineLevel - - JDK-8235218: Minimal VM is broken after JDK-8173361 - - JDK-8235456: Minimal VM is broken after JDK-8212160 - - JDK-8235829: graal crashes with Zombie.java test - - JDK-8236124: Minimal VM slowdebug build failed after JDK-8212160 - - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding - - JDK-8236944: The legVecZ operand should be limited to zmm0-zmm15 registers - - JDK-8237186: Fix typo in copyright header of java/io/Reader/TransferTo.java - - JDK-8237499: JFR: Include stack trace in the ThreadStart event - - JDK-8237512: AArch64: aarch64TestHook leaks a BufferBlob - - JDK-8237524: AArch64: String.compareTo() may return incorrect result - - JDK-8237950: C2 compilation fails with "Live Node limit exceeded limit" during ConvI2L::Ideal optimization - - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read - - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test - - JDK-8239477: jdk/jfr/jcmd/TestJcmdStartStopDefault.java fails -XX:+VerifyOops with "verify_oop: rsi: broken oop" - - JDK-8239497: SEGV in EdgeUtils::field_name_symbol(Edge const&) - - JDK-8239886: Minimal VM build fails after JDK-8237499 - - JDK-8240633: Memory leaks in the implementations of FileChooserUI - - JDK-8240690: Race condition between EDT and BasicDirectoryModel.FilesLoader.run0() - - JDK-8241234: Unify monitor enter/exit runtime entries. - - JDK-8241311: Move some charset mapping tests from closed to open - - JDK-8241797: Add some tests to the problem list - - JDK-8242029: AArch64: skip G1 array copy pre-barrier if marking not active - - JDK-8242335: Additional Tests for RSASSA-PSS - - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker - - JDK-8242614: cleanup duplicated test ldap server in some com/sun/jndi/ldap/ tests - - JDK-8242846: Bring back test/jdk/tools/jlink/plugins/OrderResourcesPluginTest.java - - JDK-8243114: Implement montgomery{Multiply,Square}intrinsics on Windows - - JDK-8243290: Improve diagnostic messages for class verification and redefinition failures - - JDK-8243488: Add tests for set/get SendBufferSize and getReceiveBufferSize in DatagramSocket - - JDK-8243549: sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java failed with Unsupported signature algorithm: DSA - - JDK-8243617: compiler/onSpinWait/TestOnSpinWaitC1.java test uses wrong class - - JDK-8243619: compiler/codecache/CheckSegmentedCodeCache.java test misses -version - - JDK-8244142: some hotspot/runtime tests don't check exit code of forked JVM - - JDK-8244278: Excessive code cache flushes and sweeps - - JDK-8244282: test/hotspot/jtreg/compiler/intrinsics/Test8237524.java fails with --illegal-access=deny - - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11 - - JDK-8244819: hsdis does not compile with binutils 2.34+ - - JDK-8245051: c1 is broken if it is compiled by gcc without -fno-lifetime-dse - - JDK-8245168: jlink should not be treated as a "small" tool - - JDK-8245400: Upgrade to LittleCMS 2.11 - - JDK-8246381: VM crashes with "Current BasicObjectLock* below than low_mark" - - JDK-8246434: Threads::print_on_error assumes that the heap has been set up - - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 - - JDK-8247201: Print potential pointer value of readable stack memory in hs_err file - - JDK-8247763: assert(outer->outcnt() == 2) failed: 'only phis' failure in LoopNode::verify_strip_mined() - - JDK-8247867: Upgrade to freetype 2.10.2 - - JDK-8248190: Enable Power10 system and implement new byte-reverse instructions - - JDK-8248226: TestCloneAccessStressGCM fails with -XX:-ReduceBulkZeroing - - JDK-8248347: windows build broken by JDK-8243114 - - JDK-8248532: Every time I change keyboard language at my MacBook, Java crashes - - JDK-8248552: C2 crashes with SIGFPE due to division by zero - - JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled - - JDK-8248745: Add jarsigner and keytool tests for restricted algorithms - - JDK-8248791: sun/util/resources/cldr/TimeZoneNamesTest.java fails with -XX:-ReduceInitialCardMarks -XX:-ReduceBulkZeroing - - JDK-8248845: AArch64: stack corruption after spilling vector register - - JDK-8249176: Update GlobalSignR6CA test certificates - - JDK-8249183: JVM crash in "AwtFrame::WmSize" method - - JDK-8249192: MonitorInfo stores raw oops across safepoints - - JDK-8249602: C2: assert(cnt == _outcnt) failed: no insertions allowed - - JDK-8249603: C1: assert(has_error == false) failed: register allocation invalid - - JDK-8249605: C2: assert(no_dead_loop) failed: dead loop detected - - JDK-8249607: C2: assert(!had_error) failed: bad dominance - - JDK-8249608: Vector register used by C2 compiled method corrupted at safepoint - - JDK-8249672: Include microcode revision in features_string on x86 - - JDK-8249748: gtest silently ignores bad jvm arguments - - JDK-8249821: Separate libharfbuzz from libfontmanager - - JDK-8250598: Hyper-V is detected in spite of running on host OS - - JDK-8250605: Linux x86_32 builds fail after JDK-8249821 - - JDK-8250636: iso8601_time returns incorrect offset part on MacOS - - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY - - JDK-8250772: Test com/sun/jndi/ldap/NamingExceptionMessageTest.java fails intermittently with javax.naming.ServiceUnavailableException - - JDK-8250825: C2 crashes with assert(field != __null) failed: missing field - - JDK-8250894: Provide a configure option to build and run against the platform libharfbuzz - - JDK-8250928: JFR: Improve hash algorithm for stack traces - - JDK-8250968: Symlinks attributes not preserved when using jarsigner on zip files - - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities - - JDK-8251118: BiasedLocking::preserve_marks should not have a HandleMark - - JDK-8251189: com/sun/jndi/ldap/LdapDnsProviderTest.java failed due to timeout - - JDK-8251257: NMT: jcmd VM.native_memory scale=1 crashes target VM - - JDK-8251365: Build failure on AIX after 8250636 - - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray - - JDK-8251456: [TESTBUG] compiler/vectorization/TestVectorsNotSavedAtSafepoint.java failed OutOfMemoryError - - JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed" - - JDK-8251535: Partial peeling at unsigned test adds incorrect loop exit check - - JDK-8251949: ZGC: Set explicit heap size for compiler/gcbarriers tests - - JDK-8252090: JFR: StreamWriterHost::write_unbuffered() stucks in an infinite loop OpenJDK (build 13.0.1+9) - - JDK-8252415: Bump update version for OpenJDK: jdk-11.0.10 - - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows - - JDK-8252497: Incorrect numeric currency code for ROL - - JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option - - JDK-8252679: Two windows specific FileDIalog tests may fail on some Windows_Server_2016_Standard - - JDK-8252696: Loop unswitching may cause out of bound array load to be executed - - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent - - JDK-8253219: Epsilon: clean up unnecessary includes - - JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues() - - JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify - - JDK-8253269: The CheckCommonColors test should provide more info on failure - - JDK-8253284: Zero OrderAccess barrier mappings are incorrect - - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209) - - JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads - - JDK-8253791: Issue with useAppleColor check in CSystemColors.m - - JDK-8254016: Test8237524 fails with -XX:-CompactStrings option - - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate - - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp - - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp - - JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b - - JDK-8254185: Fix Code cache sweeper heuristics for JDK 11 - - JDK-8254190: [s390] interpreter misses exception check after calling monitorenter - - JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics - - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations - - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c - - JDK-8255050: Add pkcs11/KeyStore/ClientAuth.sh to Problem list - - JDK-8255065: Zero: accessor_entry misses the IRIW case - - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d - - JDK-8255269: Unsigned overflow in g1Policy.cpp - - JDK-8255365: Problem list failing client manual tests - - JDK-8255457: Shenandoah: cleanup ShenandoahMarkTask - - JDK-8255466: C2 crashes at ciObject::get_oop() const+0x0 - - JDK-8255550: x86: Assembler::cmpq(Address dst, Register src) encoding is incorrect - - JDK-8255603: Memory/Performance regression after JDK-8210985 - - JDK-8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback - - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java - - JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX - - JDK-8256452: Integrate missing part of JDK-8232370 to 11u - - JDK-8256483: [TESTBUG] serviceability/jvmti/GetClassMethods/libOverpassMethods.c fails to compile on gcc 4.4.x - - JDK-8256557: libharfbuzz fails to link on gcc 4.4.x due to -Wl,-z,defs - - JDK-8256618: Zero: Linux x86_32 build still fails - - JDK-8256736: Zero: GTest tests fail with "unsuppported vm variant" - - JDK-8256809: Annotation processing causes NPE during flow analysis - - JDK-8257181: s390x builds are very noisy with gc-sections messages - - JDK-8257242: [macOS] Java app crashes while switching input methods - - JDK-8257545: SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport - - JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false - - JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays - - JDK-8258630: Add expiry exception for QuoVadis root certificate - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8213821: -groupname Option Added to keytool Key Pair Generation -=================================================================== -A new `-groupname` option has been added to `keytool -genkeypair` so -that a user can specify a named group when generating a key pair. For -example, `keytool -genkeypair -keyalg EC -groupname secp384r1` will -generate an EC key pair by using the `secp384r1` curve. Because there -might be multiple curves with the same size, using the `-groupname` -option is preferred over the `-keysize` option. - -JDK-8248263: jarsigner Preserves POSIX File Permission and symlink Attributes -============================================================================= -When signing a file that contains POSIX file permission or symlink -attributes, `jarsigner` now preserves these attributes in the newly -signed file but warns that these attributes are unsigned and not -protected by the signature. The same warning is printed during the -`jarsigner -verify` operation for such files. - -Note that the `jar` tool does not read/write these attributes. This -change is more visible to tools like `unzip` where these attributes -are preserved. - -security-libs/javax.net.ssl: - -JDK-8225764: Support for X25519 and X448 in TLS -================================================ - -The named elliptic curve groups `x25519` and `x448` are now available -for JSSE key agreement in TLS versions 1.0 to 1.3, with `x25519` being -the most preferred of the default enabled named groups. The default -ordered list is now: - -* x25519 -* secp256r1 -* secp384r1 -* secp521r1 -* x448 -* secp256k1 -* ffdhe2048 -* ffdhe3072 -* ffdhe4096 -* ffdhe6144 -* ffdhe8192 - -The default list can be overridden using the system property *`jdk.tls.namedGroups`*. - -security-libs/org.ietf.jgss: - -JDK-8214079: Added a Default Native GSS-API Library on Windows -============================================================== -A native GSS-API library has been added to JDK on the Windows -platform. The library is client-side only and uses the default -credentials. It will be loaded when the `sun.security.jgss.native` -system property is set to "true". A user can still load a third-party -native GSS-API library by setting the system property -`sun.security.jgss.lib` to its path. - -New in release OpenJDK 11.0.9.1 (2020-10-20): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11091 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.1.txt - -* Regression fixes - - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) - -New in release OpenJDK 11.0.9 (2020-10-20): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/openjdk1109 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt - -* Security fixes - - JDK-8233624: Enhance JNI linkage - - JDK-8236196: Improve string pooling - - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class - - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts - - JDK-8237995, CVE-2020-14782: Enhance certificate processing - - JDK-8240124: Better VM Interning - - JDK-8241114, CVE-2020-14792: Better range handling - - JDK-8242680, CVE-2020-14796: Improved URI Support - - JDK-8242685, CVE-2020-14797: Better Path Validation - - JDK-8242695, CVE-2020-14798: Enhanced buffer support - - JDK-8243302: Advanced class supports - - JDK-8244136, CVE-2020-14803: Improved Buffer supports - - JDK-8244479: Further constrain certificates - - JDK-8244955: Additional Fix for JDK-8240124 - - JDK-8245407: Enhance zoning of times - - JDK-8245412: Better class definitions - - JDK-8245417: Improve certificate chain handling - - JDK-8248574: Improve jpeg processing - - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit - - JDK-8253019: Enhanced JPEG decoding -* Other changes - - JDK-6532025: GIF reader throws misleading exception with truncated images - - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop - - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails - - JDK-8062947: Fix exception message to correctly represent LDAP connection failure - - JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed - - JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/CloseServerSocket.java fails intermittently with Address already in use - - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect - - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider - - JDK-8172404: Tools should warn if weak algorithms are used before restricting them - - JDK-8193367: Annotated type variable bounds crash javac - - JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset - - JDK-8203026: java.rmi.NoSuchObjectException: no such object in table - - JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called - - JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass - - JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout - - JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java - - JDK-8204963: javax.swing.border.TitledBorder has a memory leak - - JDK-8204994: SA might fail to attach to process with "Windbg Error: WaitForEvent failed" - - JDK-8205534: Remove SymbolTable dependency from serviceability agent - - JDK-8206309: Tier1 SA tests fail - - JDK-8208281: java/nio/channels/AsynchronousSocketChannel/Basic.java timed out - - JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1 - - JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect - - JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent! - - JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful - - JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout - - JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2 - - JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC - - JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java - - JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code - - JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3 - - JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack - - JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests - - JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds - - JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout - - JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4 - - JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject - - JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test - - JDK-8211694: JShell: Redeclared variable should be reset - - JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent - - JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest - - JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55 - - JDK-8212807: tools/jar/multiRelease/Basic.java times out - - JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent) - - JDK-8213214: Set -Djava.io.tmpdir= when running tests - - JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found - - JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes - - JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface - - JDK-8214074: Ghash optimization using AVX instructions - - JDK-8214491: Upgrade to JLine 3.9.0 - - JDK-8214797: TestJmapCoreMetaspace.java timed out - - JDK-8215243: JShell tests failing intermitently with \"Problem cleaning up the following threads:\" - - JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed - - JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions) - - JDK-8215438: jshell tool: Ctrl-D causes EOF - - JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows - - JDK-8216974: HttpConnection not returned to the pool after 204 response - - JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time - - JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs - - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs - - JDK-8221658: aarch64: add necessary predicate for ubfx patterns - - JDK-8221759: Crash when completing \"java.io.File.path\" - - JDK-8221918: runtime/SharedArchiveFile/serviceability/ReplaceCriticalClasses.java fails: Shared archive not found - - JDK-8222074: Enhance auto vectorization for x86 - - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp - - JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command - - JDK-8223688: JShell: crash on the instantiation of raw anonymous class - - JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error - - JDK-8223940: Private key not supported by chosen signature algorithm - - JDK-8224184: jshell got IOException at exiting with AIX - - JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc - - JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException - - JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions - - JDK-8226536: Catch OOM from deopt that fails rematerializing objects - - JDK-8226575: OperatingSystemMXBean should be made container aware - - JDK-8226697: Several tests which need the @key headful keyword are missing it. - - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous - - JDK-8227059: sun/security/tools/keytool/DefaultSignatureAlgorithm.java timed out - - JDK-8227269: Slow class loading when running with JDWP - - JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to "exitValue = 6" - - JDK-8228448: Jconsole can't connect to itself - - JDK-8228967: Trust/Key store and SSL context utilities for tests - - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow - - JDK-8229815: Upgrade Jline to 3.12.1 - - JDK-8230000: some httpclients testng tests run zero test - - JDK-8230002: javax/xml/jaxp/unittest/transform/SecureProcessingTest.java runs zero test - - JDK-8230010: Remove jdk8037819/BasicTest1.java - - JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter - - JDK-8230402: Allocation of compile task fails with assert: "Leaking compilation tasks?" - - JDK-8230767: FlightRecorderListener returns null recording - - JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java - - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread - - JDK-8231586: enlarge encoding space for OopMapValue offsets - - JDK-8231953: Wrong assumption in assertion in oop::register_oop - - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes - - JDK-8232083: Minimal VM is broken after JDK-8231586 - - JDK-8232161: Align some one-way conversion in MS950 charset with Windows - - JDK-8232855: jshell missing word in /help help - - JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration - - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR - - JDK-8233386: Initialize NULL fields for unused decorations - - JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result - - JDK-8233686: XML transformer uses excessive amount of memory - - JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions - - JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment - - JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose - - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater() - - JDK-8234058: runtime/CompressedOops/CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr - - JDK-8234149: Several regression tests do not dispose Frame at end - - JDK-8234347: "Turkey" meta time zone does not generate composed localized names - - JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/bug6980209.java fails in linux nightly - - JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC - - JDK-8234541: C1 emits an empty message when it inlines successfully - - JDK-8234687: change javap reporting on unknown attributes - - JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11 - - JDK-8236548: Localized time zone name inconsistency between English and other locales - - JDK-8236617: jtreg test containers/docker/TestMemoryAwareness.java fails after 8226575 - - JDK-8237182: Update copyright header for shenandoah and epsilon files - - JDK-8237888: security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval - - JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java - - JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response - - JDK-8238284: [macos] Zero VM build fails due to an obvious typo - - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10 - - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10 - - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10 - - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes - - JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code - - JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), "should be non-static concrete method"); - - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD - - JDK-8240169: javadoc fails to link to non-modular api docs - - JDK-8240295: hs_err elapsed time in seconds is not accurate enough - - JDK-8240360: NativeLibraryEvent has wrong library name on Linux - - JDK-8240676: Meet not symmetric failure when running lucene on jdk8 - - JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support - - JDK-8241065: Shenandoah: remove leftover code after JDK-8231086 - - JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows - - JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException - - JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector - - JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark - - JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME - - JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure - - JDK-8241750: x86_32 build failure after JDK-8227269 - - JDK-8242184: CRL generation error with RSASSA-PSS - - JDK-8242283: Can't start JVM when java home path includes non-ASCII character - - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array - - JDK-8243029: Rewrite javax/net/ssl/compatibility/Compatibility.java with a flexible interop test framework - - JDK-8243138: Enhance BaseLdapServer to support starttls extended request - - JDK-8243320: Add SSL root certificates to Oracle Root CA program - - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program - - JDK-8243389: enhance os::pd_print_cpu_info on linux - - JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment - - JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp - - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions - - JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows) - - JDK-8244087: 2020-04-24 public suffix list update - - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 - - JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base - - JDK-8244196: adjust output in os_linux - - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in - - JDK-8244287: JFR: Methods samples have line number 0 - - JDK-8244703: "platform encoding not initialized" exceptions with debugger, JNI - - JDK-8244719: CTW: C2 compilation fails with "assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it" - - JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb - - JDK-8244763: Update --release 8 symbol information after JSR 337 MR3 - - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor - - JDK-8245151: jarsigner should not raise duplicate warnings on verification - - JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9 - - JDK-8245714: "Bad graph detected in build_loop_late" when loads are pinned on loop limit check uncommon branch - - JDK-8245801: StressRecompilation triggers assert "redundunt OSR recompilation detected. memory leak in CodeCache!" - - JDK-8245832: JDK build make-static-libs should build all JDK libraries - - JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan - - JDK-8245981: Upgrade to jQuery 3.5.1 - - JDK-8246027: Minimal fastdebug build broken after JDK-8245801 - - JDK-8246094: [macos] Sound Recording and playback is not working - - JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode - - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ - - JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError - - JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN - - JDK-8246330: Add TLS Tests for Legacy ECDSA curves - - JDK-8246453: TestClone crashes with "all collected exceptions must come from the same place" - - JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods - - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node - - JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code - - JDK-8247615: Initialize the bytes left for the heap sampler - - JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand - - JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&' - - JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg - - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention - - JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield - - JDK-8248348: Regression caused by the update to BCEL 6.0 - - JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1 - - JDK-8248495: [macos] zerovm is broken due to libffi headers location - - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read - - JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows - - JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650 - - JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows. - - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel - - JDK-8249255: Build fails if source code in cygwin home dir - - JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11 - - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList - - JDK-8249560: Shenandoah: Fix racy GC request handling - - JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle - - JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases - - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets - - JDK-8250609: C2 crash in IfNode::fold_compares - - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics - - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java - - JDK-8250787: Provider.put no longer registering aliases in FIPS env - - JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM - - JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk - - JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds - - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher - - JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure - - JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U - - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java - - JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase - - JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured" - - JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility - - JDK-8252258: [11u] JDK-8242154 changes the default vendor - - JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011 - - JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11 - - JDK-8253283: [11u] Test build/translations/VerifyTranslations.java failing after JDK-8252258 - - JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes - -Notes on individual issues: -=========================== - -core-libs/java.nio.charsets: - -JDK-8240196: Modified the MS950 charset Encoder's Conversion Table -================================================================== -In this release, some of the one-way byte-to-char mappings have been -aligned with the preferred mappings provided by the Unicode Consortium -(https://unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WindowsBestFit/bestfit950.txt). - -core-libs/java.util:i18n: - -JDK-8238914: Localized Time Zone Name Inconsistency Between English and Other Locales -===================================================================================== -English time zone names provided by the CLDR locale provider are now -correctly synthesized following the CLDR spec, rather than substituted -from the COMPAT provider. For example, SHORT style names are no longer -synthesized abbreviations of LONG style names, but instead produce GMT -offset formats. - -core-svc/java.lang.management: - -JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data -============================================================================================ -When executing in a container, or other virtualized operating -environment, the following `OperatingSystemMXBean` methods in this -release return container specific information, if -available. Otherwise, they return host specific data: - -* getFreePhysicalMemorySize() -* getTotalPhysicalMemorySize() -* getFreeSwapSpaceSize() -* getTotalSwapSpaceSize() -* getSystemCpuLoad() - -security-libs/java.security: - -JDK-8250756: Added Entrust Root Certification Authority - G4 certificate -======================================================================== -The Entrust root certificate has been added to the cacerts truststore: - -Alias Name: entrustrootcag4 -Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US - -JDK-8250860: Added 3 SSL Corporation Root CA Certificates -========================================================= -The following root certificates have been added to the cacerts truststore for the SSL Corporation: - -Alias Name: sslrootrsaca -Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US - -Alias Name: sslrootevrsaca -Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US - -Alias Name: sslrooteccca -Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US - -JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default -=================================================================================== -Weak named curves are disabled by default by adding them to the -following `disabledAlgorithms` security properties: - -* jdk.tls.disabledAlgorithms -* jdk.certpath.disabledAlgorithms -* jdk.jar.disabledAlgorithms - -Red Hat has always disabled many of the curves provided by upstream, -so the only addition in this release is: - -* secp256k1 - -The curves that remain enabled are: - -* secp256r1 -* secp384r1 -* secp521r1 -* X25519 -* X448 - -When large numbers of weak named curves need to be disabled, adding -individual named curves to each `disabledAlgorithms` property would be -overwhelming. To relieve this, a new security property, -`jdk.disabled.namedCurves`, is implemented that can list the named -curves common to all of the `disabledAlgorithms` properties. To use -the new property in the `disabledAlgorithms` properties, precede the -full property name with the keyword `include`. Users can still add -individual named curves to `disabledAlgorithms` properties separate -from this new property. No other properties can be included in the -`disabledAlgorithms` properties. - -To restore the named curves, remove the `include -jdk.disabled.namedCurves` either from specific or from all -`disabledAlgorithms` security properties. To restore one or more -curves, remove the specific named curve(s) from the -`jdk.disabled.namedCurves` property. - -JDK-8244286: Tools Warn If Weak Algorithms Are Used Before Restricting Them -=========================================================================== -The `keytool` and `jarsigner` tools have been updated to warn users -about weak cryptographic algorithms being used before they are -disabled. In this release, the tools issue warnings for the SHA-1 hash -algorithm and 1024-bit RSA/DSA keys. - -security-libs/javax.net.ssl: - -JDK-8242147: New System Properties to Configure the TLS Signature Schemes -========================================================================= -Two new system properties have been added to customize the TLS -signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been -added for the TLS client side, and `jdk.tls.server.SignatureSchemes` -has been added for the server side. - -Each system property contains a comma-separated list of supported -signature scheme names specifying the signature schemes that could be -used for the TLS connections. - -The names are described in the "Signature Schemes" section of the -*Java Security Standard Algorithm Names Specification*. - -security-libs/javax.security: - -JDK-8242059: Support for canonicalize in krb5.conf -================================================== - -The 'canonicalize' flag in the [krb5.conf file][0] is now supported by -the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name -canonicalization is requested by clients in TGT requests to KDC -services (AS protocol). Otherwise, and by default, it is not -requested. - -The new default behavior is different from previous releases where -name canonicalization was always requested by clients in TGT requests -to KDC services (provided that support for RFC 6806[1] was not -explicitly disabled with the *sun.security.krb5.disableReferrals* -system or security properties). - -[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html -[1]: https://tools.ietf.org/html/rfc6806 - -JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b -==================================================================== -Following JDK's update to tzdata2020b, the long-obsolete files -pacificnew and systemv have been removed. As a result, the -"US/Pacific-New" zone name declared in the pacificnew data file is no -longer available for use. - -Information regarding the update can be viewed at -https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html - -New in release OpenJDK 11.0.8 (2020-07-14): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/oj1108 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.8.txt - -* Security fixes - - JDK-8230613: Better ASCII conversions - - JDK-8231800: Better listing of arrays - - JDK-8232014: Expand DTD support - - JDK-8233234: Better Zip Naming - - JDK-8233239, CVE-2020-14562: Enhance TIFF support - - JDK-8233255: Better Swing Buttons - - JDK-8234032: Improve basic calendar services - - JDK-8234042: Better factory production of certificates - - JDK-8234418: Better parsing with CertificateFactory - - JDK-8234836: Improve serialization handling - - JDK-8236191: Enhance OID processing - - JDK-8236867, CVE-2020-14573: Enhance Graal interface handling - - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior - - JDK-8237592, CVE-2020-14577: Enhance certificate verification - - JDK-8238002, CVE-2020-14581: Better matrix operations - - JDK-8238013: Enhance String writing - - JDK-8238804: Enhance key handling process - - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable - - JDK-8238843: Enhanced font handing - - JDK-8238920, CVE-2020-14583: Better Buffer support - - JDK-8238925: Enhance WAV file playback - - JDK-8240119, CVE-2020-14593: Less Affine Transformations - - JDK-8240482: Improved WAV file playback - - JDK-8241379: Update JCEKS support - - JDK-8241522: Manifest improved jar headers redux - - JDK-8242136, CVE-2020-14621: Better XML namespace handling -* Other changes - - JDK-6933331: (d3d/ogl) java.lang.IllegalStateException: Buffers have not been created - - JDK-7124307: JSpinner and changing value by mouse - - JDK-8022574: remove HaltNode code after uncommon trap calls - - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails - - JDK-8040630: Popup menus and tooltips flicker with previous popup contents when first shown - - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9) - - JDK-8048215: [TESTBUG] java/lang/management/ManagementFactory/ThreadMXBeanProxy.java Expected non-null LockInfo - - JDK-8051349: nsk/jvmti/scenarios/sampling/SP06/sp06t003 fails in nightly - - JDK-8080353: JShell: Better error message on attempting to add default method - - JDK-8139876: Exclude hanging nsk/stress/stack from execution with deoptimization enabled - - JDK-8146090: java/lang/ref/ReachabilityFenceTest.java fails with -XX:+DeoptimizeALot - - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout - - JDK-8156207: Resource allocated BitMaps are often cleared unnecessarily - - JDK-8159740: JShell: corralled declarations do not have correct source to wrapper mapping - - JDK-8175984: ICC_Profile has un-needed, not-empty finalize method - - JDK-8176359: Frame#setMaximizedbounds not working properly in multi screen environments - - JDK-8183369: RFC unconformity of HttpURLConnection with proxy - - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT - - JDK-8191169: java/net/Authenticator/B4769350.java failed intermittently - - JDK-8191930: [Graal] emits unparseable XML into compile log - - JDK-8193879: Java debugger hangs on method invocation - - JDK-8196019: java/awt/Window/Grab/GrabTest.java fails on Windows - - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails - - JDK-8198000: java/awt/List/EmptyListEventTest/EmptyListEventTest.java debug assert on Windows - - JDK-8198001: java/awt/Menu/WrongParentAfterRemoveMenu/WrongParentAfterRemoveMenu.java debug assert on Windows - - JDK-8198339: Test javax/swing/border/Test6981576.java is unstable - - JDK-8200701: jdk/jshell/ExceptionsTest.java fails on Windows, after JDK-8198801 - - JDK-8203264: JNI exception pending in PlainDatagramSocketImpl.c:740 - - JDK-8203672: JNI exception pending in PlainSocketImpl.c - - JDK-8203673: JNI exception pending in DualStackPlainDatagramSocketImpl.c:398 - - JDK-8204834: Fix confusing "allocate" naming in OopStorage - - JDK-8205399: Set node color on pinned HashMap.TreeNode deletion - - JDK-8205653: test/jdk/sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java and RmiSslBootstrapTest.sh fail with handshake_failure - - JDK-8206179: com/sun/management/OperatingSystemMXBean/GetCommittedVirtualMemorySize.java fails with Committed virtual memory size illegal value - - JDK-8207334: VM times out in VM_HandshakeAllThreads::doit() with RunThese30M - - JDK-8208277: Code cache heap (-XX:ReservedCodeCacheSize) doesn't work with 1GB LargePages - - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts - - JDK-8209333: Socket reset issue for TLS 1.3 socket close - - JDK-8209439: C2 library_call can potentially ignore Math.pow intrinsic or use null pointer - - JDK-8209534: [TESTBUG]runtime/appcds/cacheObject/ArchivedModuleCompareTest.java fails with EnableJVMCI. - - JDK-8210147: adjust some WSAGetLastError usages in windows network coding - - JDK-8210284: "assert((av & 0x00000001) == 0) failed: unsupported V8" on Solaris 11.4 - - JDK-8210303: VM_HandshakeAllThreads fails assert with "failed: blocked and not walkable" - - JDK-8210515: [TESTBUG]CheckArchivedModuleApp.java needs to check if EnableJVMCI is set. - - JDK-8210788: Javadoc for Thread.join(long, int) should specify that it waits forever when both arguments are zero - - JDK-8211301: [macos] support full window content options - - JDK-8211332: Space for stub routines (code_size2) is too small on new Skylake CPUs - - JDK-8211339: NPE during SSL handshake caused by HostnameChecker - - JDK-8211392: compiler/profiling/spectrapredefineclass_classloaders/Launcher.java times out in JDK12 CI - - JDK-8211743: [AOT] crash in ScopeDesc::decode_body() when JVMTI walks AOT frames - - JDK-8212154: [TESTBUG] CheckArchivedModuleApp fails with NPE when JVMCI is absent - - JDK-8212167: JShell : Stack trace of exception has wrong line number - - JDK-8212933: Thread-SMR: requesting a VM operation whilst holding a ThreadsListHandle can cause deadlocks - - JDK-8212986: Make Visual Studio compiler check less strict - - JDK-8213250: CDS archive creation aborts due to metaspace object allocation failure - - JDK-8213516: jck test api/javax_accessibility/AccessibleState/fields.html fails intermittent - - JDK-8213947: ARM32: failed check_simd should set UsePopCountInstruction to false - - JDK-8214418: half-closed SSLEngine status may cause application dead loop - - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate" - - JDK-8214444: Wrong strncat limits in dfa.cpp - - JDK-8214481: freetype path does not disable TrueType hinting with AA+FM hints - - JDK-8214571: -Xdoclint of array serialField gives "error: array type not allowed here" - - JDK-8214856: Errors with JSZip in web console after upgrade to 3.1.5 - - JDK-8214862: assert(proj != __null) at compile.cpp:3251 - - JDK-8215369: Jcstress pollute /var/tmp with temporary files. - - JDK-8215551: Missing case label in nmethod::reloc_string_for() - - JDK-8215555: TieredCompilation C2 threads can excessively block handshakes - - JDK-8215711: Missing key_share extension for (EC)DHE key exchange should alert missing_extension - - JDK-8216151: [Graal] Module jdk.internal.vm.compiler.management has not been granted accessClassInPackage.org.graalvm.compiler.debug - - JDK-8216154: C4819 warnings at HotSpot sources on Windows - - JDK-8216541: CompiledICHolders of VM locked unloaded nmethods are released too late - - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types() - - JDK-8217404: --with-jvm-features doesn't work when multiple features are explicitly disabled - - JDK-8217447: Develop flag TraceICs is broken - - JDK-8217606: LdapContext#reconnect always opens a new connection - - JDK-8218807: Compilation database (compile_commands.json) may contain obsolete items - - JDK-8219214: Infinite Loop in CodeSection::dump() - - JDK-8219904: ClassCastException when calling FlightRecorderMXBean#getRecordings() - - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl - - JDK-8221121: applications/microbenchmarks are encountering crashes in tier5 - - JDK-8221445: FastSysexMessage constructor crashes MIDI receiption thread - - JDK-8221482: Initialize VMRegImpl::regName[] earlier to prevent assert during PrintStubCode - - JDK-8221741: ClassCastException can happen when fontconfig.properties is used - - JDK-8221823: Requested JDialog width is ignored - - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable - - JDK-8223935: PIT: java/awt/font/WindowsIndicFonts.java fails on windows10 - - JDK-8224109: Text spaced incorrectly by drawString under rotation with fractional metric - - JDK-8224632: testbug: java/awt/dnd/RemoveDropTargetCrashTest/RemoveDropTargetCrashTest.java fails on MacOS - - JDK-8224793: os::die() does not honor CreateCoredumpOnCrash option - - JDK-8224847: gc/stress/TestReclaimStringsLeaksMemory.java fails with reserved greater than expected - - JDK-8224931: disable JAOTC invokedynamic support until 8223533 is fixed - - JDK-8224997: ChaCha20-Poly1305 TLS cipher suite decryption throws ShortBufferException - - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 - - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 - - JDK-8225126: Test SetBoundsPaintTest.html faild on Windows when desktop is scaled - - JDK-8225325: Add tests for redefining a class' private method during resolution of the bootstrap specifier - - JDK-8225622: [AOT] runtime/SharedArchiveFile/TestInterpreterMethodEntries.java crashed with AOTed java.base - - JDK-8225653: Provide more information when hitting SIGILL from HaltNode - - JDK-8225783: Incorrect use of binary operators on booleans in type.cpp - - JDK-8225789: Empty method parameter type should generate ClassFormatError - - JDK-8226198: use of & instead of && in LibraryCallKit::arraycopy_restore_alloc_state - - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. - - JDK-8226653: [accessibility] Can edit text cell correctly, but Accessibility Tool reads nothing about editor - - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread - - JDK-8226879: Memory leak in Type::hashcons - - JDK-8227632: Incorrect PrintCompilation message: made not compilable on levels 0 1 2 3 4 - - JDK-8228407: JVM crashes with shared archive file mismatch - - JDK-8228482: fix xlc16/xlclang comparison of distinct pointer types and string literal conversion warnings - - JDK-8228757: Fail fast if the handshake type is unknown - - JDK-8229158: make UseSwitchProfiling non-experimental or false by-default - - JDK-8229421: The logic of java/net/ipv6tests/TcpTest.java is flawed - - JDK-8229855: C2 fails with assert(false) failed: bad AD file - - JDK-8230591: AArch64: Missing intrinsics for Math.ceil, floor, rint - - JDK-8231118: ARM32: Math tests failures - - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo - - JDK-8231243: [TESTBUG] CustomFont.java cannot find font file - - JDK-8231438: [macOS] Dark mode for the desktop is not supported - - JDK-8231550: C2: ShouldNotReachHere() in verify_strip_mined_scheduling - - JDK-8231564: setMaximizedBounds is broken with large display scale and multiple monitors - - JDK-8231572: Use -lobjc instead of -fobjc-link-runtime in libosxsecurity - - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE - - JDK-8231671: Fix copyright headers in hotspot (missing comma after year) - - JDK-8231720: Some perf regressions after 8225653 - - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate - - JDK-8231863: Crash if classpath is read from @argument file and the main gets option argument - - JDK-8232080: jlink plugins for vendor information and run-time options - - JDK-8232106: [x86] C2: SIGILL due to usage of SSSE3 instructions on processors which don't support it - - JDK-8232134: Change to Visual Studio 2017 15.9.16 for building on Windows at Oracle - - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail - - JDK-8232357: Compare version info of Santuario to legal notice - - JDK-8232572: Add hooks for custom output dir in Bundles.gmk - - JDK-8232634: Problem List ICMColorDataTest.java - - JDK-8232748: Build static versions of certain JDK libraries - - JDK-8232846: ProcessHandle.Info command with non-English shows question marks - - JDK-8233033: C2 produces wrong result while unswitching a loop due to lost control dependencies - - JDK-8233137: runtime/ErrorHandling/VeryEarlyAssertTest.java fails after 8232080 - - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing - - JDK-8233291: [TESTBUG] tools/jlink/plugins/VendorInfoPluginsTest.java fails with debug or non-server VMs - - JDK-8233364: Fix undefined behavior in Canonicalizer::do_ShiftOp - - JDK-8233573: Toolkit.getScreenInsets(GraphicsConfiguration) may throw ClassCastException - - JDK-8233608: Minimal build broken after JDK-8233494 - - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name - - JDK-8233696: [TESTBUG]Some jtreg tests fail when CAPS_LOCK is ON - - JDK-8233707: systemScale.cpp could not compile with VS2019 - - JDK-8233801: GCMEmptyIv.java test fails on Solaris 11.4 - - JDK-8233880: Support compilers with multi-digit major version numbers - - JDK-8233920: MethodHandles::tryFinally generates illegal bytecode for long/double return type - - JDK-8234137: The "AutoTestOnTop.java" test may run external applications - - JDK-8234146: compiler/jsr292/ContinuousCallSiteTargetChange.java times out on SPARC - - JDK-8234184: [TESTBUG] java/awt/Mouse/EnterExitEvents/ModalDialogEnterExitEventsTest.java fails in Windows - - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area - - JDK-8234332: [TESTBUG] java/awt/Focus/DisposedWindow/DisposeDialogNotActivateOwnerTest/DisposeDialogNotActivateOwnerTest.java fails on linux-x64 nightly - - JDK-8234398: Replace ID2D1Factory::GetDesktopDpi with GetDeviceCaps - - JDK-8234522: [macos] Crash with use of native file dialog - - JDK-8234691: Potential double-free in ParallelSPCleanupTask constructor - - JDK-8234696: tools/jlink/plugins/VendorInfoPluginsTest.java times out - - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3 - - JDK-8234728: Some security tests should support TLSv1.3 - - JDK-8234779: Provide idiom for declaring classes noncopyable - - JDK-8234968: check calloc rv in libinstrument InvocationAdapter - - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails - - JDK-8235183: Remove the "HACK CODE" in comment - - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions - - JDK-8235311: Tag mismatch may alert bad_record_mac - - JDK-8235332: TestInstanceCloneAsLoadsStores.java fails with -XX:+StressGCM - - JDK-8235452: Strip mined loop verification fails with assert(is_OuterStripMinedLoop()) failed: invalid node class - - JDK-8235584: UseProfiledLoopPredicate fails with assert(_phase->get_loop(c) == loop) failed: have to be in the same loop - - JDK-8235620: Broken merge between JDK-8006406 and JDK-8003559 - - JDK-8235638: NPE in LWWindowPeer.getOnscreenGraphics() - - JDK-8235686: Add more custom hooks in Bundles.gmk - - JDK-8235739: Rare NPE at WComponentPeer.getGraphics() - - JDK-8235762: JVM crash in SWPointer during C2 compilation - - JDK-8235834: IBM-943 charset encoder needs updating - - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property. - - JDK-8235908: omit ThreadPriorityPolicy warning when value is set from image - - JDK-8235984: C2: assert(out->in(PhiNode::Region) == head || out->in(PhiNode::Region) == slow_head) failed: phi must be either part of the slow or the fast loop - - JDK-8236211: [Graal] compiler/graalunit/GraphTest.java is skipped in all testing - - JDK-8236470: Deal with ECDSA using ecdsa-with-SHA2 plus hash algorithm as AlgorithmId - - JDK-8236545: Compilation error in mach5 java/awt/FileDialog/MacOSGoToFolderCrash.java - - JDK-8236700: Upgrading JSZip from v3.1.5 to v3.2.2 - - JDK-8236759: ShouldNotReachHere in PhaseIdealLoop::verify_strip_mined_scheduling - - JDK-8236897: Fix the copyright header for pkcs11gcm2.h - - JDK-8236921: Add build target to produce a JDK image suitable for a Graal/SVM build - - JDK-8236953: [macos] JavaFX SwingNode is not rendered on macOS - - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing - - JDK-8237045: JVM uses excessive memory with -XX:+EnableJVMCI -XX:JVMCICounterSize=2147483648 - - JDK-8237055: [TESTBUG] compiler/c2/TestJumpTable.java fails with release VMs - - JDK-8237086: assert(is_MachReturn()) running CTW with fix for JDK-8231291 - - JDK-8237192: Generate stripped/public pdbs on Windows for jdk images - - JDK-8237396: JvmtiTagMap::weak_oops_do() should not trigger barriers - - JDK-8237474: Default SSLEngine should create in server role - - JDK-8237859: C2: Crash when loads float above range check - - JDK-8237951: CTW: C2 compilation fails with "malformed control flow" - - JDK-8237962: give better error output for invalid OCSP response intervals in CertPathValidator checks - - JDK-8238190: [JVMCI] Fix single implementor speculation for diamond shapes. - - JDK-8238356: CodeHeap::blob_count() overestimates the number of blobs - - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 - - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB - - JDK-8238575: DragSourceEvent.getLocation() returns wrong value on HiDPI screens (Windows) - - JDK-8238676: jni crashes on accessing it from process exit hook - - JDK-8238721: Add failing client jtreg tests to the Problem List - - JDK-8238738: AudioSystem.getMixerInfo() takes about 30 sec to report a gone audio device - - JDK-8238756: C2: assert(((n) == __null || !VerifyIterativeGVN || !((n)->is_dead()))) failed: can not use dead node - - JDK-8238765: PhaseCFG::schedule_pinned_nodes cannot handle precedence edges from unmatched CFG nodes correctly - - JDK-8238898: Missing hash characters for header on license file - - JDK-8238942: Rendering artifacts with LCD text and fractional metrics - - JDK-8238985: [TESTBUG] The arrow image is blue instead of green - - JDK-8239000: handle ContendedPaddingWidth in vm_version_ppc - - JDK-8239055: Wrong implementation of VMState.hasListener - - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code. - - JDK-8239142: C2's UseUniqueSubclasses optimization is broken for array accesses - - JDK-8239224: libproc_impl.c previous_thr may be used uninitialized warning - - JDK-8239351: Give more meaningful InternalError messages in Deflater.c - - JDK-8239365: ProcessBuilder test modifications for AIX execution - - JDK-8239456: vtable stub generation: assert failure (code size estimate) - - JDK-8239457: call ReleaseStringUTFChars before early returns in Java_sun_security_pkcs11_wrapper_PKCS11_connect - - JDK-8239462: jdk.hotspot.agent misses some ReleaseStringUTFChars calls in case of early returns - - JDK-8239557: [TESTBUG] VeryEarlyAssertTest.java validating "END." marker at lastline is not always true - - JDK-8239787: AArch64: String.indexOf may incorrectly handle empty strings - - JDK-8239792: Bump update version for OpenJDK: jdk-11.0.8 - - JDK-8239798: SSLSocket closes socket both socket endpoints on a SocketTimeoutException - - JDK-8239819: XToolkit: Misread of screen information memory - - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed - - JDK-8239893: Windows handle Leak when starting processes using ProcessBuilder - - JDK-8239915: Zero VM crashes when handling dynamic constant - - JDK-8239931: [win][x86] vtable stub generation: assert failure (code size estimate) follow-up - - JDK-8239976: Put JDK-8239965 on the ProblemList.txt - - JDK-8240073: Fix 'test-make' build target in 11u - - JDK-8240197: Cannot start JVM when $JAVA_HOME includes CJK characters - - JDK-8240202: A few client tests leave mouse buttons pressed - - JDK-8240220: IdealLoopTree::dump_head predicate printing is broken - - JDK-8240223: Use consistent predicate order in and with PhaseIdealLoop::find_predicate - - JDK-8240227: Loop predicates should be copied to unswitched loops - - JDK-8240286: [TESTBUG] Test command error in hotspot/jtreg/compiler/loopopts/superword/SumRedAbsNeg_Float.java - - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print - - JDK-8240529: CheckUnhandledOops breaks NULL check in Modules::define_module - - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges - - JDK-8240603: Windows 32bit compile error after 8238676 - - JDK-8240629: argfiles parsing broken for argfiles with comment cross 4096 bytes chunk - - JDK-8240711: TestJstatdPort.java failed due to "ExportException: Port already in use:" - - JDK-8240786: [TESTBUG] The test java/awt/Window/GetScreenLocation/GetScreenLocationTest.java fails on HiDPI screen - - JDK-8240824: enhance print_full_memory_info on Linux by THP related information - - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE" - - JDK-8240905: assert(mem == (Node*)1 || mem == mem2) failed: multiple Memories being matched at once? - - JDK-8240972: macOS codesign fail on macOS 10.13.5 or older - - JDK-8241445: Fix copyright in test/jdk/tools/launcher/ArgFileSyntax.java - - JDK-8241458: [JVMCI] add mark value to expose CodeOffsets::Frame_Complete - - JDK-8241464: [11u] Backport: make rehashing be a needed guaranteed safepoint cleanup action - - JDK-8241556: Memory leak if -XX:CompileCommand is set - - JDK-8241568: (fs) UserPrincipalLookupService.lookupXXX failure with IOE "Operation not permitted" - - JDK-8241586: compiler/cpuflags/TestAESIntrinsicsOnUnsupportedConfig.java fails on aarch64 - - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set - - JDK-8241660: Add virtualization information output to hs_err file on macOS - - JDK-8241808: [TESTBUG] The JDK-8039467 bug appeared on macOS - - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one - - JDK-8241900: Loop unswitching may cause dependence on null check to be lost - - JDK-8241948: enhance list of environment variables printed in hs_err file - - JDK-8241996: on linux set full relro in the linker flags - - JDK-8242108: Performance regression after fix for JDK-8229496 - - JDK-8242141: New System Properties to configure the TLS signature schemes - - JDK-8242154: Backport parts of JDK-4947890 to OpenJDK 11u - - JDK-8242174: [macos] The NestedModelessDialogTest test make the macOS unstable - - JDK-8242239: [Graal] javax/management/generified/GenericTest.java fails: FAILED: queryMBeans sets same - - JDK-8242294: JSSE Client does not throw SSLException when an alert occurs during handshaking - - JDK-8242379: [TESTBUG] compiler/loopopts/TestLoopUnswitchingLostCastDependency.java fails with release VMs - - JDK-8242470: Update Xerces to Version 2.12.1 - - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash - - JDK-8242541: Small charset issues (ISO8859-16, x-eucJP-Open, x-IBM834 and x-IBM949C) - - JDK-8242626: enhance posix print_rlimit_info - - JDK-8243059: Build fails when --with-vendor-name contains a comma - - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 - - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a - - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in - - JDK-8244520: problemlist java/awt/font/Rotate/RotatedFontTest.java on linux - - JDK-8244777: ClassLoaderStats VM Op uses constant hash value - - JDK-8244853: The static build of libextnet is missing the JNI_OnLoad_extnet function - - JDK-8244951: Missing entitlements for hardened runtime - - JDK-8245047: [PPC64] C2: ReverseBytes + Load always match to unordered Load (acquire semantics missing) - - JDK-8245649: Revert 8245397 backport of 8230591 - - JDK-8246031: SSLSocket.getSession() doesn't close connection for timeout/ interrupts - - JDK-8246613: Choose the default SecureRandom algo based on registration ordering - - JDK-8248505: Unexpected NoSuchAlgorithmException when using secure random impl from BCFIPS provider - -Notes on individual issues: -=========================== - -security-libs/java.security: - -JDK-8244167: Removal of Comodo Root CA Certificate -================================================== -The following expired Comodo root CA certificate was removed from the `cacerts` keystore: + -alias name "addtrustclass1ca [jdk]" - -Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE - -JDK-8244166: Removal of DocuSign Root CA Certificate -==================================================== -The following expired DocuSign root CA certificate was removed from the `cacerts` keystore: + -alias name "keynectisrootca [jdk]" - -Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR - -security-libs/javax.crypto:pkcs11: - -JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database -============================================================================================================================ -The SunPKCS11 security provider can now be initialized with NSS when -FIPS-enabled external modules are configured in the Security Modules -Database (NSSDB). Prior to this change, the SunPKCS11 provider would -throw a RuntimeException with the message: "FIPS flag set for -non-internal module" when such a library was configured for NSS in -non-FIPS mode. - -This change allows the JDK to work properly with recent NSS releases -in GNU/Linux operating systems when the system-wide FIPS policy is -turned on. - -Further information can be found in JDK-8238555. - -security-libs/javax.net.ssl: - -JDK-8245077: Default SSLEngine Should Create in Server Role -=========================================================== -In JDK 11 and later, `javax.net.ssl.SSLEngine` by default used client -mode when handshaking. As a result, the set of default enabled -protocols may differ to what is expected. `SSLEngine` would usually be -used in server mode. From this JDK release onwards, `SSLEngine` will -default to server mode. The -`javax.net.ssl.SSLEngine.setUseClientMode(boolean mode)` method may -be used to configure the mode. - -JDK-8242147: New System Properties to Configure the TLS Signature Schemes -========================================================================= - -Two new System Properties are added to customize the TLS signature -schemes in JDK. `jdk.tls.client.SignatureSchemes` is added for TLS -client side, and `jdk.tls.server.SignatureSchemes` is added for server -side. - -Each System Property contains a comma-separated list of supported -signature scheme names specifying the signature schemes that could be -used for the TLS connections. - -The names are described in the "Signature Schemes" section of the -*Java Security Standard Algorithm Names Specification*. - -New in release OpenJDK 11.0.7 (2020-04-14): -=========================================== -Live versions of these release notes can be found at: - * https://bitly.com/oj1107 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.7.txt - -* Security fixes - - JDK-8223898, CVE-2020-2754: Forward references to Nashorn - - JDK-8223904, CVE-2020-2755: Improve Nashorn matching - - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs - - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues - - JDK-8225603: Enhancement for big integers - - JDK-8226346: Build better binary builders - - JDK-8227467: Better class method invocations - - JDK-8227542: Manifest improved jar headers - - JDK-8229733: TLS message handling improvements - - JDK-8231415, CVE-2020-2773: Better signatures in XML - - JDK-8231785: Improved socket permissions - - JDK-8232424, CVE-2020-2778: More constrained algorithms - - JDK-8232581, CVE-2020-2767: Improve TLS verification - - JDK-8233250: Better X11 rendering - - JDK-8233410: Better Build Scripting - - JDK-8234027: Better JCEKS key support - - JDK-8234408, CVE-2020-2781: Improve TLS session handling - - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers - - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers - - JDK-8235274, CVE-2020-2805: Enhance typing of methods - - JDK-8235691, CVE-2020-2816: Enhance TLS connectivity - - JDK-8236201, CVE-2020-2830: Better Scanner conversions - - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap -* Other changes - - JDK-4919790: Errors in alert ssl message does not reflect the actual certificate status - - JDK-4949105: Access Bridge lacks html tags parsing - - JDK-7092821: java.security.Provider.getService() is synchronized and became scalability bottleneck - - JDK-7143743: Potential memory leak with zip provider - - JDK-8005819: Support cross-realm MSSFU - - JDK-8042383: [TEST_BUG] Test javax/swing/plaf/basic/BasicMenuUI/4983388/bug4983388.java fails with shortcuts on menus do not work - - JDK-8068184: Fix for JDK-8032832 caused a deadlock - - JDK-8145845: [AOT] NullPointerException in compiler/whitebox/GetCodeHeapEntriesTest.java - - JDK-8152988: [AOT] Update test batch definitions to include aot-ed java.base module mode into hs-comp testing - - JDK-8160926: FLAGS_COMPILER_CHECK_ARGUMENTS doesn't handle cross-compilation - - JDK-8163083: SocketListeningConnector does not allow invocations with port 0 - - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k - - JDK-8167276: jvmci/compilerToVM/MaterializeVirtualObjectTest.java fails with -XX:-EliminateAllocations - - JDK-8169718: nsk/jdb/locals/locals002: ERROR: Cannot find boolVar with expected value: false - - JDK-8176556: java/awt/dnd/ImageTransferTest/ImageTransferTest.java fails for JFIF - - JDK-8178798: Two compiler/aot/verification/vmflags tests fail by timeout with UseAVX=3 - - JDK-8183107: PKCS11 regression regarding checkKeySize - - JDK-8185005: Improve performance of ThreadMXBean.getThreadInfo(long ids[], int maxDepth) - - JDK-8189633: Missing -Xcheck:jni checking for DeleteWeakGlobalRef - - JDK-8189861: Refactor CacheFind - - JDK-8193042: NativeLookup::lookup_critical_entry() should only load shared library once - - JDK-8193596: java/net/DatagramPacket/ReuseBuf.java failed due to timeout - - JDK-8194944: Regression automated test 'open/test/jdk/javax/swing/JInternalFrame/8145896/TestJInternalFrameMaximize.java' fails - - JDK-8196467: javax/swing/JInternalFrame/Test6325652.java fails - - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE - - JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails - - JDK-8198398: Test javax/swing/JColorChooser/Test6199676.java fails in mach5 - - JDK-8199072: Test javax/swing/GroupLayout/6613904/bug6613904.java is unstable - - JDK-8200432: javadoc fails with ClassCastException on {@link byte[]} - - JDK-8201349: build broken when configured with --with-zlib=bundled on gcc 7.3 - - JDK-8201355: Avoid native memory allocation in sun.security.mscapi.PRNG.generateSeed - - JDK-8201513: nsk/jvmti/IterateThroughHeap/filter-* are broken - - JDK-8203364: Some serviceability/sa/ tests intermittently fail with java.io.IOException: LingeredApp terminated with non-zero exit code 3 - - JDK-8203687: javax/net/ssl/compatibility/Compatibility.java supports TLS 1.3 - - JDK-8203904: javax/swing/JSplitPane/4816114/bug4816114.java: The divider location is wrong - - JDK-8203911: Test runtime/modules/getModuleJNI/GetModule fails with -Xcheck:jni - - JDK-8204525: [TESTBUG] runtime/NMT/MallocStressTest.java ran out of java heap - - JDK-8204529: gc/TestAllocateHeapAtMultiple.java fail with Agent 7 timed out - - JDK-8204551: Event descriptions are truncated in logs - - JDK-8206963: [AOT] bug with multiple class loaders - - JDK-8207367: 10 vmTestbase/nsk/jdi tests timed out when running with jtreg - - JDK-8207832: serviceability/sa/ClhsdbCDSCore.java failed with "Couldn't find core file location" - - JDK-8207938: At step6,Click Add button,case failed automatically. - - JDK-8208157: requires.VMProps throws NPE for missing properties in "release" file - - JDK-8208379: compiler/jvmci/events/JvmciNotifyInstallEventTest.java failed with "Got unexpected event count after 2nd install attempt: expected 9 to equal 2" - - JDK-8208658: Make CDS archived heap regions usable even if compressed oop encoding has changed - - JDK-8208715: Conversion of milliseconds to nanoseconds in UNIXProcess contains bug - - JDK-8209361: [AOT] Unexpected number of references for JVMTI_HEAP_REFERENCE_CONSTANT_POOL [111-->111]: 0 (expected at least 1) - - JDK-8209385: CDS runtime classpath checking is too strict when only classes from the system modules are archived - - JDK-8209389: SIGSEGV in WalkOopAndArchiveClosure::do_oop_work. - - JDK-8209418: Synchronize test/jdk/sanity/client/lib/jemmy with code-tools/jemmy/v2 - - JDK-8209494: Create a test for SwingSet InternalFrameDemo - - JDK-8209499: Create test for SwingSet EditorPaneDemo - - JDK-8209574: [AOT] breakpoint events are generated in different threads does not meet expected count - - JDK-8209686: cleanup arguments to PhaseIdealLoop() constructor - - JDK-8209789: Synchronize test/jdk/sanity/client/lib/jemmy with code-tools/jemmy/v2 - - JDK-8209802: Garbage collectors should register JFR types themselves to avoid build errors. - - JDK-8209807: improve handling exception in requires.VMProps - - JDK-8209817: stack is executable when building with Clang on Linux - - JDK-8209824: Improve the code coverage for ThreadLocal - - JDK-8209826: Undefined reference to os::write after JDK-8209657 (filemap.hpp cleanup) - - JDK-8209850: Allow NamedThreads to use GlobalCounter critical sections - - JDK-8209976: Improve iteration over non-JavaThreads - - JDK-8209993: Create a test for SwingSet3 ToolTipDemo - - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() - - JDK-8210052: Enable testing for all the available look and feels in SwingSet3 demo tests - - JDK-8210055: Enable different look and feel tests in SwingSet3 demo tests - - JDK-8210057: Enable different look and feels in SwingSet3 demo test InternalFrameDemoTest - - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing - - JDK-8210220: [AOT] jdwp test cases are failing with error # ERROR: TEST FAILED: Cought IOException while receiving event packet - - JDK-8210289: ArchivedKlassSubGraphInfoRecord is incomplete - - JDK-8210459: Add support for generating compile_commands.json - - JDK-8210476: sun/security/mscapi/PrngSlow.java fails with Still too slow - - JDK-8210512: [Testbug] vmTestbase/nsk/jdi/ObjectReference/referringObjects/referringObjects002/referringObjects002.java fails with unexpected size of ClassLoaderReference.referringObjects - - JDK-8210523: runtime/appcds/cacheObject/DifferentHeapSizes.java crash - - JDK-8210632: Add key exchange algorithm to javax/net/ssl/TLSCommon/CipherSuite.java - - JDK-8210699: Problem list tests which times out in Xcomp mode - - JDK-8210793: [JVMCI] AllocateCompileIdTest.java failed to find DiagnosticCommand.class - - JDK-8210910: Create test for FileChooserDemo - - JDK-8210994: Create test for SwingSet3 FrameDemo - - JDK-8211139: Increase timeout value in all tests under jdk/sanity/client/SwingSet/src - - JDK-8211160: Handle different look and feels in JInternalFrameOperator - - JDK-8211211: vmTestbase/metaspace/stressDictionary/StressDictionary.java timeout - - JDK-8211322: Reduce the timeout of tooltip in SwingSet2DemoTest - - JDK-8211443: Enable different look and feels in SwingSet3 demo test SplitPaneDemoTest - - JDK-8211703: JInternalFrame : java.lang.AssertionError: cannot find the internal frame - - JDK-8211781: re-building fails after changing Graal sources - - JDK-8212897: Some improvements in the EditorPaneDemotest - - JDK-8212903: [TestBug] Tests test/jdk/javax/swing/LookAndFeel/8145547/DemandGTK2.sh and DemandGTK3.sh fail on Ubuntu 18.04 LTS - - JDK-8213009: Refactoring existing SunMSCAPI classes - - JDK-8213010: Supporting keys created with certmgr.exe - - JDK-8213168: Enable different look and feel tests in SwingSet3 demo test FileChooserDemoTest - - JDK-8213348: jdk.internal.vm.compiler.management service providers missing in module descriptor - - JDK-8213906: Update arm devkits with libXrandr headers - - JDK-8213908: AssertionError in DeferredAttr at setOverloadKind - - JDK-8214124: [TESTBUG] Bugs in runtime/NMT/MallocStressTest.java - - JDK-8214344: C2: assert(con.basic_type() != T_ILLEGAL) failed: elembt=byte; loadbt=void; unsigned=0 - - JDK-8214345: infinite recursion while checking super class - - JDK-8214471: Enable different look and feel tests in SwingSet3 demo test ToolTipDemoTest - - JDK-8214534: Setting of THIS_FILE in the build is broken - - JDK-8214557: Filter out VM flags which don't affect AOT code generation - - JDK-8214578: [macos] Problem with backslashes on macOS/JIS keyboard: Java ignores system settings - - JDK-8214840: runtime/NMT/MallocStressTest.java timed out - - JDK-8214850: Rename vm_operations.?pp files to vmOperations.?pp files - - JDK-8214904: Test8004741.java failed due to "Too few ThreadDeath hits; expected at least 6 but saw only 5" - - JDK-8215322: add @file support to jaotc - - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) - - JDK-8215396: JTabbedPane preferred size calculation is wrong for SCROLL_TAB_LAYOUT - - JDK-8216180: [AOT] compiler/intrinsics/bigInteger/TestMulAdd.java crashed with AOT enabled - - JDK-8216353: Use utility APIs introduced in org/netbeans/jemmy/util/LookAndFeel class in client sanity test cases - - JDK-8216354: Syntax error in toolchain_windows.m4 - - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win) - - JDK-8216535: tools/jimage/JImageExtractTest.java timed out - - JDK-8217235: Create automated test for SwingSet ColorChooserDemoTest - - JDK-8217297: Add support for multiple look and feel for SwingSet SliderDemoTest - - JDK-8217338: [Containers] Improve systemd slice memory limit support - - JDK-8217613: [AOT] TEST_OPTS_AOT_MODULES doesn't work on mac - - JDK-8217634: RunTest documentation and usability update - - JDK-8217717: ZGC: Broken oop map in C1 load barrier stub - - JDK-8217728: Speed up incremental rerun of "make hotspot" - - JDK-8218268: Javac treats Manifest Class-Path entries as Paths instead of URLs - - JDK-8218662: Allow 204 responses with Content-Length:0 - - JDK-8218882: NET_Writev is declared, NET_WriteV is defined - - JDK-8218889: Improperly use of the Optional API - - JDK-8219205: JFR file without license header - - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions - - JDK-8219723: javax/net/ssl/compatibility/Compatibility.java failed on some SNI cases - - JDK-8220348: [ntintel] asserts about copying unaligned array - - JDK-8220451: jdi/EventQueue/remove/remove004 failed due to "ERROR: thread2 is not alive" - - JDK-8220456: jdi/EventQueue/remove_l/remove_l004 failed due to "TIMEOUT while waiting for event" - - JDK-8220479: java/nio/channels/Selector/SelectWithConsumer.java failed at testTwoChannels() - - JDK-8220613: java/util/Arrays/TimSortStackSize2.java times out with fastdebug build - - JDK-8220688: [TESTBUG] runtime/NMT/MallocStressTest.java timed out - - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr - - JDK-8221270: Duplicated synchronized keywords in SSLSocketImpl - - JDK-8221312: test/jdk/sanity/client/SwingSet/src/ColorChooserDemoTest.java failed - - JDK-8221851: Use of THIS_FILE in hotspot invalidates precompiled header on Linux/GCC - - JDK-8221885: Add intermittent test in the JavaSound to the ProblemList - - JDK-8222264: Windows incremental build is broken with JDK-8217728 - - JDK-8222391: javax/net/ssl/compatibility/Compatibility.java should be more flexible - - JDK-8222448: java/lang/reflect/PublicMethods/PublicMethodsTest.java times out - - JDK-8222519: ButtonDemoScreenshotTest fails randomly with "still state to be reached" - - JDK-8222741: jdi/EventQueue/remove/remove004 fails due to VMDisconnectedException - - JDK-8223003: SunMSCAPI keys are not cleaned up - - JDK-8223063: Support CNG RSA keys - - JDK-8223158: Docked MacBook cannot start any Java Swing applications - - JDK-8223260: NamingManager should cache InitialContextFactory - - JDK-8223464: Improve version string for Oracle CI builds - - JDK-8223558: Java does not render Myanmar script correctly - - JDK-8223627: jdk-13+20 bundle name contains null instead of ea - - JDK-8223638: Replace wildcard address with loopback or local host in tests - part 6 - - JDK-8223678: Add Visual Studio Code workspace generation support (for native code) - - JDK-8223727: com/sun/jndi/ldap/privconn/RunTest.java failed due to hang in LdapRequest.getReplyBer - - JDK-8223769: Assert triggers with -XX:+StressReflectiveCode - - JDK-8224187: Refactor arraycopy_prologue to allow ZGC read barriers on arraycopy - - JDK-8224475: JTextPane does not show images in HTML rendering - - JDK-8224673: Adjust permission for delayed starting of debugging - - JDK-8224705: Tests that need to be problem-listed or have printer resources - - JDK-8224778: test/jdk/demo/jfc/J2Ddemo/J2DdemoTest.java cannot find J2Ddemo.jar - - JDK-8224821: java/awt/Focus/NoAutotransferToDisabledCompTest/NoAutotransferToDisabledCompTest.java fails linux-x64 - - JDK-8224830: test/jdk/java/awt/Focus/ModalExcludedWindowClickTest/ModalExcludedWindowClickTest.java fails on linux-x64 - - JDK-8224851: AArch64: fix warnings and errors with Clang and GCC 8.3 - - JDK-8224905: java/lang/ProcessBuilder/Basic.java#id1 failed with stream closed - - JDK-8225007: java/awt/print/PrinterJob/LandscapeStackOverflow.java may hang - - JDK-8225105: java/awt/Focus/ShowFrameCheckForegroundTest/ShowFrameCheckForegroundTest.java fails in Windows 10 - - JDK-8225117: java/math/BigInteger/SymmetricRangeTests.java fails with ParseException - - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test - - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test - - JDK-8225144: [macos] In Aqua L&F backspace key does not delete when Shift is pressed - - JDK-8225180: SignedObject with invalid Key not throwing the InvalidKeyException in Windows - - JDK-8225182: JNI exception pending in DestroyXIMCallback of awt_InputMethod.c:1327 - - JDK-8225199: [Graal] compiler/jvmci/compilerToVM/IsMatureVsReprofileTest.java fails with -XX:CompileThresholdScaling=0.1 - - JDK-8225305: ProblemList java/lang/invoke/VarHandles tests - - JDK-8225350: compiler/jvmci/compilerToVM/IsCompilableTest.java timed out - - JDK-8225430: Replace wildcard address with loopback or local host in tests - part 14 - - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14 - - JDK-8225487: giflib legal file is missing attribution for openbsd-reallocarray.c - - JDK-8225567: Wrong file headers with 8202414 fix changeset - - JDK-8225684: [AOT] vmTestbase/vm/oom/production/AlwaysOOMProduction tests fail with AOTed java.base - - JDK-8225766: Curve in certificate should not affect signature scheme when using TLSv1.3 - - JDK-8225797: OldObjectSample event creates unexpected amount of checkpoint data - - JDK-8226381: ProblemList java/lang/reflect/PublicMethods/PublicMethodsTest.java - - JDK-8226406: JVM fails to detect mismatched or corrupt CDS archive - - JDK-8226608: Hide the onjcmd option from the help output - - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys - - JDK-8227112: exclude compiler/intrinsics/sha/sanity tests from AOT runs - - JDK-8227324: Upgrade to freetype 2.10.1 - - JDK-8227528: TestAbortVMOnSafepointTimeout.java failed due to "RuntimeException: 'Safepoint sync time longer than' missing from stdout/stderr" - - JDK-8227645: Some tests in serviceability/sa run with fixed -Xmx values and risk running out of memory - - JDK-8227646: [TESTBUG] appcds/SharedArchiveConsistency timed out - - JDK-8227662: freetype seeks to index at the end of the font data - - JDK-8228479: Correct the format of ColorChooserDemoTest - - JDK-8228613: java.security.Provider#getServices order is no longer deterministic - - JDK-8228969: 2019-09-28 public suffix list update - - JDK-8229236: CriticalJNINatives: dll handling should be done in native thread state - - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC - - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions - - JDK-8229994: assert(false) failed: Bad graph detected in get_early_ctrl_for_expensive - - JDK-8230004: jdk/internal/jimage/JImageOpenTest.java runs no test - - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception - - JDK-8230390: Problemlist SA tests with AOT - - JDK-8230400: Missing constant pool entry for a method in stacktrace - - JDK-8230459: Test failed to resume JVMCI CompilerThread - - JDK-8230480: check malloc/calloc results in java.desktop - - JDK-8230597: Update GIFlib library to the 5.2.1 - - JDK-8230611: infinite loop in LogOutputList::wait_until_no_readers() - - JDK-8230624: [TESTBUG] Problemlist JFR compiler/TestCodeSweeper.java - - JDK-8230677: Should disable Escape Analysis if JVMTI capability can_get_owned_monitor_info was taken - - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout - - JDK-8231025: Incorrect method tag offset for big endian platform - - JDK-8231081: TestMetadataRetention fails due to missing symbol id - - JDK-8231387: java.security.Provider.getService returns random result due to race condition with mutating methods in the same class - - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type - - JDK-8231445: check ZALLOC return values in awt coding - - JDK-8231507: Update Apache Santuario (XML Signature) to version 2.1.4 - - JDK-8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call - - JDK-8231753: use more Posix functionality in aix os::print_os_info - - JDK-8231810: javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java fails intermittently with "java.lang.Exception: Unexpected EOF" - - JDK-8232003: (fs) Files.write can leak file descriptor in the exception case - - JDK-8232056: GetOwnedMonitorInfoWithEATest.java fails with ZGC: Heap too small - - JDK-8232060: add some initializations using sigemptyset in os_aix.cpp - - JDK-8232154: Update Mesa 3-D Headers to version 19.2.1 - - JDK-8232167: Visual Studio install found through --with-tools-dir value is discarded - - JDK-8232170: FSInfo#getJarClassPath throws an exception not declared in its throws clause - - JDK-8232200: [macos 10.15] Windows in fullscreen tests jumps around the screen - - JDK-8232207: Linux os::available_memory re-reads cgroup configuration on every invocation - - JDK-8232224: [TESTBUG] problemlist JFR TestLargeRootSet.java - - JDK-8232370: Refactor some com.sun.jdi tests to enable IDE integration - - JDK-8232433: [macos 10.15] java/awt/Window/LocationAtScreenCorner/LocationAtScreenCorner.java may fail - - JDK-8232571: Add missing SIGINFO signal - - JDK-8232692: [TESTBUG] compiler/aot/fingerprint/SelfChangedCDS.java fails when cds is disabled - - JDK-8232713: Update BCEL version to 6.3.1 in license file - - JDK-8232806: Introduce a system property to disable eager lambda initialization - - JDK-8232834: RunTest sometimes fails to produce valid exitcode.txt - - JDK-8232880: Update test documentation with additional settings for client UI tooltip tests - - JDK-8232950: SUNPKCS11 Provider incorrectly check key length for PSS Signatures. - - JDK-8233018: Add a new test to verify that DatagramSocket is not interruptible - - JDK-8233019: java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit - - JDK-8233032: assert(in_bb(n)) failed: must be - - JDK-8233078: fix minimal VM build on Linux ppc64(le) - - JDK-8233328: fix minimal VM build on Linux s390x - - JDK-8233383: Various minor fixes - - JDK-8233466: aarch64: remove unnecessary load of mdo when profiling return and parameters type - - JDK-8233491: Crash in AdapterHandlerLibrary::get_adapter with CDS due to code cache exhaustion - - JDK-8233529: loopTransform.cpp:2984: Error: assert(p_f->Opcode() == Op_IfFalse) failed - - JDK-8233548: Update CUP to v0.11b - - JDK-8233649: Update ProblemList.txt to exclude failing headful tests on macos - - JDK-8233656: assert(d->is_CFG() && n->is_CFG()) failed: must have CFG nodes - - JDK-8233657: Intermittent NPE in Component.validate() - - JDK-8234288: Turkey Time Zone returns incorrect time zone name - - JDK-8234323: NULL-check return value of SurfaceData_InitOps on macosx - - JDK-8234339: replace JLI_StrTok in java_md_solinux.c - - JDK-8234340: Bump update version for OpenJDK: jdk-11.0.7 - - JDK-8234350: assert(mode == ControlAroundStripMined && (use == sfpt || !use->is_reachable_from_root())) failed: missed a node - - JDK-8234386: [macos] NPE was thrown at expanding Choice from maximized frame - - JDK-8234397: add OS uptime information to os::print_os_info output - - JDK-8234423: Modifying ArrayList.subList().subList() resets modCount of subList - - JDK-8234466: Class loading deadlock involving X509Factory#commitEvent() - - JDK-8234501: remove obsolete NET_ReadV - - JDK-8234525: enable link-time section-gc for linux s390x to remove unused code - - JDK-8234610: MaxVectorSize set wrongly when UseAVX=3 is specified after JDK-8221092 - - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion - - JDK-8234723: javax/net/ssl/TLS tests support TLSv1.3 - - JDK-8234724: javax/net/ssl/templates/SSLSocketSSLEngineTemplate.java supports TLSv1.3 - - JDK-8234741: enhance os::get_core_path on macOS - - JDK-8234769: Duplicate attribution in freetype.md - - JDK-8234786: Fix for JDK-8214578 breaks OS X 10.12 compatibility - - JDK-8234809: set relro in linker flags when building with gcc - - JDK-8234824: java/nio/channels/SocketChannel/AdaptSocket.java fails on Windows 10 - - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version - - JDK-8235288: AVX 512 instructions inadvertently used on Xeon for small vector width operations - - JDK-8235325: build failure on Linux after 8235243 - - JDK-8235383: C1 compilation fails with -XX:+PrintIRDuringConstruction -XX:+Verbose - - JDK-8235489: handle return values of sscanf calls in hotspot - - JDK-8235509: Backport for JDK-8209657 Refactor filemap.hpp to simplify integration with Serviceability Agent. - - JDK-8235510: java.util.zip.CRC32 performance drop after 8200067 - - JDK-8235563: [TESTBUG] appcds/CommandLineFlagComboNegative.java does not handle archive mapping failure - - JDK-8235637: jhsdb jmap from OpenJDK 11.0.5 doesn't work if prelink is enabled - - JDK-8235671: enhance print_rlimit_info in os_posix - - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64 - - JDK-8235904: Infinite loop when rendering huge lines - - JDK-8235998: [c2] Memory leaks during tracing after '8224193: stringStream should not use Resource Area'. - - JDK-8236039: JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3 - - JDK-8236140: assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it - - JDK-8236179: C1 register allocation error with T_ADDRESS - - JDK-8236488: Support for configure option --with-native-debug-symbols=internal is impossible on Windows - - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory - - JDK-8236709: struct SwitchRange in HS violates C++ One Definition Rule - - JDK-8236848: [JDK 11u] make run-test-tier1 fails after backport of JDK-8232834 - - JDK-8236873: Worker has a deadlock bug - - JDK-8237217: Incorrect G1StringDedupEntry type used in StringDedupTable destructor - - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read - - JDK-8237375: SimpleThresholdPolicy misses CounterDecay timestamp initialization - - JDK-8237508: Simplify JarFile.isInitializing - - JDK-8237540: Missing files in backport of JDK-8210910 - - JDK-8237541: Missing files in backport of JDK-8236528 - - JDK-8237600: Test SunJSSEFIPSInit fails on Ubuntu - - JDK-8237819: s390x - remove unused pd_zero_to_words_large - - JDK-8237869: exclude jtreg test security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java because of instabilities - - JDK-8237879: make 4.3 breaks build - - JDK-8237945: CTW: C2 compilation fails with assert(just_allocated_object(alloc_ctl) == ptr) failed: most recent allo - - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary - - JDK-8238247: CTW runner should sweep nmethods more aggressively - - JDK-8238366: CTW runner closes standard output on exit - - JDK-8238438: SuperWord::co_locate_pack picks memory state of first instead of last load - - JDK-8238502: sunmscapi.dll causing EXCEPTION_ACCESS_VIOLATION - - JDK-8238534: Deep sign macOS bundles before bundle archive is being created - - JDK-8238591: CTW: Split applications/ctw/modules/jdk_localedata.java - - JDK-8238596: AVX enabled by default for Skylake even when unsupported - - JDK-8238811: C2: assert(i >= req() || i == 0 || is_Region() || is_Phi()) with -XX:+VerifyGraphEdges - - JDK-8239005: [TESTBUG] test/hotspot/jtreg/runtime/StackGuardPages/TestStackGuardPages.java: exeinvoke.c: must initialize static state before calling do_overflow() - - JDK-8239466: Loss of precision in counter decay calculation in 11u backport of JDK-8237375 - - JDK-8239856: [ntintel] asserts about copying unaligned array element - - JDK-8240724: [test] jdk11 downport of 8224475 misses binary file test/jdk/javax/swing/JTextPane/arrow.png - - JDK-8241296: Segfault in JNIHandleBlock::oops_do() - -Notes on individual issues: -=========================== - -security-libs/javax.xml.crypto: - -JDK-8239467: Apache Santuario Library Updated to Version 2.1.4 -============================================================== -The Apache Santuario library has been upgraded to version 2.1.4. As a -result, a new system property -`com.sun.org.apache.xml.internal.security.parser.pool-size` has been -introduced. - -This new system property sets the pool size of the internal -`DocumentBuilder` cache used when processing XML Signatures. The -function is equivalent to the -`org.apache.xml.security.parser.pool-size` system property used in -Apache Santuario and has the same default value of 20. diff --git a/SOURCES/README.md b/SOURCES/README.md new file mode 100644 index 0000000..2fa9c3a --- /dev/null +++ b/SOURCES/README.md @@ -0,0 +1,39 @@ +OpenJDK 11 is a Long-Term Support (LTS) release of the Java platform. + +For a list of major changes from OpenJDK 8 (java-1.8.0-openjdk), see +the upstream release page for OpenJDK 11 and the preceding interim +releases: + +* 9: https://openjdk.org/projects/jdk9/ +* 10: https://openjdk.java.net/projects/jdk/10/ +* 11: https://openjdk.java.net/projects/jdk/11/ + +# Rebuilding the OpenJDK package + +The OpenJDK packages are now created from a single build which is then +packaged for different major versions of Red Hat Enterprise Linux +(RHEL). This allows the OpenJDK team to focus their efforts on the +development and testing of this single build, rather than having +multiple builds which only differ by the platform they were built on. + +This does make rebuilding the package slightly more complicated than a +normal package. Modifications should be made to the +`java-11-openjdk-portable.specfile` file, which can be found with this +README file in the source RPM or installed in the documentation tree +by the `java-11-openjdk-headless` RPM. + +Once the modified `java-11-openjdk-portable` RPMs are built, they +should be installed and will produce a number of tarballs in the +`/usr/lib/jvm` directory. The `java-11-openjdk` RPMs can then be +built, which will use these tarballs to create the usual RPMs found in +RHEL. The `java-11-openjdk-portable` RPMs can be uninstalled once the +desired final RPMs are produced. + +Note that the `java-11-openjdk.spec` file has a hard requirement on +the exact version of java-11-openjdk-portable to use, so this will +need to be modified if the version or rpmrelease values are changed in +`java-11-openjdk-portable.specfile`. + +To reduce the number of RPMs involved, the `fastdebug` and `slowdebug` +builds may be disabled using `--without fastdebug` and `--without +slowdebug`. diff --git a/SOURCES/java-11-openjdk-portable.specfile b/SOURCES/java-11-openjdk-portable.specfile new file mode 100644 index 0000000..e5a64f2 --- /dev/null +++ b/SOURCES/java-11-openjdk-portable.specfile @@ -0,0 +1,2473 @@ +# debug_package %%{nil} is portable-jdks specific +%define debug_package %{nil} + +# RPM conditionals so as to be able to dynamically produce +# slowdebug/release builds. See: +# http://rpm.org/user_doc/conditional_builds.html +# +# Examples: +# +# Produce release, fastdebug *and* slowdebug builds on x86_64 (default): +# $ rpmbuild -ba java-11-openjdk.spec +# +# Produce only release builds (no slowdebug builds) on x86_64: +# $ rpmbuild -ba java-11-openjdk.spec --without slowdebug --without fastdebug +# +# Only produce a release build on x86_64: +# $ rhpkg mockbuild --without slowdebug --without fastdebug + +# Enable fastdebug builds by default on relevant arches. +%bcond_without fastdebug +# Enable slowdebug builds by default on relevant arches. +%bcond_without slowdebug +# Enable release builds by default on relevant arches. +%bcond_without release +# Enable static library builds by default. +%bcond_without staticlibs +# Remove build artifacts by default +%bcond_with artifacts +# Build a fresh libjvm.so for use in a copy of the bootstrap JDK +%bcond_without fresh_libjvm +# Build with system libraries +%bcond_with system_libs + +# Workaround for stripping of debug symbols from static libraries +%if %{with staticlibs} +%define __brp_strip_static_archive %{nil} +%global include_staticlibs 1 +%else +%global include_staticlibs 0 +%endif + +# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so +%if %{with fresh_libjvm} +%global build_hotspot_first 1 +%else +%global build_hotspot_first 0 +%endif + +%if %{with system_libs} +%global system_libs 1 +%global link_type system +%global freetype_lib %{nil} +%else +%global system_libs 0 +%global link_type bundled +%global freetype_lib |libfreetype[.]so.* +%endif + +# The -g flag says to use strip -g instead of full strip on DSOs or EXEs. +# This fixes detailed NMT and other tools which need minimal debug info. +# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 +%global _find_debuginfo_opts -g + +# note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros +# also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch +# see the difference between global and define: +# See https://github.com/rpm-software-management/rpm/issues/127 to comments at "pmatilai commented on Aug 18, 2017" +# (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192) +%global debug_suffix_unquoted -slowdebug +%global fastdebug_suffix_unquoted -fastdebug +%global main_suffix_unquoted -main +%global staticlibs_suffix_unquoted -staticlibs +# quoted one for shell operations +%global debug_suffix "%{debug_suffix_unquoted}" +%global fastdebug_suffix "%{fastdebug_suffix_unquoted}" +%global normal_suffix "" +%global main_suffix "%{main_suffix_unquoted}" +%global staticlibs_suffix "%{staticlibs_suffix_unquoted}" + +%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. +%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. +%global debug_on unoptimised with full debugging on +%global fastdebug_on optimised with full debugging on +%global for_fastdebug for packages with debugging on and optimisation +%global for_debug for packages with debugging on and no optimisation + +%if %{with release} +%global include_normal_build 1 +%else +%global include_normal_build 0 +%endif + +%if %{include_normal_build} +%global normal_build %{normal_suffix} +%else +%global normal_build %{nil} +%endif + +# We have hardcoded list of files, which is appearing in alternatives, and in files +# in alternatives those are slaves and master, very often triplicated by man pages +# in files all masters and slaves are ghosted +# the ghosts are here to allow installation via query like `dnf install /usr/bin/java` +# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ +# TODO - fix those hardcoded lists via single list +# Those files must *NOT* be ghosted for *slowdebug* packages +# FIXME - if you are moving jshell or jlink or similar, always modify all three sections +# you can check via headless and devels: +# rpm -ql --noghost java-11-openjdk-headless-11.0.1.13-8.fc29.x86_64.rpm | grep bin +# == rpm -ql java-11-openjdk-headless-slowdebug-11.0.1.13-8.fc29.x86_64.rpm | grep bin +# != rpm -ql java-11-openjdk-headless-11.0.1.13-8.fc29.x86_64.rpm | grep bin +# similarly for other %%{_jvmdir}/{jre,java} and %%{_javadocdir}/{java,java-zip} +%define is_release_build() %( if [ "%{?1}" == "%{debug_suffix_unquoted}" -o "%{?1}" == "%{fastdebug_suffix_unquoted}" ]; then echo "0" ; else echo "1"; fi ) + +# while JDK is a techpreview(is_system_jdk=0), some provides are turned off. Once jdk stops to be an techpreview, move it to 1 +# as sytem JDK, we mean any JDK which can run whole system java stack without issues (like bytecode issues, module issues, dependencies...) +%global is_system_jdk 0 + +%global aarch64 aarch64 arm64 armv8 +# we need to distinguish between big and little endian PPC64 +%global ppc64le ppc64le +%global ppc64be ppc64 ppc64p7 +# Set of architectures which support multiple ABIs +%global multilib_arches %{power64} sparc64 x86_64 +# Set of architectures for which we build slowdebug builds +%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x +# Set of architectures for which we build fastdebug builds +%global fastdebug_arches x86_64 ppc64le aarch64 +# Set of architectures with a Just-In-Time (JIT) compiler +%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64 +# Set of architectures which use the Zero assembler port (!jit_arches) +%global zero_arches ppc s390 +# Set of architectures which run a full bootstrap cycle +%global bootstrap_arches %{jit_arches} +# Set of architectures which support SystemTap tapsets +%global systemtap_arches %{jit_arches} +# Set of architectures with a Ahead-Of-Time (AOT) compiler +%global aot_arches x86_64 %{aarch64} +# Set of architectures which support the serviceability agent +%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} +# Set of architectures which support class data sharing +# As of JDK-8005165 in OpenJDK 10, class sharing is not arch-specific +# However, it does segfault on the Zero assembler port, so currently JIT only +%global share_arches %{jit_arches} +# Set of architectures for which we build the Shenandoah garbage collector +%global shenandoah_arches x86_64 %{aarch64} +# Set of architectures for which we build the Z garbage collector +%global zgc_arches x86_64 +# Set of architectures for which alt-java has SSB mitigation +%global ssbd_arches x86_64 +# Set of architectures where we verify backtraces with gdb +# s390x fails on RHEL 7 so we exclude it there +%if (0%{?rhel} > 0 && 0%{?rhel} < 8) +%global gdb_arches %{arm} %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64 %{zero_arches} +%else +%global gdb_arches %{jit_arches} %{zero_arches} +%endif + +# By default, we build a slowdebug build during main build on JIT architectures +%if %{with slowdebug} +%ifarch %{debug_arches} +%global include_debug_build 1 +%else +%global include_debug_build 0 +%endif +%else +%global include_debug_build 0 +%endif + +# On certain architectures, we compile the Shenandoah GC +%ifarch %{shenandoah_arches} +%global use_shenandoah_hotspot 1 +%global shenandoah_feature shenandoahgc +%else +%global use_shenandoah_hotspot 0 +%global shenandoah_feature -shenandoahgc +%endif + +# On certain architectures, we compile the ZGC +%ifarch %{zgc_arches} +%global use_zgc_hotspot 1 +%global zgc_feature zgc +%else +%global use_zgc_hotspot 0 +%global zgc_feature -zgc +%endif + +# By default, we build a fastdebug build during main build only on fastdebug architectures +%if %{with fastdebug} +%ifarch %{fastdebug_arches} +%global include_fastdebug_build 1 +%else +%global include_fastdebug_build 0 +%endif +%else +%global include_fastdebug_build 0 +%endif + +%if %{include_debug_build} +%global slowdebug_build %{debug_suffix} +%else +%global slowdebug_build %{nil} +%endif + +%if %{include_fastdebug_build} +%global fastdebug_build %{fastdebug_suffix} +%else +%global fastdebug_build %{nil} +%endif + +# If you disable all builds, then the build fails +# Build and test slowdebug first as it provides the best diagnostics +%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} + +%if %{include_staticlibs} +%global staticlibs_loop %{staticlibs_suffix} +%else +%global staticlibs_loop %{nil} +%endif + +%if 0%{?flatpak} +%global bootstrap_build false +%else +%ifarch %{bootstrap_arches} +%global bootstrap_build true +%else +%global bootstrap_build false +%endif +%endif + +%if %{include_staticlibs} +# Extra target for producing the static-libraries. Separate from +# other targets since this target is configured to use in-tree +# AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib +# and possibly others +%global static_libs_target static-libs-image +%else +%global static_libs_target %{nil} +%endif + +# The static libraries are produced under the same configuration as the main +# build for portables, as we expect in-tree libraries to be used throughout. +# If system libraries are enabled, the static libraries will also use them +# which may cause issues. +%global bootstrap_targets images %{static_libs_target} legacy-jre-image +%global release_targets images docs-zip %{static_libs_target} legacy-jre-image +# No docs nor bootcycle for debug builds +%global debug_targets images %{static_libs_target} legacy-jre-image +# Target to use to just build HotSpot +%global hotspot_target hotspot + +# JDK to use for bootstrapping +%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk + +# Disable LTO as this causes build failures at the moment. +# See RHBZ#1861401 +%define _lto_cflags %{nil} + +# Filter out flags from the optflags macro that cause problems with the OpenJDK build +# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 +# We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) +# We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings +# We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++ +%global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat -Wno-cpp|' | sed -r -e 's|-O[0-9]*||') +%global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||') +%global ourldflags %{__global_ldflags} + +# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path +# the initialization must be here. Later the pkg-config have buggy behavior +# looks like openjdk RPM specific bug +# Always set this so the nss.cfg file is not broken +%global NSS_LIBDIR %(pkg-config --variable=libdir nss) + +# In some cases, the arch used by the JDK does +# not match _arch. +# Also, in some cases, the machine name used by SystemTap +# does not match that given by _target_cpu +%ifarch x86_64 +%global archinstall amd64 +%global stapinstall x86_64 +%endif +%ifarch ppc +%global archinstall ppc +%global stapinstall powerpc +%endif +%ifarch %{ppc64be} +%global archinstall ppc64 +%global stapinstall powerpc +%endif +%ifarch %{ppc64le} +%global archinstall ppc64le +%global stapinstall powerpc +%endif +%ifarch %{ix86} +%global archinstall i686 +%global stapinstall i386 +%endif +%ifarch ia64 +%global archinstall ia64 +%global stapinstall ia64 +%endif +%ifarch s390 +%global archinstall s390 +%global stapinstall s390 +%endif +%ifarch s390x +%global archinstall s390x +%global stapinstall s390 +%endif +%ifarch %{arm} +%global archinstall arm +%global stapinstall arm +%endif +%ifarch %{aarch64} +%global archinstall aarch64 +%global stapinstall arm64 +%endif +# 32 bit sparc, optimized for v9 +%ifarch sparcv9 +%global archinstall sparc +%global stapinstall %{_target_cpu} +%endif +# 64 bit sparc +%ifarch sparc64 +%global archinstall sparcv9 +%global stapinstall %{_target_cpu} +%endif +# Need to support noarch for srpm build +%ifarch noarch +%global archinstall %{nil} +%global stapinstall %{nil} +%endif + +# always off for portable builds +%ifarch %{systemtap_arches} +%global with_systemtap 0 +%else +%global with_systemtap 0 +%endif + +# New Version-String scheme-style defines +%global featurever 11 +%global interimver 0 +%global updatever 19 +%global patchver 0 +# buildjdkver is usually same as %%{featurever}, +# but in time of bootstrap of next jdk, it is featurever-1, +# and this it is better to change it here, on single place +%global buildjdkver %{featurever} +# Add LTS designator for RHEL builds +%if 0%{?rhel} + %global lts_designator "LTS" + %global lts_designator_zip -%{lts_designator} +%else + %global lts_designator "" + %global lts_designator_zip "" +%endif + +# Define vendor information used by OpenJDK +%global oj_vendor Red Hat, Inc. +%global oj_vendor_url https://www.redhat.com/ +# Define what url should JVM offer in case of a crash report +# order may be important, epel may have rhel declared +%if 0%{?epel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{component}&version=epel%{epel} +%else +%if 0%{?fedora} +# Does not work for rawhide, keeps the version field empty +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} +%else +%if 0%{?rhel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component} +%else +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi +%endif +%endif +%endif +%global oj_vendor_version (Red_Hat-%{version}-%{rpmrelease}) + +# Define IcedTea version used for SystemTap tapsets and desktop file +%global icedteaver 6.0.0pre00-c848b93a8598 +# Define current Git revision for the FIPS support patches +%global fipsver b34fb09a5c + +# Standard JPackage naming and versioning defines +%global origin openjdk +%global origin_nice OpenJDK +%global top_level_dir_name %{origin} +%global top_level_dir_name_backup %{top_level_dir_name}-backup +%global buildver 7 +%global rpmrelease 2 +#%%global tagsuffix %%{nil} +# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit +%if %is_system_jdk +# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions +# It is very unlikely we will ever have a patch version > 4 or a build version > 20, so we combine as (patch * 20) + build. +# This means 11.0.9.0+11 would have had a priority of 11000911 as before +# A 11.0.9.1+1 would have had a priority of 11000921 (20 * 1 + 1), thus ensuring it is bigger than 11.0.9.0+11 +%global combiver $( expr 20 '*' %{patchver} + %{buildver} ) +%global priority %( printf '%02d%02d%02d%02d' %{featurever} %{interimver} %{updatever} %{combiver} ) +%else +# for techpreview, using 1, so slowdebugs can have 0 +%global priority %( printf '%08d' 1 ) +%endif +%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} + +# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames +%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) + +# The tag used to create the OpenJDK tarball +%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} + +%global javaver %{featurever} + +# Define milestone (EA for pre-releases, GA for releases) +# Release will be (where N is usually a number starting at 1): +# - 0.N%%{?extraver}%%{?dist} for EA releases, +# - N%%{?extraver}{?dist} for GA releases +%global is_ga 1 +%if %{is_ga} +%global ea_designator "" +%global ea_designator_zip "" +%global extraver %{nil} +%global eaprefix %{nil} +%else +%global ea_designator ea +%global ea_designator_zip -%{ea_designator} +%global extraver .%{ea_designator} +%global eaprefix 0. +%endif + +# parametrized macros are order-sensitive +%global compatiblename java-%{featurever}-%{origin} +%global fullversion %{compatiblename}-%{version}-%{release} +# images directories from upstream build +%global jdkimage jdk +%global static_libs_image static-libs +# output dir stub +%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}} +%define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}} +%define packageoutputdir() %{expand:packages/jdk%{featurever}.packages%{?1}} +# we can copy the javadoc to not arched dir, or make it not noarch +%define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}} +# main id and dir of this jdk +%define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} +# portable only declarations +%global jreimage jre +%define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.jre.;g" | sed "s;openjdkportable;el;g") +%define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.jdk.;g" | sed "s;openjdkportable;el;g") +%define staticlibsportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable%{1}.static-libs.;g" | sed "s;openjdkportable;el;g") +%define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz} +%define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz} +%define staticlibsportablearchive() %{expand:%{staticlibsportablenameimpl -- %%{1}}.tar.xz} +%define jreportablename() %{expand:%{jreportablenameimpl -- %%{1}}} +%define jdkportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} +# Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on +# top of the JDK archive +%define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} +%define docportablename() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable.docs.;g" | sed "s;openjdkportable;el;g") +%define docportablearchive() %{docportablename}.tar.xz +%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;el8\\(_[0-9]\\)*;portable.misc.;g" | sed "s;openjdkportable;el;g") +%define miscportablearchive() %{miscportablename}.tar.xz + +################################################################# +# fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349 +# https://bugzilla.redhat.com/show_bug.cgi?id=1590796#c14 +# https://bugzilla.redhat.com/show_bug.cgi?id=1655938 +%global _privatelibs libsplashscreen[.]so.*|libawt_xawt[.]so.*|libjli[.]so.*|libattach[.]so.*|libawt[.]so.*|libextnet[.]so.*|libawt_headless[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjimage[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmanagement_agent[.]so.*|libmanagement_ext[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libprefs[.]so.*|librmi[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*%{freetype_lib} +%global _publiclibs libjawt[.]so.*|libjava[.]so.*|libjvm[.]so.*|libverify[.]so.*|libjsig[.]so.* +%if %is_system_jdk +%global __provides_exclude ^(%{_privatelibs})$ +%global __requires_exclude ^(%{_privatelibs})$ +# Never generate lib-style provides/requires for any debug packages +%global __provides_exclude_from ^.*/%{uniquesuffix -- %{debug_suffix_unquoted}}/.*$ +%global __requires_exclude_from ^.*/%{uniquesuffix -- %{debug_suffix_unquoted}}/.*$ +%global __provides_exclude_from ^.*/%{uniquesuffix -- %{fastdebug_suffix_unquoted}}/.*$ +%global __requires_exclude_from ^.*/%{uniquesuffix -- %{fastdebug_suffix_unquoted}}/.*$ +%else +# Don't generate provides/requires for JDK provided shared libraries at all. +%global __provides_exclude ^(%{_privatelibs}|%{_publiclibs})$ +%global __requires_exclude ^(%{_privatelibs}|%{_publiclibs})$ +%endif + + +%global etcjavasubdir %{_sysconfdir}/java/java-%{javaver}-%{origin} +%define etcjavadir() %{expand:%{etcjavasubdir}/%{uniquesuffix -- %{?1}}} +# Standard JPackage directories and symbolic links. +%define sdkdir() %{expand:%{uniquesuffix -- %{?1}}} +%define jrelnk() %{expand:jre-%{javaver}-%{origin}-%{version}-%{release}.%{_arch}%{?1}} + +%define sdkbindir() %{expand:%{_jvmdir}/%{sdkdir -- %{?1}}/bin} +%define jrebindir() %{expand:%{_jvmdir}/%{sdkdir -- %{?1}}/bin} + +%global alt_java_name alt-java + +%global rpm_state_dir %{_localstatedir}/lib/rpm-state/ + +# For flatpack builds hard-code /usr/sbin/alternatives, +# otherwise use %%{_sbindir} relative path. +%if 0%{?flatpak} +%global alternatives_requires /usr/sbin/alternatives +%else +%global alternatives_requires %{_sbindir}/alternatives +%endif + +%if %{with_systemtap} +# Where to install systemtap tapset (links) +# We would like these to be in a package specific sub-dir, +# but currently systemtap doesn't support that, so we have to +# use the root tapset dir for now. To distinguish between 64 +# and 32 bit architectures we place the tapsets under the arch +# specific dir (note that systemtap will only pickup the tapset +# for the primary arch for now). Systemtap uses the machine name +# aka target_cpu as architecture specific directory name. +%global tapsetroot /usr/share/systemtap +%global tapsetdirttapset %{tapsetroot}/tapset/ +%global tapsetdir %{tapsetdirttapset}/%{stapinstall} +%endif + +# Portables have no repo (requires/provides), but these are awesome for orientation in spec +# Also scriptlets are happily missing and files are handled old fashion +# not-duplicated requires/provides/obsoletes for normal/debug packages +%define java_rpo() %{expand: +} + +%define java_devel_rpo() %{expand: +} + +%define java_static_libs_rpo() %{expand: +} + +%define java_unstripped_rpo() %{expand: +} + +%define java_docs_rpo() %{expand: +} + +%define java_misc_rpo() %{expand: +} + +# Prevent brp-java-repack-jars from being run +%global __jar_repack 0 + +# portables have grown out of its component, moving back to java-x-vendor +# this expression, when declared as global, filled component with java-x-vendor portable +%define component %(echo %{name} | sed "s;-portable;;g") + +Name: java-%{javaver}-%{origin}-portable +Version: %{newjavaver}.%{buildver} +Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} +# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons +# and this change was brought into RHEL-4. java-1.5.0-ibm packages +# also included the epoch in their virtual provides. This created a +# situation where in-the-wild java-1.5.0-ibm packages provided "java = +# 1:1.5.0". In RPM terms, "1.6.0 < 1:1.5.0" since 1.6.0 is +# interpreted as 0:1.6.0. So the "java >= 1.6.0" requirement would be +# satisfied by the 1:1.5.0 packages. Thus we need to set the epoch in +# JDK package >= 1.6.0 to 1, and packages referring to JDK virtual +# provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". + +Epoch: 1 +Summary: %{origin_nice} %{featurever} Runtime Environment portable edition +%if 0%{?rhel} <= 8 +Group: Development/Languages +%endif + +# HotSpot code is licensed under GPLv2 +# JDK library code is licensed under GPLv2 with the Classpath exception +# The Apache license is used in code taken from Apache projects (primarily xalan & xerces) +# DOM levels 2 & 3 and the XML digital signature schemas are licensed under the W3C Software License +# The JSR166 concurrency code is in the public domain +# The BSD and MIT licenses are used for a number of third-party libraries (see ADDITIONAL_LICENSE_INFO) +# The OpenJDK source tree includes: +# - JPEG library (IJG), zlib & libpng (zlib), giflib (MIT), harfbuzz (ISC), +# - freetype (FTL), jline (BSD) and LCMS (MIT) +# - jquery (MIT), jdk.crypto.cryptoki PKCS 11 wrapper (RSA) +# - public_suffix_list.dat from publicsuffix.org (MPLv2.0) +# The test code includes copies of NSS under the Mozilla Public License v2.0 +# The PCSClite headers are under a BSD with advertising license +# The elliptic curve cryptography (ECC) source code is licensed under the LGPLv2.1 or any later version +License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib and ISC and FTL and RSA +URL: http://openjdk.java.net/ + + +# to regenerate source0 (jdk) run update_package.sh +# update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives +Source0: openjdk-jdk%{featurever}u-%{vcstag}-4curve.tar.xz + +# Use 'icedtea_sync.sh' to update the following +# They are based on code contained in the IcedTea project (6.x). +# Systemtap tapsets. Zipped up to keep it small. +# Disabled in portables +#Source8: tapsets-icedtea-%%{icedteaver}.tar.xz + +# Desktop files. Adapted from IcedTea +# Disabled in portables +#Source9: jconsole.desktop.in + +# Release notes +Source10: NEWS + +# nss configuration file +Source11: nss.cfg.in + +# Removed libraries that we link instead +Source12: remove-intree-libraries.sh + +# Ensure we aren't using the limited crypto policy +Source13: TestCryptoLevel.java + +# Ensure ECDSA is working +Source14: TestECDSA.java + +# Verify system crypto (policy) can be disabled via a property +Source15: TestSecurityProperties.java + +# Ensure vendor settings are correct +Source16: CheckVendor.java + +# nss fips configuration file +Source17: nss.fips.cfg.in + +# Ensure translations are available for new timezones +Source18: TestTranslations.java + +############################################ +# +# RPM/distribution specific patches +# +############################################ + +# Ignore AWTError when assistive technologies are loaded +Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch +# NSS via SunPKCS11 Provider (disabled due to memory leak). +Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639) +Patch600: rh1750419-redhat_alt_java.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1842572-rsa_default_for_keytool.patch + +# Crypto policy and FIPS support patches +# Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips +# as follows: git diff %%{vcstag} src make test > fips-11u-$(git show -s --format=%h HEAD).patch +# Diff is limited to src and make subdirectories to exclude .github changes +# Fixes currently included: +# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy +# PR3695: Allow use of system crypto policy to be disabled by the user +# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider +# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode +# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available +# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess +# RH1929465: Improve system FIPS detection +# RH1996182: Login to the NSS software token in FIPS mode +# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false +# RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance +# RH2021263: Return in C code after having generated Java exception +# RH2052819: Improve Security initialisation, now FIPS support no longer relies on crypto policy support +# RH2051605: Detect NSS at Runtime for FIPS detection +# RH2052819: Fix FIPS reliance on crypto policies +# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +# RH2090378: Revert to disabling system security properties and FIPS mode support together +Patch1001: fips-11u-%{fipsver}.patch + +############################################# +# +# Shenandoah specific patches +# +############################################# + +# Currently empty + +############################################# +# +# Upstreamable patches +# +# This section includes patches which need to +# be reviewed & pushed to the current development +# tree of OpenJDK. +############################################# +Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch + +############################################# +# +# Backportable patches +# +# This section includes patches which are +# present in the current development tree, but +# need to be reviewed & pushed to the appropriate +# updates tree of OpenJDK. +############################################# +Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch + +############################################# +# +# Patches appearing in 11.0.20 +# +# This section includes patches which are present +# in the listed OpenJDK 11u release and should be +# able to be removed once that release is out +# and used by this RPM. +############################################# +# JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile +Patch2002: jdk8274864-remove_amman_cairo_hacks.patch +# JDK-8305113: (tz) Update Timezone Data to 2023c +Patch2003: jdk8305113-tzdata2023c.patch + +############################################# +# +# Portable build specific patches +# +############################################# + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: alsa-lib-devel +BuildRequires: binutils +BuildRequires: cups-devel +BuildRequires: desktop-file-utils +# elfutils only are OK for build without AOT +BuildRequires: elfutils-devel +BuildRequires: file +BuildRequires: fontconfig-devel +BuildRequires: gcc-c++ +BuildRequires: gdb +BuildRequires: libxslt +BuildRequires: libX11-devel +BuildRequires: libXi-devel +BuildRequires: libXinerama-devel +BuildRequires: libXrandr-devel +BuildRequires: libXrender-devel +BuildRequires: libXt-devel +BuildRequires: libXtst-devel +# Requirement for setting up nss.cfg and nss.fips.cfg +BuildRequires: nss-devel +# Requirement for system security property test +# N/A for portable. RHEL7 doesn't provide them +# and policy support is turned off +#BuildRequires: crypto-policies +BuildRequires: pkgconfig +BuildRequires: xorg-x11-proto-devel +BuildRequires: zip +# to pack portable tarballs +BuildRequires: tar +BuildRequires: unzip +# No javapackages-filesystem on el7,nor is needed for portables +# BuildRequires: javapackages-filesystem +BuildRequires: java-%{buildjdkver}-openjdk-devel +# Zero-assembler build requirement +%ifarch %{zero_arches} +BuildRequires: libffi-devel +%endif +# 2023c required as of JDK-8305113 +#BuildRequires: tzdata-java >= 2023c +# Temporarily lowering requirement until https://errata.devel.redhat.com/advisory/112353 ships +BuildRequires: tzdata-java >= 2022g +# cacerts build requirement in portable mode +BuildRequires: ca-certificates +# Earlier versions have a bug in tree vectorization on PPC +BuildRequires: gcc >= 4.8.3-8 + +%if %{with_systemtap} +BuildRequires: systemtap-sdt-devel +%endif +BuildRequires: make + +%if %{system_libs} +BuildRequires: freetype-devel +BuildRequires: giflib-devel +BuildRequires: harfbuzz-devel +BuildRequires: lcms2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +%else +# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h +Provides: bundled(freetype) = 2.12.1 +# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h +Provides: bundled(giflib) = 5.2.1 +# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h +Provides: bundled(harfbuzz) = 4.4.1 +# Version in src/java.desktop/share/native/liblcms/lcms2.h +Provides: bundled(lcms2) = 2.12.0 +# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h +Provides: bundled(libjpeg) = 6b +# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h +Provides: bundled(libpng) = 1.6.37 +# We link statically against libstdc++ to increase portability +BuildRequires: libstdc++-static +%endif + +# this is always built, also during debug-only build +# when it is built in debug-only this package is just placeholder +%{java_rpo %{nil}} + +%description +The %{origin_nice} %{featurever} runtime environment - portable edition. + +%if %{include_debug_build} +%package slowdebug +Summary: %{origin_nice} %{featurever} Runtime Environment portable edition %{debug_on} +%if 0%{?rhel} <= 8 +Group: Development/Languages +%endif + +%{java_rpo -- %{debug_suffix_unquoted}} +%description slowdebug +The %{origin_nice} %{featurever} runtime environment - portable edition. +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package fastdebug +Summary: %{origin_nice} %{featurever} Runtime Environment portable edition %{fastdebug_on} +%if 0%{?rhel} <= 8 +Group: Development/Languages +%endif + +%{java_rpo -- %{fastdebug_suffix_unquoted}} +%description fastdebug +The %{origin_nice} %{featurever} runtime environment - portable edition. +%{fastdebug_warning} +%endif + +%if %{include_normal_build} +%package devel +Summary: %{origin_nice} %{featurever} Development Environment portable edition +%if 0%{?rhel} <= 8 +Group: Development/Languages +%endif + +%{java_devel_rpo %{nil}} + +%description devel +The %{origin_nice} %{featurever} development tools - portable edition. +%endif + +%if %{include_debug_build} +%package devel-slowdebug +Summary: %{origin_nice} %{featurever} Runtime and Development Environment portable edition %{debug_on} +%if 0%{?rhel} <= 8 +Group: Development/Languages +%endif + +%{java_devel_rpo -- %{debug_suffix_unquoted}} + +%description devel-slowdebug +The %{origin_nice} %{featurever} development tools - portable edition. +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package devel-fastdebug +Summary: %{origin_nice} %{featurever} Runtime and Development Environment portable edition %{fastdebug_on} +Group: Development/Tools + +%{java_devel_rpo -- %{fastdebug_suffix_unquoted}} + +%description devel-fastdebug +The %{origin_nice} %{featurever} runtime environment and development tools - portable edition +%{fastdebug_warning} +%endif + +%if %{include_staticlibs} + +%if %{include_normal_build} +%package static-libs +Summary: %{origin_nice} %{featurever} libraries for static linking - portable edition + +%{java_static_libs_rpo %{nil}} + +%description static-libs +The %{origin_nice} %{featurever} libraries for static linking - portable edition. +%endif + +%if %{include_debug_build} +%package static-libs-slowdebug +Summary: %{origin_nice} %{featurever} libraries for static linking - portable edition %{debug_on} + +%{java_static_libs_rpo -- %{debug_suffix_unquoted}} + +%description static-libs-slowdebug +The %{origin_nice} %{featurever} libraries for static linking - portable edition +%{debug_warning} +%endif + +%if %{include_fastdebug_build} +%package static-libs-fastdebug +Summary: %{origin_nice} %{featurever} libraries for static linking - portable edition %{fastdebug_on} + +%{java_static_libs_rpo -- %{fastdebug_suffix_unquoted}} + +%description static-libs-fastdebug +The %{origin_nice} %{featurever} libraries for static linking - portable edition +%{fastdebug_warning} +%endif + +# staticlibs +%endif + +%if %{include_normal_build} +%package unstripped +Summary: The %{origin_nice} %{featurever} runtime environment. + +%{java_unstripped_rpo %{nil}} + +%description unstripped +The %{origin_nice} %{featurever} runtime environment. + +%endif + +%package docs +Summary: %{origin_nice} %{featurever} API documentation + +%{java_docs_rpo %{nil}} + +%description docs +The %{origin_nice} %{featurever} API documentation. + +%package misc +Summary: %{origin_nice} %{featurever} miscellany + +%{java_misc_rpo %{nil}} + +%description misc +The %{origin_nice} %{featurever} miscellany. + +%prep + +echo "Preparing %{oj_vendor_version}" + +# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-( +%if 0%{?stapinstall:1} + echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}" +%else + %{error:Unrecognised architecture %{_target_cpu}} +%endif + +if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then + echo "include_normal_build is %{include_normal_build}" +else + echo "include_normal_build is %{include_normal_build}, that is invalid. Use 1 for yes or 0 for no" + exit 11 +fi +if [ %{include_debug_build} -eq 0 -o %{include_debug_build} -eq 1 ] ; then + echo "include_debug_build is %{include_debug_build}" +else + echo "include_debug_build is %{include_debug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 12 +fi +if [ %{include_fastdebug_build} -eq 0 -o %{include_fastdebug_build} -eq 1 ] ; then + echo "include_fastdebug_build is %{include_fastdebug_build}" +else + echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no" + exit 13 +fi +if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then + echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go." + exit 14 +fi +%setup -q -c -n %{uniquesuffix ""} -T -a 0 +# https://bugzilla.redhat.com/show_bug.cgi?id=1189084 +prioritylength=`expr length %{priority}` +if [ $prioritylength -ne 8 ] ; then + echo "priority must be 8 digits in total, violated" + exit 14 +fi + +# OpenJDK patches +%if %{system_libs} +# Remove libraries that are linked by both static and dynamic builds +sh %{SOURCE12} %{top_level_dir_name} +%endif + +# Patch the JDK +pushd %{top_level_dir_name} +%patch1 -p1 +%patch3 -p1 +# Add crypto policy and FIPS support +%patch1001 -p1 +# nss.cfg PKCS11 support; must come last as it also alters java.security +%patch1000 -p1 +# PKCS11 SHA3 backport +%patch2001 -p1 +# tzdata update +%patch2002 -p1 +%patch2003 -p1 +popd # openjdk + +%patch600 +%patch1003 + +# Extract systemtap tapsets +%if %{with_systemtap} +tar --strip-components=1 -x -I xz -f %{SOURCE8} +%if %{include_debug_build} +cp -r tapset tapset%{debug_suffix} +%endif +%if %{include_fastdebug_build} +cp -r tapset tapset%{fastdebug_suffix} +%endif + +for suffix in %{build_loop} ; do + for file in "tapset"$suffix/*.in; do + OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` + sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1 + sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2 +# TODO find out which architectures other than i686 have a client vm +%ifarch %{ix86} + sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE +%else + sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE +%endif + sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE + sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE + sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE + done +done +# systemtap tapsets ends +%endif + +# Prepare desktop files +# Portables do not have desktop integration + +# Setup nss.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg + +# Setup nss.fips.cfg +sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg + +%build +# How many CPU's do we have? +export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) +export NUM_PROC=${NUM_PROC:-1} +%if 0%{?_smp_ncpus_max} +# Honor %%_smp_ncpus_max +[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} +%endif + +%ifarch s390x sparc64 alpha %{power64} %{aarch64} +export ARCH_DATA_MODEL=64 +%endif +%ifarch alpha +export CFLAGS="$CFLAGS -mieee" +%endif + +# We use ourcppflags because the OpenJDK build seems to +# pass EXTRA_CFLAGS to the HotSpot C++ compiler... +EXTRA_CFLAGS="%ourcppflags -Wno-error" +EXTRA_CPP_FLAGS="%ourcppflags" + +%ifarch %{power64} ppc +# fix rpmlint warnings +EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" +%endif +%ifarch %{ix86} +# Align stack boundary on x86_32 +EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')" +EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')" +%endif +# Fixes annocheck warnings in assembler files due to missing build notes +EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" +export EXTRA_CFLAGS EXTRA_CPP_FLAGS EXTRA_ASFLAGS + +function buildjdk() { + local outputdir=${1} + local buildjdk=${2} + local maketargets="${3}" + local debuglevel=${4} + local link_opt=${5} + local debug_symbols=${6} + + local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} + local top_dir_abs_build_path=$(pwd)/${outputdir} + + # This must be set using the global, so that the + # static libraries still use a dynamic stdc++lib + if [ "x%{link_type}" = "xbundled" ] ; then + libc_link_opt="static"; + else + libc_link_opt="dynamic"; + fi + + echo "Using output directory: ${outputdir}"; + echo "Checking build JDK ${buildjdk} is operational..." + ${buildjdk}/bin/java -version + echo "Using make targets: ${maketargets}" + echo "Using debuglevel: ${debuglevel}" + echo "Using link_opt: ${link_opt}" + echo "Using debug_symbols: ${debug_symbols}" + echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}" + + mkdir -p ${outputdir} + pushd ${outputdir} + + # Note: zlib and freetype use %{link_type} + # rather than ${link_opt} as the system versions + # are always used in a system_libs build, even + # for the static library build + bash ${top_dir_abs_src_path}/configure \ +%ifarch %{zero_arches} + --with-jvm-variants=zero \ +%endif +%ifarch %{ppc64le} + --with-jobs=1 \ +%endif + --with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \ + --with-version-build=%{buildver} \ + --with-version-pre="%{ea_designator}" \ + --with-version-opt="%{lts_designator}" \ + --with-vendor-version-string="%{oj_vendor_version}" \ + --with-vendor-name="%{oj_vendor}" \ + --with-vendor-url="%{oj_vendor_url}" \ + --with-vendor-bug-url="%{oj_vendor_bug_url}" \ + --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ + --with-boot-jdk=${buildjdk} \ + --with-debug-level=${debuglevel} \ + --with-native-debug-symbols="${debug_symbols}" \ + --disable-sysconf-nss \ + --enable-unlimited-crypto \ + --with-zlib=%{link_type} \ + --with-freetype=%{link_type} \ + --with-libjpeg=${link_opt} \ + --with-giflib=${link_opt} \ + --with-libpng=${link_opt} \ + --with-lcms=${link_opt} \ + --with-harfbuzz=${link_opt} \ + --with-stdc++lib=${libc_link_opt} \ + --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ + --with-extra-cflags="$EXTRA_CFLAGS" \ + --with-extra-asflags="$EXTRA_ASFLAGS" \ + --with-extra-ldflags="%{ourldflags}" \ + --with-num-cores="$NUM_PROC" \ + --disable-javac-server \ + --with-jvm-features="%{shenandoah_feature},%{zgc_feature}" \ + --disable-warnings-as-errors + + cat spec.gmk + + make JAVAC_FLAGS=-g LOG=trace $maketargets || \ + ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false ) + + popd +} + +function installjdk() { + local outputdir=${1} + local installdir=${2} + local jdkimagepath=${installdir}/images/%{jdkimage} + local jreimagepath=${installdir}/images/%{jreimage} + + echo "Installing build from ${outputdir} to ${installdir}..." + mkdir -p ${installdir} + echo "Installing images..." + mv ${outputdir}/images ${installdir} + if [ -d ${outputdir}/bundles ] ; then + echo "Installing bundles..."; + mv ${outputdir}/bundles ${installdir} ; + fi + +%if !%{with artifacts} + echo "Removing output directory..."; + rm -rf ${outputdir} +%endif + + for imagepath in ${jdkimagepath} ${jreimagepath} ; do + + if [ -d ${imagepath} ] ; then + # the build (erroneously) removes read permissions from some jars + # this is a regression in OpenJDK 7 (our compiler): + # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 + find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; + + # Build screws up permissions on binaries + # https://bugs.openjdk.java.net/browse/JDK-8173610 + find ${imagepath} -iname '*.so' -exec chmod +x {} \; + find ${imagepath}/bin/ -exec chmod +x {} \; + + # Install local files which are distributed with the JDK + install -m 644 %{SOURCE10} ${imagepath} + install -m 644 nss.cfg ${imagepath}/conf/security/ + install -m 644 nss.fips.cfg ${imagepath}/conf/security/ + + # Create fake alt-java as a placeholder for future alt-java + pushd ${imagepath} + # add alt-java man page + echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 + cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 + popd + + # Print release information + cat ${imagepath}/release + fi + done +} + +function genchecksum() { + local checkedfile=${1} + + checkdir=$(dirname ${1}) + checkfile=$(basename ${1}) + + echo "Generating checksum for ${checkfile} in ${checkdir}..." + pushd ${checkdir} + sha256sum ${checkfile} > ${checkfile}.sha256sum + sha256sum --check ${checkfile}.sha256sum + popd +} + +function packagejdk() { + local imagesdir=$(pwd)/${1}/images + local docdir=$(pwd)/${1}/images/docs + local bundledir=$(pwd)/${1}/bundles + local packagesdir=$(pwd)/${2} + local srcdir=$(pwd)/%{top_level_dir_name} + + echo "Packaging build from ${imagesdir} to ${packagesdir}..." + mkdir -p ${packagesdir} + pushd ${imagesdir} + + if [ "x$suffix" = "x" ] ; then + nameSuffix="" + else + nameSuffix=`echo "$suffix"| sed s/-/./` + fi + + jdkname=%{jdkportablename -- "$nameSuffix"} + jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} + jrename=%{jreportablename -- "$nameSuffix"} + jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} + staticname=%{staticlibsportablename -- "$nameSuffix"} + staticarchive=${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} + debugarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"} + unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"} + # We only use docs for the release build + docname=%{docportablename} + docarchive=${packagesdir}/%{docportablearchive} + built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip + # These are from the source tree so no debug variants + miscname=%{miscportablename} + miscarchive=${packagesdir}/%{miscportablearchive} + + # Rename directories for packaging + mv %{jdkimage} ${jdkname} + mv %{jreimage} ${jrename} + + # Release images have external debug symbols + if [ "x$suffix" = "x" ] ; then + # Keep the unstripped version for consumption by RHEL RPMs + tar -cJf ${unstrippedarchive} ${jdkname} + genchecksum ${unstrippedarchive} + + # Strip the files + for file in $(find ${jdkname} ${jrename} -type f) ; do + if file ${file} | grep -q 'ELF'; then + noextfile=${file/.so/}; + objcopy --only-keep-debug ${file} ${noextfile}.debuginfo; + objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file}; + strip -g ${file}; + fi + done + + tar -cJf ${debugarchive} $(find ${jdkname} -name \*.debuginfo) + genchecksum ${debugarchive} + + mkdir ${docname} + mv ${docdir} ${docname} + mv ${bundledir}/${built_doc_archive} ${docname} + tar -cJf ${docarchive} ${docname} + genchecksum ${docarchive} + + mkdir ${miscname} + for s in 16 24 32 48 ; do + cp -av ${srcdir}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png ${miscname} + done + cp -a ${srcdir}/src/sample ${miscname} + tar -cJf ${miscarchive} ${miscname} + genchecksum ${miscarchive} + fi + + tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname} + genchecksum ${jdkarchive} + + tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename} + genchecksum ${jrearchive} + +%if %{include_staticlibs} + # Static libraries (needed for building graal vm with native image) + # Tar as overlay. Transform to the JDK name, since we just want to "add" + # static libraries to that folder + tar -cJf ${staticarchive} \ + --transform "s|^%{static_libs_image}/lib/*|${staticname}/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib" + genchecksum ${staticarchive} +%endif + + # Revert directory renaming so testing will run + # TODO: testing should run on the packaged JDK + mv ${jdkname} %{jdkimage} + mv ${jrename} %{jreimage} + + popd #images + +} + +%if %{build_hotspot_first} + # Build a fresh libjvm.so first and use it to bootstrap + cp -LR --preserve=mode,timestamps %{bootjdk} newboot + systemjdk=$(pwd)/newboot + buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" "internal" + mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server +%else + systemjdk=%{bootjdk} +%endif + +for suffix in %{build_loop} ; do + + if [ "x$suffix" = "x" ] ; then + debugbuild=release + else + # change --something to something + debugbuild=`echo $suffix | sed "s/-//g"` + fi + # We build with internal debug symbols and do + # our own stripping for one version of the + # release build + debug_symbols=internal + + builddir=%{buildoutputdir -- ${suffix}} + bootbuilddir=boot${builddir} + installdir=%{installoutputdir -- ${suffix}} + bootinstalldir=boot${installdir} + packagesdir=%{packageoutputdir -- ${suffix}} + + link_opt="%{link_type}" +%if %{system_libs} + # Copy the source tree so we can remove all in-tree libraries + cp -a %{top_level_dir_name} %{top_level_dir_name_backup} + # Remove all libraries that are linked + sh %{SOURCE12} %{top_level_dir_name} full +%endif + # Debug builds don't need same targets as release for + # build speed-up. We also avoid bootstrapping these + # slower builds. + if echo $debugbuild | grep -q "debug" ; then + maketargets="%{debug_targets}" + run_bootstrap=false + else + maketargets="%{release_targets}" + run_bootstrap=%{bootstrap_build} + fi + if ${run_bootstrap} ; then + buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${bootbuilddir} ${bootinstalldir} + buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${builddir} ${installdir} + %{!?with_artifacts:rm -rf ${bootinstalldir}} + else + buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${builddir} ${installdir} + fi + packagejdk ${installdir} ${packagesdir} + +%if %{system_libs} + # Restore original source tree we modified by removing full in-tree sources + rm -rf %{top_level_dir_name} + mv %{top_level_dir_name_backup} %{top_level_dir_name} +%endif + +# build cycles +done # end of release / debug cycle loop + +%check + +# We test debug first as it will give better diagnostics on a crash +for suffix in %{build_loop} ; do + +# portable builds have static_libs embedded, thus top_dir_abs_main_build_path is same as top_dir_abs_staticlibs_build_path +top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}} +%if %{include_staticlibs} +top_dir_abs_staticlibs_build_path=${top_dir_abs_main_build_path} +%endif + +export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage} + +#check Shenandoah is enabled +%if %{use_shenandoah_hotspot} +$JAVA_HOME//bin/java -XX:+UseShenandoahGC -version +%endif + +# Check unlimited policy has been used +$JAVA_HOME/bin/javac -d . %{SOURCE13} +$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel + +# Check ECC is working +$JAVA_HOME/bin/javac -d . %{SOURCE14} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + +# Check system crypto (policy) is active and can be disabled +# Test takes a single argument - true or false - to state whether system +# security properties are enabled or not. +$JAVA_HOME/bin/javac -d . %{SOURCE15} +export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") +export SEC_DEBUG="-Djava.security.debug=properties" +#Portable specific: set false whereas its true for upstream +$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false +$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false + +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}" + +# Check java launcher has no SSB mitigation +if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi + +# Check alt-java launcher has SSB mitigation on supported architectures +%ifarch %{ssbd_arches} +nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation +%else +if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi +%endif + +# Check translations are available for new timezones +$JAVA_HOME/bin/javac -d . %{SOURCE18} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE +$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR + +%if %{include_staticlibs} +# Check debug symbols in static libraries (smoke test) +export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image} +readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c +readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c +%endif + +# Release builds strip the debug symbols into external .debuginfo files +if [ "x$suffix" = "x" ] ; then + so_suffix="debuginfo" +else + so_suffix="so" +fi +# Check debug symbols are present and can identify code +find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib +do + if [ -f "$lib" ] ; then + echo "Testing $lib for debug symbols" + # All these tests rely on RPM failing the build if the exit code of any set + # of piped commands is non-zero. + + # Test for .debug_* sections in the shared object. This is the main test + # Stripped objects will not contain these + eu-readelf -S "$lib" | grep "] .debug_" + test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 + + # Test FILE symbols. These will most likely be removed by anything that + # manipulates symbol tables because it's generally useless. So a nice test + # that nothing has messed with symbols + old_IFS="$IFS" + IFS=$'\n' + for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") + do + # We expect to see .cpp files, except for architectures like aarch64 and + # s390 where we expect .o and .oS files + echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$" + done + IFS="$old_IFS" + + # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking + if [ "`basename $lib`" = "libjvm.so" ]; then + eu-readelf -s "$lib" | \ + grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" + fi + + # Test that there are no .gnu_debuglink sections pointing to another + # debuginfo file. There shouldn't be any debuginfo files, so the link makes + # no sense either + eu-readelf -S "$lib" | grep 'gnu' + if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then + echo "bad .gnu_debuglink section." + eu-readelf -x .gnu_debuglink "$lib" + false + fi + fi +done + +# Make sure gdb can do a backtrace based on line numbers on libjvm.so +# javaCalls.cpp:58 should map to: +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# Using line number 1 might cause build problems. See: +# https://bugzilla.redhat.com/show_bug.cgi?id=1539664 +# https://bugzilla.redhat.com/show_bug.cgi?id=1538767 +gdb -q "$JAVA_HOME/bin/java" < - 1:11.0.19.0.7-2 +- Sync with existing RHEL 8 build, in order to start building portables on RHEL 8 +- Remove use of devtoolset (RHEL 8 native compilers should be sufficient) +- Lower tzdata requirement as build root does not yet contain the 0day tzdata update + +* Tue Apr 18 2023 Andrew Hughes - 1:11.0.19.0.7-2 +- Add missing Swing release note + +* Fri Apr 14 2023 Andrew Hughes - 1:11.0.19.0.7-1 +- Update to jdk-11.0.19.0+7 +- Update release notes to 11.0.19.0+7 +- Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113 +- Reintroduce generate_source_tarball.sh from RHEL 9 +- Update generate_tarball.sh to add support for passing a boot JDK to the configure run +- Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace +- Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs +- Rebase FIPS support against 11.0.19+6 +- Rebase RH1750419 alt-java patch against 11.0.19+6 +- ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** +- Resolves: rhbz#2185182 + +* Mon Feb 27 2023 Andrew Hughes - 1:11.0.18.0.10-6 +- Backport SHA-3 support for PKCS11 provider +- Resolves: rhbz#2108712 + +* Sun Feb 26 2023 Andrew Hughes - 1:11.0.18.0.10-5 +- Add docs, icons and samples to the portable output +- Make sure generated checksums work and don't include full path +- The docs directory is a subdirectory of images, so remove confusing separate copying + +* Sun Feb 26 2023 Andrew Hughes - 1:11.0.18.0.10-4 +- Build with internal debuginfo as in RHEL and then create a stripped variant ourselves for the portable release build +- Restore compiler flags to those used in RHEL +- Drop no longer needed static library patch, as we always have internal debuginfo now + +* Sun Feb 26 2023 Andrew Hughes - 1:11.0.18.0.10-3 +- Separate JDK packaging into a separate function +- Use variables to make it clearer what is going on +- Use a package output directory as we do for building and installing + +* Sat Feb 25 2023 Andrew Hughes - 1:11.0.18.0.10-2 +- Adapt the portable build to use the same system library handling as RHEL builds + +* Fri Jan 13 2023 Andrew Hughes - 1:11.0.18.0.10-2 +- Add missing release note for JDK-8295687 +- Resolves: rhbz#2160111 + +* Wed Jan 11 2023 Andrew Hughes - 1:11.0.18.0.10-1 +- Update to jdk-11.0.18+10 (GA) +- Update release notes to 11.0.18+10 +- Drop local copies of JDK-8294357 & JDK-8295173 now upstream contains tzdata 2022e +- Drop local copy of JDK-8275535 which is finally upstream +- Drop local copy of JDK-8293834 now this is upstream +- Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 +- Update TestTranslations.java to test the new America/Ciudad_Juarez zone +- ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** +- Resolves: rhbz#2160111 + +* Sat Oct 15 2022 Andrew Hughes - 1:11.0.17.0.8-2 +- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 +- Update CLDR data with Europe/Kyiv (JDK-8293834) +- Drop JDK-8292223 patch which we found to be unnecessary +- Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream +- Related: rhbz#2133695 + +* Wed Oct 12 2022 Andrew Hughes - 1:11.0.17.0.8-1 +- Update to jdk-11.0.17+8 (GA) +- Update release notes to 11.0.17+8 +- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853 +- Bump FreeType bundled version to 2.12.1 following JDK-8290334 +- Resolves: rhbz#2133695 + +* Fri Oct 07 2022 Andrew Hughes - 1:11.0.16.1.1-3 +- Switch to using devtoolset-8 (as java-17-openjdk portable build does) as prep for building newer HarfBuzz +- Escape quotes in configure and make arguments so they can be passed to scl +- General cleanup of redundant build dependencies, comments and whitespace + +* Tue Aug 30 2022 Andrew Hughes - 1:11.0.16.1.1-2 +- Switch to static builds, reducing system dependencies and making build more portable +- Resolves: rhbz#2121275 + +* Wed Aug 24 2022 Andrew Hughes - 1:11.0.16.1.1-1 +- Update to jdk-11.0.16.1+1 +- Update release notes to 11.0.16.1+1 +- Add patch to provide translations for Europe/Kyiv added in tzdata2022b +- Add test to ensure timezones can be translated +- Resolves: rhbz#2119528 + +* Sun Jul 17 2022 Andrew Hughes - 1:11.0.16.0.8-1 +- Update to shenandoah-jdk-11.0.16+8 (GA) +- Switch to GA mode for final release. +- Update release notes +- This tarball is embargoed until 2022-07-19 @ 1pm PT. + +* Sat Jul 16 2022 Jayashree Huttanagoudar - 1:11.0.16.0.7-0.1.ea +- Commented out crypto-policies BR as it was failing for portable +- Tweaked line to print release information for portable + +* Sat Jul 16 2022 Andrew Hughes - 1:11.0.16.0.7-0.1.ea +- Update to jdk-11.0.16+7 +- Update release notes to 11.0.16+7 +- Switch to EA mode for 11.0.16 pre-release builds. +- Use same tarball naming style as java-17-openjdk and java-latest-openjdk +- Drop JDK-8257794 patch now upstreamed +- Print release file during build, which should now include a correct SOURCE value from .src-rev +- Update tarball script with IcedTea GitHub URL and .src-rev generation +- Use "git apply" with patches in the tarball script to allow binary diffs +- Include script to generate bug list for release notes +- Update tzdata requirement to 2022a to match JDK-8283350 +- Make use of the vendor version string to store our version & release rather than an upstream release date +- Explicitly require crypto-policies during build and runtime for system security properties +- Resolves: rhbz#2083325 + +* Fri Jul 08 2022 Andrew Hughes - 1:11.0.15.0.10-6 +- System security properties are disabled by default on portable. +- Commented out lines which are not applicable for portable. + +* Fri Jul 08 2022 Andrew Hughes - 1:11.0.15.0.10-6 +- Rebase FIPS patches from fips branch and simplify by using a single patch from that repository +- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage +- * RH2090378: Revert to disabling system security properties and FIPS mode support together +- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch +- Enable system security properties in the RPM (now disabled by default in the FIPS repo) +- Improve security properties test to check both enabled and disabled behaviour +- Run security properties test with property debugging on +- Resolves: rhbz#2099839 +- Resolves: rhbz#2100676 + +* Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:11.0.15.0.10-5 +- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode +- Resolves: rhbz#2102434 + +* Thu Jun 30 2022 Stephan Bergmann - 1:11.0.15.0.10-4 +- Fix flatpak builds by exempting them from bootstrap +- Resolves: rhbz#2067189 + +* Wed May 25 2022 Andrew Hughes - 1:11.0.15.0.10-3 +- Exclude s390x from the gdb test on RHEL 7 where we see failures with the portable build + +* Thu May 19 2022 Jiri Vanek - 1:11.0.15.0.10-2 +- to pass aqa: +- removed copy system tzdb in favour of in-tree +- removed Patch2: rh1648644-java_access_bridge_privileged_security.patch +- This is not intended to release untill we decide proper steps + +* Thu May 19 2022 Jayashree Huttanagoudar - 1:11.0.15.0.10-2 +- Added cosmetic changes to bypass a failure for s390x + +* Wed May 11 2022 Jayashree Huttanagoudar - 1:11.0.15.0.10-1 +- Update tzdata from 2021a to 2021e as in upstream rhel spec + +* Sun Apr 24 2022 Andrew Hughes - 1:11.0.15.0.10-1 +- Update to jdk-11.0.15.0+10 +- Update release notes to 11.0.15.0+10 +- Remove JDK-8284920 fix for XPath regression now it's upstreamed +- Related: rhbz#2073422 +- Resolves: rhbz#2073595 + +* Sat Apr 16 2022 Andrew Hughes - 1:11.0.15.0.9-3 +- Add JDK-8284920 fix for XPath regression +- Related: rhbz#2073422 + +* Fri Apr 15 2022 Andrew Hughes - 1:11.0.15.0.9-2 +- Remove security items from release notes that were only in 17u and N/A for 11u +- Related: rhbz#2073422 + +* Wed Apr 13 2022 Andrew Hughes - 1:11.0.15.0.9-1 +- Update to jdk-11.0.15.0+9 +- Update release notes to 11.0.15.0+9 +- Rebase RH1996182 FIPS patch after JDK-8254410 +- ** This tarball is embargoed until 2022-04-19 @ 1pm PT. ** +- Related: rhbz#2073422 +- Resolves: rhbz#2073422 + +* Tue Apr 12 2022 Andrew Hughes - 1:11.0.15.0.1-0.1.ea +- Update to jdk-11.0.15.0+1 +- Update release notes to 11.0.15.0+1 +- Switch to EA mode for 11.0.15 pre-release builds. +- Related: rhbz#2050458 + +* Mon Feb 28 2022 Andrew Hughes - 1:11.0.14.1.1-6 +- Introduce tests/tests.yml, based on the one in RHEL 8 +- Correction to the previous changelog entry +- Resolves: rhbz#2058489 + +* Mon Feb 28 2022 Andrew Hughes - 1:11.0.14.1.1-5 +- Detect NSS at runtime for FIPS detection +- Resolves: rhbz#2052827 + +* Wed Feb 23 2022 Andrew Hughes - 1:11.0.14.1.1-4 +- Add JDK-8275535 patch to fix LDAP authentication issue. +- Resolves: rhbz#2053523 + +* Thu Feb 17 2022 Andrew Hughes - 1:11.0.14.1.1-3 +- Refactor build functions so we can build just HotSpot without any attempt at installation. +- Sync gdb test with java-1.8.0-openjdk. +- Improve architecture restrictions for the gdb test. +- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment +- Explicitly list JIT architectures rather than relying on those with slowdebug builds +- Disable the serviceability agent on Zero architectures even when the architecture itself is supported +- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds +- Related: rhbz#2052834 + +* Wed Feb 16 2022 Andrew Hughes - 1:11.0.14.1.1-2 +- Fix buildjdk function to use local debuglevel and debug_symbols +- Pass debug_symbols into buildjdk function as they need to differ between builds on portable +- Move legacy-jre-image to join other targets and avoid building it for bootstrap + +* Fri Feb 11 2022 Andrew Hughes - 1:11.0.14.1.1-1 +- Update to jdk-11.0.14.1+1 +- Update release notes to 11.0.14.1+1 +- Resolves: rhbz#2052809 + +* Mon Jan 31 2022 Andrew Hughes - 1:11.0.14.0.8-6 +- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. +- Related: rhbz#2022821 + +* Fri Jan 28 2022 Andrew Hughes - 1:11.0.14.0.9-5 +- Reduce disk footprint by removing build artifacts by default. +- Related: rhbz#1999938 + +* Thu Jan 27 2022 Andrew Hughes - 1:11.0.14.0.9-4 +- Restructure the build so a minimal initial build is then used for the final build (with docs) +- This reduces pressure on the system JDK and ensures the JDK being built can do a full build +- Related: rhbz#1999938 + +* Tue Jan 18 2022 Andrew Hughes - 1:11.0.14.0.9-3 +- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent + +* Tue Jan 18 2022 Andrew Hughes - 1:11.0.14.0.9-2 +- Fix FIPS issues in native code and with initialisation of java.security.Security +- Minor correction to an old changelog entry +- Related: rhbz#2039366 + +* Mon Jan 17 2022 Andrew Hughes - 1:11.0.14.0.9-1 +- Update to jdk-11.0.14.0+9 +- Update release notes to 11.0.14.0+9 +- Switch to GA mode for final release. +- This tarball is embargoed until 2022-01-18 @ 1pm PT. +- Resolves: rhbz#2039366 + +* Fri Jan 14 2022 Andrew Hughes - 1:11.0.14.0.8-0.1.ea +- Update to jdk-11.0.14.0+8 +- Update release notes to 11.0.14.0+8 +- Resolves: rhbz#2022821 + +* Fri Jan 14 2022 Andrew Hughes - 1:11.0.14.0.1-0.1.ea +- Update to jdk-11.0.14.0+1 +- Update release notes to 11.0.14.0+1 +- Switch to EA mode for 11.0.14 pre-release builds. +- Rename blacklisted.certs to blocked.certs following JDK-8253866 +- Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034 +- Related: rhbz#2022821 + +* Fri Jan 14 2022 Andrew Hughes - 1:11.0.13.0.8-7 +- Remove explicit compiler flags which should be handled by the upstream build + (-std=gnu++98, -fno-delete-null-pointer-checks, -fno-lifetime-dse) +- Resolves: rhbz#1966234 + +* Thu Dec 23 2021 Severin Gehwolf - 1:11.0.13.0.8-6 +- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy + secmod.db file as part of NSS +- Resolves: rhbz#2023535 + +* Thu Dec 23 2021 Jiri Vanek - 1:11.0.13.0.8-5 +- Replaced hardcoded 11 by featurever where appropriate +- Fixed comment of `for slowdebug` to correct `any debug` +- Related: rhbz#2022821 + +* Fri Dec 17 2021 Jayashree Huttanagoudar - 1:11.0.13.0.8-4 +- Added rh1991003-enable_fips_keys_import.patch + +* Mon Nov 22 2021 Jayashree Huttanagoudar - 1:11.0.13.0.8-3 +- Fixed bogus date warnings. + +* Mon Oct 25 2021 Jiri Vanek - 1:11.0.13.0.8-2 +- cacerts symlink is resolved before passed to configure +- https://issues.redhat.com/browse/OPENJDK-487 + +* Wed Oct 13 2021 Andrew Hughes - 1:11.0.13.0.8-1 +- Update to jdk-11.0.13.0+8 +- Update release notes to 11.0.13.0+8 +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-10-19 @ 1pm PT. +- Update release notes to 11.0.13.0+7 +- Remove non-Free test from source tarball. +- Drop JDK-8269668 patch which is now applied upstream. +- Related: rhbz#2011826 +- Resolves: rhbz#2012334 + +* Mon Oct 11 2021 Jiri Vanek - 1:11.0.12.0.7-14 +- Disable FIPS mode detection using NSS in favour of using /proc/sys/crypto/fips_enabled for now, so we don't link against NSS +- effectively disabled Patch1008: rh1929465-improve_system_FIPS_detection.patch by settng --enable-sysconf-nss to --disable-sysconf-nss +- the enable-sysconf-nss was bringing in hard depndence on nss. Without nss, even in non fips, jvm had not even started + +* Mon Oct 04 2021 Jiri Vanek - 1:11.0.12.0.7-13 +- fixed bugzilla component. It was pointing to java-x-vendor-portable due to recent rename + +* Thu Sep 30 2021 Jiri Vanek - 1:11.0.12.0.7-12 +- added and enabled fips patches and nss.fips.cfg +- source17: nss.fips.cfg.in,patch1001: rh1655466-global_crypto_and_fips.patch + patch1002: rh1818909-fips_default_keystore_type.patch patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch + patch1007: rh1915071-always_initialise_configurator_access.patch patch1008: rh1929465-improve_system_FIPS_detection.patch + patch1009: rh1996182-login_to_nss_software_token.patch patch1010: rh1996182-extend_security_policy.patch + +* Mon Sep 20 2021 Jiri Vanek - 1:11.0.12.0.7-11 +- enable long time commented out patch1,patch2,patch4,patch7,patch1000 + +* Wed Sep 08 2021 Jiri Vanek - 1:11.0.12.0.7-9 +- add and used patch8 jdk8269668-rh1977671-aarch64_lib_path_fix.patch +- change STATIC_LIBS_HOME variable to expand correctly to fix build issues + +* Wed Sep 08 2021 Jiri Vanek - 1:11.0.12.0.7-8 +- Added and used source15 TestSecurityProperties.java + +* Wed Sep 08 2021 Jiri Vanek - 1:11.0.12.0.7-7 +- added dummy palceholder empty (with comment) files to keep track with rpms +- added define _lto_cflags %%{nil} + +* Wed Sep 08 2021 Jiri Vanek - 1:11.0.12.0.7-6 +- cosmetic changes whcih may have small effect to code +- added include_staticlibs switch +- reversed build loop to debug first +- reordered subpackages +- used the dummy requires/provides + +* Wed Sep 08 2021 Jiri Vanek - 1:11.0.12.0.7-5 +- cosmetic changes without efect on code + +* Mon Aug 16 2021 Jiri Vanek - 1:11.0.12.0.7-4 +- renamed to java-11-openjdk-portable +- adapted pacakges to not contain double portbale in name + +* Mon Aug 02 2021 Severin Gehwolf - 1:11.0.12.0.7-3 +- Update static-libs packaging to new layout + +* Wed Jul 21 2021 Severin Gehwolf - 1:11.0.12.0.7-2 +- Disable stripping of debug symbols for static libraries part of + the -static-libs sub-package. + +* Tue Jul 20 2021 Severin Gehwolf - 1:11.0.12.0.7-1 +- Build static-libs-image and package resulting files via -static-libs + sub-package. + +* Tue Jul 13 2021 Andrew Hughes - 1:11.0.12.0.7-0 +- Update to jdk-11.0.12.0+7 +- Update release notes to 11.0.12.0+7 +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-07-20 @ 1pm PT. +- Resolves: rhbz#1972395 + +* Mon Jun 28 2021 Andrew Hughes - 1:11.0.12.0.1-0.0.ea +- Update to jdk-11.0.12.0+1 +- Update release notes to 11.0.12.0+1 +- Switch to EA mode for 11.0.12 pre-release builds. +- Resolves: rhbz#1967374 + +* Mon Apr 12 2021 Andrew Hughes - 1:11.0.11.0.9-0 +- Update to jdk-11.0.11.0+9 +- Update release notes to 11.0.11.0+9 +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-04-20 @ 1pm PT. +- Resolves: rhbz#1940228 + +* Sun Apr 11 2021 Andrew Hughes - 1:11.0.11.0.7-0.0.ea +- Update to jdk-11.0.11.0+7 +- Update release notes to 11.0.11.0+7 +- Resolves: rhbz#1938082 + +* Fri Apr 09 2021 Andrew Hughes - 1:11.0.11.0.6-0.0.ea +- Update to jdk-11.0.11.0+6 +- Update release notes to 11.0.11.0+6 +- Resolves: rhbz#1938082 + +* Tue Apr 06 2021 Andrew Hughes - 1:11.0.11.0.5-0.0.ea +- Update to jdk-11.0.11.0+5 +- Update release notes to 11.0.11.0+5 +- Resolves: rhbz#1938082 + +* Mon Mar 29 2021 Andrew Hughes - 1:11.0.11.0.4-0.0.ea +- Update to jdk-11.0.11.0+4 +- Update release notes to 11.0.11.0+4 +- Resolves: rhbz#1938082 + +* Fri Mar 19 2021 Jayashree Huttanagoudar - 1:11.0.11.0.3-0.2.ea +- Fix issue where CheckVendor.java test erroneously passes when it should fail. +- Add proper quoting so '&' is not treated as a special character by the shell. + +* Tue Mar 16 2021 Jayashree Huttanagoudar - 1:11.0.11.0.3-0.1.ea +- Fix for debug symbols check. + +* Mon Mar 08 2021 Andrew Hughes - 1:11.0.11.0.3-0.0.ea +- Update to jdk-11.0.11.0+3 +- Update release notes to 11.0.11.0+3 + +* Tue Mar 02 2021 Andrew Hughes - 1:11.0.11.0.2-0.0.ea +- Update to jdk-11.0.11.0+2 +- Update release notes to 11.0.11.0+2 + +* Sun Feb 21 2021 Jayashree Huttanagoudar - 1:11.0.11.0.1-0.0.ea +- Add comment for tzdata-java + +* Sun Feb 21 2021 Andrew Hughes - 1:11.0.11.0.1-0.0.ea +- Update to jdk-11.0.11.0+1 +- Update release notes to 11.0.11.0+1 +- Switch to EA mode for 11.0.11 pre-release builds + +* Thu Feb 18 2021 Jayashree Huttanagoudar - 1:11.0.10.0.9-3 +- Changes to replace boot-jdk from embeded-java to java-unsafe +- update tzdata-java from 2020b to 2021a + +* Fri Feb 05 2021 Jayashree Huttanagoudar - 1:11.0.10.0.9-2 +- Changes to generate sha256sum for each linux-portable build artifacts inside RPM + +* Mon Jan 25 2021 Andrew Hughes - 1:11.0.10.0.9-1 +- Fix debug and fastdebug descriptions to emphasise the difference is optimisation or no optimisation. +- Cleanup package descriptions and version number placement. +- Resolves: rhbz#1908972 + +* Mon Jan 25 2021 Jiri Vanek - 1:11.0.10.0.9-1 +- Removed lib-style provides for fastdebug_suffix_unquoted +- Fixed missing condition for fastdebug packages being counted as debug ones +- Fix typo in variable +- Resolves: rhbz#1908972 + +* Fri Jan 15 2021 Andrew Hughes - 1:11.0.10.0.9-0 +- Update to jdk-11.0.10.0+9 +- Update release notes to 11.0.10.0+9 +- Switch to GA mode for final release. +- This tarball is embargoed until 2021-01-19 @ 1pm PT. +- Resolves: rhbz#1908970 + +* Fri Jan 15 2021 Jayashree Huttanagoudar - 1:11.0.10.0.8-0.0.ea +- Drop JDK-8222527 as applied upstream at the time of jdk-11.0.10.0+5 + +* Fri Jan 15 2021 Andrew Hughes - 1:11.0.10.0.8-0.0.ea +- Update to jdk-11.0.10.0+8 +- Update release notes to 11.0.10.0+8. +- Update tarball generation script to use PR3818 which handles JDK-8171279 changes +- Drop JDK-8250861 as applied upstream. +- Resolves: rhbz#1903908 + +* Fri Jan 15 2021 Andrew Hughes - 1:11.0.10.0.1-0.1.ea +- Update release notes for 11.0.9.1 release. +- Resolves: rhbz#1895274 + +* Thu Jan 14 2021 Andrew Hughes - 1:11.0.10.0.1-0.0.ea +- Completely revert hacks from previous release, using buildver in configure and tzdata 2020b +- Resolves: rhbz#1903907 + +* Thu Jan 14 2021 Andrew Hughes - 1:11.0.10.0.1-0.0.ea +- Add new Harfbuzz library to package listing and _privatelibs +- Resolves: rhbz#1903907 + +* Thu Jan 14 2021 Andrew John Hughes - 1:11.0.10.0.1-0.0.ea +- Update to jdk-11.0.10.0+1 +- Update release notes to 11.0.10.0+1 +- Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly. +- Still use 11.0.x rather than 11.0.x.0 for file naming, as the trailing zero is omitted from tags. +- Switch to EA mode for 11.0.10 pre-release builds. +- Drop JDK-8222286 & JDK-8254177 as applied upstream +- Explicitly request bundled Harfbuzz (too risky to change this so late in the RHEL 7 lifecycle) +- Resolves: rhbz#1903907 + +* Wed Jan 13 2021 Andrew Hughes - 1:11.0.9.11-7 +- Introduced ssbd_arches to denote architectures with SSBD mitigation (currently only x86_64) +- Introduced nm-based check to verify alt-java on ssbd_arches is patched, and no other alt-java or java binaries are patched +- RH1750419 patch amended to emit a warning on architectures where alt-java is the same as java +- Resolves: rhbz#1901695 + +* Wed Jan 13 2021 Jiri Vanek - 1:11.0.9.11-7 +- Redefined linux -> __linux__ and __x86_64 -> __x86_64__ in RH1750419 patch +- Resolves: rhbz#1901695 + +* Mon Jan 11 2021 Jiri Vanek - 1:11.0.9.11-6 +- Removed patch6: rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch +- Added patch600: rh1750419-redhat_alt_java.patch, surpassing removed patch +- No longer copy java->alt-java as it is created by patch600 +- Resolves: rhbz#1901695 + +* Mon Jan 11 2021 Andrew Hughes - 1:11.0.9.11-5 +- Add backport of JDK-8222537 so the Host header is sent when using proxies. +- Resolves: rhbz#1869530 + +* Mon Dec 21 2020 Jayashree Huttanagoudar - 1:11.0.9.11-4 +- Align fastdebug/slowdebug changes with upstream rhel-8.4.0 spec +- Included patch to handle '--without fastdebug' option to mockbuild + +* Tue Dec 01 2020 Jiri Vanek - 1:11.0.9.11-3 +- added br of listdc++-static +- removed patch1001 rhel6-build.patch +- removed patch1002 zgc_jdk11_compiler_fixes.patch +- initial on-el7 build (more tuning expected) + +* Wed Nov 04 2020 Severin Gehwolf - 1:11.0.9.11-2 +- Update to jdk-11.0.9.1+1 +- RPM version stays at 11.0.9.11 so as to not break upgrade path. +- Adds a single patch for JDK-8250861. +- Resolves: rhbz#1895274 + +* Tue Oct 20 2020 Jayashree Huttanagoudar - 1:11.0.9.11-1 +- Added patch to apply tzdata 2020b + +* Thu Oct 15 2020 Andrew Hughes - 1:11.0.9.11-0 +- Update to jdk-11.0.9+11 +- Update release notes for 11.0.9 release. +- Add backport of JDK-8254177 to update to tzdata 2020b +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Delay tzdata 2020b dependency until tzdata update has shipped. +- This tarball is embargoed until 2020-10-20 @ 1pm PT. +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Andrew Hughes - 1:11.0.9.10-0.3.ea +- Improve quoting of vendor name +- Resolves: rhbz#1883849 + +* Wed Oct 14 2020 Jiri Vanek - 1:11.0.9.10-0.2.ea +- Set vendor property and vendor URLs +- Made URLs to be preconfigured by OS +- Moved vendor_version_string to a better place +- Resolves: rhbz#1883849 + +* Tue Oct 13 2020 Andrew Hughes - 1:11.0.9.10-0.1.ea +- Update to jdk-11.0.9+10 (EA) +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:11.0.9.9-0.1.ea +- Update to jdk-11.0.9+9 (EA) +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:11.0.9.8-0.1.ea +- Update to jdk-11.0.9+8 (EA) +- Remove JDK-8252258/RH1868406 now applied upstream. +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:11.0.9.7-0.1.ea +- Update to jdk-11.0.9+7 (EA) +- Resolves: rhbz#1876665 + +* Tue Sep 29 2020 Andrew Hughes - 1:11.0.9.6-0.1.ea +- Add JDK-8252258 to return default vendor to the original value of 'Oracle Corporation' +- Include a test in the RPM to check the build has the correct vendor information. +- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. +- Resolves: rhbz#1876665 + +* Fri Sep 25 2020 Andrew Hughes - 1:11.0.9.6-0.0.ea +- Update to jdk-11.0.9+6 (EA) + +* Thu Sep 24 2020 Jayashree Huttanagoudar - 1:11.0.9.5-0.1.ea +- Changing the spec file to have one single debuginfo bundle. +- Because contents of these bundles are almost identical. + +* Tue Sep 08 2020 Andrew Hughes - 1:11.0.9.5-0.0.ea +- Update to jdk-11.0.9+5 (EA) + +* Thu Sep 03 2020 Andrew Hughes - 1:11.0.9.4-0.0.ea +- Update to jdk-11.0.9+4 (EA) + +* Wed Aug 19 2020 Andrew Hughes - 1:11.0.9.3-0.0.ea +- Update to jdk-11.0.9+3 (EA) + +* Wed Aug 12 2020 Andrew Hughes - 1:11.0.9.2-0.1.ea +- Following JDK-8005165, class data sharing can be enabled on all JIT architectures +- Synchronise architecture group documentation with Fedora + +* Tue Aug 11 2020 Andrew Hughes - 1:11.0.9.2-0.0.ea +- Update to jdk-11.0.9+2 (EA) +- With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly + +* Tue Aug 11 2020 Andrew Hughes - 1:11.0.9.1-0.2.ea +- Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah. + +* Fri Aug 07 2020 Andrew Hughes - 1:11.0.9.1-0.1.ea +- Update to shenandoah-jdk-11.0.9+1 (EA) +- Switch to EA mode for 11.0.9 pre-release builds. +- Drop JDK-8227269 & JDK-8241750 backports now applied upstream. + +* Sat Jul 11 2020 Andrew Hughes - 1:11.0.8.10-0 +- Update to shenandoah-jdk-11.0.8+10 (GA) +- Switch to GA mode for final release. +- Update release notes with last minute fix (JDK-8248505). +- This tarball is embargoed until 2020-07-14 @ 1pm PT. +- Resolves: rhbz#1838811 + +* Fri Jul 10 2020 Andrew Hughes - 1:11.0.8.9-0.0.ea +- Update to shenandoah-jdk-11.0.8+9 (EA) +- Update release notes for 11.0.8 release. +- This tarball is embargoed until 2020-07-14 @ 1pm PT. +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:11.0.8.8-0.1.ea +- java-11-openjdk doesn't have a JRE tree, so don't try and copy alt-java there... +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Jiri Vanek - 1:11.0.8.8-0.0.ea +- Create a copy of java as alt-java with alternatives and man pages +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:11.0.8.8-0.0.ea +- Update to shenandoah-jdk-11.0.8+8 (EA) +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:11.0.8.7-0.0.ea +- Update to shenandoah-jdk-11.0.8+7 (EA) +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:11.0.8.6-0.0.ea +- Update to shenandoah-jdk-11.0.8+6 (EA) +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:11.0.8.5-0.0.ea +- Update to shenandoah-jdk-11.0.8+5 (EA) +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:11.0.8.4-0.0.ea +- Update to shenandoah-jdk-11.0.8+4 (EA) +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:11.0.8.3-0.0.ea +- Update to shenandoah-jdk-11.0.8+3 (EA) +- Resolves: rhbz#1838811 + +* Tue Jun 02 2020 Andrew Hughes - 1:11.0.8.2-0.1.ea +- Update to shenandoah-jdk-11.0.8+2 (EA) +- Resolves: rhbz#1838811 + +* Mon May 25 2020 Andrew Hughes - 1:11.0.8.1-0.1.ea +- Update to shenandoah-jdk-11.0.8+1 (EA) +- Switch to EA mode for 11.0.8 pre-release builds. +- Drop JDK-8228407 backports now applied upstream. +- Resolves: rhbz#1838811 + +* Sat May 23 2020 Andrew John Hughes - 1:11.0.7.10-7 +- Add backports of JDK-8227269 & JDK-8241750 to resolve slow class loading with JDWP enabled. +- Resolves: rhbz#1826915 + +* Wed Apr 15 2020 Andrew Hughes - 1:11.0.7.10-1 +- Add JDK-8228407 backport to resolve crashes during verification. +- Resolves: rhbz#1810557 + +* Tue Apr 14 2020 Andrew Hughes - 1:11.0.7.10-1 +- Amend release notes, removing issue actually fixed in 11.0.6. +- Resolves: rhbz#1810557 + +* Tue Apr 14 2020 Andrew Hughes - 1:11.0.7.10-1 +- Re-apply --with-extra-asflags as crash was not due to this. +- Resolves: rhbz#1810557 + +* Mon Apr 13 2020 Andrew Hughes - 1:11.0.7.10-1 +- Add release notes. +- Resolves: rhbz#1810557 + +* Tue Mar 31 2020 Andrew Hughes - 1:11.0.7.10-0 +- Update to shenandoah-jdk-11.0.7+10 (GA) +- Switch to GA mode for final release. +- Resolves: rhbz#1810557 + +* Sat Mar 28 2020 Andrew Hughes - 1:11.0.7.9-0.0.ea +- Update to shenandoah-jdk-11.0.7+9 (EA) +- Resolves: rhbz#1810557 + +* Sat Mar 28 2020 Andrew Hughes - 1:11.0.7.8-0.0.ea +- Update to shenandoah-jdk-11.0.7+8 (EA) +- Resolves: rhbz#1810557 + +* Sat Mar 28 2020 Andrew Hughes - 1:11.0.7.7-0.0.ea +- Update to shenandoah-jdk-11.0.7+7 (EA) +- Resolves: rhbz#1810557 + +* Mon Mar 16 2020 Andrew Hughes - 1:11.0.7.6-0.0.ea +- Update to shenandoah-jdk-11.0.7+6 (EA) +- Resolves: rhbz#1810557 + +* Sun Mar 15 2020 Andrew Hughes - 1:11.0.7.5-0.0.ea +- Update to shenandoah-jdk-11.0.7+5 (EA) +- Resolves: rhbz#1810557 + +* Fri Feb 28 2020 Andrew Hughes - 1:11.0.7.4-0.0.ea +- Update to shenandoah-jdk-11.0.7+4 (EA) +- Resolves: rhbz#1810557 + +* Tue Feb 18 2020 Andrew Hughes - 1:11.0.7.3-0.0.ea +- Update to shenandoah-jdk-11.0.7+3 (EA) +- Resolves: rhbz#1810557 + +* Sun Feb 16 2020 Andrew Hughes - 1:11.0.7.2-0.0.ea +- Update to shenandoah-jdk-11.0.7+2 (EA) +- Resolves: rhbz#1810557 + +* Sun Feb 16 2020 Andrew Hughes - 1:11.0.7.1-0.0.ea +- Update to shenandoah-jdk-11.0.7+1 (EA) +- Switch to EA mode for 11.0.7 pre-release builds. +- Drop JDK-8236039 backport now applied upstream. +- Resolves: rhbz#1810557 + +* Sat Feb 15 2020 Jiri Vanek - 1:11.0.6.10-2 +- get rid of openjdkportable in favour of el + +* Sat Feb 15 2020 Jiri Vanek - 1:11.0.6.10-1 +- renamed static to more accurate portable + +* Sat Feb 15 2020 Jiri Vanek - 1:11.0.6.10-1 +- added support for jre via legacy-jre-image + +* Tue Oct 15 2019 Andrew Hughes - 1:11.0.6.10-0 +- Update to shenandoah-jdk-11.0.5+10 (GA) +- Switch to GA mode for final release. +- Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. +- Drop JDK-8223482 which is included upstream in 11.0.5+1. + +* Mon Oct 07 2019 Jiri Vanek - 1:11.0.5.2-0.0.ea +- Update to shenandoah-jdk-11.0.5+2 (EA) + +* Wed Jul 31 2019 Jiri Vanek - 1:11.0.4.11-5 +- for release, build debugsymbols to special archive + +* Tue Jul 23 2019 Jiri Vanek - 1:11.0.4.11-4 +- filtered out -g from extra flags + +* Fri Jul 19 2019 Jiri Vanek - 1:11.0.4.11-3 +- Moved to with-stdcpplib=static + +* Tue Jul 09 2019 Andrew Hughes - 1:11.0.4.11-2 +- Drop NSS runtime dependencies and patches to link against it. +- Resolves: rhbz#1678554 + +* Tue Jul 09 2019 Andrew Hughes - 1:11.0.4.11-1 +- Update to shenandoah-jdk-11.0.4+11 (GA) +- Switch to GA mode for final release. +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:11.0.4.10-0.1.ea +- Update to shenandoah-jdk-11.0.4+10 (EA) +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:11.0.4.9-0.1.ea +- Update to shenandoah-jdk-11.0.4+9 (EA) +- Resolves: rhbz#1724452 + +* Mon Jul 08 2019 Andrew Hughes - 1:11.0.4.8-0.1.ea +- Update to shenandoah-jdk-11.0.4+8 (EA) +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew John Hughes - 1:11.0.4.7-0.2.ea +- fontconfig build requirement should be fontconfig-devel, previously masked by Gtk3+ dependency +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew John Hughes - 1:11.0.4.7-0.2.ea +- Add missing build requirement for libXrandr-devel, previously masked by Gtk3+ dependency +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew John Hughes - 1:11.0.4.7-0.2.ea +- Add missing build requirement for libXrender-devel, previously masked by Gtk3+ dependency +- Resolves: rhbz#1724452 + +* Sun Jul 07 2019 Andrew Hughes - 1:11.0.4.7-0.1.ea +- Update to shenandoah-jdk-11.0.4+7 (EA) +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Andrew Hughes - 1:11.0.4.6-0.1.ea +- Obsolete javadoc-debug and javadoc-debug-zip packages via javadoc and javadoc-zip respectively. +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Andrew Hughes - 1:11.0.4.6-0.1.ea +- Update to shenandoah-jdk-11.0.4+6 (EA) +- Resolves: rhbz#1724452 + +* Wed Jul 03 2019 Andrew Hughes - 1:11.0.4.5-0.1.ea +- Update to shenandoah-jdk-11.0.4+5 (EA) +- Resolves: rhbz#1724452 + +* Tue Jul 02 2019 Andrew Hughes - 1:11.0.4.4-0.1.ea +- Update to shenandoah-jdk-11.0.4+4 (EA) +- Resolves: rhbz#1724452 + +* Mon Jul 01 2019 Andrew Hughes - 1:11.0.4.3-0.1.ea +- Update to shenandoah-jdk-11.0.4+3 (EA) +- Resolves: rhbz#1724452 + +* Sun Jun 30 2019 Andrew John Hughes - 1:11.0.4.2-0.1.ea +- Update to shenandoah-jdk-11.0.4+2 (EA) +- Resolves: rhbz#1724452 + +* Fri Jun 21 2019 Severin Gehwolf - 1:11.0.4.2-0.1.ea +- Package jspawnhelper (see JDK-8220360). +- Resolves: rhbz#1724452 + +* Fri Jun 21 2019 Severin Gehwolf - 1:11.0.3.7-5 +- Include 'ea' designator in Release when appropriate. +- Resolves: rhbz#1724452 + +* Wed May 22 2019 Andrew Hughes - 1:11.0.3.7-5 +- Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. +- Resolves: rhbz#1724452 + +* Thu Apr 25 2019 Severin Gehwolf - 1:11.0.3.7-4 +- Don't build the test images needlessly. +- Don't produce javadoc/javadoc-zip sub packages for the debug variant build. +- Don't perform a bootcycle build for the debug variant build. +- Resolves: rhbz#1724452 + +* Wed Apr 24 2019 Severin Gehwolf - 1:11.0.3.7-3 +- Do not generate lib-style requires for -slowdebug subpackages. +- Resolves: rhbz#1693468 + +* Sun Apr 07 2019 Andrew Hughes - 1:11.0.3.7-0 +- Update to shenandoah-jdk-11.0.3+7 (April 2019 GA) +- Resolves: rhbz#1693468 + +* Sat Apr 06 2019 Andrew Hughes - 1:11.0.3.6-0 +- Update to shenandoah-jdk-11.0.3+6 (April 2019 EA) +- Drop JDK-8210416/RH1632174 applied upstream. +- Drop JDK-8210425/RH1632174 applied upstream. +- Drop JDK-8210647/RH1632174 applied upstream. +- Drop JDK-8210761/RH1632174 applied upstream. +- Drop JDK-8210703/RH1632174 applied upstream. +- Add cast to resolve s390 ambiguity in call to log2_intptr +- Resolves: rhbz#1693468 + +* Thu Mar 21 2019 Severin Gehwolf - 1:11.0.2.7-3 +- Add patch for RH1566890 +- Resolves: rhbz#1693468 + +* Tue Mar 12 2019 Jiri Vanek - 1:11.0.2.7-2 +- name adapted to current tag + +* Tue Feb 26 2019 Jiri Vanek - 1:11.0.2.7-2 +- cripled rpms original specto roduce only portable build +- Resolves: rhbz#1661577 diff --git a/SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch b/SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch new file mode 100644 index 0000000..a6192a4 --- /dev/null +++ b/SOURCES/jdk8242332-rh2108712-sha3-sunpkcs11.patch @@ -0,0 +1,2731 @@ +commit 81c2107a9188680f7c35ebc7697b292d5972436e +Author: Andrew Hughes +Date: Mon Feb 27 13:22:43 2023 +0000 + + Backport 78be334c3817a1b5840922a9bf1339a40dcc5185 + +diff --git a/src/java.base/share/classes/sun/security/util/KnownOIDs.java b/src/java.base/share/classes/sun/security/util/KnownOIDs.java +index 92ecb9adc0c..a5848c96aad 100644 +--- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java ++++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java +@@ -155,6 +155,14 @@ public enum KnownOIDs { + SHA256withDSA("2.16.840.1.101.3.4.3.2"), + SHA384withDSA("2.16.840.1.101.3.4.3.3"), + SHA512withDSA("2.16.840.1.101.3.4.3.4"), ++ SHA3_224withDSA("2.16.840.1.101.3.4.3.5", "SHA3-224withDSA"), ++ SHA3_256withDSA("2.16.840.1.101.3.4.3.6", "SHA3-256withDSA"), ++ SHA3_384withDSA("2.16.840.1.101.3.4.3.7", "SHA3-384withDSA"), ++ SHA3_512withDSA("2.16.840.1.101.3.4.3.8", "SHA3-512withDSA"), ++ SHA3_224withECDSA("2.16.840.1.101.3.4.3.9", "SHA3-224withECDSA"), ++ SHA3_256withECDSA("2.16.840.1.101.3.4.3.10", "SHA3-256withECDSA"), ++ SHA3_384withECDSA("2.16.840.1.101.3.4.3.11", "SHA3-384withECDSA"), ++ SHA3_512withECDSA("2.16.840.1.101.3.4.3.12", "SHA3-512withECDSA"), + SHA3_224withRSA("2.16.840.1.101.3.4.3.13", "SHA3-224withRSA"), + SHA3_256withRSA("2.16.840.1.101.3.4.3.14", "SHA3-256withRSA"), + SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"), +diff --git a/src/java.base/share/classes/sun/security/util/SignatureUtil.java b/src/java.base/share/classes/sun/security/util/SignatureUtil.java +index 32c089fd96d..7d5c0c7e299 100644 +--- a/src/java.base/share/classes/sun/security/util/SignatureUtil.java ++++ b/src/java.base/share/classes/sun/security/util/SignatureUtil.java +@@ -168,4 +168,22 @@ public class SignatureUtil { + InvalidKeyException { + SharedSecrets.getJavaSecuritySignatureAccess().initSign(s, key, params, sr); + } ++ ++ /** ++ * Extracts the digest algorithm name from a signature ++ * algorithm name in either the "DIGESTwithENCRYPTION" or the ++ * "DIGESTwithENCRYPTIONandWHATEVER" format. ++ * ++ * It's OK to return "SHA1" instead of "SHA-1". ++ */ ++ public static String extractDigestAlgFromDwithE(String signatureAlgorithm) { ++ signatureAlgorithm = signatureAlgorithm.toUpperCase(Locale.ENGLISH); ++ int with = signatureAlgorithm.indexOf("WITH"); ++ if (with > 0) { ++ return signatureAlgorithm.substring(0, with); ++ } else { ++ throw new IllegalArgumentException( ++ "Unknown algorithm: " + signatureAlgorithm); ++ } ++ } + } +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java +index 41fe61b8a16..daf0bc9f69c 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Digest.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -41,7 +41,8 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + + /** + * MessageDigest implementation class. This class currently supports +- * MD2, MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. ++ * MD2, MD5, SHA-1, SHA-2 family (SHA-224, SHA-256, SHA-384, and SHA-512) ++ * and SHA-3 family (SHA3-224, SHA3-256, SHA3-384, and SHA3-512) of digests. + * + * Note that many digest operations are on fairly small amounts of data + * (less than 100 bytes total). For example, the 2nd hashing in HMAC or +@@ -104,16 +105,20 @@ final class P11Digest extends MessageDigestSpi implements Cloneable, + break; + case (int)CKM_SHA224: + case (int)CKM_SHA512_224: ++ case (int)CKM_SHA3_224: + digestLength = 28; + break; + case (int)CKM_SHA256: + case (int)CKM_SHA512_256: ++ case (int)CKM_SHA3_256: + digestLength = 32; + break; + case (int)CKM_SHA384: ++ case (int)CKM_SHA3_384: + digestLength = 48; + break; + case (int)CKM_SHA512: ++ case (int)CKM_SHA3_512: + digestLength = 64; + break; + default: +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java +index 926414608cb..f343e6025e1 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyGenerator.java +@@ -36,7 +36,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + + /** + * KeyGenerator implementation class. This class currently supports +- * DES, DESede, AES, ARCFOUR, and Blowfish. ++ * DES, DESede, AES, ARCFOUR, Blowfish, Hmac using MD5, SHA, SHA-2 family ++ * (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256), and SHA-3 ++ * family (SHA3-224, SHA3-256, SHA3-384, SHA3-512) of digests. + * + * @author Andreas Sterbenz + * @since 1.5 +@@ -65,6 +67,48 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + // are supported. + private boolean supportBothKeySizes; + ++ // for determining if the specified key size is valid ++ private final CK_MECHANISM_INFO range; ++ ++ // utility method for query the native key sizes and enforcing the ++ // java-specific lower limit; returned values are in bits ++ private static CK_MECHANISM_INFO getSupportedRange(Token token, ++ long mech) throws ProviderException { ++ // No need to query for fix-length algorithms ++ if (mech == CKM_DES_KEY_GEN || mech == CKM_DES2_KEY_GEN || ++ mech == CKM_DES3_KEY_GEN) { ++ return null; ++ } ++ ++ // Explicitly disallow keys shorter than 40-bits for security ++ int lower = 40; ++ int upper = Integer.MAX_VALUE; ++ try { ++ CK_MECHANISM_INFO info = token.getMechanismInfo(mech); ++ if (info != null) { ++ boolean isBytes = ((mech != CKM_GENERIC_SECRET_KEY_GEN ++ && mech != CKM_RC4_KEY_GEN) || info.iMinKeySize < 8); ++ lower = Math.max(lower, (isBytes? ++ Math.multiplyExact(info.iMinKeySize, 8) : ++ info.iMinKeySize)); ++ // NSS CKM_GENERIC_SECRET_KEY_GEN mech info is not precise; ++ // its upper limit is too low and does not match its impl ++ if (mech == CKM_GENERIC_SECRET_KEY_GEN && ++ info.iMaxKeySize <= 32) { ++ // ignore and leave upper limit at MAX_VALUE; ++ } else if (info.iMaxKeySize != Integer.MAX_VALUE) { ++ upper = (isBytes? ++ Math.multiplyExact(info.iMaxKeySize, 8) : ++ info.iMaxKeySize); ++ } ++ } ++ } catch (PKCS11Exception p11e) { ++ // Should never happen ++ throw new ProviderException("Cannot retrieve mechanism info", p11e); ++ } ++ return new CK_MECHANISM_INFO(lower, upper, 0 /* flags not used */); ++ } ++ + /** + * Utility method for checking if the specified key size is valid + * and within the supported range. Return the significant key size +@@ -78,8 +122,15 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + * @throws ProviderException if this mechanism isn't supported by SunPKCS11 + * or underlying native impl. + */ ++ // called by P11SecretKeyFactory to check key size + static int checkKeySize(long keyGenMech, int keySize, Token token) + throws InvalidAlgorithmParameterException, ProviderException { ++ CK_MECHANISM_INFO range = getSupportedRange(token, keyGenMech); ++ return checkKeySize(keyGenMech, keySize, range); ++ } ++ ++ private static int checkKeySize(long keyGenMech, int keySize, ++ CK_MECHANISM_INFO range) throws InvalidAlgorithmParameterException { + int sigKeySize; + switch ((int)keyGenMech) { + case (int)CKM_DES_KEY_GEN: +@@ -102,45 +153,17 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + break; + default: + // Handle all variable-key-length algorithms here +- CK_MECHANISM_INFO info = null; +- try { +- info = token.getMechanismInfo(keyGenMech); +- } catch (PKCS11Exception p11e) { +- // Should never happen +- throw new ProviderException +- ("Cannot retrieve mechanism info", p11e); +- } +- if (info == null) { +- // XXX Unable to retrieve the supported key length from +- // the underlying native impl. Skip the checking for now. +- return keySize; +- } +- // PKCS#11 defines these to be in number of bytes except for +- // RC4 which is in bits. However, some PKCS#11 impls still use +- // bytes for all mechs, e.g. NSS. We try to detect this +- // inconsistency if the minKeySize seems unreasonably small. +- int minKeySize = info.iMinKeySize; +- int maxKeySize = info.iMaxKeySize; +- if (keyGenMech != CKM_RC4_KEY_GEN || minKeySize < 8) { +- minKeySize = Math.multiplyExact(minKeySize, 8); +- if (maxKeySize != Integer.MAX_VALUE) { +- maxKeySize = Math.multiplyExact(maxKeySize, 8); +- } +- } +- // Explicitly disallow keys shorter than 40-bits for security +- if (minKeySize < 40) minKeySize = 40; +- if (keySize < minKeySize || keySize > maxKeySize) { ++ if (range != null && keySize < range.iMinKeySize ++ || keySize > range.iMaxKeySize) { + throw new InvalidAlgorithmParameterException +- ("Key length must be between " + minKeySize + +- " and " + maxKeySize + " bits"); ++ ("Key length must be between " + range.iMinKeySize + ++ " and " + range.iMaxKeySize + " bits"); + } + if (keyGenMech == CKM_AES_KEY_GEN) { + if ((keySize != 128) && (keySize != 192) && + (keySize != 256)) { + throw new InvalidAlgorithmParameterException +- ("AES key length must be " + minKeySize + +- (maxKeySize >= 192? ", 192":"") + +- (maxKeySize >= 256? ", or 256":"") + " bits"); ++ ("AES key length must be 128, 192, or 256 bits"); + } + } + sigKeySize = keySize; +@@ -148,6 +171,20 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + return sigKeySize; + } + ++ // check the supplied keysize (in bits) and adjust it based on the given ++ // range ++ private static int adjustKeySize(int ks, CK_MECHANISM_INFO mi) { ++ // adjust to fit within the supported range ++ if (mi != null) { ++ if (ks < mi.iMinKeySize) { ++ ks = mi.iMinKeySize; ++ } else if (ks > mi.iMaxKeySize) { ++ ks = mi.iMaxKeySize; ++ } ++ } ++ return ks; ++ } ++ + P11KeyGenerator(Token token, String algorithm, long mechanism) + throws PKCS11Exception { + super(); +@@ -164,54 +201,140 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + (token.provider.config.isEnabled(CKM_DES2_KEY_GEN) && + (token.getMechanismInfo(CKM_DES2_KEY_GEN) != null)); + } +- setDefaultKeySize(); ++ this.range = getSupportedRange(token, mechanism); ++ setDefault(); + } + +- // set default keysize and also initialize keyType +- private void setDefaultKeySize() { ++ // set default keysize and keyType ++ private void setDefault() { ++ significantKeySize = -1; + switch ((int)mechanism) { + case (int)CKM_DES_KEY_GEN: + keySize = 64; + keyType = CKK_DES; ++ significantKeySize = 56; + break; + case (int)CKM_DES2_KEY_GEN: + keySize = 128; + keyType = CKK_DES2; ++ significantKeySize = 112; + break; + case (int)CKM_DES3_KEY_GEN: + keySize = 192; + keyType = CKK_DES3; ++ significantKeySize = 168; + break; + case (int)CKM_AES_KEY_GEN: +- keySize = 128; ++ keySize = adjustKeySize(128, range); + keyType = CKK_AES; + break; + case (int)CKM_RC4_KEY_GEN: +- keySize = 128; ++ keySize = adjustKeySize(128, range); + keyType = CKK_RC4; + break; + case (int)CKM_BLOWFISH_KEY_GEN: +- keySize = 128; ++ keySize = adjustKeySize(128, range); + keyType = CKK_BLOWFISH; + break; + case (int)CKM_CHACHA20_KEY_GEN: + keySize = 256; + keyType = CKK_CHACHA20; + break; ++ case (int)CKM_SHA_1_KEY_GEN: ++ keySize = adjustKeySize(160, range); ++ keyType = CKK_SHA_1_HMAC; ++ break; ++ case (int)CKM_SHA224_KEY_GEN: ++ keySize = adjustKeySize(224, range); ++ keyType = CKK_SHA224_HMAC; ++ break; ++ case (int)CKM_SHA256_KEY_GEN: ++ keySize = adjustKeySize(256, range); ++ keyType = CKK_SHA256_HMAC; ++ break; ++ case (int)CKM_SHA384_KEY_GEN: ++ keySize = adjustKeySize(384, range); ++ keyType = CKK_SHA384_HMAC; ++ break; ++ case (int)CKM_SHA512_KEY_GEN: ++ keySize = adjustKeySize(512, range); ++ keyType = CKK_SHA512_HMAC; ++ break; ++ case (int)CKM_SHA512_224_KEY_GEN: ++ keySize = adjustKeySize(224, range); ++ keyType = CKK_SHA512_224_HMAC; ++ break; ++ case (int)CKM_SHA512_256_KEY_GEN: ++ keySize = adjustKeySize(256, range); ++ keyType = CKK_SHA512_256_HMAC; ++ break; ++ case (int)CKM_SHA3_224_KEY_GEN: ++ keySize = adjustKeySize(224, range); ++ keyType = CKK_SHA3_224_HMAC; ++ break; ++ case (int)CKM_SHA3_256_KEY_GEN: ++ keySize = adjustKeySize(256, range); ++ keyType = CKK_SHA3_256_HMAC; ++ break; ++ case (int)CKM_SHA3_384_KEY_GEN: ++ keySize = adjustKeySize(384, range); ++ keyType = CKK_SHA3_384_HMAC; ++ break; ++ case (int)CKM_SHA3_512_KEY_GEN: ++ keySize = adjustKeySize(512, range); ++ keyType = CKK_SHA3_512_HMAC; ++ break; ++ case (int)CKM_GENERIC_SECRET_KEY_GEN: ++ if (algorithm.startsWith("Hmac")) { ++ String digest = algorithm.substring(4); ++ switch (digest) { ++ case "MD5": ++ keySize = 512; ++ break; ++ case "SHA1": ++ keySize = 160; ++ break; ++ case "SHA224": ++ case "SHA512/224": ++ case "SHA3-224": ++ keySize = 224; ++ break; ++ case "SHA256": ++ case "SHA512/256": ++ case "SHA3-256": ++ keySize = 256; ++ break; ++ case "SHA384": ++ case "SHA3-384": ++ keySize = 384; ++ break; ++ case "SHA512": ++ case "SHA3-512": ++ keySize = 512; ++ break; ++ default: ++ throw new ProviderException("Unsupported algorithm " + ++ algorithm); ++ } ++ keySize = adjustKeySize(keySize, range); ++ } else { ++ throw new ProviderException("Unsupported algorithm " + ++ algorithm); ++ } ++ keyType = CKK_GENERIC_SECRET; ++ break; + default: + throw new ProviderException("Unknown mechanism " + mechanism); + } +- try { +- significantKeySize = checkKeySize(mechanism, keySize, token); +- } catch (InvalidAlgorithmParameterException iape) { +- throw new ProviderException("Unsupported default key size", iape); ++ if (significantKeySize == -1) { ++ significantKeySize = keySize; + } + } + + // see JCE spec + protected void engineInit(SecureRandom random) { + token.ensureValid(); +- setDefaultKeySize(); ++ setDefault(); + } + + // see JCE spec +@@ -226,7 +349,7 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + token.ensureValid(); + int newSignificantKeySize; + try { +- newSignificantKeySize = checkKeySize(mechanism, keySize, token); ++ newSignificantKeySize = checkKeySize(mechanism, keySize, range); + } catch (InvalidAlgorithmParameterException iape) { + throw (InvalidParameterException) + (new InvalidParameterException().initCause(iape)); +@@ -258,10 +381,11 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + try { + session = token.getObjSession(); + CK_ATTRIBUTE[] attributes; +- switch ((int)keyType) { +- case (int)CKK_DES: +- case (int)CKK_DES2: +- case (int)CKK_DES3: ++ ++ switch ((int)mechanism) { ++ case (int)CKM_DES_KEY_GEN: ++ case (int)CKM_DES2_KEY_GEN: ++ case (int)CKM_DES3_KEY_GEN: + // fixed length, do not specify CKA_VALUE_LEN + attributes = new CK_ATTRIBUTE[] { + new CK_ATTRIBUTE(CKA_CLASS, CKO_SECRET_KEY), +@@ -286,5 +410,4 @@ final class P11KeyGenerator extends KeyGeneratorSpi { + token.releaseSession(session); + } + } +- + } +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java +index c88e4a6ace5..29b26651c39 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Mac.java +@@ -39,8 +39,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + + /** + * MAC implementation class. This class currently supports HMAC using +- * MD5, SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 and the SSL3 MAC +- * using MD5 and SHA-1. ++ * MD5, SHA-1, SHA-2 family (SHA-224, SHA-256, SHA-384, and SHA-512), ++ * SHA-3 family (SHA3-224, SHA3-256, SHA3-384, and SHA3-512), and the ++ * SSL3 MAC using MD5 and SHA-1. + * + * Note that unlike other classes (e.g. Signature), this does not + * composite various operations if the token only supports part of the +@@ -92,16 +93,20 @@ final class P11Mac extends MacSpi { + break; + case (int)CKM_SHA224_HMAC: + case (int)CKM_SHA512_224_HMAC: ++ case (int)CKM_SHA3_224_HMAC: + macLength = 28; + break; + case (int)CKM_SHA256_HMAC: + case (int)CKM_SHA512_256_HMAC: ++ case (int)CKM_SHA3_256_HMAC: + macLength = 32; + break; + case (int)CKM_SHA384_HMAC: ++ case (int)CKM_SHA3_384_HMAC: + macLength = 48; + break; + case (int)CKM_SHA512_HMAC: ++ case (int)CKM_SHA3_512_HMAC: + macLength = 64; + break; + case (int)CKM_SSL3_MD5_MAC: +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +index 26eaa4735f1..905b6ea9562 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11PSSSignature.java +@@ -38,6 +38,7 @@ import java.security.spec.MGF1ParameterSpec; + import java.security.spec.PSSParameterSpec; + import java.security.interfaces.*; + import sun.security.pkcs11.wrapper.*; ++import sun.security.util.KnownOIDs; + import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + + +@@ -52,6 +53,10 @@ import static sun.security.pkcs11.wrapper.PKCS11Constants.*; + * . SHA256withRSASSA-PSS + * . SHA384withRSASSA-PSS + * . SHA512withRSASSA-PSS ++ * . SHA3-224withRSASSA-PSS ++ * . SHA3-256withRSASSA-PSS ++ * . SHA3-384withRSASSA-PSS ++ * . SHA3-512withRSASSA-PSS + * + * Note that the underlying PKCS#11 token may support complete signature + * algorithm (e.g. CKM__RSA_PKCS_PSS), or it may just +@@ -71,20 +76,28 @@ final class P11PSSSignature extends SignatureSpi { + + static { + DIGEST_LENGTHS.put("SHA-1", 20); +- DIGEST_LENGTHS.put("SHA", 20); +- DIGEST_LENGTHS.put("SHA1", 20); + DIGEST_LENGTHS.put("SHA-224", 28); +- DIGEST_LENGTHS.put("SHA224", 28); + DIGEST_LENGTHS.put("SHA-256", 32); +- DIGEST_LENGTHS.put("SHA256", 32); + DIGEST_LENGTHS.put("SHA-384", 48); +- DIGEST_LENGTHS.put("SHA384", 48); + DIGEST_LENGTHS.put("SHA-512", 64); +- DIGEST_LENGTHS.put("SHA512", 64); + DIGEST_LENGTHS.put("SHA-512/224", 28); +- DIGEST_LENGTHS.put("SHA512/224", 28); + DIGEST_LENGTHS.put("SHA-512/256", 32); +- DIGEST_LENGTHS.put("SHA512/256", 32); ++ DIGEST_LENGTHS.put("SHA3-224", 28); ++ DIGEST_LENGTHS.put("SHA3-256", 32); ++ DIGEST_LENGTHS.put("SHA3-384", 48); ++ DIGEST_LENGTHS.put("SHA3-512", 64); ++ } ++ ++ // utility method for looking up the std digest algorithms ++ private static String toStdName(String givenDigestAlg) { ++ if (givenDigestAlg == null) return null; ++ ++ KnownOIDs given2 = KnownOIDs.findMatch(givenDigestAlg); ++ if (given2 == null) { ++ return givenDigestAlg; ++ } else { ++ return given2.stdName(); ++ } + } + + // utility method for comparing digest algorithms +@@ -92,24 +105,8 @@ final class P11PSSSignature extends SignatureSpi { + private static boolean isDigestEqual(String stdAlg, String givenAlg) { + if (stdAlg == null || givenAlg == null) return false; + +- if (givenAlg.indexOf("-") != -1) { +- return stdAlg.equalsIgnoreCase(givenAlg); +- } else { +- if (stdAlg.equals("SHA-1")) { +- return (givenAlg.equalsIgnoreCase("SHA") +- || givenAlg.equalsIgnoreCase("SHA1")); +- } else { +- StringBuilder sb = new StringBuilder(givenAlg); +- // case-insensitive check +- if (givenAlg.regionMatches(true, 0, "SHA", 0, 3)) { +- givenAlg = sb.insert(3, "-").toString(); +- return stdAlg.equalsIgnoreCase(givenAlg); +- } else { +- throw new ProviderException("Unsupported digest algorithm " +- + givenAlg); +- } +- } +- } ++ givenAlg = toStdName(givenAlg); ++ return stdAlg.equalsIgnoreCase(givenAlg); + } + + // token instance +@@ -172,26 +169,57 @@ final class P11PSSSignature extends SignatureSpi { + this.algorithm = algorithm; + this.mechanism = new CK_MECHANISM(mechId); + int idx = algorithm.indexOf("with"); +- this.mdAlg = (idx == -1? null : algorithm.substring(0, idx)); ++ // convert to stdName ++ this.mdAlg = (idx == -1? ++ null : toStdName(algorithm.substring(0, idx))); ++ + switch ((int)mechId) { + case (int)CKM_SHA1_RSA_PKCS_PSS: + case (int)CKM_SHA224_RSA_PKCS_PSS: + case (int)CKM_SHA256_RSA_PKCS_PSS: + case (int)CKM_SHA384_RSA_PKCS_PSS: + case (int)CKM_SHA512_RSA_PKCS_PSS: ++ case (int)CKM_SHA3_224_RSA_PKCS_PSS: ++ case (int)CKM_SHA3_256_RSA_PKCS_PSS: ++ case (int)CKM_SHA3_384_RSA_PKCS_PSS: ++ case (int)CKM_SHA3_512_RSA_PKCS_PSS: + type = T_UPDATE; ++ this.md = null; + break; + case (int)CKM_RSA_PKCS_PSS: ++ // check if the digest algo is supported by underlying PKCS11 lib ++ if (this.mdAlg != null && token.getMechanismInfo ++ (Functions.getHashMechId(this.mdAlg)) == null) { ++ throw new NoSuchAlgorithmException("Unsupported algorithm: " + ++ algorithm); ++ } ++ this.md = (this.mdAlg == null? null : ++ MessageDigest.getInstance(this.mdAlg)); + type = T_DIGEST; + break; + default: + throw new ProviderException("Unsupported mechanism: " + mechId); + } +- this.md = null; ++ } ++ ++ private static PSSParameterSpec genDefaultParams(String digestAlg, ++ P11Key key) throws SignatureException { ++ int mdLen; ++ try { ++ mdLen = DIGEST_LENGTHS.get(digestAlg); ++ } catch (NullPointerException npe) { ++ throw new SignatureException("Unsupported digest: " + ++ digestAlg); ++ } ++ int saltLen = Integer.min(mdLen, (key.length() >> 3) - mdLen -2); ++ return new PSSParameterSpec(digestAlg, ++ "MGF1", new MGF1ParameterSpec(digestAlg), ++ saltLen, PSSParameterSpec.TRAILER_FIELD_BC); + } + + private void ensureInitialized() throws SignatureException { + token.ensureValid(); ++ + if (this.p11Key == null) { + throw new SignatureException("Missing key"); + } +@@ -200,20 +228,19 @@ final class P11PSSSignature extends SignatureSpi { + // PSS Parameters are required for signature verification + throw new SignatureException + ("Parameters required for RSASSA-PSS signature"); +- } else { +- int saltLen = DIGEST_LENGTHS.get(this.mdAlg).intValue(); +- // generate default params for both sign and verify? +- this.sigParams = new PSSParameterSpec(this.mdAlg, +- "MGF1", new MGF1ParameterSpec(this.mdAlg), +- saltLen, PSSParameterSpec.TRAILER_FIELD_BC); +- this.mechanism.setParameter(new CK_RSA_PKCS_PSS_PARAMS( +- this.mdAlg, "MGF1", this.mdAlg, +- DIGEST_LENGTHS.get(this.mdAlg).intValue())); + } ++ // generate default params for both sign and verify? ++ this.sigParams = genDefaultParams(this.mdAlg, this.p11Key); ++ this.mechanism.setParameter(new CK_RSA_PKCS_PSS_PARAMS( ++ this.mdAlg, "MGF1", this.mdAlg, sigParams.getSaltLength())); + } + + if (initialized == false) { +- initialize(); ++ try { ++ initialize(); ++ } catch (ProviderException pe) { ++ throw new SignatureException(pe); ++ } + } + } + +@@ -286,7 +313,7 @@ final class P11PSSSignature extends SignatureSpi { + } + + // assumes current state is initialized == false +- private void initialize() { ++ private void initialize() throws ProviderException { + if (DEBUG) System.out.println("Initializing"); + + if (p11Key == null) { +@@ -363,7 +390,8 @@ final class P11PSSSignature extends SignatureSpi { + if (this.sigParams != null) { + String digestAlg = this.sigParams.getDigestAlgorithm(); + int sLen = this.sigParams.getSaltLength(); +- int hLen = DIGEST_LENGTHS.get(digestAlg).intValue(); ++ ++ int hLen = DIGEST_LENGTHS.get(toStdName(digestAlg)).intValue(); + int minKeyLen = Math.addExact(Math.addExact(sLen, hLen), 2); + + if (keySize < minKeyLen) { +@@ -387,12 +415,24 @@ final class P11PSSSignature extends SignatureSpi { + if (params == this.sigParams) return; + + String digestAlgorithm = params.getDigestAlgorithm(); +- if (this.mdAlg != null && !isDigestEqual(digestAlgorithm, this.mdAlg)) { ++ if (this.mdAlg != null && !isDigestEqual(this.mdAlg, digestAlgorithm)) { + throw new InvalidAlgorithmParameterException + ("Digest algorithm in Signature parameters must be " + + this.mdAlg); + } +- Integer digestLen = DIGEST_LENGTHS.get(digestAlgorithm); ++ ++ try { ++ if (token.getMechanismInfo(Functions.getHashMechId ++ (digestAlgorithm)) == null) { ++ throw new InvalidAlgorithmParameterException ++ ("Unsupported digest algorithm: " + digestAlgorithm); ++ } ++ } catch (PKCS11Exception pe) { ++ // should not happen ++ throw new InvalidAlgorithmParameterException(pe); ++ } ++ ++ Integer digestLen = DIGEST_LENGTHS.get(toStdName(digestAlgorithm)); + if (digestLen == null) { + throw new InvalidAlgorithmParameterException + ("Unsupported digest algorithm in Signature parameters: " + +@@ -465,8 +505,14 @@ final class P11PSSSignature extends SignatureSpi { + mode = M_VERIFY; + p11Key = P11KeyFactory.convertKey(token, publicKey, KEY_ALGO); + +- // For PSS, defer PKCS11 initialization calls to update/doFinal as it +- // needs both key and params ++ // attempt initialization when key and params are both available ++ if (this.p11Key != null && this.sigParams != null) { ++ try { ++ initialize(); ++ } catch (ProviderException pe) { ++ throw new InvalidKeyException(pe); ++ } ++ } + } + + // see JCA spec +@@ -487,8 +533,14 @@ final class P11PSSSignature extends SignatureSpi { + mode = M_SIGN; + p11Key = P11KeyFactory.convertKey(token, privateKey, KEY_ALGO); + +- // For PSS, defer PKCS11 initialization calls to update/doFinal as it +- // needs both key and params ++ // attempt initialization when key and params are both available ++ if (this.p11Key != null && this.sigParams != null) { ++ try { ++ initialize(); ++ } catch (ProviderException pe) { ++ throw new InvalidKeyException(pe); ++ } ++ } + } + + // see JCA spec +@@ -698,6 +750,15 @@ final class P11PSSSignature extends SignatureSpi { + throw new InvalidAlgorithmParameterException(nsae); + } + } ++ ++ // attempt initialization when key and params are both available ++ if (this.p11Key != null && this.sigParams != null) { ++ try { ++ initialize(); ++ } catch (ProviderException pe) { ++ throw new InvalidAlgorithmParameterException(pe); ++ } ++ } + } + + // see JCA spec +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java +index e3af106d05a..e49edf32c29 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java +@@ -51,8 +51,15 @@ import sun.security.util.KeyUtil; + * . DSA + * . NONEwithDSA (RawDSA) + * . SHA1withDSA +- * . NONEwithDSAinP1363Format (RawDSAinP1363Format) +- * . SHA1withDSAinP1363Format ++ * . SHA224withDSA ++ * . SHA256withDSA ++ * . SHA384withDSA ++ * . SHA512withDSA ++ * . SHA3-224withDSA ++ * . SHA3-256withDSA ++ * . SHA3-384withDSA ++ * . SHA3-512withDSA ++ * . inP1363Format + * . RSA: + * . MD2withRSA + * . MD5withRSA +@@ -61,6 +68,10 @@ import sun.security.util.KeyUtil; + * . SHA256withRSA + * . SHA384withRSA + * . SHA512withRSA ++ * . SHA3-224withRSA ++ * . SHA3-256withRSA ++ * . SHA3-384withRSA ++ * . SHA3-512withRSA + * . ECDSA + * . NONEwithECDSA + * . SHA1withECDSA +@@ -68,12 +79,11 @@ import sun.security.util.KeyUtil; + * . SHA256withECDSA + * . SHA384withECDSA + * . SHA512withECDSA +- * . NONEwithECDSAinP1363Format +- * . SHA1withECDSAinP1363Format +- * . SHA224withECDSAinP1363Format +- * . SHA256withECDSAinP1363Format +- * . SHA384withECDSAinP1363Format +- * . SHA512withECDSAinP1363Format ++ * . SHA3_224withECDSA ++ * . SHA3_256withECDSA ++ * . SHA3_384withECDSA ++ * . SHA3_512withECDSA ++ * . inP1363Format + * + * Note that the underlying PKCS#11 token may support complete signature + * algorithm (e.g. CKM_DSA_SHA1, CKM_MD5_RSA_PKCS), or it may just +@@ -144,10 +154,11 @@ final class P11Signature extends SignatureSpi { + // constant for type raw, used with RawDSA and NONEwithECDSA only + private final static int T_RAW = 3; + +- // XXX PKCS#11 v2.20 says "should not be longer than 1024 bits", +- // but this is a little arbitrary ++ // PKCS#11 spec for CKM_ECDSA states that the length should not be longer ++ // than 1024 bits", but this is a little arbitrary + private final static int RAW_ECDSA_MAX = 128; + ++ + P11Signature(Token token, String algorithm, long mechanism) + throws NoSuchAlgorithmException, PKCS11Exception { + super(); +@@ -165,16 +176,36 @@ final class P11Signature extends SignatureSpi { + case (int)CKM_SHA256_RSA_PKCS: + case (int)CKM_SHA384_RSA_PKCS: + case (int)CKM_SHA512_RSA_PKCS: ++ case (int)CKM_SHA3_224_RSA_PKCS: ++ case (int)CKM_SHA3_256_RSA_PKCS: ++ case (int)CKM_SHA3_384_RSA_PKCS: ++ case (int)CKM_SHA3_512_RSA_PKCS: + keyAlgorithm = "RSA"; + type = T_UPDATE; + buffer = new byte[1]; + break; + case (int)CKM_DSA_SHA1: ++ case (int)CKM_DSA_SHA224: ++ case (int)CKM_DSA_SHA256: ++ case (int)CKM_DSA_SHA384: ++ case (int)CKM_DSA_SHA512: ++ case (int)CKM_DSA_SHA3_224: ++ case (int)CKM_DSA_SHA3_256: ++ case (int)CKM_DSA_SHA3_384: ++ case (int)CKM_DSA_SHA3_512: + keyAlgorithm = "DSA"; + type = T_UPDATE; + buffer = new byte[1]; + break; + case (int)CKM_ECDSA_SHA1: ++ case (int)CKM_ECDSA_SHA224: ++ case (int)CKM_ECDSA_SHA256: ++ case (int)CKM_ECDSA_SHA384: ++ case (int)CKM_ECDSA_SHA512: ++ case (int)CKM_ECDSA_SHA3_224: ++ case (int)CKM_ECDSA_SHA3_256: ++ case (int)CKM_ECDSA_SHA3_384: ++ case (int)CKM_ECDSA_SHA3_512: + keyAlgorithm = "EC"; + type = T_UPDATE; + buffer = new byte[1]; +@@ -200,57 +231,18 @@ final class P11Signature extends SignatureSpi { + type = T_RAW; + buffer = new byte[RAW_ECDSA_MAX]; + } else { +- String digestAlg; +- if (algorithm.equals("SHA1withECDSA") || +- algorithm.equals("SHA1withECDSAinP1363Format")) { +- digestAlg = "SHA-1"; +- } else if (algorithm.equals("SHA224withECDSA") || +- algorithm.equals("SHA224withECDSAinP1363Format")) { +- digestAlg = "SHA-224"; +- } else if (algorithm.equals("SHA256withECDSA") || +- algorithm.equals("SHA256withECDSAinP1363Format")) { +- digestAlg = "SHA-256"; +- } else if (algorithm.equals("SHA384withECDSA") || +- algorithm.equals("SHA384withECDSAinP1363Format")) { +- digestAlg = "SHA-384"; +- } else if (algorithm.equals("SHA512withECDSA") || +- algorithm.equals("SHA512withECDSAinP1363Format")) { +- digestAlg = "SHA-512"; +- } else { +- throw new ProviderException(algorithm); +- } + type = T_DIGEST; +- md = MessageDigest.getInstance(digestAlg); ++ md = MessageDigest.getInstance ++ (getDigestEnum(algorithm).stdName()); + } + break; + case (int)CKM_RSA_PKCS: + case (int)CKM_RSA_X_509: + keyAlgorithm = "RSA"; + type = T_DIGEST; +- if (algorithm.equals("MD5withRSA")) { +- md = MessageDigest.getInstance("MD5"); +- digestOID = AlgorithmId.MD5_oid; +- } else if (algorithm.equals("SHA1withRSA")) { +- md = MessageDigest.getInstance("SHA-1"); +- digestOID = AlgorithmId.SHA_oid; +- } else if (algorithm.equals("MD2withRSA")) { +- md = MessageDigest.getInstance("MD2"); +- digestOID = AlgorithmId.MD2_oid; +- } else if (algorithm.equals("SHA224withRSA")) { +- md = MessageDigest.getInstance("SHA-224"); +- digestOID = AlgorithmId.SHA224_oid; +- } else if (algorithm.equals("SHA256withRSA")) { +- md = MessageDigest.getInstance("SHA-256"); +- digestOID = AlgorithmId.SHA256_oid; +- } else if (algorithm.equals("SHA384withRSA")) { +- md = MessageDigest.getInstance("SHA-384"); +- digestOID = AlgorithmId.SHA384_oid; +- } else if (algorithm.equals("SHA512withRSA")) { +- md = MessageDigest.getInstance("SHA-512"); +- digestOID = AlgorithmId.SHA512_oid; +- } else { +- throw new ProviderException("Unknown signature: " + algorithm); +- } ++ KnownOIDs digestAlg = getDigestEnum(algorithm); ++ md = MessageDigest.getInstance(digestAlg.stdName()); ++ digestOID = ObjectIdentifier.of(digestAlg); + break; + default: + throw new ProviderException("Unknown mechanism: " + mechanism); +@@ -304,8 +296,8 @@ final class P11Signature extends SignatureSpi { + } + } else { // M_VERIFY + byte[] signature; +- if (keyAlgorithm.equals("DSA")) { +- signature = new byte[40]; ++ if (mechanism == CKM_DSA) { ++ signature = new byte[64]; // assume N = 256 + } else { + signature = new byte[(p11Key.length() + 7) >> 3]; + } +@@ -449,13 +441,17 @@ final class P11Signature extends SignatureSpi { + encodedLength = 34; + } else if (algorithm.equals("SHA1withRSA")) { + encodedLength = 35; +- } else if (algorithm.equals("SHA224withRSA")) { ++ } else if (algorithm.equals("SHA224withRSA") || ++ algorithm.equals("SHA3-224withRSA")) { + encodedLength = 47; +- } else if (algorithm.equals("SHA256withRSA")) { ++ } else if (algorithm.equals("SHA256withRSA") || ++ algorithm.equals("SHA3-256withRSA")) { + encodedLength = 51; +- } else if (algorithm.equals("SHA384withRSA")) { ++ } else if (algorithm.equals("SHA384withRSA") || ++ algorithm.equals("SHA3-384withRSA")) { + encodedLength = 67; +- } else if (algorithm.equals("SHA512withRSA")) { ++ } else if (algorithm.equals("SHA512withRSA") || ++ algorithm.equals("SHA3-512withRSA")) { + encodedLength = 83; + } else { + throw new ProviderException("Unknown signature algo: " + algorithm); +@@ -631,8 +627,7 @@ final class P11Signature extends SignatureSpi { + try { + byte[] signature; + if (type == T_UPDATE) { +- int len = keyAlgorithm.equals("DSA") ? 40 : 0; +- signature = token.p11.C_SignFinal(session.id(), len); ++ signature = token.p11.C_SignFinal(session.id(), 0); + } else { + byte[] digest; + if (type == T_DIGEST) { +@@ -781,6 +776,23 @@ final class P11Signature extends SignatureSpi { + } + } + ++ private static KnownOIDs getDigestEnum(String algorithm) ++ throws NoSuchAlgorithmException { ++ try { ++ String digAlg = SignatureUtil.extractDigestAlgFromDwithE(algorithm); ++ KnownOIDs k = KnownOIDs.findMatch(digAlg); ++ if (k == null) { ++ throw new NoSuchAlgorithmException ++ ("Unsupported digest algorithm: " + digAlg); ++ } ++ return k; ++ } catch (IllegalArgumentException iae) { ++ // should never happen ++ throw new NoSuchAlgorithmException("Unknown signature: " + ++ algorithm, iae); ++ } ++ } ++ + // private static byte[] decodeSignature(byte[] signature) throws IOException { + // return RSASignature.decodeSignature(digestOID, signature); + // } +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +index cf7cd19b689..7a8bcffb92c 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +@@ -550,6 +550,18 @@ public final class SunPKCS11 extends AuthProvider { + d(MD, "SHA-512/256", P11Digest, + s("2.16.840.1.101.3.4.2.6", "OID.2.16.840.1.101.3.4.2.6"), + m(CKM_SHA512_256)); ++ d(MD, "SHA3-224", P11Digest, ++ s("2.16.840.1.101.3.4.2.7", "OID.2.16.840.1.101.3.4.2.7"), ++ m(CKM_SHA3_224)); ++ d(MD, "SHA3-256", P11Digest, ++ s("2.16.840.1.101.3.4.2.8", "OID.2.16.840.1.101.3.4.2.8"), ++ m(CKM_SHA3_256)); ++ d(MD, "SHA3-384", P11Digest, ++ s("2.16.840.1.101.3.4.2.9", "OID.2.16.840.1.101.3.4.2.9"), ++ m(CKM_SHA3_384)); ++ d(MD, "SHA3-512", P11Digest, ++ s("2.16.840.1.101.3.4.2.10", "OID.2.16.840.1.101.3.4.2.10"), ++ m(CKM_SHA3_512)); + + d(MAC, "HmacMD5", P11MAC, + m(CKM_MD5_HMAC)); +@@ -574,7 +586,18 @@ public final class SunPKCS11 extends AuthProvider { + d(MAC, "HmacSHA512/256", P11MAC, + s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"), + m(CKM_SHA512_256_HMAC)); +- ++ d(MAC, "HmacSHA3-224", P11MAC, ++ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"), ++ m(CKM_SHA3_224_HMAC)); ++ d(MAC, "HmacSHA3-256", P11MAC, ++ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"), ++ m(CKM_SHA3_256_HMAC)); ++ d(MAC, "HmacSHA3-384", P11MAC, ++ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"), ++ m(CKM_SHA3_384_HMAC)); ++ d(MAC, "HmacSHA3-512", P11MAC, ++ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"), ++ m(CKM_SHA3_512_HMAC)); + d(MAC, "SslMacMD5", P11MAC, + m(CKM_SSL3_MD5_MAC)); + d(MAC, "SslMacSHA1", P11MAC, +@@ -604,6 +627,41 @@ public final class SunPKCS11 extends AuthProvider { + m(CKM_BLOWFISH_KEY_GEN)); + d(KG, "ChaCha20", P11KeyGenerator, + m(CKM_CHACHA20_KEY_GEN)); ++ d(KG, "HmacMD5", P11KeyGenerator, // 1.3.6.1.5.5.8.1.1 ++ m(CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA1", P11KeyGenerator, ++ s("1.2.840.113549.2.7", "OID.1.2.840.113549.2.7"), ++ m(CKM_SHA_1_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA224", P11KeyGenerator, ++ s("1.2.840.113549.2.8", "OID.1.2.840.113549.2.8"), ++ m(CKM_SHA224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA256", P11KeyGenerator, ++ s("1.2.840.113549.2.9", "OID.1.2.840.113549.2.9"), ++ m(CKM_SHA256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA384", P11KeyGenerator, ++ s("1.2.840.113549.2.10", "OID.1.2.840.113549.2.10"), ++ m(CKM_SHA384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA512", P11KeyGenerator, ++ s("1.2.840.113549.2.11", "OID.1.2.840.113549.2.11"), ++ m(CKM_SHA512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA512/224", P11KeyGenerator, ++ s("1.2.840.113549.2.12", "OID.1.2.840.113549.2.12"), ++ m(CKM_SHA512_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA512/256", P11KeyGenerator, ++ s("1.2.840.113549.2.13", "OID.1.2.840.113549.2.13"), ++ m(CKM_SHA512_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA3-224", P11KeyGenerator, ++ s("2.16.840.1.101.3.4.2.13", "OID.2.16.840.1.101.3.4.2.13"), ++ m(CKM_SHA3_224_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA3-256", P11KeyGenerator, ++ s("2.16.840.1.101.3.4.2.14", "OID.2.16.840.1.101.3.4.2.14"), ++ m(CKM_SHA3_256_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA3-384", P11KeyGenerator, ++ s("2.16.840.1.101.3.4.2.15", "OID.2.16.840.1.101.3.4.2.15"), ++ m(CKM_SHA3_384_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); ++ d(KG, "HmacSHA3-512", P11KeyGenerator, ++ s("2.16.840.1.101.3.4.2.16", "OID.2.16.840.1.101.3.4.2.16"), ++ m(CKM_SHA3_512_KEY_GEN, CKM_GENERIC_SECRET_KEY_GEN)); + + // register (Secret)KeyFactories if there are any mechanisms + // for a particular algorithm that we support +@@ -747,13 +805,40 @@ public final class SunPKCS11 extends AuthProvider { + d(SIG, "SHA512withDSA", P11Signature, + s("2.16.840.1.101.3.4.3.4", "OID.2.16.840.1.101.3.4.3.4"), + m(CKM_DSA_SHA512)); ++ d(SIG, "SHA3-224withDSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.5", "OID.2.16.840.1.101.3.4.3.5"), ++ m(CKM_DSA_SHA3_224)); ++ d(SIG, "SHA3-256withDSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.6", "OID.2.16.840.1.101.3.4.3.6"), ++ m(CKM_DSA_SHA3_256)); ++ d(SIG, "SHA3-384withDSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.7", "OID.2.16.840.1.101.3.4.3.7"), ++ m(CKM_DSA_SHA3_384)); ++ d(SIG, "SHA3-512withDSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.8", "OID.2.16.840.1.101.3.4.3.8"), ++ m(CKM_DSA_SHA3_512)); + d(SIG, "RawDSAinP1363Format", P11Signature, + s("NONEwithDSAinP1363Format"), + m(CKM_DSA)); + d(SIG, "DSAinP1363Format", P11Signature, + s("SHA1withDSAinP1363Format"), + m(CKM_DSA_SHA1, CKM_DSA)); +- ++ d(SIG, "SHA224withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA224)); ++ d(SIG, "SHA256withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA256)); ++ d(SIG, "SHA384withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA384)); ++ d(SIG, "SHA512withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA512)); ++ d(SIG, "SHA3-224withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA3_224)); ++ d(SIG, "SHA3-256withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA3_256)); ++ d(SIG, "SHA3-384withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA3_384)); ++ d(SIG, "SHA3-512withDSAinP1363Format", P11Signature, ++ m(CKM_DSA_SHA3_512)); + d(SIG, "NONEwithECDSA", P11Signature, + m(CKM_ECDSA)); + d(SIG, "SHA1withECDSA", P11Signature, +@@ -761,28 +846,49 @@ public final class SunPKCS11 extends AuthProvider { + m(CKM_ECDSA_SHA1, CKM_ECDSA)); + d(SIG, "SHA224withECDSA", P11Signature, + s("1.2.840.10045.4.3.1", "OID.1.2.840.10045.4.3.1"), +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA224, CKM_ECDSA)); + d(SIG, "SHA256withECDSA", P11Signature, + s("1.2.840.10045.4.3.2", "OID.1.2.840.10045.4.3.2"), +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA256, CKM_ECDSA)); + d(SIG, "SHA384withECDSA", P11Signature, + s("1.2.840.10045.4.3.3", "OID.1.2.840.10045.4.3.3"), +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA384, CKM_ECDSA)); + d(SIG, "SHA512withECDSA", P11Signature, + s("1.2.840.10045.4.3.4", "OID.1.2.840.10045.4.3.4"), +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA512, CKM_ECDSA)); ++ d(SIG, "SHA3-224withECDSA", P11Signature, ++ s("1.2.840.10045.4.3.9", "OID.1.2.840.10045.4.3.9"), ++ m(CKM_ECDSA_SHA3_224, CKM_ECDSA)); ++ d(SIG, "SHA3-256withECDSA", P11Signature, ++ s("1.2.840.10045.4.3.10", "OID.1.2.840.10045.4.3.10"), ++ m(CKM_ECDSA_SHA3_256, CKM_ECDSA)); ++ d(SIG, "SHA3-384withECDSA", P11Signature, ++ s("1.2.840.10045.4.3.11", "OID.1.2.840.10045.4.3.11"), ++ m(CKM_ECDSA_SHA3_384, CKM_ECDSA)); ++ d(SIG, "SHA3-512withECDSA", P11Signature, ++ s("1.2.840.10045.4.3.12", "OID.1.2.840.10045.4.3.12"), ++ m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); + d(SIG, "NONEwithECDSAinP1363Format", P11Signature, + m(CKM_ECDSA)); + d(SIG, "SHA1withECDSAinP1363Format", P11Signature, + m(CKM_ECDSA_SHA1, CKM_ECDSA)); + d(SIG, "SHA224withECDSAinP1363Format", P11Signature, +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA224, CKM_ECDSA)); + d(SIG, "SHA256withECDSAinP1363Format", P11Signature, +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA256, CKM_ECDSA)); + d(SIG, "SHA384withECDSAinP1363Format", P11Signature, +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA384, CKM_ECDSA)); + d(SIG, "SHA512withECDSAinP1363Format", P11Signature, +- m(CKM_ECDSA)); ++ m(CKM_ECDSA_SHA512, CKM_ECDSA)); ++ d(SIG, "SHA3-224withECDSAinP1363Format", P11Signature, ++ m(CKM_ECDSA_SHA3_224, CKM_ECDSA)); ++ d(SIG, "SHA3-256withECDSAinP1363Format", P11Signature, ++ m(CKM_ECDSA_SHA3_256, CKM_ECDSA)); ++ d(SIG, "SHA3-384withECDSAinP1363Format", P11Signature, ++ m(CKM_ECDSA_SHA3_384, CKM_ECDSA)); ++ d(SIG, "SHA3-512withECDSAinP1363Format", P11Signature, ++ m(CKM_ECDSA_SHA3_512, CKM_ECDSA)); ++ + d(SIG, "MD2withRSA", P11Signature, + s("1.2.840.113549.1.1.2", "OID.1.2.840.113549.1.1.2"), + m(CKM_MD2_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); +@@ -805,6 +911,18 @@ public final class SunPKCS11 extends AuthProvider { + d(SIG, "SHA512withRSA", P11Signature, + s("1.2.840.113549.1.1.13", "OID.1.2.840.113549.1.1.13"), + m(CKM_SHA512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); ++ d(SIG, "SHA3-224withRSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.13", "OID.2.16.840.1.101.3.4.3.13"), ++ m(CKM_SHA3_224_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); ++ d(SIG, "SHA3-256withRSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.14", "OID.2.16.840.1.101.3.4.3.14"), ++ m(CKM_SHA3_256_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); ++ d(SIG, "SHA3-384withRSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.15", "OID.2.16.840.1.101.3.4.3.15"), ++ m(CKM_SHA3_384_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); ++ d(SIG, "SHA3-512withRSA", P11Signature, ++ s("2.16.840.1.101.3.4.3.16", "OID.2.16.840.1.101.3.4.3.16"), ++ m(CKM_SHA3_512_RSA_PKCS, CKM_RSA_PKCS, CKM_RSA_X_509)); + d(SIG, "RSASSA-PSS", P11PSSSignature, + s("1.2.840.113549.1.1.10", "OID.1.2.840.113549.1.1.10"), + m(CKM_RSA_PKCS_PSS)); +@@ -818,6 +936,14 @@ public final class SunPKCS11 extends AuthProvider { + m(CKM_SHA384_RSA_PKCS_PSS)); + d(SIG, "SHA512withRSASSA-PSS", P11PSSSignature, + m(CKM_SHA512_RSA_PKCS_PSS)); ++ d(SIG, "SHA3-224withRSASSA-PSS", P11PSSSignature, ++ m(CKM_SHA3_224_RSA_PKCS_PSS)); ++ d(SIG, "SHA3-256withRSASSA-PSS", P11PSSSignature, ++ m(CKM_SHA3_256_RSA_PKCS_PSS)); ++ d(SIG, "SHA3-384withRSASSA-PSS", P11PSSSignature, ++ m(CKM_SHA3_384_RSA_PKCS_PSS)); ++ d(SIG, "SHA3-512withRSASSA-PSS", P11PSSSignature, ++ m(CKM_SHA3_512_RSA_PKCS_PSS)); + + d(KG, "SunTlsRsaPremasterSecret", + "sun.security.pkcs11.P11TlsRsaPremasterSecretGenerator", +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java +index e077943bbc2..cb04b95304d 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/CK_RSA_PKCS_PSS_PARAMS.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -57,7 +57,12 @@ public class CK_RSA_PKCS_PSS_PARAMS { + throw new ProviderException("Only MGF1 is supported"); + } + // no dash in PKCS#11 mechanism names +- this.mgf = Functions.getMGFId("CKG_MGF1_" + mgfHash.replaceFirst("-", "")); ++ if (mgfHash.startsWith("SHA3-")) { ++ mgfHash = mgfHash.replaceFirst("-", "_"); ++ } else { ++ mgfHash = mgfHash.replaceFirst("-", ""); ++ } ++ this.mgf = Functions.getMGFId("CKG_MGF1_" + mgfHash); + this.sLen = sLen; + } + +diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java +new file mode 100644 +index 00000000000..d6707028d96 +--- /dev/null ++++ b/test/jdk/sun/security/pkcs11/KeyGenerator/HmacDefKeySizeTest.java +@@ -0,0 +1,84 @@ ++/* ++ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++/* ++ * @test ++ * @bug 8242332 ++ * @summary Check that PKCS11 Hamc KeyGenerator picks appropriate default size ++ * @library /test/lib .. ++ * @modules jdk.crypto.cryptoki ++ * @run main/othervm HmacDefKeySizeTest ++ * @run main/othervm HmacDefKeySizeTest sm ++ */ ++ ++import java.security.InvalidKeyException; ++import java.security.NoSuchAlgorithmException; ++import java.security.NoSuchProviderException; ++import java.security.Provider; ++import java.util.List; ++import javax.crypto.KeyGenerator; ++import javax.crypto.SecretKey; ++ ++public class HmacDefKeySizeTest extends PKCS11Test { ++ ++ /** ++ * Request a KeyGenerator object from PKCS11 provider for Hmac algorithm, ++ * and generate the SecretKey. ++ * ++ * @param args the command line arguments ++ */ ++ public static void main(String[] args) throws Exception { ++ main(new HmacDefKeySizeTest(), args); ++ } ++ ++ @Override ++ public void main(Provider p) { ++ List algorithms = getSupportedAlgorithms("KeyGenerator", ++ "Hmac", p); ++ boolean success = true; ++ ++ for (String alg : algorithms) { ++ System.out.println("Testing " + alg); ++ try { ++ KeyGenerator kg = KeyGenerator.getInstance(alg, p); ++ SecretKey k1 = kg.generateKey(); ++ int keysize = k1.getEncoded().length << 3; ++ System.out.println("=> default key size = " + keysize); ++ kg.init(keysize); ++ SecretKey k2 = kg.generateKey(); ++ if ((k2.getEncoded().length << 3) != keysize) { ++ success = false; ++ System.out.println("keysize check failed"); ++ } ++ } catch (Exception e) { ++ System.out.println("Unexpected exception: " + e); ++ e.printStackTrace(); ++ success = false; ++ } ++ } ++ ++ if (!success) { ++ throw new RuntimeException("One or more tests failed"); ++ } ++ } ++} +diff --git a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java +index b61d10beece..78b7d857e8e 100644 +--- a/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java ++++ b/test/jdk/sun/security/pkcs11/KeyGenerator/TestKeyGenerator.java +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 4917233 6461727 6490213 6720456 ++ * @bug 4917233 6461727 6490213 6720456 8242332 + * @summary test the KeyGenerator + * @author Andreas Sterbenz + * @library /test/lib .. +@@ -128,6 +128,18 @@ public class TestKeyGenerator extends PKCS11Test { + test("ARCFOUR", 40, p, TestResult.PASS); + test("ARCFOUR", 128, p, TestResult.PASS); + ++ String[] HMAC_ALGS = { ++ "HmacSHA1", "HmacSHA224", "HmacSHA256", "HmacSHA384", "HmacSHA512", ++ "HmacSHA512/224", "HmacSHA512/256", "HmacSHA3-224", "HmacSHA3-256", ++ "HmacSHA3-384", "HmacSHA3-512", ++ }; ++ ++ for (String hmacAlg : HMAC_ALGS) { ++ test(hmacAlg, 0, p, TestResult.FAIL); ++ test(hmacAlg, 128, p, TestResult.PASS); ++ test(hmacAlg, 224, p, TestResult.PASS); ++ } ++ + if (p.getName().equals("SunPKCS11-Solaris")) { + test("ARCFOUR", 1024, p, TestResult.TBD); + } else if (p.getName().equals("SunPKCS11-NSS")) { +diff --git a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java +index 59af327c1f2..64c42a6dd06 100644 +--- a/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java ++++ b/test/jdk/sun/security/pkcs11/Mac/MacSameTest.java +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 8048603 ++ * @bug 8048603 8242332 + * @summary Check if doFinal and update operation result in same Mac + * @author Yu-Ching Valerie Peng, Bill Situ, Alexander Fomin + * @library /test/lib .. +@@ -40,13 +40,15 @@ import java.security.Provider; + import java.security.SecureRandom; + import java.util.List; + import javax.crypto.Mac; ++import javax.crypto.KeyGenerator; ++import javax.crypto.SecretKey; + import javax.crypto.spec.SecretKeySpec; + + public class MacSameTest extends PKCS11Test { + + private static final int MESSAGE_SIZE = 25; + private static final int OFFSET = 5; +- private static final int KEY_SIZE = 70; ++ private static final int KEY_SIZE = 128; + + /** + * Initialize a message, instantiate a Mac object, +@@ -67,9 +69,30 @@ public class MacSameTest extends PKCS11Test { + public void main(Provider p) { + List algorithms = getSupportedAlgorithms("Mac", "Hmac", p); + boolean success = true; ++ SecureRandom srdm = new SecureRandom(); ++ + for (String alg : algorithms) { ++ // first try w/ java secret key object ++ byte[] keyVal = new byte[KEY_SIZE]; ++ srdm.nextBytes(keyVal); ++ SecretKey skey = new SecretKeySpec(keyVal, alg); ++ ++ try { ++ doTest(alg, skey, p); ++ } catch (Exception e) { ++ System.out.println("Unexpected exception: " + e); ++ e.printStackTrace(); ++ success = false; ++ } ++ + try { +- doTest(alg, p); ++ KeyGenerator kg = KeyGenerator.getInstance(alg, p); ++ kg.init(KEY_SIZE); ++ skey = kg.generateKey(); ++ doTest(alg, skey, p); ++ } catch (NoSuchAlgorithmException nsae) { ++ System.out.println("Skip test using native key for " + alg); ++ continue; + } catch (Exception e) { + System.out.println("Unexpected exception: " + e); + e.printStackTrace(); +@@ -82,7 +105,7 @@ public class MacSameTest extends PKCS11Test { + } + } + +- private void doTest(String algo, Provider provider) ++ private void doTest(String algo, SecretKey key, Provider provider) + throws NoSuchAlgorithmException, NoSuchProviderException, + InvalidKeyException { + System.out.println("Test " + algo); +@@ -108,12 +131,7 @@ public class MacSameTest extends PKCS11Test { + byte[] tail = new byte[plain.length - OFFSET]; + System.arraycopy(plain, OFFSET, tail, 0, tail.length); + +- SecureRandom srdm = new SecureRandom(); +- byte[] keyVal = new byte[KEY_SIZE]; +- srdm.nextBytes(keyVal); +- SecretKeySpec keySpec = new SecretKeySpec(keyVal, "HMAC"); +- +- mac.init(keySpec); ++ mac.init(key); + byte[] result1 = mac.doFinal(plain); + + mac.reset(); +diff --git a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java +index 5cad8859840..7e045232e3a 100644 +--- a/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java ++++ b/test/jdk/sun/security/pkcs11/Mac/ReinitMac.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 4856966 ++ * @bug 4856966 8242332 + * @summary + * @author Andreas Sterbenz + * @library /test/lib .. +@@ -35,6 +35,7 @@ + + import java.security.Provider; + import java.util.Random; ++import java.util.List; + import javax.crypto.Mac; + import javax.crypto.spec.SecretKeySpec; + +@@ -46,32 +47,49 @@ public class ReinitMac extends PKCS11Test { + + @Override + public void main(Provider p) throws Exception { +- if (p.getService("Mac", "HmacMD5") == null) { +- System.out.println(p + " does not support HmacMD5, skipping"); +- return; +- } ++ List algorithms = getSupportedAlgorithms("Mac", "Hmac", p); + Random random = new Random(); +- byte[] data1 = new byte[10 * 1024]; +- random.nextBytes(data1); +- byte[] keyData = new byte[16]; +- random.nextBytes(keyData); +- SecretKeySpec key = new SecretKeySpec(keyData, "Hmac"); +- Mac mac = Mac.getInstance("HmacMD5", p); ++ byte[] data = new byte[10 * 1024]; ++ random.nextBytes(data); ++ byte[] keyVal = new byte[16]; ++ random.nextBytes(keyVal); ++ ++ boolean success = true; ++ for (String alg : algorithms) { ++ try { ++ doTest(alg, p, keyVal, data); ++ } catch (Exception e) { ++ System.out.println("Unexpected exception: " + e); ++ e.printStackTrace(); ++ success = false; ++ } ++ } ++ ++ if (!success) { ++ throw new RuntimeException("Test failed"); ++ } else { ++ System.out.println("All tests passed"); ++ } ++ } ++ ++ private void doTest(String alg, Provider p, byte[] keyVal, byte[] data) ++ throws Exception { ++ System.out.println("Testing " + alg); ++ SecretKeySpec key = new SecretKeySpec(keyVal, alg); ++ Mac mac = Mac.getInstance(alg, p); + mac.init(key); + mac.init(key); +- mac.update(data1); ++ mac.update(data); + mac.init(key); + mac.doFinal(); + mac.doFinal(); +- mac.update(data1); ++ mac.update(data); + mac.doFinal(); + mac.reset(); + mac.reset(); + mac.init(key); + mac.reset(); +- mac.update(data1); ++ mac.update(data); + mac.reset(); +- +- System.out.println("All tests passed"); + } + } +diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java +index 7ced00630cc..a7a72e8ea3d 100644 +--- a/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java ++++ b/test/jdk/sun/security/pkcs11/MessageDigest/ByteBuffers.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 4856966 8080462 ++ * @bug 4856966 8080462 8242332 + * @summary Test the MessageDigest.update(ByteBuffer) method + * @author Andreas Sterbenz + * @library /test/lib .. +@@ -36,13 +36,10 @@ import java.nio.ByteBuffer; + import java.security.*; + import java.util.Arrays; + import java.util.Random; ++import java.util.List; + + public class ByteBuffers extends PKCS11Test { + +- static final String[] ALGS = { +- "SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA-512/224", "SHA-512/256" +- }; +- + private static Random random = new Random(); + + public static void main(String[] args) throws Exception { +@@ -51,6 +48,9 @@ public class ByteBuffers extends PKCS11Test { + + @Override + public void main(Provider p) throws Exception { ++ List ALGS = getSupportedAlgorithms("MessageDigest", ++ "SHA", p); ++ + int n = 10 * 1024; + byte[] t = new byte[n]; + random.nextBytes(t); +@@ -62,13 +62,7 @@ public class ByteBuffers extends PKCS11Test { + + private void runTest(Provider p, String alg, byte[] data) throws Exception { + System.out.println("Test against " + p.getName() + " and " + alg); +- MessageDigest md; +- try { +- md = MessageDigest.getInstance(alg, p); +- } catch (NoSuchAlgorithmException e) { +- System.out.println("Skip " + alg + " due to no support"); +- return; +- } ++ MessageDigest md = MessageDigest.getInstance(alg, p); + + byte[] d1 = md.digest(data); + +diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java +index ea7909bc397..268f698276b 100644 +--- a/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java ++++ b/test/jdk/sun/security/pkcs11/MessageDigest/ReinitDigest.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2003, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 4856966 ++ * @bug 4856966 8242332 + * @summary + * @author Andreas Sterbenz + * @library /test/lib .. +@@ -37,6 +37,7 @@ import java.security.MessageDigest; + import java.security.Provider; + import java.util.Arrays; + import java.util.Random; ++import java.util.List; + + public class ReinitDigest extends PKCS11Test { + +@@ -46,19 +47,37 @@ public class ReinitDigest extends PKCS11Test { + + @Override + public void main(Provider p) throws Exception { +- if (p.getService("MessageDigest", "MD5") == null) { +- System.out.println("Provider does not support MD5, skipping"); +- return; +- } ++ List ALGS = getSupportedAlgorithms("MessageDigest", ++ "SHA", p); + Random r = new Random(); + byte[] data1 = new byte[10 * 1024]; + byte[] data2 = new byte[10 * 1024]; + r.nextBytes(data1); + r.nextBytes(data2); +- MessageDigest md; +- md = MessageDigest.getInstance("MD5", "SUN"); ++ ++ boolean success = true; ++ for (String alg : ALGS) { ++ try { ++ doTest(alg, p, data1, data2); ++ } catch (Exception e) { ++ System.out.println("Unexpected exception: " + e); ++ e.printStackTrace(); ++ success = false; ++ } ++ } ++ ++ if (!success) { ++ throw new RuntimeException("Test failed"); ++ } ++ System.out.println("All tests passed"); ++ } ++ ++ private void doTest(String alg, Provider p, byte[] data1, byte[] data2) ++ throws Exception { ++ System.out.println("Testing " + alg); ++ MessageDigest md = MessageDigest.getInstance(alg, "SUN"); + byte[] d1 = md.digest(data1); +- md = MessageDigest.getInstance("MD5", p); ++ md = MessageDigest.getInstance(alg, p); + byte[] d2 = md.digest(data1); + check(d1, d2); + byte[] d3 = md.digest(data1); +@@ -68,7 +87,6 @@ public class ReinitDigest extends PKCS11Test { + md.reset(); + byte[] d4 = md.digest(data1); + check(d1, d4); +- System.out.println("All tests passed"); + } + + private static void check(byte[] d1, byte[] d2) throws Exception { +diff --git a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java +index b931c8564b2..ace601c7233 100644 +--- a/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java ++++ b/test/jdk/sun/security/pkcs11/MessageDigest/TestCloning.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2012, 2018, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2012, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 6414899 ++ * @bug 6414899 8242332 + * @summary Ensure the cloning functionality works. + * @author Valerie Peng + * @library /test/lib .. +@@ -37,13 +37,10 @@ import java.security.MessageDigest; + import java.security.Provider; + import java.util.Arrays; + import java.util.Random; ++import java.util.List; + + public class TestCloning extends PKCS11Test { + +- private static final String[] ALGOS = { +- "MD2", "MD5", "SHA1", "SHA-224", "SHA-256", "SHA-384", "SHA-512" +- }; +- + public static void main(String[] args) throws Exception { + main(new TestCloning(), args); + } +@@ -51,44 +48,28 @@ public class TestCloning extends PKCS11Test { + private static final byte[] data1 = new byte[10]; + private static final byte[] data2 = new byte[10*1024]; + +- + @Override + public void main(Provider p) throws Exception { ++ List ALGS = getSupportedAlgorithms("MessageDigest", "SHA", p); + Random r = new Random(); + byte[] data1 = new byte[10]; + byte[] data2 = new byte[2*1024]; + r.nextBytes(data1); + r.nextBytes(data2); + System.out.println("Testing against provider " + p.getName()); +- for (int i = 0; i < ALGOS.length; i++) { +- if (p.getService("MessageDigest", ALGOS[i]) == null) { +- System.out.println(ALGOS[i] + " is not supported, skipping"); +- continue; +- } else { +- System.out.println("Testing " + ALGOS[i] + " of " + p.getName()); +- MessageDigest md = MessageDigest.getInstance(ALGOS[i], p); +- try { +- md = testCloning(md, p); +- // repeat the test again after generating digest once +- for (int j = 0; j < 10; j++) { +- md = testCloning(md, p); +- } +- } catch (Exception ex) { +- if (ALGOS[i] == "MD2" && +- p.getName().equalsIgnoreCase("SunPKCS11-NSS")) { +- // known bug in NSS; ignore for now +- System.out.println("Ignore Known bug in MD2 of NSS"); +- continue; +- } +- throw ex; +- } ++ for (String alg : ALGS) { ++ System.out.println("Testing " + alg); ++ MessageDigest md = MessageDigest.getInstance(alg, p); ++ md = testCloning(md, p); ++ // repeat the test again after generating digest once ++ for (int j = 0; j < 10; j++) { ++ md = testCloning(md, p); + } + } + } + + private static MessageDigest testCloning(MessageDigest mdObj, Provider p) +- throws Exception { +- ++ throws Exception { + // copy#0: clone at state BLANK w/o any data + MessageDigest mdCopy0 = (MessageDigest) mdObj.clone(); + +diff --git a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java +index 26eeacffed9..f5de994779c 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java ++++ b/test/jdk/sun/security/pkcs11/Signature/ByteBuffers.java +@@ -23,7 +23,7 @@ + + /* + * @test +- * @bug 4856966 ++ * @bug 4856966 8242332 + * @summary Test the Signature.update(ByteBuffer) method + * @author Andreas Sterbenz + * @library /test/lib .. +@@ -70,10 +70,10 @@ public class ByteBuffers extends PKCS11Test { + random.nextBytes(t); + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); +- kpg.initialize(512); ++ kpg.initialize(2048); + KeyPair kp = kpg.generateKeyPair(); + +- Signature sig = Signature.getInstance("MD5withRSA", p); ++ Signature sig = Signature.getInstance("SHA256withRSA", p); + sig.initSign(kp.getPrivate()); + sig.update(t); + byte[] signature = sig.sign(); +diff --git a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java +index ccd66599fb0..a2fa7294977 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java ++++ b/test/jdk/sun/security/pkcs11/Signature/InitAgainPSS.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -25,7 +25,7 @@ import java.security.spec.*; + + /** + * @test +- * @bug 8080462 ++ * @bug 8080462 8242332 + * @summary Make sure old state is cleared when init is called again + * @library /test/lib .. + * @modules jdk.crypto.cryptoki +@@ -38,18 +38,22 @@ public class InitAgainPSS extends PKCS11Test { + + @Override + public void main(Provider p) throws Exception { ++ test("RSASSA-PSS", p); ++ } ++ ++ private void test(String sigAlg, Provider p) throws Exception { + Signature s1; + try { +- s1 = Signature.getInstance("RSASSA-PSS", p); ++ s1 = Signature.getInstance(sigAlg, p); + } catch (NoSuchAlgorithmException e) { +- System.out.println("Skip testing RSASSA-PSS" + ++ System.out.println("Skip testing " + sigAlg + + " due to no support"); + return; + } + + byte[] msg = "hello".getBytes(); + +- Signature s2 = Signature.getInstance("RSASSA-PSS", p); ++ Signature s2 = Signature.getInstance(sigAlg, p); + + PSSParameterSpec params = new PSSParameterSpec("SHA-256", "MGF1", + new MGF1ParameterSpec("SHA-256"), 32, +diff --git a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java +index 2e4fedbf1d5..f1c0492b5fc 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java ++++ b/test/jdk/sun/security/pkcs11/Signature/KeyAndParamCheckForPSS.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -26,7 +26,7 @@ import java.security.spec.*; + + /** + * @test +- * @bug 8080462 8226651 ++ * @bug 8080462 8226651 8242332 + * @summary Ensure that PSS key and params check are implemented properly + * regardless of call sequence + * @library /test/lib .. +@@ -55,6 +55,7 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { + " due to no support"); + return; + } ++ + // NOTE: key length >= (digest length + 2) in bytes + // otherwise, even salt length = 0 would not work + runTest(p, 1024, "SHA-256", "SHA-256"); +@@ -66,10 +67,30 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { + runTest(p, 1040, "SHA-512", "SHA-256"); + runTest(p, 1040, "SHA-512", "SHA-384"); + runTest(p, 1040, "SHA-512", "SHA-512"); ++ runTest(p, 1024, "SHA3-256", "SHA3-256"); ++ runTest(p, 1024, "SHA3-256", "SHA3-384"); ++ runTest(p, 1024, "SHA3-256", "SHA3-512"); ++ runTest(p, 1024, "SHA3-384", "SHA3-256"); ++ runTest(p, 1024, "SHA3-384", "SHA3-384"); ++ runTest(p, 1024, "SHA3-384", "SHA3-512"); ++ runTest(p, 1040, "SHA3-512", "SHA3-256"); ++ runTest(p, 1040, "SHA3-512", "SHA3-384"); ++ runTest(p, 1040, "SHA3-512", "SHA3-512"); + } + + private void runTest(Provider p, int keySize, String hashAlg, + String mgfHashAlg) throws Exception { ++ ++ // skip further test if this provider does not support hashAlg or ++ // mgfHashAlg ++ try { ++ MessageDigest.getInstance(hashAlg, p); ++ MessageDigest.getInstance(mgfHashAlg, p); ++ } catch (NoSuchAlgorithmException nsae) { ++ System.out.println("No support for " + hashAlg + ", skip"); ++ return; ++ } ++ + System.out.println("Testing [" + keySize + " " + hashAlg + "]"); + + // create a key pair with the supplied size +@@ -95,6 +116,7 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { + } catch (InvalidKeyException ike) { + System.out.println("test#1: got expected IKE"); + } ++ + sig.setParameter(paramsGood); + sig.initSign(priv); + System.out.println("test#1: pass"); +@@ -108,8 +130,10 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { + } catch (InvalidKeyException ike) { + System.out.println("test#2: got expected IKE"); + } ++ + sig.setParameter(paramsGood); + sig.initVerify(pub); ++ + System.out.println("test#2: pass"); + + // test#3 - initSign, then setParameter +@@ -121,6 +145,7 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { + } catch (InvalidAlgorithmParameterException iape) { + System.out.println("test#3: got expected IAPE"); + } ++ + sig.setParameter(paramsGood); + System.out.println("test#3: pass"); + +@@ -133,6 +158,7 @@ public class KeyAndParamCheckForPSS extends PKCS11Test { + } catch (InvalidAlgorithmParameterException iape) { + System.out.println("test#4: got expected IAPE"); + } ++ + sig.setParameter(paramsGood); + System.out.println("test#4: pass"); + } +diff --git a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java +index 42ca7fa203d..8c132ca7e4f 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java ++++ b/test/jdk/sun/security/pkcs11/Signature/ReinitSignature.java +@@ -23,312 +23,13 @@ + + /* + * @test +- * @bug 4856966 ++ * @bug 4856966 8242332 + * @summary test that reinitializing Signatures works correctly + * @author Andreas Sterbenz + * @library /test/lib .. + * @key randomness + * @modules jdk.crypto.cryptoki + * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature +- * @run main ReinitSignature + */ + + import java.security.KeyPair; +@@ -363,11 +64,11 @@ public class ReinitSignature extends PKCS11Test { + } + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); +- kpg.initialize(512); ++ kpg.initialize(2048); + KeyPair kp = kpg.generateKeyPair(); + PrivateKey privateKey = kp.getPrivate(); + PublicKey publicKey = kp.getPublic(); +- Signature sig = Signature.getInstance("MD5withRSA", p); ++ Signature sig = Signature.getInstance("SHA256withRSA", p); + byte[] data = new byte[10 * 1024]; + new Random().nextBytes(data); + sig.initSign(privateKey); +diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java +index 3c3edb5aa6a..11147022771 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java ++++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -27,7 +27,7 @@ import java.security.interfaces.*; + + /* + * @test +- * @bug 8080462 8226651 ++ * @bug 8080462 8226651 8242332 + * @summary testing interoperability of PSS signatures of PKCS11 provider + * against SunRsaSign provider + * @library /test/lib .. +diff --git a/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java +new file mode 100644 +index 00000000000..b8ea9863327 +--- /dev/null ++++ b/test/jdk/sun/security/pkcs11/Signature/SigInteropPSS2.java +@@ -0,0 +1,98 @@ ++/* ++ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.security.*; ++import java.security.spec.*; ++import java.security.interfaces.*; ++ ++/* ++ * @test ++ * @bug 8080462 8226651 8242332 ++ * @summary testing interoperability of PSS signatures of PKCS11 provider ++ * against SunRsaSign provider ++ * @library /test/lib .. ++ * @modules jdk.crypto.cryptoki ++ * @run main/othervm SigInteropPSS2 ++ */ ++public class SigInteropPSS2 extends PKCS11Test { ++ ++ private static final byte[] MSG = ++ "Interoperability test between SunRsaSign and SunPKCS11".getBytes(); ++ ++ private static final String[] DIGESTS = { ++ "SHA224", "SHA256", "SHA384", "SHA512", ++ "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512" ++ }; ++ ++ public static void main(String[] args) throws Exception { ++ main(new SigInteropPSS2(), args); ++ } ++ ++ @Override ++ public void main(Provider p) throws Exception { ++ ++ Signature sigPkcs11; ++ Signature sigSunRsaSign = ++ Signature.getInstance("RSASSA-PSS", "SunRsaSign"); ++ ++ KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); ++ kpg.initialize(3072); ++ KeyPair kp = kpg.generateKeyPair(); ++ ++ for (String digest : DIGESTS) { ++ try { ++ sigPkcs11 = Signature.getInstance(digest + "withRSASSA-PSS", p); ++ } catch (NoSuchAlgorithmException e) { ++ System.out.println("Skip testing " + digest + "withRSASSA-PSS" + ++ " due to no support"); ++ continue; ++ } ++ ++ runTest(sigPkcs11, sigSunRsaSign, kp); ++ } ++ System.out.println("Test passed"); ++ } ++ ++ static void runTest(Signature signer, Signature verifier, KeyPair kp) ++ throws Exception { ++ System.out.println("\tSign: " + signer.getProvider().getName()); ++ System.out.println("\tVerify: " + verifier.getProvider().getName()); ++ ++ signer.initSign(kp.getPrivate()); ++ signer.update(MSG); ++ byte[] sigBytes = signer.sign(); ++ ++ AlgorithmParameters signParams = signer.getParameters(); ++ verifier.setParameter(signParams.getParameterSpec ++ (PSSParameterSpec.class)); ++ verifier.initVerify(kp.getPublic()); ++ ++ verifier.update(MSG); ++ boolean isValid = verifier.verify(sigBytes); ++ if (isValid) { ++ System.out.println("\tPSS Signature verified"); ++ } else { ++ throw new RuntimeException("ERROR verifying PSS Signature"); ++ } ++ } ++} +diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java +index 3a6dbe345e9..4c1f7284bbc 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java ++++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2019, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -27,7 +27,7 @@ import java.util.stream.IntStream; + + /** + * @test +- * @bug 8080462 8226651 ++ * @bug 8080462 8226651 8242332 + * @summary Generate a RSASSA-PSS signature and verify it using PKCS11 provider + * @library /test/lib .. + * @modules jdk.crypto.cryptoki +@@ -40,8 +40,10 @@ public class SignatureTestPSS extends PKCS11Test { + private static final String SIGALG = "RSASSA-PSS"; + + private static final int[] KEYSIZES = { 2048, 3072 }; +- private static final String[] DIGESTS = { "SHA-224", "SHA-256", +- "SHA-384" , "SHA-512" }; ++ private static final String[] DIGESTS = { ++ "SHA-224", "SHA-256", "SHA-384" , "SHA-512", ++ "SHA3-224", "SHA3-256", "SHA3-384" , "SHA3-512", ++ }; + private Provider prov; + + /** +@@ -115,7 +117,22 @@ public class SignatureTestPSS extends PKCS11Test { + throws NoSuchAlgorithmException, InvalidKeyException, + SignatureException, NoSuchProviderException, + InvalidAlgorithmParameterException { +- System.out.println("Testing against " + hash + " and MGF1_" + mgfHash); ++ ++ String testName = hash + " and MGF1_" + mgfHash; ++ // only test RSASSA-PSS signature against the supplied hash/mgfHash ++ // if they are supported; otherwise PKCS11 library will throw ++ // CKR_MECHANISM_PARAM_INVALID at Signature.initXXX calls ++ try { ++ MessageDigest md = MessageDigest.getInstance(hash, prov); ++ if (!hash.equalsIgnoreCase(mgfHash)) { ++ md = MessageDigest.getInstance(mgfHash, prov); ++ } ++ } catch (NoSuchAlgorithmException nsae) { ++ System.out.println("Skip testing " + hash + "/" + mgfHash); ++ return; ++ } ++ ++ System.out.println("Testing against " + testName); + Signature sig = Signature.getInstance(SIGALG, prov); + AlgorithmParameterSpec params = new PSSParameterSpec( + hash, "MGF1", new MGF1ParameterSpec(mgfHash), 0, 1); +diff --git a/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java +new file mode 100644 +index 00000000000..516b17972e5 +--- /dev/null ++++ b/test/jdk/sun/security/pkcs11/Signature/SignatureTestPSS2.java +@@ -0,0 +1,140 @@ ++/* ++ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++import java.security.*; ++import java.security.interfaces.*; ++import java.security.spec.*; ++import java.util.stream.IntStream; ++ ++/** ++ * @test ++ * @bug 8244154 8242332 ++ * @summary Generate a withRSASSA-PSS signature and verify it using ++ * PKCS11 provider ++ * @library /test/lib .. ++ * @modules jdk.crypto.cryptoki ++ * @run main SignatureTestPSS2 ++ */ ++public class SignatureTestPSS2 extends PKCS11Test { ++ ++ // PKCS11 does not support RSASSA-PSS keys yet ++ private static final String KEYALG = "RSA"; ++ private static final String[] SIGALGS = { ++ "SHA224withRSASSA-PSS", "SHA256withRSASSA-PSS", ++ "SHA384withRSASSA-PSS", "SHA512withRSASSA-PSS", ++ "SHA3-224withRSASSA-PSS", "SHA3-256withRSASSA-PSS", ++ "SHA3-384withRSASSA-PSS", "SHA3-512withRSASSA-PSS" ++ }; ++ ++ private static final int[] KEYSIZES = { 2048, 3072 }; ++ ++ /** ++ * How much times signature updated. ++ */ ++ private static final int UPDATE_TIMES = 2; ++ ++ public static void main(String[] args) throws Exception { ++ main(new SignatureTestPSS2(), args); ++ } ++ ++ @Override ++ public void main(Provider p) throws Exception { ++ for (String sa : SIGALGS) { ++ Signature sig; ++ try { ++ sig = Signature.getInstance(sa, p); ++ } catch (NoSuchAlgorithmException e) { ++ System.out.println("Skip testing " + sa + ++ " due to no support"); ++ return; ++ } ++ for (int i : KEYSIZES) { ++ runTest(sig, i); ++ } ++ } ++ } ++ ++ private static void runTest(Signature s, int keySize) throws Exception { ++ byte[] data = new byte[100]; ++ IntStream.range(0, data.length).forEach(j -> { ++ data[j] = (byte) j; ++ }); ++ System.out.println("[KEYSIZE = " + keySize + "]"); ++ ++ // create a key pair ++ KeyPair kpair = generateKeys(KEYALG, keySize, s.getProvider()); ++ test(s, kpair.getPrivate(), kpair.getPublic(), data); ++ } ++ ++ private static void test(Signature sig, PrivateKey privKey, ++ PublicKey pubKey, byte[] data) throws RuntimeException { ++ // For signature algorithm, create and verify a signature ++ try { ++ checkSignature(sig, privKey, pubKey, data); ++ } catch (NoSuchAlgorithmException | InvalidKeyException | ++ SignatureException | NoSuchProviderException ex) { ++ throw new RuntimeException(ex); ++ } catch (InvalidAlgorithmParameterException ex2) { ++ System.out.println("Skip test due to " + ex2); ++ } ++ } ++ ++ private static KeyPair generateKeys(String keyalg, int size, Provider p) ++ throws NoSuchAlgorithmException { ++ KeyPairGenerator kpg = KeyPairGenerator.getInstance(keyalg, p); ++ kpg.initialize(size); ++ return kpg.generateKeyPair(); ++ } ++ ++ private static void checkSignature(Signature sig, PrivateKey priv, ++ PublicKey pub, byte[] data) throws NoSuchAlgorithmException, ++ InvalidKeyException, SignatureException, NoSuchProviderException, ++ InvalidAlgorithmParameterException { ++ System.out.println("Testing against " + sig.getAlgorithm()); ++ sig.initSign(priv); ++ for (int i = 0; i < UPDATE_TIMES; i++) { ++ sig.update(data); ++ } ++ byte[] signedData = sig.sign(); ++ ++ // Make sure signature verifies with original data ++ // do we need to call sig.setParameter(params) again? ++ sig.initVerify(pub); ++ for (int i = 0; i < UPDATE_TIMES; i++) { ++ sig.update(data); ++ } ++ if (!sig.verify(signedData)) { ++ throw new RuntimeException("Failed to verify signature"); ++ } ++ ++ // Make sure signature does NOT verify when the original data ++ // has changed ++ sig.initVerify(pub); ++ for (int i = 0; i < UPDATE_TIMES + 1; i++) { ++ sig.update(data); ++ } ++ ++ if (sig.verify(signedData)) { ++ throw new RuntimeException("Failed to detect bad signature"); ++ } ++ } ++} +diff --git a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java +index 222f8a2a5ed..3161de6fc50 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java ++++ b/test/jdk/sun/security/pkcs11/Signature/TestDSA2.java +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2012, 2020, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -22,7 +22,7 @@ + */ + /* + * @test +- * @bug 8080462 ++ * @bug 8080462 8242332 + * @library /test/lib .. + * @modules jdk.crypto.cryptoki + * @run main/othervm/timeout=250 TestDSA2 +@@ -40,8 +40,12 @@ public class TestDSA2 extends PKCS11Test { + private static final String[] SIG_ALGOS = { + "SHA224withDSA", + "SHA256withDSA", +- //"SHA384withDSA", +- //"SHA512withDSA", ++ "SHA3-224withDSA", ++ "SHA3-256withDSA", ++ "SHA384withDSA", ++ "SHA512withDSA", ++ "SHA3-384withDSA", ++ "SHA3-512withDSA", + }; + + private static final int KEYSIZE = 2048; +@@ -59,25 +63,33 @@ public class TestDSA2 extends PKCS11Test { + kp = kpg.generateKeyPair(); + } catch (Exception ex) { + System.out.println("Skip due to no 2048-bit DSA support: " + ex); +- ex.printStackTrace(); + return; + } + ++ boolean allPass = true; + for (String sigAlg : SIG_ALGOS) { +- test(sigAlg, kp, p); ++ System.out.println("Testing " + sigAlg); ++ try { ++ Signature sig = Signature.getInstance(sigAlg, p); ++ test(sig, kp, p); ++ } catch (NoSuchAlgorithmException nsae) { ++ System.out.println("=>Skip due to no support"); ++ } catch (Exception ex) { ++ System.out.println("Unexpected exception when testing " + ++ sigAlg); ++ ex.printStackTrace(); ++ allPass = false; ++ } ++ } ++ if (allPass) { ++ System.out.println("Tests Passed"); ++ } else { ++ throw new RuntimeException("One or more tests failed"); + } + } + +- private static void test(String sigAlg, KeyPair kp, Provider p) ++ private static void test(Signature sig, KeyPair kp, Provider p) + throws Exception { +- Signature sig; +- try { +- sig = Signature.getInstance(sigAlg, p); +- } catch (Exception ex) { +- System.out.println("Skip due to no support: " + sigAlg); +- ex.printStackTrace(); +- return; +- } + + byte[] data = "anything will do".getBytes(); + +@@ -85,9 +97,10 @@ public class TestDSA2 extends PKCS11Test { + sig.update(data); + byte[] signature = sig.sign(); + +- sig.initVerify(kp.getPublic()); +- sig.update(data); +- boolean verifies = sig.verify(signature); +- System.out.println(sigAlg + ": Passed"); ++ Signature sigV = Signature.getInstance(sig.getAlgorithm() , p); ++ sigV.initVerify(kp.getPublic()); ++ sigV.update(data); ++ boolean verifies = sigV.verify(signature); ++ System.out.println("=> Passed"); + } + } +diff --git a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java +index f469ca17b65..7e5a012a5ec 100644 +--- a/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java ++++ b/test/jdk/sun/security/pkcs11/Signature/TestRSAKeyLength.java +@@ -22,8 +22,8 @@ + */ + + /* +- * @test %W% %E% +- * @bug 6695485 ++ * @test ++ * @bug 6695485 8242332 + * @summary Make sure initSign/initVerify() check RSA key lengths + * @author Yu-Ching Valerie Peng + * @library /test/lib .. +@@ -65,9 +65,14 @@ public class TestRSAKeyLength extends PKCS11Test { + return; + } + +- boolean isValidKeyLength[] = { true, true, true, false, false }; +- String algos[] = { "SHA1withRSA", "SHA224withRSA", "SHA256withRSA", +- "SHA384withRSA", "SHA512withRSA" }; ++ boolean isValidKeyLength[] = { ++ true, true, true, false, false, true, true, false, false ++ }; ++ String algos[] = { ++ "SHA1withRSA", "SHA224withRSA", "SHA256withRSA", ++ "SHA384withRSA", "SHA512withRSA", "SHA3-224withRSA", ++ "SHA3-256withRSA", "SHA3-384withRSA", "SHA3-512withRSA" ++ }; + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", p); + kpg.initialize(512); + KeyPair kp = kpg.generateKeyPair(); +diff --git a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt +index 49778ea954c..576b1dc4d69 100644 +--- a/test/jdk/sun/security/pkcs11/nss/p11-nss.txt ++++ b/test/jdk/sun/security/pkcs11/nss/p11-nss.txt +@@ -11,12 +11,23 @@ library = ${pkcs11test.nss.lib} + + nssArgs = "configdir='${pkcs11test.nss.db}' certPrefix='' keyPrefix='' secmod='secmod.db' flags=readOnly" + +-# HMAC_SHA256/384/512 broken until NSS 3.10.2 +-# see https://bugzilla.mozilla.org/show_bug.cgi?id=291858 + disabledMechanisms = { +- CKM_SHA256_HMAC +- CKM_SHA384_HMAC +- CKM_SHA512_HMAC ++ CKM_DSA_SHA224 ++ CKM_DSA_SHA256 ++ CKM_DSA_SHA384 ++ CKM_DSA_SHA512 ++ CKM_DSA_SHA3_224 ++ CKM_DSA_SHA3_256 ++ CKM_DSA_SHA3_384 ++ CKM_DSA_SHA3_512 ++ CKM_ECDSA_SHA224 ++ CKM_ECDSA_SHA256 ++ CKM_ECDSA_SHA384 ++ CKM_ECDSA_SHA512 ++ CKM_ECDSA_SHA3_224 ++ CKM_ECDSA_SHA3_256 ++ CKM_ECDSA_SHA3_384 ++ CKM_ECDSA_SHA3_512 + } + + attributes = compatibility diff --git a/SOURCES/rh1648644-java_access_bridge_privileged_security.patch b/SOURCES/rh1648644-java_access_bridge_privileged_security.patch deleted file mode 100644 index 53026ad..0000000 --- a/SOURCES/rh1648644-java_access_bridge_privileged_security.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openjdk/src/java.base/share/conf/security/java.security -+++ openjdk/src/java.base/share/conf/security/java.security -@@ -304,6 +304,8 @@ - # - package.access=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # List of comma-separated packages that start with or equal this string -@@ -316,6 +318,8 @@ - # - package.definition=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # Determines whether this properties file can be appended to diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 133e6e2..f80333f 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -65,14 +65,10 @@ # (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192) %global debug_suffix_unquoted -slowdebug %global fastdebug_suffix_unquoted -fastdebug -%global main_suffix_unquoted -main -%global staticlibs_suffix_unquoted -staticlibs # quoted one for shell operations %global debug_suffix "%{debug_suffix_unquoted}" %global fastdebug_suffix "%{fastdebug_suffix_unquoted}" %global normal_suffix "" -%global main_suffix "%{main_suffix_unquoted}" -%global staticlibs_suffix "%{staticlibs_suffix_unquoted}" %global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. %global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. @@ -146,6 +142,8 @@ %global ssbd_arches x86_64 # Set of architectures where we verify backtraces with gdb %global gdb_arches %{jit_arches} %{zero_arches} +# Set of architectures for which we have a portable build +%global portable_build_arches %{aarch64} %{ix86} %{power64} s390x x86_64 # By default, we build a slowdebug build during main build on JIT architectures %if %{with slowdebug} @@ -203,12 +201,6 @@ # Build and test slowdebug first as it provides the best diagnostics %global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} -%if %{include_staticlibs} -%global staticlibs_loop %{staticlibs_suffix} -%else -%global staticlibs_loop %{nil} -%endif - %if 0%{?flatpak} %global bootstrap_build false %else @@ -243,6 +235,9 @@ # JDK to use for bootstrapping %global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk +# debugedit tool for rewriting ELF file paths +%global debugedit %{_rpmconfigdir}/debugedit + # Disable LTO as this causes build failures at the moment. # See RHBZ#1861401 %define _lto_cflags %{nil} @@ -365,7 +360,7 @@ %endif %endif %endif -%global oj_vendor_version (Red_Hat-%{version}-%{release}) +%global oj_vendor_version (Red_Hat-%{version}-%{portablerelease}) # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 @@ -378,7 +373,12 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 7 -%global rpmrelease 1 +%global rpmrelease 4 +# Settings used by the portable build +%global portablerelease 2 +%global portablesuffix el8 +%global portablebuilddir /builddir/build/BUILD + #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -426,7 +426,6 @@ %global jdkimage jdk %global static_libs_image static-libs # output dir stub -%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}} %define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}} # we can copy the javadoc to not arched dir, or make it not noarch %define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}} @@ -453,7 +452,6 @@ %global __requires_exclude ^(%{_privatelibs}|%{_publiclibs})$ %endif - %global etcjavasubdir %{_sysconfdir}/java/java-%{javaver}-%{origin} %define etcjavadir() %{expand:%{etcjavasubdir}/%{uniquesuffix -- %{?1}}} # Standard JPackage directories and symbolic links. @@ -826,6 +824,8 @@ exit 0 %define files_jre_headless() %{expand: %license %{_jvmdir}/%{sdkdir -- %{?1}}/legal %doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS +%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/README.md +%doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/java-%{featurever}-openjdk-portable.specfile %dir %{_sysconfdir}/.java/.systemPrefs %dir %{_sysconfdir}/.java %dir %{_jvmdir}/%{sdkdir -- %{?1}} @@ -1314,9 +1314,6 @@ Source8: tapsets-icedtea-%{icedteaver}.tar.xz # Desktop files. Adapted from IcedTea Source9: jconsole.desktop.in -# Release notes -Source10: NEWS - # nss configuration file Source11: nss.cfg.in @@ -1341,6 +1338,20 @@ Source17: nss.fips.cfg.in # Ensure translations are available for new timezones Source18: TestTranslations.java +# Include portable spec and instructions on how to rebuild +Source19: README.md +Source20: java-%{featurever}-openjdk-portable.specfile + +# Setup variables to reference correct sources +%global releasezip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.unstripped.jdk..%{_arch}.tar.xz +%global staticlibzip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.static-libs..%{_arch}.tar.xz +%global docszip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.docs..%{_arch}.tar.xz +%global misczip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.misc..%{_arch}.tar.xz +%global slowdebugzip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.slowdebug.jdk..%{_arch}.tar.xz +%global slowdebugstaticlibzip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.slowdebug.static-libs..%{_arch}.tar.xz +%global fastdebugzip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.fastdebug.jdk..%{_arch}.tar.xz +%global fastdebugstaticlibzip %{_jvmdir}/%{name}-%{version}-%{portablerelease}.portable.fastdebug.static-libs..%{_arch}.tar.xz + ############################################ # # RPM/distribution specific patches @@ -1349,8 +1360,6 @@ Source18: TestTranslations.java # Ignore AWTError when assistive technologies are loaded Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch -# Restrict access to java-atk-wrapper classes -Patch2: rh1648644-java_access_bridge_privileged_security.patch # NSS via SunPKCS11 Provider (disabled due to memory leak). Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch # RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639) @@ -1397,7 +1406,6 @@ Patch1001: fips-11u-%{fipsver}.patch # be reviewed & pushed to the current development # tree of OpenJDK. ############################################# - Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch ############################################# @@ -1409,6 +1417,7 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 # need to be reviewed & pushed to the appropriate # updates tree of OpenJDK. ############################################# +Patch2001: jdk8242332-rh2108712-sha3-sunpkcs11.patch ############################################# # @@ -1452,7 +1461,20 @@ BuildRequires: xorg-x11-proto-devel BuildRequires: zip BuildRequires: unzip BuildRequires: javapackages-filesystem -BuildRequires: java-%{buildjdkver}-openjdk-devel +%if %{include_normal_build} +BuildRequires: java-%{featurever}-openjdk-portable-unstripped = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-%{featurever}-openjdk-portable-static-libs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +%if %{include_fastdebug_build} +BuildRequires: java-%{featurever}-openjdk-portable-devel-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-%{featurever}-openjdk-portable-static-libs-fastdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +%if %{include_debug_build} +BuildRequires: java-%{featurever}-openjdk-portable-devel-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-%{featurever}-openjdk-portable-static-libs-slowdebug = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +%endif +BuildRequires: java-%{featurever}-openjdk-portable-docs = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} +BuildRequires: java-%{featurever}-openjdk-portable-misc = %{epoch}:%{version}-%{portablerelease}.%{portablesuffix} # Zero-assembler build requirement %ifarch %{zero_arches} BuildRequires: libffi-devel @@ -1487,8 +1509,6 @@ Provides: bundled(lcms2) = 2.12.0 Provides: bundled(libjpeg) = 6b # Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h Provides: bundled(libpng) = 1.6.37 -# We link statically against libstdc++ to increase portability -BuildRequires: libstdc++-static %endif # this is always built, also during debug-only build @@ -1835,12 +1855,13 @@ sh %{SOURCE12} %{top_level_dir_name} # Patch the JDK pushd %{top_level_dir_name} %patch1 -p1 -%patch2 -p1 %patch3 -p1 # Add crypto policy and FIPS support %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 +# PKCS11 SHA3 backport +%patch2001 -p1 # tzdata update %patch2002 -p1 %patch2003 -p1 @@ -1902,272 +1923,78 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg %build -# How many CPU's do we have? -export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) -export NUM_PROC=${NUM_PROC:-1} -%if 0%{?_smp_ncpus_max} -# Honor %%_smp_ncpus_max -[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} -%endif -%ifarch s390x sparc64 alpha %{power64} %{aarch64} -export ARCH_DATA_MODEL=64 -%endif -%ifarch alpha -export CFLAGS="$CFLAGS -mieee" -%endif +function customisejdk() { + local imagepath=${1} -# We use ourcppflags because the OpenJDK build seems to -# pass EXTRA_CFLAGS to the HotSpot C++ compiler... -EXTRA_CFLAGS="%ourcppflags -Wno-error" -EXTRA_CPP_FLAGS="%ourcppflags" -%ifarch %{power64} ppc -# fix rpmlint warnings -EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" -%endif -%ifarch %{ix86} -# Align stack boundary on x86_32 -EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')" -EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')" -%endif -# Fixes annocheck warnings in assembler files due to missing build notes -EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes" -export EXTRA_CFLAGS EXTRA_CPP_FLAGS EXTRA_ASFLAGS + if [ -d ${imagepath} ] ; then + # Turn on system security properties + sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ + ${imagepath}/conf/security/java.security -function buildjdk() { - local outputdir=${1} - local buildjdk=${2} - local maketargets="${3}" - local debuglevel=${4} - local link_opt=${5} - - local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} - local top_dir_abs_build_path=$(pwd)/${outputdir} - - # This must be set using the global, so that the - # static libraries still use a dynamic stdc++lib - if [ "x%{link_type}" = "xbundled" ] ; then - libc_link_opt="static"; - else - libc_link_opt="dynamic"; - fi - - echo "Using output directory: ${outputdir}"; - echo "Checking build JDK ${buildjdk} is operational..." - ${buildjdk}/bin/java -version - echo "Using make targets: ${maketargets}" - echo "Using debuglevel: ${debuglevel}" - echo "Using link_opt: ${link_opt}" - echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}" - - mkdir -p ${outputdir} - pushd ${outputdir} - - # Note: zlib and freetype use %{link_type} - # rather than ${link_opt} as the system versions - # are always used in a system_libs build, even - # for the static library build - bash ${top_dir_abs_src_path}/configure \ -%ifarch %{zero_arches} - --with-jvm-variants=zero \ -%endif -%ifarch %{ppc64le} - --with-jobs=1 \ -%endif - --with-version-build=%{buildver} \ - --with-version-pre="%{ea_designator}" \ - --with-version-opt=%{lts_designator} \ - --with-vendor-version-string="%{oj_vendor_version}" \ - --with-vendor-name="%{oj_vendor}" \ - --with-vendor-url="%{oj_vendor_url}" \ - --with-vendor-bug-url="%{oj_vendor_bug_url}" \ - --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ - --with-boot-jdk=${buildjdk} \ - --with-debug-level=${debuglevel} \ - --with-native-debug-symbols="%{debug_symbols}" \ - --disable-sysconf-nss \ - --enable-unlimited-crypto \ - --with-zlib=%{link_type} \ - --with-freetype=%{link_type} \ - --with-libjpeg=${link_opt} \ - --with-giflib=${link_opt} \ - --with-libpng=${link_opt} \ - --with-lcms=${link_opt} \ - --with-harfbuzz=${link_opt} \ - --with-stdc++lib=${libc_link_opt} \ - --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ - --with-extra-cflags="$EXTRA_CFLAGS" \ - --with-extra-asflags="$EXTRA_ASFLAGS" \ - --with-extra-ldflags="%{ourldflags}" \ - --with-num-cores="$NUM_PROC" \ - --disable-javac-server \ - --with-jvm-features="%{shenandoah_feature},%{zgc_feature}" \ - --disable-warnings-as-errors - - cat spec.gmk - - make \ - JAVAC_FLAGS=-g \ - LOG=trace \ - WARNINGS_ARE_ERRORS="-Wno-error" \ - CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \ - $maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false ) - - popd + # Use system-wide tzdata + rm ${imagepath}/lib/tzdb.dat + ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat + fi } -function installjdk() { - local outputdir=${1} - local installdir=${2} - local imagepath=${installdir}/images/%{jdkimage} - - echo "Installing build from ${outputdir} to ${installdir}..." - mkdir -p ${installdir} - echo "Installing images..." - mv ${outputdir}/images ${installdir} - if [ -d ${outputdir}/bundles ] ; then - echo "Installing bundles..."; - mv ${outputdir}/bundles ${installdir} ; - fi - if [ -d ${outputdir}/docs ] ; then - echo "Installing docs..."; - mv ${outputdir}/docs ${installdir} ; - fi - -%if !%{with artifacts} - echo "Removing output directory..."; - rm -rf ${outputdir} -%endif - - if [ -d ${imagepath} ] ; then - # the build (erroneously) removes read permissions from some jars - # this is a regression in OpenJDK 7 (our compiler): - # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 - find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; - - # Build screws up permissions on binaries - # https://bugs.openjdk.java.net/browse/JDK-8173610 - find ${imagepath} -iname '*.so' -exec chmod +x {} \; - find ${imagepath}/bin/ -exec chmod +x {} \; - - # Install nss.cfg right away as we will be using the JRE above - install -m 644 nss.cfg ${imagepath}/conf/security/ - - # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) - install -m 644 nss.fips.cfg ${imagepath}/conf/security/ - - # Turn on system security properties - sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ - ${imagepath}/conf/security/java.security - - # Use system-wide tzdata - rm ${imagepath}/lib/tzdb.dat - ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat - - # Create fake alt-java as a placeholder for future alt-java - pushd ${imagepath} - # add alt-java man page - echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 - cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 - popd - - # Print release information - cat ${imagepath}/release - - fi -} - -%if %{build_hotspot_first} - # Build a fresh libjvm.so first and use it to bootstrap - cp -LR --preserve=mode,timestamps %{bootjdk} newboot - systemjdk=$(pwd)/newboot - buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" - mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server -%else - systemjdk=%{bootjdk} -%endif - for suffix in %{build_loop} ; do if [ "x$suffix" = "x" ] ; then - debugbuild=release - else - # change --something to something - debugbuild=`echo $suffix | sed "s/-//g"` + jdkzip=%{releasezip} + staticlibzip=%{staticlibzip} + elif [ "x$suffix" = "x%{fastdebug_suffix_unquoted}" ] ; then + jdkzip=%{fastdebugzip} + staticlibzip=%{fastdebugstaticlibzip} + else # slowdebug + jdkzip=%{slowdebugzip} + staticlibzip=%{slowdebugstaticlibzip} fi + installdir=%{installoutputdir -- ${suffix}} - for loop in %{main_suffix} %{staticlibs_loop} ; do + # TODO: should verify checksums when using packages from buildroot + tar -xJf ${jdkzip} + tar -xJf ${staticlibzip} + mkdir -p $(dirname ${installdir}) + mv java-%{featurever}-openjdk* ${installdir} - builddir=%{buildoutputdir -- ${suffix}${loop}} - bootbuilddir=boot${builddir} - installdir=%{installoutputdir -- ${suffix}${loop}} - bootinstalldir=boot${installdir} - - if test "x${loop}" = "x%{main_suffix}" ; then - link_opt="%{link_type}" -%if %{system_libs} - # Copy the source tree so we can remove all in-tree libraries - cp -a %{top_level_dir_name} %{top_level_dir_name_backup} - # Remove all libraries that are linked - sh %{SOURCE12} %{top_level_dir_name} full -%endif - # Debug builds don't need same targets as release for - # build speed-up. We also avoid bootstrapping these - # slower builds. - if echo $debugbuild | grep -q "debug" ; then - maketargets="%{debug_targets}" - run_bootstrap=false - else - maketargets="%{release_targets}" - run_bootstrap=%{bootstrap_build} + # Fix build paths in ELF files so it looks like we built them + portablenvr="%{name}-%{VERSION}-%{portablerelease}.%{portablesuffix}.%{_arch}" + for file in $(find ${installdir} -type f) ; do + if file ${file} | grep -q 'ELF'; then + %{debugedit} -b %{portablebuilddir}/${portablenvr} -d $(pwd) -n ${file} fi - if ${run_bootstrap} ; then - buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} - installjdk ${bootbuilddir} ${bootinstalldir} - buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} - installjdk ${builddir} ${installdir} - %{!?with_artifacts:rm -rf ${bootinstalldir}} - else - buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} - installjdk ${builddir} ${installdir} - fi -%if %{system_libs} - # Restore original source tree we modified by removing full in-tree sources - rm -rf %{top_level_dir_name} - mv %{top_level_dir_name_backup} %{top_level_dir_name} -%endif - else - # Use bundled libraries for building statically - link_opt="bundled" - # Static library cycle only builds the static libraries - maketargets="%{static_libs_target}" - # Always just do the one build for the static libraries - buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} - installjdk ${builddir} ${installdir} - fi + done - done # end of main / staticlibs loop + # Final setup on the main image + customisejdk ${installdir} + + # Print release information + cat ${installdir}/release # build cycles done # end of release / debug cycle loop +docdir=%{installoutputdir -- "-docs"} +tar -xJf %{docszip} +mv java-%{featurever}-openjdk*.docs.* ${docdir} + +miscdir=%{installoutputdir -- "-misc"} +tar -xJf %{misczip} +mv java-%{featurever}-openjdk*.misc.* ${miscdir} + %check # We test debug first as it will give better diagnostics on a crash for suffix in %{build_loop} ; do -top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}} -%if %{include_staticlibs} -top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}} -%endif +export JAVA_HOME=$(pwd)/%{installoutputdir -- ${suffix}} -export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage} - -#check Shenandoah is enabled +# Check Shenandoah is enabled %if %{use_shenandoah_hotspot} -$JAVA_HOME//bin/java -XX:+UseShenandoahGC -version +$JAVA_HOME/bin/java -XX:+UseShenandoahGC -version %endif # Check unlimited policy has been used @@ -2208,9 +2035,9 @@ $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})| %if %{include_staticlibs} # Check debug symbols in static libraries (smoke test) -export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image} -readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c -readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c +export STATIC_LIBS_HOME=${JAVA_HOME}/lib/static/linux-%{archinstall}/glibc +readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep w_remainder.c +readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep e_remainder.c %endif so_suffix="so" @@ -2260,7 +2087,7 @@ done # Make sure gdb can do a backtrace based on line numbers on libjvm.so # javaCalls.cpp:58 should map to: -# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 # Using line number 1 might cause build problems. See: # https://bugzilla.redhat.com/show_bug.cgi?id=1539664 # https://bugzilla.redhat.com/show_bug.cgi?id=1538767 @@ -2300,11 +2127,16 @@ STRIP_KEEP_SYMTAB=libjvm* for suffix in %{build_loop} ; do -top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}} -%if %{include_staticlibs} -top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{staticlibs_loop}} -%endif -jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage} +jdk_image=$(pwd)/%{installoutputdir -- ${suffix}} +# Should match same definitions in build section +docdir=$(pwd)/%{installoutputdir -- "-docs"} +miscdir=%{installoutputdir -- "-misc"} + +# Install release notes and rebuild instructions +commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} +install -d -m 755 ${commondocdir} +mv ${jdk_image}/NEWS ${commondocdir} +cp -a %{SOURCE19} %{SOURCE20} ${commondocdir} # Install the jdk mkdir -p $RPM_BUILD_ROOT%{_jvmdir} @@ -2353,35 +2185,25 @@ pushd ${jdk_image} rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man popd -# Install static libs artefacts -%if %{include_staticlibs} -mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc -cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \ - $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc -%endif if ! echo $suffix | grep -q "debug" ; then - # Install Javadoc documentation - install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} - cp -a ${top_dir_abs_main_build_path}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} - built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip - cp -a ${top_dir_abs_main_build_path}/bundles/${built_doc_archive} \ - $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip || ls -l ${top_dir_abs_main_build_path}/bundles/ + # Install Javadoc documentation + install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir} + cp -a ${docdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix} + built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip + cp -a ${docdir}/${built_doc_archive} \ + $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip fi -# Install release notes -commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix} -install -d -m 755 ${commondocdir} -cp -a %{SOURCE10} ${commondocdir} - # Install icons and menu entries for s in 16 24 32 48 ; do install -D -p -m 644 \ - %{top_level_dir_name}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \ + ${miscdir}/java-icon${s}.png \ $RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png done # Install desktop files +# TODO: provide desktop files via portable install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps} for e in jconsole$suffix ; do desktop-file-install --vendor=%{uniquesuffix -- $suffix} --mode=644 \ @@ -2393,8 +2215,7 @@ done mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/.java/.systemPrefs # copy samples next to demos; samples are mostly js files -cp -r %{top_level_dir_name}/src/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ - +cp -r ${miscdir}/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ # moving config files to /etc mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix} @@ -2410,9 +2231,9 @@ popd # end moving files to /etc # stabilize permissions -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; -find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; +find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ; # end, dual install done @@ -2432,7 +2253,7 @@ local posix = require "posix" if (os.getenv("debug") == "true") then debug = true; print("cjc: in spec debug is on") -else +else debug = false; end @@ -2683,59 +2504,90 @@ end %endif %changelog -* Fri Apr 14 2023 Andrew Hughes - 1:11.0.19.0.7-1 +* Wed Apr 26 2023 Andrew Hughes - 1:11.0.19.0.7-4 +- Include the java-11-openjdk-portable.spec file with instructions on how to rebuild. +- Related: rhbz#2189327 + +* Wed Apr 26 2023 Andrew Hughes - 1:11.0.19.0.7-3 +- Adjust oj_vendor_version to match the portable so test passes +- Related: rhbz#2189327 + +* Wed Apr 26 2023 Andrew Hughes - 1:11.0.19.0.7-3 +- Revert "Restore native build for x86 as there is no portable build" +- Reintroduce useful cleanups from x86 reversion +- Related: rhbz#2189327 + +* Wed Apr 26 2023 Andrew Hughes - 1:11.0.19.0.7-2 - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113 +- Reintroduce generate_source_tarball.sh from RHEL 9 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Rebase FIPS support against 11.0.19+6 - Rebase RH1750419 alt-java patch against 11.0.19+6 +- Replace local copies of JDK portable binaries with build dependencies +- Use portable build on x86_32 now one is available - ** This tarball is embargoed until 2023-04-18 @ 1pm PT. ** - Resolves: rhbz#2185182 +- Resolves: rhbz#2189327 -* Fri Jan 13 2023 Andrew Hughes - 1:11.0.18.0.10-3 -- Add missing release note for JDK-8295687 -- Resolves: rhbz#2160111 +* Tue Feb 28 2023 Andrew Hughes - 1:11.0.18.0.10-4 +- On portable architectures, replace build section with extraction of existing builds from portables +- Rewrite ELF files so the source file path is correct and debugsources can be assembled +- Backport SHA-3 support for PKCS11 provider +- Sync patch set with portable build we are using by removing rh1648644-java_access_bridge_privileged_security.patch +- Resolves: rhbz#2150204 +- Resolves: rhbz#2108712 -* Wed Jan 11 2023 Andrew Hughes - 1:11.0.18.0.10-2 +* Wed Jan 11 2023 Andrew Hughes - 1:11.0.18.0.10-3 - Update to jdk-11.0.18+10 (GA) - Update release notes to 11.0.18+10 - Switch to GA mode for release -- ** This tarball is embargoed until 2023-01-17 @ 1pm PT. ** -- Related: rhbz#2157797 +- Resolves: rhbz#2160111 -* Tue Jan 03 2023 Andrew Hughes - 1:11.0.18.0.9-0.2.ea +* Tue Jan 03 2023 Andrew Hughes - 1:11.0.18.0.9-0.3.ea - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9 - Drop local copy of JDK-8293834 now this is upstream - Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone -- Resolves: rhbz#2157797 +- Resolves: rhbz#2150194 -* Thu Dec 15 2022 Andrew Hughes - 1:11.0.18.0.1-0.2.ea +* Thu Dec 15 2022 Andrew Hughes - 1:11.0.18.0.1-0.3.ea - Update to jdk-11.0.18+1 - Update release notes to 11.0.18+1 - Switch to EA mode for 11.0.18 pre-release builds. - Drop local copies of JDK-8294357 & JDK-8295173 now upstream contains tzdata 2022e - Drop local copy of JDK-8275535 which is finally upstream -- Related: rhbz#2157797 +- Related: rhbz#2150194 -* Wed Oct 26 2022 Andrew Hughes - 1:11.0.17.0.8-1 +* Wed Oct 26 2022 Andrew Hughes - 1:11.0.17.0.8-2 - Update to jdk-11.0.17+8 (GA) - Update release notes to 11.0.17+8 -- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853 -- Bump FreeType bundled version to 2.12.1 following JDK-8290334 +- Switch to GA mode for release - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Update CLDR data with Europe/Kyiv (JDK-8293834) - Drop JDK-8292223 patch which we found to be unnecessary - Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream - The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds - Remove freetype sources along with zlib sources -- Resolves: rhbz#2131862 - Resolves: rhbz#2133695 +* Wed Oct 05 2022 Andrew Hughes - 1:11.0.17.0.7-0.2.ea +- Update to jdk-11.0.17+7 +- Update release notes to 11.0.17+7 +- Resolves: rhbz#2130374 + +* Tue Sep 06 2022 Andrew Hughes - 1:11.0.17.0.1-0.2.ea +- Update to jdk-11.0.17+1 +- Update release notes to 11.0.17+1 +- Switch to EA mode for 11.0.17 pre-release builds. +- Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853 +- Bump FreeType bundled version to 2.12.1 following JDK-8290334 +- Related: rhbz#2130374 + * Tue Aug 30 2022 Andrew Hughes - 1:11.0.16.1.1-3 - Switch to static builds, reducing system dependencies and making build more portable - Resolves: rhbz#2121266 @@ -3894,7 +3746,7 @@ end - Removed unneeded patches: PStack-808293.patch multiple-pkcs11-library-init.patch - ppc_stack_overflow_fix.patch + ppc_stack_overflow_fix.patch - Added patches for s390 Zero builds: JDK-8201495-s390-java-opts.patch JDK-8201509-s390-atomic_store.patch