diff --git a/.gitignore b/.gitignore
index 8e5c34e..8f81d68 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,5 @@
/openjdk-jdk17u-jdk-17.0.3+5.tar.xz
/openjdk-jdk17u-17usec.17.0.3+5-220408.tar.xz
/openjdk-jdk17u-jdk-17.0.3+7.tar.xz
+/openjdk-jdk17u-jdk-17.0.4+1.tar.xz
+/openjdk-jdk17u-jdk-17.0.4+7.tar.xz
diff --git a/CheckVendor.java b/CheckVendor.java
new file mode 100644
index 0000000..29b296b
--- /dev/null
+++ b/CheckVendor.java
@@ -0,0 +1,65 @@
+/* CheckVendor -- Check the vendor properties match specified values.
+ Copyright (C) 2020 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see .
+*/
+
+/**
+ * @test
+ */
+public class CheckVendor {
+
+ public static void main(String[] args) {
+ if (args.length < 4) {
+ System.err.println("CheckVendor ");
+ System.exit(1);
+ }
+
+ String vendor = System.getProperty("java.vendor");
+ String expectedVendor = args[0];
+ String vendorURL = System.getProperty("java.vendor.url");
+ String expectedVendorURL = args[1];
+ String vendorBugURL = System.getProperty("java.vendor.url.bug");
+ String expectedVendorBugURL = args[2];
+ String vendorVersionString = System.getProperty("java.vendor.version");
+ String expectedVendorVersionString = args[3];
+
+ if (!expectedVendor.equals(vendor)) {
+ System.err.printf("Invalid vendor %s, expected %s\n",
+ vendor, expectedVendor);
+ System.exit(2);
+ }
+
+ if (!expectedVendorURL.equals(vendorURL)) {
+ System.err.printf("Invalid vendor URL %s, expected %s\n",
+ vendorURL, expectedVendorURL);
+ System.exit(3);
+ }
+
+ if (!expectedVendorBugURL.equals(vendorBugURL)) {
+ System.err.printf("Invalid vendor bug URL %s, expected %s\n",
+ vendorBugURL, expectedVendorBugURL);
+ System.exit(4);
+ }
+
+ if (!expectedVendorVersionString.equals(vendorVersionString)) {
+ System.err.printf("Invalid vendor version string %s, expected %s\n",
+ vendorVersionString, expectedVendorVersionString);
+ System.exit(5);
+ }
+
+ System.err.printf("Vendor information verified as %s, %s, %s, %s\n",
+ vendor, vendorURL, vendorBugURL, vendorVersionString);
+ }
+}
diff --git a/NEWS b/NEWS
index b0e58ad..797c2d2 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,314 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
+New in release OpenJDK 17.0.4 (2022-07-19):
+===========================================
+Live versions of these release notes can be found at:
+ * https://bitly.com/openjdk1704
+ * https://builds.shipilev.net/backports-monitor/release-notes-17.0.4.txt
+
+* Other changes
+ - JDK-8139173: [macosx] JInternalFrame shadow is not properly drawn
+ - JDK-8181571: printing to CUPS fails on mac sandbox app
+ - JDK-8193682: Infinite loop in ZipOutputStream.close()
+ - JDK-8206187: javax/management/remote/mandatory/connection/DefaultAgentFilterTest.java fails with Port already in use
+ - JDK-8209776: Refactor jdk/security/JavaDotSecurity/ifdefs.sh to plain java test
+ - JDK-8214733: runtime/8176717/TestInheritFD.java timed out
+ - JDK-8236136: tests which use CompilationMode shouldn't be run w/ TieredStopAtLevel
+ - JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese characters were garbled
+ - JDK-8249592: Robot.mouseMove moves cursor to incorrect location when display scale varies and Java runs in DPI Unaware mode
+ - JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR
+ - JDK-8255266: Update Public Suffix List to 3c213aa
+ - JDK-8256368: Avoid repeated upcalls into Java to re-resolve MH/VH linkers/invokers
+ - JDK-8258814: Compilation logging crashes for thread suspension / debugging tests
+ - JDK-8263461: jdk/jfr/event/gc/detailed/TestEvacuationFailedEvent.java uses wrong mechanism to cause evacuation failure
+ - JDK-8263538: SharedArchiveConsistency.java should test -Xshare:auto as well
+ - JDK-8264605: vmTestbase/nsk/jvmti/SuspendThread/suspendthrd003/TestDescription.java failed with "agent_tools.cpp, 471: (foundThread = (jthread) jni_env->NewGlobalRef(foundThread)) != NULL"
+ - JDK-8265261: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
+ - JDK-8265317: [vector] assert(payload->is_object()) failed: expected 'object' value for scalar-replaced boxed vector but got: NULL
+ - JDK-8267163: Rename anonymous loader tests to hidden loader tests
+ - JDK-8268231: Aarch64: Use Ldp in intrinsics for String.compareTo
+ - JDK-8268558: [TESTBUG] Case 2 in TestP11KeyFactoryGetRSAKeySpec is skipped
+ - JDK-8268595: java/io/Serializable/serialFilter/GlobalFilterTest.java#id1 failed in timeout
+ - JDK-8268773: Improvements related to: Failed to start thread - pthread_create failed (EAGAIN)
+ - JDK-8268906: gc/g1/mixedgc/TestOldGenCollectionUsage.java assumes that GCs take 1ms minimum
+ - JDK-8269077: TestSystemGC uses "require vm.gc.G1" for large pages subtest
+ - JDK-8269129: Multiple tier1 tests in hotspot/jtreg/compiler are failing for client VMs
+ - JDK-8269135: TestDifferentProtectionDomains runs into timeout in client VM
+ - JDK-8269373: some tests in jdk/tools/launcher/ fails on localized Windows platform
+ - JDK-8269753: Misplaced caret in PatternSyntaxException's detail message
+ - JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo incorrect verification of protocol and cipher support
+ - JDK-8270021: Incorrect log decorators in gc/g1/plab/TestPLABEvacuationFailure.java
+ - JDK-8270336: [TESTBUG] Fix initialization in NonbranchyTree
+ - JDK-8270435: UT: MonitorUsedDeflationThresholdTest failed: did not find too_many string in output
+ - JDK-8270468: TestRangeCheckEliminated fails because methods are not compiled
+ - JDK-8270797: ShortECDSA.java test is not complete
+ - JDK-8270837: fix typos in test TestSigParse.java
+ - JDK-8271008: appcds/*/MethodHandlesAsCollectorTest.java tests time out because of excessive GC (CodeCache GC Threshold) in loom
+ - JDK-8271055: Crash during deoptimization with "assert(bb->is_reachable()) failed: getting result from unreachable basicblock" with -XX:+VerifyStack
+ - JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code
+ - JDK-8271302: Regex Test Refresh
+ - JDK-8272146: Disable Fibonacci test on memory constrained systems
+ - JDK-8272168: some hotspot runtime/logging tests don't check exit code
+ - JDK-8272169: runtime/logging/LoaderConstraintsTest.java doesn't build test.Empty
+ - JDK-8272358: Some tests may fail when executed with other locales than the US
+ - JDK-8272493: Suboptimal code generation around Preconditions.checkIndex intrinsic with AVX2
+ - JDK-8272908: Missing coverage for certain classes in com.sun.org.apache.xml.internal.security
+ - JDK-8272964: java/nio/file/Files/InterruptCopy.java fails with java.lang.RuntimeException: Copy was not interrupted
+ - JDK-8273056: java.util.random does not correctly sample exponential or Gaussian distributions
+ - JDK-8273095: vmTestbase/vm/mlvm/anonloader/stress/oome/heap/Test.java fails with "wrong OOME"
+ - JDK-8273139: C2: assert(f <= 1 && f >= 0) failed: Incorrect frequency
+ - JDK-8273142: Remove dependancy of TestHttpServer, HttpTransaction, HttpCallback from open/test/jdk/sun/net/www/protocol/http/ tests
+ - JDK-8273169: java/util/regex/NegativeArraySize.java failed after JDK-8271302
+ - JDK-8273804: Platform.isTieredSupported should handle the no-compiler case
+ - JDK-8274172: Convert JavadocTester to use NIO
+ - JDK-8274233: Minor cleanup for ToolBox
+ - JDK-8274244: ReportOnImportedModuleAnnotation.java fails on rerun
+ - JDK-8274561: sun/net/ftp/TestFtpTimeValue.java timed out on slow machines
+ - JDK-8274687: JDWP deadlocks if some Java thread reaches wait in blockOnDebuggerSuspend
+ - JDK-8274735: javax.imageio.IIOException: Unsupported Image Type while processing a valid JPEG image
+ - JDK-8274751: Drag And Drop hangs on Windows
+ - JDK-8274855: vectorapi tests failing with assert(!vbox->is_Phi()) failed
+ - JDK-8274939: Incorrect size of the pixel storage is used by the robot on macOS
+ - JDK-8274983: C1 optimizes the invocation of private interface methods
+ - JDK-8275037: Test vmTestbase/nsk/sysdict/vm/stress/btree/btree011/btree011.java crashes with memory exhaustion on Windows
+ - JDK-8275337: C1: assert(false) failed: live_in set of first block must be empty
+ - JDK-8275638: GraphKit::combine_exception_states fails with "matching stack sizes" assert
+ - JDK-8275745: Reproducible copyright headers
+ - JDK-8275830: C2: Receiver downcast is missing when inlining through method handle linkers
+ - JDK-8275854: C2: assert(stride_con != 0) failed: missed some peephole opt
+ - JDK-8276260: (se) Remove java/nio/channels/Selector/Wakeup.java from ProblemList (win)
+ - JDK-8276657: XSLT compiler tries to define a class with empty name
+ - JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC
+ - JDK-8276825: hotspot/runtime/SelectionResolution test errors
+ - JDK-8276863: Remove test/jdk/sun/security/ec/ECDSAJavaVerify.java
+ - JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir as unnecessary
+ - JDK-8276990: Memory leak in invoker.c fillInvokeRequest() during JDI operations
+ - JDK-8277055: Assert "missing inlining msg" with -XX:+PrintIntrinsics
+ - JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive
+ - JDK-8277087: ZipException: zip END header not found at ZipFile#Source.findEND
+ - JDK-8277123: jdeps does not report some exceptions correctly
+ - JDK-8277165: jdeps --multi-release --print-module-deps fails if module-info.class in different versioned directories
+ - JDK-8277166: Data race in jdeps VersionHelper
+ - JDK-8277396: [TESTBUG] In DefaultButtonModelCrashTest.java, frame is accessed from main thread
+ - JDK-8277422: tools/jar/JarEntryTime.java fails with modified time mismatch
+ - JDK-8277893: Arraycopy stress tests
+ - JDK-8277906: Incorrect type for IV phi of long counted loops after CCP
+ - JDK-8277922: Unable to click JCheckBox in JTable through Java Access Bridge
+ - JDK-8278014: [vectorapi] Remove test run script
+ - JDK-8278065: Refactor subclassAudits to use ClassValue
+ - JDK-8278186: org.jcp.xml.dsig.internal.dom.Utils.parseIdFromSameDocumentURI throws StringIndexOutOfBoundsException when calling substring method
+ - JDK-8278472: Invalid value set to CANDIDATEFORM structure
+ - JDK-8278519: serviceability/jvmti/FieldAccessWatch/FieldAccessWatch.java failed "assert(handle != __null) failed: JNI handle should not be null"
+ - JDK-8278549: UNIX sun/font coding misses SUSE distro detection on recent distro SUSE 15
+ - JDK-8278766: Enable OpenJDK build support for reproducible jars and jmods using --date
+ - JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
+ - JDK-8278796: Incorrect behavior of FloatVector.withLane on X86
+ - JDK-8278851: Correct signer logic for jars signed with multiple digestalgs
+ - JDK-8278948: compiler/vectorapi/reshape/TestVectorCastAVX1.java crashes in assembler
+ - JDK-8278966: two microbenchmarks tests fail "assert(!jvms->method()->has_exception_handlers()) failed: no exception handler expected" after JDK-8275638
+ - JDK-8279182: MakeZipReproducible ZipEntry timestamps not localized to UTC
+ - JDK-8279219: [REDO] C2 crash when allocating array of size too large
+ - JDK-8279227: Access Bridge: Wrong frame position and hit test result on HiDPI display
+ - JDK-8279356: Method linking fails with guarantee(mh->adapter() != NULL) failed: Adapter blob must already exist!
+ - JDK-8279437: [JVMCI] exception in HotSpotJVMCIRuntime.translate can exit the VM
+ - JDK-8279515: C1: No inlining through invokedynamic and invokestatic call sites when resolved class is not linked
+ - JDK-8279520: SPNEGO has not passed channel binding info into the underlying mechanism
+ - JDK-8279529: ProblemList java/nio/channels/DatagramChannel/ManySourcesAndTargets.java on macosx-aarch64
+ - JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/NoInvalidateSocketException.java
+ - JDK-8279560: AArch64: generate_compare_long_string_same_encoding and LARGE_LOOP_PREFETCH alignment
+ - JDK-8279586: [macos] custom JCheckBox and JRadioBox with custom icon set: focus is still displayed after unchecking
+ - JDK-8279597: [TESTBUG] ReturnBlobToWrongHeapTest.java fails with -XX:TieredStopAtLevel=1 on machines with many cores
+ - JDK-8279668: x86: AVX2 versions of vpxor should be asserted
+ - JDK-8279822: CI: Constant pool entries in error state are not supported
+ - JDK-8279834: Alpine Linux fails to build when --with-source-date enabled
+ - JDK-8279837: C2: assert(is_Loop()) failed: invalid node class: Region
+ - JDK-8279842: HTTPS Channel Binding support for Java GSS/Kerberos
+ - JDK-8279958: Provide configure hints for Alpine/apk package managers
+ - JDK-8280004: DCmdArgument::parse_value() should handle NULL input
+ - JDK-8280041: Retry loop issues in java.io.ClassCache
+ - JDK-8280123: C2: Infinite loop in CMoveINode::Ideal during IGVN
+ - JDK-8280401: [sspi] gss_accept_sec_context leaves output_token uninitialized
+ - JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest clang
+ - JDK-8280543: Update the "java" and "jcmd" tool specification for CDS
+ - JDK-8280593: [PPC64, S390] redundant allocation of MacroAssembler in StubGenerator ctor
+ - JDK-8280600: C2: assert(!had_error) failed: bad dominance
+ - JDK-8280684: JfrRecorderService failes with guarantee(num_written > 0) when no space left on device.
+ - JDK-8280799: С2: assert(false) failed: cyclic dependency prevents range check elimination
+ - JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD CPUs
+ - JDK-8280901: MethodHandle::linkToNative stub is missing w/ -Xint
+ - JDK-8280940: gtest os.release_multi_mappings_vm is racy
+ - JDK-8280941: os::print_memory_mappings() prints segment preceeding the inclusion range
+ - JDK-8280956: Re-examine copyright headers on files in src/java.desktop/macosx/native/libawt_lwawt/awt/a11y
+ - JDK-8280964: [Linux aarch64] : drawImage dithers TYPE_BYTE_INDEXED images incorrectly
+ - JDK-8281043: Intrinsify recursive ObjectMonitor locking for PPC64
+ - JDK-8281168: Micro-optimize VarForm.getMemberName for interpreter
+ - JDK-8281262: Windows builds in different directories are not fully reproducible
+ - JDK-8281266: [JVMCI] MetaUtil.toInternalName() doesn't handle hidden classes correctly
+ - JDK-8281274: deal with ActiveProcessorCount in os::Linux::print_container_info
+ - JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as filepath separator in gc paths
+ - JDK-8281318: Improve jfr/event/allocation tests reliability
+ - JDK-8281338: NSAccessibilityPressAction action for tree node and NSAccessibilityShowMenuAcgtion action not working
+ - JDK-8281450: Remove unnecessary operator new and delete from ObjectMonitor
+ - JDK-8281522: Rename ADLC classes which have the same name as hotspot variants
+ - JDK-8281544: assert(VM_Version::supports_avx512bw()) failed for Tests jdk/incubator/vector/
+ - JDK-8281615: Deadlock caused by jdwp agent
+ - JDK-8281638: jfr/event/allocation tests fail with release VMs after JDK-8281318 due to lack of -XX:+UnlockDiagnosticVMOptions
+ - JDK-8281771: Crash in java_lang_invoke_MethodType::print_signature
+ - JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after JDK-8280799
+ - JDK-8281822: Test failures on non-DTrace builds due to incomplete DTrace* flags handling
+ - JDK-8282008: Incorrect handling of quoted arguments in ProcessBuilder
+ - JDK-8282045: When loop strip mining fails, safepoints are removed from loop anyway
+ - JDK-8282142: [TestCase] compiler/inlining/ResolvedClassTest.java will fail when --with-jvm-features=-compiler1
+ - JDK-8282170: JVMTI SetBreakpoint metaspace allocation test
+ - JDK-8282172: CompileBroker::log_metaspace_failure is called from non-Java/compiler threads
+ - JDK-8282225: GHA: Allow one concurrent run per PR only
+ - JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv corrupts registers
+ - JDK-8282293: Domain value for system property jdk.https.negotiate.cbt should be case-insensitive
+ - JDK-8282295: SymbolPropertyEntry::set_method_type fails with assert
+ - JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic on x86
+ - JDK-8282345: handle latest VS2022 in abstract_vm_version
+ - JDK-8282382: Report glibc malloc tunables in error reports
+ - JDK-8282422: JTable.print() failed with UnsupportedCharsetException on AIX ko_KR locale
+ - JDK-8282444: Module finder incorrectly assumes default file system path-separator character
+ - JDK-8282499: Bump update version for OpenJDK: jdk-17.0.4
+ - JDK-8282509: [exploded image] ResolvedClassTest fails with similar output
+ - JDK-8282551: Properly initialize L32X64MixRandom state
+ - JDK-8282583: Update BCEL md to include the copyright notice
+ - JDK-8282590: C2: assert(addp->is_AddP() && addp->outcnt() > 0) failed: Don't process dead nodes
+ - JDK-8282592: C2: assert(false) failed: graph should be schedulable
+ - JDK-8282628: Potential memory leak in sun.font.FontConfigManager.getFontConfig()
+ - JDK-8282874: Bad performance on gather/scatter API caused by different IntSpecies of indexMap
+ - JDK-8282887: Potential memory leak in sun.util.locale.provider.HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
+ - JDK-8282929: Localized monetary symbols are not reflected in `toLocalizedPattern` return value
+ - JDK-8283017: GHA: Workflows break with update release versions
+ - JDK-8283187: C2: loop candidate for superword not always unrolled fully if superword fails
+ - JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in fontpath.c
+ - JDK-8283249: CompressedClassPointers.java fails on ppc with 'Narrow klass shift: 0' missing
+ - JDK-8283279: [Testbug] Improve TestGetSwapSpaceSize
+ - JDK-8283315: jrt-fs.jar not always deterministically built
+ - JDK-8283323: libharfbuzz optimization level results in extreme build times
+ - JDK-8283347: [macos] Bad JNI lookup accessibilityHitTest is shown when Screen magnifier is enabled
+ - JDK-8283350: (tz) Update Timezone Data to 2022a
+ - JDK-8283408: Fix a C2 crash when filling arrays with unsafe
+ - JDK-8283422: Create a new test for JDK-8254790
+ - JDK-8283451: C2: assert(_base == Long) failed: Not a Long
+ - JDK-8283469: Don't use memset to initialize members in FileMapInfo and fix memory leak
+ - JDK-8283497: [windows] print TMP and TEMP in hs_err and VM.info
+ - JDK-8283641: Large value for CompileThresholdScaling causes assert
+ - JDK-8283725: Launching java with "-Xlog:gc*=trace,safepoint*=trace,class*=trace" crashes the JVM
+ - JDK-8283834: Unmappable character for US-ASCII encoding in TestPredicateInputBelowLoopPredicate
+ - JDK-8284023: java.sun.awt.X11GraphicsDevice.getDoubleBufferVisuals() leaks XdbeScreenVisualInfo
+ - JDK-8284033: Leak XVisualInfo in getAllConfigs in awt_GraphicsEnv.c
+ - JDK-8284094: Memory leak in invoker_completeInvokeRequest()
+ - JDK-8284369: TestFailedAllocationBadGraph fails with -XX:TieredStopAtLevel < 4
+ - JDK-8284389: Improve stability of GHA Pre-submit testing by caching cygwin installer
+ - JDK-8284437: Building from different users/workspace is not always deterministic
+ - JDK-8284458: CodeHeapState::aggregate() leaks blob_name
+ - JDK-8284507: GHA: Only check test results if testing was not skipped
+ - JDK-8284532: Memory leak in BitSet::BitMapFragmentTable in JFR leak profiler
+ - JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
+ - JDK-8284603: [17u] Update Boot JDK used in GHA to 17.0.2
+ - JDK-8284620: CodeBuffer may leak _overflow_arena
+ - JDK-8284622: Update versions of some Github Actions used in JDK workflow
+ - JDK-8284661: Reproducible assembly builds without relative linking
+ - JDK-8284754: print more interesting env variables in hs_err and VM.info
+ - JDK-8284758: [linux] improve print_container_info
+ - JDK-8284848: C2: Compiler blackhole arguments should be treated as globally escaping
+ - JDK-8284866: Add test to JDK-8273056
+ - JDK-8284884: Replace polling with waiting in javax/swing/text/html/parser/Parser/8078268/bug8078268.java
+ - JDK-8284992: Fix misleading Vector API doc for LSHR operator
+ - JDK-8285342: Zero build failure with clang due to values not handled in switch
+ - JDK-8285394: Compiler blackholes can be eliminated due to stale ciMethod::intrinsic_id()
+ - JDK-8285397: JNI exception pending in CUPSfuncs.c:250
+ - JDK-8285445: cannot open file "NUL:"
+ - JDK-8285515: (dc) DatagramChannel.disconnect fails with "Invalid argument" on macOS 12.4
+ - JDK-8285523: Improve test java/io/FileOutputStream/OpenNUL.java
+ - JDK-8285686: Update FreeType to 2.12.0
+ - JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with version from head
+ - JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with version from head
+ - JDK-8285728: Alpine Linux build fails with busybox tar
+ - JDK-8285828: runtime/execstack/TestCheckJDK.java fails with zipped debug symbols
+ - JDK-8285921: serviceability/dcmd/jvmti/AttachFailed/AttachReturnError.java fails on Alpine
+ - JDK-8285956: (fs) Excessive default poll interval in PollingWatchService
+ - JDK-8286013: Incorrect test configurations for compiler/stable/TestStableShort.java
+ - JDK-8286029: Add classpath exemption to globals_vectorApiSupport_***.S.inc
+ - JDK-8286198: [linux] Fix process-memory information
+ - JDK-8286293: Tests ShortResponseBody and ShortResponseBodyWithRetry should use less resources
+ - JDK-8286444: javac errors after JDK-8251329 are not helpful enough to find root cause
+ - JDK-8286594: (zipfs) Mention paths with dot elements in ZipException and cleanups
+ - JDK-8286601: Mac Aarch: Excessive warnings to be ignored for build jdk
+ - JDK-8286855: javac error on invalid jar should only print filename
+ - JDK-8287109: Distrust.java failed with CertificateExpiredException
+ - JDK-8287119: Add Distrust.java to ProblemList
+ - JDK-8287162: (zipfs) Performance regression related to support for POSIX file permissions
+ - JDK-8287336: GHA: Workflows break on patch versions
+ - JDK-8287362: FieldAccessWatch testcase failed on AIX platform
+ - JDK-8287378: GHA: Update cygwin to fix issues in langtools tests on Windows
+
+Notes on individual issues:
+===========================
+
+core-libs/java.net:
+
+JDK-8285240: HTTPS Channel Binding support for Java GSS/Kerberos
+================================================================
+Support has been added for TLS channel binding tokens for
+Negotiate/Kerberos authentication over HTTPS through
+javax.net.HttpsURLConnection.
+
+Channel binding tokens are increasingly required as an enhanced form
+of security which can mitigate certain kinds of socially engineered,
+man in the middle (MITM) attacks. They work by communicating from a
+client to a server the client's understanding of the binding between
+connection security (as represented by a TLS server cert) and higher
+level authentication credentials (such as a username and
+password). The server can then detect if the client has been fooled by
+a MITM and shutdown the session/connection.
+
+The feature is controlled through a new system property
+`jdk.https.negotiate.cbt` which is described fully at the following
+page:
+
+https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html#jdk.https.negotiate.cbt
+
+core-libs/java.lang:
+
+JDK-8283137: Incorrect handling of quoted arguments in ProcessBuilder
+=====================================================================
+ProcessBuilder on Windows is restored to address a regression caused
+by JDK-8250568. Previously, an argument to ProcessBuilder that
+started with a double-quote and ended with a backslash followed by a
+double-quote was passed to a command incorrectly and may cause the
+command to fail. For example the argument `"C:\\Program Files\"`,
+would be seen by the command with extra double-quotes. This update
+restores the long standing behavior that does not treat the backslash
+before the final double-quote specially.
+
+
+core-libs/java.util.jar:
+
+JDK-8278386: Default JDK compressor will be closed when IOException is encountered
+==================================================================================
+`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods
+have been modified to close out the associated default JDK compressor
+before propagating a Throwable up the
+stack. `ZIPOutputStream.closeEntry()` method has been modified to
+close out the associated default JDK compressor before propagating an
+IOException, not of type ZipException, up the stack.
+
+core-libs/java.io:
+
+JDK-8285660: New System Property to Disable Windows Alternate Data Stream Support in java.io.File
+=================================================================================================
+The Windows implementation of `java.io.File` allows access to NTFS
+Alternate Data Streams (ADS) by default. Such streams have a structure
+like “filename:streamname”. A system property `jdk.io.File.enableADS`
+has been added to control this behavior. To disable ADS support in
+`java.io.File`, the system property `jdk.io.File.enableADS` should be
+set to `false` (case ignored). Stricter path checking however prevents
+the use of special devices such as `NUL:`
+
New in release OpenJDK 17.0.3 (2022-04-19):
===========================================
Live versions of these release notes can be found at:
diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh
index bf21bc4..eb99e1a 100755
--- a/generate_source_tarball.sh
+++ b/generate_source_tarball.sh
@@ -37,6 +37,8 @@ set -e
OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
+# Corresponding IcedTea version
+ICEDTEA_VERSION=12.0
if [ "x$1" = "xhelp" ] ; then
echo -e "Behaviour may be specified by setting the following variables:\n"
@@ -126,11 +128,10 @@ pushd "${FILE_NAME_ROOT}"
echo "Syncing EC list with NSS"
if [ "x$PR3823" = "x" ] ; then
- # originally for 8:
- # get PR3823.patch (from http://icedtea.classpath.org/hg/icedtea16) from most correct tag
- # Do not push it or publish it (see https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3823)
+ # get PR3823.patch (from https://github.com/icedtea-git/icedtea) in the ${ICEDTEA_VERSION} branch
+ # Do not push it or publish it
echo "PR3823 not found. Downloading..."
- wget https://icedtea.wildebeest.org/hg/icedtea16/raw-file/tip/patches/pr3823.patch
+ wget -v https://github.com/icedtea-git/icedtea/raw/${ICEDTEA_VERSION}/patches/pr3823.patch
echo "Applying ${PWD}/pr3823.patch"
patch -Np1 < pr3823.patch
rm pr3823.patch
@@ -142,6 +143,14 @@ pushd "${FILE_NAME_ROOT}"
popd
fi
+ # Generate .src-rev so build has knowledge of the revision the tarball was created from
+ mkdir build
+ pushd build
+ sh ${PWD}/../openjdk/configure
+ make store-source-revision
+ popd
+ rm -rf build
+
echo "Compressing remaining forest"
if [ "X$COMPRESSION" = "Xxz" ] ; then
SWITCH=cJf
@@ -152,5 +161,3 @@ pushd "${FILE_NAME_ROOT}"
mv ${FILE_NAME_ROOT}.tar.${COMPRESSION} ..
popd
echo "Done. You may want to remove the uncompressed version - $FILE_NAME_ROOT."
-
-
diff --git a/java-17-openjdk.spec b/java-17-openjdk.spec
index d8c89ed..42a4869 100644
--- a/java-17-openjdk.spec
+++ b/java-17-openjdk.spec
@@ -305,12 +305,8 @@
# New Version-String scheme-style defines
%global featurever 17
%global interimver 0
-%global updatever 3
+%global updatever 4
%global patchver 0
-# If you bump featurever, you must also bump vendor_version_string
-# Used via new version scheme. JDK 17 was
-# GA'ed in September 2021 => 21.9
-%global vendor_version_string 21.9
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
# and this it is better to change it here, on single place
@@ -325,6 +321,27 @@
%global lts_designator_zip ""
%endif
+# Define vendor information used by OpenJDK
+%global oj_vendor Red Hat, Inc.
+%global oj_vendor_url https://www.redhat.com/
+# Define what url should JVM offer in case of a crash report
+# order may be important, epel may have rhel declared
+%if 0%{?epel}
+%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel}
+%else
+%if 0%{?fedora}
+# Does not work for rawhide, keeps the version field empty
+%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
+%else
+%if 0%{?rhel}
+%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
+%else
+%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi
+%endif
+%endif
+%endif
+%global oj_vendor_version (Red_Hat-%{version}-%{release})
+
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
@@ -336,7 +353,7 @@
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 7
-%global rpmrelease 5
+%global rpmrelease 1
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@@ -362,38 +379,21 @@
# Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases,
# - N%%{?extraver}{?dist} for GA releases
-%global is_ga 1
+%global is_ga 0
%if %{is_ga}
%global build_type GA
-%global expected_ea_designator ""
+%global ea_designator ""
%global ea_designator_zip ""
%global extraver %{nil}
%global eaprefix %{nil}
%else
%global build_type EA
-%global expected_ea_designator ea
-%global ea_designator_zip -%{expected_ea_designator}
-%global extraver .%{expected_ea_designator}
+%global ea_designator ea
+%global ea_designator_zip -%{ea_designator}
+%global extraver .%{ea_designator}
%global eaprefix 0.
%endif
-# Define what url should JVM offer in case of a crash report
-# order may be important, epel may have rhel declared
-%if 0%{?epel}
-%global bugs https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel}
-%else
-%if 0%{?fedora}
-# Does not work for rawhide, keeps the version field empty
-%global bugs https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
-%else
-%if 0%{?rhel}
-%global bugs https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
-%else
-%global bugs https://bugzilla.redhat.com/enter_bug.cgi
-%endif
-%endif
-%endif
-
# parametrized macros are order-sensitive
%global compatiblename java-%{featurever}-%{origin}
%global fullversion %{compatiblename}-%{version}-%{release}
@@ -1105,7 +1105,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
-Requires: tzdata-java >= 2015d
+# 2022a required as of JDK-8283350 in 17.0.4
+Requires: tzdata-java >= 2022a
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1118,6 +1119,8 @@ OrderWithRequires: copy-jdk-configs
%endif
# for printing support
Requires: cups-libs
+# for system security properties
+Requires: crypto-policies
# for FIPS PKCS11 provider
Requires: nss
# Post requires alternatives to install tool alternatives
@@ -1292,6 +1295,9 @@ Source14: TestECDSA.java
# Verify system crypto (policy) can be disabled via a property
Source15: TestSecurityProperties.java
+# Ensure vendor settings are correct
+Source16: CheckVendor.java
+
# nss fips configuration file
Source17: nss.fips.cfg.in
@@ -1381,6 +1387,8 @@ BuildRequires: libXt-devel
BuildRequires: libXtst-devel
# Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel
+# Requirement for system security property test
+BuildRequires: crypto-policies
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@@ -1390,7 +1398,8 @@ BuildRequires: java-17-openjdk-devel
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
-BuildRequires: tzdata-java >= 2015d
+# 2022a required as of JDK-8283350 in 17.0.4
+BuildRequires: tzdata-java >= 2022a
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -1708,6 +1717,8 @@ The %{origin_nice} %{featurever} API documentation compressed in a single archiv
%prep
+echo "Preparing %{oj_vendor_version}"
+
# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
%if 0%{?stapinstall:1}
echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
@@ -1765,6 +1776,27 @@ popd # openjdk
%patch2000
+# The OpenJDK version file includes the current
+# upstream version information. For some reason,
+# configure does not automatically use the
+# default pre-version supplied there (despite
+# what the file claims), so we pass it manually
+# to configure
+VERSION_FILE=$(pwd)/%{top_level_dir_name}/make/conf/version-numbers.conf
+if [ -f ${VERSION_FILE} ] ; then
+ UPSTREAM_EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
+else
+ echo "Could not find OpenJDK version file.";
+ exit 16
+fi
+if [ "x${UPSTREAM_EA_DESIGNATOR}" != "x%{ea_designator}" ] ; then
+ echo "WARNING: Designator mismatch";
+ echo "Spec file is configured for a %{build_type} build with designator '%{ea_designator}'"
+ echo "Upstream version-pre setting is '${UPSTREAM_EA_DESIGNATOR}'";
+ # Don't fail at present as upstream are not maintaining the value correctly
+ #exit 17
+fi
+
# Extract systemtap tapsets
%if %{with_systemtap}
tar --strip-components=1 -x -I xz -f %{SOURCE8}
@@ -1861,31 +1893,13 @@ function buildjdk() {
local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
local top_dir_abs_build_path=$(pwd)/${outputdir}
- # The OpenJDK version file includes the current
- # upstream version information. For some reason,
- # configure does not automatically use the
- # default pre-version supplied there (despite
- # what the file claims), so we pass it manually
- # to configure
- VERSION_FILE=${top_dir_abs_src_path}/make/conf/version-numbers.conf
- if [ -f ${VERSION_FILE} ] ; then
- EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
- else
- echo "Could not find OpenJDK version file.";
- exit 16
- fi
- if [ "x${EA_DESIGNATOR}" != "x%{expected_ea_designator}" ] ; then
- echo "Spec file is configured for a %{build_type} build, but upstream version-pre setting is ${EA_DESIGNATOR}";
- exit 17
- fi
-
echo "Using output directory: ${outputdir}";
echo "Checking build JDK ${buildjdk} is operational..."
${buildjdk}/bin/java -version
echo "Using make targets: ${maketargets}"
echo "Using debuglevel: ${debuglevel}"
echo "Using link_opt: ${link_opt}"
- echo "Building %{newjavaver}-%{buildver}, pre=${EA_DESIGNATOR}, opt=%{lts_designator}"
+ echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
mkdir -p ${outputdir}
pushd ${outputdir}
@@ -1898,13 +1912,13 @@ function buildjdk() {
--with-jobs=1 \
%endif
--with-version-build=%{buildver} \
- --with-version-pre="${EA_DESIGNATOR}" \
+ --with-version-pre="%{ea_designator}" \
--with-version-opt=%{lts_designator} \
- --with-vendor-version-string="%{vendor_version_string}" \
- --with-vendor-name="Red Hat, Inc." \
- --with-vendor-url="https://www.redhat.com/" \
- --with-vendor-bug-url="%{bugs}" \
- --with-vendor-vm-bug-url="%{bugs}" \
+ --with-vendor-version-string="%{oj_vendor_version}" \
+ --with-vendor-name="%{oj_vendor}" \
+ --with-vendor-url="%{oj_vendor_url}" \
+ --with-vendor-bug-url="%{oj_vendor_bug_url}" \
+ --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
--with-native-debug-symbols="%{debug_symbols}" \
@@ -2009,9 +2023,9 @@ function debugcheckjdk() {
IFS=$'\n'
for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
do
- # We expect to see .cpp files, except for architectures like aarch64 and
+ # We expect to see .cpp and .S files, except for architectures like aarch64 and
# s390 where we expect .o and .oS files
- echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
+ echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|S|oS))?$"
done
IFS="$old_IFS"
@@ -2126,6 +2140,9 @@ for suffix in %{build_loop} ; do
# Check debug symbols were built into the dynamic libraries
debugcheckjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
+ # Print release information
+ cat ${top_dir_abs_main_build_path}/images/%{jdkimage}/release
+
# build cycles
done # end of release / debug cycle loop
@@ -2286,6 +2303,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
%endif
+# Check correct vendor values have been set
+$JAVA_HOME/bin/javac -d . %{SOURCE16}
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}"
+
%if %{include_staticlibs}
# Check debug symbols in static libraries (smoke test)
export STATIC_LIBS_HOME=${JAVA_HOME}/%{static_libs_install_dir}
@@ -2553,6 +2574,32 @@ cjc.mainProgram(args)
%endif
%changelog
+* Sat Jul 16 2022 Andrew Hughes - 1:17.0.4.0.7-0.1.ea
+- Update to jdk-17.0.4.0+7
+- Update release notes to 17.0.4.0+7
+- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
+- Explicitly require crypto-policies during build and runtime for system security properties
+- Make use of the vendor version string to store our version & release rather than an upstream release date
+- Include a test in the RPM to check the build has the correct vendor information.
+- Related: RHEL-45216
+
+* Thu Jul 14 2022 Jayashree Huttanagoudar - 1:17.0.4.0.1-0.2.ea
+- Fix issue where CheckVendor.java test erroneously passes when it should fail.
+- Add proper quoting so '&' is not treated as a special character by the shell.
+- Related: RHEL-45216
+
+* Tue Jul 12 2022 Andrew Hughes - 1:17.0.4.0.1-0.1.ea
+- Update to jdk-17.0.4.0+1
+- Update release notes to 17.0.4.0+1
+- Switch to EA mode for 17.0.4 pre-release builds.
+- Print release file during build, which should now include a correct SOURCE value from .src-rev
+- Update tarball script with IcedTea GitHub URL and .src-rev generation
+- Include script to generate bug list for release notes
+- Update tzdata requirement to 2022a to match JDK-8283350
+- Move EA designator check to prep so failures can be caught earlier
+- Make EA designator check non-fatal while upstream is not maintaining it
+- Related: RHEL-45216
+
* Fri Jul 08 2022 Andrew Hughes - 1:17.0.3.0.7-5
- Fix whitespace in spec file
- Related: RHEL-45216
diff --git a/openjdk_news.sh b/openjdk_news.sh
new file mode 100755
index 0000000..560b356
--- /dev/null
+++ b/openjdk_news.sh
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# Copyright (C) 2022 Red Hat, Inc.
+# Written by Andrew John Hughes , 2012-2022
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+
+OLD_RELEASE=$1
+NEW_RELEASE=$2
+SUBDIR=$3
+REPO=$4
+SCRIPT_DIR=$(dirname ${0})
+
+if test "x${SUBDIR}" = "x"; then
+ echo "No subdirectory specified; using .";
+ SUBDIR=".";
+fi
+
+if test "x$REPO" = "x"; then
+ echo "No repository specified; using ${PWD}"
+ REPO=${PWD}
+fi
+
+if test x${TMPDIR} = x; then
+ TMPDIR=/tmp;
+fi
+
+echo "Repository: ${REPO}"
+
+if [ -e ${REPO}/.git ] ; then
+ TYPE=git;
+elif [ -e ${REPO}/.hg ] ; then
+ TYPE=hg;
+else
+ echo "No Mercurial or Git repository detected.";
+ exit 1;
+fi
+
+if test "x$OLD_RELEASE" = "x" || test "x$NEW_RELEASE" = "x"; then
+ echo "ERROR: Need to specify old and new release";
+ exit 2;
+fi
+
+echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
+rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 ${TMPDIR}/fixes
+for repos in . $(${SCRIPT_DIR}/discover_trees.sh ${REPO});
+do
+ if test "x$TYPE" = "xhg"; then
+ hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
+ egrep '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])# - JDK-\1#'| \
+ sed 's#^[o:| ]*summary:\W*# - #' >> ${TMPDIR}/fixes2;
+ hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R $REPO/$repos -G -M ${REPO}/${SUBDIR} | \
+ egrep '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})# - JDK-\1#' >> ${TMPDIR}/fixes3;
+ else
+ git -C ${REPO} log --no-merges --pretty=format:%B ${NEW_RELEASE}...${OLD_RELEASE} -- ${SUBDIR} |egrep '^[0-9]{7}' | \
+ sed -r 's#^([0-9])# - JDK-\1#' >> ${TMPDIR}/fixes2;
+ touch ${TMPDIR}/fixes3 ; # unused
+ fi
+done
+
+sort ${TMPDIR}/fixes2 ${TMPDIR}/fixes3 | uniq > ${TMPDIR}/fixes
+rm -f ${TMPDIR}/fixes2 ${TMPDIR}/fixes3
+
+echo "In ${TMPDIR}/fixes:"
+cat ${TMPDIR}/fixes
diff --git a/sources b/sources
index e4816a7..865c6f2 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
-SHA512 (openjdk-jdk17u-jdk-17.0.3+7.tar.xz) = 9f6aa266ff26bee08a6c6e9060f616d0acd0613567526463386ee7a8b7ad367a1347b9d6db6e05d73f20bf08d02e8650e33ccd83c8e62587710d885191d1b567
+SHA512 (openjdk-jdk17u-jdk-17.0.4+7.tar.xz) = ddc6823a8c7a8fd0d3a126aa0180876f32e24ba7e6e900bd1103b19661467296dc828e564d9f63378a57f1e06922cb083f3ede78858eab33b3a2e43570a32419