From 9c07f714996fbe52afe27e6463df9199ef306c92 Mon Sep 17 00:00:00 2001 From: alukoshko Date: Mon, 27 Apr 2026 16:36:25 +0000 Subject: [PATCH] Portable build for riscv64 --- .gitignore | 2 +- .java-21-openjdk.metadata | 2 +- SOURCES/NEWS | 291 ++++++++++++++++++ ...8ed6e.patch => fips-21u-feef2dc3ca7.patch} | 36 ++- SOURCES/java-21-openjdk-portable.specfile | 50 ++- ...8375294-handle-EOPNOTSUPP-in-copying.patch | 47 +++ 6 files changed, 397 insertions(+), 31 deletions(-) rename SOURCES/{fips-21u-a0fd6e8ed6e.patch => fips-21u-feef2dc3ca7.patch} (99%) create mode 100644 SOURCES/jdk8375294-handle-EOPNOTSUPP-in-copying.patch diff --git a/.gitignore b/.gitignore index 6f8781a..b7b284b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-21.0.10+7.tar.xz +SOURCES/openjdk-21.0.11+10.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-21-openjdk.metadata b/.java-21-openjdk.metadata index 2c140bb..d30e441 100644 --- a/.java-21-openjdk.metadata +++ b/.java-21-openjdk.metadata @@ -1,2 +1,2 @@ -1e24e8b2c4802b336ecf71428de9e38abecc0d05 SOURCES/openjdk-21.0.10+7.tar.xz +86c763efed8460ffba49a3953a0fa3468e31a8ee SOURCES/openjdk-21.0.11+10.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 1bf13ce..61a67cd 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,297 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 21.0.11 (2026-04-21): +=========================================== +Live versions of these release notes can be found at: + * https://bit.ly/openjdk2111 + +* CVEs + - CVE-2026-22007 + - CVE-2026-22013 + - CVE-2026-22016 + - CVE-2026-22018 + - CVE-2026-22021 + - CVE-2026-23865 + - CVE-2026-34268 + - CVE-2026-34282 +* Changes + - JDK-6899304: java.awt.Toolkit.getScreenInsets(GraphicsConfiguration) returns incorrect values + - JDK-8030957: AIX: Implement OperatingSystemMXBean.getSystemCpuLoad() and .getProcessCpuLoad() on AIX + - JDK-8075917: The regression-swing case failed as the text on label is not painted red with the GTK L&F + - JDK-8114830: (fs) Files.copy fails due to interference from something else changing the file system + - JDK-8244336: Restrict algorithms at JCE layer + - JDK-8256289: java/awt/Focus/AppletInitialFocusTest/AppletInitialFocusTest1.java failed with "RuntimeException: Wrong focus owner: java.awt.Button[button1,41,36,56x23,label=Button1]" + - JDK-8287062: com/sun/jndi/ldap/LdapPoolTimeoutTest.java failed due to different timeout message + - JDK-8298153: Colored text is not shown on disabled checkbox and radio button with GTK LAF for bug4314194 + - JDK-8301875: java.util.TimeZone.getSystemTimeZoneID uses C library default file mode + - JDK-8313319: [linux] mmap should use MAP_FIXED_NOREPLACE if available + - JDK-8314555: Build with mawk fails on Windows + - JDK-8314810: (fs) java/nio/file/Files/CopyInterference.java should use TestUtil::supportsLinks + - JDK-8316274: javax/swing/ButtonGroup/TestButtonGroupFocusTraversal.java fails in Ubuntu 23.10 with Motif LAF + - JDK-8317633: Modernize text.testlib.HexDumpReader + - JDK-8317801: java/net/Socket/asyncClose/Race.java fails intermittently (aix) + - JDK-8317838: java/nio/channels/Channels/SocketChannelStreams.java running into timeout (aix) + - JDK-8318302: ThreadCountLimit.java failed with "Native memory allocation (mprotect) failed to protect 16384 bytes for memory to guard stack pages" + - JDK-8326897: (fs) The utility TestUtil.supportsLinks is wrongly used to check for hard link support + - JDK-8327114: Attach in Linux may have wrong behaviour when pid == ns_pid (Kubernetes debug container) + - JDK-8328608: Multiple NewSessionTicket support for TLS + - JDK-8329337: Problem list BufferStrategyExceptionTest.java on Windows + - JDK-8330016: Stress seed should be initialized for runtime stub compilation + - JDK-8331431: Update to use jtreg 7.4 + - JDK-8333386: TestAbortOnVMOperationTimeout test fails for client VM + - JDK-8333857: Test sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java failed: Existing session was used + - JDK-8334670: SSLSocketOutputRecord buffer miscalculation + - JDK-8334738: os::print_hex_dump should optionally print ASCII + - JDK-8335646: Nimbus : JLabel not painted with LAF defined foreground color on Ubuntu 24.04 + - JDK-8335906: [s390x] Test Failure: GTestWrapper.java + - JDK-8336695: Update Commons BCEL to Version 6.10.0 + - JDK-8337102: JITTester: Fix breaks in static initialization blocks + - JDK-8339238: Update to use jtreg 7.5.1 + - JDK-8339271: giflib attribution correction + - JDK-8339791: Refactor MiscUndecorated/ActiveAWTWindowTest.java + - JDK-8341246: Test com/sun/tools/attach/PermissionTest.java fails access denied after JDK-8327114 + - JDK-8341310: Test TestJcmdWithSideCar.java should skip ACCESS_TMP_VIA_PROC_ROOT (after JDK-8327114) + - JDK-8342175: MemoryEaterMT fails intermittently with ExceptionInInitializerError + - JDK-8342449: reimplement: JDK-8327114 Attach in Linux may have wrong behavior when pid == ns_pid + - JDK-8343234: (bf) Move java/nio/Buffer/LimitDirectMemory.java from ProblemList.txt to ProblemList-Virtual.txt + - JDK-8343377: Performance regression in reflective invocation of native methods + - JDK-8343622: AesDkCrypto.stringToKey should not return null + - JDK-8345578: New test in JDK-8343622 fails with a promoted build + - JDK-8345668: ZoneOffset.ofTotalSeconds performance regression + - JDK-8346048: test/lib/containers/docker/DockerRunOptions.java uses addJavaOpts() from ctor + - JDK-8346962: Test CRLReadTimeout.java fails with -Xcomp on a fastdebug build + - JDK-8347475: GTK: javax/swing/JColorChooser/Test8152419.java there are no swatches or RGB tab in JColorChooser + - JDK-8348014: Enhance certificate processing + - JDK-8348309: MultiNST tests need more debugging and timing + - JDK-8349351: Combine Screen Inset Tests into a Single File + - JDK-8350103: Test containers/systemd/SystemdMemoryAwarenessTest.java fails on Linux ppc64le SLES15 SP6 + - JDK-8351000: StringBuilder getChar and putChar robustness + - JDK-8351458: (ch) Move preClose to UnixDispatcher + - JDK-8351639: Improve debuggability of test/langtools/jdk/jshell/JdiHangingListenExecutionControlTest.java test + - JDK-8353755: Add a helper method to Util - findComponent() + - JDK-8354057: Odd debug output in -Xlog:os+container=debug on certain systems + - JDK-8354145: G1: UseCompressedOops boundary is calculated on maximum heap region size instead of maxiumum ergonomic heap region size + - JDK-8354219: Automate javax/swing/JComboBox/ComboPopupBug.java + - JDK-8354469: Keytool exposes the password in plain text when command is piped using | grep + - JDK-8354559: gc/g1/TestAllocationFailure.java doesn't need WB API + - JDK-8354878: File Leak in CgroupSubsystemFactory::determine_type of cgroupSubsystem_linux.cpp:300 + - JDK-8354922: ZGC: Use MAP_FIXED_NOREPLACE when reserving memory + - JDK-8355278: Improve debuggability of com/sun/jndi/ldap/LdapPoolTimeoutTest.java test + - JDK-8355445: [java.nio] Use @requires tag instead of exiting based on "os.name" property value + - JDK-8355632: WhiteBox.waitForReferenceProcessing() fails assert for return type + - JDK-8356107: [java.lang] Use @requires tag instead of exiting based on os.name or separatorChar property + - JDK-8357141: Update to use jtreg 7.5.2 + - JDK-8357277: Update OpenSSL library for interop tests + - JDK-8357380: java/lang/StringBuilder/RacingSBThreads.java times out with C1 + - JDK-8358077: sun.tools.attach.VirtualMachineImpl::checkCatchesAndSendQuitTo on Linux leaks file handles after JDK-8327114 + - JDK-8358159: Empty mode/padding in cipher transformations + - JDK-8358751: C2: Recursive inlining check for compiled lambda forms is broken + - JDK-8359388: Stricter checking for cipher transformations + - JDK-8359827: Test runtime/Thread/ThreadCountLimit.java need loop increasing the limit + - JDK-8360539: DTLS handshakes fails due to improper cookie validation logic + - JDK-8361067: Test ExtraButtonDrag.java requires frame.dispose in finally block + - JDK-8361530: Test javax/swing/GraphicsConfigNotifier/StalePreferredSize.java timed out + - JDK-8361613: System.console() should only be available for interactive terminal + - JDK-8362834: Several runtime/Thread tests should mark as /native + - JDK-8363950: Incorrect jtreg header in TestLayoutVsICU.java + - JDK-8364373: Transform Affine transformations + - JDK-8364465: Enhance behavior of some intrinsics + - JDK-8364764: java/nio/channels/vthread/BlockingChannelOps.java subtests timed out + - JDK-8365526: Crash with null Symbol passed to SystemDictionary::resolve_or_null + - JDK-8365972: JFR: ThreadDump and ClassLoaderStatistics events may cause back to back rotations + - JDK-8366128: jdk/jdk/nio/zipfs/TestPosix.java::testJarFile uses wrong file + - JDK-8366261: Provide utility methods for sun.security.util.Password + - JDK-8366694: Test JdbStopInNotificationThreadTest.java timed out after 60 second + - JDK-8366817: test/jdk/javax/net/ssl/TLSCommon/interop/JdkProcServer.java and JdkProcClient.java should not delete logs + - JDK-8366850: Test com/sun/jdi/JdbStopInNotificationThreadTest.java failed + - JDK-8366866: SslRMIClientSocketFactory#createSocket lacking priviledges (securitymanger) + - JDK-8366938: Test runtime/handshake/HandshakeTimeoutTest.java crashed + - JDK-8367135: Test compiler/loopstripmining/CheckLoopStripMining.java needs internal timeouts adjusted + - JDK-8367583: sun/security/util/AlgorithmConstraints/InvalidCryptoDisabledAlgos.java fails after JDK-8244336 + - JDK-8367772: Refactor createUI in PassFailJFrame + - JDK-8368683: [process] Increase jtreg debug output maxOutputSize for TreeTest + - JDK-8368787: Error reporting: hs_err files should show instructions when referencing code in nmethods + - JDK-8368882: NPE during text drawing on machine with JP locale + - JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA + - JDK-8369575: Enhance crypto algorithm support + - JDK-8369858: Remove darcy author tags from jdk tests + - JDK-8369911: Test sun/java2d/marlin/ClipShapeTest.java#CubicDoDash, #Cubic and #Poly fail intermittent + - JDK-8370325: G1: Disallow GC for TLAB allocation + - JDK-8370529: Enhance Path Factories Redux + - JDK-8370572: Cgroups hierarchical memory limit is not honored after JDK-8322420 + - JDK-8370579: PPC: fix inswri immediate argument order + - JDK-8370615: Improve Kerberos credentialing + - JDK-8370636: com/sun/jdi/TwoThreadsTest.java should wait for completion of all threads + - JDK-8370966: Create regression test for the hierarchical memory limit fix in JDK-8370572 + - JDK-8370986: Enhance Zip file reading + - JDK-8370995: Enhance ZipFile usage + - JDK-8371103: vmTestbase/nsk/jvmti/scenarios/events/EM02/em02t006/TestDescription.java failing + - JDK-8371485: ProblemList awt/Mixing/AWT_Mixing/JTableInGlassPaneOverlapping.java for linux + - JDK-8371559: Intermittent timeouts in test javax/net/ssl/Stapling/HttpsUrlConnClient.java + - JDK-8371608: Jtreg test jdk/internal/vm/Continuation/Fuzz.java sometimes fails with (fast)debug binaries + - JDK-8371830: Enhance certificate chain validation + - JDK-8371889: [21u] JFR: Deadlock in ThrowableTracer + - JDK-8371935: Enhance key generation + - JDK-8371978: tools/jar/ReproducibleJar.java fails on XFS + - JDK-8372048: Performance improvement on Linux remote desktop + - JDK-8372321: TestBackToBackSensitive fails intermittently after JDK-8365972 + - JDK-8372348: Adjust some UL / JFR string deduplication output messages + - JDK-8372441: JFR: Improve logging of TestBackToBackSensitive + - JDK-8372464: Bump update version for OpenJDK: jdk-21.0.11 + - JDK-8372710: Update ProcessBuilder/Basic regex + - JDK-8372756: Mouse additional buttons and horizontal scrolling are broken on XWayland GNOME >= 47 after JDK-8351907 + - JDK-8372857: Improve debuggability of java/rmi/server/RemoteServer/AddrInUse.java test + - JDK-8372977: Unnecessary gthread-2.0 loading + - JDK-8372988: Test runtime/Nestmates/membership/TestNestHostErrorWithMultiThread.java failed: Unexpected interrupt + - JDK-8373290: Update FreeType to 2.14.1 + - JDK-8373476: (tz) Update Timezone Data to 2025c + - JDK-8373525: C2: assert(_base == Long) failed: Not a Long + - JDK-8373727: New XBM images parser regression: only the first line of the bitmap array is parsed + - JDK-8374056: RISC-V: Fix argument passing for the RiscvFlushIcache::flush + - JDK-8374178: Missing include in systemDictionary.cpp after JDK-8365526 + - JDK-8374209: [17u,21u] Backout JDK-8361748 due to JDK-8373727 + - JDK-8374433: java/util/Locale/PreserveTagCase.java does not run any tests + - JDK-8374555: No need for visible input warning in s.s.u.Password when not reading from System.in + - JDK-8374557: Enhance TLS connection handling + - JDK-8374642: EscapeHash macro fails with GNU make 4.3 and 4.4 + - JDK-8375057: Update HarfBuzz to 12.3.2 + - JDK-8375063: Update Libpng to 1.6.54 + - JDK-8375530: PPC64: incorrect quick verify_method_data_pointer check causes poor performance in debug build + - JDK-8375549: ConcurrentModificationException if jdk.crypto.disabledAlgorithms has multiple entries with known oid + - JDK-8375999: com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails sporadically on Windows + - JDK-8376251: [macos] java/awt/Frame/I18NTitle.java fails on MacOS (JDK-8355884) + - JDK-8376270: [21u, 17u] Redo JDK-8361748: Enforce limits on the size of an XBM image + - JDK-8377509: Add licenses for gcc 14.2.0 + - JDK-8377526: Update Libpng to 1.6.55 + - JDK-8377905: gcc.md included with every build + - JDK-8378218: MSYS2 reports cygwin triplet causing bash configure failure + - JDK-8378631: Update Zlib Data Compression Library to Version 1.3.2 + - JDK-8378823: AIX build fails after zlib updated by JDK-8378631 + - JDK-8378853: [25u] Make backport of JDK-8244336 comply with differences in CSR + - JDK-8379035: (tz) Update Timezone Data to 2026a + - JDK-8379158: Update FreeType to 2.14.2 + - JDK-8379256: Update GIFlib to 6.1.1 + - JDK-8380078: Update GIFlib to 6.1.2 + - JDK-8380959: Update Libpng to 1.6.56 + - JDK-8382047: Update Libpng to 1.6.57 + - JDK-8382439: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.11 + +Notes on individual issues: +=========================== + +security-libs/javax.net.ssl: + +JDK-8328608: Multiple NewSessionTicket support for TLS +====================================================== +With this release of OpenJDK, the number of TLSv1.3 resumption tickets +sent by a JSSE server per session can now be configured. The new +system property `jdk.tls.server.newSessionTicketCount` can be set to a +value in the range 0 to 10. The default is 1, which will also be used +if an invalid value is specified for the property. + +JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA +=============================================================================== +In accordance with similar plans recently announced by Google and +Mozilla, the JDK will not trust Transport Layer Security (TLS) +certificates issued after the 17th of March 2026 which are anchored by +Chungwa root certificates. + +Certificates issued on or before the 17th of March, 2026 will continue +to be trusted until they expire. + +If a server's certificate chain is anchored by an affected +certificate, attempts to negotiate a TLS session will fail with an +Exception that indicates the trust anchor is not trusted. For example, + +"TLS server certificate issued after 2026-03-17 and anchored by a +distrusted legacy Chungwa root CA: OU=ePKI Root Certification +Authority, O="Chunghwa Telecom Co.", Ltd. C=TW" + +To check whether a certificate in a JDK keystore is affected by this +change, you can the `keytool` utility: + +keytool -v -list -alias -keystore + +If any of the certificates in the chain are affected by this change, +then you will need to update the certificate or contact the +organisation responsible for managing the certificate. + +These restrictions apply to the following Chungwa root certificates +included in the JDK: + +Alias name: chunghwaepkirootca +OU=ePKI Root Certification Authority +O="Chunghwa Telecom Co., Ltd." +C=TW +SHA256:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5 + +Users can, *at their own risk*, remove this restriction by modifying +the `java.security` configuration file (or override it by using the +`java.security.properties` system property) so "CHUNGWA_TLS" is no +longer listed in the `jdk.security.caDistrustPolicies` security +property. + +hotspot/jfr: + +JDK-8365972: JFR: ThreadDump and ClassLoaderStatistics events may cause back to back rotations +============================================================================================== +In previous OpenJDK releases, the `jdk.ThreadDump` and +`jdk.ClassLoaderStatistics` events were written at the beginning of a +new file created by a file rotation. However, in applications with +many threads (typically more than a thousand), deep Java stacks +(typically more than three hundred frames) or many class loaders +(typically hundreds of thousands), the size of these events alone +could trigger a further file rotation within one second. This causes +other relevant data to be flushed out very quickly (e.g. about fifteen +seconds if using the default 250MB max file size). In this release, +these events are only written when a recording starts and at the end +of a file rotation. + +security-libs/java.security: + +JDK-8244336: Restrict algorithms at JCE layer +============================================= +A security property named `jdk.crypto.disabledAlgorithms` has been +added that can be used to disable JCE/JCA cryptographic services. The +property accepts a comma-separated list of services, specified as +Service.AlgorithName. The current list of supported services is +`Cipher`, `KeyStore`, `MessageDigest` and `Signature`. Algorithms +should be drawn from those specified by the Java Security Standard +Algorithm Names Specification [0]. For example: + +jdk.crypto.disabledAlgorithms=Cipher.RSA/ECB/PKCS1Padding, MessageDigest.MD2 + +would disable the RSA cipher when used with the ECB cipher algorithm +mode and PKCS #1 algorithm padding, and the MD2 message digest +algorithm. + +The default value for this security property is empty, which means +that no algorithms are disabled out-of-the-box. The value of the +security property specified in `java.security` can be overridden by +specifying a system property of the same name, +`jdk.crypto.disabledAlgorithms`. With the above example in place in +`java.security`, running `java` as: + +$ java -Djdk.crypto.disabledAlgorithms= + +would cause these algorithms to be enabled for that run of the Java +virtual machine. + +[0] https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html + +JDK-8354469: Keytool exposes the password in plain text when command is piped using | grep +========================================================================================== +The `keytool` and `jarsigner` commands read passwords using the system +console with echoing disabled to avoid them being displayed on screen. +However, the system console is usually only available when both the +standard input and standard output have *not* been redirected. In +previous OpenJDK releases, running these tools with input or output +redirected would cause the password to be echoed to the screen in +plain text. With this release, echoing no longer takes place in such +scenarios when using these tools or the JAAS `TextCallbackHandler` +API. + New in release OpenJDK 21.0.10 (2026-01-20): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/fips-21u-a0fd6e8ed6e.patch b/SOURCES/fips-21u-feef2dc3ca7.patch similarity index 99% rename from SOURCES/fips-21u-a0fd6e8ed6e.patch rename to SOURCES/fips-21u-feef2dc3ca7.patch index 2db9580..1aba133 100644 --- a/SOURCES/fips-21u-a0fd6e8ed6e.patch +++ b/SOURCES/fips-21u-feef2dc3ca7.patch @@ -208,7 +208,7 @@ index 1e0f66726d0..59fe923f2c5 100644 # Create the symbols file for static builds. diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java -index 10093137151..b023c63ae58 100644 +index 6a4e28372e5..6d06f69c50f 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java @@ -31,6 +31,7 @@ import java.security.SecureRandom; @@ -230,10 +230,16 @@ index 10093137151..b023c63ae58 100644 @java.io.Serial private static final long serialVersionUID = 6812507587804302833L; -@@ -147,298 +152,299 @@ public final class SunJCE extends Provider { +@@ -147,301 +152,302 @@ public final class SunJCE extends Provider { void putEntries() { // reuse attribute map and reset before each reuse HashMap attrs = new HashMap<>(3); +- attrs.put("SupportedKeyClasses", +- "java.security.interfaces.RSAPublicKey" + +- "|java.security.interfaces.RSAPrivateKey"); +- ps("Signature", "NONEwithRSA", +- "com.sun.crypto.provider.RSACipherAdaptor", null, attrs); +- // continue adding cipher specific attributes - attrs.put("SupportedModes", "ECB"); - attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" - + "|OAEPWITHMD5ANDMGF1PADDING" @@ -245,9 +251,6 @@ index 10093137151..b023c63ae58 100644 - + "|OAEPWITHSHA-512ANDMGF1PADDING" - + "|OAEPWITHSHA-512/224ANDMGF1PADDING" - + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); -- attrs.put("SupportedKeyClasses", -- "java.security.interfaces.RSAPublicKey" + -- "|java.security.interfaces.RSAPrivateKey"); - ps("Cipher", "RSA", - "com.sun.crypto.provider.RSACipher", null, attrs); - @@ -527,6 +530,12 @@ index 10093137151..b023c63ae58 100644 - "com.sun.crypto.provider.DHKeyPairGenerator", - null); + if (!systemFipsEnabled) { ++ attrs.put("SupportedKeyClasses", ++ "java.security.interfaces.RSAPublicKey" + ++ "|java.security.interfaces.RSAPrivateKey"); ++ ps("Signature", "NONEwithRSA", ++ "com.sun.crypto.provider.RSACipherAdaptor", null, attrs); ++ // continue adding cipher specific attributes + attrs.put("SupportedModes", "ECB"); + attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING" + + "|OAEPWITHMD5ANDMGF1PADDING" @@ -538,9 +547,6 @@ index 10093137151..b023c63ae58 100644 + + "|OAEPWITHSHA-512ANDMGF1PADDING" + + "|OAEPWITHSHA-512/224ANDMGF1PADDING" + + "|OAEPWITHSHA-512/256ANDMGF1PADDING"); -+ attrs.put("SupportedKeyClasses", -+ "java.security.interfaces.RSAPublicKey" + -+ "|java.security.interfaces.RSAPrivateKey"); + ps("Cipher", "RSA", + "com.sun.crypto.provider.RSACipher", null, attrs); + @@ -822,7 +828,7 @@ index 10093137151..b023c63ae58 100644 /* * Algorithm parameter generation engines -@@ -447,15 +453,17 @@ public final class SunJCE extends Provider { +@@ -450,15 +456,17 @@ public final class SunJCE extends Provider { "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", null); @@ -849,7 +855,7 @@ index 10093137151..b023c63ae58 100644 /* * Algorithm Parameter engines -@@ -625,10 +633,10 @@ public final class SunJCE extends Provider { +@@ -628,10 +636,10 @@ public final class SunJCE extends Provider { "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128"); ps("SecretKeyFactory", "PBEWithHmacSHA512/224AndAES_128", @@ -862,7 +868,7 @@ index 10093137151..b023c63ae58 100644 ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256"); -@@ -651,136 +659,137 @@ public final class SunJCE extends Provider { +@@ -654,136 +662,137 @@ public final class SunJCE extends Provider { ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_256", "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_256"); @@ -1979,7 +1985,7 @@ index 539ef1e8ee8..435f57e3ff2 100644 "sun.security.rsa.PSSParameters", null); } diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security -index 6b0fd201b9b..2af4e3a3e21 100644 +index be473e3f895..1d5cb17e492 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security @@ -85,6 +85,17 @@ security.provider.tbd=Apple @@ -3011,7 +3017,7 @@ index f8dd5a71c2c..6423805d164 100644 } - diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java -index 0a62021633f..0723b69c2bc 100644 +index aaafc373f80..6466581f4ae 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -26,6 +26,9 @@ @@ -3141,7 +3147,7 @@ index 0a62021633f..0723b69c2bc 100644 } p11 = tmpPKCS11; -@@ -1388,11 +1460,52 @@ public final class SunPKCS11 extends AuthProvider { +@@ -1390,11 +1462,52 @@ public final class SunPKCS11 extends AuthProvider { } @Override @@ -3194,7 +3200,7 @@ index 0a62021633f..0723b69c2bc 100644 try { return newInstance0(param); } catch (PKCS11Exception e) { -@@ -1749,6 +1862,9 @@ public final class SunPKCS11 extends AuthProvider { +@@ -1753,6 +1866,9 @@ public final class SunPKCS11 extends AuthProvider { try { session = token.getOpSession(); p11.C_Logout(session.id()); diff --git a/SOURCES/java-21-openjdk-portable.specfile b/SOURCES/java-21-openjdk-portable.specfile index e746400..708f68a 100644 --- a/SOURCES/java-21-openjdk-portable.specfile +++ b/SOURCES/java-21-openjdk-portable.specfile @@ -333,7 +333,7 @@ # New Version-String scheme-style defines %global featurever 21 %global interimver 0 -%global updatever 10 +%global updatever 11 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -383,7 +383,7 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver a0fd6e8ed6e +%global fipsver feef2dc3ca7 # Define JDK versions %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} %global javaver %{featurever} @@ -397,7 +397,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 7 +%global buildver 10 %global rpmrelease 1 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -680,7 +680,8 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch # ############################################# -# Currently empty +# JDK-8375294: (fs) Files.copy can fail with EOPNOTSUPP when copy_file_range not supported +Patch2001: jdk8375294-handle-EOPNOTSUPP-in-copying.patch ############################################# # @@ -771,19 +772,19 @@ BuildRequires: libpng-devel BuildRequires: zlib-devel %else # Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h -Provides: bundled(freetype) = 2.13.3 +Provides: bundled(freetype) = 2.14.2 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h -Provides: bundled(giflib) = 5.2.2 +Provides: bundled(giflib) = 6.1.2 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h -Provides: bundled(harfbuzz) = 11.2.0 +Provides: bundled(harfbuzz) = 12.3.2 # Version in src/java.desktop/share/native/liblcms/lcms2.h Provides: bundled(lcms2) = 2.17.0 # Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h Provides: bundled(libjpeg) = 6b # Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h -Provides: bundled(libpng) = 1.6.51 +Provides: bundled(libpng) = 1.6.57 # Version in src/java.base/share/native/libzip/zlib/zlib.h -Provides: bundled(zlib) = 1.3.1 +Provides: bundled(zlib) = 1.3.2 # We link statically against libstdc++ to increase portability %ifnarch %{devkit_arches} BuildRequires: libstdc++-static @@ -1001,6 +1002,8 @@ sh %{SOURCE12} %{top_level_dir_name} pushd %{top_level_dir_name} # Add crypto policy and FIPS support %patch -P1001 -p1 +# Add EOPNOTSUPP patch +%patch -P2001 -p1 popd # openjdk @@ -1889,7 +1892,7 @@ done %files # main package builds always %{_jvmdir}/%{jreportablearchiveForFiles} -%{_jvmdir}/%{jreportablearchiveForFiles}.sha256sum +%{_jvmdir}/%{jreportablearchive -- %%{nil}}.sha256sum %else %files # placeholder @@ -1898,15 +1901,15 @@ done %if %{include_normal_build} %files devel -%{_jvmdir}/%{jdkportablearchiveForFiles} +%{_jvmdir}/%{jdkportablearchive -- %%{nil}} %{_jvmdir}/%{jdkportablearchive -- .debuginfo} -%{_jvmdir}/%{jdkportablearchiveForFiles}.sha256sum +%{_jvmdir}/%{jdkportablearchive -- %%{nil}}.sha256sum %{_jvmdir}/%{jdkportablearchive -- .debuginfo}.sha256sum %if %{include_staticlibs} %files static-libs %{_jvmdir}/%{staticlibsportablearchiveForFiles} -%{_jvmdir}/%{staticlibsportablearchiveForFiles}.sha256sum +%{_jvmdir}/%{staticlibsportablearchive -- %%{nil}}.sha256sum %endif %files unstripped @@ -1960,9 +1963,28 @@ done %endif %changelog -* Fri Jan 23 2026 alukoshko - 1:21.0.10.0.7-1 +* Mon Apr 27 2026 alukoshko - 1:21.0.11.0.10-1 - Portable build for riscv64 +* Sat Apr 18 2026 Andrew Hughes - 1:21.0.11.0.10-1 +- Update to jdk-21.0.11+10 (GA) +- Update release notes to 21.0.11+10 +- Update FIPS patch to feef2dc3ca7 version synced with 21.0.11+9 and adapted to JDK-8244336 +- Bump freetype version to 2.14.2 following JDK-8373290 & JDK-8379158 +- Bump giflib version to 6.1.2 following JDK-8379256 & JDK-8380078 +- Bump libpng version to 1.6.57 following JDK-8380959 & JDK-8382047 +- Bump zlib version to 1.3.2 following JDK-8378631 +- Add JDK-8375294 EOPNOTSUPP patch ahead of 21.0.13 +- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. ** +- Resolves: OPENJDK-4301 +- Resolves: OPENJDK-4521 +- Resolves: OPENJDK-4543 +- Resolves: OPENJDK-4550 +- Resolves: OPENJDK-4653 +- Resolves: OPENJDK-4631 +- Resolves: OPENJDK-4606 +- Resolves: OPENJDK-4676 + * Sun Jan 18 2026 Andrew Hughes - 1:21.0.10.0.7-1 - Update to jdk-21.0.10+7 (GA) - Update release notes to 21.0.10+7 diff --git a/SOURCES/jdk8375294-handle-EOPNOTSUPP-in-copying.patch b/SOURCES/jdk8375294-handle-EOPNOTSUPP-in-copying.patch new file mode 100644 index 0000000..60af1fd --- /dev/null +++ b/SOURCES/jdk8375294-handle-EOPNOTSUPP-in-copying.patch @@ -0,0 +1,47 @@ +diff --git a/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c b/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c +index 207e61431dc..7c3761a613c 100644 +--- a/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c ++++ b/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2000, 2026, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -63,7 +63,7 @@ Java_sun_nio_ch_FileDispatcherImpl_transferFrom0(JNIEnv *env, jobject this, + if (n < 0) { + if (errno == EAGAIN) + return IOS_UNAVAILABLE; +- if (errno == ENOSYS) ++ if (errno == ENOSYS || errno == EOPNOTSUPP) + return IOS_UNSUPPORTED_CASE; + if ((errno == EBADF || errno == EINVAL || errno == EXDEV) && + ((ssize_t)count >= 0)) +@@ -103,6 +103,7 @@ Java_sun_nio_ch_FileDispatcherImpl_transferTo0(JNIEnv *env, jobject this, + case EINVAL: + case ENOSYS: + case EXDEV: ++ case EOPNOTSUPP: + // ignore and try sendfile() + break; + default: +diff --git a/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c b/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c +index cf8592e1ced..5f14896ad24 100644 +--- a/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c ++++ b/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2008, 2022, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2008, 2026, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -199,6 +199,7 @@ Java_sun_nio_fs_LinuxNativeDispatcher_directCopy0 + case EINVAL: + case ENOSYS: + case EXDEV: ++ case EOPNOTSUPP: + // ignore and try sendfile() + break; + default: