rpms/java-21-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI java-21-openjdk-21.0.11.0.10-1.el8

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-04-27 11:36:15 -04:00
parent 9aa36271df
commit fb89ff5cf5
7 changed files with 425 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/openjdk-21.0.10+7.tar.xz
SOURCES/openjdk-21.0.11+10.tar.xz
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

2
.java-21-openjdk.metadata
View File

@ -1,2 +1,2 @@
1e24e8b2c4802b336ecf71428de9e38abecc0d05 SOURCES/openjdk-21.0.10+7.tar.xz
86c763efed8460ffba49a3953a0fa3468e31a8ee SOURCES/openjdk-21.0.11+10.tar.xz
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

291
SOURCES/NEWS
View File

@ -3,6 +3,297 @@ Key:
JDK-X - https://bugs.openjdk.java.net/browse/JDK-X
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
New in release OpenJDK 21.0.11 (2026-04-21):
===========================================
Live versions of these release notes can be found at:
* https://bit.ly/openjdk2111
* CVEs
- CVE-2026-22007
- CVE-2026-22013
- CVE-2026-22016
- CVE-2026-22018
- CVE-2026-22021
- CVE-2026-23865
- CVE-2026-34268
- CVE-2026-34282
* Changes
- JDK-6899304: java.awt.Toolkit.getScreenInsets(GraphicsConfiguration) returns incorrect values
- JDK-8030957: AIX: Implement OperatingSystemMXBean.getSystemCpuLoad() and .getProcessCpuLoad() on AIX
- JDK-8075917: The regression-swing case failed as the text on label is not painted red with the GTK L&F
- JDK-8114830: (fs) Files.copy fails due to interference from something else changing the file system
- JDK-8244336: Restrict algorithms at JCE layer
- JDK-8256289: java/awt/Focus/AppletInitialFocusTest/AppletInitialFocusTest1.java failed with "RuntimeException: Wrong focus owner: java.awt.Button[button1,41,36,56x23,label=Button1]"
- JDK-8287062: com/sun/jndi/ldap/LdapPoolTimeoutTest.java failed due to different timeout message
- JDK-8298153: Colored text is not shown on disabled checkbox and radio button with GTK LAF for bug4314194
- JDK-8301875: java.util.TimeZone.getSystemTimeZoneID uses C library default file mode
- JDK-8313319: [linux] mmap should use MAP_FIXED_NOREPLACE if available
- JDK-8314555: Build with mawk fails on Windows
- JDK-8314810: (fs) java/nio/file/Files/CopyInterference.java should use TestUtil::supportsLinks
- JDK-8316274: javax/swing/ButtonGroup/TestButtonGroupFocusTraversal.java fails in Ubuntu 23.10 with Motif LAF
- JDK-8317633: Modernize text.testlib.HexDumpReader
- JDK-8317801: java/net/Socket/asyncClose/Race.java fails intermittently (aix)
- JDK-8317838: java/nio/channels/Channels/SocketChannelStreams.java running into timeout (aix)
- JDK-8318302: ThreadCountLimit.java failed with "Native memory allocation (mprotect) failed to protect 16384 bytes for memory to guard stack pages"
- JDK-8326897: (fs) The utility TestUtil.supportsLinks is wrongly used to check for hard link support
- JDK-8327114: Attach in Linux may have wrong behaviour when pid == ns_pid (Kubernetes debug container)
- JDK-8328608: Multiple NewSessionTicket support for TLS
- JDK-8329337: Problem list BufferStrategyExceptionTest.java on Windows
- JDK-8330016: Stress seed should be initialized for runtime stub compilation
- JDK-8331431: Update to use jtreg 7.4
- JDK-8333386: TestAbortOnVMOperationTimeout test fails for client VM
- JDK-8333857: Test sun/security/ssl/SSLSessionImpl/ResumeChecksServer.java failed: Existing session was used
- JDK-8334670: SSLSocketOutputRecord buffer miscalculation
- JDK-8334738: os::print_hex_dump should optionally print ASCII
- JDK-8335646: Nimbus : JLabel not painted with LAF defined foreground color on Ubuntu 24.04
- JDK-8335906: [s390x] Test Failure: GTestWrapper.java
- JDK-8336695: Update Commons BCEL to Version 6.10.0
- JDK-8337102: JITTester: Fix breaks in static initialization blocks
- JDK-8339238: Update to use jtreg 7.5.1
- JDK-8339271: giflib attribution correction
- JDK-8339791: Refactor MiscUndecorated/ActiveAWTWindowTest.java
- JDK-8341246: Test com/sun/tools/attach/PermissionTest.java fails access denied after JDK-8327114
- JDK-8341310: Test TestJcmdWithSideCar.java should skip ACCESS_TMP_VIA_PROC_ROOT (after JDK-8327114)
- JDK-8342175: MemoryEaterMT fails intermittently with ExceptionInInitializerError
- JDK-8342449: reimplement: JDK-8327114 Attach in Linux may have wrong behavior when pid == ns_pid
- JDK-8343234: (bf) Move java/nio/Buffer/LimitDirectMemory.java from ProblemList.txt to ProblemList-Virtual.txt
- JDK-8343377: Performance regression in reflective invocation of native methods
- JDK-8343622: AesDkCrypto.stringToKey should not return null
- JDK-8345578: New test in JDK-8343622 fails with a promoted build
- JDK-8345668: ZoneOffset.ofTotalSeconds performance regression
- JDK-8346048: test/lib/containers/docker/DockerRunOptions.java uses addJavaOpts() from ctor
- JDK-8346962: Test CRLReadTimeout.java fails with -Xcomp on a fastdebug build
- JDK-8347475: GTK: javax/swing/JColorChooser/Test8152419.java there are no swatches or RGB tab in JColorChooser
- JDK-8348014: Enhance certificate processing
- JDK-8348309: MultiNST tests need more debugging and timing
- JDK-8349351: Combine Screen Inset Tests into a Single File
- JDK-8350103: Test containers/systemd/SystemdMemoryAwarenessTest.java fails on Linux ppc64le SLES15 SP6
- JDK-8351000: StringBuilder getChar and putChar robustness
- JDK-8351458: (ch) Move preClose to UnixDispatcher
- JDK-8351639: Improve debuggability of test/langtools/jdk/jshell/JdiHangingListenExecutionControlTest.java test
- JDK-8353755: Add a helper method to Util - findComponent()
- JDK-8354057: Odd debug output in -Xlog:os+container=debug on certain systems
- JDK-8354145: G1: UseCompressedOops boundary is calculated on maximum heap region size instead of maxiumum ergonomic heap region size
- JDK-8354219: Automate javax/swing/JComboBox/ComboPopupBug.java
- JDK-8354469: Keytool exposes the password in plain text when command is piped using | grep
- JDK-8354559: gc/g1/TestAllocationFailure.java doesn't need WB API
- JDK-8354878: File Leak in CgroupSubsystemFactory::determine_type of cgroupSubsystem_linux.cpp:300
- JDK-8354922: ZGC: Use MAP_FIXED_NOREPLACE when reserving memory
- JDK-8355278: Improve debuggability of com/sun/jndi/ldap/LdapPoolTimeoutTest.java test
- JDK-8355445: [java.nio] Use @requires tag instead of exiting based on "os.name" property value
- JDK-8355632: WhiteBox.waitForReferenceProcessing() fails assert for return type
- JDK-8356107: [java.lang] Use @requires tag instead of exiting based on os.name or separatorChar property
- JDK-8357141: Update to use jtreg 7.5.2
- JDK-8357277: Update OpenSSL library for interop tests
- JDK-8357380: java/lang/StringBuilder/RacingSBThreads.java times out with C1
- JDK-8358077: sun.tools.attach.VirtualMachineImpl::checkCatchesAndSendQuitTo on Linux leaks file handles after JDK-8327114
- JDK-8358159: Empty mode/padding in cipher transformations
- JDK-8358751: C2: Recursive inlining check for compiled lambda forms is broken
- JDK-8359388: Stricter checking for cipher transformations
- JDK-8359827: Test runtime/Thread/ThreadCountLimit.java need loop increasing the limit
- JDK-8360539: DTLS handshakes fails due to improper cookie validation logic
- JDK-8361067: Test ExtraButtonDrag.java requires frame.dispose in finally block
- JDK-8361530: Test javax/swing/GraphicsConfigNotifier/StalePreferredSize.java timed out
- JDK-8361613: System.console() should only be available for interactive terminal
- JDK-8362834: Several runtime/Thread tests should mark as /native
- JDK-8363950: Incorrect jtreg header in TestLayoutVsICU.java
- JDK-8364373: Transform Affine transformations
- JDK-8364465: Enhance behavior of some intrinsics
- JDK-8364764: java/nio/channels/vthread/BlockingChannelOps.java subtests timed out
- JDK-8365526: Crash with null Symbol passed to SystemDictionary::resolve_or_null
- JDK-8365972: JFR: ThreadDump and ClassLoaderStatistics events may cause back to back rotations
- JDK-8366128: jdk/jdk/nio/zipfs/TestPosix.java::testJarFile uses wrong file
- JDK-8366261: Provide utility methods for sun.security.util.Password
- JDK-8366694: Test JdbStopInNotificationThreadTest.java timed out after 60 second
- JDK-8366817: test/jdk/javax/net/ssl/TLSCommon/interop/JdkProcServer.java and JdkProcClient.java should not delete logs
- JDK-8366850: Test com/sun/jdi/JdbStopInNotificationThreadTest.java failed
- JDK-8366866: SslRMIClientSocketFactory#createSocket lacking priviledges (securitymanger)
- JDK-8366938: Test runtime/handshake/HandshakeTimeoutTest.java crashed
- JDK-8367135: Test compiler/loopstripmining/CheckLoopStripMining.java needs internal timeouts adjusted
- JDK-8367583: sun/security/util/AlgorithmConstraints/InvalidCryptoDisabledAlgos.java fails after JDK-8244336
- JDK-8367772: Refactor createUI in PassFailJFrame
- JDK-8368683: [process] Increase jtreg debug output maxOutputSize for TreeTest
- JDK-8368787: Error reporting: hs_err files should show instructions when referencing code in nmethods
- JDK-8368882: NPE during text drawing on machine with JP locale
- JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
- JDK-8369575: Enhance crypto algorithm support
- JDK-8369858: Remove darcy author tags from jdk tests
- JDK-8369911: Test sun/java2d/marlin/ClipShapeTest.java#CubicDoDash, #Cubic and #Poly fail intermittent
- JDK-8370325: G1: Disallow GC for TLAB allocation
- JDK-8370529: Enhance Path Factories Redux
- JDK-8370572: Cgroups hierarchical memory limit is not honored after JDK-8322420
- JDK-8370579: PPC: fix inswri immediate argument order
- JDK-8370615: Improve Kerberos credentialing
- JDK-8370636: com/sun/jdi/TwoThreadsTest.java should wait for completion of all threads
- JDK-8370966: Create regression test for the hierarchical memory limit fix in JDK-8370572
- JDK-8370986: Enhance Zip file reading
- JDK-8370995: Enhance ZipFile usage
- JDK-8371103: vmTestbase/nsk/jvmti/scenarios/events/EM02/em02t006/TestDescription.java failing
- JDK-8371485: ProblemList awt/Mixing/AWT_Mixing/JTableInGlassPaneOverlapping.java for linux
- JDK-8371559: Intermittent timeouts in test javax/net/ssl/Stapling/HttpsUrlConnClient.java
- JDK-8371608: Jtreg test jdk/internal/vm/Continuation/Fuzz.java sometimes fails with (fast)debug binaries
- JDK-8371830: Enhance certificate chain validation
- JDK-8371889: [21u] JFR: Deadlock in ThrowableTracer
- JDK-8371935: Enhance key generation
- JDK-8371978: tools/jar/ReproducibleJar.java fails on XFS
- JDK-8372048: Performance improvement on Linux remote desktop
- JDK-8372321: TestBackToBackSensitive fails intermittently after JDK-8365972
- JDK-8372348: Adjust some UL / JFR string deduplication output messages
- JDK-8372441: JFR: Improve logging of TestBackToBackSensitive
- JDK-8372464: Bump update version for OpenJDK: jdk-21.0.11
- JDK-8372710: Update ProcessBuilder/Basic regex
- JDK-8372756: Mouse additional buttons and horizontal scrolling are broken on XWayland GNOME >= 47 after JDK-8351907
- JDK-8372857: Improve debuggability of java/rmi/server/RemoteServer/AddrInUse.java test
- JDK-8372977: Unnecessary gthread-2.0 loading
- JDK-8372988: Test runtime/Nestmates/membership/TestNestHostErrorWithMultiThread.java failed: Unexpected interrupt
- JDK-8373290: Update FreeType to 2.14.1
- JDK-8373476: (tz) Update Timezone Data to 2025c
- JDK-8373525: C2: assert(_base == Long) failed: Not a Long
- JDK-8373727: New XBM images parser regression: only the first line of the bitmap array is parsed
- JDK-8374056: RISC-V: Fix argument passing for the RiscvFlushIcache::flush
- JDK-8374178: Missing include in systemDictionary.cpp after JDK-8365526
- JDK-8374209: [17u,21u] Backout JDK-8361748 due to JDK-8373727
- JDK-8374433: java/util/Locale/PreserveTagCase.java does not run any tests
- JDK-8374555: No need for visible input warning in s.s.u.Password when not reading from System.in
- JDK-8374557: Enhance TLS connection handling
- JDK-8374642: EscapeHash macro fails with GNU make 4.3 and 4.4
- JDK-8375057: Update HarfBuzz to 12.3.2
- JDK-8375063: Update Libpng to 1.6.54
- JDK-8375530: PPC64: incorrect quick verify_method_data_pointer check causes poor performance in debug build
- JDK-8375549: ConcurrentModificationException if jdk.crypto.disabledAlgorithms has multiple entries with known oid
- JDK-8375999: com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails sporadically on Windows
- JDK-8376251: [macos] java/awt/Frame/I18NTitle.java fails on MacOS (JDK-8355884)
- JDK-8376270: [21u, 17u] Redo JDK-8361748: Enforce limits on the size of an XBM image
- JDK-8377509: Add licenses for gcc 14.2.0
- JDK-8377526: Update Libpng to 1.6.55
- JDK-8377905: gcc.md included with every build
- JDK-8378218: MSYS2 reports cygwin triplet causing bash configure failure
- JDK-8378631: Update Zlib Data Compression Library to Version 1.3.2
- JDK-8378823: AIX build fails after zlib updated by JDK-8378631
- JDK-8378853: [25u] Make backport of JDK-8244336 comply with differences in CSR
- JDK-8379035: (tz) Update Timezone Data to 2026a
- JDK-8379158: Update FreeType to 2.14.2
- JDK-8379256: Update GIFlib to 6.1.1
- JDK-8380078: Update GIFlib to 6.1.2
- JDK-8380959: Update Libpng to 1.6.56
- JDK-8382047: Update Libpng to 1.6.57
- JDK-8382439: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.11
Notes on individual issues:
===========================
security-libs/javax.net.ssl:
JDK-8328608: Multiple NewSessionTicket support for TLS
======================================================
With this release of OpenJDK, the number of TLSv1.3 resumption tickets
sent by a JSSE server per session can now be configured. The new
system property `jdk.tls.server.newSessionTicketCount` can be set to a
value in the range 0 to 10. The default is 1, which will also be used
if an invalid value is specified for the property.
JDK-8369282: Distrust TLS server certificates anchored by Chunghwa ePKI Root CA
===============================================================================
In accordance with similar plans recently announced by Google and
Mozilla, the JDK will not trust Transport Layer Security (TLS)
certificates issued after the 17th of March 2026 which are anchored by
Chungwa root certificates.
Certificates issued on or before the 17th of March, 2026 will continue
to be trusted until they expire.
If a server's certificate chain is anchored by an affected
certificate, attempts to negotiate a TLS session will fail with an
Exception that indicates the trust anchor is not trusted. For example,
"TLS server certificate issued after 2026-03-17 and anchored by a
distrusted legacy Chungwa root CA: OU=ePKI Root Certification
Authority, O="Chunghwa Telecom Co.", Ltd. C=TW"
To check whether a certificate in a JDK keystore is affected by this
change, you can the `keytool` utility:
keytool -v -list -alias <your_server_alias> -keystore <your_keystore_filename>
If any of the certificates in the chain are affected by this change,
then you will need to update the certificate or contact the
organisation responsible for managing the certificate.
These restrictions apply to the following Chungwa root certificates
included in the JDK:
Alias name: chunghwaepkirootca
OU=ePKI Root Certification Authority
O="Chunghwa Telecom Co., Ltd."
C=TW
SHA256:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5
Users can, *at their own risk*, remove this restriction by modifying
the `java.security` configuration file (or override it by using the
`java.security.properties` system property) so "CHUNGWA_TLS" is no
longer listed in the `jdk.security.caDistrustPolicies` security
property.
hotspot/jfr:
JDK-8365972: JFR: ThreadDump and ClassLoaderStatistics events may cause back to back rotations
==============================================================================================
In previous OpenJDK releases, the `jdk.ThreadDump` and
`jdk.ClassLoaderStatistics` events were written at the beginning of a
new file created by a file rotation. However, in applications with
many threads (typically more than a thousand), deep Java stacks
(typically more than three hundred frames) or many class loaders
(typically hundreds of thousands), the size of these events alone
could trigger a further file rotation within one second. This causes
other relevant data to be flushed out very quickly (e.g. about fifteen
seconds if using the default 250MB max file size). In this release,
these events are only written when a recording starts and at the end
of a file rotation.
security-libs/java.security:
JDK-8244336: Restrict algorithms at JCE layer
=============================================
A security property named `jdk.crypto.disabledAlgorithms` has been
added that can be used to disable JCE/JCA cryptographic services. The
property accepts a comma-separated list of services, specified as
Service.AlgorithName. The current list of supported services is
`Cipher`, `KeyStore`, `MessageDigest` and `Signature`. Algorithms
should be drawn from those specified by the Java Security Standard
Algorithm Names Specification [0]. For example:
jdk.crypto.disabledAlgorithms=Cipher.RSA/ECB/PKCS1Padding, MessageDigest.MD2
would disable the RSA cipher when used with the ECB cipher algorithm
mode and PKCS #1 algorithm padding, and the MD2 message digest
algorithm.
The default value for this security property is empty, which means
that no algorithms are disabled out-of-the-box. The value of the
security property specified in `java.security` can be overridden by
specifying a system property of the same name,
`jdk.crypto.disabledAlgorithms`. With the above example in place in
`java.security`, running `java` as:
$ java -Djdk.crypto.disabledAlgorithms=
would cause these algorithms to be enabled for that run of the Java
virtual machine.
[0] https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html
JDK-8354469: Keytool exposes the password in plain text when command is piped using | grep
==========================================================================================
The `keytool` and `jarsigner` commands read passwords using the system
console with echoing disabled to avoid them being displayed on screen.
However, the system console is usually only available when both the
standard input and standard output have *not* been redirected. In
previous OpenJDK releases, running these tools with input or output
redirected would cause the password to be echoed to the screen in
plain text. With this release, echoing no longer takes place in such
scenarios when using these tools or the JAAS `TextCallbackHandler`
API.
New in release OpenJDK 21.0.10 (2026-01-20):
===========================================
Live versions of these release notes can be found at:

36
SOURCES/fips-21u-a0fd6e8ed6e.patch → SOURCES/fips-21u-feef2dc3ca7.patch
View File

@ -208,7 +208,7 @@ index 1e0f66726d0..59fe923f2c5 100644
# Create the symbols file for static builds.
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
index 10093137151..b023c63ae58 100644
index 6a4e28372e5..6d06f69c50f 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
@@ -31,6 +31,7 @@ import java.security.SecureRandom;
@ -230,10 +230,16 @@ index 10093137151..b023c63ae58 100644
@java.io.Serial
private static final long serialVersionUID = 6812507587804302833L;
@@ -147,298 +152,299 @@ public final class SunJCE extends Provider {
@@ -147,301 +152,302 @@ public final class SunJCE extends Provider {
void putEntries() {
// reuse attribute map and reset before each reuse
HashMap<String, String> attrs = new HashMap<>(3);
- attrs.put("SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
- ps("Signature", "NONEwithRSA",
- "com.sun.crypto.provider.RSACipherAdaptor", null, attrs);
- // continue adding cipher specific attributes
- attrs.put("SupportedModes", "ECB");
- attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
- + "|OAEPWITHMD5ANDMGF1PADDING"
@ -245,9 +251,6 @@ index 10093137151..b023c63ae58 100644
- + "|OAEPWITHSHA-512ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
- + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
- attrs.put("SupportedKeyClasses",
- "java.security.interfaces.RSAPublicKey" +
- "|java.security.interfaces.RSAPrivateKey");
- ps("Cipher", "RSA",
- "com.sun.crypto.provider.RSACipher", null, attrs);
-
@ -527,6 +530,12 @@ index 10093137151..b023c63ae58 100644
- "com.sun.crypto.provider.DHKeyPairGenerator",
- null);
+ if (!systemFipsEnabled) {
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+ ps("Signature", "NONEwithRSA",
+ "com.sun.crypto.provider.RSACipherAdaptor", null, attrs);
+ // continue adding cipher specific attributes
+ attrs.put("SupportedModes", "ECB");
+ attrs.put("SupportedPaddings", "NOPADDING|PKCS1PADDING|OAEPPADDING"
+ + "|OAEPWITHMD5ANDMGF1PADDING"
@ -538,9 +547,6 @@ index 10093137151..b023c63ae58 100644
+ + "|OAEPWITHSHA-512ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/224ANDMGF1PADDING"
+ + "|OAEPWITHSHA-512/256ANDMGF1PADDING");
+ attrs.put("SupportedKeyClasses",
+ "java.security.interfaces.RSAPublicKey" +
+ "|java.security.interfaces.RSAPrivateKey");
+ ps("Cipher", "RSA",
+ "com.sun.crypto.provider.RSACipher", null, attrs);
+
@ -822,7 +828,7 @@ index 10093137151..b023c63ae58 100644
/*
* Algorithm parameter generation engines
@@ -447,15 +453,17 @@ public final class SunJCE extends Provider {
@@ -450,15 +456,17 @@ public final class SunJCE extends Provider {
"DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator",
null);
@ -849,7 +855,7 @@ index 10093137151..b023c63ae58 100644
/*
* Algorithm Parameter engines
@@ -625,10 +633,10 @@ public final class SunJCE extends Provider {
@@ -628,10 +636,10 @@ public final class SunJCE extends Provider {
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA512/224AndAES_128",
@ -862,7 +868,7 @@ index 10093137151..b023c63ae58 100644
ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
@@ -651,136 +659,137 @@ public final class SunJCE extends Provider {
@@ -654,136 +662,137 @@ public final class SunJCE extends Provider {
ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_256");
@ -1979,7 +1985,7 @@ index 539ef1e8ee8..435f57e3ff2 100644
"sun.security.rsa.PSSParameters", null);
}
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
index 6b0fd201b9b..2af4e3a3e21 100644
index be473e3f895..1d5cb17e492 100644
--- a/src/java.base/share/conf/security/java.security
+++ b/src/java.base/share/conf/security/java.security
@@ -85,6 +85,17 @@ security.provider.tbd=Apple
@ -3011,7 +3017,7 @@ index f8dd5a71c2c..6423805d164 100644
}
-
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
index 0a62021633f..0723b69c2bc 100644
index aaafc373f80..6466581f4ae 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java
@@ -26,6 +26,9 @@
@ -3141,7 +3147,7 @@ index 0a62021633f..0723b69c2bc 100644
}
p11 = tmpPKCS11;
@@ -1388,11 +1460,52 @@ public final class SunPKCS11 extends AuthProvider {
@@ -1390,11 +1462,52 @@ public final class SunPKCS11 extends AuthProvider {
}
@Override
@ -3194,7 +3200,7 @@ index 0a62021633f..0723b69c2bc 100644
try {
return newInstance0(param);
} catch (PKCS11Exception e) {
@@ -1749,6 +1862,9 @@ public final class SunPKCS11 extends AuthProvider {
@@ -1753,6 +1866,9 @@ public final class SunPKCS11 extends AuthProvider {
try {
session = token.getOpSession();
p11.C_Logout(session.id());

40
SOURCES/java-21-openjdk-portable.specfile
View File

@ -329,7 +329,7 @@
# New Version-String scheme-style defines
%global featurever 21
%global interimver 0
%global updatever 10
%global updatever 11
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
@ -379,7 +379,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver a0fd6e8ed6e
%global fipsver feef2dc3ca7
# Define JDK versions
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
@ -393,7 +393,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 7
%global buildver 10
%global rpmrelease 1
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
@ -670,7 +670,8 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
#
#############################################
# Currently empty
# JDK-8375294: (fs) Files.copy can fail with EOPNOTSUPP when copy_file_range not supported
Patch2001: jdk8375294-handle-EOPNOTSUPP-in-copying.patch
#############################################
#
@ -761,19 +762,19 @@ BuildRequires: libpng-devel
BuildRequires: zlib-devel
%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.13.3
Provides: bundled(freetype) = 2.14.2
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2
Provides: bundled(giflib) = 6.1.2
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 11.2.0
Provides: bundled(harfbuzz) = 12.3.2
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.17.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.51
Provides: bundled(libpng) = 1.6.57
# Version in src/java.base/share/native/libzip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
Provides: bundled(zlib) = 1.3.2
# We link statically against libstdc++ to increase portability
%ifnarch %{devkit_arches}
BuildRequires: libstdc++-static
@ -991,6 +992,8 @@ sh %{SOURCE12} %{top_level_dir_name}
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
%patch -P1001 -p1
# Add EOPNOTSUPP patch
%patch -P2001 -p1
popd # openjdk
@ -1950,6 +1953,25 @@ done
%endif
%changelog
* Sat Apr 18 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.11.0.10-1
- Update to jdk-21.0.11+10 (GA)
- Update release notes to 21.0.11+10
- Update FIPS patch to feef2dc3ca7 version synced with 21.0.11+9 and adapted to JDK-8244336
- Bump freetype version to 2.14.2 following JDK-8373290 & JDK-8379158
- Bump giflib version to 6.1.2 following JDK-8379256 & JDK-8380078
- Bump libpng version to 1.6.57 following JDK-8380959 & JDK-8382047
- Bump zlib version to 1.3.2 following JDK-8378631
- Add JDK-8375294 EOPNOTSUPP patch ahead of 21.0.13
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Resolves: OPENJDK-4301
- Resolves: OPENJDK-4521
- Resolves: OPENJDK-4543
- Resolves: OPENJDK-4550
- Resolves: OPENJDK-4653
- Resolves: OPENJDK-4631
- Resolves: OPENJDK-4606
- Resolves: OPENJDK-4676
* Sun Jan 18 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.10.0.7-1
- Update to jdk-21.0.10+7 (GA)
- Update release notes to 21.0.10+7

47
SOURCES/jdk8375294-handle-EOPNOTSUPP-in-copying.patch Normal file
View File

@ -0,0 +1,47 @@
diff --git a/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c b/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c
index 207e61431dc..7c3761a613c 100644
--- a/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c
+++ b/src/java.base/linux/native/libnio/ch/FileDispatcherImpl.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2026, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -63,7 +63,7 @@ Java_sun_nio_ch_FileDispatcherImpl_transferFrom0(JNIEnv *env, jobject this,
if (n < 0) {
if (errno == EAGAIN)
return IOS_UNAVAILABLE;
- if (errno == ENOSYS)
+ if (errno == ENOSYS || errno == EOPNOTSUPP)
return IOS_UNSUPPORTED_CASE;
if ((errno == EBADF || errno == EINVAL || errno == EXDEV) &&
((ssize_t)count >= 0))
@@ -103,6 +103,7 @@ Java_sun_nio_ch_FileDispatcherImpl_transferTo0(JNIEnv *env, jobject this,
case EINVAL:
case ENOSYS:
case EXDEV:
+ case EOPNOTSUPP:
// ignore and try sendfile()
break;
default:
diff --git a/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c b/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c
index cf8592e1ced..5f14896ad24 100644
--- a/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c
+++ b/src/java.base/linux/native/libnio/fs/LinuxNativeDispatcher.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2026, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -199,6 +199,7 @@ Java_sun_nio_fs_LinuxNativeDispatcher_directCopy0
case EINVAL:
case ENOSYS:
case EXDEV:
+ case EOPNOTSUPP:
// ignore and try sendfile()
break;
default:

42
SPECS/java-21-openjdk.spec
View File

@ -308,7 +308,7 @@
# New Version-String scheme-style defines
%global featurever 21
%global interimver 0
%global updatever 10
%global updatever 11
%global patchver 0
# We don't add any LTS designator for STS packages (Fedora and EPEL).
# We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined.
@ -344,7 +344,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver a0fd6e8ed6e
%global fipsver feef2dc3ca7
# Define JDK versions
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
@ -365,7 +365,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 7
%global buildver 10
%global rpmrelease 1
# Settings used by the portable build
%global portablerelease 1
@ -1443,7 +1443,8 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
#
#############################################
# Currently empty
# JDK-8375294: (fs) Files.copy can fail with EOPNOTSUPP when copy_file_range not supported
Patch2001: jdk8375294-handle-EOPNOTSUPP-in-copying.patch
#############################################
#
@ -1530,19 +1531,19 @@ BuildRequires: libpng-devel
BuildRequires: zlib-devel
%else
# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
Provides: bundled(freetype) = 2.13.3
Provides: bundled(freetype) = 2.14.2
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2
Provides: bundled(giflib) = 6.1.2
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 11.2.0
Provides: bundled(harfbuzz) = 12.3.2
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.17.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.51
Provides: bundled(libpng) = 1.6.57
# Version in src/java.base/share/native/libzip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
Provides: bundled(zlib) = 1.3.2
%endif
# this is always built, also during debug-only build
@ -1920,6 +1921,8 @@ sh %{SOURCE12} %{top_level_dir_name}
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
%patch -P1001 -p1
# Add EOPNOTSUPP patch
%patch -P2001 -p1
popd # openjdk
@ -2563,6 +2566,27 @@ require "copy_jdk_configs.lua"
%endif
%changelog
* Sat Apr 18 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.11.0.10-1
- Update to jdk-21.0.11+10 (GA)
- Update release notes to 21.0.11+10
- Update FIPS patch to feef2dc3ca7 version synced with 21.0.11+9 and adapted to JDK-8244336
- Bump freetype version to 2.14.2 following JDK-8373290 & JDK-8379158
- Bump giflib version to 6.1.2 following JDK-8379256 & JDK-8380078
- Bump libpng version to 1.6.57 following JDK-8380959 & JDK-8382047
- Bump zlib version to 1.3.2 following JDK-8378631
- Add JDK-8375294 EOPNOTSUPP patch ahead of 21.0.13
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2026-04-21 @ 1pm PT. **
- Resolves: RHEL-169610
- Resolves: RHEL-133225
- Resolves: RHEL-146658
- Resolves: RHEL-148337
- Resolves: RHEL-148851
- Resolves: RHEL-157100
- Resolves: RHEL-161227
- Resolves: RHEL-161343
- Resolves: RHEL-169617
* Sun Jan 18 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.10.0.7-1
- Update to jdk-21.0.10+7 (GA)
- Update release notes to 21.0.10+7