diff --git a/.gitignore b/.gitignore index 59d2fb2..28181b7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz +SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-1.8.0-openjdk.metadata b/.java-1.8.0-openjdk.metadata index 4c7628f..9832ba2 100644 --- a/.java-1.8.0-openjdk.metadata +++ b/.java-1.8.0-openjdk.metadata @@ -1,2 +1,2 @@ -57112674fa8d81e4b09c1eec880ed362a7f98a67 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20-4curve.tar.xz +de58a4f646ca65cafbd2166d7d08eb330adaf4e6 SOURCES/aarch64-port-jdk8u-shenandoah-aarch64-shenandoah-jdk8u282-b08-4curve.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/CheckVendor.java b/SOURCES/CheckVendor.java new file mode 100644 index 0000000..e2101cf --- /dev/null +++ b/SOURCES/CheckVendor.java @@ -0,0 +1,57 @@ +/* CheckVendor -- Check the vendor properties match specified values. + Copyright (C) 2020 Red Hat, Inc. + +This program is free software: you can redistribute it and/or modify +it under the terms of the GNU Affero General Public License as +published by the Free Software Foundation, either version 3 of the +License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU Affero General Public License for more details. + +You should have received a copy of the GNU Affero General Public License +along with this program. If not, see . +*/ + +/** + * @test + */ +public class CheckVendor { + + public static void main(String[] args) { + if (args.length < 3) { + System.err.println("CheckVendor "); + System.exit(1); + } + + String vendor = System.getProperty("java.vendor"); + String expectedVendor = args[0]; + String vendorURL = System.getProperty("java.vendor.url"); + String expectedVendorURL = args[1]; + String vendorBugURL = System.getProperty("java.vendor.url.bug"); + String expectedVendorBugURL = args[2]; + + if (!expectedVendor.equals(vendor)) { + System.err.printf("Invalid vendor %s, expected %s\n", + vendor, expectedVendor); + System.exit(2); + } + + if (!expectedVendorURL.equals(vendorURL)) { + System.err.printf("Invalid vendor URL %s, expected %s\n", + vendorURL, expectedVendorURL); + System.exit(3); + } + + if (!expectedVendorBugURL.equals(vendorBugURL)) { + System.err.printf("Invalid vendor bug URL%s, expected %s\n", + vendorBugURL, expectedVendorBugURL); + System.exit(4); + } + + System.err.printf("Vendor information verified as %s, %s, %s\n", + vendor, vendorURL, vendorBugURL); + } +} diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 59f5724..ee1e724 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,6 +3,756 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 8u282 (2021-01-19): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u282 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt + +* Security fixes + - JDK-8247619: Improve Direct Buffering of Characters +* Other changes + - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux + - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation + - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails + - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup + - JDK-8030350: Enable additional compiler warnings for GCC + - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows + - JDK-8036122: Fix warning 'format not a string literal' + - JDK-8039279: Move awt tests to openjdk repository + - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk + - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository + - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree + - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m + - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests + - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk + - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository + - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository + - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests + - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository + - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2 + - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK + - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3 + - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK + - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4 + - JDK-8051440: move tests about maximizing undecorated to OpenJDK + - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null! + - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5 + - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3) + - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK + - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6 + - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7 + - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8 + - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK + - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk + - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9 + - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10 + - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails + - JDK-8062808: Turn on the -Wreturn-type warning + - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1 + - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2 + - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1 + - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2 + - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing + - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases + - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease + - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes() + - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel + - JDK-8068275: Some tests failed after JDK-8063104 + - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once + - JDK-8074807: Fix some tests unnecessary using internal API + - JDK-8076315: move 4 manual functional swing tests to regression suite + - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT + - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows + - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful + - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent + - JDK-8148916: Mark bug6400879.java as intermittently failing + - JDK-8148983: Fix extra comma in changes for JDK-8148916 + - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants + - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic + - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails + - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits + - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java + - JDK-8165808: Add release barriers when allocating objects with concurrent collection + - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java + - JDK-8166583: Add oopDesc::klass_or_null_acquire() + - JDK-8166663: Simplify oops_on_card_seq_iterate_careful + - JDK-8166862: CMS needs klass_or_null_acquire + - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X + - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp + - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event + - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument + - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8 + - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017 + - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out + - JDK-8207766: [testbug] Adapt tests for Aix. + - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation + - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash + - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior + - JDK-8217362: Emergency dump does not work when disk=false is set + - JDK-8217766: Container Support doesn't work for some Join Controllers combinations + - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3 + - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable + - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp + - JDK-8220657: JFR.dump does not work when filename is set + - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562 + - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing + - JDK-8221710: [TESTBUG] more configurable parameters for docker testing + - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable + - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM + - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs + - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100 + - JDK-8229868: Update Apache Santuario TPRM version + - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread + - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes + - JDK-8232114: JVM crashed at imjpapi.dll in native code + - JDK-8233548: Update CUP to v0.11b + - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area + - JDK-8234339: replace JLI_StrTok in java_md_solinux.c + - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes + - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test + - JDK-8242335: Additional Tests for RSASSA-PSS + - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker + - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in + - JDK-8245400: Upgrade to LittleCMS 2.11 + - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480 + - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention + - JDK-8249176: Update GlobalSignR6CA test certificates + - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior + - JDK-8250636: iso8601_time returns incorrect offset part on MacOS + - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY + - JDK-8250928: JFR: Improve hash algorithm for stack traces + - JDK-8251365: Build failure on AIX after 8250636 + - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java + - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers + - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE + - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries + - JDK-8252497: Incorrect numeric currency code for ROL + - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent + - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed + - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal + - JDK-8253036: Support building the Zero assembler port on AArch64 + - JDK-8253284: Zero OrderAccess barrier mappings are incorrect + - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip + - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly + - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion + - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate + - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp + - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp + - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails + - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c + - JDK-8255003: Build failures on Solaris + - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d + - JDK-8255269: Unsigned overflow in g1Policy.cpp + - JDK-8255603: Memory/Performance regression after JDK-8210985 + - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized + - JDK-8256618: Zero: Linux x86_32 build still fails + - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap + - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder + - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace + - JDK-8258630: Add expiry exception for QuoVadis root certificate +* AArch64 port + - Fix AArch64 build failure after JDK-8062808 backport +* Shenandoah + - Fix racy update of code roots + +Notes on individual issues: +=========================== + +security-libs/javax.xml.crypto: + +JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3 +=========================================================================== +The XML Signature implementation in the `java.xml.crypto` module has +been updated to version 2.1.3 of Apache Santuario. New features +include: + +* Added support for embedding elliptic curve public keys in the + KeyValue element + +New in release OpenJDK 8u275 (2020-11-05): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u275 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt + +* Regression fixes + - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate" + - JDK-8223940: Private key not supported by chosen signature algorithm + - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding + - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool) + +New in release OpenJDK 8u272 (2020-10-20): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u272 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt + +* New features + - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7 +* Security fixes + - JDK-8233624: Enhance JNI linkage + - JDK-8236196: Improve string pooling + - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class + - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts + - JDK-8237995, CVE-2020-14782: Enhance certificate processing + - JDK-8240124: Better VM Interning + - JDK-8241114, CVE-2020-14792: Better range handling + - JDK-8242680, CVE-2020-14796: Improved URI Support + - JDK-8242685, CVE-2020-14797: Better Path Validation + - JDK-8242695, CVE-2020-14798: Enhanced buffer support + - JDK-8243302: Advanced class supports + - JDK-8244136, CVE-2020-14803: Improved Buffer supports + - JDK-8244479: Further constrain certificates + - JDK-8244955: Additional Fix for JDK-8240124 + - JDK-8245407: Enhance zoning of times + - JDK-8245412: Better class definitions + - JDK-8245417: Improve certificate chain handling + - JDK-8248574: Improve jpeg processing + - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit + - JDK-8253019: Enhanced JPEG decoding +* Other changes + - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes + - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java + - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times + - JDK-8025886: replace [[ and == bash extensions in regtest + - JDK-8026236: Add PrimeTest for BigInteger + - JDK-8031625: javadoc problems referencing inner class constructors + - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals + - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c + - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails + - JDK-8046274: Removing dependency on jakarta-regexp + - JDK-8048933: -XX:+TraceExceptions output should include the message + - JDK-8057003: Large reference arrays cause extremely long synchronization times + - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler + - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double + - JDK-8062947: Fix exception message to correctly represent LDAP connection failure + - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds + - JDK-8075774: Small readability and performance improvements for zipfs + - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails + - JDK-8078334: Mark regression tests using randomness + - JDK-8078880: Mark a few more intermittently failuring security-libs + - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support + - JDK-8132206: move ScanTest.java into OpenJDK + - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API + - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java + - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh + - JDK-8144539: Update PKCS11 tests to run with security manager + - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8 + - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape + - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent + - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect + - JDK-8151788: NullPointerException from ntlm.Client.type3 + - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently + - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings + - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout + - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public + - JDK-8154313: Generated javadoc scattered all over the place + - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization + - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider + - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working + - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k + - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files + - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite + - JDK-8166148: Fix for JDK-8165936 broke solaris builds + - JDK-8167300: Scheduling failures during gcm should be fatal + - JDK-8167615: Opensource unit/regression tests for JavaSound + - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed + - JDK-8169925: PKCS #11 Cryptographic Token Interface license + - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java + - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled + - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1 + - JDK-8177628: Opensource unit/regression tests for ImageIO + - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java + - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java + - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh + - JDK-8184762: ZapStackSegments should use optimized memset + - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test. + - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied + - JDK-8193137: Nashorn crashes when given an empty script file + - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak + - JDK-8194298: Add support for per Socket configuration of TCP keepalive + - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error + - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails + - JDK-8201633: Problems with AES-GCM native acceleration + - JDK-8203357: Container Metrics + - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts + - JDK-8210147: adjust some WSAGetLastError usages in windows network coding + - JDK-8211049: Second parameter of "initialize" method is not used + - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean + - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions + - JDK-8214862: assert(proj != __null) at compile.cpp:3251 + - JDK-8216283: Allow shorter method sampling interval than 10 ms + - JDK-8217606: LdapContext#reconnect always opens a new connection + - JDK-8217647: JFR: recordings on 32-bit systems unreadable + - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11 + - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10 + - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero + - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly + - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound + - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6 + - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file + - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs + - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified + - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp + - JDK-8224217: RecordingInfo should use textual representation of path + - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support) + - JDK-8226575: OperatingSystemMXBean should be made container aware + - JDK-8226697: Several tests which need the @key headful keyword are missing it. + - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous + - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM + - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow + - JDK-8230303: JDB hangs when running monitor command + - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG + - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo + - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate + - JDK-8233097: Fontmetrics for large Fonts has zero width + - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name + - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion + - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version + - JDK-8235325: build failure on Linux after 8235243 + - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink + - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages + - JDK-8237951: CTW: C2 compilation fails with "malformed control flow" + - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary + - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10 + - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10 + - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10 + - JDK-8238898: Missing hash characters for header on license file + - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD + - JDK-8239819: XToolkit: Misread of screen information memory + - JDK-8240295: hs_err elapsed time in seconds is not accurate enough + - JDK-8240676: Meet not symmetric failure when running lucene on jdk8 + - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one + - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash + - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array + - JDK-8243138: Enhance BaseLdapServer to support starttls extended request + - JDK-8243320: Add SSL root certificates to Oracle Root CA program + - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program + - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions + - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26 + - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor + - JDK-8245467: Remove 8u TLSv1.2 implementation files + - JDK-8245469: Remove DTLS protocol implementation + - JDK-8245470: Fix JDK8 compatibility issues + - JDK-8245471: Revert JDK-8148188 + - JDK-8245472: Backport JDK-8038893 to JDK8 + - JDK-8245473: OCSP stapling support + - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712 + - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default + - JDK-8245477: Adjust TLS tests location + - JDK-8245653: Remove 8u TLS tests + - JDK-8245681: Add TLSv1.3 regression test from 11.0.7 + - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ + - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR + - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release + - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport + - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read + - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase + - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public + - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + - JDK-8250546: Expect changed behaviour reported in JDK-8249846 + - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics + - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java + - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update + - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher + - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false + - JDK-8251341: Minimal Java specification change + - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u + - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds + - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled + - JDK-8252573: 8u: Windows build failed after 8222079 backport + - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed + - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158 + - JDK-8254937: Revert JDK-8148854 for 8u272 + +Notes on individual issues: +=========================== + +core-svc/java.lang.management: + +JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data +============================================================================================ +When executing in a container, or other virtualized operating +environment, the following `OperatingSystemMXBean` methods in this +release return container specific information, if +available. Otherwise, they return host specific data: + +* getFreePhysicalMemorySize() +* getTotalPhysicalMemorySize() +* getFreeSwapSpaceSize() +* getTotalSwapSpaceSize() +* getSystemCpuLoad() + +security-libs/java.security: + +JDK-8250756: Added Entrust Root Certification Authority - G4 certificate +======================================================================== +The Entrust root certificate has been added to the cacerts truststore: + +Alias Name: entrustrootcag4 +Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US + +JDK-8250860: Added 3 SSL Corporation Root CA Certificates +========================================================= +The following root certificates have been added to the cacerts truststore for the SSL Corporation: + +Alias Name: sslrootrsaca +Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US + +Alias Name: sslrootevrsaca +Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US + +Alias Name: sslrooteccca +Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US + +security-libs/javax.crypto:pkcs11: + +JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40 +======================================================================= +The SunPKCS11 provider has been updated with support for PKCS#11 +v2.40. This version adds support for more algorithms such as the +AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message +digests, and RSASSA-PSS signatures when the corresponding PKCS11 +mechanisms are supported by the underlying PKCS11 library. + +security-libs/javax.security: + +JDK-8242059: Support for canonicalize in krb5.conf +================================================== +The 'canonicalize' flag in the [krb5.conf file][0] is now supported by +the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name +canonicalization is requested by clients in TGT requests to KDC +services (AS protocol). Otherwise, and by default, it is not +requested. + +The new default behavior is different from previous releases where +name canonicalization was always requested by clients in TGT requests +to KDC services (provided that support for RFC 6806[1] was not +explicitly disabled with the *sun.security.krb5.disableReferrals* +system or security properties). + +[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html +[1]: https://tools.ietf.org/html/rfc6806 + +security-libs/javax.xml.crypto: + +JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1 +===================================================================== +The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario. + +New features include: + +1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified +in RFC 6931. +2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and +RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931. + +JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format +============================================================================================================ +The upgrade to the Apache Santuario libraries (see above) introduced +an issue where XML signature using Base64 encoding resulted in +appending ` ` or ` ` to the encoded output. This behavioural +change was made in the Apache Santuario codebase to comply with RFC +2045. The Santuario team has adopted a position of keeping their +libraries compliant with RFC 2045. + +Earlier versions of OpenJDK 8 using the legacy encoder returns encoded +data in a format without ` ` or ` `. + +Therefore a new system property, specific to the 8 update stream, +`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made +available to fall back to the legacy Base64 encoded format. + +Users can set this flag in one of two ways: + +1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true + +2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true") + +This new system property is disabled by default. It has no effect on +default behaviour nor when +`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property +is set. + +Later JDK family versions will only support the recommended property: + +`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` + +JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b +==================================================================== +Following JDK's update to tzdata2020b, the long-obsolete files +pacificnew and systemv have been removed. As a result, the +"US/Pacific-New" zone name declared in the pacificnew data file is no +longer available for use. + +Information regarding the update can be viewed at +https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html + +New in release OpenJDK 8u265 (2020-07-27): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/openjdk8u265 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt + +* Bug fixes + - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior + - JDK-8250546: Expect changed behaviour reported in JDK-8249846 + +New in release OpenJDK 8u262 (2020-07-14): +=========================================== +Live versions of these release notes can be found at: + * https://bitly.com/oj8u262 + * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt + +* New features + - JDK-8223147: JFR Backport +* Security fixes + - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue) + - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString() + - JDK-8230613: Better ASCII conversions + - JDK-8231800: Better listing of arrays + - JDK-8232014: Expand DTD support + - JDK-8233255: Better Swing Buttons + - JDK-8234032: Improve basic calendar services + - JDK-8234042: Better factory production of certificates + - JDK-8234418: Better parsing with CertificateFactory + - JDK-8234836: Improve serialization handling + - JDK-8236191: Enhance OID processing + - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior + - JDK-8237592, CVE-2020-14577: Enhance certificate verification + - JDK-8238002, CVE-2020-14581: Better matrix operations + - JDK-8238804: Enhance key handling process + - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable + - JDK-8238843: Enhanced font handing + - JDK-8238920, CVE-2020-14583: Better Buffer support + - JDK-8238925: Enhance WAV file playback + - JDK-8240119, CVE-2020-14593: Less Affine Transformations + - JDK-8240482: Improved WAV file playback + - JDK-8241379: Update JCEKS support + - JDK-8241522: Manifest improved jar headers redux + - JDK-8242136, CVE-2020-14621: Better XML namespace handling +* Other changes + - JDK-4949105: Access Bridge lacks html tags parsing + - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode + - JDK-8003209: JFR events for network utilization + - JDK-8030680: 292 cleanup from default method code assessment + - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently + - JDK-8037866: Replace the Fun class in tests with lambdas + - JDK-8041626: Shutdown tracing event + - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree + - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null + - JDK-8076475: Misuses of strncpy/strncat + - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset + - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp + - JDK-8146612: C2: Precedence edges specification violated + - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering + - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates + - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format + - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded" + - JDK-8165675: Trace event for thread park has incorrect unit for timeout + - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM + - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java + - JDK-8176182: 4 security tests are not run + - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method + - JDK-8178910: Problemlist sample tests + - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds + - JDK-8183925: Decouple crash protection from watcher thread + - JDK-8191393: Random crashes during cfree+0x1c + - JDK-8195817: JFR.stop should require name of recording + - JDK-8195818: JFR.start should increase autogenerated name by one + - JDK-8195819: Remove recording=x from jcmd JFR.check output + - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE + - JDK-8199712: Flight Recorder + - JDK-8202578: Revisit location for class unload events + - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events + - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder) + - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant + - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording + - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552 + - JDK-8203929: Limit amount of data for JFR.dump + - JDK-8205516: JFR tool + - JDK-8207392: [PPC64] Implement JFR profiling + - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it + - JDK-8209960: -Xlog:jfr* doesn't work with the JFR + - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread() + - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7 + - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch + - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events + - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions + - JDK-8213421: Line number information for execution samples always 0 + - JDK-8213617: JFR should record the PID of the recorded process + - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs. + - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests + - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test + - JDK-8213966: The ZGC JFR events should be marked as experimental + - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds + - JDK-8214750: Unnecessary

tags in jfr classes + - JDK-8214896: JFR Tool left files behind + - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError + - JDK-8214925: JFR tool fails to execute + - JDK-8215175: Inconsistencies in JFR event metadata + - JDK-8215237: jdk.jfr.Recording javadoc does not compile + - JDK-8215284: Reduce noise induced by periodic task getFileSize() + - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1) + - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails + - JDK-8215771: The jfr tool should pretty print reference chains + - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly + - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run() + - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp + - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps + - JDK-8216578: Remove unused/obsolete method in JFR code + - JDK-8216995: Clean up JFR command line processing + - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT + - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent + - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly + - JDK-8220293: Deadlock in JFR string pool + - JDK-8223689: Add JFR Thread Sampling Support + - JDK-8223690: Add JFR BiasedLock Event Support + - JDK-8223691: Add JFR G1 Region Type Change Event Support + - JDK-8223692: Add JFR G1 Heap Summary Event Support + - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant + - JDK-8224475: JTextPane does not show images in HTML rendering + - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020 + - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020 + - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden. + - JDK-8226779: [TESTBUG] Test JFR API from Java agent + - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys + - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory + - JDK-8227269: Slow class loading when running with JDWP + - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant" + - JDK-8229366: JFR backport allows unchecked writing to memory + - JDK-8229401: Fix JFR code cache test failures + - JDK-8229708: JFR backport code does not initialize + - JDK-8229873: 8229401 broke jdk8u-jfr-incubator + - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions + - JDK-8229899: Make java.io.File.isInvalid() less racy + - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows + - JDK-8230597: Update GIFlib library to the 5.2.1 + - JDK-8230707: JFR related tests are failing + - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return + - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false + - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return + - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout + - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707 + - JDK-8231995: two jtreg tests failed after 8229366 is fixed + - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing + - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file + - JDK-8233880: Support compilers with multi-digit major version numbers + - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info + - JDK-8236008: Some backup files were accidentally left in the hotspot tree + - JDK-8236074: Missed package-info + - JDK-8236174: Should update javadoc since tags + - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing + - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport + - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01 + - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB + - JDK-8238589: Necessary code cleanup in JFR for JDK8u + - JDK-8238590: Enable JFR by default during compilation in 8u + - JDK-8239055: Wrong implementation of VMState.hasListener + - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair + - JDK-8239479: minimal1 and zero builds are failing + - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed + - JDK-8239867: correct over use of INCLUDE_JFR macro + - JDK-8240375: Disable JFR by default for July 2020 release + - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges + - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled + - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set + - JDK-8241750: x86_32 build failure after JDK-8227269 + - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport) + - JDK-8242788: Non-PCH build is broken after JDK-8191393 + - JDK-8242883: Incomplete backport of JDK-8078268: backport test part + - JDK-8243059: Build fails when --with-vendor-name contains a comma + - JDK-8243474: [TESTBUG] removed three tests of 0 bytes + - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638 + - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a + - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in + - JDK-8244461: [JDK 8u] Build fails with glibc 2.32 + - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result + - JDK-8244777: ClassLoaderStats VM Op uses constant hash value + - JDK-8244843: JapanEraNameCompatTest fails + - JDK-8245167: Top package in method profiling shows null in JMC + - JDK-8246223: Windows build fails after JDK-8227269 + - JDK-8246703: [TESTBUG] Add test for JDK-8233197 + - JDK-8248399: Build installs jfr binary when JFR is disabled + - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package + +Notes on individual issues: +=========================== + +hotspot/jfr: + +JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u +========================================================= + +OpenJDK 8u now contains the backport of JEP 328: Flight Recorder +(https://openjdk.java.net/jeps/328) from later versions of OpenJDK. + +JFR is a low-overhead framework to collect and provide data helpful to +troubleshoot the performance of the OpenJDK runtime and of Java +applications. It consists of a new API to define custom events under +the jdk.jfr namespace and a JMX interface to interact with the +framework. The recording can also be initiated with the application +startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces +the +XX:EnableTracing feature introduced in JEP 167, providing a more +efficient way to retrieve the same information. For compatibility +reasons, +XX:EnableTracing is still accepted, however no data will be +printed. + +While JFR is not built by default upstream, it is included in Red Hat +binaries for supported architectures (x86_64, AArch64 & PowerPC 64) + +hotspot/runtime: + +JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording +========================================================================================= + +JFR will be disabled with a warning message if it is enabled during +CDS dumping. The user will see the following warning message: + +OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping + +if JFR is enabled during CDS dumping such as in the following command +line: + +$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true + +security-libs/java.security: + +JDK-8244167: Removal of Comodo Root CA Certificate +================================================== + +The following expired Comodo root CA certificate was removed from the +`cacerts` keystore: + alias name "addtrustclass1ca [jdk]" + +Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE + +JDK-8244166: Removal of DocuSign Root CA Certificate +==================================================== + +The following expired DocuSign root CA certificate was removed from + the `cacerts` keystore: + alias name "keynectisrootca [jdk]" + +Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR + +security-libs/javax.crypto:pkcs11: + +JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database +============================================================================================================================ + +The SunPKCS11 security provider can now be initialized with NSS when +FIPS-enabled external modules are configured in the Security Modules +Database (NSSDB). Prior to this change, the SunPKCS11 provider would +throw a RuntimeException with the message: "FIPS flag set for +non-internal module" when such a library was configured for NSS in +non-FIPS mode. + +This change allows the JDK to work properly with recent NSS releases +on GNU/Linux operating systems when the system-wide FIPS policy is +turned on. + +Further information can be found in JDK-8238555. + New in release OpenJDK 8u252 (2020-04-14): =========================================== Live versions of these release notes can be found at: diff --git a/SOURCES/jdk8042159-allow_using_system_installed_lcms2-jdk.patch b/SOURCES/jdk8042159-allow_using_system_installed_lcms2-jdk.patch new file mode 100644 index 0000000..ebfbdd2 --- /dev/null +++ b/SOURCES/jdk8042159-allow_using_system_installed_lcms2-jdk.patch @@ -0,0 +1,68 @@ +diff --git openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk openjdk/jdk/make/lib/Awt2dLibraries.gmk +--- openjdk.orig/jdk/make/lib/Awt2dLibraries.gmk ++++ openjdk/jdk/make/lib/Awt2dLibraries.gmk +@@ -665,18 +665,35 @@ + endif + endif + ++LIBLCMS_DIR := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms ++ ++ifeq ($(USE_EXTERNAL_LCMS), true) ++ # If we're using an external library, we'll just need the wrapper part. ++ # By including it explicitely, all other files will be excluded. ++ BUILD_LIBLCMS_INCLUDE_FILES := LCMS.c ++ BUILD_LIBLCMS_HEADERS := ++else ++ BUILD_LIBLCMS_INCLUDE_FILES := ++ # If we're using the bundled library, we'll need to include it in the ++ # include path explicitly. Otherwise the system headers will be used. ++ BUILD_LIBLCMS_HEADERS := -I$(LIBLCMS_DIR) ++endif ++ + # TODO: Update awt lib path when awt is converted + $(eval $(call SetupNativeCompilation,BUILD_LIBLCMS, \ + LIBRARY := lcms, \ + OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ +- SRC := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms, \ ++ SRC := $(LIBLCMS_DIR), \ ++ INCLUDE_FILES := $(BUILD_LIBLCMS_INCLUDE_FILES), \ + LANG := C, \ + OPTIMIZATION := HIGHEST, \ + CFLAGS := $(filter-out -xc99=%none, $(CFLAGS_JDKLIB)) \ + -DCMS_DONT_USE_FAST_FLOOR \ + $(SHARED_LIBRARY_FLAGS) \ + -I$(JDK_TOPDIR)/src/share/native/sun/java2d \ +- -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug, \ ++ -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug \ ++ $(BUILD_LIBLCMS_HEADERS) \ ++ $(LCMS_CFLAGS), \ + CFLAGS_solaris := -xc99=no_lib, \ + CFLAGS_windows := -DCMS_IS_WINDOWS_, \ + MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \ +@@ -684,10 +701,10 @@ + $(call SET_SHARED_LIBRARY_ORIGIN), \ + LDFLAGS_solaris := /usr/lib$(OPENJDK_TARGET_CPU_ISADIR)/libm.so.2, \ + LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \ +- LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc, \ +- LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm, \ +- LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm, \ +- LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm,\ ++ LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc $(LCMS_LIBS), \ ++ LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm $(LCMS_LIBS), \ ++ LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm $(LCMS_LIBS), \ ++ LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm $(LCMS_LIBS),\ + VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ + RC_FLAGS := $(RC_FLAGS) \ + -D "JDK_FNAME=lcms.dll" \ +diff --git openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c +--- openjdk.orig/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c ++++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c +@@ -30,7 +30,7 @@ + #include "jni_util.h" + #include "Trace.h" + #include "Disposer.h" +-#include "lcms2.h" ++#include + #include "jlong.h" + + diff --git a/SOURCES/jdk8042159-allow_using_system_installed_lcms2-root.patch b/SOURCES/jdk8042159-allow_using_system_installed_lcms2-root.patch new file mode 100644 index 0000000..7ce90b1 --- /dev/null +++ b/SOURCES/jdk8042159-allow_using_system_installed_lcms2-root.patch @@ -0,0 +1,50 @@ +diff -ruN openjdk/common/autoconf/libraries.m4 openjdk/common/autoconf/libraries.m4 +--- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500 ++++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500 +@@ -676,6 +676,46 @@ + + ############################################################################### + # ++ # Check for the lcms2 library ++ # ++ ++ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms], ++ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])]) ++ ++ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile, ++ [ LCMS_FOUND=yes ], ++ [ LCMS_FOUND=no ]) ++ ++ AC_MSG_CHECKING([for which lcms to use]) ++ ++ DEFAULT_LCMS=bundled ++ ++ # ++ # If user didn't specify, use DEFAULT_LCMS ++ # ++ if test "x${with_lcms}" = "x"; then ++ with_lcms=${DEFAULT_LCMS} ++ fi ++ ++ if test "x${with_lcms}" = "xbundled"; then ++ USE_EXTERNAL_LCMS=false ++ AC_MSG_RESULT([bundled]) ++ elif test "x${with_lcms}" = "xsystem"; then ++ if test "x${LCMS_FOUND}" = "xyes"; then ++ USE_EXTERNAL_LCMS=true ++ AC_MSG_RESULT([system]) ++ else ++ AC_MSG_RESULT([system not found]) ++ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!]) ++ fi ++ else ++ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled']) ++ fi ++ ++ AC_SUBST(USE_EXTERNAL_LCMS) ++ ++ ############################################################################### ++ # + # Check for the png library + # + diff --git a/SOURCES/jdk8042159-allow_using_system_installed_lcms2.patch b/SOURCES/jdk8042159-allow_using_system_installed_lcms2.patch deleted file mode 100644 index 6f39b57..0000000 --- a/SOURCES/jdk8042159-allow_using_system_installed_lcms2.patch +++ /dev/null @@ -1,118 +0,0 @@ -diff -ruN jdk8/common/autoconf/libraries.m4 jdk8/common/autoconf/libraries.m4 ---- openjdk/common/autoconf/libraries.m4 2013-11-14 22:04:38.039440136 -0500 -+++ openjdk/common/autoconf/libraries.m4 2013-11-14 22:05:11.474356424 -0500 -@@ -676,6 +676,46 @@ - - ############################################################################### - # -+ # Check for the lcms2 library -+ # -+ -+ AC_ARG_WITH(lcms, [AS_HELP_STRING([--with-lcms], -+ [use lcms2 from build system or OpenJDK source (system, bundled) @<:@bundled@:>@])]) -+ -+ AC_CHECK_LIB(lcms2, cmsOpenProfileFromFile, -+ [ LCMS_FOUND=yes ], -+ [ LCMS_FOUND=no ]) -+ -+ AC_MSG_CHECKING([for which lcms to use]) -+ -+ DEFAULT_LCMS=bundled -+ -+ # -+ # If user didn't specify, use DEFAULT_LCMS -+ # -+ if test "x${with_lcms}" = "x"; then -+ with_lcms=${DEFAULT_LCMS} -+ fi -+ -+ if test "x${with_lcms}" = "xbundled"; then -+ USE_EXTERNAL_LCMS=false -+ AC_MSG_RESULT([bundled]) -+ elif test "x${with_lcms}" = "xsystem"; then -+ if test "x${LCMS_FOUND}" = "xyes"; then -+ USE_EXTERNAL_LCMS=true -+ AC_MSG_RESULT([system]) -+ else -+ AC_MSG_RESULT([system not found]) -+ AC_MSG_ERROR([--with-lcms=system specified, but no lcms found!]) -+ fi -+ else -+ AC_MSG_ERROR([Invalid value for --with-lcms: ${with_lcms}, use 'system' or 'bundled']) -+ fi -+ -+ AC_SUBST(USE_EXTERNAL_LCMS) -+ -+ ############################################################################### -+ # - # Check for the png library - # - -diff -ruN jdk8/jdk/make/lib/Awt2dLibraries.gmk jdk8/jdk/make/lib/Awt2dLibraries.gmk ---- openjdk/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 22:04:38.040440133 -0500 -+++ openjdk/jdk/make/lib/Awt2dLibraries.gmk 2013-11-14 22:05:11.475356411 -0500 -@@ -666,18 +666,35 @@ - - ########################################################################################## - -+LIBLCMS_DIR := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms -+ -+ifeq ($(USE_EXTERNAL_LCMS), true) -+ # If we're using an external library, we'll just need the wrapper part. -+ # By including it explicitely, all other files will be excluded. -+ BUILD_LIBLCMS_INCLUDE_FILES := LCMS.c -+ BUILD_LIBLCMS_HEADERS := -+else -+ BUILD_LIBLCMS_INCLUDE_FILES := -+ # If we're using the bundled library, we'll need to include it in the -+ # include path explicitly. Otherwise the system headers will be used. -+ BUILD_LIBLCMS_HEADERS := -I$(LIBLCMS_DIR) -+endif -+ - # TODO: Update awt lib path when awt is converted - $(eval $(call SetupNativeCompilation,BUILD_LIBLCMS, \ - LIBRARY := lcms, \ - OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \ -- SRC := $(JDK_TOPDIR)/src/share/native/sun/java2d/cmm/lcms, \ -+ SRC := $(LIBLCMS_DIR), \ -+ INCLUDE_FILES := $(BUILD_LIBLCMS_INCLUDE_FILES), \ - LANG := C, \ - OPTIMIZATION := HIGHEST, \ - CFLAGS := $(filter-out -xc99=%none, $(CFLAGS_JDKLIB)) \ - -DCMS_DONT_USE_FAST_FLOOR \ - $(SHARED_LIBRARY_FLAGS) \ - -I$(JDK_TOPDIR)/src/share/native/sun/java2d \ -- -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug, \ -+ -I$(JDK_TOPDIR)/src/share/native/sun/awt/debug \ -+ $(BUILD_LIBLCMS_HEADERS) \ -+ $(LCMS_CFLAGS), \ - CFLAGS_solaris := -xc99=no_lib, \ - CFLAGS_windows := -DCMS_IS_WINDOWS_, \ - MAPFILE := $(JDK_TOPDIR)/make/mapfiles/liblcms/mapfile-vers, \ -@@ -685,10 +702,10 @@ - $(call SET_SHARED_LIBRARY_ORIGIN), \ - LDFLAGS_solaris := /usr/lib$(OPENJDK_TARGET_CPU_ISADIR)/libm.so.2, \ - LDFLAGS_windows := $(WIN_AWT_LIB) $(WIN_JAVA_LIB), \ -- LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc, \ -- LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm, \ -- LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm, \ -- LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm,\ -+ LDFLAGS_SUFFIX_solaris := -lawt -ljava -ljvm -lc $(LCMS_LIBS), \ -+ LDFLAGS_SUFFIX_macosx := $(LIBM) -lawt -ljava -ljvm $(LCMS_LIBS), \ -+ LDFLAGS_SUFFIX_linux := -lm -lawt -ljava -ljvm $(LCMS_LIBS), \ -+ LDFLAGS_SUFFIX_aix := -lm -lawt -ljava -ljvm $(LCMS_LIBS),\ - VERSIONINFO_RESOURCE := $(JDK_TOPDIR)/src/windows/resource/version.rc, \ - RC_FLAGS := $(RC_FLAGS) \ - -D "JDK_FNAME=lcms.dll" \ -diff -r 3d1c3b0b73a3 src/share/native/sun/java2d/cmm/lcms/LCMS.c ---- openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c Tue Sep 08 22:31:26 2015 +0300 -+++ openjdk/jdk/src/share/native/sun/java2d/cmm/lcms/LCMS.c Thu Oct 15 05:29:28 2015 +0100 -@@ -30,7 +30,7 @@ - #include "jni_util.h" - #include "Trace.h" - #include "Disposer.h" --#include "lcms2.h" -+#include - #include "jlong.h" - - diff --git a/SOURCES/jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch b/SOURCES/jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch deleted file mode 100644 index e91abd3..0000000 --- a/SOURCES/jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch +++ /dev/null @@ -1,191 +0,0 @@ -# HG changeset patch -# User stefank -# Date 1525453613 -3600 -# Fri May 04 18:06:53 2018 +0100 -# Node ID 07a1135a327362f157955d470fad5df07cc35164 -# Parent de79964656fc652f2085dac4fe99bcc128b5a3b1 -8062808, PR3548: Turn on the -Wreturn-type warning -Reviewed-by: mgerdin, tschatzl, coleenp, jrose, kbarrett - -diff --git openjdk.orig/hotspot/make/linux/makefiles/gcc.make openjdk/hotspot/make/linux/makefiles/gcc.make ---- openjdk.orig/hotspot/make/linux/makefiles/gcc.make -+++ openjdk/hotspot/make/linux/makefiles/gcc.make -@@ -210,7 +210,7 @@ - WARNINGS_ARE_ERRORS += -Wno-return-type -Wno-empty-body - endif - --WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wundef -Wunused-function -Wunused-value -+WARNING_FLAGS = -Wpointer-arith -Wsign-compare -Wundef -Wunused-function -Wunused-value -Wreturn-type - - ifeq ($(USE_CLANG),) - # Since GCC 4.3, -Wconversion has changed its meanings to warn these implicit -diff --git openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad openjdk/hotspot/src/cpu/x86/vm/x86_32.ad ---- openjdk.orig/hotspot/src/cpu/x86/vm/x86_32.ad -+++ openjdk/hotspot/src/cpu/x86/vm/x86_32.ad -@@ -1250,6 +1250,7 @@ - - - Unimplemented(); -+ return 0; // Mute compiler - } - - #ifndef PRODUCT -diff --git openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp ---- openjdk.orig/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp -+++ openjdk/hotspot/src/os_cpu/linux_x86/vm/os_linux_x86.cpp -@@ -541,6 +541,7 @@ - err.report_and_die(); - - ShouldNotReachHere(); -+ return true; // Mute compiler - } - - void os::Linux::init_thread_fpu_state(void) { -diff --git openjdk.orig/hotspot/src/share/vm/classfile/defaultMethods.cpp openjdk/hotspot/src/share/vm/classfile/defaultMethods.cpp ---- openjdk.orig/hotspot/src/share/vm/classfile/defaultMethods.cpp -+++ openjdk/hotspot/src/share/vm/classfile/defaultMethods.cpp -@@ -506,7 +506,7 @@ - ss.write((const char*)name->bytes(), name->utf8_length()); - ss.write((const char*)signature->bytes(), signature->utf8_length()); - ss.print(" is abstract"); -- return SymbolTable::new_symbol(ss.base(), (int)ss.size(), CHECK_NULL); -+ return SymbolTable::new_symbol(ss.base(), (int)ss.size(), THREAD); - } - - Symbol* MethodFamily::generate_conflicts_message(GrowableArray* methods, TRAPS) const { -@@ -521,7 +521,7 @@ - ss.print("."); - ss.write((const char*)name->bytes(), name->utf8_length()); - } -- return SymbolTable::new_symbol(ss.base(), (int)ss.size(), CHECK_NULL); -+ return SymbolTable::new_symbol(ss.base(), (int)ss.size(), THREAD); - } - - -diff --git openjdk.orig/hotspot/src/share/vm/classfile/symbolTable.cpp openjdk/hotspot/src/share/vm/classfile/symbolTable.cpp ---- openjdk.orig/hotspot/src/share/vm/classfile/symbolTable.cpp -+++ openjdk/hotspot/src/share/vm/classfile/symbolTable.cpp -@@ -249,7 +249,7 @@ - MutexLocker ml(SymbolTable_lock, THREAD); - - // Otherwise, add to symbol to table -- return the_table()->basic_add(index, (u1*)name, len, hashValue, true, CHECK_NULL); -+ return the_table()->basic_add(index, (u1*)name, len, hashValue, true, THREAD); - } - - Symbol* SymbolTable::lookup(const Symbol* sym, int begin, int end, TRAPS) { -@@ -288,7 +288,7 @@ - // Grab SymbolTable_lock first. - MutexLocker ml(SymbolTable_lock, THREAD); - -- return the_table()->basic_add(index, (u1*)buffer, len, hashValue, true, CHECK_NULL); -+ return the_table()->basic_add(index, (u1*)buffer, len, hashValue, true, THREAD); - } - - Symbol* SymbolTable::lookup_only(const char* name, int len, -diff --git openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp ---- openjdk.orig/hotspot/src/share/vm/classfile/systemDictionary.cpp -+++ openjdk/hotspot/src/share/vm/classfile/systemDictionary.cpp -@@ -229,15 +229,15 @@ - class_name->as_C_string(), - class_loader.is_null() ? "null" : class_loader->klass()->name()->as_C_string())); - if (FieldType::is_array(class_name)) { -- return resolve_array_class_or_null(class_name, class_loader, protection_domain, CHECK_NULL); -+ return resolve_array_class_or_null(class_name, class_loader, protection_domain, THREAD); - } else if (FieldType::is_obj(class_name)) { - ResourceMark rm(THREAD); - // Ignore wrapping L and ;. - TempNewSymbol name = SymbolTable::new_symbol(class_name->as_C_string() + 1, - class_name->utf8_length() - 2, CHECK_NULL); -- return resolve_instance_class_or_null(name, class_loader, protection_domain, CHECK_NULL); -+ return resolve_instance_class_or_null(name, class_loader, protection_domain, THREAD); - } else { -- return resolve_instance_class_or_null(class_name, class_loader, protection_domain, CHECK_NULL); -+ return resolve_instance_class_or_null(class_name, class_loader, protection_domain, THREAD); - } - } - -diff --git openjdk.orig/hotspot/src/share/vm/memory/heapInspection.hpp openjdk/hotspot/src/share/vm/memory/heapInspection.hpp ---- openjdk.orig/hotspot/src/share/vm/memory/heapInspection.hpp -+++ openjdk/hotspot/src/share/vm/memory/heapInspection.hpp -@@ -367,7 +367,7 @@ - _csv_format(csv_format), _print_help(print_help), - _print_class_stats(print_class_stats), _columns(columns) {} - void heap_inspection(outputStream* st) NOT_SERVICES_RETURN; -- size_t populate_table(KlassInfoTable* cit, BoolObjectClosure* filter = NULL) NOT_SERVICES_RETURN; -+ size_t populate_table(KlassInfoTable* cit, BoolObjectClosure* filter = NULL) NOT_SERVICES_RETURN_(0); - static void find_instances_at_safepoint(Klass* k, GrowableArray* result) NOT_SERVICES_RETURN; - private: - void iterate_over_heap(KlassInfoTable* cit, BoolObjectClosure* filter = NULL); -diff --git openjdk.orig/hotspot/src/share/vm/memory/metaspaceShared.hpp openjdk/hotspot/src/share/vm/memory/metaspaceShared.hpp ---- openjdk.orig/hotspot/src/share/vm/memory/metaspaceShared.hpp -+++ openjdk/hotspot/src/share/vm/memory/metaspaceShared.hpp -@@ -93,7 +93,7 @@ - static void preload_and_dump(TRAPS) NOT_CDS_RETURN; - static int preload_and_dump(const char * class_list_path, - GrowableArray* class_promote_order, -- TRAPS) NOT_CDS_RETURN; -+ TRAPS) NOT_CDS_RETURN_(0); - - static ReservedSpace* shared_rs() { - CDS_ONLY(return _shared_rs); -diff --git openjdk.orig/hotspot/src/share/vm/oops/constantPool.hpp openjdk/hotspot/src/share/vm/oops/constantPool.hpp ---- openjdk.orig/hotspot/src/share/vm/oops/constantPool.hpp -+++ openjdk/hotspot/src/share/vm/oops/constantPool.hpp -@@ -352,7 +352,7 @@ - - Klass* klass_at(int which, TRAPS) { - constantPoolHandle h_this(THREAD, this); -- return klass_at_impl(h_this, which, CHECK_NULL); -+ return klass_at_impl(h_this, which, THREAD); - } - - Symbol* klass_name_at(int which); // Returns the name, w/o resolving. -diff --git openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp openjdk/hotspot/src/share/vm/prims/jvm.cpp ---- openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp -+++ openjdk/hotspot/src/share/vm/prims/jvm.cpp -@@ -4244,7 +4244,7 @@ - JVM_DTraceProvider* providers)) - JVMWrapper("JVM_DTraceActivate"); - return DTraceJSDT::activate( -- version, module_name, providers_count, providers, CHECK_0); -+ version, module_name, providers_count, providers, THREAD); - JVM_END - - JVM_ENTRY(jboolean,JVM_DTraceIsProbeEnabled(JNIEnv* env, jmethodID method)) -diff --git openjdk.orig/hotspot/src/share/vm/runtime/reflection.cpp openjdk/hotspot/src/share/vm/runtime/reflection.cpp ---- openjdk.orig/hotspot/src/share/vm/runtime/reflection.cpp -+++ openjdk/hotspot/src/share/vm/runtime/reflection.cpp -@@ -1093,7 +1093,7 @@ - } else { - if (rtype == T_BOOLEAN || rtype == T_BYTE || rtype == T_CHAR || rtype == T_SHORT) - narrow((jvalue*) result.get_value_addr(), rtype, CHECK_NULL); -- return box((jvalue*) result.get_value_addr(), rtype, CHECK_NULL); -+ return box((jvalue*) result.get_value_addr(), rtype, THREAD); - } - } - -diff --git openjdk.orig/hotspot/src/share/vm/runtime/sharedRuntime.cpp openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp ---- openjdk.orig/hotspot/src/share/vm/runtime/sharedRuntime.cpp -+++ openjdk/hotspot/src/share/vm/runtime/sharedRuntime.cpp -@@ -1046,7 +1046,7 @@ - // last java frame on stack (which includes native call frames) - vframeStream vfst(thread, true); // Do not skip and javaCalls - -- return find_callee_info_helper(thread, vfst, bc, callinfo, CHECK_(Handle())); -+ return find_callee_info_helper(thread, vfst, bc, callinfo, THREAD); - } - - -diff --git openjdk.orig/hotspot/src/share/vm/services/memTracker.hpp openjdk/hotspot/src/share/vm/services/memTracker.hpp ---- openjdk.orig/hotspot/src/share/vm/services/memTracker.hpp -+++ openjdk/hotspot/src/share/vm/services/memTracker.hpp -@@ -64,7 +64,7 @@ - const NativeCallStack& stack, MEMFLAGS flag = mtNone) { } - static inline void record_virtual_memory_commit(void* addr, size_t size, const NativeCallStack& stack) { } - static inline Tracker get_virtual_memory_uncommit_tracker() { return Tracker(); } -- static inline Tracker get_virtual_memory_release_tracker() { } -+ static inline Tracker get_virtual_memory_release_tracker() { return Tracker(); } - static inline void record_virtual_memory_type(void* addr, MEMFLAGS flag) { } - static inline void record_thread_stack(void* addr, size_t size) { } - static inline void release_thread_stack(void* addr, size_t size) { } diff --git a/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch b/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch index 98d3903..239cd68 100644 --- a/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch +++ b/SOURCES/jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch @@ -34,12 +34,12 @@ diff --git openjdk.orig/hotspot/make/linux/makefiles/zeroshark.make openjdk/hots diff --git openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp --- openjdk.orig/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp +++ openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp -@@ -100,7 +100,7 @@ - case T_DOUBLE: - case T_VOID: +@@ -102,7 +102,7 @@ return result; -- default : ShouldNotReachHere(); -+ default : ShouldNotReachHere(); return NULL_WORD; + default: + ShouldNotReachHere(); +- return result; // silence compiler warnings ++ return NULL_WORD; // silence compiler warnings } } diff --git a/SOURCES/jdk8154313-generated_javadoc_scattered_all_over_the_place.patch b/SOURCES/jdk8154313-generated_javadoc_scattered_all_over_the_place.patch deleted file mode 100644 index 3a43c5f..0000000 --- a/SOURCES/jdk8154313-generated_javadoc_scattered_all_over_the_place.patch +++ /dev/null @@ -1,68 +0,0 @@ ---- jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.069477682 +0200 -+++ jdk8/make/Javadoc.gmk 2016-04-01 16:53:41.014477059 +0200 -@@ -220,6 +220,12 @@ - JRE_API_DOCSDIR = $(DOCSDIR)/jre/api - PLATFORM_DOCSDIR = $(DOCSDIR)/platform - -+ -+JAVADOC_ARCHIVE_NAME := jdk-$(FULL_VERSION)-docs.zip -+JAVADOC_ARCHIVE_ASSEMBLY_DIR := $(DOCSTMPDIR)/zip-docs -+JAVADOC_ARCHIVE_DIR := $(OUTPUT_ROOT)/bundles -+JAVADOC_ARCHIVE := $(JAVADOC_ARCHIVE_DIR)/$(JAVADOC_ARCHIVE_NAME) -+ - # The non-core api javadocs need to be able to access the root of the core - # api directory, so for jdk/api or jre/api to get to the core api/ - # directory we would use this: -@@ -319,6 +325,37 @@ - all: docs - docs: coredocs otherdocs - -+# -+# Optional target which bundles all generated javadocs into a zip -+# archive. The dependency on docs is handled in Main.gmk. Incremental -+# building of docs is currently broken so if you invoke zip-docs after -+# docs, the docs are always rebuilt. -+# -+ -+zip-docs: $(JAVADOC_ARCHIVE) -+ -+# -+# Add the core docs as prerequisite to the archive to trigger a rebuild -+# if the core docs were rebuilt. Ideally any doc rebuild should trigger -+# this, but the way prerequisites are currently setup in this file, that -+# is hard to achieve. -+# -+ -+$(JAVADOC_ARCHIVE): $(COREAPI_INDEX_FILE) -+ @$(ECHO) "Compressing javadoc to single $(JAVADOC_ARCHIVE_NAME)" ; -+ $(MKDIR) -p $(JAVADOC_ARCHIVE_DIR) ; -+ $(RM) -r $(JAVADOC_ARCHIVE_ASSEMBLY_DIR) ; -+ $(MKDIR) -p $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); -+ all_roots=`$(FIND) $(DOCSDIR) | $(GREP) index.html `; \ -+ pushd $(JAVADOC_ARCHIVE_ASSEMBLY_DIR); \ -+ for index_file in $${all_roots} ; do \ -+ target_dir=`dirname $${index_file}`; \ -+ name=`$(ECHO) $${target_dir} | $(SED) "s;/spec;;" | $(SED) "s;.*/;;"`; \ -+ $(LN) -s $${target_dir} $${name}; \ -+ done; \ -+ $(ZIP) -q -r $(JAVADOC_ARCHIVE) * ; \ -+ popd ; -+ - ################################################################# - # Production Targets -- USE THESE TARGETS WHEN: - # a) You're generating docs outside of release engineering's ---- jdk8/make/Main.gmk 2016-04-01 16:53:41.311480424 +0200 -+++ jdk8/make/Main.gmk 2016-04-01 16:53:41.266479914 +0200 -@@ -165,6 +165,12 @@ - @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk docs) - @$(call TargetExit) - -+zip-docs: docs zip-docs-only -+zip-docs-only: start-make -+ @$(call TargetEnter) -+ @($(CD) $(SRC_ROOT)/make && $(BUILD_LOG_WRAPPER) $(MAKE) $(MAKE_ARGS) -f Javadoc.gmk zip-docs) -+ @$(call TargetExit) -+ - sign-jars: jdk sign-jars-only - sign-jars-only: start-make - @$(call TargetEnter) diff --git a/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch b/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch deleted file mode 100644 index d7afbc6..0000000 --- a/SOURCES/jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch +++ /dev/null @@ -1,257 +0,0 @@ -# HG changeset patch -# User weijun -# Date 1513099798 -28800 -# Wed Dec 13 01:29:58 2017 +0800 -# Node ID aa8f2e25f003feddf362892b2820fa2839c854b6 -# Parent 9ebb70cb99a472b5fee9ac08240b7979468c2fa5 -8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite -Reviewed-by: weijun -Contributed-by: Martin Balao - -diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java ---- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/Secmod.java -+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/Secmod.java -@@ -196,13 +196,23 @@ - } - - if (configDir != null) { -- File configBase = new File(configDir); -- if (configBase.isDirectory() == false ) { -- throw new IOException("configDir must be a directory: " + configDir); -+ String configDirPath = null; -+ String sqlPrefix = "sql:/"; -+ if (!configDir.startsWith(sqlPrefix)) { -+ configDirPath = configDir; -+ } else { -+ StringBuilder configDirPathSB = new StringBuilder(configDir); -+ configDirPath = configDirPathSB.substring(sqlPrefix.length()); - } -- File secmodFile = new File(configBase, "secmod.db"); -- if (secmodFile.isFile() == false) { -- throw new FileNotFoundException(secmodFile.getPath()); -+ File configBase = new File(configDirPath); -+ if (configBase.isDirectory() == false ) { -+ throw new IOException("configDir must be a directory: " + configDirPath); -+ } -+ if (!configDir.startsWith(sqlPrefix)) { -+ File secmodFile = new File(configBase, "secmod.db"); -+ if (secmodFile.isFile() == false) { -+ throw new FileNotFoundException(secmodFile.getPath()); -+ } - } - } - -diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/README-SQLITE -@@ -0,0 +1,8 @@ -+// How to create key4.db and cert9.db -+cd -+echo "" > 1 -+echo "test12" > 2 -+modutil -create -force -dbdir sql:/$(pwd) -+modutil -list "NSS Internal PKCS #11 Module" -dbdir sql:/$(pwd) -+modutil -changepw "NSS Certificate DB" -force -dbdir sql:/$(pwd) -pwfile $(pwd)/1 -newpwfile $(pwd)/2 -+ -diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/TestNssDbSqlite.java -@@ -0,0 +1,134 @@ -+/* -+ * Copyright (c) 2017, Red Hat, Inc. and/or its affiliates. -+ * -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+/* -+ * @test -+ * @bug 8165996 -+ * @summary Test NSS DB Sqlite -+ * @library ../ -+ * @modules java.base/sun.security.rsa -+ * java.base/sun.security.provider -+ * java.base/sun.security.jca -+ * java.base/sun.security.tools.keytool -+ * java.base/sun.security.x509 -+ * java.base/com.sun.crypto.provider -+ * jdk.crypto.cryptoki/sun.security.pkcs11:+open -+ * @run main/othervm/timeout=120 TestNssDbSqlite -+ * @author Martin Balao (mbalao@redhat.com) -+ */ -+ -+import java.security.PrivateKey; -+import java.security.cert.Certificate; -+import java.security.KeyStore; -+import java.security.Provider; -+import java.security.Signature; -+ -+import sun.security.rsa.SunRsaSign; -+import sun.security.jca.ProviderList; -+import sun.security.jca.Providers; -+import sun.security.tools.keytool.CertAndKeyGen; -+import sun.security.x509.X500Name; -+ -+public final class TestNssDbSqlite extends SecmodTest { -+ -+ private static final boolean enableDebug = true; -+ -+ private static Provider sunPKCS11NSSProvider; -+ private static Provider sunRsaSignProvider; -+ private static Provider sunJCEProvider; -+ private static KeyStore ks; -+ private static char[] passphrase = "test12".toCharArray(); -+ private static PrivateKey privateKey; -+ private static Certificate certificate; -+ -+ public static void main(String[] args) throws Exception { -+ -+ initialize(); -+ -+ if (enableDebug) { -+ System.out.println("SunPKCS11 provider: " + -+ sunPKCS11NSSProvider); -+ } -+ -+ testRetrieveKeysFromKeystore(); -+ -+ System.out.println("Test PASS - OK"); -+ } -+ -+ private static void testRetrieveKeysFromKeystore() throws Exception { -+ -+ String plainText = "known plain text"; -+ -+ ks.setKeyEntry("root_ca_1", privateKey, passphrase, -+ new Certificate[]{certificate}); -+ PrivateKey k1 = (PrivateKey) ks.getKey("root_ca_1", passphrase); -+ -+ Signature sS = Signature.getInstance( -+ "SHA256withRSA", sunPKCS11NSSProvider); -+ sS.initSign(k1); -+ sS.update(plainText.getBytes()); -+ byte[] generatedSignature = sS.sign(); -+ -+ if (enableDebug) { -+ System.out.println("Generated signature: "); -+ for (byte b : generatedSignature) { -+ System.out.printf("0x%02x, ", (int)(b) & 0xFF); -+ } -+ System.out.println(""); -+ } -+ -+ Signature sV = Signature.getInstance("SHA256withRSA", sunRsaSignProvider); -+ sV.initVerify(certificate); -+ sV.update(plainText.getBytes()); -+ if(!sV.verify(generatedSignature)){ -+ throw new Exception("Couldn't verify signature"); -+ } -+ } -+ -+ private static void initialize() throws Exception { -+ initializeProvider(); -+ } -+ -+ private static void initializeProvider () throws Exception { -+ useSqlite(true); -+ if (!initSecmod()) { -+ return; -+ } -+ -+ sunPKCS11NSSProvider = getSunPKCS11(BASE + SEP + "nss-sqlite.cfg"); -+ sunJCEProvider = new com.sun.crypto.provider.SunJCE(); -+ sunRsaSignProvider = new SunRsaSign(); -+ Providers.setProviderList(ProviderList.newList( -+ sunJCEProvider, sunPKCS11NSSProvider, -+ new sun.security.provider.Sun(), sunRsaSignProvider)); -+ -+ ks = KeyStore.getInstance("PKCS11-NSS-Sqlite", sunPKCS11NSSProvider); -+ ks.load(null, passphrase); -+ -+ CertAndKeyGen gen = new CertAndKeyGen("RSA", "SHA256withRSA"); -+ gen.generate(2048); -+ privateKey = gen.getPrivateKey(); -+ certificate = gen.getSelfCertificate(new X500Name("CN=Me"), 365); -+ } -+} -diff --git openjdk.orig/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg -new file mode 100644 ---- /dev/null -+++ openjdk/jdk/test/sun/security/pkcs11/Secmod/nss-sqlite.cfg -@@ -0,0 +1,13 @@ -+# config file for secmod KeyStore access using sqlite backend -+ -+name = NSS-Sqlite -+ -+nssLibraryDirectory = ${pkcs11test.nss.libdir} -+ -+nssDbMode = readWrite -+ -+nssModule = keystore -+ -+nssSecmodDirectory = ${pkcs11test.nss.db} -+ -+attributes = compatibility -diff --git openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java ---- openjdk.orig/jdk/test/sun/security/pkcs11/SecmodTest.java -+++ openjdk/jdk/test/sun/security/pkcs11/SecmodTest.java -@@ -34,6 +34,11 @@ - static String DBDIR; - static char[] password = "test12".toCharArray(); - static String keyAlias = "mykey"; -+ static boolean useSqlite = false; -+ -+ static void useSqlite(boolean b) { -+ useSqlite = b; -+ } - - static boolean initSecmod() throws Exception { - useNSS(); -@@ -49,14 +54,24 @@ - safeReload(LIBPATH + System.mapLibraryName("nssckbi")); - - DBDIR = System.getProperty("test.classes", ".") + SEP + "tmpdb"; -- System.setProperty("pkcs11test.nss.db", DBDIR); -+ if (useSqlite) { -+ System.setProperty("pkcs11test.nss.db", "sql:/" + DBDIR); -+ } else { -+ System.setProperty("pkcs11test.nss.db", DBDIR); -+ } - File dbdirFile = new File(DBDIR); - if (dbdirFile.exists() == false) { - dbdirFile.mkdir(); - } -- copyFile("secmod.db", BASE, DBDIR); -- copyFile("key3.db", BASE, DBDIR); -- copyFile("cert8.db", BASE, DBDIR); -+ -+ if (useSqlite) { -+ copyFile("key4.db", BASE, DBDIR); -+ copyFile("cert9.db", BASE, DBDIR); -+ } else { -+ copyFile("secmod.db", BASE, DBDIR); -+ copyFile("key3.db", BASE, DBDIR); -+ copyFile("cert8.db", BASE, DBDIR); -+ } - return true; - } - diff --git a/SOURCES/jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch b/SOURCES/jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch deleted file mode 100644 index 5f6d9ce..0000000 --- a/SOURCES/jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch +++ /dev/null @@ -1,32 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1518667645 0 -# Thu Feb 15 04:07:25 2018 +0000 -# Node ID 1d35411eb7bdf16191e220ffe3b1dc4d5d0c6041 -# Parent 999983606f5c61b093c6f6316a7b26c4cd4ca79e -8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8 -Summary: Fix issue discovered by -Wreturn-type on systems without LP64. -Reviewed-by: aph - -diff --git openjdk.orig/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp ---- openjdk.orig/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp -+++ openjdk/hotspot/src/os_cpu/bsd_zero/vm/os_bsd_zero.cpp -@@ -457,6 +457,7 @@ - long long unsigned int oldval, - long long unsigned int newval) { - ShouldNotCallThis(); -+ return 0; - } - }; - #endif // !_LP64 -diff --git openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp ---- openjdk.orig/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp -+++ openjdk/hotspot/src/os_cpu/linux_zero/vm/os_linux_zero.cpp -@@ -498,6 +498,7 @@ - long long unsigned int oldval, - long long unsigned int newval) { - ShouldNotCallThis(); -+ return 0; - } - }; - #endif // !_LP64 diff --git a/SOURCES/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch b/SOURCES/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch index 843158e..53bceec 100644 --- a/SOURCES/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch +++ b/SOURCES/jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch @@ -319,3 +319,25 @@ diff --git openjdk.orig/hotspot/src/share/vm/runtime/arguments.cpp openjdk/hotsp if (PrintGCDetails && Verbose) { // Too early to use gclog_or_tty tty->print_cr("CMS ergo set OldSize: " SIZE_FORMAT, OldSize); +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/g1/g1ConcurrentMarkObjArrayProcessor.cpp +@@ -41,7 +41,7 @@ + } + + size_t G1CMObjArrayProcessor::process_array_slice(objArrayOop obj, HeapWord* start_from, size_t remaining) { +- size_t words_to_scan = MIN2(remaining, ObjArrayMarkingStride); ++ size_t words_to_scan = MIN2(remaining, (size_t) ObjArrayMarkingStride); + + if (remaining > ObjArrayMarkingStride) { + push_array_slice(start_from + ObjArrayMarkingStride); +diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp +--- openjdk.orig/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp ++++ openjdk/hotspot/src/share/vm/gc_implementation/shenandoah/shenandoahUtils.cpp +@@ -150,5 +150,5 @@ + return value; + } + +- return (size_t)1 << (log2_intptr(value) + 1); ++ return (size_t)1 << (log2_intptr((uintptr_t) value) + 1); + } diff --git a/SOURCES/pr3519-fix_further_functions_with_a_missing_return_value.patch b/SOURCES/pr3519-fix_further_functions_with_a_missing_return_value.patch deleted file mode 100644 index 51ca7f1..0000000 --- a/SOURCES/pr3519-fix_further_functions_with_a_missing_return_value.patch +++ /dev/null @@ -1,19 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1518669922 0 -# Thu Feb 15 04:45:22 2018 +0000 -# Node ID adaf109718c10888cce5b6e73af7f3e15a7ab0db -# Parent 3ade0115344b77e6d00462044e0cf68722685bfe -PR3519: Fix further functions with a missing return value. - -diff --git openjdk.orig/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp openjdk/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp ---- openjdk.orig/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp -+++ openjdk/hotspot/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp -@@ -205,6 +205,7 @@ - return Address(base, tmp, Address::lsl(addr->scale())); - } - } -+ return Address(); - } - - Address LIR_Assembler::as_Address_hi(LIR_Address* addr) { diff --git a/SOURCES/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch b/SOURCES/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch index 2700f3c..e1e7214 100644 --- a/SOURCES/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch +++ b/SOURCES/pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch @@ -32,7 +32,7 @@ diff --git openjdk.orig/hotspot/src/share/vm/gc_implementation/g1/g1StringDedupT - " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " UINTX_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n" + " [Entries: " UINTX_FORMAT ", Load: " G1_STRDEDUP_PERCENT_FORMAT_NS ", Cached: " SIZE_FORMAT ", Added: " UINTX_FORMAT ", Removed: " UINTX_FORMAT "]\n" " [Resize Count: " UINTX_FORMAT ", Shrink Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS "), Grow Threshold: " UINTX_FORMAT "(" G1_STRDEDUP_PERCENT_FORMAT_NS ")]\n" - " [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: 0x%x]\n" + " [Rehash Count: " UINTX_FORMAT ", Rehash Threshold: " UINTX_FORMAT ", Hash Seed: " UINT64_FORMAT "]\n" " [Age Threshold: " UINTX_FORMAT "]", diff --git openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp openjdk/hotspot/src/share/vm/memory/blockOffsetTable.cpp --- openjdk.orig/hotspot/src/share/vm/memory/blockOffsetTable.cpp diff --git a/SOURCES/pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch b/SOURCES/pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch deleted file mode 100644 index d1e9576..0000000 --- a/SOURCES/pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch +++ /dev/null @@ -1,38 +0,0 @@ -# HG changeset patch -# User andrew -# Date 1529475043 -3600 -# Wed Jun 20 07:10:43 2018 +0100 -# Node ID f6341f4635dacb56678264d29a88cd052b74036b -# Parent 30520d5018b509b0ae68f5fcc9a5c540e3e5b2de -PR3601: Fix additional -Wreturn-type issues introduced by 8061651 - -diff --git openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp openjdk/hotspot/src/share/vm/prims/jvm.cpp ---- openjdk.orig/hotspot/src/share/vm/prims/jvm.cpp -+++ openjdk/hotspot/src/share/vm/prims/jvm.cpp -@@ -835,7 +835,7 @@ - JVM_ENTRY(jboolean, JVM_KnownToNotExist(JNIEnv *env, jobject loader, const char *classname)) - JVMWrapper("JVM_KnownToNotExist"); - #if INCLUDE_CDS -- return ClassLoaderExt::known_to_not_exist(env, loader, classname, CHECK_(false)); -+ return ClassLoaderExt::known_to_not_exist(env, loader, classname, THREAD); - #else - return false; - #endif -@@ -845,7 +845,7 @@ - JVM_ENTRY(jobjectArray, JVM_GetResourceLookupCacheURLs(JNIEnv *env, jobject loader)) - JVMWrapper("JVM_GetResourceLookupCacheURLs"); - #if INCLUDE_CDS -- return ClassLoaderExt::get_lookup_cache_urls(env, loader, CHECK_NULL); -+ return ClassLoaderExt::get_lookup_cache_urls(env, loader, THREAD); - #else - return NULL; - #endif -@@ -855,7 +855,7 @@ - JVM_ENTRY(jintArray, JVM_GetResourceLookupCache(JNIEnv *env, jobject loader, const char *resource_name)) - JVMWrapper("JVM_GetResourceLookupCache"); - #if INCLUDE_CDS -- return ClassLoaderExt::get_lookup_cache(env, loader, resource_name, CHECK_NULL); -+ return ClassLoaderExt::get_lookup_cache(env, loader, resource_name, THREAD); - #else - return NULL; - #endif diff --git a/SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass.patch b/SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass.patch deleted file mode 100644 index d8f3a5a..0000000 --- a/SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp ---- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp -+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp -@@ -103,6 +103,8 @@ - # include - # include - -+#include -+ - PRAGMA_FORMAT_MUTE_WARNINGS_FOR_GCC - - #ifndef _GNU_SOURCE -@@ -4997,6 +4999,31 @@ - } - } - -+/* Per task speculation control */ -+#ifndef PR_GET_SPECULATION_CTRL -+#define PR_GET_SPECULATION_CTRL 52 -+#endif -+#ifndef PR_SET_SPECULATION_CTRL -+#define PR_SET_SPECULATION_CTRL 53 -+#endif -+/* Speculation control variants */ -+# undef PR_SPEC_STORE_BYPASS -+# define PR_SPEC_STORE_BYPASS 0 -+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ -+# undef PR_SPEC_NOT_AFFECTED -+# undef PR_SPEC_PRCTL -+# undef PR_SPEC_ENABLE -+# undef PR_SPEC_DISABLE -+# define PR_SPEC_NOT_AFFECTED 0 -+# define PR_SPEC_PRCTL (1UL << 0) -+# define PR_SPEC_ENABLE (1UL << 1) -+# define PR_SPEC_DISABLE (1UL << 2) -+ -+static void set_speculation() __attribute__((constructor)); -+static void set_speculation() { -+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); -+} -+ - // this is called _before_ most of the global arguments have been parsed - void os::init(void) { - char dummy; /* used to get a guess on initial stack address */ diff --git a/SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch b/SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch deleted file mode 100644 index 94ef9d4..0000000 --- a/SOURCES/rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff --git openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp ---- openjdk.orig/hotspot/src/os/linux/vm/os_linux.cpp -+++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp -@@ -5001,26 +5001,43 @@ - - /* Per task speculation control */ - #ifndef PR_GET_SPECULATION_CTRL --#define PR_GET_SPECULATION_CTRL 52 -+# define PR_GET_SPECULATION_CTRL 52 - #endif - #ifndef PR_SET_SPECULATION_CTRL --#define PR_SET_SPECULATION_CTRL 53 -+# define PR_SET_SPECULATION_CTRL 53 - #endif - /* Speculation control variants */ --# undef PR_SPEC_STORE_BYPASS -+#ifndef PR_SPEC_STORE_BYPASS - # define PR_SPEC_STORE_BYPASS 0 -+#endif - /* Return and control values for PR_SET/GET_SPECULATION_CTRL */ --# undef PR_SPEC_NOT_AFFECTED --# undef PR_SPEC_PRCTL --# undef PR_SPEC_ENABLE --# undef PR_SPEC_DISABLE -+ -+#ifndef PR_SPEC_NOT_AFFECTED - # define PR_SPEC_NOT_AFFECTED 0 -+#endif -+#ifndef PR_SPEC_PRCTL - # define PR_SPEC_PRCTL (1UL << 0) -+#endif -+#ifndef PR_SPEC_ENABLE - # define PR_SPEC_ENABLE (1UL << 1) -+#endif -+#ifndef PR_SPEC_DISABLE - # define PR_SPEC_DISABLE (1UL << 2) -+#endif -+#ifndef PR_SPEC_FORCE_DISABLE -+# define PR_SPEC_FORCE_DISABLE (1UL << 3) -+#endif -+#ifndef PR_SPEC_DISABLE_NOEXEC -+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4) -+#endif - - static void set_speculation() __attribute__((constructor)); - static void set_speculation() { -+ if ( prctl(PR_SET_SPECULATION_CTRL, -+ PR_SPEC_STORE_BYPASS, -+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) { -+ return; -+ } - prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); - } - diff --git a/SOURCES/rh1582504-rsa_default_for_keytool.patch b/SOURCES/rh1582504-rsa_default_for_keytool.patch new file mode 100644 index 0000000..f59dbf5 --- /dev/null +++ b/SOURCES/rh1582504-rsa_default_for_keytool.patch @@ -0,0 +1,12 @@ +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +@@ -1004,7 +1004,7 @@ + } + } else if (command == GENKEYPAIR) { + if (keyAlgName == null) { +- keyAlgName = "DSA"; ++ keyAlgName = "RSA"; + } + doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName); + kssave = true; diff --git a/SOURCES/rh1750419-redhat_alt_java.patch b/SOURCES/rh1750419-redhat_alt_java.patch new file mode 100644 index 0000000..bdb67b3 --- /dev/null +++ b/SOURCES/rh1750419-redhat_alt_java.patch @@ -0,0 +1,128 @@ +diff --git openjdk.orig/jdk/make/CompileLaunchers.gmk openjdk/jdk/make/CompileLaunchers.gmk +--- openjdk.orig/jdk/make/CompileLaunchers.gmk ++++ openjdk/jdk/make/CompileLaunchers.gmk +@@ -255,6 +255,32 @@ + endif + endif + ++$(eval $(call SetupLauncher,alt-java, \ ++ -DEXPAND_CLASSPATH_WILDCARDS -DREDHAT_ALT_JAVA,,,user32.lib comctl32.lib, \ ++ $(JDK_OUTPUTDIR)/objs/jli_static.lib, $(JAVA_RC_FLAGS), \ ++ $(JDK_TOPDIR)/src/windows/resource/java.rc, $(JDK_OUTPUTDIR)/objs/java_objs,true)) ++ ++$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX): $(BUILD_LAUNCHER_alt-java) ++ $(MKDIR) -p $(@D) ++ $(RM) $@ ++ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) $@ ++ ++$(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT): $(BUILD_LAUNCHER_alt-java) ++ $(MKDIR) -p $(@D) ++ $(RM) $@ ++ $(CP) $(JDK_OUTPUTDIR)/objs/java_objs$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT) $@ ++ ++ifeq ($(OPENJDK_TARGET_OS), linux) ++ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(EXE_SUFFIX) ++ ifeq ($(ENABLE_DEBUG_SYMBOLS), true) ++ ifneq ($(POST_STRIP_CMD), ) ++ ifneq ($(STRIP_POLICY), no_strip) ++ BUILD_LAUNCHERS += $(JDK_OUTPUTDIR)/bin$(OUTPUT_SUBDIR)/alt-java$(DEBUGINFO_EXT) ++ endif ++ endif ++ endif ++endif ++ + ifeq ($(OPENJDK_TARGET_OS), windows) + $(eval $(call SetupLauncher,javaw, \ + -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \ +diff --git openjdk.orig/jdk/src/share/bin/alt_main.h openjdk/jdk/src/share/bin/alt_main.h +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/src/share/bin/alt_main.h +@@ -0,0 +1,73 @@ ++/* ++ * Copyright (c) 2019, Red Hat, Inc. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++#ifdef REDHAT_ALT_JAVA ++ ++#include ++ ++ ++/* Per task speculation control */ ++#ifndef PR_GET_SPECULATION_CTRL ++# define PR_GET_SPECULATION_CTRL 52 ++#endif ++#ifndef PR_SET_SPECULATION_CTRL ++# define PR_SET_SPECULATION_CTRL 53 ++#endif ++/* Speculation control variants */ ++#ifndef PR_SPEC_STORE_BYPASS ++# define PR_SPEC_STORE_BYPASS 0 ++#endif ++/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ ++ ++#ifndef PR_SPEC_NOT_AFFECTED ++# define PR_SPEC_NOT_AFFECTED 0 ++#endif ++#ifndef PR_SPEC_PRCTL ++# define PR_SPEC_PRCTL (1UL << 0) ++#endif ++#ifndef PR_SPEC_ENABLE ++# define PR_SPEC_ENABLE (1UL << 1) ++#endif ++#ifndef PR_SPEC_DISABLE ++# define PR_SPEC_DISABLE (1UL << 2) ++#endif ++#ifndef PR_SPEC_FORCE_DISABLE ++# define PR_SPEC_FORCE_DISABLE (1UL << 3) ++#endif ++#ifndef PR_SPEC_DISABLE_NOEXEC ++# define PR_SPEC_DISABLE_NOEXEC (1UL << 4) ++#endif ++ ++static void set_speculation() __attribute__((constructor)); ++static void set_speculation() { ++ if ( prctl(PR_SET_SPECULATION_CTRL, ++ PR_SPEC_STORE_BYPASS, ++ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) { ++ return; ++ } ++ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); ++} ++ ++#endif // REDHAT_ALT_JAVA +diff --git openjdk.orig/jdk/src/share/bin/main.c openjdk/jdk/src/share/bin/main.c +--- openjdk.orig/jdk/src/share/bin/main.c ++++ openjdk/jdk/src/share/bin/main.c +@@ -32,6 +32,10 @@ + + #include "defines.h" + ++#if defined(linux) && defined(__x86_64) ++#include "alt_main.h" ++#endif ++ + #ifdef _MSC_VER + #if _MSC_VER > 1400 && _MSC_VER < 1600 + diff --git a/SOURCES/rh1860986-disable_tlsv1.3_in_fips_mode.patch b/SOURCES/rh1860986-disable_tlsv1.3_in_fips_mode.patch new file mode 100644 index 0000000..91e3705 --- /dev/null +++ b/SOURCES/rh1860986-disable_tlsv1.3_in_fips_mode.patch @@ -0,0 +1,327 @@ +diff -r bbc65dfa59d1 src/share/classes/java/security/SystemConfigurator.java +--- openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Thu Jan 23 18:22:31 2020 -0300 ++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java Sat Aug 01 23:16:51 2020 -0300 +@@ -1,11 +1,13 @@ + /* +- * Copyright (c) 2019, Red Hat, Inc. ++ * Copyright (c) 2019, 2020, Red Hat, Inc. + * + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as +- * published by the Free Software Foundation. ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +@@ -34,10 +36,10 @@ + import java.util.Iterator; + import java.util.Map.Entry; + import java.util.Properties; +-import java.util.function.Consumer; +-import java.util.regex.Matcher; + import java.util.regex.Pattern; + ++import sun.misc.SharedSecrets; ++import sun.misc.JavaSecuritySystemConfiguratorAccess; + import sun.security.util.Debug; + + /** +@@ -47,7 +49,7 @@ + * + */ + +-class SystemConfigurator { ++final class SystemConfigurator { + + private static final Debug sdebug = + Debug.getInstance("properties"); +@@ -61,15 +63,16 @@ + private static final String CRYPTO_POLICIES_CONFIG = + CRYPTO_POLICIES_BASE_DIR + "/config"; + +- private static final class SecurityProviderInfo { +- int number; +- String key; +- String value; +- SecurityProviderInfo(int number, String key, String value) { +- this.number = number; +- this.key = key; +- this.value = value; +- } ++ private static boolean systemFipsEnabled = false; ++ ++ static { ++ SharedSecrets.setJavaSecuritySystemConfiguratorAccess( ++ new JavaSecuritySystemConfiguratorAccess() { ++ @Override ++ public boolean isSystemFipsEnabled() { ++ return SystemConfigurator.isSystemFipsEnabled(); ++ } ++ }); + } + + /* +@@ -128,9 +131,9 @@ + String nonFipsKeystoreType = props.getProperty("keystore.type"); + props.put("keystore.type", keystoreTypeValue); + if (keystoreTypeValue.equals("PKCS11")) { +- // If keystore.type is PKCS11, javax.net.ssl.keyStore +- // must be "NONE". See JDK-8238264. +- System.setProperty("javax.net.ssl.keyStore", "NONE"); ++ // If keystore.type is PKCS11, javax.net.ssl.keyStore ++ // must be "NONE". See JDK-8238264. ++ System.setProperty("javax.net.ssl.keyStore", "NONE"); + } + if (System.getProperty("javax.net.ssl.trustStoreType") == null) { + // If no trustStoreType has been set, use the +@@ -144,12 +147,13 @@ + sdebug.println("FIPS mode default keystore.type = " + + keystoreTypeValue); + sdebug.println("FIPS mode javax.net.ssl.keyStore = " + +- System.getProperty("javax.net.ssl.keyStore", "")); ++ System.getProperty("javax.net.ssl.keyStore", "")); + sdebug.println("FIPS mode javax.net.ssl.trustStoreType = " + + System.getProperty("javax.net.ssl.trustStoreType", "")); + } + } + loadedProps = true; ++ systemFipsEnabled = true; + } + } catch (Exception e) { + if (sdebug != null) { +@@ -165,20 +165,37 @@ + return loadedProps; + } + ++ /** ++ * Returns whether or not global system FIPS alignment is enabled. ++ * ++ * Value is always 'false' before java.security.Security class is ++ * initialized. ++ * ++ * Call from out of this package through SharedSecrets: ++ * SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ * .isSystemFipsEnabled(); ++ * ++ * @return a boolean value indicating whether or not global ++ * system FIPS alignment is enabled. ++ */ ++ static boolean isSystemFipsEnabled() { ++ return systemFipsEnabled; ++ } ++ + /* + * FIPS is enabled only if crypto-policies are set to "FIPS" + * and the com.redhat.fips property is true. + */ + private static boolean enableFips() throws Exception { +- boolean fipsEnabled = Boolean.valueOf(System.getProperty("com.redhat.fips", "true")); +- if (fipsEnabled) { +- Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG); +- String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath)); +- if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); } +- Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE); +- return pattern.matcher(cryptoPoliciesConfig).find(); +- } else { +- return false; +- } ++ boolean shouldEnable = Boolean.valueOf(System.getProperty("com.redhat.fips", "true")); ++ if (shouldEnable) { ++ Path configPath = FileSystems.getDefault().getPath(CRYPTO_POLICIES_CONFIG); ++ String cryptoPoliciesConfig = new String(Files.readAllBytes(configPath)); ++ if (sdebug != null) { sdebug.println("Crypto config:\n" + cryptoPoliciesConfig); } ++ Pattern pattern = Pattern.compile("^FIPS$", Pattern.MULTILINE); ++ return pattern.matcher(cryptoPoliciesConfig).find(); ++ } else { ++ return false; ++ } + } + } +diff --git openjdk.orig/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java +new file mode 100644 +--- /dev/null ++++ openjdk/jdk/src/share/classes/sun/misc/JavaSecuritySystemConfiguratorAccess.java +@@ -0,0 +1,30 @@ ++/* ++ * Copyright (c) 2020, Red Hat, Inc. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.misc; ++ ++public interface JavaSecuritySystemConfiguratorAccess { ++ boolean isSystemFipsEnabled(); ++} +diff --git openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java +--- openjdk.orig/jdk/src/share/classes/sun/misc/SharedSecrets.java ++++ openjdk/jdk/src/share/classes/sun/misc/SharedSecrets.java +@@ -63,6 +63,7 @@ + private static JavaObjectInputStreamReadString javaObjectInputStreamReadString; + private static JavaObjectInputStreamAccess javaObjectInputStreamAccess; + private static JavaSecuritySignatureAccess javaSecuritySignatureAccess; ++ private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess; + + public static JavaUtilJarAccess javaUtilJarAccess() { + if (javaUtilJarAccess == null) { +@@ -248,4 +249,12 @@ + } + return javaxCryptoSealedObjectAccess; + } ++ ++ public static void setJavaSecuritySystemConfiguratorAccess(JavaSecuritySystemConfiguratorAccess jssca) { ++ javaSecuritySystemConfiguratorAccess = jssca; ++ } ++ ++ public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() { ++ return javaSecuritySystemConfiguratorAccess; ++ } + } +diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java ++++ openjdk/jdk/src/share/classes/sun/security/ssl/SSLContextImpl.java +@@ -31,6 +31,7 @@ + import java.security.cert.*; + import java.util.*; + import javax.net.ssl.*; ++import sun.misc.SharedSecrets; + import sun.security.action.GetPropertyAction; + import sun.security.provider.certpath.AlgorithmChecker; + import sun.security.validator.Validator; +@@ -539,20 +540,38 @@ + + static { + if (SunJSSE.isFIPS()) { +- supportedProtocols = Arrays.asList( +- ProtocolVersion.TLS13, +- ProtocolVersion.TLS12, +- ProtocolVersion.TLS11, +- ProtocolVersion.TLS10 +- ); ++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ supportedProtocols = Arrays.asList( ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ ); + +- serverDefaultProtocols = getAvailableProtocols( +- new ProtocolVersion[] { +- ProtocolVersion.TLS13, +- ProtocolVersion.TLS12, +- ProtocolVersion.TLS11, +- ProtocolVersion.TLS10 +- }); ++ serverDefaultProtocols = getAvailableProtocols( ++ new ProtocolVersion[] { ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }); ++ } else { ++ supportedProtocols = Arrays.asList( ++ ProtocolVersion.TLS13, ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ ); ++ ++ serverDefaultProtocols = getAvailableProtocols( ++ new ProtocolVersion[] { ++ ProtocolVersion.TLS13, ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }); ++ } + } else { + supportedProtocols = Arrays.asList( + ProtocolVersion.TLS13, +@@ -612,6 +631,16 @@ + + static ProtocolVersion[] getSupportedProtocols() { + if (SunJSSE.isFIPS()) { ++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ return new ProtocolVersion[] { ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }; ++ } + return new ProtocolVersion[] { + ProtocolVersion.TLS13, + ProtocolVersion.TLS12, +@@ -939,6 +968,16 @@ + + static ProtocolVersion[] getProtocols() { + if (SunJSSE.isFIPS()) { ++ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ return new ProtocolVersion[] { ++ ProtocolVersion.TLS12, ++ ProtocolVersion.TLS11, ++ ProtocolVersion.TLS10 ++ }; ++ } + return new ProtocolVersion[]{ + ProtocolVersion.TLS12, + ProtocolVersion.TLS11, +diff --git openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +--- openjdk.orig/jdk/src/share/classes/sun/security/ssl/SunJSSE.java ++++ openjdk/jdk/src/share/classes/sun/security/ssl/SunJSSE.java +@@ -30,6 +30,8 @@ + + import java.security.*; + ++import sun.misc.SharedSecrets; ++ + /** + * The JSSE provider. + * +@@ -215,8 +217,13 @@ + "sun.security.ssl.SSLContextImpl$TLS11Context"); + put("SSLContext.TLSv1.2", + "sun.security.ssl.SSLContextImpl$TLS12Context"); +- put("SSLContext.TLSv1.3", +- "sun.security.ssl.SSLContextImpl$TLS13Context"); ++ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess() ++ .isSystemFipsEnabled()) { ++ // RH1860986: TLSv1.3 key derivation not supported with ++ // the Security Providers available in system FIPS mode. ++ put("SSLContext.TLSv1.3", ++ "sun.security.ssl.SSLContextImpl$TLS13Context"); ++ } + put("SSLContext.TLS", + "sun.security.ssl.SSLContextImpl$TLSContext"); + if (isfips == false) { diff --git a/SOURCES/rh1868759-pkcs11_cancel_on_failure.patch b/SOURCES/rh1868759-pkcs11_cancel_on_failure.patch new file mode 100644 index 0000000..e578e00 --- /dev/null +++ b/SOURCES/rh1868759-pkcs11_cancel_on_failure.patch @@ -0,0 +1,20 @@ +--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 06:57:19 2020 +0100 ++++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:56:48 2020 -0300 +@@ -627,7 +627,7 @@ + throw (ShortBufferException) + (new ShortBufferException().initCause(e)); + } +- reset(false); ++ reset(true); + throw new ProviderException("update() failed", e); + } + } +@@ -745,7 +745,7 @@ + throw (ShortBufferException) + (new ShortBufferException().initCause(e)); + } +- reset(false); ++ reset(true); + throw new ProviderException("update() failed", e); + } + } diff --git a/SOURCES/rh1906862-always_initialise_configurator_access.patch b/SOURCES/rh1906862-always_initialise_configurator_access.patch new file mode 100644 index 0000000..82116ad --- /dev/null +++ b/SOURCES/rh1906862-always_initialise_configurator_access.patch @@ -0,0 +1,65 @@ +# HG changeset patch +# User andrew +# Date 1608219816 0 +# Thu Dec 17 15:43:36 2020 +0000 +# Node ID db5d1b28bfce04352b3a48960bf836f6eb20804b +# Parent a2cfa397150e99b813354226d536eb8509b5850b +RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess + +diff --git openjdk.orig/jdk/src/share/classes/java/security/Security.java openjdk/jdk/src/share/classes/java/security/Security.java +--- openjdk.orig/jdk/src/share/classes/java/security/Security.java ++++ openjdk/jdk/src/share/classes/java/security/Security.java +@@ -30,6 +30,8 @@ + import java.util.concurrent.ConcurrentHashMap; + import java.io.*; + import java.net.URL; ++import sun.misc.SharedSecrets; ++import sun.misc.JavaSecuritySystemConfiguratorAccess; + import sun.security.util.Debug; + import sun.security.util.PropertyExpander; + +@@ -69,6 +71,15 @@ + } + + static { ++ // Initialise here as used by code with system properties disabled ++ SharedSecrets.setJavaSecuritySystemConfiguratorAccess( ++ new JavaSecuritySystemConfiguratorAccess() { ++ @Override ++ public boolean isSystemFipsEnabled() { ++ return SystemConfigurator.isSystemFipsEnabled(); ++ } ++ }); ++ + // doPrivileged here because there are multiple + // things in initialize that might require privs. + // (the FileInputStream call and the File.exists call, +diff --git openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java +--- openjdk.orig/jdk/src/share/classes/java/security/SystemConfigurator.java ++++ openjdk/jdk/src/share/classes/java/security/SystemConfigurator.java +@@ -39,8 +39,6 @@ + import java.util.Properties; + import java.util.regex.Pattern; + +-import sun.misc.SharedSecrets; +-import sun.misc.JavaSecuritySystemConfiguratorAccess; + import sun.security.util.Debug; + + /** +@@ -66,16 +64,6 @@ + + private static boolean systemFipsEnabled = false; + +- static { +- SharedSecrets.setJavaSecuritySystemConfiguratorAccess( +- new JavaSecuritySystemConfiguratorAccess() { +- @Override +- public boolean isSystemFipsEnabled() { +- return SystemConfigurator.isSystemFipsEnabled(); +- } +- }); +- } +- + /* + * Invoked when java.security.Security class is initialized, if + * java.security.disableSystemPropertiesFile property is not set and diff --git a/SPECS/java-1.8.0-openjdk.spec b/SPECS/java-1.8.0-openjdk.spec index ec76ef3..088be2d 100644 --- a/SPECS/java-1.8.0-openjdk.spec +++ b/SPECS/java-1.8.0-openjdk.spec @@ -62,7 +62,7 @@ %global multilib_arches %{power64} sparc64 x86_64 %global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} -%global jfr_arches x86_64 sparcv9 sparc64 %{aarch64} ${power64} +%global jfr_arches %{jit_arches} %global fastdebug_arches x86_64 # By default, we build a debug build during main build on JIT architectures @@ -113,11 +113,8 @@ %global bootstrap_build 1 %endif -%if %{bootstrap_build} -%global release_targets bootcycle-images zip-docs -%else -%global release_targets images zip-docs -%endif +%global bootstrap_targets images +%global release_targets images docs-zip # No docs nor bootcycle for debug builds %global debug_targets images @@ -228,10 +225,31 @@ %global origin openjdk %global origin_nice OpenJDK %global top_level_dir_name %{origin} + +# Define vendor information used by OpenJDK +%global oj_vendor Red Hat, Inc. +%global oj_vendor_url "https://www.redhat.com/" +# Define what url should JVM offer in case of a crash report +# order may be important, epel may have rhel declared +%if 0%{?epel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel} +%else +%if 0%{?fedora} +# Does not work for rawhide, keeps the version field empty +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} +%else +%if 0%{?rhel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%else +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi +%endif +%endif +%endif + # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project aarch64-port %global shenandoah_repo jdk8u-shenandoah -%global shenandoah_revision aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20 +%global shenandoah_revision aarch64-shenandoah-jdk8u282-b08 # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} @@ -247,12 +265,12 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 2 +%global rpmrelease 1 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} @@ -275,7 +293,7 @@ # images stub %global jdkimage j2sdk-image # output dir stub -%define buildoutputdir() %{expand:%{top_level_dir_name}/build/jdk8.build%{?1}} +%define buildoutputdir() %{expand:build/jdk8.build%{?1}} # we can copy the javadoc to not arched dir, or make it not noarch %define uniquejavadocdir() %{expand:%{fullversion}%{?1}} # main id and dir of this jdk @@ -290,6 +308,7 @@ %define jredir() %{expand:%{sdkdir -- %{?1}}/jre} %define sdkbindir() %{expand:%{_jvmdir}/%{sdkdir -- %{?1}}/bin} %define jrebindir() %{expand:%{_jvmdir}/%{jredir -- %{?1}}/bin} +%global alt_java_name alt-java %global rpm_state_dir %{_localstatedir}/lib/rpm-state/ @@ -336,6 +355,7 @@ ext=.gz alternatives \\ --install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch} \\ --slave %{_jvmdir}/jre jre %{_jvmdir}/%{jredir -- %{?1}} \\ + --slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\ --slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\ --slave %{_bindir}/keytool keytool %{jrebindir -- %{?1}}/keytool \\ --slave %{_bindir}/orbd orbd %{jrebindir -- %{?1}}/orbd \\ @@ -348,6 +368,8 @@ alternatives \\ --slave %{_bindir}/unpack200 unpack200 %{jrebindir -- %{?1}}/unpack200 \\ --slave %{_mandir}/man1/java.1$ext java.1$ext \\ %{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1$ext \\ + --slave %{_mandir}/man1/%{alt_java_name}.1$ext %{alt_java_name}.1$ext \\ + %{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/jjs.1$ext jjs.1$ext \\ %{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1$ext \\ --slave %{_mandir}/man1/keytool.1$ext keytool.1$ext \\ @@ -436,7 +458,9 @@ alternatives \\ --slave %{_bindir}/jconsole jconsole %{sdkbindir -- %{?1}}/jconsole \\ --slave %{_bindir}/jdb jdb %{sdkbindir -- %{?1}}/jdb \\ --slave %{_bindir}/jdeps jdeps %{sdkbindir -- %{?1}}/jdeps \\ +%ifarch %{jfr_arches} --slave %{_bindir}/jfr jfr %{sdkbindir -- %{?1}}/jfr \\ +%endif --slave %{_bindir}/jhat jhat %{sdkbindir -- %{?1}}/jhat \\ --slave %{_bindir}/jinfo jinfo %{sdkbindir -- %{?1}}/jinfo \\ --slave %{_bindir}/jmap jmap %{sdkbindir -- %{?1}}/jmap \\ @@ -595,9 +619,9 @@ exit 0 %defattr(-,root,root,-) %dir %{_sysconfdir}/.java/.systemPrefs %dir %{_sysconfdir}/.java -%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/ASSEMBLY_EXCEPTION -%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/LICENSE -%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/jre/THIRD_PARTY_README +%license %{_jvmdir}/%{jredir -- %{?1}}/ASSEMBLY_EXCEPTION +%license %{_jvmdir}/%{jredir -- %{?1}}/LICENSE +%license %{_jvmdir}/%{jredir -- %{?1}}/THIRD_PARTY_README %doc %{_defaultdocdir}/%{uniquejavadocdir -- %{?1}}/NEWS %dir %{_jvmdir}/%{sdkdir -- %{?1}} %{_jvmdir}/%{jrelnk -- %{?1}} @@ -607,6 +631,7 @@ exit 0 %dir %{_jvmdir}/%{jredir -- %{?1}}/bin %dir %{_jvmdir}/%{jredir -- %{?1}}/lib %{_jvmdir}/%{jredir -- %{?1}}/bin/java +%{_jvmdir}/%{jredir -- %{?1}}/bin/%{alt_java_name} %{_jvmdir}/%{jredir -- %{?1}}/bin/jjs %{_jvmdir}/%{jredir -- %{?1}}/bin/keytool %{_jvmdir}/%{jredir -- %{?1}}/bin/orbd @@ -638,6 +663,7 @@ exit 0 %{_jvmdir}/%{jredir -- %{?1}}/lib/logging.properties %{_jvmdir}/%{jredir -- %{?1}}/lib/calendars.properties %{_mandir}/man1/java-%{uniquesuffix -- %{?1}}.1* +%{_mandir}/man1/%{alt_java_name}-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/jjs-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/keytool-%{uniquesuffix -- %{?1}}.1* %{_mandir}/man1/orbd-%{uniquesuffix -- %{?1}}.1* @@ -754,9 +780,9 @@ exit 0 %define files_devel() %{expand: %defattr(-,root,root,-) -%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/ASSEMBLY_EXCEPTION -%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/LICENSE -%license %{buildoutputdir -- %{?1}}/images/%{jdkimage}/THIRD_PARTY_README +%license %{_jvmdir}/%{sdkdir -- %{?1}}/ASSEMBLY_EXCEPTION +%license %{_jvmdir}/%{sdkdir -- %{?1}}/LICENSE +%license %{_jvmdir}/%{sdkdir -- %{?1}}/THIRD_PARTY_README %dir %{_jvmdir}/%{sdkdir -- %{?1}}/bin %dir %{_jvmdir}/%{sdkdir -- %{?1}}/include %dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib @@ -768,6 +794,7 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jar %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jarsigner %{_jvmdir}/%{sdkdir -- %{?1}}/bin/java +%{_jvmdir}/%{sdkdir -- %{?1}}/bin/%{alt_java_name} %{_jvmdir}/%{sdkdir -- %{?1}}/bin/javac %{_jvmdir}/%{sdkdir -- %{?1}}/bin/javadoc %{_jvmdir}/%{sdkdir -- %{?1}}/bin/javah @@ -777,7 +804,9 @@ exit 0 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jconsole %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdb %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jdeps +%ifarch %{jfr_arches} %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jfr +%endif %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhat %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jjs @@ -918,8 +947,9 @@ Provides: java%{?1} = %{epoch}:%{javaver} Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ Requires: javapackages-filesystem -# Require zone-info data provided by tzdata-java sub-package -Requires: tzdata-java >= 2015d +# Require zoneinfo data provided by tzdata-java subpackage. +# 2020b required as of JDK-8254177 in October CPU +Requires: tzdata-java >= 2020b # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it, @@ -1109,6 +1139,9 @@ Source20: repackReproduciblePolycies.sh Source100: config.guess Source101: config.sub +# Ensure vendor settings are correct +Source16: CheckVendor.java + ############################################ # # RPM/distribution specific patches @@ -1127,10 +1160,18 @@ Patch3: rh1648644-java_access_bridge_privileged_security.patch Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch # RH1648249: Add PKCS11 provider to java.security Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1582504-rsa_default_for_keytool.patch + +# FIPS support patches # RH1655466: Support RHEL FIPS mode using SunPKCS11 provider Patch1001: rh1655466-global_crypto_and_fips.patch # RH1760838: No ciphersuites available for SSLSocket in FIPS mode Patch1002: rh1760838-fips_default_keystore_type.patch +# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available +Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch +# RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess +Patch1005: rh1906862-always_initialise_configurator_access.patch ############################################# # @@ -1150,8 +1191,6 @@ Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch # PR3083, RH1346460: Regression in SSL debug output without an ECC provider Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch -# PR3601: Fix additional -Wreturn-type issues introduced by 8061651 -Patch530: pr3601-fix_additional_Wreturn_type_issues_introduced_by_8061651_for_prims_jvm_cpp.patch # PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) # PR3575, RH1567204: System cacerts database handling should not affect jssecacerts Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch @@ -1159,9 +1198,10 @@ Patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_jav Patch400: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3655: Allow use of system crypto policy to be disabled by the user Patch401: pr3655-toggle_system_crypto_policy.patch -# RH1566890: CVE-2018-3639 -Patch529: rh1566890-CVE_2018_3639-speculative_store_bypass.patch -Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +# RH1868759: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer +Patch540: rh1868759-pkcs11_cancel_on_failure.patch +# enable build of speculative store bypass hardened alt-java +Patch600: rh1750419-redhat_alt_java.patch ############################################# # @@ -1178,8 +1218,6 @@ Patch531: rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch # x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch -# AArch64: PR3519: Fix further functions with a missing return value (AArch64) -Patch106: pr3519-fix_further_functions_with_a_missing_return_value.patch # S390 ambiguous log2_intptr calls Patch107: s390-8214206_fix.patch @@ -1195,31 +1233,23 @@ Patch107: s390-8214206_fix.patch # S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary # This fixes printf warnings that lead to build failure with -Werror=format-security from optflags Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch -# S8154313: Generated javadoc scattered all over the place -Patch578: jdk8154313-generated_javadoc_scattered_all_over_the_place.patch # PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch # 8143245, PR3548: Zero build requires disabled warnings Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch -# 8197981, PR3548: Missing return statement in __sync_val_compare_and_swap_8 -Patch575: jdk8197981-pr3548-missing_return_statement_in_sync_val_compare_and_swap_8.patch -# 8062808, PR3548: Turn on the -Wreturn-type warning -Patch577: jdk8062808-pr3548-turn_on_the_wreturn_type_warning.patch # s390: JDK-8203030, Type fixing for s390 Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch # 8035341: Allow using a system installed libpng Patch202: jdk8035341-allow_using_system_installed_libpng.patch # 8042159: Allow using a system-installed lcms2 -Patch203: jdk8042159-allow_using_system_installed_lcms2.patch -# JDK-8165996, PR3506, RH1760437: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite -# RPM version excludes binary diffs and a patch to PKCS11Test.java which creates a lengthy bug trail -Patch579: jdk8165996-pr3506-rh1760437-nss_sqlite_db.patch +Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch +Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch # JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch ############################################# # -# Patches appearing in 8u222 +# Patches appearing in 8u282 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be @@ -1302,7 +1332,8 @@ BuildRequires: java-1.8.0-openjdk-devel %ifnarch %{jit_arches} BuildRequires: libffi-devel %endif -BuildRequires: tzdata-java >= 2015d +# 2020b required as of JDK-8254177 in October CPU +BuildRequires: tzdata-java >= 2020b # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1608,6 +1639,7 @@ sh %{SOURCE12} %patch201 %patch202 %patch203 +%patch204 # System security policy fixes %patch400 @@ -1623,7 +1655,6 @@ sh %{SOURCE12} %patch107 # AArch64 fixes -%patch106 # x86 fixes %patch105 @@ -1632,24 +1663,22 @@ sh %{SOURCE12} %patch502 %patch504 %patch512 -%patch578 %patch523 %patch528 -%patch530 -%patch529 -%patch531 %patch571 %patch574 -%patch575 -%patch577 -%patch579 %patch580 +%patch539 +%patch540 # RPM-only fixes -%patch539 +%patch600 %patch1000 %patch1001 %patch1002 +%patch1003 +%patch1004 +%patch1005 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 @@ -1745,23 +1774,31 @@ export EXTRA_CFLAGS EXTRA_ASFLAGS bash ./autogen.sh ) -for suffix in %{build_loop} ; do -if [ "x$suffix" = "x" ] ; then - debugbuild=release -else - # change --something to something - debugbuild=`echo $suffix | sed "s/-//g"` -fi +function buildjdk() { + local outputdir=${1} + local buildjdk=${2} + local maketargets=${3} + local debuglevel=${4} -# Variable used in hs_err hook on build failures -top_dir_abs_path=$(pwd)/%{top_level_dir_name} + local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} + # Variable used in hs_err hook on build failures + local top_builddir_abs_path=$(pwd)/${outputdir} -mkdir -p %{buildoutputdir -- $suffix} -pushd %{buildoutputdir -- $suffix} + echo "Using output directory: ${outputdir}"; + echo "Checking build JDK ${buildjdk} is operational..." + ${buildjdk}/bin/java -version + echo "Using make targets: ${maketargets}" + echo "Using debuglevel: ${debuglevel}" + echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" -bash ../../configure \ + mkdir -p ${outputdir} + pushd ${outputdir} + + bash ${top_srcdir_abs_path}/configure \ %ifarch %{jfr_arches} --enable-jfr \ +%else + --disable-jfr \ %endif %ifnarch %{jit_arches} --with-jvm-variants=zero \ @@ -1770,8 +1807,12 @@ bash ../../configure \ --with-milestone=%{milestone} \ --with-update-version=%{updatever} \ --with-build-number=%{buildver} \ - --with-boot-jdk=/usr/lib/jvm/java-openjdk \ - --with-debug-level=$debugbuild \ + --with-vendor-name="%{oj_vendor}" \ + --with-vendor-url="%{oj_vendor_url}" \ + --with-vendor-bug-url="%{oj_vendor_bug_url}" \ + --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ + --with-boot-jdk=${buildjdk} \ + --with-debug-level=${debuglevel} \ --enable-unlimited-crypto \ --with-zlib=system \ --with-libjpeg=system \ @@ -1785,8 +1826,44 @@ bash ../../configure \ --with-extra-ldflags="%{ourldflags}" \ --with-num-cores="$NUM_PROC" -cat spec.gmk -cat hotspot-spec.gmk + cat spec.gmk + cat hotspot-spec.gmk + + make \ + JAVAC_FLAGS=-g \ + LOG=trace \ + SCTP_WERROR= \ + ${maketargets} || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) + + # the build (erroneously) removes read permissions from some jars + # this is a regression in OpenJDK 7 (our compiler): + # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 + find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \; + chmod ugo+r images/%{jdkimage}/lib/ct.sym + + # remove redundant *diz and *debuginfo files + find images/%{jdkimage} -iname '*.diz' -exec rm -v {} \; + find images/%{jdkimage} -iname '*.debuginfo' -exec rm -v {} \; + + # Build screws up permissions on binaries + # https://bugs.openjdk.java.net/browse/JDK-8173610 + find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \; + find images/%{jdkimage}/bin/ -exec chmod +x {} \; + + popd >& /dev/null +} + +for suffix in %{build_loop} ; do +if [ "x$suffix" = "x" ] ; then + debugbuild=release +else + # change --something to something + debugbuild=`echo $suffix | sed "s/-//g"` +fi + +systemjdk=/usr/lib/jvm/java-openjdk +builddir=%{buildoutputdir -- $suffix} +bootbuilddir=boot${builddir} # Debug builds don't need same targets as release for # build speed-up @@ -1794,28 +1871,14 @@ maketargets="%{release_targets}" if echo $debugbuild | grep -q "debug" ; then maketargets="%{debug_targets}" fi -make \ - JAVAC_FLAGS=-g \ - LOG=trace \ - SCTP_WERROR= \ - $maketargets || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false ) - -# the build (erroneously) removes read permissions from some jars -# this is a regression in OpenJDK 7 (our compiler): -# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 -find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \; -chmod ugo+r images/%{jdkimage}/lib/ct.sym -# remove redundant *diz and *debuginfo files -find images/%{jdkimage} -iname '*.diz' -exec rm {} \; -find images/%{jdkimage} -iname '*.debuginfo' -exec rm {} \; - -# Build screws up permissions on binaries -# https://bugs.openjdk.java.net/browse/JDK-8173610 -find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \; -find images/%{jdkimage}/bin/ -exec chmod +x {} \; - -popd >& /dev/null +%if %{bootstrap_build} +buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} +buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild} +rm -rf ${bootbuilddir} +%else +buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} +%endif # Install nss.cfg right away as we will be using the JRE above export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage} @@ -1830,6 +1893,12 @@ install -m 644 nss.fips.cfg $JAVA_HOME/jre/lib/security/ rm $JAVA_HOME/jre/lib/tzdb.dat ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/jre/lib/tzdb.dat +# add alt-java man page +pushd ${JAVA_HOME} +echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 +cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 +popd + # build cycles done @@ -1848,6 +1917,10 @@ $JAVA_HOME/bin/java TestCryptoLevel $JAVA_HOME/bin/javac -d . %{SOURCE14} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} + # Check debug symbols are present and can identify code find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib do @@ -1941,9 +2014,9 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix}/lib/%{archinstall}/clien # Install main files. install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} - cp -a bin include lib src.zip $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} + cp -a bin include lib src.zip {ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix} install -d -m 755 $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix} - cp -a jre/bin jre/lib $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix} + cp -a jre/bin jre/lib jre/{ASSEMBLY_EXCEPTION,LICENSE,THIRD_PARTY_README} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir -- $suffix} %if %{with_systemtap} # Install systemtap support files @@ -2046,6 +2119,13 @@ find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ | sed 's|'$RPM_BUILD_ROOT'||' \ | sed 's|^|%doc |' \ >> %{name}-demo.files"$suffix" +# Find documentation directories. +find $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/demo \ + $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/sample \ + -type d | sort \ + | sed 's|'$RPM_BUILD_ROOT'||' \ + | sed 's|^|%dir |' \ + >> %{name}-demo.files"$suffix" # Create links which leads to separately installed java-atk-bridge and allow configuration # links points to java-atk-wrapper - an dependence @@ -2298,6 +2378,267 @@ require "copy_jdk_configs.lua" %endif %changelog +* Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b08-1 +- Update to aarch64-shenandoah-jdk8u282-b08 (GA) +- Update release notes for 8u282-b08. +- Resolves: rhbz#1908967 + +* Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b07 (EA) +- Update release notes for 8u282-b07. +- Fix placement issue in release notes, caught by comparing with vanilla version. +- Resolves: rhbz#1903904 + +* Wed Jan 13 2021 Andrew Hughes - 1:1.8.0.282.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b06 (EA) +- Update release notes for 8u282-b06. +- Resolves: rhbz#1903904 + +* Mon Jan 11 2021 Andrew Hughes - 1:1.8.0.282.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b05 (EA) +- Update release notes for 8u282-b05 and make some minor corrections. +- Resolves: rhbz#1903904 + +* Wed Jan 06 2021 Andrew Hughes - 1:1.8.0.282.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b04 (EA) +- Update release notes for 8u282-b04. +- Remove upstreamed patch PR3519 +- Resolves: rhbz#1903904 + +* Sat Jan 02 2021 Andrew Hughes - 1:1.8.0.282.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b03 (EA) +- Update release notes for 8u282-b03. +- Resolves: rhbz#1903904 + +* Fri Dec 18 2020 Andrew Hughes - 1:1.8.0.282.b02-0.2.ea +- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs. +- Resolves: rhbz#1906862 + +* Wed Dec 16 2020 Andrew Hughes - 1:1.8.0.282.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b02 (EA) +- Update release notes for 8u282-b02. +- Resolves: rhbz#1903904 + +* Mon Dec 07 2020 Andrew Hughes - 1:1.8.0.282.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u282-b01 (EA) +- Update release notes for 8u282-b01. +- Switch to EA mode. +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Remove PR3601, covered upstream by JDK-8062808. +- Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727. +- Extend RH1750419 alt-java fix to include external debuginfo, following JDK-8252395 +- Resolves: rhbz#1903904 + +* Fri Nov 27 2020 Jiri Vanek - 1:1.8.0.275.b01-3 +- added patch600, rh1750419-redhat_alt_java.patch +- Replaced alt-java palceholder by real pathced alt-java +- remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch +- remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch +- both suprassed by new patch +- Resolves: rhbz#1750419 + +* Fri Nov 06 2020 Andrew Hughes - 1:1.8.0.275.b01-2 +- Update to aarch64-shenandoah-jdk8u275-b01 (GA) +- Update release notes for 8u275. +- Remove JDK-8223940/RH1892216 backport now included in upstream 8u275. +- Remove JDK-8236512/RH1889414 backport now included in upstream 8u275. +- Resolves: rhbz#1895060 + +* Fri Oct 30 2020 Andrew Hughes - 1:1.8.0.272.b10-6 +- Add backport of JDK-8223940: "Private key not supported by chosen signature algorithm" to handle lack of provider RSAPSS support +- Resolves: rhbz#1892216 + +* Fri Oct 30 2020 Jiri Vanek - 1:1.8.0.272.b10-5 +- Added gating test for ipa server +- Resolves: rhbz#1892216 + +* Thu Oct 29 2020 Andrew Hughes - 1:1.8.0.272.b10-4 +- Bump release number to build on RHEL 8.4.0 branch. +- Resolves: rhbz#1876665 +- Resolves: rhbz#1889414 + +* Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-3 +- Add backport of JDK-8236512 to correct use of killSession +- Resolves: rhbz#1889414 + +* Tue Oct 20 2020 Andrew Hughes - 1:1.8.0.272.b10-2 +- Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour" +- Resolves: rhbz#1876665 + +* Sat Oct 17 2020 Andrew Hughes - 1:1.8.0.272.b10-1 +- Update to aarch64-shenandoah-jdk8u272-b10. +- Switch to GA mode for final release. +- Update release notes for 8u272 release. +- Add backport of JDK-8254177 to update to tzdata 2020b +- Require tzdata 2020b due to resource changes in JDK-8254177 +- Delay tzdata 2020b dependency until tzdata update has shipped. +- Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 +- Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 +- This tarball is embargoed until 2020-10-20 @ 1pm PT. +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Andrew Hughes - 1:1.8.0.272.b09-0.2.ea +- Include a test in the RPM to check the build has the correct vendor information. +- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. +- Improve quoting of vendor name +- Resolves: rhbz#1876665 + +* Thu Oct 15 2020 Jiri Vanek - 1:1.8.0.272.b09-0.2.ea +- Set vendor property and vendor URLs +- Made URLs to be preconfigured by OS +- Resolves: rhbz#1876665 + +* Wed Oct 14 2020 Andrew Hughes - 1:1.8.0.272.b09-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b09 (EA). +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b08 (EA). +- Resolves: rhbz#1876665 + +* Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b07 (EA). +- Resolves: rhbz#1876665 + +* Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b06. +- Update tarball generation script to use PR3799, following inclusion of JDK-8245468 (TLSv1.3) +- Remove JDK-8165996/PR3506/RH1760437 & JDK-8251117/RH1860990 as now applied upstream. +- Replace JDK-8223482/RH1860965 with RH1860986 (disable TLSv1.3 when using the NSS-FIPS provider) +- Resolves: rhbz#1876665 + +* Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b05-0.3.ea +- Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR +- Resolves: rhbz#1876665 + +* Thu Oct 08 2020 Andrew Hughes - 1:1.8.0.272.b05-0.2.ea +- Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. +- Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 +- Resolves: rhbz#1876665 + +* Thu Oct 08 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b05. +- Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 +- Resolves: rhbz#1876665 + +* Wed Oct 07 2020 Andrew Hughes - 1:1.8.0.272.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b04. +- Update tarball generation script to use PR3795, following inclusion of JDK-8177334 +- Resolves: rhbz#1876665 + +* Mon Oct 05 2020 Andrew Hughes - 1:1.8.0.272.b03-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b03. +- Resolves: rhbz#1876665 + +* Mon Oct 05 2020 Andrew Hughes - 1:1.8.0.272.b02-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b02. +- Remove JDK-8154313 backport now applied upstream. +- Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. +- Resolves: rhbz#1876665 + +* Mon Oct 05 2020 Andrew Hughes - 1:1.8.0.272.b01-0.1.ea +- Update to aarch64-shenandoah-jdk8u272-b01. +- Switch to EA mode. +- Add debugging output for build. +- JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. +- Resolves: rhbz#1876665 + +* Thu Sep 17 2020 Andrew Hughes - 1:1.8.0.265.b01-4 +- Add patch to cancel PKCS#11 operations on failure (RH1868759) +- Resolves: rhbz#1868759 + +* Tue Aug 25 2020 Andrew Hughes - 1:1.8.0.265.b01-3 +- Add backport of JDK-8251117 to allow key length to be retrieved from PKCS#11 FIPS keys +- Resolves: rhbz#1860993 + +* Tue Aug 25 2020 Andrew Hughes - 1:1.8.0.265.b01-2 +- Add backport of JDK-8223482 so PKCS#11 FIPS provider does not offer unsupported ciphers. +- Resolves: rhbz#1860965 + +* Mon Jul 27 2020 Andrew Hughes - 1:1.8.0.265.b01-1 +- Update to aarch64-shenandoah-jdk8u265-b01. +- Update release notes for 8u265 release. +- Resolves: rhbz#1860453 + +* Mon Jul 27 2020 Jiri Vanek - 1:1.8.0.262.b10-3 +- ASSEMBLY_EXCEPTION LICENSE THIRD_PARTY_README moved to fully versioned dirs +- Resolves: rhbz#1831665 + +* Thu Jul 16 2020 Andrew Hughes - 1:1.8.0.262.b10-2 +- Remove issues in NEWS file duplicated between 8u252 & 8u262 releases. +- Resolves: rhbz#1838811 + +* Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-1 +- Update to aarch64-shenandoah-jdk8u262-b10. +- Switch to GA mode for final release. +- Update release notes for 8u262 release. +- Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. +- Split JDK-8042159 patch into per-repo patches as upstream. +- Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk +- Resolves: rhbz#1838811 + +* Sat Jul 11 2020 Andrew Hughes - 1:1.8.0.262.b09-0.3.ea +- Restructure the build so a minimal initial build is then used for the final build (with docs) +- This reduces pressure on the system JDK and ensures the JDK being built can do a full build +- Resolves: rhbz#1838811 + +* Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea +- Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 +- Resolves: rhbz#1838811 + +* Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea +- With JDK-8248399 fixed, a broken jfr binary is no longer installed on architectures without JFR. +- Resolves: rhbz#1838811 + +* Thu Jul 09 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b09. +- Resolves: rhbz#1838811 + +* Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b08-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b08. +- Resolves: rhbz#1838811 + +* Tue Jul 07 2020 Andrew Hughes - 1:1.8.0.262.b07-0.3.ea +- Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. +- Resolves: rhbz#1838811 + +* Sun Jul 05 2020 Andrew Hughes - 1:1.8.0.262.b07-0.2.ea +- Sync alt-java support with java-11-openjdk version. +- Resolves: rhbz#1838811 + +* Sat Jul 04 2020 Jiri Vanek - 1:1.8.0.262.b07-0.2.ea +- Created copy of java as alt-java and adapted alternatives and man pages +- Resolves: rhbz#1838811 + +* Fri Jul 03 2020 Andrew Hughes - 1:1.8.0.262.b07-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b07. +- Require tzdata 2020a so system tzdata matches resource updates in b07 +- Resolves: rhbz#1838811 + +* Tue Jun 30 2020 Andrew Hughes - 1:1.8.0.262.b06-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b06. +- Resolves: rhbz#1838811 + +* Mon Jun 29 2020 Andrew Hughes - 1:1.8.0.262.b05-0.4.ea +- Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. +- Resolves: rhbz#1838811 + +* Mon Jun 29 2020 Andrew Hughes - 1:1.8.0.262.b05-0.3.ea +- Add directories to files directive for demo package. +- Resolves: rhbz#1649801 + +* Sun Jun 28 2020 Andrew Hughes - 1:1.8.0.262.b05-0.2.ea +- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +- Resolves: rhbz#1582504 + +* Sat Jun 27 2020 Andrew Hughes - 1:1.8.0.262.b05-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b05. +- Resolves: rhbz#1838811 + +* Fri Jun 26 2020 Andrew Hughes - 1:1.8.0.262.b04-0.1.ea +- Update to aarch64-shenandoah-jdk8u262-b04. +- Resolves: rhbz#1838811 + * Wed Jun 24 2020 Andrew Hughes - 1:1.8.0.262.b03-0.2.ea - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811