From 7318fd85fc5513524c540637a6260187a668105b Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 18 2021 06:43:35 +0000 Subject: import java-11-openjdk-11.0.10.0.9-8.el8 --- diff --git a/.gitignore b/.gitignore index 3c4bce6..a74a0bc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz -SOURCES/tapsets-icedtea-3.15.0.tar.xz +SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz +SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index 5e1952f..b95ace3 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -a339f6e108c16a23c47504565b602a6fc395bf2e SOURCES/jdk-updates-jdk11u-jdk-11.0.11+9-4curve.tar.xz -7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz +8fb81cb2ae37ec04bfc0e3651257a9f9756786a6 SOURCES/jdk-updates-jdk11u-jdk-11.0.10+9-4curve.tar.xz +c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 4b4509e..48dce6e 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,337 +3,6 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY -New in release OpenJDK 11.0.11 (2021-04-20): -============================================= -Live versions of these release notes can be found at: - * https://bitly.com/openjdk11011 - * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt - -* Security fixes - - JDK-8244473: Contextualize registration for JNDI - - JDK-8244543: Enhanced handling of abstract classes - - JDK-8249906, CVE-2021-2163: Enhance opening JARs - - JDK-8250568, CVE-2021-2161: Less ambiguous processing - - JDK-8253799: Make lists of normal filenames - - JDK-8257001: Improve Http Client Support -* Other changes - - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled - - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection - - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing - - JDK-8168869: jdeps: localized messages don't use proper line breaks - - JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID - - JDK-8202343: Disable TLS 1.0 and 1.1 - - JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers - - JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes - - JDK-8210413: AArch64: Optimize div/rem by constant in C1 - - JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction - - JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar - - JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output - - JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak - - JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module - - JDK-8212043: Add floating-point Math.min/max intrinsics - - JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out - - JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows - - JDK-8213909: jdeps --print-module-deps should report missing dependences - - JDK-8214180: Need better granularity for sleeping - - JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file - - JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable - - JDK-8214741: docs/index.html has no title or copyright - - JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043 - - JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails - - JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown - - JDK-8218550: Add test omitted from JDK-8212043 - - JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event - - JDK-8221995: AARCH64: problems with CAS instructions encoding - - JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread - - JDK-8222785: aarch64: add necessary masking for immediate shift counts - - JDK-8223186: HotSpot compile warnings from GCC 9 - - JDK-8225773: jdeps --check produces NPE if there are missing module dependences - - JDK-8225805: Java Access Bridge does not close the logger - - JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props - - JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line - - JDK-8229474: Shenandoah: Cleanup CM::update_roots() - - JDK-8232225: Rework the fix for JDK-8071483 - - JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant - - JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain - - JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system - - JDK-8233912: aarch64: minor improvements of atomic operations - - JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier - - JDK-8234742: Improve handshake logging - - JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure - - JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate - - JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag - - JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test - - JDK-8237392: Shenandoah: Remove unreliable assertion - - JDK-8237483: AArch64 C1 OopMap inserted twice fatal error - - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7 - - JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS) - - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1 - - JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent." - - JDK-8240751: Shenandoah: fold ShenandoahTracer definition - - JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found" - - JDK-8241598: Upgrade JLine to 3.14.0 - - JDK-8241649: Optimize Character.toString - - JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module - - JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I - - JDK-8242030: Wrong package declarations in jline classes after JDK-8241598 - - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled - - JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox - - JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal - - JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI - - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files - - JDK-8244340: Handshake processing thread lacks yielding - - JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file - - JDK-8244683: A TSA server used by tests - - JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant - - JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused - - JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent - - JDK-8245512: CRC32 optimization using AVX512 instructions - - JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos - - JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel - - JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683 - - JDK-8247200: assert((unsigned)fpargs < 32) - - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn. - - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit - - JDK-8248865: Document JNDI/LDAP timeout properties - - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken. - - JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent - - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows - - JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash - - JDK-8249787: Make TestGCLocker more resilient with concurrent GCs - - JDK-8249867: xml declaration is not followed by a newline - - JDK-8250911: [windows] os::pd_map_memory() error detection broken - - JDK-8251255: [linux] Add process-memory information to hs-err and VM.info - - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier - - JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance - - JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java - - JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X - - JDK-8253220: Epsilon: clean up unused code/declarations - - JDK-8253274: The CycleDMImagetest brokes the system - - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node - - JDK-8253368: TLS connection always receives close_notify exception - - JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms - - JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop() - - JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit - - JDK-8253409: Double-rounding possibility in float fma - - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities - - JDK-8253524: C2: Refactor code that clones predicates during loop unswitching - - JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected - - JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed - - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn - - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*) - - JDK-8254104: MethodCounters must exist before nmethod is installed - - JDK-8254734: "dead loop detected" assert failure with patch from 8223051 - - JDK-8254748: Bad Copyright header format after JDK-8212218 - - JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs - - JDK-8255058: C1: assert(is_virtual()) failed: type check - - JDK-8255351: Add detection for Graviton 2 CPUs - - JDK-8255387: Japanese characters were printed upside down on AIX - - JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity - - JDK-8255544: Create a checked cast - - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI() - - JDK-8255681: print callstack in error case in runAWTLoopWithApp - - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too - - JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls - - JDK-8255845: Memory leak in imageFile.cpp - - JDK-8255880: UI of Swing components is not redrawn after their internal state changed - - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem - - JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls - - JDK-8256056: Deoptimization stub doesn't save vector registers on x86 - - JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers - - JDK-8256187: [TEST_BUG] Automate bug4275046.java test - - JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg - - JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe - - JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows - - JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32 - - JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails - - JDK-8256387: Unexpected result if patching an entire instruction on AArch64 - - JDK-8256421: Add 2 HARICA roots to cacerts truststore - - JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory - - JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners - - JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2 - - JDK-8256633: Fix product build on Windows+Arm64 - - JDK-8256682: JDK-8202343 is incomplete - - JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file - - JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32 - - JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test - - JDK-8256807: C2: Not marking stores correctly as mismatched in string opts - - JDK-8256810: Incremental rebuild broken on Macosx - - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources - - JDK-8256888: Client manual test problem list update - - JDK-8257083: Security infra test failures caused by JDK-8202343 - - JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11 - - JDK-8257423: [PPC64] Support -XX:-UseInlineCaches - - JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on - - JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset()) - - JDK-8257547: Handle multiple prereqs on the same line in deps files - - JDK-8257561: Some code is not vectorized after 8251925 and 8250607 - - JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler - - JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification - - JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle - - JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm - - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks - - JDK-8257707: Fix incorrect format string in Http1HeaderParser - - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines - - JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset() - - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test - - JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime. - - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884 - - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region - - JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234 - - JDK-8258247: Couple of issues in fix for JDK-8249906 - - JDK-8258373: Update the text handling in the JPasswordField - - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk() - - JDK-8258419: RSA cipher buffer cleanup - - JDK-8258471: "search codecache" clhsdb command does not work - - JDK-8258534: Epsilon: clean up unused includes - - JDK-8258805: Japanese characters not entered by mouse click on Windows 10 - - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures - - JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo - - JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test - - JDK-8259007: This test printed a blank page - - JDK-8259049: Uninitialized variable after JDK-8257513 - - JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false - - JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState - - JDK-8259231: Epsilon: improve performance under contention during virtual space expansion - - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region" - - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days - - JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes - - JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input - - JDK-8259428: AlgorithmId.getEncodedParams() should return copy - - JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty - - JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags - - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect - - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543 - - JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value - - JDK-8259707: LDAP channel binding does not work with StartTLS extension - - JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction - - JDK-8259849: Shenandoah: Rename store-val to IU-barrier - - JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp - - JDK-8260029: aarch64: fix typo in verify_oop_array - - JDK-8260308: Update LogCompilation junit to 4.13.1 - - JDK-8260338: Some fields in HaltNode is not cloned - - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS - - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a - - JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive - - JDK-8260497: Shenandoah: Improve SATB flushing - - JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict - - JDK-8260632: Build failures after JDK-8253353 - - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end - - JDK-8261022: Fix incorrect result of Math.abs() with char type - - JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x - - JDK-8261183: Follow on to Make lists of normal filenames - - JDK-8261209: isStandalone property: remove dependency on pretty-print - - JDK-8261231: Windows IME was disabled after DnD operation - - JDK-8261251: Shenandoah: Use object size for full GC humongous compaction - - JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined - - JDK-8261334: NMT: tuning statistic shows incorrect hash distribution - - JDK-8261413: Shenandoah: Disable class-unloading in I-U mode - - JDK-8261522: [PPC64] AES intrinsics write beyond the destination array - - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined - - JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap - - JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702 - - JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u - - JDK-8261912: Code IfNode::fold_compares_helper more defensively - - JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales - - JDK-8262018: Wrong format in SAP copyright header of OsVersionTest - - JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator - -Notes on individual issues: -=========================== - -core-libs/javax.naming: - -JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos -=============================================================== -A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has -been added to enable TLS Channel Binding data in LDAP authentication -over SSL/TLS protocol to the Windows AD server. The only valid value -at present is "tls-server-end-point", where channel binding data is -created on the base of the TLS server certificate. See RFC-5929 [0] -and the module description of the `java.naming` module for further -details. - -[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt - -security-libs/java.security: - -JDK-8260597: Added 2 HARICA Root CA Certificates -================================================ -The following root certificates have been added to the cacerts truststore: - -Alias Name: haricarootca2015 -Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - -Alias Name: haricaeccrootca2015 -Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR - -security-libs/javax.net.ssl: - -JDK-8256490: Disable TLS 1.0 and 1.1 -==================================== -TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer -considered secure and have been superseded by more secure and modern -versions (TLS 1.2 and 1.3). - -These versions have now been disabled by default. If you encounter -issues, you can, at your own risk, re-enable the versions by removing -"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms` -security property in the `java.security` configuration file. - -tools: - -JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies -====================================================================== -`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps` -options have been enhanced as follows. - -1. By default, they perform transitive module dependence analysis on -libraries on the class path and module path, both directly and -indirectly, as required by the given input JAR files or -classes. Previously, they only reported the modules required by the -given input JAR files or classes. The `--no-recursive` option can be -used to request non-transitive dependence analysis. - -2. By default, they flag any missing dependency, i.e. not found from -class path and module path, as an error. The `--ignore-missing-deps` -option can be used to suppress missing dependence errors. Note that a -custom image is created with the list of modules output by jdeps when -using the `--ignore-missing-deps` option for a non-modular -application. Such an application, running on the custom image, might -fail at runtime when missing dependence errors are suppressed. - -xml/jaxp: - -JDK-8249867 XML declaration is not followed by a newline -======================================================== - -The DOM Load and Save `LSSerializer` does not have an explicit control -for whether or not the XML Declaration ends with a newline. In this -release, a JDK implementation specific property -`http://www.oracle.com/xml/jaxp/properties/isStandalone` and -corresponding System property `jdk.xml.isStandalone` are added to -control the addition of a newline and act independently without -having to set the pretty-print property. This property can be used to -reverse the incompatible change introduced in Java SE 7 Update 4 with -an update of Xalan 2.7.1 where a newline is omitted when pretty-print -is required. - -For details, please refer to the bug report and the java.xml module-summary. - -Usage: - -// to set the property, get an instance of LSSerializer and set it along with pretty-print -LSSerializer ser = impl.createLSSerializer(); -ser.getDomConfig().setParameter("format-pretty-print", true); -ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true); - -// to use the System property, set it before initializing a LSSerializer -System.setProperty("jdk.xml.isStandalone", “true”); - -// to clear the property, place the line anywhere after the LSSerializer is initialized -System.clearProperty("jdk.xml.isStandalone"); - New in release OpenJDK 11.0.10 (2021-01-19): ============================================= Live versions of these release notes can be found at: diff --git a/SOURCES/rh1868740-cryptoki_access_to_sunjce.patch b/SOURCES/rh1868740-cryptoki_access_to_sunjce.patch new file mode 100644 index 0000000..d673434 --- /dev/null +++ b/SOURCES/rh1868740-cryptoki_access_to_sunjce.patch @@ -0,0 +1,12 @@ +diff -r eba0f976c468 -r 1fceafb49be5 src/java.base/share/classes/module-info.java +--- openjdk/src/java.base/share/classes/module-info.java Thu Jul 30 15:05:22 2020 +0200 ++++ openjdk/src/java.base/share/classes/module-info.java Thu Aug 13 15:17:59 2020 +0200 +@@ -132,6 +132,8 @@ + // additional qualified exports may be inserted at build time + // see make/gensrc/GenModuleInfo.gmk + ++ exports com.sun.crypto.provider to ++ jdk.crypto.cryptoki; + exports com.sun.security.ntlm to + java.security.sasl; + exports jdk.internal to diff --git a/SOURCES/rh1868754-pkcs11_cancel_on_failure.patch b/SOURCES/rh1868754-pkcs11_cancel_on_failure.patch new file mode 100644 index 0000000..1c47913 --- /dev/null +++ b/SOURCES/rh1868754-pkcs11_cancel_on_failure.patch @@ -0,0 +1,21 @@ +diff -r e10f558e1df5 openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java +--- openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 16:12:32 2020 +0100 ++++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Cipher.java Mon Aug 31 15:17:50 2020 -0300 +@@ -628,7 +628,7 @@ + throw (ShortBufferException) + (new ShortBufferException().initCause(e)); + } +- reset(false); ++ reset(true); + throw new ProviderException("update() failed", e); + } + } +@@ -746,7 +746,7 @@ + throw (ShortBufferException) + (new ShortBufferException().initCause(e)); + } +- reset(false); ++ reset(true); + throw new ProviderException("update() failed", e); + } + } diff --git a/SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch b/SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch new file mode 100644 index 0000000..57bb977 --- /dev/null +++ b/SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch @@ -0,0 +1,60 @@ +# HG changeset patch +# User Zdenek Zambersky +# Date 1601403587 -7200 +# Tue Sep 29 20:19:47 2020 +0200 +# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158 +# Parent d484fdfcc7d5c21812de8a0712236d077b0f2dde +Fixed default policy for jdk.crypto.cryptoki + +diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy +--- openjdk.orig/src/java.base/share/lib/security/default.policy Wed Sep 02 07:36:15 2020 +0200 ++++ openjdk/src/java.base/share/lib/security/default.policy Tue Sep 29 20:19:47 2020 +0200 +@@ -124,6 +124,8 @@ + grant codeBase "jrt:/jdk.crypto.cryptoki" { + permission java.lang.RuntimePermission + "accessClassInPackage.sun.security.*"; ++ permission java.lang.RuntimePermission ++ "accessClassInPackage.com.sun.crypto.provider"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; +# HG changeset patch +# User Zdenek Zambersky +# Date 1601419086 -7200 +# Wed Sep 30 00:38:06 2020 +0200 +# Node ID 02c8b154f728be3dd06239a98519d654e2127186 +# Parent f77ac813eee61b2e9616b2d71a2c5372d0cbd158 +P11Util: Create provider in priviledged block + +diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java +--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Tue Sep 29 20:19:47 2020 +0200 ++++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Wed Sep 30 00:38:06 2020 +0200 +@@ -87,14 +87,20 @@ + } + p = Security.getProvider(providerName); + if (p == null) { +- try { +- @SuppressWarnings("deprecation") +- Object o = Class.forName(className).newInstance(); +- p = (Provider)o; +- } catch (Exception e) { +- throw new ProviderException +- ("Could not find provider " + providerName, e); +- } ++ p = AccessController.doPrivileged( ++ new PrivilegedAction() { ++ public Provider run() { ++ try { ++ @SuppressWarnings("deprecation") ++ Object o = Class.forName(className).newInstance(); ++ return (Provider) o; ++ } catch (Exception e) { ++ throw new ProviderException ++ ("Could not find provider " + providerName, e); ++ } ++ } ++ } ++ ); + } + return p; + } diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 3f77f67..639e8fc 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -156,8 +156,6 @@ %else %global include_fastdebug_build 0 %endif -%else -%global include_fastdebug_build 0 %endif %if %{include_debug_build} @@ -291,7 +289,7 @@ # New Version-String scheme-style defines %global featurever 11 %global interimver 0 -%global updatever 11 +%global updatever 10 %global patchver 0 # If you bump featurever, you must bump also vendor_version_string # Used via new version scheme. JDK 11 was @@ -312,7 +310,7 @@ # Define vendor information used by OpenJDK %global oj_vendor Red Hat, Inc. -%global oj_vendor_url https://www.redhat.com/ +%global oj_vendor_url "https://www.redhat.com/" # Define what url should JVM offer in case of a crash report # order may be important, epel may have rhel declared %if 0%{?epel} @@ -331,7 +329,7 @@ %endif # Define IcedTea version used for SystemTap tapsets and desktop file -%global icedteaver 3.15.0 +%global icedteaver 6.0.0pre00-c848b93a8598 # Standard JPackage naming and versioning defines %global origin openjdk @@ -339,7 +337,7 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 9 -%global rpmrelease 0 +%global rpmrelease 8 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -428,6 +426,14 @@ %global rpm_state_dir %{_localstatedir}/lib/rpm-state/ +# For flatpack builds hard-code /usr/sbin/alternatives, +# otherwise use %%{_sbindir} relative path. +%if 0%{?flatpak} +%global alternatives_requires /usr/sbin/alternatives +%else +%global alternatives_requires %{_sbindir}/alternatives +%endif + %if %{with_systemtap} # Where to install systemtap tapset (links) # We would like these to be in a package specific sub-dir, @@ -999,8 +1005,8 @@ Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros Requires: javapackages-filesystem # Require zone-info data provided by tzdata-java sub-package -# 2021a required as of JDK-8260356 in April 2021 CPU -Requires: tzdata-java >= 2021a +# 2020b required as of JDK-8254177 in October CPU +Requires: tzdata-java >= 2020b # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1014,11 +1020,11 @@ Requires: cups-libs # for FIPS PKCS11 provider Requires: nss # Post requires alternatives to install tool alternatives -Requires(post): %{_sbindir}/alternatives +Requires(post): %{alternatives_requires} # in version 1.7 and higher for --family switch Requires(post): chkconfig >= 1.7 # Postun requires alternatives to uninstall tool alternatives -Requires(postun): %{_sbindir}/alternatives +Requires(postun): %{alternatives_requires} # in version 1.7 and higher for --family switch Requires(postun): chkconfig >= 1.7 # for optional support of kernel stream control, card reader and printing bindings @@ -1044,11 +1050,11 @@ Provides: java-headless%{?1} = %{epoch}:%{version}-%{release} Requires: %{name}%{?1}%{?_isa} = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} # Post requires alternatives to install tool alternatives -Requires(post): %{_sbindir}/alternatives +Requires(post): %{alternatives_requires} # in version 1.7 and higher for --family switch Requires(post): chkconfig >= 1.7 # Postun requires alternatives to uninstall tool alternatives -Requires(postun): %{_sbindir}/alternatives +Requires(postun): %{alternatives_requires} # in version 1.7 and higher for --family switch Requires(postun): chkconfig >= 1.7 @@ -1097,11 +1103,11 @@ Provides: java-demo%{?1} = %{epoch}:%{version}-%{release} %define java_javadoc_rpo() %{expand: OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} # Post requires alternatives to install javadoc alternative -Requires(post): %{_sbindir}/alternatives +Requires(post): %{alternatives_requires} # in version 1.7 and higher for --family switch Requires(post): chkconfig >= 1.7 # Postun requires alternatives to uninstall javadoc alternative -Requires(postun): %{_sbindir}/alternatives +Requires(postun): %{alternatives_requires} # in version 1.7 and higher for --family switch Requires(postun): chkconfig >= 1.7 @@ -1167,7 +1173,7 @@ URL: http://openjdk.java.net/ Source0: jdk-updates-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz # Use 'icedtea_sync.sh' to update the following -# They are based on code contained in the IcedTea project (3.x). +# They are based on code contained in the IcedTea project (6.x). # Systemtap tapsets. Zipped up to keep it small. Source8: tapsets-icedtea-%{icedteaver}.tar.xz @@ -1207,7 +1213,7 @@ Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch Patch2: rh1648644-java_access_bridge_privileged_security.patch # NSS via SunPKCS11 Provider (disabled due to memory leak). Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch -# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) +# enable build of speculative store bypass hardened alt-java Patch600: rh1750419-redhat_alt_java.patch # RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY Patch1003: rh1842572-rsa_default_for_keytool.patch @@ -1219,6 +1225,10 @@ Patch1001: rh1655466-global_crypto_and_fips.patch Patch1002: rh1818909-fips_default_keystore_type.patch # RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available Patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch +# RH1868740: FIPS: IllegalAccessException by pkcs11 provider +Patch1005: rh1868740-cryptoki_access_to_sunjce.patch +# RH1883849: FIPS: IllegalAccessException by pkcs11 provider with security manager on +Patch1006: rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch # RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess Patch1007: rh1915071-always_initialise_configurator_access.patch @@ -1244,6 +1254,8 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch # PR3695: Allow use of system crypto policy to be disabled by the user Patch7: pr3695-toggle_system_crypto_policy.patch +# RH1868754: FIPS: Ciphers remain in broken state (unusable), after being supplied with wrongly sized buffer +Patch11: rh1868754-pkcs11_cancel_on_failure.patch ############################################# # @@ -1292,8 +1304,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel %ifnarch %{jit_arches} BuildRequires: libffi-devel %endif -# 2021a required as of JDK-8260356 in April 2021 CPU -BuildRequires: tzdata-java >= 2021a +# 2020b required as of JDK-8254177 in October CPU +BuildRequires: tzdata-java >= 2020b # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1621,6 +1633,7 @@ pushd %{top_level_dir_name} %patch3 -p1 %patch4 -p1 %patch7 -p1 +%patch11 -p1 popd # openjdk %patch1000 @@ -1629,6 +1642,8 @@ popd # openjdk %patch1002 %patch1003 %patch1004 +%patch1005 +%patch1006 %patch1007 # Extract systemtap tapsets @@ -1646,11 +1661,12 @@ for suffix in %{build_loop} ; do for file in "tapset"$suffix/*.in; do OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1 + sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2 # TODO find out which architectures other than i686 have a client vm %ifarch %{ix86} - sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.1 > $OUTPUT_FILE + sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE %else - sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE + sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE %endif sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE @@ -1862,7 +1878,7 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") # Check correct vendor values have been set $JAVA_HOME/bin/javac -d . %{SOURCE16} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi @@ -2334,65 +2350,57 @@ end %endif %changelog -* Thu Apr 15 2021 Andrew Hughes - 1:11.0.11.0.9-0 -- Update to jdk-11.0.11.0+9 -- Update release notes to 11.0.11.0+9 -- Require tzdata 2020f to match upstream change JDK-8259048 -- Require tzdata 2021a to match upstream change JDK-8260356 -- Remove RH1868754 patch as this is now resolved upstream by JDK-8258833 -- Remove RH1868740 & RH1883849 patches as these are now resolved by JDK-8259319 -- This tarball is embargoed until 2021-04-20 @ 1pm PT. -- Resolves: rhbz#1938201 - -* Thu Apr 15 2021 Jayashree Huttanagoudar - 1:11.0.11.0.9-0 -- Fix issue where CheckVendor.java test erroneously passes when it should fail. -- Add proper quoting so '&' is not treated as a special character by the shell. -- Fixed not-including fastdebug build in case of --without fastdebug -- Resolves: rhbz#1938201 - -* Mon Feb 22 2021 Andrew Hughes - 1:11.0.10.0.9-5 +* Mon Feb 22 2021 Andrew Hughes - 1:11.0.10.0.9-8 - Perform static library build on a separate source tree with bundled image libraries - Make static library build optional - Based on initial work by Severin Gehwolf - Resolves: rhbz#1930513 -* Mon Jan 18 2021 Andrew Hughes - 1:11.0.10.0.9-4 +* Mon Feb 22 2021 Andrew Hughes - 1:11.0.10.0.9-7 +- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) +- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository +- Resolves: rhbz#1814915 + +* Mon Feb 22 2021 Stephan Bergmann - 1:11.0.10.0.9-6 +- Hardcode /usr/sbin/alternatives for Flatpak builds +- Resolves: rhbz#1930370 + +* Mon Jan 18 2021 Andrew Hughes - 1:11.0.10.0.9-5 - Fix accidental use of $ instead of % for variable reference. - Resolves: rhbz#1908972 -* Mon Jan 18 2021 Andrew Hughes - 1:11.0.10.0.9-3 +* Mon Jan 18 2021 Andrew Hughes - 1:11.0.10.0.9-4 - Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs. - Resolves: rhbz#1915071 -* Sun Jan 17 2021 Andrew Hughes - 1:11.0.10.0.9-2 +* Sun Jan 17 2021 Andrew Hughes - 1:11.0.10.0.9-3 - Fix debug and fastdebug descriptions to emphasise the difference is optimisation or no optimisation. - Resolves: rhbz#1908972 -* Sun Jan 17 2021 Jiri Vanek - 1:11.0.10.0.9-2 +* Sun Jan 17 2021 Jiri Vanek - 1:11.0.10.0.9-3 - Removed lib-style provides for fastdebug_suffix_unquoted - Fixed missing condition for fastdebug packages being counted as debug ones - Fix typo in variable - Resolves: rhbz#1908972 -* Sun Jan 17 2021 Andrew Hughes - 1:11.0.10.0.9-1 +* Sun Jan 17 2021 Andrew Hughes - 1:11.0.10.0.9-2 - Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode - Resolves: rhbz#1894083 -* Fri Jan 15 2021 Andrew Hughes - 1:11.0.10.0.9-0 +* Fri Jan 15 2021 Andrew Hughes - 1:11.0.10.0.9-1 - Update to jdk-11.0.10.0+9 - Update release notes to 11.0.10.0+9 - Switch to GA mode for final release. -- This tarball is embargoed until 2021-01-19 @ 1pm PT. - Resolves: rhbz#1908972 -* Thu Jan 14 2021 Andrew Hughes - 1:11.0.10.0.8-0.0.ea +* Thu Jan 14 2021 Andrew Hughes - 1:11.0.10.0.8-0.1.ea - Update to jdk-11.0.10.0+8 - Update release notes to 11.0.10.0+8. - Update tarball generation script to use PR3818 which handles JDK-8171279 changes - Drop JDK-8250861 as applied upstream. - Resolves: rhbz#1903908 -* Tue Jan 12 2021 Andrew John Hughes - 1:11.0.10.0.1-0.0.ea +* Tue Jan 12 2021 Andrew John Hughes - 1:11.0.10.0.1-0.1.ea - Update to jdk-11.0.10.0+1 - Update release notes to 11.0.10.0+1 - Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly. @@ -2406,41 +2414,47 @@ end - Adjust RH1842572 patch due to context change from JDK-8213400 - Resolves: rhbz#1903908 -* Tue Dec 29 2020 Andrew Hughes - 1:11.0.9.11-6 +* Tue Dec 29 2020 Andrew Hughes - 1:11.0.9.11-9 - Introduced ssbd_arches to denote architectures with SSBD mitigation (currently only x86_64) - Introduced nm-based check to verify alt-java on ssbd_arches is patched, and no other alt-java or java binaries are patched - RH1750419 patch amended to emit a warning on architectures where alt-java is the same as java - Resolves: rhbz#1784116 -* Tue Dec 29 2020 Jiri Vanek - 1:11.0.9.11-6 +* Tue Dec 29 2020 Jiri Vanek - 1:11.0.9.11-9 - Redefined linux -> __linux__ and __x86_64 -> __x86_64__ in RH1750419 patch - Resolves: rhbz#1784116 -* Tue Dec 29 2020 Andrew Hughes - 1:11.0.9.11-5 +* Tue Dec 29 2020 Andrew Hughes - 1:11.0.9.11-8 - Update release notes for 11.0.9.1 release. - Resolves: rhbz#1895274 -* Tue Dec 01 2020 Jiri Vanek - 1:11.0.9.11-4 -- Removed patch6: rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch -- Added patch600: rh1750419-redhat_alt_java.patch, surpassing removed patch -- No longer copy java->alt-java as it is created by patch600 +* Tue Dec 01 2020 Jiri Vanek - 1:11.0.9.11-7 +- removed patch6, rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch +- added patch600, rh1750419-redhat_alt_java.patch, suprassing removed patch +- no longer copying of java->alt-java as it is created by patch600 - Resolves: rhbz#1784116 -* Wed Nov 11 2020 Andrew Hughes - 1:11.0.9.11-3 +* Wed Nov 11 2020 Andrew Hughes - 1:11.0.9.11-6 - Fix typo of build_doc_archive/built_doc_archive - Resolves: rhbz#1895274 -* Wed Nov 04 2020 Severin Gehwolf - 1:11.0.9.11-3 +* Wed Nov 04 2020 Severin Gehwolf - 1:11.0.9.11-5 - Update to jdk-11.0.9.1+1 - RPM version stays at 11.0.9.11 so as to not break upgrade path. - Adds a single patch for JDK-8250861. - Resolves: rhbz#1895274 -* Thu Oct 29 2020 Jiri Vanek - 1:11.0.9.11-3 +* Thu Oct 29 2020 Jiri Vanek - 1:11.0.9.11-4 - Move all license files to NVR-specific JVM directory. - This bad placement was killing parallel installability and thus having a bad impact on leapp, if used. - Resolves: rhbz#1889481 +* Tue Oct 27 2020 Andrew Hughes - 1:11.0.9.11-3 +- Bump release number to build on RHEL 8.4.0 branch. +- Resolves: rhbz#1876665 +- Resolves: rhbz#1889497 +- Resolves: rhbz#1883849 + * Wed Oct 21 2020 Andrew Hughes - 1:11.0.9.11-2 - Add backport of JDK-8236512 to correct use of killSession - Resolves: rhbz#1889497 @@ -2463,13 +2477,13 @@ end * Thu Oct 15 2020 Andrew Hughes - 1:11.0.9.10-0.3.ea - Improve quoting of vendor name -- Resolves: rhbz#1883849 +- Resolves: rhbz#1876665 * Wed Oct 14 2020 Jiri Vanek - 1:11.0.9.10-0.3.ea - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Moved vendor_version_string to a better place -- Resolves: rhbz#1883849 +- Resolves: rhbz#1876665 * Wed Oct 14 2020 Andrew Hughes - 1:11.0.9.10-0.2.ea - Add patch to allow the PKCS11 provider access to the SunJCE provider with the security manager enabled