diff --git a/.gitignore b/.gitignore index 5a0db04..83e2bec 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-jdk11u-jdk-11.0.22+7.tar.xz +SOURCES/openjdk-jdk11u-jdk-11.0.23+9.tar.xz SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/.java-11-openjdk.metadata b/.java-11-openjdk.metadata index 929d41f..9bd8204 100644 --- a/.java-11-openjdk.metadata +++ b/.java-11-openjdk.metadata @@ -1,2 +1,2 @@ -7694237019564cbd5568e24ffae9754308d13b29 SOURCES/openjdk-jdk11u-jdk-11.0.22+7.tar.xz +db99bc0a0912f824db1043d18b199c154d57bb5b SOURCES/openjdk-jdk11u-jdk-11.0.23+9.tar.xz 7ae2cba67467825b2c2a5fec7aea041865023002 SOURCES/tapsets-icedtea-3.15.0.tar.xz diff --git a/SOURCES/NEWS b/SOURCES/NEWS index 66f7e86..6a44e0c 100644 --- a/SOURCES/NEWS +++ b/SOURCES/NEWS @@ -3,7 +3,347 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY -New in release OpenJDK 11.0.22 (2024-11-16): +New in release OpenJDK 11.0.23 (2024-04-16): +============================================ +Live versions of these release notes can be found at: + * https://bit.ly/openjdk11023 + +* CVEs + - CVE-2024-21012 + - CVE-2024-21011 + - CVE-2024-21085 + - CVE-2024-21068 + - CVE-2024-21094 +* Security fixes + - JDK-8315708: Enhance HTTP/2 client usage + - JDK-8319851: Improve exception logging + - JDK-8322114: Improve Pack 200 handling + - JDK-8322122: Enhance generation of addresses + - JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array" +* Other changes + - JDK-6928542: Chinese characters in RTF are not decoded + - JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/bug4517214.java fails on MacOS + - JDK-7148092: [macosx] When Alt+down arrow key is pressed, the combobox popup does not appear. + - JDK-8054022: HttpURLConnection timeouts with Expect: 100-Continue and no chunking + - JDK-8054572: [macosx] JComboBox paints the border incorrectly + - JDK-8058176: [mlvm] tests should not allow code cache exhaustion + - JDK-8067651: LevelTransitionTest.java, fix trivial methods levels logic + - JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005 intermittently times out + - JDK-8156889: ListKeychainStore.sh fails in some virtualized environments + - JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps timeouting + - JDK-8166554: Avoid compilation blocking in OverloadCompileQueueTest.java + - JDK-8169475: WheelModifier.java fails by timeout + - JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh to Java Jtreg Test + - JDK-8186610: move ModuleUtils to top-level testlibrary + - JDK-8192864: defmeth tests can hide failures + - JDK-8193543: Regression automated test '/open/test/jdk/java/awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java' fails + - JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/isexceeded001/TestDescription.java still failing + - JDK-8202282: [TESTBUG] appcds TestCommon.makeCommandLineForAppCDS() can be removed + - JDK-8202790: DnD test DisposeFrameOnDragTest.java does not clean up + - JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/ChoicePopupLocation.java fails + - JDK-8207211: [TESTBUG] Remove excessive output from CDS/AppCDS tests + - JDK-8207214: Broken links in JDK API serialized-form page + - JDK-8207855: Make applications/jcstress invoke tests in batches + - JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/TestDescription.java fails in jdk/hs nightly + - JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java.findDeadlock.INDIFY_Test Deadlocked threads are not always detected + - JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails in AUFS file system + - JDK-8208699: remove unneeded imports from runtime tests + - JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out often in hs-tier7 testing + - JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option is not always required for appcds tests + - JDK-8209549: remove VMPropsExt from TEST.ROOT + - JDK-8209595: MonitorVmStartTerminate.java timed out + - JDK-8209946: [TESTBUG] CDS tests should use "@run driver" + - JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java looks for libjsig in wrong location + - JDK-8211978: Move testlibrary/jdk/testlibrary/SimpleSSLContext.java and testkeys to network testlibrary + - JDK-8213622: Windows VS2013 build failure - "'snprintf': identifier not found" + - JDK-8213926: WB_EnqueueInitializerForCompilation requests compilation for NULL + - JDK-8213927: G1 ignores AlwaysPreTouch when UseTransparentHugePages is enabled + - JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr modules + - JDK-8214915: CtwRunner misses export for jdk.internal.access + - JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws NullPointerException + - JDK-8217475: Unexpected StackOverflowError in "process reaper" thread + - JDK-8218754: JDK-8068225 regression in JDIBreakpointTest + - JDK-8219475: javap man page needs to be updated + - JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/JMXInterfaceBindingTest.java passes trivially when it shouldn't + - JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper.TestCaseImpl can't be defined in different runtime package as its nest host + - JDK-8225471: Test utility jdk.test.lib.util.FileUtils.areAllMountPointsAccessible needs to tolerate duplicates + - JDK-8226706: (se) Reduce the number of outer loop iterations on Windows in java/nio/channels/Selector/RacyDeregister.java + - JDK-8226905: unproblem list applications/ctw/modules/* tests on windows + - JDK-8226910: make it possible to use jtreg's -match via run-test framework + - JDK-8227438: [TESTLIB] Determine if file exists by Files.exists in function FileUtils.deleteFileIfExistsWithRetry + - JDK-8231585: java/lang/management/ThreadMXBean/MaxDepthForThreadInfoTest.java fails with java.lang.NullPointerException + - JDK-8232839: JDI AfterThreadDeathTest.java failed due to "FAILED: Did not get expected IllegalThreadStateException on a StepRequest.enable()" + - JDK-8233453: MLVM deoptimize stress test timed out + - JDK-8234309: LFGarbageCollectedTest.java fails with parse Exception + - JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/AccessibleChoiceTest.java fails + - JDK-8237777: "Dumping core ..." is shown despite claiming that "# No core dump will be written." + - JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java failing with LDAP response read timeout + - JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel + - JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/AccessibleChoiceTest.java fails + - JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001 failed due to "(IsSameObject#3) unexpected monitor object: 0x000000562336DBA8" + - JDK-8246222: Rename javac test T6395981.java to be more informative + - JDK-8247818: GCC 10 warning stringop-overflow with symbol code + - JDK-8249087: Always initialize _body[0..1] in Symbol constructor + - JDK-8251349: Add TestCaseImpl to OverloadCompileQueueTest.java's build dependencies + - JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/btree010.java fails with ClassNotFoundException: nsk.sysdict.share.BTree0LLRLRLRRLR + - JDK-8253543: sanity/client/SwingSet/src/ButtonDemoScreenshotTest.java failed with "AssertionError: All pixels are not black" + - JDK-8253739: java/awt/image/MultiResolutionImage/MultiResolutionImageObserverTest.java fails + - JDK-8253820: Save test images and dumps with timestamps from client sanity suite + - JDK-8255277: randomDelay in DrainDeadlockT and LoggingDeadlock do not randomly delay + - JDK-8255546: Missing coverage for javax.smartcardio.CardPermission and ResponseAPDU + - JDK-8255743: Relax SIGFPE match in in runtime/ErrorHandling/SecondaryErrorTest.java + - JDK-8257505: nsk/share/test/StressOptions stressTime is scaled in getter but not when printed + - JDK-8259801: Enable XML Signature secure validation mode by default + - JDK-8264135: UnsafeGetStableArrayElement should account for different JIT implementation details + - JDK-8265349: vmTestbase/../stress/compiler/deoptimize/Test.java fails with OOME due to CodeCache exhaustion. + - JDK-8269025: jsig/Testjsig.java doesn't check exit code + - JDK-8269077: TestSystemGC uses "require vm.gc.G1" for large pages subtest + - JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java doesn't check exit code + - JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java doesn't check exit code + - JDK-8271828: mark hotspot runtime/classFileParserBug tests which ignore external VM flags + - JDK-8271829: mark hotspot runtime/Throwable tests which ignore external VM flags + - JDK-8271890: mark hotspot runtime/Dictionary tests which ignore external VM flags + - JDK-8272291: mark hotspot runtime/logging tests which ignore external VM flags + - JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't check exit codes + - JDK-8272551: mark hotspot runtime/modules tests which ignore external VM flags + - JDK-8272552: mark hotspot runtime/cds tests which ignore external VM flags + - JDK-8273803: Zero: Handle "zero" variant in CommandLineOptionTest.java + - JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java fails in Windows 11 + - JDK-8274621: NullPointerException because listenAddress[0] is null + - JDK-8276796: gc/TestSystemGC.java large pages subtest fails with ZGC + - JDK-8280007: Enable Neoverse N1 optimizations for Arm Neoverse V1 & N2 + - JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails with java.lang.RuntimeException: values differ by more than 1GB + - JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from problemlist. + - JDK-8281717: Cover logout method for several LoginModule + - JDK-8282665: [REDO] ByteBufferTest.java: replace endless recursion with RuntimeException in void ck(double x, double y) + - JDK-8284090: com/sun/security/auth/module/AllPlatforms.java fails to compile + - JDK-8285756: clean up use of bad arguments for `@clean` in langtools tests + - JDK-8285785: CheckCleanerBound test fails with PasswordCallback object is not released + - JDK-8285867: Convert applet manual tests SelectionVisible.java to Frame and automate + - JDK-8286846: test/jdk/javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on mac aarch64 + - JDK-8286969: Add a new test library API to execute kinit in SecurityTools.java + - JDK-8287113: JFR: Periodic task thread uses period for method sampling events + - JDK-8289511: Improve test coverage for XPath Axes: child + - JDK-8289764: gc/lock tests failed with "OutOfMemoryError: Java heap space: failed reallocation of scalar replaced objects" + - JDK-8289948: Improve test coverage for XPath functions: Node Set Functions + - JDK-8290399: [macos] Aqua LAF does not fire an action event if combo box menu is displayed + - JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests failed with "isUsageThresholdExceeded() returned false, and is still false, while threshold = MMMMMMM and used peak = NNNNNNN" + - JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup required permissions for jtreg version 7 jar + - JDK-8292946: GC lock/jni/jnilock001 test failed "assert(gch->gc_cause() == GCCause::_scavenge_alot || !gch->incremental_collection_failed()) failed: Twice in a row" + - JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed with "RuntimeException: Retrieved backing PlatformLogger level null is not the expected CONFIG" + - JDK-8294158: HTML formatting for PassFailJFrame instructions + - JDK-8294254: [macOS] javax/swing/plaf/aqua/CustomComboBoxFocusTest.java failure + - JDK-8294402: Add diagnostic logging to VMProps.checkDockerSupport + - JDK-8294535: Add screen capture functionality to PassFailJFrame + - JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails intermittently on a VM + - JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/AbstractDrbg/SpecTest.java intermittently timeout + - JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java failed: ExceptionInInitializerError: target class not found + - JDK-8300269: The selected item in an editable JComboBox with titled border is not visible in Aqua LAF + - JDK-8300727: java/awt/List/ListGarbageCollectionTest/AwtListGarbageCollectionTest.java failed with "List wasn't garbage collected" + - JDK-8301310: The SendRawSysexMessage test may cause a JVM crash + - JDK-8301377: adjust timeout for JLI GetObjectSizeIntrinsicsTest.java subtest again + - JDK-8301846: Invalid TargetDataLine after screen lock when using JFileChooser or COM library + - JDK-8302017: Allocate BadPaddingException only if it will be thrown + - JDK-8302109: Trivial fixes to btree tests + - JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java + - JDK-8302607: increase timeout for ContinuousCallSiteTargetChange.java + - JDK-8304074: [JMX] Add an approximation of total bytes allocated on the Java heap by the JVM + - JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373 + - JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1 + - JDK-8305502: adjust timeouts in three more M&M tests + - JDK-8305505: NPE in javazic compiler + - JDK-8305972: Update XML Security for Java to 3.0.2 + - JDK-8306072: Open source several AWT MouseInfo related tests + - JDK-8306076: Open source AWT misc tests + - JDK-8306409: Open source AWT KeyBoardFocusManger, LightWeightComponent related tests + - JDK-8306640: Open source several AWT TextArea related tests + - JDK-8306652: Open source AWT MenuItem related tests + - JDK-8306681: Open source more AWT DnD related tests + - JDK-8306683: Open source several clipboard and color AWT tests + - JDK-8306752: Open source several container and component AWT tests + - JDK-8306753: Open source several container AWT tests + - JDK-8306755: Open source few Swing JComponent and AbstractButton tests + - JDK-8306812: Open source several AWT Miscellaneous tests + - JDK-8306871: Open source more AWT Drag & Drop tests + - JDK-8306996: Open source Swing MenuItem related tests + - JDK-8307123: Fix deprecation warnings in DPrinter + - JDK-8307130: Open source few Swing JMenu tests + - JDK-8307299: Move more DnD tests to open + - JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing JTableHeader tests + - JDK-8307381: Open Source JFrame, JIF related Swing Tests + - JDK-8307683: Loop Predication should not hoist range checks with trap on success projection by negating their condition + - JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC while allocating + - JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler.compile does not close files + - JDK-8308223: failure handler missed jcmd.vm.info command + - JDK-8308232: nsk/jdb tests don't pass -verbose flag to the debuggee + - JDK-8308245: Add -proc:full to describe current default annotation processing policy + - JDK-8308336: Test java/net/HttpURLConnection/HttpURLConnectionExpectContinueTest.java failed: java.net.BindException: Address already in use + - JDK-8309104: [JVMCI] compiler/unsafe/UnsafeGetStableArrayElement test asserts wrong values with Graal + - JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton predicates for all If nodes in loop predication + - JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/agentthr001/TestDescription.java crashing due to empty while loop + - JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when using second test directory + - JDK-8309870: Using -proc:full should be considered requesting explicit annotation processing + - JDK-8310106: sun.security.ssl.SSLHandshake.getHandshakeProducer() incorrectly checks handshakeConsumers + - JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/bug6889007.java fails + - JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/interrupt001.java timed out due to missing prompt + - JDK-8310807: java/nio/channels/DatagramChannel/Connect.java timed out + - JDK-8311081: KeytoolReaderP12Test.java fail on localized Windows platform + - JDK-8311511: Improve description of NativeLibrary JFR event + - JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java + - JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + - JDK-8313082: Enable CreateCoredumpOnCrash for testing in makefiles + - JDK-8313164: src/java.desktop/windows/native/libawt/windows/awt_Robot.cpp GetRGBPixels adjust releasing of resources + - JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground release resources in early returns + - JDK-8313643: Update HarfBuzz to 8.2.2 + - JDK-8313816: Accessing jmethodID might lead to spurious crashes + - JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + - JDK-8314164: java/net/HttpURLConnection/HttpURLConnectionExpectContinueTest.java fails intermittently in timeout + - JDK-8314883: Java_java_util_prefs_FileSystemPreferences_lockFile0 write result errno in missing case + - JDK-8315034: File.mkdirs() occasionally fails to create folders on Windows shared folder + - JDK-8315042: NPE in PKCS7.parseOldSignedData + - JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some cases + - JDK-8315499: build using devkit on Linux ppc64le RHEL puts path to devkit into libsplashscreen + - JDK-8315594: Open source few headless Swing misc tests + - JDK-8315600: Open source few more headless Swing misc tests + - JDK-8315602: Open source swing security manager test + - JDK-8315606: Open source few swing text/html tests + - JDK-8315611: Open source swing text/html and tree test + - JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should run with -Xbatch + - JDK-8315731: Open source several Swing Text related tests + - JDK-8315761: Open source few swing JList and JMenuBar tests + - JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/bug4654927.java: component must be showing on the screen to determine its location + - JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use createTestJvm + - JDK-8316028: Update FreeType to 2.13.2 + - JDK-8316030: Update Libpng to 1.6.40 + - JDK-8316106: Open source few swing JInternalFrame and JMenuBar tests + - JDK-8316461: Fix: make test outputs TEST SUCCESS after unsuccessful exit + - JDK-8316947: Write a test to check textArea triggers MouseEntered/MouseExited events properly + - JDK-8317307: test/jdk/com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information + - JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js + - JDK-8318154: Improve stability of WheelModifier.java test + - JDK-8318340: Improve RSA key implementations + - JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows + - JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 + - JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java + - JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni tests + - JDK-8318608: Enable parallelism in vmTestbase/nsk/stress/threads tests + - JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with "transport error 202: bind failed: Address already in use" + - JDK-8318889: C2: add bailout after assert Bad graph detected in build_loop_late + - JDK-8318951: Additional negative value check in JPEG decoding + - JDK-8318955: Add ReleaseIntArrayElements in Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to early return + - JDK-8318971: Better Error Handling for Jar Tool When Processing Non-existent Files + - JDK-8318983: Fix comment typo in PKCS12Passwd.java + - JDK-8319124: Update XML Security for Java to 3.0.3 + - JDK-8319456: jdk/jfr/event/gc/collection/TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker Initiated GC' not in the valid causes + - JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh + - JDK-8320001: javac crashes while adding type annotations to the return type of a constructor + - JDK-8320208: Update Public Suffix List to b5bf572 + - JDK-8320363: ppc64 TypeEntries::type_unknown logic looks wrong, missed optimization opportunity + - JDK-8320597: RSA signature verification fails on signed data that does not encode params correctly + - JDK-8320798: Console read line with zero out should zero out underlying buffer + - JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23 + - JDK-8320937: support latest VS2022 MSC_VER in abstract_vm_version.cpp + - JDK-8321151: JDK-8294427 breaks Windows L&F on all older Windows versions + - JDK-8321215: Incorrect x86 instruction encoding for VSIB addressing mode + - JDK-8321408: Add Certainly roots R1 and E1 + - JDK-8321480: ISO 4217 Amendment 176 Update + - JDK-8322178: Error. can't find jdk.testlibrary.SimpleSSLContext in test directory or libraries + - JDK-8322417: Console read line with zero out should zero out when throwing exception + - JDK-8322725: (tz) Update Timezone Data to 2023d + - JDK-8322750: Test "api/java_awt/interactive/SystemTrayTests.html" failed because A blue ball icon is added outside of the system tray + - JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is failing assert + - JDK-8322772: Clean up code after JDK-8322417 + - JDK-8323008: filter out harmful -std* flags added by autoconf from CXX + - JDK-8323243: JNI invocation of an abstract instance method corrupts the stack + - JDK-8323515: Create test alias "all" for all test roots + - JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/platform/docker/TestDockerMemoryMetrics.java always fail because OOM killed + - JDK-8324184: Windows VS2010 build failed with "error C2275: 'int64_t'" + - JDK-8324307: [11u] hotspot fails to build with GCC 12 and newer (non-static data member initializers) + - JDK-8324347: Enable "maybe-uninitialized" warning for FreeType 2.13.1 + - JDK-8324659: GHA: Generic jtreg errors are not reported + - JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/AKISerialNumber.java is failing + - JDK-8325150: (tz) Update Timezone Data to 2024a + - JDK-8326109: GCC 13 reports maybe-uninitialized warnings for jni.cpp with dtrace enabled + - JDK-8326503: [11u] java/net/HttpURLConnection/HttpURLConnectionExpectContinueTest.java fail because of package org.junit.jupiter.api does not exist + - JDK-8327391: Add SipHash attribution file + - JDK-8329837: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23 + +Notes on individual issues: +=========================== + +security-libs/javax.xml.crypto: + +JDK-8259801: Enable XML Signature Secure Validation Mode by Default +=================================================================== +The XML Signature secure validation mode is now enabled by default. +The `jdk.xml.dsig.secureValidationPolicy` security property can be +used to control secure validation mode restrictions and constraints. + +XML Signature secure validation mode can be set to `Boolean.FALSE` +via the `org.jcp.xml.dsig.secureValidation` property using the +`DOMValidateContext.setProperty()` API, if the previous behavior is +desirable and its associated security risks are taken into account. + +JDK-8319124: Update XML Security for Java to 3.0.3 +================================================== +The XML signature implementation in OpenJDK 11 has been updated to +Apache Santuario 3.0.3. This update introduces four new SHA-3 based +RSA-MGF1 SignatureMethod algorithms. + +However, the API of javax.xml.crypto.dsig.SignatureMethod can not be +changed in update releases to provide constants for these new +algorithms. The equivalent string literals should be used as below: + +* SHA3_224_RSA_MGF1: "http://www.w3.org/2007/05/xmldsig-more#sha3-224-rsa-MGF1" +* SHA3_256_RSA_MGF1: "http://www.w3.org/2007/05/xmldsig-more#sha3-256-rsa-MGF1" +* SHA3_384_RSA_MGF1: "http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1" +* SHA3_512_RSA_MGF1: "http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1" + +JDK-8305972: Update XML Security for Java to 3.0.2 +================================================== +Support has been added for ED25519 and ED448 signature algorithms. + +Avoid using the here() function henceforth. Users can disable the +here() function by setting `jdk.xml.dsig.hereFunctionSupported` to +"false". + +client-libs/java.awt + +JDK-8322750: AWT SystemTray API Is Not Supported on Most Linux Desktops +======================================================================= +The java.awt.SystemTray API is used to interact with the system's +desktop taskbar to provide notifications and may include an icon +representing an application. The GNOME desktop's support for taskbar +icons has not worked properly for several years, due to a platform +bug. This bug, in turn, affects the JDK's SystemTray support on GNOME +desktops. + +Therefore, in accordance with the SystemTray API specification, +java.awt.SystemTray.isSupported() will now return false on systems +that exhibit this bug, which is assumed to be those running a version +of GNOME Shell below 45. + +The impact of this change is likely to be minimal, as users of the +SystemTray API should already be able to handle isSupported() +returning false and the system tray on such platforms has already been +unsupported for a number of years for all applications. + +security-libs/java.security: + +JDK-8321408: Added Certainly R1 and E1 Root Certificates +======================================================== +The following root certificates have been added to the cacerts +truststore: + +Name: Certainly +Alias Name: certainlyrootr1 +Distinguished Name: CN=Certainly Root R1, O=Certainly, C=US + +Name: Certainly +Alias Name: certainlyroote1 +Distinguished Name: CN=Certainly Root E1, O=Certainly, C=US + +New in release OpenJDK 11.0.22 (2024-01-16): ============================================ Live versions of these release notes can be found at: * https://bit.ly/openjdk11022 diff --git a/SPECS/java-11-openjdk.spec b/SPECS/java-11-openjdk.spec index 0217116..083a857 100644 --- a/SPECS/java-11-openjdk.spec +++ b/SPECS/java-11-openjdk.spec @@ -276,7 +276,7 @@ # New Version-String scheme-style defines %global featurever 11 %global interimver 0 -%global updatever 22 +%global updatever 23 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -327,8 +327,8 @@ %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 7 -%global rpmrelease 1 +%global buildver 9 +%global rpmrelease 2 #%%global tagsuffix %%{nil} # priority must be 7 digits in total %if %is_system_jdk @@ -884,8 +884,9 @@ Provides: jre%1 = %{epoch}:%{javaver} Requires: ca-certificates # Require javapackages-tools for ownership of /usr/lib/jvm/ and macros Requires: javapackages-tools -# 2023c required as of JDK-8305113 -Requires: tzdata-java >= 2023c +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +Requires: tzdata-java >= 2023d # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand %if 0%{?rhel} >= 8 @@ -1154,13 +1155,6 @@ BuildRequires: freetype-devel BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: gdb -%ifarch %{arm} -BuildRequires: devtoolset-7-build -BuildRequires: devtoolset-7-binutils -BuildRequires: devtoolset-7-gcc -BuildRequires: devtoolset-7-gcc-c++ -BuildRequires: devtoolset-7-gdb -%endif BuildRequires: gtk2-devel # LCMS on rhel7 is older then LCMS in intree JDK BuildRequires: lcms2-devel @@ -1183,8 +1177,9 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2023c required as of JDK-8305113 -BuildRequires: tzdata-java >= 2023c +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +BuildRequires: tzdata-java >= 2023d # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1534,10 +1529,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg %build -%ifarch %{arm} -%{?enable_devtoolset7:%{enable_devtoolset7}} -%endif - # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} @@ -2247,6 +2238,25 @@ require "copy_jdk_configs.lua" %endif %changelog +* Fri Apr 12 2024 Anton Bobrov - 1:11.0.23.0.9-2 +- Fix 11.0.22 release date in NEWS +- Restore ppc64le --with-jobs=1 workaround to avoid flaky ppc builds + +* Wed Apr 10 2024 Anton Bobrov - 1:11.0.23.0.9-1 +- Update to jdk-11.0.23+9 (GA) +- Update release notes to 11.0.23+9 +- Switch to GA mode for release +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 +- Only require tzdata 2023d for now as 2024a is unavailable in buildroot +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** +- Resolves: RHEL-30914 + +* Thu Mar 21 2024 Anton Bobrov - 1:11.0.23.0.1-0.1.ea +- Update to jdk-11.0.23+1 (EA) +- Update release notes to 11.0.23+1 +- Switch to EA mode +- Speed up PPC build by removing ppc64le --with-jobs=1 workaround + * Wed Jan 10 2024 Andrew Hughes - 1:11.0.22.0.7-1 - Update to jdk-11.0.22+7 (GA) - Update release notes to 11.0.22+7