diff --git a/NEWS b/NEWS index 6a44e0c99f388ca15dfce150a47f2a5a2f800c2d..c87314090599503ff6f236b1e222e6fa5a444f62 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,644 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 11.0.25 (2024-10-15): +============================================ +Live versions of these release notes can be found at: + * https://bit.ly/openjdk11025 + +* CVEs + - CVE-2024-21208 + - CVE-2024-21210 + - CVE-2024-21217 + - CVE-2024-21235 +* Security fixes + - JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property + - JDK-8307383: Enhance DTLS connections + - JDK-8328286: Enhance HTTP client + - JDK-8328544: Improve handling of vectorization + - JDK-8328726: Better Kerberos support + - JDK-8331446: Improve deserialization support + - JDK-8332644: Improve graph optimizations + - JDK-8335713: Enhance vectorization analysis +* Other changes + - JDK-7124313: [macosx] Swing Popups should overlap taskbar + - JDK-7156347: javax/swing/JList/6462008/bug6462008.java fails + - JDK-8078725: method adjustments can be done just once for all classes involved into redefinition + - JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost` accesses `int InetAddress.preferIPv6Address` as a boolean + - JDK-8206440: Remove javac -source/-target 6 from jdk regression tests + - JDK-8210338: Better output for GenerationTests.java + - JDK-8211920: Close server socket and cleanups in test/jdk/javax/naming/module/RunBasic.java + - JDK-8222005: ClassRedefinition crashes with: guarantee(false) failed: OLD and/or OBSOLETE method(s) found + - JDK-8222884: ConcurrentClassDescLookup.java times out intermittently + - JDK-8224081: SOCKS v4 tests require IPv4 + - JDK-8227122: [TESTBUG] Create Docker sidecar test cases + - JDK-8229822: ThrowingPushPromises tests sometimes fail due to EOF + - JDK-8231427: Warning cleanup in tests of java.io.Serializable + - JDK-8236917: TestInstanceKlassSize.java fails with "The size computed by SA for java.lang.Object does not match" + - JDK-8238169: BasicDirectoryModel getDirectories and DoChangeContents.run can deadlock + - JDK-8240226: DeflateIn_InflateOut.java test incorrectly assumes size of compressed file + - JDK-8242999: HTTP/2 client may not handle CONTINUATION frames correctly + - JDK-8244966: Add .vscode to .hgignore and .gitignore + - JDK-8249097: test/lib/jdk/test/lib/util/JarBuilder.java has a bad copyright + - JDK-8249772: (ch) Improve sun/nio/ch/TestMaxCachedBufferSize.java + - JDK-8249826: 5 javax/net/ssl/SSLEngine tests use @ignore w/o bug-id + - JDK-8251188: Update LDAP tests not to use wildcard addresses + - JDK-8253207: enable problemlists jcheck's check + - JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/FilenameFilterTest.java fails on Mac OS + - JDK-8255913: Decrease number of iterations in TestMaxCachedBufferSize + - JDK-8255969: Improve java/io/BufferedInputStream/LargeCopyWithMark.java using jtreg tags + - JDK-8259274: Increase timeout duration in sun/nio/ch/TestMaxCachedBufferSize.java + - JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed + - JDK-8261433: Better pkcs11 performance for libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit + - JDK-8263031: HttpClient throws Exception if it receives a Push Promise that is too large + - JDK-8266149: mark hotspot compiler/startup tests which ignore VM flags + - JDK-8266150: mark hotspot compiler/arguments tests which ignore VM flags + - JDK-8266153: mark hotspot compiler/onSpinWait tests which ignore VM flags + - JDK-8266154: mark hotspot compiler/oracle tests which ignore VM flags + - JDK-8268906: gc/g1/mixedgc/TestOldGenCollectionUsage.java assumes that GCs take 1ms minimum + - JDK-8269428: java/util/concurrent/ConcurrentHashMap/ToArray.java timed out + - JDK-8269616: serviceability/dcmd/framework/VMVersionTest.java fails with Address already in use error + - JDK-8273135: java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java crashes in liblcms.dylib with NULLSeek+0x7 + - JDK-8275851: Deproblemlist open/test/jdk/javax/swing/JComponent/6683775/bug6683775.java + - JDK-8276036: The value of full_count in the message of insufficient codecache is wrong + - JDK-8276306: jdk/jshell/CustomInputToolBuilder.java fails intermittently on storage acquisition + - JDK-8276819: javax/print/PrintServiceLookup/FlushCustomClassLoader.java fails to free + - JDK-8279164: Disable TLS_ECDH_* cipher suites + - JDK-8279337: The MToolkit is still referenced in a few places + - JDK-8280392: java/awt/Focus/NonFocusableWindowTest/NonfocusableOwnerTest.java failed with "RuntimeException: Test failed." + - JDK-8284585: PushPromiseContinuation test fails intermittently in timeout + - JDK-8286601: Mac Aarch: Excessive warnings to be ignored for build jdk + - JDK-8286781: Replace the deprecated/obsolete gethostbyname and inet_addr calls + - JDK-8292044: HttpClient doesn't handle 102 or 103 properly + - JDK-8294148: Support JSplitPane for instructions and test UI + - JDK-8294310: compare.sh fails on macos after JDK-8293550 + - JDK-8296410: HttpClient throws java.io.IOException: no statuscode in response for HTTP2 + - JDK-8298873: Update IllegalRecordVersion.java for changes to TLS implementation + - JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl when connection is idle + - JDK-8299487: Test java/net/httpclient/whitebox/SSLTubeTestDriver.java timed out + - JDK-8301189: validate-source fails after JDK-8298873 + - JDK-8303216: Prefer ArrayList to LinkedList in sun.net.httpserver.ServerImpl + - JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + - JDK-8303965: java.net.http.HttpClient should reset the stream if response headers contain malformed header fields + - JDK-8305072: Win32ShellFolder2.compareTo is inconsistent + - JDK-8305079: Remove finalize() from compiler/c2/Test719030 + - JDK-8305081: Remove finalize() from test/hotspot/jtreg/compiler/runtime/Test8168712 + - JDK-8305825: getBounds API returns wrong value resulting in multiple Regression Test Failures on Ubuntu 23.04 + - JDK-8305906: HttpClient may use incorrect key when finding pooled HTTP/2 connection for IPv6 address + - JDK-8306060: Open source few AWT Insets related tests + - JDK-8306432: Open source several AWT Text Component related tests + - JDK-8306466: Open source more AWT Drag & Drop related tests + - JDK-8306489: Open source AWT List related tests + - JDK-8306566: Open source several clipboard AWT tests + - JDK-8306850: Open source AWT Modal related tests + - JDK-8307091: A few client tests intermittently throw ConcurrentModificationException + - JDK-8307779: Relax the java.awt.Robot specification + - JDK-8308184: Launching java with large number of jars in classpath with java.protocol.handler.pkgs system property set can lead to StackOverflowError + - JDK-8309934: Update GitHub Actions to use JDK 17 for building jtreg + - JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option + - JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin + - JDK-8312140: jdk/jshell tests failed with JDI socket timeouts + - JDK-8314614: jdk/jshell/ImportTest.java failed with "InternalError: Failed remote listen" + - JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl + - JDK-8315437: Enable parallelism in vmTestbase/nsk/monitoring/stress/classload tests + - JDK-8315442: Enable parallelism in vmTestbase/nsk/monitoring/stress/thread tests + - JDK-8315804: Open source several Swing JTabbedPane JTextArea JTextField tests + - JDK-8315898: Open source swing JMenu tests + - JDK-8315965: Open source various AWT applet tests + - JDK-8316104: Open source several Swing SplitPane and RadioButton related tests + - JDK-8316211: Open source several manual applet tests + - JDK-8316240: Open source several add/remove MenuBar manual tests + - JDK-8316285: Opensource JButton manual tests + - JDK-8316306: Open source and convert manual Swing test + - JDK-8316328: Test jdk/jfr/event/oldobject/TestSanityDefault.java times out for some heap sizes + - JDK-8316462: sun/jvmstat/monitor/MonitoredVm/MonitorVmStartTerminate.java ignores VM flags + - JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm + - JDK-8317039: Enable specifying the JDK used to run jtreg + - JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm + - JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java: Press on the outside area didn't cause ungrab + - JDK-8317316: G1: Make TestG1PercentageOptions use createTestJvm + - JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm + - JDK-8317358: G1: Make TestMaxNewSize use createTestJvm + - JDK-8317807: JAVA_FLAGS removed from jtreg running in JDK-8317039 + - JDK-8318039: GHA: Bump macOS and Xcode versions + - JDK-8320079: The ArabicBox.java test has no control buttons + - JDK-8320570: NegativeArraySizeException decoding >1G UTF8 bytes with non-ascii characters + - JDK-8320602: Lock contention in SchemaDVFactory.getInstance() + - JDK-8320945: problemlist tests failing on latest Windows 11 update + - JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC + - JDK-8323670: A few client tests intermittently throw ConcurrentModificationException + - JDK-8324755: Enable parallelism in vmTestbase/gc/gctests/LargeObjects tests + - JDK-8325022: Incorrect error message on client authentication + - JDK-8325179: Race in BasicDirectoryModel.validateFileCache + - JDK-8325862: set -XX:+ErrorFileToStderr when executing java in containers for some container related jtreg tests + - JDK-8325876: crashes in docker container tests on Linuxppc64le Power8 machines + - JDK-8326140: src/jdk.accessibility/windows/native/libjavaaccessbridge/AccessBridgeJavaEntryPoints.cpp ReleaseStringChars might be missing in early returns + - JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails + - JDK-8327137: Add test for ConcurrentModificationException in BasicDirectoryModel + - JDK-8327631: Update IANA Language Subtag Registry to Version 2024-03-07 + - JDK-8327787: Convert javax/swing/border/Test4129681.java applet test to main + - JDK-8327840: Automate javax/swing/border/Test4129681.java + - JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/GetBoundsResizeTest.java applet test to main + - JDK-8328110: Allow simultaneous use of PassFailJFrame with split UI and additional windows + - JDK-8328115: Convert java/awt/font/TextLayout/TestJustification.html applet test to main + - JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest to automatic main test + - JDK-8328218: Delete test java/awt/Window/FindOwner/FindOwner.html + - JDK-8328234: Remove unused nativeUtils files + - JDK-8328238: Convert few closed manual applet tests to main + - JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful + - JDK-8328273: sun/management/jmxremote/bootstrap/RmiRegistrySslTest.java failed with java.rmi.server.ExportException: Port already in use + - JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/ClickDuringKeypress.java imports Applet + - JDK-8328561: test java/awt/Robot/ManualInstructions/ManualInstructions.java isn't used + - JDK-8328953: JEditorPane.read throws ChangedCharSetException + - JDK-8328999: Update GIFlib to 5.2.2 + - JDK-8329004: Update Libpng to 1.6.43 + - JDK-8329013: StackOverflowError when starting Apache Tomcat with signed jar + - JDK-8329103: assert(!thread->in_asgct()) failed during multi-mode profiling + - JDK-8329510: Update ProblemList for JFileChooser/8194044/FileSystemRootTest.java + - JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed because The End and Start buttons are not placed correctly and Tab focus does not move as expected + - JDK-8329995: Restricted access to `/proc` can cause JFR initialization to crash + - JDK-8330063: Upgrade jQuery to 3.7.1 + - JDK-8330416: Update system property for Java SE specification maintenance version + - JDK-8330523: Reduce runtime and improve efficiency of KeepAliveTest + - JDK-8331063: Some HttpClient tests don't report leaks + - JDK-8331263: Bump update version for OpenJDK: jdk-11.0.25 + - JDK-8331466: Problemlist serviceability/dcmd/gc/RunFinalizationTest.java on generic-all + - JDK-8331746: Create a test to verify that the cmm id is not ignored + - JDK-8331798: Remove unused arg of checkErgonomics() in TestMaxHeapSizeTools.java + - JDK-8332008: Enable issuestitle check + - JDK-8332113: Update nsk.share.Log to be always verbose + - JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16 + - JDK-8332524: Instead of printing "TLSv1.3," it is showing "TLS13" + - JDK-8332898: failure_handler: log directory of commands + - JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/TestDescription.java fails with no GC's recorded + - JDK-8333724: Problem list security/infra/java/security/cert/CertPathValidator/certification/CAInterop.java#teliasonerarootcav1 + - JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw an exception with 0 failures + - JDK-8333837: [11u] HexPrinterTest.java javac compile fails illegal start of expression + - JDK-8333839: [11u] LingeredAppTest.java fails Can't find source file: LingeredApp.java + - JDK-8334166: Enable binary check + - JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u includes elements of JDK-8163327 + - JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14 + - JDK-8334653: ISO 4217 Amendment 177 Update + - JDK-8334711: [TEST_BUG] Compilation failed of MimeFormatsTest/MimeFormatsTest.java + - JDK-8335803: SunJCE cipher throws NPE for un-extractable RSA keys + - JDK-8336301: test/jdk/java/nio/channels/AsyncCloseAndInterrupt.java leaves around a FIFO file upon test completion + - JDK-8336928: GHA: Bundle artifacts removal broken + - JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs + - JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods are inconsistent with their setVerbose methods + - JDK-8341057: Add 2 SSL.com TLS roots + - JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 + - JDK-8341675: [11u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.25 + +Notes on individual issues: +=========================== + +security-libs/javax.net.ssl: + +JDK-8279164: Disable TLS_ECDH_* cipher suites +============================================= +The TLS_ECDH cipher suites do not preserve forward secrecy and are +rarely used in practice. With this release, they are disabled by +adding "ECDH" to the `jdk.tls.disabledAlgorithms` security property in +the `java.security` configuration file. Attempts to use these suites +with this release will result in a `SSLHandshakeException` being +thrown. Note that ECDH cipher suites which use RC4 were already +disabled prior to this change. + +Users can, *at their own risk*, remove this restriction by modifying +the `java.security` configuration file (or override it by using the +`java.security.properties` system property) so "ECDH" is no longer +listed in the `jdk.tls.disabledAlgorithms` security property. + +This change has no effect on TLS_ECDHE cipher suites, which remain +enabled by default. + +JDK-8337664: Distrust TLS server certificates issued after Oct 2024 and anchored by Entrust Root CAs +JDK-8341059: Change Entrust TLS distrust date to November 12, 2024 +==================================================================================================== +In accordance with similar plans recently announced by Google and +Mozilla, the JDK will not trust Transport Layer Security (TLS) +certificates issued after the 11th of November 2024 which are anchored +by Entrust root certificates. This includes certificates branded as +AffirmTrust, which are managed by Entrust. + +Certificates issued on or before November 11th, 2024 will continue to +be trusted until they expire. + +If a server's certificate chain is anchored by an affected +certificate, attempts to negotiate a TLS session will fail with an +Exception that indicates the trust anchor is not trusted. For example, + +"TLS server certificate issued after 2024-11-11 and anchored by a +distrusted legacy Entrust root CA: CN=Entrust.net Certification +Authority (2048), OU=(c) 1999 Entrust.net Limited, +OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), +O=Entrust.net" + +To check whether a certificate in a JDK keystore is affected by this +change, you can the `keytool` utility: + +keytool -v -list -alias -keystore + +If any of the certificates in the chain are affected by this change, +then you will need to update the certificate or contact the +organisation responsible for managing the certificate. + +These restrictions apply to the following Entrust root certificates +included in the JDK: + +Alias name: entrustevca [jdk] +CN=Entrust Root Certification Authority +OU=(c) 2006 Entrust, Inc. +OU=www.entrust.net/CPS is incorporated by reference +O=Entrust, Inc. +C=US +SHA256: 73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C + +Alias name: entrustrootcaec1 [jdk] +CN=Entrust Root Certification Authority - EC1 +OU=(c) 2012 Entrust, Inc. - for authorized use only +OU=See www.entrust.net/legal-terms +O=Entrust, Inc. +C=US +SHA256: 02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 + +Alias name: entrustrootcag2 [jdk] +CN=Entrust Root Certification Authority - G2 +OU=(c) 2009 Entrust, Inc. - for authorized use only +OU=See www.entrust.net/legal-terms +O=Entrust, Inc. +C=US +SHA256: 43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 + +Alias name: entrustrootcag4 [jdk] +CN=Entrust Root Certification Authority - G4 +OU=(c) 2015 Entrust, Inc. - for authorized use only +OU=See www.entrust.net/legal-terms +O=Entrust, Inc. +C=US +SHA256: DB:35:17:D1:F6:73:2A:2D:5A:B9:7C:53:3E:C7:07:79:EE:32:70:A6:2F:B4:AC:42:38:37:24:60:E6:F0:1E:88 + +Alias name: entrust2048ca [jdk] +CN=Entrust.net Certification Authority (2048) +OU=(c) 1999 Entrust.net Limited +OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.) +O=Entrust.net +SHA256: 6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77 + +Alias name: affirmtrustcommercialca [jdk] +CN=AffirmTrust Commercial +O=AffirmTrust +C=US +SHA256: 03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7 + +Alias name: affirmtrustnetworkingca [jdk] +CN=AffirmTrust Networking +O=AffirmTrust +C=US +SHA256: 0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0B4:1B + +Alias name: affirmtrustpremiumca [jdk] +CN=AffirmTrust Premium +O=AffirmTrust +C=US +SHA256: 70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A + +Alias name: affirmtrustpremiumeccca [jdk] +CN=AffirmTrust Premium ECC +O=AffirmTrust +C=US +SHA256: BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23 + +Users can, *at their own risk*, remove this restriction by modifying +the `java.security` configuration file (or override it by using the +`java.security.properties` system property) so "ENTRUST_TLS" is no +longer listed in the `jdk.security.caDistrustPolicies` security +property. + +tools/launcher: + +JDK-8310201: Reduce verbose locale output in -XshowSettings launcher option +=========================================================================== + +In previous releases of OpenJDK, the `-XshowSettings` launcher option printed a +long list of available locales which obscured other settings. In this release, +the `-XshowSettings` launcher option no longer prints the list of available +locales by default. To view all settings related to available locales, users +can now use the -XshowSettings:locale option. + +security-libs/java.security: + +JDK-8341057: Add 2 SSL.com TLS roots +==================================== +The following root certificates have been added to the cacerts +truststore: + +Name: SSL.com +Alias Name: ssltlsrootecc2022 +Distinguished Name: CN=SSL.com TLS ECC Root CA 2022, O=SSL Corporation, C=US + +Name: SSL.com +Alias Name: ssltlsrootrsa2022 +Distinguished Name: CN=SSL.com TLS RSA Root CA 2022, O=SSL Corporation, C=US + +client-libs: + +JDK-8307779: Relax the java.awt.Robot specification +=================================================== +This release of OpenJDK 11 updates to the latest maintenance release of +the Java 11 specification. This relaxes the specification of three +methods in the `java.awt.Robot` class - `mouseMove(int,int)`, +`getPixelColor(int,int)` and `createScreenCapture(Rectangle)` - to +allow these methods to fail when the desktop environment does not +permit moving the mouse pointer or capturing screen content. + +core-libs/javax.naming: + +JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system property +=============================================================================================================================== +With this OpenJDK release, the JDK implementation of the LDAP provider +no longer supports the deserialisation of Java objects by +default. This is achieved by the system property +`com.sun.jndi.ldap.object.trustSerialData` being set to `false` by +default. + +Note that this release also increases the scope of the +`com.sun.jndi.ldap.object.trustSerialData` to cover the reconstruction +of RMI remote objects from the `javaRemoteLocation` LDAP attribute. + +The result of this change is that transparent deserialisation of Java +objects will require an explicit opt-in. Applications that wish to +reconstruct Java objects and RMI stubs from LDAP attributes will need +to set the `com.sun.jndi.ldap.object.trustSerialData` to `true`. + +core-libs/java.net: + +JDK-8328286: Enhance HTTP client +================================ +This OpenJDK release limits the maximum header field size accepted by +the HTTP client within the JDK for all supported versions of the HTTP +protocol. The header field size is computed as the sum of the size of +the uncompressed header name, the size of the uncompressed header +value and a overhead of 32 bytes for each field section line. If a +peer sends a field section that exceeds this limit, a +`java.net.ProtocolException` will be raised. + +This release also introduces a new system property, +`jdk.http.maxHeaderSize`. This property can be used to alter the +maximum header field size (in bytes) or disable it by setting the +value to zero or a negative value. The default value is 393,216 bytes +or 384kB. + +core-svc/java.lang.management: + +JDK-8338139: The ClassLoadingMXBean and MemoryMXBean isVerbose Methods Are Now Consistent with Their setVerbose Methods +======================================================================================================================= +The behavior of the following two methods has changed in this release: + +- `ClassLoadingMXBean::isVerbose` will return true if `class+load*` + (wildcard) logging has been enabled, at `info` level or above, on + `stdout`; it will return false otherwise. + +- `MemoryMXBean::isVerbose` will return true if `gc` logging has been + enabled, at `info` level or above, on `stdout`; + it will return false otherwise. + +New in release OpenJDK 11.0.24 (2024-07-16): +============================================ +Live versions of these release notes can be found at: + * https://bit.ly/openjdk11024 + +* CVEs + - CVE-2024-21147 + - CVE-2024-21145 + - CVE-2024-21140 + - CVE-2024-21144 + - CVE-2024-21131 + - CVE-2024-21138 +* Security fixes + - JDK-8303466: C2: failed: malformed control flow. Limit type made precise with MaxL/MinL + - JDK-8314794: Improve UTF8 String supports + - JDK-8319859: Better symbol storage + - JDK-8320097: Improve Image transformations + - JDK-8320548: Improved loop handling + - JDK-8322106: Enhance Pack 200 loading + - JDK-8323231: Improve array management + - JDK-8323390: Enhance mask blit functionality + - JDK-8324559: Improve 2D image handling + - JDK-8325600: Better symbol storage + - JDK-8327413: Enhance compilation efficiency +* Other changes + - JDK-8015739: Background of JInternalFrame is located out of JInternalFrame + - JDK-8042380: Test javax/swing/JFileChooser/4524490/bug4524490.java fails with InvocationTargetException + - JDK-8061729: Update java/net tests to eliminate dependency on sun.net.www.MessageHeader and some other internal APIs + - JDK-8158048: Fix failure message from jtreg gtest wrapper + - JDK-8159927: Add a test to verify JMOD files created in the images do not have debug symbols + - JDK-8163921: HttpURLConnection default Accept header is malformed according to HTTP/1.1 RFC + - JDK-8187759: Background not refreshed when painting over a transparent JFrame + - JDK-8210988: Improved handling of compiler warnings in the build + - JDK-8214400: Update hotspot application/jcstress jtreg tests wrappers to use jcstress 0.5 + - JDK-8218917: KeyEvent.getModifiers() returns inconsistent values for ALT keys + - JDK-8220202: Simplify/standardize method naming for HtmlTree + - JDK-8231351: Add notes for PKCS11 tests in the test doc + - JDK-8241951: SA core file tests failed to find core file for signed binaries on OSX 10.15 + - JDK-8243010: Test support: Customizable Hex Printer + - JDK-8248194: Need better support for running SA tests on core files + - JDK-8248667: Need support for building native libraries located in the test/lib directory + - JDK-8253980: javax/swing/plaf/synth/7158712/bug7158712.java fails on windows + - JDK-8255031: Update java/util/prefs/AddNodeChangeListener.java to report more failure info + - JDK-8256660: Disable DTLS 1.0 + - JDK-8261404: Class.getReflectionFactory() is not thread-safe + - JDK-8263659: Reflow GTestResultParser for better readability + - JDK-8263940: NPE when creating default file system when default file system provider is packaged as JAR file on class path + - JDK-8264152: javax/net/ssl/DTLS/RespondToRetransmit.java timed out + - JDK-8267796: vmTestbase/nsk/jvmti/scenarios/hotswap/HS201/hs201t002/TestDescription.java fails with NoClassDefFoundError + - JDK-8267938: (sctp) SCTP channel factory methods should check platform support + - JDK-8268974: GetJREPath() JLI function fails to locate libjava.so if not standard Java launcher is used + - JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java failed with connection timeout + - JDK-8270199: Most SA tests are skipped on macosx-aarch64 because all executables are signed + - JDK-8271142: package help is not displayed for missing X11/extensions/Xrandr.h + - JDK-8273153: Consolidate file_exists into os:file_exists + - JDK-8273831: PrintServiceLookup spawns 2 threads in the current classloader, getting orphaned + - JDK-8276125: RunThese24H.java SIGSEGV in JfrThreadGroup::thread_group_id + - JDK-8280546: Remove hard-coded 127.0.0.1 loopback address + - JDK-8281507: Two javac tests have bad jtreg `@clean` tags + - JDK-8282017: sun/net/www/protocol/https/HttpsURLConnection/B6216082.java fails with "SocketException: Unexpected end of file from server" + - JDK-8283349: Robustness improvements to java/util/prefs/AddNodeChangeListener.jar + - JDK-8286705: GCC 12 reports use-after-free potential bugs + - JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/capability/CM03/cm03t001/TestDescription.java on linux-all + - JDK-8292716: Configure should check that jtreg is of the required version + - JDK-8292717: Clean up checking of testing requirements in configure + - JDK-8292763: JDK-8292716 breaks configure without jtreg + - JDK-8293563: [macos-aarch64] SA core file tests failing with sun.jvm.hotspot.oops.UnknownOopException + - JDK-8293887: AArch64 build failure with GCC 12 due to maybe-uninitialized warning in libfdlibm k_rem_pio2.c + - JDK-8293965: Code signing warnings after JDK-8293550 + - JDK-8294137: Review running times of java.math tests + - JDK-8294156: Allow PassFailJFrame.Builder to create test UI + - JDK-8295343: sun/security/pkcs11 tests fail on Linux RHEL 8.6 and newer + - JDK-8297082: Remove sun/tools/jhsdb/BasicLauncherTest.java from problem list + - JDK-8297449: Update JInternalFrame Metal Border code + - JDK-8297798: Timeout with DTLSOverDatagram test template + - JDK-8299023: TestPLABResize.java and TestPLABPromotion.java are failing intermittently + - JDK-8299677: Formatter.format might take a long time to format an integer or floating-point + - JDK-8299858: [Metrics] Swap memory limit reported incorrectly when too large + - JDK-8302069: javax/management/remote/mandatory/notif/NotifReconnectDeadlockTest.java update + - JDK-8302512: Update IANA Language Subtag Registry to Version 2023-02-14 + - JDK-8304761: Update IANA Language Subtag Registry to Version 2023-03-22 + - JDK-8305645: System Tray icons get corrupted when Windows primary monitor changes + - JDK-8305874: Open source AWT Key, Text Event related tests + - JDK-8305931: jdk/jfr/jcmd/TestJcmdDumpPathToGCRoots.java failed with "Expected chains but found none" + - JDK-8305942: Open source several AWT Focus related tests + - JDK-8305943: Open source few AWT Focus related tests + - JDK-8305962: update jcstress to 0.16 + - JDK-8306031: Update IANA Language Subtag Registry to Version 2023-04-13 + - JDK-8306067: Open source AWT Graphics,GridBagLayout related tests + - JDK-8306634: Open source AWT Event related tests + - JDK-8306714: Open source few Swing event and AbstractAction tests + - JDK-8306838: GetGraphicsTest needs to be headful + - JDK-8306941: Open source several datatransfer and dnd AWT tests + - JDK-8307083: Open source some drag and drop tests 3 + - JDK-8307955: Prefer to PTRACE_GETREGSET instead of PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs' + - JDK-8308021: Update IANA Language Subtag Registry to Version 2023-05-11 + - JDK-8310380: Handle problems in core-related tests on macOS when codesign tool does not work + - JDK-8310818: Refactor more Locale tests to use JUnit + - JDK-8310923: Refactor Currency tests to use JUnit + - JDK-8312194: test/hotspot/jtreg/applications/ctw/modules/jdk_crypto_ec.java cannot handle empty modules + - JDK-8312383: Log X509ExtendedKeyManager implementation class name in TLS/SSL connection + - JDK-8313206: PKCS11 tests silently skip execution + - JDK-8313702: Update IANA Language Subtag Registry to Version 2023-08-02 + - JDK-8314220: Configurable InlineCacheBuffer size + - JDK-8314283: Support for NSS tests on aarch64 platforms + - JDK-8314495: Update to use jtreg 7.3.1 + - JDK-8314552: Fix javadoc tests to work with jtreg 7 + - JDK-8314830: runtime/ErrorHandling/ tests ignore external VM flags + - JDK-8315071: Modify TrayIconScalingTest.java, PrintLatinCJKTest.java to use new PassFailJFrame's builder pattern usage + - JDK-8315117: Update Zlib Data Compression Library to Version 1.3 + - JDK-8315609: Open source few more swing text/html tests + - JDK-8315663: Open source misc awt tests + - JDK-8315677: Open source few swing JFileChooser and other tests + - JDK-8315726: Open source several AWT applet tests + - JDK-8315741: Open source few swing JFormattedTextField and JPopupMenu tests + - JDK-8315824: Open source several Swing Text/HTML related tests + - JDK-8315834: Open source several Swing JSpinner related tests + - JDK-8315889: Open source several Swing HTMLDocument related tests + - JDK-8316017: Refactor timeout handler in PassFailJFrame + - JDK-8316053: Open some swing tests 3 + - JDK-8316138: Add GlobalSign 2 TLS root certificates + - JDK-8316142: Enable parallelism in vmTestbase/nsk/monitoring/stress/lowmem tests + - JDK-8316154: Opensource JTextArea manual tests + - JDK-8316164: Opensource JMenuBar manual test + - JDK-8316242: Opensource SwingGraphics manual test + - JDK-8316608: Enable parallelism in vmTestbase/gc/vector tests + - JDK-8317287: [macos14] InterJVMGetDropSuccessTest.java: Child VM: abnormal termination + - JDK-8317507: C2 compilation fails with "Exceeded _node_regs array" + - JDK-8318322: Update IANA Language Subtag Registry to Version 2023-10-16 + - JDK-8318580: "javax/swing/MultiMonitor/MultimonVImage.java failing with Error. Can't find library: /open/test/jdk/java/awt/regtesthelpers" after JDK-8316053 + - JDK-8318599: HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809 + - JDK-8318727: Enable parallelism in vmTestbase/vm/gc/concurrent tests + - JDK-8318809: java/util/concurrent/ConcurrentLinkedQueue/WhiteBox.java shows intermittent failures on linux ppc64le and aarch64 + - JDK-8318854: [macos14] Running any AWT app prints Secure coding warning + - JDK-8319128: sun/security/pkcs11 tests fail on OL 7.9 aarch64 + - JDK-8319136: Skip pkcs11 tests on linux-aarch64 + - JDK-8319436: Proxy.newProxyInstance throws NPE if loader is null and interface not visible from class loader + - JDK-8320005: Allow loading of shared objects with .a extension on AIX + - JDK-8320113: [macos14] : ShapeNotSetSometimes.java fails intermittently on macOS 14 + - JDK-8320129: "top" command during jtreg failure handler does not display CPU usage on OSX + - JDK-8320303: Allow PassFailJFrame to accept single window creator + - JDK-8320342: Use PassFailJFrame for TruncatedPopupMenuTest.java + - JDK-8320943: Files/probeContentType/Basic.java fails on latest Windows 11 - content type mismatch + - JDK-8321489: Update LCMS to 2.16 + - JDK-8321925: sun/security/mscapi/KeytoolChangeAlias.java fails with "Alias <246810> does not exist" + - JDK-8322239: [macos] a11y : java.lang.NullPointerException is thrown when focus is moved on the JTabbedPane + - JDK-8322511: [11u] JfrCheckpointThreadClosure::do_thread crashes when fetching thread_id + - JDK-8322783: prioritize /etc/os-release over /etc/SuSE-release in hs_err/info output + - JDK-8323717: Introduce test keyword for tests that need external dependencies + - JDK-8323994: gtest runner repeats test name for every single gtest assertion + - JDK-8324238: [macOS] java/awt/Frame/ShapeNotSetSometimes/ShapeNotSetSometimes.java fails with the shape has not been applied msg + - JDK-8324598: use mem_unit when working with sysinfo memory and swap related information + - JDK-8324632: Update Zlib Data Compression Library to Version 1.3.1 + - JDK-8324723: GHA: Upgrade some actions to avoid deprecated Node 16 + - JDK-8324733: [macos14] Problem list tests which fail due to macOS bug described in JDK-8322653 + - JDK-8325137: com/sun/management/ThreadMXBean/ThreadCpuTimeArray.java can fail in Xcomp with out of expected range + - JDK-8325326: [PPC64] Don't relocate in case of allocation failure + - JDK-8325579: Inconsistent behavior in com.sun.jndi.ldap.Connection::createSocket + - JDK-8325972: Add -x to bash for building with LOG=debug + - JDK-8326006: Allow TEST_VM_FLAGLESS to set flagless mode + - JDK-8326101: [PPC64] Need to bailout cleanly if creation of stubs fails when code cache is out of space + - JDK-8326201: [S390] Need to bailout cleanly if creation of stubs fails when code cache is out of space + - JDK-8326351: Update the Zlib version in open/src/java.base/share/legal/zlib.md to 1.3.1 + - JDK-8326521: JFR: CompilerPhase event test fails on windows 32 bit + - JDK-8326529: JFR: Test for CompilerCompile events fails due to time out + - JDK-8326591: New test JmodExcludedFiles.java fails on Windows when --with-external-symbols-in-bundles=public is used + - JDK-8326638: Crash in PhaseIdealLoop::remix_address_expressions due to unexpected Region instead of Loop + - JDK-8326643: JDK server does not send a dummy change_cipher_spec record after HelloRetryRequest message + - JDK-8326661: sun/java2d/cmm/ColorConvertOp/ColConvTest.java assumes profiles were generated by LCMS + - JDK-8326801: Bump update version for OpenJDK: jdk-11.0.24 + - JDK-8326891: Prefer RPATH over RUNPATH for $ORIGIN rpaths in internal JDK binaries + - JDK-8326938: [11u] JDK-8214908 broke two CTW tests + - JDK-8327136: javax/management/remote/mandatory/notif/NotifReconnectDeadlockTest.java fails on libgraal + - JDK-8328194: Add a test to check default rendering engine + - JDK-8328524: [x86] StringRepeat.java failure on linux-x86: Could not reserve enough space for 2097152KB object heap + - JDK-8328540: test javax/swing/JSplitPane/4885629/bug4885629.java fails on windows hidpi + - JDK-8328705: GHA: Cross-compilation jobs do not require build JDK + - JDK-8328812: Update and move siphash license + - JDK-8328825: Google CAInterop test failures + - JDK-8331643: [11u]: Bump GHA bootstrap JDK to 11.0.23 + - JDK-8331750: [11u] JDK-8259530 is not backported correctly to 11u + - JDK-8331790: [11u] Remove problemlist entries after backport of JDK-8228649 + - JDK-8334441: Mark tests in jdk_security_infra group as manual + +Notes on individual issues: +=========================== + +security-libs/javax.net.ssl: + +JDK-8256660: Disabled DTLS 1.0 +============================== +Support for both Datagram Transport Layer Security (DTLS) 1.0 and 1.2 +was introduced in OpenJDK 9 (JEP-219). The use of DTLS 1.0 (based on +TLS 1.1) is now no longer recommended, as it is considered weak and +insecure by modern standards. With this release, the JVM will throw a +`SSLHandshakeException` if use of DTLS 1.0 is attempted. + +Users can, *at their own risk*, remove this restriction by modifying +the `java.security` configuration file (or override it by using the +`java.security.properties` system property) so `DTLSv1.0` is no longer +listed in the `jdk.tls.disabledAlgorithms` security property. + +infrastructure/build: + +JDK-8326891: Prefer RPATH over RUNPATH for $ORIGIN rpaths in internal JDK binaries +================================================================================== +Native executables and libraries in the JDK use embedded runtime +search paths to locate required internal JDK native libraries. On +Linux systems, there are two ways of specifying these search paths; +DT_RPATH and DT_RUNPATH. + +The main difference between the two options is that paths specified by +DT_RPATH are searched before those in the LD_LIBRARY_PATH environment +variable, whereas DT_RUNPATH paths are considered afterwards. This +means the use of DT_RUNPATH can allow JDK internal libraries to be +overridden by libraries of the same name found on the LD_LIBRARY_PATH. + +Builds of earlier OpenJDK releases left the choice of which type of +runtime search path to use down to the default of the linker. With +this release, the option `--disable-new-dtags` is explicitly passed to +the linker to avoid setting DT_RUNPATH. + +security-libs/java.security: + +JDK-8316138: Added GlobalSign R46 and E46 Root CA Certificates +============================================================== +The following root certificates have been added to the cacerts truststore: + +Name: GlobalSign +Alias Name: globalsignr46 +Distinguished Name: CN=GlobalSign Root R46, O=GlobalSign nv-sa, C=BE + +Name: GlobalSign +Alias Name: globalsigne46 +Distinguished Name: CN=GlobalSign Root E46, O=GlobalSign nv-sa, C=BE + New in release OpenJDK 11.0.23 (2024-04-16): ============================================ Live versions of these release notes can be found at: @@ -16,10 +654,11 @@ Live versions of these release notes can be found at: - CVE-2024-21094 * Security fixes - JDK-8315708: Enhance HTTP/2 client usage + - JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array" + - JDK-8318340: Improve RSA key implementations - JDK-8319851: Improve exception logging - JDK-8322114: Improve Pack 200 handling - JDK-8322122: Enhance generation of addresses - - JDK-8317507, JDK-8325348: C2 compilation fails with "Exceeded _node_regs array" * Other changes - JDK-6928542: Chinese characters in RTF are not decoded - JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/bug4517214.java fails on MacOS @@ -221,7 +860,6 @@ Live versions of these release notes can be found at: - JDK-8317307: test/jdk/com/sun/jndi/ldap/LdapPoolTimeoutTest.java fails with ConnectException: Connection timed out: no further information - JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js - JDK-8318154: Improve stability of WheelModifier.java test - - JDK-8318340: Improve RSA key implementations - JDK-8318410: jdk/java/lang/instrument/BootClassPath/BootClassPathTest.sh fails on Japanese Windows - JDK-8318468: compiler/tiered/LevelTransitionTest.java fails with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1 - JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java @@ -299,13 +937,19 @@ algorithms. The equivalent string literals should be used as below: * SHA3_384_RSA_MGF1: "http://www.w3.org/2007/05/xmldsig-more#sha3-384-rsa-MGF1" * SHA3_512_RSA_MGF1: "http://www.w3.org/2007/05/xmldsig-more#sha3-512-rsa-MGF1" -JDK-8305972: Update XML Security for Java to 3.0.2 -================================================== -Support has been added for ED25519 and ED448 signature algorithms. +This enhancement also introduces support for the ED25519 and ED448 +elliptic curve algorithms, which are both Edwards-curve Digital +Signature Algorithm (EdDSA) signature schemes. + +In contrast to the upstream version of Apache Santuario 3.0.3, the JDK +still supports the `here()` function. However, future support for the +`here()` function is not guaranteed. You should avoid using `here()` +in new XML signatures. You should also update any XML signatures that +currently use `here()` to stop using this function. -Avoid using the here() function henceforth. Users can disable the -here() function by setting `jdk.xml.dsig.hereFunctionSupported` to -"false". +The `here()` function is enabled by default. To disable the `here()` +function, set the `jdk.xml.dsig.hereFunctionSupported` system property +is to "false". client-libs/java.awt @@ -1107,6 +1751,13 @@ set, the new system property `jdk.charset.GB18030` should be set to core-libs/java.util.jar: +JDK-8300596: Enhance Jar Signature validation +============================================= +A System property "jdk.jar.maxSignatureFileSize" is introduced to +configure the maximum number of bytes allowed for the +signature-related files in a JAR file during verification. The default +value is 8000000 bytes (8 MB). + JDK-8302483: Enhance ZIP performance ==================================== This release of OpenJDK includes stronger checks on the Zip64 fields @@ -1775,7 +2426,7 @@ system property `jdk.tls.enableDtlsResumeCookie` to `false`. New in release OpenJDK 11.0.17 (2022-10-18): ============================================= Live versions of these release notes can be found at: - * https://bitly.com/openjdk11017 + * https://bit.ly/openjdk11017 * https://builds.shipilev.net/backports-monitor/release-notes-11.0.17.html * Security fixes @@ -2023,6 +2674,17 @@ respectively. More information about them can be found on the Networking Properties page: https://docs.oracle.com/en/java/javase/19/docs/api/java.base/java/net/doc-files/net-properties.html. +JDK-8286918: Better HttpServer service +====================================== +The HttpServer can be optionally configured with a maximum connection +limit by setting the jdk.httpserver.maxConnections system property. A +value of 0 or a negative integer is ignored and considered to +represent no connection limit. In the case of a positive integer +value, any newly accepted connections will be first checked against +the current count of established connections and, if the configured +limit has been reached, then the newly accepted connection will be +closed immediately. + hotspot/runtime: JDK-8281181: CPU Shares Ignored When Computing Active Processor Count diff --git a/dist b/dist deleted file mode 100644 index ad8eb77ba59be071474988a034571694eaa9db8e..0000000000000000000000000000000000000000 --- a/dist +++ /dev/null @@ -1 +0,0 @@ -an7_9 diff --git a/download b/download index 9c2a15a89c41a9c23da279ec13d3d9842510ca3c..a6da3339b79d5768ec6d47b15ffacdf47eb131c5 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ 870d829d8e1c38e251cc7498032a768a tapsets-icedtea-3.15.0.tar.xz -48a739775deb0df711a3687acc0c84cc openjdk-jdk11u-jdk-11.0.24+8.tar.xz +0cb6c840210589a383f174ce0c52f13a openjdk-jdk11u-jdk-11.0.25+9.tar.xz diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec index e527ce96461c6c8dd4927f681f4ae3c716d8d200..3808ce3f4bcce248617897c53ae4d6102354c7d7 100644 --- a/java-11-openjdk.spec +++ b/java-11-openjdk.spec @@ -23,8 +23,8 @@ %bcond_without release # Enable static library builds by default. %bcond_without staticlibs -# Remove build artifacts by default -%bcond_with artifacts +# Remove build artifacts by default RHJDKBP-874 +%bcond_without artifacts # Workaround for stripping of debug symbols from static libraries %if %{with staticlibs} @@ -48,6 +48,9 @@ # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 %global _find_debuginfo_opts -g +# Architecture on which we run Java only tests +%global jdk_test_arch x86_64 + # note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros # also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch # see the difference between global and define: @@ -277,7 +280,7 @@ # New Version-String scheme-style defines %global featurever 11 %global interimver 0 -%global updatever 24 +%global updatever 25 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -328,7 +331,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 8 +%global buildver 9 %global rpmrelease 1 #%%global tagsuffix %%{nil} # priority must be 7 digits in total @@ -886,8 +889,7 @@ Requires: ca-certificates # Require javapackages-tools for ownership of /usr/lib/jvm/ and macros Requires: javapackages-tools # 2024a required as of JDK-8325150 -# Use 2023d until 2024a is in the buildroot -Requires: tzdata-java >= 2023d +Requires: tzdata-java >= 2024a # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand %if 0%{?rhel} >= 8 @@ -1161,6 +1163,7 @@ BuildRequires: gtk2-devel BuildRequires: lcms2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel +BuildRequires: zlib-devel BuildRequires: libxslt BuildRequires: libX11-devel BuildRequires: libXi-devel @@ -1179,8 +1182,7 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel BuildRequires: libffi-devel %endif # 2024a required as of JDK-8325150 -# Use 2023d until 2024a is in the buildroot -BuildRequires: tzdata-java >= 2023d +BuildRequires: tzdata-java >= 2024a # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1643,7 +1645,6 @@ function buildjdk() { fi %if !%{with artifacts} - echo "Removing output directory..."; rm -rf ${outputdir} %endif } @@ -1759,17 +1760,45 @@ export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage} $JAVA_HOME//bin/java -XX:+UseShenandoahGC -version %endif -# Check unlimited policy has been used -$JAVA_HOME/bin/javac -d . %{SOURCE13} -$JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel +# Only test on one architecture (the fastest) for Java only tests +%ifarch %{jdk_test_arch} + + # Check unlimited policy has been used + $JAVA_HOME/bin/javac -d . %{SOURCE13} + $JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel + + # Check ECC is working + $JAVA_HOME/bin/javac -d . %{SOURCE14} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + + # Check correct vendor values have been set + $JAVA_HOME/bin/javac -d . %{SOURCE15} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE15})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}" + + # Check translations are available for new timezones + $JAVA_HOME/bin/javac -d . %{SOURCE18} + $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE + $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR + + # Check src.zip has all sources. See RHBZ#1130490 + $JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe' + + # Check class files include useful debugging information + $JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from" + $JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable + $JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable + + # Check generated class files include useful debugging information + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from" + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable + $JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable + +%else -# Check ECC is working -$JAVA_HOME/bin/javac -d . %{SOURCE14} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") + # Just run a basic java -version test on other architectures + $JAVA_HOME/bin/java -version -# Check correct vendor values have been set -$JAVA_HOME/bin/javac -d . %{SOURCE15} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE15})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}" +%endif # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi @@ -1781,11 +1810,6 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi %endif -# Check translations are available for new timezones -$JAVA_HOME/bin/javac -d . %{SOURCE18} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE -$JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR - %if %{include_staticlibs} # Check debug symbols in static libraries (smoke test) export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image} @@ -1860,19 +1884,6 @@ EOF grep 'JavaCallWrapper::JavaCallWrapper' gdb.out %endif -# Check src.zip has all sources. See RHBZ#1130490 -$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe' - -# Check class files include useful debugging information -$JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from" -$JAVA_HOME/bin/javap -l java.lang.Object | grep LineNumberTable -$JAVA_HOME/bin/javap -l java.lang.Object | grep LocalVariableTable - -# Check generated class files include useful debugging information -$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep "Compiled from" -$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LineNumberTable -$JAVA_HOME/bin/javap -l java.nio.ByteBuffer | grep LocalVariableTable - # build cycles check done @@ -2239,6 +2250,13 @@ require "copy_jdk_configs.lua" %endif %changelog +* Tue Nov 05 2024 Antonio Vieiro - 1:11.0.25.0.9-1.0.1 +- Fix md5sum build error + +* Thu Oct 10 2024 Antonio Vieiro - 1:11.0.25.0.9-1 +- Update to 11.0.25.0.9-1 +- cve: fix CVE-2023-48161 CVE-2024-21208 CVE-2024-21210 CVE-2024-21217 CVE-2024-21235 + * Thu Sep 19 2024 pangqing - 1:11.0.24.0.8-1.0.1 - Fix md5sum build error