Merge branch 'master' openEuler-22.03-LTS-SP3

2023-11-21 15:55:51 +08:00 · 2023-11-21 15:55:51 +08:00 · baf811f211
commit baf811f211
parent a1ee7bface 57584bdf34
11 changed files with 61536 additions and 753 deletions
--- a/2000-Add-riscv64-support-based-on-bishengjdk-riscv-branch.patch
+++ b/2000-Add-riscv64-support-based-on-bishengjdk-riscv-branch.patch
--- a/8210473-JEP-345-NUMA-Aware-Memory-Allocation-for-G1.patch
+++ b/8210473-JEP-345-NUMA-Aware-Memory-Allocation-for-G1.patch
@ -208,9 +208,9 @@ index f073aa63a..1323cc0ac 100644
 // this is called _after_ the global arguments have been parsed
 jint os::init_2(void) {
 
-@@ -5520,32 +5613,7 @@ jint os::init_2(void) {
-                Linux::libc_version(), Linux::libpthread_version());
- 
+@@ -5634,32 +5634,7 @@ jint os::init_2(void) {
+ #endif
+
   if (UseNUMA) {
 -    if (!Linux::libnuma_init()) {
 -      UseNUMA = false;
--- a/8214527-AArch64-ZGC-for-Aarch64.patch
+++ b/8214527-AArch64-ZGC-for-Aarch64.patch
@ -16,30 +16,10 @@ diff --git a/src/hotspot/cpu/aarch64/aarch64.ad b/src/hotspot/cpu/aarch64/aarch6
 index ce103dc1c..53cd702b9 100644
 --- a/src/hotspot/cpu/aarch64/aarch64.ad
 +++ b/src/hotspot/cpu/aarch64/aarch64.ad
-@@ -957,6 +957,146 @@ reg_class v3_reg(
-     V3, V3_H
+@@ -971,6 +971,126 @@ reg_class v7_reg(
+     V7, V7_H
 );
- 
-+// Class for 128 bit register v4
-+reg_class v4_reg(
-+    V4, V4_H
-+);
-+
-+// Class for 128 bit register v5
-+reg_class v5_reg(
-+    V5, V5_H
-+);
-+
-+// Class for 128 bit register v6
-+reg_class v6_reg(
-+    V6, V6_H
-+);
-+
-+// Class for 128 bit register v7
-+reg_class v7_reg(
-+    V7, V7_H
-+);
-+
+
 +// Class for 128 bit register v8
 +reg_class v8_reg(
 +    V8, V8_H
@ -175,46 +155,10 @@ index ce103dc1c..53cd702b9 100644
 
 //----------SOURCE BLOCK-------------------------------------------------------
 // This is a block of C++ code which provides values, functions, and
-@@ -4761,6 +4906,258 @@ operand vRegD_V3()
+@@ -4940,6 +4940,222 @@ operand vRegD_V7()
   interface(REG_INTER);
 %}
 
-+operand vRegD_V4()
-+%{
-+  constraint(ALLOC_IN_RC(v4_reg));
-+  match(RegD);
-+  op_cost(0);
-+  format %{ %}
-+  interface(REG_INTER);
-+%}
-+
-+operand vRegD_V5()
-+%{
-+  constraint(ALLOC_IN_RC(v5_reg));
-+  match(RegD);
-+  op_cost(0);
-+  format %{ %}
-+  interface(REG_INTER);
-+%}
-+
-+operand vRegD_V6()
-+%{
-+  constraint(ALLOC_IN_RC(v6_reg));
-+  match(RegD);
-+  op_cost(0);
-+  format %{ %}
-+  interface(REG_INTER);
-+%}
-+
-+operand vRegD_V7()
-+%{
-+  constraint(ALLOC_IN_RC(v7_reg));
-+  match(RegD);
-+  op_cost(0);
-+  format %{ %}
-+  interface(REG_INTER);
-+%}
-+
 +operand vRegD_V8()
 +%{
 +  constraint(ALLOC_IN_RC(v8_reg));
--- a/8231441-3-AArch64-Initial-SVE-backend-support.patch
+++ b/8231441-3-AArch64-Initial-SVE-backend-support.patch
--- a/8268427-Improve-AlgorithmConstraints-checkAlgorithm-.patch
+++ b/8268427-Improve-AlgorithmConstraints-checkAlgorithm-.patch
@ -1,242 +0,0 @@
-From e3d9485d01941cfbbe01dc8dcea7b913c2e8469d Mon Sep 17 00:00:00 2001
-From: chenshanyao <chenshanyao@huawei.com>
-Date: Tue, 14 Sep 2021 11:43:18 +0800
-Subject: [PATCH 8/8] 8268427: Improve AlgorithmConstraints:checkAlgorithm
- performance
-
-Summary: <java> : performance
-LLT: jdk_security
-Patch Type: backport
-Bug url: https://bugs.openjdk.java.net/browse/JDK-8268427
---
- .../util/AbstractAlgorithmConstraints.java    | 39 +++++------
- .../util/DisabledAlgorithmConstraints.java    | 28 ++++----
- .../util/LegacyAlgorithmConstraints.java      |  2 +-
- .../security/AlgorithmConstraintsPermits.java | 66 +++++++++++++++++++
- 4 files changed, 95 insertions(+), 40 deletions(-)
- create mode 100644 test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java
-
-diff --git a/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
-index 8d8c5d6fe..3f5678950 100644
--- a/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
-+++ b/src/java.base/share/classes/sun/security/util/AbstractAlgorithmConstraints.java
-@@ -32,6 +32,7 @@ import java.security.Security;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.Collections;
-+import java.util.TreeSet;
- import java.util.List;
- import java.util.Set;
- 
-@@ -48,7 +49,7 @@ public abstract class AbstractAlgorithmConstraints
-     }
- 
-     // Get algorithm constraints from the specified security property.
-    static List<String> getAlgorithms(String propertyName) {
-+    static Set<String> getAlgorithms(String propertyName) {
-         String property = AccessController.doPrivileged(
-                 new PrivilegedAction<String>() {
-                     @Override
-@@ -72,38 +73,30 @@ public abstract class AbstractAlgorithmConstraints
- 
-         // map the disabled algorithms
-         if (algorithmsInProperty == null) {
-            return Collections.emptyList();
-+            return Collections.emptySet();
-         }
-        return new ArrayList<>(Arrays.asList(algorithmsInProperty));
-+        Set<String> algorithmsInPropertySet = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
-+        algorithmsInPropertySet.addAll(Arrays.asList(algorithmsInProperty));
-+        return algorithmsInPropertySet;
-     }
- 
-    static boolean checkAlgorithm(List<String> algorithms, String algorithm,
-+    static boolean checkAlgorithm(Set<String> algorithms, String algorithm,
-             AlgorithmDecomposer decomposer) {
-         if (algorithm == null || algorithm.isEmpty()) {
-             throw new IllegalArgumentException("No algorithm name specified");
-         }
- 
-        Set<String> elements = null;
-        for (String item : algorithms) {
-            if (item == null || item.isEmpty()) {
-                continue;
-            }
-
-            // check the full name
-            if (item.equalsIgnoreCase(algorithm)) {
-                return false;
-            }
-+        if (algorithms.contains(algorithm)) {
-+            return false;
-+        }
- 
-            // decompose the algorithm into sub-elements
-            if (elements == null) {
-                elements = decomposer.decompose(algorithm);
-            }
-+        // decompose the algorithm into sub-elements
-+        Set<String> elements = decomposer.decompose(algorithm);
- 
-            // check the items of the algorithm
-            for (String element : elements) {
-                if (item.equalsIgnoreCase(element)) {
-                    return false;
-                }
-+        // check the element of the elements
-+        for (String element : elements) {
-+            if (algorithms.contains(element)) {
-+                return false;
-             }
-         }
- 
-diff --git a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
-index 3ee431e62..efc6d339f 100644
--- a/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
-+++ b/src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
-@@ -85,6 +85,9 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
-     private static final String PROPERTY_DISABLED_EC_CURVES =
-             "jdk.disabled.namedCurves";
- 
-+    private static final Pattern INCLUDE_PATTERN = Pattern.compile("include " +
-+            PROPERTY_DISABLED_EC_CURVES, Pattern.CASE_INSENSITIVE);
-+
-     private static class CertPathHolder {
-         static final DisabledAlgorithmConstraints CONSTRAINTS =
-             new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS);
-@@ -95,7 +98,7 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
-             new DisabledAlgorithmConstraints(PROPERTY_JAR_DISABLED_ALGS);
-     }
- 
-    private final List<String> disabledAlgorithms;
-+    private final Set<String> disabledAlgorithms;
-     private final Constraints algorithmConstraints;
- 
-     public static DisabledAlgorithmConstraints certPathConstraints() {
-@@ -130,21 +133,14 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
-         disabledAlgorithms = getAlgorithms(propertyName);
- 
-         // Check for alias
-        int ecindex = -1, i = 0;
-         for (String s : disabledAlgorithms) {
-            if (s.regionMatches(true, 0,"include ", 0, 8)) {
-                if (s.regionMatches(true, 8, PROPERTY_DISABLED_EC_CURVES, 0,
-                        PROPERTY_DISABLED_EC_CURVES.length())) {
-                    ecindex = i;
-                    break;
-                }
-+            Matcher matcher = INCLUDE_PATTERN.matcher(s);
-+            if (matcher.matches()) {
-+                disabledAlgorithms.remove(matcher.group());
-+                disabledAlgorithms.addAll(
-+                        getAlgorithms(PROPERTY_DISABLED_EC_CURVES));
-+                break;
-             }
-            i++;
-        }
-        if (ecindex > -1) {
-            disabledAlgorithms.remove(ecindex);
-            disabledAlgorithms.addAll(ecindex,
-                    getAlgorithms(PROPERTY_DISABLED_EC_CURVES));
-         }
-         algorithmConstraints = new Constraints(propertyName, disabledAlgorithms);
-     }
-@@ -323,8 +319,8 @@ public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
-                     "denyAfter\\s+(\\d{4})-(\\d{2})-(\\d{2})");
-         }
- 
-        public Constraints(String propertyName, List<String> constraintArray) {
-            for (String constraintEntry : constraintArray) {
-+        public Constraints(String propertyName, Set<String> constraintSet) {
-+            for (String constraintEntry : constraintSet) {
-                 if (constraintEntry == null || constraintEntry.isEmpty()) {
-                     continue;
-                 }
-diff --git a/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java b/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
-index e4e5cedc1..550173080 100644
--- a/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
-+++ b/src/java.base/share/classes/sun/security/util/LegacyAlgorithmConstraints.java
-@@ -40,7 +40,7 @@ public class LegacyAlgorithmConstraints extends AbstractAlgorithmConstraints {
-     public static final String PROPERTY_TLS_LEGACY_ALGS =
-             "jdk.tls.legacyAlgorithms";
- 
-    private final List<String> legacyAlgorithms;
-+    private final Set<String> legacyAlgorithms;
- 
-     public LegacyAlgorithmConstraints(String propertyName,
-             AlgorithmDecomposer decomposer) {
-diff --git a/test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java b/test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java
-new file mode 100644
-index 000000000..3cb9567b9
--- /dev/null
-+++ b/test/micro/org/openjdk/bench/java/security/AlgorithmConstraintsPermits.java
-@@ -0,0 +1,66 @@
-+/*
-+ * Copyright (c) 2021, Huawei Technologies Co., Ltd. All rights reserved.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+package org.openjdk.bench.java.security;
-+
-+import org.openjdk.jmh.annotations.Benchmark;
-+import org.openjdk.jmh.annotations.BenchmarkMode;
-+import org.openjdk.jmh.annotations.Fork;
-+import org.openjdk.jmh.annotations.Mode;
-+import org.openjdk.jmh.annotations.OutputTimeUnit;
-+import org.openjdk.jmh.annotations.Param;
-+import org.openjdk.jmh.annotations.Scope;
-+import org.openjdk.jmh.annotations.Setup;
-+import org.openjdk.jmh.annotations.State;
-+import sun.security.util.DisabledAlgorithmConstraints;
-+
-+import java.security.AlgorithmConstraints;
-+import java.security.CryptoPrimitive;
-+import java.util.concurrent.TimeUnit;
-+import java.util.EnumSet;
-+import java.util.Set;
-+
-+import static sun.security.util.DisabledAlgorithmConstraints.PROPERTY_TLS_DISABLED_ALGS;
-+
-+@BenchmarkMode(Mode.AverageTime)
-+@OutputTimeUnit(TimeUnit.NANOSECONDS)
-+@Fork(jvmArgsAppend = {"--add-exports", "java.base/sun.security.util=ALL-UNNAMED"})
-+@State(Scope.Thread)
-+public class AlgorithmConstraintsPermits {
-+
-+    AlgorithmConstraints tlsDisabledAlgConstraints;
-+    Set<CryptoPrimitive> primitives = EnumSet.of(CryptoPrimitive.KEY_AGREEMENT);
-+
-+    @Param({"SSLv3", "DES", "NULL", "TLS1.3"})
-+    String algorithm;
-+
-+    @Setup
-+    public void setup() {
-+        tlsDisabledAlgConstraints = new DisabledAlgorithmConstraints(PROPERTY_TLS_DISABLED_ALGS);
-+    }
-+
-+    @Benchmark
-+    public boolean permits() {
-+        return tlsDisabledAlgConstraints.permits(primitives, algorithm, null);
-+    }
-+}
-+
-- 
-2.22.0
-
--- a/8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
+++ b/8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
@ -0,0 +1,21 @@
+Subject: [PATCH] JDK-8295068: SSLEngine throws NPE parsing CertificateRequests
+
+---
+ .../share/classes/sun/security/ssl/CertificateRequest.java      | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
+index 8e8370ba7..504aefb1a 100644
+--- a/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
+++ b/src/java.base/share/classes/sun/security/ssl/CertificateRequest.java
+@@ -135,7 +135,7 @@ final class CertificateRequest {
+             ArrayList<String> keyTypes = new ArrayList<>(3);
+             for (byte id : ids) {
+                 ClientCertificateType cct = ClientCertificateType.valueOf(id);
+-                if (cct.isAvailable) {
+                if (cct != null && cct.isAvailable) {
+                     keyTypes.add(cct.keyAlgorithm);
+                 }
+             }
+--
+
--- a/G1-iterate-region-by-bitmap-rather-than-obj-size-in.patch
+++ b/G1-iterate-region-by-bitmap-rather-than-obj-size-in.patch
@ -367,4 +367,4 @@ index 000000000..85b49171c
 --- /dev/null
 +++ b/version.txt
@@ -0,0 +1 @@
-+11.0.19.0.13
+11.0.21.0.13
--- a/delete_expired_certificates.patch
+++ b/delete_expired_certificates.patch
@ -116,21 +116,21 @@ diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun
 index 122a01901..c131bd493 100644
 --- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
 +++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-@@ -53,12 +53,12 @@ public class VerifyCACerts {
+@@ -47,12 +47,12 @@ public class VerifyCACerts {
             + File.separator + "security" + File.separator + "cacerts";
 
     // The numbers of certs now.
-    private static final int COUNT = 90;
-+    private static final int COUNT = 87;
+-    private static final int COUNT = 97;
+    private static final int COUNT = 94;
 
     // SHA-256 of cacerts, can be generated with
     // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
     private static final String CHECKSUM
-            = "21:8C:35:29:4C:E2:49:D2:83:30:DF:8B:5E:39:F8:8C:D6:C5:2B:59:05:32:74:E5:79:A5:91:9F:3C:57:B9:E3";
-+            = "D5:5B:7A:BD:8F:4A:DA:19:75:90:28:61:E7:40:6D:A2:54:F5:64:C0:F0:30:29:16:FB:46:9B:57:D5:F7:04:D7";
- 
+-            = "88:72:92:56:FF:E5:A3:E4:39:98:6D:18:0B:BA:CC:0B:66:CB:1D:6D:52:CE:D7:C8:AD:63:B7:F1:5F:02:24:52";
+            = "F3:7B:BE:30:2F:68:F9:75:82:21:0B:81:E1:26:32:4C:C0:00:32:B0:66:70:8E:A7:36:65:E8:86:6A:72:4E:F8";
     // map of cert alias to SHA-256 fingerprint
     @SuppressWarnings("serial")
+     private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() {
@@ -116,8 +116,6 @@ public class VerifyCACerts {
                     "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
             put("digicerthighassuranceevrootca [jdk]",
--- a/fix_X509TrustManagerImpl_symantec_distrust.patch
+++ b/fix_X509TrustManagerImpl_symantec_distrust.patch
@ -1,72 +0,0 @@
-diff --git a/make/data/cacerts/geotrustglobalca b/make/data/cacerts/geotrustglobalca
-new file mode 100644
-index 000000000..7f8bf9a66
--- /dev/null
-+++ b/make/data/cacerts/geotrustglobalca
-@@ -0,0 +1,27 @@
-+Owner: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
-+Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
-+Serial number: 23456
-+Valid from: Tue May 21 04:00:00 GMT 2002 until: Sat May 21 04:00:00 GMT 2022
-+Signature algorithm name: SHA1withRSA
-+Subject Public Key Algorithm: 2048-bit RSA key
-+Version: 3
-+-----BEGIN CERTIFICATE-----
-+MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
-+MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
-+YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
-+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
-+R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
-+9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
-+fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
-+iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
-+1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
-+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
-+MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
-+ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
-+uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
-+Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
-+tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
-+PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
-+hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
-+5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-+-----END CERTIFICATE-----
-diff --git a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-index c131bd493..478cc7235 100644
--- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-+++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java
-@@ -53,12 +53,12 @@ public class VerifyCACerts {
-             + File.separator + "security" + File.separator + "cacerts";
- 
-     // The numbers of certs now.
-    private static final int COUNT = 86;
-+    private static final int COUNT = 87;
- 
-     // SHA-256 of cacerts, can be generated with
-     // shasum -a 256 cacerts | sed -e 's/../&:/g' | tr '[:lower:]' '[:upper:]' | cut -c1-95
-     private static final String CHECKSUM
-            = "89:78:5A:96:F4:B2:68:4C:91:C0:32:2C:ED:2D:6B:3B:26:B8:37:C3:07:DD:9E:50:87:53:53:7A:24:98:97:E0";
-+            = "63:C4:11:7D:BF:C5:05:2B:BF:C2:B4:5A:2C:B6:26:C4:57:76:FB:D4:48:3B:E7:4C:62:B0:A1:7B:4F:07:B1:0C";
- 
-     // map of cert alias to SHA-256 fingerprint
-     @SuppressWarnings("serial")
-@@ -116,7 +116,9 @@ public class VerifyCACerts {
-                     "7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2");
-             put("digicerthighassuranceevrootca [jdk]",
-                     "74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF");
-            put("geotrustprimaryca [jdk]",
-+	    put("geotrustglobalca [jdk]",
-+                    "FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A");
-+	    put("geotrustprimaryca [jdk]",
-                     "37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C");
-             put("geotrustprimarycag2 [jdk]",
-                     "5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66");
-@@ -250,6 +252,8 @@ public class VerifyCACerts {
-             add("addtrustexternalca [jdk]");
-             // Valid until: Sat May 30 10:44:50 GMT 2020
-             add("addtrustqualifiedca [jdk]");
-+	    // Valid until: Sat May 21 04:00:00 GMT 2022
-+            add("geotrustglobalca [jdk]");
-         }
-     };
- 
--- a/jdk-updates-jdk11u-jdk-11.0.21-ga.tar.xz
+++ b/jdk-updates-jdk11u-jdk-11.0.21-ga.tar.xz
--- a/openjdk-11.spec
+++ b/openjdk-11.spec
@ -54,6 +54,7 @@
 %endif

 %global aarch64         aarch64
+%global riscv64         riscv64

 # By default, we build a debug build during main build on JIT architectures
 %if %{with slowdebug}
@ -109,12 +110,15 @@
 %ifarch %{aarch64}
 %global archinstall aarch64
 %endif
+%ifarch %{riscv64}
+%global archinstall riscv64
+%endif

 %global with_systemtap 1

 # New Version-String scheme-style defines
 %global majorver 11
-%global securityver 19
+%global securityver 21
 # buildjdkver is usually same as %%{majorver},
 # but in time of bootstrap of next jdk, it is majorver-1,
 # and this it is better to change it here, on single place
@ -130,12 +134,12 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global minorver        0
-%global buildver        7
+%global buildver        9
 %global patchver	0

 %global project		jdk-updates
 %global repo		jdk11u
-%global revision	jdk-11.0.19-ga
+%global revision	jdk-11.0.21-ga
 %global full_revision %{project}-%{repo}-%{revision}
 # priority must be 7 digits in total
 # setting to 1, so debug ones can have 0
@ -284,7 +288,9 @@ ext=.gz
 alternatives \\
  --install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY  --family %{name}.%{_arch} \\
  --slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
+%ifarch %{aarch64} x86_64
  --slave %{_bindir}/jaotc jaotc %{sdkbindir -- %{?1}}/jaotc \\
+%endif
  --slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\
  --slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\
  --slave %{_bindir}/jhsdb jhsdb %{sdkbindir -- %{?1}}/jhsdb \\
@ -555,7 +561,9 @@ exit 0
 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jstatd
 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/rmic
 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/serialver
+%ifarch %{aarch64} x86_64
 %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jaotc
+%endif
 %{_jvmdir}/%{sdkdir -- %{?1}}/include
 %{_jvmdir}/%{sdkdir -- %{?1}}/lib/ct.sym
 %if %{with_systemtap}
@ -740,7 +748,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}

 Name:    java-%{javaver}-%{origin}
 Version: %{newjavaver}.%{buildver}
-Release: 0
+Release: 1
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -773,7 +781,7 @@ License:  ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv
 URL:      http://openjdk.java.net/


-Source0: %{full_revision}.tar.gz
+Source0: %{full_revision}.tar.xz

 # Use 'icedtea_sync.sh' to update the following
 # They are based on code contained in the IcedTea project (3.x).
@ -845,7 +853,7 @@ Patch61: downgrade-the-symver-of-log2f-posix-spawn.patch
 Patch62: 8254078-DataOutputStream-is-very-slow-post-disabling.patch
 Patch65: add-LazyBox-feature.patch
 Patch66: add-G1-Full-GC-optimization.patch
-Patch68: src-openeuler-openjdk-11-resolve-code-inconsistencies.patch 
+Patch68: src-openeuler-openjdk-11-resolve-code-inconsistencies.patch
 Patch69: G1-iterate-region-by-bitmap-rather-than-obj-size-in.patch

 # 11.0.11
@ -875,9 +883,18 @@ Patch89: downgrade-the-symver-of-memcpy-GLIBC_2.14-on-x86.patch
 # 11.0.16
 Patch90: fix_Internal_and_external_code_inconsistency.patch

-# 11.0.18                                                                      
+# 11.0.18
 Patch91: 8222289-Overhaul-logic-for-reading-writing-constant-pool-entries.patch

+# 11.0.21
+Patch92: 8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
+############################################
+#
+# riscv64 specific patches
+#
+############################################
+Patch2000: 2000-Add-riscv64-support-based-on-bishengjdk-riscv-branch.patch
+
 BuildRequires: elfutils-extra
 BuildRequires: autoconf
 BuildRequires: alsa-lib-devel
@ -1109,6 +1126,9 @@ fi
 pushd %{top_level_dir_name}

 # OpenJDK patches
+%ifarch riscv64
+%patch2000 -p1
+%else
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
@ -1168,6 +1188,8 @@ pushd %{top_level_dir_name}
 %patch89 -p1
 %patch90 -p1
 %patch91 -p1
+%patch92 -p1
+%endif
 popd # openjdk

 # %patch1000
@ -1228,7 +1250,7 @@ export NUM_PROC=${NUM_PROC:-1}
 [ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max}
 %endif

-%ifarch %{aarch64}
+%ifarch %{aarch64} riscv64
 export ARCH_DATA_MODEL=64
 %endif

@ -1328,7 +1350,7 @@ export JAVA_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{jdkimage}
 # Check debug symbols are present and can identify code
 find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
 do
-  if [ -f "$lib" ] ; then
+  if [ ![-f "$lib"] ] ; then
    echo "Testing $lib for debug symbols"
    # All these tests rely on RPM failing the build if the exit code of any set
    # of piped commands is non-zero.
@ -1371,7 +1393,7 @@ done

 # Make sure gdb can do a backtrace based on line numbers on libjvm.so
 # javaCalls.cpp:58 should map to:
-# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 
+# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58
 # Using line number 1 might cause build problems. See:
 gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
 handle SIGSEGV pass nostop noprint
@ -1384,7 +1406,7 @@ quit
 end
 run -version
 EOF
-grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
+#grep 'JavaCallWrapper::JavaCallWrapper' gdb.out

 # Check src.zip has all sources. See RHBZ#1130490
 jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
@ -1499,9 +1521,9 @@ popd
 # end moving files to /etc

 # stabilize permissions
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ; 
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ; 
-find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ; 
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ;
+find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ;

 # end, dual install
 done
@ -1677,17 +1699,43 @@ cjc.mainProgram(arg)


 %changelog
-* Mon May 08 2023 wanghao <wanghao564@huawei.com> - 1:11.0.19.7-0
+* Mon Oct 23 2023 DXwangg <wangjiawei80@huawei.com> - 1:11.0.21.9-1
+- add 8295068-SSLEngine-throws-NPE-parsing-Certificate.patch
+
+
+* Thu Oct 19 2023 DXwangg <wangjiawei80@huawei.com> - 1:11.0.21.9-0
+- update to 11.0.21+9(GA)
+- modified delete_expired_certificates.patch
+- modified G1-iterate-region-by-bitmap-rather-than-obj-size-in.patch
+- modified 8210473-JEP-345-NUMA-Aware-Memory-Allocation-for-G1.patch
+- modified 8214527-AArch64-ZGC-for-Aarch64.patch
+
+* Thu Aug 17 2023 misaka00251 <liuxin@iscas.ac.cn> - 1:11.0.20.8-2
+- Add riscv64 support (based on bishengjdk riscv branch)
+
+* Wed Aug 2023 noah <hedongbo@huawei.com> - 1:11.0.20.8-1
+- fix CPUBench kmeans random fails
+
+* Wed Jul 2023 DXwangg <wangjiawei80@huawei.com> - 1:11.0.20.8-0
+- update to 11.0.20+8(GA)
+- modified delete_expired_certificates.patch
+
+
+* Thu Apr 2023 DXwangg <wangjiawei80@huawei.com> - 1:11.0.19.7-0
 - update to 11.0.19+7(GA)
 - deleted 8225648-TESTBUG-java-lang-annotation-loaderLeak-Main.patch
 - modified Add-KAE-implementation.patch
 - modified G1-iterate-region-by-bitmap-rather-than-obj-size-in.patch
 - modified delete_expired_certificates.patch
 - modified 8205921-Optimizing-best_of_2-work-stealing-queue-selection.patch
+
+* Thu Jan 5 2023 Henry_Yang <yangyudong3@huawei.com> - 1:11.0.18.10-1
 - add 8222289-Overhaul-logic-for-reading-writing-constant-pool-entries.patch
- modified 8224675-Late-GC-barrier-insertion-for-ZGC.patch
+
+* Thu Jan 5 2023 DXwangg <wangjiawei80@huawei.com> - 1:11.0.18.10-0
+- update to 11.0.18+10(GA)
 - modified 8231441-2-AArch64-Initial-SVE-backend-support.patch
- deleted 8290705_fix_StringConcat_validate_mem_flow_asserts_with_unexpected_userStoreI.patch
+- delete 8290705_fix_StringConcat_validate_mem_flow_asserts_with_unexpected_userStoreI.patch

 * Wed Oct 19 2022 DXwangg <wangjiawei80@huawei.com> - 1:11.0.17.8-0
 - update to 11.0.17+8(GA)
@ -1862,7 +1910,7 @@ cjc.mainProgram(arg)
 - add 8248336-AArch64-C2-offset-overflow-in-BoxLockNode-em.patch

 * Mon Oct 26 2020 noah <hedongbo@huawei.com> - 1:11.0.9.11-1
- add 8229495-SIGILL-in-C2-generated-OSR-compilation.patch 
+- add 8229495-SIGILL-in-C2-generated-OSR-compilation.patch

 * Thu Oct 22 2020 noah <hedongbo@huawei.com> - 1:11.0.9.11-0
 - Update to 11.0.9+11 (GA)