Add and enable mob.

(schmonz)

Initial import of mob, a tool for swift git handover during remote mob
programming.

With on-site Mob Programming, you just pass on the keyboard to hand over
to the next person. This is a challenge for a distributed team.

We hand over with WIP commits on a temporary git branch. A quick
handover is essential. At the end of the mob session, we squash the WIP
commits into expressive commits and merge into master.

We created the mob tool to simplify this process. mob notifies you when
it's time to handover. mob can moo.

(schmonz)

Newsyslog should be instructed not to add its message to the new log file

(kim)

libfilezilla: Limit std::wcsnrtombs to SunOS.

(jperkin)

doc/TODO: + MesaLib-20.1.8, gnome-3.38.0.

(wiz)

libfilezilla: remove patch that breaks the build on NetBSD

(wiz)

libfilezilla: remove patch that breaks the build on NetBSD.

(wiz)

doc: Updated graphics/ansilove to 4.1.3

(fcambus)

ansilove: update to 4.1.3.

AnsiLove/C 4.1.3 (2020-09-18)

- Adjust SAUCE flag output to be binary
- Add -S flag to use SAUCE info for rendering hints. Users must now use -S
  to get iCE color info. This was previously automatically pulled without
  any extra options.
- Document the new -S flag, allowing to use SAUCE info for render options
- Add support for seccomp on arm
- Add missing test for __NR_mmap, the mmap syscall doesn't exist on arm

(fcambus)

doc: ja-grep and ja-less in pkgsrc are latest

(ryoon)

doc: Updated math/py-z3solver to 4.8.9.0

(khorben)

py-z3solver: update to version 4.8.9.0

Version 4.8.9
=============
- New features
  - significant improvements to regular expression solving
  - expose user theory plugin. It is a leaner user theory plugin that was once available.
    It allows for registering callbacks that react to when bit-vector and Boolean variables
    receive fixed values.
- Bug fixes
  - many
- Notes
  - the new arithmetic theory is turned on by default. It _does_ introduce regressions on
    several scenarios, but has its own advantages. Users can turn on the old solver by setting smt.arith.solver=2.
    Depending on feedback, we may turn toggle this default setting again back to smt.arith.solver=2.

Version 4.8.8
=============
- New features
  - rewritten NIA (non-linear integer arithmetic) core solver
    It is enabled in selected theories as default.
    The legacy arithmetic solver remains the overall default in this release
    as the rewritten solver shows regressions (on mainly NRA problems).
  - recursive function representation without hoisting ite expressions. Issue #2601
  - model-based interpolation for quantifier-free UF, arithmetic
  - Julia bindings over the C++ API, thanks to ahumenberger
- Bug fixes
  - numerous, many based on extensive fuzz testing.
    Thanks to 5hadowblad3, muchang, numairmansur, rainoftime, wintered
- Notes
  - recursive functions are unfolded with separate increments based on unsat core
    analysis of blocking literals that are separate for different recursive functions.
  - the seq (string) solver has been revised in several ways and likely shows some
    regressions in this release.

Version 4.8.7
=============
- New features
  - setting parameter on solver over the API by
    solver.smtlib2_log=<filename>
    enables tracing calls into the solver as SMTLIB2 commands.
    It traces, assert, push, pop, check_sat, get_consequences.
- Notes
  - various bug fixes
  - remove model_compress. Use model.compact
  - print weights with quantifiers when weight is != 1

Version 4.8.6
=============
- Notes
  - various bug fixes
  - built in support for PIP, thanks to Audrey Dutcher
  - VS compilation mode including misc flags for managed packages

Version 4.8.5
=============
- Notes
  - various bug fixes

Version 4.8.4
=============

- Notes
  - fixes bugs
  - a substantial update to how the seq theory solver handles regular
    expressions. Other performance improvements to the seq solver.
  - Managed .NET DLLs include dotnet standard 1.4 on supported platforms.
  - Windows Managed DLLs are strong signed in the released binaries.

Version 4.8.3
=============
- New features
  - Native handling of recursive function definitions, thanks to Simon Cruanes
  - PB rounding based option for conflict resolution when reasoning about PB constraints.
  - Access to numeral constants as a double from the native API.

- Notes
  - fixes several bugs discovered since the 4.8.1 release.

Version 4.8.2
=============
- Post-Release.

Version 4.8.1
=============
- Release. Bug-fix for 4.8.0

Version 4.8.0
=============

- New requirements:
  - A breaking change to the API is that parsers for SMT-LIB2 formulas return a vector of
    formulas as opposed to a conjunction of formulas. The vector of formulas correspond to
    the set of "assert" instructions in the SMT-LIB input.

- New features
  - A parallel mode is available for select theories, including QF_BV.
    By setting parallel.enable=true Z3 will spawn a number of worker threads proportional to the
    number of available CPU cores to apply cube and conquer solving on the goal.
  - The SAT solver by default handle cardinality and PB constraints using a custom plugin
    that operates directly on cardinality and PB constraints.
  - A "cube" interface is exposed over the solver API.
  - Model conversion is first class over the textual API, such that subgoals created from running a
    solver can be passed in text files and a model for the original formula can be recreated from the result.
  - This has also led to changes in how models are tracked over tactic subgoals. The API for
    extracting models from apply_result have been replaced.
  - An optional mode handles xor constraints using a custom xor propagator.
    It is off by default and its value not demonstrated.
  - The SAT solver includes new inprocessing techniques that are available during simplification.
    It performs asymmetric tautology elimination by default, and one can turn on more powerful inprocessing techniques
    (known as ACCE, ABCE, CCE). Asymmetric branching also uses features introduced in Lingeling by exploiting binary implication graphs.
    Use sat.acce=true to enable the full repertoire of inprocessing methods. By default, clauses that are "eliminated" by acce are tagged
    as lemmas (redundant) and are garbage collected if their glue level is high.
  - Substantial overhaul of the spacer horn clause engine.
  - Added basic features to support Lambda bindings.
  - Added model compression to eliminate local function definitions in models when
    inlining them does not incur substantial overhead. The old behavior, where models are left
    uncompressed can be replayed by setting the top-level parameter model_compress=false.
  - Integration of a new solver for linear integer arithmetic and mixed linear integer arithmetic by Lev Nachmanson.
    It incorporates several improvements to QF_LIA solving based on
    . using a better LP engine, which is already the foundation for QF_LRA
    . including cuts based on Hermite Normal Form (thanks to approaches described
      in "cuts from proofs" and "cutting the mix").
    . extracting integer solutions from LP solutions by tightening bounds selectively.
      We use a generalization of Bromberger and Weidenbach that allows avoiding selected
      bounds tightenings (https://easychair.org/publications/paper/qGfG).
    It solves significantly more problems in the QF_LIA category and may at this point also
    be the best solver for your problem as well.
    The new solver is enabled only for select SMT-LIB logics. These include QF_LIA, QF_IDL, and QF_UFLIA.
    Other theories (still) use the legacy solver for arithmetic. You can enable the new solver by setting
    the parameter smt.arith.solver=6 to give it a spin.

- Removed features:
  - interpolation API
  - duality engine for constrained Horn clauses.
  - pdr engine for constrained Horn clauses. The engine's functionality has been
    folded into spacer as one of optional strategies.
  - long deprecated API functions have been removed from z3_api.h

Version 4.7.1
=============

- New requirements:
  - uses stdbool and stdint as part of z3.

- New features:
  - none

- Removed features:
  - none

- Notes:
  This is a minor release prior to a set of planned major updates.
  It uses minor version 7 to indicate that the use of stdbool and
  stdint are breaking changes to consumers of the C-based API.

Version 4.6.0
=============

- New requirements:
  - C++11 capable compiler to build Z3.
  - C++ API now requires C++11 or newer.

- New features (including):
  - A new string solver from University of Waterloo
  - A new linear real arithmetic solver
  - Changed behavior for optimization commands from the SMT2 command-line interface.
    Objective values are no longer printed by default. They can be retrieved by
    issuing the command (get-objectives). Pareto front objectives are accessed by
    issuing multiple (check-sat) calls until it returns unsat.

- Removed features:
  - Removed support for SMT-LIB 1.x

(khorben)

doc: Updated lang/gcc8-libs to 8.4.0nb3

(ryoon)

gcc8-libs: Bump PKGREVISION from lang/gcc8

(ryoon)

doc: Updated lang/gcc8 to 8.4.0nb2

(ryoon)

gcc8: Pass default RPATH like gcc7, bump PKGREVISION

(ryoon)

doc: Updated textproc/po4a to 0.60

(schmonz)

Update to 0.60. From the changelog:

0.60:

Asciidoc:
* Introduce "compat" option to parse like asciidoc or asciidoctor.

Text (and Markdown):
* Fix the support of nested lists (GitHub's #131).

Other:
* Remove the experimental C extension that was never built,
  distributed, tested nor modified since 2007.

XML:
* Provide a meaningful message when the translators butcher the
  <placeholder> attributes instead of truncating the file.
  (GitHub's #254)

0.59.1:

po4a tool:
* Really fix --srcdir and --destdir handling (Debian's #960892 again).
  Even with the previous fix, the aptitude package was still broken.

Documentation:
* Clarify the syntax of -o parameters (GitHub's #233).

Sgml:
* Sort the attributes. Without this, msgids are randomly fuzzied.
  (Debian's #725931 and Debian's #810988)

0.59:

po4a tool:
* Fix --srcdir handling (GitHub's #237 and Debian's #960892).
  This bug was breaking the build of several packages, including dpkg.

Addendum:
* New mode 'eof' to easily add at the end of the file (Debian's #960949).

Documentation:
* Fix many typos and glitches
* Start a section about external projects using po4a

Tests:
* po4a: Add a test for the [po_directory] feature

Overall:
* Improve the displayed messages, don't translate debug messages.

0.58.1:

Documentation:
* Document an option of the XML parser (GitHub's #223).
* Small glitches found during the translations.

Tests:
* Also ignore 'Project-Id-Version' when diffing PO files (GitHub's #224)
* asciidoc: reactivate tablecells tests

AsciiDoc:
* Fix management of images in tables (Github's #226)
* Tolerate underline length variations in two lines titles (Github's #212)

0.58:

AsciiDoc:
* Accept numbered list items beginning with any number of dots
  (GitHub's #210)

Markdown:
* Avoid translating Markdown fenced code block info string (GitHub's #194)
* List Markdown fenced code block info string as text type (GitHub's #195)
* Support YAML Front Matter (GitHub's #196). This requires YAML::Tiny.
* Introduce options yfm_keys and yfm_skip_array to respectively
  specify which YAML keys should be translated, and that the array
  content should not be translated.
* Work around a bug in YAML::Tiny that quotes numbers (GitHub's #217)
* Add gettext flag "markdown-text" for relevant entries (GitHub's #208)

Text:
* Honor the (existing) --neverwrap option to handle every content verbatim.

Texinfo:
* Add the comments starting with 'TRANSLATORS:' to the po file
  (GitHub's #162)

XHTML:
* Don't fail nor warn when a closing tag is missing, that's legit in HTML.
  (GitHub's #179)

XML and DocBook:
* Allow attributes with no value (GitHub's #178).
* Processing Instructions are handled as inline tags by default, but
  you can change them back to breaking with '-o break-pi' (GitHub's #170)

Yaml:
* Introduce option to skip array values. (GitHub's #187)

po4a tool:
* Cleanups and fixups about options' parsing (now tested and documented)
    _
    / \  You may need to upgrage your po4a.conf if you were using
  /_!_\ "unwanted features" (ie, bugs) of the previous implementation.

* Do not touch source dir when --destdir is provided (Debian #602387)
* Pass --add-location=file to msgmerge when receiving option porefs.
  (requires gettext >= 0.19 -- June 2014)
* Option --master-charset sets the charset of the generated POT file.
* Option --master-language sets the language of the generated POT file.
* Add support for addendum path in po4a_paths (Debian #823189)
* Stop pretending that --porefs can control the wrapping of reference
  comments, as the gettext tools used internally always rewrap them.

Scripts:
* Rename po4aman-display-po to po4a-display-man
* Rename po4apod-display-po to po4a-display-pod

Core:
* Use UTF-8 by default (the 20th century is over -- Debian #862460)
  po4a used to prefer ascii unless it proved impossible. But the
  underlying detection would fail, possibly for document containing
  UTF-8 chars composed on printable ascii chars only.
* Add a --wrap-po option to control how the po file is wrapped, and
  chose between either nicely wrapped files that tend to produce git
  conflicts, or ugly files that are easy to automatically deal with.

Tests:
* Completely refactor most tests. They are now more reliable and the
  error messages are much more useful to understand the issues.
* Many bugs to po4a and the core were ironed out in the process.
* PO files content are now tested too (GitHub's #67)

Documentation:
* Various cleanups by Golubev Alexander (GitHub's #190 & #191)

(schmonz)

Reset PKGREVISION for libhighlight update.

(schmonz)

doc: Updated textproc/libhighlight to 3.58

(schmonz)

Update to 3.58. From the changelog:

- improved `--force` fallback argument handling
  (https://gitlab.com/saalen/highlight/-/issues/163)
- added C++ attribute syntax support
- added Lua fuction `StoreValue` to set and retrieve information across
  Lua states
- added `extras/eclipse-themes/eclipse_color_themes.py` script to
  retrieve themes from eclipsecolorthemes.org
- added support for Web Assembly Text
- updated mark_lines.lua to output 16m terminal sequences
  (https://gitlab.com/saalen/highlight/-/issues/164)
- fixed issues in bash.lang
  (https://gitlab.com/saalen/highlight/-/issues/161)
- fixed Bash heredoc highlighting in bash_functions.lua
  (https://gitlab.com/saalen/highlight/-/issues/156)
- CLI: `highlight --version -q` only prints the version number
- GUI: added theme contrast indicator

(schmonz)

On macOS with clang 12, get explicit definitions of snprintf and
vsnprintf to avoid warnings (treated as errors) and thereby pass
configure.

(schmonz)

gh: Document the rationale behind patch-go.mod

muesli/termenv v0.6.0 probably only works on Darwin and Linux.

(leot)

Remove copy-and-paste error from first line.

seen by leot@

(bsiegert)

doc: Updated net/gh to 1.0.0nb1

(bsiegert)

Github CLI: update to 1.0.0.

Features

- Add gh release commands for managing GitHub Releases
- Add gh pr checks command
- Add gh gist list/view/edit commands
- Improve resolving the base repository for all commands
- Additionally, gh pr create now prompts for where to push the current branch,
  including an option to create a fork, instead of trying to guess the head
  repository or automatically fork in the background.
- Add gh pr create --head <branch> flag to explicitly set the head branch for
  automation and opt out of any forking/pushing functionality.
- Add gh config set prompt disabled config setting
- Add gh help environment help topic listing all supported environment
  variables
- Add support for PAGER environment variable to enable a terminal pager program
  such as less, also supported through the pager config option
- Add gh auth login --web flag

Bugs

- pr merge --squash: add pull request title to the commit subject
- pr create: prepend body defaults to the selected template
- repo view: do not HTML-escape output
- issue list: fix misalignment due to Unicode and emoji characters
- Fix terminal color display under various color schemes
- Fix zsh completion script
- Fix opening the web browser under WSL

(bsiegert)

clamav: Explicitly set SMF_METHODS.

RCD_SCRIPTS changes depending on configured options, and clamav-milter
is launched directly from the manifest without a separate method script.

(jperkin)

doc: Updated devel/gopls to 0.5.0

(bsiegert)

gopls: update to 0.5.0.

Memory usage

- Rewrite of caching model, resulting in significant memory usage improvements
  (@heschik).

New features

- Extract to function: Support for extracting code blocks that contain return
  statements (@joshbaum).
- Workspace symbols: Support for fzf-style search syntax (@findleyr). The
  following syntax is supported:
        ' for exact matching
        ^ for prefix matching
        $ for suffix matching

Note: This feature does not yet work in VS Code. See golang/vscode-go#647 and
microsoft/vscode#106788.

- An experimental new code lens to view GC optimization details (@pjweinb).
  Once the code lens is enabled, you will see a Toggle gc details annotation at
  the top of your file. Clicking it will show optimization diagnostics produced
  by the Go compiler, and clicking it once again will hide these diagnostics.
  Enable the code lens by adding the following to your settings:

    "codelens": {
    "gc_details": true
    }

- go mod tidy and go mod vendor code lenses for go.mod files (@dandua98).
- Support for filling in matching in-scope variables instead of just empty
  values in fillstruct and fillreturns (@joshbaum).
- Autocompletion within import statements (@dandua98).
- Autocompletion within package declarations (@dandua98).

Improvements

- Improvements to workspace symbols ranking and fuzzy matching (@findleyr,
  @myitcv).
- Better completion suggestions in type switch case clauses and for calls to
  append, function literals, and unnamed types (@muirdm).

(bsiegert)

libfilezilla: add upstream bug report URL

(wiz)

doc: Updated sysutils/zabbix to 4.0.24

(otis)

doc: Updated sysutils/zabbix-frontend to 4.0.24

(otis)

sysutils/zabbix-frontend: Update to 4.0.24

Update the frontend to match sysutils/zabbix update to 4.0.24

(otis)

sysutils/zabbix: Update to 4.0.24

Changelog since 4.0.21:

* New features:
  - Improved Zabbix server performance when evaluating trigger, discovery, autoregistration and internal actions
  - Added host info to vmware event message log
  - Added vmware datacenters discovery

* Bugfixes:
  - Fixed security vulnerability cve-2020-15803 (stored xss attack on url widget)
  - Exclude disabled items from preprocessing configuration sync
  - Fixed possible deadlocks when deleting escalations
  - Fixed null value for a field of compositedata in jmx discovery
  - Changed log, log.count monitoring to ignore file modification time
  - Fixed strict dfsg compliance issue in using minified jquery sources
  - Fixed recovery expression for "link down" trigger and updated for following zabbix template guidelines
  - Fixed escalation cancellation message not being sent when action is disabled
  - Fixed context of {$temp_crit} macro in temperature trigger prototype
  - Fixed high memory consumption when using dependent items
  - Fixed memory leak
  - Fixed remove of selected items in multiselect
  - Fixed confusing error message being displayed if dbversion table cannot be found
  - Shadow global auto_increment mysql variables only for proxy
  - Fixed 'cmdline' parameter truncation on solaris 11.3 and later
  - Fixed memory leak when action message does not have to be sent
  - Fixed graph configuration with large amount of items
  - Fixed server exit when trying to execute ipmi script without ipmi pollers
  - Fixed undefined index in trends api
  - Fixed button disable state in template item list and discovery list
  - Fixed classic graph widget default header
  - Fixed php errors in "system information" window for mysql
  - Changed vm.memory.size keys on solaris to get memory usage statistics from kstat
  - Fixed cpu counter wraparound handling on solaris
  - Fixed misleading error message in case of not available datastorage for vmware.hv.datastore.read and vmware.hv.datastore.write metrics
  - Fixed host prototype import
  - Removed mtime check when matching files on disk with the cached list, this should reduce chances of log files being scanned again after system time changes
  - Fixed sql errors with oracle backend due to incorrect use of the using statement
  - Improved error message generation performance of user macro and item key parser
  - Fixed use on uninitialised variable
  - Added odbc empty query check
  - Fixed fatal error in items.php and host_discovery.php
  - Improved performance of the trigger and trigger prototype inheritance
  - Implement timeouts for wmi queries
  - Improved performance of "problems" widget with mysql backend by removing distinct modifier from sql statements with tables joined by primary keys
  - Fixed excess audit log record being added on host status update
  - Fixed php notice and multiple undefined index errors in hostinterface api
  - Added red label for disabled media types in user profile
  - Fixed runtime error when creating a host via api
  - Removed problem calculation for dependent triggers when master trigger is in problem state
  - Fixed usage of unsupported parameter in api call
  - Fixed inaccessible user be displayed as accessible in slide show properties screen
  - Fixed building of zabbix daemons with link time optimization

(otis)

doc: Updated www/php-nextcloud to 19.0.3

(ryoon)

php-nextcloud: Update to 19.0.3

Changelog:
19.0.3
Changes

    Fix possible leaking scope in Flow (server#22410)
    Combine body-login rules in theming and fix twofactor and guest styling on bright colors (server#22427)
    Show better quota warning for group folders and external storage (server#22442)
    Add php docs build script (server#22448)
    Fix clicks on actions menu of non opaque file rows in acceptance tests (server#22503)
    Fix writing BLOBs to postgres with recent contacts interaction (server#22515)
    Set the mount id before calling storage wrapper (server#22519)
    Fix S3 error handling (server#22521)
    Only disable zip64 if the size is known (server#22537)
    Change free space calculation (server#22553)
    Do not keep the part file if the forbidden exception has no retry set (server#22560)
    Fix app password updating out of bounds (server#22569)
    Use the correct root to determinate the webroot for the resource (server#22579)
    Upgrade icewind/smb to 3.2.7 (server#22581)
    Bump elliptic from 6.4.1 to 6.5.3 (notifications#732)
    Fixes regression that prevented you from toggling the encryption flag (privacy#489)
    Match any non-whitespace character in filesystem pattern (serverinfo#229)
    Catch StorageNotAvailable exceptions (text#1001)
    Harden read only check on public endpoints (text#1017)
    Harden check when using token from memcache (text#1020)
    Sessionid is an int (text#1029)
    Only overwrite Ctrl-f when text is focussed (text#990)
    Set the X-Requested-With header on dav requests (viewer#582)

19.0.2
Changes

    Lower minimum search length to 2 characters (server#21782)
    Call openssl_pkey_export with $config and log errors. (server#21804)
    Improve error reporting on sharing errors (server#21806)
    Do not log RequestedRangeNotSatisfiable exceptions in DAV (server#21840)
    Fix parsing of language code (server#21857)
    Fix typo in revokeShare() (server#21876)
    Discourage webauthn user interaction (server#21917)
    Encryption is ready if master key is enabled (server#21935)
    Disable fragile comments tests (server#21939)
    Do not double encode the userid in webauthn login (server#21953)
    Update icewind/smb to 3.2.6 (server#21955)
    Respect default share permissions (server#21967)
    allow admin to configure the max trashbin size (server#21975)
    Fix risky test in twofactor_backupcodes (server#21978)
    Fix PHPUnit deprecation warnings (server#21981)
    Fix moving files from external storage to object store trashbin (server#21983)
    Ignore whitespace in sharing by mail (server#21991)
    Properly fetch translation for remote wipe confirmation dialog (server#22036)
    Parse_url returns null in case a parameter is not found (server#22044)
    Bump elliptic from 6.5.2 to 6.5.3 (server#22050)
    Correctly remove usergroup shares on removing group members (server#22053)
    Fix height to big for iPhone when using many apps (server#22064)
    Reset the cookie internally in new API when abandoning paged results op (server#22069)
    Add Guzzle's InvalidArgumentException (server#22070)
    Contactsmanager shall limit number of results early (server#22091)
    Fix browser freeze on long password input (server#22094)
    Search also the email and displayname in user mangement for groups (server#22118)
    Ensured large image is unloaded from memory when generating previews (server#22121)
    Fix display of remote users in incoming share notifications (server#22131)
    Reuse cache for directory mtime/size if filesystem changes can be ignored (server#22171)
    Remove unexpected argument (server#22178)
    Do not exit if available space cannot be determined on file transfer (server#22181)
    Fix empty 'more' apps navigation after installing an app (server#22183)
    Fix default log_rotate_size in config.sample.php (server#22192)
    shortcut in reading nested group members when IN_CHAIN is available (server#22203)
    Fix chmod on file descriptor (server#22208)
    Do clearstatcache() on rmdir (server#22209)
    SSE enhancement of file signature (server#22210)
    Remove logging message carrying no valuable information (server#22215)
    Add app config option to disable "Email was changed by admin" activity (server#22232)
    Delete chunks if the move on an upload failed (server#22239)
    Silence duplicate session warnings (server#22247)
    Doctrine: Fix unquoted stmt fragments backslash escaping (server#22252)
    Allow to disable share emails (server#22300)
    Show disabled user count in occ user:report (server#22302)
    Bump 3rdparty to last stable19 commit (server#22303)
    Fixing a logged deprecation message (server#22309)
    CalDAV: Add ability to limit sharing to owner (server#22333)
    Only copy the link when updating a share or no password was forced (server#22337)
    Remove encryption option for nextcloud external storage (server#22341)
    L10n:Correct appid for WebAuthn (server#22348)
    Properly search for users when limittogroups is enabled (server#22355)
    SSE: make legacy format opt in (server#22381)
    Update the CRL (server#22387)
    Fix missing FN from federated contact (server#22400)
    Fix event icon sizes and text alignment (server#22414)
    Bump stecman/symfony-console-completion from 0.8.0 to 0.11.0 (3rdparty#457)
    Add Guzzle's InvalidArgumentException (3rdparty#474)
    Doctrine: Fix unquoted stmt fragments backslash escaping (3rdparty#486)
    Fix cypress (viewer#545)
    Move to webpack vue global config & bump deps (viewer#558)

(ryoon)

gcc9: Add the patch, fix previous

(ryoon)

doc: Updated lang/gcc9-libs to 9.3.0nb5

(ryoon)

glib9-libs: Bump PKGREVISION from lang/gcc9 update

(ryoon)

doc: Updated lang/gcc9 to 9.3.0nb4

(ryoon)

gcc9: Pass correct RPATH, bump PKGREVISION

* Use gcc7's patch, suggested by jperkin@.
* Fix build of math/blas for example.

(ryoon)

doc: Updated ham/chirp to 20200909

(gdt)

ham/chirp: Update to 20200909

Upstream changes: bugfixes

(gdt)

doc: Updated net/libfilezilla to 0.24.1

(jperkin)

libfilezilla: Update to 0.24.1.

While here fix the build on SunOS, based on patches in joyent/pkgsrc#266
from mrferda.

0.24.1 (2020-08-27)

- fz::to_integral can now handle strongly typed enum return types

0.24.0 (2020-08-21)

+ Added fz::equal_consttime
- fz::sprintf now works corrcetly if arguments are passed as (w)string_view

0.23.0 (2020-07-07)

+ Added reader/writer locks
- fz::mkdir can now return the the longest created path in case of partial failures

(jperkin)

fix the build on netbsd/vax.

(mrg)

doc: Updated security/py-m2crypto to 0.36.0

(jperkin)

py-m2crypto: Update to 0.36.0.

Based on joyent/pkgsrc#282 from sjorge.

0.36.0 - 2020-07-13
-------------------

- wrap SocketIO in io.Buffered* for makefile <lethliel>
- SSL.Connection.close accepts an argument to force the socket closing
  <Christophe Haen>
- SSL.Connection: make the clientPostConnectionCheck an instance
  attribute <Christophe Haen>
- Fixed bug with usage of unexisting method getreply at SSL_Transport
  <roman-nagaev>
- Add appveyor builds for python 3.7 and 3.8 <Daniel A. Wozniak>
- Fixed syntax warning on line 44. <randomfox>
- Update M2Crypto.six to 1.13.0 <Mat��j Cepl>
- base64.decodestring() was finally removed in Python 3.8. <Mat��j Cepl>
- wrap SocketIO in io.Buffered* for makefile <lethliel>
- NULL is legal argument for key and iv paramters of EVP_CipherInit(3)
  <Mat��j Cepl>
- Expose X509_V_FLAG_ALLOW_PROXY_CERTS verification flag and
  X509_STORE_SET_FLAGS function <Christophe Haen>
- Stop testing for 2.6 and 3.4 on Travis. Start testing 3.8 <Mat��j Cepl>
- Extend test cert validity to 2049 <Bernhard M. Wiedemann>
- Revert using typing module in 2.6. It is just not worthy. <Mat��j Cepl>
- Update Debian/stable SSL as well <Mat��j Cepl>
- Make tests pass again. <Mat��j Cepl>
- Stop using string module, which has been deprecated. <Mat��j Cepl>
- Tiny fixes to make pyls more happy <Mat��j Cepl>
- CI: Rework Fedora CI configuration <Neal Gompa>

0.35.2 - 2019-06-10
-------------------

- tests.test_rsa: Fix typo to match for proper exception <Sebastian
  Andrzej Siewior>
- Expose CRLs verification flags <Christophe Haen>

0.35.1 - 2019-06-08
-------------------

- Actually, really fix compatibility with OpenSSL 1.1.1c. Thank you,
  Sebastian Andrzej Siewior from the Debian team for resolving it.

0.34.0 - 2019-05-30
-------------------

- Use more recent version of OpenSSL on Windows
- Be resilient against the situation when no erorr happened.
- Correct URL of https://www.schneier.com/academic/smime/
- Use shlex.split() for CPP

0.33.0 - 2019-04-26
-------------------

- eb4525c - Stop pretending to support Python 3.4. <Mat��j Cepl>
- 6a89548 - Fix use of urlunsplit (25 hours ago) <Andreas Schwab>
- 0a5a356 - tests/test_ssl: use -ciphercuites for TLS1.3 cipher in
      openssl1.1 <Sebastian Andrzej Siewior>
- 8a0a3e3 - There are apparently multiword CPP variables. Taking that
      into account. <Mat��j Cepl>

(jperkin)

doc: Updated sysutils/etckeeper to 1.18.14

(schmonz)

doc: Updated www/logswan to 2.1.7

(fcambus)

logswan: update to 2.1.7.

Logswan 2.1.7 (2020-09-17)

- Add a Perl program to generate an example MMDB database for testing
- Add a new test case to exercise the IP geolocation codepaths
- Add support for seccomp on arm
- Add missing test for __NR_mmap, the mmap syscall doesn't exist on arm

(fcambus)

Update to 1.18.14. From the changelog:

* pacman 5.2 deprecated File hooks, use Path.
  Thanks, Christian Hesse
* Added zsh completion.
  Thanks, James Rowe
* commit: Recent changes added code that does not work on all POSIX shells.
  Fixed by Thorsten Glaser.

pkgsrc changes:

- Install the daily script called from libexec/etckeeper.daily
- Do our SUBSTing as the do-configure phase
- Better match other package managers in "etckeeper list-installed"

(schmonz)

lua-http: add patch to distinfo

(wiz)

opencv-contrib-face: regen distinfo

for opencv change

(wiz)

doc: Updated chat/matrix-synapse to 1.19.2

(js)

Update matrix-synapse to 1.19.2

Changelog:
Fix joining rooms over federation that include malformed events.

(js)

forgotten file distinfo

(nikita)

doc: Updated www/gnurl to 7.72.0

(nikita)

www/gnurl: Update to Version 7.72.0

CHANGELOG for gnurl-7.72.0 released 2020-09-16 (curl 7.72.0)
------------------------------------------------------------

gnurl:
No significant changes

curl:
Fixed in 7.72.0 - August 19 2020

Changes:

    content_encoding: add zstd decoding support
    CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
    CURLINFO_EFFECTIVE_METHOD: added

Bugfixes:

    CVE-2020-8231: libcurl: wrong connect-only connection
    appveyor: collect libcurl.dll variants with prefix or suffix
    asyn-ares: correct some bad comments
    bearssl: fix build with disabled proxy support
    buildconf: avoid array concatenation in die()
    buildconf: retire ares buildconf invocation
    checksrc: ban gmtime/localtime
    checksrc: invoke script with -D to find .checksrc proper
    CI/azure: install libssh2 for use with msys2-based builds
    CI/azure: unconditionally enable warnings-as-errors with autotools
    CI/macos: enable warnings as errors for CMake builds
    CI/macos: set minimum macOS version
    CI/macos: unconditionally enable warnings-as-errors with autotools
    CI: Add muse CI analyzer
    cirrus-ci: upgrade 11-STABLE to 11.4
    CMake: don't complain about missing nroff
    CMake: fix test for warning suppressions
    cmake: fix windows xp build
    configure.ac: Sort features name in summary
    configure: allow disabling warnings
    configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
    configure: show zstd "no" in summary when built without it
    connect: remove redundant message about connect failure
    curl-config: ignore REQUIRE_LIB_DEPS in --libs output
    curl.1: add a few missing valid exit codes
    curl: add %{method} to the -w variables
    curl: improve the existing file check with -J
    curl_multi_setopt: fix compiler warning "result is always false"
    curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
    CURLINFO_CERTINFO.3: fix typo
    CURLOPT_NOBODY.3: clarify what setting to 0 means
    docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions
    docs: Add video link to docs/CONTRIBUTE.md
    docs: change "web site" to "website"
    docs: clarify MAX_SEND/RECV_SPEED functionality
    docs: Update a few leftover mentions of DarwinSSL
    doh: remove redundant cast
    file2memory: use a define instead of -1 unsigned value
    ftp: don't do ssl_shutdown instead of ssl_close
    ftpserver: don't verify SMTP MAIL FROM names
    getinfo: reset retry-after value in initinfo
    gnutls: repair the build with `CURL_DISABLE_PROXY`
    gtls: survive not being able to get name/issuer
    h2: repair trailer handling
    http2: close the http2 connection when no more requests may be sent
    http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
    libssh2: s/ssherr/sftperr/
    libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin
    md(4|5): don't use deprecated macOS functions
    mprintf: Fix dollar string handling
    mprintf: Fix stack overflows
    multi: Condition 'extrawait' is always true
    multi: Remove 10-year old out-commented code
    multi: remove two checks always true
    multi: update comment to say easyp list is linear
    multi_remove_handle: close unused connect-only connections
    ngtcp2: adapt to error code rename
    ngtcp2: adjust to recent sockaddr updates
    ngtcp2: update to modified qlog callback prototype
    nss: fix build with disabled proxy support
    ntlm: free target_info before (re-)malloc
    openssl: fix build with LibreSSL < 2.9.1
    page-header: provide protocol details in the curl.1 man page
    quiche: handle calling disconnect twice
    runtests.pl: treat LibreSSL and BoringSSL as OpenSSL
    runtests: move the gnutls-serv tests to a dynamic port
    runtests: move the smbserver to use a dynamic port number
    runtests: move the TELNET server to a dynamic port
    runtests: run the DICT server on a random port number
    runtests: run the http2 tests on a random port number
    runtests: support dynamicly base64 encoded sections in tests
    setopt: unset NOBODY switches to GET if still HEAD
    smtp_parse_address: handle blank input string properly
    socks: use size_t for size variable
    strdup: remove the odd strlen check
    test1119: verify stdout in the test
    test1139: make it display the difference on test failures
    test1140: compare stdout
    test1908: treat file as text
    tests/FILEFORMAT.md: mention %HTTP2PORT
    tests/sshserver.pl: fix compatibility with OpenSSH for Windows
    TLS naming: fix more Winssl and Darwinssl leftovers
    tls-max.d: this option is only for TLS-using connections
    tlsv1.3.d. only for TLS-using connections
    tool_doswin: Simplify Windows version detection
    tool_getparam: make --krb option work again
    TrackMemory tests: ignore realloc and free in getenv.c
    transfer: fix data_pending for builds with both h2 and h3 enabled
    transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
    transfer: move retrycount from connect struct to easy handle
    travis/script.sh: fix use of `-n' with unquoted envvar
    travis: add ppc64le and s390x builds
    travis: update quiche builds for new boringssl layout
    url: fix CURLU and location following
    url: silence MSVC warning
    util: silence conversion warnings
    win32: Add Curl_verify_windows_version() to curlx
    WIN32: stop forcing narrow-character API
    windows: add unicode to feature list
    windows: disable Unix Sockets for old mingw

Fixed in 7.71.1 - July 1 2020

Bugfixes:

    cirrus-ci: disable FreeBSD 13 (again)
    Curl_inet_ntop: always check the return code
    CURLOPT_READFUNCTION.3: provide the upload data size up front
    DYNBUF.md: fix a typo: trail => tail
    escape: make the URL decode able to reject only %00-bytes
    escape: zero length input should return a zero length output
    examples/multithread.c: call curl_global_cleanup()
    http2: set the correct URL in pushed transfers
    http: fix proxy auth with blank password
    mbedtls: fix build with disabled proxy support
    ngtcp2: sync with current master
    openssl: Fix compilation on Windows when ngtcp2 is enabled
    Revert "multi: implement wait using winsock events"
    sendf: improve the message on client write errors
    terminology: call them null-terminated strings
    tool_cb_hdr: Fix etag warning output and return code
    url: allow user + password to contain "control codes" for HTTP(S)
    vtls: compare cert blob when finding a connection to reuse

Fixed in 7.71.0 - June 24 2020

Changes:

    CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl)
    setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
    setopt: support certificate options in memory with struct curl_blob
    tool: Add option --retry-all-errors to retry on any error

Bugfixes:

    *_sspi: fix bad uses of CURLE_NOT_BUILT_IN
    all: fix codespell errors
    altsvc: bump to h3-29
    altsvc: fix 'dsthost' may be used uninitialized in this function
    altsvc: fix parser for lines ending with CRLF
    altsvc: remove the num field from the altsvc struct
    appveyor: add non-debug plain autotools-based build
    appveyor: disable flaky test 1501 and ignore broken 1056
    appveyor: disable test 1139 instead of ignoring it
    asyn-*: remove support for never-used NULL entry pointers
    azure: use matrix strategy to avoid configuration redundancy
    build: disable more code/data when built without proxy support
    buildconf: remove -print from the find command that removes files
    checksrc: enhance the ASTERISKSPACE and update code accordingly
    CI/macos: fix 'is already installed' errors by using bundle
    cirrus: disable SFTP and SCP tests
    CMake: add ENABLE_ALT_SVC option
    CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche)
    CMake: add libssh build support
    CMake: do not build test programs by default
    CMake: fix runtests.pl with CMake, add new test targets
    CMake: ignore INTERFACE_LIBRARY targets for pkg-config file
    CMake: rebuild Makefile.inc.cmake when Makefile.inc changes
    CODE_REVIEW.md: how to do code reviews in curl
    configure: fix pthread check with static boringssl
    configure: for wolfSSL, check for the DES func needed for NTLM
    configure: only strip first -L from LDFLAGS
    configure: repair the check if argv can be written to
    configure: the wolfssh backend does not provide SCP
    connect: improve happy eyeballs handling
    connect: make happy eyeballs work for QUIC (again)
    curl.1: Quote globbed URLs
    curl: remove -J "informational" written on stdout
    Curl_addrinfo: use one malloc instead of three
    CURLINFO_ACTIVESOCKET.3: clarify the description
    doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3
    doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax
    docs/HTTP3: add qlog to the quiche build instruction
    docs/options-in-versions: which version added each cmdline option
    docs: unify protocol lists
    dynbuf: introduce internal generic dynamic buffer functions
    easy: fix dangling pointer on easy_perform fail
    examples/ephiperfifo: turn off interval when setting timerfd
    examples/http2-down/upload: add error checks
    examples: remove asiohiper.cpp
    FILEFORMAT: add more features that tests can depend on
    FILEFORMAT: describe verify/stderr
    ftp: make domore_getsock() return the secondary socket properly
    ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)
    ftp: shut down the secondary connection properly when SSL is used
    GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT
    hostip: make Curl_printable_address not return anything
    hostip: on macOS avoid DoH when given a numerical IP address
    http2: keep trying to send pending frames after req.upload_done
    http2: simplify and clean up trailer handling
    HTTP3.md: clarify cargo build directory
    http: move header storage to Curl_easy from connectdata
    libcurl.pc: Merge Libs.private into Libs for static-only builds
    libssh2: improved error output for wrong quote syntax
    libssh2: keep sftp errors as 'unsigned long'
    libssh2: set the expected total size in SCP upload init
    libtest/cmake: Remove commented code
    list-only.d: this option existed already in 4.0
    manpage: add three missing environment variables
    multi: add defensive check on data->multi->num_alive
    multi: implement wait using winsock events
    ngtcp2: cleanup memory when failing to connect
    ngtcp2: fix build with current ngtcp2 master implementing draft 28
    ngtcp2: fix happy eyeballs quic connect crash
    ngtcp2: introduce qlog support
    ngtcp2: never call fprintf() in lib code in release version
    ngtcp2: update with recent API changes
    ntlm: enable NTLM support with wolfSSL
    OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN
    openssl: set FLAG_TRUSTED_FIRST unconditionally
    projects: Add crypt32.lib to dependencies for all OpenSSL configs
    quiche: clean up memory properly when failing to connect
    quiche: enable qlog output
    quiche: update SSLKEYLOGFILE support
    Revert "buildconf: use find -execdir"
    Revert "ssh: ignore timeouts during disconnect"
    runtests: remove sleep calls
    runtests: show elapsed test time with higher precision (ms)
    select: always use Sleep in Curl_wait_ms on Win32
    select: fix overflow protection in Curl_socket_check
    sendf: make failf() use the mvsnprintf() return code
    server/sws: fix asan warning on use of uninitialized variable
    server/util: fix logmsg format using curl_off_t argument
    sha256: fixed potentially uninitialized variable
    share: don not set the share flag it something fails
    sockfilt: make select_ws stop waiting on exit signal event
    socks: detect connection close during handshake
    socks: fix expected length of SOCKS5 reply
    socks: remove unreachable breaks in socks.c and mime.c
    source cleanup: remove all custom typedef structs
    test1167: fixes in badsymbols.pl
    test1177: look for curl.h in source directory
    test1238: avoid tftpd being busy for tests shortly following
    test613.pl: make tests 613 and 614 work with OpenSSH for Windows
    test75: Remove precheck test
    tests: add https-proxy support to the test suite
    tests: add support for SSH server variant specific transfer paths
    tests: add two simple tests for --login-options
    tests: make test 1248 + 1249 use %NOLISTENPORT
    tests: pick a random port number for SSH
    tests: run stunnel for HTTPS and FTPS on dynamic ports
    timeouts: change millisecond timeouts to timediff_t from time_t
    timeouts: move ms timeouts to timediff_t from int and long
    tool: fixup a few --help descriptions
    tool: support UTF-16 command line on Windows
    tool_cfgable: free login_options at exit
    tool_getparam: -i is not OK if -J is used
    tool_getparam: fix memory leak in parse_args
    tool_operate: fixed potentially uninitialized variables
    tool_paramhlp: fixed potentially uninitialized strtol() variable
    transfer: close connection after excess data has been read
    travis: add "qlog" as feature in the quiche build
    travis: Add ngtcp2 and quiche tests for CMake
    travis: upgrade to bionic, clang-9, improve readability
    typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'
    unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode'
    url: accept "any length" credentials for proxy auth
    url: alloc the download buffer at transfer start
    url: make the updated credentials URL-encoded in the URL
    url: reject too long input when parsing credentials
    url: sort the protocol schemes in rough popularity order
    urlapi: accept :: as a valid IPv6 address
    urldata: leave the HTTP method untouched in the set.* struct
    urlglob: treat literal IPv6 addresses with zone IDs as a host name
    user-agent.d: spell out what happens given a blank argument
    vauth/cleartext: fix theoretical integer overflow
    version.d: expanded and alpha-sorted
    vtls: Extract and simplify key log file handling from OpenSSL
    wolfssl: add SSLKEYLOGFILE support
    wording: avoid blacklist/whitelist stereotypes
    write-out.d: added "response_code"

(nikita)

hs-lukko: Support flock(3C) on illumos.

While this "breaks" older SunOS releases, they were broken anyway as there's no
PLIST support for not having it.

(jperkin)

ghc88: Ensure libiconv can be found at runtime.

(jperkin)

libxkbcommon: fix PLIST for Linux

add xkbcli-interactive-evdev to PLIST.Linux
This utility is only built when linux/input.h is available.

From Michael Forney via tech-pkg.

(wiz)

py-iso8601: fix Python 3.6 build

(gutteridge)

lintpkgsrc: fix grammar in message

(gutteridge)

doc: Updated net/siproxd to 0.8.3

(hauke)

Update net/siproxd to v0.8.3

From upstream's release notes:

Major changes since 0.8.2:
- mostly bugfixes and performance improvements

New plugins:
- plugin_stats: write some statistics about currently active calls
- plugin_blacklist: new plugin to block UACs that cause excessive
  failures during REGISTER attempts

Upgrade Notes 0.8.2 to 0.8.3:
- Merge the configuration file

(hauke)

doc: Updated lang/openjdk-bin to 15

(ryoon)

openjdk-bin: Update to 15

Changelog:
JDK 15 Release Notes

These notes describe important changes, enhancements, removed APIs and
features, deprecated APIs and features, and other information about JDK 15 and
Java SE 15. In some cases, the descriptions provide links to additional
detailed information about an issue or a change. This page does not duplicate
the descriptions provided by the Java SE 15 ( JSR 390) Platform Specification,
which provides informative background for all specification changes and might
also include the identification of removed or deprecated APIs and features not
described here. The Java SE 15 ( JSR 390) specification provides links to:

  * Annex 1: The complete Java SE 15 API Specification.

  * Annex 2: An annotated API specification showing the exact differences
    relative to Java SE 15. Informative background for these changes may be
    found in the list of approved Change Specification Requests for this
    release.

  * Annex 3: Java SE 15 Editions of The Java Language Specification and The
    Java Virtual Machine Specification. . The Java SE 15 Editions contain all
    corrections and clarifications made since the Java SE 14 Editions, as well
    as additions for new features.

You should be aware of the content in that document as well as the items
described in this page.

The descriptions on this Release Note page also identify potential
compatibility issues that you might encounter when migrating to JDK 15. The
Kinds of Compatibility page on the OpenJDK wiki identifies three types of
potential compatibility issues for Java programs used in these descriptions:

  * Source: Source compatibility preserves the ability to compile existing
    source code without error.

  * Binary: Binary compatibility is defined in The Java Language Specification
    as preserving the ability to link existing class files without error.

  * Behavioral: Behavioral compatibility includes the semantics of the code
    that is executed at runtime.

See CSRs Approved for JDK 15 for the list of CSRs closed in JDK 15 and the
Compatibility & Specification Review (CSR) page on the OpenJDK wiki for general
information about compatibility.

Contents

  * New Features
  * Removed Features and Options
  * Deprecated Features and Options
  * Known Issues
  * Other Notes

New Features

This section describes some of the enhancements in Java SE 15 and JDK 15. In
some cases, the descriptions provide links to additional detailed information
about an issue or a change. The APIs described here are those that are provided
with the Oracle JDK. It includes a complete implementation of the Java SE 15
Platform and additional Java APIs to support developing, debugging, and
monitoring Java applications. Another source of information about important
enhancements and new features in Java SE 15 and JDK 15 is the Java SE 15 ( JSR
390) Platform Specification, which documents the changes to the specification
made between Java SE 14 and Java SE 15. This document includes descriptions of
those new features and enhancements that are also changes to the specification.
The descriptions also identify potential compatibility issues that you might
encounter when migrating to JDK 15.

Support for Unicode 13.0 (JDK-8239383)

core-libs/java.lang

This release upgrades Unicode support to 13.0, which includes the following:

  * The java.lang.Character class supports Unicode Character Database of 13.0
    level, which 13.0 adds 5,930 characters, for a total of 143,859 characters.
    These additions include 4 new scripts, for a total of 154 scripts, as well
    as 55 new emoji characters.
  * The java.text.Bidi and java.text.Normalizer classes support 13.0 level of
    Unicode Standard Annexes, #9 and #15, respectively.
  * The java.util.regex package supports Extended Grapheme Clusters based on
    13.0 level of Unicode Standard Annex #29 For more detail about Unicode
    13.0, refer to the Unicode Consortium's release note.

Added isEmpty Default Method to CharSequence (JDK-8215401)

core-libs/java.lang

java.lang.CharSequence has been updated in this release to define a default
isEmpty method that tests if a character sequence is empty. Testing for, and
filtering out, empty Strings and other CharSequences is a common occurrence in
code and CharSequence::isEmpty can be used as a method reference. Classes that
implement java.lang.CharSequence and another interface that defines isEmpty
method should be aware of this addition as they may need to be modified to
override the isEmpty method.

JEP 371: Hidden Classes (JDK-8238358)

core-libs/java.lang.invoke

JEP 371 introduces hidden classes in Java 15. Hidden classes have the following
implications to existing code:

1. Class::getName traditionally returns a binary name, but for a hidden class
    it returns a string that contains an ASCII forward slash (/) and is
    therefore not a binary name. Programs that assume the returned string is a
    binary name might need to be updated to handle hidden classes. That said,
    the longstanding practice of Unsafe::defineAnonymousClass was to define
    classes whose names were not binary names, so some programs may already
    handle such names successfully.

2. Class::descriptorString and MethodType::descriptorString returns a string
    that contains a ASCII dot (.) for a hidden class and therefore is not a
    type descriptor conforming to JVMS 4.3. Programs that assume the returned
    string is a type descriptor that conforms to JVMS 4.3 might need to be
    updated to handle hidden classes.

3. Class::getNestMembers is changed to not throw an exception when it fails to
    validate a nest membership of any member listed in NestMembers attribute.
    Instead, Class::getNestMembers returns the nest host and the members listed
    in the host's NestMembers attribute that are successfully resolved and
    determined to have the same nest host as this class. (This means it may
    return fewer members that listed in NestMembers attribute.) Existing code
    that expects LinkageError when there is a bad nest membership might be
    impacted.

4. The nestmate test in the JVM is changed to throw only IllegalAccessError
    when the nest membership is invalid. Some historical understanding is
    necessary:

  * In Java 8, every access control failure was signaled with
    IllegalAccessError (IAE). Moreover, if a given access check failed with IAE
    once, then the same check would fail with IAE every time.
  * In Java 11, the introduction of nest mates (JEP 181) meant that an access
    control failure could be signaled either with IllegalAccessError or, if
    nest membership was invalid, LinkageError. Still, if a given access check
    failed with a specific exception, then the same check would always fail
    with the same exception.
  * In Java 15, the introduction of Lookup::defineHiddenClass implies that the
    nest host of the lookup class must be determined eagerly, when the hidden
    class is defined as a nestmate of the lookup class. Both
    Lookup::defineHiddenClass and Class::getNestHost both determine the nest
    host of a class in a more resilient manner than the JVM did in Java 11;
    namely, the API simply treats a class as self-hosted if its purported nest
    membership is invalid. For consistency with the API, the JVM no longer
    throws LinkageError when a class's nest membership is invalid, and instead
    treats the class as self-hosted. This means that the JVM only throws IAE
    from access control (because a self-hosted class will not permit any other
    class to access its private members). This is the behavior expected by the
    vast majority of user code.

5. JVM TI GetClassSignature returns a string that contains a ASCII dot (.) for
    a hidden class. JVM TI agents might need updating for hidden classes if
    they assume the returned string from GetClassSignature is a type descriptor
    conforming to JVMS 4.3.

Added Support for SO_INCOMING_NAPI_ID Support (JDK-8243099)

core-libs/java.net

A new JDK-specific socket option SO_INCOMING_NAPI_ID has been added to
jdk.net.ExtendedSocketOptions in this release. The socket option is Linux
specific and allows applications to query the NAPI (New API) ID of the
underlying device queue associated with its socket connection and take
advantage of the Application Device Queue (ADQ) feature of high performance
Network Interface Card (NIC) devices.

Specialized Implementations of TreeMap Methods (JDK-8176894)

core-libs/java.util:collections

The TreeMap class now provides overriding implementations of the putIfAbsent,
computeIfAbsent, computeIfPresent, compute, and merge methods. The new
implementations provide a performance improvement. However, if the function
provided to the compute- or merge methods modifies the map,
ConcurrentModificationException may be thrown, because the function that is
provided to these methods is prohibited from modifying the map. If a
ConcurrentModificationException occurs, the function must either be changed to
avoid modifying the map, or the surrounding code should be rewritten to replace
uses of the compute- and merge methods with conventional Map methods such as
get and put.

See JDK-8227666 for further information.

Added Ability to Configure Third Port for Remote JMX (JDK-8234484)

core-svc/javax.management

JMX supports (explicit) remote network access through the configuration of two
network ports (either from the command line or in a property file), by setting
the following properties:

com.sun.management.jmxremote.port=<port#>
com.sun.management.jmxremote.rmi.port=<port#>

Note: If it is not specified, the second port will default to the first.

A third local port is also opened to accept (local) JMX connections. This port
previously had its number selected at random, which could cause port
collisions.

However, it is now possible to configure the third JMX port (local only) by
using:
com.sun.management.jmxremote.local.port=<port#>

New Option Added to jstatd for Specifying RMI Connector Port Number (
JDK-8196729)

core-svc/tools

A new -r <port> option has been added to the jstatd command to specify the RMI
connector port number. If a port number is not specified, a random available
port is used.

New Option Added to jcmd for Writing a gzipped Heap Dump (JDK-8237354)

core-svc/tools

A new integer option gz has been added to the GC.heap_dump diagnostic command.
If it is specified, it will enable the gzip compression of the written heap
dump. The supplied value is the compression level. It can range from 1
(fastest) to 9 (slowest, but best compression). The recommended level is 1.

JEP 378: Text Blocks (JDK-8236934)

Text blocks have been added to the Java language. A text block is a multi-line
string literal that avoids the need for most escape sequences, automatically
formats the string in a predictable way, and gives the developer control over
the format when desired.

New Options Added to jhsdb for debugd Mode (JDK-8196751)

hotspot/svc-agent

Three new options have been added to the jhsdb command for the debugd mode:

1. --rmiport <port> is used to specify a RMI connector port number. If a port
    number is not specified, a random available port is used.
2. --registryport <port> is used to specify a RMI registry port number. This
    option overrides the system property sun.jvm.hotspot.rmi.port. If a port
    number is not specified, the system property is used. If the system
    property is not set, the default port 1099 is used.
3. --hostname <hostname> is used to specify a RMI connector host name. The
    value could be a hostname or an IPv4/IPv6 address. This option overrides
    the system property java.rmi.server.hostname. If a host name not specified,
    the system property is used. If the system property is not set, a system
    host name is used.

Added Revocation Checking to jarsigner (JDK-8242060)

security-libs/java.security

A new -revCheck option has been added to the jarsigner command to enable
revocation checking of certificates.

Tools Warn If Weak Algorithms Are Used Before Restricting Them (JDK-8172404)

security-libs/java.security

The keytool and jarsigner tools have been updated to warn users about weak
cryptographic algorithms being used before they are disabled. In this release,
the tools issue warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA
keys.

SunJCE Provider Supports SHA-3 Based Hmac Algorithms (JDK-8172680)

security-libs/javax.crypto

The SunJCE provider has been enhanced to support HmacSHA3-224, HmacSHA3-256,
HmacSHA3-384, and HmacSHA3-512. Implementations for these algorithms are
available under the Mac and KeyGenerator services. The Mac service generates
the keyed-hash and the KeyGenerator service generates the key for the Mac.

New System Properties to Configure the TLS Signature Schemes (JDK-8242141)

security-libs/javax.net.ssl

Two new system properties have been added to customize the TLS signature
schemes in JDK. jdk.tls.client.SignatureSchemes has been added for the TLS
client side, and jdk.tls.server.SignatureSchemes has been added for the server
side.

Each system property contains a comma-separated list of supported signature
scheme names specifying the signature schemes that could be used for the TLS
connections.

The names are described in the "Signature Schemes" section of the Java Security
Standard Algorithm Names Specification.

Support for certificate_authorities Extension (JDK-8206925)

security-libs/javax.net.ssl

The "certificate_authorities" extension is an optional extension introduced in
TLS 1.3. It is used to indicate the certificate authorities (CAs) that an
endpoint supports and should be used by the receiving endpoint to guide
certificate selection.

With this JDK release, the "certificate_authorities" extension is supported for
TLS 1.3 in both the client and the server sides. This extension is always
present for client certificate selection, while it is optional for server
certificate selection.

Applications can enable this extension for server certificate selection by
setting the jdk.tls.client.enableCAExtension system property to true. The
default value of the property is false.

Note that if the client trusts more CAs than the size limit of the extension
(less than 2^16 bytes), the extension is not enabled. Also, some server
implementations do not allow handshake messages to exceed 2^14 bytes.
Consequently, there may be interoperability issues when
jdk.tls.client.enableCAExtension is set to true and the client trusts more CAs
than the server implementation limit.

Support for canonicalize in krb5.conf (JDK-8239385)

security-libs/org.ietf.jgss:krb5

The 'canonicalize' flag in the krb5.conf file is now supported by the JDK
Kerberos implementation. When set to true, RFC 6806 name canonicalization is
requested by clients in TGT requests to KDC services (AS protocol). Otherwise,
and by default, it is not requested.

The new default behavior is different from JDK 14 and previous releases where
name canonicalization was always requested by clients in TGT requests to KDC
services (provided that support for RFC 6806 was not explicitly disabled with
the sun.security.krb5.disableReferrals system or security properties).

Removed Features and Options

This section describes the APIs, features, and options that were removed in
Java SE 15 and JDK 15. The APIs described here are those that are provided with
the Oracle JDK. It includes a complete implementation of the Java SE 15
Platform and additional Java APIs to support developing, debugging, and
monitoring Java applications. Another source of information about important
enhancements and new features in Java SE 15 and JDK 15 is the Java SE 15 ( JSR
390) Platform Specification, which documents changes to the specification made
between Java SE 14 and Java SE 15. This document includes the identification of
removed APIs and features not described here. The descriptions below might also
identify potential compatibility issues that you could encounter when migrating
to JDK 15. See CSRs Approved for JDK 15 for the list of CSRs closed in JDK 15.

Removal of Terminally Deprecated Solaris-specific SO_FLOW_SLA Socket Option (
JDK-8244582)

core-libs/java.net

In this release, in conjunction with the removal of the Solaris port in JEP 381
, the JDK-specific socket option jdk.net.ExtendedSocketOptions.SO_FLOW_SLA,
which is only relevant to sockets on Solaris, and its supporting classes
SocketFlow and SocketFlow.Status, have been removed.

Removal of RMI Static Stub Compiler (rmic) (JDK-8225319)

core-libs/java.rmi

The RMI static stub compiler rmic has been removed. The rmic tool is obsolete
and has been deprecated for removal since JDK 13.

Removal of Deprecated Constant RMIConnectorServer.CREDENTIAL_TYPES (JDK-8213222
)

core-svc/javax.management

The terminally deprecated constant
javax.management.remote.rmi.RMIConnectorServer.CREDENTIAL_TYPE has been
removed. A filter pattern can be specified instead by using
RMIConnectorServer.CREDENTIALS_FILTER_PATTERN.

Removal of Nashorn JavaScript Engine (JDK-8236933)

The Nashorn JavaScript script engine, its APIs, and the jjs tool have been
removed. The engine, the APIs, and the tool were deprecated for removal in Java
11 with the express intent to remove them in a future release.

Obsolete -XX:UseAdaptiveGCBoundary (JDK-8228991)

hotspot/gc

The VM option UseAdaptiveGCBoundary is obsolete. Use of this option will
produce an obsolete option warning but will otherwise be ignored.

This option was previously disabled by default, and enabling it only had an
effect when also using -XX:+UseParallelGC. Enabling it was intended to provide
a performance benefit for some applications. However, it has been disabled by
default for a long time because of crashes and performance regressions.

Removal of DocuSign Root CA Certificate (JDK-8225068)

security-libs/java.security

The following expired DocuSign root CA certificate has been removed from the
cacerts keystore:

+ alias name "keynectisrootca [jdk]"

  Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

Removal of Comodo Root CA Certificate (JDK-8225069)

security-libs/java.security

The following expired Comodo root CA certificate has been removed from the
cacerts keystore:

+ alias name "addtrustclass1ca [jdk]"

  Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

Removal of com.sun.net.ssl.internal.ssl.Provider Name (JDK-8219989)

security-libs/javax.net.ssl

The legacy SunJSSE provider name, "com.sun.net.ssl.internal.ssl.Provider" has
been removed and should no longer be used. The "SunJSSE" name should be used
instead. For example, SSLContext.getInstance("TLS", "SunJSSE").

Retired the Deprecated SSLSession.getPeerCertificateChain() Method
Implementation (JDK-8241039)

security-libs/javax.net.ssl

The implementation of the deprecated SSLSession.getPeerCertificateChain()
method has been removed from the JDK in the SunJSSE provider and the HTTP
client implementation. The default implementation of this method has been
changed to throw UnsupportedOperationException.

SSLSession.getPeerCertificateChain() is a deprecated method and will be removed
in a future release. To mitigate the removal compatibility impact, applications
should use the SSLSession.getPeerCertificates() method instead. For service
providers, please remove this method from the existing implementation, and do
not support this method in any new implementation.

Deprecated Features and Options

Additional sources of information about the APIs, features, and options
deprecated in Java SE 15 and JDK 15 include:

  * The Deprecated API page identifies all deprecated APIs including those
    deprecated in Java SE 15.
  * The Java SE 15 ( JSR 390) specification specification documents changes to
    the specification made between Java SE 14 and Java SE 15 that include the
    identification of deprecated APIs and features not described here.
  * JEP 277: Enhanced Deprecation provides a detailed description of the
    deprecation policy. You should be aware of the updated policy described in
    this document.

You should be aware of the contents in those documents as well as the items
described in this release notes page.

The descriptions of deprecated APIs might include references to the deprecation
warnings of forRemoval=true and forRemoval=false. The forRemoval=true text
indicates that a deprecated API might be removed from the next major release.
The forRemoval=false text indicates that a deprecated API is not expected to be
removed from the next major release but might be removed in some later release.

The descriptions below also identify potential compatibility issues that you
might encounter when migrating to JDK 15. See CSRs Approved for JDK 15 for the
list of CSRs closed in JDK 15.

Deprecated RMI Activation for Removal (JDK-8245068)

core-libs/java.rmi

The RMI Activation mechanism has been deprecated and may be removed in a future
version of the platform. RMI Activation is an obsolete part of RMI that has
been optional since Java 8. It allows RMI server JVMs to be started
("activated") upon receipt of a request from a client, instead of requiring RMI
server JVMs to be running continuously. Other parts of RMI are not deprecated.
See JEP 385 for further information.

Deprecated NSWindowStyleMaskTexturedBackground (JDK-8240995)

After an upgrade of the macOS SDK used to build the JDK, the behavior of the
apple.awt.brushMetalLook and textured Swing properties has changed. When these
properties are set, the title of the frame is still visible. It is recommended
that the apple.awt.transparentTitleBar property be set to true to make the
title of the frame invisible again. The apple.awt.fullWindowContent property
can also be used.

Please note that Textured window support was implemented by using the
NSTexturedBackgroundWindowMask value of NSWindowStyleMask. However, this was
deprecated in macOS 10.12 along with NSWindowStyleMaskTexturedBackground, which
was deprecated in macOS 10.14.

For additional information, refer to the following documentation:

  * apple.awt.brushMetalLook: https://developer.apple.com/documentation/appkit/
    nstexturedbackgroundwindowmask?language=objc
  * apple.awt.transparentTitleBar: https://developer.apple.com/documentation/
    appkit/nswindow/1419167-titlebarappearstransparent?language=objc
  * apple.awt.fullWindowContent: https://developer.apple.com/documentation/
    appkit/nsfullsizecontentviewwindowmask

Deprecated -XX:ForceNUMA Option (JDK-8243628)

hotspot/gc

The VM option ForceNUMA is deprecated. Use of this option will produce a
deprecation warning. This option will be removed in a future release.

This option has always been disabled by default. It exists to support testing
of NUMA-related code paths when running on a single node / UMA platform.

Disabled Biased-locking and Deprecated Biased-locking Flags (JDK-8231264)

hotspot/runtime

Biased locking has been disabled by default in this release. In addition, the
VM option UseBiasedLocking along with the VM options BiasedLockingStartupDelay,
BiasedLockingBulkRebiasThreshold, BiasedLockingBulkRevokeThreshold,
BiasedLockingDecayTime and UseOptoBiasInlining have been deprecated. The
options will continue to work as intended but will generate a deprecation
warning when they are used.

Biased locking might affect performance on applications that exhibit
significant amounts of uncontended synchronization, such as applications that
rely on older Java Collections APIs that synchronize on every access. Hashtable
and Vector are examples of these APIs. Use -XX:+BiasedLocking on the command
line to re-enable biased locking. Report any significant performance
regressions to Oracle with biased locking disabled.

Disable Native SunEC Implementation by Default (JDK-8237219)

security-libs/javax.crypto

The SunEC crypto provider no longer advertises curves that are not implemented
by using modern formulas and techniques. Arbitrary and named curves, listed at
the bottom of this note, are disabled. Commonly used named curves, secp256r1,
secp384r1, secp521r1, x25519, and x448, remain supported and enabled by SunEC
because they use modern techniques. Applications that still require the
disabled curves from the SunEC provider can re-enable them by setting the
System property jdk.sunec.disableNative to false. For example: java
-Djdk.sunec.disableNative=false ....
If this property is set to any other value, the curves will remain disabled.
Exceptions thrown when the curves are disabled will contain the message Legacy
SunEC curve disabled, followed by the name of the curve. Methods affected by
the change are KeyPair.generateKeyPair(), KeyAgreement.generateSecret(),
Signature.verify(), and Signature.sign(). These methods throw the same
exception class they had before when the curve was not supported.

The following curves are disabled: secp112r1, secp112r2, secp128r1, secp128r2,
secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1,
secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1,
sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1,
sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62
c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62
c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62
prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3,
brainpoolP256r1 brainpoolP320r1, brainpoolP384r1, brainpoolP512r1

Added forRemoval=true to Previously Deprecated ContentSigner APIs (JDK-8242260)

security-libs/jdk.security

The ContentSigner and ContentSignerParameters classes in the com.sun.jarsigner
package support alternative signers and have been deprecated with forRemoval=
true. When the -altsigner or -altsignerpath options are specified, the
jarsigner tool produces a warning that these options are deprecated and will be
removed.

Known Issues

java.net.HttpClient Does Not Override Protocols Specified in SSLContext Default
Parameters (JDK-8239594)

core-libs/java.net

During the setup of new connections, java.net.http.HttpClient now uses the
default set of protocols provided by the SSLContext when negotiating the TLS
handshake. In the absence of any SSLParameters explicitly supplied to the
HttpClient.builder, the HttpClient has been updated to no longer override any
default-selected protocols in the SSLContext. As a result, the actual TLS
version that is negotiated might differ from that of previous releases, or it
might even succeed or fail to negotiate when it previously might not have.

[macos] Support for Notarizing jpackage app-image and dmg (JDK-8237490)

tools/jpackage

jpackage cannot create packages on macOS that are suitable for notarization.

Other Notes

The following notes describe additional changes and information about this
release. In some cases, the following descriptions provide links to additional
detailed information about an issue or a change.

Workaround for Windows GDI API's memory restrictions (JDK-8240654)

client-libs

It has been found that some Windows GDI functions don't support all types of
Java heap memory allocation schemes. This problem can cause repaint issues and
printing bugs. It has been worked around by allocating temporary buffers off
heap.

See: https://support.microsoft.com/en-us/help/4567569/
gdi-apis-may-fail-when-large-pages-or-vad-spanning-is-used

java.awt.Robot.delay() Method Completes With Interrupt Status Set When
Interrupted (JDK-8210231)

client-libs/java.awt

When it is interrupted, the implementation of the java.awt.Robot.delay() method
has been changed to complete with the interrupt status set.

If a thread is interrupted while waiting in the java.awt.Robot.delay() method,
then this method returns immediately with the interrupt status set. If the
interrupted status is already set, this method returns immediately with the
interrupt status set.

Optimized Empty Substring Handling (JDK-8240094)

core-libs/java.lang

The implementation of String.substring and related methods stripLeading and
stripTrailing have changed in this release to avoid redundantly creating a new
empty String. This may impact code that depends on unspecified behaviour and
the identity of empty sub-strings.

Lookup::defineClass Links the Class (JDK-8238195)

core-libs/java.lang.invoke

Lookup::defineClass is specified to throw LinkageError if a linkage error
occurs, but the implementation was not actually linking the class. In this
release, the implementation has been changed to link the class before
returning, so conforming to the specification. If Lookup::defineClass is called
to define a class that fails linking, LinkageError will be thrown.

DatagramPacket.getPort() Returns 0 When the Port Is Not Set (JDK-8237890)

core-libs/java.net

In this release, the default port number for a datagram packet has been changed
to 0. Previously, this value was -1, which was undocumented. The port can be
retrieved by using DatagramPacket::getPort.

DatagramSocket::disconnect Allows an Implementation to Throw
UncheckedIOException (JDK-8235783)

core-libs/java.net

Previously, DatagramChannel::disconnect threw an IOException while
DatagramSocket::disconnect did not. As a result, the DatagramChannel::socket
adapter, which calls DatagramChannel::disconnect, catches the thrown
IOException and rethrows it as an Error. However, this was undocumented
behavior and not user-friendly.

The DatagramChannel::socket adapter has been changed to throw an
UncheckedIOException, and the specification of DatagramSocket::disconnect has
been updated to document that an implementation may now throw an
UncheckedIOException. This ensures consistency in behavior between
DatagramSocket, DatagramChannel, and DatagramChannel::socket adapter.

Filtering and Ordering of Addresses Returned by Alternative Hosts File Name
Service Provider (JDK-8244958)

core-libs/java.net

In this release, the behavior of InetAddress.getAllByName has been modified
when the alternative hosts file name service is selected .

The JDK allows specifying an alternative host's file name service by using the
jdk.net.hosts.file system property. The implementation of the alternative name
service has been changed to take into account the values of the
java.net.preferIPv4Stack and java.net.preferIPv6Addresses system properties.
This affects the results returned by InetAddress.getAllByName when the host's
file name service is selected. For details about java.net.preferIPv4Stack and
java.net.preferIPv6Addresses, see Networking Properties in the API
documentation.

Modified the MS950 charset Encoder's Conversion Table (JDK-8232161)

core-libs/java.nio.charsets

In this release, some of the one-way byte-to-char mappings have been aligned
with the preferred mappings provided by the Unicode Consortium.

Support Monetary Grouping Separator in DecimalFormat/DecimalFormatSymbols (
JDK-8227313)

core-libs/java.text

DecimalFormat/DecimalFormatSymbols classes are now capable of dealing with
grouping separators for currency values. For example, the monetary grouping
separator for the German language used in Austria (the de-AT locale) is '.',
whereas the monetary grouping separator in other German locales is ' '.

ValueRange.of(long, long, long) Does Not Throw IAE on Invalid Inputs (
JDK-8239520)

core-libs/java.time

java.time.temporal.ValueRange.of() methods are now correctly throwing an
InvalidArgumentException on given invalid arguments. For example, of(5, 2, 10)
which is invalid because the minimum is greater than the smallest maximum, now
throws the exception.

localizedBy() Overrides Localized Values With Default Values (JDK-8244245)

core-libs/java.time

java.time.format.DateTimeFormatter.localizedBy(Locale) method now honors the
default locale values, such as Chronologyand/or DecimalStyle of the specified
locale argument.

For example, in previous JDK releases:

jshell> DateTimeFormatter.ofLocalizedDate(FormatStyle.FULL)
    .localizedBy(Locale.forLanguageTag("fa"))
    .format(LocalDate.now())
$3 ==> "جمعه 1 مهٔ 2020"

the numbers are in Arabic (Western) numerals.

In JDK 15:

jshell> DateTimeFormatter.ofLocalizedDate(FormatStyle.FULL)
    .localizedBy(Locale.forLanguageTag("fa"))
    .format(LocalDate.now())
$3 ==> "جمعه ۱ مهٔ ۲۰۲۰"

the numbers are in Extended Arabic-Indic numerals because it is the default
numbering system for the Farsi locale.

Performance Improvement for InflaterOutputStream.write (JDK-8242848)

core-libs/java.util.jar

InflaterOutputStream(OutputStream out, Inflater infl, int bufLen) allows for
specifying the decompressor and buffer size to be used.

InflaterOutputStream.write(byte[] b, int off, int len) was writing data using a
max buffer size of 512 bytes.

Starting with JDK 15 the buffer size specified via InflaterOutputStream
(OutputStream out, Inflater infl, int bufLen) will be used in calls to
InflaterOutputStream.write(byte[] b, int off, int len). If the buffer size is
not specified when invoking the InflaterOutputStreamconstructor, it will
default to 512 bytes.

Case Insensitive Matching Doesn't Work Correctly for Some Character Classes (
JDK-8214245)

core-libs/java.util.regex

The Java regular expression engine supports the case insensitive mode. When
this mode is turned on, the engine is supposed to match the input text without
regard to the case of the characters it consists of.

However, the current implementation of matching against some named character
classes (those that are encoded with p{name} or P{name} constructs) fails to
respect the case insensitive mode.

This fix makes these character classes behave consistently with respect to case
sensitivity. When the regular expression engine operates in the case
insensitive mode, the named character classes will match the input characters
without regard to their case: lower case, upper case, or title case.

Localized Time Zone Name Inconsistency Between English and Other Locales (
JDK-8236548)

core-libs/java.util:i18n

English time zone names provided by the CLDR locale provider are now correctly
synthesized following the CLDR spec, rather than substituted from the COMPAT
provider. For example, SHORT style names are no longer synthesized
abbreviations of LONG style names, but instead produce GMT offset formats.

Support for CLDR version 37 (JDK-8239480)

core-libs/java.util:i18n

Locale data based on Unicode Consortium's CLDR has been upgraded to their
version 37. For the detailed locale data changes, please refer to the Unicode
Consortium's CLDR release notes:

  * http://cldr.unicode.org/index/downloads/cldr-37

Flags Controlling C1 Inlining Have New Names (JDK-8235673)

hotspot/compiler

A number of flags controlling inlining in the C1 and C2 compilers have been
split up into separate flags. The C2 compiler keeps the flags with the old
names, and the C1 compiler gets the new flags.

Old flags now only controlling C2

  * MaxInlineLevel
  * MaxRecursiveInlineLevel
  * MaxInlineSize
  * MaxTrivialSize
  * InlineSmallCode
  * FreqInlineSize

New flags for C1 that replace the old ones

  * C1MaxInlineLevel
  * C1MaxRecursiveInlineLevel
  * C1MaxInlineSize
  * C1MaxTrivialSize

Deprecation

If the old flags are used in a JDK build without the C2 compiler, a deprecation
warning will be printed.

JEP 377: ZGC: A Scalable Low-Latency Garbage Collector (Production) (
JDK-8209683)

hotspot/gc

The Z Garbage Collector (ZGC) is now ready for use in production and no longer
marked as an experimental feature. ZGC is enabled by using the -XX:+UseZGC
command-line option (using -XX:+UnlockExperimentalVMOptions is no longer
needed).

See JEP 377 for more details.

Improved Ergonomics for G1 Heap Region Size (JDK-8241670)

hotspot/gc

The default heap region size calculation has been changed to return larger
regions by default. The calculation still aims to have 2048 regions, but two
aspects have changed:

  * Only the maximum heap size is considered. The old calculation also took the
    initial heap size into consideration, but this can give unexpected behavior
    when no heap size is set.
  * The region size is rounded up to the nearest power of 2 instead of down.
    This will return larger region sizes in cases where the maximum heap size
    is not a power of 2.

These changes improve startup and runtime performance.

Disabling NUMA Interleaving on Windows (JDK-8245002)

hotspot/gc

-XX:+UseNUMAInterleaving has no effect on Windows in this release. It was found
that GDI APIs used by java2d don't support the memory reservation scheme used
for NUMA interleaving. The JVM detects this problem and both warns about this
and turns off NUMA interleaving. See: https://support.microsoft.com/en-us/help/
4567569/gdi-apis-may-fail-when-large-pages-or-vad-spanning-is-used

Disabling large pages on Windows (JDK-8245000)

hotspot/gc

-XX:+UseLargePages has no effect on Windows in this release. It was found that
GDI APIs used by java2d don't support large pages. The JVM detects this problem
and both warns about this and reverts to using small pages. See: https://
support.microsoft.com/en-us/help/4567569/
gdi-apis-may-fail-when-large-pages-or-vad-spanning-is-used

Field Layout Computation Changed (JDK-8237767)

hotspot/runtime

The way that field layout is computed has been changed, with more aggressive
optimizations to avoid unused gaps in instances. These new optimizations can be
disabled by using a new VM option -XX:-UseEmptySlotsInSupers.

For a limited time, it is possible to continue to use the old code to compute
field layout with a new VM option -XX:-UseNewFieldLayout. However, this option
has been deprecated in JDK 15 and the old code will be removed in a future
release.

Enable ShowCodeDetailsInExceptionMessages by default (JDK-8233014)

hotspot/runtime

The default of the flag ShowCodeDetailsInExceptionMessages was changed to
'true'. The helpful NullPointerException messages of JEP 358 are now printed by
default. The messages contain snippets of the code where the
NullPointerException was raised.

App deployers should double check the output of their web applications and
similar usage scenarios. The NullPointerException message could be included in
application error messages or be displayed by other means in the app. This
could give remote attackers valuable hints about a potential vulnerable state
of the software components being used.

An example message is 'Cannot read field "c" because "a.b" is null'. The
attacker knows that field b of a contains null which might be unintended and
offer an opportunity for an attack. For more details of what the message can
contain see the above mentioned JEP 358.

Signature and SignatureSpi Get Parameter Methods May Return null When
Unsupported (JDK-8243424)

security-libs/java.security

Signature.getParameters() and SignatureSpi.engineGetParameters() may return
null if the underlying provider does not support returning the parameters as
AlgorithmParameters. For further details, see the Signature and SignatureSpi
method descriptions.

SunPKCS11 Initialization With NSS When External FIPS Modules Are in Security
Modules Database (JDK-8238555)

security-libs/javax.crypto:pkcs11

The SunPKCS11 security provider can now be initialized with NSS when
FIPS-enabled external modules are configured in the Security Modules Database
(NSSDB). Before this change, when such a library was configured for NSS in
non-FIPS mode, the SunPKCS11 provider would throw a RuntimeException with the
message "FIPS flag set for non-internal module".

This change allows the JDK to work properly with recent NSS releases in GNU/
Linux operating systems when the system-wide FIPS policy is turned on.

Default SSLEngine Should Create in Server Role (JDK-8237474)

security-libs/javax.net.ssl

In JDK 11 and later, javax.net.ssl.SSLEngine by default used client mode when
handshaking. As a result, the set of default enabled protocols may differ to
what is expected. SSLEngine would usually be used in server mode. From this JDK
release onwards, SSLEngine will default to server mode. The
javax.net.ssl.SSLEngine.setUseClientMode​(boolean mode) method may be used to
configure the mode.

(ryoon)