diff --git a/CheckVendor.java b/CheckVendor.java
new file mode 100644
index 0000000000000000000000000000000000000000..e2101cf4bb70b607dbcb50ca2d984da2904cf4bf
--- /dev/null
+++ b/CheckVendor.java
@@ -0,0 +1,57 @@
+/* CheckVendor -- Check the vendor properties match specified values.
+   Copyright (C) 2020 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/**
+ * @test
+ */
+public class CheckVendor {
+
+    public static void main(String[] args) {
+	if (args.length < 3) {
+	    System.err.println("CheckVendor <VENDOR> <VENDOR-URL> <VENDOR-BUG-URL>");
+	    System.exit(1);
+	}
+
+	String vendor = System.getProperty("java.vendor");
+	String expectedVendor = args[0];
+	String vendorURL = System.getProperty("java.vendor.url");
+	String expectedVendorURL = args[1];
+	String vendorBugURL = System.getProperty("java.vendor.url.bug");
+	String expectedVendorBugURL = args[2];
+
+	if (!expectedVendor.equals(vendor)) {
+	    System.err.printf("Invalid vendor %s, expected %s\n",
+			      vendor, expectedVendor);
+	    System.exit(2);
+	}
+
+	if (!expectedVendorURL.equals(vendorURL)) {
+	    System.err.printf("Invalid vendor URL %s, expected %s\n",
+			      vendorURL, expectedVendorURL);
+	    System.exit(3);
+	}
+
+	if (!expectedVendorBugURL.equals(vendorBugURL)) {
+	    System.err.printf("Invalid vendor bug URL%s, expected %s\n",
+			      vendorBugURL, expectedVendorBugURL);
+	    System.exit(4);
+	}
+
+	System.err.printf("Vendor information verified as %s, %s, %s\n",
+			  vendor, vendorURL, vendorBugURL);
+    }
+}
diff --git a/NEWS b/NEWS
index 426a78c50cee1e94065b3768fb95a2388a3f60a4..df6dc0c9deec433e688049d2aafb2f1341885b46 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,1768 @@ Key:
 JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
 CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
 
+New in release OpenJDK 11.0.13 (2021-10-19):
+=============================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk11013
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.13.txt
+
+* Security fixes
+  - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
+  - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
+  - JDK-8263314: Enhance XML Dsig modes
+  - JDK-8265167, CVE-2021-35556: Richer Text Editors
+  - JDK-8265574: Improve handling of sheets
+  - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
+  - JDK-8265776: Improve Stream handling for SSL
+  - JDK-8266097, CVE-2021-35561: Better hashing support
+  - JDK-8266103: Better specified spec values
+  - JDK-8266109: More Resilient Classloading
+  - JDK-8266115: More Manifest Jar Loading
+  - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
+  - JDK-8266689, CVE-2021-35567: More Constrained Delegation
+  - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
+  - JDK-8267712: Better LDAP reference processing
+  - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
+  - JDK-8267735, CVE-2021-35586: Better BMP support
+  - JDK-8268193: Improve requests of certificates
+  - JDK-8268199: Correct certificate requests
+  - JDK-8268205: Enhance DTLS client handshake
+  - JDK-8268506: More Manifest Digests
+  - JDK-8269618, CVE-2021-35603: Better session identification
+  - JDK-8269624: Enhance method selection support
+  - JDK-8270398: Enhance canonicalization
+  - JDK-8270404: Better canonicalization
+* Other changes
+  - JDK-8024368: private methods are allocated vtable indices
+  - JDK-8042902: Test java/net/Inet6Address/serialize/Inet6AddressSerializationTest.java fails intermittently
+  - JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites
+  - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
+  - JDK-8158066: SourceDebugExtensionTest fails to rename file
+  - JDK-8168304: Make all of DependencyContext_test available in product mode
+  - JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java fails intermittently with BindException
+  - JDK-8181313: SA: Remove libthread_db dependency on Linux
+  - JDK-8193214: Incorrect annotations.without.processors warnings with JDK 9
+  - JDK-8194230: jdk/internal/jrtfs/remote/RemoteRuntimeImageTest.java fails with java.lang.NullPointerException
+  - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
+  - JDK-8199931: java/net/MulticastSocket/UnreferencedMulticastSockets.java fails with "incorrect data received"
+  - JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK version changes
+  - JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java failed on Mac 10.13 with zh_CN and zh_TW locales.
+  - JDK-8207316: java/nio/channels/spi/SelectorProvider/inheritedChannel/InheritedChannelTest.java failed
+  - JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64
+  - JDK-8208363: test/jdk/java/lang/Package/PackageFromManifest.java missing module dependencies declaration
+  - JDK-8209380: ARM: cleanup maybe-uninitialized and reorder compiler warnings
+  - JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh to plain java test
+  - JDK-8209772: Refactor shell test java/util/ServiceLoader/basic/basic.sh to java
+  - JDK-8209773: Refactor shell test javax/naming/module/basic.sh to java
+  - JDK-8209832: Refactor jdk/internal/reflect/Reflection/GetCallerClassTest.sh to plain java test
+  - JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh to plain java test
+  - JDK-8210406: Refactor java.util.PluggableLocale:i18n shell tests to plain java tests
+  - JDK-8210407: Refactor java.util.Calendar:i18n shell tests to plain java tests
+  - JDK-8210495: compiler crashes because of illegal signature in otherwise legal code
+  - JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time image layout
+  - JDK-8210802: temp files left by tests in jdk/java/net/httpclient
+  - JDK-8210819: Update the host name in CNameTest.java
+  - JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain java test
+  - JDK-8210934: Move sun/net/www/protocol/http/GetErrorStream.java to OpenJDK
+  - JDK-8210959: JShell fails and exits when statement throws an exception whose message contains a '%'.
+  - JDK-8211055: Provide print to a file (PDF) feature even when printer was not connected
+  - JDK-8211092: test/jdk/sun/net/www/http/HttpClient/MultiThreadTest.java fails intermittently when cleaning up
+  - JDK-8211296: Remove HotSpot deprecation warning suppression for Mac/clang
+  - JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails with cleaning up
+  - JDK-8212040: Compilation error due to wrong usage of NSPrintJobDispositionValue in mac10.12
+  - JDK-8212695: Add explicit timeout to several HTTP Client tests
+  - JDK-8212718: Refactor some annotation processor tests to better use collections
+  - JDK-8213007: Update the link in test/jdk/sun/security/provider/SecureRandom/DrbgCavp.java
+  - JDK-8213137: Remove static initialization of monitor/mutex instances
+  - JDK-8213235: java/nio/channels/SocketChannel/AsyncCloseChannel.java fails with threads that didn't exit
+  - JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests to plain java tests
+  - JDK-8213576: Make test AsyncCloseChannel.java run in othervm
+  - JDK-8213694: Test Timeout.java should run in othervm mode
+  - JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/except/except002 and except003
+  - JDK-8213922: fix ctw stand-alone build
+  - JDK-8214195: Align stdout messages in test/jdk/java/math/BigInteger/PrimitiveConversionTests.java
+  - JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/NonUniqueAliases.java failed with incorrect jtreg tags order
+  - JDK-8214937: sun/security/tools/jarsigner/warnings/NoTimestampTest.java failed due to unexpected expiration date
+  - JDK-8216532: tools/launcher/Test7029048.java fails (Solaris)
+  - JDK-8217825: Verify @AfterTest is used correctly in WebSocket tests
+  - JDK-8218145: block_if_requested is not proper inlined due to size
+  - JDK-8219417: bump jtreg requiredVersion to b14
+  - JDK-8219552: bump jtreg requiredVersion to b14 in test/jdk/sanity/client/
+  - JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails intermittently due to NumberFormatException
+  - JDK-8220445: Support for side by side MSVC Toolset versions
+  - JDK-8221988: add possibility to build with Visual Studio 2019
+  - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
+  - JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use Dependencies::find_unique_concrete_method() for non-virtual methods
+  - JDK-8224853: CDS address sanitizer errors
+  - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
+  - JDK-8225583: Examine the HttpResponse.BodySubscribers for null handling and multiple subscriptions
+  - JDK-8225690: Multiple AttachListener threads can be created
+  - JDK-8225790: Two NestedDialogs tests fail on Ubuntu
+  - JDK-8226319: Add forgotten test/jdk/java/net/httpclient/BodySubscribersTest.java
+  - JDK-8226533: JVMCI: findUniqueConcreteMethod should handle statically bindable methods directly
+  - JDK-8226602: Test convenience reactive primitives from java.net.http with RS TCK
+  - JDK-8226683: Remove review suggestion from fix to 8219804
+  - JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due to "exit code is 134"
+  - JDK-8227766: CheckUnhandledOops is broken in MemAllocator
+  - JDK-8227815: Minimal VM: set_state is not a member of AttachListener
+  - JDK-8230674: Heap dumps should exclude dormant CDS archived objects of unloaded classes
+  - JDK-8230808: Remove Access::equals()
+  - JDK-8230841: Remove oopDesc::equals()
+  - JDK-8231717: Improve performance of charset decoding when charset is always compactable
+  - JDK-8232243: Wrong caret position in JTextPane on Windows with a screen resolution > 100%
+  - JDK-8232782: Shenandoah: streamline post-LRB CAS barrier (aarch64)
+  - JDK-8233790: Forward output from heap dumper to jcmd/jmap
+  - JDK-8233989: Create an IPv4 version of java/net/MulticastSocket/SetLoopbackMode.java
+  - JDK-8234510: Remove file seeking requirement for writing a heap dump
+  - JDK-8235211: serviceability/attach/RemovingUnixDomainSocketTest.java fails with AttachNotSupportedException: Unable to open socket file
+  - JDK-8235216: typo in test filename
+  - JDK-8235866: bump jtreg requiredVersion to 4.2b16
+  - JDK-8236111: narrow allowSmartActionArgs disabling
+  - JDK-8236413: AbstractConnectTimeout should tolerate both NoRouteToHostException and UnresolvedAddressException
+  - JDK-8236671: NullPointerException in JKS keystore
+  - JDK-8238930: problem list compiler/c2/Test8004741.java
+  - JDK-8238943: switch to jtreg 5.0
+  - JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS breaks QuietOption.java test
+  - JDK-8240983: Incorrect copyright header in Apache Santuario 2.1.3 files
+  - JDK-8241336: Some java.net tests failed with NoRouteToHostException on MacOS with special network configuration
+  - JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler
+  - JDK-8241768: git needs .gitattributes
+  - JDK-8242882: opening jar file with large manifest might throw NegativeArraySizeException
+  - JDK-8244973: serviceability/attach/RemovingUnixDomainSocketTest.java fails "stderr was not empty"
+  - JDK-8245134: test/lib/jdk/test/lib/security/KeyStoreUtils.java should allow to specify aliases
+  - JDK-8246261: TCKLocalTime.java failed due to "AssertionError: expected [18:14:22] but found [18:14:23]"
+  - JDK-8246387: switch to jtreg 5.1
+  - JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed allocating blob
+  - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
+  - JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/TextLayout/ArabicDiacriticTest.java can leave frame open
+  - JDK-8248403: AArch64: Remove uses of kernel integer types
+  - JDK-8248414: AArch64: Remove uses of long and unsigned long ints
+  - JDK-8248657: Windows: strengthening in ThreadCritical regarding memory model
+  - JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread
+  - JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC
+  - JDK-8248671: AArch64: Remove unused variables
+  - JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper
+  - JDK-8248816: C1: Fix signature conflict in LIRGenerator::strength_reduce_multiply
+  - JDK-8249095: tools/javac/launcher/SourceLauncherTest.java fails on Windows
+  - JDK-8249548: backward focus traversal gets stuck in button group
+  - JDK-8249773: Upgrade ReceiveISA.java test to be resilient to failure due to stray packets and interference
+  - JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o bug-id
+  - JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses @ignore w/o bug-id
+  - JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses @ignore w/o bug-id
+  - JDK-8250588: Shenandoah: LRB needs to save/restore fp registers for runtime call
+  - JDK-8250824: AArch64: follow up for JDK-8248414
+  - JDK-8251166: Add automated testcases for changes done in JDK-8214112
+  - JDK-8251252: Add automated testcase for fix done in JDK-8214253
+  - JDK-8251254: Add automated test for fix done in JDK-8218472
+  - JDK-8251361: Potential race between Logger configuration and GCs in HttpURLConWithProxy test
+  - JDK-8251549: Update docs on building for Git
+  - JDK-8251945: SIGSEGV in PackageEntry::purge_qualified_exports()
+  - JDK-8252194: Add automated test for fix done in JDK-8218469
+  - JDK-8252648: Shenandoah: name gang tasks consistently
+  - JDK-8252825: Add automated test for fix done in JDK-8218479
+  - JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java fails intermittently with C1
+  - JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially consistent
+  - JDK-8253048: AArch64: When CallLeaf, no need to preserve callee-saved registers in caller
+  - JDK-8253424: Add support for running pre-submit testing using GitHub Actions
+  - JDK-8253631: Remove unimplemented CompileBroker methods after JEP-165
+  - JDK-8253865: Pre-submit testing using GitHub Actions does not detect failures reliably
+  - JDK-8253899: Make IsClassUnloadingEnabled signature match specification
+  - JDK-8254024: Enhance native libs for AWT and Swing to work with GraalVM Native Image
+  - JDK-8254054: Pre-submit testing using GitHub Actions should not use the deprecated set-env command
+  - JDK-8254173: Add Zero, Minimal hotspot targets to submit workflow
+  - JDK-8254175: Build no-pch configuration in debug mode for submit checks
+  - JDK-8254244: Some code emitted by TemplateTable::branch is unused when running TieredCompilation
+  - JDK-8254270: linux 32 bit build doesn't compile libjdwp/log_messages.c
+  - JDK-8254282: Add Linux x86_32 builds to submit workflow
+  - JDK-8254850: Update terminology in java.awt.GridBagLayout source code comments
+  - JDK-8255255: Update Apache Santuario (XML Signature) to version 2.2.1
+  - JDK-8255305: Add Linux x86_32 tier1 to submit workflow
+  - JDK-8255352: Archive important test outputs in submit workflow
+  - JDK-8255373: Submit workflow artifact name is always "test-results_.zip"
+  - JDK-8255452: Doing GC during JVMTI MethodExit event posting breaks return oop
+  - JDK-8255718: Zero: VM should know it runs in interpreter-only mode
+  - JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F on Manjaro Linux
+  - JDK-8255810: Zero: build fails without JVMTI
+  - JDK-8255895: Submit workflow artifacts miss hs_errs/replays due to ZIP include mismatch
+  - JDK-8256127: Add cross-compiled foreign architectures builds to submit workflow
+  - JDK-8256215: Shenandoah: re-organize saving/restoring machine state in assembler code
+  - JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for x86_32 and lower -XX:+UseSSE
+  - JDK-8256277: Github Action build on macOS should define OS and Xcode versions
+  - JDK-8256354: Github Action build on Windows should define OS and MSVC versions
+  - JDK-8256393: Github Actions build on Linux should define OS and GCC versions
+  - JDK-8256414: add optimized build to submit workflow
+  - JDK-8256747: GitHub Actions: decouple the hotspot build-only jobs from Linux x64 testing
+  - JDK-8257056: Submit workflow should apt-get update to avoid package installation errors
+  - JDK-8257148: Remove obsolete code in AWTView.m
+  - JDK-8257497: Update keytool to create AKID from the SKID of the issuing certificate as specified by RFC 5280
+  - JDK-8257620: Do not use objc_msgSend_stret to get macOS version
+  - JDK-8257913: Add more known library locations to simplify Linux cross-compilation
+  - JDK-8258703: Incorrect 512-bit vector registers restore on x86_32
+  - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
+  - JDK-8259535: ECDSA SignatureValue do not always have the specified length
+  - JDK-8259679: GitHub actions should use MSVC 14.28
+  - JDK-8259924: GitHub actions fail on Linux x86_32 with "Could not configure libc6:i386"
+  - JDK-8260460: GitHub actions still fail on Linux x86_32 with "Could not configure libc6:i386"
+  - JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
+  - JDK-8260923: Add more tests for SSLSocket input/output shutdown
+  - JDK-8261072: AArch64: Fix MacroAssembler::get_thread convention
+  - JDK-8261147: C2: Node is wrongly marked as reduction resulting in a wrong execution due to wrong vector instructions
+  - JDK-8261238: NMT should not limit baselining by size threshold
+  - JDK-8261496: Shenandoah: reconsider pacing updates memory ordering
+  - JDK-8261652: Remove some dead comments from os_bsd_x86
+  - JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync with the StackFrameStream
+  - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
+  - JDK-8262017: C2: assert(n != __null) failed: Bad immediate dominator info.
+  - JDK-8262392: Update Mesa 3-D Headers to version 21.0.3
+  - JDK-8262409: sun/security/ssl/SSLSocketImpl/SSLSocketImplThrowsWrongExceptions. SSL test failures caused by java failed with "Server reported the wrong exception"
+  - JDK-8262470: Printed GlyphVector outline with low DPI has bad quality on Windows
+  - JDK-8262862: Harden tests sun/security/x509/URICertStore/ExtensionsWithLDAP.java and krb5/canonicalize/Test.java
+  - JDK-8263136: C4530 was reported from VS 2019 at access bridge
+  - JDK-8263227: C2: inconsistent spilling due to dead nodes in exception block
+  - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
+  - JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X)
+  - JDK-8263432: javac may report an invalid package/class clash on case insensitive filesystems
+  - JDK-8263490: [macos] Crash occurs on JPasswordField with activated InputMethod
+  - JDK-8263531: Remove unused buffer int
+  - JDK-8263667: Avoid running GitHub actions on branches named pr/*
+  - JDK-8263776: [JVMCI] add helper to perform Java upcalls
+  - JDK-8264016: [JVMCI] add some thread local fields for use by JVMCI
+  - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
+  - JDK-8265132: C2 compilation fails with assert "missing precedence edge"
+  - JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after fix for JDK-8264821
+  - JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay description
+  - JDK-8265756: AArch64: initialize memory allocated for locals according to Windows AArch64 stack page growth requirement in template interpreter
+  - JDK-8265761: Font with missed font family name is not properly printed on Windows
+  - JDK-8265773: incorrect jdeps message "jdk8internals" to describe a removed JDK internal API
+  - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
+  - JDK-8266018: Shenandoah: fix an incorrect assert
+  - JDK-8266206: Build failure after JDK-8264752 with older GCCs
+  - JDK-8266248: Compilation failure in PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
+  - JDK-8266288: assert root method not found in witnessed_reabstraction_in_supers is too strong
+  - JDK-8266404: Fatal error report generated with -XX:+CrashOnOutOfMemoryError should not contain suggestion to submit a bug report
+  - JDK-8266480: Implicit null check optimization does not update control of hoisted memory operation
+  - JDK-8266615: C2 incorrectly folds subtype checks involving an interface array
+  - JDK-8266642: Improve ResolvedMethodTable hash function
+  - JDK-8266749: AArch64: Backtracing broken on PAC enabled systems
+  - JDK-8266761: AssertionError in sun.net.httpserver.ServerImpl.responseCompleted
+  - JDK-8266813: Shenandoah: Use shorter instruction sequence for checking if marking in progress
+  - JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due to uninitialized BasicObjectLock::_displaced_header
+  - JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use Metaspace with less classes
+  - JDK-8267396: Avoid recording "pc" in unhandled oops detector for better performance
+  - JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java test failed with assertion
+  - JDK-8267424: CTW: C1 fails with "State must not be null"
+  - JDK-8267459: Pasting Unicode characters into JShell does not work.
+  - JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
+  - JDK-8267666: Add option to jcmd GC.heap_dump to use existing file
+  - JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13
+  - JDK-8267751: (test) jtreg.SkippedException has no serial VersionUID
+  - JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle min_jint correctly
+  - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
+  - JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
+  - JDK-8268261: C2: assert(n != __null) failed: Bad immediate dominator info.
+  - JDK-8268347: C2: nested locks optimization may create unbalanced monitor enter/exit code
+  - JDK-8268360: Missing check for infinite loop during node placement
+  - JDK-8268362: [REDO] C2 crash when compile negative Arrays.copyOf length after loop
+  - JDK-8268366: Incorrect calculation of has_fpu_registers in C1 linear scan
+  - JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to missing null check
+  - JDK-8268417: Add test from JDK-8268360
+  - JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance
+  - JDK-8268617: [11u REDO] - WebSocket over authenticating proxy fails with NPE
+  - JDK-8268620: InfiniteLoopException test may fail on x86 platforms
+  - JDK-8268635: Corrupt oop in ClassLoaderData
+  - JDK-8268699: Shenandoah: Add test for JDK-8268127
+  - JDK-8268771: javadoc -notimestamp option does not work on index.html
+  - JDK-8268775: Password is being converted to String in AccessibleJPasswordField
+  - JDK-8268776: Test `ADatagramSocket.java` missing /othervm from @run tag
+  - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
+  - JDK-8269304: Regression ~5% in 2005 in b27
+  - JDK-8269415: [11u] Remove ea from DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u
+  - JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should be more resilient
+  - JDK-8269529: javax/swing/reliability/HangDuringStaticInitialization.java fails in Windows debug build
+  - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
+  - JDK-8269614: [s390] Interpreter checks wrong bit for slow path instance allocation
+  - JDK-8269650: Optimize gc-locker in [Get|Release]StringCritical for latin string
+  - JDK-8269661: JNI_GetStringCritical does not lock char array
+  - JDK-8269668: [aarch64] java.library.path not including /usr/lib64
+  - JDK-8269763: The JEditorPane is blank after JDK-8265167
+  - JDK-8269795: C2: Out of bounds array load floats above its range check in loop peeling resulting in SEGV
+  - JDK-8269847: JDK-8269594 backport breaks 11u builds
+  - JDK-8269850: Most JDK releases report macOS version 12 as 10.16 instead of 12.0
+  - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
+  - JDK-8269882: stack-use-after-scope in NewObjectA
+  - JDK-8269934: RunThese24H.java failed with EXCEPTION_ACCESS_VIOLATION in java_lang_Thread::get_thread_status
+  - JDK-8270096: Shenandoah: Optimize gc/shenandoah/TestRefprocSanity.java for interpreter mode
+  - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
+  - JDK-8270184: [TESTBUG] Add coverage for jvmci ResolvedJavaType.toJavaName() for lambdas
+  - JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns incorrect type name for lambdas
+  - JDK-8270556: Exclude security/infra/java/security/cert/CertPathValidator/certification/LetsEncryptCA
+  - JDK-8270893: IndexOutOfBoundsException while reading large TIFF file
+  - JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies
+  - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
+  - JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash when clone null CallProjections.fallthrough_ioproj
+  - JDK-8272197: Update 11u GHA workflow with Shenandoah configurations
+  - JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz after JDK-8255790
+  - JDK-8272472: StackGuardPages test doesn't build with glibc 2.34
+  - JDK-8272602: [macos] not all KEY_PRESSED events sent when control modifier is used
+  - JDK-8272628: Problemlist gc/stress/gcbasher/TestGCBasherWithCMS.java for x86_32
+  - JDK-8272700: [macos] Build failure with Xcode 13.0 after JDK-8264848
+  - JDK-8272772: Shenandoah: compiler/c2/aarch64/TestVolatilesShenandoah.java fails in 11u
+  - JDK-8273939: Backport of 8248414 to JDK11 breaks MacroAssembler::adrp
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8271434: Removed IdenTrust Root Certificate
+===============================================
+The following root certificate from IdenTrust has been removed from
+the `cacerts` keystore:
+
+Alias Name: identrustdstx3 [jdk]
+Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
+
+JDK-8261922: Updated keytool to Create AKID From SKID of Issuing Certificate as Specified by RFC 5280
+=====================================================================================================
+The `gencert` command of the `keytool` utility has been updated to
+create AKID from the SKID of the issuing certificate as specified by
+RFC 5280.
+
+security-libs/javax.net.ssl:
+
+JDK-8210799: ChaCha20 and Poly1305 TLS Cipher Suites
+====================================================
+New TLS cipher suites using the `ChaCha20-Poly1305` algorithm have
+been added to JSSE.  These cipher suites are enabled by default.  The
+TLS_CHACHA20_POLY1305_SHA256 cipher suite is available for TLS 1.3.
+The following cipher suites are available for TLS 1.2:
+
+* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+
+Refer to the "Java Secure Socket Extension (JSSE) Reference Guide" for
+details on these new TLS cipher suites.
+
+JDK-8219551: Updated the Default Enabled Cipher Suites Preference
+=================================================================
+The preference of the default enabled cipher suites has been
+changed. The compatibility impact should be minimal. If needed,
+applications can customize the enabled cipher suites and the
+preference. For more details, refer to the SunJSSE provider
+documentation and the JSSE Reference Guide documentation.
+
+New in release OpenJDK 11.0.12 (2021-07-20):
+=============================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk11012
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.12.txt
+
+* Security fixes
+  - JDK-8256157: Improve bytecode assembly
+  - JDK-8256491: Better HTTP transport
+  - JDK-8258432, CVE-2021-2341: Improve file transfers
+  - JDK-8260453: Improve Font Bounding
+  - JDK-8260960: Signs of jarsigner signing
+  - JDK-8260967, CVE-2021-2369: Better jar file validation
+  - JDK-8262380: Enhance XML processing passes
+  - JDK-8262403: Enhanced data transfer
+  - JDK-8262410: Enhanced rules for zones
+  - JDK-8262477: Enhance String Conclusions
+  - JDK-8262967: Improve Zip file support
+  - JDK-8264066, CVE-2021-2388: Enhance compiler validation
+  - JDK-8264079: Improve abstractions
+  - JDK-8264460: Improve NTLM support
+* Other changes
+  - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
+  - JDK-7106851: Test should not use System.exit
+  - JDK-8073446: TimeZone getOffset API does not  return a dst offset between years 2038-2137
+  - JDK-8076190: Customizing the generation of a PKCS12 keystore
+  - JDK-8153005: Upgrade the default PKCS12 encryption/MAC algorithms
+  - JDK-8171303: sun/java2d/pipe/InterpolationQualityTest.java fails on Windows & Linux
+  - JDK-8177068: incomplete classpath causes NPE in Flow
+  - JDK-8185734: [Windows] Structured Exception Catcher missing around gtest execution
+  - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
+  - JDK-8190763: Class cast exception on (CompoundEdit) UndoableEditEvent.getEdit()
+  - JDK-8195841: PNGImageReader.readNullTerminatedString() doesnt check for non-null terminated strings with length equal to maxLen
+  - JDK-8196100: javax/swing/text/JTextComponent/5074573/bug5074573.java fails
+  - JDK-8199646: JShell tests: jdk/jshell/FailOverDirectExecutionControlTest.java failed with java.lang.UnsupportedOperationException
+  - JDK-8206925: Support the certificate_authorities extension
+  - JDK-8207160: ClassReader::adjustMethodParams can potentially return null if the args list is empty
+  - JDK-8207247: AARCH64: Enable Minimal and Client VM builds
+  - JDK-8207404: MulticastSocket tests failing on AIX
+  - JDK-8207779: Method::is_valid_method() compares 'this' with NULL
+  - JDK-8208061: runtime/LoadClass/TestResize.java fails with "Load factor too high" when running in CDS mode.
+  - JDK-8209459: TestSHA512MultiBlockIntrinsics failed on AArch64
+  - JDK-8210443: Migrate Locale matching tests to JDK Repo.
+  - JDK-8213231: ThreadSnapshot::_threadObj can become stale
+  - JDK-8213483: ARM32: runtime/ErrorHandling/ShowRegistersOnAssertTest.java jtreg test fail
+  - JDK-8213725: JShell NullPointerException due to class file with unexpected package
+  - JDK-8213794: ARM32: disable TypeProfiling, CriticalJNINatives, Serviceablity tests for ARM32
+  - JDK-8213845: ARM32: Interpreter doesn't call result handler after native calls
+  - JDK-8214128: ARM32: wrong stack alignment on Deoptimization::unpack_frames
+  - JDK-8214512: ARM32: Jtreg test compiler/c2/Test8062950.java fails on ARM
+  - JDK-8214854: JDWP: Unforseen output truncation in logging
+  - JDK-8214922: Add vectorization support for fmin/fmax
+  - JDK-8215009: GCC 8 compilation error in libjli
+  - JDK-8216184: CDS/appCDS tests failed on Windows due to long path to a classlist file
+  - JDK-8216259: AArch64: Vectorize Adler32 intrinsics
+  - JDK-8216314: SIGILL in CodeHeapState::print_names()
+  - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
+  - JDK-8217465: [REDO] - Optimize CodeHeap Analytics
+  - JDK-8217561: X86: Add floating-point Math.min/max intrinsics
+  - JDK-8217918: C2: -XX:+AggressiveUnboxing is broken
+  - JDK-8218458: [TESTBUG] runtime/NMT/CheckForProperDetailStackTrace.java fails with Expected stack trace missing from output
+  - JDK-8219142: Remove unused JIMAGE_ResourcePath
+  - JDK-8219586: CodeHeap State Analytics processes dead nmethods
+  - JDK-8220074: Clean up GCC 8.3 errors in LittleCMS
+  - JDK-8220407: compiler/intrinsics/math/TestFpMinMaxIntrinsics.java timedout
+  - JDK-8222302: [TESTBUG]test/hotspot/jtreg/compiler/intrinsics/sha/cli/TestUseSHAOptionOnUnsupportedCPU.java fails on any other CPU
+  - JDK-8222412: AARCH64: multiple instructions encoding issues
+  - JDK-8223020: aarch64: expand minI_rReg and maxI_rReg patterns into separate instructions
+  - JDK-8223444: Improve CodeHeap Free Space Management
+  - JDK-8223504: Improve performance of forall loops by better inlining of "iterator()" methods
+  - JDK-8223667: ASAN build broken
+  - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
+  - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
+  - JDK-8225438: javax/net/ssl/TLSCommon/TestSessionLocalPrincipal.java failed with Read timed out
+  - JDK-8225756: [testbug] compiler/loopstripmining/CheckLoopStripMining.java sets too short a SafepointTimeoutDelay
+  - JDK-8226374: Restrict TLS signature schemes and named groups
+  - JDK-8226627: assert(t->singleton()) failed: must be a constant
+  - JDK-8226721: Missing intrinsics for Math.ceil, floor, rint
+  - JDK-8227080: (fs) Files.newInputStream(...).skip(n) is slow
+  - JDK-8227222: vmTestbase/jit/FloatingPoint/gen_math/Loops04/Loops04.java failed XMM register should be 0-15
+  - JDK-8227609: (fs) Files.newInputStream(...).skip(n) should allow skipping beyond file size
+  - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
+  - JDK-8231460: Performance issue (CodeHeap) with large free blocks
+  - JDK-8231713: x86_32 build failures after JDK-8226721 (Missing intrinsics for Math.ceil, floor, rint)
+  - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
+  - JDK-8232084: HotSpot build failed with GCC 9.2.1
+  - JDK-8232591: AArch64: Add missing match rules for smaddl, smsubl and smnegl
+  - JDK-8233185: HttpServer.stop() blocks indefinitely when called on dispatch thread
+  - JDK-8233787: Break cycle in vm_version* includes
+  - JDK-8233948: AArch64: Incorrect mapping between OptoReg and VMReg for high 64 bits of Vector Register
+  - JDK-8234355: Buffer overflow in jcmd GC.class_stats due to too many classes
+  - JDK-8235368: Update BCEL to Version 6.4.1
+  - JDK-8236859: WebSocket over authenticating proxy fails with NPE
+  - JDK-8236992: AArch64: remove redundant load_klass in itable stub
+  - JDK-8237743: test/langtools/jdk/jshell/FailOverExecutionControlTest.java fails No ExecutionControlProvider with name 'nonExistent' and parameter keys: []
+  - JDK-8237804: sun/security/mscapi tests fail with "Key pair not generated, alias <nnnnnn> already exists"
+  - JDK-8238175: CTW: Class.getDeclaredMethods fails with assert(k->is_subclass_of(SystemDictionary::Throwable_klass())) failed: invalid exception class
+  - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
+  - JDK-8238812: assert(false) failed: bad AD file
+  - JDK-8239312: [macos] javax/swing/JFrame/NSTexturedJFrame/NSTexturedJFrame.java
+  - JDK-8239386: handle ContendedPaddingWidth in vm_version_aarch64
+  - JDK-8239536: Can't use `java.util.List` object after importing `java.awt.List`
+  - JDK-8240487: Cleanup whitespace in .cc, .hh, .m, and .mm files
+  - JDK-8240848: ArrayIndexOutOfBoundsException buf for TextCallbackHandler
+  - JDK-8241082: Upgrade IANA Language Subtag Registry data to 03-16-2020 version
+  - JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039 and C2873
+  - JDK-8241101: [s390] jtreg test failure after JDK-8238696: not conformant features string
+  - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
+  - JDK-8241372: Several test failures due to javax.net.ssl.SSLException: Connection reset
+  - JDK-8241475: AArch64: Add missing support for PopCountVI node
+  - JDK-8241829: Cleanup the code for PrinterJob on windows
+  - JDK-8241960: The SHA3 message digests impl of SUN provider are not thread safe after cloned
+  - JDK-8242010: Upgrade IANA Language Subtag Registry to Version 2020-04-01
+  - JDK-8242429: Better implementation for sign extract
+  - JDK-8242557: Add length limit for strings in PNGImageWriter
+  - JDK-8242919: Paste locks up jshell
+  - JDK-8243155: AArch64: Add support for SqrtVF
+  - JDK-8243240: AArch64: Add support for MulVB
+  - JDK-8243452: JFR: Could not create chunk in repository with over 200 recordings
+  - JDK-8243559: Remove root certificates with 1024-bit keys
+  - JDK-8243597: AArch64: Add support for integer vector abs
+  - JDK-8244031: HttpClient should have more tests for HEAD requests
+  - JDK-8244205: HTTP/2 tunnel connections through proxy may be reused regardless of which proxy is selected
+  - JDK-8244847: Linux/PPC: runtime/CompressedOops/CompressedClassPointers: smallHeapTest fails
+  - JDK-8245511: G1 adaptive IHOP does not account for reclamation of humongous objects by young GC
+  - JDK-8246274: G1 old gen allocation tracking is not in a separate class
+  - JDK-8247354: [aarch64] PopFrame causes assert(oopDesc::is_oop(obj)) failed: not an oop
+  - JDK-8247408: IdealGraph bit check expression canonicalization
+  - JDK-8247432: Update IANA Language Subtag Registry to Version 2020-09-29
+  - JDK-8247438: JShell: When FailOverExecutionControlProvider fails the proximal cause is not shown
+  - JDK-8247753: UIManager.getSytemLookAndFeelClassName() returns wrong value on Fedora 32
+  - JDK-8248043: Need to eliminate excessive i2l conversions
+  - JDK-8248411: [aarch64] Insufficient error handling when CodeBuffer is exhausted
+  - JDK-8248568: compiler/c2/TestBit.java failed: test missing from stdout/stderr
+  - JDK-8248870: AARCH64: I2L/L2I conversions can be skipped for masked positive values
+  - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
+  - JDK-8249189: AARCH64: more L2I conversions can be skipped
+  - JDK-8249719: MethodHandle performance suffers from bad ResolvedMethodTable hash function
+  - JDK-8249875: GCC 10 warnings -Wtype-limits with JFR code
+  - JDK-8250635: MethodArityHistogram should use Compile_lock in favour of fancy checks
+  - JDK-8250876: Fix issues with cross-compile on macos
+  - JDK-8251031: Some vmTestbase/nsk/monitoring/RuntimeMXBean tests fail with hostnames starting from digits
+  - JDK-8251525: AARCH64: Faster Math.signum(fp)
+  - JDK-8252259: AArch64: Adjust default value of FLOATPRESSURE
+  - JDK-8252311: AArch64: save two words in itable lookup stub
+  - JDK-8252779: compiler/graalunit/HotspotTest.java failed after 8251525
+  - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
+  - JDK-8253167: ARM32 builds fail after JDK-8247910
+  - JDK-8253572: [windows] CDS archive may fail to open with long file names
+  - JDK-8253923: C2 doesn't always run loop opts for compilations that include loops
+  - JDK-8253948: Memory leak in ImageFileReader
+  - JDK-8254631: Better support ALPN byte wire values in SunJSSE
+  - JDK-8254717: isAssignableFrom checks in KeyFactorySpi.engineGetKeySpec appear to be backwards
+  - JDK-8255086: Update the root locale display names
+  - JDK-8255625: AArch64: Implement Base64.encodeBlock accelerator/intrinsic
+  - JDK-8255763: C2: OSR miscompilation caused by invalid memory instruction placement
+  - JDK-8255992: JFR EventWriter does not use first string from StringPool with id 0
+  - JDK-8256037: [TESTBUG] com/sun/jndi/dns/ConfigTests/PortUnreachable.java fails due to the hard coded threshold is small
+  - JDK-8256244: java/lang/ProcessHandle/PermissionTest.java fails with TestNG 7.1
+  - JDK-8256287: [windows] add loop fuse to map_or_reserve_memory_aligned
+  - JDK-8256523: Streamline Java SHA2 implementation
+  - JDK-8257414: Drag n Drop target area is wrong on high DPI systems
+  - JDK-8257569: Failure observed with JfrVirtualMemory::initialize
+  - JDK-8257574: C2: "failed: parsing found no loops but there are some" assert failure
+  - JDK-8257580: Bump update version for OpenJDK: jdk-11.0.12
+  - JDK-8257604: JNI_ArgumentPusherVaArg leaks valist
+  - JDK-8257621: JFR StringPool misses cached items across consecutive recordings
+  - JDK-8257796: [TESTBUG] TestUseSHA512IntrinsicsOptionOnSupportedCPU.java fails on x86_32
+  - JDK-8257822: C2 crashes with SIGFPE due to a division that floats above its zero check
+  - JDK-8257828: SafeFetch may crash if invoked in non-JavaThreads
+  - JDK-8257853: Remove dependencies on JNF's JNI utility functions in AWT and 2D code
+  - JDK-8257858: [macOS]: Remove JNF dependency from libosxsecurity/KeystoreImpl.m
+  - JDK-8257860: [macOS]: Remove JNF dependency from libosxkrb5/SCDynamicStoreConfig.m
+  - JDK-8257988: Remove JNF dependency from libsaproc/MacosxDebuggerLocal.m
+  - JDK-8258414: OldObjectSample events too expensive
+  - JDK-8258505: [TESTBUG] TestDivZeroWithSplitIf.java fails due to missing UnlockDiagnosticVMOptions
+  - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
+  - JDK-8259061: C2: assert(found) failed: memory-writing node is not placed in its original loop or an ancestor of it
+  - JDK-8259227: C2 crashes with SIGFPE due to a division that floats above its zero check
+  - JDK-8259232: Bad JNI lookup during printing
+  - JDK-8259276: C2: Empty expression stack when reexecuting tableswitch/lookupswitch instructions after deoptimization
+  - JDK-8259343: [macOS] Update JNI error handling in Cocoa code.
+  - JDK-8259585: Accessible actions do not work on mac os x
+  - JDK-8259651: [macOS] Replace JNF_COCOA_ENTER/EXIT macros
+  - JDK-8259662: Don't wrap SocketExceptions into SSLExceptions in SSLSocketImpl
+  - JDK-8259710: Inlining trace leaks memory
+  - JDK-8259729: Missed JNFInstanceOf -> IsInstanceOf conversion
+  - JDK-8259777: Incorrect predication condition generated by ADLC
+  - JDK-8259786: initialize last parameter of getpwuid_r
+  - JDK-8259843: initialize dli_fname array before calling dll_address_to_library_name
+  - JDK-8259869: [macOS] Remove desktop module dependencies on JNF Reference APIs
+  - JDK-8259886: Improve SSL session cache performance and scalability
+  - JDK-8259983: do not use uninitialized expand_ms value in G1CollectedHeap::expand_heap_after_young_collection
+  - JDK-8260030: Improve stringStream buffer handling
+  - JDK-8260236: better init AnnotationCollector _contended_group
+  - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
+  - JDK-8260284: C2: assert(_base == Int) failed: Not an Int
+  - JDK-8260380: Upgrade to LittleCMS 2.12
+  - JDK-8260420: C2 compilation fails with assert(found_sfpt) failed: no node in loop that's not input to safepoint
+  - JDK-8260426: awt debug_mem.c DMem_AllocateBlock might leak memory
+  - JDK-8260432: allocateSpaceForGP in freetypeScaler.c might leak memory
+  - JDK-8260616: Removing remaining JNF dependencies in the java.desktop module
+  - JDK-8260653: Unreachable nodes keep speculative types alive
+  - JDK-8260707: java/lang/instrument/PremainClass/InheritAgent0100.java times out
+  - JDK-8260925: HttpsURLConnection does not work  with other JSSE provider.
+  - JDK-8260926: Trace resource exhausted events unconditionally
+  - JDK-8261020: Wrong format parameter in create_emergency_chunk_path
+  - JDK-8261027: AArch64: Support for LSE atomics C++ HotSpot code
+  - JDK-8261167: print_process_memory_info add a close call after fopen
+  - JDK-8261170: Upgrade to freetype 2.10.4
+  - JDK-8261198: [macOS] Incorrect JNI parameters in number conversion in A11Y code
+  - JDK-8261235: C1 compilation fails with assert(res->vreg_number() == index) failed: conversion check
+  - JDK-8261261: The version extra fields needs to be overridable in jib-profiles.js
+  - JDK-8261262: Kitchensink24HStress.java crashed with EXCEPTION_ACCESS_VIOLATION
+  - JDK-8261354: SIGSEGV at MethodIteratorHost
+  - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
+  - JDK-8261397: try catch Method failing to work when dividing an integer by 0
+  - JDK-8261422: Adjust problematic String.format calls in jdk/internal/util/Preconditions.java outOfBoundsMessage
+  - JDK-8261447: MethodInvocationCounters frequently run into overflow
+  - JDK-8261481: Cannot read Kerberos settings in dynamic store on macOS Big Sur
+  - JDK-8261505: Test test/hotspot/jtreg/gc/parallel/TestDynShrinkHeap.java killed by Linux OOM Killer
+  - JDK-8261601: free memory in early return in Java_sun_nio_ch_sctp_SctpChannelImpl_receive0
+  - JDK-8261649: AArch64: Optimize LSE atomics in C++ code
+  - JDK-8261730: C2 compilation fails with assert(store->find_edge(load) != -1) failed: missing precedence edge
+  - JDK-8261752: Multiple GC test are missing memory requirements
+  - JDK-8261791: (sctp) handleSendFailed in SctpChannelImpl.c potential leaks
+  - JDK-8261812: C2 compilation fails with assert(!had_error) failed: bad dominance
+  - JDK-8261914: IfNode::fold_compares_helper faces non-canonicalized bool when running JRuby JSON workload
+  - JDK-8262093: java/util/concurrent/tck/JSR166TestCase.java failed "assert(false) failed: unexpected node"
+  - JDK-8262110: DST starts from incorrect time in 2038
+  - JDK-8262121: [11u] Redo 8244287: JFR: Methods samples have line number 0
+  - JDK-8262163: Extend settings printout in jcmd VM.metaspace
+  - JDK-8262295: C2: Out-of-Bounds Array Load from Clone Source
+  - JDK-8262298: G1BarrierSetC2::step_over_gc_barrier fails with assert "bad barrier shape"
+  - JDK-8262446: DragAndDrop hangs on Windows
+  - JDK-8262461: handle wcstombsdmp return value correctly in unix awt_InputMethod.c
+  - JDK-8262465: Very long compilation times and high memory consumption in C2 debug builds
+  - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
+  - JDK-8262739: String inflation C2 intrinsic prevents insertion of anti-dependencies
+  - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
+  - JDK-8262837: handle split_USE correctly
+  - JDK-8262900: ToolBasicTest fails to access HTTP server it starts
+  - JDK-8263260: [s390] Support latest hardware (z14 and z15)
+  - JDK-8263311: Watch registry changes for remote printers update instead of polling
+  - JDK-8263361: Incorrect arraycopy stub selected by C2 for SATB collectors
+  - JDK-8263404: RsaPrivateKeySpec is always recognized as RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
+  - JDK-8263425: AArch64: two potential bugs in C1 LIRGenerator::generate_address()
+  - JDK-8263448: CTW: fatal error: meet not symmetric
+  - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
+  - JDK-8263557: Possible NULL dereference in Arena::destruct_contents()
+  - JDK-8263558: Possible NULL dereference in fast path arena free if ZapResourceArea is true
+  - JDK-8263676: AArch64: one potential bug in C1 LIRGenerator::generate_address()
+  - JDK-8263729: [test] divert spurious output away from stream under test in ProcessBuilder Basic test
+  - JDK-8263846: Bad JNI lookup getFocusOwner in accessibility code on Mac OS X
+  - JDK-8264047: Duplicate global variable 'jvm' in libjavajpeg and libawt
+  - JDK-8264096: slowdebug jvm crashes when StrInflatedCopy match rule is not supported
+  - JDK-8264151: ciMethod::ensure_method_data() should return false is loading resulted in empty state
+  - JDK-8264173: [s390] Improve Hardware Feature Detection And Reporting
+  - JDK-8264190: Harden TLS interop tests
+  - JDK-8264223: CodeHeap::verify fails extra_hops assertion in fastdebug test
+  - JDK-8264328: Broken license in javax/swing/JComboBox/8072767/bug8072767.java
+  - JDK-8264360: Loop strip mining verification fails with "should be on the backedge"
+  - JDK-8264626: C1 should be able to inline excluded methods
+  - JDK-8264640: CMS ParScanClosure misses a barrier
+  - JDK-8264786: [macos] All Swing/AWT apps cause Allow Notifications prompt to appear when app is launched
+  - JDK-8264821: DirectIOTest fails on a system with large block size
+  - JDK-8264848: [macos] libjvm.dylib linker warning due to macOS version mismatch
+  - JDK-8264923: PNGImageWriter.write_zTXt throws Exception with a typo
+  - JDK-8264958: C2 compilation fails with assert "n is later than its clone"
+  - JDK-8265099: Revert backport to 11u of 8236859: WebSocket over authenticating proxy fails with NPE
+  - JDK-8265154: vinserti128 operand mix up for KNL platforms
+  - JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
+  - JDK-8265417: Backport of JDK-8249672 breaks Solaris x86 build
+  - JDK-8265421: java/lang/String/StringRepeat.java test is missing a memory requirement
+  - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
+  - JDK-8265537: x86 version string truncated after JDK-8249672 11u backport
+  - JDK-8265666: Enable AIX build platform to make external debug symbols
+  - JDK-8265677: CMS: CardTableBarrierSet::write_ref_array_work() lacks storestore barrier
+  - JDK-8265690: Use the latest Ubuntu base image version in Docker testing
+  - JDK-8265718: Build failure after JDK-8258414 11u backport
+  - JDK-8265750: Fatal error in safepoint.cpp after backport of 8258414
+  - JDK-8265784: [C2] Hoisting of DecodeN leaves MachTemp inputs behind
+  - JDK-8265938: C2's conditional move optimization does not handle top Phi
+  - JDK-8266220: keytool still prompt for store password on a password-less pkcs12 file if -storetype pkcs12 is specified
+  - JDK-8266293: Key protection using PBEWithMD5AndDES fails with "java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long"
+  - JDK-8266713: [AIX] Build failure after 11u backport of JDK-8247753
+  - JDK-8266802: Shenandoah: Round up region size to page size unconditionally
+  - JDK-8266892: avoid maybe-uninitialized gcc warnings on linux s390x
+  - JDK-8266929: Unable to use algorithms from 3p providers
+  - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
+  - JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
+  - JDK-8267599: Revert the change to the default PKCS12 macAlgorithm and macIterationCount props for 11u/8u/7u
+  - JDK-8267641: [11u] 8227609 backport typo
+  - JDK-8267721: Enable sun/security/pkcs11 tests for Amazon Linux 2 AArch64
+  - JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt Authority X3 is retired
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8215293: Customizing PKCS12 keystore Generation
+===================================================
+New system and security properties have been added to enable users to
+customize the generation of PKCS #12 keystores. This includes
+algorithms and parameters for key protection, certificate protection,
+and MacData. The detailed explanation and possible values for these
+properties can be found in the "PKCS12 KeyStore properties" section of
+the `java.security` file.
+
+Also, support for the following SHA-2 based HmacPBE algorithms has
+been added to the SunJCE provider:
+
+* HmacPBESHA224
+* HmacPBESHA256
+* HmacPBESHA384
+* HmacPBESHA512
+* HmacPBESHA512/224
+* HmacPBESHA512/256
+
+JDK-8256902: Removed Root Certificates with 1024-bit Keys
+=========================================================
+The following root certificates with weak 1024-bit RSA public keys
+have been removed from the `cacerts` keystore:
+
+Alias Name: thawtepremiumserverca [jdk]
+Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
+
+Alias Name: verisignclass2g2ca [jdk]
+Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
+
+Alias Name: verisignclass3ca [jdk]
+Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
+
+Alias Name: verisignclass3g2ca [jdk]
+Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
+
+Alias Name: verisigntsaca [jdk]
+Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
+
+JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
+=================================================================
+
+The following root certificate have been removed from the cacerts truststore:
+
+Alias Name: soneraclass2ca
+Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
+
+JDK-8242069: Upgraded the Default PKCS12 Encryption and MAC Algorithms
+======================================================================
+The default encryption and MAC algorithms used in a PKCS #12 keystore
+have been updated. The new algorithms are based on AES-256 and SHA-256
+and are stronger than the old algorithms that were based on RC2,
+DESede, and SHA-1. See the security properties starting with
+`keystore.pkcs12` in the `java.security` file for detailed
+information.
+
+For compatibility, a new system property named
+`keystore.pkcs12.legacy` is defined that will revert the algorithms to
+use the older, weaker algorithms. There is no value defined for this
+property.
+
+security-libs/javax.net.ssl:
+
+JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
+=========================================================================================
+Certain TLS ALPN values couldn't be properly read or written by the
+SunJSSE provider. This is due to the choice of Strings as the API
+interface and the undocumented internal use of the UTF-8 Character Set
+which converts characters larger than U+00007F (7-bit ASCII) into
+multi-byte arrays that may not be expected by a peer.
+
+ALPN values are now represented using the network byte representation
+expected by the peer, which should require no modification for
+standard 7-bit ASCII-based character Strings. However, SunJSSE now
+encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
+characters.  This means applications that used characters above
+U+000007F that were previously encoded using UTF-8 may need to either
+be modified to perform the UTF-8 conversion, or set the Java security
+property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
+
+See the updated guide at
+https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
+for more information.
+
+JDK-8244460: Support for certificate_authorities Extension
+==========================================================
+The "certificate_authorities" extension is an optional extension
+introduced in TLS 1.3. It is used to indicate the certificate
+authorities (CAs) that an endpoint supports and should be used by the
+receiving endpoint to guide certificate selection.
+
+With this JDK release, the "certificate_authorities" extension is
+supported for TLS 1.3 in both the client and the server sides.  This
+extension is always present for client certificate selection, while it
+is optional for server certificate selection.
+
+Applications can enable this extension for server certificate
+selection by setting the `jdk.tls.client.enableCAExtension` system
+property to `true`.  The default value of the property is `false`.
+
+Note that if the client trusts more CAs than the size limit of the
+extension (less than 2^16 bytes), the extension is not enabled.  Also,
+some server implementations do not allow handshake messages to exceed
+2^14 bytes.  Consequently, there may be interoperability issues when
+`jdk.tls.client.enableCAExtension` is set to `true` and the client
+trusts more CAs than the server implementation limit.
+
+New in release OpenJDK 11.0.11 (2021-04-20):
+=============================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk11011
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.11.txt
+
+* Security fixes
+  - JDK-8244473: Contextualize registration for JNDI
+  - JDK-8244543: Enhanced handling of abstract classes
+  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
+  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
+  - JDK-8253799: Make lists of normal filenames
+  - JDK-8257001: Improve Http Client Support
+* Other changes
+  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
+  - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
+  - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
+  - JDK-8168869: jdeps: localized messages don't use proper line breaks
+  - JDK-8180837: SunPKCS11-NSS tests failing with CKR_ATTRIBUTE_READ_ONLY and CKR_MECHANISM_PARAM_INVALID
+  - JDK-8202343: Disable TLS 1.0 and 1.1
+  - JDK-8205992: jhsdb cannot attach to Java processes running in Docker containers
+  - JDK-8209193: Fix aarch64-linux compilation after -Wreorder changes
+  - JDK-8210413: AArch64: Optimize div/rem by constant in C1
+  - JDK-8210578: AArch64: Invalid encoding for fmlsvs instruction
+  - JDK-8211051: jdeps usage of --dot-output doesn't provide valid output for modular jar
+  - JDK-8211057: Gensrc step CompileProperties generates unstable CompilerProperties output
+  - JDK-8211150: G1 Full GC not purging code root memory and hence causing memory leak
+  - JDK-8211825: ModuleLayer.defineModulesWithXXX does not setup delegation when module reads automatic module
+  - JDK-8212043: Add floating-point Math.min/max intrinsics
+  - JDK-8212218: [TESTBUG] runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryErrorInMetaspace.java timed out
+  - JDK-8213116: javax/swing/JComboBox/WindowsComboBoxSize/WindowsComboBoxSizeTest.java fails in Windows
+  - JDK-8213909: jdeps --print-module-deps should report missing dependences
+  - JDK-8214180: Need better granularity for sleeping
+  - JDK-8214223: tools/jdeps/listdeps/ListModuleDeps.java failed due to missing Lib2 file
+  - JDK-8214230: Classes generated by SystemModulesPlugin.java are not reproducable
+  - JDK-8214741: docs/index.html has no title or copyright
+  - JDK-8215687: [Graal] unit test CheckGraalIntrinsics failed after 8212043
+  - JDK-8217848: [Graal] vmTestbase/nsk/jvmti/ResourceExhausted/resexhausted003/TestDescription.java fails
+  - JDK-8218482: sun/security/krb5/auto/ReplayCachePrecise.java failed - no KrbException thrown
+  - JDK-8218550: Add test omitted from JDK-8212043
+  - JDK-8221584: SIGSEGV in os::PlatformEvent::unpark() in JvmtiRawMonitor::raw_exit while posting method exit event
+  - JDK-8221995: AARCH64: problems with CAS instructions encoding
+  - JDK-8222518: Remove unnecessary caching of Parker object in java.lang.Thread
+  - JDK-8222785: aarch64: add necessary masking for immediate shift counts
+  - JDK-8223186: HotSpot compile warnings from GCC 9
+  - JDK-8225773: jdeps --check produces NPE if there are missing module dependences
+  - JDK-8225805: Java Access Bridge does not close the logger
+  - JDK-8226810: Failed to launch JVM because of NullPointerException occured on System.props
+  - JDK-8229396: jdeps ignores multi-release when generate-module-info used on command line
+  - JDK-8229474: Shenandoah: Cleanup CM::update_roots()
+  - JDK-8232225: Rework the fix for JDK-8071483
+  - JDK-8232905: JFR fails with assertion: assert(t->unflushed_size() == 0) failed: invariant
+  - JDK-8233164: C2 fails with assert(phase->C->get_alias_index(t) == phase->C->get_alias_index(t_adr)) failed: correct memory chain
+  - JDK-8233910: java/awt/ColorClass/AlphaColorTest.java is failing intermittently in nightly lnux-x64 system
+  - JDK-8233912: aarch64: minor improvements of atomic operations
+  - JDK-8234508: VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
+  - JDK-8234742: Improve handshake logging
+  - JDK-8234796: Refactor Handshake::execute to take a more complex type than ThreadClosure
+  - JDK-8235324: Dying objects are published from users of CollectedHeap::object_iterate
+  - JDK-8235351: Lookup::unreflect should bind with the original caller independent of Method's accessible flag
+  - JDK-8237369: Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test
+  - JDK-8237392: Shenandoah: Remove unreliable assertion
+  - JDK-8237483: AArch64 C1 OopMap inserted twice fatal error
+  - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
+  - JDK-8239355: (dc) Initial value of SO_SNDBUF should allow sending large datagrams (macOS)
+  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
+  - JDK-8240704: CheckHandles.java failed "AssertionError: Handle use increased by more than 10 percent."
+  - JDK-8240751: Shenandoah: fold ShenandoahTracer definition
+  - JDK-8240795: [REDO] 8238384 CTW: C2 compilation fails with "assert(store != load->find_exact_control(load->in(0))) failed: dependence cycle found"
+  - JDK-8241598: Upgrade JLine to 3.14.0
+  - JDK-8241649: Optimize Character.toString
+  - JDK-8241770: Module xxxAnnotation() methods throw NCDFE if module-info.class found as resource in unnamed module
+  - JDK-8241911: AArch64: Fix a potential register clash issue in reduce_add2I
+  - JDK-8242030: Wrong package declarations in jline classes after JDK-8241598
+  - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
+  - JDK-8243618: compiler/rtm/cli tests can be run w/o WhiteBox
+  - JDK-8243670: Unexpected test result caused by C2 MergeMemNode::Ideal
+  - JDK-8244088: [Regression] Switch of Gnome theme ends up in deadlocked UI
+  - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
+  - JDK-8244340: Handshake processing thread lacks yielding
+  - JDK-8244573: java.lang.ArrayIndexOutOfBoundsException thrown for malformed class file
+  - JDK-8244683: A TSA server used by tests
+  - JDK-8245005: javax/net/ssl/compatibility/BasicConnectTest.java failed with No enum constant
+  - JDK-8245026: PsAdaptiveSizePolicy::_old_gen_policy_is_ready is unused
+  - JDK-8245283: JFR: Can't handle constant dynamic used by Jacoco agent
+  - JDK-8245512: CRC32 optimization using AVX512 instructions
+  - JDK-8245527: LDAP Channel Binding support for Java GSS/Kerberos
+  - JDK-8246707: (sc) SocketChannel.read/write throws AsynchronousCloseException on closed channel
+  - JDK-8246709: sun/security/tools/jarsigner/TsacertOptionTest.java compilation failed after JDK-8244683
+  - JDK-8247200: assert((unsigned)fpargs < 32)
+  - JDK-8247766: [aarch64] guarantee(val < (1U << nbits)) failed: Field too big for insn.
+  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
+  - JDK-8248865: Document JNDI/LDAP timeout properties
+  - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
+  - JDK-8249543: Force DirectBufferAllocTest to run with -ExplicitGCInvokesConcurrent
+  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
+  - JDK-8249749: modify a primitive array through a stream and a for cycle causes jre crash
+  - JDK-8249787: Make TestGCLocker more resilient with concurrent GCs
+  - JDK-8249867: xml declaration is not followed by a newline
+  - JDK-8250911: [windows] os::pd_map_memory() error detection broken
+  - JDK-8251255: [linux] Add process-memory information to hs-err and VM.info
+  - JDK-8251359: Shenandoah: filter null oops before calling enqueue/SATB barrier
+  - JDK-8251925: C2: RenaissanceStressTest fails with assert(!had_error): bad dominance
+  - JDK-8251944: Add Shenandoah test config to compiler/gcbarriers/UnsafeIntrinsicsTest.java
+  - JDK-8251992: VM crashed running TestComplexAddrExpr.java test with -XX:UseAVX=X
+  - JDK-8253220: Epsilon: clean up unused code/declarations
+  - JDK-8253274: The CycleDMImagetest brokes the system
+  - JDK-8253353: Crash in C2: guarantee(n != NULL) failed: No Node
+  - JDK-8253368: TLS connection always receives close_notify exception
+  - JDK-8255368: Math.exp() gives wrong result for large values on x86 32-bit platforms
+  - JDK-8255401: Shenandoah: Allow oldval and newval registers to overlap in cmpxchg_oop()
+  - JDK-8253404: C2: assert(C->live_nodes() <= C->max_node_limit()) failed: Live Node limit exceeded limit
+  - JDK-8253409: Double-rounding possibility in float fma
+  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
+  - JDK-8253524: C2: Refactor code that clones predicates during loop unswitching
+  - JDK-8253644: C2: assert(skeleton_predicate_has_opaque(iff)) failed: unexpected
+  - JDK-8253681: closed java/awt/dnd/MouseEventAfterStartDragTest/MouseEventAfterStartDragTest.html test failed
+  - JDK-8253702: BigSur version number reported as 10.16, should be 11.nn
+  - JDK-8253756: C2 CompilerThread0 crash in Node::add_req(Node*)
+  - JDK-8254104: MethodCounters must exist before nmethod is installed
+  - JDK-8254734: "dead loop detected" assert failure with patch from 8223051
+  - JDK-8254748: Bad Copyright header format after JDK-8212218
+  - JDK-8254799: runtime/ErrorHandling/TestHeapDumpOnOutOfMemoryError.java fails with release VMs
+  - JDK-8255058: C1: assert(is_virtual()) failed: type check
+  - JDK-8255351: Add detection for Graviton 2 CPUs
+  - JDK-8255387: Japanese characters were printed upside down on AIX
+  - JDK-8255479: [aarch64] assert(src->section_index_of(target) == CodeBuffer::SECT_NONE) failed: sanity
+  - JDK-8255544: Create a checked cast
+  - JDK-8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()
+  - JDK-8255681: print callstack in error case in runAWTLoopWithApp
+  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
+  - JDK-8255742: PrintInlining as compiler directive doesn't print virtual calls
+  - JDK-8255845: Memory leak in imageFile.cpp
+  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
+  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
+  - JDK-8256025: AArch64: MachCallRuntimeNode::ret_addr_offset() is incorrect for stub calls
+  - JDK-8256056: Deoptimization stub doesn't save vector registers on x86
+  - JDK-8256061: RegisterSaver::save_live_registers() omits upper halves of ZMM0-15 registers
+  - JDK-8256187: [TEST_BUG] Automate bug4275046.java test
+  - JDK-8256220: C1: x86_32 fails with -XX:UseSSE=1 after JDK-8210764 due to mishandled lir_neg
+  - JDK-8256258: some missing NULL checks or asserts after CodeCache::find_blob_unsafe
+  - JDK-8256264: Printed GlyphVector outline with low DPI has bad quality on Windows
+  - JDK-8256290: javac/lambda/T8031967.java fails with StackOverflowError on x86_32
+  - JDK-8256359: AArch64: runtime/ReservedStack/ReservedStackTestCompiler.java fails
+  - JDK-8256387: Unexpected result if patching an entire instruction on AArch64
+  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
+  - JDK-8256488: [aarch64] Use ldpq/stpq instead of ld4/st4 for small copies in StubGenerator::copy_memory
+  - JDK-8256489: Make gtest for long path names on Windows more resilient in the presence of virus scanners
+  - JDK-8256501: libTestMainKeyWindow fails to build with Xcode 12.2
+  - JDK-8256633: Fix product build on Windows+Arm64
+  - JDK-8256682: JDK-8202343 is incomplete
+  - JDK-8256751: Incremental rebuild with precompiled header fails when touching a header file
+  - JDK-8256757: Incorrect MachCallRuntimeNode::ret_addr_offset() for CallLeafNoFP on x86_32
+  - JDK-8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
+  - JDK-8256807: C2: Not marking stores correctly as mismatched in string opts
+  - JDK-8256810: Incremental rebuild broken on Macosx
+  - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
+  - JDK-8256888: Client manual test problem list update
+  - JDK-8257083: Security infra test failures caused by JDK-8202343
+  - JDK-8257408: Bump update version for OpenJDK: jdk-11.0.11
+  - JDK-8257423: [PPC64] Support -XX:-UseInlineCaches
+  - JDK-8257436: [aarch64] Regressions in ArrayCopyUnalignedDst.testByte/testChar for 65-78 bytes when UseSIMDForMemoryOps is on
+  - JDK-8257513: C2: assert((constant_addr - _masm.code()->consts()->start()) == con.offset())
+  - JDK-8257547: Handle multiple prereqs on the same line in deps files
+  - JDK-8257561: Some code is not vectorized after 8251925 and 8250607
+  - JDK-8257565: epsilonBarrierSet.hpp should not include barrierSetAssembler
+  - JDK-8257575: C2: "failed: only phis" assert failure in loop strip mining verification
+  - JDK-8257594: C2 compiled checkcast of non-null object triggers endless deoptimization/recompilation cycle
+  - JDK-8257633: Missing -mmacosx-version-min=X flag when linking libjvm
+  - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
+  - JDK-8257707: Fix incorrect format string in Http1HeaderParser
+  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
+  - JDK-8257798: [PPC64] undefined reference to Klass::vtable_start_offset()
+  - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
+  - JDK-8257910: [JVMCI] Set exception_seen accordingly in the runtime.
+  - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
+  - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
+  - JDK-8258077: Using -Xcheck:jni can lead to a double-free after JDK-8193234
+  - JDK-8258247: Couple of issues in fix for JDK-8249906
+  - JDK-8258373: Update the text handling in the JPasswordField
+  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
+  - JDK-8258419: RSA cipher buffer cleanup
+  - JDK-8258471: "search codecache" clhsdb command does not work
+  - JDK-8258534: Epsilon: clean up unused includes
+  - JDK-8258805: Japanese characters not entered by mouse click on Windows 10
+  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
+  - JDK-8258836: JNI local refs exceed capacity getDiagnosticCommandInfo
+  - JDK-8258884: [TEST_BUG] Convert applet-based test open/test/jdk/javax/swing/JMenuItem/8031573/bug8031573.java to a regular java test
+  - JDK-8259007: This test printed a blank page
+  - JDK-8259049: Uninitialized variable after JDK-8257513
+  - JDK-8259451: Zero: skip serviceability/sa tests, set vm.hasSA to false
+  - JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
+  - JDK-8259231: Epsilon: improve performance under contention during virtual space expansion
+  - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
+  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will expire in 90 days
+  - JDK-8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
+  - JDK-8259339: AllocateUninitializedArray C2 intrinsic fails with void.class input
+  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
+  - JDK-8259446: runtime/jni/checked/TestCheckedReleaseArrayElements.java fails with stderr not empty
+  - JDK-8259949: x86 32-bit build fails when -fcf-protection is passed in the compiler flags
+  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
+  - JDK-8259633: compiler/graalunit/CoreTest.java fails with NPE after JDK-8244543
+  - JDK-8259706: C2 compilation fails with assert(vtable_index == Method::invalid_vtable_index) failed: correct sentinel value
+  - JDK-8259707: LDAP channel binding does not work with StartTLS extension
+  - JDK-8259773: Incorrect encoding of AVX-512 kmovq instruction
+  - JDK-8259849: Shenandoah: Rename store-val to IU-barrier
+  - JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
+  - JDK-8260029: aarch64: fix typo in verify_oop_array
+  - JDK-8260308: Update LogCompilation junit to 4.13.1
+  - JDK-8260338: Some fields in HaltNode is not cloned
+  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
+  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
+  - JDK-8260378: [TESTBUG] DcmdMBeanTestCheckJni.java reports false positive
+  - JDK-8260497: Shenandoah: Improve SATB flushing
+  - JDK-8260502: [s390] NativeMovRegMem::verify() fails because it's too strict
+  - JDK-8260632: Build failures after JDK-8253353
+  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
+  - JDK-8261022: Fix incorrect result of Math.abs() with char type
+  - JDK-8261089: [TESTBUG] native library of test TestCheckedReleaseCriticalArray.java fails to compile with gcc 4.x
+  - JDK-8261183: Follow on to Make lists of normal filenames
+  - JDK-8261209: isStandalone property: remove dependency on pretty-print
+  - JDK-8261231: Windows IME was disabled after DnD operation
+  - JDK-8261251: Shenandoah: Use object size for full GC humongous compaction
+  - JDK-8261310: PPC64 Zero build fails with 'VMError::controlled_crash(int)::FunctionDescriptor functionDescriptor' has incomplete type and cannot be defined
+  - JDK-8261334: NMT: tuning statistic shows incorrect hash distribution
+  - JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
+  - JDK-8261522: [PPC64] AES intrinsics write beyond the destination array
+  - JDK-8261534: Test sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java fails on platforms where no nsslib artifacts are defined
+  - JDK-8261585: Restore HandleArea used in Deoptimization::uncommon_trap
+  - JDK-8261753: Test java/lang/System/OsVersionTest.java still failing on BigSur patch versions after JDK-8253702
+  - JDK-8261829: Exclude tools/jlink/JLinkReproducibleTest.java in 11u
+  - JDK-8261912: Code IfNode::fold_compares_helper more defensively
+  - JDK-8261920: [AIX] jshell command throws java.io.IOError on non English locales
+  - JDK-8262018: Wrong format in SAP copyright header of OsVersionTest
+  - JDK-8263069: Exclude some failing tests from security/infra/java/security/cert/CertPathValidator
+
+Notes on individual issues:
+===========================
+
+core-libs/javax.naming:
+
+JDK-8258824: LDAP Channel Binding Support for Java GSS/Kerberos
+===============================================================
+A new JNDI environment property "com.sun.jndi.ldap.tls.cbtype" has
+been added to enable TLS Channel Binding data in LDAP authentication
+over SSL/TLS protocol to the Windows AD server.  The only valid value
+at present is "tls-server-end-point", where channel binding data is
+created on the base of the TLS server certificate. See RFC-5929 [0]
+and the module description of the `java.naming` module for further
+details.
+
+[0] RFC-5929 "Channel Bindings for TLS": https://www.ietf.org/rfc/rfc5929.txt
+
+security-libs/java.security:
+
+JDK-8260597: Added 2 HARICA Root CA Certificates
+================================================
+The following root certificates have been added to the cacerts truststore:
+
+Alias Name: haricarootca2015
+Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+
+Alias Name: haricaeccrootca2015
+Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
+
+security-libs/javax.net.ssl:
+
+JDK-8256490: Disable TLS 1.0 and 1.1
+====================================
+TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
+considered secure and have been superseded by more secure and modern
+versions (TLS 1.2 and 1.3).
+
+These versions have now been disabled by default. If you encounter
+issues, you can, at your own risk, re-enable the versions by removing
+"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
+security property in the `java.security` configuration file.
+
+tools:
+
+JDK-8214213: jdeps --print-module-deps Reports Transitive Dependencies
+======================================================================
+`jdeps --print-module-deps`, `--list-deps`, and `--list-reduce-deps`
+options have been enhanced as follows.
+
+1. By default, they perform transitive module dependence analysis on
+libraries on the class path and module path, both directly and
+indirectly, as required by the given input JAR files or
+classes. Previously, they only reported the modules required by the
+given input JAR files or classes.  The `--no-recursive` option can be
+used to request non-transitive dependence analysis.
+
+2. By default, they flag any missing dependency, i.e. not found from
+class path and module path, as an error.  The `--ignore-missing-deps`
+option can be used to suppress missing dependence errors. Note that a
+custom image is created with the list of modules output by jdeps when
+using the `--ignore-missing-deps` option for a non-modular
+application. Such an application, running on the custom image, might
+fail at runtime when missing dependence errors are suppressed.
+
+xml/jaxp:
+
+JDK-8249867 XML declaration is not followed by a newline
+========================================================
+
+The DOM Load and Save `LSSerializer` does not have an explicit control
+for whether or not the XML Declaration ends with a newline. In this
+release, a JDK implementation specific property
+`http://www.oracle.com/xml/jaxp/properties/isStandalone` and
+corresponding System property `jdk.xml.isStandalone` are added to
+control the addition of a newline and act independently without
+having to set the pretty-print property. This property can be used to
+reverse the incompatible change introduced in Java SE 7 Update 4 with
+an update of Xalan 2.7.1 where a newline is omitted when pretty-print
+is required.
+
+For details, please refer to the bug report and the java.xml module-summary.
+
+Usage:
+
+// to set the property, get an instance of LSSerializer and set it along with pretty-print
+LSSerializer ser = impl.createLSSerializer();
+ser.getDomConfig().setParameter("format-pretty-print", true);
+ser.getDomConfig().setParameter("http://www.oracle.com/xml/jaxp/properties/isStandalone", true);
+
+// to use the System property, set it before initializing a LSSerializer
+System.setProperty("jdk.xml.isStandalone", “true”);
+
+// to clear the property, place the line anywhere after the LSSerializer is initialized
+System.clearProperty("jdk.xml.isStandalone");
+
+New in release OpenJDK 11.0.10 (2021-01-19):
+=============================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk11010
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.10.txt
+
+* Security fixes
+  - JDK-8247619: Improve Direct Buffering of Characters
+* Other changes
+  - JDK-6722928: Support SSPI as a native GSS-API provider
+  - JDK-7185258: [macosx] Deadlock in SunToolKit.realSync()
+  - JDK-8152332: [macosx] JFileChooser cannot be serialized on Mac OS X
+  - JDK-8161684: [testconf] Add VerifyOops' testing into compiler tiers
+  - JDK-8171279: Support X25519 and X448 in TLS
+  - JDK-8173361: various crashes in JvmtiExport::post_compiled_method_load
+  - JDK-8173658: JvmtiExport::post_class_unload() is broken for non-JavaThread initiators
+  - JDK-8191006: hsdis disassembler plugin does not compile with binutils 2.29+
+  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
+  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
+  - JDK-8200151: Add 8 JNDI tests to com/sun/jndi/dns/ConfigTests/
+  - JDK-8208279: Add 8 JNDI tests to com/sun/jndi/dns/EnvTests/
+  - JDK-8208483: Add 5 JNDI tests to com/sun/jndi/dns/FactoryTests/
+  - JDK-8208542: Add 4 JNDI tests to com/sun/jndi/dns/ListTests/
+  - JDK-8208665: Amend cross-compilation docs with qemu-debootstrap recipe
+  - JDK-8210088: ProblemList gc/epsilon/TestMemoryMXBeans.java
+  - JDK-8210339: Add 10 JNDI tests to com/sun/jndi/dns/FedTests/
+  - JDK-8211450: UndetVar::dup is not copying the kind field to the duplicated instance
+  - JDK-8212160: JVMTI agent crashes with "assert(_value != 0LL) failed: resolving NULL _value"
+  - JDK-8212226: SurfaceManager throws "Invalid Image variant" for MultiResolutionImage (Windows)
+  - JDK-8213400: Support choosing group name in keytool keypair generation
+  - JDK-8213535: Windows HiDPI html lightweight tooltips are truncated
+  - JDK-8213698: Improve devkit creation and add support for linux/ppc64/ppc64le/s390x
+  - JDK-8214025: assert(t->singleton()) failed: must be a constant when ScavengeRootsInCode < 2
+  - JDK-8214242: compiler/arguments/TestScavengeRootsInCode.java fails because of missing UnlockDiagnosticVMOptions
+  - JDK-8214787: Zero builds fail with "undefined JavaThread::thread_state()"
+  - JDK-8215583: Exclude runtime/handshake/HandshakeWalkSuspendExitTest.java
+  - JDK-8216012: Infinite loop in RSA KeyPairGenerator
+  - JDK-8216324: GetClassMethods is confused by the presence of default methods in super interfaces
+  - JDK-8217429: WebSocket over authenticating proxy fails to send Upgrade headers
+  - JDK-8217976: test/jdk/java/net/httpclient/websocket/WebSocketProxyTest.java fails intermittently
+  - JDK-8218021: Have jarsigner preserve posix permission attributes
+  - JDK-8218287: jshell tool: input behavior unstable after 12-ea+24 on Windows
+  - JDK-8218851: JVM crash in custom classloader stress test, JDK 12 & 13
+  - JDK-8220420: Cleanup c1_LinearScan
+  - JDK-8222072: JVMTI GenerateEvents() sends CompiledMethodLoad events to wrong jvmtiEnv
+  - JDK-8222286: Fix for JDK-8213419 is broken on s390
+  - JDK-8222527: HttpClient doesn't send HOST header when tunelling HTTP/1.1 through http proxy
+  - JDK-8222533: jtreg test jdk/internal/platform/cgroup/TestCgroupMetrics.java fails on SLES12.3 linux ppc64le machine
+  - JDK-8224506: [TESTBUG] TestDockerMemoryMetrics.java fails with exitValue = 137
+  - JDK-8224555: vmTestbase/nsk/jvmti/scenarios/contention/TC02/tc02t001/TestDescription.java failed
+  - JDK-8224650: Add tests to support X25519 and X448 in TLS
+  - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
+  - JDK-8225329: -XX:+PrintBiasedLockingStatistics causes crash during initialization on Windows platforms
+  - JDK-8225687: Newly added sspi.cpp in JDK-6722928 still contains some small errors
+  - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
+  - JDK-8227275: Within native OOM error handling, assertions may hang the process
+  - JDK-8227647: [Graal] Test8009761.java fails due to "RuntimeException: static java.lang.Object compiler.uncommontrap.Test8009761.m3(boolean,boolean) not compiled"
+  - JDK-8229495: SIGILL in C2 generated OSR compilation
+  - JDK-8230910: libsspi_bridge does not build on Windows 32bit
+  - JDK-8232114: JVM crashed at imjpapi.dll in native code
+  - JDK-8234147: Avoid looking up standard charsets in core libraries
+  - JDK-8234393: [macos] printing ignores printer tray
+  - JDK-8234863: Increase default value of MaxInlineLevel
+  - JDK-8235218: Minimal VM is broken after JDK-8173361
+  - JDK-8235456: Minimal VM is broken after JDK-8212160
+  - JDK-8235829: graal crashes with Zombie.java test
+  - JDK-8236124: Minimal VM slowdebug build failed after JDK-8212160
+  - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
+  - JDK-8236944: The legVecZ operand should be limited to zmm0-zmm15 registers
+  - JDK-8237186: Fix typo in copyright header of java/io/Reader/TransferTo.java
+  - JDK-8237499: JFR: Include stack trace in the ThreadStart event
+  - JDK-8237512: AArch64: aarch64TestHook leaks a BufferBlob
+  - JDK-8237524: AArch64: String.compareTo() may return incorrect result
+  - JDK-8237950: C2 compilation fails with "Live Node limit exceeded limit" during ConvI2L::Ideal optimization
+  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
+  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
+  - JDK-8239477: jdk/jfr/jcmd/TestJcmdStartStopDefault.java fails -XX:+VerifyOops with "verify_oop: rsi: broken oop"
+  - JDK-8239497: SEGV in EdgeUtils::field_name_symbol(Edge const&)
+  - JDK-8239886: Minimal VM build fails after JDK-8237499
+  - JDK-8240633: Memory leaks in the implementations of FileChooserUI
+  - JDK-8240690: Race condition between EDT and BasicDirectoryModel.FilesLoader.run0()
+  - JDK-8241234: Unify monitor enter/exit runtime entries.
+  - JDK-8241311: Move some charset mapping tests from closed to open
+  - JDK-8241797: Add some tests to the problem list
+  - JDK-8242029: AArch64: skip G1 array copy pre-barrier if marking not active
+  - JDK-8242335: Additional Tests for RSASSA-PSS
+  - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
+  - JDK-8242614: cleanup duplicated test ldap server in some com/sun/jndi/ldap/ tests
+  - JDK-8242846: Bring back test/jdk/tools/jlink/plugins/OrderResourcesPluginTest.java
+  - JDK-8243114: Implement montgomery{Multiply,Square}intrinsics on Windows
+  - JDK-8243290: Improve diagnostic messages for class verification and redefinition failures
+  - JDK-8243488: Add tests for set/get SendBufferSize and getReceiveBufferSize in DatagramSocket
+  - JDK-8243549: sun/security/ssl/CipherSuite/NamedGroupsWithCipherSuite.java failed with Unsupported signature algorithm: DSA
+  - JDK-8243617: compiler/onSpinWait/TestOnSpinWaitC1.java test uses wrong class
+  - JDK-8243619: compiler/codecache/CheckSegmentedCodeCache.java test misses -version
+  - JDK-8244142: some hotspot/runtime tests don't check exit code of forked JVM
+  - JDK-8244278: Excessive code cache flushes and sweeps
+  - JDK-8244282: test/hotspot/jtreg/compiler/intrinsics/Test8237524.java fails with --illegal-access=deny
+  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
+  - JDK-8244819: hsdis does not compile with binutils 2.34+
+  - JDK-8245051: c1 is broken if it is compiled by gcc without -fno-lifetime-dse
+  - JDK-8245168: jlink should not be treated as a "small" tool
+  - JDK-8245400: Upgrade to LittleCMS 2.11
+  - JDK-8246381: VM crashes with "Current BasicObjectLock* below than low_mark"
+  - JDK-8246434: Threads::print_on_error assumes that the heap has been set up
+  - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
+  - JDK-8247201: Print potential pointer value of readable stack memory in hs_err file
+  - JDK-8247763: assert(outer->outcnt() == 2) failed: 'only phis' failure in LoopNode::verify_strip_mined()
+  - JDK-8247867: Upgrade to freetype 2.10.2
+  - JDK-8248190: Enable Power10 system and implement new byte-reverse instructions
+  - JDK-8248226: TestCloneAccessStressGCM fails with -XX:-ReduceBulkZeroing
+  - JDK-8248347: windows build broken by JDK-8243114
+  - JDK-8248532: Every time I change keyboard language at my MacBook, Java crashes
+  - JDK-8248552: C2 crashes with SIGFPE due to division by zero
+  - JDK-8248596: [TESTBUG] compiler/loopopts/PartialPeelingUnswitch.java times out with Graal enabled
+  - JDK-8248745: Add jarsigner and keytool tests for restricted algorithms
+  - JDK-8248791: sun/util/resources/cldr/TimeZoneNamesTest.java fails with -XX:-ReduceInitialCardMarks -XX:-ReduceBulkZeroing
+  - JDK-8248845: AArch64: stack corruption after spilling vector register
+  - JDK-8249176: Update GlobalSignR6CA test certificates
+  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
+  - JDK-8249192: MonitorInfo stores raw oops across safepoints
+  - JDK-8249602: C2: assert(cnt == _outcnt) failed: no insertions allowed
+  - JDK-8249603: C1: assert(has_error == false) failed: register allocation invalid
+  - JDK-8249605: C2: assert(no_dead_loop) failed: dead loop detected
+  - JDK-8249607: C2: assert(!had_error) failed: bad dominance
+  - JDK-8249608: Vector register used by C2 compiled method corrupted at safepoint
+  - JDK-8249672: Include microcode revision in features_string on x86
+  - JDK-8249748: gtest silently ignores bad jvm arguments
+  - JDK-8249821: Separate libharfbuzz from libfontmanager
+  - JDK-8250598: Hyper-V is detected in spite of running on host OS
+  - JDK-8250605: Linux x86_32 builds fail after JDK-8249821
+  - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
+  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
+  - JDK-8250772: Test com/sun/jndi/ldap/NamingExceptionMessageTest.java fails intermittently with javax.naming.ServiceUnavailableException
+  - JDK-8250825: C2 crashes with assert(field != __null) failed: missing field
+  - JDK-8250894: Provide a configure option to build and run against the platform libharfbuzz
+  - JDK-8250928: JFR: Improve hash algorithm for stack traces
+  - JDK-8250968: Symlinks attributes not preserved when using jarsigner on zip files
+  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
+  - JDK-8251118: BiasedLocking::preserve_marks should not have a HandleMark
+  - JDK-8251189: com/sun/jndi/ldap/LdapDnsProviderTest.java failed due to timeout
+  - JDK-8251257: NMT: jcmd VM.native_memory scale=1 crashes target VM
+  - JDK-8251365: Build failure on AIX after 8250636
+  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
+  - JDK-8251456: [TESTBUG] compiler/vectorization/TestVectorsNotSavedAtSafepoint.java failed OutOfMemoryError
+  - JDK-8251458: Parse::do_lookupswitch fails with "assert(_cnt >= 0) failed"
+  - JDK-8251535: Partial peeling at unsigned test adds incorrect loop exit check
+  - JDK-8251949: ZGC: Set explicit heap size for compiler/gcbarriers tests
+  - JDK-8252090: JFR: StreamWriterHost::write_unbuffered() stucks in an infinite loop OpenJDK (build 13.0.1+9)
+  - JDK-8252415: Bump update version for OpenJDK: jdk-11.0.10
+  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
+  - JDK-8252497: Incorrect numeric currency code for ROL
+  - JDK-8252660: Shenandoah: support manageable SoftMaxHeapSize option
+  - JDK-8252679: Two windows specific FileDIalog tests may fail on some Windows_Server_2016_Standard
+  - JDK-8252696: Loop unswitching may cause out of bound array load to be executed
+  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
+  - JDK-8253219: Epsilon: clean up unnecessary includes
+  - JDK-8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
+  - JDK-8253226: Shenandoah: remove unimplemented ShenandoahStrDedupQueue::verify
+  - JDK-8253269: The CheckCommonColors test should provide more info on failure
+  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
+  - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
+  - JDK-8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
+  - JDK-8253791: Issue with useAppleColor check in CSystemColors.m
+  - JDK-8254016: Test8237524 fails with -XX:-CompactStrings option
+  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
+  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
+  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
+  - JDK-8254177: (tz) Upgrade time-zone data to tzdata2020b
+  - JDK-8254185: Fix Code cache sweeper heuristics for JDK 11
+  - JDK-8254190: [s390] interpreter misses exception check after calling monitorenter
+  - JDK-8254790: SIGSEGV in string_indexof_char and stringL_indexof_char intrinsics
+  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
+  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
+  - JDK-8255050: Add pkcs11/KeyStore/ClientAuth.sh to Problem list
+  - JDK-8255065: Zero: accessor_entry misses the IRIW case
+  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
+  - JDK-8255269: Unsigned overflow in g1Policy.cpp
+  - JDK-8255365: Problem list failing client manual tests
+  - JDK-8255457: Shenandoah: cleanup ShenandoahMarkTask
+  - JDK-8255466: C2 crashes at ciObject::get_oop() const+0x0
+  - JDK-8255550: x86: Assembler::cmpq(Address dst, Register src) encoding is incorrect
+  - JDK-8255603: Memory/Performance regression after JDK-8210985
+  - JDK-8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
+  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
+  - JDK-8256427: Test com/sun/jndi/dns/ConfigTests/PortUnreachable.java does not work on AIX
+  - JDK-8256452: Integrate missing part of JDK-8232370 to 11u
+  - JDK-8256483: [TESTBUG] serviceability/jvmti/GetClassMethods/libOverpassMethods.c fails to compile on gcc 4.4.x
+  - JDK-8256557: libharfbuzz fails to link on gcc 4.4.x due to -Wl,-z,defs
+  - JDK-8256618: Zero: Linux x86_32 build still fails
+  - JDK-8256736: Zero: GTest tests fail with "unsuppported vm variant"
+  - JDK-8256809: Annotation processing causes NPE during flow analysis
+  - JDK-8257181: s390x builds are very noisy with gc-sections messages
+  - JDK-8257242: [macOS] Java app crashes while switching input methods
+  - JDK-8257545: SunJSSE FIPS regression in key exchange after JDK-8171279 11u backport
+  - JDK-8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
+  - JDK-8257701: Shenandoah: objArrayKlass metadata is not marked with chunked arrays
+  - JDK-8258630: Add expiry exception for QuoVadis root certificate
+
+Notes on individual issues:
+===========================
+
+security-libs/java.security:
+
+JDK-8213821: -groupname Option Added to keytool Key Pair Generation
+===================================================================
+A new `-groupname` option has been added to `keytool -genkeypair` so
+that a user can specify a named group when generating a key pair. For
+example, `keytool -genkeypair -keyalg EC -groupname secp384r1` will
+generate an EC key pair by using the `secp384r1` curve. Because there
+might be multiple curves with the same size, using the `-groupname`
+option is preferred over the `-keysize` option.
+
+JDK-8248263: jarsigner Preserves POSIX File Permission and symlink Attributes
+=============================================================================
+When signing a file that contains POSIX file permission or symlink
+attributes, `jarsigner` now preserves these attributes in the newly
+signed file but warns that these attributes are unsigned and not
+protected by the signature. The same warning is printed during the
+`jarsigner -verify` operation for such files.
+
+Note that the `jar` tool does not read/write these attributes. This
+change is more visible to tools like `unzip` where these attributes
+are preserved.
+
+security-libs/javax.net.ssl:
+
+JDK-8225764:  Support for X25519 and X448 in TLS
+================================================
+
+The named elliptic curve groups `x25519` and `x448` are now available
+for JSSE key agreement in TLS versions 1.0 to 1.3, with `x25519` being
+the most preferred of the default enabled named groups.  The default
+ordered list is now:
+
+* x25519
+* secp256r1
+* secp384r1
+* secp521r1
+* x448
+* secp256k1
+* ffdhe2048
+* ffdhe3072
+* ffdhe4096
+* ffdhe6144
+* ffdhe8192
+
+The default list can be overridden using the system property *`jdk.tls.namedGroups`*.
+
+security-libs/org.ietf.jgss:
+
+JDK-8214079: Added a Default Native GSS-API Library on Windows
+==============================================================
+A native GSS-API library has been added to JDK on the Windows
+platform. The library is client-side only and uses the default
+credentials. It will be loaded when the `sun.security.jgss.native`
+system property is set to "true". A user can still load a third-party
+native GSS-API library by setting the system property
+`sun.security.jgss.lib` to its path.
+
+New in release OpenJDK 11.0.9.1 (2020-10-20):
+=============================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk11091
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.1.txt
+
+* Regression fixes
+  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
+
+New in release OpenJDK 11.0.9 (2020-10-20):
+===========================================
+Live versions of these release notes can be found at:
+  * https://bitly.com/openjdk1109
+  * https://builds.shipilev.net/backports-monitor/release-notes-11.0.9.txt
+
+* Security fixes
+  - JDK-8233624: Enhance JNI linkage
+  - JDK-8236196: Improve string pooling
+  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
+  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
+  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
+  - JDK-8240124: Better VM Interning
+  - JDK-8241114, CVE-2020-14792: Better range handling
+  - JDK-8242680, CVE-2020-14796: Improved URI Support
+  - JDK-8242685, CVE-2020-14797: Better Path Validation
+  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
+  - JDK-8243302: Advanced class supports
+  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
+  - JDK-8244479: Further constrain certificates
+  - JDK-8244955: Additional Fix for JDK-8240124
+  - JDK-8245407: Enhance zoning of times
+  - JDK-8245412: Better class definitions
+  - JDK-8245417: Improve certificate chain handling
+  - JDK-8248574: Improve jpeg processing
+  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
+  - JDK-8253019: Enhanced JPEG decoding
+* Other changes
+  - JDK-6532025: GIF reader throws misleading exception with truncated images
+  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
+  - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
+  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
+  - JDK-8067354: com/sun/jdi/GetLocalVariables4Test.sh failed
+  - JDK-8134599: TEST_BUG: java/rmi/transport/closeServerSocket/CloseServerSocket.java fails intermittently with Address already in use
+  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
+  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
+  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
+  - JDK-8193367: Annotated type variable bounds crash javac
+  - JDK-8202117: com/sun/jndi/ldap/RemoveNamingListenerTest.java fails intermittently: Connection reset
+  - JDK-8203026: java.rmi.NoSuchObjectException: no such object in table
+  - JDK-8203281: [Windows] JComboBox change in ui when editor.setBorder() is called
+  - JDK-8203382: Rename SystemDictionary::initialize_wk_klass to resolve_wk_klass
+  - JDK-8203393: com/sun/jdi/JdbMethodExitTest.sh and JdbExprTest.sh fail due to timeout
+  - JDK-8203928: [Test] Convert non-JDB scaffolding serviceability shell script tests to java
+  - JDK-8204963: javax.swing.border.TitledBorder has a memory leak
+  - JDK-8204994: SA might fail to attach to process with "Windbg Error: WaitForEvent failed"
+  - JDK-8205534: Remove SymbolTable dependency from serviceability agent
+  - JDK-8206309: Tier1 SA tests fail
+  - JDK-8208281: java/nio/channels/AsynchronousSocketChannel/Basic.java timed out
+  - JDK-8209109: [TEST] rewrite com/sun/jdi shell tests to java version - step1
+  - JDK-8209332: [TEST] test/jdk/com/sun/jdi/CatchPatternTest.sh is incorrect
+  - JDK-8209342: Problemlist SA tests on Solaris due to Error attaching to process: Can't create thread_db agent!
+  - JDK-8209343: Test javax/swing/border/TestTitledBorderLeak.java should be marked as headful
+  - JDK-8209517: com/sun/jdi/BreakpointWithFullGC.java fails with timeout
+  - JDK-8209604: [TEST] rewrite com/sun/jdi shell tests to java version - step2
+  - JDK-8209605: com/sun/jdi/BreakpointWithFullGC.java fails with ZGC
+  - JDK-8209608: Problem list com/sun/jdi/BreakpointWithFullGC.java
+  - JDK-8210131: vmTestbase/nsk/jvmti/scenarios/allocation/AP10/ap10t001/TestDescription.java failed with ObjectFree: GetCurrentThreadCpuTimerInfo returned unexpected error code
+  - JDK-8210243: [TEST] rewrite com/sun/jdi shell tests to java version - step3
+  - JDK-8210527: JShell: NullPointerException in jdk.jshell.Eval.translateExceptionStack
+  - JDK-8210560: [TEST] convert com/sun/jdi redefineClass-related tests
+  - JDK-8210725: com/sun/jdi/RedefineClearBreakpoint.java fails with waitForPrompt timed out after 60 seconds
+  - JDK-8210748: [TESTBUG] lib.jdb.Jdb.waitForPrompt() should clarify which output is the pending reply after a timeout
+  - JDK-8210760: [TEST] rewrite com/sun/jdi shell tests to java version - step4
+  - JDK-8210977: jdk/jfr/event/oldobject/TestThreadLocalLeak.java fails to find ThreadLocalObject
+  - JDK-8211292: [TEST] convert com/sun/jdi/DeferredStepTest.sh test
+  - JDK-8211694: JShell: Redeclared variable should be reset
+  - JDK-8212200: assert when shared java.lang.Object is redefined by JVMTI agent
+  - JDK-8212629: [TEST] wrong breakpoint in test/jdk/com/sun/jdi/DeferredStepTest
+  - JDK-8212665: com/sun/jdi/DeferredStepTest.java: jj1 (line 57) - unexpected. lastLine=52, minLine=52, maxLine=55
+  - JDK-8212807: tools/jar/multiRelease/Basic.java times out
+  - JDK-8213182: Minimal VM build failure after JDK-8212200 (assert when shared java.lang.Object is redefined by JVMTI agent)
+  - JDK-8213214: Set -Djava.io.tmpdir= when running tests
+  - JDK-8213275: ReplaceCriticalClasses.java fails with jdk.internal.vm.PostVMInitHook not found
+  - JDK-8213574: Deadlock in string table expansion when dumping lots of CDS classes
+  - JDK-8213703: LambdaConversionException: Invalid receiver type not a subtype of implementation type interface
+  - JDK-8214074: Ghash optimization using AVX instructions
+  - JDK-8214491: Upgrade to JLine 3.9.0
+  - JDK-8214797: TestJmapCoreMetaspace.java timed out
+  - JDK-8215243: JShell tests failing intermitently with \"Problem cleaning up the following threads:\"
+  - JDK-8215244: jdk/jshell/ToolBasicTest.java testHistoryReference failed
+  - JDK-8215354: x86_32 build failures after JDK-8214074 (Ghash optimization using AVX instructions)
+  - JDK-8215438: jshell tool: Ctrl-D causes EOF
+  - JDK-8216021: RunTest.gmk might set concurrency level to 1 on Windows
+  - JDK-8216974: HttpConnection not returned to the pool after 204 response
+  - JDK-8218948: SimpleDateFormat :: format - Zone Names are not reflected correctly during run time
+  - JDK-8219712: code_size2 (defined in stub_routines_x86.hpp) is too small on new Skylake CPUs
+  - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
+  - JDK-8221658: aarch64: add necessary predicate for ubfx patterns
+  - JDK-8221759: Crash when completing \"java.io.File.path\"
+  - JDK-8221918: runtime/SharedArchiveFile/serviceability/ReplaceCriticalClasses.java fails: Shared archive not found
+  - JDK-8222074: Enhance auto vectorization for x86
+  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
+  - JDK-8222769: [TESTBUG] TestJFRNetworkEvents should not rely on hostname command
+  - JDK-8223688: JShell: crash on the instantiation of raw anonymous class
+  - JDK-8223777: In posix_spawn mode, failing to exec() jspawnhelper does not result in an error
+  - JDK-8223940: Private key not supported by chosen signature algorithm
+  - JDK-8224184: jshell got IOException at exiting with AIX
+  - JDK-8224234: compiler/codegen/TestCharVect2.java fails in test_mulc
+  - JDK-8225037: java.net.JarURLConnection::getJarEntry() throws NullPointerException
+  - JDK-8225625: AES Electronic Codebook (ECB) encryption and decryption optimization using AVX512 + VAES instructions
+  - JDK-8226536: Catch OOM from deopt that fails rematerializing objects
+  - JDK-8226575: OperatingSystemMXBean should be made container aware
+  - JDK-8226697: Several tests which need the @key headful keyword are missing it.
+  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
+  - JDK-8227059: sun/security/tools/keytool/DefaultSignatureAlgorithm.java timed out
+  - JDK-8227269: Slow class loading when running with JDWP
+  - JDK-8227595: keytool/fakegen/DefaultSignatureAlgorithm.java fails due to "exitValue = 6"
+  - JDK-8228448: Jconsole can't connect to itself
+  - JDK-8228967: Trust/Key store and SSL context utilities for tests
+  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
+  - JDK-8229815: Upgrade Jline to 3.12.1
+  - JDK-8230000: some httpclients testng tests run zero test
+  - JDK-8230002: javax/xml/jaxp/unittest/transform/SecureProcessingTest.java runs zero test
+  - JDK-8230010: Remove jdk8037819/BasicTest1.java
+  - JDK-8230094: CCE in createXMLEventWriter(Result) over an arbitrary XMLStreamWriter
+  - JDK-8230402: Allocation of compile task fails with assert: "Leaking compilation tasks?"
+  - JDK-8230767: FlightRecorderListener returns null recording
+  - JDK-8230870: (zipfs) Add a ZIP FS test that is similar to test/jdk/java/util/zip/EntryCount64k.java
+  - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
+  - JDK-8231586: enlarge encoding space for OopMapValue offsets
+  - JDK-8231953: Wrong assumption in assertion in oop::register_oop
+  - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
+  - JDK-8232083: Minimal VM is broken after JDK-8231586
+  - JDK-8232161: Align some one-way conversion in MS950 charset with Windows
+  - JDK-8232855: jshell missing word in /help help
+  - JDK-8233027: OopMapSet::all_do does oms.next() twice during iteration
+  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
+  - JDK-8233386: Initialize NULL fields for unused decorations
+  - JDK-8233452: java.math.BigDecimal.sqrt() with RoundingMode.FLOOR results in incorrect result
+  - JDK-8233686: XML transformer uses excessive amount of memory
+  - JDK-8233741: AES Countermode (AES-CTR) optimization using AVX512 + VAES instructions
+  - JDK-8233829: javac cannot find non-ASCII module name under non-UTF8 environment
+  - JDK-8233958: Memory retention due to HttpsURLConnection finalizer that serves no purpose
+  - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
+  - JDK-8234058: runtime/CompressedOops/CompressedClassPointers.java fails with 'Narrow klass base: 0x0000000000000000' missing from stdout/stderr
+  - JDK-8234149: Several regression tests do not dispose Frame at end
+  - JDK-8234347: "Turkey" meta time zone does not generate composed localized names
+  - JDK-8234385: [TESTBUG] java/awt/EventQueue/6980209/bug6980209.java fails in linux nightly
+  - JDK-8234535: Cross compilation fails due to missing CFLAGS for the BUILD_CC
+  - JDK-8234541: C1 emits an empty message when it inlines successfully
+  - JDK-8234687: change javap reporting on unknown attributes
+  - JDK-8236464: SO_LINGER option is ignored by SSLSocket in JDK 11
+  - JDK-8236548: Localized time zone name inconsistency between English and other locales
+  - JDK-8236617: jtreg test containers/docker/TestMemoryAwareness.java fails after 8226575
+  - JDK-8237182: Update copyright header for shenandoah and epsilon files
+  - JDK-8237888: security/infra/java/security/cert/CertPathValidator/certification/LuxTrustCA.java fails when checking validity interval
+  - JDK-8237977: Further update javax/net/ssl/compatibility/Compatibility.java
+  - JDK-8238270: java.net HTTP/2 client does not decrease stream count when receives 204 response
+  - JDK-8238284: [macos] Zero VM build fails due to an obvious typo
+  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
+  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
+  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
+  - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
+  - JDK-8238710: LingeredApp doesn't log stdout/stderr if exits with non-zero code
+  - JDK-8239083: C1 assert(known_holder == NULL || (known_holder->is_instance_klass() && (!known_holder->is_interface() || ((ciInstanceKlass*)known_holder)->has_nonstatic_concrete_methods())), "should be non-static concrete method");
+  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
+  - JDK-8240169: javadoc fails to link to non-modular api docs
+  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
+  - JDK-8240360: NativeLibraryEvent has wrong library name on Linux
+  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
+  - JDK-8241007: Shenandoah: remove ShenandoahCriticalControlThreadPriority support
+  - JDK-8241065: Shenandoah: remove leftover code after JDK-8231086
+  - JDK-8241086: Test runtime/NMT/HugeArenaTracking.java is failing on 32bit Windows
+  - JDK-8241130: com.sun.jndi.ldap.EventSupport.removeDeadNotifier: java.lang.NullPointerException
+  - JDK-8241138: http.nonProxyHosts=* causes StringIndexOutOfBoundsException in DefaultProxySelector
+  - JDK-8241319: WB_GetCodeBlob doesn't have ResourceMark
+  - JDK-8241478: vmTestbase/gc/gctests/Steal/steal001/steal001.java fails with OOME
+  - JDK-8241574: Shenandoah: remove ShenandoahAssertToSpaceClosure
+  - JDK-8241750: x86_32 build failure after JDK-8227269
+  - JDK-8242184: CRL generation error with RSASSA-PSS
+  - JDK-8242283: Can't start JVM when java home path includes non-ASCII character
+  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
+  - JDK-8243029: Rewrite javax/net/ssl/compatibility/Compatibility.java with a flexible interop test framework
+  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
+  - JDK-8243320: Add SSL root certificates to Oracle Root CA program
+  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
+  - JDK-8243389: enhance os::pd_print_cpu_info on linux
+  - JDK-8243453: java --describe-module failed with non-ASCII module name under non-UTF8 environment
+  - JDK-8243470: [macos] bring back O2 opt level for unsafe.cpp
+  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
+  - JDK-8243925: Toolkit#getScreenInsets() returns wrong value on HiDPI screens (Windows)
+  - JDK-8244087: 2020-04-24 public suffix list update
+  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
+  - JDK-8244164: AArch64: jaotc generates incorrect code for compressed OOPs with non-zero heap base
+  - JDK-8244196: adjust output in os_linux
+  - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
+  - JDK-8244287: JFR: Methods samples have line number 0
+  - JDK-8244703: "platform encoding not initialized" exceptions with debugger, JNI
+  - JDK-8244719: CTW: C2 compilation fails with "assert(!VerifyHashTableKeys || _hash_lock == 0) failed: remove node from hash table before modifying it"
+  - JDK-8244729: Shenandoah: remove resolve paths from SBSA::generate_shenandoah_lrb
+  - JDK-8244763: Update --release 8 symbol information after JSR 337 MR3
+  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
+  - JDK-8245151: jarsigner should not raise duplicate warnings on verification
+  - JDK-8245616: Bump update version for OpenJDK: jdk-11.0.9
+  - JDK-8245714: "Bad graph detected in build_loop_late" when loads are pinned on loop limit check uncommon branch
+  - JDK-8245801: StressRecompilation triggers assert "redundunt OSR recompilation detected. memory leak in CodeCache!"
+  - JDK-8245832: JDK build make-static-libs should build all JDK libraries
+  - JDK-8245880: Shenandoah: check class unloading flag early in concurrent code root scan
+  - JDK-8245981: Upgrade to jQuery 3.5.1
+  - JDK-8246027: Minimal fastdebug build broken after JDK-8245801
+  - JDK-8246094: [macos] Sound Recording and playback is not working
+  - JDK-8246153: TestEliminateArrayCopy fails with -XX:+StressReflectiveCode
+  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
+  - JDK-8246196: javax/management/MBeanServer/OldMBeanServerTest fails with AssertionError
+  - JDK-8246203: Segmentation fault in verification due to stack overflow with -XX:+VerifyIterativeGVN
+  - JDK-8246330: Add TLS Tests for Legacy ECDSA curves
+  - JDK-8246453: TestClone crashes with "all collected exceptions must come from the same place"
+  - JDK-8247246: Add explicit ResolvedJavaType.link and expose presence of default methods
+  - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
+  - JDK-8247502: PhaseStringOpts crashes while optimising effectively dead code
+  - JDK-8247615: Initialize the bytes left for the heap sampler
+  - JDK-8247824: CTW: C2 (Shenandoah) compilation fails with SEGV in SBC2Support::pin_and_expand
+  - JDK-8247874: Replacement in VersionProps.java.template not working when --with-vendor-bug-url contains '&'
+  - JDK-8247979: aarch64: missing side effect of killing flags for clearArray_reg_reg
+  - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
+  - JDK-8248219: aarch64: missing memory barrier in fast_storefield and fast_accessfield
+  - JDK-8248348: Regression caused by the update to BCEL 6.0
+  - JDK-8248385: [testbug][11u] Adapt TestInitiExceptions to jtreg 5.1
+  - JDK-8248495: [macos] zerovm is broken due to libffi headers location
+  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
+  - JDK-8248987: AOT's Linker.java seems to eagerly fail-fast on Windows
+  - JDK-8249159: Downport test rework for SSLSocketTemplate from 8224650
+  - JDK-8249215: JFrame::setVisible crashed with -Dfile.encoding=UTF-8 on Japanese Windows.
+  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
+  - JDK-8249255: Build fails if source code in cygwin home dir
+  - JDK-8249277: TestVerifyIterativeGVN.java is failing with timeout in OpenJDK 11
+  - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
+  - JDK-8249560: Shenandoah: Fix racy GC request handling
+  - JDK-8249801: Shenandoah: Clear soft-refs on requested GC cycle
+  - JDK-8249953: Shenandoah: gc/shenandoah/mxbeans tests should account for corner cases
+  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
+  - JDK-8250609: C2 crash in IfNode::fold_compares
+  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
+  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
+  - JDK-8250787: Provider.put no longer registering aliases in FIPS env
+  - JDK-8250826: jhsdb does not work with coredump which comes from Substrate VM
+  - JDK-8250827: Shenandoah: needs to reset/finish StringTable's dead count before/after parallel walk
+  - JDK-8250844: Make sure {type,obj}ArrayOopDesc accessors check the bounds
+  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
+  - JDK-8251354: Shenandoah: Fix jdk/jfr/tool/TestPrintJSON.java test failure
+  - JDK-8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
+  - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
+  - JDK-8251487: Shenandoah: missing detail timing tracking for final mark cleaning phase
+  - JDK-8252120: compiler/oracle/TestCompileCommand.java misspells "occured"
+  - JDK-8252157: JDK-8231209 11u backport breaks jmm binary compatibility
+  - JDK-8252258: [11u] JDK-8242154 changes the default vendor
+  - JDK-8252804: [test] Fix 'ReleaseDeflater.java' test after downport of 8234011
+  - JDK-8253134: JMM_VERSION should remain at 0x20020000 (JDK 10) in JDK 11
+  - JDK-8253283: [11u] Test build/translations/VerifyTranslations.java failing after JDK-8252258
+  - JDK-8253813: Backout JDK-8244287 from 11u: it causes several crashes
+
+Notes on individual issues:
+===========================
+
+core-libs/java.nio.charsets:
+
+JDK-8240196: Modified the MS950 charset Encoder's Conversion Table
+==================================================================
+In this release, some of the one-way byte-to-char mappings have been
+aligned with the preferred mappings provided by the Unicode Consortium
+(https://unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WindowsBestFit/bestfit950.txt).
+
+core-libs/java.util:i18n:
+
+JDK-8238914: Localized Time Zone Name Inconsistency Between English and Other Locales
+=====================================================================================
+English time zone names provided by the CLDR locale provider are now
+correctly synthesized following the CLDR spec, rather than substituted
+from the COMPAT provider. For example, SHORT style names are no longer
+synthesized abbreviations of LONG style names, but instead produce GMT
+offset formats.
+
+core-svc/java.lang.management:
+
+JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
+============================================================================================
+When executing in a container, or other virtualized operating
+environment, the following `OperatingSystemMXBean` methods in this
+release return container specific information, if
+available. Otherwise, they return host specific data:
+
+* getFreePhysicalMemorySize()
+* getTotalPhysicalMemorySize()
+* getFreeSwapSpaceSize()
+* getTotalSwapSpaceSize()
+* getSystemCpuLoad()
+
+security-libs/java.security:
+
+JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
+========================================================================
+The Entrust root certificate has been added to the cacerts truststore:
+
+Alias Name: entrustrootcag4
+Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
+
+JDK-8250860: Added 3 SSL Corporation Root CA Certificates
+=========================================================
+The following root certificates have been added to the cacerts truststore for the SSL Corporation:
+
+Alias Name: sslrootrsaca
+Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
+
+Alias Name: sslrootevrsaca
+Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
+
+Alias Name: sslrooteccca
+Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
+
+JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
+===================================================================================
+Weak named curves are disabled by default by adding them to the
+following `disabledAlgorithms` security properties:
+
+* jdk.tls.disabledAlgorithms
+* jdk.certpath.disabledAlgorithms
+* jdk.jar.disabledAlgorithms
+
+Red Hat has always disabled many of the curves provided by upstream,
+so the only addition in this release is:
+
+* secp256k1
+
+The curves that remain enabled are:
+
+* secp256r1
+* secp384r1
+* secp521r1
+* X25519
+* X448
+
+When large numbers of weak named curves need to be disabled, adding
+individual named curves to each `disabledAlgorithms` property would be
+overwhelming. To relieve this, a new security property,
+`jdk.disabled.namedCurves`, is implemented that can list the named
+curves common to all of the `disabledAlgorithms` properties. To use
+the new property in the `disabledAlgorithms` properties, precede the
+full property name with the keyword `include`.  Users can still add
+individual named curves to `disabledAlgorithms` properties separate
+from this new property.  No other properties can be included in the
+`disabledAlgorithms` properties.
+
+To restore the named curves, remove the `include
+jdk.disabled.namedCurves` either from specific or from all
+`disabledAlgorithms` security properties. To restore one or more
+curves, remove the specific named curve(s) from the
+`jdk.disabled.namedCurves` property.
+
+JDK-8244286: Tools Warn If Weak Algorithms Are Used Before Restricting Them
+===========================================================================
+The `keytool` and `jarsigner` tools have been updated to warn users
+about weak cryptographic algorithms being used before they are
+disabled. In this release, the tools issue warnings for the SHA-1 hash
+algorithm and 1024-bit RSA/DSA keys.
+
+security-libs/javax.net.ssl:
+
+JDK-8242147: New System Properties to Configure the TLS Signature Schemes
+=========================================================================
+Two new system properties have been added to customize the TLS
+signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
+added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
+has been added for the server side.
+
+Each system property contains a comma-separated list of supported
+signature scheme names specifying the signature schemes that could be
+used for the TLS connections.
+
+The names are described in the "Signature Schemes" section of the
+*Java Security Standard Algorithm Names Specification*.
+
+security-libs/javax.security:
+
+JDK-8242059: Support for canonicalize in krb5.conf
+==================================================
+
+The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
+the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
+canonicalization is requested by clients in TGT requests to KDC
+services (AS protocol). Otherwise, and by default, it is not
+requested.
+
+The new default behavior is different from previous releases where
+name canonicalization was always requested by clients in TGT requests
+to KDC services (provided that support for RFC 6806[1] was not
+explicitly disabled with the *sun.security.krb5.disableReferrals*
+system or security properties).
+
+[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
+[1]: https://tools.ietf.org/html/rfc6806
+
+JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
+====================================================================
+Following JDK's update to tzdata2020b, the long-obsolete files
+pacificnew and systemv have been removed. As a result, the
+"US/Pacific-New" zone name declared in the pacificnew data file is no
+longer available for use.
+
+Information regarding the update can be viewed at
+https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
+
 New in release OpenJDK 11.0.8 (2020-07-14):
 ===========================================
 Live versions of these release notes can be found at:
diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index 4b7e55dce2bc77d2424514735fa25a81c5c1fb25..b16fce48bf9f2a08a622c17e3118e08e067436e8 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -11,17 +11,22 @@
 # $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug
 #
 # Only produce a release build on x86_64:
-# $ fedpkg mockbuild --without slowdebug
+# $ rhpkg mockbuild --without slowdebug
 #
 # Only produce a debug build on x86_64:
-# $ fedpkg local --without release
+# $ rhpkg local --without release
 #
 # Enable slowdebug builds by default on relevant arches.
 %bcond_without slowdebug
 # Enable release builds by default on relevant arches.
 %bcond_without release
+# Enable static library builds by default.
+%bcond_without staticlibs
+# Remove build artifacts by default
+%bcond_with artifacts
 
 # Workaround for stripping of debug symbols from static libraries
+%if %{with staticlibs}
 # RHEL 7 doesn't have __brp_strip_static_archive so need to redefine
 # the entire os_install_post macro
 %define __os_install_post    \
@@ -32,6 +37,10 @@
     } \
     %{!?__jar_repack:/usr/lib/rpm/redhat/brp-java-repack-jars} \
 %{nil}
+%global include_staticlibs 1
+%else
+%global include_staticlibs 0
+%endif
 
 # The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
 # This fixes detailed NMT and other tools which need minimal debug info.
@@ -44,14 +53,18 @@
 # See https://github.com/rpm-software-management/rpm/issues/127 to comments at  "pmatilai commented on Aug 18, 2017"
 # (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192)
 %global debug_suffix_unquoted -debug
+%global main_suffix_unquoted -main
+%global staticlibs_suffix_unquoted -staticlibs
 # quoted one for shell operations
 %global debug_suffix "%{debug_suffix_unquoted}"
 %global normal_suffix ""
+%global main_suffix "%{main_suffix_unquoted}"
+%global staticlibs_suffix "%{staticlibs_suffix_unquoted}"
 
 # if you want only debug build but providing java build only normal build but set normalbuild_parameter
-%global debug_warning This package has full debug on. Install only in need and remove asap.
-%global debug_on with full debug on
-%global for_debug for packages with debug on
+%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP.
+%global debug_on unoptimised with full debugging on
+%global for_debug for packages with debugging on and no optimisation
 
 %if %{with release}
 %global include_normal_build 1
@@ -69,14 +82,34 @@
 # we need to distinguish between big and little endian PPC64
 %global ppc64le         ppc64le
 %global ppc64be         ppc64 ppc64p7
+# Set of architectures which support multiple ABIs
 %global multilib_arches %{power64} sparc64 x86_64
-%global jit_arches      %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} s390x
+# Set of architectures for which we build slowdebug builds
+%global debug_arches    %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x
+# Set of architectures with a Just-In-Time (JIT) compiler
+%global jit_arches      %{debug_arches} %{arm}
+# Set of architectures which run a full bootstrap cycle
+%global bootstrap_arches %{jit_arches}
+# Set of architectures which support SystemTap tapsets
+%global systemtap_arches %{jit_arches}
+# Set of architectures with a Ahead-Of-Time (AOT) compiler
 %global aot_arches      x86_64 %{aarch64}
+# Set of architectures which support the serviceability agent
+%global sa_arches       %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm}
+# Set of architectures which support class data sharing
+# As of JDK-8005165 in OpenJDK 10, class sharing is not arch-specific
+# However, it does segfault on the Zero assembler port, so currently JIT only
+%global share_arches    %{jit_arches}
+# Set of architectures for which we build the Shenandoah garbage collector
+%global shenandoah_arches x86_64 %{aarch64}
+# Set of architectures for which we build the Z garbage collector
+%global zgc_arches x86_64
+# Set of architectures for which alt-java has SSB mitigation
+%global ssbd_arches x86_64
 
 # By default, we build a debug build during main build on JIT architectures
 %if %{with slowdebug}
-%ifarch %{jit_arches}
-%ifnarch %{arm}
+%ifarch %{debug_arches}
 %global include_debug_build 1
 %else
 %global include_debug_build 0
@@ -84,15 +117,23 @@
 %else
 %global include_debug_build 0
 %endif
-%else
-%global include_debug_build 0
-%endif
 
-# On x86_64 and AArch64, we use the Shenandoah HotSpot
-%ifarch x86_64 %{aarch64}
+# On certain architectures, we compile the Shenandoah GC
+%ifarch %{shenandoah_arches}
 %global use_shenandoah_hotspot 1
+%global shenandoah_feature shenandoahgc
 %else
 %global use_shenandoah_hotspot 0
+%global shenandoah_feature -shenandoahgc
+%endif
+
+# On certain architectures, we compile the ZGC
+%ifarch %{zgc_arches}
+%global use_zgc_hotspot 1
+%global zgc_feature zgc
+%else
+%global use_zgc_hotspot 0
+%global zgc_feature -zgc
 %endif
 
 %if %{include_debug_build}
@@ -103,24 +144,41 @@
 
 # if you disable both builds, then the build fails
 # Note that the debug build requires the normal build for docs
-%global build_loop  %{build_loop1} %{build_loop2}
+%global build_loop %{build_loop1} %{build_loop2}
 # note: that order: normal_suffix debug_suffix, in case of both enabled
 # is expected in one single case at the end of the build
 %global rev_build_loop  %{build_loop2} %{build_loop1}
 
-%ifarch %{jit_arches}
+%if %{include_staticlibs}
+%global staticlibs_loop %{staticlibs_suffix}
+%else
+%global staticlibs_loop %{nil}
+%endif
+
+%ifarch %{bootstrap_arches}
 %global bootstrap_build 1
 %else
 %global bootstrap_build 1
 %endif
 
-%if %{bootstrap_build}
-%global release_targets bootcycle-images static-libs-image docs-zip
+%if %{include_staticlibs}
+# Extra target for producing the static-libraries. Separate from
+# other targets since this target is configured to use in-tree
+# AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib
+# and possibly others
+%global static_libs_target static-libs-image
 %else
-%global release_targets images docs-zip static-libs-image
+%global static_libs_target %{nil}
 %endif
+
+# RPM JDK builds keep the debug symbols internal, to be later stripped by RPM
+%global debug_symbols internal
+
+# unlike portables,the rpms have to use static_libs_target very dynamically
+%global bootstrap_targets images
+%global release_targets images docs-zip
 # No docs nor bootcycle for debug builds
-%global debug_targets images static-libs-image
+%global debug_targets images
 
 
 # Filter out flags from the optflags macro that cause problems with the OpenJDK build
@@ -204,22 +262,25 @@
 %global stapinstall %{nil}
 %endif
 
-%ifarch %{jit_arches}
+%ifarch %{systemtap_arches}
 %global with_systemtap 1
 %else
 %global with_systemtap 0
 %endif
 
 # New Version-String scheme-style defines
-%global majorver 11
-%global securityver 8
-# buildjdkver is usually same as %%{majorver},
-# but in time of bootstrap of next jdk, it is majorver-1, 
-# and this it is better to change it here, on single place
-%global buildjdkver %{majorver}
+%global featurever 11
+%global interimver 0
+%global updatever 13
+%global patchver 0
+# If you bump featurever, you must bump also vendor_version_string
 # Used via new version scheme. JDK 11 was
 # GA'ed in September 2018 => 18.9
 %global vendor_version_string 18.9
+# buildjdkver is usually same as %%{featurever},
+# but in time of bootstrap of next jdk, it is featurever-1,
+# and this it is better to change it here, on single place
+%global buildjdkver %{featurever}
 # Add LTS designator for RHEL builds
 %if 0%{?rhel}
   %global lts_designator "LTS"
@@ -229,6 +290,26 @@
   %global lts_designator_zip ""
 %endif
 
+# Define vendor information used by OpenJDK
+%global oj_vendor Red Hat, Inc.
+%global oj_vendor_url https://www.redhat.com/
+# Define what url should JVM offer in case of a crash report
+# order may be important, epel may have rhel declared
+%if 0%{?epel}
+%global oj_vendor_bug_url  https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel}
+%else
+%if 0%{?fedora}
+# Does not work for rawhide, keeps the version field empty
+%global oj_vendor_bug_url  https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora}
+%else
+%if 0%{?rhel}
+%global oj_vendor_bug_url  https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name}
+%else
+%global oj_vendor_bug_url  https://bugzilla.redhat.com/enter_bug.cgi
+%endif
+%endif
+%endif
+
 # Define IcedTea version used for SystemTap tapsets and desktop file
 %global icedteaver      3.15.0
 
@@ -236,16 +317,23 @@
 %global origin          openjdk
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
-%global minorver        0
-%global buildver        10
+%global top_level_dir_name_backup %{top_level_dir_name}-backup
+%global buildver        8
 %global rpmrelease      1
 #%%global tagsuffix      %%{nil}
 # priority must be 7 digits in total
 # setting to 1, so debug ones can have 0
-%global priority        00000%{minorver}1
-%global newjavaver      %{majorver}.%{minorver}.%{securityver}
+%global priority 00000%{interimver}1
+%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
+
+# Omit trailing 0 in filenames when the patch version is 0
+%if 0%{?patchver} > 0
+%global filever %{newjavaver}
+%else
+%global filever %{featurever}.%{interimver}.%{updatever}
+%endif
 
-%global javaver         %{majorver}
+%global javaver         %{featurever}
 
 # Define milestone (EA for pre-releases, GA for releases)
 # Release will be (where N is usually a number starting at 1):
@@ -265,13 +353,14 @@
 %endif
 
 # parametrized macros are order-sensitive
-%global compatiblename  java-%{majorver}-%{origin}
+%global compatiblename  java-%{featurever}-%{origin}
 %global fullversion     %{compatiblename}-%{version}-%{release}
 # images directories from upstream build
 %global jdkimage                jdk
 %global static_libs_image       static-libs
 # output dir stub
-%global buildoutputdir() %{expand:openjdk/build%1}
+%define buildoutputdir() %{expand:build/jdk11.build%1}
+%define installoutputdir() %{expand:install/jdk11.install%1}
 # we can copy the javadoc to not arched dir, or make it not noarch
 # javadoc is no longer noarch, as it have aot on only some arches
 %global uniquejavadocdir()    %{expand:%{fullversion}.%{_arch}%1}
@@ -315,13 +404,9 @@ exit 0
 
 
 %define post_headless() %{expand:
-%ifarch %{jit_arches}
-# MetaspaceShared::generate_vtable_methods not implemented for PPC JIT
-%ifnarch %{ppc64le}
-# see https://bugzilla.redhat.com/show_bug.cgi?id=513605
+%ifarch %{share_arches}
 %{jrebindir %%1}/java -Xshare:dump >/dev/null 2>/dev/null
 %endif
-%endif
 
 PRIORITY=%{priority}
 if [ "%1" == %{debug_suffix} ]; then
@@ -414,10 +499,8 @@ alternatives \\
 %endif
   --slave %{_bindir}/jlink jlink %{sdkbindir %%1}/jlink \\
   --slave %{_bindir}/jmod jmod %{sdkbindir %%1}/jmod \\
-%ifarch %{jit_arches}
-%ifnarch s390x
+%ifarch %{sa_arches}
   --slave %{_bindir}/jhsdb jhsdb %{sdkbindir %%1}/jhsdb \\
-%endif
 %endif
   --slave %{_bindir}/jar jar %{sdkbindir %%1}/jar \\
   --slave %{_bindir}/jarsigner jarsigner %{sdkbindir %%1}/jarsigner \\
@@ -610,12 +693,10 @@ exit 0
 %{_jvmdir}/%{sdkdir %%1}/lib/libnio.so
 %{_jvmdir}/%{sdkdir %%1}/lib/libprefs.so
 %{_jvmdir}/%{sdkdir %%1}/lib/librmi.so
-# Zero and S390x don't have SA
-%ifarch %{jit_arches}
-%ifnarch s390x
+# Some architectures don't have the serviceability agent
+%ifarch %{sa_arches}
 %{_jvmdir}/%{sdkdir %%1}/lib/libsaproc.so
 %endif
-%endif
 %{_jvmdir}/%{sdkdir %%1}/lib/libsctp.so
 %{_jvmdir}/%{sdkdir %%1}/lib/libsunec.so
 %{_jvmdir}/%{sdkdir %%1}/lib/libunpack.so
@@ -633,12 +714,8 @@ exit 0
 %{_mandir}/man1/rmiregistry-%{uniquesuffix %%1}.1*
 %{_mandir}/man1/unpack200-%{uniquesuffix %%1}.1*
 %{_jvmdir}/%{sdkdir %%1}/lib/server/
-%{_jvmdir}/%{sdkdir %%1}/lib/client/
-%ifarch %{jit_arches}
-%ifnarch %{power64}
+%ifarch %{share_arches}
 %attr(444, root, root) %ghost %{_jvmdir}/%{sdkdir %%1}/lib/server/classes.jsa
-%attr(444, root, root) %ghost %{_jvmdir}/%{sdkdir %%1}/lib/client/classes.jsa
-%endif
 %endif
 %dir %{_jvmdir}/%{sdkdir %%1}/lib/security
 %{_jvmdir}/%{sdkdir %%1}/lib/security/cacerts
@@ -662,7 +739,7 @@ exit 0
 %config(noreplace) %{_jvmdir}/%{sdkdir %%1}/conf/logging.properties
 %config(noreplace) %{_jvmdir}/%{sdkdir %%1}/conf/security/nss.cfg
 %config(noreplace) %{_jvmdir}/%{sdkdir %%1}/conf/management/jmxremote.access
-# this is conifg template, thus not config-noreplace
+# This is a configuration template and thus not config-noreplace
 %config  %{_jvmdir}/%{sdkdir %%1}/conf/management/jmxremote.password.template
 %config(noreplace) %{_jvmdir}/%{sdkdir %%1}/conf/management/management.properties
 %config(noreplace) %{_jvmdir}/%{sdkdir %%1}/conf/net.properties
@@ -683,12 +760,10 @@ exit 0
 %{_jvmdir}/%{sdkdir %%1}/bin/jdeprscan
 %{_jvmdir}/%{sdkdir %%1}/bin/jfr
 %{_jvmdir}/%{sdkdir %%1}/bin/jimage
-# Zero and S390x don't have SA
-%ifarch %{jit_arches}
-%ifnarch s390x
+# Some architectures don't have the serviceability agent
+%ifarch %{sa_arches}
 %{_jvmdir}/%{sdkdir %%1}/bin/jhsdb
 %endif
-%endif
 %{_jvmdir}/%{sdkdir %%1}/bin/jinfo
 %{_jvmdir}/%{sdkdir %%1}/bin/jlink
 %{_jvmdir}/%{sdkdir %%1}/bin/jmap
@@ -752,32 +827,20 @@ exit 0
 }
 
 %define files_static_libs() %{expand:
-%{_jvmdir}/%{sdkdir %%1}/lib/libj2pkcs11.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libj2pcsc.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libnio.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libprefs.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libjava.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libjli.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libnet.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libjimage.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libjaas.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libfdlibm.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libj2gss.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libsunec.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libjsig.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libextnet.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libverify.a
-%{_jvmdir}/%{sdkdir %%1}/lib/libzip.a
+%dir %{_jvmdir}/%{sdkdir %%1}/lib/static
+%dir %{_jvmdir}/%{sdkdir %%1}/lib/static/linux-%{archinstall}
+%dir %{_jvmdir}/%{sdkdir %%1}/lib/static/linux-%{archinstall}/glibc
+%{_jvmdir}/%{sdkdir %%1}/lib/static/linux-%{archinstall}/glibc/lib*.a
 }
 
 %define files_javadoc() %{expand:
 %doc %{_javadocdir}/%{uniquejavadocdir %%1}
-%license %{buildoutputdir %%1}/images/%{jdkimage}/legal
+%license %{_jvmdir}/%{sdkdir %%1}/legal
 }
 
 %define files_javadoc_zip() %{expand:
 %doc %{_javadocdir}/%{uniquejavadocdir %%1}.zip
-%license %{buildoutputdir %%1}/images/%{jdkimage}/legal
+%license %{_jvmdir}/%{sdkdir %%1}/legal
 }
 
 # not-duplicated requires/provides/obsolate for normal/debug packages
@@ -788,8 +851,10 @@ Requires: xorg-x11-fonts-Type1
 Requires: %{name}-headless%1%{?_isa} = %{epoch}:%{version}-%{release}
 OrderWithRequires: %{name}-headless%1%{?_isa} = %{epoch}:%{version}-%{release}
 # for java-X-openjdk package's desktop binding
-#Recommends: gtk2%{?_isa}
-# rhel7 do not have week depndencies
+# rhel7 do not have weak dependencies
+%if 0%{?rhel} >= 8
+Recommends: gtk3%{?_isa}
+%endif
 
 Provides: java-%{javaver}-%{origin}%1 = %{epoch}:%{version}-%{release}
 
@@ -809,15 +874,19 @@ Requires: ca-certificates
 # Require jpackage-utils for ownership of /usr/lib/jvm/ and macros
 Requires: javapackages-tools
 # Require zone-info data provided by tzdata-java sub-package
-# 2020a required as of JDK-8243541 in 11.0.8+4
-Requires: tzdata-java >= 2020a
+# 2020f required as of JDK-8259048 in October CPU
+Requires: tzdata-java >= 2020f
 # for support of kernel stream control
 # libsctp.so.1 is being `dlopen`ed on demand
+%if 0%{?rhel} >= 8
+Suggests: lksctp-tools%{?_isa}, pcsc-lite-libs%{?_isa}
+%else
 Requires: lksctp-tools%{?_isa}
 # For smartcard support
 # libpcsclite.so & libpcsclite.so.1 are both tried for dlopen
 # and this package provides the latter (see RH910107)
 Requires: pcsc-lite-libs%{?_isa}
+%endif
 # tool to copy jdk's configs - should be Recommends only, but then only dnf/yum enforce it,
 # not rpm transaction and so no configs are persisted when pure rpm -u is run. It may be
 # considered as regression
@@ -946,8 +1015,10 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
 # provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0".
 
 Epoch:   1
-Summary: %{origin_nice} Runtime Environment %{majorver}
+Summary: %{origin_nice} %{featurever} Runtime Environment
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 # HotSpot code is licensed under GPLv2
 # JDK library code is licensed under GPLv2 with the Classpath exception
@@ -969,7 +1040,7 @@ URL:      http://openjdk.java.net/
 
 # to regenerate source0 (jdk) run update_package.sh
 # update_package.sh contains hard-coded repos, revisions, tags, and projects to regenerate the source archives
-Source0: shenandoah-jdk%{majorver}-shenandoah-jdk-%{newjavaver}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz
+Source0: jdk-updates-jdk%{featurever}u-jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}}-4curve.tar.xz
 
 # Use 'icedtea_sync.sh' to update the following
 # They are based on code contained in the IcedTea project (3.x).
@@ -994,6 +1065,9 @@ Source13: TestCryptoLevel.java
 # Ensure ECDSA is working
 Source14: TestECDSA.java
 
+# Ensure vendor settings are correct
+Source15: CheckVendor.java
+
 ############################################
 #
 # RPM/distribution specific patches
@@ -1011,6 +1085,8 @@ Patch2:    rh1648644-java_access_bridge_privileged_security.patch
 Patch3:    rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
 # Follow system wide crypto policy RHBZ#1249083
 Patch4:    pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
+# RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
+Patch600: rh1750419-redhat_alt_java.patch
 
 #############################################
 #
@@ -1024,12 +1100,8 @@ Patch4:    pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
 #
 #############################################
 
-# RH1566890: CVE-2018-3639
-Patch6:    rh1566890-CVE_2018_3639-speculative_store_bypass.patch
 # JDK-8009550, RH910107: Search for libpcsclite.so.1 if libpcsclite.so fails
 Patch7: jdk8009550-rh910107-search_for_versioned_libpcsclite.patch
-# S390 ambiguous log2_intptr call
-Patch8: s390-8214206_fix.patch
 
 #############################################
 #
@@ -1039,19 +1111,13 @@ Patch8: s390-8214206_fix.patch
 
 #############################################
 #
-# Patches appearing in 11.0.9
+# Patches appearing in 11.0.12
 #
 # This section includes patches which are present
 # in the listed OpenJDK 8u release and should be
 # able to be removed once that release is out
 # and used by this RPM.
 #############################################
-# JDK-8227269, RH1826915: Slow class loading when running with JDWP
-Patch11: jdk8227269-rh1826915-slow_class_loading_with_jdwp.patch
-# JDK-8241750, RH1826915: x86_32 build failure after JDK-8227269
-Patch12: jdk8241750-rh1826915-x86-32_8227269_fix.patch
-# JDK-8245714, RH1828845: "Bad graph detected in build_loop_late" when loads are pinned on loop limit check uncommon branch
-Patch13: jdk8245714-rh1828845-build_loop_late_crash.patch
 
 BuildRequires: autoconf
 BuildRequires: automake
@@ -1095,8 +1161,8 @@ BuildRequires: java-%{buildjdkver}-openjdk-devel
 %ifnarch %{jit_arches}
 BuildRequires: libffi-devel
 %endif
-# 2020a required as of JDK-8243541 in 11.0.8+4
-BuildRequires: tzdata-java >= 2020a
+# 2020f required as of JDK-8259048 in October CPU
+BuildRequires: tzdata-java >= 2020f
 # Earlier versions have a bug in tree vectorization on PPC
 BuildRequires: gcc >= 4.8.3-8
 
@@ -1109,202 +1175,237 @@ BuildRequires: systemtap-sdt-devel
 %{java_rpo %{nil}}
 
 %description
-The %{origin_nice} runtime environment.
+The %{origin_nice} %{featurever} runtime environment.
 
 %if %{include_debug_build}
 %package debug
-Summary: %{origin_nice} Runtime Environment %{majorver} %{debug_on}
+Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 %{java_rpo -- %{debug_suffix_unquoted}}
 %description debug
-The %{origin_nice} runtime environment.
+The %{origin_nice} %{featurever} runtime environment.
 %{debug_warning}
 %endif
 
 %if %{include_normal_build}
 %package headless
-Summary: %{origin_nice} Headless Runtime Environment %{majorver}
+Summary: %{origin_nice} %{featurever} Headless Runtime Environment
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 %{java_headless_rpo %{nil}}
 
 %description headless
-The %{origin_nice} runtime environment %{majorver} without audio and video support.
+The %{origin_nice} %{featurever} runtime environment without audio and video support.
 %endif
 
 %if %{include_debug_build}
 %package headless-debug
-Summary: %{origin_nice} Runtime Environment %{debug_on}
+Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 %{java_headless_rpo -- %{debug_suffix_unquoted}}
 
 %description headless-debug
-The %{origin_nice} runtime environment %{majorver} without audio and video support.
+The %{origin_nice} %{featurever} runtime environment without audio and video support.
 %{debug_warning}
 %endif
 
 %if %{include_normal_build}
 %package devel
-Summary: %{origin_nice} Development Environment %{majorver}
+Summary: %{origin_nice} %{featurever} Development Environment
+%if 0%{?rhel} <= 8
 Group:   Development/Tools
+%endif
 
 %{java_devel_rpo %{nil}}
 
 %description devel
-The %{origin_nice} development tools %{majorver}.
+The %{origin_nice} %{featurever} development tools.
 %endif
 
 %if %{include_debug_build}
 %package devel-debug
-Summary: %{origin_nice} Development Environment %{majorver} %{debug_on}
+Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
+%if 0%{?rhel} <= 8
 Group:   Development/Tools
+%endif
 
 %{java_devel_rpo -- %{debug_suffix_unquoted}}
 
 %description devel-debug
-The %{origin_nice} development tools %{majorver}.
+The %{origin_nice} %{featurever} development tools.
 %{debug_warning}
 %endif
 
+%if %{include_staticlibs}
+
 %if %{include_normal_build}
 %package static-libs
-Summary: %{origin_nice} libraries for static linking %{majorver}
+Summary: %{origin_nice} %{featurever} libraries for static linking
 
 %{java_static_libs_rpo %{nil}}
 
 %description static-libs
-The %{origin_nice} libraries for static linking %{majorver}.
+The %{origin_nice} %{featurever} libraries for static linking.
 %endif
 
 %if %{include_debug_build}
 %package static-libs-debug
-Summary: %{origin_nice} libraries for static linking %{majorver} %{debug_on}
+Summary: %{origin_nice} %{featurever} libraries for static linking %{debug_on}
 
 %{java_static_libs_rpo -- %{debug_suffix_unquoted}}
 
 %description static-libs-debug
-The %{origin_nice} libraries for static linking %{majorver}.
+The %{origin_nice} %{featurever} libraries for static linking.
 %{debug_warning}
 %endif
 
+# staticlibs
+%endif
+
 %if %{include_normal_build}
 %package jmods
-Summary: JMods for %{origin_nice} %{majorver}
+Summary: JMods for %{origin_nice} %{featurever}
+%if 0%{?rhel} <= 8
 Group:   Development/Tools
+%endif
 
 %{java_jmods_rpo %{nil}}
 
 %description jmods
-The JMods for %{origin_nice}.
+The JMods for %{origin_nice} %{featurever}.
 %endif
 
 %if %{include_debug_build}
 %package jmods-debug
-Summary: JMods for %{origin_nice} %{majorver} %{debug_on}
+Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
+%if 0%{?rhel} <= 8
 Group:   Development/Tools
+%endif
 
 %{java_jmods_rpo -- %{debug_suffix_unquoted}}
 
 %description jmods-debug
-The JMods for %{origin_nice} %{majorver}.
+The JMods for %{origin_nice} %{featurever}.
 %{debug_warning}
 %endif
 
 %if %{include_normal_build}
 %package demo
-Summary: %{origin_nice} Demos %{majorver}
+Summary: %{origin_nice} %{featurever} Demos
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 %{java_demo_rpo %{nil}}
 
 %description demo
-The %{origin_nice} demos %{majorver}.
+The %{origin_nice} %{featurever} demos.
 %endif
 
 %if %{include_debug_build}
 %package demo-debug
-Summary: %{origin_nice} Demos %{majorver} %{debug_on}
+Summary: %{origin_nice} %{featurever} Demos %{debug_on}
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 %{java_demo_rpo -- %{debug_suffix_unquoted}}
 
 %description demo-debug
-The %{origin_nice} demos %{majorver}.
+The %{origin_nice} %{featurever} demos.
 %{debug_warning}
 %endif
 
 %if %{include_normal_build}
 %package src
-Summary: %{origin_nice} Source Bundle %{majorver}
+Summary: %{origin_nice} %{featurever} Source Bundle
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 %{java_src_rpo %{nil}}
 
 %description src
-The java-%{origin}-src sub-package contains the complete %{origin_nice} %{majorver}
-class library source code for use by IDE indexers and debuggers.
+The %{compatiblename}-src sub-package contains the complete %{origin_nice} %{featurever}
+ class library source code for use by IDE indexers and debuggers.
 %endif
 
 %if %{include_debug_build}
 %package src-debug
-Summary: %{origin_nice} Source Bundle %{majorver} %{for_debug}
+Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
+%if 0%{?rhel} <= 8
 Group:   Development/Languages
+%endif
 
 %{java_src_rpo -- %{debug_suffix_unquoted}}
 
 %description src-debug
-The java-%{origin}-src-debug sub-package contains the complete %{origin_nice} %{majorver}
- class library source code for use by IDE indexers and debuggers. Debugging %{for_debug}.
+The %{compatiblename}-src-debug sub-package contains the complete %{origin_nice} %{featurever}
+ class library source code for use by IDE indexers and debuggers, %{for_debug}.
 %endif
 
 %if %{include_normal_build}
 %package javadoc
-Summary: %{origin_nice} %{majorver} API documentation
+Summary: %{origin_nice} %{featurever} API documentation
+%if 0%{?rhel} <= 8
 Group:   Documentation
+%endif
 Requires: javapackages-tools
 
 %{java_javadoc_rpo %{nil}}
 
 %description javadoc
-The %{origin_nice} %{majorver} API documentation.
+The %{origin_nice} %{featurever} API documentation.
 %endif
 
 %if %{include_normal_build}
 %package javadoc-zip
-Summary: %{origin_nice} %{majorver} API documentation compressed in a single archive
+Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
+%if 0%{?rhel} <= 8
 Group:   Documentation
+%endif
 Requires: javapackages-tools
 
 %{java_javadoc_rpo %{nil}}
 
 %description javadoc-zip
-The %{origin_nice} %{majorver} API documentation compressed in a single archive.
+The %{origin_nice} %{featurever} API documentation compressed in a single archive.
 %endif
 
 %if %{include_debug_build}
 %package javadoc-debug
-Summary: %{origin_nice} %{majorver} API documentation %{for_debug}
+Summary: %{origin_nice} %{featurever} API documentation %{for_debug}
+%if 0%{?rhel} <= 8
 Group:   Documentation
+%endif
 Requires: javapackages-tools
 
 %{java_javadoc_rpo -- %{debug_suffix_unquoted}}
 
 %description javadoc-debug
-The %{origin_nice} %{majorver} API documentation %{for_debug}.
+The %{origin_nice} %{featurever} API documentation %{for_debug}.
 %endif
 
 %if %{include_debug_build}
 %package javadoc-zip-debug
-Summary: %{origin_nice} %{majorver} API documentation compressed in a single archive %{for_debug}
+Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive %{for_debug}
+%if 0%{?rhel} <= 8
 Group:   Documentation
+%endif
 Requires: javapackages-tools
 
 %{java_javadoc_rpo -- %{debug_suffix_unquoted}}
 
 %description javadoc-zip-debug
-The %{origin_nice} %{majorver} API documentation compressed in a single archive %{for_debug}.
+The %{origin_nice} %{featurever} API documentation compressed in a single archive %{for_debug}.
 %endif
 
 %prep
@@ -1345,23 +1446,20 @@ if [ $prioritylength -ne 7 ] ; then
 fi
 
 # OpenJDK patches
+# Remove libraries that are linked by both static and dynamic builds
+sh %{SOURCE12} %{top_level_dir_name}
 
-# Remove libraries that are linked
-sh %{SOURCE12}
+# Patch the JDK
 pushd %{top_level_dir_name}
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
-%patch6 -p1
 %patch7 -p1
-%patch8 -p1
-%patch11 -p1
-%patch12 -p1
-%patch13 -p1
 popd # openjdk
 
 %patch1000
+%patch600
 
 # Extract systemtap tapsets
 %if %{with_systemtap}
@@ -1370,7 +1468,6 @@ tar --strip-components=1 -x -I xz -f %{SOURCE8}
 cp -r tapset tapset%{debug_suffix}
 %endif
 
-
 for suffix in %{build_loop} ; do
   for file in "tapset"$suffix/*.in; do
     OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
@@ -1447,21 +1544,29 @@ EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
 EXTRA_ASFLAGS="${EXTRA_CFLAGS}"
 export EXTRA_CFLAGS EXTRA_ASFLAGS
 
-for suffix in %{build_loop} ; do
-if [ "x$suffix" = "x" ] ; then
-  debugbuild=release
-else
-  # change --something to something and rpeffix as slow
-  debugbuild=`echo slow$suffix  | sed "s/-//g"`
-fi
-
-# Variable used in hs_err hook on build failures
-top_dir_abs_path=$(pwd)/%{top_level_dir_name}
-
-mkdir -p %{buildoutputdir $suffix}
-pushd %{buildoutputdir $suffix}
-
-bash ../configure \
+function buildjdk() {
+    local outputdir=${1}
+    local installdir=${2}
+    local buildjdk=${3}
+    local maketargets="${4}"
+    local debuglevel=${5}
+    local link_opt=${6}
+
+    local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
+    local top_dir_abs_build_path=$(pwd)/${outputdir}
+
+    echo "Using output directory: ${outputdir}";
+    echo "Checking build JDK ${buildjdk} is operational..."
+    ${buildjdk}/bin/java -version
+    echo "Using make targets: ${maketargets}"
+    echo "Using debuglevel: ${debuglevel}"
+    echo "Using link_opt: ${link_opt}"
+    echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
+
+    mkdir -p ${outputdir} ${installdir}
+    pushd ${outputdir}
+
+    bash ${top_dir_abs_src_path}/configure \
 %ifnarch %{jit_arches}
     --with-jvm-variants=zero \
 %endif
@@ -1472,15 +1577,20 @@ bash ../configure \
     --with-version-pre="%{ea_designator}" \
     --with-version-opt=%{lts_designator} \
     --with-vendor-version-string="%{vendor_version_string}" \
-    --with-boot-jdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk \
-    --with-debug-level=$debugbuild \
-    --with-native-debug-symbols=internal \
+    --with-vendor-name="%{oj_vendor}" \
+    --with-vendor-url="%{oj_vendor_url}" \
+    --with-vendor-bug-url="%{oj_vendor_bug_url}" \
+    --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \
+    --with-boot-jdk=${buildjdk} \
+    --with-debug-level=${debuglevel} \
+    --with-native-debug-symbols="%{debug_symbols}" \
     --enable-unlimited-crypto \
     --with-zlib=system \
-    --with-libjpeg=system \
-    --with-giflib=system \
-    --with-libpng=system \
+    --with-libjpeg=${link_opt} \
+    --with-giflib=${link_opt} \
+    --with-libpng=${link_opt} \
     --with-lcms=bundled \
+    --with-harfbuzz=bundled \
     --with-stdc++lib=dynamic \
     --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \
     --with-extra-cflags="$EXTRA_CFLAGS" \
@@ -1488,63 +1598,136 @@ bash ../configure \
     --with-extra-ldflags="%{ourldflags}" \
     --with-num-cores="$NUM_PROC" \
     --disable-javac-server \
-%ifarch x86_64
-    --with-jvm-features=zgc \
-%endif
+    --with-jvm-features="%{shenandoah_feature},%{zgc_feature}" \
     --disable-warnings-as-errors
 
-# Debug builds don't need same targets as release for
-# build speed-up
-maketargets="%{release_targets}"
-if echo $debugbuild | grep -q "debug" ; then
-  maketargets="%{debug_targets}"
-fi
-make \
-    JAVAC_FLAGS=-g \
-    LOG=trace \
-    WARNINGS_ARE_ERRORS="-Wno-error" \
-    CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
-    $maketargets || ( pwd; find $top_dir_abs_path -name "hs_err_pid*.log" | xargs cat && false )
-
-# the build (erroneously) removes read permissions from some jars
-# this is a regression in OpenJDK 7 (our compiler):
-# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
-find images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \;
-
-# Build screws up permissions on binaries
-# https://bugs.openjdk.java.net/browse/JDK-8173610
-find images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
-find images/%{jdkimage}/bin/ -exec chmod +x {} \;
-
-popd >& /dev/null
-
-# Install nss.cfg right away as we will be using the JRE above
-export JAVA_HOME=$(pwd)/%{buildoutputdir $suffix}/images/%{jdkimage}
-
-# Install nss.cfg right away as we will be using the JRE above
-install -m 644 nss.cfg $JAVA_HOME/conf/security/
-
-# Use system-wide tzdata
-rm $JAVA_HOME/lib/tzdb.dat
-ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/lib/tzdb.dat
-
-# Create fake alt-java as a placeholder for future alt-java
-pushd ${JAVA_HOME}
-cp -a bin/java bin/%{alt_java_name}
-# add alt-java man page
-echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
-cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
-popd
+    cat spec.gmk
+
+    make \
+      JAVAC_FLAGS=-g \
+      LOG=trace \
+      WARNINGS_ARE_ERRORS="-Wno-error" \
+      CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
+      $maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
+
+    popd
+
+    echo "Installing build from ${outputdir} to ${installdir}..."
+    echo "Installing images..."
+    mv ${outputdir}/images ${installdir}
+    if [ -d ${outputdir}/bundles ] ; then
+	echo "Installing bundles...";
+	mv ${outputdir}/bundles ${installdir} ;
+    fi
+    if [ -d ${outputdir}/docs ] ; then
+	echo "Installing docs...";
+	mv ${outputdir}/docs ${installdir} ;
+    fi
+
+%if !%{with artifacts}
+    echo "Removing output directory...";
+    rm -rf ${outputdir}
+%endif
+}
+
+function installjdk() {
+    local imagepath=${1}
+
+    # the build (erroneously) removes read permissions from some jars
+    # this is a regression in OpenJDK 7 (our compiler):
+    # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
+    find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
+
+    # Build screws up permissions on binaries
+    # https://bugs.openjdk.java.net/browse/JDK-8173610
+    find ${imagepath} -iname '*.so' -exec chmod +x {} \;
+    find ${imagepath}/bin/ -exec chmod +x {} \;
+
+    # Install nss.cfg right away as we will be using the JRE above
+    install -m 644 nss.cfg ${imagepath}/conf/security/
+
+    # Use system-wide tzdata
+    rm ${imagepath}/lib/tzdb.dat
+    ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
+
+    # Create fake alt-java as a placeholder for future alt-java
+    pushd ${imagepath}
+    # add alt-java man page
+    echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
+    cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
+    popd
+}
+
+for suffix in %{build_loop} ; do
+
+  if [ "x$suffix" = "x" ] ; then
+      debugbuild=release
+  else
+      # change --something to something
+      debugbuild=`echo slow$suffix  | sed "s/-//g"`
+  fi
+
+  systemjdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk
+
+  for loop in %{main_suffix} %{staticlibs_loop} ; do
+
+    builddir=%{buildoutputdir ${suffix}${loop}}
+    bootbuilddir=boot${builddir}
+    installdir=%{installoutputdir ${suffix}${loop}}
+    bootinstalldir=boot${installdir}
+
+    if test "x${loop}" = "x%{main_suffix}" ; then
+      # Copy the source tree so we can remove all in-tree libraries
+      cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
+      # Remove all libraries that are linked
+      sh %{SOURCE12} %{top_level_dir_name} full
+      # Use system libraries
+      link_opt="system"
+      # Debug builds don't need same targets as release for
+      # build speed-up
+      maketargets="%{release_targets}"
+      if echo $debugbuild | grep -q "debug" ; then
+	maketargets="%{debug_targets}"
+      fi
+%if %{bootstrap_build}
+      buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
+      buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
+      %{!?with_artifacts:rm -rf ${bootinstalldir}}
+%else
+      buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
+%endif
+      # Restore original source tree we modified by removing full in-tree sources
+      rm -rf %{top_level_dir_name}
+      mv %{top_level_dir_name_backup} %{top_level_dir_name}
+    else
+      # Use bundled libraries for building statically
+      link_opt="bundled"
+      # Static library cycle only builds the static libraries
+      maketargets="%{static_libs_target}"
+      # Always just do the one build for the static libraries
+      buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
+    fi
+
+  done # end of main / staticlibs loop
+
+  # Final setup on the main image
+  top_dir_abs_main_build_path=$(pwd)/%{installoutputdir ${suffix}%{main_suffix}}
+  installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
 
 # build cycles
-done
+done # end of release / debug cycle loop
 
 %check
 
 # We test debug first as it will give better diagnostics on a crash
 for suffix in %{rev_build_loop} ; do
 
-export JAVA_HOME=$(pwd)/%{buildoutputdir $suffix}/images/%{jdkimage}
+top_dir_abs_main_build_path=$(pwd)/%{installoutputdir ${suffix}%{main_suffix}}
+%if %{include_staticlibs}
+top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir ${suffix}%{staticlibs_loop}}
+%endif
+
+export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
 
 #check Shenandoah is enabled
 %if %{use_shenandoah_hotspot}
@@ -1559,13 +1742,30 @@ $JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLev
 $JAVA_HOME/bin/javac -d . %{SOURCE14}
 $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
 
+# Check correct vendor values have been set
+$JAVA_HOME/bin/javac -d . %{SOURCE15}
+$JAVA_HOME/bin/java $(echo $(basename %{SOURCE15})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}"
+
+# Check java launcher has no SSB mitigation
+if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
+
+# Check alt-java launcher has SSB mitigation on supported architectures
+%ifarch %{ssbd_arches}
+nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation
+%else
+if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi
+%endif
+
+%if %{include_staticlibs}
 # Check debug symbols in static libraries (smoke test)
-export STATIC_LIBS_HOME=$(pwd)/%{buildoutputdir -- $suffix}/images/%{static_libs_image}
+export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}
 readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
 readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
+%endif
 
+so_suffix="so"
 # Check debug symbols are present and can identify code
-find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib
+find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
 do
   if [ -f "$lib" ] ; then
     echo "Testing $lib for debug symbols"
@@ -1631,7 +1831,7 @@ grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
 %endif
 
 # Check src.zip has all sources. See RHBZ#1130490
-jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
+$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
 
 # Check class files include useful debugging information
 $JAVA_HOME/bin/javap -l java.lang.Object | grep "Compiled from"
@@ -1651,17 +1851,20 @@ STRIP_KEEP_SYMTAB=libjvm*
 
 for suffix in %{build_loop} ; do
 
+top_dir_abs_main_build_path=$(pwd)/%{installoutputdir ${suffix}%{main_suffix}}
+# Docs need to always be taken from the release build, as debug builds don't contain them
+# On release builds, this will just be the same as top_dir_abs_main_build_path
+top_dir_abs_release_build_path=$(pwd)/%{installoutputdir ${normal_suffix}%{main_suffix}}
+%if %{include_staticlibs}
+top_dir_abs_staticlibs_build_path=$(pwd)/%{installoutputdir ${suffix}%{staticlibs_loop}}
+%endif
+jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage}
+
 # Install the jdk
 mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
-cp -a %{buildoutputdir $suffix}/images/%{jdkimage} \
-  $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}
+cp -a ${jdk_image} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}
 
-# Install jsa directories so we can owe them
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}/lib/%{archinstall}/server/
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}/lib/%{archinstall}/client/
-mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}/lib/client/ || true  ; # sometimes is here, sometimes not, ifout it or || true it out
-
-pushd %{buildoutputdir $suffix}/images/%{jdkimage}
+pushd ${jdk_image}
 
 %if %{with_systemtap}
   # Install systemtap support files
@@ -1705,15 +1908,19 @@ pushd %{buildoutputdir $suffix}/images/%{jdkimage}
 
 popd
 # Install static libs artefacts
-cp -a %{buildoutputdir -- $suffix}/images/%{static_libs_image}/lib/*.a \
-  $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib
-
+%if %{include_staticlibs}
+mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}/lib/static/linux-%{archinstall}/glibc
+cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \
+  $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir $suffix}/lib/static/linux-%{archinstall}/glibc
+%endif
 
 # Install Javadoc documentation
 # Always take docs from normal build to avoid building them twice
 install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
-cp -a %{buildoutputdir $normal_suffix}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir $suffix}
-cp -a %{buildoutputdir $normal_suffix}/bundles/jdk-%{newjavaver}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip
+cp -a ${top_dir_abs_release_build_path}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir $suffix}
+built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
+cp -a ${top_dir_abs_release_build_path}/bundles/${built_doc_archive} \
+     $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir $suffix}.zip || ls -l ${top_dir_abs_release_build_path}/bundles/
 
 # Install release notes
 commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir $suffix}
@@ -1888,8 +2095,10 @@ require "copy_jdk_configs.lua"
 %files devel
 %{files_devel %{nil}}
 
+%if %{include_staticlibs}
 %files static-libs
 %{files_static_libs %{nil}}
+%endif
 
 %files jmods
 %{files_jmods %{nil}}
@@ -1921,8 +2130,10 @@ require "copy_jdk_configs.lua"
 %files devel-debug
 %{files_devel -- %{debug_suffix_unquoted}}
 
+%if %{include_staticlibs}
 %files static-libs-debug
 %{files_static_libs -- %{debug_suffix_unquoted}}
+%endif
 
 %files jmods-debug
 %{files_jmods -- %{debug_suffix_unquoted}}
@@ -1941,6 +2152,336 @@ require "copy_jdk_configs.lua"
 %endif
 
 %changelog
+* Wed Oct 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-1
+- Revert addition of libharfbuzz.so after its removal by JDK-8255790
+- Resolves: rhbz#2012332
+
+* Wed Oct 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-1
+- Update to jdk-11.0.12.0+8
+- Update release notes to 11.0.12.0+8
+- Switch to GA mode for final release.
+- This tarball is embargoed until 2021-10-19 @ 1pm PT.
+- Resolves: rhbz#2012332
+
+* Tue Oct 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.7-0.1.ea
+- Update to jdk-11.0.13.0+7
+- Update release notes to 11.0.13.0+7
+- Resolves: rhbz#1999936
+
+* Mon Oct 11 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.1-0.1.ea
+- Update to jdk-11.0.13.0+1
+- Update release notes to 11.0.13.0+1
+- Update tarball generation script to use git following OpenJDK 11u's move to github
+- Switch to EA mode for 11.0.13 pre-release builds.
+- Remove non-Free test from source tarball.
+- Related: rhbz#1999936
+
+* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-4
+- Reduce disk footprint by removing build artifacts by default.
+- Related: rhbz#1999936
+
+* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-3
+- Restructure the build so a minimal initial build is then used for the final build (with docs)
+- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
+- Related: rhbz#1999936
+
+* Mon Oct 04 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.12.0.7-2
+- Don't package lib/client and lib/client/classes.jsa which don't exist.
+- Resolves: rhbz#1698873
+
+* Thu Sep 02 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.12.0.7-1
+- Minor cosmetic improvements to make spec more comparable between variants
+- Related: rhbz#1999936
+
+* Tue Jul 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-0
+- Update to jdk-11.0.12.0+7
+- Update release notes to 11.0.12.0+7
+- Switch to GA mode for final release.
+- This tarball is embargoed until 2021-07-20 @ 1pm PT.
+- Resolves: rhbz#1972395
+
+* Thu Jul 08 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.6-0.0.ea
+- Update to jdk-11.0.12.0+6
+- Update release notes to 11.0.12.0+6
+- Skip 11.0.12.0+5 as 11.0.12.0+6 only adds a test change
+- Resolves: rhbz#1967811
+
+* Thu Jul 08 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.4-0.0.ea
+- Update to jdk-11.0.12.0+4
+- Update release notes to 11.0.12.0+4
+- Correct bug ID JDK-8264846 to intended ID of JDK-8264848
+- Resolves: rhbz#1967811
+
+* Mon Jul 05 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.3-0.0.ea
+- Update to jdk-11.0.12.0+3
+- Update release notes to 11.0.12.0+3
+- Resolves: rhbz#1967811
+
+* Fri Jul 02 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.2-0.0.ea
+- Update to jdk-11.0.12.0+2
+- Update release notes to 11.0.12.0+2
+- Resolves: rhbz#1967811
+
+* Mon Jun 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.1-0.0.ea
+- Update to jdk-11.0.12.0+1
+- Update release notes to 11.0.12.0+1
+- Switch to EA mode for 11.0.12 pre-release builds.
+- Update ECC patch following JDK-8226374 (bug ID yet to be confirmed)
+- Remove local JDK-8187450 backport as now included upstream.
+- Resolves: rhbz#1967811
+
+* Tue Apr 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-1
+- Add backport of JDK-8187450 from 11.0.12 to fix RH1937736
+- Resolves: rhbz#1937736
+
+* Mon Apr 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.9-0
+- Update to jdk-11.0.11.0+9
+- Update release notes to 11.0.11.0+9
+- Switch to GA mode for final release.
+- This tarball is embargoed until 2021-04-20 @ 1pm PT.
+- Resolves: rhbz#1940228
+
+* Sun Apr 11 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.7-0.0.ea
+- Update to jdk-11.0.11.0+7
+- Update release notes to 11.0.11.0+7
+- Resolves: rhbz#1938082
+
+* Fri Apr 09 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.6-0.0.ea
+- Update to jdk-11.0.11.0+6
+- Update release notes to 11.0.11.0+6
+- Resolves: rhbz#1938082
+
+* Tue Apr 06 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.5-0.0.ea
+- Update to jdk-11.0.11.0+5
+- Update release notes to 11.0.11.0+5
+- Resolves: rhbz#1938082
+
+* Mon Mar 29 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.4-0.0.ea
+- Update to jdk-11.0.11.0+4
+- Update release notes to 11.0.11.0+4
+- Resolves: rhbz#1938082
+
+* Mon Mar 29 2021 Jayashree Huttanagoudar <jhuttana@redhat.com> - 1:11.0.11.0.3-0.1.ea
+- Fix issue where CheckVendor.java test erroneously passes when it should fail.
+- Add proper quoting so '&' is not treated as a special character by the shell.
+- Resolves: rhbz#1938082
+
+* Sat Mar 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.3-0.0.ea
+- Update to jdk-11.0.11.0+3
+- Update release notes to 11.0.11.0+3
+- Resolves: rhbz#1938082
+
+* Sat Mar 27 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.2-0.1.ea
+- Debug builds need to find their documentation from the release build.
+- RHEL 7 builds still include a doc package for debug builds, though debug builds do not build docs.
+- Resolves: rhbz#1930527
+
+* Thu Mar 25 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.2-0.1.ea
+- Perform static library build on a separate source tree with bundled image libraries
+- Make static library build optional
+- Based on initial work by Severin Gehwolf
+- Resolves: rhbz#1930527
+
+* Fri Mar 19 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.2-0.0.ea
+- Update to jdk-11.0.11.0+2
+- Update release notes to 11.0.11.0+2
+- Remove local backport of JDK-8258836 which is now available upstream.
+- Resolves: rhbz#1938082
+
+* Thu Mar 18 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.11.0.1-0.0.ea
+- Update to jdk-11.0.11.0+1
+- Update release notes to 11.0.11.0+1
+- Switch to EA mode for 11.0.11 pre-release builds.
+- Require tzdata 2020f to match upstream change JDK-8259048
+- Resolves: rhbz#1938082
+
+* Tue Mar 02 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-1
+- Add backport of JDK-8258836 to fix -Xcheck:jni warnings
+- Resolves: rhbz#1897602
+
+* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.9-0
+- Update to jdk-11.0.10.0+9
+- Update release notes to 11.0.10.0+9
+- Switch to GA mode for final release.
+- This tarball is embargoed until 2021-01-19 @ 1pm PT.
+- Resolves: rhbz#1908970
+
+* Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.0.ea
+- Update to jdk-11.0.10.0+8
+- Update release notes to 11.0.10.0+8 and add missing JDK-8245051 from b04.
+- Resolves: rhbz#1903907
+
+* Thu Jan 14 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.5-0.0.ea
+- Update to jdk-11.0.10.0+5
+- Update release notes to 11.0.10.0+5
+- Drop JDK-8222527 as applied upstream.
+- Resolves: rhbz#1903907
+
+* Wed Jan 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.4-0.0.ea
+- Update to jdk-11.0.10.0+4
+- Update release notes to 11.0.10.0+4
+- Resolves: rhbz#1903907
+
+* Tue Jan 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.3-0.0.ea
+- Update to jdk-11.0.10.0+3
+- Update release notes to 11.0.10.0+3
+- Resolves: rhbz#1903907
+
+* Tue Jan 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.2-0.0.ea
+- Completely revert hacks from previous release, using buildver in configure and tzdata 2020b
+- Resolves: rhbz#1903907
+
+* Mon Jan 11 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.2-0.0.ea
+- Update to jdk-11.0.10.0+2
+- Update release notes to 11.0.10.0+2
+- Update tarball generation script to use PR3818 which handles JDK-8171279 changes
+- Drop JDK-8250861 as applied upstream.
+- Resolves: rhbz#1903907
+
+* Mon Jan 04 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.0.ea
+- Add new Harfbuzz library to package listing and _privatelibs
+- Resolves: rhbz#1903907
+
+* Sun Jan 03 2021 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.1-0.0.ea
+- Update to jdk-11.0.10.0+1
+- Update release notes to 11.0.10.0+1
+- Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
+- Still use 11.0.x rather than 11.0.x.0 for file naming, as the trailing zero is omitted from tags.
+- Revert configure and built_doc_archive hacks to build 11.0.9.1 from 11.0.9.0 sources, and synced with Fedora version.
+- Cleanup debug package descriptions and version number placement.
+- Switch to EA mode for 11.0.10 pre-release builds.
+- Drop JDK-8222286 & JDK-8254177 as applied upstream
+- Explicitly request bundled Harfbuzz (too risky to change this so late in the RHEL 7 lifecycle)
+- Resolves: rhbz#1903907
+
+* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-5
+- Introduced ssbd_arches to denote architectures with SSBD mitigation (currently only x86_64)
+- Introduced nm-based check to verify alt-java on ssbd_arches is patched, and no other alt-java or java binaries are patched
+- RH1750419 patch amended to emit a warning on architectures where alt-java is the same as java
+- Resolves: rhbz#1901695
+
+* Tue Dec 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-5
+- Redefined linux -> __linux__ and __x86_64 -> __x86_64__ in RH1750419 patch
+- Resolves: rhbz#1901695
+
+* Tue Dec 29 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-4
+- Update release notes for 11.0.9.1 release.
+- Resolves: rhbz#1895275
+
+* Tue Dec 01 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-3
+- Removed patch6: rh1566890-CVE_2018_3639-speculative_store_bypass.patch, surpassed by new patch
+- Added patch600: rh1750419-redhat_alt_java.patch, surpassing removed patch
+- No longer copy java->alt-java as it is created by patch600
+- Resolves: rhbz#1901695
+
+* Thu Nov 12 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-2
+- Add backport of JDK-8222537 so the Host header is sent when using proxies.
+- Resolves: rhbz#1869530
+
+* Wed Nov 04 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-1
+- Update to jdk-11.0.9.1+1
+- RPM version stays at 11.0.9.11 so as to not break upgrade path.
+- Adds a single patch for JDK-8250861.
+- Resolves: rhbz#1895275
+
+* Thu Oct 29 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.11-1
+- Move all license files to NVR-specific JVM directory.
+- This bad placement was killing parallel installability and thus having a bad impact on leapp, if used.
+- Resolves: rhbz#1896609
+
+* Mon Oct 19 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.11-1
+- Fix directory ownership of static-libs package
+- Resolves: rhbz#1896610
+
+* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-0
+- Delay tzdata 2020b dependency until tzdata update has shipped.
+- Resolves: rhbz#1876665
+
+* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.11-0
+- Update to jdk-11.0.9+11
+- Update release notes for 11.0.9 release.
+- Add backport of JDK-8254177 to update to tzdata 2020b
+- Require tzdata 2020b due to resource changes in JDK-8254177
+- This tarball is embargoed until 2020-10-20 @ 1pm PT.
+- Resolves: rhbz#1876665
+
+* Thu Oct 15 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.1.ea
+- Improve quoting of vendor name
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Jiri Vanek <jvanek@redhat.com> - 1:11.0.9.10-0.1.ea
+- Set vendor property and vendor URLs
+- Made URLs to be preconfigured by OS
+- Moved vendor_version_string to a better place
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.10-0.0.ea
+- Update to jdk-11.0.9+10 (EA)
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.9-0.0.ea
+- Update to jdk-11.0.9+9 (EA)
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.8-0.0.ea
+- Update to jdk-11.0.9+8 (EA)
+- Remove JDK-8252258/RH1868406 now applied upstream.
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.7-0.0.ea
+- Update to jdk-11.0.9+7 (EA)
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.9.6-0.1.ea
+- Update static-libs packaging to new layout
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.6-0.0.ea
+- Update to jdk-11.0.9+6 (EA)
+- Update tarball generation script to use PR3802, handling JDK-8233228 & JDK-8177334
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.5-0.0.ea
+- Update to jdk-11.0.9+5 (EA)
+- Resolves: rhbz#1876665
+
+* Wed Oct 14 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.4-0.0.ea
+- Update to jdk-11.0.9+4 (EA)
+- Resolves: rhbz#1876665
+
+* Sun Oct 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.3-0.0.ea
+- Update to jdk-11.0.9+3 (EA)
+- Resolves: rhbz#1876665
+
+* Sat Oct 10 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.2-0.1.ea
+- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
+- Resolves: rhbz#1876665
+
+* Thu Oct 08 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.2-0.0.ea
+- Update to jdk-11.0.9+2 (EA)
+- With Shenandoah now upstream in OpenJDK 11, we can use jdk-updates/jdk11 directly
+- Resolves: rhbz#1876665
+
+* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.1-0.0.ea
+- JDK-8245832 increases the set of static libraries, so try and include them all with a wildcard.
+- Resolves: rhbz#1876665
+
+* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.1-0.0.ea
+- Cleanup architecture and JVM feature handling in preparation for using upstreamed Shenandoah.
+- Resolves: rhbz#1876665
+
+* Mon Oct 05 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.9.1-0.0.ea
+- Update to shenandoah-jdk-11.0.9+1 (EA)
+- Switch to EA mode for 11.0.9 pre-release builds.
+- Drop JDK-8227269, JDK-8241750 & JDK-8245714 backports now applied upstream.
+- Resolves: rhbz#1876665
+
+* Tue Aug 25 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.8.10-2
+- Add JDK-8252258 to return default vendor to the original value of 'Oracle Corporation'
+- Include a test in the RPM to check the build has the correct vendor information.
+- Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value.
+- Resolves: rhbz#1876665
+
 * Sat Jul 11 2020 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.8.10-1
 - Update to shenandoah-jdk-11.0.8+10 (GA)
 - Switch to GA mode for final release.
diff --git a/shenandoah-jdk11-shenandoah-jdk-11.0.8+10-4curve.tar.xz b/jdk-updates-jdk11u-jdk-11.0.13+8-4curve.tar.xz
similarity index 83%
rename from shenandoah-jdk11-shenandoah-jdk-11.0.8+10-4curve.tar.xz
rename to jdk-updates-jdk11u-jdk-11.0.13+8-4curve.tar.xz
index 1d918a2825916a56f0e3b248b90fd85b96ad9a4d..a92af53698b6f71dd6a9cf64a40da1bf3326e4df 100644
Binary files a/shenandoah-jdk11-shenandoah-jdk-11.0.8+10-4curve.tar.xz and b/jdk-updates-jdk11u-jdk-11.0.13+8-4curve.tar.xz differ
diff --git a/jdk8227269-rh1826915-slow_class_loading_with_jdwp.patch b/jdk8227269-rh1826915-slow_class_loading_with_jdwp.patch
deleted file mode 100644
index 8c33e40f2116cd7852888ee5cc0490b0d7365e63..0000000000000000000000000000000000000000
--- a/jdk8227269-rh1826915-slow_class_loading_with_jdwp.patch
+++ /dev/null
@@ -1,481 +0,0 @@
-# HG changeset patch
-# User rkennke
-# Date 1579704902 -3600
-#      Wed Jan 22 15:55:02 2020 +0100
-# Node ID 63a288f3f25a5785460fa25756bd7d1e532cd874
-# Parent  ca116bb90caf334f8a78c6c763321f7c76452540
-8227269: Slow class loading when running with JDWP
-Reviewed-by: sspitsyn, cjplummer
-
-diff --git a/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c b/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c
---- a/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c
-+++ b/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c
-@@ -22,273 +22,204 @@
-  * or visit www.oracle.com if you need additional information or have any
-  * questions.
-  */
-+
- /*
-  * This module tracks classes that have been prepared, so as to
-- * be able to compute which have been unloaded.  On VM start-up
-- * all prepared classes are put in a table.  As class prepare
-- * events come in they are added to the table.  After an unload
-- * event or series of them, the VM can be asked for the list
-- * of classes; this list is compared against the table keep by
-- * this module, any classes no longer present are known to
-- * have been unloaded.
-- *
-- * For efficient access, classes are keep in a hash table.
-- * Each slot in the hash table has a linked list of KlassNode.
-- *
-- * Comparing current set of classes is compared with previous
-- * set by transferring all classes in the current set into
-- * a new table, any that remain in the old table have been
-- * unloaded.
-+ * be able to report which have been unloaded. On VM start-up
-+ * and whenever new classes are loaded, all prepared classes'
-+ * signatures are attached as JVMTI tag to the class object.
-+ * Class unloading is tracked by registering
-+ * ObjectFree callback on class objects. When this happens, we find
-+ * the signature of the unloaded class(es) and report them back
-+ * to the event handler to synthesize class-unload-events.
-  */
- 
- #include "util.h"
- #include "bag.h"
- #include "classTrack.h"
- 
--/* ClassTrack hash table slot count */
--#define CT_HASH_SLOT_COUNT 263    /* Prime which eauals 4k+3 for some k */
-+#define NOT_TAGGED 0
- 
--typedef struct KlassNode {
--    jclass klass;            /* weak global reference */
--    char *signature;         /* class signature */
--    struct KlassNode *next;  /* next node in this slot */
--} KlassNode;
-+/*
-+ * The JVMTI tracking env to keep track of klass tags for class-unloads
-+ */
-+static jvmtiEnv* trackingEnv;
-+
-+/*
-+ * A bag containing all the deleted classes' signatures. Must be accessed under
-+ * classTrackLock.
-+ */
-+struct bag* deletedSignatures;
- 
- /*
-- * Hash table of prepared classes.  Each entry is a pointer
-- * to a linked list of KlassNode.
-+ * Lock to keep integrity of deletedSignatures.
-  */
--static KlassNode **table;
-+static jrawMonitorID classTrackLock;
- 
- /*
-- * Return slot in hash table to use for this class.
-+ * Invoke the callback when classes are freed, find and record the signature
-+ * in deletedSignatures. Those are only used in addPreparedClass() by the
-+ * same thread.
-  */
--static jint
--hashKlass(jclass klass)
-+static void JNICALL
-+cbTrackingObjectFree(jvmtiEnv* jvmti_env, jlong tag)
- {
--    jint hashCode = objectHashCode(klass);
--    return abs(hashCode) % CT_HASH_SLOT_COUNT;
-+    debugMonitorEnter(classTrackLock);
-+    if (deletedSignatures == NULL) {
-+      debugMonitorExit(classTrackLock);
-+      return;
-+    }
-+    *(char**)bagAdd(deletedSignatures) = (char*)tag;
-+
-+    debugMonitorExit(classTrackLock);
- }
- 
- /*
-- * Transfer a node (which represents klass) from the current
-- * table to the new table.
-- */
--static void
--transferClass(JNIEnv *env, jclass klass, KlassNode **newTable) {
--    jint slot = hashKlass(klass);
--    KlassNode **head = &table[slot];
--    KlassNode **newHead = &newTable[slot];
--    KlassNode **nodePtr;
--    KlassNode *node;
--
--    /* Search the node list of the current table for klass */
--    for (nodePtr = head; node = *nodePtr, node != NULL; nodePtr = &(node->next)) {
--        if (isSameObject(env, klass, node->klass)) {
--            /* Match found transfer node */
--
--            /* unlink from old list */
--            *nodePtr = node->next;
--
--            /* insert in new list */
--            node->next = *newHead;
--            *newHead = node;
--
--            return;
--        }
--    }
--
--    /* we haven't found the class, only unloads should have happenned,
--     * so the only reason a class should not have been found is
--     * that it is not prepared yet, in which case we don't want it.
--     * Asset that the above is true.
--     */
--/**** the HotSpot VM doesn't create prepare events for some internal classes ***
--    JDI_ASSERT_MSG((classStatus(klass) &
--                (JVMTI_CLASS_STATUS_PREPARED|JVMTI_CLASS_STATUS_ARRAY))==0,
--               classSignature(klass));
--***/
--}
--
--/*
-- * Delete a hash table of classes.
-- * The signatures of classes in the table are returned.
-- */
--static struct bag *
--deleteTable(JNIEnv *env, KlassNode *oldTable[])
--{
--    struct bag *signatures = bagCreateBag(sizeof(char*), 10);
--    jint slot;
--
--    if (signatures == NULL) {
--        EXIT_ERROR(AGENT_ERROR_OUT_OF_MEMORY,"signatures");
--    }
--
--    for (slot = 0; slot < CT_HASH_SLOT_COUNT; slot++) {
--        KlassNode *node = oldTable[slot];
--
--        while (node != NULL) {
--            KlassNode *next;
--            char **sigSpot;
--
--            /* Add signature to the signature bag */
--            sigSpot = bagAdd(signatures);
--            if (sigSpot == NULL) {
--                EXIT_ERROR(AGENT_ERROR_OUT_OF_MEMORY,"signature bag");
--            }
--            *sigSpot = node->signature;
--
--            /* Free weak ref and the node itself */
--            JNI_FUNC_PTR(env,DeleteWeakGlobalRef)(env, node->klass);
--            next = node->next;
--            jvmtiDeallocate(node);
--
--            node = next;
--        }
--    }
--    jvmtiDeallocate(oldTable);
--
--    return signatures;
--}
--
--/*
-- * Called after class unloads have occurred.  Creates a new hash table
-- * of currently loaded prepared classes.
-- * The signatures of classes which were unloaded (not present in the
-- * new table) are returned.
-+ * Called after class unloads have occurred.
-+ * The signatures of classes which were unloaded are returned.
-  */
- struct bag *
- classTrack_processUnloads(JNIEnv *env)
- {
--    KlassNode **newTable;
--    struct bag *unloadedSignatures;
--
--    unloadedSignatures = NULL;
--    newTable = jvmtiAllocate(CT_HASH_SLOT_COUNT * sizeof(KlassNode *));
--    if (newTable == NULL) {
--        EXIT_ERROR(AGENT_ERROR_OUT_OF_MEMORY, "classTrack table");
--    } else {
--
--        (void)memset(newTable, 0, CT_HASH_SLOT_COUNT * sizeof(KlassNode *));
--
--        WITH_LOCAL_REFS(env, 1) {
--
--            jint classCount;
--            jclass *classes;
--            jvmtiError error;
--            int i;
--
--            error = allLoadedClasses(&classes, &classCount);
--            if ( error != JVMTI_ERROR_NONE ) {
--                jvmtiDeallocate(newTable);
--                EXIT_ERROR(error,"loaded classes");
--            } else {
--
--                /* Transfer each current class into the new table */
--                for (i=0; i<classCount; i++) {
--                    jclass klass = classes[i];
--                    transferClass(env, klass, newTable);
--                }
--                jvmtiDeallocate(classes);
--
--                /* Delete old table, install new one */
--                unloadedSignatures = deleteTable(env, table);
--                table = newTable;
--            }
--
--        } END_WITH_LOCAL_REFS(env)
--
-+    debugMonitorEnter(classTrackLock);
-+    if (deletedSignatures == NULL) {
-+        // Class tracking not initialized, nobody's interested.
-+        debugMonitorExit(classTrackLock);
-+        return NULL;
-     }
--
--    return unloadedSignatures;
-+    struct bag* deleted = deletedSignatures;
-+    deletedSignatures = bagCreateBag(sizeof(char*), 10);
-+    debugMonitorExit(classTrackLock);
-+    return deleted;
- }
- 
- /*
-- * Add a class to the prepared class hash table.
-- * Assumes no duplicates.
-+ * Add a class to the prepared class table.
-  */
- void
--classTrack_addPreparedClass(JNIEnv *env, jclass klass)
-+classTrack_addPreparedClass(JNIEnv *env_unused, jclass klass)
- {
--    jint slot = hashKlass(klass);
--    KlassNode **head = &table[slot];
--    KlassNode *node;
-     jvmtiError error;
-+    jvmtiEnv* env = trackingEnv;
- 
--    if (gdata->assertOn) {
--        /* Check this is not a duplicate */
--        for (node = *head; node != NULL; node = node->next) {
--            if (isSameObject(env, klass, node->klass)) {
--                JDI_ASSERT_FAILED("Attempting to insert duplicate class");
--                break;
--            }
-+    if (gdata && gdata->assertOn) {
-+        // Check this is not already tagged.
-+        jlong tag;
-+        error = JVMTI_FUNC_PTR(trackingEnv, GetTag)(env, klass, &tag);
-+        if (error != JVMTI_ERROR_NONE) {
-+            EXIT_ERROR(error, "Unable to GetTag with class trackingEnv");
-         }
-+        JDI_ASSERT(tag == NOT_TAGGED);
-     }
- 
--    node = jvmtiAllocate(sizeof(KlassNode));
--    if (node == NULL) {
--        EXIT_ERROR(AGENT_ERROR_OUT_OF_MEMORY,"KlassNode");
--    }
--    error = classSignature(klass, &(node->signature), NULL);
-+    char* signature;
-+    error = classSignature(klass, &signature, NULL);
-     if (error != JVMTI_ERROR_NONE) {
--        jvmtiDeallocate(node);
-         EXIT_ERROR(error,"signature");
-     }
--    if ((node->klass = JNI_FUNC_PTR(env,NewWeakGlobalRef)(env, klass)) == NULL) {
--        jvmtiDeallocate(node->signature);
--        jvmtiDeallocate(node);
--        EXIT_ERROR(AGENT_ERROR_NULL_POINTER,"NewWeakGlobalRef");
-+    error = JVMTI_FUNC_PTR(trackingEnv, SetTag)(env, klass, (jlong)signature);
-+    if (error != JVMTI_ERROR_NONE) {
-+        jvmtiDeallocate(signature);
-+        EXIT_ERROR(error,"SetTag");
-     }
-+}
- 
--    /* Insert the new node */
--    node->next = *head;
--    *head = node;
-+static jboolean
-+setupEvents()
-+{
-+    jvmtiCapabilities caps;
-+    memset(&caps, 0, sizeof(caps));
-+    caps.can_generate_object_free_events = 1;
-+    jvmtiError error = JVMTI_FUNC_PTR(trackingEnv, AddCapabilities)(trackingEnv, &caps);
-+    if (error != JVMTI_ERROR_NONE) {
-+        return JNI_FALSE;
-+    }
-+    jvmtiEventCallbacks cb;
-+    memset(&cb, 0, sizeof(cb));
-+    cb.ObjectFree = cbTrackingObjectFree;
-+    error = JVMTI_FUNC_PTR(trackingEnv, SetEventCallbacks)(trackingEnv, &cb, sizeof(cb));
-+    if (error != JVMTI_ERROR_NONE) {
-+        return JNI_FALSE;
-+    }
-+    error = JVMTI_FUNC_PTR(trackingEnv, SetEventNotificationMode)(trackingEnv, JVMTI_ENABLE, JVMTI_EVENT_OBJECT_FREE, NULL);
-+    if (error != JVMTI_ERROR_NONE) {
-+        return JNI_FALSE;
-+    }
-+    return JNI_TRUE;
- }
- 
- /*
-- * Called once to build the initial prepared class hash table.
-+ * Called once to initialize class-tracking.
-  */
- void
- classTrack_initialize(JNIEnv *env)
- {
--    WITH_LOCAL_REFS(env, 1) {
--
--        jint classCount;
--        jclass *classes;
--        jvmtiError error;
--        jint i;
-+    deletedSignatures = NULL;
-+    classTrackLock = debugMonitorCreate("Deleted class tag lock");
-+    trackingEnv = getSpecialJvmti();
-+    if (trackingEnv == NULL) {
-+        EXIT_ERROR(AGENT_ERROR_INTERNAL, "Failed to allocate tag-tracking jvmtiEnv");
-+    }
- 
--        error = allLoadedClasses(&classes, &classCount);
--        if ( error == JVMTI_ERROR_NONE ) {
--            table = jvmtiAllocate(CT_HASH_SLOT_COUNT * sizeof(KlassNode *));
--            if (table != NULL) {
--                (void)memset(table, 0, CT_HASH_SLOT_COUNT * sizeof(KlassNode *));
--                for (i=0; i<classCount; i++) {
--                    jclass klass = classes[i];
--                    jint status;
--                    jint wanted =
--                        (JVMTI_CLASS_STATUS_PREPARED|JVMTI_CLASS_STATUS_ARRAY);
-+
-+    if (!setupEvents()) {
-+        EXIT_ERROR(AGENT_ERROR_INTERNAL, "Unable to setup ObjectFree tracking");
-+    }
- 
--                    /* We only want prepared classes and arrays */
--                    status = classStatus(klass);
--                    if ( (status & wanted) != 0 ) {
--                        classTrack_addPreparedClass(env, klass);
--                    }
--                }
--            } else {
--                jvmtiDeallocate(classes);
--                EXIT_ERROR(AGENT_ERROR_OUT_OF_MEMORY,"KlassNode");
-+    jint classCount;
-+    jclass *classes;
-+    jvmtiError error;
-+    jint i;
-+
-+    error = allLoadedClasses(&classes, &classCount);
-+    if ( error == JVMTI_ERROR_NONE ) {
-+        for (i = 0; i < classCount; i++) {
-+            jclass klass = classes[i];
-+            jint status;
-+            jint wanted = JVMTI_CLASS_STATUS_PREPARED | JVMTI_CLASS_STATUS_ARRAY;
-+            status = classStatus(klass);
-+            if ((status & wanted) != 0) {
-+                classTrack_addPreparedClass(env, klass);
-             }
--            jvmtiDeallocate(classes);
--        } else {
--            EXIT_ERROR(error,"loaded classes array");
-         }
--
--    } END_WITH_LOCAL_REFS(env)
--
-+        jvmtiDeallocate(classes);
-+    } else {
-+        EXIT_ERROR(error,"loaded classes array");
-+    }
- }
- 
-+/*
-+ * Called to activate class-tracking when a listener registers for EI_GC_FINISH.
-+ */
-+void
-+classTrack_activate(JNIEnv *env)
-+{
-+    debugMonitorEnter(classTrackLock);
-+    deletedSignatures = bagCreateBag(sizeof(char*), 1000);
-+    debugMonitorExit(classTrackLock);
-+}
-+
-+static jboolean
-+cleanDeleted(void *signatureVoid, void *arg)
-+{
-+    char* sig = *(char**)signatureVoid;
-+    jvmtiDeallocate(sig);
-+    return JNI_TRUE;
-+}
-+
-+/*
-+ * Called when agent detaches.
-+ */
- void
- classTrack_reset(void)
- {
-+    debugMonitorEnter(classTrackLock);
-+
-+    if (deletedSignatures != NULL) {
-+        bagEnumerateOver(deletedSignatures, cleanDeleted, NULL);
-+        bagDestroyBag(deletedSignatures);
-+        deletedSignatures = NULL;
-+    }
-+
-+    debugMonitorExit(classTrackLock);
- }
-diff --git a/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.h b/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.h
---- a/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.h
-+++ b/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.h
-@@ -46,6 +46,12 @@
- classTrack_initialize(JNIEnv *env);
- 
- /*
-+ * Activates class tracking.
-+ */
-+void
-+classTrack_activate(JNIEnv *env);
-+
-+/*
-  * Reset class tracking.
-  */
- void
-diff --git a/src/jdk.jdwp.agent/share/native/libjdwp/eventHandler.c b/src/jdk.jdwp.agent/share/native/libjdwp/eventHandler.c
---- a/src/jdk.jdwp.agent/share/native/libjdwp/eventHandler.c
-+++ b/src/jdk.jdwp.agent/share/native/libjdwp/eventHandler.c
-@@ -1625,6 +1625,9 @@
- 
-     node->handlerID = external? ++requestIdCounter : 0;
-     error = eventFilterRestricted_install(node);
-+    if (node->ei == EI_GC_FINISH) {
-+        classTrack_activate(getEnv());
-+    }
-     if (error == JVMTI_ERROR_NONE) {
-         insert(getHandlerChain(node->ei), node);
-     }
-diff --git a/src/jdk.jdwp.agent/share/native/libjdwp/util.c b/src/jdk.jdwp.agent/share/native/libjdwp/util.c
---- a/src/jdk.jdwp.agent/share/native/libjdwp/util.c
-+++ b/src/jdk.jdwp.agent/share/native/libjdwp/util.c
-@@ -1742,7 +1742,7 @@
- }
- 
- /* Get the jvmti environment to be used with tags */
--static jvmtiEnv *
-+jvmtiEnv *
- getSpecialJvmti(void)
- {
-     jvmtiEnv  *jvmti;
-diff --git a/src/jdk.jdwp.agent/share/native/libjdwp/util.h b/src/jdk.jdwp.agent/share/native/libjdwp/util.h
---- a/src/jdk.jdwp.agent/share/native/libjdwp/util.h
-+++ b/src/jdk.jdwp.agent/share/native/libjdwp/util.h
-@@ -414,4 +414,6 @@
- void saveGlobalRef(JNIEnv *env, jobject obj, jobject *pobj);
- void tossGlobalRef(JNIEnv *env, jobject *pobj);
- 
-+jvmtiEnv* getSpecialJvmti(void);
-+
- #endif
diff --git a/jdk8241750-rh1826915-x86-32_8227269_fix.patch b/jdk8241750-rh1826915-x86-32_8227269_fix.patch
deleted file mode 100644
index 19e3d1870fcf59e45d9616494470f953ca982d15..0000000000000000000000000000000000000000
--- a/jdk8241750-rh1826915-x86-32_8227269_fix.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-# HG changeset patch
-# User shade
-# Date 1585332307 -3600
-#      Fri Mar 27 19:05:07 2020 +0100
-# Node ID af6e51a97af59304b5e5ad41cd3ee344dcc54f0a
-# Parent  a51657b8d38904b7d8d6820c8826a65a62959f06
-8241750: x86_32 build failure after JDK-8227269
-Reviewed-by: rkennke, cjplummer
-
-diff --git a/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c b/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c
---- a/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c
-+++ b/src/jdk.jdwp.agent/share/native/libjdwp/classTrack.c
-@@ -69,7 +69,7 @@
-       debugMonitorExit(classTrackLock);
-       return;
-     }
--    *(char**)bagAdd(deletedSignatures) = (char*)tag;
-+    *(char**)bagAdd(deletedSignatures) = (char*)jlong_to_ptr(tag);
- 
-     debugMonitorExit(classTrackLock);
- }
-@@ -117,7 +117,7 @@
-     if (error != JVMTI_ERROR_NONE) {
-         EXIT_ERROR(error,"signature");
-     }
--    error = JVMTI_FUNC_PTR(trackingEnv, SetTag)(env, klass, (jlong)signature);
-+    error = JVMTI_FUNC_PTR(trackingEnv, SetTag)(env, klass, ptr_to_jlong(signature));
-     if (error != JVMTI_ERROR_NONE) {
-         jvmtiDeallocate(signature);
-         EXIT_ERROR(error,"SetTag");
diff --git a/jdk8245714-rh1828845-build_loop_late_crash.patch b/jdk8245714-rh1828845-build_loop_late_crash.patch
deleted file mode 100644
index 3ebce49bc247322e90530049895eed82e224e1dc..0000000000000000000000000000000000000000
--- a/jdk8245714-rh1828845-build_loop_late_crash.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-# HG changeset patch
-# User roland
-# Date 1590664914 -7200
-#      Thu May 28 13:21:54 2020 +0200
-# Node ID 516c889e7582598020e49ed62bcf77871fe315d8
-# Parent  b2e6516f67ff98224f14e65beb944ddb04b24548
-8245714: "Bad graph detected in build_loop_late" when loads are pinned on loop limit check uncommon branch
-Reviewed-by: thartmann
-
-diff --git a/src/hotspot/share/opto/loopPredicate.cpp b/src/hotspot/share/opto/loopPredicate.cpp
---- a/src/hotspot/share/opto/loopPredicate.cpp
-+++ b/src/hotspot/share/opto/loopPredicate.cpp
-@@ -111,6 +111,9 @@
-     CallNode* call = rgn->as_Call();
-     IdealLoopTree* loop = get_loop(call);
-     rgn = new RegionNode(1);
-+    Node* uncommon_proj_orig = uncommon_proj;
-+    uncommon_proj = uncommon_proj->clone()->as_Proj();
-+    register_control(uncommon_proj, loop, iff);
-     rgn->add_req(uncommon_proj);
-     register_control(rgn, loop, uncommon_proj);
-     _igvn.replace_input_of(call, 0, rgn);
-@@ -118,13 +121,9 @@
-     if (_idom != NULL) {
-       set_idom(call, rgn, dom_depth(rgn));
-     }
--    for (DUIterator_Fast imax, i = uncommon_proj->fast_outs(imax); i < imax; i++) {
--      Node* n = uncommon_proj->fast_out(i);
--      if (n->is_Load() || n->is_Store()) {
--        _igvn.replace_input_of(n, 0, rgn);
--        --i; --imax;
--      }
--    }
-+    // Move nodes pinned on the projection or whose control is set to
-+    // the projection to the region.
-+    lazy_replace(uncommon_proj_orig, rgn);
-   } else {
-     // Find region's edge corresponding to uncommon_proj
-     for (; proj_index < rgn->req(); proj_index++)
-diff --git a/test/hotspot/jtreg/compiler/loopopts/TestBadControlLoopLimitCheck.java b/test/hotspot/jtreg/compiler/loopopts/TestBadControlLoopLimitCheck.java
-new file mode 100644
---- /dev/null
-+++ b/test/hotspot/jtreg/compiler/loopopts/TestBadControlLoopLimitCheck.java
-@@ -0,0 +1,85 @@
-+/*
-+ * Copyright (c) 2020, Red Hat, Inc. All rights reserved.
-+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-+ *
-+ * This code is free software; you can redistribute it and/or modify it
-+ * under the terms of the GNU General Public License version 2 only, as
-+ * published by the Free Software Foundation.
-+ *
-+ * This code is distributed in the hope that it will be useful, but WITHOUT
-+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-+ * version 2 for more details (a copy is included in the LICENSE file that
-+ * accompanied this code).
-+ *
-+ * You should have received a copy of the GNU General Public License version
-+ * 2 along with this work; if not, write to the Free Software Foundation,
-+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-+ *
-+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-+ * or visit www.oracle.com if you need additional information or have any
-+ * questions.
-+ */
-+
-+/*
-+ * @test
-+ * @bug 8245714
-+ * @requires vm.compiler2.enabled
-+ * @summary "Bad graph detected in build_loop_late" when loads are pinned on loop limit check uncommon branch
-+ *
-+ * @run main/othervm -XX:-BackgroundCompilation -XX:ArrayCopyLoadStoreMaxElem=0 TestBadControlLoopLimitCheck
-+ */
-+
-+public class TestBadControlLoopLimitCheck {
-+    public static void main(String[] args) {
-+        int[] int_array = {0, 0};
-+        A[] obj_array = {new A(), new A()};
-+        for (int i = 0; i < 20_000; i++) {
-+            test1(int_array, 0, 10, false);
-+            test_helper(42);
-+            test2(obj_array, 0, 10, false);
-+        }
-+    }
-+
-+    private static int test1(int[] a, int start, int stop, boolean flag) {
-+        int[] b = new int[2]; // non escaping allocation
-+        System.arraycopy(a, 0, b, 0, 2); // optimized out
-+        int v = 1;
-+        int j = 0;
-+        for (; j < 10; j++);
-+        int inc = test_helper(j); // delay transformation to counted loop
-+        // loop limit check here has loads pinned on unc branch
-+        for (int i = start; i < stop; i += inc) {
-+            v *= 2;
-+        }
-+        if (flag) {
-+            v += b[0] + b[1];
-+        }
-+        return v;
-+    }
-+
-+    private static int test2(A[] a, int start, int stop, boolean flag) {
-+        A[] b = new A[2]; // non escaping allocation
-+        System.arraycopy(a, 0, b, 0, 2); // optimized out
-+        int v = 1;
-+        int j = 0;
-+        for (; j < 10; j++);
-+        int inc = test_helper(j); // delay transformation to counted loop
-+        // loop limit check here has loads pinned on unc branch
-+        for (int i = start; i < stop; i += inc) {
-+            v *= 2;
-+        }
-+        if (flag) {
-+            v += b[0].f + b[1].f;
-+        }
-+        return v;
-+    }
-+
-+    static class A {
-+        int f;
-+    }
-+
-+    static int test_helper(int j) {
-+        return j == 10 ? 10 : 1;
-+    }
-+}
diff --git a/remove-intree-libraries.sh b/remove-intree-libraries.sh
index 044ea882c55ede8aa6d7090ee35bcb4b53322390..dd854291193a4c7e14719bf210e195c7b8d98bbe 100644
--- a/remove-intree-libraries.sh
+++ b/remove-intree-libraries.sh
@@ -1,24 +1,52 @@
 #!/bin/sh
 
+# Arguments: <JDK TREE> <MINIMAL|FULL>
+TREE=${1}
+TYPE=${2}
+
 ZIP_SRC=src/java.base/share/native/libzip/zlib/
 JPEG_SRC=src/java.desktop/share/native/libjavajpeg/
 GIF_SRC=src/java.desktop/share/native/libsplashscreen/giflib/
 PNG_SRC=src/java.desktop/share/native/libsplashscreen/libpng/
 LCMS_SRC=src/java.desktop/share/native/liblcms/
 
-cd openjdk
+if test "x${TREE}" = "x"; then
+    echo "$0 <JDK_TREE> (MINIMAL|FULL)";
+    exit 1;
+fi
+
+if test "x${TYPE}" = "x"; then
+    TYPE=minimal;
+fi
+
+if test "x${TYPE}" != "xminimal" -a "x${TYPE}" != "xfull"; then
+    echo "Type must be minimal or full";
+    exit 2;
+fi
+
+echo "Removing in-tree libraries from ${TREE}"
+echo "Cleansing operation: ${TYPE}";
+
+cd ${TREE}
 
 echo "Removing built-in libs (they will be linked)"
 
+# On full runs, allow for zlib having already been deleted by minimal
 echo "Removing zlib"
-if [ ! -d ${ZIP_SRC} ]; then
+if [ "x${TYPE}" = "xminimal" -a ! -d ${ZIP_SRC} ]; then
 	echo "${ZIP_SRC} does not exist. Refusing to proceed."
 	exit 1
 fi	
 rm -rvf ${ZIP_SRC}
 
+# Minimal is limited to just zlib so finish here
+if test "x${TYPE}" = "xminimal"; then
+    echo "Finished.";
+    exit 0;
+fi
+
 echo "Removing libjpeg"
-if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that sound definitely exist
+if [ ! -f ${JPEG_SRC}/jdhuff.c ]; then # some file that should definitely exist
 	echo "${JPEG_SRC} does not contain jpeg sources. Refusing to proceed."
 	exit 1
 fi	
diff --git a/rh1566890-CVE_2018_3639-speculative_store_bypass.patch b/rh1566890-CVE_2018_3639-speculative_store_bypass.patch
deleted file mode 100644
index bd528282a4528d4373853525424cf40e00b766cb..0000000000000000000000000000000000000000
--- a/rh1566890-CVE_2018_3639-speculative_store_bypass.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-diff --git openjdk/src/hotspot/os/linux/os_linux.cpp openjdk/src/hotspot/os/linux/os_linux.cpp
---- openjdk/src/hotspot/os/linux/os_linux.cpp
-+++ openjdk/src/hotspot/os/linux/os_linux.cpp
-@@ -107,6 +107,8 @@
- # include <inttypes.h>
- # include <sys/ioctl.h>
- 
-+#include <sys/prctl.h>
-+
- #ifndef _GNU_SOURCE
-   #define _GNU_SOURCE
-   #include <sched.h>
-@@ -4984,6 +4986,48 @@
- extern void report_error(char* file_name, int line_no, char* title,
-                          char* format, ...);
- 
-+/* Per task speculation control */
-+#ifndef PR_GET_SPECULATION_CTRL
-+# define PR_GET_SPECULATION_CTRL    52
-+#endif
-+#ifndef PR_SET_SPECULATION_CTRL
-+# define PR_SET_SPECULATION_CTRL    53
-+#endif
-+/* Speculation control variants */
-+#ifndef PR_SPEC_STORE_BYPASS
-+# define PR_SPEC_STORE_BYPASS          0
-+#endif
-+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
-+
-+#ifndef PR_SPEC_NOT_AFFECTED
-+# define PR_SPEC_NOT_AFFECTED          0
-+#endif
-+#ifndef PR_SPEC_PRCTL
-+# define PR_SPEC_PRCTL                 (1UL << 0)
-+#endif
-+#ifndef PR_SPEC_ENABLE
-+# define PR_SPEC_ENABLE                (1UL << 1)
-+#endif
-+#ifndef PR_SPEC_DISABLE
-+# define PR_SPEC_DISABLE               (1UL << 2)
-+#endif
-+#ifndef PR_SPEC_FORCE_DISABLE
-+# define PR_SPEC_FORCE_DISABLE         (1UL << 3)
-+#endif
-+#ifndef PR_SPEC_DISABLE_NOEXEC
-+# define PR_SPEC_DISABLE_NOEXEC        (1UL << 4)
-+#endif
-+
-+static void set_speculation() __attribute__((constructor));
-+static void set_speculation() {
-+  if ( prctl(PR_SET_SPECULATION_CTRL,
-+             PR_SPEC_STORE_BYPASS,
-+             PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
-+    return;
-+  }
-+  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
-+}
-+
- // this is called _before_ most of the global arguments have been parsed
- void os::init(void) {
-   char dummy;   // used to get a guess on initial stack address
diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e6355f2af927f9271f0377c96f03e00dc03f0718
--- /dev/null
+++ b/rh1750419-redhat_alt_java.patch
@@ -0,0 +1,116 @@
+diff -r 1356affa5e44 make/launcher/Launcher-java.base.gmk
+--- openjdk/make/launcher/Launcher-java.base.gmk      Wed Nov 25 08:27:15 2020 +0100
++++ openjdk/make/launcher/Launcher-java.base.gmk      Tue Dec 01 12:29:30 2020 +0100
+@@ -41,6 +41,16 @@
+     OPTIMIZATION := HIGH, \
+ ))
+ 
++#Wno-error=cpp is present to allow commented warning in ifdef part of main.c
++$(eval $(call SetupBuildLauncher, alt-java, \
++    CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \
++    LDFLAGS_solaris := -R$(OPENWIN_HOME)/lib$(OPENJDK_TARGET_CPU_ISADIR), \
++    LIBS_windows := user32.lib comctl32.lib, \
++    EXTRA_RC_FLAGS := $(JAVA_RC_FLAGS), \
++    VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \
++    OPTIMIZATION := HIGH, \
++))
++
+ ifeq ($(OPENJDK_TARGET_OS), windows)
+   $(eval $(call SetupBuildLauncher, javaw, \
+       CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \
+
+diff -r 25e94aa812b2 src/share/bin/alt_main.h
+--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
++++ openjdk/src/java.base/share/native/launcher/alt_main.h	Tue Jun 02 17:15:28 2020 +0100
+@@ -0,0 +1,73 @@
++/*
++ * Copyright (c) 2019, Red Hat, Inc. All rights reserved.
++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
++ *
++ * This code is free software; you can redistribute it and/or modify it
++ * under the terms of the GNU General Public License version 2 only, as
++ * published by the Free Software Foundation.  Oracle designates this
++ * particular file as subject to the "Classpath" exception as provided
++ * by Oracle in the LICENSE file that accompanied this code.
++ *
++ * This code is distributed in the hope that it will be useful, but WITHOUT
++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
++ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
++ * version 2 for more details (a copy is included in the LICENSE file that
++ * accompanied this code).
++ *
++ * You should have received a copy of the GNU General Public License version
++ * 2 along with this work; if not, write to the Free Software Foundation,
++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
++ *
++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
++ * or visit www.oracle.com if you need additional information or have any
++ * questions.
++ */
++
++#ifdef REDHAT_ALT_JAVA
++
++#include <sys/prctl.h>
++
++
++/* Per task speculation control */
++#ifndef PR_GET_SPECULATION_CTRL
++# define PR_GET_SPECULATION_CTRL    52
++#endif
++#ifndef PR_SET_SPECULATION_CTRL
++# define PR_SET_SPECULATION_CTRL    53
++#endif
++/* Speculation control variants */
++#ifndef PR_SPEC_STORE_BYPASS
++# define PR_SPEC_STORE_BYPASS          0
++#endif
++/* Return and control values for PR_SET/GET_SPECULATION_CTRL */
++
++#ifndef PR_SPEC_NOT_AFFECTED
++# define PR_SPEC_NOT_AFFECTED          0
++#endif
++#ifndef PR_SPEC_PRCTL
++# define PR_SPEC_PRCTL                 (1UL << 0)
++#endif
++#ifndef PR_SPEC_ENABLE
++# define PR_SPEC_ENABLE                (1UL << 1)
++#endif
++#ifndef PR_SPEC_DISABLE
++# define PR_SPEC_DISABLE               (1UL << 2)
++#endif
++#ifndef PR_SPEC_FORCE_DISABLE
++# define PR_SPEC_FORCE_DISABLE         (1UL << 3)
++#endif
++#ifndef PR_SPEC_DISABLE_NOEXEC
++# define PR_SPEC_DISABLE_NOEXEC        (1UL << 4)
++#endif
++
++static void set_speculation() __attribute__((constructor));
++static void set_speculation() {
++  if ( prctl(PR_SET_SPECULATION_CTRL,
++             PR_SPEC_STORE_BYPASS,
++             PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) {
++    return;
++  }
++  prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0);
++}
++
++#endif // REDHAT_ALT_JAVA
+diff -r 25e94aa812b2 src/share/bin/main.c
+--- openjdk/src/java.base/share/native/launcher/main.c	Wed Feb 05 12:20:36 2020 -0300
++++ openjdk/src/java.base/share/native/launcher/main.c	Tue Jun 02 17:15:28 2020 +0100
+@@ -34,6 +34,14 @@
+ #include "jli_util.h"
+ #include "jni.h"
+ 
++#ifdef REDHAT_ALT_JAVA
++#if defined(__linux__) && defined(__x86_64__)
++#include "alt_main.h"
++#else
++#warning alt-java requested but SSB mitigation not available on this platform.
++#endif
++#endif
++
+ #ifdef _MSC_VER
+ #if _MSC_VER > 1400 && _MSC_VER < 1600
+ 
diff --git a/s390-8214206_fix.patch b/s390-8214206_fix.patch
deleted file mode 100644
index 1d0c6860e48c0f741678f9606133d2ee27bc0512..0000000000000000000000000000000000000000
--- a/s390-8214206_fix.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git openjdk.orig/jdk/src/hotspot/share/runtime/os.cpp openjdk/jdk/src/hotspot/share/runtime/os.cpp
---- openjdk.orig/src/hotspot/share/runtime/os.cpp
-+++ openjdk/src/hotspot/share/runtime/os.cpp
-@@ -1368,7 +1368,7 @@
- }
- 
- void os::set_memory_serialize_page(address page) {
--  int count = log2_intptr(sizeof(class JavaThread)) - log2_int(64);
-+  int count = log2_intptr((uintptr_t) sizeof(class JavaThread)) - log2_int(64);
-   _mem_serialize_page = (volatile int32_t *)page;
-   // We initialize the serialization page shift count here
-   // We assume a cache line size of 64 bytes