Key:

JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X

CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY

New in release OpenJDK 8u292 (2021-04-20):

===========================================

Live versions of these release notes can be found at:

  * https://bitly.com/openjdk8u292

  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt

* Security fixes

  - JDK-8227467: Better class method invocations

  - JDK-8244473: Contextualize registration for JNDI

  - JDK-8244543: Enhanced handling of abstract classes

  - JDK-8249906, CVE-2021-2163: Enhance opening JARs

  - JDK-8250568, CVE-2021-2161: Less ambiguous processing

  - JDK-8253799: Make lists of normal filenames

* Other changes

  - JDK-6345095: regression test EmptyClipRenderingTest fails

  - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println

  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop

  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled

  - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed

  - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7

  - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found

  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently

  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider

  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error

  - JDK-8038723: Openup some PrinterJob tests

  - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X

  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton

  - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS

  - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported

  - JDK-8078450: Implement consistent process for quarantine of tests

  - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException

  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid

  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment

  - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms

  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256

  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error

  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output

  - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address

  - JDK-8160217: JavaSound should clean up resources better

  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods

  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node

  - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63

  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them

  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"

  - JDK-8191915: JCK tests produce incorrect results with C2

  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode

  - JDK-8202343: Disable TLS 1.0 and 1.1

  - JDK-8209333: Socket reset issue for TLS 1.3 socket close

  - JDK-8211301: [macos] support full window content options

  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker

  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy

  - JDK-8217338: [Containers] Improve systemd slice memory limit support

  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl

  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot

  - JDK-8223186: HotSpot compile warnings from GCC 9

  - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14

  - JDK-8225805: Java Access Bridge does not close the logger

  - JDK-8226899: Problemlist compiler/rtm tests

  - JDK-8227642: [TESTBUG] Make docker tests podman compatible

  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642

  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage

  - JDK-8230388: Problemlist additional compiler/rtm tests

  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR

  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3

  - JDK-8234728: Some security tests should support TLSv1.3

  - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions

  - JDK-8235311: Tag mismatch may alert bad_record_mac

  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.

  - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory

  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read

  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.

  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1

  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"

  - JDK-8242141: New System Properties to configure the TLS signature schemes

  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11

  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit

  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method

  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel

  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows

  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets

  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities

  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray

  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows

  - JDK-8253368: TLS connection always receives close_notify exception

  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities

  - JDK-8253932: SSL debug log prints incorrect caller info

  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations

  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed

  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem

  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java

  - JDK-8256421: Add 2 HARICA roots to cacerts truststore

  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed

  - JDK-8258079: Eliminate ParNew's use of klass_or_null()

  - JDK-8256682: JDK-8202343 is incomplete

  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines

  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575

  - JDK-8258247: Couple of issues in fix for JDK-8249906

  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()

  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes

  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures

  - JDK-8258933: G1 needs klass_or_null_acquire

  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f

  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will

  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548

  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy

  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport

  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS

  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a

  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function

  - JDK-8261183: Follow on to Make lists of normal filenames

  - JDK-8261231: Windows IME was disabled after DnD operation

  - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017

  - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory

  - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently

  - JDK-8263008: AARCH64: Add debug info for libsaproc.so

  - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)

* Shenandoah

  - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.

  - Revert differences against upstream 8u

  - [backport] 8202976: Add C1 lea patching support for x86

  - [backport] 8221507: Implement JFR Events for Shenandoah

  - [backport] 8224573: Fix windows build after JDK-8221507

  - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs

  - [backport] 8229474: Shenandoah: Cleanup CM::update_roots()

  - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs)

  - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2

  - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots

  - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB

  - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes

  - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64

  - [backport] 8233574: Shenandoah: build is broken without jfr

  - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint

  - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx"

  - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type

  - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength()

  - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition

  - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier

  - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition

  - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks

  - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape"

  - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U

  - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option

  - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()

  - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads

  - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask

  - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback

  - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test

  - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false

  - Fix register allocation for thread register is 32bit LRB

  - Fix Shenandoah bindings in ADLC formssel

  - Shenandoah: Backed out weak roots cleaning during full gc

Notes on individual issues:

===========================

security-libs/java.security:

JDK-8260597: Added 2 HARICA Root CA Certificates

================================================

The following root certificates have been added to the cacerts truststore:

Alias Name: haricarootca2015

Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR

Alias Name: haricaeccrootca2015

Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR

JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default

===================================================================================

Weak named curves are disabled by default by adding them to the

following `disabledAlgorithms` security properties:

* jdk.tls.disabledAlgorithms

* jdk.certpath.disabledAlgorithms

* jdk.jar.disabledAlgorithms

Red Hat has always disabled many of the curves provided by upstream,

so the only addition in this release is:

* secp256k1

The curves that remain enabled are:

* secp256r1

* secp384r1

* secp521r1

* X25519

* X448

When large numbers of weak named curves need to be disabled, adding

individual named curves to each `disabledAlgorithms` property would be

overwhelming. To relieve this, a new security property,

`jdk.disabled.namedCurves`, is implemented that can list the named

curves common to all of the `disabledAlgorithms` properties. To use

the new property in the `disabledAlgorithms` properties, precede the

full property name with the keyword `include`.  Users can still add

individual named curves to `disabledAlgorithms` properties separate

from this new property.  No other properties can be included in the

`disabledAlgorithms` properties.

To restore the named curves, remove the `include

jdk.disabled.namedCurves` either from specific or from all

`disabledAlgorithms` security properties. To restore one or more

curves, remove the specific named curve(s) from the

`jdk.disabled.namedCurves` property.

JDK-8244286: Tools Warn If Weak Algorithms Are Used

===================================================

The `keytool` and `jarsigner` tools have been updated to warn users

when weak cryptographic algorithms are used in keys, certificates, and

signed JARs before they are disabled. The weak algorithms are set in

the `jdk.security.legacyAlgorithms` security property in the

`java.security` configuration file. In this release, the tools issue

warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.

security-libs/javax.net.ssl:

JDK-8256490: Disable TLS 1.0 and 1.1

====================================

TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer

considered secure and have been superseded by more secure and modern

versions (TLS 1.2 and 1.3).

These versions have now been disabled by default. If you encounter

issues, you can, at your own risk, re-enable the versions by removing

"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`

security property in the `java.security` configuration file.

JDK-8242147: New System Properties to Configure the TLS Signature Schemes

=========================================================================

Two new system properties have been added to customize the TLS

signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been

added for the TLS client side, and `jdk.tls.server.SignatureSchemes`

has been added for the server side.

Each system property contains a comma-separated list of supported

signature scheme names specifying the signature schemes that could be

used for the TLS connections.

The names are described in the "Signature Schemes" section of the

*Java Security Standard Algorithm Names Specification*.

tools/javac:

JDK-8177368: Several incorporation steps are silently failing when an error should be reported

==============================================================================================

Reporting previously silent errors found during incorporation, JLS

8ยง18.3, was supposed to be a clean-up with performance only

implications. But consider the test case:

import java.util.Arrays;

import java.util.List;

class Klass {

  public static  List<List<A>> foo(List... lists) {

    return foo(Arrays.asList(lists));

    }

  public static  List<List<B>> foo(List> lists) {

    return null;

  }

}

This code was not accepted before the patch for [1], but after this

patch the compiler is accepting it. Accepting this code is the right

behavior as not reporting incorporation errors was a bug in the

compiler.  While determining the applicability of method: 

List<List<B>> foo(List> lists) for which

we have the constraints: b <: Object t <: List t<:Object

List <: t first, inference variable b is selected for

instantiation: b = CAP1 of ? extends A so this implies that: t <:

List t<: Object List <: t

Now all the bounds are checked for consistency. While checking if

List is a subtype of List

a bound error is reported. Before the compiler was just swallowing

it. As now the error is reported while inference variable b is being

instantiated, the bound set is rolled back to it's initial state, 'b'

is instantiated to Object, and with this instantiation the constraint

set is solvable, the method is applicable, it's the only applicable

one and the code is accepted as correct. The compiler behavior in this

case is defined at JLS 8 ยง18.4

This fix has source compatibility impact, right now code that wasn't

being accepted is now being accepted by the javac compiler. Currently

there are no reports of any other kind of incompatibility.

[1] https://bugs.openjdk.java.net/browse/JDK-8078024

New in release OpenJDK 8u282 (2021-01-19):

===========================================

Live versions of these release notes can be found at:

  * https://bitly.com/openjdk8u282

  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt

* Security fixes

  - JDK-8247619: Improve Direct Buffering of Characters

* Other changes

  - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux

  - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation

  - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails

  - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup

  - JDK-8030350: Enable additional compiler warnings for GCC

  - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows

  - JDK-8036122: Fix warning 'format not a string literal'

  - JDK-8039279: Move awt tests to openjdk repository

  - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk

  - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository

  - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree

  - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m

  - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests

  - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk

  - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository

  - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository

  - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests

  - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository

  - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2

  - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK

  - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3

  - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK

  - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4

  - JDK-8051440: move tests about maximizing undecorated to OpenJDK

  - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!

  - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5

  - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)

  - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK

  - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6

  - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7

  - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8

  - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK

  - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk

  - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9

  - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10

  - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails

  - JDK-8062808: Turn on the -Wreturn-type warning

  - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1

  - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2

  - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1

  - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2

  - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing

  - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases

  - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease

  - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()

  - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel

  - JDK-8068275: Some tests failed after JDK-8063104

  - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once

  - JDK-8074807: Fix some tests unnecessary using internal API

  - JDK-8076315: move 4 manual functional swing tests to regression suite

  - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT

  - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows

  - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful

  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent

  - JDK-8148916: Mark bug6400879.java as intermittently failing

  - JDK-8148983: Fix extra comma in changes for JDK-8148916

  - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants

  - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic

  - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails

  - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits

  - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java

  - JDK-8165808: Add release barriers when allocating objects with concurrent collection

  - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java

  - JDK-8166583: Add oopDesc::klass_or_null_acquire()

  - JDK-8166663: Simplify oops_on_card_seq_iterate_careful

  - JDK-8166862: CMS needs klass_or_null_acquire

  - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X

  - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp

  - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event

  - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument

  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8

  - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017

  - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out

  - JDK-8207766: [testbug] Adapt tests for Aix.

  - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation

  - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash

  - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior

  - JDK-8217362: Emergency dump does not work when disk=false is set

  - JDK-8217766: Container Support doesn't work for some Join Controllers combinations

  - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3

  - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable

  - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp

  - JDK-8220657: JFR.dump does not work when filename is set

  - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562

  - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing

  - JDK-8221710: [TESTBUG] more configurable parameters for docker testing

  - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable

  - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM

  - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs

  - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100

  - JDK-8229868: Update Apache Santuario TPRM version

  - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread

  - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes

  - JDK-8232114: JVM crashed at imjpapi.dll in native code

  - JDK-8233548: Update CUP to v0.11b

  - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area

  - JDK-8234339: replace JLI_StrTok in java_md_solinux.c

  - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes

  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test

  - JDK-8242335: Additional Tests for RSASSA-PSS

  - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker

  - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in

  - JDK-8245400: Upgrade to LittleCMS 2.11

  - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480

  - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention

  - JDK-8249176: Update GlobalSignR6CA test certificates

  - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior

  - JDK-8250636: iso8601_time returns incorrect offset part on MacOS

  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY

  - JDK-8250928: JFR: Improve hash algorithm for stack traces

  - JDK-8251365: Build failure on AIX after 8250636

  - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java

  - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers

  - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE

  - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries

  - JDK-8252497: Incorrect numeric currency code for ROL

  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent

  - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed

  - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal

  - JDK-8253036: Support building the Zero assembler port on AArch64

  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect

  - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip

  - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly

  - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion

  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate

  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp

  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp

  - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails

  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c

  - JDK-8255003: Build failures on Solaris

  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d

  - JDK-8255269: Unsigned overflow in g1Policy.cpp

  - JDK-8255603: Memory/Performance regression after JDK-8210985

  - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized

  - JDK-8256618: Zero: Linux x86_32 build still fails

  - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap

  - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder

  - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace

  - JDK-8258630: Add expiry exception for QuoVadis root certificate

* AArch64 port

  - Fix AArch64 build failure after JDK-8062808 backport

* Shenandoah

  - Fix racy update of code roots

Notes on individual issues:

===========================

security-libs/javax.xml.crypto:

JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3

===========================================================================

The XML Signature implementation in the `java.xml.crypto` module has

been updated to version 2.1.3 of Apache Santuario. New features

include:

* Added support for embedding elliptic curve public keys in the

  KeyValue element

New in release OpenJDK 8u275 (2020-11-05):

===========================================

Live versions of these release notes can be found at:

  * https://bitly.com/openjdk8u275

  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt

* Regression fixes

  - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"

  - JDK-8223940: Private key not supported by chosen signature algorithm

  - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding

  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)

New in release OpenJDK 8u272 (2020-10-20):

===========================================

Live versions of these release notes can be found at:

  * https://bitly.com/openjdk8u272

  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt

* New features

  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7

* Security fixes

  - JDK-8233624: Enhance JNI linkage

  - JDK-8236196: Improve string pooling

  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class

  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts

  - JDK-8237995, CVE-2020-14782: Enhance certificate processing

  - JDK-8240124: Better VM Interning

  - JDK-8241114, CVE-2020-14792: Better range handling

  - JDK-8242680, CVE-2020-14796: Improved URI Support

  - JDK-8242685, CVE-2020-14797: Better Path Validation

  - JDK-8242695, CVE-2020-14798: Enhanced buffer support

  - JDK-8243302: Advanced class supports

  - JDK-8244136, CVE-2020-14803: Improved Buffer supports

  - JDK-8244479: Further constrain certificates

  - JDK-8244955: Additional Fix for JDK-8240124

  - JDK-8245407: Enhance zoning of times

  - JDK-8245412: Better class definitions

  - JDK-8245417: Improve certificate chain handling

  - JDK-8248574: Improve jpeg processing

  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit

  - JDK-8253019: Enhanced JPEG decoding

* Other changes

  - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes

  - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java

  - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times

  - JDK-8025886: replace [[ and == bash extensions in regtest

  - JDK-8026236: Add PrimeTest for BigInteger

  - JDK-8031625: javadoc problems referencing inner class constructors

  - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals

  - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c

  - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails

  - JDK-8046274: Removing dependency on jakarta-regexp

  - JDK-8048933: -XX:+TraceExceptions output should include the message

  - JDK-8057003: Large reference arrays cause extremely long synchronization times

  - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler

  - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double

  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure

  - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds

  - JDK-8075774: Small readability and performance improvements for zipfs

  - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails

  - JDK-8078334: Mark regression tests using randomness

  - JDK-8078880: Mark a few more intermittently failuring security-libs

  - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support

  - JDK-8132206: move ScanTest.java into OpenJDK

  - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API

  - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java

  - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh

  - JDK-8144539: Update PKCS11 tests to run with security manager

  - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8

  - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape

  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent

  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect

  - JDK-8151788: NullPointerException from ntlm.Client.type3

  - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently

  - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings

  - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout

  - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public

  - JDK-8154313: Generated javadoc scattered all over the place

  - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization

  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider

  - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working

  - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k

  - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files

  - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite

  - JDK-8166148: Fix for JDK-8165936 broke solaris builds

  - JDK-8167300: Scheduling failures during gcm should be fatal

  - JDK-8167615: Opensource unit/regression tests for JavaSound

  - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed

  - JDK-8169925: PKCS #11 Cryptographic Token Interface license

  - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java

  - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled

  - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1

  - JDK-8177628: Opensource unit/regression tests for ImageIO

  - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java

  - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java

  - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh

  - JDK-8184762: ZapStackSegments should use optimized memset

  - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.

  - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied

  - JDK-8193137: Nashorn crashes when given an empty script file

  - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak

  - JDK-8194298: Add support for per Socket configuration of TCP keepalive

  - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error

  - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails

  - JDK-8201633: Problems with AES-GCM native acceleration

  - JDK-8203357: Container Metrics

  - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts

  - JDK-8210147: adjust some WSAGetLastError usages in windows network coding

  - JDK-8211049: Second parameter of "initialize" method is not used

  - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean

  - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions

  - JDK-8214862: assert(proj != __null) at compile.cpp:3251

  - JDK-8216283: Allow shorter method sampling interval than 10 ms

  - JDK-8217606: LdapContext#reconnect always opens a new connection

  - JDK-8217647: JFR: recordings on 32-bit systems unreadable

  - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11

  - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10

  - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero

  - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly

  - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound

  - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6

  - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file

  - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs

  - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified

  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp

  - JDK-8224217: RecordingInfo should use textual representation of path

  - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)

  - JDK-8226575: OperatingSystemMXBean should be made container aware

  - JDK-8226697: Several tests which need the @key headful keyword are missing it.

  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous

  - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM

  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow

  - JDK-8230303: JDB hangs when running monitor command

  - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG

  - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo

  - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate

  - JDK-8233097: Fontmetrics for large Fonts has zero width

  - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name

  - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion

  - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version

  - JDK-8235325: build failure on Linux after 8235243

  - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink

  - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages

  - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"

  - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary

  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10

  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10

  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10

  - JDK-8238898: Missing hash characters for header on license file

  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD

  - JDK-8239819: XToolkit: Misread of screen information memory

  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough

  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8

  - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one

  - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash

  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array

  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request

  - JDK-8243320: Add SSL root certificates to Oracle Root CA program

  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program

  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions

  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26

  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor

  - JDK-8245467: Remove 8u TLSv1.2 implementation files

  - JDK-8245469: Remove DTLS protocol implementation

  - JDK-8245470: Fix JDK8 compatibility issues

  - JDK-8245471: Revert JDK-8148188

  - JDK-8245472: Backport JDK-8038893 to JDK8

  - JDK-8245473: OCSP stapling support

  - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712

  - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default

  - JDK-8245477: Adjust TLS tests location

  - JDK-8245653: Remove 8u TLS tests

  - JDK-8245681: Add TLSv1.3 regression test from 11.0.7

  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ

  - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR

  - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release

  - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport

  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read

  - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase

  - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public

  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior

  - JDK-8250546: Expect changed behaviour reported in JDK-8249846

  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics

  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java

  - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update

  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher

  - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false

  - JDK-8251341: Minimal Java specification change

  - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u

  - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds

  - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled

  - JDK-8252573: 8u: Windows build failed after 8222079 backport

  - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed

  - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158

  - JDK-8254937: Revert JDK-8148854 for 8u272

Notes on individual issues:

===========================

core-svc/java.lang.management:

JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data

============================================================================================

When executing in a container, or other virtualized operating

environment, the following `OperatingSystemMXBean` methods in this

release return container specific information, if

available. Otherwise, they return host specific data:

* getFreePhysicalMemorySize()

* getTotalPhysicalMemorySize()

* getFreeSwapSpaceSize()

* getTotalSwapSpaceSize()

* getSystemCpuLoad()

security-libs/java.security:

JDK-8250756: Added Entrust Root Certification Authority - G4 certificate

========================================================================

The Entrust root certificate has been added to the cacerts truststore:

Alias Name: entrustrootcag4

Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

JDK-8250860: Added 3 SSL Corporation Root CA Certificates

=========================================================

The following root certificates have been added to the cacerts truststore for the SSL Corporation:

Alias Name: sslrootrsaca

Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US

Alias Name: sslrootevrsaca

Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US

Alias Name: sslrooteccca

Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US

security-libs/javax.crypto:pkcs11:

JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40

=======================================================================

The SunPKCS11 provider has been updated with support for PKCS#11

v2.40. This version adds support for more algorithms such as the

AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message

digests, and RSASSA-PSS signatures when the corresponding PKCS11

mechanisms are supported by the underlying PKCS11 library.

security-libs/javax.security:

JDK-8242059: Support for canonicalize in krb5.conf

==================================================

The 'canonicalize' flag in the [krb5.conf file][0] is now supported by

the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name

canonicalization is requested by clients in TGT requests to KDC

services (AS protocol). Otherwise, and by default, it is not

requested.

The new default behavior is different from previous releases where