cdbd41
Key:
cdbd41
cdbd41
JDK-X  - https://bugs.openjdk.java.net/browse/JDK-X
cdbd41
CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY
cdbd41
b06565
New in release OpenJDK 8u322 (2022-01-18):
b06565
===========================================
b06565
Live versions of these release notes can be found at:
b06565
  * https://bitly.com/openjdk8u322
b06565
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u322.txt
b06565
b06565
* Security fixes
b06565
  - JDK-8264934, CVE-2022-21248: Enhance cross VM serialization
b06565
  - JDK-8268488: More valuable DerValues
b06565
  - JDK-8268494: Better inlining of inlined interfaces
b06565
  - JDK-8268512: More content for ContentInfo
b06565
  - JDK-8268795: Enhance digests of Jar files
b06565
  - JDK-8268801: Improve PKCS attribute handling
b06565
  - JDK-8268813, CVE-2022-21283: Better String matching
b06565
  - JDK-8269151: Better construction of EncryptedPrivateKeyInfo
b06565
  - JDK-8269944: Better HTTP transport redux
b06565
  - JDK-8270392, CVE-2022-21293: Improve String constructions
b06565
  - JDK-8270416, CVE-2022-21294: Enhance construction of Identity maps
b06565
  - JDK-8270492, CVE-2022-21282: Better resolution of URIs
b06565
  - JDK-8270498, CVE-2022-21296: Improve SAX Parser configuration management
b06565
  - JDK-8270646, CVE-2022-21299: Improved scanning of XML entities
b06565
  - JDK-8271962: Better TrueType font loading
b06565
  - JDK-8271968: Better canonical naming
b06565
  - JDK-8271987: Manifest improved manifest entries
b06565
  - JDK-8272014, CVE-2022-21305: Better array indexing
b06565
  - JDK-8272026, CVE-2022-21340: Verify Jar Verification
b06565
  - JDK-8272236, CVE-2022-21341: Improve serial forms for transport
b06565
  - JDK-8272272: Enhance jcmd communication
b06565
  - JDK-8272462: Enhance image handling
b06565
  - JDK-8273290: Enhance sound handling
b06565
  - JDK-8273748, CVE-2022-21349: Improve Solaris font rendering
b06565
  - JDK-8273756, CVE-2022-21360: Enhance BMP image support
b06565
  - JDK-8273838, CVE-2022-21365: Enhanced BMP processing
b06565
* Other changes
b06565
  - JDK-6801613: Cross-platform pageDialog and printDialog top margin entry broken
b06565
  - JDK-8011541: [TEST_BUG] closed/javax/swing/plaf/metal/MetalUtils/bug6190373.java fails NPE since 7u25b03
b06565
  - JDK-8025430: [TEST_BUG] javax/swing/JEditorPane/5076514/bug5076514.java failed since jdk8b108
b06565
  - JDK-8041928: MouseEvent.getModifiersEx gives wrong result
b06565
  - JDK-8042199: The build of J2DBench via makefile is broken after the JDK-8005402
b06565
  - JDK-8044365: (dc) MulticastSendReceiveTests.java failing with ENOMEM when joining group (OS X 10.9)
b06565
  - JDK-8048021: Remove @version tag in jaxp repo
b06565
  - JDK-8049348: compiler/intrinsics/bmi/verifycode tests on lzcnt and tzcnt use incorrect assumption about REXB prefix usage
b06565
  - JDK-8060027: Tests java/beans/XMLEncoder/Test4903007.java and java/beans/XMLEncoder/java_awt_GridBagLayout.java
b06565
  - JDK-8066588: javax/management/remote/mandatory/connection/RMIConnector_NPETest.java fails to compile
b06565
  - JDK-8066652: Default TimeZone is GMT not local if user.timezone is invalid on Mac OS
b06565
  - JDK-8069034: gc/g1/TestEagerReclaimHumongousRegionsClearMarkBits.java nightly failure
b06565
  - JDK-8077590: windows_i586_6.2-product-c2-runThese8_Xcomp_vm failing after win compiler upgrade
b06565
  - JDK-8080287: The image of BufferedImage.TYPE_INT_ARGB and BufferedImage.TYPE_INT_ARGB_PRE is blank
b06565
  - JDK-8140329: [TEST_BUG] test FullScreenAfterSplash.java failed because image was not generated
b06565
  - JDK-8140472: java/net/ipv6tests/TcpTest.java failed intermittently with java.net.BindException: Address already in use: NET_Bind
b06565
  - JDK-8147051: StaxEntityResolverWrapper should create StaxXMLInputSource with a resolver indicator
b06565
  - JDK-8148915: Intermittent failures of bug6400879.java
b06565
  - JDK-8176837: SunPKCS11 provider needs to check more details on PKCS11 Mechanism
b06565
  - JDK-8177393: Result of RescaleOp for 4BYTE_ABGR images may be 25% black
b06565
  - JDK-8177536: Avoid Apple Peer-to-Peer interfaces in networking tests
b06565
  - JDK-8182036: Load from initializing arraycopy uses wrong memory state
b06565
  - JDK-8183369: RFC unconformity of HttpURLConnection with proxy
b06565
  - JDK-8183543: Aarch64: C2 compilation often fails with "failed spill-split-recycle sanity check"
b06565
  - JDK-8187450: JNI local refs exceeds capacity warning in NetworkInterface::getAll
b06565
  - JDK-8187649: ArrayIndexOutOfBoundsException in java.util.JapaneseImperialCalendar
b06565
  - JDK-8190482: InnocuousThread creation should not require the caller to possess enableContextClassLoaderOverride
b06565
  - JDK-8190793: Httpserver does not detect truncated request body
b06565
  - JDK-8196572: Tests ColConvCCMTest.java and MTColConvTest.java fail
b06565
  - JDK-8202788: Explicitly reclaim cached thread-local direct buffers at thread exit
b06565
  - JDK-8210058: Algorithmic Italic font leans opposite angle in Printing
b06565
  - JDK-8220150: macos10.14 Mojave returns anti-aliased glyphs instead of aliased B&W glyphs
b06565
  - JDK-8225082: Remove IdenTrust certificate that is expiring in September 2021
b06565
  - JDK-8225083: Remove Google certificate that is expiring in December 2021
b06565
  - JDK-8226806: [macOS 10.14] Methods of Java Robot should be called from appropriate thread
b06565
  - JDK-8231254: (fs) Add test for macOS Catalina changes to protect system software
b06565
  - JDK-8231438: [macOS] Dark mode for the desktop is not supported
b06565
  - JDK-8232178: MacVolumesTest failed after upgrade to MacOS Catalina
b06565
  - JDK-8232226: [macos 10.15] test/jdk/java/awt/color/EqualityTest/EqualityTest.java may fail
b06565
  - JDK-8235153: [TESTBUG] [macos 10.15] java/awt/Graphics/DrawImageBG/SystemBgColorTest.java fails
b06565
  - JDK-8236897: Fix the copyright header for pkcs11gcm2.h
b06565
  - JDK-8237499: JFR: Include stack trace in the ThreadStart event
b06565
  - JDK-8239886: Minimal VM build fails after JDK-8237499
b06565
  - JDK-8261397: Try Catch Method Failing to Work When Dividing An Integer By 0
b06565
  - JDK-8262731: [macOS] Exception from "Printable.print" is swallowed during "PrinterJob.print"
b06565
  - JDK-8272342: [TEST_BUG] java/awt/print/PrinterJob/PageDialogMarginTest.java catches all exceptions
b06565
  - JDK-8273308: PatternMatchTest.java fails on CI
b06565
  - JDK-8273342: Null pointer dereference in classFileParser.cpp:2817
b06565
  - JDK-8273826: Correct Manifest file name and NPE checks
b06565
  - JDK-8273968: JCK javax_xml tests fail in CI
b06565
  - JDK-8274407: (tz) Update Timezone Data to 2021c
b06565
  - JDK-8274467: TestZoneInfo310.java fails with tzdata2021b
b06565
  - JDK-8274468: TimeZoneTest.java fails with tzdata2021b
b06565
  - JDK-8274595: DisableRMIOverHTTPTest failed: connection refused
b06565
  - JDK-8274779: HttpURLConnection: HttpClient and HttpsClient incorrectly check request method when set to POST
b06565
  - JDK-8275766: (tz) Update Timezone Data to 2021e
b06565
  - JDK-8275849: TestZoneInfo310.java fails with tzdata2021e
b06565
  - JDK-8276536: Update TimeZoneNames files to follow the changes made by JDK-8275766
b06565
b06565
Notes on individual issues:
b06565
===========================
b06565
b06565
security-libs/java.security:
b06565
b06565
JDK-8271434: Removed IdenTrust Root Certificate
b06565
===============================================
b06565
The following root certificate from IdenTrust has been removed from
b06565
the `cacerts` keystore:
b06565
b06565
Alias Name: identrustdstx3 [jdk]
b06565
Distinguished Name: CN=DST Root CA X3, O=Digital Signature Trust Co.
b06565
b06565
JDK-8272535: Removed Google's GlobalSign Root Certificate
b06565
=========================================================
b06565
The following root certificate from Google has been removed from the
b06565
`cacerts` keystore:
b06565
b06565
Alias Name: globalsignr2ca [jdk]
b06565
Distinguished Name: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
b06565
b06565
core-libs/java.time:
b06565
b06565
JDK-8274857:  Update Timezone Data to 2021c
b06565
===========================================
b06565
IANA Time Zone Database, on which JDK's Date/Time libraries are based,
b06565
has been updated to version 2021c
b06565
(https://mm.icann.org/pipermail/tz-announce/2021-October/000067.html). Note
b06565
that with this update, some of the time zone rules prior to the year
b06565
1970 have been modified according to the changes which were introduced
b06565
with 2021b. For more detail, refer to the announcement of 2021b
b06565
(https://mm.icann.org/pipermail/tz-announce/2021-September/000066.html)
b06565
b06565
New in release OpenJDK 8u312 (2021-10-19):
b06565
===========================================
b06565
Live versions of these release notes can be found at:
b06565
  * https://bitly.com/openjdk8u312
b06565
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u312.txt
b06565
b06565
* Security fixes
b06565
  - JDK-8130183, CVE-2021-35588: InnerClasses: VM permits wrong Throw ClassFormatError if InnerClasses attribute's inner_class_info_index is 0
b06565
  - JDK-8161016: Strange behavior of URLConnection with proxy
b06565
  - JDK-8163326, CVE-2021-35550: Update the default enabled cipher suites preference
b06565
  - JDK-8254967, CVE-2021-35565: com.sun.net.HttpsServer spins on TLS session close
b06565
  - JDK-8263314: Enhance XML Dsig modes
b06565
  - JDK-8265167, CVE-2021-35556: Richer Text Editors
b06565
  - JDK-8265574: Improve handling of sheets
b06565
  - JDK-8265580, CVE-2021-35559: Enhanced style for RTF kit
b06565
  - JDK-8265776: Improve Stream handling for SSL
b06565
  - JDK-8266097, CVE-2021-35561: Better hashing support
b06565
  - JDK-8266103: Better specified spec values
b06565
  - JDK-8266109: More Resilient Classloading
b06565
  - JDK-8266115: More Manifest Jar Loading
b06565
  - JDK-8266137, CVE-2021-35564: Improve Keystore integrity
b06565
  - JDK-8266689, CVE-2021-35567: More Constrained Delegation
b06565
  - JDK-8267086: ArrayIndexOutOfBoundsException in java.security.KeyFactory.generatePublic
b06565
  - JDK-8267712: Better LDAP reference processing
b06565
  - JDK-8267729, CVE-2021-35578: Improve TLS client handshaking
b06565
  - JDK-8267735, CVE-2021-35586: Better BMP support
b06565
  - JDK-8268193: Improve requests of certificates
b06565
  - JDK-8268199: Correct certificate requests
b06565
  - JDK-8268506: More Manifest Digests
b06565
  - JDK-8269618, CVE-2021-35603: Better session identification
b06565
  - JDK-8269624: Enhance method selection support
b06565
  - JDK-8270398: Enhance canonicalization
b06565
  - JDK-8270404: Better canonicalization
b06565
* Other changes
b06565
  - JDK-6847157: java.lang.NullPointerException: HDC for component at sun.java2d.loops.Blit.Blit
b06565
  - JDK-7146776: deadlock between URLStreamHandler.getHostAddress and file.Handler.openconnection
b06565
  - JDK-7188942: Remove support of pbuffers in OGL Java2d pipeline
b06565
  - JDK-8004148: NPE in sun.awt.SunToolkit.getWindowDeactivationTime
b06565
  - JDK-8022323: [JavaSecurityScanner] review package com.sun.management.* Native methods should be private
b06565
  - JDK-8027154: [TESTBUG] Test java/awt/Mouse/GetMousePositionTest/GetMousePositionWithPopup.java fails
b06565
  - JDK-8035001: TEST_BUG: the retry logic in RMID.start() should check that the subprocess hasn't terminated
b06565
  - JDK-8035424: (reflect) Performance problem in sun.reflect.generics.parser.SignatureParser
b06565
  - JDK-8042557: compiler/uncommontrap/TestSpecTrapClassUnloading.java fails with: GC triggered before VM initialization completed
b06565
  - JDK-8054118: java/net/ipv6tests/UdpTest.java failed intermittently
b06565
  - JDK-8065215: Print warning summary at end of configure
b06565
  - JDK-8072767: DefaultCellEditor for comboBox creates ActionEvent with wrong source object
b06565
  - JDK-8079891: Store configure log in $BUILD/configure.log
b06565
  - JDK-8080082: configure fails if you create an empty directory and then run configure from it
b06565
  - JDK-8086003: Test fails on OSX with java.lang.RuntimeException 'Narrow klass base: 0x0000000000000000, Narrow klass shift: 3' missing
b06565
  - JDK-8131062: aarch64: add support for GHASH acceleration
b06565
  - JDK-8134869: AARCH64: GHASH intrinsic is not optimal
b06565
  - JDK-8134989: java/net/MulticastSocket/TestInterfaces.java failed due to unexpected IP address
b06565
  - JDK-8156584: Initialization race in sun.security.x509.AlgorithmId.get
b06565
  - JDK-8157404: Unable to read certain PKCS12 keystores from SequenceInputStream
b06565
  - JDK-8166673: The new implementation of Robot.waitForIdle() may hang
b06565
  - JDK-8170467: (reflect) Optimize SignatureParser's use of StringBuilders
b06565
  - JDK-8194246: JVM crashes when calling getStackTrace if stack contains a method that is a member of a very large class
b06565
  - JDK-8196181: sun/java2d/GdiRendering/InsetClipping.java fails
b06565
  - JDK-8202837: PBES2 AlgorithmId encoding error in PKCS12 KeyStore
b06565
  - JDK-8206189: sun/security/pkcs12/EmptyPassword.java fails with Sequence tag error
b06565
  - JDK-8214418: half-closed SSLEngine status may cause application dead loop
b06565
  - JDK-8214513: A PKCS12 keystore from Java 8 using custom PBE parameters cannot be read in Java 11
b06565
  - JDK-8220786: Create new switch to redirect error reporting output to stdout or stderr
b06565
  - JDK-8222751: closed/test/jdk/sun/security/util/DerIndefLenConverter/IndefBerPkcs12.java fail
b06565
  - JDK-8229243: SunPKCS11-Solaris provider tests failing on Solaris 11.4
b06565
  - JDK-8231222: fix pkcs11 P11_DEBUG guarded native traces
b06565
  - JDK-8237495: Java MIDI fails with a dereferenced memory error when asked to send a raw 0xF7
b06565
  - JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong handling of stoppedMixers
b06565
  - JDK-8240518: Incorrect JNU_ReleaseStringPlatformChars in Windows Print
b06565
  - JDK-8241248: NullPointerException in sun.security.ssl.HKDF.extract(HKDF.java:93)
b06565
  - JDK-8244154: Update SunPKCS11 provider with PKCS11 v3.0 header files
b06565
  - JDK-8247469: getSystemCpuLoad() returns -1 on linux when some offline cpus are present and cpusets.effective_cpus is not available
b06565
  - JDK-8248901: Signed immediate support in .../share/assembler.hpp is broken.
b06565
  - JDK-8259338: Add expiry exception for identrustdstx3 alias to VerifyCACerts.java test
b06565
  - JDK-8262000: jdk/jfr/event/gc/detailed/TestPromotionFailedEventWithParallelScavenge.java failed with "OutOfMemoryError: Java heap space"
b06565
  - JDK-8262829: Native crash in Win32PrintServiceLookup.getAllPrinterNames()
b06565
  - JDK-8263311: Watch registry changes for remote printers update instead of polling
b06565
  - JDK-8263382: java/util/logging/ParentLoggersTest.java failed with "checkLoggers: getLoggerNames() returned unexpected loggers"
b06565
  - JDK-8264752: SIGFPE crash with option FlightRecorderOptions:threadbuffersize=30M
b06565
  - JDK-8265238: [8u] [macos] build failure in OpenJDK8u after JDK-8211301 in older xcode
b06565
  - JDK-8265836: OperatingSystemImpl.getCpuLoad() returns incorrect CPU load inside a container
b06565
  - JDK-8265978: make test should look for more locations when searching for exit code
b06565
  - JDK-8266206: Build failure after JDK-8264752 with older GCCs
b06565
  - JDK-8268103: JNI functions incorrectly return a double after JDK-8265836
b06565
  - JDK-8268965: TCP Connection Reset when connecting simple socket to SSL server
b06565
  - JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory leak: allocating handle outside HandleMark
b06565
  - JDK-8269763: The JEditorPane is blank after JDK-8265167
b06565
  - JDK-8269810: [8u] Update generated_configure.sh after JDK-8250876 backport
b06565
  - JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
b06565
  - JDK-8269859: BacktraceBuilder._cprefs needs to be accessed as unsigned short
b06565
  - JDK-8269882: stack-use-after-scope in NewObjectA
b06565
  - JDK-8269953: config.log is not in build directory after 8u backport of JDK-8079891
b06565
  - JDK-8270137: Kerberos Credential Retrieval from Cache not Working in Cross-Realm Setup
b06565
  - JDK-8271466: StackGap test fails on aarch64 due to "-m64"
b06565
  - JDK-8272124: Cgroup v1 initialization causes NullPointerException when cgroup path contains colon
b06565
  - JDK-8272214: [8u] Build failure after backport of JDK-8248901
b06565
  - JDK-8272714: [8u] Build failure after backport of JDK-8248901 with MSVC 2013
b06565
* Shenandoah
b06565
  - [backport] JDK-8269661: JNI_GetStringCritical does not lock char array
b06565
  - Re-cast JNI critical strings patch to be Shenandoah-specific
b06565
b06565
Notes on individual issues:
b06565
===========================
b06565
b06565
core-libs/java.net:
b06565
b06565
JDK-8164200: Modified HttpURLConnection behavior when no suitable proxy is found
b06565
================================================================================
b06565
The behavior of HttpURLConnection when using a ProxySelector has been
b06565
modified with this JDK release. HttpURLConnection used to fall back to
b06565
a DIRECT connection attempt if the configured proxy(s) failed to make
b06565
a connection. This release introduces a change whereby no DIRECT
b06565
connection will be attempted in such a scenario. Instead, the
b06565
HttpURLConnection.connect() method will fail and throw an IOException
b06565
which occurred from the last proxy tested.
b06565
b06565
security-libs/javax.net.ssl:
b06565
b06565
JDK-8219551: Updated the Default Enabled Cipher Suites Preference
b06565
=================================================================
b06565
The preference of the default enabled cipher suites has been
b06565
changed. The compatibility impact should be minimal. If needed,
b06565
applications can customize the enabled cipher suites and the
b06565
preference. For more details, refer to the SunJSSE provider
b06565
documentation and the JSSE Reference Guide documentation.
b06565
e74e6c
New in release OpenJDK 8u302 (2021-07-20):
e74e6c
===========================================
e74e6c
Live versions of these release notes can be found at:
e74e6c
  * https://bitly.com/openjdk8u302
e74e6c
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u302.txt
e74e6c
e74e6c
* Security fixes
e74e6c
  - JDK-8256157: Improve bytecode assembly
e74e6c
  - JDK-8256491: Better HTTP transport
e74e6c
  - JDK-8258432, CVE-2021-2341: Improve file transfers
e74e6c
  - JDK-8260453: Improve Font Bounding
e74e6c
  - JDK-8260960: Signs of jarsigner signing
e74e6c
  - JDK-8260967, CVE-2021-2369: Better jar file validation
e74e6c
  - JDK-8262380: Enhance XML processing passes
e74e6c
  - JDK-8262403: Enhanced data transfer
e74e6c
  - JDK-8262410: Enhanced rules for zones
e74e6c
  - JDK-8262477: Enhance String Conclusions
e74e6c
  - JDK-8262967: Improve Zip file support
e74e6c
  - JDK-8264066, CVE-2021-2388: Enhance compiler validation
e74e6c
  - JDK-8264079: Improve abstractions
e74e6c
  - JDK-8264460: Improve NTLM support
e74e6c
* Other changes
e74e6c
  - JDK-6878250: (so) IllegalBlockingModeException thrown when reading from a closed SocketChannel's InputStream
e74e6c
  - JDK-6990210: [TEST_BUG] EventDispatchThread/HandleExceptionOnEDT/HandleExceptionOnEDT.java fails on gnome
e74e6c
  - JDK-7059970: Test case: javax/imageio/plugins/png/ITXtTest.java is not closing a file
e74e6c
  - JDK-7106851: Test should not use System.exit
e74e6c
  - JDK-8019470: Changes needed to compile JDK 8 on MacOS with clang compiler
e74e6c
  - JDK-8028618: [TEST BUG] javax/swing/JScrollBar/bug4202954/bug4202954.java fails
e74e6c
  - JDK-8030123: java/beans/Introspector/Test8027648.java fails
e74e6c
  - JDK-8032050: Clean up for java/rmi/activation/Activatable/shutdownGracefully/ShutdownGracefully.java
e74e6c
  - JDK-8033289: clang: clean up unused function warning
e74e6c
  - JDK-8034856: gcc warnings compiling src/solaris/native/sun/security/pkcs11
e74e6c
  - JDK-8034857: gcc warnings compiling src/solaris/native/sun/management
e74e6c
  - JDK-8035000: clean up ActivationLibrary.DestroyThread
e74e6c
  - JDK-8035054: JarFacade.c should not include ctype.h
e74e6c
  - JDK-8035287: gcc warnings compiling various libraries files
e74e6c
  - JDK-8036095: RMI tests using testlibrary.RMID and testlibrary.JavaVM do not pass through vmoptions
e74e6c
  - JDK-8037825: Fix warnings and enable "warnings as errors" in serviceability native libraries
e74e6c
  - JDK-8042891: Format issues embedded in macros for two g1 source files
e74e6c
  - JDK-8043264: hsdis library not picked up correctly on expected paths
e74e6c
  - JDK-8043646: libosxapp.dylib fails to build on Mac OS 10.9 with clang
e74e6c
  - JDK-8047939: [TESTBUG] Rewrite test/runtime/8001071/Test8001071.sh
e74e6c
  - JDK-8055754: filemap.cpp does not compile with clang
e74e6c
  - JDK-8064909: FragmentMetaspace.java got OutOfMemoryError
e74e6c
  - JDK-8066508: JTReg tests timeout on slow devices when run using JPRT
e74e6c
  - JDK-8066807: langtools/test/Makefile should use -agentvm not -samevm
e74e6c
  - JDK-8071374: -XX:+PrintAssembly -XX:+PrintSignatureHandlers crash fastdebug VM with assert(limit == __null || limit <= nm->code_end()) in RelocIterator::initialize
e74e6c
  - JDK-8073446: TimeZone getOffset API does not return a dst offset between years 2038-2137
e74e6c
  - JDK-8074835: Resolve disabled warnings for libj2gss
e74e6c
  - JDK-8074836: Resolve disabled warnings for libosxkrb5
e74e6c
  - JDK-8075071: [TEST_BUG] TimSortStackSize2.java: OOME: Java heap space: MaxHeap shrinked by MaxRAMFraction
e74e6c
  - JDK-8077364: "if( !this )" construct prevents build on Xcode 6.3
e74e6c
  - JDK-8078855: [TEST_BUG] javax/swing/JComboBox/8032878/bug8032878.java fails in WindowsClassicLookAndFeel
e74e6c
  - JDK-8081764: [TEST_BUG] Test javax/swing/plaf/aqua/CustomComboBoxFocusTest.java fails on Windows, Solaris Sparcv9 and Linux but passes on MacOSX
e74e6c
  - JDK-8129511: PlatformMidi.c:83 uses malloc without malloc header
e74e6c
  - JDK-8130308: Too low memory usage in TestPromotionFromSurvivorToTenuredAfterMinorGC.java
e74e6c
  - JDK-8130430: [TEST_BUG] remove unnecessary internal calls from javax/swing/JRadioButton/8075609/bug8075609.java
e74e6c
  - JDK-8132148: G1 hs_err region dump legend out of sync with region values
e74e6c
  - JDK-8132709: [TESTBUG] gc/g1/TestHumongousShrinkHeap.java might fail on embedded
e74e6c
  - JDK-8134672: [TEST_BUG] Some tests should check isDisplayChangeSupported
e74e6c
  - JDK-8134883: C1 hard crash in range check elimination in Nashorn test262parallel
e74e6c
  - JDK-8136592: [TEST_BUG] Fix 2 platform-specific closed regtests for jigsaw
e74e6c
  - JDK-8138820: JDK Hotspot build fails with Xcode 7.0.1
e74e6c
  - JDK-8151786: [TESTBUG] java/beans/XMLEncoder/Test4625418.java timed out intermittently
e74e6c
  - JDK-8159898: Negative array size in java/beans/Introspector/Test8027905.java
e74e6c
  - JDK-8166046: [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME
e74e6c
  - JDK-8166724: gc/g1/TestHumongousShrinkHeap.java fails with OOME
e74e6c
  - JDK-8172188: JDI tests fail due to "permission denied" when creating temp file
e74e6c
  - JDK-8177809: File.lastModified() is losing milliseconds (always ends in 000)
e74e6c
  - JDK-8178403: DirectAudio in JavaSound may hang and leak
e74e6c
  - JDK-8180478: tools/launcher/MultipleJRE.sh fails on Windows because of extra-''
e74e6c
  - JDK-8183910: gc/arguments/TestAggressiveHeap.java fails intermittently
e74e6c
  - JDK-8190332: PngReader throws NegativeArraySizeException/OOM error when IHDR width is very large
e74e6c
  - JDK-8190679: java/util/Arrays/TimSortStackSize2.java fails with "Initial heap size set to a larger value than the maximum heap size"
e74e6c
  - JDK-8191955: AArch64: incorrect prefetch distance causes an internal error
e74e6c
  - JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java fails
e74e6c
  - JDK-8199265: java/util/Arrays/TimSortStackSize2.java fails with OOM
e74e6c
  - JDK-8200550: Xcode 9.3 produce warning -Wexpansion-to-defined
e74e6c
  - JDK-8202299: Java Keystore fails to load PKCS12/PFX certificates created in WindowsServer2016
e74e6c
  - JDK-8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
e74e6c
  - JDK-8205014: com/sun/jndi/ldap/DeadSSLLdapTimeoutTest.java failed with "Read timed out"
e74e6c
  - JDK-8206243: java -XshowSettings fails if memory.limit_in_bytes overflows LONG.max
e74e6c
  - JDK-8206925: Support the certificate_authorities extension
e74e6c
  - JDK-8209996: [PPC64] Fix JFR profiling
e74e6c
  - JDK-8214345: infinite recursion while checking super class
e74e6c
  - JDK-8217230: assert(t == t_no_spec) failure in NodeHash::check_no_speculative_types()
e74e6c
  - JDK-8217348: assert(thread->is_Java_thread()) failed: just checking
e74e6c
  - JDK-8225081: Remove Telia Company CA certificate expiring in April 2021
e74e6c
  - JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
e74e6c
  - JDK-8228757: Fail fast if the handshake type is unknown
e74e6c
  - JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
e74e6c
  - JDK-8231631: sun/net/ftp/FtpURLConnectionLeak.java fails intermittently with NPE
e74e6c
  - JDK-8231841: AArch64: debug.cpp help() is missing an AArch64 line for pns
e74e6c
  - JDK-8231949: [PPC64, s390]: Make async profiling more reliable
e74e6c
  - JDK-8234011: (zipfs) Memory leak in ZipFileSystem.releaseDeflater()
e74e6c
  - JDK-8239053: [8u] clean up undefined-var-template warnings
e74e6c
  - JDK-8239400: [8u] clean up undefined-var-template warnings
e74e6c
  - JDK-8241649: Optimize Character.toString
e74e6c
  - JDK-8241829: Cleanup the code for PrinterJob on windows
e74e6c
  - JDK-8242565: Policy initialization issues when the denyAfter constraint is enabled
e74e6c
  - JDK-8243559: Remove root certificates with 1024-bit keys
e74e6c
  - JDK-8247350: [aarch64] assert(false) failed: wrong size of mach node
e74e6c
  - JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is unstable
e74e6c
  - JDK-8249278: Revert JDK-8226253 which breaks the spec of AccessibleState.SHOWING for JList
e74e6c
  - JDK-8250876: Fix issues with cross-compile on macos
e74e6c
  - JDK-8252883: AccessDeniedException caused by delayed file deletion on Windows
e74e6c
  - JDK-8253375: OSX build fails with Xcode 12.0 (12A7209)
e74e6c
  - JDK-8254631: Better support ALPN byte wire values in SunJSSE
e74e6c
  - JDK-8255086: Update the root locale display names
e74e6c
  - JDK-8255734: VM should ignore SIGXFSZ on ppc64, s390 too
e74e6c
  - JDK-8256818: SSLSocket that is never bound or connected leaks socket resources
e74e6c
  - JDK-8257039: [8u] GenericTaskQueue destructor is incorrect
e74e6c
  - JDK-8257670: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java reports leaks
e74e6c
  - JDK-8257884: Re-enable sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java as automatic test
e74e6c
  - JDK-8257997: sun/security/ssl/SSLSocketImpl/SSLSocketLeak.java again reports leaks after JDK-8257884
e74e6c
  - JDK-8257999: Parallel GC crash in gc/parallel/TestDynShrinkHeap.java: new region is not in covered_region
e74e6c
  - JDK-8258419: RSA cipher buffer cleanup
e74e6c
  - JDK-8258669: fastdebug jvm crashes when do event based tracing for monitor inflation
e74e6c
  - JDK-8258753: StartTlsResponse.close() hangs due to synchronization issues
e74e6c
  - JDK-8259271: gc/parallel/TestDynShrinkHeap.java still fails "assert(covered_region.contains(new_memregion)) failed: new region is not in covered_region"
e74e6c
  - JDK-8259619: C1: 3-arg StubAssembler::call_RT stack-use condition is incorrect
e74e6c
  - JDK-8259886: Improve SSL session cache performance and scalability
e74e6c
  - JDK-8260029: aarch64: fix typo in verify_oop_array
e74e6c
  - JDK-8260236: better init AnnotationCollector _contended_group
e74e6c
  - JDK-8260255: C1: LoopInvariantCodeMotion constructor can leave some fields uninitialized
e74e6c
  - JDK-8260484: CheckExamples.java / NoJavaLangTest.java fail with jtreg 4.2
e74e6c
  - JDK-8260704: ParallelGC: oldgen expansion needs release-store for _end
e74e6c
  - JDK-8261355: No data buffering in SunPKCS11 Cipher encryption when the underlying mechanism has no padding
e74e6c
  - JDK-8261867: Backport relevant test changes & additions from JDK-8130125
e74e6c
  - JDK-8262110: DST starts from incorrect time in 2038
e74e6c
  - JDK-8262446: DragAndDrop hangs on Windows
e74e6c
  - JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt stack
e74e6c
  - JDK-8262730: Enable jdk8u MacOS external debug symbols
e74e6c
  - JDK-8262864: No debug symbols in image for Windows --with-native-debug-symbols=external
e74e6c
  - JDK-8263061: copy wrong unpack200 debuginfo to bin directory after 8252395
e74e6c
  - JDK-8263504: Some OutputMachOpcodes fields are uninitialized
e74e6c
  - JDK-8263600: change rmidRunning to a simple lookup
e74e6c
  - JDK-8264509: jdk8u MacOS zipped debug symbols won't build
e74e6c
  - JDK-8264562: assert(verify_field_bit(1)) failed: Attempting to write an uninitialized event field: type
e74e6c
  - JDK-8264640: CMS ParScanClosure misses a barrier
e74e6c
  - JDK-8264816: Weak handles leak causes GC to take longer
e74e6c
  - JDK-8265462: Handle multiple slots in the NSS Internal Module from SunPKCS11's Secmod
e74e6c
  - JDK-8265666: Enable AIX build platform to make external debug symbols
e74e6c
  - JDK-8265832: runtime/StackGap/testme.sh fails to compile in 8u
e74e6c
  - JDK-8265988: Fix sun/text/IntHashtable/Bug4170614 for JDK 8u
e74e6c
  - JDK-8266191: Missing aarch64 parts of JDK-8181872 (C1: possible overflow when strength reducing integer multiply by constant)
e74e6c
  - JDK-8266723: JFR periodic events are causing extra allocations
e74e6c
  - JDK-8266929: Unable to use algorithms from 3p providers
e74e6c
  - JDK-8267235: [macos_aarch64] InterpreterRuntime::throw_pending_exception messing up LR results in crash
e74e6c
  - JDK-8267426: MonitorVmStartTerminate test timed out on Embedded VM
e74e6c
  - JDK-8267545: [8u] Enable Xcode 12 builds on macOS
e74e6c
  - JDK-8267689: [aarch64] Crash due to bad shift in indirect addressing mode
e74e6c
  - JDK-8268444: keytool -v -list print is incorrect after backport JDK-8141457
e74e6c
  - JDK-8269388: Default build of OpenJDK 8 fails on newer GCCs with warnings as errors on format-overflow
e74e6c
  - JDK-8269468: JDK-8269388 breaks the build on older GCCs
e74e6c
  - JDK-8270533: AArch64: size_fits_all_mem_uses should return false if its output is a CAS
e74e6c
* Shenandoah
e74e6c
  - [backport] JDK-8259580: Shenandoah: uninitialized label in VerifyThreadGCState
e74e6c
  - [backport] JDK-8259954: gc/shenandoah/mxbeans tests fail with -Xcomp
e74e6c
  - [backport] JDK-8261251: Shenandoah: Use object size for full GC humongous
e74e6c
  - [backport] JDK-8261413: Shenandoah: Disable class-unloading in I-U mode
e74e6c
  - [backport] JDK-8265239: Shenandoah: Shenandoah heap region count could be off by 1
e74e6c
  - [backport] JDK-8266802: Shenandoah: Round up region size to page size unconditionally
e74e6c
  - [backport] JDK-8267561: Shenandoah: Reference processing not properly setup for outside of cycle degenerated GC
e74e6c
  - [backport] JDK-8268127: Shenandoah: Heap size may be too small for region to align to large page size
e74e6c
  - [backport] JDK-8268699: Shenandoah: Add test for JDK-8268127
e74e6c
  - Shenandoah: Process weak roots during class unloading cycle
e74e6c
e74e6c
Notes on individual issues:
e74e6c
===========================
e74e6c
e74e6c
security-libs/java.security:
e74e6c
e74e6c
JDK-8256902: Removed Root Certificates with 1024-bit Keys
e74e6c
=========================================================
e74e6c
The following root certificates with weak 1024-bit RSA public keys
e74e6c
have been removed from the `cacerts` keystore:
e74e6c
e74e6c
Alias Name: thawtepremiumserverca [jdk]
e74e6c
Distinguished Name: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
e74e6c
e74e6c
Alias Name: verisignclass2g2ca [jdk]
e74e6c
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
e74e6c
e74e6c
Alias Name: verisignclass3ca [jdk]
e74e6c
Distinguished Name: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
e74e6c
e74e6c
Alias Name: verisignclass3g2ca [jdk]
e74e6c
Distinguished Name: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
e74e6c
e74e6c
Alias Name: verisigntsaca [jdk]
e74e6c
Distinguished Name: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
e74e6c
e74e6c
JDK-8261361: Removed Telia Company's Sonera Class2 CA certificate
e74e6c
=================================================================
e74e6c
e74e6c
The following root certificate have been removed from the cacerts truststore:
e74e6c
e74e6c
Alias Name: soneraclass2ca
e74e6c
Distinguished Name: CN=Sonera Class2 CA, O=Sonera, C=FI
e74e6c
e74e6c
security-libs/javax.net.ssl:
e74e6c
e74e6c
JDK-8257548: Improve Encoding of TLS Application-Layer Protocol Negotiation (ALPN) Values
e74e6c
=========================================================================================
e74e6c
Certain TLS ALPN values couldn't be properly read or written by the
e74e6c
SunJSSE provider. This is due to the choice of Strings as the API
e74e6c
interface and the undocumented internal use of the UTF-8 Character Set
e74e6c
which converts characters larger than U+00007F (7-bit ASCII) into
e74e6c
multi-byte arrays that may not be expected by a peer.
e74e6c
e74e6c
ALPN values are now represented using the network byte representation
e74e6c
expected by the peer, which should require no modification for
e74e6c
standard 7-bit ASCII-based character Strings. However, SunJSSE now
e74e6c
encodes/decodes String characters as 8-bit ISO_8859_1/LATIN-1
e74e6c
characters.  This means applications that used characters above
e74e6c
U+000007F that were previously encoded using UTF-8 may need to either
e74e6c
be modified to perform the UTF-8 conversion, or set the Java security
e74e6c
property `jdk.tls.alpnCharset` to "UTF-8" revert the behavior.
e74e6c
e74e6c
See the updated guide at
e74e6c
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/alpn.html
e74e6c
for more information.
e74e6c
e74e6c
JDK-8244460: Support for certificate_authorities Extension
e74e6c
==========================================================
e74e6c
The "certificate_authorities" extension is an optional extension
e74e6c
introduced in TLS 1.3. It is used to indicate the certificate
e74e6c
authorities (CAs) that an endpoint supports and should be used by the
e74e6c
receiving endpoint to guide certificate selection.
e74e6c
e74e6c
With this JDK release, the "certificate_authorities" extension is
e74e6c
supported for TLS 1.3 in both the client and the server sides.  This
e74e6c
extension is always present for client certificate selection, while it
e74e6c
is optional for server certificate selection.
e74e6c
e74e6c
Applications can enable this extension for server certificate
e74e6c
selection by setting the `jdk.tls.client.enableCAExtension` system
e74e6c
property to `true`.  The default value of the property is `false`.
e74e6c
e74e6c
Note that if the client trusts more CAs than the size limit of the
e74e6c
extension (less than 2^16 bytes), the extension is not enabled.  Also,
e74e6c
some server implementations do not allow handshake messages to exceed
e74e6c
2^14 bytes.  Consequently, there may be interoperability issues when
e74e6c
`jdk.tls.client.enableCAExtension` is set to `true` and the client
e74e6c
trusts more CAs than the server implementation limit.
e74e6c
e74e6c
New in release OpenJDK 8u292 (2021-04-20):
e74e6c
===========================================
e74e6c
Live versions of these release notes can be found at:
e74e6c
  * https://bitly.com/openjdk8u292
e74e6c
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u292.txt
e74e6c
e74e6c
* Security fixes
e74e6c
  - JDK-8227467: Better class method invocations
e74e6c
  - JDK-8244473: Contextualize registration for JNDI
e74e6c
  - JDK-8244543: Enhanced handling of abstract classes
e74e6c
  - JDK-8249906, CVE-2021-2163: Enhance opening JARs
e74e6c
  - JDK-8250568, CVE-2021-2161: Less ambiguous processing
e74e6c
  - JDK-8253799: Make lists of normal filenames
e74e6c
* Other changes
e74e6c
  - JDK-6345095: regression test EmptyClipRenderingTest fails
e74e6c
  - JDK-6896810: TEST_BUG: java/lang/ref/SoftReference/Pin.java fails with OOME during System.out.println
e74e6c
  - JDK-6949753: [TEST BUG]: java/awt/print/PageFormat/PDialogTest.java needs update by removing a infinite loop
e74e6c
  - JDK-7107012: sun.jvm.hotspot.code.CompressedReadStream readDouble() conversion to long mishandled
e74e6c
  - JDK-7112454: TEST_BUG: java/awt/Choice/PopdownGeneratesMouseEvents/PopdownGeneratesMouseEvents.html failed
e74e6c
  - JDK-7131835: [TEST_BUG] Test does not consider that the rounded edges of the window in Mac OS 10.7
e74e6c
  - JDK-7185221: [macosx] Regtest should not throw exception if a suitable display mode found
e74e6c
  - JDK-8031126: java/lang/management/ThreadMXBean/ThreadUserTime.java fails intermittently
e74e6c
  - JDK-8035166: Remove dependency on EC classes from pkcs11 provider
e74e6c
  - JDK-8035186: j2se_jdk/jdk/test/java/lang/invoke/lambda/LogGeneratedClassesTest.java - assertion error
e74e6c
  - JDK-8038723: Openup some PrinterJob tests
e74e6c
  - JDK-8041464: [TEST_BUG] CustomClassLoaderTransferTest does not support OS X
e74e6c
  - JDK-8041561: Inconsistent opacity behaviour between JCheckBox and JRadioButton
e74e6c
  - JDK-8061777: (zipfs) IllegalArgumentException in ZipCoder.toString when using Shitft_JIS
e74e6c
  - JDK-8078024: javac, several incorporation steps are silently failing when an error should be reported
e74e6c
  - JDK-8078450: Implement consistent process for quarantine of tests
e74e6c
  - JDK-8078614: WindowsClassicLookAndFeel MetalComboBoxUI.getbaseLine fails with IllegalArgumentException
e74e6c
  - JDK-8080953: [TEST_BUG]Test java/awt/FontClass/DebugFonts.java fails due to wrongly typed bugid
e74e6c
  - JDK-8081547: Prepare client libs regression tests for running in a concurrent, headless jtreg environment
e74e6c
  - JDK-8129626: G1: set_in_progress() and clear_started() needs a barrier on non-TSO platforms
e74e6c
  - JDK-8141457: keytool default cert fingerprint algorithm should be SHA-256
e74e6c
  - JDK-8145051: Wrong parameter name in synthetic lambda method leads to verifier error
e74e6c
  - JDK-8150204: (fs) Enhance java/nio/file/Files/probeContentType/Basic.java debugging output
e74e6c
  - JDK-8158525: Update a few java/net tests to use the loopback address instead of the host address
e74e6c
  - JDK-8160217: JavaSound should clean up resources better
e74e6c
  - JDK-8167281: IIOMetadataNode bugs in getElementsByTagName and NodeList.item methods
e74e6c
  - JDK-8168996: C2 crash at postaloc.cpp:140 : assert(false) failed: unexpected yanked node
e74e6c
  - JDK-8171410: aarch64: long multiplyExact shifts by 31 instead of 63
e74e6c
  - JDK-8172404: Tools should warn if weak algorithms are used before restricting them
e74e6c
  - JDK-8185934: keytool shows "Signature algorithm: SHA1withECDSA, -1-bit key"
e74e6c
  - JDK-8191915: JCK tests produce incorrect results with C2
e74e6c
  - JDK-8198334: java/awt/FileDialog/8003399/bug8003399.java fails in headless mode
e74e6c
  - JDK-8202343: Disable TLS 1.0 and 1.1
e74e6c
  - JDK-8209333: Socket reset issue for TLS 1.3 socket close
e74e6c
  - JDK-8211301: [macos] support full window content options
e74e6c
  - JDK-8211339: NPE during SSL handshake caused by HostnameChecker
e74e6c
  - JDK-8216987: ciMethodData::load_data() unpacks MDOs with non-atomic copy
e74e6c
  - JDK-8217338: [Containers] Improve systemd slice memory limit support
e74e6c
  - JDK-8219991: New fix of the deadlock in sun.security.ssl.SSLSocketImpl
e74e6c
  - JDK-8221408: Windows 32bit build build errors/warnings in hotspot
e74e6c
  - JDK-8223186: HotSpot compile warnings from GCC 9
e74e6c
  - JDK-8225435: Upgrade IANA Language Subtag Registry to the latest for JDK14
e74e6c
  - JDK-8225805: Java Access Bridge does not close the logger
e74e6c
  - JDK-8226899: Problemlist compiler/rtm tests
e74e6c
  - JDK-8227642: [TESTBUG] Make docker tests podman compatible
e74e6c
  - JDK-8228434: jdk/net/Sockets/Test.java fails after JDK-8227642
e74e6c
  - JDK-8229284: jdk/internal/platform/cgroup/TestCgroupMetrics.java fails for - memory:getMemoryUsage
e74e6c
  - JDK-8230388: Problemlist additional compiler/rtm tests
e74e6c
  - JDK-8233228: Disable weak named curves by default in TLS, CertPath, and Signed JAR
e74e6c
  - JDK-8234727: sun/security/ssl/X509TrustManagerImpl tests support TLSv1.3
e74e6c
  - JDK-8234728: Some security tests should support TLSv1.3
e74e6c
  - JDK-8235263: Revert TLS 1.3 change that wrapped IOExceptions
e74e6c
  - JDK-8235311: Tag mismatch may alert bad_record_mac
e74e6c
  - JDK-8235874: The ordering of Cipher Suites is not maintained provided through jdk.tls.client.cipherSuites and jdk.tls.server.cipherSuites system property.
e74e6c
  - JDK-8236500: Windows ucrt.dll should be looked up in versioned WINSDK subdirectory
e74e6c
  - JDK-8238579: HttpsURLConnection drops the timeout and hangs forever in read
e74e6c
  - JDK-8239091: Reversed arguments in call to strstr in freetype "debug" code.
e74e6c
  - JDK-8240353: AArch64: missing support for -XX:+ExtendedDTraceProbes in C1
e74e6c
  - JDK-8240827: Downport SSLSocketImpl.java from "8221882: Use fiber-friendly java.util.concurrent.locks in JSSE"
e74e6c
  - JDK-8242141: New System Properties to configure the TLS signature schemes
e74e6c
  - JDK-8244621: [macos10.15] Garbled FX printing plus CoreText warnings on Catalina when building with Xcode 11
e74e6c
  - JDK-8248336: AArch64: C2: offset overflow in BoxLockNode::emit
e74e6c
  - JDK-8249183: JVM crash in "AwtFrame::WmSize" method
e74e6c
  - JDK-8249251: [dark_mode ubuntu 20.04] The selected menu is not highlighted in GTKLookAndFeel
e74e6c
  - JDK-8249588: libwindowsaccessbridge issues on 64bit Windows
e74e6c
  - JDK-8250582: Revert Principal Name type to NT-UNKNOWN when requesting TGS Kerberos tickets
e74e6c
  - JDK-8250984: Memory Docker tests fail on some Linux kernels w/o cgroupv1 swap limit capabilities
e74e6c
  - JDK-8251397: NPE on ClassValue.ClassValueMap.cacheArray
e74e6c
  - JDK-8252470: java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails on Windows
e74e6c
  - JDK-8253368: TLS connection always receives close_notify exception
e74e6c
  - JDK-8253476: TestUseContainerSupport.java fails on some Linux kernels w/o swap limit capabilities
e74e6c
  - JDK-8253932: SSL debug log prints incorrect caller info
e74e6c
  - JDK-8254854: [cgroups v1] Metric limits not properly detected on some join controller combinations
e74e6c
  - JDK-8255880: UI of Swing components is not redrawn after their internal state changed
e74e6c
  - JDK-8255908: ExceptionInInitializerError due to UncheckedIOException while initializing cgroupv1 subsystem
e74e6c
  - JDK-8255937: Better cleanup for test/jdk/javax/imageio/stream/StreamFlush.java
e74e6c
  - JDK-8256421: Add 2 HARICA roots to cacerts truststore
e74e6c
  - JDK-8256642: [TEST_BUG] jdk/test/javax/sound/midi/MidiSystem/DefaultProperties.java failed
e74e6c
  - JDK-8258079: Eliminate ParNew's use of klass_or_null()
e74e6c
  - JDK-8256682: JDK-8202343 is incomplete
e74e6c
  - JDK-8257746: Regression introduced with JDK-8250984 - memory might be null in some machines
e74e6c
  - JDK-8258241: [8u] Missing doPrivileged() hunks from JDK-8226575
e74e6c
  - JDK-8258247: Couple of issues in fix for JDK-8249906
e74e6c
  - JDK-8258396: SIGILL in jdk.jfr.internal.PlatformRecorder.rotateDisk()
e74e6c
  - JDK-8258430: 8u backport of JDK-8063107 missing test/javax/swing/JRadioButton/8041561/bug8041561.java changes
e74e6c
  - JDK-8258833: Cancel multi-part cipher operations in SunPKCS11 after failures
e74e6c
  - JDK-8258933: G1 needs klass_or_null_acquire
e74e6c
  - JDK-8259048: (tz) Upgrade time-zone data to tzdata2020f
e74e6c
  - JDK-8259312: VerifyCACerts.java fails as soneraclass2ca cert will
e74e6c
  - JDK-8259384: CUP version wrong in THIRD_PARTY_README after JDK-8233548
e74e6c
  - JDK-8259428: AlgorithmId.getEncodedParams() should return copy
e74e6c
  - JDK-8259568: PPC64 builds broken after JDK-8221408 8u backport
e74e6c
  - JDK-8260349: Cannot programmatically retrieve Metaspace max set via JAVA_TOOL_OPTIONS
e74e6c
  - JDK-8260356: (tz) Upgrade time-zone data to tzdata2021a
e74e6c
  - JDK-8260930: AARCH64: Invalid value passed to critical JNI function
e74e6c
  - JDK-8261183: Follow on to Make lists of normal filenames
e74e6c
  - JDK-8261231: Windows IME was disabled after DnD operation
e74e6c
  - JDK-8261766: [8u] hotspot needs to recognise cl.exe 19.16 to build with VS2017
e74e6c
  - JDK-8262073: assert(allocates2(pc)) failed: not in CodeBuffer memory
e74e6c
  - JDK-8262075: sun/security/krb5/auto/UseCacheAndStoreKey.java timed out intermittently
e74e6c
  - JDK-8263008: AARCH64: Add debug info for libsaproc.so
e74e6c
  - JDK-8264171: Missing aarch64 parts of JDK-8236179 (C1 register allocation failure with T_ADDRESS)
e74e6c
* Shenandoah
e74e6c
  - Normalise whitespace in AArch64 sources prior to merge of upstreamed version in 8u292-b01.
e74e6c
  - Revert differences against upstream 8u
e74e6c
  - [backport] 8202976: Add C1 lea patching support for x86
e74e6c
  - [backport] 8221507: Implement JFR Events for Shenandoah
e74e6c
  - [backport] 8224573: Fix windows build after JDK-8221507
e74e6c
  - [backport] 8228369: Shenandoah: Refactor LRB C1 stubs
e74e6c
  - [backport] 8229474: Shenandoah: Cleanup CM::update_roots()
e74e6c
  - [backport] 8229709: x86_32 build and test failures after JDK-8228369 (Shenandoah: Refactor LRB C1 stubs)
e74e6c
  - [backport] 8231087: Shenandoah: Self-fixing load reference barriers for C1/C2
e74e6c
  - [backport] 8232747: Shenandoah: Concurrent GC should deactivate SATB before processing weak roots
e74e6c
  - [backport] 8232992: Shenandoah: Implement self-fixing interpreter LRB
e74e6c
  - [backport] 8233021: Shenandoah: SBSC2::is_shenandoah_lrb_call should match all LRB shapes
e74e6c
  - [backport] 8233165: Shenandoah:SBSA::gen_load_reference_barrier_stub() should use pointer register for address on aarch64
e74e6c
  - [backport] 8233574: Shenandoah: build is broken without jfr
e74e6c
  - [backport] 8237837: Shenandoah: assert(mem == __null) failed: only one safepoint
e74e6c
  - [backport] 8238153: CTW: C2 (Shenandoah) compilation fails with "Unknown node in get_load_addr: CreateEx"
e74e6c
  - [backport] 8238851: Shenandoah: C1: Resolve into registers of correct type
e74e6c
  - [backport] 8240315: Shenandoah: Rename ShLBN::get_barrier_strength()
e74e6c
  - [backport] 8240751: Shenandoah: fold ShenandoahTracer definition
e74e6c
  - [backport] 8241765: Shenandoah: AARCH64 need to save/restore call clobbered registers before calling keepalive barrier
e74e6c
  - [backport] 8244510: Shenandoah: invert SHC2Support::is_in_cset condition
e74e6c
  - [backport] 8244663: Shenandoah: C2 assertion fails in Matcher::collect_null_checks
e74e6c
  - [backport] 8244721: CTW: C2 (Shenandoah) compilation fails with "unexpected infinite loop graph shape"
e74e6c
  - [backport] 8251451: Shenandoah: Remark ObjectSynchronizer roots with I-U
e74e6c
  - [backport] 8252660: Shenandoah: support manageable SoftMaxHeapSize option
e74e6c
  - [backport] 8253224: Shenandoah: ShenandoahStrDedupQueue destructor calls virtual num_queues()
e74e6c
  - [backport] 8253778: ShenandoahSafepoint::is_at_shenandoah_safepoint should not access VMThread state from other threads
e74e6c
  - [backport] 8255457: Shenandoah: cleanup ShenandoahMarkTask
e74e6c
  - [backport] 8255760: Shenandoah: match constants style in ShenandoahMarkTask fallback
e74e6c
  - [backport] 8256806: Shenandoah: optimize shenandoah/jni/TestPinnedGarbage.java test
e74e6c
  - [backport] 8257641: Shenandoah: Query is_at_shenandoah_safepoint() from control thread should return false
e74e6c
  - Fix register allocation for thread register is 32bit LRB
e74e6c
  - Fix Shenandoah bindings in ADLC formssel
e74e6c
  - Shenandoah: Backed out weak roots cleaning during full gc
e74e6c
e74e6c
Notes on individual issues:
e74e6c
===========================
e74e6c
e74e6c
security-libs/java.security:
e74e6c
e74e6c
JDK-8260597: Added 2 HARICA Root CA Certificates
e74e6c
================================================
e74e6c
e74e6c
The following root certificates have been added to the cacerts truststore:
e74e6c
e74e6c
Alias Name: haricarootca2015
e74e6c
Distinguished Name: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
e74e6c
e74e6c
Alias Name: haricaeccrootca2015
e74e6c
Distinguished Name: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR
e74e6c
e74e6c
JDK-8236730: Weak Named Curves in TLS, CertPath, and Signed JAR Disabled by Default
e74e6c
===================================================================================
e74e6c
Weak named curves are disabled by default by adding them to the
e74e6c
following `disabledAlgorithms` security properties:
e74e6c
e74e6c
* jdk.tls.disabledAlgorithms
e74e6c
* jdk.certpath.disabledAlgorithms
e74e6c
* jdk.jar.disabledAlgorithms
e74e6c
e74e6c
Red Hat has always disabled many of the curves provided by upstream,
e74e6c
so the only addition in this release is:
e74e6c
e74e6c
* secp256k1
e74e6c
e74e6c
The curves that remain enabled are:
e74e6c
e74e6c
* secp256r1
e74e6c
* secp384r1
e74e6c
* secp521r1
e74e6c
* X25519
e74e6c
* X448
e74e6c
e74e6c
When large numbers of weak named curves need to be disabled, adding
e74e6c
individual named curves to each `disabledAlgorithms` property would be
e74e6c
overwhelming. To relieve this, a new security property,
e74e6c
`jdk.disabled.namedCurves`, is implemented that can list the named
e74e6c
curves common to all of the `disabledAlgorithms` properties. To use
e74e6c
the new property in the `disabledAlgorithms` properties, precede the
e74e6c
full property name with the keyword `include`.  Users can still add
e74e6c
individual named curves to `disabledAlgorithms` properties separate
e74e6c
from this new property.  No other properties can be included in the
e74e6c
`disabledAlgorithms` properties.
e74e6c
e74e6c
To restore the named curves, remove the `include
e74e6c
jdk.disabled.namedCurves` either from specific or from all
e74e6c
`disabledAlgorithms` security properties. To restore one or more
e74e6c
curves, remove the specific named curve(s) from the
e74e6c
`jdk.disabled.namedCurves` property.
e74e6c
e74e6c
JDK-8244286: Tools Warn If Weak Algorithms Are Used
e74e6c
===================================================
e74e6c
The `keytool` and `jarsigner` tools have been updated to warn users
e74e6c
when weak cryptographic algorithms are used in keys, certificates, and
e74e6c
signed JARs before they are disabled. The weak algorithms are set in
e74e6c
the `jdk.security.legacyAlgorithms` security property in the
e74e6c
`java.security` configuration file. In this release, the tools issue
e74e6c
warnings for the SHA-1 hash algorithm and 1024-bit RSA/DSA keys.
e74e6c
e74e6c
security-libs/javax.net.ssl:
e74e6c
e74e6c
JDK-8256490: Disable TLS 1.0 and 1.1
e74e6c
====================================
e74e6c
TLS 1.0 and 1.1 are versions of the TLS protocol that are no longer
e74e6c
considered secure and have been superseded by more secure and modern
e74e6c
versions (TLS 1.2 and 1.3).
e74e6c
e74e6c
These versions have now been disabled by default. If you encounter
e74e6c
issues, you can, at your own risk, re-enable the versions by removing
e74e6c
"TLSv1" and/or "TLSv1.1" from the `jdk.tls.disabledAlgorithms`
e74e6c
security property in the `java.security` configuration file.
e74e6c
e74e6c
JDK-8242147: New System Properties to Configure the TLS Signature Schemes
e74e6c
=========================================================================
e74e6c
Two new system properties have been added to customize the TLS
e74e6c
signature schemes in JDK. `jdk.tls.client.SignatureSchemes` has been
e74e6c
added for the TLS client side, and `jdk.tls.server.SignatureSchemes`
e74e6c
has been added for the server side.
e74e6c
e74e6c
Each system property contains a comma-separated list of supported
e74e6c
signature scheme names specifying the signature schemes that could be
e74e6c
used for the TLS connections.
e74e6c
e74e6c
The names are described in the "Signature Schemes" section of the
e74e6c
*Java Security Standard Algorithm Names Specification*.
e74e6c
e74e6c
tools/javac:
e74e6c
e74e6c
JDK-8177368: Several incorporation steps are silently failing when an error should be reported
e74e6c
==============================================================================================
e74e6c
Reporting previously silent errors found during incorporation, JLS
e74e6c
8ยง18.3, was supposed to be a clean-up with performance only
e74e6c
implications. But consider the test case:
e74e6c
e74e6c
import java.util.Arrays;
e74e6c
import java.util.List;
e74e6c
e74e6c
class Klass {
e74e6c
  public static  List<List<A>> foo(List... lists) {
e74e6c
    return foo(Arrays.asList(lists));
e74e6c
    }
e74e6c
e74e6c
  public static  List<List<B>> foo(List> lists) {
e74e6c
    return null;
e74e6c
  }
e74e6c
}
e74e6c
e74e6c
This code was not accepted before the patch for [1], but after this
e74e6c
patch the compiler is accepting it. Accepting this code is the right
e74e6c
behavior as not reporting incorporation errors was a bug in the
e74e6c
compiler.  While determining the applicability of method: 
e74e6c
List<List<B>> foo(List> lists) for which
e74e6c
we have the constraints: b <: Object t <: List t<:Object
e74e6c
List <: t first, inference variable b is selected for
e74e6c
instantiation: b = CAP1 of ? extends A so this implies that: t <:
e74e6c
List t<: Object List <: t
e74e6c
e74e6c
Now all the bounds are checked for consistency. While checking if
e74e6c
List is a subtype of List
e74e6c
a bound error is reported. Before the compiler was just swallowing
e74e6c
it. As now the error is reported while inference variable b is being
e74e6c
instantiated, the bound set is rolled back to it's initial state, 'b'
e74e6c
is instantiated to Object, and with this instantiation the constraint
e74e6c
set is solvable, the method is applicable, it's the only applicable
e74e6c
one and the code is accepted as correct. The compiler behavior in this
e74e6c
case is defined at JLS 8 ยง18.4
e74e6c
e74e6c
This fix has source compatibility impact, right now code that wasn't
e74e6c
being accepted is now being accepted by the javac compiler. Currently
e74e6c
there are no reports of any other kind of incompatibility.
e74e6c
e74e6c
[1] https://bugs.openjdk.java.net/browse/JDK-8078024
e74e6c
cdbd41
New in release OpenJDK 8u282 (2021-01-19):
cdbd41
===========================================
cdbd41
Live versions of these release notes can be found at:
cdbd41
  * https://bitly.com/openjdk8u282
cdbd41
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u282.txt
cdbd41
cdbd41
* Security fixes
cdbd41
  - JDK-8247619: Improve Direct Buffering of Characters
cdbd41
* Other changes
cdbd41
  - JDK-6962725: Regtest javax/swing/JFileChooser/6738668/bug6738668.java fails under Linux
cdbd41
  - JDK-8008657: JSpinner setComponentOrientation doesn't affect on text orientation
cdbd41
  - JDK-8022535: [TEST BUG] javax/swing/text/html/parser/Test8017492.java fails
cdbd41
  - JDK-8025936: Windows .pdb and .map files does not have proper dependencies setup
cdbd41
  - JDK-8030350: Enable additional compiler warnings for GCC
cdbd41
  - JDK-8031423: Test java/awt/dnd/DisposeFrameOnDragCrash/DisposeFrameOnDragTest.java fails by Timeout on Windows
cdbd41
  - JDK-8036122: Fix warning 'format not a string literal'
cdbd41
  - JDK-8039279: Move awt tests to openjdk repository
cdbd41
  - JDK-8041592: [TEST_BUG] Move 42 AWT hw/lw mixing tests to jdk
cdbd41
  - JDK-8043126: move awt automated functional tests from AWT_Events/Lw and AWT_Events/AWT to OpenJDK repository
cdbd41
  - JDK-8043131: Move ShapedAndTranslucentWindows and GC functional AWT tests to regression tree
cdbd41
  - JDK-8043899: compiler/5091921/Test7005594.java fails if specified -Xmx is less than 1600m
cdbd41
  - JDK-8044157: [TEST_BUG] Improve recently submitted AWT_Mixing tests
cdbd41
  - JDK-8044172: [TEST_BUG] Move regtests for 4523758 and AltPlusNumberKeyCombinationsTest to jdk
cdbd41
  - JDK-8044429: move awt automated tests for AWT_Modality to OpenJDK repository
cdbd41
  - JDK-8044765: Move functional tests AWT_SystemTray/Automated to openjdk repository
cdbd41
  - JDK-8046221: [TEST_BUG] Cleanup datatransfer tests
cdbd41
  - JDK-8047180: Move functional tests AWT_Headless/Automated to OpenJDK repository
cdbd41
  - JDK-8047367: move awt automated tests from AWT_Modality to OpenJDK repository - part 2
cdbd41
  - JDK-8048246: Move AWT_DnD/Clipboard/Automated functional tests to OpenJDK
cdbd41
  - JDK-8049617: move awt automated tests from AWT_Modality to OpenJDK repository - part 3
cdbd41
  - JDK-8049694: Migrate functional AWT_DesktopProperties/Automated tests to OpenJDK
cdbd41
  - JDK-8050885: move awt automated tests from AWT_Modality to OpenJDK repository - part 4
cdbd41
  - JDK-8051440: move tests about maximizing undecorated to OpenJDK
cdbd41
  - JDK-8051853: new URI("x/").resolve("..").getSchemeSpecificPart() returns null!
cdbd41
  - JDK-8052012: move awt automated tests from AWT_Modality to OpenJDK repository - part 5
cdbd41
  - JDK-8052408: Move AWT_BAT functional tests to OpenJDK (3 of 3)
cdbd41
  - JDK-8053657: [TEST_BUG] move some 5 tests related to undecorated Frame/JFrame to JDK
cdbd41
  - JDK-8054143: move awt automated tests from AWT_Modality to OpenJDK repository - part 6
cdbd41
  - JDK-8054358: move awt automated tests from AWT_Modality to OpenJDK repository - part 7
cdbd41
  - JDK-8054359: move awt automated tests from AWT_Modality to OpenJDK repository - part 8
cdbd41
  - JDK-8055360: Move the rest part of AWT ShapedAndTranslucent tests to OpenJDK
cdbd41
  - JDK-8055664: move 14 tests about setLocationRelativeTo to jdk
cdbd41
  - JDK-8055836: move awt tests from AWT_Modality to OpenJDK repository - part 9
cdbd41
  - JDK-8057694: move awt tests from AWT_Modality to OpenJDK repository - part 10
cdbd41
  - JDK-8058805: [TEST_BUG]Test java/awt/TrayIcon/SecurityCheck/NoPermissionTest/NoPermissionTest.java fails
cdbd41
  - JDK-8062808: Turn on the -Wreturn-type warning
cdbd41
  - JDK-8063102: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 1
cdbd41
  - JDK-8063104: Change open awt regression tests to avoid sun.awt.SunToolkit.realSync, part 2
cdbd41
  - JDK-8063106: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 1
cdbd41
  - JDK-8063107: Change open swing regression tests to avoid sun.awt.SunToolkit.realSync, part 2
cdbd41
  - JDK-8064573: [TEST_BUG] javax/swing/text/AbstractDocument/6968363/Test6968363.java is asocial pressing VK_LEFT and not releasing
cdbd41
  - JDK-8064575: [TEST_BUG] javax/swing/JEditorPane/6917744/bug6917744.java 100 times press keys and never releases
cdbd41
  - JDK-8064809: [TEST_BUG] javax/swing/JComboBox/4199622/bug4199622.java contains a lot of keyPress and not a single keyRelease
cdbd41
  - JDK-8067441: Some tests fails with error: cannot find symbol getSystemMnemonicKeyCodes()
cdbd41
  - JDK-8068228: Test closed/java/awt/Mouse/MaximizedFrameTest/MaximizedFrameTest fails with GTKLookAndFeel
cdbd41
  - JDK-8068275: Some tests failed after JDK-8063104
cdbd41
  - JDK-8069211: (zipfs) ZipFileSystem creates corrupted zip if entry output stream gets closed more than once
cdbd41
  - JDK-8074807: Fix some tests unnecessary using internal API
cdbd41
  - JDK-8076315: move 4 manual functional swing tests to regression suite
cdbd41
  - JDK-8130772: Util.hitMnemonics does not work: getSystemMnemonicKeyCodes() returns ALT_MASK rather than VK_ALT
cdbd41
  - JDK-8132664: closed/javax/swing/DataTransfer/DefaultNoDrop/DefaultNoDrop.java locks on Windows
cdbd41
  - JDK-8134632: Mark javax/sound/midi/Devices/InitializationHang.java as headful
cdbd41
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
cdbd41
  - JDK-8148916: Mark bug6400879.java as intermittently failing
cdbd41
  - JDK-8148983: Fix extra comma in changes for JDK-8148916
cdbd41
  - JDK-8152545: Use preprocessor instead of compiling a program to generate native nio constants
cdbd41
  - JDK-8156803: Turn StressLCM/StressGCM flags to diagnostic
cdbd41
  - JDK-8160438: javax/swing/plaf/nimbus/8057791/bug8057791.java fails
cdbd41
  - JDK-8160761: [TESTBUG] Several compiler tests fail with product bits
cdbd41
  - JDK-8163161: [PIT][TEST_BUG] increase timeout in javax/swing/plaf/nimbus/8057791/bug8057791.java
cdbd41
  - JDK-8165808: Add release barriers when allocating objects with concurrent collection
cdbd41
  - JDK-8166015: [PIT][TEST_BUG] stray character in java/awt/Focus/ModalDialogActivationTest/ModalDialogActivationTest.java
cdbd41
  - JDK-8166583: Add oopDesc::klass_or_null_acquire()
cdbd41
  - JDK-8166663: Simplify oops_on_card_seq_iterate_careful
cdbd41
  - JDK-8166862: CMS needs klass_or_null_acquire
cdbd41
  - JDK-8168292: [TESTBUG] [macosx] Test java/awt/TrayIcon/DragEventSource/DragEventSource.java fails on OS X
cdbd41
  - JDK-8168682: jdk/test/java/lang/ClassLoader/forNameLeak/ClassForNameLeak.java fails with -Xcomp
cdbd41
  - JDK-8179083: Uninitialized notifier in Java Monitor Wait tracing event
cdbd41
  - JDK-8185003: JMX: Add a version of ThreadMXBean.dumpAllThreads with a maxDepth argument
cdbd41
  - JDK-8197981: Missing return statement in __sync_val_compare_and_swap_8
cdbd41
  - JDK-8202076: test/jdk/java/io/File/WinSpecialFiles.java on windows with VS2017
cdbd41
  - JDK-8205507: jdk/javax/xml/crypto/dsig/GenerationTests.java timed out
cdbd41
  - JDK-8207766: [testbug] Adapt tests for Aix.
cdbd41
  - JDK-8212070: Introduce diagnostic flag to abort VM on failed JIT compilation
cdbd41
  - JDK-8213448: [TESTBUG] enhance jfr/jvm/TestDumpOnCrash
cdbd41
  - JDK-8215727: Restore JFR thread sampler loop to old / previous behavior
cdbd41
  - JDK-8217362: Emergency dump does not work when disk=false is set
cdbd41
  - JDK-8217766: Container Support doesn't work for some Join Controllers combinations
cdbd41
  - JDK-8219013: Update Apache Santuario (XML Signature) to version 2.1.3
cdbd41
  - JDK-8219562: Line of code in osContainer_linux.cpp L102 appears unreachable
cdbd41
  - JDK-8220579: [Containers] SubSystem.java out of sync with osContainer_linux.cpp
cdbd41
  - JDK-8220657: JFR.dump does not work when filename is set
cdbd41
  - JDK-8221340: [TESTBUG] TestCgroupMetrics.java fails after fix for JDK-8219562
cdbd41
  - JDK-8221342: [TESTBUG] Generate Dockerfile for docker testing
cdbd41
  - JDK-8221710: [TESTBUG] more configurable parameters for docker testing
cdbd41
  - JDK-8223108: Test java/awt/EventQueue/NonComponentSourcePost.java is unstable
cdbd41
  - JDK-8224502: [TESTBUG] JDK docker test TestSystemMetrics.java fails with access issues and OOM
cdbd41
  - JDK-8225072: Add LuxTrust certificate that is expiring in March 2021 to list of allowed but expired certs
cdbd41
  - JDK-8227006: [linux] Runtime.availableProcessors execution time increased by factor of 100
cdbd41
  - JDK-8229868: Update Apache Santuario TPRM version
cdbd41
  - JDK-8231209: [REDO] ThreadMXBean::getThreadAllocatedBytes() can be quicker for self thread
cdbd41
  - JDK-8231968: getCurrentThreadAllocatedBytes default implementation s/b getThreadAllocatedBytes
cdbd41
  - JDK-8232114: JVM crashed at imjpapi.dll in native code
cdbd41
  - JDK-8233548: Update CUP to v0.11b
cdbd41
  - JDK-8234270: [REDO] JDK-8204128 NMT might report incorrect numbers for Compiler area
cdbd41
  - JDK-8234339: replace JLI_StrTok in java_md_solinux.c
cdbd41
  - JDK-8238448: RSASSA-PSS signature verification fail when using certain odd key sizes
cdbd41
  - JDK-8239105: Add exception for expiring Digicert root certificates to VerifyCACerts test
cdbd41
  - JDK-8242335: Additional Tests for RSASSA-PSS
cdbd41
  - JDK-8242480: Negative value may be returned by getFreeSwapSpaceSize() in the docker
cdbd41
  - JDK-8244225: stringop-overflow warning on strncpy call from compile_the_world_in
cdbd41
  - JDK-8245400: Upgrade to LittleCMS 2.11
cdbd41
  - JDK-8246648: issue with OperatingSystemImpl getFreeSwapSpaceSize in docker after 8242480
cdbd41
  - JDK-8248214: Add paddings for TaskQueueSuper to reduce false-sharing cache contention
cdbd41
  - JDK-8249176: Update GlobalSignR6CA test certificates
cdbd41
  - JDK-8249846: Change of behavior after JDK-8237117: Better ForkJoinPool behavior
cdbd41
  - JDK-8250636: iso8601_time returns incorrect offset part on MacOS
cdbd41
  - JDK-8250665: Wrong translation for the month name of May in ar_JO,LB,SY
cdbd41
  - JDK-8250928: JFR: Improve hash algorithm for stack traces
cdbd41
  - JDK-8251365: Build failure on AIX after 8250636
cdbd41
  - JDK-8251469: Better cleanup for test/jdk/javax/imageio/SetOutput.java
cdbd41
  - JDK-8251840: Java_sun_awt_X11_XToolkit_getDefaultScreenData should not be in make/mapfiles/libawt_xawt/mapfile-vers
cdbd41
  - JDK-8252384: [TESTBUG] Some tests refer to COMPAT provider rather than JRE
cdbd41
  - JDK-8252395: [8u] --with-native-debug-symbols=external doesn't include debuginfo files for binaries
cdbd41
  - JDK-8252497: Incorrect numeric currency code for ROL
cdbd41
  - JDK-8252754: Hash code calculation of JfrStackTrace is inconsistent
cdbd41
  - JDK-8252904: VM crashes when JFR is used and JFR event class is transformed
cdbd41
  - JDK-8252975: [8u] JDK-8252395 breaks the build for --with-native-debug-symbols=internal
cdbd41
  - JDK-8253036: Support building the Zero assembler port on AArch64
cdbd41
  - JDK-8253284: Zero OrderAccess barrier mappings are incorrect
cdbd41
  - JDK-8253550: [8u] JDK-8252395 breaks the build for make STRIP_POLICY=no_strip
cdbd41
  - JDK-8253752: test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java fails randomly
cdbd41
  - JDK-8253837: JFR 8u fix symbol and cstring hashtable equals implementaion
cdbd41
  - JDK-8254081: java/security/cert/PolicyNode/GetPolicyQualifiers.java fails due to an expired certificate
cdbd41
  - JDK-8254144: Non-x86 Zero builds fail with return-type warning in os_linux_zero.cpp
cdbd41
  - JDK-8254166: Zero: return-type warning in zeroInterpreter_zero.cpp
cdbd41
  - JDK-8254683: [TEST_BUG] jdk/test/sun/tools/jconsole/WorkerDeadlockTest.java fails
cdbd41
  - JDK-8254982: (tz) Upgrade time-zone data to tzdata2020c
cdbd41
  - JDK-8255003: Build failures on Solaris
cdbd41
  - JDK-8255226: (tz) Upgrade time-zone data to tzdata2020d
cdbd41
  - JDK-8255269: Unsigned overflow in g1Policy.cpp
cdbd41
  - JDK-8255603: Memory/Performance regression after JDK-8210985
cdbd41
  - JDK-8255717: Fix JFR crash in WriteObjectSampleStacktrace due to object not initialized
cdbd41
  - JDK-8256618: Zero: Linux x86_32 build still fails
cdbd41
  - JDK-8256671: Incorrect assignment operator used in guarantee() in genCollectedHeap
cdbd41
  - JDK-8256752: 8252395 incorrect copy rule for macos .dSYM folder
cdbd41
  - JDK-8257397: [TESTBUG] test/lib/containers/docker/Common.java refers to -Xlog:os+container=trace
cdbd41
  - JDK-8258630: Add expiry exception for QuoVadis root certificate
cdbd41
* AArch64 port
cdbd41
  - Fix AArch64 build failure after JDK-8062808 backport
cdbd41
* Shenandoah
cdbd41
  - Fix racy update of code roots
cdbd41
cdbd41
Notes on individual issues:
cdbd41
===========================
cdbd41
cdbd41
security-libs/javax.xml.crypto:
cdbd41
cdbd41
JDK-8230839: Updated XML Signature Implementation to Apache Santuario 2.1.3
cdbd41
===========================================================================
cdbd41
The XML Signature implementation in the `java.xml.crypto` module has
cdbd41
been updated to version 2.1.3 of Apache Santuario. New features
cdbd41
include:
cdbd41
cdbd41
* Added support for embedding elliptic curve public keys in the
cdbd41
  KeyValue element
cdbd41
cdbd41
New in release OpenJDK 8u275 (2020-11-05):
cdbd41
===========================================
cdbd41
Live versions of these release notes can be found at:
cdbd41
  * https://bitly.com/openjdk8u275
cdbd41
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u275.txt
cdbd41
cdbd41
* Regression fixes
cdbd41
  - JDK-8214440: ldap over a TLS connection negotiate failed with "javax.net.ssl.SSLPeerUnverifiedException: hostname of the server '' does not match the hostname in the server's certificate"
cdbd41
  - JDK-8223940: Private key not supported by chosen signature algorithm
cdbd41
  - JDK-8236512: PKCS11 Connection closed after Cipher.doFinal and NoPadding
cdbd41
  - JDK-8250861: Crash in MinINode::Ideal(PhaseGVN*, bool)
cdbd41
cdbd41
New in release OpenJDK 8u272 (2020-10-20):
cdbd41
===========================================
cdbd41
Live versions of these release notes can be found at:
cdbd41
  * https://bitly.com/openjdk8u272
cdbd41
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u272.txt
cdbd41
cdbd41
* New features
cdbd41
  - JDK-8245468: Add TLSv1.3 implementation classes from 11.0.7
cdbd41
* Security fixes
cdbd41
  - JDK-8233624: Enhance JNI linkage
cdbd41
  - JDK-8236196: Improve string pooling
cdbd41
  - JDK-8236862, CVE-2020-14779: Enhance support of Proxy class
cdbd41
  - JDK-8237990, CVE-2020-14781: Enhanced LDAP contexts
cdbd41
  - JDK-8237995, CVE-2020-14782: Enhance certificate processing
cdbd41
  - JDK-8240124: Better VM Interning
cdbd41
  - JDK-8241114, CVE-2020-14792: Better range handling
cdbd41
  - JDK-8242680, CVE-2020-14796: Improved URI Support
cdbd41
  - JDK-8242685, CVE-2020-14797: Better Path Validation
cdbd41
  - JDK-8242695, CVE-2020-14798: Enhanced buffer support
cdbd41
  - JDK-8243302: Advanced class supports
cdbd41
  - JDK-8244136, CVE-2020-14803: Improved Buffer supports
cdbd41
  - JDK-8244479: Further constrain certificates
cdbd41
  - JDK-8244955: Additional Fix for JDK-8240124
cdbd41
  - JDK-8245407: Enhance zoning of times
cdbd41
  - JDK-8245412: Better class definitions
cdbd41
  - JDK-8245417: Improve certificate chain handling
cdbd41
  - JDK-8248574: Improve jpeg processing
cdbd41
  - JDK-8249927: Specify limits of jdk.serialProxyInterfaceLimit
cdbd41
  - JDK-8253019: Enhanced JPEG decoding
cdbd41
* Other changes
cdbd41
  - JDK-6574989: TEST_BUG: javax/sound/sampled/Clip/bug5070081.java fails sometimes
cdbd41
  - JDK-8006205: [TESTBUG] NEED_TEST: please JTREGIFY test/compiler/7177917/Test7177917.java
cdbd41
  - JDK-8023697: failed class resolution reports different class name in detail message for the first and subsequent times
cdbd41
  - JDK-8025886: replace [[ and == bash extensions in regtest
cdbd41
  - JDK-8026236: Add PrimeTest for BigInteger
cdbd41
  - JDK-8031625: javadoc problems referencing inner class constructors
cdbd41
  - JDK-8035493: JVMTI PopFrame capability must instruct compilers not to prune locals
cdbd41
  - JDK-8036088: Replace strtok() with its safe equivalent strtok_s() in DefaultProxySelector.c
cdbd41
  - JDK-8039082: [TEST_BUG] Test java/awt/dnd/BadSerializationTest/BadSerializationTest.java fails
cdbd41
  - JDK-8046274: Removing dependency on jakarta-regexp
cdbd41
  - JDK-8048933: -XX:+TraceExceptions output should include the message
cdbd41
  - JDK-8057003: Large reference arrays cause extremely long synchronization times
cdbd41
  - JDK-8060721: Test runtime/SharedArchiveFile/LimitSharedSizes.java fails in jdk 9 fcs new platforms/compiler
cdbd41
  - JDK-8061616: HotspotDiagnosticMXBean.getVMOption() throws IllegalArgumentException for flags of type double
cdbd41
  - JDK-8062947: Fix exception message to correctly represent LDAP connection failure
cdbd41
  - JDK-8064319: Need to enable -XX:+TraceExceptions in release builds
cdbd41
  - JDK-8075774: Small readability and performance improvements for zipfs
cdbd41
  - JDK-8076151: [TESTBUG] Test java/awt/FontClass/CreateFont/fileaccess/FontFile.java fails
cdbd41
  - JDK-8078334: Mark regression tests using randomness
cdbd41
  - JDK-8078880: Mark a few more intermittently failuring security-libs
cdbd41
  - JDK-8080462: Update SunPKCS11 provider with PKCS11 v2.40 support
cdbd41
  - JDK-8132206: move ScanTest.java into OpenJDK
cdbd41
  - JDK-8132376: Add @requires os.family to the client tests with access to internal OS-specific API
cdbd41
  - JDK-8132745: minor cleanup of java/util/Scanner/ScanTest.java
cdbd41
  - JDK-8137087: [TEST_BUG] Cygwin failure of java/awt/appletviewer/IOExceptionIfEncodedURLTest/IOExceptionIfEncodedURLTest.sh
cdbd41
  - JDK-8144539: Update PKCS11 tests to run with security manager
cdbd41
  - JDK-8145808: java/awt/Graphics2D/MTGraphicsAccessTest/MTGraphicsAccessTest.java hangs on Win. 8
cdbd41
  - JDK-8148754: C2 loop unrolling fails due to unexpected graph shape
cdbd41
  - JDK-8148854: Class names "SomeClass" and "LSomeClass;" treated by JVM as an equivalent
cdbd41
  - JDK-8151678: com/sun/jndi/ldap/LdapTimeoutTest.java failed due to timeout on DeadServerNoTimeoutTest is incorrect
cdbd41
  - JDK-8151788: NullPointerException from ntlm.Client.type3
cdbd41
  - JDK-8151834: Test SmallPrimeExponentP.java times out intermittently
cdbd41
  - JDK-8152077: (cal) Calendar.roll does not always roll the hours during daylight savings
cdbd41
  - JDK-8153430: jdk regression test MletParserLocaleTest, ParserInfiniteLoopTest reduce default timeout
cdbd41
  - JDK-8153583: Make OutputAnalyzer.reportDiagnosticSummary public
cdbd41
  - JDK-8154313: Generated javadoc scattered all over the place
cdbd41
  - JDK-8156169: Some sound tests rarely hangs because of incorrect synchronization
cdbd41
  - JDK-8160768: Add capability to custom resolve host/domain names within the default JNDI LDAP provider
cdbd41
  - JDK-8161973: PKIXRevocationChecker.getSoftFailExceptions() not working
cdbd41
  - JDK-8163251: Hard coded loop limit prevents reading of smart card data greater than 8k
cdbd41
  - JDK-8165936: Potential Heap buffer overflow when seaching timezone info files
cdbd41
  - JDK-8165996: PKCS11 using NSS throws an error regarding secmod.db when NSS uses sqlite
cdbd41
  - JDK-8166148: Fix for JDK-8165936 broke solaris builds
cdbd41
  - JDK-8167300: Scheduling failures during gcm should be fatal
cdbd41
  - JDK-8167615: Opensource unit/regression tests for JavaSound
cdbd41
  - JDK-8168517: java/lang/ProcessBuilder/Basic.java failed
cdbd41
  - JDK-8169925: PKCS #11 Cryptographic Token Interface license
cdbd41
  - JDK-8172012: [TEST_BUG] delays needed in javax/swing/JTree/4633594/bug4633594.java
cdbd41
  - JDK-8173300: [TESTBUG]compiler/tiered/NonTieredLevelsTest.java fails with compiler.whitebox.SimpleTestCaseHelper(int) must be compiled
cdbd41
  - JDK-8177334: Update xmldsig implementation to Apache Santuario 2.1.1
cdbd41
  - JDK-8177628: Opensource unit/regression tests for ImageIO
cdbd41
  - JDK-8183341: Better cleanup for javax/imageio/AllowSearch.java
cdbd41
  - JDK-8183349: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java and WriteAfterAbort.java
cdbd41
  - JDK-8183351: Better cleanup for jdk/test/javax/imageio/spi/AppletContextTest/BadPluginConfigurationTest.sh
cdbd41
  - JDK-8184762: ZapStackSegments should use optimized memset
cdbd41
  - JDK-8191678: [TESTBUG] Add keyword headful in java/awt FocusTransitionTest test.
cdbd41
  - JDK-8192953: sun/management/jmxremote/bootstrap/*.sh tests fail with error : revokeall.exe: Permission denied
cdbd41
  - JDK-8193137: Nashorn crashes when given an empty script file
cdbd41
  - JDK-8193234: When using -Xcheck:jni an internally allocated buffer can leak
cdbd41
  - JDK-8194298: Add support for per Socket configuration of TCP keepalive
cdbd41
  - JDK-8198004: javax/swing/JFileChooser/6868611/bug6868611.java throws error
cdbd41
  - JDK-8200313: java/awt/Gtk/GtkVersionTest/GtkVersionTest.java fails
cdbd41
  - JDK-8201633: Problems with AES-GCM native acceleration
cdbd41
  - JDK-8203357: Container Metrics
cdbd41
  - JDK-8209113: Use WeakReference for lastFontStrike for created Fonts
cdbd41
  - JDK-8210147: adjust some WSAGetLastError usages in windows network coding
cdbd41
  - JDK-8211049: Second parameter of "initialize" method is not used
cdbd41
  - JDK-8211163: UNIX version of Java_java_io_Console_echo does not return a clean boolean
cdbd41
  - JDK-8211714: Need to update vm_version.cpp to recognise VS2017 minor versions
cdbd41
  - JDK-8214862: assert(proj != __null) at compile.cpp:3251
cdbd41
  - JDK-8216283: Allow shorter method sampling interval than 10 ms
cdbd41
  - JDK-8217606: LdapContext#reconnect always opens a new connection
cdbd41
  - JDK-8217647: JFR: recordings on 32-bit systems unreadable
cdbd41
  - JDK-8217878: ENVELOPING XML signature no longer works in JDK 11
cdbd41
  - JDK-8218629: XML Digital Signature throws NAMESPACE_ERR exception on OpenJDK 11, works 8/9/10
cdbd41
  - JDK-8219566: JFR did not collect call stacks when MaxJavaStackTraceDepth is set to zero
cdbd41
  - JDK-8219919: RuntimeStub name lost with PrintFrameConverterAssembly
cdbd41
  - JDK-8220165: Encryption using GCM results in RuntimeException- input length out of bound
cdbd41
  - JDK-8220313: [TESTBUG] Update base image for Docker testing to OL 7.6
cdbd41
  - JDK-8220555: JFR tool shows potentially misleading message when it cannot access a file
cdbd41
  - JDK-8220674: [TESTBUG] MetricsMemoryTester failcount test in docker container only works with debug JVMs
cdbd41
  - JDK-8221569: JFR tool produces incorrect output when both --categories and --events are specified
cdbd41
  - JDK-8222079: Don't use memset to initialize fields decode_env constructor in disassembler.cpp
cdbd41
  - JDK-8224217: RecordingInfo should use textual representation of path
cdbd41
  - JDK-8225695: 32-bit build failures after JDK-8080462 (Update SunPKCS11 provider with PKCS11 v2.40 support)
cdbd41
  - JDK-8226575: OperatingSystemMXBean should be made container aware
cdbd41
  - JDK-8226697: Several tests which need the @key headful keyword are missing it.
cdbd41
  - JDK-8226809: Circular reference in printed stack trace is not correctly indented & ambiguous
cdbd41
  - JDK-8228835: Memory leak in PKCS11 provider when using AES GCM
cdbd41
  - JDK-8229378: jdwp library loader in linker_md.c quietly truncates on buffer overflow
cdbd41
  - JDK-8230303: JDB hangs when running monitor command
cdbd41
  - JDK-8230711: ConnectionGraph::unique_java_object(Node* N) return NULL if n is not in the CG
cdbd41
  - JDK-8231213: Migrate SimpleDateFormatConstTest to JDK Repo
cdbd41
  - JDK-8231779: crash HeapWord*ParallelScavengeHeap::failed_mem_allocate
cdbd41
  - JDK-8233097: Fontmetrics for large Fonts has zero width
cdbd41
  - JDK-8233621: Mismatch in jsse.enableMFLNExtension property name
cdbd41
  - JDK-8234617: C1: Incorrect result of field load due to missing narrowing conversion
cdbd41
  - JDK-8235243: handle VS2017 15.9 and VS2019 in abstract_vm_version
cdbd41
  - JDK-8235325: build failure on Linux after 8235243
cdbd41
  - JDK-8235687: Contents/MacOS/libjli.dylib cannot be a symlink
cdbd41
  - JDK-8236645: JDK 8u231 introduces a regression with incompatible handling of XML messages
cdbd41
  - JDK-8237951: CTW: C2 compilation fails with "malformed control flow"
cdbd41
  - JDK-8238225: Issues reported after replacing symlink at Contents/MacOS/libjli.dylib with binary
cdbd41
  - JDK-8238380: java.base/unix/native/libjava/childproc.c "multiple definition" link errors with GCC10
cdbd41
  - JDK-8238386: (sctp) jdk.sctp/unix/native/libsctp/SctpNet.c "multiple definition" link errors with GCC10
cdbd41
  - JDK-8238388: libj2gss/NativeFunc.o "multiple definition" link errors with GCC10
cdbd41
  - JDK-8238898: Missing hash characters for header on license file
cdbd41
  - JDK-8239385: KerberosTicket client name refers wrongly to sAMAccountName in AD
cdbd41
  - JDK-8239819: XToolkit: Misread of screen information memory
cdbd41
  - JDK-8240295: hs_err elapsed time in seconds is not accurate enough
cdbd41
  - JDK-8240676: Meet not symmetric failure when running lucene on jdk8
cdbd41
  - JDK-8241888: Mirror jdk.security.allowNonCaAnchor system property with a security one
cdbd41
  - JDK-8242498: Invalid "sun.awt.TimedWindowEvent" object leads to JVM crash
cdbd41
  - JDK-8242556: Cannot load RSASSA-PSS public key with non-null params from byte array
cdbd41
  - JDK-8243138: Enhance BaseLdapServer to support starttls extended request
cdbd41
  - JDK-8243320: Add SSL root certificates to Oracle Root CA program
cdbd41
  - JDK-8243321: Add Entrust root CA - G4 to Oracle Root CA program
cdbd41
  - JDK-8243489: Thread CPU Load event may contain wrong data for CPU time under certain conditions
cdbd41
  - JDK-8244151: Update MUSCLE PC/SC-Lite headers to the latest release 1.8.26
cdbd41
  - JDK-8244818: Java2D Queue Flusher crash while moving application window to external monitor
cdbd41
  - JDK-8245467: Remove 8u TLSv1.2 implementation files
cdbd41
  - JDK-8245469: Remove DTLS protocol implementation
cdbd41
  - JDK-8245470: Fix JDK8 compatibility issues
cdbd41
  - JDK-8245471: Revert JDK-8148188
cdbd41
  - JDK-8245472: Backport JDK-8038893 to JDK8
cdbd41
  - JDK-8245473: OCSP stapling support
cdbd41
  - JDK-8245474: Add TLS_KRB5 cipher suites support according to RFC-2712
cdbd41
  - JDK-8245476: Disable TLSv1.3 protocol in the ClientHello message by default
cdbd41
  - JDK-8245477: Adjust TLS tests location
cdbd41
  - JDK-8245653: Remove 8u TLS tests
cdbd41
  - JDK-8245681: Add TLSv1.3 regression test from 11.0.7
cdbd41
  - JDK-8246193: Possible NPE in ENC-PA-REP search in AS-REQ
cdbd41
  - JDK-8246310: Clean commented-out code about ModuleEntry andPackageEntry in JFR
cdbd41
  - JDK-8246384: Enable JFR by default on supported architectures for October 2020 release
cdbd41
  - JDK-8248643: Remove extra leading space in JDK-8240295 8u backport
cdbd41
  - JDK-8248851: CMS: Missing memory fences between free chunk check and klass read
cdbd41
  - JDK-8249158: THREAD_START and THREAD_END event posted in primordial phase
cdbd41
  - JDK-8249610: Make sun.security.krb5.Config.getBooleanObject(String... keys) method public
cdbd41
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
cdbd41
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
cdbd41
  - JDK-8250627: Use -XX:+/-UseContainerSupport for enabling/disabling Java container metrics
cdbd41
  - JDK-8250755: Better cleanup for jdk/test/javax/imageio/plugins/shared/CanWriteSequence.java
cdbd41
  - JDK-8250875: Incorrect parameter type for update_number in JDK_Version::jdk_update
cdbd41
  - JDK-8251117: Cannot check P11Key size in P11Cipher and P11AEADCipher
cdbd41
  - JDK-8251120: [8u] HotSpot build assumes ENABLE_JFR is set to either true or false
cdbd41
  - JDK-8251341: Minimal Java specification change
cdbd41
  - JDK-8251478: Backport TLSv1.3 regression tests to JDK8u
cdbd41
  - JDK-8251546: 8u backport of JDK-8194298 breaks AIX and Solaris builds
cdbd41
  - JDK-8252084: Minimal VM fails to bootcycle: undefined symbol: AgeTableTracer::is_tenuring_distribution_event_enabled
cdbd41
  - JDK-8252573: 8u: Windows build failed after 8222079 backport
cdbd41
  - JDK-8252886: [TESTBUG] sun/security/ec/TestEC.java : Compilation failed
cdbd41
  - JDK-8254673: Call to JvmtiExport::post_vm_start() was removed by the fix for JDK-8249158
cdbd41
  - JDK-8254937: Revert JDK-8148854 for 8u272
cdbd41
cdbd41
Notes on individual issues:
cdbd41
===========================
cdbd41
cdbd41
core-svc/java.lang.management:
cdbd41
cdbd41
JDK-8236876: OperatingSystemMXBean Methods Inside a Container Return Container Specific Data
cdbd41
============================================================================================
cdbd41
When executing in a container, or other virtualized operating
cdbd41
environment, the following `OperatingSystemMXBean` methods in this
cdbd41
release return container specific information, if
cdbd41
available. Otherwise, they return host specific data:
cdbd41
cdbd41
* getFreePhysicalMemorySize()
cdbd41
* getTotalPhysicalMemorySize()
cdbd41
* getFreeSwapSpaceSize()
cdbd41
* getTotalSwapSpaceSize()
cdbd41
* getSystemCpuLoad()
cdbd41
cdbd41
security-libs/java.security:
cdbd41
cdbd41
JDK-8250756: Added Entrust Root Certification Authority - G4 certificate
cdbd41
========================================================================
cdbd41
The Entrust root certificate has been added to the cacerts truststore:
cdbd41
cdbd41
Alias Name: entrustrootcag4
cdbd41
Distinguished Name: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust,  Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
cdbd41
cdbd41
JDK-8250860: Added 3 SSL Corporation Root CA Certificates
cdbd41
=========================================================
cdbd41
The following root certificates have been added to the cacerts truststore for the SSL Corporation:
cdbd41
cdbd41
Alias Name: sslrootrsaca
cdbd41
Distinguished Name: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US
cdbd41
cdbd41
Alias Name: sslrootevrsaca
cdbd41
Distinguished Name: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US
cdbd41
cdbd41
Alias Name: sslrooteccca
cdbd41
Distinguished Name: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US
cdbd41
cdbd41
security-libs/javax.crypto:pkcs11:
cdbd41
cdbd41
JDK-8221441: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
cdbd41
=======================================================================
cdbd41
The SunPKCS11 provider has been updated with support for PKCS#11
cdbd41
v2.40. This version adds support for more algorithms such as the
cdbd41
AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message
cdbd41
digests, and RSASSA-PSS signatures when the corresponding PKCS11
cdbd41
mechanisms are supported by the underlying PKCS11 library.
cdbd41
cdbd41
security-libs/javax.security:
cdbd41
cdbd41
JDK-8242059: Support for canonicalize in krb5.conf
cdbd41
==================================================
cdbd41
The 'canonicalize' flag in the [krb5.conf file][0] is now supported by
cdbd41
the JDK Kerberos implementation. When set to *true*, RFC 6806 [1] name
cdbd41
canonicalization is requested by clients in TGT requests to KDC
cdbd41
services (AS protocol). Otherwise, and by default, it is not
cdbd41
requested.
cdbd41
cdbd41
The new default behavior is different from previous releases where
cdbd41
name canonicalization was always requested by clients in TGT requests
cdbd41
to KDC services (provided that support for RFC 6806[1] was not
cdbd41
explicitly disabled with the *sun.security.krb5.disableReferrals*
cdbd41
system or security properties).
cdbd41
cdbd41
[0]: https://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html
cdbd41
[1]: https://tools.ietf.org/html/rfc6806
cdbd41
cdbd41
security-libs/javax.xml.crypto:
cdbd41
cdbd41
JDK-8202891: Updated xmldsig Implementation to Apache Santuario 2.1.1
cdbd41
=====================================================================
cdbd41
The XMLDSig provider implementation in the `java.xml.crypto` module has been updated to version 2.1.1 of Apache Santuario.
cdbd41
cdbd41
New features include:
cdbd41
cdbd41
1. Support for the SHA-224 and SHA-3 DigestMethod algorithms specified
cdbd41
in RFC 6931.
cdbd41
2. Support for the HMAC-SHA224, RSA-SHA224, ECDSA-SHA224, and
cdbd41
RSASSA-PSS family of SignatureMethod algorithms specified in RFC 6931.
cdbd41
cdbd41
JDK-8238185: New OpenJDK-specific JDK 8 Updates System Property to fallback to legacy Base64 Encoding format
cdbd41
============================================================================================================
cdbd41
The upgrade to the Apache Santuario libraries (see above) introduced
cdbd41
an issue where XML signature using Base64 encoding resulted in
cdbd41
appending `&#xd` or `&#13` to the encoded output. This behavioural
cdbd41
change was made in the Apache Santuario codebase to comply with RFC
cdbd41
2045. The Santuario team has adopted a position of keeping their
cdbd41
libraries compliant with RFC 2045.
cdbd41
cdbd41
Earlier versions of OpenJDK 8 using the legacy encoder returns encoded
cdbd41
data in a format without `&#xd` or `&#13`.
cdbd41
cdbd41
Therefore a new system property, specific to the 8 update stream,
cdbd41
`com.sun.org.apache.xml.internal.security.lineFeedOnly` is made
cdbd41
available to fall back to the legacy Base64 encoded format.
cdbd41
cdbd41
Users can set this flag in one of two ways:
cdbd41
cdbd41
1. -Dcom.sun.org.apache.xml.internal.security.lineFeedOnly=true
cdbd41
cdbd41
2. System.setProperty("com.sun.org.apache.xml.internal.security.lineFeedOnly", "true")
cdbd41
cdbd41
This new system property is disabled by default. It has no effect on
cdbd41
default behaviour nor when
cdbd41
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks` property
cdbd41
is set.
cdbd41
cdbd41
Later JDK family versions will only support the recommended property:
cdbd41
cdbd41
`com.sun.org.apache.xml.internal.security.ignoreLineBreaks`
cdbd41
cdbd41
JDK-8254177: US/Pacific-New Zone name removed as part of tzdata2020b
cdbd41
====================================================================
cdbd41
Following JDK's update to tzdata2020b, the long-obsolete files
cdbd41
pacificnew and systemv have been removed. As a result, the
cdbd41
"US/Pacific-New" zone name declared in the pacificnew data file is no
cdbd41
longer available for use.
cdbd41
cdbd41
Information regarding the update can be viewed at
cdbd41
https://mm.icann.org/pipermail/tz-announce/2020-October/000059.html
cdbd41
cdbd41
New in release OpenJDK 8u265 (2020-07-27):
cdbd41
===========================================
cdbd41
Live versions of these release notes can be found at:
cdbd41
  * https://bitly.com/openjdk8u265
cdbd41
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u265.txt
cdbd41
cdbd41
* Bug fixes
cdbd41
  - JDK-8249677: Regression in 8u after JDK-8237117: Better ForkJoinPool behavior
cdbd41
  - JDK-8250546: Expect changed behaviour reported in JDK-8249846
cdbd41
cdbd41
New in release OpenJDK 8u262 (2020-07-14):
cdbd41
===========================================
cdbd41
Live versions of these release notes can be found at:
cdbd41
  * https://bitly.com/oj8u262
cdbd41
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u262.txt
cdbd41
cdbd41
* New features
cdbd41
  - JDK-8223147: JFR Backport
cdbd41
* Security fixes
cdbd41
  - JDK-8028431, CVE-2020-14579: NullPointerException in DerValue.equals(DerValue)
cdbd41
  - JDK-8028591, CVE-2020-14578: NegativeArraySizeException in sun.security.util.DerInputStream.getUnalignedBitString()
cdbd41
  - JDK-8230613: Better ASCII conversions
cdbd41
  - JDK-8231800: Better listing of arrays
cdbd41
  - JDK-8232014: Expand DTD support
cdbd41
  - JDK-8233255: Better Swing Buttons
cdbd41
  - JDK-8234032: Improve basic calendar services
cdbd41
  - JDK-8234042: Better factory production of certificates
cdbd41
  - JDK-8234418: Better parsing with CertificateFactory
cdbd41
  - JDK-8234836: Improve serialization handling
cdbd41
  - JDK-8236191: Enhance OID processing
cdbd41
  - JDK-8237117, CVE-2020-14556: Better ForkJoinPool behavior
cdbd41
  - JDK-8237592, CVE-2020-14577: Enhance certificate verification
cdbd41
  - JDK-8238002, CVE-2020-14581: Better matrix operations
cdbd41
  - JDK-8238804: Enhance key handling process
cdbd41
  - JDK-8238842: AIOOBE in GIFImageReader.initializeStringTable
cdbd41
  - JDK-8238843: Enhanced font handing
cdbd41
  - JDK-8238920, CVE-2020-14583: Better Buffer support
cdbd41
  - JDK-8238925: Enhance WAV file playback
cdbd41
  - JDK-8240119, CVE-2020-14593: Less Affine Transformations
cdbd41
  - JDK-8240482: Improved WAV file playback
cdbd41
  - JDK-8241379: Update JCEKS support
cdbd41
  - JDK-8241522: Manifest improved jar headers redux
cdbd41
  - JDK-8242136, CVE-2020-14621: Better XML namespace handling
cdbd41
* Other changes
cdbd41
  - JDK-4949105: Access Bridge lacks html tags parsing
cdbd41
  - JDK-7147060: com/sun/org/apache/xml/internal/security/transforms/ClassLoaderTest.java doesn't run in agentvm mode
cdbd41
  - JDK-8003209: JFR events for network utilization
cdbd41
  - JDK-8030680: 292 cleanup from default method code assessment
cdbd41
  - JDK-8035633: TEST_BUG: java/net/NetworkInterface/Equals.java and some tests failed on windows intermittently
cdbd41
  - JDK-8037866: Replace the Fun class in tests with lambdas
cdbd41
  - JDK-8041626: Shutdown tracing event
cdbd41
  - JDK-8041915: Move 8 awt tests to OpenJDK regression tests tree
cdbd41
  - JDK-8067796: (process) Process.waitFor(timeout, unit) doesn't throw NPE if timeout is less than, or equal to zero when unit == null
cdbd41
  - JDK-8076475: Misuses of strncpy/strncat
cdbd41
  - JDK-8130737: AffineTransformOp can't handle child raster with non-zero x-offset
cdbd41
  - JDK-8141056: Erroneous assignment in HeapRegionSet.cpp
cdbd41
  - JDK-8146612: C2: Precedence edges specification violated
cdbd41
  - JDK-8148886: SEGV in sun.java2d.marlin.Renderer._endRendering
cdbd41
  - JDK-8149338: JVM Crash caused by Marlin renderer not handling NaN coordinates
cdbd41
  - JDK-8150986: serviceability/sa/jmap-hprof/JMapHProfLargeHeapTest.java failing because expects HPROF JAVA PROFILE 1.0.1 file format
cdbd41
  - JDK-8151582: (ch) test java/nio/channels/AsyncCloseAndInterrupt.java failing due to "Connection succeeded"
cdbd41
  - JDK-8165675: Trace event for thread park has incorrect unit for timeout
cdbd41
  - JDK-8171934: ObjectSizeCalculator.getEffectiveMemoryLayoutSpecification() does not recognize OpenJDK's HotSpot VM
cdbd41
  - JDK-8172559: [PIT][TEST_BUG] Move @test to be 1st annotation in java/awt/image/Raster/TestChildRasterOp.java
cdbd41
  - JDK-8176182: 4 security tests are not run
cdbd41
  - JDK-8178374: Problematic ByteBuffer handling in CipherSpi.bufferCrypt method
cdbd41
  - JDK-8178910: Problemlist sample tests
cdbd41
  - JDK-8181841: A TSA server returns timestamp with precision higher than milliseconds
cdbd41
  - JDK-8183925: Decouple crash protection from watcher thread
cdbd41
  - JDK-8191393: Random crashes during cfree+0x1c
cdbd41
  - JDK-8195817: JFR.stop should require name of recording
cdbd41
  - JDK-8195818: JFR.start should increase autogenerated name by one
cdbd41
  - JDK-8195819: Remove recording=x from jcmd JFR.check output
cdbd41
  - JDK-8196969: JTreg Failure: serviceability/sa/ClhsdbJstack.java causes NPE
cdbd41
  - JDK-8199712: Flight Recorder
cdbd41
  - JDK-8202578: Revisit location for class unload events
cdbd41
  - JDK-8202835: jfr/event/os/TestSystemProcess.java fails on missing events
cdbd41
  - JDK-8203287: Zero fails to build after JDK-8199712 (Flight Recorder)
cdbd41
  - JDK-8203346: JFR: Inconsistent signature of jfr_add_string_constant
cdbd41
  - JDK-8203664: JFR start failure after AppCDS archive created with JFR StartFlightRecording
cdbd41
  - JDK-8203921: JFR thread sampling is missing fixes from JDK-8194552
cdbd41
  - JDK-8203929: Limit amount of data for JFR.dump
cdbd41
  - JDK-8205516: JFR tool
cdbd41
  - JDK-8207392: [PPC64] Implement JFR profiling
cdbd41
  - JDK-8207829: FlightRecorderMXBeanImpl is leaking the first classloader which calls it
cdbd41
  - JDK-8209960: -Xlog:jfr* doesn't work with the JFR
cdbd41
  - JDK-8210024: JFR calls virtual is_Java_thread from ~Thread()
cdbd41
  - JDK-8210776: Upgrade X Window System 6.8.2 to the latest XWD 1.0.7
cdbd41
  - JDK-8211239: Build fails without JFR: empty JFR events signatures mismatch
cdbd41
  - JDK-8212232: Wrong metadata for the configuration of the cutoff for old object sample events
cdbd41
  - JDK-8213015: Inconsistent settings between JFR.configure and -XX:FlightRecorderOptions
cdbd41
  - JDK-8213421: Line number information for execution samples always 0
cdbd41
  - JDK-8213617: JFR should record the PID of the recorded process
cdbd41
  - JDK-8213734: SAXParser.parse(File, ..) does not close resources when Exception occurs.
cdbd41
  - JDK-8213914: [TESTBUG] Several JFR VM events are not covered by tests
cdbd41
  - JDK-8213917: [TESTBUG] Shutdown JFR event is not covered by test
cdbd41
  - JDK-8213966: The ZGC JFR events should be marked as experimental
cdbd41
  - JDK-8214542: JFR: Old Object Sample event slow on a deep heap in debug builds
cdbd41
  - JDK-8214750: Unnecessary 

tags in jfr classes

cdbd41
  - JDK-8214896: JFR Tool left files behind
cdbd41
  - JDK-8214906: [TESTBUG] jfr/event/sampling/TestNative.java fails with UnsatisfiedLinkError
cdbd41
  - JDK-8214925: JFR tool fails to execute
cdbd41
  - JDK-8215175: Inconsistencies in JFR event metadata
cdbd41
  - JDK-8215237: jdk.jfr.Recording javadoc does not compile
cdbd41
  - JDK-8215284: Reduce noise induced by periodic task getFileSize()
cdbd41
  - JDK-8215355: Object monitor deadlock with no threads holding the monitor (using jemalloc 5.1)
cdbd41
  - JDK-8215362: JFR GTest JfrTestNetworkUtilization fails
cdbd41
  - JDK-8215771: The jfr tool should pretty print reference chains
cdbd41
  - JDK-8216064: -XX:StartFlightRecording:settings= doesn't work properly
cdbd41
  - JDK-8216486: Possibility of integer overflow in JfrThreadSampler::run()
cdbd41
  - JDK-8216528: test/jdk/java/rmi/transport/runtimeThreadInheritanceLeak/RuntimeThreadInheritanceLeak.java failing with Xcomp
cdbd41
  - JDK-8216559: [JFR] Native libraries not correctly parsed from /proc/self/maps
cdbd41
  - JDK-8216578: Remove unused/obsolete method in JFR code
cdbd41
  - JDK-8216995: Clean up JFR command line processing
cdbd41
  - JDK-8217744: [TESTBUG] JFR TestShutdownEvent fails on some systems due to process surviving SIGINT
cdbd41
  - JDK-8217748: [TESTBUG] Exclude TestSig test case from JFR TestShutdownEvent
cdbd41
  - JDK-8218935: Make jfr strncpy uses GCC 8.x friendly
cdbd41
  - JDK-8220293: Deadlock in JFR string pool
cdbd41
  - JDK-8223689: Add JFR Thread Sampling Support
cdbd41
  - JDK-8223690: Add JFR BiasedLock Event Support
cdbd41
  - JDK-8223691: Add JFR G1 Region Type Change Event Support
cdbd41
  - JDK-8223692: Add JFR G1 Heap Summary Event Support
cdbd41
  - JDK-8224172: assert(jfr_is_event_enabled(id)) failed: invariant
cdbd41
  - JDK-8224475: JTextPane does not show images in HTML rendering
cdbd41
  - JDK-8225068: Remove DocuSign root certificate that is expiring in May 2020
cdbd41
  - JDK-8225069: Remove Comodo root certificate that is expiring in May 2020
cdbd41
  - JDK-8226253: JAWS reports wrong number of radio buttons when buttons are hidden.
cdbd41
  - JDK-8226779: [TESTBUG] Test JFR API from Java agent
cdbd41
  - JDK-8226892: ActionListeners on JRadioButtons don't get notified when selection is changed with arrow keys
cdbd41
  - JDK-8227011: Starting a JFR recording in response to JVMTI VMInit and / or Java agent premain corrupts memory
cdbd41
  - JDK-8227269: Slow class loading when running with JDWP
cdbd41
  - JDK-8227605: Kitchensink fails "assert((((klass)->trace_id() & (JfrTraceIdEpoch::leakp_in_use_this_epoch_bit())) != 0)) failed: invariant"
cdbd41
  - JDK-8229366: JFR backport allows unchecked writing to memory
cdbd41
  - JDK-8229401: Fix JFR code cache test failures
cdbd41
  - JDK-8229708: JFR backport code does not initialize
cdbd41
  - JDK-8229873: 8229401 broke jdk8u-jfr-incubator
cdbd41
  - JDK-8229888: (zipfs) Updating an existing zip file does not preserve original permissions
cdbd41
  - JDK-8229899: Make java.io.File.isInvalid() less racy
cdbd41
  - JDK-8230448: [test] JFRSecurityTestSuite.java is failing on Windows
cdbd41
  - JDK-8230597: Update GIFlib library to the 5.2.1
cdbd41
  - JDK-8230707: JFR related tests are failing
cdbd41
  - JDK-8230769: BufImg_SetupICM add ReleasePrimitiveArrayCritical call in early return
cdbd41
  - JDK-8230782: Robot.createScreenCapture() fails if ?awt.robot.gtk? is set to false
cdbd41
  - JDK-8230856: Java_java_net_NetworkInterface_getByName0 on unix misses ReleaseStringUTFChars in early return
cdbd41
  - JDK-8230926: [macosx] Two apostrophes are entered instead of one with "U.S. International - PC" layout
cdbd41
  - JDK-8230947: TestLookForUntestedEvents.java is failing after JDK-8230707
cdbd41
  - JDK-8231995: two jtreg tests failed after 8229366 is fixed
cdbd41
  - JDK-8233197: Invert JvmtiExport::post_vm_initialized() and Jfr:on_vm_start() start-up order for correct option parsing
cdbd41
  - JDK-8233623: Add classpath exception to copyright in EventHandlerProxyCreator.java file
cdbd41
  - JDK-8233880: Support compilers with multi-digit major version numbers
cdbd41
  - JDK-8236002: CSR for JFR backport suggests not leaving out the package-info
cdbd41
  - JDK-8236008: Some backup files were accidentally left in the hotspot tree
cdbd41
  - JDK-8236074: Missed package-info
cdbd41
  - JDK-8236174: Should update javadoc since tags
cdbd41
  - JDK-8236996: Incorrect Roboto font rendering on Windows with subpixel antialiasing
cdbd41
  - JDK-8238076: Fix OpenJDK 7 Bootstrap Broken by JFR Backport
cdbd41
  - JDK-8238452: Keytool generates wrong expiration date if validity is set to 2050/01/01
cdbd41
  - JDK-8238555: Allow Initialization of SunPKCS11 with NSS when there are external FIPS modules in the NSSDB
cdbd41
  - JDK-8238589: Necessary code cleanup in JFR for JDK8u
cdbd41
  - JDK-8238590: Enable JFR by default during compilation in 8u
cdbd41
  - JDK-8239055: Wrong implementation of VMState.hasListener
cdbd41
  - JDK-8239476: JDK-8238589 broke windows build by moving OrderedPair
cdbd41
  - JDK-8239479: minimal1 and zero builds are failing
cdbd41
  - JDK-8239852: java/util/concurrent tests fail with -XX:+VerifyGraphEdges: assert(!VerifyGraphEdges) failed: verification should have failed
cdbd41
  - JDK-8239867: correct over use of INCLUDE_JFR macro
cdbd41
  - JDK-8240375: Disable JFR by default for July 2020 release
cdbd41
  - JDK-8240576: JVM crashes after transformation in C2 IdealLoopTree::merge_many_backedges
cdbd41
  - JDK-8241444: Metaspace::_class_vsm not initialized if compressed class pointers are disabled
cdbd41
  - JDK-8241638: launcher time metrics always report 1 on Linux when _JAVA_LAUNCHER_DEBUG set
cdbd41
  - JDK-8241750: x86_32 build failure after JDK-8227269
cdbd41
  - JDK-8241902: AIX Build broken after integration of JDK-8223147 (JFR Backport)
cdbd41
  - JDK-8242788: Non-PCH build is broken after JDK-8191393
cdbd41
  - JDK-8242883: Incomplete backport of JDK-8078268: backport test part
cdbd41
  - JDK-8243059: Build fails when --with-vendor-name contains a comma
cdbd41
  - JDK-8243474: [TESTBUG] removed three tests of 0 bytes
cdbd41
  - JDK-8243539: Copyright info (Year) should be updated for fix of 8241638
cdbd41
  - JDK-8243541: (tz) Upgrade time-zone data to tzdata2020a
cdbd41
  - JDK-8244407: JVM crashes after transformation in C2 IdealLoopTree::split_fall_in
cdbd41
  - JDK-8244461: [JDK 8u] Build fails with glibc 2.32
cdbd41
  - JDK-8244548: JDK 8u: sun.misc.Version.jdkUpdateVersion() returns wrong result
cdbd41
  - JDK-8244777: ClassLoaderStats VM Op uses constant hash value
cdbd41
  - JDK-8244843: JapanEraNameCompatTest fails
cdbd41
  - JDK-8245167: Top package in method profiling shows null in JMC
cdbd41
  - JDK-8246223: Windows build fails after JDK-8227269
cdbd41
  - JDK-8246703: [TESTBUG] Add test for JDK-8233197
cdbd41
  - JDK-8248399: Build installs jfr binary when JFR is disabled
cdbd41
  - JDK-8248715: New JavaTimeSupplementary localisation for 'in' installed in wrong package
cdbd41
cdbd41
Notes on individual issues:
cdbd41
===========================
cdbd41
cdbd41
hotspot/jfr:
cdbd41
cdbd41
JDK-8240687: JDK Flight Recorder Integrated to OpenJDK 8u
cdbd41
=========================================================
cdbd41
cdbd41
OpenJDK 8u now contains the backport of JEP 328: Flight Recorder
cdbd41
(https://openjdk.java.net/jeps/328) from later versions of OpenJDK.
cdbd41
cdbd41
JFR is a low-overhead framework to collect and provide data helpful to
cdbd41
troubleshoot the performance of the OpenJDK runtime and of Java
cdbd41
applications. It consists of a new API to define custom events under
cdbd41
the jdk.jfr namespace and a JMX interface to interact with the
cdbd41
framework. The recording can also be initiated with the application
cdbd41
startup using the -XX:+FlightRecorder flag or via jcmd. JFR replaces
cdbd41
the +XX:EnableTracing feature introduced in JEP 167, providing a more
cdbd41
efficient way to retrieve the same information. For compatibility
cdbd41
reasons, +XX:EnableTracing is still accepted, however no data will be
cdbd41
printed.
cdbd41
cdbd41
While JFR is not built by default upstream, it is included in Red Hat
cdbd41
binaries for supported architectures (x86_64, AArch64 & PowerPC 64)
cdbd41
cdbd41
hotspot/runtime:
cdbd41
cdbd41
JDK-8205622: JFR Start Failure After AppCDS Archive Created with JFR StartFlightRecording
cdbd41
=========================================================================================
cdbd41
cdbd41
JFR will be disabled with a warning message if it is enabled during
cdbd41
CDS dumping. The user will see the following warning message:
cdbd41
cdbd41
OpenJDK 64-Bit Server VM warning: JFR will be disabled during CDS dumping
cdbd41
cdbd41
if JFR is enabled during CDS dumping such as in the following command
cdbd41
line:
cdbd41
cdbd41
$ java -Xshare:dump -XX:StartFlightRecording=dumponexit=true
cdbd41
cdbd41
security-libs/java.security:
cdbd41
cdbd41
JDK-8244167: Removal of Comodo Root CA Certificate
cdbd41
==================================================
cdbd41
cdbd41
The following expired Comodo root CA certificate was removed from the
cdbd41
`cacerts` keystore: + alias name "addtrustclass1ca [jdk]"
cdbd41
cdbd41
Distinguished Name: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
cdbd41
cdbd41
JDK-8244166: Removal of DocuSign Root CA Certificate
cdbd41
====================================================
cdbd41
cdbd41
The following expired DocuSign root CA certificate was removed from
cdbd41
 the `cacerts` keystore: + alias name "keynectisrootca [jdk]"
cdbd41
cdbd41
Distinguished Name: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
cdbd41
cdbd41
security-libs/javax.crypto:pkcs11:
cdbd41
cdbd41
JDK-8240191: Allow SunPKCS11 initialization with NSS when external FIPS modules are present in the Security Modules Database
cdbd41
============================================================================================================================
cdbd41
cdbd41
The SunPKCS11 security provider can now be initialized with NSS when
cdbd41
FIPS-enabled external modules are configured in the Security Modules
cdbd41
Database (NSSDB). Prior to this change, the SunPKCS11 provider would
cdbd41
throw a RuntimeException with the message: "FIPS flag set for
cdbd41
non-internal module" when such a library was configured for NSS in
cdbd41
non-FIPS mode.
cdbd41
cdbd41
This change allows the JDK to work properly with recent NSS releases
cdbd41
on GNU/Linux operating systems when the system-wide FIPS policy is
cdbd41
turned on.
cdbd41
cdbd41
Further information can be found in JDK-8238555.
cdbd41
cdbd41
New in release OpenJDK 8u252 (2020-04-14):
cdbd41
===========================================
cdbd41
Live versions of these release notes can be found at:
cdbd41
  * https://bitly.com/oj8u252
cdbd41
  * https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u252.txt
cdbd41
cdbd41
* Security fixes
cdbd41
  - JDK-8223898, CVE-2020-2754: Forward references to Nashorn
cdbd41
  - JDK-8223904, CVE-2020-2755: Improve Nashorn matching
cdbd41
  - JDK-8224541, CVE-2020-2756: Better mapping of serial ENUMs
cdbd41
  - JDK-8224549, CVE-2020-2757: Less Blocking Array Queues
cdbd41
  - JDK-8225603: Enhancement for big integers
cdbd41
  - JDK-8227542: Manifest improved jar headers
cdbd41
  - JDK-8231415, CVE-2020-2773: Better signatures in XML
cdbd41
  - JDK-8233250: Better X11 rendering
cdbd41
  - JDK-8233410: Better Build Scripting
cdbd41
  - JDK-8234027: Better JCEKS key support
cdbd41
  - JDK-8234408, CVE-2020-2781: Improve TLS session handling
cdbd41
  - JDK-8234825, CVE-2020-2800: Better Headings for HTTP Servers
cdbd41
  - JDK-8234841, CVE-2020-2803: Enhance buffering of byte buffers
cdbd41
  - JDK-8235274, CVE-2020-2805: Enhance typing of methods
cdbd41
  - JDK-8236201, CVE-2020-2830: Better Scanner conversions
cdbd41
  - JDK-8238960: linux-i586 builds are inconsistent as the newly build jdk is not able to reserve enough space for object heap
cdbd41
* Other changes
cdbd41
  - JDK-8005819: Support cross-realm MSSFU
cdbd41
  - JDK-8022263: use same Clang warnings on BSD as on Linux
cdbd41
  - JDK-8038631: Create wrapper for awt.Robot with additional functionality
cdbd41
  - JDK-8047212: runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verify_objmon_isinpool(inf)) failed: monitor is invalid
cdbd41
  - JDK-8055283: Expand ResourceHashtable with C_HEAP allocation, removal and some unit tests
cdbd41
  - JDK-8068184: Fix for JDK-8032832 caused a deadlock
cdbd41
  - JDK-8079693: Add support for ECDSA P-384 and P-521 curves to XML Signature
cdbd41
  - JDK-8132130: some docs cleanup
cdbd41
  - JDK-8135318: CMS wrong max_eden_size for check_gc_overhead_limit
cdbd41
  - JDK-8144445: Maximum size checking in Marlin ArrayCache utility methods is not optimal
cdbd41
  - JDK-8144446: Automate the Marlin crash test
cdbd41
  - JDK-8144526: Remove Marlin logging use of deleted internal API
cdbd41
  - JDK-8144630: Use PrivilegedAction to create Thread in Marlin RendererStats
cdbd41
  - JDK-8144654: Improve Marlin logging
cdbd41
  - JDK-8144718: Pisces / Marlin Strokers may generate invalid curves with huge coordinates and round joins
cdbd41
  - JDK-8166976: TestCipherPBECons has wrong @run line
cdbd41
  - JDK-8167409: Invalid value passed to critical JNI function
cdbd41
  - JDK-8181872: C1: possible overflow when strength reducing integer multiply by constant
cdbd41
  - JDK-8187078: -XX:+VerifyOops finds numerous problems when running JPRT
cdbd41
  - JDK-8191227: issues with unsafe handle resolution
cdbd41
  - JDK-8197441: Signature#initSign/initVerify for an invalid private/public key fails with ClassCastException for SunPKCS11 provider
cdbd41
  - JDK-8204152: SignedObject throws NullPointerException for null keys with an initialized Signature object
cdbd41
  - JDK-8215756: Memory leaks in the AWT on macOS
cdbd41
  - JDK-8216472: (se) Stack overflow during selection operation leads to crash (win)
cdbd41
  - JDK-8219244: NMT: Change ThreadSafepointState's allocation type from mtInternal to mtThread
cdbd41
  - JDK-8219597: (bf) Heap buffer state changes could provoke unexpected exceptions
cdbd41
  - JDK-8225128: Add exception for expiring DocuSign root to VerifyCACerts test
cdbd41
  - JDK-8225130: Add exception for expiring Comodo roots to VerifyCACerts test
cdbd41
  - JDK-8229022: BufferedReader performance can be improved by using StringBuilder
cdbd41
  - JDK-8229345: Memory leak due to vtable stubs not being shared on SPARC
cdbd41
  - JDK-8229872: (fs) Increase buffer size used with getmntent
cdbd41
  - JDK-8230235: Rendering HTML with empty img attribute and documentBaseKey cause Exception
cdbd41
  - JDK-8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
cdbd41
  - JDK-8235744: PIT: test/jdk/javax/swing/text/html/TestJLabelWithHTMLText.java times out in linux-x64
cdbd41
  - JDK-8235904: Infinite loop when rendering huge lines
cdbd41
  - JDK-8236179: C1 register allocation error with T_ADDRESS
cdbd41
  - JDK-8237368: Problem with NullPointerException in RMI TCPEndpoint.read
cdbd41
  - JDK-8240521: Revert backport of 8231584: Deadlock with ClassLoader.findLibrary and System.loadLibrary call
cdbd41
  - JDK-8241296: Segfault in JNIHandleBlock::oops_do()
cdbd41
  - JDK-8241307: Marlin renderer should not be the default in 8u252
cdbd41
cdbd41
Notes on individual issues:
cdbd41
===========================
cdbd41
cdbd41
hotspot/svc:
cdbd41
cdbd41
JDK-8174881: Binary format for HPROF updated 
cdbd41
============================================
cdbd41
cdbd41
When dumping the heap in binary format, HPROF format 1.0.2 is always
cdbd41
used now. Previously, format 1.0.1 was used for heaps smaller than
cdbd41
2GB. HPROF format 1.0.2 is also used by jhsdb jmap for the
cdbd41
serviceability agent.
cdbd41
cdbd41
security-libs/java.security:
cdbd41
cdbd41
JDK-8229518: Added Support for PKCS#1 v2.2 Algorithms Including RSASSA-PSS Signature
cdbd41
====================================================================================
cdbd41
cdbd41
The SunRsaSign and SunJCE providers have been enhanced with support
cdbd41
for more algorithms defined in PKCS#1 v2.2, such as RSASSA-PSS
cdbd41
signature and OAEP using FIPS 180-4 digest algorithms. New
cdbd41
constructors and methods have been added to relevant JCA/JCE classes
cdbd41
under the `java.security.spec` and `javax.crypto.spec` packages for
cdbd41
supporting additional RSASSA-PSS parameters.
cdbd41
cdbd41
security-libs/javax.crypto:
cdbd41
cdbd41
JDK-8205471: RSASSA-PSS Signature Support Added to SunMSCAPI
cdbd41
============================================================
cdbd41
cdbd41
The RSASSA-PSS signature algorithm support has been added to the SunMSCAPI provider.
cdbd41
cdbd41
security-libs/javax.security:
cdbd41
cdbd41
JDK-8227564: Allow SASL Mechanisms to Be Restricted
cdbd41
===================================================
cdbd41
cdbd41
A security property named `jdk.sasl.disabledMechanisms` has been added
cdbd41
that can be used to disable SASL mechanisms. Any disabled mechanism
cdbd41
will be ignored if it is specified in the `mechanisms` argument of
cdbd41
`Sasl.createSaslClient` or the `mechanism` argument of
cdbd41
`Sasl.createSaslServer`. The default value for this security property
cdbd41
is empty, which means that no mechanisms are disabled out-of-the-box.